According to IEEE P802.11be/D4.0, 35.3.4.2, the AP MLD ID must be
included in the Probe Request ML element in case it is sent to a
transmitted BSS in which case it should be set to 0. If it is sent to an
non-transmitted BSSID, the AP MLD ID should not be included.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
IEEE P802.11be/D4.0, 9.4.2.312.2.3 states that the AP MLD ID should only
be included in some ML probe responses. Beacon frames shouldn't include
AP MLD ID.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This responds by simply embedding most of the IEs from the other links
into the ML element. This is not correct really, as inheritance rules
should be applied and an inheritance element may need to be added.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add a simple for_each_mld_link helper that sets first variable to the
hapd data for every link. It takes the interfaces and MLD ID as
arguments and two extra integers as scratch variables (for the interface
and bss offsets).
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
This adds the parsing of ML probe requests. Handling will be added by a
later commit.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
To support ML probe request we will need to include IEs from the other
hapd instances in the response. Split the function to allow just
generating the per-instance IEs separately.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This effectively moves setting the csa/ecsa/cca position to happen
only when a Probe Response template for offloading is generated.
One could probably avoid the global variable altogether, as the
value is immediately consumed into struct {csa,cca}_settings.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
If for some reason association fails and a link which has an error is
reported, add that specific link to the ignore list. After that,
immediately retrigger the connection code. In the usual case, we are
then going to reconnect to the same AP MLD but with that particular link
not being included in the connection.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
If a link specific error occured, mark the offending link within the
association parameters.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The kernel may report the link that caused an error by setting
NLMSGERR_ATTR_OFFS pointing to the NL80211_ATTR_MLO_LINKS element
that was the reason for the error.
Parse this information if the optional struct nl80211_err_info is
passed to send_and_recv_msgs().
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This avoids, e.g., trying to use a BSS that is rejected by mac80211 as a
link, which could fail the connection as a whole.
Note that this is not perfect. Ideally, the internal state would have a
more context sensitive ignore flag so that one could still use a BSS as
a link in some situation.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When the TX link rejects the association, return a status code for all
requested links. For simplicity, just return "TX link not accepted" so
that clients may try to connect to other links. This could be improved
to explicitly reject each link if directly associating to the link will
not work either.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Parse the link status values out of Multi-Link association response. If
the AP rejects ML association and marks the links as failed with a
reason code other than TX_LINK_NOT_ACCEPTED, also report these links to
wpas_connection_failed() and ignore them.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add the new status code that had not yet been defined.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add support for testing ML link removal to hostapd. While such support
should inherently be integrated with the underlining driver, simulate
the inclusion of the ML reconfiguration element in hostapd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Parsing multiple RNR elements already exists in
wpa_bss_parse_basic_ml_element(), so wpas_ml_element() just duplicates
the same code. Combine the functionality of both these functions and
remove the duplicate.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add band preference, BSSID preference, and single link enforcement
testing options. This is needed for testing MLO.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The current set of global configuration fields is getting close to the
previously used 15000 byte limit, so increase this size to 16000 and add
a note about the potential need to change this size when adding new
fields.
Signed-off-by: Jouni Malinen <j@w1.fi>
Three functions were provided for defragmentation. First
ieee802_11_defrag(), ieee802_11_defrag_mle() and then
ieee802_11_defrag_data() which would do the actual job. With
ieee802_11_defrag() picking the member in the elements struct for an
EID. The problem with this is, that for the Multi-Link element, there
are multiple entries in the elems struct depending on its type. As such,
remove the intermediate function and simply pass the correct members
directly.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This Presence Bitmap field is B4..B15 of the Multi-Link Control field
and the value used here is for that full 16-bit field, not just within
the Presence Bitmap field.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This workaround from commit 6d6f4bb87f ("nl80211: Work around mac80211
limitation on (re)auth when authenticated") pre-dates the code that
supresses the deauth or disconnect event from nl80211. Should this code
be called it would not actually work at this point, as important
internal state for the authentication attempt has already been lost.
Simply drop the code. This might also fix issues where we could get
into a bad state if a proper deauth/disconnect event happens while we
are authenticating or associating.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
With nl80211 we need to supress the kernel generated event for any
disconnect and deauthenticate. This code is a bit fragile, as it
assumes that an event will happen. Commit b898b65582 ("nl80211: Do
not ignore disconnect event in case of !drv->associated") changed this
to only disconnect when the driver knows it is associated (apparently
required for P2P), however, deauthentication may also occur without
being associated yet.
Looking at the issue, what we are really interested in is whether the
event belongs to a disconnect/deauth command that we have send
ourselves. Any event happening after the disconnect/deauth completes
should not be suppressed (or after the next connect/auth as that would
be sufficient). We therefore need to know from the event stream
whether events were generated before or after disconnect/deauth
command completion.
To do so, send a simple command on the nl_event socket. As this will
be returned back to us in the correct order with regard to the events.
We can therefore use it to safely reset our internal
ignore_next_local_{deauth,disconnect} variables.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
With more channels now available in some regulatory domains, some scan
operations can take longer. Give them more time to complete in tests.
For two cases this required adding a timeout parameter to connect(),
which is then passed through.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This is needed to avoid NULL pointer deferencing in
wpa_supplicant_ctrl_iface_msg_cb() if any of the functions called from
wpas_bssid_ignore_module_tests_() ends up using wpa_msg().
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Handling of port authorized event for STA currently handles the
connected BSSID. This needs additional handling to support the AP MLD
address in case of MLO connection. The connected_addr expected by
cfg80211_port_authorized() is mld_addr for ML connection case.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
Enable support for ACS in the IEEE 802.11be/320 MHz case. To do so we
just:
- add channel definitions for the 320 MHz blocks of the 6 GHz band
- handle CONF_OPER_CHWIDTH_320MHZ in the different cases
- restrict 320 MHz to ieee80211be=1 only
Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
Fix for the HE Channel Center Freq Seg0/Seg1 within the HE 6GHz
Operation Information field. As downgrade of bandwidths for VHT and HE
when using puncturing is TODO for 320 MHz and/or if puncturing is
disabled and bandwidth is 320 MHz, the same rules as for 160 MHz should
be applied for Channel Center Freq Seg0/Seg1 within 6 GHz Operation
Information field.
Signed-off-by: Jurijs Soloveckis <jsoloveckis@maxlinear.com>
Include EHT Operation Information field only if the operating bandwidth
is 320 MHz or there is at least one punctured 20 MHz subchannel. This
behavior is defined in IEEE P802.11be/D4.0, 35.15.1 (Basic EHT BSS
operation).
Signed-off-by: Jurijs Soloveckis <jsoloveckis@maxlinear.com>
The prime_len variable is used as the length in bytes but it is set as
the length in bits. This fixes the sae DH group tests with wolfSSL.
Fixes: f8f20717f8 ("SAE: Use const_time selection for PWE in FFC")
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
MBSSID shares a single Beacon frame with multiple BSSs. This implies
that the key used for beacon protection (BIGTK) needs to be shared. The
nontransmitted BSSs managed their own BIGTK previously and that resulted
in providing incorrect value to the stations associated with those BSSs.
Use the BIGTK from the transmitted BSS to fix this.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Test functionality in cases where MBSSID is used with a WPA2-Personal
only BSS as the transmitted BSS and WPA3-Personal BSS as the
nontransmitted BSS.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Order scan results in a manner that prefers BSSs that support SAE over
ones that support PSK without SAE if the SNR of the SAE BSS is good or
at least at the same level as the SNR for the PSK BSS. This improves
likelihood of using SAE when the local network profile allows
WPA3-Personal transition mode and the ESS uses a mix BSSs with different
sets of AKMs.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Extend the optimization from commit 9c97126576 ("OWE: Optimize
transition mode scan to use known channels") to cover cases where the
STA is configued with OWE transition mode disabled, but the AP uses OWE
transition mode.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
BSS table is not updated when a non-P2P station runs a scan without P2P
IE in Probe Response frame, since that would remove P2P IE information.
However, this results also in not updating mandatory rates in Supported
Rates and BSS Membership Selectors element even though AP/GO changes
frequency from 2.4 GHz to 5 GHz band.
This is causing connection failure since BSS table has 1 Mbps as
mandatory rate for AP connection but minimum supported rate in 5 GHz
band is 6 Mbps.
To avoid connection failures in such cases, don't skip updating BSS
table when the BSS frequency is changed. This covers the most important
case addressed in commit ff57398fca ("P2P: Do not drop P2P IEs from
BSS table on non-P2P scans") while still allowing other changes to be
taken into account if the GO were to actually change channels (or band,
which would be the most likely case needing the update).
Signed-off-by: Ainy Kumari <quic_ainykuma@quicinc.com>
Fix references to the appropriate driver capability drv_flags2. The
initial version used the incorrect drv_flags value and by doing so,
ended up using incorrect driver capabilities (DEAUTH_TX_STATUS,
BSS_SELECT, TDLS_SUPPORT) which could result in incorrect OWE
functionality for both AP and STA cases.
Fixes: d984c7b298 ("hostapd: Add support for OWE offload for STA/AP interface")
Fixes: da364180fb ("hostapd: Support 4-way handshake offload for AP/P2P GO")
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
Otherwise the station or AP might be doing router advertisements,
causing keep alive already without the mechnism that is being tested.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
The openssl_ciphers parameter is a global data entry on the server
instead of the per-connection design on client. As such, hostapd needs
to make a local copy of the global value and use that whenever setting
per-connection parameters. This is needed particularly when testing
Suite B functionality where the Suite B specific parameters might end up
overriding the cipher list.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Define a new command QCA_TSF_SYNC_GET_CSA_TIMESTAMP in qca_tsf_cmd to
retrieve the TSF time value at which the AP will move and starts
beaconing on a new channel. Userspace queries this TSF after receiving
NL80211_CMD_CH_SWITCH_STARTED_NOTIFY event on the AP interface. This TSF
can be communicated via an OOB mechanism to connected STAs which may
fail to receive the CSA frames due to channel congestion.
Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
If the local network profile specifies a specific BSSID, there will not
be an acceptable alternative AP for the current one. As such, there is
not much point in trying to scan and wait for the results to make this
conclusion. Skip the scan and reject the BSS transition management
request even if that ends up getting disassociated from the BSS that
happens the be the only one that the local configuration allows to be
used.
Signed-off-by: Jouni Malinen <j@w1.fi>
The driver advertising SAE AP offload support would take care of SAE
authentication and PMK generation at the driver/firmware. This feature
requires the driver to be supporting 4-way handshake offload to process
the generated PMK at the driver level for 4-way handshake.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
The driver advertising OWE offload support would take care of
Diffie-Hellman Parameter element generation and processing part. The
driver would be responsible for OWE PMK generation in this case.
Avoid the Diffie-Hellman Parameter element handling in
wpa_supplicant/hostapd for drivers advertising OWE offload support. This
change is applicable only for drivers supporting 4-way handshake
offload.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>