Enable beacon protection only when driver indicates support

Enabling beacon protection will cause STA connection/AP setup failures if the driver doesn't support beacon protection. To avoid this, check the driver capability before enabling beacon protection. This commit also adds a capability flag to indicate beacon protection support in client mode only. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
3 years ago · d36d4209fd
parent 9d99814e22
commit d36d4209fd
8 changed files with 30 additions and 8 deletions
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@ -1786,7 +1786,8 @@ own_ip_addr=127.0.0.1
 #group_mgmt_cipher=AES-128-CMAC

 # Beacon Protection (management frame protection for Beacon frames)
-# This depends on management frame protection being enabled (ieee80211w != 0).
+# This depends on management frame protection being enabled (ieee80211w != 0)
+# and beacon protection support indication from the driver.
 # 0 = disabled (default)
 # 1 = enabled
 #beacon_prot=0
--- a/src/ap/ieee802_11_shared.c
+++ b/src/ap/ieee802_11_shared.c
@ -425,7 +425,9 @@ static void hostapd_ext_capab_byte(struct hostapd_data *hapd, u8 *pos, int idx)
 					       * Identifiers Used Exclusively */
 		}
 #endif /* CONFIG_SAE */
-		if (hapd->conf->beacon_prot)
+		if (hapd->conf->beacon_prot &&
+		    (hapd->iface->drv_flags &
+		     WPA_DRIVER_FLAGS_BEACON_PROTECTION))
 			*pos |= 0x10; /* Bit 84 - Beacon Protection Enabled */
 		break;
 	case 11: /* Bits 88-95 */
@ -494,7 +496,8 @@ u8 * hostapd_eid_ext_capab(struct hostapd_data *hapd, u8 *eid)
 	    hostapd_sae_pw_id_in_use(hapd->conf))
 		len = 11;
 #endif /* CONFIG_SAE */
-	if (len < 11 && hapd->conf->beacon_prot)
+	if (len < 11 && hapd->conf->beacon_prot &&
+	    (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION))
 		len = 11;
 #ifdef CONFIG_SAE_PK
 	if (len < 12 && hapd->conf->wpa &&
--- a/src/ap/wnm_ap.c
+++ b/src/ap/wnm_ap.c
@ -169,7 +169,9 @@ static int ieee802_11_send_wnmsleep_resp(struct hostapd_data *hapd,
 		pos += igtk_elem_len;
 		wpa_printf(MSG_DEBUG, "Pass 4 igtk_len = %d",
 			   (int) igtk_elem_len);
-		if (hapd->conf->beacon_prot) {
+		if (hapd->conf->beacon_prot &&
+		    (hapd->iface->drv_flags &
+		     WPA_DRIVER_FLAGS_BEACON_PROTECTION)) {
 			res = wpa_wnmsleep_bigtk_subelem(sta->wpa_sm, pos);
 			if (res < 0)
 				goto fail;
@ -537,7 +539,8 @@ static void wnm_beacon_protection_failure(struct hostapd_data *hapd,
 {
 	struct sta_info *sta;

-	if (!hapd->conf->beacon_prot)
+	if (!hapd->conf->beacon_prot ||
+	    !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION))
 		return;

 	sta = ap_get_sta(hapd, addr);
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@ -1512,6 +1512,9 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
 	else
 		_conf.extended_key_id = 0;

+	if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION))
+		_conf.beacon_prot = 0;
+
 	_conf.secure_ltf =
 		!!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF);
 	_conf.secure_rtt =
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@ -2013,6 +2013,8 @@ struct wpa_driver_capa {
 #define WPA_DRIVER_FLAGS2_PROT_RANGE_NEG	0x0000000000000010ULL
 /** Driver supports Beacon frame TX rate configuration (HE rates) */
 #define WPA_DRIVER_FLAGS2_BEACON_RATE_HE	0x0000000000000020ULL
+/** Driver supports Beacon protection only in client mode */
+#define WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT 0x0000000000000040ULL
 	u64 flags2;

 #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@ -656,6 +656,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
 	if (ext_feature_isset(ext_features, len,
 			      NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
 		info->drv->unsol_bcast_probe_resp = 1;
+
+	if (ext_feature_isset(ext_features, len,
+			      NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
+		capa->flags2 |= WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT;
 }


--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@ -1492,8 +1492,11 @@ fast_reauth=1
 # 2: do not allow PFS to be used
 #dpp_pfs=0

-# Whether Beacon protection is enabled
-# This depends on management frame protection (ieee80211w) being enabled.
+# Whether beacon protection is enabled
+# This depends on management frame protection (ieee80211w) being enabled and
+# beacon protection support indication from the driver.
+# 0 = disabled (default)
+# 1 = enabled
 #beacon_prot=0

 # OWE DH Group
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@ -1473,7 +1473,10 @@ void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s,
 			conf.fils_cache_id =
 				wpa_bss_get_fils_cache_id(wpa_s->current_bss);
 #endif /* CONFIG_FILS */
-		conf.beacon_prot = ssid->beacon_prot;
+		if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION) ||
+		    (wpa_s->drv_flags2 &
+		     WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT))
+			conf.beacon_prot = ssid->beacon_prot;
 	}
 #ifdef CONFIG_PASN
 #ifdef CONFIG_TESTING_OPTIONS