DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Enable beacon protection only when driver indicates support

Browse source 
Enabling beacon protection will cause STA connection/AP setup failures
if the driver doesn't support beacon protection. To avoid this, check
the driver capability before enabling beacon protection.

This commit also adds a capability flag to indicate beacon protection
support in client mode only.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
This commit is contained in:
Veerendranath Jakkam 2020-12-03 13:17:33 +05:30 committed by Jouni Malinen
parent 9d99814e22
commit d36d4209fd
8 changed files with 30 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

3
hostapd/hostapd.conf
View file

@ -1786,7 +1786,8 @@ own_ip_addr=127.0.0.1
#group_mgmt_cipher=AES-128-CMAC #group_mgmt_cipher=AES-128-CMAC
# Beacon Protection (management frame protection for Beacon frames) # Beacon Protection (management frame protection for Beacon frames)
# This depends on management frame protection being enabled (ieee80211w != 0). # This depends on management frame protection being enabled (ieee80211w != 0)
# and beacon protection support indication from the driver.
# 0 = disabled (default) # 0 = disabled (default)
# 1 = enabled # 1 = enabled
#beacon_prot=0 #beacon_prot=0

7
src/ap/ieee802_11_shared.c
View file

@ -425,7 +425,9 @@ static void hostapd_ext_capab_byte(struct hostapd_data *hapd, u8 *pos, int idx)
* Identifiers Used Exclusively */ * Identifiers Used Exclusively */
} }
#endif /* CONFIG_SAE */ #endif /* CONFIG_SAE */
if (hapd->conf->beacon_prot) if (hapd->conf->beacon_prot &&
(hapd->iface->drv_flags &
WPA_DRIVER_FLAGS_BEACON_PROTECTION))
*pos |= 0x10; /* Bit 84 - Beacon Protection Enabled */ *pos |= 0x10; /* Bit 84 - Beacon Protection Enabled */
break; break;
case 11: /* Bits 88-95 */ case 11: /* Bits 88-95 */
@ -494,7 +496,8 @@ u8 * hostapd_eid_ext_capab(struct hostapd_data *hapd, u8 *eid)
hostapd_sae_pw_id_in_use(hapd->conf)) hostapd_sae_pw_id_in_use(hapd->conf))
len = 11; len = 11;
#endif /* CONFIG_SAE */ #endif /* CONFIG_SAE */
if (len < 11 && hapd->conf->beacon_prot) if (len < 11 && hapd->conf->beacon_prot &&
(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION))
len = 11; len = 11;
#ifdef CONFIG_SAE_PK #ifdef CONFIG_SAE_PK
if (len < 12 && hapd->conf->wpa && if (len < 12 && hapd->conf->wpa &&

7
src/ap/wnm_ap.c
View file

@ -169,7 +169,9 @@ static int ieee802_11_send_wnmsleep_resp(struct hostapd_data *hapd,
pos += igtk_elem_len; pos += igtk_elem_len;
wpa_printf(MSG_DEBUG, "Pass 4 igtk_len = %d", wpa_printf(MSG_DEBUG, "Pass 4 igtk_len = %d",
(int) igtk_elem_len); (int) igtk_elem_len);
if (hapd->conf->beacon_prot) { if (hapd->conf->beacon_prot &&
(hapd->iface->drv_flags &
WPA_DRIVER_FLAGS_BEACON_PROTECTION)) {
res = wpa_wnmsleep_bigtk_subelem(sta->wpa_sm, pos); res = wpa_wnmsleep_bigtk_subelem(sta->wpa_sm, pos);
if (res < 0) if (res < 0)
goto fail; goto fail;
@ -537,7 +539,8 @@ static void wnm_beacon_protection_failure(struct hostapd_data *hapd,
{ {
struct sta_info *sta; struct sta_info *sta;
if (!hapd->conf->beacon_prot) if (!hapd->conf->beacon_prot ||
!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION))
return; return;
sta = ap_get_sta(hapd, addr); sta = ap_get_sta(hapd, addr);

3
src/ap/wpa_auth_glue.c
View file

@ -1512,6 +1512,9 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
else else
_conf.extended_key_id = 0; _conf.extended_key_id = 0;
if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION))
_conf.beacon_prot = 0;
_conf.secure_ltf = _conf.secure_ltf =
!!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF); !!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF);
_conf.secure_rtt = _conf.secure_rtt =

2
src/drivers/driver.h
View file

@ -2013,6 +2013,8 @@ struct wpa_driver_capa {
#define WPA_DRIVER_FLAGS2_PROT_RANGE_NEG 0x0000000000000010ULL #define WPA_DRIVER_FLAGS2_PROT_RANGE_NEG 0x0000000000000010ULL
/** Driver supports Beacon frame TX rate configuration (HE rates) */ /** Driver supports Beacon frame TX rate configuration (HE rates) */
#define WPA_DRIVER_FLAGS2_BEACON_RATE_HE 0x0000000000000020ULL #define WPA_DRIVER_FLAGS2_BEACON_RATE_HE 0x0000000000000020ULL
/** Driver supports Beacon protection only in client mode */
#define WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT 0x0000000000000040ULL
u64 flags2; u64 flags2;
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \

4
src/drivers/driver_nl80211_capa.c
View file

@ -656,6 +656,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
if (ext_feature_isset(ext_features, len, if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP)) NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
info->drv->unsol_bcast_probe_resp = 1; info->drv->unsol_bcast_probe_resp = 1;
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
capa->flags2 |= WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT;
} }

7
wpa_supplicant/wpa_supplicant.conf
View file

@ -1492,8 +1492,11 @@ fast_reauth=1
# 2: do not allow PFS to be used # 2: do not allow PFS to be used
#dpp_pfs=0 #dpp_pfs=0
# Whether Beacon protection is enabled # Whether beacon protection is enabled
# This depends on management frame protection (ieee80211w) being enabled. # This depends on management frame protection (ieee80211w) being enabled and
# beacon protection support indication from the driver.
# 0 = disabled (default)
# 1 = enabled
#beacon_prot=0 #beacon_prot=0
# OWE DH Group # OWE DH Group

3
wpa_supplicant/wpas_glue.c
View file

@ -1473,6 +1473,9 @@ void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s,
conf.fils_cache_id = conf.fils_cache_id =
wpa_bss_get_fils_cache_id(wpa_s->current_bss); wpa_bss_get_fils_cache_id(wpa_s->current_bss);
#endif /* CONFIG_FILS */ #endif /* CONFIG_FILS */
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION) ||
(wpa_s->drv_flags2 &
WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT))
conf.beacon_prot = ssid->beacon_prot; conf.beacon_prot = ssid->beacon_prot;
} }
#ifdef CONFIG_PASN #ifdef CONFIG_PASN