This adds support for SAE in AP mode with the atheros driver interface.
EVENT_RX_MGMT includes SAE processing while EVENT_AUTH would require
more changes to make this work.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
After an initial connection certain connection parameters may be
updated. It may be necessary to send these parameters to drivers since
these will be used in driver-initiated roaming cases. This commit
defines the driver_ops call for this and implements the needed
functionality for the nl80211 driver interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows a more accurate scan result age to be fetched than the one
available through NL80211_BSS_SEEN_MS_AGO.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was originally added to allow the IEEE 802.11 protocol to be
tested, but there are no known fully functional implementations based on
this nor any known deployments of PeerKey functionality. Furthermore,
PeerKey design in the IEEE Std 802.11-2016 standard has already been
marked as obsolete for DLS and it is being considered for complete
removal in REVmd.
This implementation did not really work, so it could not have been used
in practice. For example, key configuration was using incorrect
algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in
mapping to an invalid WPA_ALG_* value for the actual driver operation.
As such, the derived key could not have been successfully set for the
link.
Since there are bugs in this implementation and there does not seem to
be any future for the PeerKey design with DLS (TDLS being the future for
DLS), the best approach is to simply delete all this code to simplify
the EAPOL-Key handling design and to get rid of any potential issues if
these code paths were accidentially reachable.
Signed-off-by: Jouni Malinen <j@w1.fi>
These allow external programs to fetch the TX and RX rate information
and signal strength for a specific STA through the hostapd control
interface command "STA <addr>". The values of these attributes are
filled in the response of nl80211 command NL80211_CMD_GET_STATION.
Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
The new wpa_supplicant network parameter group_mgmt can be used to
specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128,
BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not
specified, the current behavior is maintained (i.e., follow what the AP
advertises). The parameter can list multiple space separate ciphers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Removing interface from bridge in_br
linux_br_del_if(drv->global->ioctl_sock, in_br, ifname)
but in case of failure, the error print is incorrect:
it should show error for "in_br" instead of the wrong bridge name
"brname".
Signed-off-by: Rohit Pratap Singh <rohit.s@samsung.com>
Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
It looks like these parameters related to FT have never been used, so
remove them from causing confusion. The separate update_ft_ies()
callback is used to provide the FT elements.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
NL80211_ATTR_AUTH_TYPE needs to be skipped if multiple auth_alg options
are included. The previous list missed the new FILS auth_alg here and
ended up not doing so if OPEN and FILS were included.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Check if device supports OCE STA/STA-CFON/AP specific mandatory
features. This commit includes checking based on the QCA vendor
attributes.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add changes to control interface command get_capability to advertize
FILS capability, FILS AKMs suites, and FILS Authentication algorithms
based on the driver capabilities.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Set temporary disallowed BSSID list to the driver so that the driver
doesn't try to connect to any of the blacklisted BSSIDs during
driver-based roaming operation. This commit includes support only for
the nl80211 driver interface using a QCA vendor command for this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
New AKM suites like FILS-SHA256 do not use KCK and hence KCK length can
be zero. Add changes to include KCK attribute in rekey data only if the
length is non-zero.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant tries to reinitialize an interface when a previously
removed netdev is restored (e.g., re-insert a USB dongle). If that
initialization fails (e.g., driver ejects ifconfig UP), the previous
implementation resulted in leaving the interface in incomplete state
while still claiming to upper layers that the interface status has
changed back to functional one.
Fix this by skipping the interface status update if reinitialization
fails. In other words, remain in INTERFACE_DISABLED state if the
interface cannot be re-enabled successfully.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 3e0272ca00 ('nl80211: Re-read MAC
address on RTM_NEWLINK') added the detection of external changes to MAC
address when the interface is brought up.
If the interface state is changed quickly enough, wpa_supplicant may
receive the netlink message for the !IFF_UP event when the interface
has already been brought up and would ignore the next netlink IFF_UP
message, missing the MAC change.
Fix this by also reloading the MAC address when a !IFF_UP event is
received with the interface up, because this implies that the
interface went down and up again, possibly changing the address.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Current DFS domain information of the driver can be used in ap/dfs
to comply with DFS domain specific requirements like uniform spreading
for ETSI domain.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
In some practical cases, it is useful to suppress joining to node in the
distance. The new field mesh_rssi_threshold could be used as RSSI
threshold for joining.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Add support to set ignore assoc disallow to the driver so that the
driver ignores assoc disallowed bit set by APs while connecting. This is
used by drivers that handle BSS selection and roaming internally.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These functions can potentially be called with ie == NULL and ie_len ==
0. Check explitcitly for the ie == NULL case to avoid confusing
memcpy(dst, NULL, 0) calls.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to allow the driver SME to perform the needed AES-SIV
operations during FILS association.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to add more parameters without having to change the
callback function prototype.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This will be used to determine what type of operations to use for STA
authentication and association.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed for configuring PMKSA cache entries to the driver with
the FILS Cache Identifier and SSID.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add support for FILS shared key offload for drivers which advertize
FILS shared key support using NL80211_CMD_CONNECT.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In case wpa_supplicant is using driver_macsec_linux, but macsec module
is not (yet) loaded in the kernel, nl_socket_alloc() fails and drv->sk
is NULL. In this case, don't call libnl functions rntl_link_add() or
rtnl_link_change() using such NULL pointer, to prevent program from
getting segmentation faults like:
Program received signal SIGSEGV, Segmentation fault.
nl_socket_get_local_port (sk=sk@entry=0x0) at socket.c:365
365 if (sk->s_local.nl_pid == 0) {
(gdb) p sk
$1 = (const struct nl_sock *) 0x0
(gdb) bt
#0 nl_socket_get_local_port (sk=sk@entry=0x0) at socket.c:365
#1 0x00007ffff79c56a0 in nl_complete_msg (sk=sk@entry=0x0,
msg=msg@entry=0x55555595a1f0) at nl.c:491
#2 0x00007ffff79c56d1 in nl_send_auto (sk=sk@entry=0x0,
msg=msg@entry=0x55555595a1f0) at nl.c:522
#3 0x00007ffff79c652f in nl_send_sync (sk=sk@entry=0x0,
msg=0x55555595a1f0) at nl.c:556
#4 0x00007ffff755faf5 in rtnl_link_add (sk=0x0,
link=link@entry=0x55555595b0f0, flags=flags@entry=1024) at route/link.c:1548
#5 0x000055555567a298 in macsec_drv_create_transmit_sc (priv=0x55555593b130,
sc=0x55555593b320, conf_offset=<optimized out>) at ../src/drivers/driver_macsec_linux.c:998
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
Process the new nl80211 event NL80211_RADAR_PRE_CAC_EXPIRED to allow the
driver to notify expiry of the CAC result on a channel.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
The userspace may want to delay the the first scheduled scan.
This enhances sched_scan to add initial delay (in seconds) before
starting first scan cycle. The driver may optionally choose to
ignore this parameter and start immediately (or at any other time).
This uses NL80211_ATTR_SCHED_SCAN_DELAY to add this via user
global configurable option: sched_scan_start_delay.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This leads to cleaner code overall, and also reduces the size
of the hostapd and wpa_supplicant binaries (in hwsim test build
on x86_64) by about 2.5 and 3.5KiB respectively.
The mechanical conversions all over the code were done with
the following spatch:
@@
expression SIZE, SRC;
expression a;
@@
-a = os_malloc(SIZE);
+a = os_memdup(SRC, SIZE);
<...
if (!a) {...}
...>
-os_memcpy(a, SRC, SIZE);
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add driver interface command using the QCA vendor extensions to check
the driverr whether to accept or reject a BSS transition candidate. For
the reject case, report an MBO reject reason code.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds reason for timeout in event CTRL-EVENT-ASSOC-REJECT whenever
connection failure happens because of timeout. This extends the
"timeout" parameter in the event to include the reason, if available:
timeout=scan, timeout=auth, timeout=assoc.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add IEEE 802.11ax definitions for config, IEEE structures, and
constants. These are still subject to change in the IEEE process.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add driver interface support to set sched_scan relative RSSI parameters
and to indicate driver support for this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds support for specifying a random TA for management frame
transmission commands and driver capability flags for indicating whether
this is supported in not-connected and connected states.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Following commit a70cd0db87 ('Don't
register for Beacon frames for IEEE 802.11ad AP'),
nl80211_get_wiphy_data_ap() is unconditionally called when starting AP.
This function tries to register for Beacon frames RX which fails for
some driver which don't support such registration and do not need it in
case the driver implements AP mode SME functionality.
Fix this by conditionally calling nl80211_get_wiphy_data_ap() like prior
to commit a70cd0db87.
Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
If vendor_scan_cookie is set to 0 after the scan_abort due to the scan
timeout ends in a cookie mismatch when processing the following
QCA_NL80211_VENDOR_SUBCMD_SCAN_DONE indication. This ends up considering
the scan results as being for an external scan and thus the current
ongoing scan is not removed from the radio_work. Hence, do not reset
this vendor_scan_cookie after the scan abort so that the scan completion
event gets processed properly and vendor_scan_cookie gets cleared at
that point.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
