Commit graph

2023 commits

Author SHA1 Message Date
Jouni Malinen
839bab785b nl80211: Debug print driver capabilities
This can be helpful in understanding driver behavior.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-13 20:03:14 +02:00
Jouni Malinen
b0927e5d06 nl80211: Fix error print for hapd_send_eapol()
The return value from nl80211_send_monitor() is not suitable for use
with strerror(). Furthermore, nl80211_send_monitor() itself is printing
out a more detailed error reason.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-08 16:48:00 +02:00
Jouni Malinen
17ba51b14d nl80211: Fix tx_control_port error print
send_and_recv_msgs() returns a negative number as the error code and
that needs to be negated for strerror().

Fixes: 8759e9116a ("nl80211: Control port over nl80211 helpers")
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-08 16:38:57 +02:00
Alexander Wetzel
be15f33d07 Replace WPA_ALG_PMK with KEY_FLAG_PMK
Drop the no longer needed internal alg WPA_ALG_PMK and use KEY_FLAG_PMK
as replacement.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-06 21:44:31 +02:00
Alexander Wetzel
11b1fcd6ca nl80211: Drop outdated TDLS set_key() hack
wpa_tdls_set_key() did set the key_id to -1 to avoid a useless
NL80211_CMD_SET_KEY call that the updated nl80211 driver no longer
carries out. Remove the no longer required workaround.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-06 21:44:31 +02:00
Alexander Wetzel
81621eab7c nl80211: Migrate from set_tx to key_flag API
Migrate nl80211 driver to key_flag API and add additional sanity checks.

I'm still not sure why we install unicast WEP keys also as default
unicast keys. Based on how I understand how mac80211 handles that it
should be pointless. I just stuck to how we do things prior to the patch
for WEP keys to not break anything. After all other drivers may need it.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-05 00:52:31 +02:00
Alexander Wetzel
9757f18db4 nl80211: Don't ignore when SET_KEY returns ENOENT
Always report an error when NL80211_CMD_SET_KEY can't set a key to
default.

The old ioctl-based design used a single command to add, set, and delete
a key and had to ignore ENOENT for key deletions. It looks like that
special handling was also ported for NL80211_CMD_NEW_KEY and
NL80211_CMD_SET_KEY instead only for NL80211_CMD_DEL_KEY.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-05 00:38:30 +02:00
Alexander Wetzel
98b8275d92 nl80211: Remove not needed netlink key attribute
Calling NL80211_CMD_NEW_KEY with NL80211_KEY_DEFAULT_TYPES attributes is
pointless. The information is not expected and therefore the kernel
never forwards it to the drivers. That attribute is used with
NL80211_CMD_SET_KEY.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-05 00:36:00 +02:00
Alexander Wetzel
8563f6f564 nl80211: Fix wrong return code in set_key error path
Allow to abort key installations with different error codes and fix one
misleading return code.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-05 00:28:50 +02:00
Alexander Wetzel
adf550ee4b nl80211: Ignore seq number for key deletion
Turns out we are sometime providing a seq when deleting the key. Since
that makes no sense on key deletion let's stop forwarding that to the
driver at least.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-05 00:27:48 +02:00
Alexander Wetzel
5eb1632569 nl80211: Add a missing key_flag for WEP shared key authentication
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-05 00:24:55 +02:00
Alexander Wetzel
82eaa3e688 Remove the not yet needed KEY_FLAG_MODIFY
I decided to drop KEY_FLAG_MODIFY instead of allowing flag combinations not
yet used in the code and will simply recreate it with the Extended Key
ID patches once we get there. For that reason I also did not renumber
the flags.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-05 00:17:23 +02:00
Jouni Malinen
5bad300565 privsep: Mask out control port capability flag
There is no support for using the control port for sending out EAPOL
frames through privsep yet, so mask out this capability to fall back to
the l2_packet based design.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-01 21:31:07 +02:00
Alexander Wetzel
c1a6b1e47e privsep: Add key_flag to set_key()
Pass through the new key_flag to wpa_priv.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-01 21:11:07 +02:00
Ilan Peer
e8ae97aebe nl80211: Allow TX status for Authentication frames
To support PASN authentication flow, where Authentication frames are
sent by wpa_supplicant using the send_mlme() callback, modify the logic
to also send EVENT_TX_STATUS for Authentication frames.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2020-02-29 23:18:28 +02:00
Ilan Peer
c4988e73c0 driver: Extend send_mlme() with wait option
PASN authentication can be performed while a station interface is
connected to an AP. To allow sending PASN frames while connected, extend
the send_mlme() driver callback to also allow a wait option. Update the
relevant drivers and wpa_supplicant accordingly.

hostapd calls for send_mlme() are left unchanged, since the wait option
is not required there.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2020-02-29 23:03:20 +02:00
Andrei Otcheretianski
d046f2a9f9 nl80211: Register for SAE Authentication frames more strictly
If the driver requires external SAE authentication, it would result in
registration for all Authentication frames, so even non-SAE
Authentication frames might be forwarded to user space instead of being
handled internally. Fix this by using a more strict match pattern,
limiting the registration to the SAE authentication algorithm only.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2020-02-29 22:55:55 +02:00
Jouni Malinen
f1d3856090 nl80211: Beacon protection capability flag and default key type
Add a new capability flag based on the nl80211 feature advertisement and
start using the new default key type for Beacon protection. This enables
AP mode functionality to allow Beacon protection to be enabled. This is
also enabling the previously added ap_pmf_beacon_protection_* hwsim test
cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-24 12:20:38 +02:00
Jouni Malinen
2e34f6a53f Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2020-02-24.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-24 12:20:05 +02:00
Alexander Wetzel
8a1660b607 common: Add missing driver flag strings
Add SAFE_PTK0_REKEYS and some other missing strings.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 23:53:29 +02:00
Alexander Wetzel
35da7c20ac nl80211: Add driver capability flag for CAN_REPLACE_PTK0
The CAN_REPLACE_PTK0 flag provided by nl80211 can be used to detect if
the card/driver is explicitly indicating capability to rekey STA PTK
keys using only keyid 0 correctly.

Check if the card/driver supports it and make the status available as a
driver flag.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-02-23 12:00:23 +02:00
Jouni Malinen
f3bcd69603 Remove CONFIG_IEEE80211N build option
Hardcoded CONFIG_IEEE80211N to be included to clean up implementation.
More or less all new devices support IEEE 802.11n (HT) and there is not
much need for being able to remove that functionality from the build.
Included this unconditionally to get rid of one more build options and
to keep things simpler.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-22 19:20:44 +02:00
Jouni Malinen
d2e77310dc driver: Document use of set_key() for BIGTK
Also update the comment to match the current IGTK KeyID range.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
cb86e8bac8 nl80211: Remove an extra closing parenthesis from a debug message
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 23:48:24 +02:00
Jouni Malinen
46cb046500 nl80211: Check nla_nest_start() result for NL80211_ATTR_HE_OBSS_PD
nla_nest_start() might fail, so need to check its return value similarly
to all the other callers.

Fixes: a84bf44388 ("HE: Send the AP's OBSS PD settings to the kernel")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 19:30:47 +02:00
John Crispin
0b0ee0f15e HE: Propagate BSS color settings to nl80211
Add the code required to send the BSS color settings to the kernel.

Signed-off-by: John Crispin <john@phrozen.org>
2020-02-17 19:28:39 +02:00
Jouni Malinen
dd74ddd0df nl80211: Handle AKM suite selectors for AP configuration
Previously only couple of AKM suite selectors were converted into
NL80211_ATTR_AKM_SUITES. Add rest of the AKM suites here. However, since
the current kernel interface has a very small limit
(NL80211_MAX_NR_AKM_SUITES = 2), add the attribute only when no more
than that limit entries are included. cfg80211 would reject the command
with any more entries listed.

This needs to be extended in cfg80211/nl80211 in a backwards compatible
manner, so this seems to be the best that can be done for now in user
space. Many drivers do not use this attribute, so must not reject the
configuration completely when larger number of AKM suites is configured.
Such cases may not work properly with drivers that depend on
NL80211_ATTR_AKM_SUITES value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 17:47:34 +02:00
Jouni Malinen
10655d1bc2 nl80211: Add NLA_F_NESTED to nla_nest_start() with older libnl versions
This is needed to work around a missing attribute that would cause
cfg80211 to reject some nl80211 commands (e.g.,
NL80211_ATTR_VENDOR_DATA) with new kernel versions that enforce netlink
attribute policy validation.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-17 17:25:05 +02:00
Jouni Malinen
466e48dcd7 HT: Remove SMPS in AP mode
SM Power Save was described in somewhat unclear manner in IEEE Std
802.11n-2009 as far the use of it locally in an AP to save power. That
was clarified in IEEE Std 802.11-2016 to allow only a non-AP STA to use
SMPS while the AP is required to support an associated STA doing so. The
AP itself cannot use SMPS locally and the HT Capability advertisement
for this is not appropriate.

Remove the parts of SMPS support that involve the AP using it locally.
In practice, this reverts the following commits:
04ee647d58 ("HT: Let the driver advertise its supported SMPS modes for AP mode")
8f461b50cf ("HT: Pass the smps_mode in AP parameters")
da1080d721 ("nl80211: Advertise and configure SMPS modes")

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 13:58:54 +02:00
John Crispin
ab8c55358e HE: Dynamically turn on TWT responder support
This allows us to dynamically turn on TWT responder support using an
nl80211 attribute.

Signed-off-by: John Crispin <john@phrozen.org>
2020-02-16 12:37:47 +02:00
Jouni Malinen
458162a271 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2020-02-07.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-16 12:06:04 +02:00
Matthew Wang
23dc196fde Check for FT support when selecting FT suites
A driver supports FT if it either supports SME or the
NL80211_CMD_UPDATE_FT_IES command. When selecting AKM suites,
wpa_supplicant currently doesn't take into account whether or not either
of those conditions are met. This can cause association failures, e.g.,
when an AP supports both WPA-EAP and FT-EAP but the driver doesn't
support FT (wpa_supplicant will decide to do FT-EAP since it is unaware
the driver doesn't support it). This change allows an FT suite to be
selected only when the driver also supports FT.

Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
2020-02-10 06:43:38 +02:00
Felix Fietkau
d240c74b6a nl80211: Fix regulatory limits for WMM cwmin/cwmax values
The internal WMM AC parameters use just the exponent of the CW value,
while nl80211 reports the full CW value. This led to completely bogus
CWmin/CWmax values in the WMM IE when a regulatory limit was present.
Fix this by converting the value to the exponent before passing it on.

Fixes: 636c02c6e9 ("nl80211: Add regulatory wmm_limit to hostapd_channel_data")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-02-03 02:03:32 +02:00
Felix Fietkau
bc1289b076 nl80211: Fix WMM queue mapping for regulatory limit
nl80211 uses a different queue mapping from hostap, so AC indexes need
to be converted.

Fixes: 636c02c6e9 ("nl80211: Add regulatory wmm_limit to hostapd_channel_data")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-02-03 02:03:32 +02:00
Roy Marples
b2b7f8dcfa BSD: Fix the maximum size of a route(4) msg to 2048
The size of a single route(4) message cannot be derived from
either the size of the AF_INET or AF_INET6 routing tables.
Both could be empty or very large.

As such revert back to a buffer size of 2048 which mirrors
other programs which parse the routing socket.

Signed-off-by: Roy Marples <roy@marples.name>
2020-02-02 21:47:03 +02:00
Roy Marples
25c247684f BSD: Remove an outdated comment
With interface matching support, wpa_supplicant can wait for an
interface to appear.

Signed-off-by: Roy Marples <roy@marples.name>
2020-02-02 21:46:57 +02:00
Roy Marples
d807e289db BSD: Don't set or remove IFF_UP
Now that both hostapd and wpa_supplicant react to interface flag
changes, there is no need to set or remove IFF_UP.

It should be an administrative flag only.

Signed-off-by: Roy Marples <roy@marples.name>
2020-02-02 21:46:53 +02:00
Roy Marples
4692e87b25 BSD: Share route(4) processing with hostapd and wpa_supplicant.
There is little point in having both and it brings interface
addition/removal and IFF_UP notifications to hostapd.

Signed-off-by: Roy Marples <roy@marples.name>
2020-02-02 21:44:23 +02:00
Roy Marples
d20b34b439 BSD: Driver does not need to know about both wpa and hostap contexts
It will either be one or the other.
Fold hapd into ctx to match other drivers.

Signed-off-by: Roy Marples <roy@marples.name>
2020-02-02 21:44:23 +02:00
Ouden
aad414e956 nl80211: Fix send_mlme for SAE external auth
When external authentication is used, the station send mlme frame (auth)
to the driver may not be able to get the frequency (bss->freq) after
hostap.git commit b6f8b5a9 ("nl80211: Update freq only when CSA
completes"). Use the assoc_freq to send the MLME frame when SAE external
authentication is used to avoid this issue.

Signed-off-by: Ouden <Ouden.Biz@gmail.com>
2020-02-02 21:38:51 +02:00
Vamsi Krishna
fe1552d93c ACS: Update documentation of external ACS results event parameters
Update the documentation with values to be sent for seg0 and seg1 fields
in external ACS result event for 20 MHz, 40 MHz, 80 MHz, 160 MHz, and
80+80 MHz channels. These values match the changes done to definitions
of seg0 and seg1 fields in the IEEE 802.11 standard.

This vendor command had not previously been documented in this level of
detail and had not actually been used for the only case that could have
two different interpretation (160 MHz) based on which version of IEEE
802.11 standard is used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-09 20:12:14 +02:00
Alexander Wetzel
a919a26035 Introduce and add key_flag
Add the new set_key() parameter "key_flag" to provide more specific
description of what type of a key is being configured. This is needed to
be able to add support for "Extended Key ID for Individually Addressed
Frames" from IEEE Std 802.11-2016. In addition, this may be used to
replace the set_tx boolean eventually once all the driver wrappers have
moved to using the new key_flag.

The following flag are defined:

  KEY_FLAG_MODIFY
    Set when an already installed key must be updated.
    So far the only use-case is changing RX/TX status of installed
    keys. Must not be set when deleting a key.

  KEY_FLAG_DEFAULT
    Set when the key is also a default key. Must not be set when
    deleting a key. (This is the replacement for set_tx.)

  KEY_FLAG_RX
    The key is valid for RX. Must not be set when deleting a key.

  KEY_FLAG_TX
    The key is valid for TX. Must not be set when deleting a key.

  KEY_FLAG_GROUP
    The key is a broadcast or group key.

  KEY_FLAG_PAIRWISE
    The key is a pairwise key.

  KEY_FLAG_PMK
    The key is a Pairwise Master Key (PMK).

Predefined and needed flag combinations so far are:

  KEY_FLAG_GROUP_RX_TX
    WEP key not used as default key (yet).

  KEY_FLAG_GROUP_RX_TX_DEFAULT
    Default WEP or WPA-NONE key.

  KEY_FLAG_GROUP_RX
    GTK key valid for RX only.

  KEY_FLAG_GROUP_TX_DEFAULT
    GTK key valid for TX only, immediately taking over TX.

  KEY_FLAG_PAIRWISE_RX_TX
    Pairwise key immediately becoming the active pairwise key.

  KEY_FLAG_PAIRWISE_RX
    Pairwise key not yet valid for TX. (Only usable with Extended Key ID
    support.)

  KEY_FLAG_PAIRWISE_RX_TX_MODIFY
    Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX.

  KEY_FLAG_RX_TX
    Not a valid standalone key type and can only used in combination
    with other flags to mark a key for RX/TX.

This commit is not changing any functionality. It just adds the new
key_flag to all hostapd/wpa_supplicant set_key() functions without using
it, yet.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-01-09 12:38:36 +02:00
Jouni Malinen
3df4c05aec nl80211: Pass set_key() parameter struct to wpa_driver_nl80211_set_key()
This is the function that actually uses the parameters, so pass the full
parameter struct to it instead of hiding the struct from it in the
simple wrapper.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-09 00:48:57 +02:00
Gurumoorthi Gnanasambandhan
0f903f37dc nl80211: VLAN offload support
Add indication for driver VLAN offload capability and configuration of
the VLAN ID to the driver.

Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
2020-01-09 00:48:57 +02:00
Gurumoorthi Gnanasambandhan
4d3ae54fbd Add vlan_id to driver set_key() operation
This is in preparation for adding support to use a single WLAN netdev
with VLAN operations offloaded to the driver. No functional changes are
included in this commit.

Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
2020-01-09 00:48:57 +02:00
Jouni Malinen
f822546451 driver: Move set_key() parameters into a struct
This makes it more convenient to add, remove, and modify the parameters
without always having to update every single driver_*.c implementation
of this callback function.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-09 00:48:57 +02:00
Vamsi Krishna
aa663baf45 Fix QCA_WLAN_VENDOR_ATTR_ACS_VHT_SEG1_CENTER_CHANNEL NULL check
Correct the check for presence of
QCA_WLAN_VENDOR_ATTR_ACS_VHT_SEG1_CENTER_CHANNEL attribute before using it
while processing acs_result event.

Fixes: 857d94225a ("Extend offloaded ACS QCA vendor command to support VHT")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-08 16:14:24 +02:00
Jouni Malinen
c52129bed8 nl80211: Allow control port to be disabled with a driver param
This is mainly for testing purposes to allow wpa_supplicant and hostapd
functionality to be tested both with and without using the nl80211
control port which is by default used whenever supported by the driver.
control_port=0 driver parameter will prevent that from happening.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-05 21:31:33 +02:00
Markus Theil
781c5a0624 nl80211: Use control port TX for AP mode
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-01-05 21:31:33 +02:00
Markus Theil
d8252a9812 nl80211: Report control port RX events
This allows EAPOL frames to be received over the separate controlled
port once rest of the driver interface is ready for this. By itself,
this commit does not actually change behavior since cfg80211 will not be
delivering these events without them being explicitly requested.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-01-05 21:30:41 +02:00
Markus Theil
a79ed06871 Add no_encrypt flag for control port TX
In order to correctly encrypt rekeying frames, wpa_supplicant now checks
if a PTK is currently installed and sets the corresponding encrypt
option for tx_control_port().

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
2020-01-05 20:34:50 +02:00
Brendan Jackman
8759e9116a nl80211: Control port over nl80211 helpers
Linux kernel v4.17 added the ability to request sending controlled port
frames (e.g., IEEE 802.1X controlled port EAPOL frames) via nl80211
instead of a normal network socket. Doing this provides the device
driver with ordering information between the control port frames and the
installation of keys. This empowers it to avoid race conditions between,
for example, PTK replacement and the sending of frame 4 of the 4-way
rekeying handshake in an RSNA. The key difference between the specific
control port and normal socket send is that the device driver will
certainly get any EAPOL frames comprising a 4-way handshake before it
gets the key installation call for the derived key. By flushing its TX
buffers it can then ensure that no pending EAPOL frames are
inadvertently encrypted with a key that the peer will not yet have
installed.

Add a CONTROL_PORT flag to the hostap driver API to report driver
capability for using a separate control port for EAPOL frames. This
operation is exactly like an Ethernet send except for the extra ordering
information it provides for device drivers. The nl80211 driver is
updated to support this operation when the device reports support for
NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211. Also add a driver op
tx_control_port() for request a frame to be sent over the controlled
port.

Signed-off-by: Brendan Jackman <brendan.jackman@bluwireless.co.uk>
2020-01-05 19:43:52 +02:00
Jouni Malinen
ccaabeaa03 driver: Remove unused send_ether() driver op
This was used only for FT RRB sending with driver_test.c and
driver_test.c was removed more than five years ago, so there is no point
in continuing to maintain this driver op.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-05 18:32:10 +02:00
Jouni Malinen
9bedf90047 nl80211: Use monitor interface for sending no-encrypt test frames
Since NL80211_CMD_FRAME does not allow encryption to be disabled for the
frame, add a monitor interface temporarily for cases where this type of
no-encrypt frames are to be sent. The temporary monitor interface is
removed immediately after sending the frame.

This is testing functionality (only in CONFIG_TESTING_OPTIONS=y builds)
that is used for PMF testing where the AP can use this to inject an
unprotected Robust Management frame (mainly, Deauthentication or
Disassociation frame) even in cases where PMF has been negotiated for
the association.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-04 20:23:05 +02:00
Ben Greear
ff77431180 nl80211: Don't set offchan-OK flag if doing on-channel frame in AP mode
I saw a case where the kernel's cfg80211 rejected hostapd's attempt to
send a neighbor report response because nl80211 flagged the frame as
offchannel-OK, but kernel rejects because channel was 100 (DFS) and so
kernel failed thinking it was constrained by DFS/CAC requirements that
do not allow the operating channel to be left (at least in FCC).

Don't set the packet as off-channel OK if we are transmitting on the
current operating channel of an AP to avoid such issues with
transmission of Action frames.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2020-01-03 16:00:02 +02:00
Jouni Malinen
d5798e43f5 nl80211: Use current command for NL80211_CMD_REGISTER_ACTION
This was renamed to NL80211_CMD_REGISTER_FRAME long time ago.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 15:26:31 +02:00
Jouni Malinen
81ae8820a6 nl80211: Rename send_action_cookie to send_frame_cookie
This is to match the NL80211_CMD_ACTION renaming to NL80211_CMD_FRAME
that happened long time ago. This command can be used with any IEEE
802.11 frame and it should not be implied to be limited to Action
frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 15:23:49 +02:00
Jouni Malinen
5ad372cc3f nl80211: Clean up nl80211_send_frame_cmd() callers
Replace a separate cookie_out pointer argument with save_cookie boolean
since drv->send_action_cookie is the only longer term storage place for
the cookies. Merge all nl80211_send_frame_cmd() callers within
wpa_driver_nl80211_send_mlme() to use a single shared call to simplify
the function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 15:18:46 +02:00
Jouni Malinen
0dae4354f7 nl80211: Get rid of separate wpa_driver_nl80211_send_frame()
Merge this function into wpa_driver_nl80211_send_mlme() that is now the
only caller for the previously shared helper function. This is a step
towards cleaning up the overly complex code path for sending Management
frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 15:00:15 +02:00
Jouni Malinen
e695927862 driver: Remove unused send_frame() driver op
All the previous users have now been converted to using send_mlme() so
this unused send_frame() callback can be removed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 13:56:12 +02:00
Jouni Malinen
27cc06d073 nl80211: Support no_encrypt=1 with send_mlme()
This allows send_mlme() to be used to replace send_frame() for the test
cases where unencrypted Deauthentication/Disassociation frames need to
be sent out even when using PMF for the association. This is currently
supported only when monitor interface is used for AP mode management
frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 13:53:42 +02:00
Jouni Malinen
665a3007fb driver: Add no_encrypt argument to send_mlme()
This is in preparation of being able to remove the separate send_frame()
callback.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 13:53:32 +02:00
Jouni Malinen
14cc3d10ca nl80211: Simplify hapd_send_eapol() with monitor interface
Call nl80211_send_monitor() directly instead of going through
wpa_driver_nl80211_send_frame() for the case where monitor interface is
used for AP mode management purposes. drv->use_monitor has to be 1 in
this code path, so wpa_driver_nl80211_send_frame() was calling
nl80211_send_monitor() unconditionally for this code path and that extra
function call can be removed here to simplify the implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-03 12:08:58 +02:00
Jouni Malinen
16a2667203 nl80211: Don't accept interrupted dump responses
Netlink dump message may be interrupted if an internal inconsistency is
detected in the kernel code. This can happen, e.g., if a Beacon frame
from the current AP is received while NL80211_CMD_GET_SCAN is used to
fetch scan results. Previously, such cases would end up not reporting an
error and that could result in processing partial data.

Modify this by detecting this special interruption case and converting
it to an error. For the NL80211_CMD_GET_SCAN, try again up to 10 times
to get the full response. For other commands (which are not yet known to
fail in similar manner frequently), report an error to the caller.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-02 23:34:53 +02:00
Jouni Malinen
3ea58a0548 nl80211: Fix libnl error string fetching
libnl functions return a library specific error value in libnl 2.0 and
newer. errno is not necessarily valid in all error cases and strerror()
for the returned value is not valid either.

Use nl_geterror() to get the correct error string from the returned
error code.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-02 18:05:38 +02:00
Jouni Malinen
139f7ab311 mac80211_linux: Fix libnl error string fetching
libnl functions return a library specific error value. errno is not
necessarily valid in all error cases and strerror() for the returned
value is not valid either.

Use nl_geterror() to get the correct error string from the returned
error code.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-02 18:05:38 +02:00
Jouni Malinen
25ebd538a4 Drop support for libnl 1.1
This simplifies code by not having to maintain and come up with new
backwards compatibility wrappers for a library release from 12 years
ago.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-02 18:05:38 +02:00
Matteo Croce
82ba4f2d1b nl80211: Add a driver ops function to check WoWLAN status
Add function that returns whether WoWLAN has been enabled for the device
or not.

Signed-off-by: Alfonso Sanchez-Beato <alfonso.sanchez-beato@canonical.com>
2019-12-30 18:46:29 +02:00
Sergey Matyukevich
a737e40b56 drivers: Support of dynamic VLAN requires Linux ioctls
Support for dynamic VLANs depends on the Linux bridge ioctls.
Add this dependency explicitely to drivers make files.

This fixes build for minimal hostapd configs such as:
CONFIG_DRIVER_WIRED=y
CONFIG_FULL_DYNAMIC_VLAN=y

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2019-12-26 00:00:36 +02:00
Michal Kazior
8e111157e7 nl80211: Relax bridge setup
Normally nl80211 driver will attempt to strictly control what bridge
given interface is put in. It'll attempt to remove it from an existing
bridge if it doesn't match the configured one. If it's not in a bridge
it'll try to put it into one. If any of this fails then hostapd will
bail out and not set up the BSS at all.

Arguably that's reasonable since it allows to set the BSS up coherently
with regard to EAPOL handling as well as allows extra interactions with
things like FDB. However, not all hostapd drivers interact with bridge=
the same way. One example is atheros. Therefore it's not clear what the
desired behavior should be if consistency across drivers is considered.

There's a case where one might want to use a non-native Linux bridge,
e.g., openvswitch, in which case regular ioctls won't work to put an
interface into a bridge, or figure out what bridge an interface is in.
The underlying wireless driver can still be an ordinary nl80211 driver.

This change relaxes the bridge setup failure so that hostapd still
starts even if it fails to add an interface into a configured bridge
name. It still sets up all the necessary sockets (including the
configured bridge=) so EAPOL handling should work fine. This then leaves
it to the system integrator to manage wireless interface as bridge ports
and possibly fdb hints too.

Signed-off-by: Michal Kazior <michal@plume.com>
2019-12-24 21:16:23 +02:00
Jouni Malinen
1730a6a5ef nl80211: Fix couple of typos in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-23 10:24:49 +02:00
Jouni Malinen
2c5ccfa607 nl80211: Initialize full channel info struct even if channel is not known
It was possible for the driver to advertise support for channels that
are not found from wpa_supplicant frequency-to-channel mapping (e.g.,
channel 182 at 5910 MHz) and that resulted in not initializing the
channel number information. Fix this by explicitly clearing the full
struct hostapd_channel_data buffer before parsing the information into
it from the driver.

This avoids some conditional jumps that could have dependent on
uninitialized values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-23 00:01:02 +02:00
Ankita Bajaj
41cac481a8 ACS: Use frequency params in ACS (offload) completed event interface
Replace channel fields with frequency fields in ACS completed event
interface from the driver layer. Use
QCA_WLAN_VENDOR_ATTR_ACS_PRIMARY_FREQUENCY and
QCA_WLAN_VENDOR_ATTR_ACS_SECONDARY_FREQUENCY attributes if the driver
includes them in the QCA_NL80211_VENDOR_SUBCMD_DO_ACS event, otherwise
use QCA_WLAN_VENDOR_ATTR_ACS_PRIMARY_CHANNEL and
QCA_WLAN_VENDOR_ATTR_ACS_SECONDARY_CHANNEL attributes to maintain
backwards compatibility with old drivers.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-20 12:31:01 +02:00
Ahmad Masri
a19277a28b Add EDMG bandwidth to channel frequency APIs
Add EDMG bandwidth to CHANWIDTH_ defines.

Update API ieee80211_freq_to_channel_ext() to support EDMG bandwidth
for EDMG channels.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2019-12-19 23:46:28 +02:00
Ankita Bajaj
e86ba912aa ACS: Remove redundant ch_list parameters from do_acs interface
Clean up do_acs interface to not pass ch_list to drivers as the same
information is available in freq_list. The channel numbers are
duplicated between 2.4 GHz and 5 GHz bands and the 6 GHz band. So, use
the QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST to populate only 2.4 GHz and 5 GHz
channels to ensure backwards compatibility with old drivers which do not
have support to decode the newer QCA_WLAN_VENDOR_ATTR_ACS_FREQ_LIST
attribute.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-12-05 18:02:34 +02:00
Jouni Malinen
3c0d6eb8a9 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2019-11-08.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-05 12:36:09 +02:00
Eric Caruso
bb66d46758 Move ownership of MAC address randomization mask to scan params
This array can be freed either from the scan parameters or from
clearing the MAC address randomization parameters from the
wpa_supplicant struct. To make this ownership more clear, we have
each struct own its own copy of the parameters.

Signed-off-by: Eric Caruso <ejcaruso@chromium.org>
2019-10-27 19:50:22 +02:00
Mikael Kanstrup
937644aa2c nl80211: Indicate SUITE_B_192 capa only when CCMP-256/GCMP-256 supported
SUITE_B_192 AKM capability was indicated for all devices using the
nl80211 driver (without the QCA vendor specific AKM capability
indication). However, some devices can't handle Suite B 192 due to
insufficient ciphers supported. Add a check for CCMP-256 or GCMP-256
cipher support and only indicate SUITE_B_192 capability when such cipher
is supported. This allows compiling with CONFIG_SUITEB192 and still get
proper response to the 'GET_CAPABILITY key_mgmt' command. Under Android
it can also serve as a dynamic way for HAL to query platform for
WPA3-Enterprise 192-bit support.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
2019-10-27 15:22:19 +02:00
Shiva Sankar Gajula
df3b2e22a0 nl80211: Add STA node details in AP through QCA vendor subcommand
Addi STA node details in AP through QCA vendor subcommand
QCA_NL80211_VENDOR_SUBCMD_ADD_STA_NODE vendor when processing FT
protocol roaming.

Signed-off-by: Shiva Sankar Gajula <sgajula@codeaurora.org>
2019-10-25 19:29:53 +03:00
Sunil Dutt
1317ea2c0e nl80211: Allow external auth based on SAE/FT-SAE key mgmt
In the SME-in-driver case, wpa_supplicant used only the selected SAE
auth_alg value as the trigger for enabling external authentication
support for SAE. This prevented the driver from falling back to full SAE
authentication if PMKSA caching was attempted (Open auth_alg selected)
and the cached PMKID had been dropped.

Enable external auth based on SAE/FT-SAE key_mgmt, rather than doing
this based on SAE auth_alg, so that the driver can go through full SAE
authentication in cases where PMKSA caching is attempted and it fails.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-10-15 15:39:22 +03:00
Alexei Avshalom Lazar
dda5d9e315 nl80211: Add support for EDMG channels
IEEE P802.11ay defines Enhanced Directional Multi-Gigabit (EDMG) STA and
AP which allow channel bonding of 2 channels and more.

nl80211 provides the driver's EDMG capabilities from the kernel
using two new attributes:
NL80211_BAND_ATTR_EDMG_CHANNELS - bitmap field that indicates the 2.16
GHz channel(s) that are supported by the driver.
NL80211_BAND_ATTR_EDMG_BW_CONFIG - represents the channel bandwidth
configurations supported by the driver.
The driver's EDMG capabilities are stored inside struct hostapd_hw_modes.

As part of the connect request and starting AP, EDMG parameters are
passed as part of struct hostapd_freq_params.

The EDMG parameters are sent to the kernel by using two new attributes:
NL80211_ATTR_WIPHY_EDMG_CHANNEL and NL80211_ATTR_WIPHY_EDMG_BW_CONFIG
which specify channel and bandwidth configuration for the driver to use.

This implementation is limited to CB2 (channel bonding of 2 channels)
and the bonded channels must be adjacent.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
2019-10-07 16:06:04 +03:00
Alexander Wetzel
83b83b461d nl80211: Migrate to current netlink key message format
Linux 2.6.32 (December 2009) introduced alternate netlink messages
for setting and installing keys, deprecating the older ones.

To allow hostapd/wpa_supplicant to use new features only provided via
the new API this patch migrates all netlink messages to the current ones.

Since the nl80211 driver was sometimes already using the new format this
is only unifying the netlink API usage and not changing the minimal
kernel requirement.

The following netlink attributes have been retired for key installs:

  NL80211_ATTR_KEY_DATA
  NL80211_ATTR_KEY_TYPE
  NL80211_ATTR_KEY_SEQ
  NL80211_ATTR_KEY_IDX
  NL80211_ATTR_KEY_CIPHER
  NL80211_ATTR_KEY_DEFAULT
  NL80211_ATTR_KEY_DEFAULT_MGMT
  NL80211_ATTR_KEY_DEFAULT_TYPES

And replaced by the following attributes nested in NL80211_ATTR_KEY:

  NL80211_KEY_DATA
  NL80211_KEY_TYPE
  NL80211_KEY_SEQ
  NL80211_KEY_IDX
  NL80211_KEY_CIPHER
  NL80211_KEY_DEFAULT
  NL80211_KEY_DEFAULT_MGMT
  NL80211_KEY_DEFAULT_TYPES

When getting Michael MIC failure notifications or querying a key
sequence number the kernel continues to use the old attributes:
  NL80211_ATTR_KEY_TYPE
  NL80211_ATTR_KEY_SEQ
  NL80211_ATTR_KEY_IDX

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2019-09-19 12:48:37 +03:00
Roy Marples
a3ebf71751 BSD: Add support for route(4) message filtering
hostapd is only interested in RTM_IEEE80211.
wpa_supplicant is only interested in RTM_IEEE80211, RTM_IFINFO and
RTM_IFANNOUNCE.

This supports the NetBSD RO_MSGFILTER interface and the alternative
DragonFlyBSD/OpenBSD interface ROUTE_MSGFILTER.

Signed-off-by: Roy Marples <roy@marples.name>
2019-09-19 12:16:49 +03:00
John Crispin
a84bf44388 HE: Send the AP's OBSS PD settings to the kernel
This allows us to send the OBSS PD settings to the kernel, such that the
driver can propagate them to the hardware/firmware.

Signed-off-by: John Crispin <john@phrozen.org>
2019-09-10 14:00:14 +03:00
Jouni Malinen
262b71eead Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2019-08-30.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-10 13:42:14 +03:00
Jouni Malinen
7d2ed8bae8 Remove CONFIG_IEEE80211W build parameter
Hardcode this to be defined and remove the separate build options for
PMF since this functionality is needed with large number of newer
protocol extensions and is also something that should be enabled in all
WPA2/WPA3 networks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-08 17:33:40 +03:00
Sunil Dutt
c574a3ff18 nl80211: Request update connection params only for drivers with SME
Update Connection Params is intended for drivers that implement
internal SME and expect these updated connection params from
wpa_supplicant. Do not send this request for the drivers using
SME from wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-16 15:26:18 +03:00
Sven Eckelmann
df4f959988 nl80211: Don't force VHT channel definition with HE
HE (802.11ax) is also supported on 2.4 GHz. And the 2.4 GHz band isn't
supposed to use VHT operations. Some codepaths in wpa_supplicant will
therefore not initialize the freq->bandwidth or the freq->center_freq1/2
members. As a result, the nl80211_put_freq_params() will directly return
an error (-1) or the kernel will return an error due to the invalid
channel definition.

Instead, the channel definitions should be created based on the actual
HT/VHT/none information on 2.4 GHz.

Fixes: ad9a1bfe78 ("nl80211: Share VHT channel configuration for HE")
Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-08-11 18:04:26 +03:00
Sunil Dutt
1425caac28 Rename qca_wlan_vendor_attr_roam_subcmd to represent subcmds
qca_wlan_vendor_attr_roam_subcmd is an enum associated with the
attribute QCA_WLAN_VENDOR_ATTR_ROAMING_SUBCMD. It represents different
sub command values and these are not the attributes. Hence, rename the
enum to qca_wlan_vendor_roaming_subcmd. Accordingly, the members of this
enum are also renamed to suite the usage.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-08 18:45:08 +03:00
Arend van Spriel
cb28bd52e1 nl80211: Use separate flag for 4-way handshake offload
Commit d896874f86 ("nl80211: Indicate 802.1X 4-way handshake offload
in connect") used the req_key_mgmt_offload flag to indicate to the
driver that it should offload the 802.1X handshake. However, this field
was existing and used for a different offload API. This causes
wpa_supplicant to send a connect request without the WANT_1X_HS flag and
the subsequent set-pmk is rejected causing the connection to fail. Fix
that by introducing a new flag req_handshake_offload so the offloads are
no longer entangled.

Fixes: d896874f86 ("nl80211: Indicate 802.1X 4-way handshake offload in connect")
Reported-by: Stefan Wahren <wahrenst@gmx.net>
Tested-by: Stefan Wahren <wahrenst@gmx.net>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-08-01 15:52:48 +03:00
Brian Norris
3b726df827 nl80211: Missing sysctl flags aren't fatal
The relevant flags were only added in Linux 4.6, so we shouldn't
complain because they're missing. Also, they're always missing if a
device is being removed (e.g., 'iw dev wlan0 del', or if the device is
in the process of resetting itself). So kill those 2 birds with 1 stone:
if we can't find the file, just silently skip it.

Also, we probably should *actually* propagate the error if we had a
write failure.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2019-07-30 20:01:13 +03:00
Sunil Dutt
968520da8f nl80211: Add WMM parameters while updating TDLS peer entry
The AP mode fix for removing NL80211_ATTR_STA_WME from
NL80211_CMD_SET_STATION did not consider the TDLS case and that resulted
in incorrectly removing WMM parameters from TDLS STA entry updates. Fix
this by considering the WPA_STA_TDLS_PEER flag similarly to the other
update parameters.

Fixes: 6d14b98fc6 ("nl80211: Do not add WMM parameters when updating an existing STA entry")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-26 15:42:22 +03:00
Sven Eckelmann
3459c54ac7 mesh: Add support for HE mode
Mesh points can partially support HE features (when requiring no
controlling STA/AP) as long as hardware supports it. The kernel just
requires support for HE mesh and wpa_supplicant can forward the peer
capabilities to the kernel for further processing.

Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-06-23 18:03:51 +03:00
Sven Eckelmann
29d8bd1dec nl80211: Add driver multi iftype HE capability parsing
The HE capabilities are no longer per PHY but per iftype on this
specific PHY. It is therefore no longer enough to just parse the AP
capabilities.

The he_capabilities are now duplicated to store all information for
IEEE80211_MODE_* which hostap cares about. The nl80211 driver fills in
this information when the iftype supports HE. The rest of the code still
only uses the IEEE80211_HE_AP portion but can be extended later to also
use other HE capabilities.

Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-06-23 18:03:51 +03:00
Liangwei Dong
d1836e2308 nl80211: Introduce the interface to update new DH IE
This command/event interface can be used by SME based host drivers that
rely on user space (hostapd/wpa_supplicant) for DH IE
processing/generation. This interface facilitates the OWE connection
with host drivers by offloading DH IE processing to the user space
(hostapd/wpa_supplicant).

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
Signed-off-by: Liangwei Dong <liangwei@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:51 +03:00
Jouni Malinen
b09670abfb macsec_linux: Hook QCA driver wrapper for hostapd MACsec
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
3e21a47eab macsec_qca: Hook QCA driver wrapper for hostapd MACsec
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
Ashok Kumar
2552a3735a SAE: Fix external_auth status in driver-SME STA case with AP SME support
A driver that uses internal AP SME may need to be able to use the
external_auth status operation in station mode, so do not skip this
solely based on drv->device_ap_sme; instead, use that condition only
when operating in AP mode.

Fix external_auth status in non SME case.

Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
2019-05-31 16:52:15 +03:00
Haim Dreyfuss
636c02c6e9 nl80211: Add regulatory wmm_limit to hostapd_channel_data
ETSI EN 301 893 v2.1.1 (2017-05) standard defines a new channel access
mechanism that all devices (WLAN and LAA) need to comply with.
In previous versions the device was allowed by ETSI to implement
802.11 channel access mechanism based on a set of priority classes
which are taken from 802.11. According of the new standard there
might be some exceptions which require ETSI countries to follow
more restrictive rules. In such a case the AP's wmm IE need to
comply with ETSI limitation. To be able to do so the regulatory
domain passes the new limitation values if needed.
Implement this, by storing it and use it to calculate the new
WMM parameters.

This commit adds determination of regulator limitations to
NL80211_CMD_GET_WIPHY processing so that the information is available
for upper layer implementation to use later when constructing WMM
element.

Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
2019-05-28 18:54:05 +03:00
Pradeep Kumar Chitrapu
c36109e4d9 nl80211: Add support to probe specific mesh link by injecting frames
Add support for injecting frames to a given mesh peer, bypassing the
mpath table lookup using PROBE_MESH_LINK command. This helps to send
data frames over unexercised direct mesh path, which is not selected as
next_hop node. This can be helpful in measuring link metrics.

Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2019-05-28 14:32:23 +03:00
Jouni Malinen
4087957814 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2019-04-26.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-28 14:31:29 +03:00
Johannes Berg
b6f8b5a964 nl80211: Update freq only when CSA completes
In the case of the ap_csa_disable test, I frequently see
failures due to the kernel *not* having switched, but the
CSA-STARTED event having been processed, and thus the
frequency having been updated already.

This is wrong at least for AP mode, the frequency we store
for this case internally in nl80211 should only be updated
when the channel switch completes, otherwise we end up in
a situation where the switch is aborted and the kernel is
thus on the old channel, but the internal information has
been updated and every subsequent mgmt-frame TX fails due
to being tagged with the wrong channel.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-05-28 13:48:21 +03:00
John Crispin
ad9a1bfe78 nl80211: Share VHT channel configuration for HE
Set operating channel bandwidth and center frequencies using the same
attributes for VHT and HE.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:03:39 +03:00
John Crispin
0dbc894f46 HE: Fix HE Capabilities indication from driver
The PPE Thresholds information in the end of the HE Capabilities element
is optional and of variable length. struct he_ppe_threshold was not
really used correctly for encoding this, so remove it and just reserve
enough space for the information.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:23 +03:00
John Crispin
59d9c3a145 nl80211: Allow HE Capability to be set for a STA
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
Jouni Malinen
7d43c7b2d6 nl80211: Write event name in debug log for ignored events
This makes it easier to understand debug logs from systems that have
multiple interfaces.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 21:37:23 +03:00
Toke Høiland-Jørgensen
6720b9482f nl80211: Station airtime weight configuration
This provides a mechanism for configuring per-STA airtime weight for
airtime policy configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-05-02 13:28:17 +03:00
Toke Høiland-Jørgensen
58d4c23615 nl80211: Fetch STA TX/RX duration statistics
This makes per-STA TX/RX duration statistics available for airtime policy
configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-04-30 12:34:58 +03:00
Toke Høiland-Jørgensen
1d6f63854e nl80211: Fetch STA TXQ backlog statistics
This makes per-STA TXQ backlog statistics available for airtime policy
configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-04-30 12:34:58 +03:00
Jouni Malinen
099224c18e nl80211: Simplify if_indices tracking
Maintain a single array (of struct with two int variables) instead of
two independent arrays (of int) for tracking know ifindexes and reasons
for having added them. The previous implementation tried to maintain two
independent arrays even though they were always required to be of
exactly same length and order. That had resulted in a bug earlier and
the code was not exactly easy to understand either, so replace this with
a single array.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 21:05:54 +03:00
Jouni Malinen
e6ca2f1139 nl80211: Fix handling of if_indices reallocation failure
Addition of a separate if_indices_reason array broke reallocation
failure checking. drv->if_indices or drv->if_indices_reason could not be
NULL in the place where this check was moved to. Fix that by maintaining
knowledge of reallocation failure in a separate local variable.

Fixes: 732b1d20ec ("nl80211: Clean up ifidx properly if interface in a bridge is removed")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 20:52:10 +03:00
John Crispin
5b3940d0c2 nl80211: Add driver HE capabilities parsing support
Add code to parse NL80211_BAND_ATTR_IFTYPE_DATA when reading the band
info. This is needed to find out about the local HE capabilities in AP
mode.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 11:43:59 +03:00
Jouni Malinen
1b90aae929 nl80211: Remove QCA vendor specific HE capability handling
The QCA_NL80211_VENDOR_SUBCMD_GET_HE_CAPABILITIES attributes are not
up-to-date with the latest P802.11ax/D4.0 capabilities and would need to
be updated or replaced. Since the variables from this functionality were
not used for anything in practice, it is easier to simply remove this
functionality completely to avoid issues with upcoming updates to use
upstream nl80211 information to determine HE capabilities.

This is practically reverting the commit ca1ab9db2a ("hostapd: Get
vendor HE capabilities").

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 11:43:59 +03:00
Omer Dagan
95f556f3c7 Make channel switch started event available over control interface
This makes it easier to upper layer components to manage operating
channels in cases where the same radio is shared for both station and AP
mode virtual interfaces.

Signed-off-by: Omer Dagan <omer.dagan@tandemg.com>
2019-04-22 22:08:07 +03:00
Jouni Malinen
4be17ffbd9 Replace int status/reason_code with u16 variable
These cases are for the IEEE 802.11 Status Code and Reason Code and
those fields are unsigned 16 bit values, so use the more appropriate
type consistently. This is mainly to document the uses and to make the
source code easier to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-22 22:08:07 +03:00
Jouni Malinen
c8931afe24 nl80211: Check nla_put_flag() failure for ext auth
All nla_put*() operations should be verified to succeed, so check this
recently added one for NL80211_ATTR_EXTERNAL_AUTH_SUPPORT.

Fixes: 236e793e7b ("nl80211: External authentication in driver-based AP SME mode")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-18 21:55:39 +03:00
Ilan Peer
323a51cc01 nl80211: Handle NL80211_CMD_PROBE_CLIENT command response
When processing the NL80211_CMD_PROBE_CLIENT command response, the
nl80211 layer in the kernel sends a response containing the cookie
associated with the client probe request. This response was not handled
by driver_nl80211.c when sending the command, and it was mistakenly
handled as an asynchronous event. This incorrect event did not include
the MAC/ACK attributes, so it was ignored in practice, but nevertheless,
the command response should not be processed as an event.

Fix this by reading the response as part of the sending the command
flow.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2019-04-16 01:53:18 +03:00
Jouni Malinen
28f19a3ae5 nl80211: More detailed PROBE_CLIENT debug print
Include the MAC address of the peer, knowledge of whether the poll was
ACKed, and cookie into the debug message to make this more useful.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-16 01:52:34 +03:00
Jouni Malinen
c5fff8bbd2 nl80211: Update assoc_freq and bss->freq based on real association info
Move event.assoc_info.freq selection to be after the
nl80211_get_assoc_ssid() call so that the current cfg80211 information
on the operating channel can be used should anything unexpected have
happened between the association request and completion of association.
Furthermore, update bss->freq based on assoc_freq to make that
information a bit more useful for station mode. It was already updated
after channel switches during association, but not at the beginning of
association.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 12:40:45 +03:00
Jouni Malinen
091c227714 nl80211: Clear bss->freq on station mode disconnection
This fixes some issues where bss->freq could have been used to replace
the current operating channel when sending out a management frame.
bss->freq has not been consistently used to track the current operating
channel in station mode, so it should not be trusted for this type of
uses. Clearing it makes this a bit more robust by at least avoiding the
cases of information from past association being used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 12:33:37 +03:00
Ryo ONODERA
8f36c84a27 bsd: Fix a typo in error message
When SIOCG80211 failed, show error message with SIOCG80211
instead of SIOCS80211.

Signed-off-by: Ryo ONODERA <ryo@tetera.org>
2019-04-13 11:26:25 +03:00
Jouni Malinen
dd1a8cef4c Remove unnecessary copying of SSID and BSSID for external_auth
The external authentication command and event does not need to copy the
BSSID/SSID values into struct external_auth since those values are used
before returning from the call. Simplify this by using const u8 * to
external data instead of the array with a copy of the external data.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-12 20:43:26 +03:00
Srinivas Dasari
236e793e7b nl80211: External authentication in driver-based AP SME mode
This extends driver interface to nl80211 by introducing the following
changes,
1. Register for Authenication frames in driver-based AP SME mode.
2. Advertise NL80211_ATTR_EXTERNAL_AUTH_SUPPORT in set_ap when
   offloaded SAE authentication is supported.
3. Extend the NL80211_CMD_EXTERNAL_AUTH interface to also send PMKID
   so that the drivers can respond to the PMKSA cached connection
   attempts from the stations avoiding the need to contact user space
   for all PMKID-based connections.
4. Send external auth status to driver only if it is a driver based
   SME solution.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
2019-04-12 20:29:56 +03:00
Ankita Bajaj
005585d602 nl80211: Add SAE, FT-SAE, FT-EAP-SHA384 AKMs in connect request
This is needed for full MAC drivers that use NL80211_CMD_CONNECT
for issuing connect request.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-05 21:02:37 +03:00
Jouni Malinen
6d14b98fc6 nl80211: Do not add WMM parameters when updating an existing STA entry
In the case of the driver not supporting full AP mode STA state (i.e.,
not adding a STA entry before association), the QoS parameters are not
allowed to be modified when going through (re)association exchange for a
STA entry that has not been removed from the kernel. cfg80211 would
reject such command to update STA flags, so do not add the WMM parameter
in this case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 03:14:02 +02:00
vamsi krishna
4efade3157 nl80211: Clear keys from heap memory before freeing it for get_seqnum
NL80211_CMD_GET_KEY response may return the actual key in addition to
the last used sequence number that we need. That might result in a key
being left in unused heap memory after the buffer is freed.

Explicitly clear the message payload with the possibly included key
material from heap memory before returning from the handler function
(and having libnl free the nlmsg) when key information is obtained from
the driver using the NL80211_CMD_GET_KEY command.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 14:54:18 +02:00
vamsi krishna
c6ec9759c5 nl80211: Exclude PMK when sending NL80211_CMD_DEL_PMKSA explicitly
Add a check in nl80211 driver layer to not include PMK while sending
NL80211_CMD_DEL_PMKSA explicitly. Though it is taken care already in
supplicant layer by setting the pmk_len to zero, it would be good
to have a check in nl80211 layer in order to avoid future accidental
inclusions of keying material in commands that do not need them.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 13:22:40 +02:00
Jouni Malinen
bf0021ede3 Allow fragmentation/RTS threshold to be disabled explicitly
hostapd configuration parameters fragm_threshold and rts_threshold were
documented to disable the threshold with value -1 and not change driver
configuration if the parameter is not included. However, -1 was mapped
into not changing the driver value, so the explicit disabling part did
not work.

Replace the default values for these to be -2 so that explicitly set
configuration value -1 can be distinguished from the case of not
including the parameter. Map the -1 value to a driver request to disable
the threshold. Ignore any error from this operation just in case to
avoid breaking functionality should some drivers not accept the (u32) -1
value as a threshold value request to disable the mechanism.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-12 17:15:08 +02:00
Jouni Malinen
56a33496fe Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2019-01-25.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-12 00:23:45 +02:00
Jouni Malinen
ca9efe113c roboswitch: Check some read operation results
This gets rid of some static analyzer warnings about uninitialized
variables being used in comparisons or write operations.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 18:56:48 +02:00
Jouni Malinen
5ac13f6d00 atheros: Avoid clang compiler warning on address of array check
ie.wps_ie is an array, so there is no point in checking whether it is
NULL.

driver_atheros.c:1221:9: error: address of array 'ie.wps_ie' will
      always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
5d68c0acd2 nl80211: (Re)Association Request frame IEs from association event
Process NL80211_ATTR_REQ_IE from the NL80211_CMD_ASSOCIATE event to
allow request IEs to be made available for the SME-in-wpa_supplicant
case similarly to how this is done with SME-in-driver with
NL80211_CMD_CONNECT.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-15 02:09:41 +02:00
Jouni Malinen
21cd8f8319 nl80211: Use wpa_ssid_txt() for debug messages more consistently
Print the SSID with printf escaping instead of wpa_hexdump_ascii()
format to clean up the debug log a bit. This was already done for number
of SSID debug prints.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
6110753b18 nl80211: Clear PMKID add command message buffer
This command has now been extended to include PMK for offload needs, so
the message buffer needs to be cleared explicitly after use to avoid
leaving such material in heap memory unnecessarily.

Fixes: 061a3d3d53 ("nl80211: Add support for FILS Cache Identifier in add/remove_pmkid()")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
0fa33e05b4 nl80211: Clear connect command message buffer
This command can include keys (WEP or PSK for offload), so the message
buffer needs to be cleared explicitly after use to avoid leaving such
material in heap memory unnecessarily.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
b14e8ea1d2 nl80211: Request kernel to trim off payload of netlink requests from acks
We do not need such payload in the acknowledgment, so adding it uses
resources unnecessarily. Furthermore, the original request can include
key material (e.g., NL80211_ATTR_PMK). libnl does not explicitly clear
this received message buffer and it would be inconvenient for
wpa_supplicant/hostapd to try to clear it with the current libnl design
where a duplicated buffer is actually passed to the callback. This means
that keys might be left unnecessarily in heap memory. Avoid this by
requesting the kernel not to copy back the request payload.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
6bcbda4082 drivers: Set CONFIG_LIBNL32=y automatically based on pkg-config
If the libnl version is not specified explicitly with CONFIG_LIBNL*, try
to check for the most likely case today with pkg-config.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-08 13:31:55 +02:00
Andrey Kartashev
41b747522e drivers: Move libnl related build flags to separate ifdef block
Fix compilation issue if we want to build wpa_supplicant without any
wireless connectivity but only with MACSec support via Linux kernel
driver.

Signed-off-by: Andrey Kartashev <a.s.kartashev@gmail.com>
2019-01-08 13:24:22 +02:00
Arend van Spriel
d896874f86 nl80211: Indicate 802.1X 4-way handshake offload in connect
Upon issuing a connect request we need to indicate that we want the
driver to offload the 802.1X 4-way handshake for us. Indicate it if
the driver capability supports the offload.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-01-08 01:12:02 +02:00
Arend van Spriel
436ee2fd93 drivers: Add separate driver flags for 802.1X and PSK 4-way HS offloads
Allow drivers to indicate support for offloading 4-way handshake for
either IEEE 802.1X (WPA2-Enterprise; EAP) and/or WPA/WPA2-PSK
(WPA2-Personal) by splitting the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE flag
into two separate flags.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-01-08 01:12:02 +02:00
Jouni Malinen
89d79150ac Avoid forward references to enum types in ieee802_11_common.h
These are not allowed in ISO C++ (and well, not really in ISO C either,
but that does not result in compiler warning without pedantic
compilation).

Since ieee802_11_common.h may end up getting pulled into C++ code for
some external interfaces, it is more convenient to keep it free of these
cases. Pull in ieee802_11_defs.h to get enum phy_type defined and move
enum chan_width to common/defs.h (which was already pulled in into
src/drivers/driver.h and src/common/ieee802_11_common.h).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-07 17:26:40 +02:00
Dmitry Lebed
4299ad826d nl80211: Add supported bandwidth parsing
Add NL80211_FREQUENCY_ATTR_NO_* channel attributes parsing. This is
needed for correct checking if channel is available in a particular
bandwidth.

Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
2019-01-06 11:35:31 +02:00
Sergey Matyukevich
fb60dbdcec vlan: Use new bridge ioctl()
Legacy ioctl() through SIOCDEVPRIVATE are deprecated. Follow the
approach taken by bridge-utils and make use of new bridge ioctl's
whenever possible.

For example, using legacy ioctl() breaks dynamic VLAN mode on 32-bit
Linux systems running 64-bit kernels.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2019-01-02 00:23:43 +02:00
Jouni Malinen
b2f1e5458b hostap: Silence compiler warnings about IFNAMSIZ buffers
Report interface name truncation and reject such cases in Host AP driver
initialization of the AP interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-01 19:38:58 +02:00
Jouni Malinen
d8dda601f0 nl80211: Debug print channel list
This makes it a bit easier to figure out how channel list update from
the kernel is taken into use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-01 15:51:10 +02:00
Jouni Malinen
fea49f8f93 nl82011: Make wiphy-specific country (alpha2) available in STATUS-DRIVER
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-31 16:41:24 +02:00
Jouni Malinen
02d53ac351 nl80211: Debug print details from the beacon hint events
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-31 16:29:16 +02:00
Jouni Malinen
f9052d6ea5 nl80211: Note interface-removal-from-bridge errors in debug log
One of the linux_br_del_if() calls did not log nl80211-specific entry.
Make this more consistent with the other cases even though
linux_br_add_if() function itself is logging an error in the ioctl()
failure case (but not in the interface not found case).

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-31 01:05:23 +02:00
Mike Siedzik
2fc0675683 mka: Fix lowest acceptable Packet Number (LPN) calculation and use
The purpose of the Lowest Acceptable PN (lpn) parameters in the MACsec
SAK Use parameter set is to enforce delay protection. Per IEEE Std
802.1X-2010, Clause 9, "Each SecY uses MKA to communicate the lowest PN
used for transmission with the SAK within the last two seconds, allowing
receivers to bound transmission delays."

When encoding the SAK Use parameter set the KaY should set llpn and olpn
to the lowest PN transmitted by the latest SAK and oldest SAK (if
active) within the last two seconds. Because MKPDUs are transmitted
every 2 seconds (MKA_HELLO_TIME), the solution implemented here
calculates lpn based on the txsc->next_pn read during the previous MKPDU
transmit.

Upon receiving and decoding a SAK Use parameter set with delay
protection enabled, the KaY will update the SecY's lpn if the delay
protect lpn is greater than the SecY's current lpn (which is a product
of last PN received and replay protection and window size).

Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
2018-12-26 16:42:25 +02:00
Jouni Malinen
91ad2f441a macsec_linux: Add driver status information
wpa_supplicant STATUS-DRIVER control interface command can now be used
to fetch the macsec_linux driver status information like parent
interface name.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-25 00:54:51 +02:00
Jouni Malinen
d0dde0808d driver: Fix a typo in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-25 00:54:51 +02:00
Jouni Malinen
7c6acc757b macsec_linux: More detailed debug logs for driver interaction
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-24 21:12:18 +02:00
Jouni Malinen
e422a819d0 Check snprintf result to avoid compiler warnings
These do not really get truncated in practice, but it looks like some
newer compilers warn about the prints, so silence those by checking the
result and do something a bit more useful if the output would actually
get truncated.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-24 11:09:22 +02:00
Veerendranath Jakkam
8ec7c99ee4 nl80211: Fetch supported AKM list from the driver
Try to fetch the list of supported AKM suite selectors from the driver
through the vendor interface
QCA_NL80211_VENDOR_SUBCMD_GET_SUPPORTED_AKMS. If that command is
available and succeeds, use the returned list to populate the
wpa_driver_capa key_mgmt information instead of assuming all
cfg80211-based drivers support all AKMs. If the driver does not support
this command, the previous behavior is maintained.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-21 21:49:02 +02:00
Johannes Berg
5b82cdbe8b nl80211: Add support for starting FTM responder
Add support for starting FTM responder when in AP mode. This just sends
the appropriate NEW/SET_BEACON command to the driver with the LCI/civic
location data.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-12-21 11:22:35 +02:00
Andrei Otcheretianski
4cb618cf2d driver: Add FTM responder configuration APIs
Add configuration options to enable FTM responder and configure LCI and
civic parameters. In addition, introduce WPA_DRIVER_FLAGS_FTM_RESPONDER
flag, which can be used to indicate FTM responder support in AP mode.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-12-21 11:18:00 +02:00
Jouni Malinen
6a24adee9c Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2018-12-15.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-21 11:12:39 +02:00
Venkateswara Naralasetty
5abc7823bd wpa_supplicant: Add Multi-AP backhaul STA support
Advertise vendor specific Multi-AP IE in (Re)Association Request frames
and process Multi-AP IE from (Re)Association Response frames if the user
enables Multi-AP fuctionality. If the (Re)Association Response frame
does not contain the Multi-AP IE, disassociate.

This adds a new configuration parameter 'multi_ap_backhaul_sta' to
enable/disable Multi-AP functionality.

Enable 4-address mode after association (if the Association Response
frame contains the Multi-AP IE). Also enable the bridge in that case.
This is necessary because wpa_supplicant only enables the bridge in
wpa_drv_if_add(), which only gets called when an interface is added
through the control interface, not when it is configured from the
command line.

Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-12-20 12:10:31 +02:00
Mathy Vanhoef
f9da7505bf OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.

On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.

Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.

As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:42:23 +02:00
Mathy Vanhoef
d706e0d7a3 Add functions to convert channel bandwidth to an integer
This adds two utility functions to convert both operating classes and
and the chan_width enum to an integer representing the channel
bandwidth. This can then be used to compare bandwidth parameters in an
uniform manner.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Mathy Vanhoef
7f00dc6e15 Add driver API to get current channel parameters
This adds driver API functions to get the current operating channel
parameters. This encompasses the center frequency, channel bandwidth,
frequency segment 1 index (for 80+80 channels), and so on.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Jouni Malinen
bd51246924 nl80211: Debug print TX queue parameter values and result
Some mac80211_hwsim test cases have failed with mysterious sequence
where mac80211 has claimed the parameters are invalid ("wlan3: invalid
CW_min/CW_max: 9484/40"). Those values look strange since they are not
from hostapd configuration or default values.. hostapd is seeing TX
queue parameter set failing for queues 0, 1, and 3 (but not 2) for these
cases. Add debug prints to hostapd to get more details on what exactly
is happening if such error cases can be reproduced.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 19:50:59 +02:00
Jouni Malinen
3d1d469195 Fix indentation level
This gets rid of smatch warnings about inconsistent indenting.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:19 +02:00
Jouni Malinen
b3f99d45d5 macsec_linux: Make create_transmit_sc() handler use matching arguments
The currently unused conf_offset parameter used a mismatching type (enum
vs. unsigned int) compared to the prototype.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:01 +02:00
Jouni Malinen
b82fcf06f2 macsec_linux: Use NULL to clear a pointer
Avoid a sparse warning from use of a plain integer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 17:32:35 +02:00
Jouni Malinen
ff7f339cff macsec_qca: Mark macsec_qca_set_transmit_next_pn() static
This function is not used outside this C file. Mark it static to avoid a
warning from sparse.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 17:32:09 +02:00
Cedric Izoard
10d32e2c8d nl80211: Use netlink connect socket for disconnect (ext auth)
When external authentication is used, a specific netlink socket is used
to send the connect command. If the same socket is not used for
disconnect command, cfg80211 will discard the command. This constraint
was added into the kernel in commit bad292973363 ("nl80211: Reject
disconnect commands except from conn_owner"). That requires an update
for the hostap.git commit 40a68f3384 ("nl80211: Create a netlink
socket handle for the Connect interface").

Add a new flag into struct i802_bss to indicate if the special
nl_connect socket was used for the connect command. When sending
disconnect command this flag is tested to select the correct socket.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2018-11-26 19:24:31 +02:00
Emmanuel Grumbach
941807f6b6 drivers: Document struct wpa_signal_info
Add documentation to the wpa_signal_info structure.
Add a define for an invalid noise value.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2018-11-26 00:57:50 +02:00
Johannes Berg
babdd8d0d9 nl80211: Use correct u8 size for NL80211_ATTR_SMPS_MODE
Back in December 2017, Jouni fixed the output side since that was
causing a kernel message to be printed, but the input side should
also be fixed, otherwise it will not work correctly on big-endian
platforms.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2018-11-22 15:53:30 +02:00
Jouni Malinen
d514b50265 WNM: Collocated Interference Reporting
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.

For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".

For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".

This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-30 14:07:51 +02:00
Peng Xu
224eddb03b nl80211: Read reg-domain information from a specific wiphy
If driver supports self-managed regulatory domain, read reg-domain
information for that specific wiphy interface instead the global
information which may be different which such drivers. This fixes issues
where a regulatory update with a self-managed regulatory domain driver
ended up building incorrect list of supported channels for upper layer
hostapd/wpa_supplicant operations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-24 18:36:34 +03:00
Peng Xu
8aa4d5521c nl80211: Add support for self-managed regulatory device
Add a flag indicating if the device has the self-managed regulatory
support. Set the flag if NL80211_ATTR_WIPHY_SELF_MANAGED_REG attribute
is set when reading wiphy info.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-24 18:34:31 +03:00
Andrei Otcheretianski
d577f7f3d5 nl80211: Warn about interface name truncations
This is something useful to know and also eliminates format truncation
warnings.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-10-16 12:53:15 +03:00
Johannes Berg
40432e6eb3 nl80211: Implement netlink extended ACK support
Implement netlink extended ACK support to print out the error
message (if any).

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2018-10-14 20:20:11 +03:00
Roee Zamir
d6801b0545 nl80211: Support OCE features (driver capability and scan params)
Check if the device supports specific mandatory features and set the the
relevant WPA_DRIVER_FLAGS_OCE_STA flag. Send the relevant scan
parameters for OCE scans.

Signed-off-by: Roee Zamir <roee.zamir@intel.com>
2018-09-02 17:59:01 +03:00
Roee Zamir
938dd97a84 driver: Add OCE scan parameters
Add a flag to scan parameters that enables OCE scan features. If this
flag is set the device should enable the following features as defined
in the Optimized Connectivity Experience Technical Specification v1.0:
- Overwrite FILS request Max Channel Time with actual value (clause 3.8)
- Send Probe Request frame in high rate (at least 5.5 Mbps) (clause 3.12)
- Probe Request frame Transmission Deferral and Suppression (clause 3.5)
- Accept broadcast Probe Response frame (clause 3.6)

Signed-off-by: Roee Zamir <roee.zamir@intel.com>
2018-09-02 17:53:32 +03:00
Jouni Malinen
830eacf9d0 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2018-08-29.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-09-02 17:45:27 +03:00
Jouni Malinen
57151ae984 atheros: Fix atheros_send_mgmt() dependency on CONFIG_FILS
This fixes a CONFIG_FILS=y build without CONFIG_IEEE80211W=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-09-02 12:42:28 +03:00
Hu Wang
b898b65582 nl80211: Do not ignore disconnect event in case of !drv->associated
Commit 3f53c006c7 ('nl80211: Ignore
disconnect event in case of locally generated request') made
wpa_supplicant ignore the next received disconnect event for cases where
wpa_supplicant itself requested a disconnection. This can result in
ignoring a disconnection notification in some cases.

Considering a P2P Client receiving disconnect event from the kernel
after a P2P group is started, drv->ignore_next_local_disconnect is
cleared to 0, then wpa_driver_nl80211_disconnect() will be called during
the removal of the group, in which drv->ignore_next_local_disconnect is
set to 1 by mistake.

Do not allow ignore_next_local_{disconnect,deauth} to be set to 1 if the
driver is not in associated state (drv->associated is 0) to avoid this
type of cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-31 12:01:33 +03:00
xiaofeis
b3f24b06e3 mka: Fix confidentiality offset issue in macsec_qca driver interface
Confidentiality offset from MKA should be configured to the
driver/hardware when creating SA.

Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
2018-08-24 16:27:34 +03:00
xiaofeis
bed30e8d3b mka: Fix sci port mask issue in macsec_qca driver interface
Need to use full 8-bit mask here when swapping byte order.

Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
2018-08-24 16:27:34 +03:00
Bhagavathi Perumal S
8bfbb295df nl80211: Fix sending of WDS STA event to the correct BSS context
The WDS-STA-INTERFACE-ADDED/WDS-STA-INTERFACE-REMOVED events were always
sent to the first BSS instead of the specific BSS that the STA was
connected to in multi-BSS cases. Fix this by using the BSS specific
context pointer.

Fixes: 1952b626ba ("hostapd: Add ctrl iface indications for WDS STA interface")
Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-08-24 16:27:34 +03:00
xiaofeis
1ff8605775 mka: Support GCM-AES-256
GCM-AES-256 cipher suite is defined in IEEE Std 802.1AEbn-2011.

If authenticator configured as GCM-AES-256, the distributed SAK will be
256 bits indicated by the GCM-AES-256 ID in the MKA packet.

This patch will make AES Key Unwrap to 32 bytes of SAK when identify the
ID.

Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
2018-08-21 19:28:20 +03:00
Hu Wang
8a9950f7b6 nl80211: Indicate interface up only for the main netdev
ifname is checked for interface down event in commit
106fa1e97e ("nl80211: Indicate
interface-down event only for the main netdev"). Do the same for
interface up event to avoid unexpected notifications when the master
interface (e.g., a bridge interface) is set up while then WLAN interface
remains down.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-07-05 13:41:46 +03:00
Sathishkumar Muruganandam
c809756f9f nl80211: Allocate nl_sock for NETLINK_ROUTE when already_in_bridge
When we start hostapd having Hotspot 2.0 configuration with interface
already added to bridge interface, addition and deletion of new neighbor
to bridge ip neighbor table fails.

This is since 'bss->added_if_into_bridge' is not set which only allows
'drv->rtnl_sk' (nl_sock for NETLINK_ROUTE) allocation needed for bridge
ip neighbor table.

Add a new bit 'already_in_bridge' and set it when interface is already
added to bridge by some external component. Check this bit in addition
to 'bss->added_if_into_bridge' for 'drv->rtnl_sk' allocation done in
i802_init().

Now 'drv->rtnl_sk' is closed in wpa_driver_nl80211_deinit() regardless of
'bss->added_if_into_bridge' since when we have 'bss->already_in_bridge'
case too, this need to be removed.

brctl show

bridge name     bridge id               STP enabled     interfaces
br0             8000.8efdf006b050       no              ap

hostapd_cli raw STATUS-DRIVER

Selected interface 'ap'
ifindex=15
ifname=ap
brname=br0
addr=8e:fd:f0:06:b0:50
freq=5180
beacon_set=1
already_in_bridge=1
..

Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
2018-07-05 13:36:27 +03:00
Peng Xu
946e35eace nl80211: Skip vendor specific DFS offload if upstream mechanism is used
Since the generic DFS offload support flag is added as
NL80211_EXT_FEATURE_DFS_OFFLOAD, only use the vendor command to check
DFS capablity if the flag is not already set.

Signed-off-by: Peng Xu <pxu@codeaurora.org>
2018-07-05 13:18:28 +03:00
Jouni Malinen
c6f01fbf26 nl80211: Add more command/event names to debug prints
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-15 21:40:08 +03:00
Peng Xu
b915f2cdf2 nl80211: Handle NL80211_CMD_WIPHY_REG_CHANGE event
Handle NL80211_CMD_WIPHY_REG_CHANGE the same way as the
NL80211_CMD_REG_CHANGE event. The wiphy-specific event is generated by
the cfg80211 reg_process_self_managed_hints() function, e.g., when going
through regulatory_set_wiphy_regd_sync_rtnl(). Previously, such events
were ignored completely in hostapd/wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-07 00:05:39 +03:00
Mikael Kanstrup
8518326b22 Add some missing driver flags strings
New WPA_DRIVER_FLAGS have been added but corresponding lookup
strings for driver_flags command were never added. Add the
missing strings.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
2018-05-31 13:03:54 +03:00
Peter Oh
0928b62944 nl80211: Allow mesh interface to send channel switch request
Add mesh type to nl80211 channel switch request, so mesh is able to send
the request to kernel drivers.

Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
2018-05-31 12:16:03 +03:00
xiaofeis
0fe3ede0a4 macsec_qca: Fix byte order of TX SCI port
Before calling HW macsec driver API, be_to_host16() should be used to
reverse the SCI port byte order. This was broken as part of the mka API
changes.

Fixes: 8ebfc7c2ba ("mka: Pass full structures down to macsec drivers' transmit SC ops")
Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
2018-05-28 22:17:58 +03:00
Jouni Malinen
46053a4c93 wext: Avoid gcc warnings on restricted pointer aliasing
The first two parameters to readlink() are marked restricted and at
least gcc 8.2 warns about used the same pointer for then, so avoid this
by using separate buffers for the pathname and response buffer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-05-16 01:16:54 +03:00
Bhagavathi Perumal S
1952b626ba hostapd: Add ctrl iface indications for WDS STA interface
This allows user to get event indication when a new interface is
added/removed for 4addr WDS STA and also WDS STA ifname is informed
through the STA command.

Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-04-24 00:35:47 +03:00
Jouni Malinen
1baa130bd0 nl80211: Print NL80211_CMD_SET_POWER_SAVE errors in debug log
This makes it easier to understand what happened with PS configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-24 00:35:47 +03:00
Ahmad Masri
86c998d37a FT: Add FT auth algorithm to connect params when roaming
Add WPA FT auth to connect params in case of a re-connection to ESS
supporting FT when FT was used in the first connect.

Signed-off-by: Ahmad Masri <amasri@codeaurora.org>
2018-04-20 00:35:41 +03:00
Ben Greear
f875da0448 nl80211: Add MLME auth work-around for -EEXIST errno
The Linux 4.9 kernel, at least, can return EEXIST when trying to auth a
station that already exists.

We have seen this bug in multiple places, but it is difficult to
reproduce. Here is a link to someone else that appears to have hit this
issue: https://github.com/greearb/ath10k-ct/issues/18

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-04-15 21:58:53 +03:00
Beniamino Galvani
77a020a118 wpa_supplicant: Fix auth failure when the MAC is updated externally
When connecting to a WPA-EAP network and the MAC address is changed
just before the association (for example by NetworkManager, which sets
a random MAC during scans), the authentication sometimes fails in the
following way ('####' logs added by me):

wpa_supplicant logs:
 wlan0: WPA: RX message 1 of 4-Way Handshake from 02:00:00:00:01:00 (ver=1)
 RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 RSN: PMKID from Authenticator - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 wlan0: RSN: no matching PMKID found
 EAPOL: Successfully fetched key (len=32)
 WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]
 #### WPA: rsn_pmkid():
 #### WPA: aa              - hexdump(len=6): 02 00 00 00 01 00
 #### WPA: spa             - hexdump(len=6): 66 20 cf ab 8c dc
 #### WPA: PMK             - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
 #### WPA: computed PMKID  - hexdump(len=16): ea 73 67 b1 8e 5f 18 43 58 24 e8 1c 47 23 87 71
 RSN: Replace PMKSA entry for the current AP and any PMKSA cache entry that was based on the old PMK
 nl80211: Delete PMKID for 02:00:00:00:01:00
 wlan0: RSN: PMKSA cache entry free_cb: 02:00:00:00:01:00 reason=1
 RSN: Added PMKSA cache entry for 02:00:00:00:01:00 network_ctx=0x5630bf85a270
 nl80211: Add PMKID for 02:00:00:00:01:00
 wlan0: RSN: PMKID mismatch - authentication server may have derived different MSK?!

hostapd logs:
 WPA: PMK from EAPOL state machine (MSK len=64 PMK len=32)
 WPA: 02:00:00:00:00:00 WPA_PTK entering state PTKSTART
 wlan1: STA 02:00:00:00:00:00 WPA: sending 1/4 msg of 4-Way Handshake
 #### WPA: rsn_pmkid():
 #### WPA: aa              - hexdump(len=6): 02 00 00 00 01 00
 #### WPA: spa             - hexdump(len=6): 02 00 00 00 00 00
 #### WPA: PMK             - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
 #### WPA: computed PMKID  - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 WPA: Send EAPOL(version=1 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=22 keyidx=0 encr=0)

That's because wpa_supplicant computed the PMKID using the wrong (old)
MAC address used during the scan. wpa_supplicant updates own_addr when
the interface goes up, as the MAC can only change while the interface
is down. However, drivers don't report all interface state changes:
for example the nl80211 driver may ignore a down-up cycle if the down
message is processed later, when the interface is already up. In such
cases, wpa_supplicant (and in particular, the EAP state machine) would
continue to use the old MAC.

Add a new driver event that notifies of MAC address changes while the
interface is active.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2018-03-30 12:16:42 +03:00
Dmitry Lebed
c17915462a nl80211: Add DFS offload support using upstream nl80211 definitions
Add generic DFS offload support using the nl80211 feature that was
recently added to the mac80211-next tree. This uses the already
available DFS offload infrastructure that was previously used with
vendor specific definitions and just sets necessary flags (DFS_OFFLOAD
ext_feature) and forawrds CAC_STARTED event for processing.

Signed-off-by: Dmitry Lebed <lebed.dmitry@gmail.com>
2018-03-30 10:56:05 +03:00
Jouni Malinen
1841086adf Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2018-03-26.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-03-30 10:54:57 +03:00
Tamizh chelvam
e8ada1600f nl80211: Add support for STA opmode change events
The nl80211 driver can report STA_OPMODE notification event as soon as
it receives an HT/VHT Action frame about modification of station's SMPS
mode/bandwidth/RX NSS. Add support to parse such events.

Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
2018-03-19 19:57:25 +02:00
Bhagavathi Perumal S
72123a84cb hostapd: Add last_ack_rssi into ctrl iface cmd STA
This allows external application to get last ACK signal strength of the
last transmitted frame if the driver makes this information
(NL80211_STA_INFO_ACK_SIGNAL) available.

Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
2018-03-19 19:23:26 +02:00
Jouni Malinen
ebe61e564c Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2018-02-13.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-03-19 19:08:15 +02:00
Emmanuel Grumbach
299d21e8e2 nl80211: Use the new NL80211_MFP_OPTIONAL option
Now we can configure the network block so that it allows MFP setting for
the NL80211_CMD_CONNECT command. If the kernel finds an AP that requires
MFP, it'll be able to connect to it.

Note that since NL80211_MFP_OPTIONAL isn't supported for
NL80211_CMD_ASSOCIATE, we need to take the MFP configuration outside
nl80211_connect_common(). In addition, check that
NL80211_EXT_FEATURE_MFP_OPTIONAL is supported, to be backward compatible
with older kernels.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2018-02-17 18:50:28 +02:00
Avraham Stern
a8c45d47d3 nl80211: Handle port authorized event
Indicate that the connection is authorized when receiving a port
authorized event from the driver.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2018-02-17 18:44:08 +02:00
Avraham Stern
0a20bd7d91 driver: Add port authorized event
Add an event that indicates that the 4 way handshake was completed by
the driver.

This event is useful for networks that require 802.1X authentication.
The driver can use this event that a new connection is already
authorized (e.g. when the driver used PMKSA caching) and 802.1X
authentication is not required.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2018-02-17 18:39:41 +02:00
Avraham Stern
05fc7c68f6 nl80211: Add API to set the PMK to the driver
Add support for setting the PMK to the driver. This is used for
drivers that support 4-way handshake offload.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2018-02-17 18:36:16 +02:00
Eliad Peller
0ff08f9636 nl80211: Check 4-way handshake offload support
Set the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE flag if the driver indicates
both 4-way handshake PSK and 802.1X support. Currently wpa_supplicant
doesn't distinguish between 4-way handshake for 802.1X and PSK, but
nl80211 API has different capabilities for each one.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-02-17 18:31:05 +02:00
Eliad Peller
730c5a1d09 nl80211: Support passing PSK on connect
If the driver advertises WPA_DRIVER_FLAGS_4WAY_HANDSHAKE support, pass
the PSK on connect.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2018-02-17 18:31:05 +02:00
Jouni Malinen
0887215d94 nl80211: Do not try to add too large NL80211_ATTR_PMK for set/del PMKSA
The current cfg80211 limit for the maximum NL80211_ATTR_PMK length is
48, so anything larger than that will result in the operation completely
failing. Since the PMKSA entries can be used without the PMK for most
purposes (the main use case for PMK currently is offloaded FILS
authentication), try to go ahead by configuring only the PMKID for the
case where 64-octet PMK is needed (which is currently limited to only
DPP with NIST P-521 and brainpoolP512r1 curves). This can fix DPP
connections with drivers that expect to get the PMKID through this
interface while still leaving the actual 4-way handshake for user space.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-10 12:16:53 +02:00
Jouni Malinen
e7f6e6ee1b nl80211: Print NL80211_CMD_{SET,DEL}_PMKSA failures in debug log
This makes it easier to notice if the driver operation to manage PMKSA
cache information fails unexpectedly.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-10 12:10:07 +02:00
Sunil Dutt
40a68f3384 nl80211: Create a netlink socket handle for the Connect interface
This netlink socket handle owns the connect request and is further used
by the host driver/kernel to request for the external authentication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-02 19:02:44 +02:00
Sunil Dutt
ba71cb821a nl80211: Introduce the interface for external authentication
This command/event interface can be used by host drivers that do not
define separate commands for authentication and association but rely on
wpa_supplicant for the authentication (SAE) processing.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-02 18:51:04 +02:00
Jouni Malinen
99576f6f3c Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2018-01-31.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-02-02 18:34:14 +02:00
Ashok Ponnaiah
f811cc83b3 atheros: Send correct SSID length to the driver
Send the exact SSID length to the driver by removing the legacy +1
padding.

Signed-off-by: Ashok Ponnaiah <aponnaia@codeaurora.org>
2018-02-01 23:45:12 +02:00
Srinivas Dasari
e005725a69 nl80211: Add DPP and OWE AKM selectors to CONNECT/ASSOC request
This is needed to support drivers that use NL80211_ATTR_AKM_SUITES.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
2018-01-31 11:21:10 +02:00
vamsi krishna
d98038bb05 FILS: Driver configuration to disable/enable FILS features
The new disable_fils parameter can be used to disable FILS functionality
in the driver. This is currently removing the FILS Capability bit in
Extended Capabilities and providing a callback to the driver wrappers.
driver_nl80211.c implements this using a QCA vendor specific command for
now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-15 20:52:17 +02:00
Jouni Malinen
963d3149ab nl80211: Fix NL80211_MESHCONF_AUTO_OPEN_PLINKS encoding
This nl80211 attribute uses NLA_U8 policy in cfg80211 and wpa_supplicant
needs to use same size when writing the attribute.

This fixes mesh mode regression triggered by kernel commit "net:
netlink: Update attr validation to require exact length for some types"
in v4.15-rc1 that resulted in the following debug log entry when trying
to join a mesh:
nl80211: mesh join failed: ret=-22 (Invalid argument)

Fixes: 6c1664f605 ("nl80211: Add new commands to support mesh interfaces")
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-01 22:21:24 +02:00
Jouni Malinen
a2426829ce nl80211: Fix NL80211_ATTR_SMPS_MODE encoding
This nl80211 attribute uses NLA_U8 policy in cfg80211 and
hostapd/wpa_supplicant needs to use same size when writing the
attribute.

This fixes AP mode regression triggered by kernel commit "net: netlink:
Update attr validation to require exact length for some types" in
v4.15-rc1 that resulted in the following debug log entry when trying to
enable beaconing:
nl80211: Beacon set failed: -34 (Numerical result out of range)

Fixes: da1080d721 ("nl80211: Advertise and configure SMPS modes")
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-01 20:22:44 +02:00
Jouni Malinen
0e19300d5b nl80211: Use consistent "0x" prefix for the cookie values
One of the event message for TX status was missing 'x' from the "0x"
prefix. Add that to make the used format consistent for all cookie debug
print cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-30 12:42:58 +02:00
Sriram R
725a953aea nl80211: Filter global events based on wiphy
Avoid same interface processing nl80211 events when at least one of
IFIDX, WDEV, or WIPHY index attribute is available in the nl80211 event
message.

Previously, a same interface processes events when ifidx and wdev id
attribute were not available in the nl80211 message. This is extended to
check the presence of wiphy index attribute as well since some radar
notifications include only WIPHY index attrbute in the nl80211 message.

Signed-off-by: Sriram R <srirrama@qti.qualcomm.com>
2017-11-26 12:42:56 +02:00
Ashok Kumar Ponnaiah
41db74cf76 atheros: Process SAE authentication frames using EVENT_RX_MGMT
This adds support for SAE in AP mode with the atheros driver interface.
EVENT_RX_MGMT includes SAE processing while EVENT_AUTH would require
more changes to make this work.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-14 18:47:07 +02:00
Ashok Kumar Ponnaiah
3d9dd4b772 atheros: Generate EVENT_TX_STATUS events for management frames
This is needed for DPP functionality.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-14 18:44:05 +02:00
Vidyullatha Kanchanapally
693eafb150 nl80211: Update FILS roam info from vendor roam event
Add support to update PMK, PMKID, and ERP next sequence number
from FILS roamed info.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-17 16:26:44 +03:00
Vidyullatha Kanchanapally
3c67e977de nl80211: Add support to send updated connection parameters
After an initial connection certain connection parameters may be
updated. It may be necessary to send these parameters to drivers since
these will be used in driver-initiated roaming cases. This commit
defines the driver_ops call for this and implements the needed
functionality for the nl80211 driver interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-17 16:04:51 +03:00
Jouni Malinen
006fb845b8 nl80211: Use NL80211_BSS_LAST_SEEN_BOOTTIME if available
This allows a more accurate scan result age to be fetched than the one
available through NL80211_BSS_SEEN_MS_AGO.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-17 00:07:17 +03:00
Jouni Malinen
a0bf1b68c0 Remove all PeerKey functionality
This was originally added to allow the IEEE 802.11 protocol to be
tested, but there are no known fully functional implementations based on
this nor any known deployments of PeerKey functionality. Furthermore,
PeerKey design in the IEEE Std 802.11-2016 standard has already been
marked as obsolete for DLS and it is being considered for complete
removal in REVmd.

This implementation did not really work, so it could not have been used
in practice. For example, key configuration was using incorrect
algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in
mapping to an invalid WPA_ALG_* value for the actual driver operation.
As such, the derived key could not have been successfully set for the
link.

Since there are bugs in this implementation and there does not seem to
be any future for the PeerKey design with DLS (TDLS being the future for
DLS), the best approach is to simply delete all this code to simplify
the EAPOL-Key handling design and to get rid of any potential issues if
these code paths were accidentially reachable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
bhagavathi perumal s
3567641ebb Add TX/RX rate info and signal strength into STA output
These allow external programs to fetch the TX and RX rate information
and signal strength for a specific STA through the hostapd control
interface command "STA <addr>". The values of these attributes are
filled in the response of nl80211 command NL80211_CMD_GET_STATION.

Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-05 12:12:24 +03:00
Jouni Malinen
61a56c1480 Add group_mgmt network parameter for PMF cipher selection
The new wpa_supplicant network parameter group_mgmt can be used to
specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128,
BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not
specified, the current behavior is maintained (i.e., follow what the AP
advertises). The parameter can list multiple space separate ciphers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-26 17:40:02 +03:00
Michael Braun
73b3de01ce macsec_linux: Exit early when missing macsec kernel module
Using driver macsec_linux makes no sense without macsec kernel module
loaded.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2017-09-10 22:26:36 +03:00
Rohit Pratap Singh
fdbfb63e45 nl80211: Fix bridge name print while removing interface from bridge
Removing interface from bridge in_br
linux_br_del_if(drv->global->ioctl_sock, in_br, ifname)
but in case of failure, the error print is incorrect:
it should show error for "in_br" instead of the wrong bridge name
"brname".

Signed-off-by: Rohit Pratap Singh <rohit.s@samsung.com>
Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
2017-09-10 22:11:08 +03:00
Jouni Malinen
359166ed24 Remove the completely unused FT parameters in driver association data
It looks like these parameters related to FT have never been used, so
remove them from causing confusion. The separate update_ft_ies()
callback is used to provide the FT elements.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-06 21:20:13 +03:00
Jouni Malinen
64a0a75b5b nl80211: Fix auth_alg selection with FILS in the connect command
NL80211_ATTR_AUTH_TYPE needs to be skipped if multiple auth_alg options
are included. The previous list missed the new FILS auth_alg here and
ended up not doing so if OPEN and FILS were included.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-08-24 23:30:20 +03:00
Ashwini Patil
fb718f94d6 nl80211: Check if driver supports OCE specific features
Check if device supports OCE STA/STA-CFON/AP specific mandatory
features. This commit includes checking based on the QCA vendor
attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-14 21:13:22 +03:00
Vidyullatha Kanchanapally
fe3e0bac1f FILS: Advertize FILS capability based on driver capability
Add changes to control interface command get_capability to advertize
FILS capability, FILS AKMs suites, and FILS Authentication algorithms
based on the driver capabilities.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-07 13:39:05 +03:00
Ashwini Patil
b04854ceff nl80211/MBO: Set temporary disallowed BSSID list to driver
Set temporary disallowed BSSID list to the driver so that the driver
doesn't try to connect to any of the blacklisted BSSIDs during
driver-based roaming operation. This commit includes support only for
the nl80211 driver interface using a QCA vendor command for this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-30 17:27:44 +03:00
Vidyullatha Kanchanapally
b6ea764252 nl80211: Make KCK attribute optional in rekey data
New AKM suites like FILS-SHA256 do not use KCK and hence KCK length can
be zero. Add changes to include KCK attribute in rekey data only if the
length is non-zero.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-23 18:58:24 +03:00
Jouni Malinen
567da5bbd0 DPP: Add new AKM
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
00b02149ed nl80211: Register to receive DPP Public Action frames
These are needed for DPP exchanges. In addition, register GAS frames for
DPP builds.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-17 18:04:54 +03:00
Jouni Malinen
5e0c20ff3e nl80211: Do not notify interface as re-enabled if initialization fails
wpa_supplicant tries to reinitialize an interface when a previously
removed netdev is restored (e.g., re-insert a USB dongle). If that
initialization fails (e.g., driver ejects ifconfig UP), the previous
implementation resulted in leaving the interface in incomplete state
while still claiming to upper layers that the interface status has
changed back to functional one.

Fix this by skipping the interface status update if reinitialization
fails. In other words, remain in INTERFACE_DISABLED state if the
interface cannot be re-enabled successfully.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-06 03:07:43 +03:00
Beniamino Galvani
290834df69 nl80211: Fix race condition in detecting MAC change
Commit 3e0272ca00 ('nl80211: Re-read MAC
address on RTM_NEWLINK') added the detection of external changes to MAC
address when the interface is brought up.

If the interface state is changed quickly enough, wpa_supplicant may
receive the netlink message for the !IFF_UP event when the interface
has already been brought up and would ignore the next netlink IFF_UP
message, missing the MAC change.

Fix this by also reloading the MAC address when a !IFF_UP event is
received with the interface up, because this implies that the
interface went down and up again, possibly changing the address.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2017-05-13 20:01:44 +03:00
Vasanthakumar Thiagarajan
aa56e36d66 driver: Make DFS domain information available to core
Current DFS domain information of the driver can be used in ap/dfs
to comply with DFS domain specific requirements like uniform spreading
for ETSI domain.

Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
2017-05-13 20:01:44 +03:00
Masashi Honma
31a856a127 mesh: Make NL80211_MESHCONF_RSSI_THRESHOLD configurable
In some practical cases, it is useful to suppress joining to node in the
distance. The new field mesh_rssi_threshold could be used as RSSI
threshold for joining.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-05-08 16:23:02 +03:00
Vamsi Krishna
178553b709 MBO: Add support to set ignore assoc disallow to driver
Add support to set ignore assoc disallow to the driver so that the
driver ignores assoc disallowed bit set by APs while connecting. This is
used by drivers that handle BSS selection and roaming internally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-05-05 00:26:05 +03:00
Jouni Malinen
d912953e37 atheros: Get rid of static analyzer warnings on 0-length memcpy
These functions can potentially be called with ie == NULL and ie_len ==
0. Check explitcitly for the ie == NULL case to avoid confusing
memcpy(dst, NULL, 0) calls.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-05-01 22:08:16 +03:00
Jeffin Mammen
f46c154c59 atheros: Add FILS AAD parameters in sta_auth() handler
This is needed to allow the driver SME to perform the needed AES-SIV
operations during FILS association.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-23 17:47:15 +03:00
Jeffin Mammen
6b128fb2af driver: Move sta_auth() arguments to a struct
This makes it easier to add more parameters without having to change the
callback function prototype.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-23 17:47:12 +03:00
Jeffin Mammen
d7cff1d871 atheros: Enable raw management frame receive for FILS builds
This is needed to be able to process authentication and association
frames for FILS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-21 19:37:32 +03:00
Jeffin Mammen
2b7a8ec473 atheros: Read driver FILS capability
This will be used to determine what type of operations to use for STA
authentication and association.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-21 19:37:27 +03:00
Vidyullatha Kanchanapally
061a3d3d53 nl80211: Add support for FILS Cache Identifier in add/remove_pmkid()
This is needed for configuring PMKSA cache entries to the driver with
the FILS Cache Identifier and SSID.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 17:03:37 +03:00
Vidyullatha Kanchanapally
6fbb54140b driver: Move add_pmkid() and remove_pmkid() arguments into a struct
This makes it easier to add more arguments to these wpa_driver_ops
functions.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 17:03:35 +03:00
Vidyullatha Kanchanapally
ad295f3b85 nl80211: Add support for FILS shared key offload
Add support for FILS shared key offload for drivers which advertize
FILS shared key support using NL80211_CMD_CONNECT.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 16:21:55 +03:00
Jouni Malinen
4696773676 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2017-03-31.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-31 13:14:20 +03:00
Davide Caratti
5db86df6a8 macsec_linux: Fix NULL pointer dereference on error cases
In case wpa_supplicant is using driver_macsec_linux, but macsec module
is not (yet) loaded in the kernel, nl_socket_alloc() fails and drv->sk
is NULL. In this case, don't call libnl functions rntl_link_add() or
rtnl_link_change() using such NULL pointer, to prevent program from
getting segmentation faults like:

 Program received signal SIGSEGV, Segmentation fault.
 nl_socket_get_local_port (sk=sk@entry=0x0) at socket.c:365
 365             if (sk->s_local.nl_pid == 0) {
 (gdb) p sk
 $1 = (const struct nl_sock *) 0x0
 (gdb) bt
 #0  nl_socket_get_local_port (sk=sk@entry=0x0) at socket.c:365
 #1  0x00007ffff79c56a0 in nl_complete_msg (sk=sk@entry=0x0,
  msg=msg@entry=0x55555595a1f0) at nl.c:491
 #2  0x00007ffff79c56d1 in nl_send_auto (sk=sk@entry=0x0,
  msg=msg@entry=0x55555595a1f0) at nl.c:522
 #3  0x00007ffff79c652f in nl_send_sync (sk=sk@entry=0x0,
  msg=0x55555595a1f0) at nl.c:556
 #4  0x00007ffff755faf5 in rtnl_link_add (sk=0x0,
  link=link@entry=0x55555595b0f0, flags=flags@entry=1024) at route/link.c:1548
 #5  0x000055555567a298 in macsec_drv_create_transmit_sc (priv=0x55555593b130,
  sc=0x55555593b320, conf_offset=<optimized out>) at ../src/drivers/driver_macsec_linux.c:998

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2017-03-26 21:13:21 +03:00
Jouni Malinen
cad291d671 FILS: Define authentication algorithm for FILS SK auth with PFS
This is needed to add PFS support into hostapd and wpa_supplicant FILS
shared key authentication.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 22:39:38 +02:00
Jouni Malinen
f9561868ec OWE: Add driver capability flag for OWE AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 19:24:11 +02:00
Vasanthakumar Thiagarajan
62c8c7f721 nl80211: Handle pre-CAC expired event from the driver
Process the new nl80211 event NL80211_RADAR_PRE_CAC_EXPIRED to allow the
driver to notify expiry of the CAC result on a channel.

Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
2017-03-09 17:01:36 +02:00
Jouni Malinen
caaaee072b Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2017-03-06.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-09 16:59:42 +02:00
Purushottam Kushwaha
d0330d57f3 nl80211: Add option to delay start of schedule scan plans
The userspace may want to delay the the first scheduled scan.
This enhances sched_scan to add initial delay (in seconds) before
starting first scan cycle. The driver may optionally choose to
ignore this parameter and start immediately (or at any other time).

This uses NL80211_ATTR_SCHED_SCAN_DELAY to add this via user
global configurable option: sched_scan_start_delay.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-09 15:44:26 +02:00
Johannes Berg
a1f11e34c4 Use os_memdup()
This leads to cleaner code overall, and also reduces the size
of the hostapd and wpa_supplicant binaries (in hwsim test build
on x86_64) by about 2.5 and 3.5KiB respectively.

The mechanical conversions all over the code were done with
the following spatch:

    @@
    expression SIZE, SRC;
    expression a;
    @@
    -a = os_malloc(SIZE);
    +a = os_memdup(SRC, SIZE);
    <...
    if (!a) {...}
    ...>
    -os_memcpy(a, SRC, SIZE);

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-07 13:19:10 +02:00
Kanchanapally, Vidyullatha
3ab484928a nl80211: Driver command for checking BTM accept/reject
Add driver interface command using the QCA vendor extensions to check
the driverr whether to accept or reject a BSS transition candidate. For
the reject case, report an MBO reject reason code.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-07 00:20:29 +02:00
Purushottam Kushwaha
3f23260da8 nl80211: Notify reason for connection timeout failure
This adds reason for timeout in event CTRL-EVENT-ASSOC-REJECT whenever
connection failure happens because of timeout. This extends the
"timeout" parameter in the event to include the reason, if available:
timeout=scan, timeout=auth, timeout=assoc.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-20 10:47:08 +02:00
Peng Xu
ca1ab9db2a hostapd: Get vendor HE capabilities
Allow hostapd query device HE capabilities via vendor command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-19 17:39:33 +02:00
Peng Xu
94380cb40a hostapd: Initial IEEE 802.11ax (HE) definitions
Add IEEE 802.11ax definitions for config, IEEE structures, and
constants. These are still subject to change in the IEEE process.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-19 17:37:52 +02:00
vamsi krishna
20c846d9ee nl80211: sched_scan relative RSSI parameters
Add driver interface support to set sched_scan relative RSSI parameters
and to indicate driver support for this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-10 19:48:12 +02:00
Vamsi Krishna
8331c9b316 nl80211: Add support for mgmt_tx with random TA
This adds support for specifying a random TA for management frame
transmission commands and driver capability flags for indicating whether
this is supported in not-connected and connected states.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 19:35:34 +02:00
Jouni Malinen
14fa723a9c Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2017-01-13.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-07 18:55:35 +02:00
Dedy Lansky
89fa633afb nl80211: Fix error while enabling AP mode with driver-SME
Following commit a70cd0db87 ('Don't
register for Beacon frames for IEEE 802.11ad AP'),
nl80211_get_wiphy_data_ap() is unconditionally called when starting AP.
This function tries to register for Beacon frames RX which fails for
some driver which don't support such registration and do not need it in
case the driver implements AP mode SME functionality.

Fix this by conditionally calling nl80211_get_wiphy_data_ap() like prior
to commit a70cd0db87.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2017-02-05 20:48:23 +02:00
Sunil Dutt
f593b6c11d nl80211: Do not reset vendor_scan_cookie after scan timeout
If vendor_scan_cookie is set to 0 after the scan_abort due to the scan
timeout ends in a cookie mismatch when processing the following
QCA_NL80211_VENDOR_SUBCMD_SCAN_DONE indication. This ends up considering
the scan results as being for an external scan and thus the current
ongoing scan is not removed from the radio_work. Hence, do not reset
this vendor_scan_cookie after the scan abort so that the scan completion
event gets processed properly and vendor_scan_cookie gets cleared at
that point.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-30 01:54:30 +02:00
Masashi Honma
7813b7c34d nl80211: Fix a memory leak on deinit with HT enabled mesh
Commit a70cd0db87 ('nl80211: Don't
register for Beacon frames for IEEE 802.11ad AP') could cause a trailing
memory leak on IEEE 802.11n enabled mesh. This commit fixes the issue.

-----------------
ELOOP: remaining socket: sock=12 eloop_data=0xba8260 user_data=0xbb3d90 handler=0x4aeb90
WPA_TRACE: eloop unregistered socket handler: 0x4aeb90
     nl80211_recv_beacons() ../src/drivers/driver_nl80211.c:625
WPA_TRACE: eloop sock - START
[0]: ./hostap/wpa_supplicant/wpa_supplicant() [0x431f2a]
     eloop_sock_table_add_sock() ../src/utils/eloop.c:360
[1]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4b0e49]
     nl80211_register_eloop_read() ../src/drivers/driver_nl80211.c:153
[2]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4bacf0]
     dl_list_add() src/utils/list.h:30
     nl80211_get_wiphy_data_ap() ../src/drivers/driver_nl80211.c:728
     wpa_driver_nl80211_set_ap() ../src/drivers/driver_nl80211.c:3786
[3]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacon+0x150) [0x469700]
     ieee802_11_set_beacon() ../src/ap/beacon.c:1349
[4]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacons+0x45) [0x469805]
     ieee802_11_set_beacons() ../src/ap/beacon.c:1368
[5]: ./hostap/wpa_supplicant/wpa_supplicant() [0x437559]
     mesh_mpm_add_peer() mesh_mpm.c:688
[6]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_new_mesh_peer+0x42) [0x439182]
     wpa_mesh_new_mesh_peer() mesh_mpm.c:737
[7]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_notify_peer+0x80) [0x436460]
     wpa_mesh_notify_peer() mesh.c:347
[8]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_event+0xc7a) [0x4a69ba]
     wpa_supplicant_event() events.c:4312
[9]: ./hostap/wpa_supplicant/wpa_supplicant(process_global_event+0xaf0) [0x4c2d40]
     nl80211_new_peer_candidate() ../src/drivers/driver_nl80211_event.c:1247
     do_process_drv_event() ../src/drivers/driver_nl80211_event.c:2322
     process_global_event() ../src/drivers/driver_nl80211_event.c:2360
[10]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs_report+0x3dc) [0x7f937176873c]
[11]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs+0x9) [0x7f9371768ba9]
[12]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4aeb58]
     wpa_driver_nl80211_event_receive() ../src/drivers/driver_nl80211.c:1457
[13]: ./hostap/wpa_supplicant/wpa_supplicant() [0x43242e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:598
[14]: ./hostap/wpa_supplicant/wpa_supplicant(eloop_run+0x22e) [0x432e0e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:589
     eloop_run() ../src/utils/eloop.c:1219
[15]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_run+0x77) [0x49e327]
     wpa_supplicant_run() wpa_supplicant.c:5608
WPA_TRACE: eloop sock - END
MEMLEAK[0xba81b0]: len 72
WPA_TRACE: memleak - START
[0]: ./hostap/wpa_supplicant/wpa_supplicant(os_malloc+0x57) [0x430d67]
     os_malloc() ../src/utils/os_unix.c:690
[1]: ./hostap/wpa_supplicant/wpa_supplicant(os_zalloc+0xe) [0x430fce]
     os_zalloc() ../src/utils/os_unix.c:749
[2]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4babaa]
     nl80211_get_wiphy_data_ap() ../src/drivers/driver_nl80211.c:692
     wpa_driver_nl80211_set_ap() ../src/drivers/driver_nl80211.c:3786
[3]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacon+0x150) [0x469700]
     ieee802_11_set_beacon() ../src/ap/beacon.c:1349
[4]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacons+0x45) [0x469805]
     ieee802_11_set_beacons() ../src/ap/beacon.c:1368
[5]: ./hostap/wpa_supplicant/wpa_supplicant() [0x437559]
     mesh_mpm_add_peer() mesh_mpm.c:688
[6]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_new_mesh_peer+0x42) [0x439182]
     wpa_mesh_new_mesh_peer() mesh_mpm.c:737
[7]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_notify_peer+0x80) [0x436460]
     wpa_mesh_notify_peer() mesh.c:347
[8]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_event+0xc7a) [0x4a69ba]
     wpa_supplicant_event() events.c:4312
[9]: ./hostap/wpa_supplicant/wpa_supplicant(process_global_event+0xaf0) [0x4c2d40]
     nl80211_new_peer_candidate() ../src/drivers/driver_nl80211_event.c:1247
     do_process_drv_event() ../src/drivers/driver_nl80211_event.c:2322
     process_global_event() ../src/drivers/driver_nl80211_event.c:2360
[10]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs_report+0x3dc) [0x7f937176873c]
[11]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs+0x9) [0x7f9371768ba9]
[12]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4aeb58]
     wpa_driver_nl80211_event_receive() ../src/drivers/driver_nl80211.c:1457
[13]: ./hostap/wpa_supplicant/wpa_supplicant() [0x43242e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:598
[14]: ./hostap/wpa_supplicant/wpa_supplicant(eloop_run+0x22e) [0x432e0e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:589
     eloop_run() ../src/utils/eloop.c:1219
[15]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_run+0x77) [0x49e327]
     wpa_supplicant_run() wpa_supplicant.c:5608
WPA_TRACE: memleak - END
MEMLEAK: total 72 bytes
-----------------

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-01-29 17:55:10 +02:00
Jouni Malinen
a042e39acf nl80211: Use RSN_CIPHER_SUITE_* instead of WLAN_CIPHER_SUITE_*
This is a step towards getting rid of the unnecessary duplication of
definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 14:04:44 +02:00
Jouni Malinen
3aa24db953 nl80211: Use RSN_AUTH_KEY_MGMT_* instead of WLAN_AKM_SUITE_*
This is a step towards getting rid of the unnecessary duplication of
definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 12:27:48 +02:00
Slava Monich
6ff92677a1 wext: Cancel send_rfkill timeout in deinit
Signed-off-by: Slava Monich <slava.monich@jolla.com>
2017-01-14 00:07:45 +02:00
Dedy Lansky
a70cd0db87 nl80211: Don't register for Beacon frames for IEEE 802.11ad AP
Beacon frames are not supported in IEEE 802.11ad network (DMG-beacons
used instead). To allow hostapd to manage IEEE 802.11ad AP with
device_ap_sme disabled, skip nl80211_register_beacons() for IEEE
802.11ad AP.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2017-01-13 15:58:01 +02:00
Jouni Malinen
c85dfc6f84 nl80211: Set NL80211_ATTR_IFACE_SOCKET_OWNER for connect and associate
This allows kernel to force disconnection if something kills the
wpa_supplicant process in a manner that does not allow proper cleanup to
be performed. The association is not supposed to be allowed to continue
after process has ended since there are number of operations that
wpa_supplicant may need to do during the association.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-13 15:05:26 +02:00
Jouni Malinen
d07f450da9 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2017-01-06.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-13 15:05:26 +02:00
Jouni Malinen
b2442f2568 nl80211: Debug prints for TDLS_OPER command and result
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-08 17:12:24 +02:00
Jouni Malinen
688556722c nl80211: More complete processing of connection quality monitor events
This adds processing of beacon loss events and generation of an internal
EVENT_BEACON_LOSS event based on them for wpa_supplicant processing. In
addition, number of consecutively lost (not acknowledged) packets is now
reported and TXE events are noted in the debug log.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-08 12:11:14 +02:00
Jouni Malinen
e4ec6bbfd8 nl80211: Register for Link Measurement Report frames in AP mode
This is needed to be able to get the response to a link measurement
request.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-07 18:46:10 +02:00
Dedy Lansky
05e5e615e6 AP: Skip authentication/deauthentication phase for DMG/IEEE 802.11ad
Authentication and Deauthentication frames are not used in DMG/IEEE
802.11ad networks. For DMG/IEEE 802.11ad the following was implemented:
Upon receiving association request, allocate the sta object and
initialize it as if authentication took place. Upon receiving
disassociation, deallocate the sta object.
ap_sta_disassociate/ap_sta_deauthenticate/ap_sta_disconnect all use
disassociation instead of deauthentication. In driver_nl80211,
i802_sta_deauth() is routed to i802_sta_disassoc().

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2017-01-05 17:28:23 +02:00
Andrei Otcheretianski
517b5f928f nl80211: Zero num_modes if nl80211_get_hw_feature_data() fails
It was possible that nl80211_get_hw_feature_data() function would return
NULL when num_modes is not set to zero. This might result in a later crash
when accessing hw.modes. This may be reproduced with hwsim oom tests, for
example, dbus_connect_oom.
Fix that by zeroing num_modes if NULL is returned.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2017-01-05 16:22:53 +02:00
Kanchanapally, Vidyullatha
39c5da3284 nl80211: Use correct attribute for scan flags in vendor scan
This fixes the netlink attribute identifier for the scan flags when
using QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-05 15:49:15 +02:00
Avraham Stern
96a5f14ee4 nl80211: Add support for additional scan parameters for beacon report
Add support for:
 1. Setting scan dwell time
 2. Parsing scan start TSF and beacon received TSF reported
    by the driver
 3. Setting driver capabilities for the above

These capabilities are needed for Beacon Report radio measurement.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-01-03 15:18:29 +02:00
Avraham Stern
c16b9f8d33 driver: Add scan support to beacon report
Add the following parameters to scan request:
 1. Dwell time on each channel.
 2. Whether the specified dwell time is mandatory.

In addition, add to scan results info the time that the scan actually
started, and to each scan result the time the beacon/probe was received,
both in terms of TSF of the BSS that the interface that requested the
scan is connected to (if available).

Add flags to indicate whether the driver supports dwell time
configuration and scan information reporting.

This scan configuration and information is required to support beacon
report radio measurement.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-01-03 15:18:29 +02:00
Jouni Malinen
95de34a10a Remove trailing whitespace
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 14:31:42 +02:00
Sunil Dutt
62cd9d7926 nl80211: Specify the BSSID in the QCA vendor scan
This allows the vendor scan to be optimized when a response is needed
only from a single, known BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-11 21:36:16 +02:00
Ningyuan Wang
ed0a4ddc22 nl80211: Update drv->ssid on connect/associate event based on BSS data
On a connect nl80211 event, wpa_supplicant uses
wpa_driver_nl80211_get_ssid() to fetch the current associated SSID to
compare to existing configurations. However,
wpa_driver_nl80211_get_ssid() uses drv->ssid, which is a cached value.
It is set when we explicitly initial a connect request using
wpa_supplicant. If the association was initiated outside of
wpa_supplicant, we need another way to populate drv->ssid. This commit
sets drv->ssid based on cfg80211 BSS information on connect/associate
nl80211 events.

Signed-off-by: Ningyuan Wang <nywang@google.com>
2016-12-05 12:08:46 +02:00
Jouni Malinen
9f346fadc8 nl80211: Fix scan_state update in no pending scan state
Commit adcd7c4b0b ('nl80211: Support
vendor scan together with normal scan') made the drv->scan_state updates
for NL80211_CMD_NEW_SCAN_RESULTS and NL80211_CMD_SCAN_ABORTED
conditional on drv->last_scan_cmd being NL80211_CMD_TRIGGER_SCAN. This
missed the part about the possibility of last_scan_cmd == 0 and an
externally started cfg80211 scan is ending. This could leave
drv->scan_state into SCAN_STARTED state even after the scan was
completed. Consequently, hwsim test cases could get stuck in reset()
handler waiting for scan to terminate.

Fix this by updating drv->scan_state also in drv->last_scan_cmd == 0
case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-05 11:48:26 +02:00
Michael Braun
34f7c699a6 Add multicast to unicast support
This adds support for nl80211 NL80211_CMD_SET_MULTICAST_TO_UNICAST
command.

By setting the new hostapd configuration option multicast_to_unicast=1,
hostapd configures this AP to perform multicast to unicast conversion.

When enabled, all multicast packets with ethertype ARP, IPv4, or IPv6
(possibly within an 802.1Q header) will be sent out to each station once
with the destination (multicast) MAC address replaced by the station's
MAC address. Note that this may break certain expectations of the
receiver, e.g., the ability to drop unicast IP packets encapsulated in
multicast L2 frames, or the ability to not send destination unreachable
messages in such cases.

This also does not implement Directed Multicast Service (DMS).

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-12-04 21:00:06 +02:00
Jouni Malinen
5f2c0a22a9 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2016-12-02.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-04 20:50:07 +02:00
Jouni Malinen
a1fce3911f nl80211: Optimize memory use in nl80211_get_assoc_freq()
Do not use the generic bss_info_handler() design to fetch all scan
results into temporary memory buffer. Instead, use a separate BSS info
handler that fetches the requested information without fully parsing the
BSS entries and without allocating any memory for collecting all the
results.

This is also simplifying bss_info_handler() and nl80211_parse_bss_info()
design by getting rid of the special case that was used only for
nl80211_get_assoc_freq() and not normal scan result fetching.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 22:37:41 +02:00
Jouni Malinen
da2c284169 nl80211: Reduce nl80211_dump_scan() memory need
Instead of fetching all scan results to a temporary buffer, debug print
scan result dump directly from the message handler function one BSS at a
time.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 22:14:04 +02:00
Jouni Malinen
b72a01bc5a nl80211: Split bss_info_handler() into a separate parser function
This allows a single scan result to be parsed at a time. This is a step
towards optimizing scan result fetching without having to allocate
memory for all entries at the same time.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 19:36:24 +02:00
Jouni Malinen
cfadab269f nl80211: Move duplicate scan result removal to bss.c
The way the removal of duplicated (one per frequency) BSS entries in the
cfg80211 scan results were removed in driver_nl80211_scan.c
bss_info_handler() depended on having the full scan results available to
allow iteration through the other entries. This is problematic for the
goal of being able to optimize memory allocations for scan result
fetching in a manner that would not build the full result buffer in
memory.

Move this duplicate removal into bss.c since it has sufficient
information available for doing the same determination of which one of
two BSS entries is more current.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 19:26:47 +02:00
Jouni Malinen
2a1cf26ecf nl80211: Add more debug details to duplicate scan entry removal
This makes it easier to understand which cfg80211 entry got removed as
obsolete duplicate.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 18:59:32 +02:00
Jouni Malinen
865081c307 privsep: Support frequency list for scan requests
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 18:27:16 +02:00
Jouni Malinen
da818ee5e9 privsep: Support multiple scan SSIDs
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 18:17:28 +02:00
Jouni Malinen
d3c43e5855 privsep: Fix scan result fetching with Beacon frame IEs
wpa_priv did not yet support Beacon frame IEs (res->beacon_ie_len) which
resulted in invalid scan data being accepted in driver_privsep.c. Add
support for res->beacon_ie_len and also fix the validation step to take
this new variable length field into account.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 18:02:49 +02:00
Jouni Malinen
c8fef7869d nl80211: Split nl80211_check_bss_status() into a separate function
This allows a single scan result to be checked at a time. This is a step
towards optimizing scan result fetching without having to allocate
memory for all entries at the same time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-02 20:54:49 +02:00
Jouni Malinen
e35e137298 nl80211: Separate channel noise fetch from scan result processing
This untangles the NL80211_CMD_GET_SURVEY handler loop from
NL80211_CMD_GET_SCAN processing so that the per-channel noise
information can be fetched with a common function to a local data
structure that can then be easily used to update individual scan results
(a single BSS) instead of having to go through a full set of scan
results. This is a step towards optimizing scan result fetching without
having to allocate memory for all entries at the same time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-02 20:48:43 +02:00
Jouni Malinen
8c0ed37b64 wired: Mark some common helper functions static
These are used only within driver_wired_common.c now at the end of the
refactoring changes, so there is no need to make these helper functions
available outside driver_wired_common.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-11-30 20:08:39 +02:00