Link ID was assigned when BSS is going through setup and the driver
interface init. Later if interface is disabled and enabled again, setup
BSS is called which will give a new link ID to it. However, Link ID
should be same for a BSS affliated to an AP MLD for the full lifetime of
the BSS.
Hence, assign the link ID during BSS creation itself. And it will remain
until BSS entry is completely freed. Hence, link ID will not change as
part of disable/enable.
Also, since link ID would be decided now, it will help in creating link
level control sockets in a subsequent patch.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
MLD level structure is present to store the MLD level information.
Add changes to use the MLD structure instead of link specific struct
hostapd_data to get/set the MLD level information.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
MLD level information like MLD MAC address, next link ID, etc. was
stored in each BSS. However, only the first link BSS assigns values to
these members and the other link BSSs store references to the first BSS.
However, if the first BSS is disabled, the first BSS reference in all
BSS should be updated which is an overhead. Also, this does not seem to
scale.
Instead, a separate MLD level structure can be maintained which can
store all this ML related information. All affiliated link BSSs can keep
reference to this MLD structure.
This commit adds that MLD level structure. However, assigning values to
it and using that instead of BSS level members will be done in
subsequent commits.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
mld_id was provided as a user configuration to identify partner BSS
belonging to the same AP MLD. The same id is used at the protocol level
also to indicate the AP MLD ID of the MLD.
But, in general mld_id is a relative reference of the MLD where 0 is
used as the mld_id to represent the self MLD and in case of MLO MBSSID
mld_id of a non transmitted BSS affiliated to an AP MLD is based on the
relative BSS index of the non transmitted BSS from the transmitted BSS.
Hence mld_id need not be fetched from users, rather it can be identified
wherever required.
To verify if the partners belong to the same AP MLD the interface name
can be checked, since all link BSS partners of the same AP MLD belong to
the same interface.
Hence, remove use of mld_id user config and instead introduce two
functions hostapd_is_ml_partner() and hostapd_get_mld_id(). The former
is used to verify whether partners belong to the same AP MLD and the
latter is used to get the MLD ID of the BSS.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Add support to fill "multi_ap_vlanid" info to the hostapd config file.
Add the Multi-AP Default 802.1Q Setting subelement into Multi-AP element
generating and parsing.
Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
Add a new config option "multi_ap_client_disallow" to control allowing
backhaul STA with certain profiles alone to associate. This is done to
adhere to Wi-Fi EasyMesh specification which defined rules to
allow/disallow association of backhaul STA of certain profiles.
Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
Allow both hostapd and wpa_supplicant to be configured with the
supported Multi-AP profile. The configured value will be advertised in
the Multi-AP element.
Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
short_ssid in the own neighbor report might get out of sync, causing
advertising RNR element based on the old SSID, when SSID is changed
either with control interface command SET or with SIGHUP. Therefore,
sync the own report entry by removing the old entry and setting own
report again if the short SSID value has changed.
Signed-off-by: Nikita Chernikov <nchernikov@maxlinear.com>
reply_size instead sizeof(buffer) should be provided to
hostapd_global_ctrl_iface_interfaces() when processing INTERFACES
commands. The previous use of sizeof(buffer) used a significantly
shorter limit (256 vs. 4096 bytes) for the output and this could have
resulted in unnecessary truncation of the output.
Fixes: 618f5d01b0 ("hostapd: Add INTERFACES ctrl_iface command")
Signed-Off-By : Mujibur Rahiman K mujiburrahimank@maxlinear.com
This adds initial parts for RADIUS/TLS support in the RADIUS client.
This can be used with eapol_test and hostapd. This functionality is not
included by default and CONFIG_RADIUS_TLS=y in .config can be used to
enable it.
This version does not yet include all the needed functionality for TLS
validation and the rules for dropping a TCP connection based on invalid
RADIUS attributes.
Signed-off-by: Jouni Malinen <j@w1.fi>
When the CHAN_SWITCH command is executed during multi BSSID case (say
BSS1, BSS2, and BSS3), if one of the BSS is disabled (say BSS2), the
CHAN_SWITCH command returns an error in BSS2 and does not proceed to the
next BSS (BSS3).
The CHAN_SWITCH command handler iterates over all configured BSSs and
attempts to send the switch_channel to each one. However, if any one of
the BSSs fails, the entire command is aborted and returns a failure.
Continue the iteration even if one BSS is failing to make sure the
configuration is applied to other BSSs.
Signed-off-by: Haribabu Krishnasamy <quic_hkr@quicinc.com>
Add hostapd support for interacting with the NAN discovery engine to
allow single-channel (i.e., the AP's operating channel) USD as Publisher
or Subscriber.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Existing commands ENABLE/DISABLE only enable/disable the corresponding
link. To disable all links, multiple calls from different control
interfaces would be needed.
Add new commands "disable_mld" and "enable_mld" for hostapd_cli to
support disabling/enabling AP MLD for convenience.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
These control interface commands do not take any parameters and as such,
do not need to use a prefix match. Replace that with an exact string
match to avoid matching other potential command strings.
Fixes: 7554565299 ("hostapd: Add ctrl_iface for enabling/reloading/disabling interface")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The file needs to be closed on all paths before exiting from the
function.
Fixes: e748e50c62 ("SAE passwords from a separate file")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
src/ap/ap_config.c is not really supposed to call directly into a
function in hostapd/config_file.c. Furthermore, the wrapper through
ap_config.c did not really have any real value since it just called a
function that is within hostapd/*.c and that wrapper was called from
hostapd/*.c.
Instead of the wrapper, just call the function directly within the
hostapd directory.
Fixes: 392114a179 ("FT: Add dynamic reload of RxKH definitions from file")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When removing the bootstrap info for the PB context, all the possible
pointers to that information needs to be cleared to avoid accesses to
freed memory.
Fixes: 37bccfcab8 ("DPP3: Push button bootstrap mechanism")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow the Timeout Interval Type field in the Timeout Interval element to
be overridden with a different value for testing purposes to be able to
bypass the association comeback processing in mac80211. This allows the
wpa_supplicant internal functionality to be tested.
Signed-off-by: Jouni Malinen <j@w1.fi>
hostapd reads the list of Rx Key Holders from hostapd.conf file.
However, for systems where topology changes dynamically, the update
of RxKHs list is required without reloading the whole configuration.
Introduce a new source of RxKH definition with original syntax:
- rxkh_file - Path to a file containing a list of RxKHs.
In addition, add a control interface command RELOAD_RXKHS to
reload RxKHs definition from the file specified in `rxkh_file`.
This allows hostapd to properly distribute Rx keys even after topology
change (assuming rxkh_file is updated and reload_rxkhs command issued).
Syntax of rxkh_file is the same as extraction of r0kh and r1kh options
from original hostapd.conf file.
```
r0kh=ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff
r0kh=ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff
r1kh=00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeef
r1kh=00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeef
r1kh=00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeef
```
Signed-off-by: Dariusz Kopka <dariusz@plume.com>
Extend RSN authenticator to be able to process EAPOL-Key msg 2/4 and 4/4
messages in cases where the Key Data field is encrypted using AES key
wrapping (i.e., non-AEAD cipher). While there is not yet any defined
case where such encryption would be used in IEEE Std 802.11-2020,
extensions are considered to be added to use such constructions (e.g.,
in IEEE P802.11bh). As such, it is good to extend the parsing and
processing rules in the authenticator to be ready for such
functionality.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow additional elements and KDEs to be added to EAPOL-Key msg 1/4 and
3/4 and allow EAPOL-Key msg 3/4 Key Data field to be not encrypted.
These are for testing purposes to enable a convenient mechanism for
testing supplicant behavior with either potential future extensions or
incorrect Authenticator behavior.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
_FORTIFY_SOURCE requires at least -O2 optimization level.
This may result in compilation warnings. Fix it.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Introduce a new configuration option, "eht_bw320_offset", which enables
devices to specify a preferred channelization for 320 MHz BSSs when
using automatic channel selection (ACS). This option is applicable only
when the channel is not already decided and the bandwidth is set to 320
MHz.
The value and meaning of the option:
0: auto-detected by ACS
1: 320 MHz-1
2: 320 MHz-2
Co-developed-by: Money Wang <money.wang@mediatek.com>
Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
If the regulatory client EIRP PSD values advertised by an AP that is a
standard power AP or indoor standard power AP are insufficient to ensure
that regulatory client limits on total EIRP are always met for all
transmission bandwidths within the bandwidth of the AP’s BSS, the AP
shall also send a TPE element in Beacon and Probe Response frames as
that depicts the regulatory client EIRP limit.
Add support for this.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add configuration options for setting the Tx Power value
in the Transmit Power Envelope for 6 GHz:
- The Tx power value for default client where the transmit
power interpretation is "Regulatory Client EIRP PSD"
- The Tx power value for subordinate client where the transmit
power interpretation is "Regulatory Client EIRP PSD"
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Update the HE regulatory information AP types based on IEEE
P802.11-REVme/D4.0. Set the default AP type to VLP. Check for valid
values when setting 'he_6ghz_reg_pwr_type' in the interface
configuration.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add a testing configuration such that the AP would be reported as
disabled in the RNR TBTT information MLD parameters included by other
affiliated APs of the AP MLD.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add support for overriding EHT Operation element puncturing mask
for testing purposes.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add a new hostapd configuration parameter sae_password_file to read SAE
passwords (i.e., the entries that use the previously added sae_password
parameter) from a separate file.
sae_password_file uses the following format for storing passphrases:
<password/credential>[|mac=<peer mac>][|vlanid=<VLAN ID>]
[|pk=<m:ECPrivateKey-base64>][|id=<identifier>]
Examples:
<password>
<password>|id=<pw identifier>
<password>|mac=02:03:04:05:06:01|vlanid=1
<password>|vlanid=3|id=<pw identifier>
Signed-off-by: Shiva Sankar Gajula <quic_sgajula@quicinc.com>
Link ID needs to be specified for MLD case when doing channel switch.
Add it to the driver command.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
Add support for reload_config hostapd_cli command as an alternative
mechanism for SIGHUP on the hostapd process.
When AP parameters such as ssid/encryption/password etc. are changed
externally in hostapd.conf, RELOAD_CONFIG cli will re-read the .conf,
update the in-memory contents and issue a change_beacon to update
beacon_ies.
For full config update, the following example sequence of commands can
be used:
hostapd_cli -i ath0 -p /var/run/hostapd-wifi0 disable
hostapd_cli -i ath0 -p /var/run/hostapd-wifi0 reload_config
hostapd_cli -i ath0 -p /var/run/hostapd-wifi0 enable
Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
Move the hostapd and wpa_supplicant control interface handlers into a
shared functions instead of duplicated implementation.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
For AP MLD, when BSSID configuration is specified without mld_addr, the
first link address is used as the MLD MAC address as well. Though IEEE
P802.11be allows this, the current implementation and the kernel aren't
happy about it. Better avoid this.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add support for testing ML link removal to hostapd. While such support
should inherently be integrated with the underlining driver, simulate
the inclusion of the ML reconfiguration element in hostapd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Leverage the already available control socket cmd "DRIVER_FLAGS2" and
dump the driver capab "flags2" bitmask on triggering the new CLI CMD
"driver_flags2", similar to the already existing CLI CMD "driver_flags".
$ hostapd_cli -i wlan0 driver_flags2
(OR)
$ wpa_cli -i wlan0 driver_flags2
0000000000000020:
BEACON_RATE_HE
Signed-off-by: Gokul Sivakumar <gokulkumar.sivakumar@infineon.com>
Add support for Authentication negotiated over IEEE Std 802.1X
with key derivation function using SHA-384.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This symbol was removed in an earlier commit. Remove this leftover which
was forgotten then.
Fixes: 7d2ed8bae ("Remove CONFIG_IEEE80211W build parameter")
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Allow the EAP-SIM/AKA server to be configured to use a smaller limit for
the number of times fast re-authentication can be used before falling
back to running full authentication. This is particularly useful for EAP
peer testing to cover cases when falling back from fast
re-authentication to full authentication in various different cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
While the EAP-SIM/AKA RFCs recommend against doing this, some deployed
authentication servers use the identity from the EAP-Response/Identity
directly without using an EAP method specific indication (AT_IDENTITY).
Having a capability to configure hostapd EAP server to behave in this
manner helps in increasing testing coverage for the EAP peer
implementation.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use helper function is_zero_ether_addr() for checking empty bssid
value in hostapd_driver_init().
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
Add mld_addr configuration option to set the MLD MAC address.
The already existing bssid configuration option can be used to
control the AP MLD's link addresses.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Manaswini Paluri <quic_mpaluri@quicinc.com>
