Commit graph

5785 commits

Author SHA1 Message Date
Jintao Lin
e3570f5e1c dbus: Use current_bss to get correct group BSSID and frequency on client
When the P2P persistent group is provisioned out-of-band, i.e., add
persistent group with a known BSSID, SSID, passphrase, and frequency,
and start the group with GroupAdd dbus command, the group info fetched
on the cliend side has zero MAC address for BSSID and no value for
frequency. Fix this issue by getting that information from
wpa_s->current_bss instead of wpa_s->go_params.

Signed-off-by: Jintao Lin <jintaolin@chromium.org>
2023-12-23 11:41:37 +02:00
Ilan Peer
2d4f905214 RRM: Add support for including extended ID elements in beacon report
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-12-22 17:14:33 +02:00
Benjamin Berg
c88c08f0cc SME: Remove comment in missing ML links handling
The location of the comment is incorrect and it is not really needed.
Remove it.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-12-22 17:14:33 +02:00
Johannes Berg
41e65efa3a ctrl_iface: Fix newline in print_ml()
We only print the newline if the AP MLD ID is present
(BASIC_MULTI_LINK_CTRL_PRES_AP_MLD_ID), fix that.

Fixes: e3e68668c1 ("ctrl_iface: Report RNR and ML in BSS command")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-12-22 17:14:33 +02:00
Jouni Malinen
a3a34c0eb1 HS 2.0: Remove useless debug print in non-Hotspot 2.0 cases
It is not really helpful to get debug prints about Hotspot 2.0 frame
filtering when trying to connect a non-Hotspot 2.0 network. Remove this
debug print that was being printed for every connection that did not use
Hotspot 2.0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-22 16:54:15 +02:00
Ilan Peer
5927455b8b MLD: Add support for disabled APs
An affiliated AP of an AP MLD can temporarily be disabled. Other
affiliated APs of the AP MLD indicate this in the Reduced Neighbor
Report (RNR) elements added to their Beacon and Probe Response frames.

When an affiliated AP is disabled, it should be included in the
association exchange, but can be activated only after it is enabled.

Add support identifying disabled APs and propagate the information
to the driver within the associate() callback.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-12-22 15:56:41 +02:00
Johannes Berg
14d7b9e371 ctrl_iface: Don't return -1 when dumping BSS information
Don't ever return -1 from print_bss_info() as that causes
corruption of the output.

Also don't return -1 from print_fils_indication() as that
would stop the iteration over all BSSs.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2023-12-22 13:15:45 +02:00
Jouni Malinen
40b2558828 PASN: Select the latest available BSS entry for a BSSID
This is needed to work around some issues that show up mainly in testing
scenarios when the same BSSID might be used with different
configurations and the scan results from the driver might include both
the old and new contents when two different SSIDs are used.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-21 19:44:32 +02:00
Veerendranath Jakkam
88984bbb94 MLD STA: Update SAE PWE derivation in hunting-and-pecking loop case
Use AP MLD address instead of BSSID for PWE derivation during MLO
connection. This was already done for H2E in commit e869fdfeef
("wpa_supplicant: Use MLD address in SAE authentication"). While IEEE
P802.11be requires H2E to be used, there are deployed AP MLDs that do
not follow that requirement. This change to the hunting-and-pecking loop
case is needed for interoperability workarounds with such APs.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-12-21 13:06:57 +02:00
Jouni Malinen
62141825f6 tests: PASN authentication using driver event as trigger
Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-17 18:03:56 +02:00
Andrei Otcheretianski
7fa840309a WNM: Skip current connection BSS when disassociate imminent is set
During scan results matching for connection skip BSS entries for the
current connection if disassociation imminent is set.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-12-16 20:40:23 +02:00
Jouni Malinen
09988c4356 WNM: Accept link removal BSS TM Request
Instead of rejecting the request, accept it since the AP MLD is in
control of which links are available and we are not being fully
disconnected in this case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-16 19:46:41 +02:00
Ilan Peer
80810929a4 WNM: Handle BTM request with Link Removal Imminent field set to 1
Based on IEEE P802.11be/D5.0, when a station is non-AP MLD with more
than one link the combination of the Link Removal Imminent field set to
1 and the BSS Termination Included field set to 1 means than only one of
the links is removed while the other links will remains associated.
Handle this case without starting a scan to find another BSS.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-12-16 19:12:23 +02:00
Ilan Peer
7ee12fca49 WNM: Allow frames from AP MLD
Allow frames where the SA is the AP MLD MAC address as the driver might
have performed address translation.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-12-16 18:49:16 +02:00
Vinayak Yadawad
1efdba5fdc Handle PMKSA flush in the driver for SAE/OWE offload cases
For wpa_supplicant based SAE/OWE connection, the wpa_supplicant state
machine is aware of the PMKID created for a connection and this gets
removed when "REMOVE_NETWORK all" is called. However, when SAE/OWE
offload is enabled, wpa_supplicant is not aware of the PMKID generated
by the driver/firmware. So add PMKSA del indication to the driver from
remove_network context so that the driver can free PMKs associated with
the SSID.

Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
2023-12-16 18:25:26 +02:00
Daniel Gabay
6a793c5f24 bgscan: Fix bgscan_init() stub declaration
The bgscan_init() declared wrongly when CONFIG_BGSCAN is not defined,
fix that.

Fixes: 3139270903 ("bgscan: Add global bgscan configuration")
Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
2023-12-16 18:18:38 +02:00
Benjamin Berg
1b9006a8cb Use the link BSSID to resolve current BSS for whether to roam check
Otherwise any new scan result (even manual ones if they do not set
use_id=X to a non-zero value), can cause a reconnect to the same BSS
when MLO is used. This is because the current BSS is not detected by
wpa_supplicant_need_to_roam() and it assumes that roaming is needed.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-12-16 18:04:32 +02:00
Andrei Otcheretianski
c4dac077bc wpa_supplicant: Remove redundant CONFIG_WNM in wnm_sta.c
The entire file is compiled only under CONFIG_WNM, remove it.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-12-16 18:00:13 +02:00
Jouni Malinen
07525cd5e2 Fix HE enabling for IBSS and mesh
Earlier refactoring of ibss_mesh_setup_freq() ended up dropping the case
where HE would be enabled without VHT on the 2.4 GHz band. Add that back
to allow HE to be used on 2.4 GHz with IBSS and mesh.

Fixes: 64043e6156 ("Split ibss_mesh_setup_freq() into multiple functions")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-12-14 20:59:42 +02:00
Chenming Huang
40410c04f4 AP MLD: Channel switch for specific link
Link ID needs to be specified for MLD case when doing channel switch.
Add it to the driver command.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2023-12-14 13:14:37 +02:00
Jouni Malinen
8920e03905 P2P: Force clearing of p2p-send-action radio work on P2P_STOP_FIND
Make sure there is no P2P radio work remaining if P2P_STOP_FIND is used
to stop a P2P exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-10 19:40:49 +02:00
Ben Greear
ceb7f65dcc bgscan: Allow simple bgscan to do BTM queries
Allow doing X BSS transition management query calls before falling back
to scan.

Example format to do 4 BTM queries before attempting a scan:
bgscan="simple:30:-65:300:4"

Signed-off-by: Ben Greear <greearb@candelatech.com>
2023-12-09 11:31:32 +02:00
Chaitanya Tata
0b5d111653 Fix MBO build with GAS dependency
On the default configuration if MBO only is enabled then build breaks as GAS
is not selected, if other features that auto-enable GAS are selected
then it works.

Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
2023-12-06 12:47:22 +02:00
Chaitanya Tata
20c82a2708 Add an option to remove WMM-AC
For a memory constrained system, it may be more important to reduce
binary size than include support for these capabilities.

By default this is enabled.

Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
2023-12-03 11:43:45 +02:00
Chaitanya Tata
32b5f7f501 Add an option to remove Robust AV (SCS, MSCS, QoS Management)
For a memory constrained system, it may be more important to reduce
binary size than include support for these capabilities.

By default this is enabled.

Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
2023-12-03 11:43:45 +02:00
Chaitanya Tata
6ed8eba00d Add an option to remove RRM and supported operating class indication
Removing radio measurements and supported operating class indication
might be needed to reduce binary size for a memory constrained system
that does not need more advanced features. However, removing these is
not recommended since they can help the AP manage the network and STA
steering.

By default this functionality is enabled.

Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
2023-12-03 11:43:43 +02:00
Jun Yu
4b80ad1194 Populate the new beacon hint event to wpa_msg()
Beacon hinting is a feature that can temporarily change the regulatory
rule flags on the channel where the radio hears the beacon. Add a new
event CTRL-EVENT-REGDOM-BEACON-HINT to notify the wpa_supplicant user
about an important update to the regulatory rules including which
frequencies are impacted, new power limit, and new rule flags.

Signed-off-by: Jun Yu <junyuu@chromium.org>
2023-12-02 20:48:15 +02:00
Remi Pommarel
bbb0d3a40e mesh: Add for_each_sta implementation in wpa_auth_callbacks
The wpa_auth_callbacks for mesh was missing a for_each_sta
implementation. This is an issue with pmksa cache, as when a cache entry
expires the for_each_sta callback is called in order to clear the pmksa
reference for all sta that was using this entry. Not having a
for_each_sta callback will prevent this cleanup to happen then a sta
could still use this pmksa entry even after it has been freed.

This used after free was not a problem up until recently where
dpp_pkhash is now stored in pmksa entry and retreived later on causing
crash with below backtrace:

  _wpa_snprintf_hex                        src/utils/common.c:326
  wpa_snprintf_hex                         src/utils/common.c:348
  hostapd_ctrl_iface_sta_mib               src/ap/ctrl_iface_ap.c:542
  hostapd_ctrl_iface_sta_mib               src/ap/ctrl_iface_ap.c:542
  hostapd_ctrl_iface_sta_mib               src/ap/ctrl_iface_ap.c:600
  hostapd_ctrl_iface_sta                   src/ap/ctrl_iface_ap.c:615
  wpa_supplicant_ctrl_iface_process        src/wpa_supplicant/ctrl_iface.c:12741
  wpa_supplicant_global_ctrl_iface_receive src/wpa_supplicant/ctrl_iface_unix.c:1141
  eloop_sock_table_dispatch                src/utils/eloop.c:625
  eloop_run                                src/utils/eloop.c:1238
  wpa_supplicant_run                       src/wpa_supplicant/wpa_supplicant.c:8021
  main                                     src/wpa_supplicant/main.c:393

Adding a for_each_sta callbacks fixes that.

Fixes: 043dedee83 ("DPP: Expose enrollee pubkey hash for identification")
Signed-off-by: Remi Pommarel <repk@triplefau.lt>
2023-12-02 20:34:34 +02:00
Jouni Malinen
4f69b4a31e mesh: Fix PMKSA cache entry addition with external PMKSA management
The length of the PMK ended up getting lost when a PMKSA cache entry was
added based on externally managed information. Set the PMK length in SAE
context to get the correct length stored into the actual PMKSA cache
entry that gets created in this path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-12-02 20:31:16 +02:00
Jouni Malinen
033634019d Ignore missing set_secure_ranging_ctx callback for testing purposes
nl80211_set_secure_ranging_ctx() was already ignoring the operation, but
this is included only with CONFIG_DRIVER_NL80211_QCA=y. Make the default
case use same behavior based on the callback function not being defined.
This is needed to allow the following test cases to work:
pasn_owe_tm_kdk_secure_ltf pasn_sae_kdk_secure_ltf

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-27 12:01:15 +02:00
Benjamin Berg
e9bdecce4d Share TEST_FAIL/TEST_ALLOC_FAIL/GET_FAIL/GET_ALLOC_FAIL handler
Move the hostapd and wpa_supplicant control interface handlers into a
shared functions instead of duplicated implementation.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2023-11-26 12:03:47 +02:00
Andrei Otcheretianski
2c89ca9223 wpa_supplicant: Use wpa_msg() in bssid_ignore.c
This allows to use the messages for testing.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-11-26 10:53:15 +02:00
Benjamin Berg
b9c81e2005 MLD: Use MLD MAC address for deauthentication
When connecting, pending_bssid is set to the main link that we are
authenticating/associating on. Later on, the MLD MAC address will be
stored in the bssid, but we may also try to deauthenticate before we are
connected and in that case, pending_bssid is not yet set to the MLD MAC
address.

As such, use the ap_mld_addr instead of pending_bssid if n_mld_links is
non-zero. This is the sensible thing to do and expected behavior on
nl80211.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-11-25 21:49:06 +02:00
Ilan Peer
e5917e2a5b scan: MLD: Include SSID in ML probe request
This improves chances with APs that do not reply to Probe Request frame
with short SSID or with direct BSSID.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-11-25 21:41:15 +02:00
Ilan Peer
b29ac99d52 scan: Include AP MLD ID in ML probe request if needed
According to IEEE P802.11be/D4.0, 35.3.4.2, the AP MLD ID must be
included in the Probe Request ML element in case it is sent to a
transmitted BSS in which case it should be set to 0. If it is sent to an
non-transmitted BSSID, the AP MLD ID should not be included.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-11-25 21:38:57 +02:00
Benjamin Berg
3cd377eb54 MLD: Ignore failed links from association attempt
If for some reason association fails and a link which has an error is
reported, add that specific link to the ignore list. After that,
immediately retrigger the connection code. In the usual case, we are
then going to reconnect to the same AP MLD but with that particular link
not being included in the connection.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2023-11-25 17:10:38 +02:00
Benjamin Berg
e6eebd0d5c MLD: Do not consider ignored BSSs for links when parsing RNR info
This avoids, e.g., trying to use a BSS that is rejected by mac80211 as a
link, which could fail the connection as a whole.

Note that this is not perfect. Ideally, the internal state would have a
more context sensitive ignore flag so that one could still use a BSS as
a link in some situation.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-11-25 16:52:08 +02:00
Benjamin Berg
5af986c75a MLD: Also mark links as failed after association failure
Parse the link status values out of Multi-Link association response. If
the AP rejects ML association and marks the links as failed with a
reason code other than TX_LINK_NOT_ACCEPTED, also report these links to
wpas_connection_failed() and ignore them.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-11-25 16:44:01 +02:00
Andrei Otcheretianski
9160540ec3 wpa_supplicant: Fix ml_ie_len type in wpa_bss_parse_basic_ml_element()
Since the Multi-Link element can be fragmented, use size_t instead of
u8.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-11-25 13:40:15 +02:00
Andrei Otcheretianski
cb90aa3acf wpa_supplicant: Remove duplicate logic in wpas_ml_element()
Parsing multiple RNR elements already exists in
wpa_bss_parse_basic_ml_element(), so wpas_ml_element() just duplicates
the same code. Combine the functionality of both these functions and
remove the duplicate.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-11-25 12:03:52 +02:00
Andrei Otcheretianski
74b6884306 wpa_supplicant: Add config parameters for MLD testing
Add band preference, BSSID preference, and single link enforcement
testing options. This is needed for testing MLO.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-11-25 11:26:00 +02:00
Jouni Malinen
6220fb52e3 dbus: Increase XML buffer size for an interface introspection data
The current set of global configuration fields is getting close to the
previously used 15000 byte limit, so increase this size to 16000 and add
a note about the potential need to change this size when adding new
fields.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-11-25 11:13:42 +02:00
Benjamin Berg
b3aafd5a87 common: Simplify and avoid confusing defragmentation API
Three functions were provided for defragmentation. First
ieee802_11_defrag(), ieee802_11_defrag_mle() and then
ieee802_11_defrag_data() which would do the actual job. With
ieee802_11_defrag() picking the member in the elements struct for an
EID. The problem with this is, that for the Multi-Link element, there
are multiple entries in the elems struct depending on its type. As such,
remove the intermediate function and simply pass the correct members
directly.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-11-25 10:56:56 +02:00
Benjamin Berg
9ffebf758d SME: Drop old disassoc_while_authenticating workaround
This workaround from commit 6d6f4bb87f ("nl80211: Work around mac80211
limitation on (re)auth when authenticated") pre-dates the code that
supresses the deauth or disconnect event from nl80211. Should this code
be called it would not actually work at this point, as important
internal state for the authentication attempt has already been lost.

Simply drop the code. This might also fix issues where we could get
into a bad state if a proper deauth/disconnect event happens while we
are authenticating or associating.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2023-11-24 22:59:19 +02:00
Jouni Malinen
c8b4ad70b1 tests: Set wpa_s->global for module tests
This is needed to avoid NULL pointer deferencing in
wpa_supplicant_ctrl_iface_msg_cb() if any of the functions called from
wpas_bssid_ignore_module_tests_() ends up using wpa_msg().

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-24 21:02:03 +02:00
Jouni Malinen
a768556f7b Prefer SAE over PSK in WPA3-Personal transition mode cases
Order scan results in a manner that prefers BSSs that support SAE over
ones that support PSK without SAE if the SNR of the SAE BSS is good or
at least at the same level as the SNR for the PSK BSS. This improves
likelihood of using SAE when the local network profile allows
WPA3-Personal transition mode and the ESS uses a mix BSSs with different
sets of AKMs.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-23 23:16:58 +02:00
Jouni Malinen
43184bf06a OWE: Optimize transition mode AP scan with owe_only=1 STA configuration
Extend the optimization from commit 9c97126576 ("OWE: Optimize
transition mode scan to use known channels") to cover cases where the
STA is configued with OWE transition mode disabled, but the AP uses OWE
transition mode.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-11-23 20:41:35 +02:00
Ainy Kumari
4ff287e922 P2P: Do not skip updating BSS table when frequency is changed
BSS table is not updated when a non-P2P station runs a scan without P2P
IE in Probe Response frame, since that would remove P2P IE information.
However, this results also in not updating mandatory rates in Supported
Rates and BSS Membership Selectors element even though AP/GO changes
frequency from 2.4 GHz to 5 GHz band.

This is causing connection failure since BSS table has 1 Mbps as
mandatory rate for AP connection but minimum supported rate in 5 GHz
band is 6 Mbps.

To avoid connection failures in such cases, don't skip updating BSS
table when the BSS frequency is changed. This covers the most important
case addressed in commit ff57398fca ("P2P: Do not drop P2P IEs from
BSS table on non-P2P scans") while still allowing other changes to be
taken into account if the GO were to actually change channels (or band,
which would be the most likely case needing the update).

Signed-off-by: Ainy Kumari <quic_ainykuma@quicinc.com>
2023-11-23 19:56:17 +02:00
Vinayak Yadawad
73b49016f2 Fix references to correct driver capability flag for PSK/OWE offloads
Fix references to the appropriate driver capability drv_flags2. The
initial version used the incorrect drv_flags value and by doing so,
ended up using incorrect driver capabilities (DEAUTH_TX_STATUS,
BSS_SELECT, TDLS_SUPPORT) which could result in incorrect OWE
functionality for both AP and STA cases.

Fixes: d984c7b298 ("hostapd: Add support for OWE offload for STA/AP interface")
Fixes: da364180fb ("hostapd: Support 4-way handshake offload for AP/P2P GO")
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
2023-11-23 11:41:18 +02:00
Jouni Malinen
9b89df7584 WNM: Do not start scan on disassociation imminent if BSSID is set
If the local network profile specifies a specific BSSID, there will not
be an acceptable alternative AP for the current one. As such, there is
not much point in trying to scan and wait for the results to make this
conclusion. Skip the scan and reject the BSS transition management
request even if that ends up getting disassociated from the BSS that
happens the be the only one that the local configuration allows to be
used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2023-11-11 23:44:04 +02:00