Commit graph

19503 commits

Author SHA1 Message Date
Rameshkumar Sundaram
78adbf2c08 AP MLD: Mark GKeyDone completed for STAs in a helper function
This makes it easier to extend the design for MLO group rekeying.

Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Co-developed-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 18:31:11 +03:00
Rameshkumar Sundaram
e5b49876a8 AP MLD: Debug print of MLO KDE lengths
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Co-developed-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 18:31:11 +03:00
Rameshkumar Sundaram
84d2a36da0 AP MLD: Require same AKM and pairwise cipher for all links
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Co-developed-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 18:31:11 +03:00
Jouni Malinen
8891ebdc1d Use defined values for RSN PN length
Make the code more readable by using a define for the PN length to avoid
potential confusion of this 6 octet length with the MAC address length.
In addition, Use ETH_ALEN more consistently for the latter.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-04-20 18:31:11 +03:00
Rameshkumar Sundaram
3ea7cf11db AP MLD: Enhance authenticator state machine
Add required ML specific members in struct wpa_authenticator and struct
wpa_state_machine to maintain self and partner link information.

Maintain state machine object in all associated link stations and
destroy/remove references from the same whenever link stations are
getting removed.

Increase the wpa_group object reference count for all links in which ML
station is getting associated and release the same whenever link
stations are getting removed.

Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 18:31:11 +03:00
Aditya Kumar Singh
19fdcf511b AP MLD: Skip association link processing in ML info
All links were iterated over during processing ML info in Association
Request frame. However, the association link info will not be present in
the ML info and hence the following debug print is observed during ML
association (assoc link is 1):

MLD: No link match for link_id=1

Skip processing for the association link to avoid this.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 18:31:11 +03:00
Sriram R
4a1197acde AP MLD: Update all partner links' beacons
Whenever there is a beacon update for any one of the affiliated link,
all the other partner links' beacon should be refreshed.

Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 18:31:11 +03:00
Sriram R
a518810322 AP MLD: Handle link_id in EAPOL RX handler
Add link ID support into EAPOL RX handler so that the events can
be routed to the appropriate link BSSs.

Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 18:31:11 +03:00
Sriram R
eea52c4b51 AP MLD: Handle link_id in EAPOL TX status handler
Add link ID support into EAPOL TX status handler so that the events can
be routed to the appropriate link BSSs.

Check each BSS's other partner link BSS STA list as well in
hostapd_find_by_sta() to support this.

Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 18:31:11 +03:00
Sriram R
636530bc26 hostapd: Make hostapd_eapol_tx_status() function static
hostapd_eapol_tx_status() function is used only in drv_callbacks.c.
However, it is defined in ieee802_11.c which is not really the correct
place for it.

Hence, move the function into drv_callbacks.c and make it static.

No functionality changes.

Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 18:31:09 +03:00
Sriram R
93d204b1ee nl80211: Move control port TX status to per BSS handling
Control port TX status events were handled on drv's first BSS
only. However, to support multiple MLDs there is requirement to handle
this on a given BSS.

Use the passed BSS instead of always going with drv's first BSS.

Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 15:58:48 +03:00
Sriram R
efb484bbce nl80211: Move Management frame TX status to per BSS handling
Management frame TX status events were handled on drv's first BSS
only. However, to support multiple MLDs there is requirement to handle
this on a given BSS.

Use the passed BSS instead of always going with drv's first BSS.

Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 15:58:48 +03:00
Sriram R
80864d0116 AP MLD/nl80211: Pass ctx in mlme_event_mgmt()
Pass ctx in mlme_event_mgmt(). This will help in routing the event
properly to the link BSS.

Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 15:58:48 +03:00
Sriram R
c36ad11500 AP MLD: Use link_id in the get_hapd_bssid() helper function
The get_hapd_bssid() function matched the given BSSID in all BSSs of its
own interface. However with MLO, there is requirement to check its own
partner BSS at least.

Compare the BSS's link partners as well and if the specified link ID
matches the link ID of the partner, return the BSS.

Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 15:58:48 +03:00
Sriram R
d9c5d601f1 AP NLD: Extend support for cohosted ML BSS
Modify necessary helper functions to support multiple BSS support for
MLO to make the changes scalable.

Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 15:58:48 +03:00
Sriram R
3d0cc612fc AP MLD: Support cohosted ML BSS
AP MLD was added with an assumption of only a single BSS per link in the
hostapd configuration. This needs to be extended when a cohosted ML BSS
exist in the same configuration.

Extend the support for cohosted BSSs. This is required for MBSSID MLO
support as well.

Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 15:58:48 +03:00
Aditya Kumar Singh
9098535ef1 AP MLD: Reset authenticator state machine's ML info
Authenticator state machine ML info was set only when it was created.
However, if the association is tried again, the state machine will
already exist and hence the ML info will not be refreshed. This leads to
an issue where if in the subsequent association request, the MLD info is
different than the old info, validation of it will fail.

Fix this issue by refreshing the authenticator state machine's ML info
every time association request is handled.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 15:58:48 +03:00
Jouni Malinen
866ed63243 Remove the bssid argument from send_auth_reply()
This became unused, so remove the argument from this function, all its
callers, and from places that became unused with these changes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-04-20 15:58:48 +03:00
Sriram R
fd1a35e14a AP MLD: Handle authentication and association on link address
The nl80211 driver interface function mlme_event_mgmt_tx_status(),
filled in link_id only if the frame was the last transmitted on the
whole drv (driver) level. With co-hosted MLDs, there could be cases
where multiple frames are sent out by various interfaces (BSS) under the
same drv. Now while handling the TX status, only one interface will get
the proper link_id. Rest will get -1 and the event will be routed to the
first BSS always. If the frame was not sent from the first BSS this
leads to possibility of the frame getting dropped.

Hence to make the underlying link identification easier, modify
authentication and association frames to be always sent with the link
address as A1 and A3 for ease of TX status handling.

Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-20 15:58:48 +03:00
Jouni Malinen
e4e7724560 AP MLD: Use if/else/endif comments more consistently
Include the condition in #else similarly to #endif.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-04-20 15:58:12 +03:00
Jouni Malinen
9e3988fc64 tests: Enable TLSv1.3 test cases with OpenSSL 3.3
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-04-20 11:08:50 +03:00
Jouni Malinen
9fcc636daf nl80211: Restore libnl3-route inclusion for full VLAN support with netlink
The changes in nl80211 to get rid of the libnl3-route dependency are not
sufficient to fully remove the depency from other parts of the code.
Revert the makefile related changes from that commit to avoid build
issues for cases where CONFIG_FULL_DYNAMIC_VLAN=y and
CONFIG_VLAN_NETLINK=y are used without CONFIG_DRIVER_MACSEC_LINUX=y
pulling in the needed library.

Fixes: a210fdb1c7 ("nl80211: Rewrite neigh code to not depend on libnl3-route")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-04-19 19:04:14 +03:00
Aleti Nageshwar Reddy
61c8cc94fa Add a vendor attribute to configure custom keep-alive interval for STA
Introduce an attribute QCA_WLAN_VENDOR_ATTR_CONFIG_KEEP_ALIVE_INTERVAL
in QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION to configure
station's keep-alive interval to the driver/firmware. This can be used
to resolve kickout issues from APs which kick out STAs before the BSS
maximum idle period expires.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-04-19 18:54:13 +03:00
Veerendranath Jakkam
47d1307d2c Add QCA vendor interface for reporting station info in unicast event
Add a QCA vendor command for registering NL80211_CMD_GET_STATION
response as a unicast event when there is a NL80211_CMD_GET_STATION
request from any userspace module.

The driver will send the unicast events with the same netlink port ID
which is used by userspace application for sending the registration
command. If multiple registration commands are received with different
netlink port IDs, the driver will send unicast event with each netlink
port ID separately.

Userspace application can deregister the unicast events with disable
configuration. The registrations will be removed automatically by the
driver when the corresponding netlink socket is closed.

This will help avoid multiple NL80211_CMD_GET_STATION requests from
different userspace applications in short span. The userspace
application which registers for the unicast event can avoid sending
NL80211_CMD_GET_STATION request again if the response is available with
a recently received unicast event.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-04-19 18:48:24 +03:00
Manaswini Paluri
3c79173c32 Add TWT responder support for AP in HT and VHT modes
Add support for TWT responder for AP operating in HT and VHT modes by
introducing a new configuration parameter ht_vht_twt_responder. When
this is enabled, TWT responder mode support in HT and VHT modes is
enabled if the driver supports this and is disabled otherwise.

Signed-off-by: Manaswini Paluri<quic_mpaluri@quicinc.com>
2024-04-19 18:38:37 +03:00
Manaswini Paluri
54b1df85c6 Add QCA vendor feature flag for TWT responder support in HT and VHT modes
Add a feature flag to indicate driver support for TWT responder for AP
operating in HT and VHT modes.

Signed-off-by: Manaswini Paluri<quic_mpaluri@quicinc.com>
2024-04-19 18:32:11 +03:00
Jouni Malinen
25e465d5b7 tests: Update RSA 3k certificates (2024)
These have not yet expired, but it is easier to get in sync with all
certificate updates.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-04-17 21:26:36 +03:00
Jouni Malinen
9e59cb8392 tests: Update server and user certificates (2024)
At least some of the previous versions have expired, so need to re-sign
these to avoid EAP test case failures. This contains updates from
running tests/hwsim/auth_server/update.sh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-04-17 21:25:56 +03:00
Jouni Malinen
ea2c5fe4d1 tests: Fix sigma_dut_dpp_pb_ap to clear sae_groups
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-04-16 11:22:41 +03:00
Aditya Kumar Singh
85ea5f3496 nl80211: Send link_id on sta_deauth()
i802_sta_deauth() already has the link_id passed to it in its arguments.
Use that to pass it down to send MLME handler as well.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-16 10:56:05 +03:00
Aditya Kumar Singh
62e0c10193 nl80211: Print the interface name in debug during link add
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-16 10:54:45 +03:00
Aditya Kumar Singh
e8764518bd nl80211: Generate link add command on per-BSS basis for AP MLD
Function nl80211_link_add() created the link add netlink message on drv
basis which in turn always uses the drv's first BSS. To support link add
for various other interfaces, use the per-BSS function to create the
netlink message.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-16 10:53:23 +03:00
Aditya Kumar Singh
16aea07e50 AP MLD: Simplify for_each_mld_link() macro
for_each_mld_link() macro used three nested for loops. Since now the
affliated links are linked together via a linked list, the logic can be
improved by using dl_list_for_each() macro instead which uses one for
loop.

Modify for_each_mld_link() macro to use dl_list_for_each() instead.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-16 10:51:24 +03:00
Johannes Berg
ae1a9909e0 tests: Add test with stuck ECSA in Probe Response frames
Add a test behaving like an Asus RT-AC53 with firmware
3.0.0.4.380_10760-g21a5898, which (in some cases?) can have an ECSA
element stuck in the probe response, when the channel switch is long
finished.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2024-04-16 10:46:15 +03:00
Johannes Berg
41fd49958d tests: Add connecting-while-CSA tests
Add a few tests to validate what happens with connections
while an AP is doing CSA:
 - quiet to diff channel (shouldn't connect)
 - quiet to same channel (shouldn't connect)
 - non-quiet to diff channel (shouldn't connect)
 - non-quiet to same channel (should connect)

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2024-04-16 10:46:13 +03:00
Johannes Berg
d43eb71da7 hostapd: Add support for testing Probe Response frame elements
Add support for additional (vendor) elements to be added
to only Probe Response frames, for testing.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2024-04-16 10:38:00 +03:00
Jouni Malinen
a6062568ab tests: Fix he_6ghz_reg to clear sae_groups
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-04-15 23:35:29 +03:00
Felix Fietkau
4b755c9672 build: De-duplicate _DIRS before calling mkdir
If the build path is long, the contents of the _DIRS variable can be
very long, since it repeats the same directories very often. In some
cases, this has triggered an "Argument list too long" build error.

Reported-by: Robert Marko <robimarko@gmail.com>
Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:19:42 +03:00
Felix Fietkau
9a44236452 hostapd: Only attempt to set QoS map if supported by the driver
This fixes issues with full-MAC drivers like brcmfmac.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:19:05 +03:00
Felix Fietkau
dec6fccf17 Support qos_map_set without CONFIG_INTERWORKING
This feature is useful on its own even without full interworking
support.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:18:24 +03:00
Felix Fietkau
8634e7343d mesh: Allow processing authentication frames in blocked state
If authentication fails repeatedly, e.g., because of a weak signal, the
link can end up in blocked state. If one of the nodes tries to establish
a link again before it is unblocked on the other side, it will block the
link to that other side. The same happens on the other side when it
unblocks the link. In that scenario, the link never recovers on its own.

To fix this, allow restarting authentication even if the link is in
blocked state, but don't initiate the attempt until the blocked period
is over. This reverts commit 09d96de09e ("mesh: Drop Authentication
frames from BLOCKED STA").

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:14:33 +03:00
Felix Fietkau
a210fdb1c7 nl80211: Rewrite neigh code to not depend on libnl3-route
This removes an unnecessary dependency and also makes the code smaller.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:12:51 +03:00
Felix Fietkau
3ef0579013 ndisc_snoop: Call dl_list_del() before freeing IPv6 addresses
This fixes a segmentation fault on STA disconnect in case IPv6 addresses
where learned for the STA based on snooped neighbor solicication.

Fixes: bd00c4311c ("AP: Add Neighbor Discovery snooping mechanism for Proxy ARP")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:05:00 +03:00
Felix Fietkau
e1cd3fe3cd Cancel channel_list_update_timeout() in hostapd_cleanup_iface_partial()
This fixes a crash when disabling an interface during channel list
update.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:02:03 +03:00
Felix Fietkau
47d7f31693 nl80211: Update drv->ifindex on removing the first BSS
Otherwise it will point at the ifindex of the just removed BSS.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:00:58 +03:00
Raj Kumar Bhagat
1be706e862 hostapd: Add RRM link measurement request support
RRM link measurement request/report management frames are used to get
the radio link information between the connected stations.

Add new hostapd_cli command req_link_measurement to send an RRM link
measurement request to an associated station. Add support to handle the
link measurement report in hostapd.

RRM link measurement support can be enabled with the following new
configuration parameter:
rrm_link_measurement_report=1

Signed-off-by: Raj Kumar Bhagat <quic_rajkbhag@quicinc.com>
Signed-off-by: Yuvarani V <quic_yuvarani@quicinc.com>
2024-04-15 22:28:55 +03:00
Karthikeyan Kathirvel
92fdb49b2e AP MLD: Set DTIM information properly in per-STA profile
The DTIM information in the per-STA profile is set incorrectly. The DTIM
period is set in the LSB octet of the DTIM Info subfield (2 octets),
which is intended for the DTIM count.

Fix this by setting the DTIM period and DTIM count information properly
to the MSB and LSB octets of the DTIM Info subfield, respectively.

Signed-off-by: Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
Signed-off-by: Govindaraj Saminathan <quic_gsaminat@quicinc.com>
2024-04-15 12:04:01 +03:00
Rajat Soni
36bd75dfd2 hostapd: Fix channel switch to a DFS channel
When we are configuring automatic channel selection, we are not able to
switch to a given DFS channel because when we are trying to move to a
DFS channel, the interface is disabled and enabled again. When the
interface is disabled and enabled we are setting iface's freq and
channel to 0 in setup_interface2() in case ACS is enabled, and now we
don't know to which channel we were trying to move. Now ACS will run and
the interface will be up in the channel that is suitable.

To fix this issue add a flag named is_ch_switch_dfs to check if the
channel switch request is for a DFS channel and we can use this in
setup_interface2() to decide whther we have to set iface's freq and
channel to 0 or not. This way iface's freq and channel will retain the
values while channel switching to a DFS channel when ACS is enabled.

Signed-off-by: Rajat Soni <quic_rajson@quicinc.com>
2024-04-15 11:56:41 +03:00
Chenming Huang
f4b84ecaf7 AP MLD: Track radar detection in offloaded DFS case
Add a new flag radar_detected which is used in the following cases
when setting up a link on a DFS channel while the interface is not yet
enabled:
    1. DFS link received CAC start event
    2. If no radar detected, link setup succeeeds after CAC end
       event is received. Else go to 3.
    3. Radar detected on this link -> set radar_detected bit
    4. CAC end received for the current freq -> Do not setup interface
       as radar already detected. Clear radar_detected bit.
    5. The driver sends channel switch event to switch to another channel
        a. Switch to another DFS channel -> go to 1
        b. Switch to non-DFS channel -> proceed to set up interface

Or when receiving a CAC start event when the interface is already set up:
    1. DFS link already set up successfully
    2. Radar detected on this link -> set radar_detected bit
       a. Switch to DFS channel
           a.1. CAC start -> clear radar_detected bit and partner RNR
           a.2. If radar detected, go to 2.
           a.3. CAC end -> clear radar_detected bit
           a.4. Link enabled successfully
       b. Switch to non-DFS channel
           b.1  No op and the driver handles this

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-04-15 11:38:56 +03:00
Chenming Huang
aaf879ef20 AP MLD: Do not update other links' RNR element if not enabled yet
When one link is still under CAC or disabled, peer links should not
carry the information of this link in the RNR elements.

With this change, the RNR element will be included only if a peer link
is in HAPD_IFACE_ENABLED state.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-04-15 11:38:49 +03:00