DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

nl80211: Use the new NL80211_MFP_OPTIONAL option

Browse source 
Now we can configure the network block so that it allows MFP setting for
the NL80211_CMD_CONNECT command. If the kernel finds an AP that requires
MFP, it'll be able to connect to it.

Note that since NL80211_MFP_OPTIONAL isn't supported for
NL80211_CMD_ASSOCIATE, we need to take the MFP configuration outside
nl80211_connect_common(). In addition, check that
NL80211_EXT_FEATURE_MFP_OPTIONAL is supported, to be backward compatible
with older kernels.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
This commit is contained in:
Emmanuel Grumbach 2018-02-01 16:21:57 +02:00 committed by Jouni Malinen
parent b8e88d357a
commit 299d21e8e2
3 changed files with 19 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/drivers/driver.h
View file

@ -1563,6 +1563,8 @@ struct wpa_driver_capa {
* functionality but can support only OCE STA-CFON functionality. * functionality but can support only OCE STA-CFON functionality.
*/ */
#define WPA_DRIVER_FLAGS_OCE_STA_CFON 0x0020000000000000ULL #define WPA_DRIVER_FLAGS_OCE_STA_CFON 0x0020000000000000ULL
/** Driver supports MFP-optional in the connect command */
#define WPA_DRIVER_FLAGS_MFP_OPTIONAL 0x0040000000000000ULL
u64 flags; u64 flags;
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \

17
src/drivers/driver_nl80211.c
View file

@ -5408,10 +5408,6 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT))) nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
return -1; return -1;
if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED &&
nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED))
return -1;
if (params->rrm_used) { if (params->rrm_used) {
u32 drv_rrm_flags = drv->capa.rrm_flags; u32 drv_rrm_flags = drv->capa.rrm_flags;
if ((!((drv_rrm_flags & if ((!((drv_rrm_flags &
@ -5488,6 +5484,15 @@ static int wpa_driver_nl80211_try_connect(
if (ret) if (ret)
goto fail; goto fail;
if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED &&
nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED))
goto fail;
if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_OPTIONAL &&
(drv->capa.flags & WPA_DRIVER_FLAGS_MFP_OPTIONAL) &&
nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_OPTIONAL))
goto fail;
algs = 0; algs = 0;
if (params->auth_alg & WPA_AUTH_ALG_OPEN) if (params->auth_alg & WPA_AUTH_ALG_OPEN)
algs++; algs++;
@ -5607,6 +5612,10 @@ static int wpa_driver_nl80211_associate(
if (ret) if (ret)
goto fail; goto fail;
if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED &&
nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED))
goto fail;
if (params->fils_kek) { if (params->fils_kek) {
wpa_printf(MSG_DEBUG, " * FILS KEK (len=%u)", wpa_printf(MSG_DEBUG, " * FILS KEK (len=%u)",
(unsigned int) params->fils_kek_len); (unsigned int) params->fils_kek_len);

4
src/drivers/driver_nl80211_capa.c
View file

@ -407,6 +407,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
ext_feature_isset(ext_features, len, ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE; capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_MFP_OPTIONAL))
capa->flags |= WPA_DRIVER_FLAGS_MFP_OPTIONAL;
} }