If a scan triggers a regdom update into a 6 GHz-allowed regdom, and an
RNR element in one of the legacy band scan results points to a 6 GHz
scan result with a short SSID matching the current_ssid, delay
connection in favor of a 6 GHz-only scan. This will optimize the case in
which we first connect to a 5 GHz AP, then later roam to a 6 GHz one by
directly connecting to the 6 GHz one.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
wpas_trigger_6ghz_scan() returns 1 on success and 0 on failure to
trigger the scan. Checking the return value to be less than zero is not
correct. This was supposed to check for success, i.e., greater than
zero.
Fixes: 42add3c27b ("Scan 6 GHz channels after change to 6 GHz-allowed regdom")
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Expose whether a 6 GHz scan is in progress with the ScanInProgress6GHz
property and flush properties as soon as the property is updated, so
that platforms can choose not to disconnect while a 6 GHz scan is in
progress. Once the 6 GHz scan has completed and scan results have been
received, the ScanInProgress6GHz property is reset to false.
Signed-off-by: Ruth Mekonnen <rmekonnen@chromium.org>
When non_coloc_6ghz = false, the STA is expected to scan for colocated
APs. However, if the colocated AP is on a non-PSC channel, it will not
be detected during the 6 GHz-only scan because the frequency list is
limited to PSC channels. Even when the NL80211_SCAN_FLAG_COLOCATED_6GHZ
is set, the cfg80211 only scans a subset of the channels in the original
6 GHz scan request. Therefore, this patch adds non-PSC channels to the
original 6 GHz scan request.
Signed-off-by: Ruth Mekonnen <rmekonnen@chromium.org>
Commit e508c070c4 ("WNM: Keep BTM information until connection
completes") changed the logic so that much of the information about a
transition management request will be kept around for longer. However,
doing this also implies that the scan logic can be called multiple times
with wnm_dialog_token being set.
Add a guard to bail out if the scan was not done for a BTM request. But,
add it after the transition candidate validity check so that we reset
the state when a new scan invalidated it.
However, invalidation does not make sense for any scan, primarily an ML
probe request during a connection attempt should not trigger
invalidation. So move the call to wnm_scan_process() further down in the
list to avoid issues.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Use the RSN Override Link KDE to include the override variants of the
RSNE/RSNXE for each link so that all variants are verifies when
processing the protected EAPOL-Key message 3/4.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This replaces the use of the RSNE Override and RSNE Override 2 elements
with empty payload to indicate which RSNE variant was used.
In addition, this adds stricter validation of the RSNE in
(Re)Association Request frame to allow only the pairwise cipher suites
and AKMs listed in the indicated RSNE variant to be used.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
wpa_supplicant select_network() relies on fast_associate to reuse old
scan results. However, this approach does not apply in some cases in
Android:
1 - If the selected network is hidden, and the SSID is in Chinese,
Android switches between fallback SSIDs, necessitating a new scan for
switching between different hidden SSIDs.
2 - Similarly, if the selected SSID is OWE (Opportunistic Wireless
Encryption), and the OWE SSID bands have been changed, select_network()
requires a fresh scan to discover hidden OWE SSIDs.
To address these, enhance select_network() to trigger new scans instead
of relying on fast_associate. This improves network selection behavior
in Android.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use current connection MLO capability to fetch the appropriate
RSNE/RSNXE variant while processing association event.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add support for RSNE/RSNXE Override elements. Use these elements to
determine AP's extended RSN parameters.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The new "bigtk_set=1" entry in the control interface STATUS command
output indicates that a BIGTK has been successfully configured. This
shows that beacon protection has been enabled for the current
association.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add a new "ssid_verified=1" entry into the control interface STATUS
command output if the SSID has been verified for the current
association. This verification may have been done implicitly (e.g., with
SAE H2E and FT protocol binding in the SSID into key derivation or with
FILS protecting the SSID element in the (Re)Association Request frame)
or explicitly with the recently added SSID protection mechanism during
the 4-way handshake.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The consumer of the link_bssid array assumes it is a NULL terminated
array of BSSIDs. As such, add one to the maximum number of links to
ensure that there is always a sentinel value.
Fixes: 5af986c75a ("MLD: Also mark links as failed after association failure")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
When ignoring a link BSSID the multi-link information was parsed out
into a struct ml_sta_link_info on the stack. However, this stack
variable went out of scope before it was used by passing the link_bssids
pointer array to another function.
Fixes: 5af986c75a ("MLD: Also mark links as failed after association failure")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
wpa_supplicant might use a wrong BSS entry with the SSID different from
the current SSID of the current BSS while processing a roam event from
the driver when wpa_supplicant has a stale BSS entry with the old SSID
and the driver roams to the same BSS after it is restarted with a new
SSID.
To avoid this, update scan results from the driver when a BSS entry is
not found with the current SSID and try to fetch the BSS entry again
with the current SSID after this.
Also, with this change wpa_supplicant_get_new_bss() itself will update
the BSS table and search for the current BSS entry if it is not found in
the BSS table. So, remove the BSS table update and search logic from the
callers of wpa_supplicant_get_new_bss().
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
In case the channel map was updated to include the 6 GHz but these channels
were not scanned yet, do not allow fast associate.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
When considering to roam to a different BSS and the connection
is an MLD connection, do not roam to a BSS which is already
included in the MLD connection.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
When wpa_supplicant needed to update the internal BSS table with the
latest scan results from the driver, it fetched all BSSs and processed
them all. This is unnecessary for cases where an update is needed only
for a specific BSS. Optimize this by filtering out the unnecessary
entries from the results.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Commit 117e812d06 ("Update BSS table entry if roaming event indicates
frequency change") added wpa_supplicant BSS table update based on the
latest driver scan results whenever processing an association event that
results in the current operating channel changing. While that is needed
to cover the case where an AP changes its own operating channel (and
that is noticed as a roam or new connection instead of a channel switch
event), this should not really be needed for cases where the
wpa_supplicant entry for the new BSS is already up to date.
Skip the full BSS table update on association event if the event is for
a roaming case to a different BSS and the BSS entry for the target is
already available and for the current operating channel. This avoids
undesired latency when processing the association event.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This makes it more convenient to handle extensions to the element and
allows code to be shared between hostapd and wpa_supplicant.
Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
In the MLD case, the information from the transition management request
is relevant during the association process in order to filter out links
that were disallowed by the BTM request. Also, the information remains
useful should a connection attempt fail.
To enable these scenarios, keep the information around until the
connection has completed. As this might make it impossible to establish
a connection, also clear this information at the same time that a normal
BSS ignore is cleared to avoid getting stuck in case the transition
fails unexpectedly.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
When accepting a BSS transition request there is a race between
sending the response and roaming to the target AP. As a result,
the response may not be sent because the station deauthenticated
from the AP before the response was actually sent.
To make sure the BSS transition response is sent, start roaming only
after the TX status is received for the BSS transition response.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
When receiving a BTM request, wpa_supplicant would try to fetch new
results from the driver, and, independently of that, would also process
the latest scan results that were partially updated by the previous
fetch.
Simplify the logic by using wpa_supplicant_get_scan_results() directly
and then process the old scan data as usual. However, this data may be
outdated, so add a new heuristic to avoid roaming to a BSS if it is
either outdated or bad.
Doing this moves all scan data processing into wnm_scan_process() and
removes duplicated functionality for scan result processing in scan.c.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
This aligns both the wpa_supplicant and bss structures to use the same
pattern of a valid_links bitmask plus per-link entries.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
This was done using the below semantic patch. There are a few more
places that were missed due to variable declarations or additional
checks in the for loop.
@@
iterator name for_each_link;
identifier max_links =~ "MAX_NUM_MLD_LINKS|MAX_NUM_MLO_LINKS";
expression links;
expression further_tests;
identifier i;
statement stmt;
@@
-for (i = 0; i < max_links; i++)
+for_each_link(links, i)
{
(
- if (!(links & BIT(i)))
- continue;
...
|
- if (!(links & BIT(i)) || further_tests)
+ if (further_tests)
continue;
...
|
- if (further_tests || !(links & BIT(i)))
+ if (further_tests)
continue;
...
|
- if (links & BIT(i))
stmt
|
- if (further_tests && (links & BIT(i)))
+ if (further_tests)
stmt
|
- if ((links & BIT(i)) && further_tests)
+ if (further_tests)
stmt
)
}
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Add wpa_supplicant support for interacting with the NAN discovery engine
to allow USD as Publisher or Subscriber.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
There is currently a bias towards moving to higher bands but not one
against moving away from them. Fix that.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Decrease the roam difficulty when roaming across the short background
scan threshold (i.e., when the current BSS RSSI is below the threshold
and the selected BSS RSSI is above the threshold). This tends to happen
in normal roaming scenarios when moving from the domain of one AP to
the domain of another.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
The location of the comment is incorrect and it is not really needed.
Remove it.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
During scan results matching for connection skip BSS entries for the
current connection if disassociation imminent is set.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Otherwise any new scan result (even manual ones if they do not set
use_id=X to a non-zero value), can cause a reconnect to the same BSS
when MLO is used. This is because the current BSS is not detected by
wpa_supplicant_need_to_roam() and it assumes that roaming is needed.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
For a memory constrained system, it may be more important to reduce
binary size than include support for these capabilities.
By default this is enabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
For a memory constrained system, it may be more important to reduce
binary size than include support for these capabilities.
By default this is enabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Removing radio measurements and supported operating class indication
might be needed to reduce binary size for a memory constrained system
that does not need more advanced features. However, removing these is
not recommended since they can help the AP manage the network and STA
steering.
By default this functionality is enabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Beacon hinting is a feature that can temporarily change the regulatory
rule flags on the channel where the radio hears the beacon. Add a new
event CTRL-EVENT-REGDOM-BEACON-HINT to notify the wpa_supplicant user
about an important update to the regulatory rules including which
frequencies are impacted, new power limit, and new rule flags.
Signed-off-by: Jun Yu <junyuu@chromium.org>
This improves chances with APs that do not reply to Probe Request frame
with short SSID or with direct BSSID.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
According to IEEE P802.11be/D4.0, 35.3.4.2, the AP MLD ID must be
included in the Probe Request ML element in case it is sent to a
transmitted BSS in which case it should be set to 0. If it is sent to an
non-transmitted BSSID, the AP MLD ID should not be included.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Parse the link status values out of Multi-Link association response. If
the AP rejects ML association and marks the links as failed with a
reason code other than TX_LINK_NOT_ACCEPTED, also report these links to
wpas_connection_failed() and ignore them.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Parsing multiple RNR elements already exists in
wpa_bss_parse_basic_ml_element(), so wpas_ml_element() just duplicates
the same code. Combine the functionality of both these functions and
remove the duplicate.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This workaround from commit 6d6f4bb87f ("nl80211: Work around mac80211
limitation on (re)auth when authenticated") pre-dates the code that
supresses the deauth or disconnect event from nl80211. Should this code
be called it would not actually work at this point, as important
internal state for the authentication attempt has already been lost.
Simply drop the code. This might also fix issues where we could get
into a bad state if a proper deauth/disconnect event happens while we
are authenticating or associating.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Extend the optimization from commit 9c97126576 ("OWE: Optimize
transition mode scan to use known channels") to cover cases where the
STA is configued with OWE transition mode disabled, but the AP uses OWE
transition mode.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Fix references to the appropriate driver capability drv_flags2. The
initial version used the incorrect drv_flags value and by doing so,
ended up using incorrect driver capabilities (DEAUTH_TX_STATUS,
BSS_SELECT, TDLS_SUPPORT) which could result in incorrect OWE
functionality for both AP and STA cases.
Fixes: d984c7b298 ("hostapd: Add support for OWE offload for STA/AP interface")
Fixes: da364180fb ("hostapd: Support 4-way handshake offload for AP/P2P GO")
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>