This effectively moves setting the csa/ecsa/cca position to happen
only when a Probe Response template for offloading is generated.
One could probably avoid the global variable altogether, as the
value is immediately consumed into struct {csa,cca}_settings.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
If a link specific error occured, mark the offending link within the
association parameters.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The kernel may report the link that caused an error by setting
NLMSGERR_ATTR_OFFS pointing to the NL80211_ATTR_MLO_LINKS element
that was the reason for the error.
Parse this information if the optional struct nl80211_err_info is
passed to send_and_recv_msgs().
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When the TX link rejects the association, return a status code for all
requested links. For simplicity, just return "TX link not accepted" so
that clients may try to connect to other links. This could be improved
to explicitly reject each link if directly associating to the link will
not work either.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add the new status code that had not yet been defined.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add support for testing ML link removal to hostapd. While such support
should inherently be integrated with the underlining driver, simulate
the inclusion of the ML reconfiguration element in hostapd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Parsing multiple RNR elements already exists in
wpa_bss_parse_basic_ml_element(), so wpas_ml_element() just duplicates
the same code. Combine the functionality of both these functions and
remove the duplicate.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Three functions were provided for defragmentation. First
ieee802_11_defrag(), ieee802_11_defrag_mle() and then
ieee802_11_defrag_data() which would do the actual job. With
ieee802_11_defrag() picking the member in the elements struct for an
EID. The problem with this is, that for the Multi-Link element, there
are multiple entries in the elems struct depending on its type. As such,
remove the intermediate function and simply pass the correct members
directly.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This Presence Bitmap field is B4..B15 of the Multi-Link Control field
and the value used here is for that full 16-bit field, not just within
the Presence Bitmap field.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
With nl80211 we need to supress the kernel generated event for any
disconnect and deauthenticate. This code is a bit fragile, as it
assumes that an event will happen. Commit b898b65582 ("nl80211: Do
not ignore disconnect event in case of !drv->associated") changed this
to only disconnect when the driver knows it is associated (apparently
required for P2P), however, deauthentication may also occur without
being associated yet.
Looking at the issue, what we are really interested in is whether the
event belongs to a disconnect/deauth command that we have send
ourselves. Any event happening after the disconnect/deauth completes
should not be suppressed (or after the next connect/auth as that would
be sufficient). We therefore need to know from the event stream
whether events were generated before or after disconnect/deauth
command completion.
To do so, send a simple command on the nl_event socket. As this will
be returned back to us in the correct order with regard to the events.
We can therefore use it to safely reset our internal
ignore_next_local_{deauth,disconnect} variables.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Handling of port authorized event for STA currently handles the
connected BSSID. This needs additional handling to support the AP MLD
address in case of MLO connection. The connected_addr expected by
cfg80211_port_authorized() is mld_addr for ML connection case.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
Enable support for ACS in the IEEE 802.11be/320 MHz case. To do so we
just:
- add channel definitions for the 320 MHz blocks of the 6 GHz band
- handle CONF_OPER_CHWIDTH_320MHZ in the different cases
- restrict 320 MHz to ieee80211be=1 only
Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
Fix for the HE Channel Center Freq Seg0/Seg1 within the HE 6GHz
Operation Information field. As downgrade of bandwidths for VHT and HE
when using puncturing is TODO for 320 MHz and/or if puncturing is
disabled and bandwidth is 320 MHz, the same rules as for 160 MHz should
be applied for Channel Center Freq Seg0/Seg1 within 6 GHz Operation
Information field.
Signed-off-by: Jurijs Soloveckis <jsoloveckis@maxlinear.com>
Include EHT Operation Information field only if the operating bandwidth
is 320 MHz or there is at least one punctured 20 MHz subchannel. This
behavior is defined in IEEE P802.11be/D4.0, 35.15.1 (Basic EHT BSS
operation).
Signed-off-by: Jurijs Soloveckis <jsoloveckis@maxlinear.com>
The prime_len variable is used as the length in bytes but it is set as
the length in bits. This fixes the sae DH group tests with wolfSSL.
Fixes: f8f20717f8 ("SAE: Use const_time selection for PWE in FFC")
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
MBSSID shares a single Beacon frame with multiple BSSs. This implies
that the key used for beacon protection (BIGTK) needs to be shared. The
nontransmitted BSSs managed their own BIGTK previously and that resulted
in providing incorrect value to the stations associated with those BSSs.
Use the BIGTK from the transmitted BSS to fix this.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Fix references to the appropriate driver capability drv_flags2. The
initial version used the incorrect drv_flags value and by doing so,
ended up using incorrect driver capabilities (DEAUTH_TX_STATUS,
BSS_SELECT, TDLS_SUPPORT) which could result in incorrect OWE
functionality for both AP and STA cases.
Fixes: d984c7b298 ("hostapd: Add support for OWE offload for STA/AP interface")
Fixes: da364180fb ("hostapd: Support 4-way handshake offload for AP/P2P GO")
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
The openssl_ciphers parameter is a global data entry on the server
instead of the per-connection design on client. As such, hostapd needs
to make a local copy of the global value and use that whenever setting
per-connection parameters. This is needed particularly when testing
Suite B functionality where the Suite B specific parameters might end up
overriding the cipher list.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Define a new command QCA_TSF_SYNC_GET_CSA_TIMESTAMP in qca_tsf_cmd to
retrieve the TSF time value at which the AP will move and starts
beaconing on a new channel. Userspace queries this TSF after receiving
NL80211_CMD_CH_SWITCH_STARTED_NOTIFY event on the AP interface. This TSF
can be communicated via an OOB mechanism to connected STAs which may
fail to receive the CSA frames due to channel congestion.
Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
The driver advertising SAE AP offload support would take care of SAE
authentication and PMK generation at the driver/firmware. This feature
requires the driver to be supporting 4-way handshake offload to process
the generated PMK at the driver level for 4-way handshake.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
The driver advertising OWE offload support would take care of
Diffie-Hellman Parameter element generation and processing part. The
driver would be responsible for OWE PMK generation in this case.
Avoid the Diffie-Hellman Parameter element handling in
wpa_supplicant/hostapd for drivers advertising OWE offload support. This
change is applicable only for drivers supporting 4-way handshake
offload.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
Add support for offloaded 4-way handshake in AP/P2P GO mode. For drivers
supporting the AP PSK offload, wpa_supplicant/hostapd passes down the
PSK for the driver to handle the 4-way handshake. The driver is expected
to indicate port authorized event to indicate that the 4-way handshake
is completed successfully.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
The max transmit power of Standard Power (SP) Access Points (AP) on
6 GHz band and APs on 2.4 GHz and 5 GHz bands is limited by effective
isotropic radiated power (EIRP), while the max transmit power of Low
Power Indoor (LPI) APs on 6 GHz Band is limited by power spectral
density (PSD). Therefore the max transmit power of LPI APs grows as the
channel width increases, similar to the noise power which has constant
PSD.
Adjust the SNR of BSSes based on the transmit power config and max
channel width. EIRP limited APs usually have constant max transmit power
on different channel widths, their SNR decreases on larger channel width
because the noise power is higher, while PSD limited APs have constant
SNR over all channel widths.
Signed-off-by: Kaidong Wang <kaidong@chromium.org>
Beacon frames are allowed to optionally include one more more Reduced
Neighbor Report elements. Only the first one was parsed previously.
Extend this to use a loop to go through all included RNR elements.
Signed-off-by: Ben Greear <greearb@candelatech.com>
The driver is expected to update the DTIM Count field for each BSS that
corresponds to a nontransmitted BSSID. Initialized this value to 0 in
the Beacon frame template so that the DTIM count would be somewhat
functional even if the driver were not to update this.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
In case of low-memory conditions, the computation for legendre symbol
can fail and return -2 as per documentation, but the check for that
was missed here. And this can can cause an infinite loop searching for
qr and qnr if the error repeats for each attempt.
Break the loop if calculation fails, we can leave retry to the callers
or user. This is similar to the way allocation and generation of a new
random number was handled in this loop.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Currently the documentation for QCA_WLAN_VENDOR_ATTR_CONFIG_MLO_LINK_ID
indicates it is only for use inside nest attribute
QCA_WLAN_VENDOR_ATTR_CONFIG_MLO_LINKS. Update the documentation to
allow it to be used outside that nest as well.
Signed-off-by: Mohan Prabu <quic_mprabub@quicinc.com>
Also this EAPOL frame uses the MLD MAC address of the AP MLD when sent
during an MLO association.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
For MLO association, specify destination address as the MLD MAC address
for sending Group Key msg 2/2.
Signed-off-by: Rohan Dutta <quic_drohan@quicinc.com>
This adds the newer driver capability "flags2" bitmask to the
hostapd_cli/wpa_cli "status driver" result.
Signed-off-by: Gokul Sivakumar <gokulkumar.sivakumar@infineon.com>
This was already done for driver_flags, but the newer driver_flags2 was
not covered here.
Signed-off-by: Gokul Sivakumar <gokulkumar.sivakumar@infineon.com>
Populate the switch case in the driver_flag2_to_string() function with
the full list of feature MACROs represented with the "flags2" bitmask.
Signed-off-by: Gokul Sivakumar <gokulkumar.sivakumar@infineon.com>
Set WPA_DRIVER_FLAGS2_SAE_OFFLOAD flag if the driver indicates SAE
authentication offload support for STA mode. Allow SAE password to be
provided to the driver in such cases when using the CONNECT command.
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
Signed-off-by: Daisuke Mizobuchi <mizo@atmark-techno.com>
The key server may be removed due to the ingress packets delay. In this
situation, the endpoint of the key server may not be aware of this
participant who has removed the key server from the peer list. Because
the egress traffic is normal, the key server will not remove this
participant from the peer list of the key server. So in the next MKA
message, the key server will not dispatch a new SAK to this participant.
And this participant cannot be aware of that that is a new round of
communication so that it will not update its MI at re-adding the key
server to its peer list. So we need to update MI to avoid the failure of
re-establishment MKA session.
Signed-off-by: Ze Gan <ganze718@gmail.com>
The key server may not include dist sak and use sak in one packet.
Meanwhile, after dist sak, the current participant (non-key server) will
install SC or SA(s) after decoding the dist sak which may take few
seconds in real physical platforms. Meanwhile, the peer expire time is
always initialized at adding the key server to peer list. The gap
between adding the key server to peer list and processing next use sak
packet may exceed the threshold of MKA_LIFE_TIME (6 s). It will cause an
unexpected cleanup (delete SC and SA(s)), so update the expire timeout
at dist sak also.
Signed-off-by: Ze Gan <ganze718@gmail.com>
Prevent loading arbitrary executable code based on config at runtime,
while allowing libraries to be specified at compile time when they are
known in advance.
Add the ability to configure libraries to load at compile time.
* CONFIG_PKCS11_ENGINE_PATH - pkcs11_engine library location.
* CONFIG_PKCS11_MODULE_PATH - pkcs11_module library location.
* CONFIG_OPENSC_ENGINE_PATH - opensc_engine library location.
Add flags with the ability to set each of the libraries to NULL and
prevent loading them at runtime.
* CONFIG_NO_PKCS11_ENGINE_PATH - prevents loading pkcs11_engine
library.
* CONFIG_NO_PKCS11_MODULE_PATH - prevents loading pkcs11_module
library.
* CONFIG_NO_OPENSC_ENGINE_PATH - prevents loading opensc_engine
library.
* CONFIG_NO_LOAD_DYNAMIC_EAP - prevents loading EAP libraries at
runtime.
Signed-off-by: David Ruth <druth@chromium.org>
Fix the calls to wc_AesEncryptDirect(). Old versions of wolfCrypt FIPS
had wc_AesEncryptDirect() return void instead of int. Fix this build
issue.
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
Add support for Authentication negotiated over IEEE Std 802.1X
with key derivation function using SHA-384.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Many of the STRUCT_PACKED structs are not within the pragmas resulting
in wrong packing using MSVC. Fix it by moving pragma to EOF to ensure
proper packing.
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
There is a delay between sending Association Response frame after having
received Association Request frame, due to the fact that between
receiving the request and sending the response the Beacon frame contents
is updated, after analyzing inputs from the STA. There may be several
updates if multiple fields need to change. This can cause issues with
some devices in noisy environments with many BSSs and connected STAs.
Optimize this by updating the beacon only once, even if there are
multiple reasons for updates.
Signed-off-by: Jurijs Soloveckis <jsoloveckis@maxlinear.com>
If the number of TBTT info is greater than RNR_TBTT_INFO_COUNT_MAX, the
new Neighbor AP Information field would need to be added in the RNR
element. However, the condition of adding Neighbor AP Information field
does not consider number of TBTT info. That would cause invalid Neighbor
AP Information field (the while loop will fill data by eid pointer) when
setting RNR element.
Signed-off-by: Allen.Ye <allen.ye@mediatek.com>
When it comes to set some BSS's beacon, there are two reasons to
update the beacon of co-located hostapd_iface(s) at the same time:
1. 6 GHz out-of-band discovery
2. MLD operational parameters update
BSS load update is unrelated with the above two reasons, and therefore
is not the case to update beacon for co-location. Moreover, updating
beacon for co-location when BSS load update makes hostapd set beacon too
frequently, which makes hostapd busy setting beacon in a multi-BSS case.
Add a new function to update beacon only for current BSS and use the
function during BSS load update.
Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
Signed-off-by: Money Wang <money.wang@mediatek.com>
From IEEE 802.11:
The DSSS Parameter Set element is present within Beacon frames
generated by STAs using Clause 15, Clause 16, and Clause 18
PHYs.
The element is present within Beacon frames generated by STAs
using a Clause 19 PHY in the 2.4 GHz band.
Same is applied to the Probe Response frame.
Do not include the DSSS Parameters Set element when operating on other
bands.
Signed-off-by: Jurijs Soloveckis <jsoloveckis@maxlinear.com>
The function should return bool (0/1) and not int. In some environments
bool may be defined as unsigned char, so bits higher then 7 will be
discarded during the downcast. Fix it.
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This is needed to avoid generating an nontransmitted BSS profile that
would claim the Extended Rates element to be non-inherited.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The List of Element ID Extensions field is not an optional field, so
include it in the Non-Inheritance element with Length=0 to indicate that
there is no Element ID Extension List.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Presence of any 6ghz channels indicates nl80211 driver 6 GHz support,
not non-DISABLED channels. This increases the timeout for scan
completion for cases where 6 GHz might get scanned even if all the
channel there are currently DISABLED.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
To support Opportunistic Key Caching for Suite B key management, KCK
needs to be stored on PMKSA to derive the new PMKID correctly when
processing reassociation from a STA to a new AP.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
To support Opportunistic Key Caching for Suite B key management, KCK
needs to be stored on PMKSA to derive the new PMKID correctly for the
new roaming AP.
Signed-off-by: Vinoth V <vinoth117@gmail.com>
A driver may not support setting MAC address when interface is UP, so
wpa_supplicant used to always sets the interface down for MAC address
change.
Try to change the address first without setting the interface down and
then fall back to DOWN/set addr/UP if the first attempt failed. This can
reduce the interface setup time for time-critical use cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Parse the reconfiguration Multi-Link element and:
- Don't select a BSS for connection if it is part of an MLD
and is going to be removed.
- Don't scan for missing links that are to be removed.
- Don't include removed links in association.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add support for building and sending ML probe requests. During connect,
try to send an ML probe request if we are going to connect to an MLD AP
and the BSS information for some of the links is missing.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Extend 'struct wpa_driver_scan_params' to allow higher layer to indicate
if minimal probe request content should be included by the driver as part
of the scan logic.
Implement this with driver_nl80211, by setting
NL80211_SCAN_FLAG_MIN_PREQ_CONTENT.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Make the current HE BSS color available in STATUS command output since
this can change dynamically based on color collisions.
Signed-off-by: Antonio Prcela <antonio.prcela@gmail.com>
Signed-off-by: Antonio Prcela <antonio.prcela@sartura.hr>
Previously the NL80211_CMD_SET_QOS_MAP command was sent to the radio
interface. Send this command using nl80211_cmd_msg() and the bss,
instead of drv.
Signed-off-by: Arnon Meydav <ameydav@maxlinear.com>
Certain internet service providers transmit VLAN 0 priority tagged
EAPOL frames from the ONT towards the residential gateway. VID 0
should be ignored, and the frame processed according to the priority
set in the 802.1P bits and the encapsulated EtherType (i.e., EAPOL).
The pcap filter utilized by l2_packet_* is inadquate for this use case.
Here we modify the pcap filter on FreeBSD to accept both unencapsulated
and encapsulated (with VLAN 0) EAPOL EtherTypes. This preserves the
original filter behavior while also matching on encapsulated EAPOL.
Additional work is required to support this handling on other platforms.
We also modify the rx_receive handler to offset the packet buffer
and length when handling dot1q encapsulated frames so the existing
packet parsing code works as-is.
Signed-off-by: R. Christian McDonald <rcm@rcm.sh>
Sponsored by: Rubicon Communications, LLC ("Netgate")
The range for the 5 GHz channel 118 was encoded with an incorrect
channel number.
Fixes: ed8e13decc (ACS: Extract bw40/80/160 freqs out of acs_usable_bwXXX_chan())
Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
It is valid to configure an AP to be both backhaul and
fronthaul (multi_ap=3), so we should not test for a missing
fronthaul flag but instead test directly for backhaul capability.
Signed-off-by: Stefan Schake <stefan.schake@devolo.de>
The way these checks were done for WPS enabled APs were unnecessarily
complex and missed one of the cases. Simplify this by doing the check
only once and do that earlier in the process to minimize changes to STA
state.
Fixes: a7f55f7f68 ("WPS: Enable SA Query checks for WPS AP")
Signed-off-by: Jouni Malinen <j@w1.fi>
Currently if ch_switch_vht_config is present, only ieee80211ac config
will be updated in hostapd_config and ieee80211ax/ieee80211be config may
be wrong. Fix this by adding handlings for ch_switch_he_config and
ch_switch_eht_config as well.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
free_cb can be NULL during the pmksa_cache_auth_init() from the modules
using libpasn.so. So check it explicitly before dereferencing.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
wpa_supplicant postpones expired PMKSA deletion untillassociation is
lost for SAE to avoid forced disconnection. But during this time the
driver may use the expired PMKSA for reassociation with the current
connected AP.
Remove the current PMKSA for SAE from the driver after reauth threshold
is passed when the driver takes care of BSS selection.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Increase the first group rekey timeout from 500 ms to 1000 ms when the
number of associated stations is greater than 100. This is to avoid
client disconnections due to group handshake timeout in multiclient
scenarios where it might take more than 500 ms to be able deliver Group
Key msg 1/2 to all associated STAs.
Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
Add support for EHT phy index and maximum NSS as per IEEE P802.11be/D4.0,
9.6.7.36 and 9.4.2.313.4.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Maximum NSS calculation for HE mode checks if both Tx and Rx support
a given NSS. Modify it to instead check if either of these two support
the given NSS.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Rename the local variable mcs_nss_size to he_mcs_nss_size in
hostapd_fils_discovery_cap() and hostapd_gen_fils_discovery_nss()
to limit its usage to HE mode.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Move the phy index determination for FILS discovery frames to a new
function without changing the functionality. HE support is mandatory for
operating in the 6 GHz band hence the phy index will always be set to
FD_CAP_PHY_INDEX_HE for this band.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
The sae_password_entry is used in this function only if CONFIG_SAE is
defined, so declare this variable only under the same condition.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
