Aloka Dixit [Wed, 7 Aug 2024 18:34:52 +0000 (11:34 -0700)]
hostapd: Enable HE when EHT is set for channel switch
Channel switch operation fails if 'eht' option is given without 'he'
as hostapd_config_check() returns following error:
"Cannot set ieee80211be without ieee80211ax"
The issue is seen only when switching within/to DFS channels because
hostapd_switch_channel_fallback() does not set 'ieee80211ax' in
hostapd configuration unless 'he_enabled' is set for the new channel.
Set 'he_enabled' in struct hostapd_freq_params for channel switch
when EHT is enabled.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
AP MLD: Handle Vendor Specific element inheritance in per STA profile
As per IEEE P802.11be/D7.0, 35.3.3.5.1 (Inheritance in the Per-STA
Profile subelement of Basic Multi-Link element), Note 1, if there exists
one or more Vendor Specific elements carried in a Management frame that
includes the Basic Multi-Link element containing a per-STA profile for a
reported STA, and the contents of the Information field for at least one
of the Vendor Specific elements is not the same as that of at least one
Vendor Specific element that applies to the reported STA, then each
Vendor Specific element that applies to the reported STA is included in
its Per-STA Profile subelement.
Sriram R [Wed, 7 Aug 2024 06:41:44 +0000 (12:11 +0530)]
AP MLD: Add non-inheritance support for per STA profile reporting
There can be an element in the reporting BSS which is not there in the
reported BSS. This element should not be inherited in the per STA
profile. Hence to indicate this, the corresponding per STA profile
should include a Non-Inheritance element in the per STA profile.
Include Non-Inheritance element in the per STA profiles when needed.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com> Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Sriram R [Wed, 7 Aug 2024 06:41:43 +0000 (12:11 +0530)]
AP MLD: Intersect per STA profile with the reporting BSS
If an element is present in the reporting BSS and it is also present in
the reported BSS and the contents are same, ideally, the reported BSS
need not carry such element in its per STA profile. Such elements are
assumed to be inherited from the reporting BSS.
Intersect the reported BSS profile with the reporting BSS and avoid such
element inclusion.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com> Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Sriram R [Wed, 7 Aug 2024 06:41:41 +0000 (12:11 +0530)]
AP MLD: Generate and keep per STA profiles for each link
Currently, upon receiving a Probe Request frame, per STA profile is
generated and added to the Probe Response frame. However, the per STA
profile remains unchanged unless there’s a property change in one of the
affliated link of the AP MLD. This approach introduces unnecessary delay
in forming and sending out the Probe Response frame.
To optimize this process, generate the per STA profile for each link at
the start and store it. When needed, it can be simply copied into the
Probe Response frame. Additionally, whenever there’s a change in the
link’s properties, re-generate the per STA profiles for all affiliated
links of the AP MLD.
As an initial step, copy the complete per STA profile and store it
within the links. The intersection with reporting BSS and inheritance
will be addressed in a subsequent change. Then finally, this will be
used to generate the Probe Response frame. As of this commit, no change
in adding per STA profiles in the Probe Response frame.
Sriram R [Wed, 7 Aug 2024 06:41:40 +0000 (12:11 +0530)]
Move mld_link_info structure to hostapd.h header file
At present, the mld_link_info structure is nested within the mld_info
structure. However, a future modification will require mld_link_info to
be outside of mld_info. To address this, move the mld_link_info
structure to hostapd.h so that it can be accessed both in the current
context and in the location needed for the upcoming change.
No functional changes.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com> Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Amith A [Wed, 7 Aug 2024 06:04:07 +0000 (11:34 +0530)]
Add support to switch channel when CAC is in progress
Prior to initiating communication on a DFS channel, channel availability
check needs to be performed. During this period, the AP does not beacon.
Hence, no channel switch was allowed during this period. However, if a
user wishes to switch to a non-DFS channel during the potentially long
CAC period and start transmission immediately, there is no provision to
do that currently.
Extend the existing CHAN_SWITCH control interface command to allow
channel switch even when the AP is in CAC state. To do this, first
disable the interface to abort the CAC in progress and then configure
the interface with the new parameters and finally re-enable the
interface.
Signed-off-by: Amith A <quic_amitajit@quicinc.com>
WNM: Fix potential NULL pointer dereference during assoc response handling
In the send_assoc_resp() function, there’s a chance that the sta
argument could be NULL. Therefore, it’s crucial not to directly
dereference sta without first checking whether it’s a valid pointer.
However, commit 58ac46baf7b0 (“WNM: AP configuration to allow BSS max
idle period requests”) introduces direct dereferencing of max idle
period from sta, which might lead to a NULL pointer dereference. Fix
this now.
Fixes: 58ac46baf7b0 ("WNM: AP configuration to allow BSS max idle period requests") Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com> Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Karthik M [Tue, 16 Jul 2024 10:14:06 +0000 (15:44 +0530)]
hostapd: Add Bandwidth Indication subelement support for channel switch
The Bandwidth Indication subelement contains channel bandwidth, channel
center frequency, and optionally punctured subchannels.
As per IEEE P802.11be/D7.0, 35.15.3 (Channel switching methods for an
EHT BSS), if a Channel Switch Announcement element or an Extended
Channel Switch Announcement element is used to announce a switch to an
EHT BSS operating channel width wider than 160 MHz or to an EHT BSS
operating channel width including at least one punctured 20 MHz
subchannel, the Bandwidth Indication subelement in the Channel Switch
Wrapper element shall be present in the same frame.
Hence, add it into the Beacon and Probe Response frames under the above
mentioned conditions.
Signed-off-by: Karthik M <quic_karm@quicinc.com> Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Karthik M [Tue, 16 Jul 2024 10:14:05 +0000 (15:44 +0530)]
hostapd: Refactor Channel Switch Wrapper element generation
The Wide Bandwidth Channel Switch subelement was directly appended in
the Channel Switch Wrapper element function
hostapd_eid_wb_chsw_wrapper(). However, a subsequent change would add
Bandwidth Indication subelement in the Channel Switch Wrapper element.
Hence using the same function name would be confusing.
Hence, refactor the current code into two functions. The first function
hostapd_eid_chsw_wrapper() forms the channel switch wrapper element.
This calls hostapd_eid_wb_channel_switch() to add a Wide Bandwidth
Channel Switch subelement inside it.
No functionality change.
Signed-off-by: Karthik M <quic_karm@quicinc.com> Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
During MLO, an nl80211_cqm_event may be received by any BSS. Directing
this event to the first BSS may not be suitable as it might not
correspond to the link the event is meant for. Hence, there is a need to
handle this on per-BSS basis.
Therefore, handle nl80211_cqm_event per BSS. The event handler further
uses the address information present in the event to fetch the intended
link BSS if no matching STA entry was found based on the initial
ap_get_sta() call.
Relocate the declaration of the hostapd_find_by_sta() function to top
The hostapd_find_by_sta() function may be utilized by multiple driver
events. Therefore, it should be declared at the outset to ensure
accessibility by all event handlers.
hostapd: Add Max Channel Switch Time element support
The Max Channel Switch Time element indicates the time delta between the
time the last beacon is transmitted by the AP in the current channel and
the expected time of the first Beacon frame transmitted by the AP in the
new channel.
IEEE P802.11be/D7.0, 35.3.11 (ML procedures for (extended) channel
switching and channel quieting) indicates that if an AP affiliated with
an AP MLD is switching channel, Max Channel Switch Time element shall be
included in every Beacon and Probe Response frame it transmits.
Add support to include the Max Channel Switch Time element in Beacon and
Probe Response frames during channel switch announcement for an AP
affiliated with an AP MLD.
Share usec-to/from-TU conversion macros in a general location
These can be used outside the context of FST and hostapd.c, so move the
macro definitions into a shared header file. In addition, fix the
currently unused US_TO_TU() definition and rename "US" to "USEC".
AP MLD: Ensure successful addition of link item into list
Currently, hapd->link is added to the MLD links list during driver
initialization and setup BSS operation. However, a call trace has been
observed where a BSS link item is not present in the list and an attempt
is made to delete it from the list. This scenario occurs during the
deinitialization operation, which calls hostapd_bss_link_deinit() and
tries to remove the hapd->link which is not present in the list.
Ensures that the link item is added to the list only after the
successful operation of link addition. Also ensure that mld->num_links
increments only when the addition is successful. Therefore, return from
hostapd_bss_link_deinit(), if mld->num_links is zero. Since the mld
object is shared among all the links, num_links has to be incremented
only when the addition is successful.
SAE: Add group 20 in default groups when AP started with SAE-EXT-KEY
hostapd used to always enable only the group 19 when SAE groups were not
configured explicitly in hostapd.conf. This may cause undesired
connection delay with STAs which use group 20 as the primary group with
SAE-EXT-KEY AKM during SAE authentication attempt.
To avoid this, enable group 20 in default groups when AP supports
SAE-EXT-KEY and SAE groups have not been configured explicitly in
hostapd.conf.
nl80211: Fix simultaneous scanning failure in case of MLO
Currently only one scan can be performed on per phy level at a time in
the driver. Due to this, if another scan request is sent via anoother
underlying phy, the kernel returns -EBUSY. This would result in hostapd
trying to set the interface into station mode if it was originally in AP
mode and retry sending a scan request. However, this behavior is
expected in case of multi link operation and hence there is no need to
switch the mode as such.
Hence, add logic to not change the NL mode if the kernel returns -EBUSY
during multi link AP operation. The caller can accordingly decide and,
if needed, it can re-schedule a scan request after some time.
nl80211: Fix scan request and its related events handling with MLO
Currently, whenever a scan is started, it uses drv's first BSS only
whether it is AP or STA interface. However, with AP MLD related changes,
the same drv could be used by other BSSs as well which needs scanning.
Hence, the current logic will not work since scan needs to be handled on
a non-first BSS as well.
Move the logic of always using drv's first BSS during scan events to
using BSS on which the event arrived.
Also, for AP MLD operation, even though the BSS is same, the link BSS
also needs to be identified. Hence, add a back pointer in the BSS struct
which would be used to point to the link BSS which requested the scan on
that BSS. This will help in routing the scan events to an appropriate
BSS ctx.
Gal Savion [Wed, 1 May 2024 11:11:39 +0000 (14:11 +0300)]
Avoid sending DEAUTH or DISASSOC packet when using flag tx=0
hostapd would send DISASSOC packet (after quiet DEAUTH) or DEAUTH packet
(after quiet DISASSOC) to the station after some inactivity timeout,
even though the command has tx=0 parameter. Fix this so that tx=0 cleans
the STA info without sending any DISASSOC or DEAUTH packets.
This can be used with a clangd server to get code completion and cross
references in editor. To simplify the generation, create .cmd files for
most object files while building that contains the base directory and
command that was used when compiling it.
A very simple gen_compile_commands.py is provided which will read one or
more build directories and generate the compile_commands.json file for
it.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Matthew Wang [Tue, 4 Jun 2024 21:02:16 +0000 (21:02 +0000)]
Trigger a 6 GHz scan if RNR contains matching short SSID
If a scan triggers a regdom update into a 6 GHz-allowed regdom, and an
RNR element in one of the legacy band scan results points to a 6 GHz
scan result with a short SSID matching the current_ssid, delay
connection in favor of a 6 GHz-only scan. This will optimize the case in
which we first connect to a 5 GHz AP, then later roam to a 6 GHz one by
directly connecting to the 6 GHz one.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Matthew Wang [Tue, 4 Jun 2024 21:02:16 +0000 (21:02 +0000)]
Fix success check for triggering 6 GHz scan
wpas_trigger_6ghz_scan() returns 1 on success and 0 on failure to
trigger the scan. Checking the return value to be less than zero is not
correct. This was supposed to check for success, i.e., greater than
zero.
Fixes: 42add3c27ba0 ("Scan 6 GHz channels after change to 6 GHz-allowed regdom") Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Jintao Lin [Wed, 31 Jul 2024 18:50:01 +0000 (18:50 +0000)]
P2P: Use specified frequency for group client in P2P_GROUP_ADD command
In P2P_GROUP_ADD command and GroupAdd dbus method, frequency is passed
in as a parameter when restarting a persistent group. This is the group
operating frequency determined out of band. Use this pre-determined
frequency in P2P client as well to expedite the P2P scan.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
Ruth Mekonnen [Wed, 12 Jun 2024 20:09:43 +0000 (20:09 +0000)]
dbus: Emit ScanInProgress6GHz property
Expose whether a 6 GHz scan is in progress with the ScanInProgress6GHz
property and flush properties as soon as the property is updated, so
that platforms can choose not to disconnect while a 6 GHz scan is in
progress. Once the 6 GHz scan has completed and scan results have been
received, the ScanInProgress6GHz property is reset to false.
When non_coloc_6ghz = false, the STA is expected to scan for colocated
APs. However, if the colocated AP is on a non-PSC channel, it will not
be detected during the 6 GHz-only scan because the frequency list is
limited to PSC channels. Even when the NL80211_SCAN_FLAG_COLOCATED_6GHZ
is set, the cfg80211 only scans a subset of the channels in the original
6 GHz scan request. Therefore, this patch adds non-PSC channels to the
original 6 GHz scan request.
Benjamin Berg [Mon, 29 Apr 2024 11:51:57 +0000 (13:51 +0200)]
WNM: Scan for BSSID if there are forbidden neighbors
The test to scan for a single BSSID assumed that there is only a single
neighbor in the candidate list. Also do this optimization if there are
multiple neighbors but only one of them is valid.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Benjamin Berg [Mon, 29 Apr 2024 11:51:55 +0000 (13:51 +0200)]
WNM: Always parse candidate list
The preferred candidate list included bit just makes parsing the list
mandatory. The AP may still include a candidate list which we should use
to be able to optimize scanning. As such, always parse out the list but
still verify that if the list is not empty if the bit is set.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Benjamin Berg [Mon, 29 Apr 2024 11:51:54 +0000 (13:51 +0200)]
WNM: Consolidate the scanning paths for BTM requests
There was an ancient code path to trigger a scan that was apparently
forgotten when the code was extended over time. It does not make any
sense to trigger a scan twice, so remove the earlier scan.
The earlier scan call was avoiding to trigger a new scan if a fixed
BSSID is configured. This seems like a reasonable restriction to do, so
add this check before starting a scan.
Consolidate everything so that scanning happens at the end of the
functions unless we bail out before. Add a "reset" label for all other
cases to ensure that we don't leave things in the a bad state.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
MBO: Always accept BTM request with disassociation imminent bit set
According to Multiband Operation specification (r17, section 3.5.2),
a BSS Transition Management Request with the disassociation imminent
bit set should always be accepted.
This is enforced in case the request did not include a candidate list.
However, in case a candidate list was included but none of the APs in
the candidate list was found in the scan results, the request is
rejected.
Fix that by always accepting a request with the disassociation imminent
bit set even if no roaming candidate was found.
Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Benjamin Berg [Mon, 29 Apr 2024 11:51:50 +0000 (13:51 +0200)]
tests: Set the abridged bit in BTM tests
Many of the WNM tests assume that the supplicant will only select a
neighbor that was included in the candidate list. However, without the
abridged bit being set, the supplicant is allowed to also select any BSS
that is not explicitly included in the list.
Prepare for the supplicant handling the abridged bit by setting it in
the tests where relevant.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Benjamin Berg [Mon, 29 Apr 2024 11:51:48 +0000 (13:51 +0200)]
WNM: Move neighbor report test into wnm_is_bss_excluded()
Having it in wnm_is_bss_excluded() is more generic as it works for other
locations (e.g., MLD link selection). So move the test and add a check
for the abridged bit while at it. Note that without the abridged bit
check another check would be needed (e.g., checking wnm_dialog_token) to
ensure that there isn't a rejection unless a BTM is in progress.
compare_scan_neighbor_results() calls wpa_scan_res_match() which calls
wnm_is_bss_excluded() so the previous behavior is maintained for WNM
scan result processing.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Benjamin Berg [Mon, 29 Apr 2024 11:51:47 +0000 (13:51 +0200)]
WNM: Swap logic in wnm_is_bss_excluded() to allow more checks
Following commits will move more checks into wnm_is_bss_excluded().
Prepare for that by changing the logical flow so that further checks can
be inserted.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Benjamin Berg [Mon, 29 Apr 2024 11:51:46 +0000 (13:51 +0200)]
WNM: Remove unused age parameter for neighbor comparison
compare_scan_neighbor_results() was taking an age parameter to check
whether the BSS has been seen recently. This was used historically in a
codepath when no new scan was done. However, the logic was changed in
commit 20ed289a785c ("WNM: Clean up old scan data processing") and the
parameter is not used at all anymore as it is replaced by a different
logic. Remove it.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Benjamin Berg [Mon, 29 Apr 2024 11:51:45 +0000 (13:51 +0200)]
WNM: Split candidate list parsing into a separate function
ieee802_11_rx_bss_trans_mgmt_req() is already dealing with a lot of
things including the decisions on how to act on the frame. Split out
candidate list parsing to make it easier to work with the function.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Benjamin Berg [Mon, 29 Apr 2024 11:51:43 +0000 (13:51 +0200)]
WNM: Store whether disassociation address is an MLD MAC address
Commit 17a2aa822c26 ("WNM: Follow BTM procedure if the last link is
dropped") added code to store either the MLD MAC address or BSSID when
being disassociated. However, it did not save which one was stored
making the tests later on awkward.
Store whether it was an MLD MAC address or not and then do the test
accordingly.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Benjamin Berg [Mon, 29 Apr 2024 11:51:42 +0000 (13:51 +0200)]
WNM: Only trigger selection logic for own scans
Commit e508c070c40e ("WNM: Keep BTM information until connection
completes") changed the logic so that much of the information about a
transition management request will be kept around for longer. However,
doing this also implies that the scan logic can be called multiple times
with wnm_dialog_token being set.
Add a guard to bail out if the scan was not done for a BTM request. But,
add it after the transition candidate validity check so that we reset
the state when a new scan invalidated it.
However, invalidation does not make sense for any scan, primarily an ML
probe request during a connection attempt should not trigger
invalidation. So move the call to wnm_scan_process() further down in the
list to avoid issues.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Add QCA vendor attribute to skip recently scanned channels
Add a new vendor attribute
QCA_WLAN_VENDOR_ATTR_SCAN_SKIP_CHANNEL_RECENCY_PERIOD for sub command
QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN to skip the recently scanned
channels within specified time (in ms), thus reducing the number of
channels for requested scan.
For MLO association, specify the destination address as the AP MLD MAC
address for sending EAPOL frames. Previously, this was set to the BSSID
in all cases (and hoped for the driver to map it to MLD MAC address when
needed).
David Bauer [Sun, 28 Apr 2024 13:13:43 +0000 (15:13 +0200)]
bgscan: Add OWE transition mode SSID to network scan
Add transition mode SSIDs to the SSID scan-list for bgscan. This is
currently missing and bgscan fails to scan for SSIDs on the OWE
transition network if one is currently used.
David Bauer [Sun, 28 Apr 2024 13:13:41 +0000 (15:13 +0200)]
OWE: Enable roaming between OWE APs
This allows to use the ROAM control interface command to force roaming
on a transition network. Previously, this was not possible, as the open
SSID is stored for the connection profile. Add a new function to also
return OWE transition networks if the profile SSID is set as the
transition-ssid for the OWE RSN network.
Johannes Berg [Wed, 24 Jul 2024 17:37:07 +0000 (19:37 +0200)]
hostapd: Fix BSS parameters change count on link removal
The value currently is simply incremented, but it must not
reach 255 and rather wrap around from 254 to 0, since in
the Reduced Neighbor Report 255 means unknown. Fix that.
Fixes: d95838b7932b ("AP: Add support for testing ML link removal") Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add QCA vendor subcommand to request audio transport switch
Add a new sub command QCA_NL80211_VENDOR_SUBCMD_AUDIO_TRANSPORT_SWITCH
to request the audio data transport switch in both the command and event
path. This is used when two or more audio data transports are available
between peers.
SAE: Send external auth status after sending Authentication frame
The driver might delete the STA node details on receiving external auth
status. In SAE authentication failure case on the AP, an Authentication
frame with a failure status is sent to the driver after sending the
external auth status. Authentication frame transmission didn't have a
dependency with STA node details earlier, but with MLO, Authentication
frames should be transmitted using the link address for a given MLD MAC
address by the supplicant. Since MLD to link address translation is done
by the driver, the STA node details are required to transmit the
Authentication frame. Hence, send external auth status to the driver
after sending the Authentication frame.
SAE external auth was introduced in commit 4ffb0fefe4e7 ("hostapd:
Support external authentication offload in AP mode"), which requires the
change in order of sending Authentication frame and auth status in case
of failure when using MLO.
RSNO: Verify all RSNE/RSNXE variants in multi-link cases
Use the RSN Override Link KDE to include the override variants of the
RSNE/RSNXE for each link so that all variants are verifies when
processing the protected EAPOL-Key message 3/4.
RSNO: Use SNonce cookie to indicate support for RSN overriding
This provides an implicitly protected (SNonce is used as an input to PTK
derivation) mechanism for a STA to indicate support for RSN overriding
in a manner that does not cause interopability issues with deployed APs.
In addition, update sm->SNonce on the Authenticator only based on
message 2/4 since that is the only EAPOL-Key message that is defined to
provide the actual SNonce value. While clearing of this internal buffer
on message 4/4 might not cause issues, it is better to keep the actual
SNonce value here since the SNonce cookie can be used at a later point
in the sequence.
RSNO: Use the RSN Selection element to indicate which variant was used
This replaces the use of the RSNE Override and RSNE Override 2 elements
with empty payload to indicate which RSNE variant was used.
In addition, this adds stricter validation of the RSNE in
(Re)Association Request frame to allow only the pairwise cipher suites
and AKMs listed in the indicated RSNE variant to be used.
hostapd_eid_assoc_fils_session() might return NULL if memory allocation
fails. This NULL value then will be used for invalid calculation and
cause unspecified behavior or be dereferenced unexpectedly. Avoid this
with an explicit check of the returned pointer.
Testing functionality to allow EAPOL-Key Reserved field to be set
The new hostapd configuration parameter eapol_key_reserved_random=1 can
be used for testing STA/Supplicant functionality to accept a random
value in the Reserved field within EAPOL-Key frames.
Add an explicit rsn_override_omit_rsnxe=1 configuration parameter to
allow the RSNXE to be omitted when using the RSNXOE and wanting to
minimize interoperability issues with STAs that might recognize the
RSNXE, but not handle it correctly, e.g., when multiple octets of
payload is included.
Hu Wang [Wed, 26 Jun 2024 03:05:12 +0000 (20:05 -0700)]
Enhance select_network() to trigger new scans in some cases
wpa_supplicant select_network() relies on fast_associate to reuse old
scan results. However, this approach does not apply in some cases in
Android:
1 - If the selected network is hidden, and the SSID is in Chinese,
Android switches between fallback SSIDs, necessitating a new scan for
switching between different hidden SSIDs.
2 - Similarly, if the selected SSID is OWE (Opportunistic Wireless
Encryption), and the OWE SSID bands have been changed, select_network()
requires a fresh scan to discover hidden OWE SSIDs.
To address these, enhance select_network() to trigger new scans instead
of relying on fast_associate. This improves network selection behavior
in Android.
Fallback to RSNXE when AP is not using valid RSN Overrding
wpa_supplicant was ignoring RSNXE also if the AP is not using valid
RSN overriding combination when the STA supports RSN overriding. Fix
this fallback to the RSNXE when AP is not using valid RSN overriding.
Vinay Gannevaram [Tue, 12 Dec 2023 07:38:40 +0000 (13:08 +0530)]
Add QCA vendor interface to support Unsynchronized Service Discovery
Add a new QCA command QCA_NL80211_VENDOR_SUBCMD_USD and related
attributes to support Unsynchronized Service Discovery (USD).
Device in active subscriber role sends SDF frames with service
information to find devices that advertise or publish the required
services. Device address, operation type, instance id, service_id,
channel info, service specific info, element container attribute, and
timeout are sent to the driver to initiate USD publish or USD subscribe
operation. The driver sends QCA_NL80211_VENDOR_SUBCMD_USD event with
instance_id and the USD operation status. QCA_NL80211_VENDOR_SUBCMD_USD
is also used to update publish operation and to cancel the publish or
subscribe operation for a service. It also allows all the operations to
be terminated using the USD flush command.
Jouni Malinen [Wed, 11 Oct 2023 09:48:05 +0000 (12:48 +0300)]
RSNE/RSNXE overriding for AP
Allow hostapd to be configured to advertised two separate sets of
RSNE/RSNXE parameters so that RSNE/RSNXE can use a reduced set of
capabilities (e.g., WPA2-Personal only) for supporting deployed STAs
that have issues with transition modes while the new override elements
can use a newer security option (e.g., WPA3-Personal only) for STAs that
support the new mechanism.
Update the version number for the build and also add the ChangeLog
entries for both hostapd and wpa_supplicant to describe main changes
between v2.10 and v2.11. Update the copyright years for the main
programs.
dbus: Fix memory leak with Bonjour params for a P2P UPnP service
Using D-Bus, it is possible to add a valid UPnP service where 'query'
and 'response' are specified. In this case, memory for 'query' and
'response' is allocated but not used nor freed. Valgrind complains as
follows:
42 bytes in 1 blocks are definitely lost in loss record 32 of 75
at 0x484C214: calloc (vg_replace_malloc.c:1675)
by 0x41C673: wpabuf_alloc (wpabuf.c:124)
by 0x41C673: wpabuf_alloc_copy (wpabuf.c:162)
by 0x54F41A: wpas_dbus_handler_p2p_add_service (dbus_new_handlers_p2p.c:2762)
by 0x53B9A2: msg_method_handler (dbus_new_helpers.c:356)
by 0x53B9A2: message_handler (dbus_new_helpers.c:412)
by 0x4EAB4B8: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.19.13)
by 0x5495DF: dispatch_data (dbus_common.c:37)
by 0x5495DF: process_watch (dbus_common.c:73)
by 0x5495DF: process_watch_read (dbus_common.c:89)
by 0x41EE8E: eloop_sock_table_dispatch.part.0 (eloop.c:603)
by 0x41FA46: eloop_sock_table_dispatch (eloop.c:597)
by 0x41FA46: eloop_run (eloop.c:1233)
by 0x56A3CE: wpa_supplicant_run (wpa_supplicant.c:8074)
by 0x40DB06: main (main.c:393)
49 bytes in 1 blocks are definitely lost in loss record 37 of 75
at 0x484C214: calloc (vg_replace_malloc.c:1675)
by 0x41C673: wpabuf_alloc (wpabuf.c:124)
by 0x41C673: wpabuf_alloc_copy (wpabuf.c:162)
by 0x54F348: wpas_dbus_handler_p2p_add_service (dbus_new_handlers_p2p.c:2755)
by 0x53B9A2: msg_method_handler (dbus_new_helpers.c:356)
by 0x53B9A2: message_handler (dbus_new_helpers.c:412)
by 0x4EAB4B8: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.19.13)
by 0x5495DF: dispatch_data (dbus_common.c:37)
by 0x5495DF: process_watch (dbus_common.c:73)
by 0x5495DF: process_watch_read (dbus_common.c:89)
by 0x41EE8E: eloop_sock_table_dispatch.part.0 (eloop.c:603)
by 0x41FA46: eloop_sock_table_dispatch (eloop.c:597)
by 0x41FA46: eloop_run (eloop.c:1233)
by 0x56A3CE: wpa_supplicant_run (wpa_supplicant.c:8074)
by 0x40DB06: main (main.c:393)
Fix this ensuring that query and resp are freed both in the error and
non-error path of wpas_dbus_handler_p2p_add_service(). Also, add a test
in test_dbus.py to verify the correct behavior.
Sunil Ravi [Thu, 18 Jul 2024 23:10:46 +0000 (23:10 +0000)]
Move NULL check for driver private data (drv_priv)
In the hostapd_cleanup_driver() function, the NULL check for the driver
private data (drv_priv) is located within the CONFIG_IEEE80211BE feature
flag. As a result, on platforms where CONFIG_IEEE80211BE is not defined,
driver->hapd_deinit(drv_priv) is called with drv_priv set to NULL. This
leads to a null pointer exception in wpa_driver_nl80211_deinit().
To address this issue, move the NULL check for drv_priv outside the
CONFIG_IEEE80211BE build flag. This ensures that the check is performed
regardless of the value of CONFIG_IEEE80211BE, preventing the NULL
pointer exception.
Fixes: df34c2ced34f ("AP MLD: De-initialize/disable link BSS properly") Signed-off-by: Sunil Ravi <sunilravi@google.com>
Currently wpa_ft_parse_ies() is setting FTE information to wpa_buf
pointer data which is generated after defragmentation. This data will
not contain FTE and Fragment element(s) headers.
IEEE P802.11be/D5.0 describes the MIC to be calculated on the
concatenation of FTE and corresponding Fragment element(s) which
implies the element headers are included for each element in the
fragmented case.
Fix this by correctly populating FTE information when FTE is
fragmented.
Fixes: 43b5f11d9 ("Defragmentation of FTE") Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Michael-CY Lee [Tue, 9 Apr 2024 06:50:23 +0000 (14:50 +0800)]
MLD STA: Find partner links by BSSID and SSID
Non-AP MLD finds AP MLD's partner links by BSSID from the scan results.
However, if the scan results contain BSSs with the same BSSID but
different BSS information, the non-AP MLD might assign a wrong BSS to
one of the AP MLD's partner links.
Avoids the problem by using both BSSID and SSID to find the AP MLD's
partner links.
Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
During CSA with DFS channels, disable, enable interface is a part of the
algorithm. When interface was enabled old operating class before switch
and new channel were used causing mismatch in
configured_fixed_chan_to_freq() function.
Example of log when switch from channel 157 to 108 was triggered:
"Could not convert op_class 124 channel 108 to operating frequency"
Fixes: bb781c763 ("AP: Populate iface->freq before starting AP") Signed-off-by: Marek Kwaczynski <marek@mazekey.pl>
projects / thirdparty / hostap.git / log
