Commit graph

9691 commits

Author SHA1 Message Date
Jouni Malinen
9fcc636daf nl80211: Restore libnl3-route inclusion for full VLAN support with netlink
The changes in nl80211 to get rid of the libnl3-route dependency are not
sufficient to fully remove the depency from other parts of the code.
Revert the makefile related changes from that commit to avoid build
issues for cases where CONFIG_FULL_DYNAMIC_VLAN=y and
CONFIG_VLAN_NETLINK=y are used without CONFIG_DRIVER_MACSEC_LINUX=y
pulling in the needed library.

Fixes: a210fdb1c7 ("nl80211: Rewrite neigh code to not depend on libnl3-route")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-04-19 19:04:14 +03:00
Aleti Nageshwar Reddy
61c8cc94fa Add a vendor attribute to configure custom keep-alive interval for STA
Introduce an attribute QCA_WLAN_VENDOR_ATTR_CONFIG_KEEP_ALIVE_INTERVAL
in QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION to configure
station's keep-alive interval to the driver/firmware. This can be used
to resolve kickout issues from APs which kick out STAs before the BSS
maximum idle period expires.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-04-19 18:54:13 +03:00
Veerendranath Jakkam
47d1307d2c Add QCA vendor interface for reporting station info in unicast event
Add a QCA vendor command for registering NL80211_CMD_GET_STATION
response as a unicast event when there is a NL80211_CMD_GET_STATION
request from any userspace module.

The driver will send the unicast events with the same netlink port ID
which is used by userspace application for sending the registration
command. If multiple registration commands are received with different
netlink port IDs, the driver will send unicast event with each netlink
port ID separately.

Userspace application can deregister the unicast events with disable
configuration. The registrations will be removed automatically by the
driver when the corresponding netlink socket is closed.

This will help avoid multiple NL80211_CMD_GET_STATION requests from
different userspace applications in short span. The userspace
application which registers for the unicast event can avoid sending
NL80211_CMD_GET_STATION request again if the response is available with
a recently received unicast event.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-04-19 18:48:24 +03:00
Manaswini Paluri
3c79173c32 Add TWT responder support for AP in HT and VHT modes
Add support for TWT responder for AP operating in HT and VHT modes by
introducing a new configuration parameter ht_vht_twt_responder. When
this is enabled, TWT responder mode support in HT and VHT modes is
enabled if the driver supports this and is disabled otherwise.

Signed-off-by: Manaswini Paluri<quic_mpaluri@quicinc.com>
2024-04-19 18:38:37 +03:00
Manaswini Paluri
54b1df85c6 Add QCA vendor feature flag for TWT responder support in HT and VHT modes
Add a feature flag to indicate driver support for TWT responder for AP
operating in HT and VHT modes.

Signed-off-by: Manaswini Paluri<quic_mpaluri@quicinc.com>
2024-04-19 18:32:11 +03:00
Aditya Kumar Singh
85ea5f3496 nl80211: Send link_id on sta_deauth()
i802_sta_deauth() already has the link_id passed to it in its arguments.
Use that to pass it down to send MLME handler as well.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-16 10:56:05 +03:00
Aditya Kumar Singh
62e0c10193 nl80211: Print the interface name in debug during link add
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-16 10:54:45 +03:00
Aditya Kumar Singh
e8764518bd nl80211: Generate link add command on per-BSS basis for AP MLD
Function nl80211_link_add() created the link add netlink message on drv
basis which in turn always uses the drv's first BSS. To support link add
for various other interfaces, use the per-BSS function to create the
netlink message.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-16 10:53:23 +03:00
Aditya Kumar Singh
16aea07e50 AP MLD: Simplify for_each_mld_link() macro
for_each_mld_link() macro used three nested for loops. Since now the
affliated links are linked together via a linked list, the logic can be
improved by using dl_list_for_each() macro instead which uses one for
loop.

Modify for_each_mld_link() macro to use dl_list_for_each() instead.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-04-16 10:51:24 +03:00
Johannes Berg
d43eb71da7 hostapd: Add support for testing Probe Response frame elements
Add support for additional (vendor) elements to be added
to only Probe Response frames, for testing.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2024-04-16 10:38:00 +03:00
Felix Fietkau
4b755c9672 build: De-duplicate _DIRS before calling mkdir
If the build path is long, the contents of the _DIRS variable can be
very long, since it repeats the same directories very often. In some
cases, this has triggered an "Argument list too long" build error.

Reported-by: Robert Marko <robimarko@gmail.com>
Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:19:42 +03:00
Felix Fietkau
9a44236452 hostapd: Only attempt to set QoS map if supported by the driver
This fixes issues with full-MAC drivers like brcmfmac.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:19:05 +03:00
Felix Fietkau
dec6fccf17 Support qos_map_set without CONFIG_INTERWORKING
This feature is useful on its own even without full interworking
support.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:18:24 +03:00
Felix Fietkau
8634e7343d mesh: Allow processing authentication frames in blocked state
If authentication fails repeatedly, e.g., because of a weak signal, the
link can end up in blocked state. If one of the nodes tries to establish
a link again before it is unblocked on the other side, it will block the
link to that other side. The same happens on the other side when it
unblocks the link. In that scenario, the link never recovers on its own.

To fix this, allow restarting authentication even if the link is in
blocked state, but don't initiate the attempt until the blocked period
is over. This reverts commit 09d96de09e ("mesh: Drop Authentication
frames from BLOCKED STA").

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:14:33 +03:00
Felix Fietkau
a210fdb1c7 nl80211: Rewrite neigh code to not depend on libnl3-route
This removes an unnecessary dependency and also makes the code smaller.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:12:51 +03:00
Felix Fietkau
3ef0579013 ndisc_snoop: Call dl_list_del() before freeing IPv6 addresses
This fixes a segmentation fault on STA disconnect in case IPv6 addresses
where learned for the STA based on snooped neighbor solicication.

Fixes: bd00c4311c ("AP: Add Neighbor Discovery snooping mechanism for Proxy ARP")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:05:00 +03:00
Felix Fietkau
e1cd3fe3cd Cancel channel_list_update_timeout() in hostapd_cleanup_iface_partial()
This fixes a crash when disabling an interface during channel list
update.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:02:03 +03:00
Felix Fietkau
47d7f31693 nl80211: Update drv->ifindex on removing the first BSS
Otherwise it will point at the ifindex of the just removed BSS.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-15 23:00:58 +03:00
Raj Kumar Bhagat
1be706e862 hostapd: Add RRM link measurement request support
RRM link measurement request/report management frames are used to get
the radio link information between the connected stations.

Add new hostapd_cli command req_link_measurement to send an RRM link
measurement request to an associated station. Add support to handle the
link measurement report in hostapd.

RRM link measurement support can be enabled with the following new
configuration parameter:
rrm_link_measurement_report=1

Signed-off-by: Raj Kumar Bhagat <quic_rajkbhag@quicinc.com>
Signed-off-by: Yuvarani V <quic_yuvarani@quicinc.com>
2024-04-15 22:28:55 +03:00
Karthikeyan Kathirvel
92fdb49b2e AP MLD: Set DTIM information properly in per-STA profile
The DTIM information in the per-STA profile is set incorrectly. The DTIM
period is set in the LSB octet of the DTIM Info subfield (2 octets),
which is intended for the DTIM count.

Fix this by setting the DTIM period and DTIM count information properly
to the MSB and LSB octets of the DTIM Info subfield, respectively.

Signed-off-by: Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
Signed-off-by: Govindaraj Saminathan <quic_gsaminat@quicinc.com>
2024-04-15 12:04:01 +03:00
Rajat Soni
36bd75dfd2 hostapd: Fix channel switch to a DFS channel
When we are configuring automatic channel selection, we are not able to
switch to a given DFS channel because when we are trying to move to a
DFS channel, the interface is disabled and enabled again. When the
interface is disabled and enabled we are setting iface's freq and
channel to 0 in setup_interface2() in case ACS is enabled, and now we
don't know to which channel we were trying to move. Now ACS will run and
the interface will be up in the channel that is suitable.

To fix this issue add a flag named is_ch_switch_dfs to check if the
channel switch request is for a DFS channel and we can use this in
setup_interface2() to decide whther we have to set iface's freq and
channel to 0 or not. This way iface's freq and channel will retain the
values while channel switching to a DFS channel when ACS is enabled.

Signed-off-by: Rajat Soni <quic_rajson@quicinc.com>
2024-04-15 11:56:41 +03:00
Chenming Huang
f4b84ecaf7 AP MLD: Track radar detection in offloaded DFS case
Add a new flag radar_detected which is used in the following cases
when setting up a link on a DFS channel while the interface is not yet
enabled:
    1. DFS link received CAC start event
    2. If no radar detected, link setup succeeeds after CAC end
       event is received. Else go to 3.
    3. Radar detected on this link -> set radar_detected bit
    4. CAC end received for the current freq -> Do not setup interface
       as radar already detected. Clear radar_detected bit.
    5. The driver sends channel switch event to switch to another channel
        a. Switch to another DFS channel -> go to 1
        b. Switch to non-DFS channel -> proceed to set up interface

Or when receiving a CAC start event when the interface is already set up:
    1. DFS link already set up successfully
    2. Radar detected on this link -> set radar_detected bit
       a. Switch to DFS channel
           a.1. CAC start -> clear radar_detected bit and partner RNR
           a.2. If radar detected, go to 2.
           a.3. CAC end -> clear radar_detected bit
           a.4. Link enabled successfully
       b. Switch to non-DFS channel
           b.1  No op and the driver handles this

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-04-15 11:38:56 +03:00
Chenming Huang
aaf879ef20 AP MLD: Do not update other links' RNR element if not enabled yet
When one link is still under CAC or disabled, peer links should not
carry the information of this link in the RNR elements.

With this change, the RNR element will be included only if a peer link
is in HAPD_IFACE_ENABLED state.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-04-15 11:38:49 +03:00
Chenming Huang
32261721e1 nl80211: AP MLD: Parse link ID to determine the BSS for radar event
Link ID is more accurate to specify the BSS for a radar event in some
corner cases, e.g., when there is a radar detection event and the driver
then switches to another DFS channel. There will then be two events
coming from the driver (CAC start and channel switch complete). In case
the CAC-start event comes first, hostapd still stores the previous
frequency and cannot find the correct link by calling
nl80211_get_mld_link_by_freq() with the new frequency.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-04-15 11:38:42 +03:00
Chenming Huang
216cfd708d AP MLD: Fix missing check for legacy client case
The AP MLD case missed the "else" branch which handles legacy STA's
disassociation. So this STA's sta_info will not be cleared ever.

Add the "else" check to make sure the sta_info gets cleared.

Fixes: 7ceafb6e9f ("AP MLD: Handle disassociation notification with SME offload to driver")
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-04-15 11:38:42 +03:00
Chenming Huang
d5e6f79988 AP MLD: Request Handle OBSS scan for a specific link
OBSS scan can be required in different links if operating as an AP MLD.
When triggering scan, specify the link ID for the driver to find the
correct link to scan.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-04-12 10:52:19 +03:00
Chenming Huang
c9ad16870b AP MLD: Allow scan processing link to match the request
If the driver provides an identifying cookie value for scan operations,
use that to select which link processes the scan result. This is needed
for OBSS scans that can be required in different links if operating as
an AP MLD.  Distinguish the scans using scan_cookie for QCA vendor scan
events.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-04-12 10:52:19 +03:00
Chenming Huang
9b682e72d9 AP MLD: Find the link that is waiting for scan events
In AP MLD case, HT scan results need to be handled in the link that
triggered this scan. So find the link that has a valid scan_cb to handle
EVENT_SCAN_RESULTS.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-04-12 10:23:27 +03:00
Vinay Gannevaram
147f836924 PASN: Add set and get API for PASN data context
Modules that use libpasn for PASN authentication need the context of
PASN data. PASN data is a common context for the library and the modules
using it. Hence, initialize the context through init and deinit
functions. Also use set and get functions to update the parameters.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-04-06 00:12:54 +03:00
Vinay Gannevaram
ab37a57314 Replace PMKSA cache inline stubs with wrapper function stubs
PMKSA cache API is included in libpasn.so used by external modules,
e.g., Wi-Fi Aware. To avoid dependency on IEEE8021X_EAPOL define for the
external modules at compile time, remove PMKSA cache static inline
functions from the header file and add wrapper function stubs.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-04-06 00:12:52 +03:00
Vinay Gannevaram
ba55088a73 Replace PTKSA cache inline stubs with wrapper function stubs
PTKSA cache API is included in libpasn.so used by external modules,
e.g., Wi-Fi Aware. To avoid dependency on CONFIG_PTKSA_CACHE define for
the external modules at compile time, remove PTKSA cache static inline
functions from the header file and add wrapper function stubs.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-04-05 20:07:32 +03:00
Jouni Malinen
1f230a497a MBSSID: Include Extended Capabilities element in non-TX BSSID profile
Add the Extended Capabilities element for a non-TX BSS into the non-TX
BSSID profile subelement in the Multiple BSSID element if the non-TX BSS
has different extended capabilities than the TX BSS.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-04-04 20:42:59 +03:00
Chenming Huang
37c00c3c5d AP MLD: Provide link addresses for non-AP MLDs in control interface
Add affiliated link addresses for non-AP MLDs in the STA* control
interface commands.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-04-04 18:54:42 +03:00
Purushottam Kushwaha
b818a1be14 Add a QCA vendor attribute to set avoid frequencies per netdev
Add a new attribute QCA_WLAN_VENDOR_ATTR_AVOID_FREQUENCY_IFINDEX
for QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY_EXT subcommand to
apply rules for avoid frequencies on a specific netdev. This is a
32-bit unsigned optional attribute.

Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
2024-04-04 18:39:18 +03:00
Hu Wang
9ac0e785c3 Revert "nl80211: Skip interface down/up when setting MAC address"
This reverts commit bffd2b3994.

Revert this commit to fix a regression when setting up P2P Group Owner
on some old device.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-27 23:01:14 +02:00
Jouni Malinen
a9bc6e89df OpenSSL: Fix a memory leak in CMAC
The OpenSSL 3.0 (or newer) version of omac1_aes_vector() did not free
the EVP_MAC. This resulted in a memory leak that shows up in a bit
strange way in valgrind reports and because of that, was not caught
during automated testing.

Fixes: 0c61f6234f ("OpenSSL: Implement CMAC using the EVP_MAC API")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-27 20:35:25 +02:00
Aditya Kumar Singh
4bc61b6577 AP MLD: Remove restriction of having to disable the first link BSS last
The first link BSS was always disabled last. However, now the first BSS
can be dynamically adjusted. Hence, remove such restriction.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 18:12:39 +02:00
Aditya Kumar Singh
a6d92da9aa AP MLD: Support removal of link station from AP
Whenever ap_free_sta() was called, it deleted the whole station entry
from the kernel as well. However, with MLD stations, there is a
requirement to delete only the link station.

Add support to remove the link station alone from an MLD station. If the
link going to be removed is the association link, the whole station
entry will be removed.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 18:12:39 +02:00
Aditya Kumar Singh
1f88b3daf0 nl80211: Add callback function for removing link STAs
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 18:12:39 +02:00
Aditya Kumar Singh
19e50f8627 Export hostapd_sta_is_link_sta()
This functionality can be shared with other files as well.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 18:12:39 +02:00
Aditya Kumar Singh
df34c2ced3 AP MLD: De-initialize/disable link BSS properly
When the first link BSS of an interface was de-initialized/disabled, the
whole MLD was brought down. All other links were stopped beaconing and
links were removed. And if the non-first link BSS was
de-initialized/disabled, nothing happened. Even beaconing was not
stopped which is wrong.

Fix this by properly bringing down the intended link alone from the
interface.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 18:12:39 +02:00
Aditya Kumar Singh
63982fd094 nl80211: Print the MLD capabilities in debug
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 18:12:39 +02:00
Aditya Kumar Singh
9fdbaf2ed6 AP MLD: Fix advertisement of MLD capabilities
Previously, hostapd directly advertised the MLD capabilities received
from the driver. Since this information is exchanged during
initialization time only, the driver will advertise the maximum
supported values. hostapd should parse it and then based on the current
situation fill the values accordingly.

For example, the maximum number of simultaneous links is supposed to be
a value between 0 and 14, which is the number of affiliated APs minus 1.
The driver advertises this value as 5 and hostapd, irrespective of the
current active links, puts 5 in the frames.

Fix this by parsing the value from the driver capabilities and then
using the values as per the current situation of the links. The
advertised values will be used as the upper limit.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 18:12:39 +02:00
Aditya Kumar Singh
7a0501d20d AP MLD: Refresh beacons for other links when one gets disabled/enabled
If one or more BSS from the interface is partnering with BSSs from
another interface and if this interface gets disabled, the Beacon frames
need to be refreshed for other interfaces. Similar thing should happen
when it gets enabled.

Add logic to refresh other interface Beacon frames when one of the
interfaces is disabled or enabled.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 18:12:39 +02:00
Aditya Kumar Singh
d2b62b3fe5 AP MLD: Support link removal before removing interface
Previously, whenever if_remove() was called, the whole interface was
deleted. In an AP MLD, all partner BSS use the same driver private
context and hence removing the interface when only one of the links goes
down should be avoided.

Add a helper function to remove a link first whenever if_remove() is
called. Later while handling it, if the number of active links goes to
0, if_remove() would be called to clean up the interface.

This helper function will be used later when co-hosted AP MLD support is
added and as well later during ML reconfiguration support.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 18:12:39 +02:00
Aditya Kumar Singh
55c30e8aba nl80211: Remove AP MLD links while removing the interface
When the interface was removed, the added links were not removed. While
removing the interface, kernel has removed the stale links but hostapd
has not. This is wrong since hostapd should remove and do the clean ups
properly while removing the interface.

Hence, remove the links when interface is removed.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 18:12:39 +02:00
Aditya Kumar Singh
a576180cd8 nl80211: Use per-BSS command for remove link
Construct the nl80211 remove link command using the per-BSS approach
instead of per-driver (drv->first_bss).

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 18:12:39 +02:00
Aditya Kumar Singh
b162886fd0 nl80211: Re-factor nl80211_remove_links() function
nl80211_remove_links() iterated over all active links in the given BSS
and removed all of them. However, at times it is required to remove only
one link and not all links.

Add a helper function nl80211_remove_link() which will remove just the
given link_id from the passed BSS. nl80211_remove_links() will use this
and will call this for each of the active links to be removed.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 18:12:39 +02:00
Aditya Kumar Singh
b810426eaa nl80211: Remove redundant put_freq call in set_ap() for AP MLD
wpa_driver_nl80211_set_ap() called nl80211_put_freq_params() twice if AP
is an AP MLD. It called once while putting the MLO link ID and the other
time in the normal flow if frequency info is present. Doing this twice
is not required.

Call put_freq once during the normal flow only and separately of that,
add the link ID for AP MLD.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 18:12:39 +02:00
Jouni Malinen
4200657338 nl80211: Fix set_ap() to add frequency without CONFIG_IEEE80211AX
This call was added within a conditional CONFIG_IEEE80211AX block even
though this can apply without that build option. Move this outside that
conditional block.

Fixes: b3921db426 ("nl80211: Add frequency info in start AP command")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-27 18:12:39 +02:00
Aditya Kumar Singh
f2f0dd354f nl80211: Cache hostapd_data context in per link BSS struct for AP MLD
Cache the corresponding hostapd_data struct context into the link entry
within the driver wrapper. This will be useful for driver events
callback processing.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 18:12:39 +02:00
Aditya Kumar Singh
60e1dca1ef AP MLD: Clean up MLD when not required any further
Currently, whenever a new BSS is created, if it is an EHT BSS it is tied
to a corresponding MLD structure. If the structure does not exist
already, a new one is created and tied to it. Accordingly, the link ID
is assigned as well. However, when the BSS is deleted, the MLD structure
is not freed and when it is again created the next time, the link ID is
incremented further and the BSS gets a wrong link ID.

For example, 2.4 GHz single link AP MLD case: First ADD, link ID 0 would
be assigned and MLD interface wlan0 would be created. When REMOVE is
issued, the BSS would be deleted but MLD wlan0 will not. When ADD is
issued again, the BSS will tie back to MLD wlan0 but this time the link
ID will be incremented again and 1 would be assigned. Hence, at
subsequent REMOVE/ADD, the link ID keeps on incrementing.

Since the link ID remains same for the full lifetime of the BSS and MLD,
the next link ID counter cannot be just reset back to 0 when a BSS is
deleted. Otherwise, in interleaved link enable/disable case, the link ID
would be changed.

To overcome this situation, whenever a BSS is deleted, if the MLD is not
referenced by any other existing BSS, delete the MLD structure itself.

To know how many BSSs are referring a given MLD, introduce a new member
refcount in MLD. If the value is 0 it is safe to delete the MLD.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 18:12:36 +02:00
Aditya Kumar Singh
fac34688ad AP MLD: Assign link ID during BSS creation
Link ID was assigned when BSS is going through setup and the driver
interface init. Later if interface is disabled and enabled again, setup
BSS is called which will give a new link ID to it. However, Link ID
should be same for a BSS affliated to an AP MLD for the full lifetime of
the BSS.

Hence, assign the link ID during BSS creation itself. And it will remain
until BSS entry is completely freed. Hence, link ID will not change as
part of disable/enable.

Also, since link ID would be decided now, it will help in creating link
level control sockets in a subsequent patch.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 11:15:33 +02:00
Aditya Kumar Singh
b19aa9c422 AP MLD: Use MLD struct for MLD level information
MLD level structure is present to store the MLD level information.

Add changes to use the MLD structure instead of link specific struct
hostapd_data to get/set the MLD level information.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 11:15:19 +02:00
Aditya Kumar Singh
2f0e5303e8 AP MLD: Add a separate MLD level structure
MLD level information like MLD MAC address, next link ID, etc. was
stored in each BSS. However, only the first link BSS assigns values to
these members and the other link BSSs store references to the first BSS.
However, if the first BSS is disabled, the first BSS reference in all
BSS should be updated which is an overhead. Also, this does not seem to
scale.

Instead, a separate MLD level structure can be maintained which can
store all this ML related information. All affiliated link BSSs can keep
reference to this MLD structure.

This commit adds that MLD level structure. However, assigning values to
it and using that instead of BSS level members will be done in
subsequent commits.

Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-27 11:15:10 +02:00
Sriram R
259b43a31a hostapd: MLO: Avoid use of mld_id as user configuration
mld_id was provided as a user configuration to identify partner BSS
belonging to the same AP MLD. The same id is used at the protocol level
also to indicate the AP MLD ID of the MLD.

But, in general mld_id is a relative reference of the MLD where 0 is
used as the mld_id to represent the self MLD and in case of MLO MBSSID
mld_id of a non transmitted BSS affiliated to an AP MLD is based on the
relative BSS index of the non transmitted BSS from the transmitted BSS.
Hence mld_id need not be fetched from users, rather it can be identified
wherever required.

To verify if the partners belong to the same AP MLD the interface name
can be checked, since all link BSS partners of the same AP MLD belong to
the same interface.

Hence, remove use of mld_id user config and instead introduce two
functions hostapd_is_ml_partner() and hostapd_get_mld_id(). The former
is used to verify whether partners belong to the same AP MLD and the
latter is used to get the MLD ID of the BSS.

Signed-off-by: Sriram R <quic_srirrama@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
2024-03-26 20:16:59 +02:00
Karthikeyan Kathirvel
69d53b8b6b nl80211: Fix potential NULL pointer dereference in set_ap()
In the code review, it was found that param->freq is accessed without
NULL check in wpa_driver_nl80211_set_ap(), while in other sections of
the code, freq is accessed only after NULL validation. This situation
could result in a segmentation fault at least in theory.

Add a NULL check for freq before accessing it to be consistent with the
other uses.

Fixes: 0c6c948047 ("nl80211: Support setting up an AP on a specified link")
Signed-off-by: Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
2024-03-26 19:14:48 +02:00
Chenming Huang
9be122d2e0 nl80211: Fix AP MLD frequency update on channel switch
mlme_event() calls nl80211_get_link_id_by_freq() to determine the link
to handle reported events. However, in channel switch event it is always
setting freq to the default link that leads to the issue that all other
events that go to mlme_event() will be handled in the default link.

Fix this by setting freq to the correct link specified by the link ID
when processing the event for a completed channel switch.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-03-26 17:46:33 +02:00
Nikita Chernikov
9144f876a5 nl80211: Fix sending NL80211_CMD_DEL_BEACON command to wrong interface
The NL80211_CMD_DEL_BEACON command was always sent to the main interface
of the radio instead of the desired BSS interface, e.g., when sending a
STOP_AP control interface command from upper layer.

Signed-off-by: Nikita Chernikov <nchernikov@maxlinear.com>
2024-03-23 22:08:15 +02:00
Shailendra Singh
c24453dd93 Add a vendor attribute per MLO link ratemask bitmap configuration
Define attribute QCA_WLAN_VENDOR_ATTR_RATEMASK_PARAMS_LINK_ID in
enum qca_wlan_vendor_attr_ratemask_params to configure ratemask
per MLO link. If the attribute is not provided, ratemask will be
applied for setup link.

Signed-off-by: Shailendra Singh <quic_shasing@quicinc.com>
2024-03-20 23:41:03 +02:00
Shailendra Singh
77f39ed23b Document vendor command ratemask bitmap for EHT case
In addition, update the comment on the number of bits used with HE to
match the defined bits.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-20 23:37:38 +02:00
Nagasai Bharat Gatkeshwar Sainoji
58017de69d Add QCA vendor sub-command and attribute for spectral scan completion
Add a new QCA vendor sub-command
QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_COMPLETE which will be used as a
netlink event to indicate the completion of a spectral scan request.
This event can also be sent incase of the spectral scan request timeout.

To be able to configure the timeout the value, add a new vendor
attribute QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_COMPLETION_TIMEOUT in
enum qca_wlan_vendor_attr_spectral_scan.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-20 23:36:46 +02:00
Nagasai Bharat Gatkeshwar Sainoji
8f9da72d2e Add QCA vendor attribute indicating the spectral transport mode
Add a vendor attribute QCA_WLAN_VENDOR_ATTR_SPECTRAL_DATA_TRANSPORT_MODE
to indicate the current spectral data transport mechanism to be used to
get spectral scan samples from the driver to userspace.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-20 23:35:33 +02:00
Jouni Malinen
5b4a78b1f9 Optimize internal BSS table updates based on a specific BSSID
When wpa_supplicant needed to update the internal BSS table with the
latest scan results from the driver, it fetched all BSSs and processed
them all. This is unnecessary for cases where an update is needed only
for a specific BSS. Optimize this by filtering out the unnecessary
entries from the results.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-20 12:00:46 +02:00
Manoj Sekar
024d4bca13 Multi-AP: WPS support for different Multi-AP profiles
Update EAP-WSC parameters to include Multi-AP profile info to pass the
profile information through the provisioning steps. This is needed for
provisioning the STA configuration when different profiles are used.

Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
2024-03-19 19:24:29 +02:00
Manoj Sekar
69d0862989 Multi-AP: Add support for VLAN related information
Add support to fill "multi_ap_vlanid" info to the hostapd config file.
Add the Multi-AP Default 802.1Q Setting subelement into Multi-AP element
generating and parsing.

Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
2024-03-19 19:20:51 +02:00
Manoj Sekar
210c2b4bd7 Multi-AP: Add hostapd config option to disallow certain profiles
Add a new config option "multi_ap_client_disallow" to control allowing
backhaul STA with certain profiles alone to associate. This is done to
adhere to Wi-Fi EasyMesh specification which defined rules to
allow/disallow association of backhaul STA of certain profiles.

Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
2024-03-19 19:11:27 +02:00
Manoj Sekar
9a1512532e Multi-AP: Reject non-Multi-AP STA association on backhaul-only BSS
Do not allow non-Multi-AP STAs to associate with a BSS that is
configured as a backhaul-only.

Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
2024-03-19 18:57:38 +02:00
Manoj Sekar
420afbdbdf Multi-AP: Allow supported profile to be configured
Allow both hostapd and wpa_supplicant to be configured with the
supported Multi-AP profile. The configured value will be advertised in
the Multi-AP element.

Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
2024-03-19 18:57:35 +02:00
Manoj Sekar
c3e5286537 Multi-AP: Parse Profile subelement
Parse the indicate profile support for the Multi-AP Profile subelement.

Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
2024-03-19 18:55:14 +02:00
Manoj Sekar
0034112429 Multi-AP: Generation of Multi-AP Profile subelement
Add support for including the Multi-AP Profile subelement into the
Multi-AP element.

Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
2024-03-19 18:53:45 +02:00
Manoj Sekar
364cb7c943 Multi-AP: Parse the Multi-AP element using a shared helper function
This makes it more convenient to handle extensions to the element and
allows code to be shared between hostapd and wpa_supplicant.

Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
2024-03-19 18:53:42 +02:00
Jouni Malinen
0e2ca2e4e2 Multi-AP: Use proper length for remaining buffer for the element
Replace the hardcoded buffer length with the actually number of
remaining bytes on the buffer. This is needed to be able to do real
buffer size validation within add_multi_ap_ie().

Furthermore, make hostapd_eid_multi_ap() static since it is not used
outside this file.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-19 16:45:41 +02:00
Manoj Sekar
61e46f860c Multi-AP: Move IE parameters into a struct for extensibility
This makes it easier to extend the information that is encoded in the
Multi-AP element.

Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
2024-03-19 16:40:13 +02:00
Chien Wong
a438e52933 OpenSSL: Fix a memory leak on hpke_labeled_expand() error path
Fixes: 786ea402bc ("HPKE base mode with single-shot API")
Signed-off-by: Chien Wong <m@xv97.com>
2024-03-08 10:43:52 +02:00
Chien Wong
b35b1036fe OpenSSL: Fix a memory leak on openssl_evp_pkey_ec_prime_len() error path
Fixes: b700a56e14 ("OpenSSL 3.0: Determine the prime length for an EC key group using EVP_PKEY")
Signed-off-by: Chien Wong <m@xv97.com>
2024-03-08 10:43:39 +02:00
Evan Benn
35df7ee09e DPP: Emit a DPP PB_STATUS event when push button starts
To implement an action script that listens for DPP push button events
and for example blinks a LED it is useful to know when push button has
started. Emit an event when push button starts.

Signed-off-by: Evan Benn <evan.benn@morsemicro.com>
2024-03-08 10:37:28 +02:00
Jouni Malinen
69dd408fb8 EHT: More accurate no-second-channel-offset checks when puncturing
This is needed to allow some cases where puncturing prevents HT/VHT/HE
from using the full channel bandwidth.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-08 10:20:28 +02:00
Jouni Malinen
131ee59266 EHT: Support punct_bitmap overriding in HE element generation
This was already added for VHT, but a similar change is needed for HE as
well.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-08 10:13:12 +02:00
Jouni Malinen
c96c3adc36 Move punct_update_legacy_bw() into src/common
This function is needed for more common operations so move it to a more
suitable location.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-08 10:13:12 +02:00
Jouni Malinen
9f43c1e26b Provide punct_bitmap to hostapd_set_freq_params()
This is needed to be able to check validity of the channel parameters
for cases where EHT puncturing impacts what can be enabled for
HT/VHT/HE.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-08 10:01:30 +02:00
Jouni Malinen
47dad1ed16 EHT: Move puncturing bitmap determination into a helper function
Avoid duplicated implementation for this by using a shared helper
function.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-08 10:00:35 +02:00
Jouni Malinen
010d8d10ed EHT: Use eht_oper_puncturing_override when constructing VHT elements
The testing functionality for overriding EHT puncturing bitmap was
applied only for the EHT elements. The mac80211 has been updated to
enforce compartibility between EHT and HT/VHT information and that made
the related test cases fail. Apply the override value for VHT element
generation to avoid some of those issues.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-06 22:34:57 +02:00
Jouni Malinen
9e90486bce 2-octet operating classes in Support Operating Classes element
A previous workaround was used to move the special operating class 130
to the end of the Supported Operating Classes element to avoid getting
any following entry being ignored or misunderstood. That is not really
the correct way of encoding the special cases, i.e., 80+80 MHz channels
that use two nonadjacent frequency segments.

Add support for encoding the 80+80 MHz channel with the 2-octet
operating class design using the Operating Class Duple sequence field of
the Supported Operating Classes element instead of listing the operating
classes that have the 80+ behavior limit set indication in Table E-4
(i.e., opclass 130 and 135) as 1-octet operating classes in the
Operating Classes field.

Fixes: a92660a00e ("Work around Supported Operating Classes element issues for 6 GHz")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-03-05 16:24:35 +02:00
Ainy Kumari
5dabc10185 Extend support for the 6 GHz operating class 137 (320 MHz)
Commit 085a3fc76e ("EHT: Add 320 channel width support") added this in
various places, but it did not cover everything. Extend this support to
be more complete. In particular, this allows wpa_supplicant to report
the operating class 137 in the Supported Operating Classes element and
to use it when processing beacon requests.

Signed-off-by: Ainy Kumari <quic_ainykuma@quicinc.com>
2024-03-04 19:20:03 +02:00
Ainy Kumari
e74d95e0aa nl80211: Process 6 GHz regulatory rules to accurate channel flags
This is needed to be able to indicate all supported operating classes.

Signed-off-by: Ainy Kumari <quic_ainykuma@quicinc.com>
2024-03-04 19:20:03 +02:00
Jouni Malinen
59951ebf09 Use a helper function to free neighbor DB entries
There is no need to duplicate this code in multiple locations.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-03 21:33:46 +02:00
Jouni Malinen
96f0af07e6 Clear all neighbor entry items explicitly
Do not leave some of the variables to their previously used values when
a neighbor entry is cleared.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-03 21:33:46 +02:00
Nikita Chernikov
6f285fbafc Update own report in nr_db if SSID is changed
short_ssid in the own neighbor report might get out of sync, causing
advertising RNR element based on the old SSID, when SSID is changed
either with control interface command SET or with SIGHUP. Therefore,
sync the own report entry by removing the old entry and setting own
report again if the short SSID value has changed.

Signed-off-by: Nikita Chernikov <nchernikov@maxlinear.com>
2024-03-03 21:33:46 +02:00
Michael-CY Lee
b653420a23 AP MLD: Set link address only when non-AP MLD is not added to driver
Once the non-AP MLD is added to the driver, the driver handles the
address translation so that hostapd receives Management frames with
SA/DA being translated into MLD MAC addresses.

If the Authentication frmae is retransmitted with transaction being 1,
SA of the retransmitted Authentication frame is translated into the MLD
MAC address by the driver, and then in the function handle_auth(),
sta->mld_info.links[].peer_addr would be replaced by the MLD MAC address
even though it is supposed to be the link address.

Therefore, update the MLD information only when the STA has not yet been
added into the driver to avoid replacing the previously determined link
address with the MLD MAC address.

Fixes: bcbe80a66 ("AP: MLO: Handle Multi-Link element during authentication")
Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
2024-03-03 21:33:46 +02:00
Janusz Dziedzic
b483ceafc4 hostapd: Dump VHT/HE/EHT full capabilities in STA command output
Show full VHT/HE/EHT capabilities for connected stations.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
2024-03-03 20:07:41 +02:00
Jouni Malinen
040ba112aa Use os_snprintf_error() more consistently in STA output generation
In theory, os_snprintf() could return a negative value and as such,
os_snprintf_error() should be used in all cases where the buffer might
not be large enough.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-03 20:01:27 +02:00
Jouni Malinen
963dbad7dc nl80211: Indicate EVENT_TX_WAIT_EXPIRE on match-saved
The event indicating expiration of an offchannel TX is useful for cases
where the wait is for a frame that was explicitly requested to have the
pending cookie to be saved.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-02 19:39:49 +02:00
Benjamin Berg
e90f6678f1 nl80211: Remnove unused struct i802_link ctx
This was never used.

Fixes: 47269be36e ("nl80211: Refactor i802_bss to support multiple links")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-03-02 12:01:33 +02:00
Benjamin Berg
0d4288a005 nl80211: Use valid_links bitmask for bss->links array
Most places in the codebase use a valid_links bitmask with an array.
Switch the bss->links array to use the same design with the Link ID
being used as the array index instead of having a link_id inside.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-03-02 11:59:16 +02:00
Jouni Malinen
9ed51186e8 Use a single define MAX_NUM_MLD_LINKS for the maximum number of links
There is no need to maintain a separate MAX_NUM_MLO_LINKS define for
practically the same thing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-03-02 11:25:20 +02:00
Benjamin Berg
dbdf7ef679 Use for_each_link() in most cases
This was done using the below semantic patch. There are a few more
places that were missed due to variable declarations or additional
checks in the for loop.

@@
iterator name for_each_link;
identifier max_links =~ "MAX_NUM_MLD_LINKS|MAX_NUM_MLO_LINKS";
expression links;
expression further_tests;
identifier i;
statement stmt;
@@
-for (i = 0; i < max_links; i++)
+for_each_link(links, i)
 {
(
-  if (!(links & BIT(i)))
-    continue;
   ...
|
-  if (!(links & BIT(i)) || further_tests)
+  if (further_tests)
     continue;
   ...
|
-  if (further_tests || !(links & BIT(i)))
+  if (further_tests)
     continue;
   ...
|
-  if (links & BIT(i))
     stmt
|
-  if (further_tests && (links & BIT(i)))
+  if (further_tests)
     stmt
|
-  if ((links & BIT(i)) && further_tests)
+  if (further_tests)
     stmt
)
 }

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-03-02 11:11:12 +02:00
Benjamin Berg
c9f8fe0664 common: Introduce for_each_link() macro
This is a simple macro iterating the given bitmask using the given
variable. Having the macro avoids the for loop-continuation making it
more readable overall.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-03-02 11:02:54 +02:00
Benjamin Berg
6cb421c1fa nl80211: Fix link indexing in nl80211_connect_common()
In some places the wrong index variable was used to access the link
configuration. Fix this by simply using link_id instead of i.

With this, the i loop variable is not needed anymore. We can simply
always pass 0 to nla_nest_start(). Also, the kernel does not care about
the order that the links are provides, so just remove the special
handling for the association link.

Fixes: a2c4c0b1b6 ("nl80211: Support MLD association request")
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-03-02 10:59:02 +02:00
Ilan Peer
408a399aa4 nl80211: Explicitly differentiate between 5 GHz and 6 GHz modes
When a device supports both the 5 GHz band and the 6 GHz band,
these are reported as two separate modes, both with mode set to
HOSTAPD_MODE_IEEE80211A. However, as these are different modes,
each with its own characteristics, e.g., rates, capabilities etc.,
specifically differentiate between them by adding a flag to indicate
whether the mode describes a 6 GHz band capabilities or not.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
2024-03-02 10:53:19 +02:00
Sunil Ravi
dbcf9ff156 P2P: Notify the IP address of the connected P2P Client
When wpa_supplicant assigns the IP address (WFA EAPOL IP address
allocation feature), the assigned IP address of the P2P Client on the GO
side is notified in the AP-STA-CONNECTED event. So to obtain the IP info
to external programs, modify the STA authorized event to include the the
assigned IP address of the P2P Client.

Test: Establish P2P connection and verified from the logs that
      the P2P Client IP address is notified.
Signed-off-by: Sunil Ravi <sunilravi@google.com>
2024-03-01 20:36:41 +02:00
Chenming Huang
8cdb0d3f24 AP MLD: Stop AP per link
For AP MLD cases, the link id is required to determine the correct link
to stop in the stop_ap() driver op.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-02-28 22:32:09 +02:00
Jouni Malinen
d084ef36b3 AP MLD: Clean up disassoc handling for non-AP MLD link validity check
The check for the non-AP MLD link being valid can be done one level
outside the loop that tries to find a matching AP link.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-28 22:17:57 +02:00
Chenming Huang
7ceafb6e9f AP MLD: Handle disassociation notification with SME offload to driver
For non-AP MLDs, clear STA entry from all affiliated links.

For legacy non-MLO case, find association link to clear the STA entry.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-02-28 22:17:52 +02:00
Jouni Malinen
95a825bc43 RADIUS: Preliminary support RADIUS/TLS as an alternative to RADIUS/UDP
This adds initial parts for RADIUS/TLS support in the RADIUS client.
This can be used with eapol_test and hostapd. This functionality is not
included by default and CONFIG_RADIUS_TLS=y in .config can be used to
enable it.

This version does not yet include all the needed functionality for TLS
validation and the rules for dropping a TCP connection based on invalid
RADIUS attributes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-02-25 20:54:14 +02:00
Jouni Malinen
87f33c26b9 RADIUS: Simplify IPv4/IPv6 socket handling in client
There is only one connection in use in parallel to a RADIUS
authentication server (and similarly to a RADIUS accounting server). As
such, there is not really any need to maintain separate open IPv4 and
IPv6 sockets. Instead, open the socket for the appropriate IP version
only when actually connecting to a specific server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-02-25 18:10:05 +02:00
Jouni Malinen
971b781479 RADIUS: Simplify radius_change_server() parameters
There is no need for passing the sock and sock6 parameters separately
since they were always the same values for auth == 0 or auth == 1 cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-02-25 17:25:15 +02:00
Jouni Malinen
3386e1327e l2_packet_freebsd: Fix macOS build
ETHER_VLAN_ENCAP_LEN does not seem to be defined in macOS
net/ethernet.h, so define that, if needed, to avoid build issues.

Fixes: 5b21f4861c ("l2_packet_freebsd: Enable receiving priority tagged (VID=0) frames")
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-02-24 18:29:57 +02:00
Kiran Kumar Lokere
86c2421711 TDLS: Defer the start request until the discovery response RX for MLO
When the station (non-AP MLD) is associated with an AP MLD the link ID
for TDLS setup is derived from the discovery response frame and the link
ID is used in TDLS setup operation when acting as initiator. The driver
sends the received discovery response frame followed by the TDLS setup
request event. But the discovery response frame is received after the
setup request event leading to use incorrect link ID value for TDLS
setup operation causing the setup failure. Process the TDLS setup
request if the discovery response frame is received, else defer the
process until the discovery response frame is received and process the
setup request after discovery response frame is processed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-18 11:24:29 +02:00
Haribabu Krishnasamy
352ad5f1a2 Apply CHAN_SWITCH in all BSS for MBSSID case
When the CHAN_SWITCH command is executed during multi BSSID case (say
BSS1, BSS2, and BSS3), if one of the BSS is disabled (say BSS2), the
CHAN_SWITCH command returns an error in BSS2 and does not proceed to the
next BSS (BSS3).

The CHAN_SWITCH command handler iterates over all configured BSSs and
attempts to send the switch_channel to each one. However, if any one of
the BSSs fails, the entire command is aborted and returns a failure.

Continue the iteration even if one BSS is failing to make sure the
configuration is applied to other BSSs.

Signed-off-by: Haribabu Krishnasamy <quic_hkr@quicinc.com>
2024-02-18 11:09:40 +02:00
mukul sharma
87120a5b6e Add QCA_NL80211_VENDOR_SUBCMD_ADJUST_TX_POWER command
During high battery voltage scenario, higher MCS data rate leads to poor
EVM accuracy which causes poor user experience. Hence to provide better
user experience, EVM accuracy needs to be improved by adjusting TX power
for MCS rate of specific band/radio chain. To achieve this, add a new
vendor command to configure required parameters in the WLAN driver.

Signed-off-by: Mukul Sharma <quic_mukul@quicinc.com>
2024-02-16 19:37:47 +02:00
Veerendranath Jakkam
fe82a61efa Add QCA vendor attribute for BTM support configuration
Add a vendor attribute to configure BTM support in STA mode.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-02-16 19:27:07 +02:00
Jouni Malinen
3a5d1a7e6d NAN: USD in hostapd
Add hostapd support for interacting with the NAN discovery engine to
allow single-channel (i.e., the AP's operating channel) USD as Publisher
or Subscriber.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-15 19:54:17 +02:00
Jouni Malinen
e3f9ab3c3a NAN: USD in wpa_supplicant
Add wpa_supplicant support for interacting with the NAN discovery engine
to allow USD as Publisher or Subscriber.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-15 19:54:17 +02:00
Jouni Malinen
9eb0bc1f0a NAN: Unsynchronized service discovery (USD)
Add NAN discovery engine and wpa_supplicant interface to use it for the
subset of NAN functionality that is needed for USD.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-15 19:54:14 +02:00
Jouni Malinen
f2ea8791c0 NAN: Protocol definitions
Add NAN protocol definitions that are needed for USD based on Wi-Fi
Aware specification v4.0.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-15 11:36:09 +02:00
Jouni Malinen
4f557c5947 Add os_reltime helpers to work with milliseconds
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-15 11:36:09 +02:00
Jouni Malinen
0b5d370c00 DPP: Fix DPP Action frame check for EVENT_RX_MGMT events
This was missing a check for the Category field and could have matched
other Action frames than Public Action frames.

Fixes: 9c2b8204e6 ("DPP: Integration for hostapd")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-14 01:01:07 +02:00
Jouni Malinen
8fa52a7974 FT: Allow wpa_supplicant to be configured to prepend PMKR1Name
The standard is somewhat unclear on whether the PMKIDs used in
(Re)Association Request frame (i.e., potential PMKIDs that could be used
for PMKSA caching during the initial mobility domain association) are to
be retained or removed when generating EAPOL-Key msg 2/4.

wpa_supplicant has replaced the PMKID List contents from (Re)Association
Request frame with PMKR1Name when generating EAPOL-Key msg 2/4 for FT.
Allow it to be configured (ft_prepend_pmkid=1) to prepend the PMKR1Name
without removing the PMKIDs from (Re)Association Request frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-02-03 20:58:01 +02:00
Jouni Malinen
9929426b92 FT: Allow PMKIDs from AssocReq to be in EAPOL-Key msg 2/4
The standard is somewhat unclear on whether the PMKIDs used in
(Re)Association Request frame (i.e., potential PMKIDs that could be used
for PMKSA caching during the initial mobility domain association) are to
be retained or removed when generating EAPOL-Key msg 2/4.

hostapd used to require that only the PMKR1Name is included in the PMKID
List of RSNE in EAPOL-Key msg 2/4. Extend this to allow the PMKIDs that
were included in the (Re)Association Request frame to be present as long
as the correct PMKR1Name is also present. This would allow PMKSA caching
to be used in initial mobility domain association with supplicant
implementations that insert the PMKR1Name without removing the PMKIDs
used in the (Re)Association Request frame. wpa_supplicant did not use to
that, but other implementations might.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-02-03 20:43:24 +02:00
Chenming Huang
5603899976 AP MLD: Handle EAPOL only on the association link
For some implementation, there is no link id in EAPOL event, e.g., use
drv_event_eapol_rx for receiving. Current design for such case is switch
to a link that stores the peer. However, this is error-prone because for
non-AP MLD case, sta_info is stored in all valid links but EAPOL sm is
only initialized in the association link. If EAPOL RX event is handled
in a non-association link, it will be discarded and this leads to EAPOL
timeout.

So find the association link to handle received EAPOL frame in such
case. This replaces the previously used workaround for RSN/wpa_sm for
the no link id specified case.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-02-02 23:01:57 +02:00
Chenming Huang
7ba039ba11 AP MLD: Do not allow disabling first interface affiliated with an AP MLD
Disabling the first interface calls hapd_deinit(), which causes some
issues, e.g., failure when trying to disable other interfaces due to
NULL drv_priv.

So check that all other interfaces are already disabled before disable
the first interface.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-02-02 22:54:44 +02:00
Chenming Huang
03e89de47b AP MLD: Process link info when handling new STA event with driver SME
When association is handled in hostapd, a non-AP MLD's info is stored in
all valid links. This should be the same when SME is offloaded to the
driver.

Also skip some operations that are already done by the driver
when SME is offloaded.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-02-02 20:06:49 +02:00
Jouni Malinen
d3d59967af Handle both HT40+ and HT40- allowed consistently in channel check
Return the result from the first hostapd_is_usable_chan() call instead
of the following attempts in case of ht40_plus_minus_allowed to have
consistent behavior with the case where only one option is specified.
This allows the fallback to 20 MHz to work in additional cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-02 17:50:40 +02:00
Chenming Huang
e650fa4d79 ACS: Handle ACS channel selected event in specified link
When ACS offloaded to the driver, the channel selected event carries
link id to specify the link if operating as AP MLD.

Find the specified link to handle this event.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-02-02 10:48:10 +02:00
Chenming Huang
0e91a86ec5 ACS: Add link id if operating as an AP MLD
ACS is triggered per link, so link id is needed for the driver to handle
when the ACS operation is offloaded.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-02-02 10:44:46 +02:00
Harish Rachakonda
f972420e82 AP MLD: Fix AID allocation for legacy STA
Currently, AID is not allocated properly in hostapd for legacy non-MLD
STA in case of an AP MLD. All such stations have same AID.

Fix this issue by allocating AID properly in hostapd when operating as
an AP MLD and the STA is not an MLD.

Fixes: d924be3bd0 ("AP: AID allocation for MLD")
Signed-off-by: Harish Rachakonda <quic_rachakon@quicinc.com>
2024-01-30 11:50:21 +02:00
Muna Sinada
fe36750b39 Add QCA vendor command to disassociate with peer
This is an event indicating to the user space to disassociate with
peer based on the peer MAC address provided.

Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
2024-01-29 18:51:44 +02:00
Jouni Malinen
9fe2970ff6 OpenSSL: Use library functions for HPKE when possible
OpenSSL 3.2 added support for HPKE. Use that implementation when
possible. At least for now, the internal version needs to be included as
well to be able to cover the special DPP use case with brainpool curves.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 20:18:07 +02:00
Jouni Malinen
14c5f401f0 Remove forgotted STAKey related functionality in EAPOL-Key Request
The use of a MAC KDE in the Key Data field of an EAPOL-Key Request frame
was only for the STAKey handshake. That handshake was implemented in
2005 as an experimental functionality and it was then removed in 2006.
However, this part of the functionality was forgotten. This does not do
anything in practice, so simplify the implementation and remove it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 19:15:08 +02:00
Jouni Malinen
3f60fcdd88 FILS: Fix EAPOL-Key request generation
The Encrypted Key Data field need to be set to 1 whenever using an AEAD
cipher. Without this, the Authenticator would discard the EAPOL-Key
request frame when using FILS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 18:56:47 +02:00
Jouni Malinen
b27086e6eb Discard EAPOL-Key request without Secure=1
EAPOL-Key request is accepted only if the MIC has been verified, so PTK
must have already been derived and Secure=1 needs to be used. Check the
Secure bit explicitly for completeness even though the MIC verification
is already taking care of validating that the sender is in the
possession of valid keys.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 18:41:06 +02:00
Jouni Malinen
0967940885 Discard EAPOL-Key Request frames during 4-way handshake
While the Authenticator state machine conditions are already checking
for sm->EAPOLKeyRequest, it seems clearer to explicitly discard any
EAPOL-Key Request frame that is received unexpectedly during a 4-way
handshake.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 18:32:03 +02:00
Jouni Malinen
8037c1ad61 Move Key Replay Counter checks for EAPOL-Key frames to helper functions
This simplifies wpa_receive().

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:38:45 +02:00
Jouni Malinen
2c6147404e Check Key Descriptor Version value earlier in the process
There is no need to try to process the EAPOL-Key frame if it has an
unexpected Key Descriptor Version value. Move these checks to happen
earlier in the sequence. In adition, use a separate helper function for
this to simplify wpa_receive() a bit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:26:16 +02:00
Jouni Malinen
bd1e078996 Reject undefined Key Descriptor Version values explicitly
Check that the EAPOL-Key frame Key Descriptor Version value is one of
the defined values explicitly instead of failing to process the Key Data
field later (or end up ignoring the unexpected value if no processing of
Key Data is needed).

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:22:47 +02:00
Jouni Malinen
fff69bba10 Use more generic checks for Key Descriptor Version 2 and 3
IEEE Std 802.11-2020 describes the rule based on not-TKIP for value 2
and no pairwise cipher condition on value 3, so use that set of more
generic rules here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:18:40 +02:00
Jouni Malinen
74a25a6602 Remove always true check on EAPOL-Key message in authenticator
This was practically dead code since no other msg value exist anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-28 11:07:55 +02:00
Thirusenthil Kumaran J
9e9afd9569 Extend frequency configuration to handle 6 GHz channel 2
In hostapd_set_freq_params(), if center_segment0 is 2, call
ieee80211_chan_to_freq() with operating class 136 instead of 131.

This is needed because, channel 2 is an exception in the 6 GHz band. It
comes before channel 1 and is part of operating class 136.

Channels order in 6 GHz:
    2 (Operating Class 136)
    1   5   9 ....  (Operating Class 131)

Signed-off-by: Thirusenthil Kumaran J <quic_thirusen@quicinc.com>
2024-01-26 20:08:41 +02:00
Muna Sinada
8677844db8 Add a QCA vendor attribute to determine QCA device
Add a new attribute for
%QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION subcommand. This
attribute is an 8 bit unsigned value used to specify whether an
associated peer is a QCA device.

Signed-off-by: Muna Sinada <quic_msinada@quicinc.com>
2024-01-26 18:46:10 +02:00
Jouni Malinen
576f462504 P2P: Accept P2P SD response without TX status
If a GAS response is received for a pending SD query, process it even if
the TX status event for the query has not yet been received. It is
possible for the TX status and RX events to be reordered especially when
using UML time-travel, so this is needed to avoid race conditions to
make SD more robust.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 17:12:16 +02:00
Jouni Malinen
16a22ef340 nl80211: Increase the hard scan timeout for initial attempt
If both 6 GHz and S1G channels are included, the previously used timeout
was not long enough at least with mac80211_hwsim. Increase the initial
timeout to allow such a scan to be completed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 12:26:36 +02:00
Jouni Malinen
f20ca22dce DFS: Print the random channel list entry selection in debug print
This makes it a bit easier to understand what happens with random
channel selection after radar detection.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 11:59:48 +02:00
Jouni Malinen
d88fe8fe5d DFS: Fix a typo in a debug message
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-26 11:42:54 +02:00
Chenming Huang
6c334d9f04 nl80211: Set allowed frequency list per link for AP MLD
QCA_WLAN_VENDOR_ATTR_CONFIG_AP_ALLOWED_FREQ_LIST needs be to set per
link if operating as an AP MLD.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
2024-01-24 18:32:50 +02:00
mukul sharma
42cd2376fd Enhance QCA vendor interface with new SAR version numbers
Add more SAR version numbers in the qca_wlan_vendor_sar_version.

Signed-off-by: Mukul Sharma <quic_mukul@quicinc.com>
2024-01-24 12:47:54 +02:00
Jouni Malinen
348c047afd ACS: More consistent checking of the best channel pointer
It looks like best might be NULL in some cases, so check for this
explicitly before trying to dereference it for a debug print.

Fixes: 733de85680 ("ACS: Fix not selecting the best channel in the segment")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-22 21:58:06 +02:00
Jouni Malinen
5d54bf6fb6 Fix error path on Key Data field decryption
key_data_buf is already freed on the common exit path, so do not try to
free it here on error.

Fixes: 4abc37e67b ("Support Key Data field decryption for EAPOL-Key msg 2/4 and 4/4")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-22 21:54:34 +02:00
Jouni Malinen
a4d599a53d FT: Fix architecture for RxKH loading from a file
src/ap/ap_config.c is not really supposed to call directly into a
function in hostapd/config_file.c. Furthermore, the wrapper through
ap_config.c did not really have any real value since it just called a
function that is within hostapd/*.c and that wrapper was called from
hostapd/*.c.

Instead of the wrapper, just call the function directly within the
hostapd directory.

Fixes: 392114a179 ("FT: Add dynamic reload of RxKH definitions from file")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-22 21:30:10 +02:00
Jouni Malinen
0b95d1346f OpenSSL: Fix a memory leak on an error path
peerkey from EVP_PKEY_new() needs to be freed on all error paths.

Fixes: b062507670 ("OpenSSL: Implement crypto_ecdh routines without EC_KEY for OpenSSL 3.0")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-01-22 21:16:47 +02:00