The max transmit power of Standard Power (SP) Access Points (AP) on
6 GHz band and APs on 2.4 GHz and 5 GHz bands is limited by effective
isotropic radiated power (EIRP), while the max transmit power of Low
Power Indoor (LPI) APs on 6 GHz Band is limited by power spectral
density (PSD). Therefore the max transmit power of LPI APs grows as the
channel width increases, similar to the noise power which has constant
PSD.
Adjust the SNR of BSSes based on the transmit power config and max
channel width. EIRP limited APs usually have constant max transmit power
on different channel widths, their SNR decreases on larger channel width
because the noise power is higher, while PSD limited APs have constant
SNR over all channel widths.
Signed-off-by: Kaidong Wang <kaidong@chromium.org>
Beacon frames are allowed to optionally include one more more Reduced
Neighbor Report elements. Only the first one was parsed previously.
Extend this to use a loop to go through all included RNR elements.
Signed-off-by: Ben Greear <greearb@candelatech.com>
The driver is expected to update the DTIM Count field for each BSS that
corresponds to a nontransmitted BSSID. Initialized this value to 0 in
the Beacon frame template so that the DTIM count would be somewhat
functional even if the driver were not to update this.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
In case of low-memory conditions, the computation for legendre symbol
can fail and return -2 as per documentation, but the check for that
was missed here. And this can can cause an infinite loop searching for
qr and qnr if the error repeats for each attempt.
Break the loop if calculation fails, we can leave retry to the callers
or user. This is similar to the way allocation and generation of a new
random number was handled in this loop.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Currently the documentation for QCA_WLAN_VENDOR_ATTR_CONFIG_MLO_LINK_ID
indicates it is only for use inside nest attribute
QCA_WLAN_VENDOR_ATTR_CONFIG_MLO_LINKS. Update the documentation to
allow it to be used outside that nest as well.
Signed-off-by: Mohan Prabu <quic_mprabub@quicinc.com>
Also this EAPOL frame uses the MLD MAC address of the AP MLD when sent
during an MLO association.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
For MLO association, specify destination address as the MLD MAC address
for sending Group Key msg 2/2.
Signed-off-by: Rohan Dutta <quic_drohan@quicinc.com>
This adds the newer driver capability "flags2" bitmask to the
hostapd_cli/wpa_cli "status driver" result.
Signed-off-by: Gokul Sivakumar <gokulkumar.sivakumar@infineon.com>
This was already done for driver_flags, but the newer driver_flags2 was
not covered here.
Signed-off-by: Gokul Sivakumar <gokulkumar.sivakumar@infineon.com>
Populate the switch case in the driver_flag2_to_string() function with
the full list of feature MACROs represented with the "flags2" bitmask.
Signed-off-by: Gokul Sivakumar <gokulkumar.sivakumar@infineon.com>
Set WPA_DRIVER_FLAGS2_SAE_OFFLOAD flag if the driver indicates SAE
authentication offload support for STA mode. Allow SAE password to be
provided to the driver in such cases when using the CONNECT command.
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
Signed-off-by: Daisuke Mizobuchi <mizo@atmark-techno.com>
The key server may be removed due to the ingress packets delay. In this
situation, the endpoint of the key server may not be aware of this
participant who has removed the key server from the peer list. Because
the egress traffic is normal, the key server will not remove this
participant from the peer list of the key server. So in the next MKA
message, the key server will not dispatch a new SAK to this participant.
And this participant cannot be aware of that that is a new round of
communication so that it will not update its MI at re-adding the key
server to its peer list. So we need to update MI to avoid the failure of
re-establishment MKA session.
Signed-off-by: Ze Gan <ganze718@gmail.com>
The key server may not include dist sak and use sak in one packet.
Meanwhile, after dist sak, the current participant (non-key server) will
install SC or SA(s) after decoding the dist sak which may take few
seconds in real physical platforms. Meanwhile, the peer expire time is
always initialized at adding the key server to peer list. The gap
between adding the key server to peer list and processing next use sak
packet may exceed the threshold of MKA_LIFE_TIME (6 s). It will cause an
unexpected cleanup (delete SC and SA(s)), so update the expire timeout
at dist sak also.
Signed-off-by: Ze Gan <ganze718@gmail.com>
Prevent loading arbitrary executable code based on config at runtime,
while allowing libraries to be specified at compile time when they are
known in advance.
Add the ability to configure libraries to load at compile time.
* CONFIG_PKCS11_ENGINE_PATH - pkcs11_engine library location.
* CONFIG_PKCS11_MODULE_PATH - pkcs11_module library location.
* CONFIG_OPENSC_ENGINE_PATH - opensc_engine library location.
Add flags with the ability to set each of the libraries to NULL and
prevent loading them at runtime.
* CONFIG_NO_PKCS11_ENGINE_PATH - prevents loading pkcs11_engine
library.
* CONFIG_NO_PKCS11_MODULE_PATH - prevents loading pkcs11_module
library.
* CONFIG_NO_OPENSC_ENGINE_PATH - prevents loading opensc_engine
library.
* CONFIG_NO_LOAD_DYNAMIC_EAP - prevents loading EAP libraries at
runtime.
Signed-off-by: David Ruth <druth@chromium.org>
Fix the calls to wc_AesEncryptDirect(). Old versions of wolfCrypt FIPS
had wc_AesEncryptDirect() return void instead of int. Fix this build
issue.
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
Add support for Authentication negotiated over IEEE Std 802.1X
with key derivation function using SHA-384.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Many of the STRUCT_PACKED structs are not within the pragmas resulting
in wrong packing using MSVC. Fix it by moving pragma to EOF to ensure
proper packing.
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
There is a delay between sending Association Response frame after having
received Association Request frame, due to the fact that between
receiving the request and sending the response the Beacon frame contents
is updated, after analyzing inputs from the STA. There may be several
updates if multiple fields need to change. This can cause issues with
some devices in noisy environments with many BSSs and connected STAs.
Optimize this by updating the beacon only once, even if there are
multiple reasons for updates.
Signed-off-by: Jurijs Soloveckis <jsoloveckis@maxlinear.com>
If the number of TBTT info is greater than RNR_TBTT_INFO_COUNT_MAX, the
new Neighbor AP Information field would need to be added in the RNR
element. However, the condition of adding Neighbor AP Information field
does not consider number of TBTT info. That would cause invalid Neighbor
AP Information field (the while loop will fill data by eid pointer) when
setting RNR element.
Signed-off-by: Allen.Ye <allen.ye@mediatek.com>
When it comes to set some BSS's beacon, there are two reasons to
update the beacon of co-located hostapd_iface(s) at the same time:
1. 6 GHz out-of-band discovery
2. MLD operational parameters update
BSS load update is unrelated with the above two reasons, and therefore
is not the case to update beacon for co-location. Moreover, updating
beacon for co-location when BSS load update makes hostapd set beacon too
frequently, which makes hostapd busy setting beacon in a multi-BSS case.
Add a new function to update beacon only for current BSS and use the
function during BSS load update.
Signed-off-by: Michael Lee <michael-cy.lee@mediatek.com>
Signed-off-by: Money Wang <money.wang@mediatek.com>
From IEEE 802.11:
The DSSS Parameter Set element is present within Beacon frames
generated by STAs using Clause 15, Clause 16, and Clause 18
PHYs.
The element is present within Beacon frames generated by STAs
using a Clause 19 PHY in the 2.4 GHz band.
Same is applied to the Probe Response frame.
Do not include the DSSS Parameters Set element when operating on other
bands.
Signed-off-by: Jurijs Soloveckis <jsoloveckis@maxlinear.com>
The function should return bool (0/1) and not int. In some environments
bool may be defined as unsigned char, so bits higher then 7 will be
discarded during the downcast. Fix it.
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This is needed to avoid generating an nontransmitted BSS profile that
would claim the Extended Rates element to be non-inherited.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The List of Element ID Extensions field is not an optional field, so
include it in the Non-Inheritance element with Length=0 to indicate that
there is no Element ID Extension List.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Presence of any 6ghz channels indicates nl80211 driver 6 GHz support,
not non-DISABLED channels. This increases the timeout for scan
completion for cases where 6 GHz might get scanned even if all the
channel there are currently DISABLED.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
To support Opportunistic Key Caching for Suite B key management, KCK
needs to be stored on PMKSA to derive the new PMKID correctly when
processing reassociation from a STA to a new AP.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
To support Opportunistic Key Caching for Suite B key management, KCK
needs to be stored on PMKSA to derive the new PMKID correctly for the
new roaming AP.
Signed-off-by: Vinoth V <vinoth117@gmail.com>
