Some APs don't include a CSA IE when an ECSA IE is generated,
and mac80211 used to fail following their channel switch. Add
a testing option to hostapd to allow reproducing the behavior.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Fix and extend the ieee80211_freq_to_channel_ext() function to deal
correctly with VHT operating classes (128, 129, 130).
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The CSA channel and operating class values need to be set for all types
of channel switch (i.e., either if it's triggered by the control
interfaces or due to the GO-follows-STA flow). To do so, move the code
that sets them from the GO-follows-STA flow to the more generic
hostapd_fill_csa_settings() function.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
The hostapd_hw_get_channel() function can't be used to convert center
frequencies to channel numbers, because the hw mode lists don't have all
the center frequencies. The hw mode lists have the main channel
frequencies and flags to indicate the channel topography.
For instance, channel 5805 with VHT80- has the channel center frequency
segment 0 at 5775. This segment is only indicated indirectly in the hw
mode list by the HOSTAPD_CHAN_VHT_50_30 flag. The hw mode list doesn't
have any elements with frequency 5775 to allow the conversion to a
channel number. Thus, we need to use ieee80211_freq_to_chan() instead.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Pass to the driver a list of CSA counter offsets when sending Probe
Response frames during a CSA period. This allows the kernel to correctly
update the CSA/eCSA elements.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Some management frames contain CSA counters which should be updated by
kernel. Change driver op send_mlme() allowing to send a frame,
specifying an array of offsets to the CSA counters which should be
updated. For example, CSA offsets parameters should be specified when
sending Probe Response frames during CSA period.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Advertise current operating class in Beacon and Probe Response frames.
This Supported Operating Classes element is required by the standard
when extended channel switch is supported. However, since this element
doesn't reflect correctly the sub-band spectrum breakdown and can't be
effectively used by clients, publish only the minimal required part
which is the current operating class.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Fix the order of CSA, eCSA, Secondary Channel Offset, and Wide Bandwidth
Channel Switch Wrapper elements in Beacon and Probe Response frames.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add new GO frequency move policy. The P2P_GO_FREQ_MOVE_SCM_ECSA prefers
SCM if all the clients advertise eCSA support and the candidate
frequency is one of the group common frequencies.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Extended channel switch provides an ability to switch between operating
classes and is required for P2P Devices by the P2P specification when
switching in 5 GHz.
When the operating class is provided for channel switch, the AP/P2P GO
will use eCSA IE in addition to the regular CSA IE both on 2.4 GHz and 5
GHz bands.
Transitions between different hw_modes are not supported.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Channel switch may be performed using both CSA and eCSA IEs together.
This may happen, for example with a P2P GO on band A with legacy
clients. Extend driver API to support up to 2 CSA counters.
This patch also includes the required implementation for nl80211.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When building Beacon and Probe Response frames for the target channel,
consider bandwidth parameter for VHT channels. In addition, add support
for updating vht_oper_centr_freq_seg0_idx and
vht_oper_centr_freq_seg1_idx.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When switching to a VHT channel with width greater than 20 MHz, add Wide
Bandwidth Channel Switch element. This element is added in Beacon and
Probe Response frames inside Channel Switch Wrapper element.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When CSA is started, hostapd_change_config_freq() computes the channel
from the provided frequency. Use this stored channel to add CSA IE in
Beacon frames, instead of recomputing the channel each time.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This fixes an issue where hostapd SET command is used to configure RSN
parameters and the wpa parameter is sent after the other parameters.
Previously, the default case here ended up clearing rsn_pairwise and
wpa_pairwise values and once wpa=2 was finally set, the cipher
configuration had already been lost.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, station's VHT information elements were copied and passed
regardless of the AP's VHT configuration. As a result, AP with VHT
disabled in configuration could have ended up transmitting packets in
VHT rates though AP is not advertising VHT support. Fix this by copying
the station's VHT capabilities only when AP supports VHT (both hardware
and configuration).
Signed-off-by: Ashok Raj Nagarajan <arnagara@qti.qualcomm.com>
Reset hapd->num_probereq_cb to 0 on an interface deinit to avoid
unexpected behavior if the same interface is enabled again without fully
freeing the data structures. hostapd_register_probereq_cb() increments
hapd->num_probereq_cb by one and leaves all old values unchanged. In
this deinit+init case, that would result in the first entry in the list
having an uninitialized pointer and the next Probe Request frame
processing would likely cause the process to terminate on segmentation
fault.
This issue could be hit when hostapd was used with WPS enabled (non-zero
wps_state configuration parameter) and control interface command DISABLE
and ENABLE were used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends the previous tracking design to add a station entry based
on other management frames than Probe Request frames. For example, this
covers a case where the station is using passive scanning.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new no_auth_if_seen_on=<ifname> parameter can now be used to
configure hostapd to reject authentication from a station that was seen
on another radio.
This can be used with enabled track_sta_max_num configuration on another
interface controlled by the same hostapd process to reject
authentication attempts from a station that has been detected to be
capable of operating on another band, e.g., to try to reduce likelihood
of the station selecting a 2.4 GHz BSS when the AP operates both a 2.4
GHz and 5 GHz BSS concurrently.
Note: Enabling this can cause connectivity issues and increase latency for
connecting with the AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new no_probe_resp_if_seen_on=<ifname> parameter can now be used to
configure hostapd to not reply to group-addressed Probe Request from a
station that was seen on another radio.
This can be used with enabled track_sta_max_num configuration on another
interface controlled by the same hostapd process to restrict Probe
Request frame handling from replying to group-addressed Probe Request
frames from a station that has been detected to be capable of operating
on another band, e.g., to try to reduce likelihood of the station
selecting a 2.4 GHz BSS when the AP operates both a 2.4 GHz and 5 GHz
BSS concurrently.
Note: Enabling this can cause connectivity issues and increase latency
for discovering the AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
hostapd can now be configured to track unconnected stations based on
Probe Request frames seen from them. This can be used, e.g., to detect
dualband capable station before they have associated. Such information
could then be used to provide guidance on which colocated BSS to use in
case of a dualband AP that operates concurrently on multiple bands under
the control of a single hostapd process.
Signed-off-by: Jouni Malinen <j@w1.fi>
DSSS/CCK rate support in 40 MHz has to be set to 0 for 5 GHz band since
this mechanism is designed only for the 2.4 GHz band. Clear
HT_CAP_INFO_DSSS_CCK40MHZ in ht_capab when the configured mode is
neither 11b nor 11g.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
It was possible for wpa_auth_sm_event(WPA_DEAUTH) to be called from
wpa_sm_step() iteration in the case the EAPOL authenticator state
machine ended up requesting the station to be disconnected. This
resulted in unnecessary recursive call to wpa_sm_step(). Avoid this by
using the already running call to process the state change.
It was possible to hit this sequence in the hwsim test case
ap_wpa2_eap_eke_server_oom.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This new hostapd configuration parameter can be used to enable TLS
session resumption. This commit adds the configuration parameter through
the configuration system and RADIUS/EAPOL/EAP server components. The
actual changes to enable session caching will be addressed in followup
commits.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 6959145b86 ('FST: Integration into
hostapd') introduced this duplicated call due to an incorrect merge
conflict resolution in ap_sta_set_authorized(). An earlier commit
61fc90483f ('P2P: Handle improper WPS
termination on GO during group formation') had moved this call to an
earlier location in the function and there is no point in re-introducing
another copy of the call at the end of the function.
Signed-off-by: Jouni Malinen <j@w1.fi>
Couple of the for-each-interface loops used incorrect return value when
skipping over non-WPS interfaces. This could result in skipping some WPS
interfaces in the loop and returning error. Setting AP PIN did not check
for WPS being enabled at all and trigger a NULL pointer dereference if
non-WPS interface was enabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows the new own_ie_override=<hexdump> configuration parameter to
be used to replace the normally generated WPA/RSN IE(s) for testing
purposes in CONFIG_TESTING_OPTIONS=y builds.
Signed-off-by: Jouni Malinen <j@w1.fi>
The PMKIDCount, PMKID List, and Group Management Cipher Suite fields are
optional to include in the RSNE in cases where these would not have
values that are different from the default values. In practice,
PMKIDCount is always 0 in Beacon and Probe Response frames, so the only
field of these that could have a non-default value is Group Management
Cipher Suite. When BIP is used, that field is not needed either due to
BIP being the default cipher when PMF is enabled.
Remove these fields from RSNE when BIP is used to save six octets in
Beacon and Probe Response frames. In addition to reduced frame length,
this is a workaround for interoperability issues with iOS 8.4 in cases
where FT and PMF are enabled. iOS seems to be rejecting EAPOL-Key msg
3/4 during FT initial mobility domain association if the RSNE includes
the PMKIDCount field.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is similar to the earlier commit
b363121a20 ('WPS: Reject invalid
credential more cleanly'), but for the AP cases where AP settings are
being replaced. Previously, the new settings were taken into use even if
the invalid PSK/passphrase had to be removed. Now, the settings are
rejected with such an invalid configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This buffer is owned by the FST module, so mark it const in the
set_ies() callback to make it clearer which component is responsible for
modifying and freeing this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The mesh SAE auth often fails with master branch. By bisect I found
commit eb5fee0bf5 ('SAE: Add side-channel
protection to PWE derivation with ECC') causes this issue. This does not
mean the commit has a bug. This is just a CPU resource issue.
After the commit, sae_derive_pwe_ecc() spends 101(msec) on my PC (Intel
Atom N270 1.6GHz). But dot11RSNASAERetransPeriod is 40(msec). So
auth_sae_retransmit_timer() is always called and it can causes
continuous frame exchanges. Before the commit, it was 23(msec).
On the IEEE 802.11 spec, the default value of dot11RSNASAERetransPeriod
is defined as 40(msec). But it looks short because generally mesh
functionality will be used on low spec devices. Indeed Raspberry Pi B+
(ARM ARM1176JZF-S 700MHz) requires 287(msec) for new
sae_derive_pwe_ecc().
So this patch makes the default to 1000(msec) and makes it configurable.
This issue does not occur on infrastructure SAE because the
dot11RSNASAERetransPeriod is not used on it.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The new CONFIG_NO_RC4=y build option can be used to remove all internal
hostapd and wpa_supplicant uses of RC4. It should be noted that external
uses (e.g., within a TLS library) do not get disabled when doing this.
This removes capability of supporting WPA/TKIP, dynamic WEP keys with
IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password
changes.
Signed-off-by: Jouni Malinen <j@w1.fi>
This avoids a call to hmac_md5() to fix the build. The EAPOL-Key frame
TX code is not applicable for any FIPS mode operation, so the simplest
approach is to remove this from the build.
Signed-off-by: Jouni Malinen <j@w1.fi>
When ACS is offloaded to device driver and the hw_mode parameter is set
to any, the current_mode structure is NULL which fails the ACS command.
Fix this by populating the ACS channel list with channels from all bands
when current_mode is NULL.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends the previous PMF (CONFIG_IEEE80211W=y) design that used
functionality from the FT (CONFIG_IEEE80211R=y) changes to work without
requiring CONFIG_IEEE80211R=y build option to be included.
Signed-off-by: Ashok Ponnaiah <aponnaia@qti.qualcomm.com>
This new mechanism can be used to combine multiple periodic AP
(including P2P GO) task into a single eloop timeout to minimize number
of wakeups for the process. hostapd gets its own periodic caller and
wpa_supplicant uses the previously added timer to trigger these calls.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The caller is not expected to free or modify the value since this is
returning a reference to a buffer maintained by the upper layer.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends the hostapd global control interface ADD command to allow
driver wrapper to be specified ("ADD <ifname> <ctrl_iface> <driver>").
Previously, this case that did not use a configuration file allowed only
the default driver wrapper to be used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need to waste resources for this packet socket if FT-over-DS
is disabled or when operating P2P GO or AP mode in wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds the FST IEs received from the FST module into Beacon, Probe
Response, and (Re)Association Response frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit implements hostapd global control interface notifications
infrastructure. hostapd global control interface clients issue
ATTACH/DETACH commands to register and deregister with hostapd
correspondingly - the same way as for any other hostapd/wpa_supplicant
control interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The IPv6 address in the frame buffer may not be 32-bit aligned, so use a
local copy to align this before reading the address with 32-bit reads
(s6_addr32[]).
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not allow 40 MHz co-ex PRI/SEC switch to force us to change our PRI
channel if we have an existing connection on the selected PRI channel
since doing multi-channel concurrency is likely to cause more harm than
using different PRI/SEC selection in environment with multiple BSSes on
these two channels with mixed 20 MHz or PRI channel selection.
Signed-off-by: Jouni Malinen <j@w1.fi>
This check explicitly for reflection attack and stops authentication
immediately if that is detected instead of continuing to the following
4-way handshake that would fail due to the attacker not knowing the key
from the SAE exchange.
Signed-off-by: Jouni Malinen <j@w1.fi>
The eap argument to this function is never NULL and the earlier
ieee802_1x_learn_identity() call is dereferencing it anyway, so there is
no point in checking whether it is NULL later in the function.
Signed-off-by: Jouni Malinen <j@w1.fi>
This needs to find the PRI channel also in cases where the affected
channel is the SEC channel of a 40 MHz BSS, so need to include the
scanning coverage here to be 40 MHz from the center frequency. Without
this, it was possible to miss a neighboring 40 MHz BSS that was at the
other end of the 2.4 GHz band and had its PRI channel further away from
the local BSS.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, the common WLAN-* RADIUS attributes were added only when WPA
or WPA2 was used. These can be of use for OSEN as well, so include them
in that case, too.
Signed-off-by: Jouni Malinen <j@w1.fi>
Change send_mlme() API to allow sending management frames on a specific
channel, overriding the internal driver decision.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Currently, if multiple bss share are bridge and tagged vlan interface,
only the first instance of struct hostapd_vlan for this vlanid will have
the DVLAN_CLEAN_VLAN flag added. Thus, when this instance is removed,
the tagged vlan interface will be removed from bridge, thought other bss
might still need it. Similarily, the bridge will be left over, as the
does not have zero ports when the first instance of a struct
hostapd_vlan is freed.
This patch fixes this by having a global (per process) reference counter
for dynamic tagged vlan and dynamically created bridge interfaces, so
they are only removed after all local users are freed. (struct
hapd_interfaces *)->vlan_priv is used to hold src/ap/vlan_init.c global
per-process data like drv_priv does; right now this is only used for the
interface reference counting, but could get extended when needed. Then
possibly some vlan_global_init / vlan_global_deinit should be added, but
this is not required right now.
Additionally, vlan->configured is checked to avoid reference counter
decreasing before vlan_newlink increased them.
In order to avoid race conditions, vlan_dellink is called explicitly
after hostapd_vlan_if_remove. Otherwise there would be a short timeframe
between hostapd_vlan_if_remove and vlan_dellink during which the struct
hostapd_vlan still exists, so ap_sta_bind_vlan would try to attach
stations to it.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Commit 95b6bca66d ('Add rsn_pairwise bits
to set_ieee8021x() driver_ops') modified cipher configuration to use
unconditionally wpa_pairwise | rsn_pairwise. While that works for many
cases, it does not handle the case of dynamic configuration changes over
the control interface where wpa_pairwise or rsn_pairwise values may not
get cleared when the wpa parameter is modified. Fix this inconsistency
by configuring the driver with only the bits that are valid for the
currently enabled WPA/WPA2 version(s).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
So that systems with bad clocks will send random session IDs,
instead of always ones starting at the same second.
If os_get_random() isn't available, use os_get_time(). But also
mix in now.tv_usec, so that the accounting session ID is more
likely to be globally and temporally unique.
Signed-off-by: Alan DeKok <aland@freeradius.org>
Explicitly check for iface->current_mode before dereferencing it. While
this case may not happen in practice, it is better for the setup
functions to be more careful when doing the initial band selection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When device supports dual band operations with offloaded ACS, hw_mode
can now be set to any band (hw_mode=any) in order to allow ACS to select
the best channel from any band. After a channel is selected, the hw_mode
is updated for hostapd.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The ACS code part of hostapd scans all the channels even if the channel
list is specified in the hostapd.conf. Limit the ACS scan channels to
the list specified in the config file.
Signed-off-by: Srinivasa Duvvuri<sduvvuri@chromium.org>
The length of the WMM Action frame was not properly validated and the
length of the information elements (int left) could end up being
negative. This would result in reading significantly past the stack
buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
so, resulting in segmentation fault.
This can result in an invalid frame being used for a denial of service
attack (hostapd process killed) against an AP with a driver that uses
hostapd for management frame processing (e.g., all mac80211-based
drivers).
Thanks to Kostya Kortchinsky of Google security team for discovering and
reporting this issue.
Signed-off-by: Jouni Malinen <j@w1.fi>
In theory, the previous version could have resulted in reading one byte
beyond the end of the management frame RX buffer if the local driver
were to deliver a truncated Public Action frame for processing. In
practice, this did not seem to happen with mac80211-based drivers and
even if it were, the extra octet would be an uninitialized value in a
buffer rather than read beyond the end of the buffer.
Signed-off-by: Jouni Malinen <j@w1.fi>
Handling of WPS RF band for 60 GHz was missing. Add it in all relevant
places and also map "AES" as the cipher to GCMP instead of CCMP when
operating on the 60 GHz band.
Signed-off-by: Hamad Kadmany <qca_hkadmany@qca.qualcomm.com>
This can be used with Proxy ARP to allow multicast NAs to be forwarded
to associated STAs using link layer unicast delivery. This used to be
hardcoded to be enabled, but it is now disabled by default and can be
enabled with na_mcast_to_ucast=1. This functionality may not be desired
in all networks and most cases work without it, so the new
default-to-disabled is more appropriate.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, struct wpa_group was created when the first station enters
the group and the struct wpa_group was not freed when all station left
the group. This causes a problem because wpa_group will enter
FATAL_FAILURE when a wpa_group is running while the AP_VLAN interface
has already been removed.
Fix this by adding a reference counter to struct wpa_group and free a
group if it is unused.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
If hostapd has bound a STA into a specific VLAN, the new vlan_id
parameter in the control interface STA command can now be used to check
which VLAN ID is in use.
Signed-off-by: Jouni Malinen <j@w1.fi>
All the system header files are supposed to be included before any other
internal header file apart from utils/includes.h.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, mesh state machine transmits updated Commit Message when
receiving a Confirm Message in Committed state. According to the
standard, it should (re)send the latest Commit Message previously sent.
IEEE Std 802.11-2012, 11.3.8.6.4 Protocol instance behavior - Committed
state:
"Upon receipt of a Con event, ... If Sync is not greater than
dot11RSNASAESync, the protocol instance shall increment Sync, transmit
the last Commit Message sent to the peer, and set the t0
(retransmission) timer."
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This extends dynamic_vlan=required checks to apply for WPA-PSK with
macaddr_acl=2 (RADIUS) case.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the element is of fixed length.
Signed-off-by: Jouni Malinen <j@w1.fi>
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the element is of fixed length.
Signed-off-by: Jouni Malinen <j@w1.fi>
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the element is of fixed length.
Signed-off-by: Jouni Malinen <j@w1.fi>
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the only allowed element length is one.
Signed-off-by: Jouni Malinen <j@w1.fi>
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the only allowed element length is one.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 88b32a99d3 ('FT: Add FT AP support
for drivers that manage MLME internally') added an alternative way of
processing the WMM TSPEC from RIC. However, that change did not seem to
include the same checks for WMM TSPEC element length that were used in
the original implementation for MLME-in-hostapd case. Fix this by
sharing the older implementation of copying the WMM TSPEC from RIC for
both cases.
It looks like the destination buffer for the response is sufficiently
long for the fixed length copy, but it may have been possible to trigger
a read beyond the end of the FTIE by about 50 bytes. Though, that seems
to be within the buffer received for RX buffer in the case that uses
this driver-based AP MLME design for FT.
Signed-off-by: Jouni Malinen <j@w1.fi>
The multi-SSID design that used a single beaconing BSSID with multiple
SSIDs was never completed in this repository, so there is no need to
maintain the per-STA ssid/ssid_probe pointers that could only point to
&hapd->conf->ssid. Save some memory and reduce code complexity by
removing this unused partial capability.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to interpret debug logs for cases where hostapd
control multiple interfaces.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to interpret debug logs in case hostapd controls
multiple interfaces and a STA roams between them.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Currently, vlan_remove_dynamic() is only called when the station VLAN ID
is changed (ap_sta_bind_vlan), but not when the station is freed. So
dynamic VLAN interfaces are not removed actually except within 1x
reauthentification VLAN ID change, although most of the code is already
there.
This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta().
It cannot just use sta->vlan_id for this, as this might have been
changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth
fetches from RADIUS cache for WPA-PSK), thus reference counting might
not have been updated. Additionally, reference counting might get wrong
due to old_vlanid = 0 being passed unconditionally, thus increasing the
reference counter multiple times.
So tracking the currently assigned (i.e., dynamic_vlan counter
increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore,
the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and
setting the VLAN for the sta in driver happens unconditionally.
Additionally, vlan->dynamic_vlan is only incremented when it actually
is a dynamic VLAN.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
hostapd receives NEWLINK messages multiple times and thus does
configuration of the the vlan interface multiple times.
This is not required and leads to the following during cleanup in
test pmksa_cache_preauth_vlan_used:
1. run-test.py does: brctl delif brvlan1 wlan3.1
2. hostapd processes NEWLINK and does: brctl addif brvlan1 wlan3.1
3. run-test.py does: brctl delbr brvlan1
-> fails as wlan3.1 is still in the bridge
This patch fixes this by ignoring repeated NEWLINK messages.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
When hitting
> Failed to create interface wlan3.1: -23 (Too many open files in system)
> Try to remove and re-create wlan3.1
hostapd deletes the AP_VLAN interface and then recreates it. Thus the
kernel assigns the same ifidx to the new interfaces and sends DELLINK
and NEWLINK mesages.
As the DELLINK messages are processed after the struct hostapd_vlan is
added, hostapd deletes the struct hostapd_vlan entry, deconfigures the
AP_VLAN interface and leaves vlan_newlink nothing to find afterwards.
So this patch makes DELLINK messages to be ignored when the interface
exists.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Previously, during RSN preauthentication, ap_sta_bind_vlan() was called,
which fails for non-zero sta->vlan_id as the station is not known to the
kernel driver.
Fix this by binding the station only if it is associated. If it is not
associated, ap_sta_bind_vlan() will be done later during association.
In addition, reject Access-Accept if the returned VLAN ID is not valid
in the current hostapd configuration.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>