Jouni Malinen [Wed, 9 Oct 2024 16:46:23 +0000 (19:46 +0300)]
AP: Clean up MLD changes that modified skipping DMG deauthentication
Commit 05e5e615e6a2 ("AP: Skip authentication/deauthentication phase for
DMG/IEEE 802.11ad") added the check for DMG in the beginnign of
ap_sta_deauthenticate() to convert that call to ap_sta_disassociate()
since deauthentication is not used in DMG. Commit c6f519ff15b2 ("AP:
Support deauthenticate/disassociate with MLD") ended up moving this DMG
check into the ap_sta_handle_deauthenticate() function that gets called
once for each link. This is confusing even though DMG is not really used
in MLD.
Move the DMG check back to the beginning of ap_sta_deauthenticate() to
make this clearer.
Sunil Ravi [Fri, 20 Sep 2024 19:24:55 +0000 (19:24 +0000)]
Avoid memcmp() with NULL pointer even if for zero length
Explicitly check for last_ssid->ssid to be set in wpa_bss_flush_by_age()
before using memcmp() to compare the SSID against the one in the BSS
entry. This is not really expected to do any real comparison here since
the case where last_ssid->ssid is NULL implies bss->ssid_len to be 0.
Anyway, avoid the unexpected memcmp(ptr, NULL, 0) call in such a case to
avoid issues with C libraries that might prevent such as unexpected
behavior.
wpa_supplicant: 320 MHz bandwidth support for mesh
Mesh supported a maximum operational channel width of up to 160 or 80+80
MHz. Extend this to support a maximum operational channel width of up to
320 MHz.
AP MLD: Allow link ID to be specified for Action frame TX operations
The Action frame sent by hostapd currently lacks a link ID, causing the
driver to independently determine the link ID based on available data.
This can sometimes result in the driver selecting an unintended link for
the Action frame transmission. To address this, add support to allow
hostapd to send the link ID along with Action frames to the driver.
This commit introduces only the function arguments to allow the link ID
to be provided. A subsequent commit will fill the link ID based on the
required conditions.
Currently, the driver while sending an NL80211_CMD_RADAR_DETECT command
does not send a link ID at all. Hence the condition on whether the link
ID is passed is not required. At the same time, for certain commands,
if_idx will not be given and hence the event will be routed to the drv's
first BSS only which might not have any 5 GHz link. Hence there is need
to refactor the logic for such cases and identify the intended BSS
properly and then pass the event to it.
Hence,
* identify the link ID based on the freq info present in the event.
* identify the correct BSS to which the event should be routed in case
the event comes without any if_idx.
* check for the underlying link even when the link is not operating on
the same frequency for events like NL80211_RADAR_NOP_FINISHED.
Ajith C [Wed, 21 Aug 2024 04:09:01 +0000 (09:39 +0530)]
hostapd: Fix clearing old BSS during config reload
After a configuration reload, stations that were previously associated
with the AP could have failed to reconnect under the new configuration.
This issue arises because the new configuration is assigned to the
interface’s configuration pointer too early. The old configuration needs
to remain in the pointer until all existing stations are cleared.
Resolve this issue by assigning the new configuration only after all
existing stations have been cleared.
Fixes: b37c3fbad4a4 ("hostapd: Add config_id parameter") Signed-off-by: Ajith C <quic_ajithc@quicinc.com>
In hostapd, when a scan was initiated, the link ID parameter was not
populated in all scenarios, such as ACS. Additionally, each caller of
hostapd_driver_scan() provided the link ID. However, since
hostapd_driver_scan() has access to the hapd pointer, it can populate
the link ID itself.
And from wpa_supplicant, link ID was passed as 0 which does not seem to
be correct. Fix that as well.
Add a QCA vendor event to indicate status of the idle shutdown
If there are no active Wi-Fi interfaces for a certain duration, the host
driver triggers idle shutdown. Add a new vendor event
QCA_NL80211_VENDOR_SUBCMD_IDLE_SHUTDOWN to indicate user space when the
idle shutdown is started or completed.
This uses attributes defined in enum qca_wlan_vendor_attr_idle_shutdown.
Update documentation of the QCA vendor ACS channel list attributes
Add more detailed documentation for QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST
and QCA_WLAN_VENDOR_ATTR_ACS_FREQ_LIST attributes on how the specified
channel list information is used by the driver during the ACS function.
The specified channel list represents the allowed channels for the
primary and non-primary channel operations. If any channel is not
present in the allowed channel list it shouldn't be used as a primary or
non-primary channel.
Jouni Malinen [Wed, 2 Oct 2024 17:01:22 +0000 (20:01 +0300)]
wlantest: Fix BIP replay protection check
IPN/BIPN are encoded using little endian byte order, so memcmp() cannot
be used to check the validity of a received IPN/BIPN. Fix this by
converting IPN/BIPN into an integer in host byte order for processing.
Fixes: bacc31286cd1 ("wlantest: Validate MMIE MIC") Fixes: faf6894f35f6 ("wlantest: BIGTK fetching and Beacon protection validation") Fixes: 2e4c34691b73 ("wlantest: Add support for protecting injected broadcast frames") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
FT: Do not omit RSNXE from FT initial mobility domain association
The special case for having to omit the RSNXE from Reassociation Request
frames applies only for FT protocol. This was incorrectly applied to all
cases using FT, i.e., both the initial mobility domain association and
FT protocol. This should not have changed behavior for the initial
mobility domain association regardless of whether Association Request
frame or Reassociation Request frame is used.
Fix the conditions for omitting the RSNXE to apply only when actually
going through FT protocol.
Fixes: 6140cca8191e ("FT: Omit RSNXE from FT protocol Reassociation Request when needed") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a location for storing expiration time for DevIK. For now, this is
hardcoded to 24 hours and the value will be used in a subsequence commit
to construct the indication to the peer.
Commit 891bb1305bbd ("P2P: Enforce SAE-H2E for P2P GO in 6 GHz")
introduced a network profile specific sae_pwe to avoid having to change
the global sae_pwe parameter. However, this was enabled only for AP/P2P
GO mode. Extend that to cover STA mode as well.
Extend EAPOL frames processing workaround for reassociation to same AP
With commit 3ab35a660364 ("Extend EAPOL frames processing workaround for
roaming cases") wpa_supplicant postpones EAPOL frame processing till
roam indication from the driver when the source address of EAPOL frame
does not match the current BSSID/AP MLD MAC address.
However, this does not handle the cases in which STA tries to
reassociate with the current AP. When STA tries to reassociate with the
current AP, the source address of the EAPOL frame will be same as the
current BSSID. So, wpa_supplicant does not postpone the EAPOL frame from
the current connected AP since AP might have sent the EAPOL frame for
PTK rekey.
To address this issue, add additional support for reassociating to the
same AP case. Check if replay counter value of the new EAPOL frame is
greater than the reply counter of the last EAPOL frame, and if the new
EAPOL frame replay counter is less, postpone the new EAPOL frame
processing until roam indication from the driver.
STA: Update driver roaming policy on connection completion
When the network profile is configured with BSSID before connection,
roaming policy in the driver (for driver-based BSS selection) doesn't
get updated if the same BSSID is configured after connection. Update
roaming policy to the driver on connection completion to cover this
case.
Add TEST_RSNXE_DATA for RSNXE testing of AP functionality
Add support to set test data in the default RSNXE with wpa_supplicant
control interface command "TEST_RSNXE_DATA <data hexdump> <mask
hexdump>". This can be used to do protocol testing of AP side processing
of RSNXE.
Add QCA vendor status for TWT termination due to multiple MLO links activated
Add a new status value
QCA_WLAN_VENDOR_TWT_STATUS_MULTIPLE_LINKS_ACTIVE_TERMINATE to indicate
the TWT session termination due to more than one MLO link being in
active state.
NAN: Handle A3 copying internally to simplify control interface
There is no need to copy the A3 value for follow-up frames through the
control interface events and commands since it can be handled internally
in the service with sufficient accuracy. More parallel operations with
multiple peers might need per-peer information, but that can be extended
in the future, if that level of complexity is really needed in practice.
This reverts commit 81322fa43d1d ("tests: Copy A3 into NAN SDF
Follow-up") to allow simplification of the control interface by removing
the external A3 copying.
NAN: Update A3 for USD to use NAN Network ID or NAN Cluster ID in A3
Wi-Fi Aware spec v4.0 was not clear on all cases and used a bit unclear
definition of A3 use in Table 5 (Address field definiton for NAN SDF
frames in USD). That resulted in the initial implementation using
Wildcard BSSID to comply with the IEEE 802.11 rules on Public Action
frame addressing.
For USD to have chances of working with synchronized NNA devices, A3
needs to be set to the NAN Cluster ID when replying to a frame received
from a synchronized NAN device. While there is no cluster ID for USD,
this can be done by copying the A3 from the received frame. For the
cases where sending out an unsolicited multicast frame, the NAN Network
ID should be used instead of the Wildcard BSSID.
While this behavior is not strictly speaking compliant with the IEEE
802.11 standard, this is the expected behavior for NAN devices, so
update the USD implementation to match.
hostapd: Add drv_send_action variant for forcing A3
This is needed for cases that are not compliant with the IEEE 802.11
standard rules for Public Action frame addressing. For example, NAN USD
needs this.
NAN: Process received NAN SDFs with NAN Network ID in A3 on AP
hostapd did not accept NAN SDFs that used NAN Network ID instead of
Wildcard BSSID in A3. Extend this to process NAN Network ID just like
Wildcard BSSID for these frames to allow the specific group address to
be used.
SAE: Recognize Basic MLE in Authentication frames even without H2E
IEEE P802.11be requires H2E to be used whenever SAE is used for ML
association. However, some early Wi-Fi 7 APs enable MLO without H2E.
Recognize this special case based on the fixed length Basic Multi-Link
element being at the end of the data that would contain the unknown
variable length Anti-Clogging Token field. The Basic Multi-Link element
in Authentication frames include the MLD MAC addreess in the Common Info
field and all subfields of the Presence Bitmap subfield of the
Multi-Link Control field of the element zero and consequently, has a
fixed length of 12 octets.
FT: Discard EAPOL-Start frames when FT was used for association
When FT is used, reauthentication to generate a new PMK-R0 would be
complicated since the current AP might not be the one with which the
currently used PMK-R0 was generated. IEEE Std 802.11-2020, 13.4.2 (FT
initial mobility domain association in an RSN) mandates STA to perform a
new FT initial mobility domain association whenever its Supplicant would
trigger sending of an EAPOL-Start frame.
Discard received EAPOL-Start frames from STAs that use FT to avoid
unexpected behavior. This is important in particular if a driver were to
allow unprotected EAPOL-Start frames to be processed when TK has been
configured.
nl80211: Remove nl_msg free on send failure for NAN USD commands
Remove nl_msg_free() after send failure for NAN USD commands. Freeing
the nl_msg is already taken care as part of send_and_recv_cmd() for both
success and failure cases.
Fixes: 58f04221fdef ("nl80211: NAN USD commands for offloading") Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
The recently added calls to src/ap/pmksa_cache_auth.c needs to be faked
to allow pasn-resp to be built without having to pull in multiple
additional files from src/ap.
Fixes: b7de417c8a47 ("PASN: Define PMKSA helper functions for initiator and responder") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Include the NAN header file into driver.h to avoid C++ constraints
Include src/common/nan.h file into src/drivers/driver.h to resolve the
compilation issue "ISO C++ forbids forward references to 'enum' types"
by pulling in the full definition of enum nan_service_protocol_type.
The check against MAX_NUM_MLD_LINKS was off by one for the loop that
goes through hapd->partner_links[]. It does not look like this would
actually result in any real issues since the loop is on own set of
configured links. Anyway, it is better to have the bounds checking
accurate.
Fixes: 2042cae9b3a4 ("AP MLD: Generate and keep per STA profiles for each link") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Shivani Baranwal [Thu, 15 Aug 2024 15:48:15 +0000 (21:18 +0530)]
Add QCA vendor subcommand to trigger Channel Usage Request
Add a new QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_CHAN_USAGE_REQ
to support Channel Usage Request. It carries channel usage information
for BSSs that are not infrastructure BSSs or an off channel TDLS direct
link.
Implementation and scheduling of Channel Usage frames are present in the
driver/firmware. One of the key reason for this is that the TSF
timestamp required to be filled in these frames is available only in the
firmware. So, this interface is used to configure the required
parameters to the driver/firmware for Channel Usage Request frame.
This uses attributes defined in enum
qca_wlan_vendor_attr_chan_usage_req.
Shivani Baranwal [Tue, 14 May 2024 06:12:59 +0000 (11:42 +0530)]
nl80211: NAN USD commands for offloading
Add driver nl80211 support for the NAN USD flush, publish, subscribe,
update publish, cancel publish and cancel subscribe commands for cases
where these operations are offloaded to the driver
(WPA_DRIVER_FLAGS2_NAN_OFFLOAD).
P2P2: Refactor GO Negotiation and Invitation processing
Add wrapper functions to process and prepare a response for GO
Negotiation and Invitation frames. Send the response Action frames in
handle_ functions. This is in preparation for encapsulating these
messages within PASN Authentication frames for P2P2.
PASN: Define PMKSA helper functions for initiator and responder
Define helper functions to init, add, get, remove, flush, and deinit
PMKSA cache for PASN initiator and responder. P2P devices can be in
a role of pairing initiator and responder. Hence define a cache for
each role separately.
Shivani Baranwal [Fri, 30 Aug 2024 16:41:17 +0000 (22:11 +0530)]
P2P2: Add a new method to P2P_CONNECT control interface command
Add a new method "pair" to indicate the connect request perform the
Wi-Fi Direct R2 methods like bootstrapping and pairing for connection.
This fixes control interface command parsing which expects method as
mandatory.
macsec_linux: Hardware offload requires Linux headers >= v5.7
Hardware offload in Linux macsec driver is enabled in compile time if
libnl version is >= v3.6. This is not sufficient for successful build
since enum 'macsec_offload' has been added to Linux header if_link.h
in kernels v5.6 and v5.7, see commits:
- https://github.com/torvalds/linux/commit/21114b7feec29e4425a3ac48a037569c016a46c8
- https://github.com/torvalds/linux/commit/76564261a7db80c5f5c624e0122a28787f266bdf
New libnl with older Linux headers is a valid combination. This is how
hostapd build failure has been detected by Buildroot autobuilder, see:
- http://autobuild.buildroot.net/results/b59d5bc5bd17683a3a1e3577c40c802e81911f84/
Extend compile time condition for the enablement of the macsec hardware
offload adding Linux headers version check.
Fixes: 40c139664439 ("macsec_linux: Add support for MACsec hardware offload") Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Dan Harkins [Fri, 23 Aug 2024 17:50:36 +0000 (10:50 -0700)]
DPP: Support for provisioning SAE password identifiers (Enrollee)
DPP supports provisioning of SAE password identifiers to uniquely
identify a password if the enrollee indicates support for them. Indicate
Enrollee support for that and add the received value into the network
profile.
I put everything under defines for CONFIG_DPP3 as this is a bleeding
edge feature in DPP.
This was tested against my DPP reference implementation acting as the
Configurator.
Cermak Dominik [Thu, 29 Aug 2024 08:01:21 +0000 (08:01 +0000)]
nl80211: Pass "global" events to all interfaces
We got connection failures because of outdated channel information.
That's because the NL80211_CMD_REG_CHANGE event is important for all
interfaces.
Commit f13683720239 ("nl80211: Pass wiphy events to all affected
interfaces") skips the early termination for events directed to a wiphy,
but that doesn't cover the regulatory change event because it doesn't
have a wiphy set either. Therefore the early termination still kicks in
and from three interfaces, only one got the updated channel list.
Fix this by changing the early termination logic to only apply to events
directed either to a specific interface index for wdev.
AP MLD: Check SAE message length without depending on pointer arithemetic
The way this was checked previously used pointer arithmetic could result
in undefined behavior due to the pointer ending up pointing more than
one byte beyond the end of the buffer. Avoid this by checking the buffer
length before incrementing the pointer.
Fixes: bcbe80a66a9b ("AP: MLO: Handle Multi-Link element during authentication") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
AP MLD: Work around delayed STA entry addition for SAE confirm
The driver is expected to have an STA entry for a non-AP MLD ready to
translate the address fields for SAE confirm messages. However, there is
at least a theoretical race condition in a case where the peer sends the
SAE confirm message quickly enough for the driver translation mechanism
to not be available to update the SAE confirm message addresses. Work
around that by searching for the STA entry using the link address of the
non-AP MLD if no match is found based on the MLD MAC address.
AP MLD: Introduce MLD level control interface socket
With MLO, each link have socket created with "<ifname>_link<link id>"
under the control interface directory.
Introduce a MLD level socket "<ifname>" as well under the same control
interface directory. This socket can be used to pass the command to its
partner links directly instead of using the link level socket. Link ID
needs to be passed with the command in a prefix way. If no Link ID is
provided the first link ID is selected.
The structure of the command is -
"LINKID <link id> <COMMAND APPLICABALE FOR THE LINK>"
Directory looks something like this -
$ ls /var/run/hostapd/
wlan0
wlan0_link0
wlan0_link1
wlan0 here is the MLD level socket. Rest are each link level sockets.
This also helps to maintain backwards compatibility with applications
which looks for <ifname> under the control interface directory.
Create link based control sockets to access the link based commands
through hostapd_cli. This will create the link interfaces in the name of
<ifname>_link<X>
Example:
To fetch link 0 status from wlan0, below command can be used -
$ hostapd_cli -i wlan0 -l 0 status
On failure of link/interface selection, below error will be observed
$ hostapd_cli -i wlan0 -l 2 status
Failed to connect to hostapd - wpa_ctrl_open: No such file or directory
Jouni Malinen [Thu, 29 Aug 2024 17:21:31 +0000 (20:21 +0300)]
tests: Clear scan cache in wifi_display_parsing
This is needed to avoid false failures if an old BSS entry is still
present for dev[0]. This could happen, e.g., with the following test
case sequence: wpas_mesh_max_peering wifi_display_parsing
Jouni Malinen [Thu, 29 Aug 2024 13:14:43 +0000 (16:14 +0300)]
tests: Make rsn_override_mld_too_long_elems more robust
Wait longer for the disconnection event since the previous wait was
exactly the same length as the authentication timeout in wpa_supplicant
and as such, subject to race conditions.
projects / thirdparty / hostap.git / log
