Commit graph

1734 commits

Author SHA1 Message Date
Arend van Spriel
cb28bd52e1 nl80211: Use separate flag for 4-way handshake offload
Commit d896874f86 ("nl80211: Indicate 802.1X 4-way handshake offload
in connect") used the req_key_mgmt_offload flag to indicate to the
driver that it should offload the 802.1X handshake. However, this field
was existing and used for a different offload API. This causes
wpa_supplicant to send a connect request without the WANT_1X_HS flag and
the subsequent set-pmk is rejected causing the connection to fail. Fix
that by introducing a new flag req_handshake_offload so the offloads are
no longer entangled.

Fixes: d896874f86 ("nl80211: Indicate 802.1X 4-way handshake offload in connect")
Reported-by: Stefan Wahren <wahrenst@gmx.net>
Tested-by: Stefan Wahren <wahrenst@gmx.net>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-08-01 15:52:48 +03:00
Brian Norris
3b726df827 nl80211: Missing sysctl flags aren't fatal
The relevant flags were only added in Linux 4.6, so we shouldn't
complain because they're missing. Also, they're always missing if a
device is being removed (e.g., 'iw dev wlan0 del', or if the device is
in the process of resetting itself). So kill those 2 birds with 1 stone:
if we can't find the file, just silently skip it.

Also, we probably should *actually* propagate the error if we had a
write failure.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2019-07-30 20:01:13 +03:00
Sunil Dutt
968520da8f nl80211: Add WMM parameters while updating TDLS peer entry
The AP mode fix for removing NL80211_ATTR_STA_WME from
NL80211_CMD_SET_STATION did not consider the TDLS case and that resulted
in incorrectly removing WMM parameters from TDLS STA entry updates. Fix
this by considering the WPA_STA_TDLS_PEER flag similarly to the other
update parameters.

Fixes: 6d14b98fc6 ("nl80211: Do not add WMM parameters when updating an existing STA entry")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-07-26 15:42:22 +03:00
Sven Eckelmann
3459c54ac7 mesh: Add support for HE mode
Mesh points can partially support HE features (when requiring no
controlling STA/AP) as long as hardware supports it. The kernel just
requires support for HE mesh and wpa_supplicant can forward the peer
capabilities to the kernel for further processing.

Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-06-23 18:03:51 +03:00
Sven Eckelmann
29d8bd1dec nl80211: Add driver multi iftype HE capability parsing
The HE capabilities are no longer per PHY but per iftype on this
specific PHY. It is therefore no longer enough to just parse the AP
capabilities.

The he_capabilities are now duplicated to store all information for
IEEE80211_MODE_* which hostap cares about. The nl80211 driver fills in
this information when the iftype supports HE. The rest of the code still
only uses the IEEE80211_HE_AP portion but can be extended later to also
use other HE capabilities.

Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
2019-06-23 18:03:51 +03:00
Liangwei Dong
d1836e2308 nl80211: Introduce the interface to update new DH IE
This command/event interface can be used by SME based host drivers that
rely on user space (hostapd/wpa_supplicant) for DH IE
processing/generation. This interface facilitates the OWE connection
with host drivers by offloading DH IE processing to the user space
(hostapd/wpa_supplicant).

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
Signed-off-by: Liangwei Dong <liangwei@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-14 23:10:51 +03:00
Jouni Malinen
b09670abfb macsec_linux: Hook QCA driver wrapper for hostapd MACsec
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-03 20:27:44 +03:00
leiwei
3e21a47eab macsec_qca: Hook QCA driver wrapper for hostapd MACsec
Signed-off-by: leiwei <leiwei@codeaurora.org>
2019-06-03 20:27:44 +03:00
Ashok Kumar
2552a3735a SAE: Fix external_auth status in driver-SME STA case with AP SME support
A driver that uses internal AP SME may need to be able to use the
external_auth status operation in station mode, so do not skip this
solely based on drv->device_ap_sme; instead, use that condition only
when operating in AP mode.

Fix external_auth status in non SME case.

Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
2019-05-31 16:52:15 +03:00
Haim Dreyfuss
636c02c6e9 nl80211: Add regulatory wmm_limit to hostapd_channel_data
ETSI EN 301 893 v2.1.1 (2017-05) standard defines a new channel access
mechanism that all devices (WLAN and LAA) need to comply with.
In previous versions the device was allowed by ETSI to implement
802.11 channel access mechanism based on a set of priority classes
which are taken from 802.11. According of the new standard there
might be some exceptions which require ETSI countries to follow
more restrictive rules. In such a case the AP's wmm IE need to
comply with ETSI limitation. To be able to do so the regulatory
domain passes the new limitation values if needed.
Implement this, by storing it and use it to calculate the new
WMM parameters.

This commit adds determination of regulator limitations to
NL80211_CMD_GET_WIPHY processing so that the information is available
for upper layer implementation to use later when constructing WMM
element.

Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
2019-05-28 18:54:05 +03:00
Pradeep Kumar Chitrapu
c36109e4d9 nl80211: Add support to probe specific mesh link by injecting frames
Add support for injecting frames to a given mesh peer, bypassing the
mpath table lookup using PROBE_MESH_LINK command. This helps to send
data frames over unexercised direct mesh path, which is not selected as
next_hop node. This can be helpful in measuring link metrics.

Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2019-05-28 14:32:23 +03:00
Jouni Malinen
4087957814 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2019-04-26.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-28 14:31:29 +03:00
Johannes Berg
b6f8b5a964 nl80211: Update freq only when CSA completes
In the case of the ap_csa_disable test, I frequently see
failures due to the kernel *not* having switched, but the
CSA-STARTED event having been processed, and thus the
frequency having been updated already.

This is wrong at least for AP mode, the frequency we store
for this case internally in nl80211 should only be updated
when the channel switch completes, otherwise we end up in
a situation where the switch is aborted and the kernel is
thus on the old channel, but the internal information has
been updated and every subsequent mgmt-frame TX fails due
to being tagged with the wrong channel.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-05-28 13:48:21 +03:00
John Crispin
ad9a1bfe78 nl80211: Share VHT channel configuration for HE
Set operating channel bandwidth and center frequencies using the same
attributes for VHT and HE.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 17:03:39 +03:00
John Crispin
0dbc894f46 HE: Fix HE Capabilities indication from driver
The PPE Thresholds information in the end of the HE Capabilities element
is optional and of variable length. struct he_ppe_threshold was not
really used correctly for encoding this, so remove it and just reserve
enough space for the information.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:30:23 +03:00
John Crispin
59d9c3a145 nl80211: Allow HE Capability to be set for a STA
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-05-27 16:27:41 +03:00
Jouni Malinen
7d43c7b2d6 nl80211: Write event name in debug log for ignored events
This makes it easier to understand debug logs from systems that have
multiple interfaces.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-05-25 21:37:23 +03:00
Toke Høiland-Jørgensen
6720b9482f nl80211: Station airtime weight configuration
This provides a mechanism for configuring per-STA airtime weight for
airtime policy configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-05-02 13:28:17 +03:00
Toke Høiland-Jørgensen
58d4c23615 nl80211: Fetch STA TX/RX duration statistics
This makes per-STA TX/RX duration statistics available for airtime policy
configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-04-30 12:34:58 +03:00
Toke Høiland-Jørgensen
1d6f63854e nl80211: Fetch STA TXQ backlog statistics
This makes per-STA TXQ backlog statistics available for airtime policy
configuration.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-04-30 12:34:58 +03:00
Jouni Malinen
099224c18e nl80211: Simplify if_indices tracking
Maintain a single array (of struct with two int variables) instead of
two independent arrays (of int) for tracking know ifindexes and reasons
for having added them. The previous implementation tried to maintain two
independent arrays even though they were always required to be of
exactly same length and order. That had resulted in a bug earlier and
the code was not exactly easy to understand either, so replace this with
a single array.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 21:05:54 +03:00
Jouni Malinen
e6ca2f1139 nl80211: Fix handling of if_indices reallocation failure
Addition of a separate if_indices_reason array broke reallocation
failure checking. drv->if_indices or drv->if_indices_reason could not be
NULL in the place where this check was moved to. Fix that by maintaining
knowledge of reallocation failure in a separate local variable.

Fixes: 732b1d20ec ("nl80211: Clean up ifidx properly if interface in a bridge is removed")
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-28 20:52:10 +03:00
John Crispin
5b3940d0c2 nl80211: Add driver HE capabilities parsing support
Add code to parse NL80211_BAND_ATTR_IFTYPE_DATA when reading the band
info. This is needed to find out about the local HE capabilities in AP
mode.

Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
2019-04-25 11:43:59 +03:00
Jouni Malinen
1b90aae929 nl80211: Remove QCA vendor specific HE capability handling
The QCA_NL80211_VENDOR_SUBCMD_GET_HE_CAPABILITIES attributes are not
up-to-date with the latest P802.11ax/D4.0 capabilities and would need to
be updated or replaced. Since the variables from this functionality were
not used for anything in practice, it is easier to simply remove this
functionality completely to avoid issues with upcoming updates to use
upstream nl80211 information to determine HE capabilities.

This is practically reverting the commit ca1ab9db2a ("hostapd: Get
vendor HE capabilities").

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-25 11:43:59 +03:00
Omer Dagan
95f556f3c7 Make channel switch started event available over control interface
This makes it easier to upper layer components to manage operating
channels in cases where the same radio is shared for both station and AP
mode virtual interfaces.

Signed-off-by: Omer Dagan <omer.dagan@tandemg.com>
2019-04-22 22:08:07 +03:00
Jouni Malinen
4be17ffbd9 Replace int status/reason_code with u16 variable
These cases are for the IEEE 802.11 Status Code and Reason Code and
those fields are unsigned 16 bit values, so use the more appropriate
type consistently. This is mainly to document the uses and to make the
source code easier to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-22 22:08:07 +03:00
Jouni Malinen
c8931afe24 nl80211: Check nla_put_flag() failure for ext auth
All nla_put*() operations should be verified to succeed, so check this
recently added one for NL80211_ATTR_EXTERNAL_AUTH_SUPPORT.

Fixes: 236e793e7b ("nl80211: External authentication in driver-based AP SME mode")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-18 21:55:39 +03:00
Ilan Peer
323a51cc01 nl80211: Handle NL80211_CMD_PROBE_CLIENT command response
When processing the NL80211_CMD_PROBE_CLIENT command response, the
nl80211 layer in the kernel sends a response containing the cookie
associated with the client probe request. This response was not handled
by driver_nl80211.c when sending the command, and it was mistakenly
handled as an asynchronous event. This incorrect event did not include
the MAC/ACK attributes, so it was ignored in practice, but nevertheless,
the command response should not be processed as an event.

Fix this by reading the response as part of the sending the command
flow.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2019-04-16 01:53:18 +03:00
Jouni Malinen
28f19a3ae5 nl80211: More detailed PROBE_CLIENT debug print
Include the MAC address of the peer, knowledge of whether the poll was
ACKed, and cookie into the debug message to make this more useful.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-16 01:52:34 +03:00
Jouni Malinen
c5fff8bbd2 nl80211: Update assoc_freq and bss->freq based on real association info
Move event.assoc_info.freq selection to be after the
nl80211_get_assoc_ssid() call so that the current cfg80211 information
on the operating channel can be used should anything unexpected have
happened between the association request and completion of association.
Furthermore, update bss->freq based on assoc_freq to make that
information a bit more useful for station mode. It was already updated
after channel switches during association, but not at the beginning of
association.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 12:40:45 +03:00
Jouni Malinen
091c227714 nl80211: Clear bss->freq on station mode disconnection
This fixes some issues where bss->freq could have been used to replace
the current operating channel when sending out a management frame.
bss->freq has not been consistently used to track the current operating
channel in station mode, so it should not be trusted for this type of
uses. Clearing it makes this a bit more robust by at least avoiding the
cases of information from past association being used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-04-14 12:33:37 +03:00
Ryo ONODERA
8f36c84a27 bsd: Fix a typo in error message
When SIOCG80211 failed, show error message with SIOCG80211
instead of SIOCS80211.

Signed-off-by: Ryo ONODERA <ryo@tetera.org>
2019-04-13 11:26:25 +03:00
Jouni Malinen
dd1a8cef4c Remove unnecessary copying of SSID and BSSID for external_auth
The external authentication command and event does not need to copy the
BSSID/SSID values into struct external_auth since those values are used
before returning from the call. Simplify this by using const u8 * to
external data instead of the array with a copy of the external data.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-12 20:43:26 +03:00
Srinivas Dasari
236e793e7b nl80211: External authentication in driver-based AP SME mode
This extends driver interface to nl80211 by introducing the following
changes,
1. Register for Authenication frames in driver-based AP SME mode.
2. Advertise NL80211_ATTR_EXTERNAL_AUTH_SUPPORT in set_ap when
   offloaded SAE authentication is supported.
3. Extend the NL80211_CMD_EXTERNAL_AUTH interface to also send PMKID
   so that the drivers can respond to the PMKSA cached connection
   attempts from the stations avoiding the need to contact user space
   for all PMKID-based connections.
4. Send external auth status to driver only if it is a driver based
   SME solution.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
2019-04-12 20:29:56 +03:00
Ankita Bajaj
005585d602 nl80211: Add SAE, FT-SAE, FT-EAP-SHA384 AKMs in connect request
This is needed for full MAC drivers that use NL80211_CMD_CONNECT
for issuing connect request.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-05 21:02:37 +03:00
Jouni Malinen
6d14b98fc6 nl80211: Do not add WMM parameters when updating an existing STA entry
In the case of the driver not supporting full AP mode STA state (i.e.,
not adding a STA entry before association), the QoS parameters are not
allowed to be modified when going through (re)association exchange for a
STA entry that has not been removed from the kernel. cfg80211 would
reject such command to update STA flags, so do not add the WMM parameter
in this case.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-27 03:14:02 +02:00
vamsi krishna
4efade3157 nl80211: Clear keys from heap memory before freeing it for get_seqnum
NL80211_CMD_GET_KEY response may return the actual key in addition to
the last used sequence number that we need. That might result in a key
being left in unused heap memory after the buffer is freed.

Explicitly clear the message payload with the possibly included key
material from heap memory before returning from the handler function
(and having libnl free the nlmsg) when key information is obtained from
the driver using the NL80211_CMD_GET_KEY command.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 14:54:18 +02:00
vamsi krishna
c6ec9759c5 nl80211: Exclude PMK when sending NL80211_CMD_DEL_PMKSA explicitly
Add a check in nl80211 driver layer to not include PMK while sending
NL80211_CMD_DEL_PMKSA explicitly. Though it is taken care already in
supplicant layer by setting the pmk_len to zero, it would be good
to have a check in nl80211 layer in order to avoid future accidental
inclusions of keying material in commands that do not need them.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-13 13:22:40 +02:00
Jouni Malinen
bf0021ede3 Allow fragmentation/RTS threshold to be disabled explicitly
hostapd configuration parameters fragm_threshold and rts_threshold were
documented to disable the threshold with value -1 and not change driver
configuration if the parameter is not included. However, -1 was mapped
into not changing the driver value, so the explicit disabling part did
not work.

Replace the default values for these to be -2 so that explicitly set
configuration value -1 can be distinguished from the case of not
including the parameter. Map the -1 value to a driver request to disable
the threshold. Ignore any error from this operation just in case to
avoid breaking functionality should some drivers not accept the (u32) -1
value as a threshold value request to disable the mechanism.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-12 17:15:08 +02:00
Jouni Malinen
56a33496fe Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2019-01-25.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-12 00:23:45 +02:00
Jouni Malinen
ca9efe113c roboswitch: Check some read operation results
This gets rid of some static analyzer warnings about uninitialized
variables being used in comparisons or write operations.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-09 18:56:48 +02:00
Jouni Malinen
5ac13f6d00 atheros: Avoid clang compiler warning on address of array check
ie.wps_ie is an array, so there is no point in checking whether it is
NULL.

driver_atheros.c:1221:9: error: address of array 'ie.wps_ie' will
      always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-25 19:48:49 +02:00
Jouni Malinen
5d68c0acd2 nl80211: (Re)Association Request frame IEs from association event
Process NL80211_ATTR_REQ_IE from the NL80211_CMD_ASSOCIATE event to
allow request IEs to be made available for the SME-in-wpa_supplicant
case similarly to how this is done with SME-in-driver with
NL80211_CMD_CONNECT.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-15 02:09:41 +02:00
Jouni Malinen
21cd8f8319 nl80211: Use wpa_ssid_txt() for debug messages more consistently
Print the SSID with printf escaping instead of wpa_hexdump_ascii()
format to clean up the debug log a bit. This was already done for number
of SSID debug prints.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
6110753b18 nl80211: Clear PMKID add command message buffer
This command has now been extended to include PMK for offload needs, so
the message buffer needs to be cleared explicitly after use to avoid
leaving such material in heap memory unnecessarily.

Fixes: 061a3d3d53 ("nl80211: Add support for FILS Cache Identifier in add/remove_pmkid()")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
0fa33e05b4 nl80211: Clear connect command message buffer
This command can include keys (WEP or PSK for offload), so the message
buffer needs to be cleared explicitly after use to avoid leaving such
material in heap memory unnecessarily.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
b14e8ea1d2 nl80211: Request kernel to trim off payload of netlink requests from acks
We do not need such payload in the acknowledgment, so adding it uses
resources unnecessarily. Furthermore, the original request can include
key material (e.g., NL80211_ATTR_PMK). libnl does not explicitly clear
this received message buffer and it would be inconvenient for
wpa_supplicant/hostapd to try to clear it with the current libnl design
where a duplicated buffer is actually passed to the callback. This means
that keys might be left unnecessarily in heap memory. Avoid this by
requesting the kernel not to copy back the request payload.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-05 23:34:30 +02:00
Jouni Malinen
6bcbda4082 drivers: Set CONFIG_LIBNL32=y automatically based on pkg-config
If the libnl version is not specified explicitly with CONFIG_LIBNL*, try
to check for the most likely case today with pkg-config.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-08 13:31:55 +02:00
Andrey Kartashev
41b747522e drivers: Move libnl related build flags to separate ifdef block
Fix compilation issue if we want to build wpa_supplicant without any
wireless connectivity but only with MACSec support via Linux kernel
driver.

Signed-off-by: Andrey Kartashev <a.s.kartashev@gmail.com>
2019-01-08 13:24:22 +02:00
Arend van Spriel
d896874f86 nl80211: Indicate 802.1X 4-way handshake offload in connect
Upon issuing a connect request we need to indicate that we want the
driver to offload the 802.1X 4-way handshake for us. Indicate it if
the driver capability supports the offload.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-01-08 01:12:02 +02:00
Arend van Spriel
436ee2fd93 drivers: Add separate driver flags for 802.1X and PSK 4-way HS offloads
Allow drivers to indicate support for offloading 4-way handshake for
either IEEE 802.1X (WPA2-Enterprise; EAP) and/or WPA/WPA2-PSK
(WPA2-Personal) by splitting the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE flag
into two separate flags.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
2019-01-08 01:12:02 +02:00
Jouni Malinen
89d79150ac Avoid forward references to enum types in ieee802_11_common.h
These are not allowed in ISO C++ (and well, not really in ISO C either,
but that does not result in compiler warning without pedantic
compilation).

Since ieee802_11_common.h may end up getting pulled into C++ code for
some external interfaces, it is more convenient to keep it free of these
cases. Pull in ieee802_11_defs.h to get enum phy_type defined and move
enum chan_width to common/defs.h (which was already pulled in into
src/drivers/driver.h and src/common/ieee802_11_common.h).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-01-07 17:26:40 +02:00
Dmitry Lebed
4299ad826d nl80211: Add supported bandwidth parsing
Add NL80211_FREQUENCY_ATTR_NO_* channel attributes parsing. This is
needed for correct checking if channel is available in a particular
bandwidth.

Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
2019-01-06 11:35:31 +02:00
Sergey Matyukevich
fb60dbdcec vlan: Use new bridge ioctl()
Legacy ioctl() through SIOCDEVPRIVATE are deprecated. Follow the
approach taken by bridge-utils and make use of new bridge ioctl's
whenever possible.

For example, using legacy ioctl() breaks dynamic VLAN mode on 32-bit
Linux systems running 64-bit kernels.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2019-01-02 00:23:43 +02:00
Jouni Malinen
b2f1e5458b hostap: Silence compiler warnings about IFNAMSIZ buffers
Report interface name truncation and reject such cases in Host AP driver
initialization of the AP interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-01 19:38:58 +02:00
Jouni Malinen
d8dda601f0 nl80211: Debug print channel list
This makes it a bit easier to figure out how channel list update from
the kernel is taken into use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-01 15:51:10 +02:00
Jouni Malinen
fea49f8f93 nl82011: Make wiphy-specific country (alpha2) available in STATUS-DRIVER
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-31 16:41:24 +02:00
Jouni Malinen
02d53ac351 nl80211: Debug print details from the beacon hint events
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-31 16:29:16 +02:00
Jouni Malinen
f9052d6ea5 nl80211: Note interface-removal-from-bridge errors in debug log
One of the linux_br_del_if() calls did not log nl80211-specific entry.
Make this more consistent with the other cases even though
linux_br_add_if() function itself is logging an error in the ioctl()
failure case (but not in the interface not found case).

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-31 01:05:23 +02:00
Mike Siedzik
2fc0675683 mka: Fix lowest acceptable Packet Number (LPN) calculation and use
The purpose of the Lowest Acceptable PN (lpn) parameters in the MACsec
SAK Use parameter set is to enforce delay protection. Per IEEE Std
802.1X-2010, Clause 9, "Each SecY uses MKA to communicate the lowest PN
used for transmission with the SAK within the last two seconds, allowing
receivers to bound transmission delays."

When encoding the SAK Use parameter set the KaY should set llpn and olpn
to the lowest PN transmitted by the latest SAK and oldest SAK (if
active) within the last two seconds. Because MKPDUs are transmitted
every 2 seconds (MKA_HELLO_TIME), the solution implemented here
calculates lpn based on the txsc->next_pn read during the previous MKPDU
transmit.

Upon receiving and decoding a SAK Use parameter set with delay
protection enabled, the KaY will update the SecY's lpn if the delay
protect lpn is greater than the SecY's current lpn (which is a product
of last PN received and replay protection and window size).

Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
2018-12-26 16:42:25 +02:00
Jouni Malinen
91ad2f441a macsec_linux: Add driver status information
wpa_supplicant STATUS-DRIVER control interface command can now be used
to fetch the macsec_linux driver status information like parent
interface name.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-25 00:54:51 +02:00
Jouni Malinen
d0dde0808d driver: Fix a typo in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-25 00:54:51 +02:00
Jouni Malinen
7c6acc757b macsec_linux: More detailed debug logs for driver interaction
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-24 21:12:18 +02:00
Jouni Malinen
e422a819d0 Check snprintf result to avoid compiler warnings
These do not really get truncated in practice, but it looks like some
newer compilers warn about the prints, so silence those by checking the
result and do something a bit more useful if the output would actually
get truncated.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-24 11:09:22 +02:00
Veerendranath Jakkam
8ec7c99ee4 nl80211: Fetch supported AKM list from the driver
Try to fetch the list of supported AKM suite selectors from the driver
through the vendor interface
QCA_NL80211_VENDOR_SUBCMD_GET_SUPPORTED_AKMS. If that command is
available and succeeds, use the returned list to populate the
wpa_driver_capa key_mgmt information instead of assuming all
cfg80211-based drivers support all AKMs. If the driver does not support
this command, the previous behavior is maintained.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-21 21:49:02 +02:00
Johannes Berg
5b82cdbe8b nl80211: Add support for starting FTM responder
Add support for starting FTM responder when in AP mode. This just sends
the appropriate NEW/SET_BEACON command to the driver with the LCI/civic
location data.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-12-21 11:22:35 +02:00
Andrei Otcheretianski
4cb618cf2d driver: Add FTM responder configuration APIs
Add configuration options to enable FTM responder and configure LCI and
civic parameters. In addition, introduce WPA_DRIVER_FLAGS_FTM_RESPONDER
flag, which can be used to indicate FTM responder support in AP mode.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-12-21 11:18:00 +02:00
Jouni Malinen
6a24adee9c Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2018-12-15.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-21 11:12:39 +02:00
Venkateswara Naralasetty
5abc7823bd wpa_supplicant: Add Multi-AP backhaul STA support
Advertise vendor specific Multi-AP IE in (Re)Association Request frames
and process Multi-AP IE from (Re)Association Response frames if the user
enables Multi-AP fuctionality. If the (Re)Association Response frame
does not contain the Multi-AP IE, disassociate.

This adds a new configuration parameter 'multi_ap_backhaul_sta' to
enable/disable Multi-AP functionality.

Enable 4-address mode after association (if the Association Response
frame contains the Multi-AP IE). Also enable the bridge in that case.
This is necessary because wpa_supplicant only enables the bridge in
wpa_drv_if_add(), which only gets called when an interface is added
through the control interface, not when it is configured from the
command line.

Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-12-20 12:10:31 +02:00
Mathy Vanhoef
f9da7505bf OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.

On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.

Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.

As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:42:23 +02:00
Mathy Vanhoef
d706e0d7a3 Add functions to convert channel bandwidth to an integer
This adds two utility functions to convert both operating classes and
and the chan_width enum to an integer representing the channel
bandwidth. This can then be used to compare bandwidth parameters in an
uniform manner.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Mathy Vanhoef
7f00dc6e15 Add driver API to get current channel parameters
This adds driver API functions to get the current operating channel
parameters. This encompasses the center frequency, channel bandwidth,
frequency segment 1 index (for 80+80 channels), and so on.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Jouni Malinen
bd51246924 nl80211: Debug print TX queue parameter values and result
Some mac80211_hwsim test cases have failed with mysterious sequence
where mac80211 has claimed the parameters are invalid ("wlan3: invalid
CW_min/CW_max: 9484/40"). Those values look strange since they are not
from hostapd configuration or default values.. hostapd is seeing TX
queue parameter set failing for queues 0, 1, and 3 (but not 2) for these
cases. Add debug prints to hostapd to get more details on what exactly
is happening if such error cases can be reproduced.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 19:50:59 +02:00
Jouni Malinen
3d1d469195 Fix indentation level
This gets rid of smatch warnings about inconsistent indenting.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:19 +02:00
Jouni Malinen
b3f99d45d5 macsec_linux: Make create_transmit_sc() handler use matching arguments
The currently unused conf_offset parameter used a mismatching type (enum
vs. unsigned int) compared to the prototype.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:01 +02:00
Jouni Malinen
b82fcf06f2 macsec_linux: Use NULL to clear a pointer
Avoid a sparse warning from use of a plain integer.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 17:32:35 +02:00
Jouni Malinen
ff7f339cff macsec_qca: Mark macsec_qca_set_transmit_next_pn() static
This function is not used outside this C file. Mark it static to avoid a
warning from sparse.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 17:32:09 +02:00
Cedric Izoard
10d32e2c8d nl80211: Use netlink connect socket for disconnect (ext auth)
When external authentication is used, a specific netlink socket is used
to send the connect command. If the same socket is not used for
disconnect command, cfg80211 will discard the command. This constraint
was added into the kernel in commit bad292973363 ("nl80211: Reject
disconnect commands except from conn_owner"). That requires an update
for the hostap.git commit 40a68f3384 ("nl80211: Create a netlink
socket handle for the Connect interface").

Add a new flag into struct i802_bss to indicate if the special
nl_connect socket was used for the connect command. When sending
disconnect command this flag is tested to select the correct socket.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2018-11-26 19:24:31 +02:00
Emmanuel Grumbach
941807f6b6 drivers: Document struct wpa_signal_info
Add documentation to the wpa_signal_info structure.
Add a define for an invalid noise value.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
2018-11-26 00:57:50 +02:00
Johannes Berg
babdd8d0d9 nl80211: Use correct u8 size for NL80211_ATTR_SMPS_MODE
Back in December 2017, Jouni fixed the output side since that was
causing a kernel message to be printed, but the input side should
also be fixed, otherwise it will not work correctly on big-endian
platforms.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2018-11-22 15:53:30 +02:00
Jouni Malinen
d514b50265 WNM: Collocated Interference Reporting
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.

For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".

For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".

This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-30 14:07:51 +02:00
Peng Xu
224eddb03b nl80211: Read reg-domain information from a specific wiphy
If driver supports self-managed regulatory domain, read reg-domain
information for that specific wiphy interface instead the global
information which may be different which such drivers. This fixes issues
where a regulatory update with a self-managed regulatory domain driver
ended up building incorrect list of supported channels for upper layer
hostapd/wpa_supplicant operations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-24 18:36:34 +03:00
Peng Xu
8aa4d5521c nl80211: Add support for self-managed regulatory device
Add a flag indicating if the device has the self-managed regulatory
support. Set the flag if NL80211_ATTR_WIPHY_SELF_MANAGED_REG attribute
is set when reading wiphy info.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-24 18:34:31 +03:00
Andrei Otcheretianski
d577f7f3d5 nl80211: Warn about interface name truncations
This is something useful to know and also eliminates format truncation
warnings.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2018-10-16 12:53:15 +03:00
Johannes Berg
40432e6eb3 nl80211: Implement netlink extended ACK support
Implement netlink extended ACK support to print out the error
message (if any).

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2018-10-14 20:20:11 +03:00
Roee Zamir
d6801b0545 nl80211: Support OCE features (driver capability and scan params)
Check if the device supports specific mandatory features and set the the
relevant WPA_DRIVER_FLAGS_OCE_STA flag. Send the relevant scan
parameters for OCE scans.

Signed-off-by: Roee Zamir <roee.zamir@intel.com>
2018-09-02 17:59:01 +03:00
Roee Zamir
938dd97a84 driver: Add OCE scan parameters
Add a flag to scan parameters that enables OCE scan features. If this
flag is set the device should enable the following features as defined
in the Optimized Connectivity Experience Technical Specification v1.0:
- Overwrite FILS request Max Channel Time with actual value (clause 3.8)
- Send Probe Request frame in high rate (at least 5.5 Mbps) (clause 3.12)
- Probe Request frame Transmission Deferral and Suppression (clause 3.5)
- Accept broadcast Probe Response frame (clause 3.6)

Signed-off-by: Roee Zamir <roee.zamir@intel.com>
2018-09-02 17:53:32 +03:00
Jouni Malinen
830eacf9d0 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2018-08-29.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-09-02 17:45:27 +03:00
Jouni Malinen
57151ae984 atheros: Fix atheros_send_mgmt() dependency on CONFIG_FILS
This fixes a CONFIG_FILS=y build without CONFIG_IEEE80211W=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-09-02 12:42:28 +03:00
Hu Wang
b898b65582 nl80211: Do not ignore disconnect event in case of !drv->associated
Commit 3f53c006c7 ('nl80211: Ignore
disconnect event in case of locally generated request') made
wpa_supplicant ignore the next received disconnect event for cases where
wpa_supplicant itself requested a disconnection. This can result in
ignoring a disconnection notification in some cases.

Considering a P2P Client receiving disconnect event from the kernel
after a P2P group is started, drv->ignore_next_local_disconnect is
cleared to 0, then wpa_driver_nl80211_disconnect() will be called during
the removal of the group, in which drv->ignore_next_local_disconnect is
set to 1 by mistake.

Do not allow ignore_next_local_{disconnect,deauth} to be set to 1 if the
driver is not in associated state (drv->associated is 0) to avoid this
type of cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-31 12:01:33 +03:00
xiaofeis
b3f24b06e3 mka: Fix confidentiality offset issue in macsec_qca driver interface
Confidentiality offset from MKA should be configured to the
driver/hardware when creating SA.

Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
2018-08-24 16:27:34 +03:00
xiaofeis
bed30e8d3b mka: Fix sci port mask issue in macsec_qca driver interface
Need to use full 8-bit mask here when swapping byte order.

Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
2018-08-24 16:27:34 +03:00
Bhagavathi Perumal S
8bfbb295df nl80211: Fix sending of WDS STA event to the correct BSS context
The WDS-STA-INTERFACE-ADDED/WDS-STA-INTERFACE-REMOVED events were always
sent to the first BSS instead of the specific BSS that the STA was
connected to in multi-BSS cases. Fix this by using the BSS specific
context pointer.

Fixes: 1952b626ba ("hostapd: Add ctrl iface indications for WDS STA interface")
Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-08-24 16:27:34 +03:00
xiaofeis
1ff8605775 mka: Support GCM-AES-256
GCM-AES-256 cipher suite is defined in IEEE Std 802.1AEbn-2011.

If authenticator configured as GCM-AES-256, the distributed SAK will be
256 bits indicated by the GCM-AES-256 ID in the MKA packet.

This patch will make AES Key Unwrap to 32 bytes of SAK when identify the
ID.

Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
2018-08-21 19:28:20 +03:00
Hu Wang
8a9950f7b6 nl80211: Indicate interface up only for the main netdev
ifname is checked for interface down event in commit
106fa1e97e ("nl80211: Indicate
interface-down event only for the main netdev"). Do the same for
interface up event to avoid unexpected notifications when the master
interface (e.g., a bridge interface) is set up while then WLAN interface
remains down.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-07-05 13:41:46 +03:00
Sathishkumar Muruganandam
c809756f9f nl80211: Allocate nl_sock for NETLINK_ROUTE when already_in_bridge
When we start hostapd having Hotspot 2.0 configuration with interface
already added to bridge interface, addition and deletion of new neighbor
to bridge ip neighbor table fails.

This is since 'bss->added_if_into_bridge' is not set which only allows
'drv->rtnl_sk' (nl_sock for NETLINK_ROUTE) allocation needed for bridge
ip neighbor table.

Add a new bit 'already_in_bridge' and set it when interface is already
added to bridge by some external component. Check this bit in addition
to 'bss->added_if_into_bridge' for 'drv->rtnl_sk' allocation done in
i802_init().

Now 'drv->rtnl_sk' is closed in wpa_driver_nl80211_deinit() regardless of
'bss->added_if_into_bridge' since when we have 'bss->already_in_bridge'
case too, this need to be removed.

brctl show

bridge name     bridge id               STP enabled     interfaces
br0             8000.8efdf006b050       no              ap

hostapd_cli raw STATUS-DRIVER

Selected interface 'ap'
ifindex=15
ifname=ap
brname=br0
addr=8e:fd:f0:06:b0:50
freq=5180
beacon_set=1
already_in_bridge=1
..

Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
2018-07-05 13:36:27 +03:00
Peng Xu
946e35eace nl80211: Skip vendor specific DFS offload if upstream mechanism is used
Since the generic DFS offload support flag is added as
NL80211_EXT_FEATURE_DFS_OFFLOAD, only use the vendor command to check
DFS capablity if the flag is not already set.

Signed-off-by: Peng Xu <pxu@codeaurora.org>
2018-07-05 13:18:28 +03:00
Jouni Malinen
c6f01fbf26 nl80211: Add more command/event names to debug prints
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-15 21:40:08 +03:00
Peng Xu
b915f2cdf2 nl80211: Handle NL80211_CMD_WIPHY_REG_CHANGE event
Handle NL80211_CMD_WIPHY_REG_CHANGE the same way as the
NL80211_CMD_REG_CHANGE event. The wiphy-specific event is generated by
the cfg80211 reg_process_self_managed_hints() function, e.g., when going
through regulatory_set_wiphy_regd_sync_rtnl(). Previously, such events
were ignored completely in hostapd/wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-07 00:05:39 +03:00
Mikael Kanstrup
8518326b22 Add some missing driver flags strings
New WPA_DRIVER_FLAGS have been added but corresponding lookup
strings for driver_flags command were never added. Add the
missing strings.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
2018-05-31 13:03:54 +03:00