The call to wpa_scan_res_match already checks that the SSID matches
current_ssid. Therefore there is no need to do any further checking.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
It should never be NULL. In the unlikely event that it is NULL, the
logic changes slightly to reject all candidates.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
When accepting a BSS transition request there is a race between
sending the response and roaming to the target AP. As a result,
the response may not be sent because the station deauthenticated
from the AP before the response was actually sent.
To make sure the BSS transition response is sent, start roaming only
after the TX status is received for the BSS transition response.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
It does not make sense to scan for neighbors that we are not supposed to
use anyway. As such, skip them.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
When receiving a BTM request, wpa_supplicant would try to fetch new
results from the driver, and, independently of that, would also process
the latest scan results that were partially updated by the previous
fetch.
Simplify the logic by using wpa_supplicant_get_scan_results() directly
and then process the old scan data as usual. However, this data may be
outdated, so add a new heuristic to avoid roaming to a BSS if it is
either outdated or bad.
Doing this moves all scan data processing into wnm_scan_process() and
removes duplicated functionality for scan result processing in scan.c.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Avoid potential race conditions with the driver operations between
stopping an ongoing wait for responses for an offchannel TX that was
used to send Authentication Request with a request to use a different
channel for Authentication Response and the start of a new ROC on the
other channel by waiting for the TX expiration event before issuing the
ROC request.
Signed-off-by: Jouni Malinen <j@w1.fi>
The event indicating expiration of an offchannel TX is useful for cases
where the wait is for a frame that was explicitly requested to have the
pending cookie to be saved.
Signed-off-by: Jouni Malinen <j@w1.fi>
Avoid potential race conditions with the driver operations between
cancelling an ongoing ROC that was used to receive Authentication
Request that requested a different channel to be used for the
negotiation by waiting for the ROC cancelled event before issuing the
offchannel TX command for the Authentication Response.
In addition, speed up the retry on Authentication Response in this type
of a case if the first attempt on the other channel is not AKC'ed since
it might take the peer device a bit more time to be ready to listen
there.
Signed-off-by: Jouni Malinen <j@w1.fi>
This aligns both the wpa_supplicant and bss structures to use the same
pattern of a valid_links bitmask plus per-link entries.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Most places in the codebase use a valid_links bitmask with an array.
Switch the bss->links array to use the same design with the Link ID
being used as the array index instead of having a link_id inside.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
This was done using the below semantic patch. There are a few more
places that were missed due to variable declarations or additional
checks in the for loop.
@@
iterator name for_each_link;
identifier max_links =~ "MAX_NUM_MLD_LINKS|MAX_NUM_MLO_LINKS";
expression links;
expression further_tests;
identifier i;
statement stmt;
@@
-for (i = 0; i < max_links; i++)
+for_each_link(links, i)
{
(
- if (!(links & BIT(i)))
- continue;
...
|
- if (!(links & BIT(i)) || further_tests)
+ if (further_tests)
continue;
...
|
- if (further_tests || !(links & BIT(i)))
+ if (further_tests)
continue;
...
|
- if (links & BIT(i))
stmt
|
- if (further_tests && (links & BIT(i)))
+ if (further_tests)
stmt
|
- if ((links & BIT(i)) && further_tests)
+ if (further_tests)
stmt
)
}
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
This is a simple macro iterating the given bitmask using the given
variable. Having the macro avoids the for loop-continuation making it
more readable overall.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
In some places the wrong index variable was used to access the link
configuration. Fix this by simply using link_id instead of i.
With this, the i loop variable is not needed anymore. We can simply
always pass 0 to nla_nest_start(). Also, the kernel does not care about
the order that the links are provides, so just remove the special
handling for the association link.
Fixes: a2c4c0b1b6 ("nl80211: Support MLD association request")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
When a device supports both the 5 GHz band and the 6 GHz band,
these are reported as two separate modes, both with mode set to
HOSTAPD_MODE_IEEE80211A. However, as these are different modes,
each with its own characteristics, e.g., rates, capabilities etc.,
specifically differentiate between them by adding a flag to indicate
whether the mode describes a 6 GHz band capabilities or not.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
When wpa_supplicant assigns the IP address (WFA EAPOL IP address
allocation feature), the assigned IP address of the P2P Client on the GO
side is notified in the AP-STA-CONNECTED event. So to obtain the IP info
to external programs, modify the STA authorized event to include the the
assigned IP address of the P2P Client.
Test: Establish P2P connection and verified from the logs that
the P2P Client IP address is notified.
Signed-off-by: Sunil Ravi <sunilravi@google.com>
When wpa_supplicant receives a request to start a P2P group owner on a
fixed frequency with bandwidth wider than 20 MHz, wpa_supplicant scans
for neighboring BSSs prior to starting the GO. This is done to switch
the primary/secondary channels if there are any other networks which are
operating on the same secondary channel. Though this logic is defined
for 20/40 MHz coexistence and might improve throughput, there are P2P
use cases where this logic causes problem:
1. The file transfer use case takes time to start the file transfer or
even fails when the 20/40 coex scan repeatedly fails due to an
ongoing externally triggered scan happening in the system.
2. wpa_supplicant overrides the channel which is selected by the
application based on the best channel it derived by looking into
the channel conditions. This degrades the expected throughput.
3. Latency sensitive applications experience long time to
start the group owner which gives a bad user experience.
So do not allow 40 MHz co-ex PRI/SEC switch to force a change to
Autonomous GO PRI channel when the P2P group add is called with a forced
frequency.
Test: Tested autonomous GO and confirmed from the logs that
P2P GO is not triggering 20/40 coex scan.
Signed-off-by: Sunil Ravi <sunilravi@google.com>
Slight differences in timing might make the final data connectivity
check fail, so disable the incorrect behavior first and wait for a
successfully completed GTK rekeying at the end before the final test.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
For AP MLD cases, the link id is required to determine the correct link
to stop in the stop_ap() driver op.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
The check for the non-AP MLD link being valid can be done one level
outside the loop that tries to find a matching AP link.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
For non-AP MLDs, clear STA entry from all affiliated links.
For legacy non-MLO case, find association link to clear the STA entry.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
This adds initial parts for RADIUS/TLS support in the RADIUS client.
This can be used with eapol_test and hostapd. This functionality is not
included by default and CONFIG_RADIUS_TLS=y in .config can be used to
enable it.
This version does not yet include all the needed functionality for TLS
validation and the rules for dropping a TCP connection based on invalid
RADIUS attributes.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is only one connection in use in parallel to a RADIUS
authentication server (and similarly to a RADIUS accounting server). As
such, there is not really any need to maintain separate open IPv4 and
IPv6 sockets. Instead, open the socket for the appropriate IP version
only when actually connecting to a specific server.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need for passing the sock and sock6 parameters separately
since they were always the same values for auth == 0 or auth == 1 cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
ETHER_VLAN_ENCAP_LEN does not seem to be defined in macOS
net/ethernet.h, so define that, if needed, to avoid build issues.
Fixes: 5b21f4861c ("l2_packet_freebsd: Enable receiving priority tagged (VID=0) frames")
Signed-off-by: Jouni Malinen <j@w1.fi>
When the station (non-AP MLD) is associated with an AP MLD the link ID
for TDLS setup is derived from the discovery response frame and the link
ID is used in TDLS setup operation when acting as initiator. The driver
sends the received discovery response frame followed by the TDLS setup
request event. But the discovery response frame is received after the
setup request event leading to use incorrect link ID value for TDLS
setup operation causing the setup failure. Process the TDLS setup
request if the discovery response frame is received, else defer the
process until the discovery response frame is received and process the
setup request after discovery response frame is processed.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When the CHAN_SWITCH command is executed during multi BSSID case (say
BSS1, BSS2, and BSS3), if one of the BSS is disabled (say BSS2), the
CHAN_SWITCH command returns an error in BSS2 and does not proceed to the
next BSS (BSS3).
The CHAN_SWITCH command handler iterates over all configured BSSs and
attempts to send the switch_channel to each one. However, if any one of
the BSSs fails, the entire command is aborted and returns a failure.
Continue the iteration even if one BSS is failing to make sure the
configuration is applied to other BSSs.
Signed-off-by: Haribabu Krishnasamy <quic_hkr@quicinc.com>
During high battery voltage scenario, higher MCS data rate leads to poor
EVM accuracy which causes poor user experience. Hence to provide better
user experience, EVM accuracy needs to be improved by adjusting TX power
for MCS rate of specific band/radio chain. To achieve this, add a new
vendor command to configure required parameters in the WLAN driver.
Signed-off-by: Mukul Sharma <quic_mukul@quicinc.com>
Add hostapd support for interacting with the NAN discovery engine to
allow single-channel (i.e., the AP's operating channel) USD as Publisher
or Subscriber.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add wpa_supplicant support for interacting with the NAN discovery engine
to allow USD as Publisher or Subscriber.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add NAN discovery engine and wpa_supplicant interface to use it for the
subset of NAN functionality that is needed for USD.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This was missing a check for the Category field and could have matched
other Action frames than Public Action frames.
Fixes: 9c2b8204e6 ("DPP: Integration for hostapd")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The standard is somewhat unclear on whether the PMKIDs used in
(Re)Association Request frame (i.e., potential PMKIDs that could be used
for PMKSA caching during the initial mobility domain association) are to
be retained or removed when generating EAPOL-Key msg 2/4.
wpa_supplicant has replaced the PMKID List contents from (Re)Association
Request frame with PMKR1Name when generating EAPOL-Key msg 2/4 for FT.
Allow it to be configured (ft_prepend_pmkid=1) to prepend the PMKR1Name
without removing the PMKIDs from (Re)Association Request frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
The standard is somewhat unclear on whether the PMKIDs used in
(Re)Association Request frame (i.e., potential PMKIDs that could be used
for PMKSA caching during the initial mobility domain association) are to
be retained or removed when generating EAPOL-Key msg 2/4.
hostapd used to require that only the PMKR1Name is included in the PMKID
List of RSNE in EAPOL-Key msg 2/4. Extend this to allow the PMKIDs that
were included in the (Re)Association Request frame to be present as long
as the correct PMKR1Name is also present. This would allow PMKSA caching
to be used in initial mobility domain association with supplicant
implementations that insert the PMKR1Name without removing the PMKIDs
used in the (Re)Association Request frame. wpa_supplicant did not use to
that, but other implementations might.
Signed-off-by: Jouni Malinen <j@w1.fi>
For some implementation, there is no link id in EAPOL event, e.g., use
drv_event_eapol_rx for receiving. Current design for such case is switch
to a link that stores the peer. However, this is error-prone because for
non-AP MLD case, sta_info is stored in all valid links but EAPOL sm is
only initialized in the association link. If EAPOL RX event is handled
in a non-association link, it will be discarded and this leads to EAPOL
timeout.
So find the association link to handle received EAPOL frame in such
case. This replaces the previously used workaround for RSN/wpa_sm for
the no link id specified case.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
Disabling the first interface calls hapd_deinit(), which causes some
issues, e.g., failure when trying to disable other interfaces due to
NULL drv_priv.
So check that all other interfaces are already disabled before disable
the first interface.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>