From 73ebd58fc8fc5d7977e9205de27f6b1a6d2c9c99 Mon Sep 17 00:00:00 2001 From: Veerendranath Jakkam Date: Thu, 3 Dec 2020 14:17:39 +0530 Subject: [PATCH] STA: Check driver capability to enable OCV when driver SME is used When the driver SME is used, offloaded RSN handshakes like SA Query, GTK rekeying, FT authentication, etc. would fail if wpa_supplicant enables OCV in initial connection based on configuration but the driver doesn't support OCV. To avoid such failures check the driver's capability for enabling OCV when the driver SME used. This commit also adds a capability flag for indicating OCV support by the driver. Signed-off-by: Veerendranath Jakkam --- src/drivers/driver.h | 2 ++ src/drivers/driver_nl80211_capa.c | 4 ++++ wpa_supplicant/wpa_supplicant.c | 4 +++- wpa_supplicant/wpa_supplicant.conf | 3 ++- 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/drivers/driver.h b/src/drivers/driver.h index dd17bcefa..595677567 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -2015,6 +2015,8 @@ struct wpa_driver_capa { #define WPA_DRIVER_FLAGS2_BEACON_RATE_HE 0x0000000000000020ULL /** Driver supports Beacon protection only in client mode */ #define WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT 0x0000000000000040ULL +/** Driver supports Operating Channel Validation */ +#define WPA_DRIVER_FLAGS2_OCV 0x0000000000000080ULL u64 flags2; #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c index 1038ca74e..d2400bbd9 100644 --- a/src/drivers/driver_nl80211_capa.c +++ b/src/drivers/driver_nl80211_capa.c @@ -660,6 +660,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info, if (ext_feature_isset(ext_features, len, NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT)) capa->flags2 |= WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT; + + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_OPERATING_CHANNEL_VALIDATION)) + capa->flags2 |= WPA_DRIVER_FLAGS2_OCV; } diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index 9badce318..8384cce75 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -1656,7 +1656,9 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s, wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP, wpas_get_ssid_pmf(wpa_s, ssid)); #ifdef CONFIG_OCV - wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv); + if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) || + (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OCV)) + wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv); #endif /* CONFIG_OCV */ sae_pwe = wpa_s->conf->sae_pwe; if (ssid->sae_password_id && sae_pwe != 3) diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf index 09a8658ff..e3ae77114 100644 --- a/wpa_supplicant/wpa_supplicant.conf +++ b/wpa_supplicant/wpa_supplicant.conf @@ -991,7 +991,8 @@ fast_reauth=1 # This is a countermeasure against multi-channel man-in-the-middle attacks. # Enabling this automatically also enables ieee80211w, if not yet enabled. # 0 = disabled (default) -# 1 = enabled +# 1 = enabled if wpa_supplicant's SME in use. Otherwise enabled only when the +# driver indicates support for operating channel validation. #ocv=1 # # auth_alg: list of allowed IEEE 802.11 authentication algorithms