Earlier refactoring of ibss_mesh_setup_freq() ended up dropping the case
where HE would be enabled without VHT on the 2.4 GHz band. Add that back
to allow HE to be used on 2.4 GHz with IBSS and mesh.
Fixes: 64043e6156 ("Split ibss_mesh_setup_freq() into multiple functions")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Link ID needs to be specified for MLD case when doing channel switch.
Add it to the driver command.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
Allow doing X BSS transition management query calls before falling back
to scan.
Example format to do 4 BTM queries before attempting a scan:
bgscan="simple:30:-65:300:4"
Signed-off-by: Ben Greear <greearb@candelatech.com>
On the default configuration if MBO only is enabled then build breaks as GAS
is not selected, if other features that auto-enable GAS are selected
then it works.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
For a memory constrained system, it may be more important to reduce
binary size than include support for these capabilities.
By default this is enabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
For a memory constrained system, it may be more important to reduce
binary size than include support for these capabilities.
By default this is enabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Removing radio measurements and supported operating class indication
might be needed to reduce binary size for a memory constrained system
that does not need more advanced features. However, removing these is
not recommended since they can help the AP manage the network and STA
steering.
By default this functionality is enabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Beacon hinting is a feature that can temporarily change the regulatory
rule flags on the channel where the radio hears the beacon. Add a new
event CTRL-EVENT-REGDOM-BEACON-HINT to notify the wpa_supplicant user
about an important update to the regulatory rules including which
frequencies are impacted, new power limit, and new rule flags.
Signed-off-by: Jun Yu <junyuu@chromium.org>
The wpa_auth_callbacks for mesh was missing a for_each_sta
implementation. This is an issue with pmksa cache, as when a cache entry
expires the for_each_sta callback is called in order to clear the pmksa
reference for all sta that was using this entry. Not having a
for_each_sta callback will prevent this cleanup to happen then a sta
could still use this pmksa entry even after it has been freed.
This used after free was not a problem up until recently where
dpp_pkhash is now stored in pmksa entry and retreived later on causing
crash with below backtrace:
_wpa_snprintf_hex src/utils/common.c:326
wpa_snprintf_hex src/utils/common.c:348
hostapd_ctrl_iface_sta_mib src/ap/ctrl_iface_ap.c:542
hostapd_ctrl_iface_sta_mib src/ap/ctrl_iface_ap.c:542
hostapd_ctrl_iface_sta_mib src/ap/ctrl_iface_ap.c:600
hostapd_ctrl_iface_sta src/ap/ctrl_iface_ap.c:615
wpa_supplicant_ctrl_iface_process src/wpa_supplicant/ctrl_iface.c:12741
wpa_supplicant_global_ctrl_iface_receive src/wpa_supplicant/ctrl_iface_unix.c:1141
eloop_sock_table_dispatch src/utils/eloop.c:625
eloop_run src/utils/eloop.c:1238
wpa_supplicant_run src/wpa_supplicant/wpa_supplicant.c:8021
main src/wpa_supplicant/main.c:393
Adding a for_each_sta callbacks fixes that.
Fixes: 043dedee83 ("DPP: Expose enrollee pubkey hash for identification")
Signed-off-by: Remi Pommarel <repk@triplefau.lt>
The length of the PMK ended up getting lost when a PMKSA cache entry was
added based on externally managed information. Set the PMK length in SAE
context to get the correct length stored into the actual PMKSA cache
entry that gets created in this path.
Signed-off-by: Jouni Malinen <j@w1.fi>
nl80211_set_secure_ranging_ctx() was already ignoring the operation, but
this is included only with CONFIG_DRIVER_NL80211_QCA=y. Make the default
case use same behavior based on the callback function not being defined.
This is needed to allow the following test cases to work:
pasn_owe_tm_kdk_secure_ltf pasn_sae_kdk_secure_ltf
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Move the hostapd and wpa_supplicant control interface handlers into a
shared functions instead of duplicated implementation.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
When connecting, pending_bssid is set to the main link that we are
authenticating/associating on. Later on, the MLD MAC address will be
stored in the bssid, but we may also try to deauthenticate before we are
connected and in that case, pending_bssid is not yet set to the MLD MAC
address.
As such, use the ap_mld_addr instead of pending_bssid if n_mld_links is
non-zero. This is the sensible thing to do and expected behavior on
nl80211.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This improves chances with APs that do not reply to Probe Request frame
with short SSID or with direct BSSID.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
According to IEEE P802.11be/D4.0, 35.3.4.2, the AP MLD ID must be
included in the Probe Request ML element in case it is sent to a
transmitted BSS in which case it should be set to 0. If it is sent to an
non-transmitted BSSID, the AP MLD ID should not be included.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
If for some reason association fails and a link which has an error is
reported, add that specific link to the ignore list. After that,
immediately retrigger the connection code. In the usual case, we are
then going to reconnect to the same AP MLD but with that particular link
not being included in the connection.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
This avoids, e.g., trying to use a BSS that is rejected by mac80211 as a
link, which could fail the connection as a whole.
Note that this is not perfect. Ideally, the internal state would have a
more context sensitive ignore flag so that one could still use a BSS as
a link in some situation.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Parse the link status values out of Multi-Link association response. If
the AP rejects ML association and marks the links as failed with a
reason code other than TX_LINK_NOT_ACCEPTED, also report these links to
wpas_connection_failed() and ignore them.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Parsing multiple RNR elements already exists in
wpa_bss_parse_basic_ml_element(), so wpas_ml_element() just duplicates
the same code. Combine the functionality of both these functions and
remove the duplicate.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add band preference, BSSID preference, and single link enforcement
testing options. This is needed for testing MLO.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The current set of global configuration fields is getting close to the
previously used 15000 byte limit, so increase this size to 16000 and add
a note about the potential need to change this size when adding new
fields.
Signed-off-by: Jouni Malinen <j@w1.fi>
Three functions were provided for defragmentation. First
ieee802_11_defrag(), ieee802_11_defrag_mle() and then
ieee802_11_defrag_data() which would do the actual job. With
ieee802_11_defrag() picking the member in the elements struct for an
EID. The problem with this is, that for the Multi-Link element, there
are multiple entries in the elems struct depending on its type. As such,
remove the intermediate function and simply pass the correct members
directly.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This workaround from commit 6d6f4bb87f ("nl80211: Work around mac80211
limitation on (re)auth when authenticated") pre-dates the code that
supresses the deauth or disconnect event from nl80211. Should this code
be called it would not actually work at this point, as important
internal state for the authentication attempt has already been lost.
Simply drop the code. This might also fix issues where we could get
into a bad state if a proper deauth/disconnect event happens while we
are authenticating or associating.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
This is needed to avoid NULL pointer deferencing in
wpa_supplicant_ctrl_iface_msg_cb() if any of the functions called from
wpas_bssid_ignore_module_tests_() ends up using wpa_msg().
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Order scan results in a manner that prefers BSSs that support SAE over
ones that support PSK without SAE if the SNR of the SAE BSS is good or
at least at the same level as the SNR for the PSK BSS. This improves
likelihood of using SAE when the local network profile allows
WPA3-Personal transition mode and the ESS uses a mix BSSs with different
sets of AKMs.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Extend the optimization from commit 9c97126576 ("OWE: Optimize
transition mode scan to use known channels") to cover cases where the
STA is configued with OWE transition mode disabled, but the AP uses OWE
transition mode.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
BSS table is not updated when a non-P2P station runs a scan without P2P
IE in Probe Response frame, since that would remove P2P IE information.
However, this results also in not updating mandatory rates in Supported
Rates and BSS Membership Selectors element even though AP/GO changes
frequency from 2.4 GHz to 5 GHz band.
This is causing connection failure since BSS table has 1 Mbps as
mandatory rate for AP connection but minimum supported rate in 5 GHz
band is 6 Mbps.
To avoid connection failures in such cases, don't skip updating BSS
table when the BSS frequency is changed. This covers the most important
case addressed in commit ff57398fca ("P2P: Do not drop P2P IEs from
BSS table on non-P2P scans") while still allowing other changes to be
taken into account if the GO were to actually change channels (or band,
which would be the most likely case needing the update).
Signed-off-by: Ainy Kumari <quic_ainykuma@quicinc.com>
Fix references to the appropriate driver capability drv_flags2. The
initial version used the incorrect drv_flags value and by doing so,
ended up using incorrect driver capabilities (DEAUTH_TX_STATUS,
BSS_SELECT, TDLS_SUPPORT) which could result in incorrect OWE
functionality for both AP and STA cases.
Fixes: d984c7b298 ("hostapd: Add support for OWE offload for STA/AP interface")
Fixes: da364180fb ("hostapd: Support 4-way handshake offload for AP/P2P GO")
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
If the local network profile specifies a specific BSSID, there will not
be an acceptable alternative AP for the current one. As such, there is
not much point in trying to scan and wait for the results to make this
conclusion. Skip the scan and reject the BSS transition management
request even if that ends up getting disassociated from the BSS that
happens the be the only one that the local configuration allows to be
used.
Signed-off-by: Jouni Malinen <j@w1.fi>
The driver advertising OWE offload support would take care of
Diffie-Hellman Parameter element generation and processing part. The
driver would be responsible for OWE PMK generation in this case.
Avoid the Diffie-Hellman Parameter element handling in
wpa_supplicant/hostapd for drivers advertising OWE offload support. This
change is applicable only for drivers supporting 4-way handshake
offload.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
Add support for offloaded 4-way handshake in AP/P2P GO mode. For drivers
supporting the AP PSK offload, wpa_supplicant/hostapd passes down the
PSK for the driver to handle the 4-way handshake. The driver is expected
to indicate port authorized event to indicate that the 4-way handshake
is completed successfully.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
The max transmit power of Standard Power (SP) Access Points (AP) on
6 GHz band and APs on 2.4 GHz and 5 GHz bands is limited by effective
isotropic radiated power (EIRP), while the max transmit power of Low
Power Indoor (LPI) APs on 6 GHz Band is limited by power spectral
density (PSD). Therefore the max transmit power of LPI APs grows as the
channel width increases, similar to the noise power which has constant
PSD.
Adjust the RSSI, SNR and throughput estimate based on max transmit power
config and max channel width in the roaming algorithm.
Signed-off-by: Kaidong Wang <kaidong@chromium.org>
The max transmit power of Standard Power (SP) Access Points (AP) on
6 GHz band and APs on 2.4 GHz and 5 GHz bands is limited by effective
isotropic radiated power (EIRP), while the max transmit power of Low
Power Indoor (LPI) APs on 6 GHz Band is limited by power spectral
density (PSD). Therefore the max transmit power of LPI APs grows as the
channel width increases, similar to the noise power which has constant
PSD.
Adjust the SNR of BSSes based on the transmit power config and max
channel width. EIRP limited APs usually have constant max transmit power
on different channel widths, their SNR decreases on larger channel width
because the noise power is higher, while PSD limited APs have constant
SNR over all channel widths.
Signed-off-by: Kaidong Wang <kaidong@chromium.org>
With the SSID updating of a BSS entry removed from owe_trans_ssid(),
this call to owe_trans_ssid() is not really doing anything, so remove
it. This reverts 6972b0fa2b ("OWE: Update transition mode information
on selecting a new BSS").
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Overwriting of SSID for the hidden OWE BSS entry has some side effects:
- first the entry is notified over DBus with empty SSID and the update
of SSID is never signaled (it is not even possible at the moment to
notify the SSID change - see wpas_dbus_bss_signal_prop_changed()),
- during (and after) association there will be multiple entries
referring to the same BSSID/SSID pair.
Stop overwriting the SSID in an existing BSS entry based on OWE
transition mode information. Instead, depend on a new BSS entry getting
added for the hidden OWE BSS based on active scans for the SSID learned
from the open BSS. This would not have been sufficient for the initial
OWE design, but with the optimized scanning behavior from commit
c04562e67e ("OWE: Improve discovery of OWE transition mode AP"), this
can now depend on the exact same mechanism as other uses of hidden
SSIDs. This helps in keeping the D-Bus interface in sync with the BSS
parameters.
Signed-off-by: Andrzej Ostruszka <andrzejo@chromium.org>
If the currently available scan results include OWE transition mode BSS
with an unknown SSID, optimize the following scan for OWE to use only
the channels on which a known transition mode BSS has been seen.
This is needed to be able to remove the design that updates BSS entries
with the learned OWE SSID in manner that does not result in regression
to scanning latencies.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The local network profile may not have matching SSID (it could be either
the wildcard 0-length SSID or visible SSID in case of OWE transition
mode), so check whether an exact match with a BSS entry can be made
using the current SSID information from the driver (i.e., the SSID of
the current association) when picking the BSS entry to use as the
current one for an association.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use the Same SSID and Colocated AP bits as an alternative way of finding
a match on the current SSID.
Signed-off-by: Ben Greear <greearb@candelatech.com>
The Reduced Neighbor Report element can include one or more TBTT
Information fields. Only the first one was parsed previously. Extend
this to use a loop to go through all included TBTT Information fields.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Beacon frames are allowed to optionally include one more more Reduced
Neighbor Report elements. Only the first one was parsed previously.
Extend this to use a loop to go through all included RNR elements.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Leverage the already available control socket cmd "DRIVER_FLAGS2" and
dump the driver capab "flags2" bitmask on triggering the new CLI CMD
"driver_flags2", similar to the already existing CLI CMD "driver_flags".
$ hostapd_cli -i wlan0 driver_flags2
(OR)
$ wpa_cli -i wlan0 driver_flags2
0000000000000020:
BEACON_RATE_HE
Signed-off-by: Gokul Sivakumar <gokulkumar.sivakumar@infineon.com>
gcc 12.1 complains about using pointer after realloc as it could
potentially be moved/freed, causing any uses after UB.
Fix this by doing checks before realloc and use those statuses and
update with new BSS.
Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Prevent loading arbitrary executable code based on config at runtime,
while allowing libraries to be specified at compile time when they are
known in advance.
Add the ability to configure libraries to load at compile time.
* CONFIG_PKCS11_ENGINE_PATH - pkcs11_engine library location.
* CONFIG_PKCS11_MODULE_PATH - pkcs11_module library location.
* CONFIG_OPENSC_ENGINE_PATH - opensc_engine library location.
Add flags with the ability to set each of the libraries to NULL and
prevent loading them at runtime.
* CONFIG_NO_PKCS11_ENGINE_PATH - prevents loading pkcs11_engine
library.
* CONFIG_NO_PKCS11_MODULE_PATH - prevents loading pkcs11_module
library.
* CONFIG_NO_OPENSC_ENGINE_PATH - prevents loading opensc_engine
library.
* CONFIG_NO_LOAD_DYNAMIC_EAP - prevents loading EAP libraries at
runtime.
Signed-off-by: David Ruth <druth@chromium.org>
wpas_dpp_connected() is called from wpa_supplicant_set_state(), i.e.,
from the middle of processing of the post 4-way handshake steps. Sending
a DPP Public Action frame at that point can delay other operations, so
allow those steps to be completed first before sending out the DPP
connection status result.
Signed-off-by: Jouni Malinen <j@w1.fi>