nl80211: Add support for IEEE 802.1X port control in station mode
This adds a cleaner mechanism for protecting against unauthorized data frames than the previously used drop_unencrypted mechanism (which is not even available with nl80211 and had to use a WEXT ioctl. The old drop_unencrypted code is left in for now as the final surviving WEXT use in driver_nl80211.c. However, it can be removed from the build by defining NO_WEXT. It may also be removed eventually when most users are expected to be using recent enough kernel version.
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
7e76ee9c45
commit
0165255010
1 changed files with 32 additions and 0 deletions
|
|
@ -3142,6 +3142,8 @@ static int wpa_driver_nl80211_associate(
|
||||||
NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED);
|
NLA_PUT_U32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED);
|
||||||
#endif /* CONFIG_IEEE80211W */
|
#endif /* CONFIG_IEEE80211W */
|
||||||
|
|
||||||
|
NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT);
|
||||||
|
|
||||||
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
|
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
|
||||||
msg = NULL;
|
msg = NULL;
|
||||||
if (ret) {
|
if (ret) {
|
||||||
|
|
@ -3271,6 +3273,35 @@ static int wpa_driver_nl80211_set_operstate(void *priv, int state)
|
||||||
drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT);
|
drv, -1, state ? IF_OPER_UP : IF_OPER_DORMANT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
|
||||||
|
{
|
||||||
|
struct wpa_driver_nl80211_data *drv = priv;
|
||||||
|
struct nl_msg *msg;
|
||||||
|
struct nl80211_sta_flag_update upd;
|
||||||
|
|
||||||
|
msg = nlmsg_alloc();
|
||||||
|
if (!msg)
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
|
genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0,
|
||||||
|
0, NL80211_CMD_SET_STATION, 0);
|
||||||
|
|
||||||
|
NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX,
|
||||||
|
if_nametoindex(drv->ifname));
|
||||||
|
NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid);
|
||||||
|
|
||||||
|
os_memset(&upd, 0, sizeof(upd));
|
||||||
|
upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
|
||||||
|
if (authorized)
|
||||||
|
upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
|
||||||
|
NLA_PUT(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd);
|
||||||
|
|
||||||
|
return send_and_recv_msgs(drv, msg, NULL, NULL);
|
||||||
|
nla_put_failure:
|
||||||
|
return -ENOBUFS;
|
||||||
|
}
|
||||||
|
|
||||||
#endif /* HOSTAPD */
|
#endif /* HOSTAPD */
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -4008,6 +4039,7 @@ const struct wpa_driver_ops wpa_driver_nl80211_ops = {
|
||||||
.deinit = wpa_driver_nl80211_deinit,
|
.deinit = wpa_driver_nl80211_deinit,
|
||||||
.get_capa = wpa_driver_nl80211_get_capa,
|
.get_capa = wpa_driver_nl80211_get_capa,
|
||||||
.set_operstate = wpa_driver_nl80211_set_operstate,
|
.set_operstate = wpa_driver_nl80211_set_operstate,
|
||||||
|
.set_supp_port = wpa_driver_nl80211_set_supp_port,
|
||||||
#endif /* HOSTAPD */
|
#endif /* HOSTAPD */
|
||||||
.set_country = wpa_driver_nl80211_set_country,
|
.set_country = wpa_driver_nl80211_set_country,
|
||||||
.set_mode = wpa_driver_nl80211_set_mode,
|
.set_mode = wpa_driver_nl80211_set_mode,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue