There is no need to store the AP MLD's RSNE/RSNXE within per-supplicant
data structure in struct wpa_state_machine since those elements are
available from the generic authenticator data in struct
wpa_authenticator.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
There is no need to store the AP MLD MAC address within per-supplicant
data structure in struct wpa_state_machine since that MLD MAC address is
available from the generic authenticator data in struct
wpa_authenticator.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The functions that determine the length of the RNR information and that
build the actual RNR need to use the same conditions for skipping BSSs.
Use a shared helper function for this to avoid having to maintain two
copies of the same implementation and the risking those getting out of
sync.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
RNR formation for co-location or MLO did not work as expected. Fix this.
For example, during co-location, if the BSS is also its ML partner
there is no need to include a separate TBTT for it.
Also, during co-location, if the BSS is not its partner but it is ML
capable, the TBTT length should be 16 bytes and it should include the
MLD Parameters for it in the RNR.
During co-location, for a given Neighbor AP (operating on a given
channel and op-class) if it has BSSs which are ML capable as well as
BSSs which are not, there should be two Neighbor AP Info present: one
indicating TBTT length as 13 bytes and one indicating TBTT info length
as 16 bytes.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Add required ML specific members in struct wpa_authenticator and struct
wpa_state_machine to maintain self and partner link information.
Maintain state machine object in all associated link stations and
destroy/remove references from the same whenever link stations are
getting removed.
Increase the wpa_group object reference count for all links in which ML
station is getting associated and release the same whenever link
stations are getting removed.
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
All links were iterated over during processing ML info in Association
Request frame. However, the association link info will not be present in
the ML info and hence the following debug print is observed during ML
association (assoc link is 1):
MLD: No link match for link_id=1
Skip processing for the association link to avoid this.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
hostapd_eapol_tx_status() function is used only in drv_callbacks.c.
However, it is defined in ieee802_11.c which is not really the correct
place for it.
Hence, move the function into drv_callbacks.c and make it static.
No functionality changes.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Modify necessary helper functions to support multiple BSS support for
MLO to make the changes scalable.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Authenticator state machine ML info was set only when it was created.
However, if the association is tried again, the state machine will
already exist and hence the ML info will not be refreshed. This leads to
an issue where if in the subsequent association request, the MLD info is
different than the old info, validation of it will fail.
Fix this issue by refreshing the authenticator state machine's ML info
every time association request is handled.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
This became unused, so remove the argument from this function, all its
callers, and from places that became unused with these changes.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The nl80211 driver interface function mlme_event_mgmt_tx_status(),
filled in link_id only if the frame was the last transmitted on the
whole drv (driver) level. With co-hosted MLDs, there could be cases
where multiple frames are sent out by various interfaces (BSS) under the
same drv. Now while handling the TX status, only one interface will get
the proper link_id. Rest will get -1 and the event will be routed to the
first BSS always. If the frame was not sent from the first BSS this
leads to possibility of the frame getting dropped.
Hence to make the underlying link identification easier, modify
authentication and association frames to be always sent with the link
address as A1 and A3 for ease of TX status handling.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
If authentication fails repeatedly, e.g., because of a weak signal, the
link can end up in blocked state. If one of the nodes tries to establish
a link again before it is unblocked on the other side, it will block the
link to that other side. The same happens on the other side when it
unblocks the link. In that scenario, the link never recovers on its own.
To fix this, allow restarting authentication even if the link is in
blocked state, but don't initiate the attempt until the blocked period
is over. This reverts commit 09d96de09e ("mesh: Drop Authentication
frames from BLOCKED STA").
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When one link is still under CAC or disabled, peer links should not
carry the information of this link in the RNR elements.
With this change, the RNR element will be included only if a peer link
is in HAPD_IFACE_ENABLED state.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
Modules that use libpasn for PASN authentication need the context of
PASN data. PASN data is a common context for the library and the modules
using it. Hence, initialize the context through init and deinit
functions. Also use set and get functions to update the parameters.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add the Extended Capabilities element for a non-TX BSS into the non-TX
BSSID profile subelement in the Multiple BSSID element if the non-TX BSS
has different extended capabilities than the TX BSS.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
MLD level structure is present to store the MLD level information.
Add changes to use the MLD structure instead of link specific struct
hostapd_data to get/set the MLD level information.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
mld_id was provided as a user configuration to identify partner BSS
belonging to the same AP MLD. The same id is used at the protocol level
also to indicate the AP MLD ID of the MLD.
But, in general mld_id is a relative reference of the MLD where 0 is
used as the mld_id to represent the self MLD and in case of MLO MBSSID
mld_id of a non transmitted BSS affiliated to an AP MLD is based on the
relative BSS index of the non transmitted BSS from the transmitted BSS.
Hence mld_id need not be fetched from users, rather it can be identified
wherever required.
To verify if the partners belong to the same AP MLD the interface name
can be checked, since all link BSS partners of the same AP MLD belong to
the same interface.
Hence, remove use of mld_id user config and instead introduce two
functions hostapd_is_ml_partner() and hostapd_get_mld_id(). The former
is used to verify whether partners belong to the same AP MLD and the
latter is used to get the MLD ID of the BSS.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Add support to fill "multi_ap_vlanid" info to the hostapd config file.
Add the Multi-AP Default 802.1Q Setting subelement into Multi-AP element
generating and parsing.
Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
Add a new config option "multi_ap_client_disallow" to control allowing
backhaul STA with certain profiles alone to associate. This is done to
adhere to Wi-Fi EasyMesh specification which defined rules to
allow/disallow association of backhaul STA of certain profiles.
Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
Allow both hostapd and wpa_supplicant to be configured with the
supported Multi-AP profile. The configured value will be advertised in
the Multi-AP element.
Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
This makes it more convenient to handle extensions to the element and
allows code to be shared between hostapd and wpa_supplicant.
Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
Replace the hardcoded buffer length with the actually number of
remaining bytes on the buffer. This is needed to be able to do real
buffer size validation within add_multi_ap_ie().
Furthermore, make hostapd_eid_multi_ap() static since it is not used
outside this file.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Once the non-AP MLD is added to the driver, the driver handles the
address translation so that hostapd receives Management frames with
SA/DA being translated into MLD MAC addresses.
If the Authentication frmae is retransmitted with transaction being 1,
SA of the retransmitted Authentication frame is translated into the MLD
MAC address by the driver, and then in the function handle_auth(),
sta->mld_info.links[].peer_addr would be replaced by the MLD MAC address
even though it is supposed to be the link address.
Therefore, update the MLD information only when the STA has not yet been
added into the driver to avoid replacing the previously determined link
address with the MLD MAC address.
Fixes: bcbe80a66 ("AP: MLO: Handle Multi-Link element during authentication")
Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
Add hostapd support for interacting with the NAN discovery engine to
allow single-channel (i.e., the AP's operating channel) USD as Publisher
or Subscriber.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The standard is somewhat unclear on whether the PMKIDs used in
(Re)Association Request frame (i.e., potential PMKIDs that could be used
for PMKSA caching during the initial mobility domain association) are to
be retained or removed when generating EAPOL-Key msg 2/4.
wpa_supplicant has replaced the PMKID List contents from (Re)Association
Request frame with PMKR1Name when generating EAPOL-Key msg 2/4 for FT.
Allow it to be configured (ft_prepend_pmkid=1) to prepend the PMKR1Name
without removing the PMKIDs from (Re)Association Request frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
When association is handled in hostapd, a non-AP MLD's info is stored in
all valid links. This should be the same when SME is offloaded to the
driver.
Also skip some operations that are already done by the driver
when SME is offloaded.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
Currently, AID is not allocated properly in hostapd for legacy non-MLD
STA in case of an AP MLD. All such stations have same AID.
Fix this issue by allocating AID properly in hostapd when operating as
an AP MLD and the STA is not an MLD.
Fixes: d924be3bd0 ("AP: AID allocation for MLD")
Signed-off-by: Harish Rachakonda <quic_rachakon@quicinc.com>
Replace the fixed length maximum buffer size for STA profile with
dynamically allocated buffers for active links. This reduces struct
mld_link_info size by almost 16 kB and drops the per-STA information in
struct sta_info to a more reasonable size to avoid the almost 10x
increase from MLO support.
In addition, free the resp_sta_profile buffers as soon as the ML element
has bee generated for (Re)Association Response frame since those buffers
are not needed after that.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
If CONFIG_FILS isn't set, the compiler complains about unused variables.
Fix it.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
If the station is not an MLO station do not attempt to find the
association station and return false in the ML specific disconnection
processing.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Set the current value instead of hardcoded 1.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Invert the check on hapd->conf->mld_ap on the affiliated links to
actually call the link specific callback handler. This is needed to set
the STA associated.
Fixes: 55038680a6 ("AP: MLO: Handle association callback")
Signed-off-by: Jouni Malinen <j@w1.fi>
The change to use a helper function for checking he_6ghz_reg_pwr_type
missed the difference between two types of checks for different values:
indoor AP vs. SP AP. Fix this by introducing another helper function to
cover the indoor (i.e., SP and non-SP indoor cases).
Fixes: 121ccadeb4 ("AP: A helper function for determining whether the AP is an SP AP")
Signed-off-by: Jouni Malinen <j@w1.fi>
If the regulatory client EIRP PSD values advertised by an AP that is a
standard power AP or indoor standard power AP are insufficient to ensure
that regulatory client limits on total EIRP are always met for all
transmission bandwidths within the bandwidth of the AP’s BSS, the AP
shall also send a TPE element in Beacon and Probe Response frames as
that depicts the regulatory client EIRP limit.
Add support for this.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
According to IEEE P802.11-REVme/D4.0, E.2.7 (6 GHz band), two Transmit
Power Envelope (TPE) elements need to be included by Indoor Standard
Power (Indoor SP) APs. Extend the code to support this.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
According to IEEE P802.11-REVme/D4.0, 9.4.2.169.2 (Neighbor AP
Information field), the 20 MHz PSD subfield in the TBTT Information
field is a signed value with valid range of -127 to +126, while +127
indicates "no maximum transmit power is specified". Fix the default
value advertised.
Fixes: 3db24e4eef ("RNR: Define element format")
Fixes: a7c152d6b8 ("RNR: Add data from neighbor database")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add configuration options for setting the Tx Power value
in the Transmit Power Envelope for 6 GHz:
- The Tx power value for default client where the transmit
power interpretation is "Regulatory Client EIRP PSD"
- The Tx power value for subordinate client where the transmit
power interpretation is "Regulatory Client EIRP PSD"
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Update the HE regulatory information AP types based on IEEE
P802.11-REVme/D4.0. Set the default AP type to VLP. Check for valid
values when setting 'he_6ghz_reg_pwr_type' in the interface
configuration.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
In cases of SAE failure and testing, mgmt->sa was used for sending the
Authentication frame. Fix these to use the station address (which is
the MLD MAC address in cases of non-AP MLDs).
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add a testing configuration such that the AP would be reported as
disabled in the RNR TBTT information MLD parameters included by other
affiliated APs of the AP MLD.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
