Commit graph

18733 commits

Author SHA1 Message Date
Ilan Peer
5a61644fff driver: Specify link ID for 'send_mlme' and 'sta_deauth' callbacks
This is needed for the driver to know on which link it should transmit
the frames in MLO cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 16:26:49 +03:00
Jouni Malinen
64d9ba3e6e Use a shared function for setting port authorization changes
Get rid of the duplicated code for setting IEEE 802.1X port
authorization for MLD and non-MLD cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-12 15:42:52 +03:00
Ilan Peer
edacd72d95 AP: MLO: Handle IEEE 802.1X port authorization
Handle IEEE 802.1X port authorization in the context of MLO.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 15:36:54 +03:00
Ilan Peer
5650205342 AP: MLO: Handle deauthentication/disassociation of MLD station
When a non-AP MLD is deauthenticated/disassociated from an MLD AP, make
sure to clean up its state from all links.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 13:58:06 +03:00
Ilan Peer
ced69780c1 AP: Cleanup coding style for deauth/disassoc handling
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 13:51:01 +03:00
Ilan Peer
62fcfe8d28 AP: Move deauthentication/disassociation steps into helper functions
This is a step towards handling of deauthentication/disassociation from
an MLD AP.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 13:45:41 +03:00
Ilan Peer
55038680a6 AP: MLO: Handle association callback
Handle association request callback in the context of MLO.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-12 13:12:15 +03:00
Andrei Otcheretianski
408b2a5625 AP: MLO: Add Multi-Link element to (Re)Association Response frame
Add the full station profile to the Multi-Link element in the
(Re)Association Response frame. In addition, use the AP MLD's MLD MAC
address as SA/BSSID once the non-AP MLD has been added to the driver to
use address translation in the driver.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-08 23:45:15 +03:00
Andrei Otcheretianski
5f5db9366c AP: MLO: Process Multi-Link element from (Re)Association Request frame
Implement processing of the Multi-Link element in the (Re)Association
Request frame, including processing of the Per-STA Profile subelement.

After handling the basic parsing of the element and extracting the
information about the requested links, handle the link specific
processing for each link:

- Find the interface with the corresponding link ID.
- Process the station profile in the interface.
- Prepare the Per-STA Profile subelement to be included in the
  Multi-Link element in the (Re)Association Response frame.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-08 20:31:20 +03:00
Andrei Otcheretianski
d924be3bd0 AP: AID allocation for MLD
Find an AID that is unused on all the affiliated links when assigning an
AID to a non-AP MLD.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-08 18:20:04 +03:00
Andrei Otcheretianski
11a607d121 AP: Fill MLO information in struct hostapd_sta_add_params
Provide MLO information when adding a new station to the driver.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-07 21:12:47 +03:00
Andrei Otcheretianski
bcbe80a66a AP: MLO: Handle Multi-Link element during authentication
In case the AP is an AP MLD, parse the Multi-Link element from the
Authentication frame, store the relevant information, and prepare the
response Multi-Link element.

If the AP is not an AP MLD or the parsing of the element fails, continue
the authentication flow without MLD support.

For SAE, it is needed to skip various fixed fields in
the Authentication frame. Implement it for SAE with H2E.

TODO: This should be extended to other authentication algorithms which
are allowed for MLD connections and have fixed fields in the
Authentication frames, according to IEEE P802.11-REVme/D3.0, Table 9-69
(Presence of fields and elements in Authentications frames).

This commit doesn't support FILS, FT, etc.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-07 20:53:50 +03:00
Andrei Otcheretianski
f540d078c9 AP: Support building Basic Multi-Link element
Define a struct to hold MLD station info and implement publishing of the
Basic Multi-Link element. Add it into Beacon and Probe Response frames.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-07 20:23:21 +03:00
Ilan Peer
79a9df6e88 AP: Match received Management frames against MLD address
Once a station is added to the underlying driver, the driver is expected
to do address translation and use MLD addresses. Thus, when handling a
received Management frame, match it against the MLD address.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-07 20:23:21 +03:00
Ilan Peer
a213fee11d AP: MLO: Make IEEE 802.1X SM, authserv, and RADIUS client singletons
To simplify the handling of MLD stations, assume that all
interfaces/BSSs use the same IEEE 802.1X authenticator, the same RADIUS
server instance, and the same RADIUS client.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-07 20:22:46 +03:00
Andrei Otcheretianski
7b45c2e6bc nl80211: Select frame TX frequency according to the transmitting link
In MLO, multiple BSSs can transmit on different frequencies. Select
link frequencies according to the transmitter address.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-07 10:50:19 +03:00
Ilan Peer
2b541601da AP: Include an RNR element in Beacon frames for AP MLD
- Include RNR element in Beacon frames of AP MLDs.
- Whenever a new interface is added to an AP MLD, reconfigure
  the Beacon frame templates for all other interfaces, to allow
  updating their RNR elements.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-06 21:13:31 +03:00
Andrei Otcheretianski
0c6c948047 nl80211: Support setting up an AP on a specified link
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-06 20:57:03 +03:00
Andrei Otcheretianski
df3fe12c9b nl80211: Move nl80211_put_freq_params()
Move this static function to an earlier place within the file.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-06 20:52:46 +03:00
Ilan Peer
e3605e8093 driver: Allow to provide a link ID when setting a channel
This includes:

- Modifications of the driver API, to include the link ID as part
  of 'struct hostapd_freq_params'.
- Modifications to nl80211 driver.
- Modifications for the driver wrappers.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-06 20:44:25 +03:00
Andrei Otcheretianski
be44a7afd5 driver: Add MLD link id to AP parameters
To be used in later patches, e.g., for link tracking etc.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-06 20:37:07 +03:00
Andrei Otcheretianski
7fa99b3246 AP: Allow starting multiple interfaces within single MLD
Add support for including multiple hostapd interfaces in the same AP
MLD, i.e., all using the same underlying driver network interface.

To do so, when a new hostapd interface is added, if there is already
another interface using the same underlying network interface, associate
the new interface with the same private data object, instead of creating
a new one.

As some of the BSSs are non-first BSSs, meaning that they reuse the
drv_priv of the initial BSS, make sure not to double free it.

Currently multiple BSS entries are not supported so always use bss[0]
for MLD.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-06-06 20:30:47 +03:00
Andrei Otcheretianski
f2dd75093f AP: Add some basic MLD configuration options
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-06-06 20:17:23 +03:00
Benjamin Berg
1b14b38b11 nl80211: Fetch EML/MLD capabilities
Retrieve the EML capabilities as well as the MLD capabilities and ops
from nl80211 and expose them using the new driver interface
get_mld_capa().

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2023-06-06 20:11:06 +03:00
Benjamin Berg
8dffa0ccb1 AP: MLO: Retrieve EML and MLD capabilities from driver
Add a new driver API get_mld_capab() and and use it to fetch MLD and EML
capabilities.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2023-06-06 20:11:06 +03:00
Benjamin Berg
4697887df9 nl80211: Rename the per iface-type capabilities struct
We will start using this structure to also track MLD related
capabilities instead of just extended capabilities. As such, give the
structure a more generic name.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2023-06-06 20:11:06 +03:00
Jouni Malinen
829f3cd2b2 tests: Fix the previous update of the regulatory database to VMs
The last update of the wireless-regdb database to the wireless-regdb.git
version of 2023-02-13 in commit c4034a69fe ("tests: Update regulatory
database to VMs") forgot to update regulatory.db.p7s. Update it as well.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-06 20:11:06 +03:00
Pooventhiran G
0837863fbc AP: Handle 6 GHz AP state machine with NO_IR flags
AP cannot come up in channels that are marked as NO_IR. If AP moves to
HAPD_IFACE_DISABLED state, it will deinitialize the nl80211 driver
interface and sockets.

Hence, introduce a new state called HAPD_IFACE_NO_IR, for 6 GHz APs to
handle NO_IR scenarios, such as AFC, where the channels not allowed by
AFC will have HOSTAPD_CHAN_NO_IR flag set. In this state, AP is still
kept in a non-operational state (stopped) without deinitializing the
nl80211 driver interface. wiphy reg change event can then update the
channels and bring up the AP in a valid channel.

Signed-off-by: Pooventhiran G <quic_pooventh@quicinc.com>
2023-06-05 11:18:39 +03:00
Kiran Kumar Lokere
d3ed34bacd Define a QCA vendor command to configure MLO link id for TDLS
Define a QCA vendor command to configure MLO link id to the driver on
which the TDLS discovery response frame needs to be transmitted when the
local station is connected in MLO mode. This command is configured to
the driver the prior to every TDLS discover frame transmission when the
station is connected in MLO mode. If the station is connected in non-MLO
mode this command is not configured to the driver for TDLS discovery
frame transmission.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-01 18:36:37 +03:00
Veerendranath Jakkam
8e16372cff Indicate link reconfiguration with QCA vendor interface
Add support to indicate link reconfiguration event reported by the QCA
vendor interface to the wpa_supplicant control interface.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-06-01 18:21:13 +03:00
Shivani Baranwal
7b9070229d Indicate TID to link mapping changes with QCA vendor interface
Add support to indicate TID-to-link mapping changes reported by the QCA
vendor interface to the wpa_supplicant control interface.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-06-01 18:12:03 +03:00
Jouni Malinen
95c3f0d1e4 tests: PASN with pasn_noauth=0
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-05-25 22:59:00 +03:00
Sai Pratyusha Magam
4120f9d7ab PASN: Introduce configuration option to allow/deny PASN-UNAUTH
Per IEEE P802.11az/D7.0, 12.12.3.2 (PASN Frame Construction and
Processing), responder should REFUSE PASN authentication frame 1 with
Base AKM as PASN AKM if dot11NoAuthPASNActivated is false. That
configuration was not previously available and hostapd was hardcoded
with dot11NoAuthPASNActivated being true.

Allow this to be configured and reject PASN authentication frame 1 from
initiator if pasn_noauth=0 and Base AKM in RSNE of this frame is PASN.
The default value for pasn_noauth is 1 to maintain previous
functionality even though the dot11NoAuthPASNActivated is defined to
have default value of false.

Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
2023-05-25 22:54:12 +03:00
Ainy Kumari
fc681995cf Increase MAX_NL80211_NOISE_FREQS in survey dump handler for 6 GHz
The current value of 50 is not sufficient for getting survey info for
all the frequencies when the 6 GHz band is enabled. Increase the limit
to 100 to be able to receive survey info for 6 GHz frequencies also.

Signed-off-by: Ainy Kumari <quic_ainykuma@quicinc.com>
2023-05-25 18:58:20 +03:00
Veerendranath Jakkam
df2f22faf9 MLD STA: Use AP MLD address as previous BSSID for reassociation requests
The Linux kernel expects to use the AP MLD address in
NL80211_ATTR_PREV_BSSID for reassociation requests when the current
association is MLO capable.

Previously, wpa_supplicant was using the BSSID value in
NL80211_ATTR_PREV_BSSID even if the connection is MLO capable. Fix this
by sending the AP MLD address in NL80211_ATTR_PREV_BSSID for
reassociation requests when MLO is used.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-05-25 18:06:50 +03:00
Veerendranath Jakkam
199b44213c MLD STA: Allow auth frames without ML IE for failure status codes
In some cases like unknown-group rejection, AP MLD can't parse the
received Authentication frame to the point of the Multi-Link element if
the group used by the peer is unknown to the AP MLD.

In such cases, AP MLD not including Multi-Link element in rejection
Authentication frames can be considered as standard compliant since AP
MLD doesn't know whether the received Authentication frame has
Multi-Link element or not.

To avoid connection issues in such cases, don't reject Authentication
frames without Multi-Link element when status code is other than
WLAN_STATUS_SUCCESS, WLAN_STATUS_SAE_HASH_TO_ELEMENT,
WLAN_STATUS_SAE_PK, and WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-05-25 18:03:58 +03:00
Shivani Baranwal
57386a647a Add QCA vendor command to indicate STA MLD setup links removal
Add a new vendor command and attributes to indicate STA MLD setup links
removal.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-05-25 17:27:27 +03:00
Shivani Baranwal
527cf095fe Add QCA vendor command to notify TID-to-Link mapping changes
Add a new vendor command and attributes to notify TID-to-link mapping
changes to the userspace.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2023-05-25 17:22:04 +03:00
Sathishkumar Muruganandam
a1601aaa66 WPS: Fix multi-ap fronthaul association
Setting 4addr mode on fronthaul BSS breaks WPS association on backhaul
STA which is still on 3addr mode.

Fix the interop issue by not setting 4addr mode on fronthaul BSS with
WPS instead of setting by default for multi-ap case.

Fronthaul BSS for non-WPS STA shall continue to use 4addr mode.

Signed-off-by: Sathishkumar Muruganandam <quic_murugana@quicinc.com>
2023-05-25 17:16:31 +03:00
Adil Saeed Musthafa
2885660318 Store pmk_r1_name derived with wpa_ft_local_derive_pmk_r1() properly
The parameter req_pmk_r1_name was not used at all in the function
wpa_ft_local_derive_pmk_r1(). In addition, the PMK-R1-NAME should be
updated in this function along with the PMK-R1. This means the parameter
should change from "req_pmk_r1_name" to "out_pmk_r1_name" to match the
design used for other paths that derive the PMK-R1.

sm->pmk_r1_name needs to be properly updated when pmk_r1_name is derived
from the local pmk_r0.

Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
2023-05-25 17:11:59 +03:00
Adil Saeed Musthafa
e978072baa Do prune_association only after the STA is authorized
Prune-associations should be done only after the new station is
authorized. Otherwise any STA can cause denial of service to connected
stations in PMF case when more than a single interface is being
controlled by the same hostapd process.

Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
2023-05-25 17:08:57 +03:00
Kiran Kumar Lokere
a2c09eb95e Define a QCA vendor attribute to update the CTS channel width
Define a new QCA vendor attribute to configure channel bandwidth to the
driver for CTS frame transmission. This is used for testing purposes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-05-22 20:05:48 +03:00
Purushottam Kushwaha
e49c3df630 Add a new driver feature flag for enhanced audio experience over WLAN
Add QCA_WLAN_VENDOR_FEATURE_ENHANCED_AUDIO_EXPERIENCE_OVER_WLAN in
enum qca_wlan_vendor_features to indicate the device supports enhanced
audio experience over WLAN feature.

Also, update the documentation where other subcommand(s) or attribute(s)
require this new feature flag. These subcommand(s) and attributes are
under development and would be restricted to the supported drivers
advertising QCA_WLAN_VENDOR_FEATURE_ENHANCED_AUDIO_EXPERIENCE_OVER_WLAN.
As such, it is still acceptable to introduce a new requirement for the
previously defined interface.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2023-05-22 20:02:01 +03:00
Gururaj Pandurangi
cc8a09a48a Add vendor attributes for forcing MLO power save and STR TX
Add vendor attributes for EHT testbed STA configuration.
This includes enabling STR MLMR mode and forcing power save
on active MLO links for a defined number of beacon periods.

Signed-off-by: Gururaj Pandurangi <quic_panduran@quicinc.com>
2023-05-04 18:20:59 +03:00
Gururaj Pandurangi
c0e12a5183 Add vendor attributes for EHT OM control, EMLSR padding delay
Add vendor attributes related to MLO and EMLSR mode
capability configuration for EHT testbed STA. It includes
EHT OM control support and EMLSR padding delay configuration.
Also, generalise the naming of HE OMI control enumeration to
OMI control as it now consists of both HE and EHT OMI control
fields.

Signed-off-by: Gururaj Pandurangi <quic_panduran@quicinc.com>
2023-05-04 18:02:02 +03:00
Jouni Malinen
3e9fe727e5 tests: WPA2-EAP AP with PMF required and EAPOL-Logoff
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-05-04 11:10:16 +03:00
Jouni Malinen
386d59e00d Do not disconnect EAPOL-Logoff before authentication
Some station devices are apparently sending the EAPOL-Logoff message in
some cases before the initial authentication for WPA2/WPA3-Enterprise.
hostapd would have forced a "post EAP-Failure" disconnection in 10 ms
for such cases while still allowing the EAP authentication to try to
complete.

This is not ideal and could result in interoperability issues, so skip
the forced disconnection in the particular case where the EAPOL-Logoff
message is received before the first authentication is completed.

In addition, disconnect the STA without starting new EAP authentication
and the 10 ms delay if an EAPOL-Logoff message is received after
authentication has been completed successfully. This results in cleaner
behavior by avoiding the extra start of a new EAP authentication in a
case where the STA is going to be disconnected shortly.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-05-04 11:10:16 +03:00
Jintao Lin
7337232203 wpa_supplicant: Skip scan before starting a BSS in AP mode
When starting a new BSS as AP mode, the network configs have been passed
in from the BSS config. There is no need to scan before creating a new
BSS. Reuse connect_without_scan structure member to bypass scan when the
mode is WPAS_MODE_AP.

Signed-off-by: Jintao Lin <jintaolin@chromium.org>
2023-04-28 21:06:10 +03:00
Nick Hainke
f45cf609c7 wpa_supplicant: Fix compiling without IEEE8021X_EAPOL
If IEEE8021X_EAPOL is not defined wpa_supplicant will not compile with
following error:

  events.c: In function 'wpa_supplicant_connect':
  events.c:1827:14: warning: implicit declaration of function 'eap_is_wps_pbc_enrollee' [-Wimplicit-function-declaration]
   1827 |         if ((eap_is_wps_pbc_enrollee(&ssid->eap) &&
        |              ^~~~~~~~~~~~~~~~~~~~~~~
  events.c:1827:43: error: 'struct wpa_ssid' has no member named 'eap'
   1827 |         if ((eap_is_wps_pbc_enrollee(&ssid->eap) &&
        |                                           ^~

Add ifdef statements around the calling function to fix the issue.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-04-28 20:59:30 +03:00
Benjamin Poirier
c62e94d793 Add missing driver entries to wpa_supplicant documentation
There are possible more entries missing but I added only the ones I was
actually able to build.

Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
2023-04-28 20:53:24 +03:00