The nl_connect is initialized with the process_bss_event() handler.
However, it is used several times with the default valid handler. As a
result, if a message that is only valid for process_bss_event() is
received while the default handler is used, it will be dropped.
This has been observed in a case where during the 4-way handshake, a
Beacon frame is received on the AP side, which triggers a beacon update,
just before receiving the next EAPOL. When send_and_recv_msgs_owner() is
called for sending the NL80211_CMD_SET_BEACON command, the
NL80211_CMD_CONTROL_PORT_FRAME event is already pending. As a result, it
is received with the default handler, which drops it. Since the EAPOL
frame is dropped, the connection attempt fails.
Fix it by using the process_bss_event() handler when the nl_connect
handler is used.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Use a helper function as the do_acs() callback to allow builds to pull
in all the vendor specific operations into a single binary.
Signed-off-by: Jouni Malinen <j@w1.fi>
Unsolicited broadcast Probe Response transmission is used for in-band
discovery in the 6 GHz band (IEEE P802.11ax/D8.0 26.17.2.3.2, AP
behavior for fast passive scanning). Add support for configuring the
parameters for such frames.
Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
When wpa_supplicant sends NL80211_CMD_AUTHENTICATE to kernel, it is
possible that the cfg80211 in kernel has expired the BSS entry that
we are trying to auth with. Then cfg80211 will reject the auth cmd.
In this case, wpa_supplicant will trigger a single channel scan to
refresh cfg80211 BSS entry, and retry the auth when scan is finished.
When this case happens, wpa_supplicant makes a copy of auth params,
such as frequency, bssid, ssid, ie and so on. So when we retry auth,
the copy of these params will be used. The problem is, a param named
auth_data is missed when making the copy. The auth_data is used by
NL80211_ATTR_SAE_DATA which is a mandatory field for WPA3-SAE auth.
In WPA3-SAE case the auth retry will always fail because auth_data is
missing. This patch fixes the issue.
Signed-off-by: hongwang.li <hongwang.li@sonos.com>
Android has a mechanism to extend the driver interface in vendor
specific ways. This implementation of the vendor interface is done in
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB). Extend this to allow the vendor
events to be provided to this library to facilitate the event
processing.
Introduce a new board configuration via
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB_EVENT) rather than reusing
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB) to enable this event handling in the
private library. This is to avoid compilation issues for
wpa_driver_nl80211_driver_event() with the already existing private
library implementations defined with
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
NL80211_CMD_ROAM indication is scheduled via a kernel work queue, while
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH is a vendor event from the
driver. Thus, a race condition can exist wherein the vendor event is
received prior to the NL80211_CMD_ROAM indication.
The processing of this vendor event depends on the NL80211_CMD_ROAM
indication to update the roamed BSS/BSSID information and thus the out
of sequence processing of these events would result in not updating the
right BSS information.
This commit adds a workaround to hold the pending
QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_ROAM_AUTH event for up to 100 ms in
case NL80211_CMD_ROAM is not received first.
Signed-off-by: Purushottam Kushwaha <pkushwah@codeaurora.org>
Add support to report a vendor specific connect fail reason code fetched
from the driver to users by adding the reason code to the event
CTRL-EVENT-ASSOC-REJECT. Fetch the connect fail reason code when the
driver sends a failure connection result and append the reason code, if
available, to assoc reject event.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The kernel commit "mac80211: support control port TX status reporting"
seems to be delivering the TX status events for EAPOL frames over
control port using NL80211_CMD_FRAME_TX_STATUS due to incorrect check on
whether the frame is a Management or Data frame. Use the pending cookie
value from EAPOL TX operation to detect this incorrect behavior and
redirect the event internally to allow it to be used to get full TX
control port functionality available for AP mode.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is a preliminary patch for using extack cookies for TX control port
handling. Custom ack handler arguments for send_and_recv() and friends
is introduced therefore. This commit does not actually use the provided
values, i.e., that will be added in a separate commit.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
wpa_supplicant registered to process the Radio Measurement Request
frames unconditionally. This would prevent other location based
applications from handling these frames. Enable such a use case by
allowing wpa_supplicant to be configured not to register to process
these frames. This can now be done by adding "no_rrm=1" to the
driver_param configuration parameter.
In addition, wpa_driver_nl80211_init() does not have the provision to
take driver_params. Hence, resubscribe again with cfg80211 when this
driver parameter "no_rrm=1" is set after the initial setup steps.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Linux bridging code does not allow a station mode WLAN interface in a
bridge and this prevents the AP mode scan workaround from working if the
AP interface is in a bridge and scanning can be only done by moving to
STA mode. Extend this workaround to remove the interface from the bridge
temporarily for the duration of the scan, i.e., for the same duration as
the interface needs to be moved into the station.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The driver can advertise supported AKMs per wiphy and/or per interface.
Populate per interface supported AKMs based on the driver advertisement
in the following order of preference:
1. AKM suites advertised by NL80211_ATTR_IFTYPE_AKM_SUITES
2. AKM suites advertised by NL80211_ATTR_AKM_SUITES
If neither of these is available:
3. AKMs support is assumed as per legacy behavior.
In addition, extend other driver interface wrappers to set the
per-interface values based on the global capability indication.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Since this functionality was not used for anything in practice, it is
easier to simply remove this functionality completely to avoid potential
conflicts in using the kernel tree upstream commit ab4dfa20534e
("cfg80211: Allow drivers to advertise supported AKM suites").
This is practically reverting the commit 8ec7c99ee4 ("nl80211: Fetch
supported AKM list from the driver").
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Update frame processing registration for DPP Public Action frames to
include multicast reception when in DPP listen mode and the driver
indicates support for this type of explicit request.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Since this nl80211 mechanism for sending EAPOL frames does not currently
support TX status notification, disable it by default of AP mode where
the Authenticator state machine uses those notifications to optimize
retransmission. The control port TX can be enabled for AP mode with
driver param control_port_ap=1.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use and/or set socker owner where necessary to allow EAPOL frames to be
received using the nl80211 control port. This is done when the driver
indicates support for the control port without previous hardcoded
reception of RSN preauth frames.
Use methods which set or use the connection owner nl_sock * where
necessary. Initial operations need to register with the SOCKET_OWNER
attribute set (e.g., connect for STA mode). Final operations need to use
the socket which holds the owner attribute (e.g., disconnect for STA
mode).
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
This is needed to work around a missing attribute that would cause
cfg80211 to reject some nl80211 commands (e.g.,
NL80211_ATTR_VENDOR_DATA) with new kernel versions that enforce netlink
attribute policy validation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is to match the NL80211_CMD_ACTION renaming to NL80211_CMD_FRAME
that happened long time ago. This command can be used with any IEEE
802.11 frame and it should not be implied to be limited to Action
frames.
Signed-off-by: Jouni Malinen <j@w1.fi>
This simplifies code by not having to maintain and come up with new
backwards compatibility wrappers for a library release from 12 years
ago.
Signed-off-by: Jouni Malinen <j@w1.fi>
Addi STA node details in AP through QCA vendor subcommand
QCA_NL80211_VENDOR_SUBCMD_ADD_STA_NODE vendor when processing FT
protocol roaming.
Signed-off-by: Shiva Sankar Gajula <sgajula@codeaurora.org>
Maintain a single array (of struct with two int variables) instead of
two independent arrays (of int) for tracking know ifindexes and reasons
for having added them. The previous implementation tried to maintain two
independent arrays even though they were always required to be of
exactly same length and order. That had resulted in a bug earlier and
the code was not exactly easy to understand either, so replace this with
a single array.
Signed-off-by: Jouni Malinen <j@w1.fi>
The QCA_NL80211_VENDOR_SUBCMD_GET_HE_CAPABILITIES attributes are not
up-to-date with the latest P802.11ax/D4.0 capabilities and would need to
be updated or replaced. Since the variables from this functionality were
not used for anything in practice, it is easier to simply remove this
functionality completely to avoid issues with upcoming updates to use
upstream nl80211 information to determine HE capabilities.
This is practically reverting the commit ca1ab9db2a ("hostapd: Get
vendor HE capabilities").
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Try to fetch the list of supported AKM suite selectors from the driver
through the vendor interface
QCA_NL80211_VENDOR_SUBCMD_GET_SUPPORTED_AKMS. If that command is
available and succeeds, use the returned list to populate the
wpa_driver_capa key_mgmt information instead of assuming all
cfg80211-based drivers support all AKMs. If the driver does not support
this command, the previous behavior is maintained.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When external authentication is used, a specific netlink socket is used
to send the connect command. If the same socket is not used for
disconnect command, cfg80211 will discard the command. This constraint
was added into the kernel in commit bad292973363 ("nl80211: Reject
disconnect commands except from conn_owner"). That requires an update
for the hostap.git commit 40a68f3384 ("nl80211: Create a netlink
socket handle for the Connect interface").
Add a new flag into struct i802_bss to indicate if the special
nl_connect socket was used for the connect command. When sending
disconnect command this flag is tested to select the correct socket.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
When we start hostapd having Hotspot 2.0 configuration with interface
already added to bridge interface, addition and deletion of new neighbor
to bridge ip neighbor table fails.
This is since 'bss->added_if_into_bridge' is not set which only allows
'drv->rtnl_sk' (nl_sock for NETLINK_ROUTE) allocation needed for bridge
ip neighbor table.
Add a new bit 'already_in_bridge' and set it when interface is already
added to bridge by some external component. Check this bit in addition
to 'bss->added_if_into_bridge' for 'drv->rtnl_sk' allocation done in
i802_init().
Now 'drv->rtnl_sk' is closed in wpa_driver_nl80211_deinit() regardless of
'bss->added_if_into_bridge' since when we have 'bss->already_in_bridge'
case too, this need to be removed.
brctl show
bridge name bridge id STP enabled interfaces
br0 8000.8efdf006b050 no ap
hostapd_cli raw STATUS-DRIVER
Selected interface 'ap'
ifindex=15
ifname=ap
brname=br0
addr=8e:fd:f0:06:b0:50
freq=5180
beacon_set=1
already_in_bridge=1
..
Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
This netlink socket handle owns the connect request and is further used
by the host driver/kernel to request for the external authentication.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Set temporary disallowed BSSID list to the driver so that the driver
doesn't try to connect to any of the blacklisted BSSIDs during
driver-based roaming operation. This commit includes support only for
the nl80211 driver interface using a QCA vendor command for this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Current DFS domain information of the driver can be used in ap/dfs
to comply with DFS domain specific requirements like uniform spreading
for ETSI domain.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
Add driver interface command using the QCA vendor extensions to check
the driverr whether to accept or reject a BSS transition candidate. For
the reject case, report an MBO reject reason code.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds support for specifying a random TA for management frame
transmission commands and driver capability flags for indicating whether
this is supported in not-connected and connected states.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
On a connect nl80211 event, wpa_supplicant uses
wpa_driver_nl80211_get_ssid() to fetch the current associated SSID to
compare to existing configurations. However,
wpa_driver_nl80211_get_ssid() uses drv->ssid, which is a cached value.
It is set when we explicitly initial a connect request using
wpa_supplicant. If the association was initiated outside of
wpa_supplicant, we need another way to populate drv->ssid. This commit
sets drv->ssid based on cfg80211 BSS information on connect/associate
nl80211 events.
Signed-off-by: Ningyuan Wang <nywang@google.com>
Do not use the generic bss_info_handler() design to fetch all scan
results into temporary memory buffer. Instead, use a separate BSS info
handler that fetches the requested information without fully parsing the
BSS entries and without allocating any memory for collecting all the
results.
This is also simplifying bss_info_handler() and nl80211_parse_bss_info()
design by getting rid of the special case that was used only for
nl80211_get_assoc_freq() and not normal scan result fetching.
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit enhances the abort scan implementation to also abort the
vendor scan, if one was used to trigger the scan.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes wpa_supplicant set default scan IEs to the driver (if the
vendor command is supported). The driver can use these IEs in the scan
requests initiated by the driver itself. Also the driver can merge these
IEs into further scan requests that it receives, in case if the scan
request doesn't carry any of the IEs sent in this command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds the necessary changes to support extraction and use of the
extended capabilities specified per interface type (a recent
cfg80211/nl80211 extension). If that information is available,
per-interface values will be used to override the global per-radio
value.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
cfg80211 reports a deauth/disassoc event when internally clearing
connection with the previous BSS. Ignore that event to allow the new
connect command to complete.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Interface additions/removals are not guaranteed to be for the driver
listening to the kernel events. As such, send the events to
wpa_supplicant_event_global() which can then pick the correct interface
registered with wpa_supplicant to send the event to.
Signed-off-by: Roy Marples <roy@marples.name>
When an interface is removed while it was in a bridge, the bridge was
not removed from the local ifidx list.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Add a helper function to find a certain IE inside IEs buffer by ID and
use this function in several places that implemented similar
functionality locally.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
On systems that have multiple WLAN rfkill instances, the rfkill code
can become confused into thinking that the device was unblocked when
in fact it wasn't, because it only matches on the WLAN type.
Since it then stores the new (unblocked) state from the wrong rfkill
instance, it will never retry the failing IFF_UP operation and the
user has to toggle rfkill again, or otherwise intervene manually, in
this case to get back to operational state.
Fix this by using the existing (but unused) ifname argument when the
rfkill instance is created to match to a specific rfkill index only.
As a P2P Device interface does not have a netdev interface associated
with it, use the name of a sibling interface to initialize the rfkill
context for the P2P Device interface. For nl80211, as the wiphy index
is known only after getting the driver capabilities from the kernel,
move the initialization of the rfkill object to
wpa_driver_nl80211_finish_drv_init().
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
These needs to be cancelled so that the kernel driver does not get left
with all old entries blocking other offchannel operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add 'scan plans' to driver scan parameters for scheduled scan.
Each 'scan plan' specifies the number of iterations to run the scan
request and the interval between iterations. When a scan plan
finishes (i.e., it was run for the specified number of iterations),
the next scan plan is executed. The last scan plan will run
infinitely.
The maximum number of supported scan plans, the maximum number of
iterations for a single scan plan and the maximum scan interval
are advertised by the driver.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This adds the driver interface commands for issuing a request to abort
an ongoing scan operation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Allow wpa_supplicant to use vendor scan (if supported by the driver)
together with the normal nl80211 scan and handling external scan events.
Since this results in possibility of concurrent scan operations, some of
the operations related to scan results need to check more carefully when
an event is relevant for a specific interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit contains the necessary changes for supporting the QCA vendor
scan implementation, i.e., sending the vendor scan command to underlying
driver and handling the vendor scan events from the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Extend the QCA vendor specific nl80211 interface to query the preferred
frequency list from driver and add a new wpa_cli command to query this
information.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Upon GO Negotiation completion, if the remote peer becomes GO, send a
hint event over QCA vendor specific interface to inform the driver of
the likely operating channel of the P2P GO.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>