Commit graph

17211 commits

Author SHA1 Message Date
Jouni Malinen
af89683a43 tests: Update RSA 3k certificates
The previous ones expired and caused test failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-08-19 13:57:53 +03:00
Davide Caratti
e2e9adc3d9 openssl: Disable padding after initializing the cipher suite
according to OpenSSL documentation [1], EVP_CIPHER_CTX_set_padding()
should be called after EVP_EncryptInit_ex(), EVP_DecryptInit_ex(), or
EVP_CipherInit_ex(). Not doing this causes EVP_CIPHER_CTX_set_padding()
to return false on OpenSSL-3.0.0, resulting in the impossibility to
connect in many scenarios. Fix this changing the order of function calls
where needed.

[1] https://www.openssl.org/docs/man1.1.1/man3/EVP_CIPHER_CTX_set_padding.html

Reported-by: Vladimir Benes <vbenes@redhat.com>
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2021-08-19 12:13:17 +03:00
Davide Caratti
d265dd2d96 openssl: Remove deprecated functions from des_encrypt()
NetworkManager-CI detected systematic failures on test scenarios using
MSCHAPv2 when wpa_supplicant uses OpenSSL-3.0.0.
The 'test_module_tests.py' script also fails, and the following log is
shown:

 1627404013.761569: generate_nt_response failed
 1627404013.761582: ms_funcs: 1 error

It seems that either DES_set_key() or DES_ecb_encrypt() changed their
semantic, but it doesn't make sense to fix them since their use has been
deprecated. Converting des_encrypt() to avoid use of deprecated
functions proved to fix the problem, and removed a couple of build
warnings at the same time.

Reported-by: Vladimir Benes <vbenes@redhat.com>
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
2021-08-19 12:10:33 +03:00
Arowa Suliman
46b60299a4 wpa_supplicant: src: Replace Sane with Valid.
Replace the word Sane with Valid which is inclusive.

Signed-off-by: Arowa Suliman <arowa@chromium.org>
2021-08-19 11:34:45 +03:00
Joshua Emele
12388313a0 RADIUS client: Fix void-pointer-to-enum-cast warning
Found using x86_64-cros-linux-gnu-clang (Chromium OS
12.0_pre416183_p20210305-r3 clang version 12.0.0):

radius_client.c:818:24: warning: cast to smaller integer ...
        RadiusType msg_type = (RadiusType) sock_ctx;

Signed-off-by: Joshua Emele <jemele@chromium.org>
2021-08-19 11:19:37 +03:00
Jouni Malinen
3f4e8b93f8 tests: SCS
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-08-12 18:28:07 +03:00
Vinita S. Maloo
e433d06dd5 Allow MSCS support to be disabled for testing purposes
"SET disable_mscs_support 1" can be used to disable indication of MSCS
support in the Extended Capabilities element for testing purposes. This
is also disabling addition of the MSCS element even if valid
configuration parameters had been configured.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2021-08-12 18:28:07 +03:00
Vinita S. Maloo
025f8ab52e SCS: Processing of SCS Response frames
Add support to receive and process SCS Response frames from the AP and
indicate the status to upper layers.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2021-08-12 18:28:07 +03:00
Vinita S. Maloo
b4e01ae929 Allow SCS supported to be disabled for testing purposes
"SET disable_scs_support 1" can be used to disable indication of SCS
support in the Extended Capabilities element for testing purposes.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2021-08-12 18:28:07 +03:00
Vinita S. Maloo
c005283c48 SCS: Sending of SCS Request frames
Add support to parse SCS control interface command and form the SCS
Request frame to be sent to SCS enabled AP.

Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
2021-08-12 18:28:07 +03:00
Hu Wang
445dbe2cdb P2P: Do not stop Listen state if it is moving to correct channel
Commit 0b8889d8e5 ("P2P: Do not stop Listen state if it is on
correct channel") added a optimization to use Listen state's
remain-on-channel to send out GO Negotiation response frame quickly.

But in Listen state, if GO Negotiation request frame is received before
the remain-on-channel started event from the driver, the above
optimization is not triggered. This showed up in following manner in the
debug log:

p2p0: Starting radio work 'p2p-listen'@0xb4000070ae22d420 after 0.000114 second wait
nl80211: Remain-on-channel cookie 0x100 for freq=2412 MHz duration=204
P2P: Received GO Negotiation Request from 6e:fa:a7:86:e5:e5(freq=2412)
P2P: GO Negotiation with 6e:fa:a7:86:e5:e5
P2P: Stopping find
P2P: Clear timeout (state=WAIT_PEER_CONNECT)
P2P: State WAIT_PEER_CONNECT -> IDLE
nl80211: Cancel remain-on-channel with cookie 0x100
p2p0: Radio work 'p2p-listen'@0xb4000070ae22d420 done in 0.074348 seconds
p2p0: radio_work_free('p2p-listen'@0xb4000070ae22d420): num_active_works --> 0
P2P: State IDLE -> GO_NEG
P2P: Sending GO Negotiation Response
Off-channel: Send action frame: freq=2412 dst=6e:fa:a7:86:e5:e5 src=da:3c:83:7d:70:2b bssid=da:3c:83:7d:70:2b len=196
nl80211: Remain-on-channel event (cancel=0 freq=2412 channel_type=0 duration=400 cookie=0x100 (match))
nl80211: Remain-on-channel event (cancel=1 freq=2412 channel_type=0 duration=0 cookie=0x100 (match))
P2P: GO Negotiation Response (failure) TX callback: success=0

Fix this by adding p2p->pending_listen_freq == freq condition for the
optimization so that the case where the remain-on-channel command has
already been issued to the driver, but the start event has not yet been
received, is covered as well.

Fixes: 0b8889d8e5 ("P2P: Do not stop Listen state if it is on correct channel")
Signed-off-by: Hu Wang <huw@codeaurora.org>
2021-08-12 17:52:28 +03:00
Aleti Nageshwar Reddy
e99aaf7064 Add QCA vendor attribute for TWT termination due to power save exit
Add QCA new status vendor attribute
QCA_WLAN_VENDOR_TWT_STATUS_POWER_SAVE_EXIT_TERMINATE
to indicate the TWT session termination due to power save
exit request from userspace.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-08-12 17:38:20 +03:00
Shiva Krishna Pittala
a147951eec Add QCA vendor attribute indicating the spectral scan bandwidth
Add the following vendor attribute to indicate the bandwidth to be used
for spectral scan operation:
- QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_BANDWIDTH

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-08-12 17:23:39 +03:00
Aleti Nageshwar Reddy
51f89565fc Add QCA vendor interface to fetch thermal statistics from the driver
Enhance QCA_NL80211_VENDOR_SUBCMD_THERMAL_CMD to fetch thermal
statistics for different temperature levels from the driver to
userspace. The statistics will be stored in the driver/firmware for
predefined temperature levels and will be reported to userspace when
QCA_NL80211_VENDOR_SUBCMD_THERMAL_CMD is sent with the command type
QCA_WLAN_VENDOR_ATTR_THERMAL_CMD_TYPE_GET_THERMAL_STATS.

The thermal statistics can be cleared from userspace by sending a
QCA_NL80211_VENDOR_SUBCMD_THERMAL_CMD command with the type
QCA_WLAN_VENDOR_ATTR_THERMAL_CMD_TYPE_CLEAR_THERMAL_STATS.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-08-12 17:14:54 +03:00
Sreeramya Soratkal
24774dcc2e P2P: Require PMF for P2P GO in the 6 GHz band
Enable (and require) the management frame protection for the P2P GO if
it is started on a 6 GHz channel.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-08-05 19:14:52 +03:00
Jouni Malinen
c3155a725d tests: WPS+SAE+H2E
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-08-04 00:41:30 +03:00
Sreeramya Soratkal
49442194c4 SAE: Derive H2E PT while reconnecting to same SSID also
P2P connections in the 6 GHz band use SAE authentication algorithm after
getting credentials with WPS connection. During WPS connection as it
doesn't use SAE, SAE PT is not derived. After getting SAE credentials,
the STA connects to the same SSID using SAE auth algorithm. Earlier, SAE
H2E PT was not derived while connecting to the same SSID to which the
STA is connected last time. Due to this, the P2P group formation fails
for 6 GHz channels when H2E is enabled as the PT will not be setup by
the P2P client before proceeding to the SAE authentication. Same could
happen with infrastructure WPS when wps_cred_add_sae=1 is used.

Set up the SAE H2E PT while connecting to the same SSID again also to
make sure that the H2E PT is set up in the STA to derive the PWE for
successful SAE authentication. The PT derivation will be skipped in
wpa_s_setup_sae_pt() if PT is already available for that SSID.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-08-04 00:20:09 +03:00
Sreeramya Soratkal
ac79ed4998 HE: Obtain correct AP mode capabilities for hw_mode with 6 GHz support
Though both 5 GHz channels and 6 GHz channels report the mode as
HOSTAPD_MODE_IEEE80211A, there is a possibility of different HT/VHT/HE
capabilities being available between these bands. Use get_mode() to
obtain correct capabilities to cover cases where the driver reports
different capability values for the 5 GHz and 6 GHz channels.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-08-03 19:48:12 +03:00
Aditya Kodukula
dfabf1e5cb QCA vendor command for mDNS offload
Define a new vendor command for enabling/disabling mDNS offload.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-29 20:07:52 +03:00
Disha Das
1071f75395 DPP2: Fix channel 6 inclusion for chirping with non-2 GHz interfaces
When the driver provides a list of supported modes, hostapd ended up
adding channel 6 even if the 2.4 GHz mode was not included. This
resulted in incorrect behavior of trying to transmit on a not supported
channel in case of 5 GHz only radios.

Fix this by adding the channel 6 by default only if the driver does not
provide a list of supported modes. Whenever the supported modes are
available, only add this channel if it is explicitly listed as an
enabled channel.

This is similar to an earlier wpa_supplicant change in commit
8e5739c3ac ("DPP2: Check channel 6 validity before adding it to chirp
channel list").

Signed-off-by: Disha Das <dishad@codeaurora.org>
2021-07-29 20:07:52 +03:00
Utkarsh Bhatnagar
84b3de8095 TDLS: Support TDLS operations in HE mode for 6 GHz
Determine if the TDLS peer supports TDLS in 6 GHz band based on the HE 6
GHz Band Capabilities element received in the TDLS Setup Response frame.
Indicate the peer's HE 6 GHz capabilities to the driver through
sta_add().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-29 20:07:25 +03:00
Kiran Kumar Lokere
1990ee7eee QCA vendor attributes to configure BTWT and Rx control frame to MultiBSS
Add QCA vendor attributes to configure the driver to enable/disable the
Broadcast TWT support and Rx Control Frame To MultiBSS support in HE
capabilities information field. This attribute is used for testing
purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-28 12:51:15 +03:00
Nirav Shah
f5f2985a2d Update TWT attribute to send TSF value in TWT setup command
Update QCA_WLAN_VENDOR_ATTR_TWT_SETUP_WAKE_TIME_TSF
TWT attribute to use it in TWT setup command to pass TSF value.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-27 00:38:57 +03:00
Veerendranath Jakkam
b4f7506ff0 FILS: Flush external-PMKSA when connection fails without ERP keys
External applications can store PMKSA entries persistently and
reconfigure them to wpa_supplicant after restart. This can result in
wpa_supplicant having a PMKSA for FILS authentication without having
matching ERP keys for it which would prevent the previously added
mechanism for dropping FILS PMKSA entries to recover from rejected
association attempts.

Fix this by clearing PMKSA entries configured by external applications
upon FILS connection failure even when ERP keys are not available.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-07-14 21:35:24 +03:00
Veerendranath Jakkam
80bcd7ecd1 FILS: Flush PMKSA entries on FILS connection failure
wpa_supplicant generates both a PMKSA cache entry and ERP keys upon
successful FILS connection and uses FILS authentication algorithm for
subsequent connections when either ERP keys or a PMKSA cache entry is
available.

In some cases, like AP/RADIUS server restart, both ERP keys and PMKSA
becomes invalid. But currently when an AP rejects an association,
wpa_supplicant marks only ERP keys as failed but not clearing PMKSA.

Since PMKSA is not cleared, consecutive connection attempts are still
happening with FILS authentication algorithm and connection attempts are
failing with the same association rejection again instead of trying to
recover from the state mismatch by deriving a new ERP key hierarchy.

Clear PMKSA entries as well on association rejection from an AP to allow
the following connection attempt to go with open authentication to
re-establish a valid ERP key hierarchy. Also, since clearing PMKSA
entries on unprotected (Re)Association Response frames could allow DoS
attack (reduce usability of PMKSA caching), clear PMKSA entries only
when ERP keys exists.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
2021-07-14 21:20:17 +03:00
Jouni Malinen
d727b5e464 tests: Fix PASN tests to check for PASN support
Couple of the PASN test cases did not verify whether the wpa_supplicant
build used in the test included PASN support.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-14 18:18:47 +03:00
Jouni Malinen
295170851d tests: SAE Authetication failure reporting
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-14 18:18:47 +03:00
Jouni Malinen
914a2f518f SAE: Report authentication rejection over control interface
CTRL-EVENT-AUTH-REJECT reporting was previously skipped when going
through SAE-specific Authentication frame handling. Add this event here
as well to be more consistent with control interface events.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-14 18:18:47 +03:00
Jia Ding
9557ba336b AP: Don't increment auth_transaction upon SAE authentication failure
IEEE Std 802.11-2016, 12.4.7.6 specifies:

An SAE Commit message with a status code not equal to SUCCESS shall
indicate that a peer rejects a previously sent SAE Commit message.

An SAE Confirm message, with a status code not equal to SUCCESS, shall
indicate that a peer rejects a previously sent SAE Confirm message.

Thus when SAE authentication failure happens, authentication transaction
sequence number should not be incremented.

Signed-off-by: Jia Ding <jiad@codeaurora.org>
2021-07-14 18:18:47 +03:00
Jia Ding
84f6492eac Extend QCA vendor command for TSF to enable and disable auto report
Add TSF cmd to enable and disable automatic TSF report from the target
to the host.

Signed-off-by: Jia Ding <jiad@codeaurora.org>
2021-07-14 18:18:37 +03:00
Kiran Kumar Lokere
7ef4200588 QCA vendor attribute to configure BSS max idle support
Add new QCA vendor attribute to configure the driver to enable/disable
the BSS max idle period support. This attribute is used for testing
purposes.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-13 23:52:18 +03:00
Kiran Kumar Lokere
ef83e0f90f QCA vendor attribute to use BSSID in Probe Request frame RA
Add a QCA vendor attribute to configure the driver to use scan
request BSSID value in Probe Request frame RA(A1) for scan.
This attribute is used for testing purpose.

The driver saves this configuration and applies this setting to all user
space scan requests until the setting is cleared. If this configuration
is set, the driver uses the BSSID value from the scan request to set the
RA(A1) in the Probe Request frames during the scan, else the broadcast
address is set in the Probe Request frames RA(A1).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-07-13 23:51:28 +03:00
Jia Ding
e2ff06c914 Add channel load percentage attribute into QCA vendor command
Add channel load percentage attribute in enum ll_stats_results.

Signed-off-by: Jia Ding <jiad@codeaurora.org>
2021-07-13 23:45:40 +03:00
Jia Ding
ac6a0293d8 Add uplink delay attribute in QCA vendor command get_sta_info responses
Add uplink delay attribute in responses of
QCA_NL80211_VENDOR_SUBCMD_GET_STA_INFO vendor command.

Signed-off-by: Jia Ding <jiad@codeaurora.org>
2021-07-13 23:43:51 +03:00
Jouni Malinen
5326c8af3f tests: Fix multi_ap_wps_shared_apdev_csa to remove extra hostapd interface
This test case adds a new AP device (wlan0_ap) with iw and removes it in
the end. However, the hostapd interface for this netdev was only added,
but not removed at the end of the test case. This could result in
consecutive test cases getting confused with the extra interface, e.g.,
if running WPS configuration steps that get applied to all enabled
interfaces.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-06-25 00:31:03 +03:00
Jouni Malinen
84f8947735 PTKSA: Fix a potential hostapd memory leak during reconfiguration
Some of the reconfiguration cases (e.g., with WPS reconfiguration
enabling WPA/WPA2) might end up calling hostapd_setup_wpa() twice
without calling hostapd_deinit_wpa() in the middle. This would have
resulted in a memory leak since the PTKSA cache was being reinitialized
without freeing previous memory allocation.

Fix this by making PTKSA cachine initialization independent of
hapd->wpa_auth so that reinitialization does not happen in a manner that
would have overridden the old hapd->ptksa pointer without freeing the
referenced resources.

Fixes: f2f8e4f458 ("Add PTKSA cache to hostapd")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-06-25 00:20:02 +03:00
Sreeramya Soratkal
311091eb43 P2P: Use SAE+PMF for P2P connection in 6 GHz
Use WPA3-Personal (SAE+PMF) for P2P connections in the 6 GHz band to
enable the Wi-Fi Display use case on the 6 GHz band without having to
use WPA2-Personal (PSK) on that new band.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-06-14 20:24:37 +03:00
Sreeramya Soratkal
f0cdacacb3 P2P: Allow connection on 6 GHz channels if requested
Previously, 6 GHz channels were disabled for P2P operations. Use the new
allow_6ghz parameter with P2P_CONNECT, P2P_GROUP_ADD, and P2P_INVITE
commands for P2P connection on the 6 GHz channels when Wi-Fi Display is
enabled on both the devices.

However, the p2p_6ghz_disable parameter in the configuration takes a
higher precedence.

Indicate P2P 6 GHz band capable information in Device Capability Bitmap
of P2P Capability attribute to indicate the P2P Device is capable of P2P
operation in the 6 GHz band.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-06-14 20:24:37 +03:00
Sreeramya Soratkal
b36142a740 P2P: Add allow_6ghz parameter to control interface
Introduce a new allow_6ghz parameter with P2P_CONNECT, P2P_GROUP_ADD,
and P2P_INVITE commands for P2P connection on the 6 GHz channels when
Wi-Fi Display is enabled on both the devices. This commit is only adding
the interface change without changing any actual P2P functionality.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-06-14 20:24:37 +03:00
Sreeramya Soratkal
f7d4f1cbec P2P: Add a mechanism for allowing 6 GHz channels in channel lists
Introduce a new allow_6ghz parameter to allow 6 GHz channels to be
filtered out when copying channel lists.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-06-14 20:24:37 +03:00
Sreeramya Soratkal
6423c23e3d P2P: Allow 6 GHz channels to be included in the P2P_FIND operation
Previously, the 6 GHz channels were disabled for P2P operations.
Introduce a new include_6ghz parameter for the P2P_FIND command to
configure P2P discovery on the 6 GHz channels.

However, the p2p_6ghz_disable parameter in the configuration takes a
higher priority. If the p2p_6ghz_disable parameter is not set in the
configuration, include_6ghz parameter can be used to enable or disable
the discovery operation in the 6 GHz channels for the P2P_FIND command.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-06-14 20:24:37 +03:00
Sreeramya Soratkal
a06c7d50f9 P2P: Helper functions to check for WFD capability of a P2P device
P2P operation on the 6 GHz band is supported in the WFD use case.
Introduce helper functions to check for Wi-Fi Display capability of
the local device and a peer device.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-06-14 20:24:37 +03:00
Sreeramya Soratkal
eaf850867b P2P: Extend channel determination/validation to 6 GHz channels
Extend the previously 5 GHz specific 80 and 160 MHz channels helper
functions to support 6 GHz channels.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-06-10 23:43:03 +03:00
Sreeramya Soratkal
9b50746f50 P2P: Introduce 6 GHz band capability bit in P2P Device Capability
Introduce P2P 6 GHz band capable information in Device Capability
Bitmap of P2P Capability sub-attribute.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2021-06-10 23:08:22 +03:00
Gurumoorthi Gnanasambandhan
9f901e65b4 WNM: Ignore SSID check for hidden SSID in transition candidates
Do not skip scan results with zero length SSID (i.e., a hidden SSID)
when searching for potential BSS transition candidates since such
entries might be for the same ESS (i.e., for the current SSID). Use only
the BSSID check for such cases.

Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
2021-06-09 20:55:39 +03:00
Jouni Malinen
525ec045f3 P2P: Use correct return type for has_channel()
This helper function returns enum chan_allowed values, so use it as the
return type instead of unnecessarily generic int.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-06-08 12:46:45 +03:00
Hu Wang
09fb9b0cb0 DFS offload: Use hostapd_is_dfs_required() to check if DFS required
hostapd_handle_dfs_offload() is the DFS handler for the offloaded case,
in which ieee80211_is_dfs() is used to check if the configured frequency
requires DFS or not.

When the configured channel width is not 20 (e.g., 160),
ieee80211_is_dfs() will not checked adjacent freqs, so it possibly makes
wrong conclusion for whether DFS is required.

hostapd_is_dfs_required() does similar thing with ieee80211_is_dfs()
except it supports checking whether the configured frequency and its
adjacent frequencies require DFS. So hostapd_is_dfs_required() is a more
robust and better option than ieee80211_is_dfs() to check DFS.

The issue is hostapd_is_dfs_required() is for non-offload case due to
the check of the configuration parameter ieee80211h. Add a check for
WPA_DRIVER_FLAGS_DFS_OFFLOAD to make it support the DFS offload case
(i.e., ieee80211h=0) as well.

For example, configuring the AP to start at freq=5240 with channel width
160:
- Existing hostapd checks freq=5240 is non-DFS, hence skip DFS CAC and
  transition to AP-Enabled which volatiles DFS-RADAR detection.

  LOG: "hostapd : hostapd_handle_dfs_offload: freq 5240 MHz does not
        require DFS. Continue channel/AP setup"

- This commit checks freq=5240 and its adjacent freqs are DFS required,
  hence remains in DFS state until DFS CAC completed.

  LOG: "hostapd : hostapd_handle_dfs_offload: freq 5240 MHz requires
        DFS for 4 chans"

Signed-off-by: Hu Wang <huw@codeaurora.org>
2021-06-07 17:42:56 +03:00
Jouni Malinen
e8662e9d44 Use a helper function to remove struct wpa_bss_tmp_disallowed entries
It is safer to remove and free these entries with a shared helper
function to avoid issues with potentially forgetting to unregister or
free something if this structure is extended in the future.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-06-03 00:11:18 +03:00
Hu Wang
ecaacb47b7 OCE: Remove AP from driver disallow list with sufficient AP RSSI
When a STA makes an association request that is rejected by an OCE AP
due to the RSSI being insufficient, the AP is added to the driver
disallow list by wpa_set_driver_tmp_disallow_list().

Once the AP increases TX power which makes the AP RSSI higher than
Association Rejection RSSI threshold, the AP is supposed to be removed
from the driver disallow list but that was not the case.

wpa_is_bss_tmp_disallowed() is called in the scan result handler, so it
is the best place to put the logic of removing the AP from the driver
disallow list with sufficient AP RSSI.

This is needed with drivers that use the temporarily disallowed BSS list
(which is currently supported only with a QCA vendor command). The
wpa_supplicant internal functionality was already taking care of this
with the wpa_is_bss_tmp_disallowed() return value even for cases where
the entry remaining in the list.

Signed-off-by: Hu Wang <huw@codeaurora.org>
2021-06-03 00:06:00 +03:00
Hu Wang
c25b50306e hostapd: Reject 40 MHz channel config if regulatory rules do not allow it
When regulatory rules are configured not to support 40 MHz channels on
the 2.4 GHz band, hostapd_is_usable_chans() still allowed 40 MHz
channels (i.e., 1-9) to be used with ht_capab=[HT40+][HT40-].

Looking into hostapd_is_usable_chans():
1) Validate primary channel using hostapd_is_usable_chan()
2) Try to pick a default secondary channel if hostapd_is_usable_chan()
3) Try to pick a valid secondary channel if both HT40+/HT40- set, and
   further validate primary channel's allowed bandwidth mask.
4) Return channel not usable.

For example, for the 2.4 GHz channel 9 in Japan, its default secondary
channel is 13, which is valid per hostapd_is_usable_chan(), so step (2)
returns channel usable.

Add a more strict check to step (2) to clearly reject 40 MHz channel
configuration if regulatory rules do not allow the 40 MHz bandwidth,
which is similarly done in commit ce6d9ce15b ("hostapd: Add supported
channel bandwidth checking infrastructure").

Signed-off-by: Hu Wang <huw@codeaurora.org>
2021-06-02 00:06:20 +03:00