Support implementation architecture where the NAN discovery engine is
located in the driver/firmware instead of wpa_supplicant.
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
This wrapper function was not used at all, so remove it to make it
clearer that the set_ap() driver op is called only from hostapd code.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When wpa_supplicant needed to update the internal BSS table with the
latest scan results from the driver, it fetched all BSSs and processed
them all. This is unnecessary for cases where an update is needed only
for a specific BSS. Optimize this by filtering out the unnecessary
entries from the results.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
nl80211_set_secure_ranging_ctx() was already ignoring the operation, but
this is included only with CONFIG_DRIVER_NL80211_QCA=y. Make the default
case use same behavior based on the callback function not being defined.
This is needed to allow the following test cases to work:
pasn_owe_tm_kdk_secure_ltf pasn_sae_kdk_secure_ltf
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add the copied EHT capabilities into the sta_add() call when adding a
TDLS peer.
The mld_link_id value was previously only for AP mode, but it can now be
used for TDLS links as well to indicate the link on which a
single-link-TDLS direct link is negotiated.
Signed-off-by: Jouni Malinen <quic_klokere@quicinc.com>
This is needed to allow the driver to know on which operating channel
(as specified by the link that is affiliated with AP MLD for the current
association) is used for transmitting TDLS Discovery Response. This
commit adds the link_id parameter to various functions, but does not
implement the driver interface change itself.
Signed-off-by: Jouni Malinen <quic_klokere@quicinc.com>
This is needed to match the key configuration design with a single
netdev and the nl80211 driver interface.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
EAPOL frames may need to be transmitted from the link address and not
MLD address. For example, in case of authentication between AP MLD and
legacy STA. Add link_id parameter to EAPOL send APIs.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This is needed for the driver to know on which link it should transmit
the frames in MLO cases.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This includes:
- Modifications of the driver API, to include the link ID as part
of 'struct hostapd_freq_params'.
- Modifications to nl80211 driver.
- Modifications for the driver wrappers.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Multi link stations are represented in the kernel using a single
station with multiple links and the first ADD_STA command also
creates the first link. Subsequent links should be added with
LINK_ADD commands.
Implement this logic and provide the required MLD information per
station/link.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add support to specify a Link ID for set key operation for MLO
connection. This does not change the existing uses and only provides the
mechanism for extension in following commits.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
The Linux kernel expects to use the AP MLD address as destination and
BSSID addresses for non-Public Action frames when the current
association is MLO capable. Use the MLD addresses to support this.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add support to fetch and indicate per-link MLO signal poll information
via a new control interface command MLO_SIGNAL_POLL.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add support to fetch MLO connection info from the driver to the
wpa_supplicant instance of corresponding MLD STA interface. In addition,
return true for BSSs associated with MLO links from wpa_bss_in_use() to
avoid getting them cleared from scan results.
Co-authored-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Previously, the driver could optionally (using QCA vendor command)
provide a preferred channel list to wpa_supplicant for channel selection
during the GO negotiation. Channel selection process can be more
efficient with the information of weights and flags of the preferred
channel list that can be provided by the driver. Use a weighted
preferred channel list provided by the driver for channel selection
during GO negotiation if such a list is available.
Signed-off-by: Sreeramya Soratkal <quic_ssramya@quicinc.com>
Support possible band combinations of 2.4 GHz, 5 GHz, and 6 GHz with
QCA_WLAN_VENDOR_ATTR_SETBAND_MASK attribute. Ensure backwards
compatibility with old drivers that are using
QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE attribute and supporting only 2.4 GHz
and 5 GHz bands.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
The newer kernel versions enforce strict netlink attribute policy
validation and will cause cfg80211 to reject vendor commands with
NL80211_ATTR_VENDOR_DATA if NLA_F_NESTED attribute is not set but
if the vendor command is expecting nested data within
NL80211_ATTR_VENDOR_DATA attribute.
Most of the earlier instances were addressed by adding NLA_F_NESTED
flag in nla_nest_start(). This commit addresses the remaining
instance in which NL80211_ATTR_VENDOR_DATA is populated using data
set by user through the control interface.
Enhance the control interface VENDOR command to indicate whether the
vendor subcommand uses nested attributes within NL80211_ATTR_VENDOR_DATA
attribute or not.
Set NLA_F_NESTED flag for existing QCA vendor commands which use nested
attributes within the NL80211_ATTR_VENDOR_DATA attributes so that the
old frameworks implementations for already existing commands work
without any issues.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use the "tmp_disallow" name more consistently so that both the core
wpa_supplicant functionality (struct wpa_bss_tmp_disallowed) and the
wpa_driver_ops callback have more similar names.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Support Extended Key ID in wpa_supplicant according to
IEEE Std 802.11-2016 for infrastructure (AP) associations.
Extended Key ID allows to rekey pairwise keys without the otherwise
unavoidable MPDU losses on a busy link. The standard is fully backward
compatible, allowing STAs to also connect to APs not supporting it.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
PASN authentication can be performed while a station interface is
connected to an AP. To allow sending PASN frames while connected, extend
the send_mlme() driver callback to also allow a wait option. Update the
relevant drivers and wpa_supplicant accordingly.
hostapd calls for send_mlme() are left unchanged, since the wait option
is not required there.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add the new set_key() parameter "key_flag" to provide more specific
description of what type of a key is being configured. This is needed to
be able to add support for "Extended Key ID for Individually Addressed
Frames" from IEEE Std 802.11-2016. In addition, this may be used to
replace the set_tx boolean eventually once all the driver wrappers have
moved to using the new key_flag.
The following flag are defined:
KEY_FLAG_MODIFY
Set when an already installed key must be updated.
So far the only use-case is changing RX/TX status of installed
keys. Must not be set when deleting a key.
KEY_FLAG_DEFAULT
Set when the key is also a default key. Must not be set when
deleting a key. (This is the replacement for set_tx.)
KEY_FLAG_RX
The key is valid for RX. Must not be set when deleting a key.
KEY_FLAG_TX
The key is valid for TX. Must not be set when deleting a key.
KEY_FLAG_GROUP
The key is a broadcast or group key.
KEY_FLAG_PAIRWISE
The key is a pairwise key.
KEY_FLAG_PMK
The key is a Pairwise Master Key (PMK).
Predefined and needed flag combinations so far are:
KEY_FLAG_GROUP_RX_TX
WEP key not used as default key (yet).
KEY_FLAG_GROUP_RX_TX_DEFAULT
Default WEP or WPA-NONE key.
KEY_FLAG_GROUP_RX
GTK key valid for RX only.
KEY_FLAG_GROUP_TX_DEFAULT
GTK key valid for TX only, immediately taking over TX.
KEY_FLAG_PAIRWISE_RX_TX
Pairwise key immediately becoming the active pairwise key.
KEY_FLAG_PAIRWISE_RX
Pairwise key not yet valid for TX. (Only usable with Extended Key ID
support.)
KEY_FLAG_PAIRWISE_RX_TX_MODIFY
Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX.
KEY_FLAG_RX_TX
Not a valid standalone key type and can only used in combination
with other flags to mark a key for RX/TX.
This commit is not changing any functionality. It just adds the new
key_flag to all hostapd/wpa_supplicant set_key() functions without using
it, yet.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
This makes it more convenient to add, remove, and modify the parameters
without always having to update every single driver_*.c implementation
of this callback function.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
In order to correctly encrypt rekeying frames, wpa_supplicant now checks
if a PTK is currently installed and sets the corresponding encrypt
option for tx_control_port().
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Linux kernel v4.17 added the ability to request sending controlled port
frames (e.g., IEEE 802.1X controlled port EAPOL frames) via nl80211
instead of a normal network socket. Doing this provides the device
driver with ordering information between the control port frames and the
installation of keys. This empowers it to avoid race conditions between,
for example, PTK replacement and the sending of frame 4 of the 4-way
rekeying handshake in an RSNA. The key difference between the specific
control port and normal socket send is that the device driver will
certainly get any EAPOL frames comprising a 4-way handshake before it
gets the key installation call for the derived key. By flushing its TX
buffers it can then ensure that no pending EAPOL frames are
inadvertently encrypted with a key that the peer will not yet have
installed.
Add a CONTROL_PORT flag to the hostap driver API to report driver
capability for using a separate control port for EAPOL frames. This
operation is exactly like an Ethernet send except for the extra ordering
information it provides for device drivers. The nl80211 driver is
updated to support this operation when the device reports support for
NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211. Also add a driver op
tx_control_port() for request a frame to be sent over the controlled
port.
Signed-off-by: Brendan Jackman <brendan.jackman@bluwireless.co.uk>
"SET driver_signal_override <BSSID> [<si_signal< <si_avg_signal>
<si_avg_beacon_signal> <si_noise> <scan_level>]" command can now be used
to request wpa_supplicant to override driver reported signal levels for
signal_poll and scan results. This can be used to test roaming behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not disconnect on interface deinit when WoWLAN is enabled, so we can
boot the system with WoWLAN after S5 (poweroff).
Signed-off-by: Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com>
Inject an Ethernet frame to a given peer bypassing next_hop lookup in
mpath table. Optional payload is expected to be hexdump without 0x.
usage:
wpa_cli -i <dev> mesh_link_probe <peer MAC> [payload=<hexdump of payload>]
example:
wpa_cli -i wlan0 mesh_link_probe aa:bb:cc:dd:ee:ff payload=aabb
wpa_cli -i wlan0 mesh_link_probe aa:bb:cc:dd:ee:ff
Signed-off-by: Pradeep Kumar chitrapu <pradeepc@codeaurora.org>
These cases are for the IEEE 802.11 Status Code and Reason Code and
those fields are unsigned 16 bit values, so use the more appropriate
type consistently. This is mainly to document the uses and to make the
source code easier to understand.
Signed-off-by: Jouni Malinen <j@w1.fi>
The purpose of the Lowest Acceptable PN (lpn) parameters in the MACsec
SAK Use parameter set is to enforce delay protection. Per IEEE Std
802.1X-2010, Clause 9, "Each SecY uses MKA to communicate the lowest PN
used for transmission with the SAK within the last two seconds, allowing
receivers to bound transmission delays."
When encoding the SAK Use parameter set the KaY should set llpn and olpn
to the lowest PN transmitted by the latest SAK and oldest SAK (if
active) within the last two seconds. Because MKPDUs are transmitted
every 2 seconds (MKA_HELLO_TIME), the solution implemented here
calculates lpn based on the txsc->next_pn read during the previous MKPDU
transmit.
Upon receiving and decoding a SAK Use parameter set with delay
protection enabled, the KaY will update the SecY's lpn if the delay
protect lpn is greater than the SecY's current lpn (which is a product
of last PN received and replay protection and window size).
Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
Advertise vendor specific Multi-AP IE in (Re)Association Request frames
and process Multi-AP IE from (Re)Association Response frames if the user
enables Multi-AP fuctionality. If the (Re)Association Response frame
does not contain the Multi-AP IE, disassociate.
This adds a new configuration parameter 'multi_ap_backhaul_sta' to
enable/disable Multi-AP functionality.
Enable 4-address mode after association (if the Association Response
frame contains the Multi-AP IE). Also enable the bridge in that case.
This is necessary because wpa_supplicant only enables the bridge in
wpa_drv_if_add(), which only gets called when an interface is added
through the control interface, not when it is configured from the
command line.
Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
This adds driver API functions to get the current operating channel
parameters. This encompasses the center frequency, channel bandwidth,
frequency segment 1 index (for 80+80 channels), and so on.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Extend the SME functionality to support the external authentication.
External authentication may be used by the drivers that do not define
separate commands for authentication and association
(~WPA_DRIVER_FLAGS_SME) but rely on wpa_supplicant's SME for the
authentication.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new disable_fils parameter can be used to disable FILS functionality
in the driver. This is currently removing the FILS Capability bit in
Extended Capabilities and providing a callback to the driver wrappers.
driver_nl80211.c implements this using a QCA vendor specific command for
now.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
After an initial connection wpa_supplicant derives ERP information which
can be used in doing eventual authentications in the same realm. This
information can be used by drivers with offloaded FILS support to do
driver/firmware initiated roamings. Add support to send this updated
information to such drivers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Set temporary disallowed BSSID list to the driver so that the driver
doesn't try to connect to any of the blacklisted BSSIDs during
driver-based roaming operation. This commit includes support only for
the nl80211 driver interface using a QCA vendor command for this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Current DFS domain information of the driver can be used in ap/dfs
to comply with DFS domain specific requirements like uniform spreading
for ETSI domain.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
Add support to set ignore assoc disallow to the driver so that the
driver ignores assoc disallowed bit set by APs while connecting. This is
used by drivers that handle BSS selection and roaming internally.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add driver interface command using the QCA vendor extensions to check
the driverr whether to accept or reject a BSS transition candidate. For
the reject case, report an MBO reject reason code.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This can be used to override driver get_pref_freq_list() operation for
more convenient testing of preferred frequency list functionality.
Override string format:
<if_type1>:<freq1>,<freq2>,... <if_type2>:...
if_type: 0=STATION, 2=AP, 3=P2P_GO, 4=P2P_CLIENT, 8=TDLS, 9=IBSS
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit enhances the abort scan implementation to also abort the
vendor scan, if one was used to trigger the scan.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is specific to the macsec_qca driver. The core implementation
shouldn't care about this, and only deal with the complete secure
channel, and pass this down to the driver.
Drivers that have such limitations should take care of these in their
->create functions and throw an error.
Since the core MKA no longer saves the channel number, the macsec_qca
driver must be able to recover it. Add a map (which is just an array
since it's quite short) to match SCIs to channel numbers, and lookup
functions that will be called in every place where functions would get
the channel from the core code. Getting an available channel should be
part of channel creation, instead of being a preparation step.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>