STA: Check driver capability to enable OCV when driver SME is used

When the driver SME is used, offloaded RSN handshakes like SA Query, GTK
rekeying, FT authentication, etc. would fail if wpa_supplicant enables
OCV in initial connection based on configuration but the driver doesn't
support OCV. To avoid such failures check the driver's capability for
enabling OCV when the driver SME used.

This commit also adds a capability flag for indicating OCV support
by the driver.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
This commit is contained in:
Veerendranath Jakkam 2020-12-03 14:17:39 +05:30 committed by Jouni Malinen
parent f3dfe42c7e
commit 73ebd58fc8
4 changed files with 11 additions and 2 deletions

View file

@ -2015,6 +2015,8 @@ struct wpa_driver_capa {
#define WPA_DRIVER_FLAGS2_BEACON_RATE_HE 0x0000000000000020ULL
/** Driver supports Beacon protection only in client mode */
#define WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT 0x0000000000000040ULL
/** Driver supports Operating Channel Validation */
#define WPA_DRIVER_FLAGS2_OCV 0x0000000000000080ULL
u64 flags2;
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \

View file

@ -660,6 +660,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
capa->flags2 |= WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT;
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_OPERATING_CHANNEL_VALIDATION))
capa->flags2 |= WPA_DRIVER_FLAGS2_OCV;
}

View file

@ -1656,7 +1656,9 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
wpas_get_ssid_pmf(wpa_s, ssid));
#ifdef CONFIG_OCV
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OCV))
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
#endif /* CONFIG_OCV */
sae_pwe = wpa_s->conf->sae_pwe;
if (ssid->sae_password_id && sae_pwe != 3)

View file

@ -991,7 +991,8 @@ fast_reauth=1
# This is a countermeasure against multi-channel man-in-the-middle attacks.
# Enabling this automatically also enables ieee80211w, if not yet enabled.
# 0 = disabled (default)
# 1 = enabled
# 1 = enabled if wpa_supplicant's SME in use. Otherwise enabled only when the
# driver indicates support for operating channel validation.
#ocv=1
#
# auth_alg: list of allowed IEEE 802.11 authentication algorithms