2014-08-09 03:22:58 +02:00
|
|
|
Background
|
|
|
|
==========
|
|
|
|
|
|
|
|
- Priority scale: High, Medium and Low
|
|
|
|
|
|
|
|
- Complexity scale: C1, C2, C4 and C8. The complexity scale is exponential,
|
|
|
|
with complexity 1 being the lowest complexity. Complexity is a function
|
|
|
|
of both task 'complexity' and task 'scope'.
|
|
|
|
|
|
|
|
The general rule of thumb is that a complexity 1 task should take 1-2 weeks
|
|
|
|
for a person very familiar with the codebase. Higher complexity tasks
|
|
|
|
require more time and have higher uncertainty.
|
|
|
|
|
|
|
|
Higher complexity tasks should be refined into several lower complexity tasks
|
|
|
|
once the task is better understood.
|
|
|
|
|
|
|
|
|
|
|
|
mac80211_hwsim
|
|
|
|
==============
|
|
|
|
|
|
|
|
- Add support for HWSIM_CMD_SET_RADIO command
|
|
|
|
|
|
|
|
To allow modifying an existing radio, add the HWSIM_CMD_SET_RADIO. The
|
|
|
|
first possible feature should be to emulate the hardware RFKILL switch.
|
|
|
|
|
|
|
|
It might be required to add a HWSIM_ATTR_RADIO_HW_RFKILL attribute flag
|
|
|
|
to the HWSIM_CMD_NEW_RADIO to enable virtual radios with a hardware
|
|
|
|
level RFKILL switch.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C1
|
|
|
|
|
2014-08-09 04:15:38 +02:00
|
|
|
- Allow configuration of MAC address or list of MAC addresses
|
|
|
|
|
|
|
|
The radios are auto-generating a fake MAC address. It would be useful
|
|
|
|
to allow specifying a MAC address to be used. In certain cases it might
|
|
|
|
be also useful to provide a list of MAC addresses so that for example
|
|
|
|
with secondary interfaces these can be used.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C2
|
|
|
|
|
|
|
|
- Move mac80211_hwsim.h header file to UAPI includes
|
|
|
|
|
|
|
|
The mac80211_hwsim.h is the public API description of this netlink
|
|
|
|
interface and thus it should be provided via UAPI includes.
|
|
|
|
|
|
|
|
For this work work the mac80211_hwsim.h header needs to be modified
|
|
|
|
so that it also compiles from userspace. At the moment it throws
|
|
|
|
errors. And it needs to become part of the UAPI headers of the
|
|
|
|
Linux kernel.
|
|
|
|
|
|
|
|
In addition it should provide HWSIM_GENL_NAME that provides the
|
|
|
|
generic netlink "MAC82011_HWSIM" family string.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C1
|
|
|
|
|
2014-08-09 03:22:58 +02:00
|
|
|
- Provide kernel option to allow defining the number of initial radios
|
|
|
|
|
|
|
|
By default the mac80211_hwsim modules creates 2 radios by default unless
|
|
|
|
it is overwritten with the radios=x module parameter.
|
|
|
|
|
|
|
|
To allow loading the mac80211_hwsim by default and even with accidental
|
|
|
|
loading of the module, it would be good to provide a kernel configuration
|
|
|
|
option that allows changing the default value here.
|
|
|
|
|
|
|
|
For our testing we want to load mac80211_hwsim without any radios. Maybe
|
|
|
|
this should be the default for the new kernel option.
|
|
|
|
|
2014-08-09 04:15:38 +02:00
|
|
|
If the default of initial radios can be changed to zero, then it is also
|
|
|
|
possible to add MODULE_ALIAS_GENL_FAMILY to support auto-loading of
|
|
|
|
the mac80211_hwsim kernel module.
|
|
|
|
|
2014-08-09 03:22:58 +02:00
|
|
|
Priority: Low
|
|
|
|
Complexity: C1
|
|
|
|
|
|
|
|
- New configuration options for radios
|
|
|
|
|
|
|
|
At the moment the radios created are all equal and feature rich. However
|
|
|
|
for testing we want to create radios with different emulated hardware
|
|
|
|
capabilities. Provide new attributes or flags that allow enabling or
|
|
|
|
disabling certain mac80211 features.
|
|
|
|
|
|
|
|
For example AP mode, P2P mode, number of interface combinations, TDLS
|
|
|
|
support, number of Scan SSIDs, supported ciphers and so on.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C2
|
2014-08-09 03:38:42 +02:00
|
|
|
|
|
|
|
|
|
|
|
cfg80211 / nl80211
|
|
|
|
==================
|
|
|
|
|
2014-08-09 09:12:20 +02:00
|
|
|
- Disconnect from network / station when client crashes
|
|
|
|
|
|
|
|
When associating or connecting to a network, it should be possible to
|
|
|
|
bind this transaction to a specific netlink client. So that in case
|
|
|
|
this client terminates without, any connection will be also terminated.
|
|
|
|
|
|
|
|
This should affect NL80211_CMD_ASSOCIATE and NL80211_CMD_CONNECT. It
|
|
|
|
seems that this is not needed for NL80211_CMD_AUTHENTICATE since that
|
|
|
|
command will eventually time out, but it might be a good idea to even
|
|
|
|
support it there.
|
|
|
|
|
|
|
|
Maybe a new attribute similar to NL80211_ATTR_IFACE_SOCKET_OWNER should
|
|
|
|
be used for this behavior.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C4
|
|
|
|
|
2014-08-09 03:38:42 +02:00
|
|
|
- Add missing support for NL80211_CMD_GET_INTERFACE filtering
|
|
|
|
|
|
|
|
The NL80211_CMD_GET_INTERFACE command description indicates that you
|
|
|
|
can filter results based NL80211_ATTR_WIPHY. This feature has never
|
|
|
|
been implemented.
|
|
|
|
|
|
|
|
Either remove that feature from the description since it does not exist
|
|
|
|
or actually implemented the filtering on wiphy. Johannes indicated that
|
|
|
|
fixing the description might be the better approach. If the feature is
|
|
|
|
easy to add, then it should be added. However if filtering on wiphy is
|
|
|
|
a rather complicated task, then better just update the description to
|
|
|
|
match the reality.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C2
|
2014-08-09 04:31:14 +02:00
|
|
|
|
|
|
|
|
|
|
|
Wireless monitor
|
|
|
|
================
|
|
|
|
|
|
|
|
- Add support for Information Element (IE) decoding
|
|
|
|
|
|
|
|
Several netlink attributes provide binary blobs representing IEs. Add
|
|
|
|
support for decoding them inline using the src/ie.c infrastructure.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C1
|
2014-11-13 15:37:21 +01:00
|
|
|
Owner: Patrik Flykt <patrik.flykt@linux.intel.com>
|
2014-08-09 04:31:14 +02:00
|
|
|
|
2014-08-11 06:37:13 +02:00
|
|
|
- Add support for PACKET_RECV_OUTPUT socket option of AF_PACKET
|
|
|
|
|
|
|
|
Instead of having to switch every interface manually into promiscuous
|
|
|
|
mode, it would be useful to set PACKET_RECV_OUTPUT to receive also
|
|
|
|
the traffic that leaves the system.
|
|
|
|
|
|
|
|
This would make tracing PAE / EAPoL traffic easy and provides better
|
|
|
|
sniffing capabilities.
|
|
|
|
|
2015-01-22 16:45:32 +01:00
|
|
|
Unfortunately, PACKET_RECV_OUTPUT logic is not implemented at all in
|
|
|
|
the kernel. So, first implement it in the kernel, and then use it in
|
|
|
|
nlmon.c as a set_sockopt option.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C8
|
2014-08-11 06:37:13 +02:00
|
|
|
|
2014-08-09 04:31:14 +02:00
|
|
|
- Subscribe to all nl80211 multicast groups at startup
|
|
|
|
|
|
|
|
It seems the nlmon packets are limited to actual subscribed mutlicast
|
|
|
|
groups. To get a complete picture of all the nl80211 commands and
|
|
|
|
events, it is required that iwmon adds membership to all multicast
|
|
|
|
groups that the nl80211 lists.
|
|
|
|
|
|
|
|
This means that the netlink socket used for resolving nl80211 family
|
2014-08-10 01:15:23 +02:00
|
|
|
name needs to be kept open and actively processed since it will also
|
2014-08-09 04:31:14 +02:00
|
|
|
receive these multicast events. However the event itself can be dropped
|
|
|
|
since the one from nlmon with the proper kernel level timestamps should
|
|
|
|
be taken into account.
|
|
|
|
|
2014-08-10 01:15:23 +02:00
|
|
|
An alternative is to fix the netlink_deliver_tap() function in the
|
|
|
|
kernel netlink layer to not be affected by the broadcast filtering.
|
|
|
|
|
2014-08-09 04:31:14 +02:00
|
|
|
Priority: Medium
|
|
|
|
Complexity: C1
|
|
|
|
|
|
|
|
- Add support for receiving kernel side timestamps
|
|
|
|
|
|
|
|
When packets are received from nlmon, they should be marked with an
|
|
|
|
appropiate timestamp. Enable SO_TIMESTAMP socket option.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C1
|
|
|
|
|
|
|
|
- Colorize the command, response and event packets
|
|
|
|
|
|
|
|
Use terminal colors to separate command, response and event packets
|
|
|
|
with different colors.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C1
|
2014-08-09 04:57:02 +02:00
|
|
|
|
|
|
|
- Add support for writing PCAP files
|
|
|
|
|
|
|
|
The new -w <file> option should allow for writing PCAP files with the
|
|
|
|
Linux SLL link type.
|
|
|
|
|
|
|
|
When creating PCAP files using tcpdump a lot of extra information from
|
|
|
|
all netlink sockets are written. This write support should only write
|
|
|
|
the information related to nl80211. However parts from the generic
|
|
|
|
netlink control channel from resolving the nl80211 family name must
|
|
|
|
be included as well.
|
|
|
|
|
|
|
|
It might be also beneficial to include RTNL messages related to the
|
|
|
|
wireless network interfaces. Currently these are all filtered out.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C2
|
|
|
|
|
|
|
|
- Track RTNL messages for wireless network interface
|
|
|
|
|
|
|
|
The RTNL messages indicate operation state changes and with are also
|
|
|
|
relevant for a complete picture of the userspace kernel communication.
|
|
|
|
|
|
|
|
However the complicated part is to identify which network interfaces
|
|
|
|
are wireless related and which are not. Obviously the non-wireless
|
|
|
|
network interfaces need to be filtered out.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C2
|
2015-01-19 11:27:56 +01:00
|
|
|
Owner: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
|
2014-08-09 04:57:02 +02:00
|
|
|
|
|
|
|
- Handle netlink core control messages correctly
|
|
|
|
|
|
|
|
The core control netlink messages for NLMSG_ERROR and NLMSG_DONE are
|
|
|
|
not decoded properly. Add detailed decoding and also decode all the
|
|
|
|
flags that are related to the core control messages.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C1
|
2015-01-08 10:48:46 +01:00
|
|
|
Owner: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
|
2014-08-09 05:08:03 +02:00
|
|
|
|
2015-01-22 02:18:33 +01:00
|
|
|
- Decode netlink REKEY_DATA attribute
|
|
|
|
|
|
|
|
According to nl80211, NL80211_ATTR_REKEY_DATA is a 'nested attribute
|
|
|
|
containing the information necessary for GTK rekeying in the device'. The
|
|
|
|
data seems to contain TK, GTK and Replay Counter attributes. However, the
|
|
|
|
format of the 'nesting' is not specified.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C1
|
|
|
|
|
2015-01-29 04:17:03 +01:00
|
|
|
- Decode netlink BSS_CAPABILITY attribute
|
|
|
|
|
|
|
|
The BSS_CAPABILITY attribute seems to be direct copy of the 802.11
|
|
|
|
Capability IE. The capability information should be decoded properly
|
|
|
|
and displayed.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C1
|
|
|
|
|
2015-01-29 04:20:16 +01:00
|
|
|
- Decode the RSNE field
|
|
|
|
|
|
|
|
Properly decode and display the RSNE field. This is particularly important
|
|
|
|
to properly analyze scan results and improve the scan categorization
|
|
|
|
functionality.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C1
|
|
|
|
|
2014-08-09 05:08:03 +02:00
|
|
|
|
|
|
|
Wireless simulator
|
|
|
|
==================
|
|
|
|
|
|
|
|
- Add support for builtin wireless access point emulator
|
|
|
|
|
|
|
|
When creating a pair of mac80211_hwsim radios, allow one to operate as
|
|
|
|
access point. The hwsim utility will emulate the access point on the
|
|
|
|
second interface for as long as it is running. Which means that from
|
|
|
|
the first interface it is possible to scan and connect to this access
|
|
|
|
point using standard wireless tools (including iwd and iwctl).
|
|
|
|
|
|
|
|
Code for the AP mode can be shared from iwd feature for access point
|
|
|
|
operation once that has been implemented.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C8
|
2014-08-09 05:17:11 +02:00
|
|
|
|
|
|
|
|
|
|
|
Wireless daemon
|
|
|
|
===============
|
|
|
|
|
2014-12-09 16:14:00 +01:00
|
|
|
- Building 802.11 authentications management frames
|
|
|
|
|
|
|
|
The other way round, provide a core API to encode an authentication
|
|
|
|
or deauthentication frame from a generic structure representing the
|
|
|
|
MPDU.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C2
|
|
|
|
Owner: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
|
|
|
|
|
|
|
|
- Handle the relevant logic of the authentication management frames
|
|
|
|
|
|
|
|
When an authentication management frame is received, such frame needs
|
|
|
|
to be understood and handled properly.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C2
|
2014-08-09 08:53:48 +02:00
|
|
|
|
2014-08-09 05:17:11 +02:00
|
|
|
- Add support for 4-way handshake authentication and key generation
|
|
|
|
|
|
|
|
The 4-way handshake key generation for pre-shared keys (PSK) should be
|
|
|
|
a standalone feature (independent from EAP).
|
|
|
|
|
|
|
|
It is also important to have extensive unit test support for 4-way
|
|
|
|
handshake messages and key generation itself.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C4
|
2014-12-10 05:26:42 +01:00
|
|
|
Owner: Denis Kenzior <denkenz@gmail.com>
|
2014-08-09 05:17:11 +02:00
|
|
|
|
|
|
|
- Add support for EAP based authentication and key generation
|
|
|
|
|
|
|
|
Provide full EAP support for enterprise wireless. However it should be
|
|
|
|
possible to build wireless daemon without EAP support.
|
|
|
|
|
|
|
|
It is also intended that this EAP code can be utilized as shared library
|
|
|
|
and be beneficial for systemd-networkd for wired authentication.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C8
|
2014-12-09 16:57:38 +01:00
|
|
|
|
|
|
|
- Create a document to doc describing general architecture and relation
|
|
|
|
between different objects.
|
|
|
|
|
|
|
|
Current understanding is that diffrent relation between elements
|
|
|
|
looks probably like this:
|
|
|
|
Manager->Wiphy->NetDevice->AvailableNetwork
|
|
|
|
|
|
|
|
Wiphy is the actual physical device, NetDevice is the network interface
|
|
|
|
and AvailableNetwork is {SSID, security} combo. Each network can have
|
|
|
|
a list of BSSs.
|
|
|
|
Consider also multi-wifi device scenarios. If user has multiple USB
|
|
|
|
WiFi dongles and switches between those cards, all previously configured
|
|
|
|
networks should still be available.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C2
|
|
|
|
|
|
|
|
- Centralize scanning logic and handling into scan.c.
|
|
|
|
|
|
|
|
There can be passive, active, listening (P2P) scanning to handle.
|
|
|
|
We need to handle background scan for roaming. Also scheduled scan
|
|
|
|
might need to be simulated when hw does not support it.
|
|
|
|
All scanning operations should be cancellable.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C4
|
|
|
|
|
|
|
|
- Implement agent support in iwd.
|
|
|
|
|
|
|
|
If something needs to be asked from user, like passphrase etc.
|
|
|
|
a DBus agent interface can be registered by the user.
|
|
|
|
This is similar as what is implemented in ConnMan and BlueZ.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C2
|
|
|
|
|
2015-01-16 07:10:52 +01:00
|
|
|
- Implement ARC4 cipher in iwd
|
|
|
|
|
|
|
|
ARC4 is used to encrypt EAPoL frames that are exchanged during WPA
|
|
|
|
authentication.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C1
|
|
|
|
Owner: Denis Kenzior <denkenz@gmail.com>
|
|
|
|
|
2015-01-16 07:12:19 +01:00
|
|
|
- Implement AES cipher in iwd
|
|
|
|
|
|
|
|
AES is used to encrypt EAPoL frames that are exchanged during WPA2
|
|
|
|
authentication.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C1
|
|
|
|
Owner: Denis Kenzior <denkenz@gmail.com>
|
|
|
|
|
2015-01-22 02:19:11 +01:00
|
|
|
- Add utility to create netlink REKEY_DATA attributes
|
|
|
|
|
|
|
|
The REKEY_DATA needs to be uploaded to the driver so that if re-keying is
|
|
|
|
triggered by the AP, the TK is updated properly. Additionally, helper
|
|
|
|
function to send NL80211_CMD_SET_REKEY_OFFLOAD command is required.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C1
|
|
|
|
|
2015-01-22 02:20:07 +01:00
|
|
|
- React to NL80211_CMD_SET_REKEY_OFFLOAD events
|
|
|
|
|
|
|
|
This command can be sent to userspace whenever a re-key transaction has
|
|
|
|
occurred. The information contains the Replay Counter. The Replay Counter
|
|
|
|
used by iwd needs to be updated with the new value.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C1
|
|
|
|
|
2015-01-22 02:21:43 +01:00
|
|
|
- Add utilities to set Transient Key into the driver
|
|
|
|
|
|
|
|
Once the 4-Way handshake is complete and the TK is generated, it must be sent
|
|
|
|
to the kernel so that normal traffic can be encrypted and decrypted
|
|
|
|
appropriately. This seems to be accomplished by NL80211_CMD_NEW_KEY
|
|
|
|
and NL80211_CMD_SET_KEY commands.
|
|
|
|
|
|
|
|
Priority: High
|
|
|
|
Complexity: C1
|
|
|
|
|
2015-01-22 17:02:38 +01:00
|
|
|
- Add unit test for each of the mpdu management frame type
|
|
|
|
|
|
|
|
Currently, only authentication and deauthentication frames have
|
|
|
|
proper unit test. Update unit/test-mpdu.c to handle other frames as
|
|
|
|
well.
|
|
|
|
|
|
|
|
Priority: Medium
|
|
|
|
Complexity: C1
|
2015-01-16 07:10:52 +01:00
|
|
|
|
2014-12-09 16:57:38 +01:00
|
|
|
Client
|
|
|
|
======
|
|
|
|
|
|
|
|
- Remove kdbus left-overs, and implement the client properly with ell
|
|
|
|
library.
|
|
|
|
|
|
|
|
Priority: Low
|
|
|
|
Complexity: C1
|