When accepting a BSS transition request there is a race between
sending the response and roaming to the target AP. As a result,
the response may not be sent because the station deauthenticated
from the AP before the response was actually sent.
To make sure the BSS transition response is sent, start roaming only
after the TX status is received for the BSS transition response.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
It does not make sense to scan for neighbors that we are not supposed to
use anyway. As such, skip them.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
When receiving a BTM request, wpa_supplicant would try to fetch new
results from the driver, and, independently of that, would also process
the latest scan results that were partially updated by the previous
fetch.
Simplify the logic by using wpa_supplicant_get_scan_results() directly
and then process the old scan data as usual. However, this data may be
outdated, so add a new heuristic to avoid roaming to a BSS if it is
either outdated or bad.
Doing this moves all scan data processing into wnm_scan_process() and
removes duplicated functionality for scan result processing in scan.c.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Avoid potential race conditions with the driver operations between
stopping an ongoing wait for responses for an offchannel TX that was
used to send Authentication Request with a request to use a different
channel for Authentication Response and the start of a new ROC on the
other channel by waiting for the TX expiration event before issuing the
ROC request.
Signed-off-by: Jouni Malinen <j@w1.fi>
Avoid potential race conditions with the driver operations between
cancelling an ongoing ROC that was used to receive Authentication
Request that requested a different channel to be used for the
negotiation by waiting for the ROC cancelled event before issuing the
offchannel TX command for the Authentication Response.
In addition, speed up the retry on Authentication Response in this type
of a case if the first attempt on the other channel is not AKC'ed since
it might take the peer device a bit more time to be ready to listen
there.
Signed-off-by: Jouni Malinen <j@w1.fi>
This aligns both the wpa_supplicant and bss structures to use the same
pattern of a valid_links bitmask plus per-link entries.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
This was done using the below semantic patch. There are a few more
places that were missed due to variable declarations or additional
checks in the for loop.
@@
iterator name for_each_link;
identifier max_links =~ "MAX_NUM_MLD_LINKS|MAX_NUM_MLO_LINKS";
expression links;
expression further_tests;
identifier i;
statement stmt;
@@
-for (i = 0; i < max_links; i++)
+for_each_link(links, i)
{
(
- if (!(links & BIT(i)))
- continue;
...
|
- if (!(links & BIT(i)) || further_tests)
+ if (further_tests)
continue;
...
|
- if (further_tests || !(links & BIT(i)))
+ if (further_tests)
continue;
...
|
- if (links & BIT(i))
stmt
|
- if (further_tests && (links & BIT(i)))
+ if (further_tests)
stmt
|
- if ((links & BIT(i)) && further_tests)
+ if (further_tests)
stmt
)
}
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
When a device supports both the 5 GHz band and the 6 GHz band,
these are reported as two separate modes, both with mode set to
HOSTAPD_MODE_IEEE80211A. However, as these are different modes,
each with its own characteristics, e.g., rates, capabilities etc.,
specifically differentiate between them by adding a flag to indicate
whether the mode describes a 6 GHz band capabilities or not.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
When wpa_supplicant assigns the IP address (WFA EAPOL IP address
allocation feature), the assigned IP address of the P2P Client on the GO
side is notified in the AP-STA-CONNECTED event. So to obtain the IP info
to external programs, modify the STA authorized event to include the the
assigned IP address of the P2P Client.
Test: Establish P2P connection and verified from the logs that
the P2P Client IP address is notified.
Signed-off-by: Sunil Ravi <sunilravi@google.com>
When wpa_supplicant receives a request to start a P2P group owner on a
fixed frequency with bandwidth wider than 20 MHz, wpa_supplicant scans
for neighboring BSSs prior to starting the GO. This is done to switch
the primary/secondary channels if there are any other networks which are
operating on the same secondary channel. Though this logic is defined
for 20/40 MHz coexistence and might improve throughput, there are P2P
use cases where this logic causes problem:
1. The file transfer use case takes time to start the file transfer or
even fails when the 20/40 coex scan repeatedly fails due to an
ongoing externally triggered scan happening in the system.
2. wpa_supplicant overrides the channel which is selected by the
application based on the best channel it derived by looking into
the channel conditions. This degrades the expected throughput.
3. Latency sensitive applications experience long time to
start the group owner which gives a bad user experience.
So do not allow 40 MHz co-ex PRI/SEC switch to force a change to
Autonomous GO PRI channel when the P2P group add is called with a forced
frequency.
Test: Tested autonomous GO and confirmed from the logs that
P2P GO is not triggering 20/40 coex scan.
Signed-off-by: Sunil Ravi <sunilravi@google.com>
This adds initial parts for RADIUS/TLS support in the RADIUS client.
This can be used with eapol_test and hostapd. This functionality is not
included by default and CONFIG_RADIUS_TLS=y in .config can be used to
enable it.
This version does not yet include all the needed functionality for TLS
validation and the rules for dropping a TCP connection based on invalid
RADIUS attributes.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add hostapd support for interacting with the NAN discovery engine to
allow single-channel (i.e., the AP's operating channel) USD as Publisher
or Subscriber.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add wpa_supplicant support for interacting with the NAN discovery engine
to allow USD as Publisher or Subscriber.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The standard is somewhat unclear on whether the PMKIDs used in
(Re)Association Request frame (i.e., potential PMKIDs that could be used
for PMKSA caching during the initial mobility domain association) are to
be retained or removed when generating EAPOL-Key msg 2/4.
wpa_supplicant has replaced the PMKID List contents from (Re)Association
Request frame with PMKR1Name when generating EAPOL-Key msg 2/4 for FT.
Allow it to be configured (ft_prepend_pmkid=1) to prepend the PMKR1Name
without removing the PMKIDs from (Re)Association Request frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_supplicant disables BTM capability in Extended Capabilities element
when wpa_supplicant selects a misbehaving MBO/OCE AP that uses RSN
without PMF, but this is disabling BTM support for whole ESS connection
lifetime though the BTM support can be enabled when the driver takes
care of BSS selection and selects/roams to a BSS which is MBO and OCE
specification compliant. Thus, always set the actual BTM capability in
Extended Capabilities element when the driver takes care of BSS
selection.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
The previous os_strncmp() calls have already verified that there is a
space in the string, so this os_strchr() call cannot really return NULL.
Anyway, make this easier for static analyzers to understand.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
put_changed_properties() might fail, e.g., due to memory allocation
failure or a failure in a property getter function. Such an error case
would have leaked the message iteration container since the call to
dbus_message_iter_close_container() would have been skipped.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When removing the bootstrap info for the PB context, all the possible
pointers to that information needs to be cleared to avoid accesses to
freed memory.
Fixes: 37bccfcab8 ("DPP3: Push button bootstrap mechanism")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow the Timeout Interval Type field in the Timeout Interval element to
be overridden with a different value for testing purposes to be able to
bypass the association comeback processing in mac80211. This allows the
wpa_supplicant internal functionality to be tested.
Signed-off-by: Jouni Malinen <j@w1.fi>
In associations using PMF (IEEE 802.11w/MFP), the infrastructure
implements SA teardown protection by rejecting an (Re)Association
Request frame from an already-associated client. The AP responds with
error 30 (Association request rejected temporarily) to instruct the
(potentially spoofing) client to back off, while it issues an SA Query
procedure to the already-associated client. If the client can respond to
it within the back-off period, it considers the new association to be a
spoof attempt.
However, there are cases where a legitimate client might need to
handle this error response - consider if the STA has deauthenticated,
but the AP cannot hear it (out of range). If the MFP STA has deleted
its keys, it cannot respond to the SA Query procedure.
This association comeback process has commonly been implemented in the
driver, e.g., within mac80211 in case of the Linux drivers that use SME
in userspace. However, there are drivers that do not implement this
functionality. Extended wpa_supplicant to cover such cases as well.
The current implementation interprets this association error as a true
error, and will either add the BSS to the list of ignored BSSIDs, or
continue to try other BSSes. This can cause wpa_supplicant to back off
trying to reconnect for progressively longer intervals, depending on the
infrastructure's configured comeback timeout.
Allow wpa_supplicant to interpret the error, searching for the Timeout
Interval element in the (Re)Association Response frame and starting a
timer in the SME layer to re-associate after the timeout. This can be a
long delay (1-4 seconds in my experience), but it is likely much shorter
than bouncing between nearby BSSes.
This does not change behavior for drivers that implement association
comeback timer internally since they do not report the temporary
association rejection status code to user space.
Signed-off-by: Harry Bock <hbock@zebra.com>
Add HS20TermsAndConditions signal to D-Bus API to allow clients to be
notified when the network requires the acceptance of terms and
conditions. The URL of the T&C page is provided as a signal parameter.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
Allow the Key Data field to be encrypted in EAPOL-Key msg 2/4 and 4/4.
This is for testing purposes to enable a convenient mechanism for
testing Authenticator behavior with either potential future extensions
or unexpected Supplicant behavior.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow additional elements and KDEs to be added to EAPOL-Key msg 2/4 and
4/4. This is for testing purposes to enable a convenient mechanism for
testing Authenticator behavior with either potential future extensions or
incorrect Supplicant behavior.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
There are multiple redundant MIN macro declarations, some of which are
not protecting against side effects. Move it to common.h instead.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
There is currently a bias towards moving to higher bands but not one
against moving away from them. Fix that.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Decrease the roam difficulty when roaming across the short background
scan threshold (i.e., when the current BSS RSSI is below the threshold
and the selected BSS RSSI is above the threshold). This tends to happen
in normal roaming scenarios when moving from the domain of one AP to
the domain of another.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
These updates do not cause the PMKSA cache to become invalid. As such,
allow setting any of bssid_hint, bssid_ignore, and bssid_accept without
clearing the cache and causing the current connection to be dropped
immediately.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
If the Authentication frame response did not contain the expected ML
element (or it was invalid), we cannot continue with the ML association.
As such, the only choice we have in this case is to abort the
association.
If we do continue, we would end up sending the Association Request frame
with our MLD MAC address.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
The previous implementation would find the correct TBTT record in the
RNR but then always copied the BSSID from the first record out. Fix this
to copy the BSSID from the current position.
Fixes: de5e01010c ("wpa_supplicant: Support ML probe request")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Compare the BSSID against the BSSIDs on the affiliated APs for which
there is a valid link in case of an ML association.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The dpp_test DPP_TEST_STOP_AT_AUTH_CONF case is supposed to prevent the
GAS exchange from happening. It was possible to bypass that testing
functionality if the TX status event for the Authentication Confirm
message was lost or delayed long enough for the GAS Request to be
proessed first. This could happen at least with UML time travel.
Work around this by checking for the special dpp_test case within GAS
request handling.
Signed-off-by: Jouni Malinen <j@w1.fi>
The Extended Request subelement of a Beacon Request is expected to also
include the Requested Element ID field (that identifies the Element ID
used to indicated extended elements) which needs to be skipped to get
the Requested Element ID Extensions.
Fixes: 2d4f905214 ("RRM: Add support for including extended ID elements in beacon report")
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Align MSCS response handling as described in IEEE P802.11-REVme/D4.0,
11.25.3 (MSCS procedures):
AP may send unsolicited MSCS Response frame using dialog_token == 0.
Instead of dropping the frame due to dialog_token mismatch, accept
it and set the status accordingly.
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Align MSCS response handling as described in IEEE P802.11-REVme/D4.0,
11.25.3 (MSCS procedures):
If an MSCS Descriptor element is present in a MSCS Response
frame that does not indicate a status of "SUCCESS", the request
type field is set to "change" - the element indicates a suggested
set of parameters that could be accepted by the AP in response to a
subsequent request by the non-AP STA.
Handle both MSCS Response frame and (Re)Association Response frame with
change request by extending WPA_EVENT_MSCS_RESULT with the change
values.
Note: since we extend MSCS_RESULT event, move the original event from
both MSCS Response frame and (Re)Association Response frame handlers to
a common function that handles now both 'change' and other response.
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
Fix build of wpa_supplicant if bgscan_simple is enabled while
WNM is not, as in the defconfig.
Fixes: ceb7f65dcc ("bgscan: Allow simple bgscan to do BTM queries")
Signed-off-by: Chien Wong <m@xv97.com>
As otherwise the mld_link_id would be 0, which the driver would
consider a valid link id and would return an error.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
We should be grabbing the include directory using pkg-config and not
just the libs. Without this, the header file might not be found on all
systems because it may not be in /usr/include but elsewhere in the
system.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
_FORTIFY_SOURCE requires at least -O2 optimization level.
This may result in compilation warnings. Fix it.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
cfg80211 requires the link ID to be specified for requests to start a
remain-on-channel operation during an ML association. This feels wrong
since the ROC operation is in most cases unrelated to the
association. However, that requirement has been in place since kernel
commit 7b0a0e3c3a88 ("wifi: cfg80211: do some rework towards MLO link
APIs") from April 2022, and as such, it looks necessary to have
wpa_supplicant work around this by specifying the currently used link ID
that would seem to match the ROC channel most closely.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The GAS request may have been issued using a link address of the AP
MLD's affiliated link and the driver may translate that address to the
MLD MAC address when associated with the AP MLD. Accept GAS responses
where the addresses map to the same AP MLD.
Signed-off-by: Jouni Malinen <j@w1.fi>
The target MAC address needs to be checked against all the AP MLD link
addresses and the MLD MAC address to cover all possible cases. This is
needed to be able to correctly use Protected Dual of Public Action
frames during an ML association.
Signed-off-by: Jouni Malinen <j@w1.fi>
The current operating channel bandwidth in an HE BSS is determined with
the combination of elements, include the VHT Operation element. Use VHT
Operation element to check whether the 80, 80+80, and 160 MHz cases are
enabled if the AP claims to be capable of operating an 80/160 MHz BSS.
Signed-off-by: Jouni Malinen <j@w1.fi>
The current operating channel bandwidth in an HE BSS is determined with
the combination of elements, include the HT Operation element. Use HT
Operation element to check whether the 40 MHz case is enabled if the AP
claims to be capable of operating a 40 MHz BSS.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use the PHY parameters from configuration or the values passed in from
the dbus API for P2P dbus command GroupAdd instead of using the hard
coded values to be inline with the method provided with the
wpa_supplicant control interface.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
The vht_center_freq2 parameter was in incorrect order in the call to
wpas_p2p_group_add_persistent(). This would have dropped the value when
adding a group based on a previously created persistent group ion the GO
side and that would have resulted in a failure to start the GO.
Fix the function call to use the correct order for the parameters.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
This allows the function to be used outside the context of the
wpa_supplicant control interface implementation.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
When the P2P persistent group is provisioned out-of-band, i.e., add
persistent group with a known BSSID, SSID, passphrase, and frequency,
and start the group with GroupAdd dbus command, the group info fetched
on the cliend side has zero MAC address for BSSID and no value for
frequency. Fix this issue by getting that information from
wpa_s->current_bss instead of wpa_s->go_params.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
The location of the comment is incorrect and it is not really needed.
Remove it.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
We only print the newline if the AP MLD ID is present
(BASIC_MULTI_LINK_CTRL_PRES_AP_MLD_ID), fix that.
Fixes: e3e68668c1 ("ctrl_iface: Report RNR and ML in BSS command")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
It is not really helpful to get debug prints about Hotspot 2.0 frame
filtering when trying to connect a non-Hotspot 2.0 network. Remove this
debug print that was being printed for every connection that did not use
Hotspot 2.0.
Signed-off-by: Jouni Malinen <j@w1.fi>
An affiliated AP of an AP MLD can temporarily be disabled. Other
affiliated APs of the AP MLD indicate this in the Reduced Neighbor
Report (RNR) elements added to their Beacon and Probe Response frames.
When an affiliated AP is disabled, it should be included in the
association exchange, but can be activated only after it is enabled.
Add support identifying disabled APs and propagate the information
to the driver within the associate() callback.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Don't ever return -1 from print_bss_info() as that causes
corruption of the output.
Also don't return -1 from print_fils_indication() as that
would stop the iteration over all BSSs.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This is needed to work around some issues that show up mainly in testing
scenarios when the same BSSID might be used with different
configurations and the scan results from the driver might include both
the old and new contents when two different SSIDs are used.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use AP MLD address instead of BSSID for PWE derivation during MLO
connection. This was already done for H2E in commit e869fdfeef
("wpa_supplicant: Use MLD address in SAE authentication"). While IEEE
P802.11be requires H2E to be used, there are deployed AP MLDs that do
not follow that requirement. This change to the hunting-and-pecking loop
case is needed for interoperability workarounds with such APs.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
During scan results matching for connection skip BSS entries for the
current connection if disassociation imminent is set.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Instead of rejecting the request, accept it since the AP MLD is in
control of which links are available and we are not being fully
disconnected in this case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Based on IEEE P802.11be/D5.0, when a station is non-AP MLD with more
than one link the combination of the Link Removal Imminent field set to
1 and the BSS Termination Included field set to 1 means than only one of
the links is removed while the other links will remains associated.
Handle this case without starting a scan to find another BSS.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Allow frames where the SA is the AP MLD MAC address as the driver might
have performed address translation.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
For wpa_supplicant based SAE/OWE connection, the wpa_supplicant state
machine is aware of the PMKID created for a connection and this gets
removed when "REMOVE_NETWORK all" is called. However, when SAE/OWE
offload is enabled, wpa_supplicant is not aware of the PMKID generated
by the driver/firmware. So add PMKSA del indication to the driver from
remove_network context so that the driver can free PMKs associated with
the SSID.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
The bgscan_init() declared wrongly when CONFIG_BGSCAN is not defined,
fix that.
Fixes: 3139270903 ("bgscan: Add global bgscan configuration")
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Otherwise any new scan result (even manual ones if they do not set
use_id=X to a non-zero value), can cause a reconnect to the same BSS
when MLO is used. This is because the current BSS is not detected by
wpa_supplicant_need_to_roam() and it assumes that roaming is needed.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Earlier refactoring of ibss_mesh_setup_freq() ended up dropping the case
where HE would be enabled without VHT on the 2.4 GHz band. Add that back
to allow HE to be used on 2.4 GHz with IBSS and mesh.
Fixes: 64043e6156 ("Split ibss_mesh_setup_freq() into multiple functions")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Link ID needs to be specified for MLD case when doing channel switch.
Add it to the driver command.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
Allow doing X BSS transition management query calls before falling back
to scan.
Example format to do 4 BTM queries before attempting a scan:
bgscan="simple:30:-65:300:4"
Signed-off-by: Ben Greear <greearb@candelatech.com>
On the default configuration if MBO only is enabled then build breaks as GAS
is not selected, if other features that auto-enable GAS are selected
then it works.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
For a memory constrained system, it may be more important to reduce
binary size than include support for these capabilities.
By default this is enabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
For a memory constrained system, it may be more important to reduce
binary size than include support for these capabilities.
By default this is enabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Removing radio measurements and supported operating class indication
might be needed to reduce binary size for a memory constrained system
that does not need more advanced features. However, removing these is
not recommended since they can help the AP manage the network and STA
steering.
By default this functionality is enabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Beacon hinting is a feature that can temporarily change the regulatory
rule flags on the channel where the radio hears the beacon. Add a new
event CTRL-EVENT-REGDOM-BEACON-HINT to notify the wpa_supplicant user
about an important update to the regulatory rules including which
frequencies are impacted, new power limit, and new rule flags.
Signed-off-by: Jun Yu <junyuu@chromium.org>
The wpa_auth_callbacks for mesh was missing a for_each_sta
implementation. This is an issue with pmksa cache, as when a cache entry
expires the for_each_sta callback is called in order to clear the pmksa
reference for all sta that was using this entry. Not having a
for_each_sta callback will prevent this cleanup to happen then a sta
could still use this pmksa entry even after it has been freed.
This used after free was not a problem up until recently where
dpp_pkhash is now stored in pmksa entry and retreived later on causing
crash with below backtrace:
_wpa_snprintf_hex src/utils/common.c:326
wpa_snprintf_hex src/utils/common.c:348
hostapd_ctrl_iface_sta_mib src/ap/ctrl_iface_ap.c:542
hostapd_ctrl_iface_sta_mib src/ap/ctrl_iface_ap.c:542
hostapd_ctrl_iface_sta_mib src/ap/ctrl_iface_ap.c:600
hostapd_ctrl_iface_sta src/ap/ctrl_iface_ap.c:615
wpa_supplicant_ctrl_iface_process src/wpa_supplicant/ctrl_iface.c:12741
wpa_supplicant_global_ctrl_iface_receive src/wpa_supplicant/ctrl_iface_unix.c:1141
eloop_sock_table_dispatch src/utils/eloop.c:625
eloop_run src/utils/eloop.c:1238
wpa_supplicant_run src/wpa_supplicant/wpa_supplicant.c:8021
main src/wpa_supplicant/main.c:393
Adding a for_each_sta callbacks fixes that.
Fixes: 043dedee83 ("DPP: Expose enrollee pubkey hash for identification")
Signed-off-by: Remi Pommarel <repk@triplefau.lt>
The length of the PMK ended up getting lost when a PMKSA cache entry was
added based on externally managed information. Set the PMK length in SAE
context to get the correct length stored into the actual PMKSA cache
entry that gets created in this path.
Signed-off-by: Jouni Malinen <j@w1.fi>
nl80211_set_secure_ranging_ctx() was already ignoring the operation, but
this is included only with CONFIG_DRIVER_NL80211_QCA=y. Make the default
case use same behavior based on the callback function not being defined.
This is needed to allow the following test cases to work:
pasn_owe_tm_kdk_secure_ltf pasn_sae_kdk_secure_ltf
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Move the hostapd and wpa_supplicant control interface handlers into a
shared functions instead of duplicated implementation.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
When connecting, pending_bssid is set to the main link that we are
authenticating/associating on. Later on, the MLD MAC address will be
stored in the bssid, but we may also try to deauthenticate before we are
connected and in that case, pending_bssid is not yet set to the MLD MAC
address.
As such, use the ap_mld_addr instead of pending_bssid if n_mld_links is
non-zero. This is the sensible thing to do and expected behavior on
nl80211.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This improves chances with APs that do not reply to Probe Request frame
with short SSID or with direct BSSID.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
According to IEEE P802.11be/D4.0, 35.3.4.2, the AP MLD ID must be
included in the Probe Request ML element in case it is sent to a
transmitted BSS in which case it should be set to 0. If it is sent to an
non-transmitted BSSID, the AP MLD ID should not be included.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
If for some reason association fails and a link which has an error is
reported, add that specific link to the ignore list. After that,
immediately retrigger the connection code. In the usual case, we are
then going to reconnect to the same AP MLD but with that particular link
not being included in the connection.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
This avoids, e.g., trying to use a BSS that is rejected by mac80211 as a
link, which could fail the connection as a whole.
Note that this is not perfect. Ideally, the internal state would have a
more context sensitive ignore flag so that one could still use a BSS as
a link in some situation.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Parse the link status values out of Multi-Link association response. If
the AP rejects ML association and marks the links as failed with a
reason code other than TX_LINK_NOT_ACCEPTED, also report these links to
wpas_connection_failed() and ignore them.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Parsing multiple RNR elements already exists in
wpa_bss_parse_basic_ml_element(), so wpas_ml_element() just duplicates
the same code. Combine the functionality of both these functions and
remove the duplicate.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add band preference, BSSID preference, and single link enforcement
testing options. This is needed for testing MLO.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The current set of global configuration fields is getting close to the
previously used 15000 byte limit, so increase this size to 16000 and add
a note about the potential need to change this size when adding new
fields.
Signed-off-by: Jouni Malinen <j@w1.fi>
Three functions were provided for defragmentation. First
ieee802_11_defrag(), ieee802_11_defrag_mle() and then
ieee802_11_defrag_data() which would do the actual job. With
ieee802_11_defrag() picking the member in the elements struct for an
EID. The problem with this is, that for the Multi-Link element, there
are multiple entries in the elems struct depending on its type. As such,
remove the intermediate function and simply pass the correct members
directly.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This workaround from commit 6d6f4bb87f ("nl80211: Work around mac80211
limitation on (re)auth when authenticated") pre-dates the code that
supresses the deauth or disconnect event from nl80211. Should this code
be called it would not actually work at this point, as important
internal state for the authentication attempt has already been lost.
Simply drop the code. This might also fix issues where we could get
into a bad state if a proper deauth/disconnect event happens while we
are authenticating or associating.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
This is needed to avoid NULL pointer deferencing in
wpa_supplicant_ctrl_iface_msg_cb() if any of the functions called from
wpas_bssid_ignore_module_tests_() ends up using wpa_msg().
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Order scan results in a manner that prefers BSSs that support SAE over
ones that support PSK without SAE if the SNR of the SAE BSS is good or
at least at the same level as the SNR for the PSK BSS. This improves
likelihood of using SAE when the local network profile allows
WPA3-Personal transition mode and the ESS uses a mix BSSs with different
sets of AKMs.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Extend the optimization from commit 9c97126576 ("OWE: Optimize
transition mode scan to use known channels") to cover cases where the
STA is configued with OWE transition mode disabled, but the AP uses OWE
transition mode.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
BSS table is not updated when a non-P2P station runs a scan without P2P
IE in Probe Response frame, since that would remove P2P IE information.
However, this results also in not updating mandatory rates in Supported
Rates and BSS Membership Selectors element even though AP/GO changes
frequency from 2.4 GHz to 5 GHz band.
This is causing connection failure since BSS table has 1 Mbps as
mandatory rate for AP connection but minimum supported rate in 5 GHz
band is 6 Mbps.
To avoid connection failures in such cases, don't skip updating BSS
table when the BSS frequency is changed. This covers the most important
case addressed in commit ff57398fca ("P2P: Do not drop P2P IEs from
BSS table on non-P2P scans") while still allowing other changes to be
taken into account if the GO were to actually change channels (or band,
which would be the most likely case needing the update).
Signed-off-by: Ainy Kumari <quic_ainykuma@quicinc.com>
Fix references to the appropriate driver capability drv_flags2. The
initial version used the incorrect drv_flags value and by doing so,
ended up using incorrect driver capabilities (DEAUTH_TX_STATUS,
BSS_SELECT, TDLS_SUPPORT) which could result in incorrect OWE
functionality for both AP and STA cases.
Fixes: d984c7b298 ("hostapd: Add support for OWE offload for STA/AP interface")
Fixes: da364180fb ("hostapd: Support 4-way handshake offload for AP/P2P GO")
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
If the local network profile specifies a specific BSSID, there will not
be an acceptable alternative AP for the current one. As such, there is
not much point in trying to scan and wait for the results to make this
conclusion. Skip the scan and reject the BSS transition management
request even if that ends up getting disassociated from the BSS that
happens the be the only one that the local configuration allows to be
used.
Signed-off-by: Jouni Malinen <j@w1.fi>
The driver advertising OWE offload support would take care of
Diffie-Hellman Parameter element generation and processing part. The
driver would be responsible for OWE PMK generation in this case.
Avoid the Diffie-Hellman Parameter element handling in
wpa_supplicant/hostapd for drivers advertising OWE offload support. This
change is applicable only for drivers supporting 4-way handshake
offload.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
Add support for offloaded 4-way handshake in AP/P2P GO mode. For drivers
supporting the AP PSK offload, wpa_supplicant/hostapd passes down the
PSK for the driver to handle the 4-way handshake. The driver is expected
to indicate port authorized event to indicate that the 4-way handshake
is completed successfully.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
The max transmit power of Standard Power (SP) Access Points (AP) on
6 GHz band and APs on 2.4 GHz and 5 GHz bands is limited by effective
isotropic radiated power (EIRP), while the max transmit power of Low
Power Indoor (LPI) APs on 6 GHz Band is limited by power spectral
density (PSD). Therefore the max transmit power of LPI APs grows as the
channel width increases, similar to the noise power which has constant
PSD.
Adjust the RSSI, SNR and throughput estimate based on max transmit power
config and max channel width in the roaming algorithm.
Signed-off-by: Kaidong Wang <kaidong@chromium.org>
The max transmit power of Standard Power (SP) Access Points (AP) on
6 GHz band and APs on 2.4 GHz and 5 GHz bands is limited by effective
isotropic radiated power (EIRP), while the max transmit power of Low
Power Indoor (LPI) APs on 6 GHz Band is limited by power spectral
density (PSD). Therefore the max transmit power of LPI APs grows as the
channel width increases, similar to the noise power which has constant
PSD.
Adjust the SNR of BSSes based on the transmit power config and max
channel width. EIRP limited APs usually have constant max transmit power
on different channel widths, their SNR decreases on larger channel width
because the noise power is higher, while PSD limited APs have constant
SNR over all channel widths.
Signed-off-by: Kaidong Wang <kaidong@chromium.org>
With the SSID updating of a BSS entry removed from owe_trans_ssid(),
this call to owe_trans_ssid() is not really doing anything, so remove
it. This reverts 6972b0fa2b ("OWE: Update transition mode information
on selecting a new BSS").
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Overwriting of SSID for the hidden OWE BSS entry has some side effects:
- first the entry is notified over DBus with empty SSID and the update
of SSID is never signaled (it is not even possible at the moment to
notify the SSID change - see wpas_dbus_bss_signal_prop_changed()),
- during (and after) association there will be multiple entries
referring to the same BSSID/SSID pair.
Stop overwriting the SSID in an existing BSS entry based on OWE
transition mode information. Instead, depend on a new BSS entry getting
added for the hidden OWE BSS based on active scans for the SSID learned
from the open BSS. This would not have been sufficient for the initial
OWE design, but with the optimized scanning behavior from commit
c04562e67e ("OWE: Improve discovery of OWE transition mode AP"), this
can now depend on the exact same mechanism as other uses of hidden
SSIDs. This helps in keeping the D-Bus interface in sync with the BSS
parameters.
Signed-off-by: Andrzej Ostruszka <andrzejo@chromium.org>
If the currently available scan results include OWE transition mode BSS
with an unknown SSID, optimize the following scan for OWE to use only
the channels on which a known transition mode BSS has been seen.
This is needed to be able to remove the design that updates BSS entries
with the learned OWE SSID in manner that does not result in regression
to scanning latencies.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The local network profile may not have matching SSID (it could be either
the wildcard 0-length SSID or visible SSID in case of OWE transition
mode), so check whether an exact match with a BSS entry can be made
using the current SSID information from the driver (i.e., the SSID of
the current association) when picking the BSS entry to use as the
current one for an association.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use the Same SSID and Colocated AP bits as an alternative way of finding
a match on the current SSID.
Signed-off-by: Ben Greear <greearb@candelatech.com>
The Reduced Neighbor Report element can include one or more TBTT
Information fields. Only the first one was parsed previously. Extend
this to use a loop to go through all included TBTT Information fields.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Beacon frames are allowed to optionally include one more more Reduced
Neighbor Report elements. Only the first one was parsed previously.
Extend this to use a loop to go through all included RNR elements.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Leverage the already available control socket cmd "DRIVER_FLAGS2" and
dump the driver capab "flags2" bitmask on triggering the new CLI CMD
"driver_flags2", similar to the already existing CLI CMD "driver_flags".
$ hostapd_cli -i wlan0 driver_flags2
(OR)
$ wpa_cli -i wlan0 driver_flags2
0000000000000020:
BEACON_RATE_HE
Signed-off-by: Gokul Sivakumar <gokulkumar.sivakumar@infineon.com>
gcc 12.1 complains about using pointer after realloc as it could
potentially be moved/freed, causing any uses after UB.
Fix this by doing checks before realloc and use those statuses and
update with new BSS.
Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Prevent loading arbitrary executable code based on config at runtime,
while allowing libraries to be specified at compile time when they are
known in advance.
Add the ability to configure libraries to load at compile time.
* CONFIG_PKCS11_ENGINE_PATH - pkcs11_engine library location.
* CONFIG_PKCS11_MODULE_PATH - pkcs11_module library location.
* CONFIG_OPENSC_ENGINE_PATH - opensc_engine library location.
Add flags with the ability to set each of the libraries to NULL and
prevent loading them at runtime.
* CONFIG_NO_PKCS11_ENGINE_PATH - prevents loading pkcs11_engine
library.
* CONFIG_NO_PKCS11_MODULE_PATH - prevents loading pkcs11_module
library.
* CONFIG_NO_OPENSC_ENGINE_PATH - prevents loading opensc_engine
library.
* CONFIG_NO_LOAD_DYNAMIC_EAP - prevents loading EAP libraries at
runtime.
Signed-off-by: David Ruth <druth@chromium.org>
wpas_dpp_connected() is called from wpa_supplicant_set_state(), i.e.,
from the middle of processing of the post 4-way handshake steps. Sending
a DPP Public Action frame at that point can delay other operations, so
allow those steps to be completed first before sending out the DPP
connection status result.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like mac80211 ROC handling can end up postponing offchannel TX
operation by the previously started and already canceled wait time if
the new NL80211_CMD_FRAME is issued immediately after
NL80211_CMD_FRAME_WAIT_CANCEL. Make this more robust by waiting for the
driver event that indicates completion of the cancel operation (i.e.,
NL80211_CMD_FRAME_WAIT_CANCEL as an event) before issuing
NL80211_CMD_FRAME for another channel. If the driver event is not
received within 10 ms, start the operation anyway to avoid unexpected
behavior if there are drivers that do not end up notifying end of the
wait.
This fixes some issues with authentication initiation for cases where
multiple channels are iterated. This can also significantly speed up
that process.
Signed-off-by: Jouni Malinen <j@w1.fi>
The first event could have theoretically been received with reltime
sec=0, so use the helper function to check whether the reltime value is
actually set so that the usec part is checked as well. This is not going
to have a difference in practice, but it was possible to hit this corner
case with mac80211_hwsim testing (ap_cipher_tkip_countermeasures_sta)
using UML and time travel.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add support for Authentication negotiated over IEEE Std 802.1X
with key derivation function using SHA-384.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
When channel 140 is configured in mesh, interface fails to come up due
to channel bond (136,140). Since Channel 136 is not HT40+ capable,
validation for HT channel bonding fails when it checks whether first
channel in the bond (channel 136) is HT40+ capable.
In mesh, during channel setup, secondary channel offset for the
configured channel will be selected as +1 if primary channel is capable
of HT40+. In current code, channel 140 is not allowed as HT40+ and hence
secondary channel offset is selected as -1, which makes 136 as secondary
channel. But channel 136 is not HT40+ supported and fails in channel
bonding validation.
Add 140 to HT40+ allowed list as HT40+ is supported for the channel.
Signed-off-by: Ramya Gnanasekar <quic_rgnanase@quicinc.com>
Pointer entry->ssid might be passed to owe_trans_ssid_match() function
as argument 3 with NULL value, and it may be dereferenced there. This
looks like a theoretical case that would not be reached in practice, but
anyway, it is better to check entry->ssid != NULL more consistently.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Since wpa_supplicant version 2.10 the extended capabilities MSCS and SCS
are advertised in the (Re)Association Request frames.
This causes the association request to be rejected by several access
points. Issue was observed with:
- D-Link DIR600
- TP-Link AC1900
- Synology MR2200ac
To avoid this issue the extended capabilities MSCS and SCS shall only be
added if the bss also supports them. While this may not follow the exact
behavior described in IEEE 802.11, this is a reasonable compromise to
avoid interoperability issues since these capabilities cannot be used
with an AP that does not support them anyway.
Note: The Extended Capabilities element is only included in the
Association Request frames if the AP also sent its extended capabilities
(see wpas_populate_assoc_ies()) as a workaround for misbehaving APs.
This workaround exists since version 2.1.
Signed-off-by: Sebastian Priebe <sebastian.priebe@konplan.com>
There is a delay between sending Association Response frame after having
received Association Request frame, due to the fact that between
receiving the request and sending the response the Beacon frame contents
is updated, after analyzing inputs from the STA. There may be several
updates if multiple fields need to change. This can cause issues with
some devices in noisy environments with many BSSs and connected STAs.
Optimize this by updating the beacon only once, even if there are
multiple reasons for updates.
Signed-off-by: Jurijs Soloveckis <jsoloveckis@maxlinear.com>
Drivers will often report regdom changes in the middle of a scan if they
detect during that scan that the regulatory domain has changed. If this
happens and we enter a regdom that supports 6 GHz channels when the
previous one didn't (this often happens in 6 GHz-capable regdoms for
devices after suspend/resume), immediately trigger a 6 GHz-only scan if
we were not able to connect to an AP on a legacy band.
This should significantly improve connection time to 6 GHz AP after
regdom has been reset.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Store 6 GHz capability on channel list update for wpa_supplicant use.
This will be used in the next commit to extend scanning behavior based
on changes to 6 GHz channel availability.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
wpa_supplicant_trigger_scan() previously wouldn't include any of the IEs
generated by wpa_supplicant_extra_ies(). Instruct it to do so in most
cases. This is necessary because MBO STAs are required to include MBO
capabilities in their Probe Request frames.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
After GO negotiation is completed, the P2P Client needs to scan the GO
before connecting. Only SSID was specified for this and the driver still
might need to scan all channels which wastes time. wpa_supplicant can
pass the known BSSID in the scan request in additional P2P cases and
this allows the driver sto stop the scan once the specific BSSID is
found. This helps reduce some time for P2P connection.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Handler function for "Scan" method call of a network device doesn't set
non_coloc_6ghz, therefore wpa_supplicant doesn't scan non-PSC channels
on 6GHz band only if a co-located AP was reported on the channel.
Add NonColoc6GHz and 6GHzOnly flags to the wpas_dbus_handler_scan, so
that dBus scan requests can cover non-PSC channels and scan only 6 GHz
channels.
Signed-off-by: Kaidong Wang <kaidong@chromium.org>
Parse the reconfiguration Multi-Link element and:
- Don't select a BSS for connection if it is part of an MLD
and is going to be removed.
- Don't scan for missing links that are to be removed.
- Don't include removed links in association.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add a control interface to trigger ML probes for testing purposes.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add support for building and sending ML probe requests. During connect,
try to send an ML probe request if we are going to connect to an MLD AP
and the BSS information for some of the links is missing.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Extend 'struct wpa_driver_scan_params' to allow higher layer to indicate
if minimal probe request content should be included by the driver as part
of the scan logic.
Implement this with driver_nl80211, by setting
NL80211_SCAN_FLAG_MIN_PREQ_CONTENT.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Use the wpas_notify_mesh_peer_*() functions for sending the control
interface events in addition to the D-Bus events so that these are all
done consistently.
Signed-off-by: Jouni Malinen <j@w1.fi>
When using mesh we have incoherent
MESH-PEER-CONNECTED/MESH-PEER-DISCONNECTED messages when we restart one
of the devices without disconnecting it first. Sometimes we have the
right behavior, a peer disconnect and then a peer connect, sometimes we
only have a a peer connected without a peer disconnected first, and
sometimes we have nothing at all.
As the plink count seem to be correctly tracked and because we only send
the connected event on plink count increase, lets send the peer
disconnected event on plink count decrease.
Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
When using wpa_supplicant to connect to a mesh network or to create an
AP, the current code doesn't respect all CONFIG_XXX_OVERRIDES network
parameters, just disable_ht in CONFIG_HT_OVERRIDES.
Add support for some of the others modulation related disable flags:
- disable_ht40 with CONFIG_HT_OVERRIDES
- disable_vht with CONFIG_VHT_OVERRIDES
- disable_he with CONFIG_HE_OVERRIDES
Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
This should allow STA to make better choice about which BSS to roam to.
Use estimated throughput as comparison value. Can improve the estimated
throughput calculation to improve this selection criteria if wanted in
the future.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Along with canceling queued scan, abort ongoing scan if any, this
ensures Wi-Fi interface is in usable state after disconnect is issued,
else subsequent scan after disconnect might fail with EBUSY.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
If the current AP advertises disassociation imminent, move it to the
back of the candidate list so we don't select it again while other
candidates are available.
Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Some kind of race condition seemed to be hit at least in test sequence
"p2p_ext_vendor_elem_invitation pasn_comeback_after_0_sae" where the P2P
invitation response could have been received just after having scheduled
a new p2p-listen radio work, but before that work had been started. In
the case of accepted invitation, this could result in unnecessary extra
delay when that p2p-listen work ended up getting started at the exact
time that the local device was starting GO.
Avoid this race condition by removing the pending p2p-listen radio work
when P2P listen is stopped.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_supplicant underestimates 6 GHz SNR as it assumes 2 GHz default
noise in the estimation.
Use 6 GHz default noise when estimating 6 GHz SNR.
Signed-off-by: Kaidong Wang <kaidong@chromium.org>
It doesn't make sense to disconnect on updates to the
network's scan_freq, and in fact doing so causes some
(timing-/scheduling-dependent) test failures.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
wpa_supplicant postpones expired PMKSA deletion untillassociation is
lost for SAE to avoid forced disconnection. But during this time the
driver may use the expired PMKSA for reassociation with the current
connected AP.
Remove the current PMKSA for SAE from the driver after reauth threshold
is passed when the driver takes care of BSS selection.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Do not reject reauth threshold passed PMKSA indicated in successful
association event since the PMKSA is still valid.
Additionally, remove the reauth threshold passed PMKSA entry from the
driver to prevent using it further in the driver.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add the copied EHT capabilities into the sta_add() call when adding a
TDLS peer.
The mld_link_id value was previously only for AP mode, but it can now be
used for TDLS links as well to indicate the link on which a
single-link-TDLS direct link is negotiated.
Signed-off-by: Jouni Malinen <quic_klokere@quicinc.com>