Currently while deciding to create a new Multiple BSSID element based on
the condition when the length reaches 255, the length value being used
is the total element length (including the length of the Element ID and
Length fields as well). However, the value in the length field denotes
the number of octets following it and excluding itself. Hence including
the total length is wrong. This leads to incorrect count of Multiple
BSSID elements.
And while filling the data, the length is considered porperly as it
should be hence we are filling more data in a single go and all data is
filled in MBSSID count which is less than originally calculated. This
ultimately leads to incorrect length calculation during nla_put() and
setting the beacon to the driver fails while putting the Multiple BSSID
element data into the netlink socket buffer.
Fix this issue by considering the length excluding the Element ID and
Length field sizes.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Share VLAN info in RRB when the driver advertises support for VLAN
offload (WPA_DRIVER_FLAGS_VLAN_OFFLOAD). sta->vlan_desc is unused in
this case, only sta->vlan_id is used. Skip the checks that are based on
sta->vlan_desc.
Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
This helper is of no real use anymore, so get rid of it. This completes
send_and_recv*() cleanup. What remains is the most generic
send_and_recv() and two wrappers for it to cover the most common simpler
cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is a variant for the second most common case of send_and_recv() needs:
send a command with a special response handling.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is a variant for the most common case of send_and_recv() needs:
send a command without needing a special response handling. In addition,
move the helper functions into driver_nl80211.h since these are now
simple wrappers for the more flexible send_and_recv().
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is not really that helpful as a separate helper function, so get
rid of one of the many send_and_recv() variants.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is not helpful as a separate helper function anymore, so get rid of
one of the many send_and_recv() variants.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is independent of the NL80211_ATTR_SOCKET_OWNER use, so add these
attributes from a separate helper function that is called only from
locations that actually start an operation that uses EAPOL frames.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Doing this based on driver support for control port RX or SAE seems like
undesired extra complexity. Just use this in all cases where the special
handle for a longer term operation, like connection or AP mode
operation, is needed.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is a step towards cleaning up all the workarounds that have showed
up over the years and made the design difficult to understand. This
removes use of the separate registration of process_bss_event() as
NL_CB_VALID for the individual commands since the use of the appropriate
cb (i.e., the one from nl80211_init_bss() in these cases) will already
point to the correct handler.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is a workaround for some race conditions where the hardcoded use of
global->nl_cb in send_and_recv() ends up getting events delivered
through unexpected context when they happen to arrive at the time when a
command is being processed.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Avoid potential read of one or two octets beyond the end of the
subelement when verifying that there is sufficient amount of data
included in each subelement/element within the MLE in Association
Request frames.
Signed-off-by: Jouni Malinen <j@w1.fi>
Instead of rejecting the Multi-Link element, skip unknown subelements to
be less likely to cause interop issues for future. IEEE P802.11be/D5.0
allows other optional subelements to be included here.
Signed-off-by: Jouni Malinen <j@w1.fi>
This function is both updating the hostapd-internal sta->flags value and
sending out the AP-STA-CONNECTED control interface message. When
authorizing a STA, the call to this function is followed by a driver
command to update the flags of the STA entry in the driver. That has a
race condition at least for UML time-travel since the AP-STA-CONNECTED
event is used as a message to wait for before running a connectivity
test or some other operation that depends on the data connection being
in working condition.
Split the function into two steps so that the driver STA entry update
can be done between those two steps for the cases where it matters for
the race condition. In other words, send the AP-STA-CONNECTED message
only after having authorized the STA in the driver.
Signed-off-by: Jouni Malinen <j@w1.fi>
The check for extra data was not dereferencing the pointer, but avoid
complaints about such uses by freeing the decrypted data only after the
check. The hexdump could have read freed memory, so that needs to be
before the freeing.
Fixes: 54ac6ff8c4 ("PKCS 1: Add function for checking v1.5 RSA signature")
Signed-off-by: Jouni Malinen <j@w1.fi>
Even though this function is documented to always return 1, be more
consistent in checking that to avoid warnings from static analyzers.
Signed-off-by: Jouni Malinen <j@w1.fi>
This memcpy was causing warnings from static analyzers since it is being
misinterpreted as copying all the data into the lnkid.bssid[] array
instead of that and the following arrays. Since the copy is not needed
at all, just use the original pointer to get rid of these warnings.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify that sta is not NULL before calling
hostapd_process_assoc_ml_info() that references this parameter. In
theory, sta might be NULL here if addition of the STA entry failed in
the 60 GHz case.
Signed-off-by: Jouni Malinen <j@w1.fi>
This line seemed to trigger SIGSEGV in some code coverage testing cases.
It is not exactly clear how that was possible, but just in case, check
that iface->current_mode is set before using it here.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the BSS TM Request for imminent BSS temoval is for a non-AP MLD that
has multiple affiliated links, do not schedule full disconnection since
other links remain associated.
Signed-off-by: Jouni Malinen <j@w1.fi>
Allow link removal imminent indication to be added with the new
link_removal_imminent=1 parameter to BSS_TM_REQ.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Based on IEEE P802.11be/D5.0, when a station is non-AP MLD with more
than one link the combination of the Link Removal Imminent field set to
1 and the BSS Termination Included field set to 1 means than only one of
the links is removed while the other links will remains associated.
Handle this case without starting a scan to find another BSS.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When the AP MLD sends an Action frame to a non-AP MLD, use the AP MLD
MAC address instead of the local AP address (BSSID).
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
When the AP is configured to operate as an AP MLD, use the AP MLD MAC
address when needed for transmission of WNM Action frames.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
If ioctl() returns EBUSY on the command SIOCBRADDIF, the interface might
have already been added to the bridge by an external operation (e.g.,
netifd in OpenWrt), and linux_br_add_if() should not indicate an error.
Check whether the interface is correctly brigded when ioctl()
returns EBUSY and if so, report success.
Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
Remove a spurious \tab char in hostapd_eid_rnr() between arguments to a
function.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case the TBTT information is reporting about an AP in the same AP MLD
as the current AP, the AP MLD ID in the MLD Parameters subfield should
be set to 0.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Link ID needs to be specified for MLD case when doing channel switch.
Add it to the driver command.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
There are different CHAN_SWITCH flows for DFS and non-DFS channels.
Non-DFS one saves previous BW value in iface->conf, but DFS flow
replaces it with a new user requested value. Setting a non-DFS channel
after a DFS one with BW = 160 would have resulted in a mismatch between
the saved BW and vht_capab (if VHT160 was not included by default). This
would have led to a check fail in the hostapd_set_freq_params()
function.
Signed-off-by: Dmitrijs Martinovs <dmartinovs@maxlinear.com>
It is possible for the start_listen() callback to be called to request
the driver to start a driver operation and stop_listen() called
immediately after that (e.g., due to a request to transmit a P2P Public
Action frame) before the driver has had time to start ROC and send an
event to notify of that. Such a sequence could result in
p2p->pending_listen_freq being left to a nonzero value without getting a
call to p2p_listen_cb() to clear it. This would stop an ongoing P2P
listen operation since no following p2p_listen() call would start the
listen due to the pending command being assumed to be in effect.
Fix this by detecting this particular sequence and clearing
p2p->pending_listen_freq.
This was found with the p2p_listen_and_offchannel_tx test case with the
new kernel scheduled and UML time-travel.
Signed-off-by: Jouni Malinen <j@w1.fi>
With changes to optimize scan for specific BSSID, there arises a
scenario where in nl80211_trigger_scan() is called with a scan
randomization enabled. A combination of NL80211_ATTR_MAC for BSSID and
scan randomization, which uses NL80211_ATTR_MAC for a different purpose,
results in invalid error for the scan request. To fix the issue use
attribute NL80211_ATTR_BSSID instead of NL80211_ATTR_MAC.
NL80211_ATTR_BSSID was introduced in kernel commit 2fa436b3a2a7
("nl80211: Use different attrs for BSSID and random MAC addr in scan
req") in 2016. Prior to that, only NL80211_ATTR_MAC could be used for
specifying the target BSSID. For backwards compatibility, add the
NL80211_ATTR_MAC attribute as well when not using a random MAC address.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
The underlying driver can reject only specific links in an association
request. In that case we will only ignore the corresponding BSS. Add a
test for this flow by simulating an association failure on the second
link specifically.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
All the station flags other than WPA_STA_SHORT_PREAMBLE are relevant
only for the MLD station and not to the link stations (as these flags
are related to the MLD state and not the link state).
As for the WPA_STA_SHORT_PREAMBLE, since the station is an EHT
station, it must have short preamble.
Thus, do not propagate the flags change for link stations to the driver.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add additional check for 6 GHz operating class. Otherwise this results
in setting incorrect segment 0 index for 5 GHz 40 MHz channel 157-161,
which has the same center segment 0 index 159 as 6 GHz 320 MHz expected
channel.
Fixes: 085a3fc76e ("EHT: Add 320 channel width support")
Signed-off-by: Mikelis Vuls <mvuls@maxlinear.com>
Add a new QCA subcommand QCA_NL80211_VENDOR_SUBCMD_REGULATORY_TPC_INFO
and related attributes qca_wlan_vendor_attr_tpc_links,
qca_wlan_vendor_attr_tpc definition to query transmit power information
on STA interface from the driver for a connected AP.
The information includes regulatory max transmit power limit, AP local
power constraint advertised from AP's Beacon and Probe Response frames.
For PSD power mode, the information includes PSD power levels for each
subchannel of operating bandwidth. The information is driver calculated
power limits based on current regulatory domain, AP local power
constraint and other IEs. The information will be set to target. Target
will decide final TX power based on this and chip specific power
conformance test limits (CTL), and SAR limits.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
For AP MLD case, HT-scan and ACS happens per link. To determine the
correct link, link id is required.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
Removing radio measurements and supported operating class indication
might be needed to reduce binary size for a memory constrained system
that does not need more advanced features. However, removing these is
not recommended since they can help the AP manage the network and STA
steering.
By default this functionality is enabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Beacon hinting is a feature that can temporarily change the regulatory
rule flags on the channel where the radio hears the beacon. Add a new
event CTRL-EVENT-REGDOM-BEACON-HINT to notify the wpa_supplicant user
about an important update to the regulatory rules including which
frequencies are impacted, new power limit, and new rule flags.
Signed-off-by: Jun Yu <junyuu@chromium.org>
Do not allow offchannel operation for action frame transmission if
no frequency is specified, as this doesn't make sense.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The length of the PMK ended up getting lost when a PMKSA cache entry was
added based on externally managed information. Set the PMK length in SAE
context to get the correct length stored into the actual PMKSA cache
entry that gets created in this path.
Signed-off-by: Jouni Malinen <j@w1.fi>
According to this message https://marc.info/?l=binutils&m=165363679302282
the type bfd_hostptr_t is dropped in favor of uintptr_t.
Replace the use of this type in the code.
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
