Commit graph

19740 commits

Author SHA1 Message Date
Sidhanta Sahu
69deac87fb AP MLD: Ensure successful addition of link item into list
Currently, hapd->link is added to the MLD links list during driver
initialization and setup BSS operation. However, a call trace has been
observed where a BSS link item is not present in the list and an attempt
is made to delete it from the list. This scenario occurs during the
deinitialization operation, which calls hostapd_bss_link_deinit() and
tries to remove the hapd->link which is not present in the list.

Ensures that the link item is added to the list only after the
successful operation of link addition. Also ensure that mld->num_links
increments only when the addition is successful. Therefore, return from
hostapd_bss_link_deinit(), if mld->num_links is zero. Since the mld
object is shared among all the links, num_links has to be incremented
only when the addition is successful.

Call trace:
        dl_list_del.lto_priv.9.lto_priv ()
        hostapd_bss_link_deinit.lto_priv ()
        hostapd_bss_deinit ()
        hostapd_interface_deinit ()
        hostapd_interface_deinit_free ()
        hostapd_main ()

Signed-off-by: Sidhanta Sahu <quic_sidhanta@quicinc.com>
2024-08-06 00:29:00 +03:00
Veerendranath Jakkam
ca58be3da4 SAE: Add group 20 in default groups when AP started with SAE-EXT-KEY
hostapd used to always enable only the group 19 when SAE groups were not
configured explicitly in hostapd.conf. This may cause undesired
connection delay with STAs which use group 20 as the primary group with
SAE-EXT-KEY AKM during SAE authentication attempt.

To avoid this, enable group 20 in default groups when AP supports
SAE-EXT-KEY and SAE groups have not been configured explicitly in
hostapd.conf.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-08-06 00:06:22 +03:00
Aditya Kumar Singh
666d695bbd nl80211: Fix simultaneous scanning failure in case of MLO
Currently only one scan can be performed on per phy level at a time in
the driver. Due to this, if another scan request is sent via anoother
underlying phy, the kernel returns -EBUSY. This would result in hostapd
trying to set the interface into station mode if it was originally in AP
mode and retry sending a scan request. However, this behavior is
expected in case of multi link operation and hence there is no need to
switch the mode as such.

Hence, add logic to not change the NL mode if the kernel returns -EBUSY
during multi link AP operation. The caller can accordingly decide and,
if needed, it can re-schedule a scan request after some time.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-05 20:34:12 +03:00
Aditya Kumar Singh
fd55dfe16e nl80211: Fix scan request and its related events handling with MLO
Currently, whenever a scan is started, it uses drv's first BSS only
whether it is AP or STA interface. However, with AP MLD related changes,
the same drv could be used by other BSSs as well which needs scanning.
Hence, the current logic will not work since scan needs to be handled on
a non-first BSS as well.

Move the logic of always using drv's first BSS during scan events to
using BSS on which the event arrived.

Also, for AP MLD operation, even though the BSS is same, the link BSS
also needs to be identified. Hence, add a back pointer in the BSS struct
which would be used to point to the link BSS which requested the scan on
that BSS. This will help in routing the scan events to an appropriate
BSS ctx.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-08-05 20:34:12 +03:00
Gal Savion
23456e480e Avoid sending DEAUTH or DISASSOC packet when using flag tx=0
hostapd would send DISASSOC packet (after quiet DEAUTH) or DEAUTH packet
(after quiet DISASSOC) to the station after some inactivity timeout,
even though the command has tx=0 parameter. Fix this so that tx=0 cleans
the STA info without sending any DISASSOC or DEAUTH packets.

Signed-off-by: Gal Savion <gsavion@maxlinear.com>
2024-08-03 20:25:20 +03:00
Benjamin Berg
619ff3d2e8 build: Add simple compile_commands.json generation
This can be used with a clangd server to get code completion and cross
references in editor. To simplify the generation, create .cmd files for
most object files while building that contains the base directory and
command that was used when compiling it.

A very simple gen_compile_commands.py is provided which will read one or
more build directories and generate the compile_commands.json file for
it.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-03 20:16:18 +03:00
Jouni Malinen
733069fd4c tests: Use newer hostapd.add_ap() argument style
Convert the easy cases of old hostapd.add_ap() uses to the new one.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-08-03 19:02:29 +03:00
Janusz Dziedzic
222d443950 tests: Use remote_cli in remote testing
This allows to use remote wpa_cli/hostapd_cli for:
 - hwsim wrapper
 - example test case

For example,
 modprobe mac80211_hwsim radios=8
 ./run-tests.py -d hwsim0 -d hwsim1 -d hwsim2 -r hwsim3 -r hwsim4 -h ap_wpa2_psk -v

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2024-08-03 18:35:10 +03:00
Janusz Dziedzic
205dbb0fef tests: Allow user name to be skipped in ssh connection with remotehost
Allow to skip user name when we run ssh user@hostname.

We can specify user name in .ssh/config and simplify using network name
spaces mapped per user.

An example .ssh/config:

 Host localhost
    HostName localhost
    User root

 Host test1
    HostName testpc
    User wlan1

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2024-08-03 18:35:10 +03:00
Janusz Dziedzic
9ff4fd30ff tests: Allow to use remote hostapd_cli in Hostapd classes
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2024-08-03 18:35:10 +03:00
Janusz Dziedzic
871bfdcdf6 tests: Allow to use remote wpa_cli in WpaSupplicant class
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2024-08-03 18:35:02 +03:00
Janusz Dziedzic
d3f340c869 tests: Add RemoteCtrl class
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2024-08-03 18:17:37 +03:00
Matthew Wang
d42cfaa397 Move wpas_trigger_6ghz_scan() up in the file
This avoids an unnecessary forward declaration for the static function.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2024-08-03 12:27:39 +03:00
Matthew Wang
a66cb09930 Trigger a 6 GHz scan if RNR contains matching short SSID
If a scan triggers a regdom update into a 6 GHz-allowed regdom, and an
RNR element in one of the legacy band scan results points to a 6 GHz
scan result with a short SSID matching the current_ssid, delay
connection in favor of a 6 GHz-only scan. This will optimize the case in
which we first connect to a 5 GHz AP, then later roam to a 6 GHz one by
directly connecting to the 6 GHz one.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2024-08-03 12:25:47 +03:00
Matthew Wang
acd9332c3b Fix success check for triggering 6 GHz scan
wpas_trigger_6ghz_scan() returns 1 on success and 0 on failure to
trigger the scan. Checking the return value to be less than zero is not
correct. This was supposed to check for success, i.e., greater than
zero.

Fixes: 42add3c27b ("Scan 6 GHz channels after change to 6 GHz-allowed regdom")
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
2024-08-03 12:17:10 +03:00
Jintao Lin
d40788a5cb P2P: Use specified frequency for group client in P2P_GROUP_ADD command
In P2P_GROUP_ADD command and GroupAdd dbus method, frequency is passed
in as a parameter when restarting a persistent group. This is the group
operating frequency determined out of band. Use this pre-determined
frequency in P2P client as well to expedite the P2P scan.

Signed-off-by: Jintao Lin <jintaolin@chromium.org>
2024-08-03 11:49:24 +03:00
Ruth Mekonnen
9c0a6d64d0 dbus: Emit ScanInProgress6GHz property
Expose whether a 6 GHz scan is in progress with the ScanInProgress6GHz
property and flush properties as soon as the property is updated, so
that platforms can choose not to disconnect while a 6 GHz scan is in
progress. Once the 6 GHz scan has completed and scan results have been
received, the ScanInProgress6GHz property is reset to false.

Signed-off-by: Ruth Mekonnen <rmekonnen@chromium.org>
2024-08-03 11:43:57 +03:00
Ruth Mekonnen
b53d7a6a86 Add non-PSC channels to 6 GHz scan request
When non_coloc_6ghz = false, the STA is expected to scan for colocated
APs. However, if the colocated AP is on a non-PSC channel, it will not
be detected during the 6 GHz-only scan because the frequency list is
limited to PSC channels. Even when the NL80211_SCAN_FLAG_COLOCATED_6GHZ
is set, the cfg80211 only scans a subset of the channels in the original
6 GHz scan request. Therefore, this patch adds non-PSC channels to the
original 6 GHz scan request.

Signed-off-by: Ruth Mekonnen <rmekonnen@chromium.org>
2024-08-03 11:36:35 +03:00
Benjamin Berg
9e50c12b31 WNM: Scan for BSSID if there are forbidden neighbors
The test to scan for a single BSSID assumed that there is only a single
neighbor in the candidate list. Also do this optimization if there are
multiple neighbors but only one of them is valid.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-02 13:49:32 +03:00
Benjamin Berg
3cf4b4ad88 tests: Add a WNM tests to check candidate list is used if not required
This tests that the candidate list is used even if it is not required
because the abridged and preferred candidate list included bits are not
set.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-02 13:49:32 +03:00
Benjamin Berg
54b25b7c1d WNM: Always parse candidate list
The preferred candidate list included bit just makes parsing the list
mandatory. The AP may still include a candidate list which we should use
to be able to optimize scanning. As such, always parse out the list but
still verify that if the list is not empty if the bit is set.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-02 13:49:19 +03:00
Benjamin Berg
d9d8627873 WNM: Consolidate the scanning paths for BTM requests
There was an ancient code path to trigger a scan that was apparently
forgotten when the code was extended over time. It does not make any
sense to trigger a scan twice, so remove the earlier scan.

The earlier scan call was avoiding to trigger a new scan if a fixed
BSSID is configured. This seems like a reasonable restriction to do, so
add this check before starting a scan.

Consolidate everything so that scanning happens at the end of the
functions unless we bail out before. Add a "reset" label for all other
cases to ensure that we don't leave things in the a bad state.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-02 13:40:37 +03:00
Benjamin Berg
3b6abe3580 WNM: Reject requests with an invalid dialog token
The dialog token must be non-zero. We are using this fact internally to
track the state in some cases, so ensure that the assumption is valid.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-02 13:22:34 +03:00
Avraham Stern
f4a9cb96d6 MBO: Always accept BTM request with disassociation imminent bit set
According to Multiband Operation specification (r17, section 3.5.2),
a BSS Transition Management Request with the disassociation imminent
bit set should always be accepted.

This is enforced in case the request did not include a candidate list.
However, in case a candidate list was included but none of the APs in
the candidate list was found in the scan results, the request is
rejected.

Fix that by always accepting a request with the disassociation imminent
bit set even if no roaming candidate was found.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-02 13:20:53 +03:00
Benjamin Berg
020f20a222 tests: Set the abridged bit in BTM tests
Many of the WNM tests assume that the supplicant will only select a
neighbor that was included in the candidate list. However, without the
abridged bit being set, the supplicant is allowed to also select any BSS
that is not explicitly included in the list.

Prepare for the supplicant handling the abridged bit by setting it in
the tests where relevant.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-02 13:16:10 +03:00
Benjamin Berg
adc6ca34a0 WNM: Move neighbor report test into wnm_is_bss_excluded()
Having it in wnm_is_bss_excluded() is more generic as it works for other
locations (e.g., MLD link selection). So move the test and add a check
for the abridged bit while at it. Note that without the abridged bit
check another check would be needed (e.g., checking wnm_dialog_token) to
ensure that there isn't a rejection unless a BTM is in progress.

compare_scan_neighbor_results() calls wpa_scan_res_match() which calls
wnm_is_bss_excluded() so the previous behavior is maintained for WNM
scan result processing.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-02 13:06:59 +03:00
Benjamin Berg
a832312806 WNM: Swap logic in wnm_is_bss_excluded() to allow more checks
Following commits will move more checks into wnm_is_bss_excluded().
Prepare for that by changing the logical flow so that further checks can
be inserted.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-02 12:58:27 +03:00
Benjamin Berg
582b5eff40 WNM: Remove unused age parameter for neighbor comparison
compare_scan_neighbor_results() was taking an age parameter to check
whether the BSS has been seen recently. This was used historically in a
codepath when no new scan was done. However, the logic was changed in
commit 20ed289a78 ("WNM: Clean up old scan data processing") and the
parameter is not used at all anymore as it is replaced by a different
logic. Remove it.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-02 12:57:34 +03:00
Benjamin Berg
4bbe004e06 WNM: Split candidate list parsing into a separate function
ieee802_11_rx_bss_trans_mgmt_req() is already dealing with a lot of
things including the decisions on how to act on the frame. Split out
candidate list parsing to make it easier to work with the function.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-02 12:53:07 +03:00
Benjamin Berg
b791d1f342 WNM: Use os_relatime_add_ms() helper
Just simplify the code a little bit by using the helper instead of doing
the math inline.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-02 12:48:42 +03:00
Jouni Malinen
da1a86afc6 WNM: Rename wnm_dissoc_timer
Use "disassoc" instead of "dissoc" when referring to disassociation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-08-02 12:48:25 +03:00
Benjamin Berg
ebd18f1ade WNM: Rename wnm_dissoc_addr
Use "disassoc" instead of "dissoc" when referring to disassociation.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-02 12:48:25 +03:00
Benjamin Berg
93eb3b83c6 WNM: Store whether disassociation address is an MLD MAC address
Commit 17a2aa822c ("WNM: Follow BTM procedure if the last link is
dropped") added code to store either the MLD MAC address or BSSID when
being disassociated. However, it did not save which one was stored
making the tests later on awkward.

Store whether it was an MLD MAC address or not and then do the test
accordingly.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-02 12:48:25 +03:00
Benjamin Berg
63ac001ed2 WNM: Only trigger selection logic for own scans
Commit e508c070c4 ("WNM: Keep BTM information until connection
completes") changed the logic so that much of the information about a
transition management request will be kept around for longer. However,
doing this also implies that the scan logic can be called multiple times
with wnm_dialog_token being set.

Add a guard to bail out if the scan was not done for a BTM request. But,
add it after the transition candidate validity check so that we reset
the state when a new scan invalidated it.

However, invalidation does not make sense for any scan, primarily an ML
probe request during a connection attempt should not trigger
invalidation. So move the call to wnm_scan_process() further down in the
list to avoid issues.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-08-02 12:48:18 +03:00
Purushottam Kushwaha
bb96540ef5 Add QCA vendor attribute to skip recently scanned channels
Add a new vendor attribute
QCA_WLAN_VENDOR_ATTR_SCAN_SKIP_CHANNEL_RECENCY_PERIOD for sub command
QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN to skip the recently scanned
channels within specified time (in ms), thus reducing the number of
channels for requested scan.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2024-08-01 20:16:50 +03:00
Veerendranath Jakkam
bc43e75b2b MLD STA: Fix destination address for EAPOL frames
For MLO association, specify the destination address as the AP MLD MAC
address for sending EAPOL frames. Previously, this was set to the BSSID
in all cases (and hoped for the driver to map it to MLD MAC address when
needed).

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-08-01 20:15:07 +03:00
David Bauer
69d18ab9f2 bgscan: Add OWE transition mode SSID to network scan
Add transition mode SSIDs to the SSID scan-list for bgscan. This is
currently missing and bgscan fails to scan for SSIDs on the OWE
transition network if one is currently used.

Signed-off-by: David Bauer <mail@david-bauer.net>
2024-08-01 18:16:34 +03:00
David Bauer
56e8f8bf34 OWE: Enable roaming between OWE APs
This allows to use the ROAM control interface command to force roaming
on a transition network. Previously, this was not possible, as the open
SSID is stored for the connection profile. Add a new function to also
return OWE transition networks if the profile SSID is set as the
transition-ssid for the OWE RSN network.

Signed-off-by: David Bauer <mail@david-bauer.net>
2024-08-01 18:06:54 +03:00
David Bauer
ddfed3f084 OWE: Reduce code duplication in OWE element parsing
Reduce the code-duplication for methods handling the OWE transition
mode.

Signed-off-by: David Bauer <mail@david-bauer.net>
2024-08-01 18:01:07 +03:00
Johannes Berg
1e54160515 hostapd: Fix BSS parameters change count on link removal
The value currently is simply incremented, but it must not
reach 255 and rather wrap around from 254 to 0, since in
the Reduced Neighbor Report 255 means unknown. Fix that.

Fixes: d95838b793 ("AP: Add support for testing ML link removal")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2024-08-01 17:30:12 +03:00
Diya Sati
21c3a7494c Add Link ID attribute for external ACS vendor command
The Link Id attribute is required for
qca_wlan_vendor_attr_external_acs_event to identify the link on which
the command is received for an AP MLD.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-01 10:38:24 +03:00
Shiva Sankar Gajula
5942965955 Add link ID attribute to ADD_STA_NODE QCA vendor command for AP MLD
Add QCA_WLAN_VENDOR_ATTR_ADD_STA_NODE_LINKID attribute to the
ADD_STA_NODE command to identify a specific link affiliated to an AP
MLD.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-08-01 10:37:10 +03:00
Purushottam Kushwaha
e1ab680c98 Add QCA vendor subcommand to request audio transport switch
Add a new sub command QCA_NL80211_VENDOR_SUBCMD_AUDIO_TRANSPORT_SWITCH
to request the audio data transport switch in both the command and event
path. This is used when two or more audio data transports are available
between peers.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2024-08-01 10:32:00 +03:00
Vinay Gannevaram
7e0e69cfea SAE: Send external auth status after sending Authentication frame
The driver might delete the STA node details on receiving external auth
status. In SAE authentication failure case on the AP, an Authentication
frame with a failure status is sent to the driver after sending the
external auth status. Authentication frame transmission didn't have a
dependency with STA node details earlier, but with MLO, Authentication
frames should be transmitted using the link address for a given MLD MAC
address by the supplicant. Since MLD to link address translation is done
by the driver, the STA node details are required to transmit the
Authentication frame. Hence, send external auth status to the driver
after sending the Authentication frame.

SAE external auth was introduced in commit 4ffb0fefe4 ("hostapd:
Support external authentication offload in AP mode"), which requires the
change in order of sending Authentication frame and auth status in case
of failure when using MLO.

Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>
2024-07-31 18:28:39 +03:00
Jouni Malinen
be6e4279fa RSNO: Verify all RSNE/RSNXE variants in multi-link cases
Use the RSN Override Link KDE to include the override variants of the
RSNE/RSNXE for each link so that all variants are verifies when
processing the protected EAPOL-Key message 3/4.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-07-30 19:56:00 +03:00
Jouni Malinen
4d110b4f87 tests: More detailed error logging for RSN overriding with MLD
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-07-30 18:52:15 +03:00
Jouni Malinen
521374b978 RSNO: Include all RSNE/RSNXE variants in EAPOL-Key message 3/4
This allows all variants to be verified based on a protected frame to
achieve robust downgrade protection.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-07-30 18:52:15 +03:00
Jouni Malinen
6f522baa1b RSNO: Use SNonce cookie to indicate support for RSN overriding
This provides an implicitly protected (SNonce is used as an input to PTK
derivation) mechanism for a STA to indicate support for RSN overriding
in a manner that does not cause interopability issues with deployed APs.

In addition, update sm->SNonce on the Authenticator only based on
message 2/4 since that is the only EAPOL-Key message that is defined to
provide the actual SNonce value. While clearing of this internal buffer
on message 4/4 might not cause issues, it is better to keep the actual
SNonce value here since the SNonce cookie can be used at a later point
in the sequence.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-07-30 12:16:05 +03:00
Jouni Malinen
62ca121f96 RSNO: Use the RSN Selection element to indicate which variant was used
This replaces the use of the RSNE Override and RSNE Override 2 elements
with empty payload to indicate which RSNE variant was used.

In addition, this adds stricter validation of the RSNE in
(Re)Association Request frame to allow only the pairwise cipher suites
and AKMs listed in the indicated RSNE variant to be used.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-07-30 12:16:05 +03:00
Jouni Malinen
524c452153 RSNO: Remove unused override element generation
The separate RSNOE/RSNO2E/RSNXOE buffers were not actually used on the
Authenticator, so remove them.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-07-30 12:16:05 +03:00