If authentication fails repeatedly, e.g., because of a weak signal, the
link can end up in blocked state. If one of the nodes tries to establish
a link again before it is unblocked on the other side, it will block the
link to that other side. The same happens on the other side when it
unblocks the link. In that scenario, the link never recovers on its own.
To fix this, allow restarting authentication even if the link is in
blocked state, but don't initiate the attempt until the blocked period
is over. This reverts commit 09d96de09e ("mesh: Drop Authentication
frames from BLOCKED STA").
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes a segmentation fault on STA disconnect in case IPv6 addresses
where learned for the STA based on snooped neighbor solicication.
Fixes: bd00c4311c ("AP: Add Neighbor Discovery snooping mechanism for Proxy ARP")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
RRM link measurement request/report management frames are used to get
the radio link information between the connected stations.
Add new hostapd_cli command req_link_measurement to send an RRM link
measurement request to an associated station. Add support to handle the
link measurement report in hostapd.
RRM link measurement support can be enabled with the following new
configuration parameter:
rrm_link_measurement_report=1
Signed-off-by: Raj Kumar Bhagat <quic_rajkbhag@quicinc.com>
Signed-off-by: Yuvarani V <quic_yuvarani@quicinc.com>
The DTIM information in the per-STA profile is set incorrectly. The DTIM
period is set in the LSB octet of the DTIM Info subfield (2 octets),
which is intended for the DTIM count.
Fix this by setting the DTIM period and DTIM count information properly
to the MSB and LSB octets of the DTIM Info subfield, respectively.
Signed-off-by: Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
Signed-off-by: Govindaraj Saminathan <quic_gsaminat@quicinc.com>
When we are configuring automatic channel selection, we are not able to
switch to a given DFS channel because when we are trying to move to a
DFS channel, the interface is disabled and enabled again. When the
interface is disabled and enabled we are setting iface's freq and
channel to 0 in setup_interface2() in case ACS is enabled, and now we
don't know to which channel we were trying to move. Now ACS will run and
the interface will be up in the channel that is suitable.
To fix this issue add a flag named is_ch_switch_dfs to check if the
channel switch request is for a DFS channel and we can use this in
setup_interface2() to decide whther we have to set iface's freq and
channel to 0 or not. This way iface's freq and channel will retain the
values while channel switching to a DFS channel when ACS is enabled.
Signed-off-by: Rajat Soni <quic_rajson@quicinc.com>
Add a new flag radar_detected which is used in the following cases
when setting up a link on a DFS channel while the interface is not yet
enabled:
1. DFS link received CAC start event
2. If no radar detected, link setup succeeeds after CAC end
event is received. Else go to 3.
3. Radar detected on this link -> set radar_detected bit
4. CAC end received for the current freq -> Do not setup interface
as radar already detected. Clear radar_detected bit.
5. The driver sends channel switch event to switch to another channel
a. Switch to another DFS channel -> go to 1
b. Switch to non-DFS channel -> proceed to set up interface
Or when receiving a CAC start event when the interface is already set up:
1. DFS link already set up successfully
2. Radar detected on this link -> set radar_detected bit
a. Switch to DFS channel
a.1. CAC start -> clear radar_detected bit and partner RNR
a.2. If radar detected, go to 2.
a.3. CAC end -> clear radar_detected bit
a.4. Link enabled successfully
b. Switch to non-DFS channel
b.1 No op and the driver handles this
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
When one link is still under CAC or disabled, peer links should not
carry the information of this link in the RNR elements.
With this change, the RNR element will be included only if a peer link
is in HAPD_IFACE_ENABLED state.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
Link ID is more accurate to specify the BSS for a radar event in some
corner cases, e.g., when there is a radar detection event and the driver
then switches to another DFS channel. There will then be two events
coming from the driver (CAC start and channel switch complete). In case
the CAC-start event comes first, hostapd still stores the previous
frequency and cannot find the correct link by calling
nl80211_get_mld_link_by_freq() with the new frequency.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
The AP MLD case missed the "else" branch which handles legacy STA's
disassociation. So this STA's sta_info will not be cleared ever.
Add the "else" check to make sure the sta_info gets cleared.
Fixes: 7ceafb6e9f ("AP MLD: Handle disassociation notification with SME offload to driver")
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
OBSS scan can be required in different links if operating as an AP MLD.
When triggering scan, specify the link ID for the driver to find the
correct link to scan.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
If the driver provides an identifying cookie value for scan operations,
use that to select which link processes the scan result. This is needed
for OBSS scans that can be required in different links if operating as
an AP MLD. Distinguish the scans using scan_cookie for QCA vendor scan
events.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
In AP MLD case, HT scan results need to be handled in the link that
triggered this scan. So find the link that has a valid scan_cb to handle
EVENT_SCAN_RESULTS.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
Modules that use libpasn for PASN authentication need the context of
PASN data. PASN data is a common context for the library and the modules
using it. Hence, initialize the context through init and deinit
functions. Also use set and get functions to update the parameters.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
PMKSA cache API is included in libpasn.so used by external modules,
e.g., Wi-Fi Aware. To avoid dependency on IEEE8021X_EAPOL define for the
external modules at compile time, remove PMKSA cache static inline
functions from the header file and add wrapper function stubs.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
PTKSA cache API is included in libpasn.so used by external modules,
e.g., Wi-Fi Aware. To avoid dependency on CONFIG_PTKSA_CACHE define for
the external modules at compile time, remove PTKSA cache static inline
functions from the header file and add wrapper function stubs.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Verify that the Extended Capabilities element for the TX BSS shows
beacon protection disabled and the Extended Capabilities element for the
non-TX BSS (within the Multiple BSSID element) shows it enabled.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add the Extended Capabilities element for a non-TX BSS into the non-TX
BSSID profile subelement in the Multiple BSSID element if the non-TX BSS
has different extended capabilities than the TX BSS.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a new attribute QCA_WLAN_VENDOR_ATTR_AVOID_FREQUENCY_IFINDEX
for QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY_EXT subcommand to
apply rules for avoid frequencies on a specific netdev. This is a
32-bit unsigned optional attribute.
Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
These can cause unexpected test failures, so dump the pending monitor
socket events more frequently in some cases where event throttling is
seen.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This reverts commit bffd2b3994.
Revert this commit to fix a regression when setting up P2P Group Owner
on some old device.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Try to find the BSS entry that contains the most likely current
information for the target BSS. This is mainly needed to avoid some
unusual behavior with APs changing their Beacon frame information in a
manner that shows up in automated testing, but this might help with some
more dynamic real world uses as well, so better do the BSS entry search
for the newest entry.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This test could have failed if scan results from a previously executed
test case were still the in the driver cache.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The OpenSSL 3.0 (or newer) version of omac1_aes_vector() did not free
the EVP_MAC. This resulted in a memory leak that shows up in a bit
strange way in valgrind reports and because of that, was not caught
during automated testing.
Fixes: 0c61f6234f ("OpenSSL: Implement CMAC using the EVP_MAC API")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The first link BSS was always disabled last. However, now the first BSS
can be dynamically adjusted. Hence, remove such restriction.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Whenever ap_free_sta() was called, it deleted the whole station entry
from the kernel as well. However, with MLD stations, there is a
requirement to delete only the link station.
Add support to remove the link station alone from an MLD station. If the
link going to be removed is the association link, the whole station
entry will be removed.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
When the first link BSS of an interface was de-initialized/disabled, the
whole MLD was brought down. All other links were stopped beaconing and
links were removed. And if the non-first link BSS was
de-initialized/disabled, nothing happened. Even beaconing was not
stopped which is wrong.
Fix this by properly bringing down the intended link alone from the
interface.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Previously, hostapd directly advertised the MLD capabilities received
from the driver. Since this information is exchanged during
initialization time only, the driver will advertise the maximum
supported values. hostapd should parse it and then based on the current
situation fill the values accordingly.
For example, the maximum number of simultaneous links is supposed to be
a value between 0 and 14, which is the number of affiliated APs minus 1.
The driver advertises this value as 5 and hostapd, irrespective of the
current active links, puts 5 in the frames.
Fix this by parsing the value from the driver capabilities and then
using the values as per the current situation of the links. The
advertised values will be used as the upper limit.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
If one or more BSS from the interface is partnering with BSSs from
another interface and if this interface gets disabled, the Beacon frames
need to be refreshed for other interfaces. Similar thing should happen
when it gets enabled.
Add logic to refresh other interface Beacon frames when one of the
interfaces is disabled or enabled.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Previously, whenever if_remove() was called, the whole interface was
deleted. In an AP MLD, all partner BSS use the same driver private
context and hence removing the interface when only one of the links goes
down should be avoided.
Add a helper function to remove a link first whenever if_remove() is
called. Later while handling it, if the number of active links goes to
0, if_remove() would be called to clean up the interface.
This helper function will be used later when co-hosted AP MLD support is
added and as well later during ML reconfiguration support.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
When the interface was removed, the added links were not removed. While
removing the interface, kernel has removed the stale links but hostapd
has not. This is wrong since hostapd should remove and do the clean ups
properly while removing the interface.
Hence, remove the links when interface is removed.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Construct the nl80211 remove link command using the per-BSS approach
instead of per-driver (drv->first_bss).
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
nl80211_remove_links() iterated over all active links in the given BSS
and removed all of them. However, at times it is required to remove only
one link and not all links.
Add a helper function nl80211_remove_link() which will remove just the
given link_id from the passed BSS. nl80211_remove_links() will use this
and will call this for each of the active links to be removed.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
wpa_driver_nl80211_set_ap() called nl80211_put_freq_params() twice if AP
is an AP MLD. It called once while putting the MLO link ID and the other
time in the normal flow if frequency info is present. Doing this twice
is not required.
Call put_freq once during the normal flow only and separately of that,
add the link ID for AP MLD.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
This call was added within a conditional CONFIG_IEEE80211AX block even
though this can apply without that build option. Move this outside that
conditional block.
Fixes: b3921db426 ("nl80211: Add frequency info in start AP command")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Cache the corresponding hostapd_data struct context into the link entry
within the driver wrapper. This will be useful for driver events
callback processing.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Currently, whenever a new BSS is created, if it is an EHT BSS it is tied
to a corresponding MLD structure. If the structure does not exist
already, a new one is created and tied to it. Accordingly, the link ID
is assigned as well. However, when the BSS is deleted, the MLD structure
is not freed and when it is again created the next time, the link ID is
incremented further and the BSS gets a wrong link ID.
For example, 2.4 GHz single link AP MLD case: First ADD, link ID 0 would
be assigned and MLD interface wlan0 would be created. When REMOVE is
issued, the BSS would be deleted but MLD wlan0 will not. When ADD is
issued again, the BSS will tie back to MLD wlan0 but this time the link
ID will be incremented again and 1 would be assigned. Hence, at
subsequent REMOVE/ADD, the link ID keeps on incrementing.
Since the link ID remains same for the full lifetime of the BSS and MLD,
the next link ID counter cannot be just reset back to 0 when a BSS is
deleted. Otherwise, in interleaved link enable/disable case, the link ID
would be changed.
To overcome this situation, whenever a BSS is deleted, if the MLD is not
referenced by any other existing BSS, delete the MLD structure itself.
To know how many BSSs are referring a given MLD, introduce a new member
refcount in MLD. If the value is 0 it is safe to delete the MLD.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Link ID was assigned when BSS is going through setup and the driver
interface init. Later if interface is disabled and enabled again, setup
BSS is called which will give a new link ID to it. However, Link ID
should be same for a BSS affliated to an AP MLD for the full lifetime of
the BSS.
Hence, assign the link ID during BSS creation itself. And it will remain
until BSS entry is completely freed. Hence, link ID will not change as
part of disable/enable.
Also, since link ID would be decided now, it will help in creating link
level control sockets in a subsequent patch.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
MLD level structure is present to store the MLD level information.
Add changes to use the MLD structure instead of link specific struct
hostapd_data to get/set the MLD level information.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
MLD level information like MLD MAC address, next link ID, etc. was
stored in each BSS. However, only the first link BSS assigns values to
these members and the other link BSSs store references to the first BSS.
However, if the first BSS is disabled, the first BSS reference in all
BSS should be updated which is an overhead. Also, this does not seem to
scale.
Instead, a separate MLD level structure can be maintained which can
store all this ML related information. All affiliated link BSSs can keep
reference to this MLD structure.
This commit adds that MLD level structure. However, assigning values to
it and using that instead of BSS level members will be done in
subsequent commits.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
mld_id was provided as a user configuration to identify partner BSS
belonging to the same AP MLD. The same id is used at the protocol level
also to indicate the AP MLD ID of the MLD.
But, in general mld_id is a relative reference of the MLD where 0 is
used as the mld_id to represent the self MLD and in case of MLO MBSSID
mld_id of a non transmitted BSS affiliated to an AP MLD is based on the
relative BSS index of the non transmitted BSS from the transmitted BSS.
Hence mld_id need not be fetched from users, rather it can be identified
wherever required.
To verify if the partners belong to the same AP MLD the interface name
can be checked, since all link BSS partners of the same AP MLD belong to
the same interface.
Hence, remove use of mld_id user config and instead introduce two
functions hostapd_is_ml_partner() and hostapd_get_mld_id(). The former
is used to verify whether partners belong to the same AP MLD and the
latter is used to get the MLD ID of the BSS.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
This is needed to avoid failures due to previous test cases having left
sae_groups set to something else than the default.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
