Ke Huang [Tue, 20 Jun 2023 08:03:34 +0000 (16:03 +0800)]
Define QCA vendor roam control RSSI attributes
Add three vendor roam control attributes to configure the roaming
parameters dynamically.
QCA_ATTR_ROAM_CONTROL_CONNECTED_LOW_RSSI_THRESHOLD controls the
connected AP's low RSSI threshold to trigger the neighbor lookup.
QCA_ATTR_ROAM_CONTROL_CANDIDATE_ROAM_RSSI_DIFF and
QCA_ATTR_ROAM_CONTROL_6GHZ_CANDIDATE_ROAM_RSSI_DIFF control the RSSI
difference threshold between the connected AP and the new candidate AP
for the roam to trigger.
Extend QCA vendor command to include more parameters for netdev events
Extend enum qca_wlan_vendor_attr_mlo_peer_prim_netdev_event to add MLD
MAC address, the number of links, and link info. Link info contains
ifindex and MAC address of each link of a non-AP MLD that was negotiated
in ML association.
Chunquan Luo [Tue, 8 Aug 2023 06:51:50 +0000 (23:51 -0700)]
QCA vendor attributes for updating roaming AP BSSID info
Add vendor attribute IDs QCA_WLAN_VENDOR_ATTR_ROAM_STATS_ORIGINAL_BSSID,
QCA_WLAN_VENDOR_ATTR_ROAM_STATS_CANDIDATE_BSSID, and
QCA_WLAN_VENDOR_ATTR_ROAM_STATS_ROAMED_BSSID for updating roaming AP
BSSID to user space to enable user space collecting the BSSID for
roaming issues.
Signed-off-by: Chunquan Luo <quic_chunquan@quicinc.com>
EHT: Support puncturing for 320 MHz channel bandwidth
Determine the channel width by operating class for the 6 GHz band when
validating puncturing bitmap. This is needed to allow puncturing to be
used with 320 MHz channels.
Jouni Malinen [Fri, 11 Aug 2023 17:35:34 +0000 (20:35 +0300)]
wlantest: Guess SAE/OWE group from EAPOL-Key length mismatch
The MIC length depends on the negotiated group when SAE-EXT-KEY or OWE
key_mgmt is used. wlantest can determine the group if the capture file
includes the group negotiation, i.e., the initial association when a PMK
was created. However, if the capture file includes only an association
using PMKSA caching, the group information is not available. This can
result in inability to be able to process the EAPOL-Key frames (e.g.,
with the "Truncated EAPOL-Key from" message).
If the negotiated group is not known and an EAPOL-Key frame length does
not seem to match the default expectations for group 19, check whether
the alternative lengths for group 20 or 21 would result in a frame that
seems to have valid length. If so, update the STA entry with the guessed
group and continue processing the EAPOL-Key frames based on this.
Ilan Peer [Tue, 25 Jul 2023 07:16:57 +0000 (12:46 +0530)]
AP: Add configuration option to specify the desired MLD address
Add mld_addr configuration option to set the MLD MAC address.
The already existing bssid configuration option can be used to
control the AP MLD's link addresses.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com> Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
Michael Lee [Thu, 27 Jul 2023 08:29:22 +0000 (16:29 +0800)]
wpa_supplicant: Fix configuration parsing error for tx_queue_*
In the original flow, after hostapd_config_tx_queue() successfully
parses a tx_queue variable, wpa_config_process_global() would not return
immediately. Then it would print out "unknown global field" later and set
return val to -1.
Return success (0) after hostapd_config_tx_queue() successfully parses a
tx_queue variable to fix this.
Fixes: 790026c3daa2 ("Allow TX queue parameters to be configured for wpa_supplicant AP/P2P GO") Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
Felix Fietkau [Mon, 7 Aug 2023 19:59:47 +0000 (21:59 +0200)]
BSS coloring: Fix CCA with multiple BSS
Pass bss->ctx instead of drv->ctx in order to avoid multiple reports for
the first bss. The first report would otherwise clear hapd->cca_color and
subsequent reports would cause the iface bss color to be set to 0.
In order to avoid any issues with cancellations, only overwrite the color
based on hapd->cca_color if it was actually set.
Fixes: 33c4dd26cd11 ("BSS coloring: Handle the collision and CCA events coming from the kernel") Signed-off-by: Felix Fietkau <nbd@nbd.name>
Henry Ptasinski [Thu, 13 Jul 2023 13:29:32 +0000 (15:29 +0200)]
Fix CCMP test vector issues
Commit b20991da6936a1baae9f2239ee127610a6f5335d introduced errors in
the order of arguments to the calls of ccmp_decrypt() and
ccmp_256_decrypt(). Correct the order of arguments.
Fixes: b20991da6936 ("wlantest: MLD MAC Address in CCMP/GCMP AAD/nonce") Signed-off-by: Henry Ptasinski <henry@e78com.com>
Chien Wong [Sun, 6 Aug 2023 15:15:48 +0000 (23:15 +0800)]
Fix a compiler warning on prototype mismatch
Fix the warning:
wpa_supplicant.c:2257:5: warning: conflicting types for
‘wpas_update_random_addr’ due to enum/integer mismatch; have ‘int(struct
wpa_supplicant *, enum wpas_mac_addr_style, struct wpa_ssid *)’
[-Wenum-int-mismatch]
2257 | int wpas_update_random_addr(struct wpa_supplicant *wpa_s,
| ^~~~~~~~~~~~~~~~~~~~~~~
In file included from wpa_supplicant.c:32:
wpa_supplicant_i.h:1653:5: note: previous declaration of
‘wpas_update_random_addr’ with type ‘int(struct wpa_supplicant *, int,
struct wpa_ssid *)’
1653 | int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int
style,
| ^~~~~~~~~~~~~~~~~~~~~~~
Fixes: 1d4027fdbef2 ("Make random MAC address style parameters use common enum values") Signed-off-by: Chien Wong <m@xv97.com>
Jouni Malinen [Thu, 10 Aug 2023 18:17:40 +0000 (21:17 +0300)]
Fix writing of BIGTK in FT protocol
A copy-paste issue in wpa_ft_bigtk_subelem() ended up encoding the IGTK
value instead of the BIGTK when providing the current BIGTK to the STA
during FT protocol. Fix this to use the correct key to avoid issues when
beacon protection is used with FT.
Fixes: 16889aff408e ("Add BIGTK KDE and subelement similarly to IGTK") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
QCA vendor extension is used for NDP setup. This defines the new
attributes QCA_WLAN_VENDOR_ATTR_NDP_CSIA_CAPABILITIES and
QCA_WLAN_VENDOR_ATTR_NDP_GTK_REQUIRED to support GTKSA, IGTKSA, and
BIGTKSA for NDP setup.
Jouni Malinen [Thu, 10 Aug 2023 08:34:41 +0000 (11:34 +0300)]
wlantest: Use the MLD MAC address as well for matching STA entries
Allow either a link address or the MLD MAC address of a non-AP MLD to
match the MAC address that is being used to identify a source or
destination of a frame for the MLO cases.
Jouni Malinen [Thu, 10 Aug 2023 08:31:26 +0000 (11:31 +0300)]
wlantest: Use MLO search for the STA in reassociation
FT over-the-DS might have created the new STA entry on another
affiliated BSS during the FT Request/Response exchange, so use a wider
search to locate the correct STA entry when processing the Reassociation
Request/Response frames.
Jouni Malinen [Thu, 10 Aug 2023 08:27:21 +0000 (11:27 +0300)]
wlantest: Learn non-AP MLD MAC address from (Re)Association Request frames
Use the Basic Multi-Link element in (Re)Association Request frames to
learn the non-AP MLD MAC address instead of having to wait until this
address is included in an EAPOL-Key frame. This is needed for FT
protocol (where 4-way handshake is not used) and it is also convenient
to have the MLD MAC address available as soon as possible to be able to
decrypt frames and even to recognize some special AP vs. STA cases when
either the BSSID or the AP MLD MAC address might be used.
Jouni Malinen [Thu, 10 Aug 2023 08:22:47 +0000 (11:22 +0300)]
wlantest: Recognize non-AP MLD based on any link address for decryption
Compare A1 against all the link addresses of a non-AP MLD when
determining whether a Data frame is from the non-AP MLD or the AP MLD
during a decryption attempt.
Jouni Malinen [Thu, 10 Aug 2023 08:18:57 +0000 (11:18 +0300)]
wlantest: Find non-AP MLD only from affiliated BSSs of the AP MLD
Make sta_find_mlo() more accurate by searching a non-AP MLD only from
the affialiated BSSs of the AP MLD instead of from any BSS. This might
help in some roaming cases where both the old and the new AP MLD have
their affiliated links in the BSS table.
Jouni Malinen [Thu, 10 Aug 2023 07:57:07 +0000 (10:57 +0300)]
wlantest: Learn AP MLD MAC address from Beacon frames
Use the Basic Multi-Link element in Beacon frames (and Probe Response
frames for that matter) to learn the AP MLD MAC address instead of
having to wait until this address is included in an EAPOL-Key frame.
This is needed for FT protocol (where 4-way handshake is not used) and
it is also convenient to have the MLD MAC address available as soon as
possible to be able to decrypt frames and even to recognize some special
AP vs. STA cases when either the BSSID or the AP MLD MAC address might
be used.
Jouni Malinen [Tue, 8 Aug 2023 10:32:32 +0000 (13:32 +0300)]
FTE protected element check for MLO Reassociation Response frame
The set of protected elements in the FTE in Reassociation Response frame
is different for MLO. Count RSNE and RSNXE separately for each link.
This implementation uses the number of links for which a GTK was
provided which does not fully match the standard ("requested link") and
a more accurate implementation is likely needed, but that will require
some more complexity and state information.
Jouni Malinen [Tue, 8 Aug 2023 09:37:39 +0000 (12:37 +0300)]
Defragmentation of FTE
Defragment the FTE if it was fragmented. This is needed for MLO when the
FTE in Reassociation Response frame might be longer than 255 octets to
include all the group keys for all the links.
Jouni Malinen [Tue, 8 Aug 2023 08:00:42 +0000 (11:00 +0300)]
wlantest: Support multiple input files
Allow the -r<file> command line argument to be used multiple times to
read more than a single capture file for processing. This reduces need
for external tools to be used first to merge capture files for wlantest.
Jouni Malinen [Tue, 8 Aug 2023 07:30:10 +0000 (10:30 +0300)]
wlantest: Handle variable length MIC field in EAPOL-Key with OWE
The Key MIC field is of variable length when using OWE, so determine the
correct length based on which group was negotiated for OWE during
association.
Manaswini Paluri [Thu, 22 Jun 2023 08:49:36 +0000 (14:19 +0530)]
nl80211: Skip STA MLO link channel switch handling in AP mode
Add check to skip the STA mode specific MLO link channel switch handling
in AP mode. Commit 1b6f3b5850a7 ("MLD STA: Indicate per link channel
switch") added this indication only for STA mode.
Set RRM used config if the (Re)Association Request frame has RRM IE
Set the sme RRM used config if the RRM element is present in the
(Re)Association Request frame sent in association event to cover the
cases where the driver SME takes care of negotiating RRM capabilities.
Vishal Miskin [Tue, 27 Jun 2023 14:13:36 +0000 (19:43 +0530)]
Add QCA vendor attributes for user defined power save parameters
Extend QCA_WLAN_VENDOR_ATTR_CONFIG_OPTIMIZED_POWER_MANAGEMENT
attribute to support enum qca_wlan_vendor_opm_mode.
Add QCA vendor attribute QCA_WLAN_VENDOR_ATTR_CONFIG_OPM_ITO and
QCA_WLAN_VENDOR_ATTR_CONFIG_OPM_SPEC_WAKE to configure inactivity
timeout and speculative wake interval in User defined optimized
power save mode.
Verify that the operation succeeds before a debug print indicating that
it did. This was already done in most callers, so be more consistent and
do it here as well.
The second argument to memset() is only eight bits, so there is no point
in trying to set 0xffff values for an array of 16-bit fields. 0xff will
do the exact same thing without causing static analyzes warnings about
truncated value.
Fixes: 903e3a1e6259 ("FILS: Fix maximum NSS calculation for FD frame") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Check the ieee802_11_parse_elems() return code and do not proceed in
various cases if parsing failed. Previously, these cases would have been
allowed to continue by ignoring whatever might have followed in the IE
buffer after the first detected parsing failure. This is not really an
issue in practice, but it feels cleaner to explicitly stop when
receiving an invalid set of IEs.
Optimize the search for nonzero octets when checking for the need to
work around WPS M1 padding. The previous implementation was really
inefficient (O(n^2)) and while that was likely sufficiently fast for the
cases where the MMPDU size limit prevents long buffers (e.g., all P2P
Action frames), it might be able to take tens of seconds on low-end CPUs
with maximum length EAP-WSC messages during WPS provisioning. More
visibly, this was causing OSS-Fuzz to time out a test case with
unrealisticly long data (i.e., almost 10 times the maximum EAP-WSC
buffer length).
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60039 Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow the phase2_auth=2 parameter (in phase1 configuration item) to be
used with EAP-TTLS to require Phase 2 authentication. In practice, this
disables TLS session resumption since EAP-TTLS is defined to skip Phase
2 when resuming a session.
The previous PEAP client behavior allowed the server to skip Phase 2
authentication with the expectation that the server was authenticated
during Phase 1 through TLS server certificate validation. Various PEAP
specifications are not exactly clear on what the behavior on this front
is supposed to be and as such, this ended up being more flexible than
the TTLS/FAST/TEAP cases. However, this is not really ideal when
unfortunately common misconfiguration of PEAP is used in deployed
devices where the server trust root (ca_cert) is not configured or the
user has an easy option for allowing this validation step to be skipped.
Change the default PEAP client behavior to be to require Phase 2
authentication to be successfully completed for cases where TLS session
resumption is not used and the client certificate has not been
configured. Those two exceptions are the main cases where a deployed
authentication server might skip Phase 2 and as such, where a more
strict default behavior could result in undesired interoperability
issues. Requiring Phase 2 authentication will end up disabling TLS
session resumption automatically to avoid interoperability issues.
Allow Phase 2 authentication behavior to be configured with a new phase1
configuration parameter option:
'phase2_auth' option can be used to control Phase 2 (i.e., within TLS
tunnel) behavior for PEAP:
* 0 = do not require Phase 2 authentication
* 1 = require Phase 2 authentication when client certificate
(private_key/client_cert) is no used and TLS session resumption was
not used (default)
* 2 = require Phase 2 authentication in all cases
Jouni Malinen [Thu, 22 Jun 2023 19:44:51 +0000 (22:44 +0300)]
wlantest: Support HT Control field in Robust Management frames
Check the +HTC bit in FC to determine if the HT Control field is present
when decrypting Robust Management frames. This was already done for QoS
Data frames, but the Management frame case had not been extended to
cover this option.
Add support to configure per-MLO link maximum supported channel width
Update documentation of the QCA_WLAN_VENDOR_ATTR_CONFIG_CHANNEL_WIDTH
and QCA_WLAN_VENDOR_ATTR_CONFIG_CHAN_WIDTH_UPDATE_TYPE attributes to
indicate support for per-MLO link configuration.
Add QCA vendor interface to support per-MLO link configurations
Add support for per-MLO link configurations in
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION commands.
Additionally, add documentation for
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION commands.
nl80211: Always return NL_SKIP from survey dump handler
Previously, NL_STOP was returned from the survey dump handler if the
maximum number of frequencies was reached for storing survey
information, but this is causing wpa_supplicant context getting stuck if
the current SKB returned by the kernel itself ends with NLMSG_DONE type
message. This is due to libnl immediately stopping processing the
current SKB upon receiving NL_STOP and not being able to process
NLMSG_DONE type message, and due to this wpa_supplicant's
finish_handler() not getting called. Fix this by returning NL_SKIP
instead while still ignoring all possible additional frequencies.
Xinyue Ling [Wed, 7 Jun 2023 08:13:34 +0000 (16:13 +0800)]
Determine current hw mode before channel switch
There are two hw modes (5 GHz and 6 GHz) with HOSTAPD_MODE_IEEE80211A
and the current hw mode may be wrong after one channel switch to 6 GHz.
This will cause hostapd_set_freq_params() to return -1 when saving
previous state and the second channel switch to fail. Fix this by adding
hostapd_determine_mode() before every channel switch.
Use zero value with QCA_WLAN_VENDOR_ATTR_CONFIG_EHT_MLO_MAX_NUM_LINKS to
restore the device default maximum number of allowed MLO links
capability.
Also, as per IEEE 802.11be/D3.0, the maximum number of allowed links for
an MLO connection is 15. Update the documentation of the attribute to
indicate the same.
AP/MLO: Forward Management frame TX status to correct BSS
In case of MLO AP and legacy client, make sure Management frame TX
status is processed on the correct BSS.
Since there's only one instance of i802_bss for all BSSs in an AP MLD in
the nl80211 driver interface, the link ID is needed to forward the
status to the correct BSS. Store the link ID when transmitting
Managements frames and report it in TX status.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case of MLO AP and legacy client, make sure EAPOL TX status is
processed on the correct BSS.
Since there's only one instance of i802_bss for all BSSs in an AP MLD in
the nl80211 driver interface, the link ID is needed to forward the EAPOL
TX status to the correct BSS. Store the link ID when transmitting EAPOL
frames over control interface and report it in TX status.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ilan Peer [Mon, 22 May 2023 19:34:04 +0000 (22:34 +0300)]
MLO: Add MLO KDEs to EAPOL-Key msg 1/2 of the group handshake
This provides the link specific group keys and last used PN/IPN/BIPN
values to the Supplicant in the MLO KDEs instead of the KDEs used for
non-MLO cases.
Ilan Peer [Mon, 22 May 2023 19:34:03 +0000 (22:34 +0300)]
MLO: Validate MLO KDEs in EAPOL-Key msg 4/4
Verify that the MLD address in EAPOL-Key msg 4/4 is set correctly for
MLO cases. Note that the mechanism used here for distinguishing between
EAPOL-Key msg 2/4 and 4/4 is not exactly ideal and should be improved in
the future.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This provides the link specific group keys and last used PN/IPN/BIPN
values to the Supplicant in the MLO KDEs instead of the KDEs used for
non-MLO cases.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
MLO: Store MLO link information in RSN Authentication
Make the MLO related information available for the RSN Authenticator
state machine to be able to perform steps needed on an AP MLD. The
actual use of this information will be in the following commits.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
EAPOL frames may need to be transmitted from the link address and not
MLD address. For example, in case of authentication between AP MLD and
legacy STA. Add link_id parameter to EAPOL send APIs.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ilan Peer [Mon, 22 May 2023 19:33:52 +0000 (22:33 +0300)]
AP: Handle Management frame TX status for AP MLD address
This allows proper TX status handling when MLD addressing is used for
Management frames. Note, that the statuses are still not forwarded to
the correct link BSS. This will be handled in later commits.
AP: MLO: Add Multi-Link element to (Re)Association Response frame
Add the full station profile to the Multi-Link element in the
(Re)Association Response frame. In addition, use the AP MLD's MLD MAC
address as SA/BSSID once the non-AP MLD has been added to the driver to
use address translation in the driver.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
AP: MLO: Process Multi-Link element from (Re)Association Request frame
Implement processing of the Multi-Link element in the (Re)Association
Request frame, including processing of the Per-STA Profile subelement.
After handling the basic parsing of the element and extracting the
information about the requested links, handle the link specific
processing for each link:
- Find the interface with the corresponding link ID.
- Process the station profile in the interface.
- Prepare the Per-STA Profile subelement to be included in the
Multi-Link element in the (Re)Association Response frame.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
projects / thirdparty / hostap.git / log
