Commit graph

1004 commits

Author SHA1 Message Date
John Crispin
59d9c3a145 nl80211: Allow HE Capability to be set for a STA
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
Toke Høiland-Jørgensen
6720b9482f nl80211: Station airtime weight configuration
This provides a mechanism for configuring per-STA airtime weight for
airtime policy configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-05-02 13:28:17 +03:00
Toke Høiland-Jørgensen
58d4c23615 nl80211: Fetch STA TX/RX duration statistics
This makes per-STA TX/RX duration statistics available for airtime policy
configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-04-30 12:34:58 +03:00
Toke Høiland-Jørgensen
1d6f63854e nl80211: Fetch STA TXQ backlog statistics
This makes per-STA TXQ backlog statistics available for airtime policy
configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-04-30 12:34:58 +03:00
Jouni Malinen
099224c18e nl80211: Simplify if_indices tracking
Maintain a single array (of struct with two int variables) instead of
two independent arrays (of int) for tracking know ifindexes and reasons
for having added them. The previous implementation tried to maintain two
independent arrays even though they were always required to be of
exactly same length and order. That had resulted in a bug earlier and
the code was not exactly easy to understand either, so replace this with
a single array.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 21:05:54 +03:00
Jouni Malinen
e6ca2f1139 nl80211: Fix handling of if_indices reallocation failure
Addition of a separate if_indices_reason array broke reallocation
failure checking. drv->if_indices or drv->if_indices_reason could not be
NULL in the place where this check was moved to. Fix that by maintaining
knowledge of reallocation failure in a separate local variable.

Fixes: 732b1d20ec ("nl80211: Clean up ifidx properly if interface in a bridge is removed")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 20:52:10 +03:00
Jouni Malinen
4be17ffbd9 Replace int status/reason_code with u16 variable
These cases are for the IEEE 802.11 Status Code and Reason Code and
those fields are unsigned 16 bit values, so use the more appropriate
type consistently. This is mainly to document the uses and to make the
source code easier to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-22 22:08:07 +03:00
Jouni Malinen
c8931afe24 nl80211: Check nla_put_flag() failure for ext auth
All nla_put*() operations should be verified to succeed, so check this
recently added one for NL80211_ATTR_EXTERNAL_AUTH_SUPPORT.

Fixes: 236e793e7b ("nl80211: External authentication in driver-based AP SME mode")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-18 21:55:39 +03:00
Ilan Peer
323a51cc01 nl80211: Handle NL80211_CMD_PROBE_CLIENT command response
When processing the NL80211_CMD_PROBE_CLIENT command response, the
nl80211 layer in the kernel sends a response containing the cookie
associated with the client probe request. This response was not handled
by driver_nl80211.c when sending the command, and it was mistakenly
handled as an asynchronous event. This incorrect event did not include
the MAC/ACK attributes, so it was ignored in practice, but nevertheless,
the command response should not be processed as an event.

Fix this by reading the response as part of the sending the command
flow.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2019-04-16 01:53:18 +03:00
Jouni Malinen
091c227714 nl80211: Clear bss->freq on station mode disconnection
This fixes some issues where bss->freq could have been used to replace
the current operating channel when sending out a management frame.
bss->freq has not been consistently used to track the current operating
channel in station mode, so it should not be trusted for this type of
uses. Clearing it makes this a bit more robust by at least avoiding the
cases of information from past association being used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 12:33:37 +03:00
Jouni Malinen
dd1a8cef4c Remove unnecessary copying of SSID and BSSID for external_auth
The external authentication command and event does not need to copy the
BSSID/SSID values into struct external_auth since those values are used
before returning from the call. Simplify this by using const u8 * to
external data instead of the array with a copy of the external data.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-12 20:43:26 +03:00
Srinivas Dasari
236e793e7b nl80211: External authentication in driver-based AP SME mode
This extends driver interface to nl80211 by introducing the following
changes,
1. Register for Authenication frames in driver-based AP SME mode.
2. Advertise NL80211_ATTR_EXTERNAL_AUTH_SUPPORT in set_ap when
   offloaded SAE authentication is supported.
3. Extend the NL80211_CMD_EXTERNAL_AUTH interface to also send PMKID
   so that the drivers can respond to the PMKSA cached connection
   attempts from the stations avoiding the need to contact user space
   for all PMKID-based connections.
4. Send external auth status to driver only if it is a driver based
   SME solution.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
2019-04-12 20:29:56 +03:00
Ankita Bajaj
005585d602 nl80211: Add SAE, FT-SAE, FT-EAP-SHA384 AKMs in connect request
This is needed for full MAC drivers that use NL80211_CMD_CONNECT
for issuing connect request.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-05 21:02:37 +03:00
Jouni Malinen
6d14b98fc6 nl80211: Do not add WMM parameters when updating an existing STA entry
In the case of the driver not supporting full AP mode STA state (i.e.,
not adding a STA entry before association), the QoS parameters are not
allowed to be modified when going through (re)association exchange for a
STA entry that has not been removed from the kernel. cfg80211 would
reject such command to update STA flags, so do not add the WMM parameter
in this case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 03:14:02 +02:00
vamsi krishna
4efade3157 nl80211: Clear keys from heap memory before freeing it for get_seqnum
NL80211_CMD_GET_KEY response may return the actual key in addition to
the last used sequence number that we need. That might result in a key
being left in unused heap memory after the buffer is freed.

Explicitly clear the message payload with the possibly included key
material from heap memory before returning from the handler function
(and having libnl free the nlmsg) when key information is obtained from
the driver using the NL80211_CMD_GET_KEY command.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 14:54:18 +02:00
vamsi krishna
c6ec9759c5 nl80211: Exclude PMK when sending NL80211_CMD_DEL_PMKSA explicitly
Add a check in nl80211 driver layer to not include PMK while sending
NL80211_CMD_DEL_PMKSA explicitly. Though it is taken care already in
supplicant layer by setting the pmk_len to zero, it would be good
to have a check in nl80211 layer in order to avoid future accidental
inclusions of keying material in commands that do not need them.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 13:22:40 +02:00
Jouni Malinen
bf0021ede3 Allow fragmentation/RTS threshold to be disabled explicitly
hostapd configuration parameters fragm_threshold and rts_threshold were
documented to disable the threshold with value -1 and not change driver
configuration if the parameter is not included. However, -1 was mapped
into not changing the driver value, so the explicit disabling part did
not work.

Replace the default values for these to be -2 so that explicitly set
configuration value -1 can be distinguished from the case of not
including the parameter. Map the -1 value to a driver request to disable
the threshold. Ignore any error from this operation just in case to
avoid breaking functionality should some drivers not accept the (u32) -1
value as a threshold value request to disable the mechanism.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-12 17:15:08 +02:00
Jouni Malinen
21cd8f8319 nl80211: Use wpa_ssid_txt() for debug messages more consistently
Print the SSID with printf escaping instead of wpa_hexdump_ascii()
format to clean up the debug log a bit. This was already done for number
of SSID debug prints.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
6110753b18 nl80211: Clear PMKID add command message buffer
This command has now been extended to include PMK for offload needs, so
the message buffer needs to be cleared explicitly after use to avoid
leaving such material in heap memory unnecessarily.

Fixes: 061a3d3d53 ("nl80211: Add support for FILS Cache Identifier in add/remove_pmkid()")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
0fa33e05b4 nl80211: Clear connect command message buffer
This command can include keys (WEP or PSK for offload), so the message
buffer needs to be cleared explicitly after use to avoid leaving such
material in heap memory unnecessarily.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
b14e8ea1d2 nl80211: Request kernel to trim off payload of netlink requests from acks
We do not need such payload in the acknowledgment, so adding it uses
resources unnecessarily. Furthermore, the original request can include
key material (e.g., NL80211_ATTR_PMK). libnl does not explicitly clear
this received message buffer and it would be inconvenient for
wpa_supplicant/hostapd to try to clear it with the current libnl design
where a duplicated buffer is actually passed to the callback. This means
that keys might be left unnecessarily in heap memory. Avoid this by
requesting the kernel not to copy back the request payload.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Arend van Spriel
d896874f86 nl80211: Indicate 802.1X 4-way handshake offload in connect
Upon issuing a connect request we need to indicate that we want the
driver to offload the 802.1X 4-way handshake for us. Indicate it if
the driver capability supports the offload.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-01-08 01:12:02 +02:00
Arend van Spriel
436ee2fd93 drivers: Add separate driver flags for 802.1X and PSK 4-way HS offloads
Allow drivers to indicate support for offloading 4-way handshake for
either IEEE 802.1X (WPA2-Enterprise; EAP) and/or WPA/WPA2-PSK
(WPA2-Personal) by splitting the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE flag
into two separate flags.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-01-08 01:12:02 +02:00
Jouni Malinen
fea49f8f93 nl82011: Make wiphy-specific country (alpha2) available in STATUS-DRIVER
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-31 16:41:24 +02:00
Jouni Malinen
f9052d6ea5 nl80211: Note interface-removal-from-bridge errors in debug log
One of the linux_br_del_if() calls did not log nl80211-specific entry.
Make this more consistent with the other cases even though
linux_br_add_if() function itself is logging an error in the ioctl()
failure case (but not in the interface not found case).

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-31 01:05:23 +02:00
Johannes Berg
5b82cdbe8b nl80211: Add support for starting FTM responder
Add support for starting FTM responder when in AP mode. This just sends
the appropriate NEW/SET_BEACON command to the driver with the LCI/civic
location data.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-12-21 11:22:35 +02:00
Venkateswara Naralasetty
5abc7823bd wpa_supplicant: Add Multi-AP backhaul STA support
Advertise vendor specific Multi-AP IE in (Re)Association Request frames
and process Multi-AP IE from (Re)Association Response frames if the user
enables Multi-AP fuctionality. If the (Re)Association Response frame
does not contain the Multi-AP IE, disassociate.

This adds a new configuration parameter 'multi_ap_backhaul_sta' to
enable/disable Multi-AP functionality.

Enable 4-address mode after association (if the Association Response
frame contains the Multi-AP IE). Also enable the bridge in that case.
This is necessary because wpa_supplicant only enables the bridge in
wpa_drv_if_add(), which only gets called when an interface is added
through the control interface, not when it is configured from the
command line.

Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-12-20 12:10:31 +02:00
Mathy Vanhoef
f9da7505bf OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.

On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.

Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.

As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:42:23 +02:00
Mathy Vanhoef
7f00dc6e15 Add driver API to get current channel parameters
This adds driver API functions to get the current operating channel
parameters. This encompasses the center frequency, channel bandwidth,
frequency segment 1 index (for 80+80 channels), and so on.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Jouni Malinen
bd51246924 nl80211: Debug print TX queue parameter values and result
Some mac80211_hwsim test cases have failed with mysterious sequence
where mac80211 has claimed the parameters are invalid ("wlan3: invalid
CW_min/CW_max: 9484/40"). Those values look strange since they are not
from hostapd configuration or default values.. hostapd is seeing TX
queue parameter set failing for queues 0, 1, and 3 (but not 2) for these
cases. Add debug prints to hostapd to get more details on what exactly
is happening if such error cases can be reproduced.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 19:50:59 +02:00
Cedric Izoard
10d32e2c8d nl80211: Use netlink connect socket for disconnect (ext auth)
When external authentication is used, a specific netlink socket is used
to send the connect command. If the same socket is not used for
disconnect command, cfg80211 will discard the command. This constraint
was added into the kernel in commit bad292973363 ("nl80211: Reject
disconnect commands except from conn_owner"). That requires an update
for the hostap.git commit 40a68f3384 ("nl80211: Create a netlink
socket handle for the Connect interface").

Add a new flag into struct i802_bss to indicate if the special
nl_connect socket was used for the connect command. When sending
disconnect command this flag is tested to select the correct socket.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2018-11-26 19:24:31 +02:00
Emmanuel Grumbach
941807f6b6 drivers: Document struct wpa_signal_info
Add documentation to the wpa_signal_info structure.
Add a define for an invalid noise value.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2018-11-26 00:57:50 +02:00
Jouni Malinen
d514b50265 WNM: Collocated Interference Reporting
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.

For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".

For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".

This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-30 14:07:51 +02:00
Andrei Otcheretianski
d577f7f3d5 nl80211: Warn about interface name truncations
This is something useful to know and also eliminates format truncation
warnings.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-10-16 12:53:15 +03:00
Johannes Berg
40432e6eb3 nl80211: Implement netlink extended ACK support
Implement netlink extended ACK support to print out the error
message (if any).

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2018-10-14 20:20:11 +03:00
Hu Wang
b898b65582 nl80211: Do not ignore disconnect event in case of !drv->associated
Commit 3f53c006c7 ('nl80211: Ignore
disconnect event in case of locally generated request') made
wpa_supplicant ignore the next received disconnect event for cases where
wpa_supplicant itself requested a disconnection. This can result in
ignoring a disconnection notification in some cases.

Considering a P2P Client receiving disconnect event from the kernel
after a P2P group is started, drv->ignore_next_local_disconnect is
cleared to 0, then wpa_driver_nl80211_disconnect() will be called during
the removal of the group, in which drv->ignore_next_local_disconnect is
set to 1 by mistake.

Do not allow ignore_next_local_{disconnect,deauth} to be set to 1 if the
driver is not in associated state (drv->associated is 0) to avoid this
type of cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-31 12:01:33 +03:00
Bhagavathi Perumal S
8bfbb295df nl80211: Fix sending of WDS STA event to the correct BSS context
The WDS-STA-INTERFACE-ADDED/WDS-STA-INTERFACE-REMOVED events were always
sent to the first BSS instead of the specific BSS that the STA was
connected to in multi-BSS cases. Fix this by using the BSS specific
context pointer.

Fixes: 1952b626ba ("hostapd: Add ctrl iface indications for WDS STA interface")
Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-08-24 16:27:34 +03:00
Hu Wang
8a9950f7b6 nl80211: Indicate interface up only for the main netdev
ifname is checked for interface down event in commit
106fa1e97e ("nl80211: Indicate
interface-down event only for the main netdev"). Do the same for
interface up event to avoid unexpected notifications when the master
interface (e.g., a bridge interface) is set up while then WLAN interface
remains down.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-07-05 13:41:46 +03:00
Sathishkumar Muruganandam
c809756f9f nl80211: Allocate nl_sock for NETLINK_ROUTE when already_in_bridge
When we start hostapd having Hotspot 2.0 configuration with interface
already added to bridge interface, addition and deletion of new neighbor
to bridge ip neighbor table fails.

This is since 'bss->added_if_into_bridge' is not set which only allows
'drv->rtnl_sk' (nl_sock for NETLINK_ROUTE) allocation needed for bridge
ip neighbor table.

Add a new bit 'already_in_bridge' and set it when interface is already
added to bridge by some external component. Check this bit in addition
to 'bss->added_if_into_bridge' for 'drv->rtnl_sk' allocation done in
i802_init().

Now 'drv->rtnl_sk' is closed in wpa_driver_nl80211_deinit() regardless of
'bss->added_if_into_bridge' since when we have 'bss->already_in_bridge'
case too, this need to be removed.

brctl show

bridge name     bridge id               STP enabled     interfaces
br0             8000.8efdf006b050       no              ap

hostapd_cli raw STATUS-DRIVER

Selected interface 'ap'
ifindex=15
ifname=ap
brname=br0
addr=8e:fd:f0:06:b0:50
freq=5180
beacon_set=1
already_in_bridge=1
..

Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
2018-07-05 13:36:27 +03:00
Peter Oh
0928b62944 nl80211: Allow mesh interface to send channel switch request
Add mesh type to nl80211 channel switch request, so mesh is able to send
the request to kernel drivers.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2018-05-31 12:16:03 +03:00
Bhagavathi Perumal S
1952b626ba hostapd: Add ctrl iface indications for WDS STA interface
This allows user to get event indication when a new interface is
added/removed for 4addr WDS STA and also WDS STA ifname is informed
through the STA command.

Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-04-24 00:35:47 +03:00
Jouni Malinen
1baa130bd0 nl80211: Print NL80211_CMD_SET_POWER_SAVE errors in debug log
This makes it easier to understand what happened with PS configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Ahmad Masri
86c998d37a FT: Add FT auth algorithm to connect params when roaming
Add WPA FT auth to connect params in case of a re-connection to ESS
supporting FT when FT was used in the first connect.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2018-04-20 00:35:41 +03:00
Ben Greear
f875da0448 nl80211: Add MLME auth work-around for -EEXIST errno
The Linux 4.9 kernel, at least, can return EEXIST when trying to auth a
station that already exists.

We have seen this bug in multiple places, but it is difficult to
reproduce. Here is a link to someone else that appears to have hit this
issue: https://github.com/greearb/ath10k-ct/issues/18

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-04-15 21:58:53 +03:00
Beniamino Galvani
77a020a118 wpa_supplicant: Fix auth failure when the MAC is updated externally
When connecting to a WPA-EAP network and the MAC address is changed
just before the association (for example by NetworkManager, which sets
a random MAC during scans), the authentication sometimes fails in the
following way ('####' logs added by me):

wpa_supplicant logs:
 wlan0: WPA: RX message 1 of 4-Way Handshake from 02:00:00:00:01:00 (ver=1)
 RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 RSN: PMKID from Authenticator - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 wlan0: RSN: no matching PMKID found
 EAPOL: Successfully fetched key (len=32)
 WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]
 #### WPA: rsn_pmkid():
 #### WPA: aa              - hexdump(len=6): 02 00 00 00 01 00
 #### WPA: spa             - hexdump(len=6): 66 20 cf ab 8c dc
 #### WPA: PMK             - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
 #### WPA: computed PMKID  - hexdump(len=16): ea 73 67 b1 8e 5f 18 43 58 24 e8 1c 47 23 87 71
 RSN: Replace PMKSA entry for the current AP and any PMKSA cache entry that was based on the old PMK
 nl80211: Delete PMKID for 02:00:00:00:01:00
 wlan0: RSN: PMKSA cache entry free_cb: 02:00:00:00:01:00 reason=1
 RSN: Added PMKSA cache entry for 02:00:00:00:01:00 network_ctx=0x5630bf85a270
 nl80211: Add PMKID for 02:00:00:00:01:00
 wlan0: RSN: PMKID mismatch - authentication server may have derived different MSK?!

hostapd logs:
 WPA: PMK from EAPOL state machine (MSK len=64 PMK len=32)
 WPA: 02:00:00:00:00:00 WPA_PTK entering state PTKSTART
 wlan1: STA 02:00:00:00:00:00 WPA: sending 1/4 msg of 4-Way Handshake
 #### WPA: rsn_pmkid():
 #### WPA: aa              - hexdump(len=6): 02 00 00 00 01 00
 #### WPA: spa             - hexdump(len=6): 02 00 00 00 00 00
 #### WPA: PMK             - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
 #### WPA: computed PMKID  - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 WPA: Send EAPOL(version=1 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=22 keyidx=0 encr=0)

That's because wpa_supplicant computed the PMKID using the wrong (old)
MAC address used during the scan. wpa_supplicant updates own_addr when
the interface goes up, as the MAC can only change while the interface
is down. However, drivers don't report all interface state changes:
for example the nl80211 driver may ignore a down-up cycle if the down
message is processed later, when the interface is already up. In such
cases, wpa_supplicant (and in particular, the EAP state machine) would
continue to use the old MAC.

Add a new driver event that notifies of MAC address changes while the
interface is active.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2018-03-30 12:16:42 +03:00
Bhagavathi Perumal S
72123a84cb hostapd: Add last_ack_rssi into ctrl iface cmd STA
This allows external application to get last ACK signal strength of the
last transmitted frame if the driver makes this information
(NL80211_STA_INFO_ACK_SIGNAL) available.

Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
2018-03-19 19:23:26 +02:00
Emmanuel Grumbach
299d21e8e2 nl80211: Use the new NL80211_MFP_OPTIONAL option
Now we can configure the network block so that it allows MFP setting for
the NL80211_CMD_CONNECT command. If the kernel finds an AP that requires
MFP, it'll be able to connect to it.

Note that since NL80211_MFP_OPTIONAL isn't supported for
NL80211_CMD_ASSOCIATE, we need to take the MFP configuration outside
nl80211_connect_common(). In addition, check that
NL80211_EXT_FEATURE_MFP_OPTIONAL is supported, to be backward compatible
with older kernels.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2018-02-17 18:50:28 +02:00
Avraham Stern
05fc7c68f6 nl80211: Add API to set the PMK to the driver
Add support for setting the PMK to the driver. This is used for
drivers that support 4-way handshake offload.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2018-02-17 18:36:16 +02:00
Eliad Peller
730c5a1d09 nl80211: Support passing PSK on connect
If the driver advertises WPA_DRIVER_FLAGS_4WAY_HANDSHAKE support, pass
the PSK on connect.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2018-02-17 18:31:05 +02:00
Jouni Malinen
0887215d94 nl80211: Do not try to add too large NL80211_ATTR_PMK for set/del PMKSA
The current cfg80211 limit for the maximum NL80211_ATTR_PMK length is
48, so anything larger than that will result in the operation completely
failing. Since the PMKSA entries can be used without the PMK for most
purposes (the main use case for PMK currently is offloaded FILS
authentication), try to go ahead by configuring only the PMKID for the
case where 64-octet PMK is needed (which is currently limited to only
DPP with NIST P-521 and brainpoolP512r1 curves). This can fix DPP
connections with drivers that expect to get the PMKID through this
interface while still leaving the actual 4-way handshake for user space.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-10 12:16:53 +02:00
Jouni Malinen
e7f6e6ee1b nl80211: Print NL80211_CMD_{SET,DEL}_PMKSA failures in debug log
This makes it easier to notice if the driver operation to manage PMKSA
cache information fails unexpectedly.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-10 12:10:07 +02:00
Sunil Dutt
40a68f3384 nl80211: Create a netlink socket handle for the Connect interface
This netlink socket handle owns the connect request and is further used
by the host driver/kernel to request for the external authentication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-02 19:02:44 +02:00
Sunil Dutt
ba71cb821a nl80211: Introduce the interface for external authentication
This command/event interface can be used by host drivers that do not
define separate commands for authentication and association but rely on
wpa_supplicant for the authentication (SAE) processing.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-02 18:51:04 +02:00
Srinivas Dasari
e005725a69 nl80211: Add DPP and OWE AKM selectors to CONNECT/ASSOC request
This is needed to support drivers that use NL80211_ATTR_AKM_SUITES.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
2018-01-31 11:21:10 +02:00
vamsi krishna
d98038bb05 FILS: Driver configuration to disable/enable FILS features
The new disable_fils parameter can be used to disable FILS functionality
in the driver. This is currently removing the FILS Capability bit in
Extended Capabilities and providing a callback to the driver wrappers.
driver_nl80211.c implements this using a QCA vendor specific command for
now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-15 20:52:17 +02:00
Jouni Malinen
963d3149ab nl80211: Fix NL80211_MESHCONF_AUTO_OPEN_PLINKS encoding
This nl80211 attribute uses NLA_U8 policy in cfg80211 and wpa_supplicant
needs to use same size when writing the attribute.

This fixes mesh mode regression triggered by kernel commit "net:
netlink: Update attr validation to require exact length for some types"
in v4.15-rc1 that resulted in the following debug log entry when trying
to join a mesh:
nl80211: mesh join failed: ret=-22 (Invalid argument)

Fixes: 6c1664f605 ("nl80211: Add new commands to support mesh interfaces")
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-01 22:21:24 +02:00
Jouni Malinen
a2426829ce nl80211: Fix NL80211_ATTR_SMPS_MODE encoding
This nl80211 attribute uses NLA_U8 policy in cfg80211 and
hostapd/wpa_supplicant needs to use same size when writing the
attribute.

This fixes AP mode regression triggered by kernel commit "net: netlink:
Update attr validation to require exact length for some types" in
v4.15-rc1 that resulted in the following debug log entry when trying to
enable beaconing:
nl80211: Beacon set failed: -34 (Numerical result out of range)

Fixes: da1080d721 ("nl80211: Advertise and configure SMPS modes")
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-01 20:22:44 +02:00
Vidyullatha Kanchanapally
3c67e977de nl80211: Add support to send updated connection parameters
After an initial connection certain connection parameters may be
updated. It may be necessary to send these parameters to drivers since
these will be used in driver-initiated roaming cases. This commit
defines the driver_ops call for this and implements the needed
functionality for the nl80211 driver interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-17 16:04:51 +03:00
bhagavathi perumal s
3567641ebb Add TX/RX rate info and signal strength into STA output
These allow external programs to fetch the TX and RX rate information
and signal strength for a specific STA through the hostapd control
interface command "STA <addr>". The values of these attributes are
filled in the response of nl80211 command NL80211_CMD_GET_STATION.

Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-05 12:12:24 +03:00
Rohit Pratap Singh
fdbfb63e45 nl80211: Fix bridge name print while removing interface from bridge
Removing interface from bridge in_br
linux_br_del_if(drv->global->ioctl_sock, in_br, ifname)
but in case of failure, the error print is incorrect:
it should show error for "in_br" instead of the wrong bridge name
"brname".

Signed-off-by: Rohit Pratap Singh <rohit.s@samsung.com>
Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
2017-09-10 22:11:08 +03:00
Jouni Malinen
64a0a75b5b nl80211: Fix auth_alg selection with FILS in the connect command
NL80211_ATTR_AUTH_TYPE needs to be skipped if multiple auth_alg options
are included. The previous list missed the new FILS auth_alg here and
ended up not doing so if OPEN and FILS were included.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-24 23:30:20 +03:00
Ashwini Patil
b04854ceff nl80211/MBO: Set temporary disallowed BSSID list to driver
Set temporary disallowed BSSID list to the driver so that the driver
doesn't try to connect to any of the blacklisted BSSIDs during
driver-based roaming operation. This commit includes support only for
the nl80211 driver interface using a QCA vendor command for this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-30 17:27:44 +03:00
Vidyullatha Kanchanapally
b6ea764252 nl80211: Make KCK attribute optional in rekey data
New AKM suites like FILS-SHA256 do not use KCK and hence KCK length can
be zero. Add changes to include KCK attribute in rekey data only if the
length is non-zero.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-23 18:58:24 +03:00
Jouni Malinen
00b02149ed nl80211: Register to receive DPP Public Action frames
These are needed for DPP exchanges. In addition, register GAS frames for
DPP builds.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-17 18:04:54 +03:00
Jouni Malinen
5e0c20ff3e nl80211: Do not notify interface as re-enabled if initialization fails
wpa_supplicant tries to reinitialize an interface when a previously
removed netdev is restored (e.g., re-insert a USB dongle). If that
initialization fails (e.g., driver ejects ifconfig UP), the previous
implementation resulted in leaving the interface in incomplete state
while still claiming to upper layers that the interface status has
changed back to functional one.

Fix this by skipping the interface status update if reinitialization
fails. In other words, remain in INTERFACE_DISABLED state if the
interface cannot be re-enabled successfully.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-06 03:07:43 +03:00
Beniamino Galvani
290834df69 nl80211: Fix race condition in detecting MAC change
Commit 3e0272ca00 ('nl80211: Re-read MAC
address on RTM_NEWLINK') added the detection of external changes to MAC
address when the interface is brought up.

If the interface state is changed quickly enough, wpa_supplicant may
receive the netlink message for the !IFF_UP event when the interface
has already been brought up and would ignore the next netlink IFF_UP
message, missing the MAC change.

Fix this by also reloading the MAC address when a !IFF_UP event is
received with the interface up, because this implies that the
interface went down and up again, possibly changing the address.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2017-05-13 20:01:44 +03:00
Masashi Honma
31a856a127 mesh: Make NL80211_MESHCONF_RSSI_THRESHOLD configurable
In some practical cases, it is useful to suppress joining to node in the
distance. The new field mesh_rssi_threshold could be used as RSSI
threshold for joining.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-05-08 16:23:02 +03:00
Vamsi Krishna
178553b709 MBO: Add support to set ignore assoc disallow to driver
Add support to set ignore assoc disallow to the driver so that the
driver ignores assoc disallowed bit set by APs while connecting. This is
used by drivers that handle BSS selection and roaming internally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-05 00:26:05 +03:00
Vidyullatha Kanchanapally
061a3d3d53 nl80211: Add support for FILS Cache Identifier in add/remove_pmkid()
This is needed for configuring PMKSA cache entries to the driver with
the FILS Cache Identifier and SSID.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 17:03:37 +03:00
Vidyullatha Kanchanapally
6fbb54140b driver: Move add_pmkid() and remove_pmkid() arguments into a struct
This makes it easier to add more arguments to these wpa_driver_ops
functions.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 17:03:35 +03:00
Vidyullatha Kanchanapally
ad295f3b85 nl80211: Add support for FILS shared key offload
Add support for FILS shared key offload for drivers which advertize
FILS shared key support using NL80211_CMD_CONNECT.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 16:21:55 +03:00
Jouni Malinen
cad291d671 FILS: Define authentication algorithm for FILS SK auth with PFS
This is needed to add PFS support into hostapd and wpa_supplicant FILS
shared key authentication.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 22:39:38 +02:00
Kanchanapally, Vidyullatha
3ab484928a nl80211: Driver command for checking BTM accept/reject
Add driver interface command using the QCA vendor extensions to check
the driverr whether to accept or reject a BSS transition candidate. For
the reject case, report an MBO reject reason code.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-07 00:20:29 +02:00
Vamsi Krishna
8331c9b316 nl80211: Add support for mgmt_tx with random TA
This adds support for specifying a random TA for management frame
transmission commands and driver capability flags for indicating whether
this is supported in not-connected and connected states.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 19:35:34 +02:00
Dedy Lansky
89fa633afb nl80211: Fix error while enabling AP mode with driver-SME
Following commit a70cd0db87 ('Don't
register for Beacon frames for IEEE 802.11ad AP'),
nl80211_get_wiphy_data_ap() is unconditionally called when starting AP.
This function tries to register for Beacon frames RX which fails for
some driver which don't support such registration and do not need it in
case the driver implements AP mode SME functionality.

Fix this by conditionally calling nl80211_get_wiphy_data_ap() like prior
to commit a70cd0db87.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2017-02-05 20:48:23 +02:00
Masashi Honma
7813b7c34d nl80211: Fix a memory leak on deinit with HT enabled mesh
Commit a70cd0db87 ('nl80211: Don't
register for Beacon frames for IEEE 802.11ad AP') could cause a trailing
memory leak on IEEE 802.11n enabled mesh. This commit fixes the issue.

-----------------
ELOOP: remaining socket: sock=12 eloop_data=0xba8260 user_data=0xbb3d90 handler=0x4aeb90
WPA_TRACE: eloop unregistered socket handler: 0x4aeb90
     nl80211_recv_beacons() ../src/drivers/driver_nl80211.c:625
WPA_TRACE: eloop sock - START
[0]: ./hostap/wpa_supplicant/wpa_supplicant() [0x431f2a]
     eloop_sock_table_add_sock() ../src/utils/eloop.c:360
[1]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4b0e49]
     nl80211_register_eloop_read() ../src/drivers/driver_nl80211.c:153
[2]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4bacf0]
     dl_list_add() src/utils/list.h:30
     nl80211_get_wiphy_data_ap() ../src/drivers/driver_nl80211.c:728
     wpa_driver_nl80211_set_ap() ../src/drivers/driver_nl80211.c:3786
[3]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacon+0x150) [0x469700]
     ieee802_11_set_beacon() ../src/ap/beacon.c:1349
[4]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacons+0x45) [0x469805]
     ieee802_11_set_beacons() ../src/ap/beacon.c:1368
[5]: ./hostap/wpa_supplicant/wpa_supplicant() [0x437559]
     mesh_mpm_add_peer() mesh_mpm.c:688
[6]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_new_mesh_peer+0x42) [0x439182]
     wpa_mesh_new_mesh_peer() mesh_mpm.c:737
[7]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_notify_peer+0x80) [0x436460]
     wpa_mesh_notify_peer() mesh.c:347
[8]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_event+0xc7a) [0x4a69ba]
     wpa_supplicant_event() events.c:4312
[9]: ./hostap/wpa_supplicant/wpa_supplicant(process_global_event+0xaf0) [0x4c2d40]
     nl80211_new_peer_candidate() ../src/drivers/driver_nl80211_event.c:1247
     do_process_drv_event() ../src/drivers/driver_nl80211_event.c:2322
     process_global_event() ../src/drivers/driver_nl80211_event.c:2360
[10]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs_report+0x3dc) [0x7f937176873c]
[11]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs+0x9) [0x7f9371768ba9]
[12]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4aeb58]
     wpa_driver_nl80211_event_receive() ../src/drivers/driver_nl80211.c:1457
[13]: ./hostap/wpa_supplicant/wpa_supplicant() [0x43242e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:598
[14]: ./hostap/wpa_supplicant/wpa_supplicant(eloop_run+0x22e) [0x432e0e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:589
     eloop_run() ../src/utils/eloop.c:1219
[15]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_run+0x77) [0x49e327]
     wpa_supplicant_run() wpa_supplicant.c:5608
WPA_TRACE: eloop sock - END
MEMLEAK[0xba81b0]: len 72
WPA_TRACE: memleak - START
[0]: ./hostap/wpa_supplicant/wpa_supplicant(os_malloc+0x57) [0x430d67]
     os_malloc() ../src/utils/os_unix.c:690
[1]: ./hostap/wpa_supplicant/wpa_supplicant(os_zalloc+0xe) [0x430fce]
     os_zalloc() ../src/utils/os_unix.c:749
[2]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4babaa]
     nl80211_get_wiphy_data_ap() ../src/drivers/driver_nl80211.c:692
     wpa_driver_nl80211_set_ap() ../src/drivers/driver_nl80211.c:3786
[3]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacon+0x150) [0x469700]
     ieee802_11_set_beacon() ../src/ap/beacon.c:1349
[4]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacons+0x45) [0x469805]
     ieee802_11_set_beacons() ../src/ap/beacon.c:1368
[5]: ./hostap/wpa_supplicant/wpa_supplicant() [0x437559]
     mesh_mpm_add_peer() mesh_mpm.c:688
[6]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_new_mesh_peer+0x42) [0x439182]
     wpa_mesh_new_mesh_peer() mesh_mpm.c:737
[7]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_notify_peer+0x80) [0x436460]
     wpa_mesh_notify_peer() mesh.c:347
[8]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_event+0xc7a) [0x4a69ba]
     wpa_supplicant_event() events.c:4312
[9]: ./hostap/wpa_supplicant/wpa_supplicant(process_global_event+0xaf0) [0x4c2d40]
     nl80211_new_peer_candidate() ../src/drivers/driver_nl80211_event.c:1247
     do_process_drv_event() ../src/drivers/driver_nl80211_event.c:2322
     process_global_event() ../src/drivers/driver_nl80211_event.c:2360
[10]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs_report+0x3dc) [0x7f937176873c]
[11]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs+0x9) [0x7f9371768ba9]
[12]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4aeb58]
     wpa_driver_nl80211_event_receive() ../src/drivers/driver_nl80211.c:1457
[13]: ./hostap/wpa_supplicant/wpa_supplicant() [0x43242e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:598
[14]: ./hostap/wpa_supplicant/wpa_supplicant(eloop_run+0x22e) [0x432e0e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:589
     eloop_run() ../src/utils/eloop.c:1219
[15]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_run+0x77) [0x49e327]
     wpa_supplicant_run() wpa_supplicant.c:5608
WPA_TRACE: memleak - END
MEMLEAK: total 72 bytes
-----------------

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-01-29 17:55:10 +02:00
Jouni Malinen
a042e39acf nl80211: Use RSN_CIPHER_SUITE_* instead of WLAN_CIPHER_SUITE_*
This is a step towards getting rid of the unnecessary duplication of
definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 14:04:44 +02:00
Jouni Malinen
3aa24db953 nl80211: Use RSN_AUTH_KEY_MGMT_* instead of WLAN_AKM_SUITE_*
This is a step towards getting rid of the unnecessary duplication of
definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 12:27:48 +02:00
Dedy Lansky
a70cd0db87 nl80211: Don't register for Beacon frames for IEEE 802.11ad AP
Beacon frames are not supported in IEEE 802.11ad network (DMG-beacons
used instead). To allow hostapd to manage IEEE 802.11ad AP with
device_ap_sme disabled, skip nl80211_register_beacons() for IEEE
802.11ad AP.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2017-01-13 15:58:01 +02:00
Jouni Malinen
c85dfc6f84 nl80211: Set NL80211_ATTR_IFACE_SOCKET_OWNER for connect and associate
This allows kernel to force disconnection if something kills the
wpa_supplicant process in a manner that does not allow proper cleanup to
be performed. The association is not supposed to be allowed to continue
after process has ended since there are number of operations that
wpa_supplicant may need to do during the association.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-13 15:05:26 +02:00
Jouni Malinen
b2442f2568 nl80211: Debug prints for TDLS_OPER command and result
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-08 17:12:24 +02:00
Jouni Malinen
e4ec6bbfd8 nl80211: Register for Link Measurement Report frames in AP mode
This is needed to be able to get the response to a link measurement
request.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-07 18:46:10 +02:00
Dedy Lansky
05e5e615e6 AP: Skip authentication/deauthentication phase for DMG/IEEE 802.11ad
Authentication and Deauthentication frames are not used in DMG/IEEE
802.11ad networks. For DMG/IEEE 802.11ad the following was implemented:
Upon receiving association request, allocate the sta object and
initialize it as if authentication took place. Upon receiving
disassociation, deallocate the sta object.
ap_sta_disassociate/ap_sta_deauthenticate/ap_sta_disconnect all use
disassociation instead of deauthentication. In driver_nl80211,
i802_sta_deauth() is routed to i802_sta_disassoc().

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2017-01-05 17:28:23 +02:00
Ningyuan Wang
ed0a4ddc22 nl80211: Update drv->ssid on connect/associate event based on BSS data
On a connect nl80211 event, wpa_supplicant uses
wpa_driver_nl80211_get_ssid() to fetch the current associated SSID to
compare to existing configurations. However,
wpa_driver_nl80211_get_ssid() uses drv->ssid, which is a cached value.
It is set when we explicitly initial a connect request using
wpa_supplicant. If the association was initiated outside of
wpa_supplicant, we need another way to populate drv->ssid. This commit
sets drv->ssid based on cfg80211 BSS information on connect/associate
nl80211 events.

Signed-off-by: Ningyuan Wang <nywang@google.com>
2016-12-05 12:08:46 +02:00
Michael Braun
34f7c699a6 Add multicast to unicast support
This adds support for nl80211 NL80211_CMD_SET_MULTICAST_TO_UNICAST
command.

By setting the new hostapd configuration option multicast_to_unicast=1,
hostapd configures this AP to perform multicast to unicast conversion.

When enabled, all multicast packets with ethertype ARP, IPv4, or IPv6
(possibly within an 802.1Q header) will be sent out to each station once
with the destination (multicast) MAC address replaced by the station's
MAC address. Note that this may break certain expectations of the
receiver, e.g., the ability to drop unicast IP packets encapsulated in
multicast L2 frames, or the ability to not send destination unreachable
messages in such cases.

This also does not implement Directed Multicast Service (DMS).

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-12-04 21:00:06 +02:00
Jouni Malinen
a1fce3911f nl80211: Optimize memory use in nl80211_get_assoc_freq()
Do not use the generic bss_info_handler() design to fetch all scan
results into temporary memory buffer. Instead, use a separate BSS info
handler that fetches the requested information without fully parsing the
BSS entries and without allocating any memory for collecting all the
results.

This is also simplifying bss_info_handler() and nl80211_parse_bss_info()
design by getting rid of the special case that was used only for
nl80211_get_assoc_freq() and not normal scan result fetching.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 22:37:41 +02:00
Purushottam Kushwaha
d4f3003c56 nl80211: Configure Beacon frame TX rate if driver advertises support
If the driver advertises support for setting Beacon frame data rate,
allow the user to configure this rate as part of starting the AP. Only
one Beacon frame TX rate is allowed.

Drivers advertising such support should set corresponding flag via the
NL80211_ATTR_EXT_FEATURES attribute.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-11-26 00:36:27 +02:00
Joel Cunningham
7824bf77d6 nl80211: Fix get_inact_sec() returning -1 on failure
This commit fixes the nl80211 driver call get_inact_sec() to return -1
when STA inactivity time retrieval fails in i802_read_sta_data().

This was intended to be handled by initalizing the inactive_msec member
to -1 but i802_read_sta_data() assumes the data parameter is
uninitialized and memsets the entire structure, neutralizing the attempt
to distinguish between no value (-1) and a time value of 0.

This is fixed by now requiring i802_read_sta_data() callers to
initialize the data structure first (allowing get_inact_sec() to use
-1). This is a safe change because it does not change any driver API
behavior and only affects one other static function in driver_nl80211.c

Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
2016-11-19 17:39:23 +02:00
Sunil Dutt
2e4e4fb71c nl80211: Allow TDLS trigger modes to be configured to the host driver
This commit adds a control interface command to configure the TDLS
trigger mode to the host driver. This TDLS mode is configured through
the "SET tdls_trigger_control" control interface command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-27 23:22:33 +03:00
Jouni Malinen
40a4572738 nl80211: FILS KEK and nonces for NL80211_CMD_ASSOCIATE
This sends the FILS KEK and AAD context (nonces) to the driver with the
NL80211_CMD_ASSOCIATE messages when using FILS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-27 15:02:08 +03:00
Jouni Malinen
d8f9342d03 nl80211: Add support for setting FILS authentication algorithm
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-27 15:02:08 +03:00
Jouni Malinen
ce16c489d8 Rename sae_data to more generic auth_data
This makes it cleaner for the FILS implementation to use the same design
for setting Authentication frame elements as was already done with SAE.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 17:51:43 +03:00
Jouni Malinen
ef24ad3ec5 nl80211: Remove unnecessary duplication from nl80211_set_param()
There is no need to find bss->drv separately for each parameter, so do
this once at the beginning of the function.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-23 17:36:55 +03:00
Mikael Kanstrup
4d584d8c2b nl80211: Add driver parameter force_bss_selection
Add driver parameter command to force capability flag
WPA_DRIVER_FLAGS_BSS_SELECTION even if driver states otherwise. This is
mainly for testing purposes.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-09-23 17:36:55 +03:00
Rafał Miłecki
ea19b39f60 Revert "nl80211: Remove duplicated check in nl80211_setup_ap()"
This reverts commit 647862eb60.

The second check of device_ap_sme looks like duplicated, but it isn't
actually. The trick is nl80211_create_monitor_interface may change that
variable value and the second evaluation may give a different result.

This definitely isn't a very clear code, but that change caused a
regression for drivers that:
1) Don't report NL80211_ATTR_DEVICE_AP_SME
2) Don't support monitor mode
3) Don't support subscribing for PROBE_REQ and/or ACTION frames
like brcmfmac. With such drivers hostapd doesn't start anymore.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-17 20:08:24 +03:00
Masashi Honma
052b8d38c5 mesh: Report HT operation mode to kernel
Report HT operation mode to kernel to broadcast correct IE in beacon
(for example HT operation IE).

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 20:46:15 +03:00
Masashi Honma
2bd6217173 mesh: Use WPA_DRIVER_MESH_CONF_FLAG_* as modification flag
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 20:40:13 +03:00
Masashi Honma
4ffb3f870d mesh: Do NL80211_MESHCONF_* setting in single function
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 20:37:38 +03:00
Masashi Honma
a1431ef8df mesh: Move max_peer_links parameter to appropriate struct
Accoding to the comment of struct wpa_driver_mesh_bss_params, the
max_peer_links parameter should be under that struct.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 20:33:39 +03:00
Eduardo Abinader
647862eb60 nl80211: Remove duplicated check in nl80211_setup_ap()
Just removing a duplicated condition.

Signed-off-by: Eduardo Abinader <eduardoabinader@gmail.com>
2016-08-17 13:42:11 +03:00