If the kernel rtm_newlink or rtm_dellink send the maximum length of
ifname (IFNAMSIZ), the event handlers in
wpa_driver_nl80211_event_rtm_addlink() and
wpa_driver_nl80211_event_rtm_dellink() did not copy the IFLA_IFNAME
value. Because the RTA_PAYLOAD (IFLA_IFNAME) length already includes the
NULL termination, that equals the IFNAMSIZ.
Fix the condition when IFNAME reach maximum size.
Signed-off-by: Ouden <Ouden.Biz@gmail.com>
Add key configuration parameters needed to support Extended Key ID with
pairwise keys. Add a driver capability flag to indicate support forusing
this.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
KEY_FLAG_MODIFY was initial added for the planned Extended Key ID
support with commit a919a26035 ("Introduce and add key_flag") and then
removed with commit 82eaa3e688 ("Remove the not yet needed
KEY_FLAG_MODIFY") to simplify commit e9e69221c1 ("Validity checking
function for key_flag API").
Add it again and update check_key_flag() accordingly.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
The actual TX status (whether ACK frame was received) was not included
in the debug log in AP mode. Add that for all cases. In addition, add
some more details in the debug log to make the log more helpful in
debugging issues related to frame delivery.
Signed-off-by: Jouni Malinen <j@w1.fi>
The return value from nl80211_send_monitor() is not suitable for use
with strerror(). Furthermore, nl80211_send_monitor() itself is printing
out a more detailed error reason.
Signed-off-by: Jouni Malinen <j@w1.fi>
send_and_recv_msgs() returns a negative number as the error code and
that needs to be negated for strerror().
Fixes: 8759e9116a ("nl80211: Control port over nl80211 helpers")
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_tdls_set_key() did set the key_id to -1 to avoid a useless
NL80211_CMD_SET_KEY call that the updated nl80211 driver no longer
carries out. Remove the no longer required workaround.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Migrate nl80211 driver to key_flag API and add additional sanity checks.
I'm still not sure why we install unicast WEP keys also as default
unicast keys. Based on how I understand how mac80211 handles that it
should be pointless. I just stuck to how we do things prior to the patch
for WEP keys to not break anything. After all other drivers may need it.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Always report an error when NL80211_CMD_SET_KEY can't set a key to
default.
The old ioctl-based design used a single command to add, set, and delete
a key and had to ignore ENOENT for key deletions. It looks like that
special handling was also ported for NL80211_CMD_NEW_KEY and
NL80211_CMD_SET_KEY instead only for NL80211_CMD_DEL_KEY.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Calling NL80211_CMD_NEW_KEY with NL80211_KEY_DEFAULT_TYPES attributes is
pointless. The information is not expected and therefore the kernel
never forwards it to the drivers. That attribute is used with
NL80211_CMD_SET_KEY.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Allow to abort key installations with different error codes and fix one
misleading return code.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Turns out we are sometime providing a seq when deleting the key. Since
that makes no sense on key deletion let's stop forwarding that to the
driver at least.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
I decided to drop KEY_FLAG_MODIFY instead of allowing flag combinations not
yet used in the code and will simply recreate it with the Extended Key
ID patches once we get there. For that reason I also did not renumber
the flags.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
There is no support for using the control port for sending out EAPOL
frames through privsep yet, so mask out this capability to fall back to
the l2_packet based design.
Signed-off-by: Jouni Malinen <j@w1.fi>
To support PASN authentication flow, where Authentication frames are
sent by wpa_supplicant using the send_mlme() callback, modify the logic
to also send EVENT_TX_STATUS for Authentication frames.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
PASN authentication can be performed while a station interface is
connected to an AP. To allow sending PASN frames while connected, extend
the send_mlme() driver callback to also allow a wait option. Update the
relevant drivers and wpa_supplicant accordingly.
hostapd calls for send_mlme() are left unchanged, since the wait option
is not required there.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
If the driver requires external SAE authentication, it would result in
registration for all Authentication frames, so even non-SAE
Authentication frames might be forwarded to user space instead of being
handled internally. Fix this by using a more strict match pattern,
limiting the registration to the SAE authentication algorithm only.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add a new capability flag based on the nl80211 feature advertisement and
start using the new default key type for Beacon protection. This enables
AP mode functionality to allow Beacon protection to be enabled. This is
also enabling the previously added ap_pmf_beacon_protection_* hwsim test
cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The CAN_REPLACE_PTK0 flag provided by nl80211 can be used to detect if
the card/driver is explicitly indicating capability to rekey STA PTK
keys using only keyid 0 correctly.
Check if the card/driver supports it and make the status available as a
driver flag.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Hardcoded CONFIG_IEEE80211N to be included to clean up implementation.
More or less all new devices support IEEE 802.11n (HT) and there is not
much need for being able to remove that functionality from the build.
Included this unconditionally to get rid of one more build options and
to keep things simpler.
Signed-off-by: Jouni Malinen <j@w1.fi>
nla_nest_start() might fail, so need to check its return value similarly
to all the other callers.
Fixes: a84bf44388 ("HE: Send the AP's OBSS PD settings to the kernel")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously only couple of AKM suite selectors were converted into
NL80211_ATTR_AKM_SUITES. Add rest of the AKM suites here. However, since
the current kernel interface has a very small limit
(NL80211_MAX_NR_AKM_SUITES = 2), add the attribute only when no more
than that limit entries are included. cfg80211 would reject the command
with any more entries listed.
This needs to be extended in cfg80211/nl80211 in a backwards compatible
manner, so this seems to be the best that can be done for now in user
space. Many drivers do not use this attribute, so must not reject the
configuration completely when larger number of AKM suites is configured.
Such cases may not work properly with drivers that depend on
NL80211_ATTR_AKM_SUITES value.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is needed to work around a missing attribute that would cause
cfg80211 to reject some nl80211 commands (e.g.,
NL80211_ATTR_VENDOR_DATA) with new kernel versions that enforce netlink
attribute policy validation.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
SM Power Save was described in somewhat unclear manner in IEEE Std
802.11n-2009 as far the use of it locally in an AP to save power. That
was clarified in IEEE Std 802.11-2016 to allow only a non-AP STA to use
SMPS while the AP is required to support an associated STA doing so. The
AP itself cannot use SMPS locally and the HT Capability advertisement
for this is not appropriate.
Remove the parts of SMPS support that involve the AP using it locally.
In practice, this reverts the following commits:
04ee647d58 ("HT: Let the driver advertise its supported SMPS modes for AP mode")
8f461b50cf ("HT: Pass the smps_mode in AP parameters")
da1080d721 ("nl80211: Advertise and configure SMPS modes")
Signed-off-by: Jouni Malinen <j@w1.fi>
A driver supports FT if it either supports SME or the
NL80211_CMD_UPDATE_FT_IES command. When selecting AKM suites,
wpa_supplicant currently doesn't take into account whether or not either
of those conditions are met. This can cause association failures, e.g.,
when an AP supports both WPA-EAP and FT-EAP but the driver doesn't
support FT (wpa_supplicant will decide to do FT-EAP since it is unaware
the driver doesn't support it). This change allows an FT suite to be
selected only when the driver also supports FT.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
The internal WMM AC parameters use just the exponent of the CW value,
while nl80211 reports the full CW value. This led to completely bogus
CWmin/CWmax values in the WMM IE when a regulatory limit was present.
Fix this by converting the value to the exponent before passing it on.
Fixes: 636c02c6e9 ("nl80211: Add regulatory wmm_limit to hostapd_channel_data")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
nl80211 uses a different queue mapping from hostap, so AC indexes need
to be converted.
Fixes: 636c02c6e9 ("nl80211: Add regulatory wmm_limit to hostapd_channel_data")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The size of a single route(4) message cannot be derived from
either the size of the AF_INET or AF_INET6 routing tables.
Both could be empty or very large.
As such revert back to a buffer size of 2048 which mirrors
other programs which parse the routing socket.
Signed-off-by: Roy Marples <roy@marples.name>
Now that both hostapd and wpa_supplicant react to interface flag
changes, there is no need to set or remove IFF_UP.
It should be an administrative flag only.
Signed-off-by: Roy Marples <roy@marples.name>
There is little point in having both and it brings interface
addition/removal and IFF_UP notifications to hostapd.
Signed-off-by: Roy Marples <roy@marples.name>
When external authentication is used, the station send mlme frame (auth)
to the driver may not be able to get the frequency (bss->freq) after
hostap.git commit b6f8b5a9 ("nl80211: Update freq only when CSA
completes"). Use the assoc_freq to send the MLME frame when SAE external
authentication is used to avoid this issue.
Signed-off-by: Ouden <Ouden.Biz@gmail.com>
Update the documentation with values to be sent for seg0 and seg1 fields
in external ACS result event for 20 MHz, 40 MHz, 80 MHz, 160 MHz, and
80+80 MHz channels. These values match the changes done to definitions
of seg0 and seg1 fields in the IEEE 802.11 standard.
This vendor command had not previously been documented in this level of
detail and had not actually been used for the only case that could have
two different interpretation (160 MHz) based on which version of IEEE
802.11 standard is used.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add the new set_key() parameter "key_flag" to provide more specific
description of what type of a key is being configured. This is needed to
be able to add support for "Extended Key ID for Individually Addressed
Frames" from IEEE Std 802.11-2016. In addition, this may be used to
replace the set_tx boolean eventually once all the driver wrappers have
moved to using the new key_flag.
The following flag are defined:
KEY_FLAG_MODIFY
Set when an already installed key must be updated.
So far the only use-case is changing RX/TX status of installed
keys. Must not be set when deleting a key.
KEY_FLAG_DEFAULT
Set when the key is also a default key. Must not be set when
deleting a key. (This is the replacement for set_tx.)
KEY_FLAG_RX
The key is valid for RX. Must not be set when deleting a key.
KEY_FLAG_TX
The key is valid for TX. Must not be set when deleting a key.
KEY_FLAG_GROUP
The key is a broadcast or group key.
KEY_FLAG_PAIRWISE
The key is a pairwise key.
KEY_FLAG_PMK
The key is a Pairwise Master Key (PMK).
Predefined and needed flag combinations so far are:
KEY_FLAG_GROUP_RX_TX
WEP key not used as default key (yet).
KEY_FLAG_GROUP_RX_TX_DEFAULT
Default WEP or WPA-NONE key.
KEY_FLAG_GROUP_RX
GTK key valid for RX only.
KEY_FLAG_GROUP_TX_DEFAULT
GTK key valid for TX only, immediately taking over TX.
KEY_FLAG_PAIRWISE_RX_TX
Pairwise key immediately becoming the active pairwise key.
KEY_FLAG_PAIRWISE_RX
Pairwise key not yet valid for TX. (Only usable with Extended Key ID
support.)
KEY_FLAG_PAIRWISE_RX_TX_MODIFY
Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX.
KEY_FLAG_RX_TX
Not a valid standalone key type and can only used in combination
with other flags to mark a key for RX/TX.
This commit is not changing any functionality. It just adds the new
key_flag to all hostapd/wpa_supplicant set_key() functions without using
it, yet.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
This is the function that actually uses the parameters, so pass the full
parameter struct to it instead of hiding the struct from it in the
simple wrapper.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
