The FTE parser itself used valid data, but the reassembled buffer was
available only during the parser run. That buffer will be needed for the
caller as well since most of the parsed data is used as pointers instead
of copied data.
Store the reassembled buffer in struct wpa_ft_ies and require
wpa_ft_parse_ies() callers to use wpa_ft_parse_ies_free() to free any
possibly allocated temporary data after wpa_ft_parse_ies() calls that
return success (0).
Fixes: 43b5f11d96 ("Defragmentation of FTE")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Extend wpa_ft_mic() to take in an array of link addresses to allow the
FTE MIC to be calculated for Reassociation Request frame as described in
IEEE P802.11be/D4.0, 13.8.4. This commit does not change actual
behavior, i.e., this is just preparing wpa_ft_mic() and the existing
callers with a new argument.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When a CHANNEL_LIST_CHANGED event is received, memory of
iface->hw_features is freed and allocated again with
hostapd_get_hw_features(), but iface->current_mode still refer to the
original memory address, which is not correct since that memory has been
freed. This could happen in cases where the driver provides channel list
updates during the lifetime of the started BSS.
Fix this by updated iface->current_mode to point to the new array of hw
features.
Fixes: 0837863fbc ("AP: Handle 6 GHz AP state machine with NO_IR flags")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
interfaces.iface[i] might be NULL when going through the cleanup of all
remaining interfaces at the end of the process termination. The changes
for clearing drv_priv in AP MLD cause that cleanup process to crash on
dereferencing a NULL pointer.
Fix this by explicitly checking that the interface context is available
before trying to clear the pointer to driver data.
Fixes: 7fa99b3246 ("AP: Allow starting multiple interfaces within single MLD")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add support to obtain the start channel when checking whether DFS
is required when using 320 MHz channels.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Determine the channel width by operating class for the 6 GHz band when
validating puncturing bitmap. This is needed to allow puncturing to be
used with 320 MHz channels.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add mld_addr configuration option to set the MLD MAC address.
The already existing bssid configuration option can be used to
control the AP MLD's link addresses.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
When STAs connect to transmitted BSS and nontransmitted BSS, the
AP should assign the aIDs from the same pool.
Use the transmitted BSS AID pool to assign AIDs when the AP enables
multiple BSSID.
Signed-off-by: Allen.Ye <allen.ye@mediatek.com>
Pass bss->ctx instead of drv->ctx in order to avoid multiple reports for
the first bss. The first report would otherwise clear hapd->cca_color and
subsequent reports would cause the iface bss color to be set to 0.
In order to avoid any issues with cancellations, only overwrite the color
based on hapd->cca_color if it was actually set.
Fixes: 33c4dd26cd ("BSS coloring: Handle the collision and CCA events coming from the kernel")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
A copy-paste issue in wpa_ft_bigtk_subelem() ended up encoding the IGTK
value instead of the BIGTK when providing the current BIGTK to the STA
during FT protocol. Fix this to use the correct key to avoid issues when
beacon protection is used with FT.
Fixes: 16889aff40 ("Add BIGTK KDE and subelement similarly to IGTK")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The set of protected elements in the FTE in Reassociation Response frame
is different for MLO. Count RSNE and RSNXE separately for each link.
This implementation uses the number of links for which a GTK was
provided which does not fully match the standard ("requested link") and
a more accurate implementation is likely needed, but that will require
some more complexity and state information.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Parse link id and station MLD address received from the driver in the
NL80211_CMD_NEW_STA event.
Set MLO information of the station to the sta_info and wpa_sm.
Co-authored-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add support to parse association link id and MLD address from the
NL80211_CMD_UPDATE_OWE_INFO event.
Set MLO information of the station to the sta_info and wpa_sm.
Use station association link address for sending DH IE info to the
driver.
Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
Use station association link address for sending SAE authentication
status to the driver in AP mode external authentication status.
Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
The second argument to memset() is only eight bits, so there is no point
in trying to set 0xffff values for an array of 16-bit fields. 0xff will
do the exact same thing without causing static analyzes warnings about
truncated value.
Fixes: 903e3a1e62 ("FILS: Fix maximum NSS calculation for FD frame")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
ideal_chan is NULL here, so it is not really valid to try to debug print
something from it due to the implied NULL pointer dereferencing.
Fixes: af0f60e7dd ("EHT: Calculate puncturing bitmap for ACS")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Check the ieee802_11_parse_elems() return code and do not proceed in
various cases if parsing failed. Previously, these cases would have been
allowed to continue by ignoring whatever might have followed in the IE
buffer after the first detected parsing failure. This is not really an
issue in practice, but it feels cleaner to explicitly stop when
receiving an invalid set of IEs.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Retrieve the puncturing bitmap sent by the driver in channel select
events for ACS when using the QCA vendor specific event.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
There are two hw modes (5 GHz and 6 GHz) with HOSTAPD_MODE_IEEE80211A
and the current hw mode may be wrong after one channel switch to 6 GHz.
This will cause hostapd_set_freq_params() to return -1 when saving
previous state and the second channel switch to fail. Fix this by adding
hostapd_determine_mode() before every channel switch.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is needed to match the key configuration design with a single
netdev and the nl80211 driver interface.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
In case of MLO AP and legacy client, make sure received EAPOL frames are
processed on the correct BSS.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case of MLO AP and legacy client, make sure Management frame TX
status is processed on the correct BSS.
Since there's only one instance of i802_bss for all BSSs in an AP MLD in
the nl80211 driver interface, the link ID is needed to forward the
status to the correct BSS. Store the link ID when transmitting
Managements frames and report it in TX status.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case of MLO AP and legacy client, make sure EAPOL TX status is
processed on the correct BSS.
Since there's only one instance of i802_bss for all BSSs in an AP MLD in
the nl80211 driver interface, the link ID is needed to forward the EAPOL
TX status to the correct BSS. Store the link ID when transmitting EAPOL
frames over control interface and report it in TX status.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Only the main link handles SAE authentication and OWE, skip them on
other links.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
MLO associations use the MLD address instead of the MAC address in SAE
derivation.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
If the AP is part of an AP MLD specify the link ID in the set_key
parameters whenever setting a group key.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This provides the link specific group keys and last used PN/IPN/BIPN
values to the Supplicant in the MLO KDEs instead of the KDEs used for
non-MLO cases.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Verify that the MLD address in EAPOL-Key msg 4/4 is set correctly for
MLO cases. Note that the mechanism used here for distinguishing between
EAPOL-Key msg 2/4 and 4/4 is not exactly ideal and should be improved in
the future.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This provides the link specific group keys and last used PN/IPN/BIPN
values to the Supplicant in the MLO KDEs instead of the KDEs used for
non-MLO cases.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Allow RSN authenticator to fetch the current group key information with
the keys and the last used PN/IPN/BIPN for MLO specific KDEs.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Verify that the affiliated link information matches between association
(unprotected) and 4-way handshake (protected).
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Make the MLO related information available for the RSN Authenticator
state machine to be able to perform steps needed on an AP MLD. The
actual use of this information will be in the following commits.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
EAPOL frames may need to be transmitted from the link address and not
MLD address. For example, in case of authentication between AP MLD and
legacy STA. Add link_id parameter to EAPOL send APIs.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This allows proper TX status handling when MLD addressing is used for
Management frames. Note, that the statuses are still not forwarded to
the correct link BSS. This will be handled in later commits.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This is needed for the driver to know on which link it should transmit
the frames in MLO cases.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Get rid of the duplicated code for setting IEEE 802.1X port
authorization for MLD and non-MLD cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Handle IEEE 802.1X port authorization in the context of MLO.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When a non-AP MLD is deauthenticated/disassociated from an MLD AP, make
sure to clean up its state from all links.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This is a step towards handling of deauthentication/disassociation from
an MLD AP.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Handle association request callback in the context of MLO.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add the full station profile to the Multi-Link element in the
(Re)Association Response frame. In addition, use the AP MLD's MLD MAC
address as SA/BSSID once the non-AP MLD has been added to the driver to
use address translation in the driver.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
