Channel switch operation fails if 'eht' option is given without 'he'
as hostapd_config_check() returns following error:
"Cannot set ieee80211be without ieee80211ax"
The issue is seen only when switching within/to DFS channels because
hostapd_switch_channel_fallback() does not set 'ieee80211ax' in
hostapd configuration unless 'he_enabled' is set for the new channel.
Set 'he_enabled' in struct hostapd_freq_params for channel switch
when EHT is enabled.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
Now that per STA profile is cached already, there is no need to form it
dynamically on every Probe Request frame.
Use the cached one instead.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
As per IEEE P802.11be/D7.0, 35.3.3.5.1 (Inheritance in the Per-STA
Profile subelement of Basic Multi-Link element), Note 1, if there exists
one or more Vendor Specific elements carried in a Management frame that
includes the Basic Multi-Link element containing a per-STA profile for a
reported STA, and the contents of the Information field for at least one
of the Vendor Specific elements is not the same as that of at least one
Vendor Specific element that applies to the reported STA, then each
Vendor Specific element that applies to the reported STA is included in
its Per-STA Profile subelement.
Handle this.
Signed-off-by: Arunpandi Kannan <quic_arunpand@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
There can be an element in the reporting BSS which is not there in the
reported BSS. This element should not be inherited in the per STA
profile. Hence to indicate this, the corresponding per STA profile
should include a Non-Inheritance element in the per STA profile.
Include Non-Inheritance element in the per STA profiles when needed.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
If an element is present in the reporting BSS and it is also present in
the reported BSS and the contents are same, ideally, the reported BSS
need not carry such element in its per STA profile. Such elements are
assumed to be inherited from the reporting BSS.
Intersect the reported BSS profile with the reporting BSS and avoid such
element inclusion.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
There are certain elements which should not be included in a per STA
profile.
Ignore such elements.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Currently, upon receiving a Probe Request frame, per STA profile is
generated and added to the Probe Response frame. However, the per STA
profile remains unchanged unless there’s a property change in one of the
affliated link of the AP MLD. This approach introduces unnecessary delay
in forming and sending out the Probe Response frame.
To optimize this process, generate the per STA profile for each link at
the start and store it. When needed, it can be simply copied into the
Probe Response frame. Additionally, whenever there’s a change in the
link’s properties, re-generate the per STA profiles for all affiliated
links of the AP MLD.
As an initial step, copy the complete per STA profile and store it
within the links. The intersection with reporting BSS and inheritance
will be addressed in a subsequent change. Then finally, this will be
used to generate the Probe Response frame. As of this commit, no change
in adding per STA profiles in the Probe Response frame.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Co-developed-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
At present, the mld_link_info structure is nested within the mld_info
structure. However, a future modification will require mld_link_info to
be outside of mld_info. To address this, move the mld_link_info
structure to hostapd.h so that it can be accessed both in the current
context and in the location needed for the upcoming change.
No functional changes.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Prior to initiating communication on a DFS channel, channel availability
check needs to be performed. During this period, the AP does not beacon.
Hence, no channel switch was allowed during this period. However, if a
user wishes to switch to a non-DFS channel during the potentially long
CAC period and start transmission immediately, there is no provision to
do that currently.
Extend the existing CHAN_SWITCH control interface command to allow
channel switch even when the AP is in CAC state. To do this, first
disable the interface to abort the CAC in progress and then configure
the interface with the new parameters and finally re-enable the
interface.
Signed-off-by: Amith A <quic_amitajit@quicinc.com>
In the send_assoc_resp() function, there’s a chance that the sta
argument could be NULL. Therefore, it’s crucial not to directly
dereference sta without first checking whether it’s a valid pointer.
However, commit 58ac46baf7 (“WNM: AP configuration to allow BSS max
idle period requests”) introduces direct dereferencing of max idle
period from sta, which might lead to a NULL pointer dereference. Fix
this now.
Fixes: 58ac46baf7 ("WNM: AP configuration to allow BSS max idle period requests")
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
The Bandwidth Indication subelement contains channel bandwidth, channel
center frequency, and optionally punctured subchannels.
As per IEEE P802.11be/D7.0, 35.15.3 (Channel switching methods for an
EHT BSS), if a Channel Switch Announcement element or an Extended
Channel Switch Announcement element is used to announce a switch to an
EHT BSS operating channel width wider than 160 MHz or to an EHT BSS
operating channel width including at least one punctured 20 MHz
subchannel, the Bandwidth Indication subelement in the Channel Switch
Wrapper element shall be present in the same frame.
Hence, add it into the Beacon and Probe Response frames under the above
mentioned conditions.
Signed-off-by: Karthik M <quic_karm@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
The Wide Bandwidth Channel Switch subelement was directly appended in
the Channel Switch Wrapper element function
hostapd_eid_wb_chsw_wrapper(). However, a subsequent change would add
Bandwidth Indication subelement in the Channel Switch Wrapper element.
Hence using the same function name would be confusing.
Hence, refactor the current code into two functions. The first function
hostapd_eid_chsw_wrapper() forms the channel switch wrapper element.
This calls hostapd_eid_wb_channel_switch() to add a Wide Bandwidth
Channel Switch subelement inside it.
No functionality change.
Signed-off-by: Karthik M <quic_karm@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
During MLO, an nl80211_cqm_event may be received by any BSS. Directing
this event to the first BSS may not be suitable as it might not
correspond to the link the event is meant for. Hence, there is a need to
handle this on per-BSS basis.
Therefore, handle nl80211_cqm_event per BSS. The event handler further
uses the address information present in the event to fetch the intended
link BSS if no matching STA entry was found based on the initial
ap_get_sta() call.
Signed-off-by: Manish Dharanenthiran <quic_mdharane@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
The hostapd_find_by_sta() function may be utilized by multiple driver
events. Therefore, it should be declared at the outset to ensure
accessibility by all event handlers.
No functional changes.
Signed-off-by: Manish Dharanenthiran <quic_mdharane@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
The Max Channel Switch Time element indicates the time delta between the
time the last beacon is transmitted by the AP in the current channel and
the expected time of the first Beacon frame transmitted by the AP in the
new channel.
IEEE P802.11be/D7.0, 35.3.11 (ML procedures for (extended) channel
switching and channel quieting) indicates that if an AP affiliated with
an AP MLD is switching channel, Max Channel Switch Time element shall be
included in every Beacon and Probe Response frame it transmits.
Add support to include the Max Channel Switch Time element in Beacon and
Probe Response frames during channel switch announcement for an AP
affiliated with an AP MLD.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
These can be used outside the context of FST and hostapd.c, so move the
macro definitions into a shared header file. In addition, fix the
currently unused US_TO_TU() definition and rename "US" to "USEC".
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Currently, hapd->link is added to the MLD links list during driver
initialization and setup BSS operation. However, a call trace has been
observed where a BSS link item is not present in the list and an attempt
is made to delete it from the list. This scenario occurs during the
deinitialization operation, which calls hostapd_bss_link_deinit() and
tries to remove the hapd->link which is not present in the list.
Ensures that the link item is added to the list only after the
successful operation of link addition. Also ensure that mld->num_links
increments only when the addition is successful. Therefore, return from
hostapd_bss_link_deinit(), if mld->num_links is zero. Since the mld
object is shared among all the links, num_links has to be incremented
only when the addition is successful.
Call trace:
dl_list_del.lto_priv.9.lto_priv ()
hostapd_bss_link_deinit.lto_priv ()
hostapd_bss_deinit ()
hostapd_interface_deinit ()
hostapd_interface_deinit_free ()
hostapd_main ()
Signed-off-by: Sidhanta Sahu <quic_sidhanta@quicinc.com>
hostapd used to always enable only the group 19 when SAE groups were not
configured explicitly in hostapd.conf. This may cause undesired
connection delay with STAs which use group 20 as the primary group with
SAE-EXT-KEY AKM during SAE authentication attempt.
To avoid this, enable group 20 in default groups when AP supports
SAE-EXT-KEY and SAE groups have not been configured explicitly in
hostapd.conf.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Currently only one scan can be performed on per phy level at a time in
the driver. Due to this, if another scan request is sent via anoother
underlying phy, the kernel returns -EBUSY. This would result in hostapd
trying to set the interface into station mode if it was originally in AP
mode and retry sending a scan request. However, this behavior is
expected in case of multi link operation and hence there is no need to
switch the mode as such.
Hence, add logic to not change the NL mode if the kernel returns -EBUSY
during multi link AP operation. The caller can accordingly decide and,
if needed, it can re-schedule a scan request after some time.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Currently, whenever a scan is started, it uses drv's first BSS only
whether it is AP or STA interface. However, with AP MLD related changes,
the same drv could be used by other BSSs as well which needs scanning.
Hence, the current logic will not work since scan needs to be handled on
a non-first BSS as well.
Move the logic of always using drv's first BSS during scan events to
using BSS on which the event arrived.
Also, for AP MLD operation, even though the BSS is same, the link BSS
also needs to be identified. Hence, add a back pointer in the BSS struct
which would be used to point to the link BSS which requested the scan on
that BSS. This will help in routing the scan events to an appropriate
BSS ctx.
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
hostapd would send DISASSOC packet (after quiet DEAUTH) or DEAUTH packet
(after quiet DISASSOC) to the station after some inactivity timeout,
even though the command has tx=0 parameter. Fix this so that tx=0 cleans
the STA info without sending any DISASSOC or DEAUTH packets.
Signed-off-by: Gal Savion <gsavion@maxlinear.com>
This can be used with a clangd server to get code completion and cross
references in editor. To simplify the generation, create .cmd files for
most object files while building that contains the base directory and
command that was used when compiling it.
A very simple gen_compile_commands.py is provided which will read one or
more build directories and generate the compile_commands.json file for
it.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Add a new vendor attribute
QCA_WLAN_VENDOR_ATTR_SCAN_SKIP_CHANNEL_RECENCY_PERIOD for sub command
QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN to skip the recently scanned
channels within specified time (in ms), thus reducing the number of
channels for requested scan.
Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
The value currently is simply incremented, but it must not
reach 255 and rather wrap around from 254 to 0, since in
the Reduced Neighbor Report 255 means unknown. Fix that.
Fixes: d95838b793 ("AP: Add support for testing ML link removal")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The Link Id attribute is required for
qca_wlan_vendor_attr_external_acs_event to identify the link on which
the command is received for an AP MLD.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add QCA_WLAN_VENDOR_ATTR_ADD_STA_NODE_LINKID attribute to the
ADD_STA_NODE command to identify a specific link affiliated to an AP
MLD.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a new sub command QCA_NL80211_VENDOR_SUBCMD_AUDIO_TRANSPORT_SWITCH
to request the audio data transport switch in both the command and event
path. This is used when two or more audio data transports are available
between peers.
Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
The driver might delete the STA node details on receiving external auth
status. In SAE authentication failure case on the AP, an Authentication
frame with a failure status is sent to the driver after sending the
external auth status. Authentication frame transmission didn't have a
dependency with STA node details earlier, but with MLO, Authentication
frames should be transmitted using the link address for a given MLD MAC
address by the supplicant. Since MLD to link address translation is done
by the driver, the STA node details are required to transmit the
Authentication frame. Hence, send external auth status to the driver
after sending the Authentication frame.
SAE external auth was introduced in commit 4ffb0fefe4 ("hostapd:
Support external authentication offload in AP mode"), which requires the
change in order of sending Authentication frame and auth status in case
of failure when using MLO.
Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>
Use the RSN Override Link KDE to include the override variants of the
RSNE/RSNXE for each link so that all variants are verifies when
processing the protected EAPOL-Key message 3/4.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This allows all variants to be verified based on a protected frame to
achieve robust downgrade protection.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This provides an implicitly protected (SNonce is used as an input to PTK
derivation) mechanism for a STA to indicate support for RSN overriding
in a manner that does not cause interopability issues with deployed APs.
In addition, update sm->SNonce on the Authenticator only based on
message 2/4 since that is the only EAPOL-Key message that is defined to
provide the actual SNonce value. While clearing of this internal buffer
on message 4/4 might not cause issues, it is better to keep the actual
SNonce value here since the SNonce cookie can be used at a later point
in the sequence.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This replaces the use of the RSNE Override and RSNE Override 2 elements
with empty payload to indicate which RSNE variant was used.
In addition, this adds stricter validation of the RSNE in
(Re)Association Request frame to allow only the pairwise cipher suites
and AKMs listed in the indicated RSNE variant to be used.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The separate RSNOE/RSNO2E/RSNXOE buffers were not actually used on the
Authenticator, so remove them.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
hostapd_eid_assoc_fils_session() might return NULL if memory allocation
fails. This NULL value then will be used for invalid calculation and
cause unspecified behavior or be dereferenced unexpectedly. Avoid this
with an explicit check of the returned pointer.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
Use else-if check for better clarity regarding usage of wpa_ie_buf3 to
make it explicit that memory is allocated for this pointer only once.
Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
The new hostapd configuration parameter eapol_key_reserved_random=1 can
be used for testing STA/Supplicant functionality to accept a random
value in the Reserved field within EAPOL-Key frames.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This is convenient for testing STA behavior with various RSN element
combinations and special cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The RSNXE generation function was extended to support this earlier, but
that update was missed from the RSNXOE variant.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add an explicit rsn_override_omit_rsnxe=1 configuration parameter to
allow the RSNXE to be omitted when using the RSNXOE and wanting to
minimize interoperability issues with STAs that might recognize the
RSNXE, but not handle it correctly, e.g., when multiple octets of
payload is included.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a new QCA command QCA_NL80211_VENDOR_SUBCMD_USD and related
attributes to support Unsynchronized Service Discovery (USD).
Device in active subscriber role sends SDF frames with service
information to find devices that advertise or publish the required
services. Device address, operation type, instance id, service_id,
channel info, service specific info, element container attribute, and
timeout are sent to the driver to initiate USD publish or USD subscribe
operation. The driver sends QCA_NL80211_VENDOR_SUBCMD_USD event with
instance_id and the USD operation status. QCA_NL80211_VENDOR_SUBCMD_USD
is also used to update publish operation and to cancel the publish or
subscribe operation for a service. It also allows all the operations to
be terminated using the USD flush command.
Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>
Add support for RSNE/RSNXE Override elements. Use these elements to
determine AP's extended RSN parameters.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a new capability flag based on the nl80211 feature advertisement for
RSN overriding support.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Allow hostapd to be configured to advertised two separate sets of
RSNE/RSNXE parameters so that RSNE/RSNXE can use a reduced set of
capabilities (e.g., WPA2-Personal only) for supporting deployed STAs
that have issues with transition modes while the new override elements
can use a newer security option (e.g., WPA3-Personal only) for STAs that
support the new mechanism.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
