In case of MLO AP and legacy client, make sure received EAPOL frames are
processed on the correct BSS.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case of MLO AP and legacy client, make sure Management frame TX
status is processed on the correct BSS.
Since there's only one instance of i802_bss for all BSSs in an AP MLD in
the nl80211 driver interface, the link ID is needed to forward the
status to the correct BSS. Store the link ID when transmitting
Managements frames and report it in TX status.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case of MLO AP and legacy client, make sure EAPOL TX status is
processed on the correct BSS.
Since there's only one instance of i802_bss for all BSSs in an AP MLD in
the nl80211 driver interface, the link ID is needed to forward the EAPOL
TX status to the correct BSS. Store the link ID when transmitting EAPOL
frames over control interface and report it in TX status.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Only the main link handles SAE authentication and OWE, skip them on
other links.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
MLO associations use the MLD address instead of the MAC address in SAE
derivation.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
If the AP is part of an AP MLD specify the link ID in the set_key
parameters whenever setting a group key.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This provides the link specific group keys and last used PN/IPN/BIPN
values to the Supplicant in the MLO KDEs instead of the KDEs used for
non-MLO cases.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Verify that the MLD address in EAPOL-Key msg 4/4 is set correctly for
MLO cases. Note that the mechanism used here for distinguishing between
EAPOL-Key msg 2/4 and 4/4 is not exactly ideal and should be improved in
the future.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This provides the link specific group keys and last used PN/IPN/BIPN
values to the Supplicant in the MLO KDEs instead of the KDEs used for
non-MLO cases.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Allow RSN authenticator to fetch the current group key information with
the keys and the last used PN/IPN/BIPN for MLO specific KDEs.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Verify that the affiliated link information matches between association
(unprotected) and 4-way handshake (protected).
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Make the MLO related information available for the RSN Authenticator
state machine to be able to perform steps needed on an AP MLD. The
actual use of this information will be in the following commits.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This is needed since link_id is not always available. In addition,
recognize the link address as a known address.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
EAPOL frames may need to be transmitted from the link address and not
MLD address. For example, in case of authentication between AP MLD and
legacy STA. Add link_id parameter to EAPOL send APIs.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This allows proper TX status handling when MLD addressing is used for
Management frames. Note, that the statuses are still not forwarded to
the correct link BSS. This will be handled in later commits.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This is needed for the driver to know on which link it should transmit
the frames in MLO cases.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Get rid of the duplicated code for setting IEEE 802.1X port
authorization for MLD and non-MLD cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Handle IEEE 802.1X port authorization in the context of MLO.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When a non-AP MLD is deauthenticated/disassociated from an MLD AP, make
sure to clean up its state from all links.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This is a step towards handling of deauthentication/disassociation from
an MLD AP.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Handle association request callback in the context of MLO.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add the full station profile to the Multi-Link element in the
(Re)Association Response frame. In addition, use the AP MLD's MLD MAC
address as SA/BSSID once the non-AP MLD has been added to the driver to
use address translation in the driver.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Implement processing of the Multi-Link element in the (Re)Association
Request frame, including processing of the Per-STA Profile subelement.
After handling the basic parsing of the element and extracting the
information about the requested links, handle the link specific
processing for each link:
- Find the interface with the corresponding link ID.
- Process the station profile in the interface.
- Prepare the Per-STA Profile subelement to be included in the
Multi-Link element in the (Re)Association Response frame.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Find an AID that is unused on all the affiliated links when assigning an
AID to a non-AP MLD.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In case the AP is an AP MLD, parse the Multi-Link element from the
Authentication frame, store the relevant information, and prepare the
response Multi-Link element.
If the AP is not an AP MLD or the parsing of the element fails, continue
the authentication flow without MLD support.
For SAE, it is needed to skip various fixed fields in
the Authentication frame. Implement it for SAE with H2E.
TODO: This should be extended to other authentication algorithms which
are allowed for MLD connections and have fixed fields in the
Authentication frames, according to IEEE P802.11-REVme/D3.0, Table 9-69
(Presence of fields and elements in Authentications frames).
This commit doesn't support FILS, FT, etc.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Define a struct to hold MLD station info and implement publishing of the
Basic Multi-Link element. Add it into Beacon and Probe Response frames.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Once a station is added to the underlying driver, the driver is expected
to do address translation and use MLD addresses. Thus, when handling a
received Management frame, match it against the MLD address.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
To simplify the handling of MLD stations, assume that all
interfaces/BSSs use the same IEEE 802.1X authenticator, the same RADIUS
server instance, and the same RADIUS client.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
In MLO, multiple BSSs can transmit on different frequencies. Select
link frequencies according to the transmitter address.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
- Include RNR element in Beacon frames of AP MLDs.
- Whenever a new interface is added to an AP MLD, reconfigure
the Beacon frame templates for all other interfaces, to allow
updating their RNR elements.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This includes:
- Modifications of the driver API, to include the link ID as part
of 'struct hostapd_freq_params'.
- Modifications to nl80211 driver.
- Modifications for the driver wrappers.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
To be used in later patches, e.g., for link tracking etc.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add support for including multiple hostapd interfaces in the same AP
MLD, i.e., all using the same underlying driver network interface.
To do so, when a new hostapd interface is added, if there is already
another interface using the same underlying network interface, associate
the new interface with the same private data object, instead of creating
a new one.
As some of the BSSs are non-first BSSs, meaning that they reuse the
drv_priv of the initial BSS, make sure not to double free it.
Currently multiple BSS entries are not supported so always use bss[0]
for MLD.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Retrieve the EML capabilities as well as the MLD capabilities and ops
from nl80211 and expose them using the new driver interface
get_mld_capa().
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
We will start using this structure to also track MLD related
capabilities instead of just extended capabilities. As such, give the
structure a more generic name.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>