This makes it easier to extend the design for MLO group rekeying.
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Co-developed-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Make the code more readable by using a define for the PN length to avoid
potential confusion of this 6 octet length with the MAC address length.
In addition, Use ETH_ALEN more consistently for the latter.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add required ML specific members in struct wpa_authenticator and struct
wpa_state_machine to maintain self and partner link information.
Maintain state machine object in all associated link stations and
destroy/remove references from the same whenever link stations are
getting removed.
Increase the wpa_group object reference count for all links in which ML
station is getting associated and release the same whenever link
stations are getting removed.
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
All links were iterated over during processing ML info in Association
Request frame. However, the association link info will not be present in
the ML info and hence the following debug print is observed during ML
association (assoc link is 1):
MLD: No link match for link_id=1
Skip processing for the association link to avoid this.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Whenever there is a beacon update for any one of the affiliated link,
all the other partner links' beacon should be refreshed.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Add link ID support into EAPOL RX handler so that the events can
be routed to the appropriate link BSSs.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Add link ID support into EAPOL TX status handler so that the events can
be routed to the appropriate link BSSs.
Check each BSS's other partner link BSS STA list as well in
hostapd_find_by_sta() to support this.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
hostapd_eapol_tx_status() function is used only in drv_callbacks.c.
However, it is defined in ieee802_11.c which is not really the correct
place for it.
Hence, move the function into drv_callbacks.c and make it static.
No functionality changes.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Control port TX status events were handled on drv's first BSS
only. However, to support multiple MLDs there is requirement to handle
this on a given BSS.
Use the passed BSS instead of always going with drv's first BSS.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Management frame TX status events were handled on drv's first BSS
only. However, to support multiple MLDs there is requirement to handle
this on a given BSS.
Use the passed BSS instead of always going with drv's first BSS.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Pass ctx in mlme_event_mgmt(). This will help in routing the event
properly to the link BSS.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
The get_hapd_bssid() function matched the given BSSID in all BSSs of its
own interface. However with MLO, there is requirement to check its own
partner BSS at least.
Compare the BSS's link partners as well and if the specified link ID
matches the link ID of the partner, return the BSS.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Modify necessary helper functions to support multiple BSS support for
MLO to make the changes scalable.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
AP MLD was added with an assumption of only a single BSS per link in the
hostapd configuration. This needs to be extended when a cohosted ML BSS
exist in the same configuration.
Extend the support for cohosted BSSs. This is required for MBSSID MLO
support as well.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Authenticator state machine ML info was set only when it was created.
However, if the association is tried again, the state machine will
already exist and hence the ML info will not be refreshed. This leads to
an issue where if in the subsequent association request, the MLD info is
different than the old info, validation of it will fail.
Fix this issue by refreshing the authenticator state machine's ML info
every time association request is handled.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
This became unused, so remove the argument from this function, all its
callers, and from places that became unused with these changes.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The nl80211 driver interface function mlme_event_mgmt_tx_status(),
filled in link_id only if the frame was the last transmitted on the
whole drv (driver) level. With co-hosted MLDs, there could be cases
where multiple frames are sent out by various interfaces (BSS) under the
same drv. Now while handling the TX status, only one interface will get
the proper link_id. Rest will get -1 and the event will be routed to the
first BSS always. If the frame was not sent from the first BSS this
leads to possibility of the frame getting dropped.
Hence to make the underlying link identification easier, modify
authentication and association frames to be always sent with the link
address as A1 and A3 for ease of TX status handling.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
The changes in nl80211 to get rid of the libnl3-route dependency are not
sufficient to fully remove the depency from other parts of the code.
Revert the makefile related changes from that commit to avoid build
issues for cases where CONFIG_FULL_DYNAMIC_VLAN=y and
CONFIG_VLAN_NETLINK=y are used without CONFIG_DRIVER_MACSEC_LINUX=y
pulling in the needed library.
Fixes: a210fdb1c7 ("nl80211: Rewrite neigh code to not depend on libnl3-route")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Introduce an attribute QCA_WLAN_VENDOR_ATTR_CONFIG_KEEP_ALIVE_INTERVAL
in QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION to configure
station's keep-alive interval to the driver/firmware. This can be used
to resolve kickout issues from APs which kick out STAs before the BSS
maximum idle period expires.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a QCA vendor command for registering NL80211_CMD_GET_STATION
response as a unicast event when there is a NL80211_CMD_GET_STATION
request from any userspace module.
The driver will send the unicast events with the same netlink port ID
which is used by userspace application for sending the registration
command. If multiple registration commands are received with different
netlink port IDs, the driver will send unicast event with each netlink
port ID separately.
Userspace application can deregister the unicast events with disable
configuration. The registrations will be removed automatically by the
driver when the corresponding netlink socket is closed.
This will help avoid multiple NL80211_CMD_GET_STATION requests from
different userspace applications in short span. The userspace
application which registers for the unicast event can avoid sending
NL80211_CMD_GET_STATION request again if the response is available with
a recently received unicast event.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add support for TWT responder for AP operating in HT and VHT modes by
introducing a new configuration parameter ht_vht_twt_responder. When
this is enabled, TWT responder mode support in HT and VHT modes is
enabled if the driver supports this and is disabled otherwise.
Signed-off-by: Manaswini Paluri<quic_mpaluri@quicinc.com>
Add a feature flag to indicate driver support for TWT responder for AP
operating in HT and VHT modes.
Signed-off-by: Manaswini Paluri<quic_mpaluri@quicinc.com>
At least some of the previous versions have expired, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.
Signed-off-by: Jouni Malinen <j@w1.fi>
i802_sta_deauth() already has the link_id passed to it in its arguments.
Use that to pass it down to send MLME handler as well.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Function nl80211_link_add() created the link add netlink message on drv
basis which in turn always uses the drv's first BSS. To support link add
for various other interfaces, use the per-BSS function to create the
netlink message.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
for_each_mld_link() macro used three nested for loops. Since now the
affliated links are linked together via a linked list, the logic can be
improved by using dl_list_for_each() macro instead which uses one for
loop.
Modify for_each_mld_link() macro to use dl_list_for_each() instead.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Add a test behaving like an Asus RT-AC53 with firmware
3.0.0.4.380_10760-g21a5898, which (in some cases?) can have an ECSA
element stuck in the probe response, when the channel switch is long
finished.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add a few tests to validate what happens with connections
while an AP is doing CSA:
- quiet to diff channel (shouldn't connect)
- quiet to same channel (shouldn't connect)
- non-quiet to diff channel (shouldn't connect)
- non-quiet to same channel (should connect)
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add support for additional (vendor) elements to be added
to only Probe Response frames, for testing.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If the build path is long, the contents of the _DIRS variable can be
very long, since it repeats the same directories very often. In some
cases, this has triggered an "Argument list too long" build error.
Reported-by: Robert Marko <robimarko@gmail.com>
Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
If authentication fails repeatedly, e.g., because of a weak signal, the
link can end up in blocked state. If one of the nodes tries to establish
a link again before it is unblocked on the other side, it will block the
link to that other side. The same happens on the other side when it
unblocks the link. In that scenario, the link never recovers on its own.
To fix this, allow restarting authentication even if the link is in
blocked state, but don't initiate the attempt until the blocked period
is over. This reverts commit 09d96de09e ("mesh: Drop Authentication
frames from BLOCKED STA").
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes a segmentation fault on STA disconnect in case IPv6 addresses
where learned for the STA based on snooped neighbor solicication.
Fixes: bd00c4311c ("AP: Add Neighbor Discovery snooping mechanism for Proxy ARP")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
RRM link measurement request/report management frames are used to get
the radio link information between the connected stations.
Add new hostapd_cli command req_link_measurement to send an RRM link
measurement request to an associated station. Add support to handle the
link measurement report in hostapd.
RRM link measurement support can be enabled with the following new
configuration parameter:
rrm_link_measurement_report=1
Signed-off-by: Raj Kumar Bhagat <quic_rajkbhag@quicinc.com>
Signed-off-by: Yuvarani V <quic_yuvarani@quicinc.com>
The DTIM information in the per-STA profile is set incorrectly. The DTIM
period is set in the LSB octet of the DTIM Info subfield (2 octets),
which is intended for the DTIM count.
Fix this by setting the DTIM period and DTIM count information properly
to the MSB and LSB octets of the DTIM Info subfield, respectively.
Signed-off-by: Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
Signed-off-by: Govindaraj Saminathan <quic_gsaminat@quicinc.com>
When we are configuring automatic channel selection, we are not able to
switch to a given DFS channel because when we are trying to move to a
DFS channel, the interface is disabled and enabled again. When the
interface is disabled and enabled we are setting iface's freq and
channel to 0 in setup_interface2() in case ACS is enabled, and now we
don't know to which channel we were trying to move. Now ACS will run and
the interface will be up in the channel that is suitable.
To fix this issue add a flag named is_ch_switch_dfs to check if the
channel switch request is for a DFS channel and we can use this in
setup_interface2() to decide whther we have to set iface's freq and
channel to 0 or not. This way iface's freq and channel will retain the
values while channel switching to a DFS channel when ACS is enabled.
Signed-off-by: Rajat Soni <quic_rajson@quicinc.com>
Add a new flag radar_detected which is used in the following cases
when setting up a link on a DFS channel while the interface is not yet
enabled:
1. DFS link received CAC start event
2. If no radar detected, link setup succeeeds after CAC end
event is received. Else go to 3.
3. Radar detected on this link -> set radar_detected bit
4. CAC end received for the current freq -> Do not setup interface
as radar already detected. Clear radar_detected bit.
5. The driver sends channel switch event to switch to another channel
a. Switch to another DFS channel -> go to 1
b. Switch to non-DFS channel -> proceed to set up interface
Or when receiving a CAC start event when the interface is already set up:
1. DFS link already set up successfully
2. Radar detected on this link -> set radar_detected bit
a. Switch to DFS channel
a.1. CAC start -> clear radar_detected bit and partner RNR
a.2. If radar detected, go to 2.
a.3. CAC end -> clear radar_detected bit
a.4. Link enabled successfully
b. Switch to non-DFS channel
b.1 No op and the driver handles this
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
When one link is still under CAC or disabled, peer links should not
carry the information of this link in the RNR elements.
With this change, the RNR element will be included only if a peer link
is in HAPD_IFACE_ENABLED state.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>