Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity
iwd/src/netdev.c

6097 lines
149 KiB
C
Raw Normal View History

core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
/*
*
* Wireless daemon for Linux
*
treewide: Move the Intel copyright forward to 2019
2019-10-25 00:43:08 +02:00
* Copyright (C) 2013-2019 Intel Corporation. All rights reserved.
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
core: Only enable RTNL debugging when IWD_RTNL_DEBUG is set
2014-08-07 05:28:58 +02:00
#include <stdlib.h>
build: Fix includes for using with -std=c99 compiler option
2018-11-01 22:37:11 +01:00
#include <alloca.h>
netdev: Add netdev_get_path
2018-08-20 06:12:14 +02:00
#include <stdio.h>
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
#include <linux/rtnetlink.h>
#include <net/if_arp.h>
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
#include <linux/if.h>
netdev: Move eapol_io handling
2016-06-16 22:23:45 +02:00
#include <linux/if_packet.h>
wiphy: Rename netdev to device
2016-05-31 19:57:24 +02:00
#include <linux/if_ether.h>
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
#include <arpa/inet.h>
#include <linux/filter.h>
netdev: Move eapol_io handling
2016-06-16 22:23:45 +02:00
#include <sys/socket.h>
netdev: Add initial netdev_connect logic
2016-06-14 18:17:43 +02:00
#include <errno.h>
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
#include <ell/ell.h>
netdev: Send RSNXE element during SAE association
2021-07-14 00:49:41 +02:00
#include "ell/useful.h"
netdev: Parse NEW_INTERFACE and DEL_INTERFACE
2016-06-01 22:07:16 +02:00
#include "linux/nl80211.h"
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
#include "src/iwd.h"
module: Move declarations into separate header file
2019-11-07 23:33:51 +01:00
#include "src/module.h"
core: Add sanity check to sync RTNL link deletion with nl80211
2014-08-07 08:52:42 +02:00
#include "src/wiphy.h"
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
#include "src/ie.h"
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
#include "src/mpdu.h"
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
#include "src/eapol.h"
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
#include "src/handshake.h"
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
#include "src/crypto.h"
netdev: Add initial netdev_connect logic
2016-06-14 18:17:43 +02:00
#include "src/scan.h"
core: Add missing include for network interface tracking
2014-06-21 20:51:26 +02:00
#include "src/netdev.h"
ft: rename ftutil to ft (prep for auth-proto) Now the 'ft' module, previously ftutil, will be used to drive FT via the auth-proto virtual class. This renaming is in preparation as ftutil will become obsolete since all the IE building/processing is going to be moved out of netdev. The new ft.c module will utilize the existing ftutil functionality, but since this is now a full blown auth protocol naming it 'ft' is better suited.
2019-05-07 20:53:41 +02:00
#include "src/ft.h"
netdev: Add netdev_preauthenticate Add preauthentication logic. The callback receives the new PMK only.
2017-04-29 03:53:27 +02:00
#include "src/util.h"
netdev: Simplify event watches using watchlist
2017-09-01 01:18:41 +02:00
#include "src/watchlist.h"
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
#include "src/sae.h"
build: Rename nl80211_util.[ch] into nl80211util.[ch]
2018-10-14 05:41:06 +02:00
#include "src/nl80211util.h"
treewide: Use nl80211cmd_to_string Using integer ids for event notifications received was hard to debug. Use the nl80211cmd_to_string function to prettify these.
2019-07-15 21:04:43 +02:00
#include "src/nl80211cmd.h"
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
#include "src/owe.h"
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
#include "src/fils.h"
fils: netdev: update to use auth_proto concepts
2019-05-03 20:59:51 +02:00
#include "src/auth-proto.h"
netdev: Switch to new frame watch API
2020-01-16 03:40:59 +01:00
#include "src/frame-xchg.h"
netdev: move netdev_station_info to diagnostic.h With AP now getting its own diagnostic interface it made sense to move the netdev_station_info struct definition into its own header which eventually can be accompanied by utilities in diagnostic.c. These utilities can then be shared with AP and station as needed.
2021-01-22 21:38:42 +01:00
#include "src/diagnostic.h"
core: Add missing include for network interface tracking
2014-06-21 20:51:26 +02:00
netdev: Ignore CMD_SET_STATION errors Certain WiFi drivers do not support using CMD_SET_STATION (e.g. mwifiex). It is not completely clear how such drivers handle the AUTHORIZED state, but they don't seem to take it into account. So for such drivers, ignore the -ENOTSUPP error return from CMD_SET_STATION.
2017-05-30 23:55:56 +02:00
#ifndef ENOTSUPP
#define ENOTSUPP 524
#endif
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
enum connection_type {
CONNECTION_TYPE_SOFTMAC,
CONNECTION_TYPE_FULLMAC,
CONNECTION_TYPE_SAE_OFFLOAD,
netdev: allow PSK offload for FT AKMs This adds a new connection type, TYPE_PSK_OFFLOAD, which allows the 4-way handshake to be offloaded by the firmware. Offloading will be used if the driver advertises support. The CMD_ROAM event path was also modified to take into account handshake offloading. If the handshake is offloaded we still must issue GET_SCAN, but not start eapol since the firmware takes care of this.
2021-04-03 00:06:17 +02:00
CONNECTION_TYPE_PSK_OFFLOAD,
netdev: add CONNECTION_TYPE_8021X_OFFLOAD This adds a new type for 8021x offload as well as support in building CMD_CONNECT. As described in the comment, 8021x offloading is not particularly similar to PSK as far as the code flow in IWD is concerned. There still needs to be an eapol_sm due to EAP being done in userspace. This throws somewhat of a wrench into our 'is_offload' cases. And as such this connection type is handled specially.
2021-04-09 18:14:45 +02:00
CONNECTION_TYPE_8021X_OFFLOAD,
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
};
main: Update to the new genl api
2019-05-18 00:05:52 +02:00
static uint32_t unicast_watch;
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state {
struct handshake_state super;
uint32_t pairwise_new_key_cmd_id;
uint32_t group_new_key_cmd_id;
uint32_t group_management_new_key_cmd_id;
uint32_t set_station_cmd_id;
netdev: implement netdev_set_pmk The 8021x offloading procedure still does EAP in userspace which negotiates the PMK. The kernel then expects to obtain this PMK from userspace by calling SET_PMK. This then allows the firmware to begin the 4-way handshake. Using __eapol_install_set_pmk_func to install netdev_set_pmk, netdev now gets called into once EAP finishes and can begin the final userspace actions prior to the firmware starting the 4-way handshake: - SET_PMK using PMK negotiated with EAP - Emit SETTING_KEYS event - netdev_connect_ok One thing to note is that the kernel provides no way of knowing if the 4-way handshake completed. Assuming SET_PMK/SET_STATION come back with no errors, IWD assumes the PMK was valid. If not, or due to some other issue in the 4-way, the kernel will send a disconnect.
2021-04-09 18:14:46 +02:00
uint32_t set_pmk_cmd_id;
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
bool ptk_installed;
bool gtk_installed;
bool igtk_installed;
bool complete;
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev *netdev;
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
enum connection_type type;
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
};
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
struct netdev_ft_over_ds_info {
struct ft_ds_info super;
struct netdev *netdev;
bool parsed : 1;
};
netdev: Add netdev struct definition
2016-06-01 22:26:02 +02:00
struct netdev {
uint32_t index;
netdev: Add netdev_get_wdev_id
2019-07-08 16:02:58 +02:00
uint64_t wdev_id;
netdev: Add netdev struct definition
2016-06-01 22:26:02 +02:00
char name[IFNAMSIZ];
uint32_t type;
uint8_t addr[ETH_ALEN];
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
struct wiphy *wiphy;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
unsigned int ifi_flags;
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
uint32_t frequency;
netdev: Move eapol_io handling
2016-06-16 22:23:45 +02:00
netdev: Add initial netdev_connect logic
2016-06-14 18:17:43 +02:00
netdev_event_func_t event_filter;
netdev_connect_cb_t connect_cb;
netdev: Move deauthenticate handling out of wiphy.c
2016-06-16 23:05:34 +02:00
netdev_disconnect_cb_t disconnect_cb;
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
netdev_neighbor_report_cb_t neighbor_report_cb;
netdev: Remove redundant typedefs Unify command specific typedefs which had the same signature into a single netdev_command_cb_t
2018-08-20 01:25:23 +02:00
netdev_command_cb_t adhoc_cb;
netdev: Add initial netdev_connect logic
2016-06-14 18:17:43 +02:00
void *user_data;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
struct eapol_sm *sm;
fils: netdev: update to use auth_proto concepts
2019-05-03 20:59:51 +02:00
struct auth_proto *ap;
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
struct handshake_state *handshake;
netdev: Cancel the CMD_CONNECT genl command on disconnect CMD_DISCONNECT fails on some occasions when CMD_CONNECT is still running. When this happens the DBus disconnect command receives an error reply but iwd's device state is left as disconnected even though there's a connection at the kernel level which times out a few seconds later. If the CMD_CONNECT is cancelled I couldn't reproduce this so far. src/network.c:network_connect() src/network.c:network_connect_psk() src/network.c:network_connect_psk() psk: 69ae3f8b2f84a438cf6a44275913182dd2714510ccb8cbdf8da9dc8b61718560 src/network.c:network_connect_psk() len: 32 src/network.c:network_connect_psk() ask_psk: false src/device.c:device_enter_state() Old State: disconnected, new state: connecting src/scan.c:scan_notify() Scan notification 33 src/device.c:device_netdev_event() Associating src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/device.c:device_dbus_disconnect() src/device.c:device_connect_cb() 6, result: 5 src/device.c:device_enter_state() Old State: connecting, new state: disconnecting src/device.c:device_disconnect_cb() 6, success: 0 src/device.c:device_enter_state() Old State: disconnecting, new state: disconnected src/scan.c:scan_notify() Scan notification 34 src/netdev.c:netdev_mlme_notify() MLME notification 19 src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 37 src/netdev.c:netdev_authenticate_event() src/scan.c:get_scan_callback() get_scan_callback src/scan.c:get_scan_done() get_scan_done src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 19 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 38 src/netdev.c:netdev_associate_event() src/netdev.c:netdev_mlme_notify() MLME notification 46 src/netdev.c:netdev_connect_event() <delay> src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 src/netdev.c:netdev_mlme_notify() MLME notification 39 src/netdev.c:netdev_deauthenticate_event()
2016-08-05 14:25:34 +02:00
uint32_t connect_cmd_id;
netdev: Finalize disconnects on device removal When device is removed or otherwise freed, netdev_connect callbacks are invoked. Treat disconnects similarly
2016-09-21 22:20:51 +02:00
uint32_t disconnect_cmd_id;
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
uint32_t join_adhoc_cmd_id;
uint32_t leave_adhoc_cmd_id;
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
uint32_t set_interface_cmd_id;
netdev: add an ability to cancel hw rekey cmd ==1628== Invalid read of size 1 ==1628== at 0x405E71: hardware_rekey_cb (netdev.c:1381) ==1628== by 0x444E5B: process_unicast (genl.c:415) ==1628== by 0x444E5B: received_data (genl.c:534) ==1628== by 0x442032: io_callback (io.c:126) ==1628== by 0x4414CD: l_main_iterate (main.c:387) ==1628== by 0x44158B: l_main_run (main.c:434) ==1628== by 0x403775: main (main.c:489) ==1628== Address 0x5475208 is 312 bytes inside a block of size 320 free'd ==1628== at 0x4C2ED18: free (vg_replace_malloc.c:530) ==1628== by 0x43D94D: l_queue_clear (queue.c:107) ==1628== by 0x43D998: l_queue_destroy (queue.c:82) ==1628== by 0x40B431: netdev_shutdown (netdev.c:4765) ==1628== by 0x403B17: iwd_shutdown (main.c:81) ==1628== by 0x4419D2: signal_callback (signal.c:82) ==1628== by 0x4414CD: l_main_iterate (main.c:387) ==1628== by 0x44158B: l_main_run (main.c:434) ==1628== by 0x403775: main (main.c:489) ==1628== Block was alloc'd at ==1628== at 0x4C2DB6B: malloc (vg_replace_malloc.c:299) ==1628== by 0x43CA4D: l_malloc (util.c:62) ==1628== by 0x40A853: netdev_create_from_genl (netdev.c:4517) ==1628== by 0x444E5B: process_unicast (genl.c:415) ==1628== by 0x444E5B: received_data (genl.c:534) ==1628== by 0x442032: io_callback (io.c:126) ==1628== by 0x4414CD: l_main_iterate (main.c:387) ==1628== by 0x44158B: l_main_run (main.c:434) ==1628== by 0x403775: main (main.c:489)
2018-10-19 23:19:26 +02:00
uint32_t rekey_offload_cmd_id;
netdev: handle QoS Map IE/Frame The QoS Map can come in either as a management frame or via the Associate Response. In either case this IE simply needs to be forwarded back to the kernel.
2019-09-14 00:26:31 +02:00
uint32_t qos_map_cmd_id;
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
uint32_t mac_change_cmd_id;
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
enum netdev_result result;
netdev: station: fix status/reason code in callbacks This change cleans up the mess of status vs reason codes. The two types of codes have already been separated into different enumerations, but netdev was still treating them the same (with last_status_code). A new 'event_data' argument was added to the connect callback, which has a different meaning depending on the result of the connection (described inside netdev.h, netdev_connect_cb_t). This allows for the removal of netdev_get_last_status_code since the status or reason code is now passed via event_data. Inside the netdev object last_status_code was renamed to last_code, for the purpose of storing either status or reason. This is only used when a disconnect needs to be emitted before failing the connection. In all other cases we just pass the code directly into the connect_cb and do not store it. All ocurrences of netdev_connect_failed were updated to use the proper code depending on the netdev result. Most of these simply changed from REASON_CODE_UNSPECIFIED to STATUS_CODE_UNSPECIFIED. This was simply for consistency (both codes have the same value). netdev_[authenticate|associate]_event's were updated to parse the status code and, if present, use that if their was a failure rather than defaulting to UNSPECIFIED.
2019-02-28 18:32:40 +01:00
uint16_t last_code; /* reason or status, depending on result */
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
struct l_timeout *neighbor_report_timeout;
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
struct l_timeout *sa_query_timeout;
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
struct l_timeout *group_handshake_timeout;
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
uint16_t sa_query_id;
netdev: ft: refactor FT into an auth-proto Since FT operates over Authenticate/Associate, it makes the most sense for it to behave like the other auth-protos. This change moves all the FT specific processing out of netdev and into ft.c. The bulk of the changes were strait copy-pastes from netdev into ft.c with minor API changes (e.g. remove struct netdev). The 'in_ft' boolean unforunately is still required for a few reasons: - netdev_disconnect_event relies on this flag so it can ignore the disconnect which comes in when doing a fast transition. We cannot simply check netdev->ap because this would cause the other auth-protos to not handle a disconnect correctly. - netdev_associate_event needs to correctly setup the eapol_sm when in FT mode by setting require_handshake and use_eapol_start to false. This cannot be handled inside eapol by checking the AKM because an AP may only advertise a FT AKM, and the initial mobility association does require the 4-way handshake.
2019-05-07 20:53:42 +02:00
uint8_t prev_snonce[32];
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
int8_t rssi_levels[16];
netdev: Fix off-by-one error rssi_levels_num should be able to hold a value of L_ARRAY_SIZE(rssi_levels) (which is 16). However, the maximum value is 15.
2017-05-30 18:31:14 +02:00
uint8_t rssi_levels_num;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
uint8_t cur_rssi_level_idx;
int8_t cur_rssi;
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
struct l_timeout *rssi_poll_timeout;
uint32_t rssi_poll_cmd_id;
netdev: Replace bool randomize_mac with specific address Allow netdev_create_from_genl callers to draw a random or non-random MAC and pass it in the parameter instead of a bool to tell us to generating the MAC locally. In P2P we are generating the MAC some time before creating the netdev in order to pass it to the peer during negotiation.
2019-12-19 04:50:56 +01:00
uint8_t set_mac_once[6];
netdev: netdev watch support
2016-06-20 12:42:04 +02:00
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
struct scan_bss *fw_roam_bss;
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
uint32_t set_powered_cmd_id;
netdev: Remove redundant typedefs Unify command specific typedefs which had the same signature into a single netdev_command_cb_t
2018-08-20 01:25:23 +02:00
netdev_command_cb_t set_powered_cb;
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
void *set_powered_user_data;
netdev_destroy_func_t set_powered_destroy;
netdev: add netdev_get_station/current_station This adds a generalized API for GET_STATION. This API handles calling and parsing the results into a new structure, netdev_station_info. This results structure will hold any data needed by consumers of netdev_get_station. A helper API (netdev_get_current_station) was added as a convenience which automatically passes handshake->aa as the MAC. For now only the RSSI is parsed as this is already being done for RSSI polling/events. Looking further more info will be added such as rx/tx rates and estimated throughput.
2021-01-12 18:17:17 +01:00
uint32_t get_station_cmd_id;
netdev_get_station_cb_t get_station_cb;
void *get_station_data;
netdev_destroy_func_t get_station_destroy;
netdev: use l_idle_create for disconnect idle The chances were extremely low, but using l_idle_oneshot could end up causing a invalid memory access if the netdev went down while waiting for the disconnect idle callback. Instead netdev can keep track of the idle with l_idle_create and remove it if the netdev goes down prior to the idle callback.
2021-04-06 18:58:26 +02:00
struct l_idle *disconnect_idle;
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
struct watchlist station_watches;
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
struct l_io *pae_io; /* for drivers without EAPoL over NL80211 */
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
struct l_genl_msg *connect_cmd;
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
struct l_genl_msg *auth_cmd;
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
struct wiphy_radio_work_item work;
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
struct l_queue *ft_ds_list;
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
netdev: Properly cleanup removed interfaces
2016-07-20 00:45:48 +02:00
bool connected : 1;
netdev: Handle deauth frames prior to association In some cases the AP can send a deauthenticate frame right after accepting our authentication. In this case the kernel never properly sends a CMD_CONNECT event with a failure, even though CMD_COONNECT was used to initiate the connection. Try to work around that by detecting that a Deauthenticate event arrives prior to any Associte or Connect events and handle this case as a connect failure.
2021-01-13 20:31:23 +01:00
bool associated : 1;
netdev: keep track of operational state We should not attempt to call connect_failed if we're have become operational. E.g. successfully associated, ran eapol if necessary and set operstate.
2016-09-22 22:55:07 +02:00
bool operational : 1;
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
bool rekey_offload_support : 1;
netdev: Allow iwd.conf to specify PAE over NL80211 Right now iwd uses Control Port over NL80211 feature if the kernel / driver supports it. On some kernels this feature is still buggy, so add an iwd.conf entry to allow the user to override id. For now the default is to disable this feature until it is more stable.
2018-07-02 03:35:22 +02:00
bool pae_over_nl80211 : 1;
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
bool in_ft : 1;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
bool cur_rssi_low : 1;
netdev: add helper to set/unset 4ADDR property
2018-06-14 04:11:23 +02:00
bool use_4addr : 1;
netdev: process association in netdev_associate_event Apart from OWE, the association event was disregarded and all association processing was done in netdev_connect_event. This led to netdev_connect_event having to handle all the logic of both success and failure, as well as parsing the association for FT and OWE. Also, without checking the status code in the associate frame there is the potential for the kernel to think we are connected even if association failed (e.g. rogue AP). This change introduces two flags into netdev, expect_connect_failure and ignore_connect_event. All the FT processing that was once in netdev_connect_event has now been moved into netdev_associate_event, as well as non-FT associate frame processing. The connect event now only handles failure cases for soft/half MAC cards. Note: Since fullmac cards rely on the connect event, the eapol_start and netdev_connect_ok were left in netdev_connect_event. Since neither auth/assoc events come in on fullmac we shouldn't have any conflict with the new flags. Once a connection has completed association, EAPoL is started from netdev_associate_event (if required) and the ignore_connect_event flag can be set. This will bypass the connect event. If a connection has failed during association for whatever reason, we can set expect_connect_failure, the netdev reason, and the MPDU status code. This allows netdev_connect_event to both handle the error, and, if required, send a deauth telling the kernel that we have failed (protecting against the rogue AP situation).
2019-03-05 22:42:33 +01:00
bool ignore_connect_event : 1;
bool expect_connect_failure : 1;
netdev: Fix crash when aborting a connection We can crash if we abort the connection, but the connect command has already gone through. In this case we will get a sequence of authenticate_event, associate_event, connect_event. The first and last events don't crash since they check whether netdev->connected is true. However, this causes an annoying warning to be printed. Fix this by introducing an 'aborting' flag and ignore all connection related events if it is set. ++++++++ backtrace ++++++++
2019-03-08 23:09:42 +01:00
bool aborting : 1;
device: Move device creation from netdev.c to event watch Create and destroy the device state struct and the DBus interfaces in a way more similar to the Station, AdHoc and AP interfaces. Drop netdev_get_device() and the device specific code in netdev that as far as I can tell wasn't needed.
2019-11-20 23:23:42 +01:00
bool events_ready : 1;
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
bool retry_auth : 1;
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
bool in_reassoc : 1;
netdev: netdev watch support
2016-06-20 12:42:04 +02:00
};
netdev: Add netdev_preauthenticate Add preauthentication logic. The callback receives the new PMK only.
2017-04-29 03:53:27 +02:00
struct netdev_preauth_state {
netdev_preauthenticate_cb_t cb;
void *user_data;
struct netdev *netdev;
};
netdev: netdev watch support
2016-06-20 12:42:04 +02:00
struct netdev_watch {
uint32_t id;
netdev_watch_func_t callback;
void *user_data;
netdev: Add netdev struct definition
2016-06-01 22:26:02 +02:00
};
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
static struct l_netlink *rtnl = NULL;
netdev: Make netdev_init accept nl80211
2016-06-01 21:58:51 +02:00
static struct l_genl_family *nl80211;
netdev: Add netdev_find
2016-06-01 22:35:26 +02:00
static struct l_queue *netdev_list;
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
static struct watchlist netdev_watches;
netdev: Use CamelCase for pae over nl80211 setting
2019-10-25 04:36:03 +02:00
static bool pae_over_nl80211;
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
static bool mac_per_ssid;
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
netdev: Send RSNXE element during SAE association
2021-07-14 00:49:41 +02:00
static unsigned int iov_ie_append(struct iovec *iov,
unsigned int n_iov, unsigned int c,
const uint8_t *ie)
{
if (L_WARN_ON(c >= n_iov))
return n_iov;
if (!ie)
return c;
iov[c].iov_base = (void *) ie;
iov[c].iov_len = ie[1] + 2;
return c + 1u;
}
netdev: Move iftype_to_string utility Move and rename this utility into netdev_iftype_to_string away from dbus.c. This also allows us to drop including nl80211.h in dbus.c
2021-04-16 22:16:33 +02:00
const char *netdev_iftype_to_string(uint32_t iftype)
{
switch (iftype) {
case NL80211_IFTYPE_ADHOC:
return "ad-hoc";
case NL80211_IFTYPE_STATION:
return "station";
case NL80211_IFTYPE_AP:
return "ap";
case NL80211_IFTYPE_P2P_CLIENT:
return "p2p-client";
case NL80211_IFTYPE_P2P_GO:
return "p2p-go";
case NL80211_IFTYPE_P2P_DEVICE:
return "p2p-device";
default:
break;
}
return NULL;
}
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
static inline bool is_offload(struct handshake_state *hs)
{
struct netdev_handshake_state *nhs =
l_container_of(hs, struct netdev_handshake_state, super);
if (!nhs)
return false;
switch (nhs->type) {
case CONNECTION_TYPE_SOFTMAC:
case CONNECTION_TYPE_FULLMAC:
netdev: add CONNECTION_TYPE_8021X_OFFLOAD This adds a new type for 8021x offload as well as support in building CMD_CONNECT. As described in the comment, 8021x offloading is not particularly similar to PSK as far as the code flow in IWD is concerned. There still needs to be an eapol_sm due to EAP being done in userspace. This throws somewhat of a wrench into our 'is_offload' cases. And as such this connection type is handled specially.
2021-04-09 18:14:45 +02:00
/*
* 8021x offload does not quite fit into the same category of PSK
* offload. First the netdev_connect_event comes prior to EAP meaning
* the handshake is not done at this point. In addition it still
* requires EAP take place in userspace meaning IWD needs an eapol_sm.
* Because of this, and our prior use of 'is_offload', it does not fit
* into the same category and will need to be handled specially.
*/
case CONNECTION_TYPE_8021X_OFFLOAD:
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
return false;
case CONNECTION_TYPE_SAE_OFFLOAD:
netdev: allow PSK offload for FT AKMs This adds a new connection type, TYPE_PSK_OFFLOAD, which allows the 4-way handshake to be offloaded by the firmware. Offloading will be used if the driver advertises support. The CMD_ROAM event path was also modified to take into account handshake offloading. If the handshake is offloaded we still must issue GET_SCAN, but not start eapol since the firmware takes care of this.
2021-04-03 00:06:17 +02:00
case CONNECTION_TYPE_PSK_OFFLOAD:
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
return true;
}
return false;
}
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
static unsigned int netdev_populate_common_ies(struct netdev *netdev,
netdev: Append any vendor IEs from the handshake
2021-08-06 20:56:55 +02:00
struct handshake_state *hs,
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
struct l_genl_msg *msg,
struct iovec *iov,
unsigned int n_iov,
unsigned int c_iov)
{
const uint8_t *extended_capabilities;
const uint8_t *rm_enabled_capabilities;
extended_capabilities = wiphy_get_extended_capabilities(netdev->wiphy,
netdev->type);
c_iov = iov_ie_append(iov, n_iov, c_iov, extended_capabilities);
rm_enabled_capabilities =
wiphy_get_rm_enabled_capabilities(netdev->wiphy);
c_iov = iov_ie_append(iov, n_iov, c_iov, rm_enabled_capabilities);
if (rm_enabled_capabilities)
l_genl_msg_append_attr(msg, NL80211_ATTR_USE_RRM, 0, NULL);
netdev: Append any vendor IEs from the handshake
2021-08-06 20:56:55 +02:00
c_iov = iov_ie_append(iov, n_iov, c_iov, hs->vendor_ies);
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
return c_iov;
}
netdev: Put command cancelation into a common function
2018-10-20 17:35:28 +02:00
/* Cancels ongoing GTK/IGTK related commands (if any) */
static void netdev_handshake_state_cancel_rekey(
struct netdev_handshake_state *nhs)
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
{
if (nhs->group_new_key_cmd_id) {
l_genl_family_cancel(nl80211, nhs->group_new_key_cmd_id);
nhs->group_new_key_cmd_id = 0;
}
if (nhs->group_management_new_key_cmd_id) {
l_genl_family_cancel(nl80211,
nhs->group_management_new_key_cmd_id);
nhs->group_management_new_key_cmd_id = 0;
}
netdev: Put command cancelation into a common function
2018-10-20 17:35:28 +02:00
}
static void netdev_handshake_state_cancel_all(
struct netdev_handshake_state *nhs)
{
if (nhs->pairwise_new_key_cmd_id) {
l_genl_family_cancel(nl80211, nhs->pairwise_new_key_cmd_id);
nhs->pairwise_new_key_cmd_id = 0;
}
netdev_handshake_state_cancel_rekey(nhs);
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
if (nhs->set_station_cmd_id) {
l_genl_family_cancel(nl80211, nhs->set_station_cmd_id);
nhs->set_station_cmd_id = 0;
}
netdev: implement netdev_set_pmk The 8021x offloading procedure still does EAP in userspace which negotiates the PMK. The kernel then expects to obtain this PMK from userspace by calling SET_PMK. This then allows the firmware to begin the 4-way handshake. Using __eapol_install_set_pmk_func to install netdev_set_pmk, netdev now gets called into once EAP finishes and can begin the final userspace actions prior to the firmware starting the 4-way handshake: - SET_PMK using PMK negotiated with EAP - Emit SETTING_KEYS event - netdev_connect_ok One thing to note is that the kernel provides no way of knowing if the 4-way handshake completed. Assuming SET_PMK/SET_STATION come back with no errors, IWD assumes the PMK was valid. If not, or due to some other issue in the 4-way, the kernel will send a disconnect.
2021-04-09 18:14:46 +02:00
if (nhs->set_pmk_cmd_id) {
l_genl_family_cancel(nl80211, nhs->set_pmk_cmd_id);
nhs->set_pmk_cmd_id = 0;
}
netdev: Put command cancelation into a common function
2018-10-20 17:35:28 +02:00
}
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
netdev: Put command cancelation into a common function
2018-10-20 17:35:28 +02:00
static void netdev_handshake_state_free(struct handshake_state *hs)
{
struct netdev_handshake_state *nhs =
netdev: Use l_container_of
2019-04-03 18:47:09 +02:00
l_container_of(hs, struct netdev_handshake_state, super);
netdev: Put command cancelation into a common function
2018-10-20 17:35:28 +02:00
netdev_handshake_state_cancel_all(nhs);
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
l_free(nhs);
}
struct handshake_state *netdev_handshake_state_new(struct netdev *netdev)
{
struct netdev_handshake_state *nhs;
nhs = l_new(struct netdev_handshake_state, 1);
nhs->super.ifindex = netdev->index;
nhs->super.free = netdev_handshake_state_free;
nhs->netdev = netdev;
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
/*
* Since GTK/IGTK are optional (NO_GROUP_TRAFFIC), we set them as
treewide: fix typos
2020-01-21 07:21:38 +01:00
* 'installed' upon initialization. If/When the gtk/igtk callback is
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
* called they will get set to false until we have received a successful
* callback from nl80211. From these callbacks we can check that all
* the keys have been installed, and only then trigger the handshake
* complete callback.
*/
nhs->gtk_installed = true;
nhs->igtk_installed = true;
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
return &nhs->super;
}
netdev: added accessor for wiphy Added an accessor to get wiphy associated with a network device
2018-05-24 19:12:09 +02:00
struct wiphy *netdev_get_wiphy(struct netdev *netdev)
{
return netdev->wiphy;
}
netdev: Add netdev_get_address
2016-06-01 22:27:39 +02:00
const uint8_t *netdev_get_address(struct netdev *netdev)
{
return netdev->addr;
}
netdev: Add netdev_get_ifindex
2016-06-01 22:27:05 +02:00
uint32_t netdev_get_ifindex(struct netdev *netdev)
{
return netdev->index;
}
netdev: Add netdev_get_wdev_id
2019-07-08 16:02:58 +02:00
uint64_t netdev_get_wdev_id(struct netdev *netdev)
{
return netdev->wdev_id;
}
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
enum netdev_iftype netdev_get_iftype(struct netdev *netdev)
netdev: Add netdev_get_iftype
2016-06-02 00:04:10 +02:00
{
netdev: Mirror nl80211.h iftype enum values This makes conversions simpler. Also fixes a bug where P2P devices were printed with an incorrect Mode value since dbus_iftype_to_string was assuming that an iftype as defined in nl80211.h was being passed in, while netdev was returning an enum value defined in netdev.h.
2021-04-16 22:13:01 +02:00
return netdev->type;
netdev: Add netdev_get_iftype
2016-06-02 00:04:10 +02:00
}
netdev: Add netdev_get_name
2016-06-02 00:05:56 +02:00
const char *netdev_get_name(struct netdev *netdev)
{
return netdev->name;
}
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
bool netdev_get_is_up(struct netdev *netdev)
{
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
bool powered = (netdev->ifi_flags & IFF_UP) != 0;
/*
* If we are in the middle of changing the MAC we are in somewhat of a
* no mans land. Technically the iface may be down, but since we are
* not emitting any netdev DOWN events we want netdev_get_is_up to
* reflect the same state. Once MAC changing finishes any pending
* DOWN events will be emitted.
*/
if (netdev->mac_change_cmd_id && !powered)
return true;
return powered;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
}
netdev: Add netdev_get_handshake Getter for current handshake_state object.
2016-12-23 11:38:07 +01:00
struct handshake_state *netdev_get_handshake(struct netdev *netdev)
{
return netdev->handshake;
}
netdev: Add netdev_get_path
2018-08-20 06:12:14 +02:00
const char *netdev_get_path(struct netdev *netdev)
{
dbus: Use the new /net/connman/iwd root path
2019-10-28 17:32:57 +01:00
static char path[256];
L_WARN_ON(snprintf(path, sizeof(path), "%s/%u",
wiphy_get_path(netdev->wiphy),
netdev->index) >= (int) sizeof(path));
path[sizeof(path) - 1] = '\0';
netdev: Add netdev_get_path
2018-08-20 06:12:14 +02:00
return path;
}
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
static void netdev_set_powered_result(int error, uint16_t type,
const void *data,
uint32_t len, void *user_data)
{
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
struct netdev *netdev = user_data;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
if (netdev->set_powered_cb)
netdev->set_powered_cb(netdev, error,
netdev->set_powered_user_data);
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
netdev->set_powered_cb = NULL;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
}
static void netdev_set_powered_destroy(void *user_data)
{
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
struct netdev *netdev = user_data;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
netdev->set_powered_cmd_id = 0;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
if (netdev->set_powered_destroy)
netdev->set_powered_destroy(netdev->set_powered_user_data);
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
netdev->set_powered_destroy = NULL;
netdev->set_powered_user_data = NULL;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
}
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
int netdev_set_powered(struct netdev *netdev, bool powered,
netdev: Remove redundant typedefs Unify command specific typedefs which had the same signature into a single netdev_command_cb_t
2018-08-20 01:25:23 +02:00
netdev_command_cb_t callback, void *user_data,
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
netdev_destroy_func_t destroy)
{
netdev: Reject setting powered while setting iftype In netdev_set_powered also check that no NL80211_CMD_SET_INTERFACE is in progress because once it returned we would overwrite netdev->set_powered_cmd_id (could also add a check there but it seems more logical to just disallow Powered property changes while Mode is being changed, since we also disallow Mode changes while Powered is being changed.)
2018-09-25 17:43:47 +02:00
if (netdev->set_powered_cmd_id ||
netdev->set_interface_cmd_id)
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
return -EBUSY;
netdev->set_powered_cmd_id =
netdev: Use ell's rtnl APIs
2020-02-15 10:48:39 +01:00
l_rtnl_set_powered(rtnl, netdev->index, powered,
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
netdev_set_powered_result, netdev,
netdev_set_powered_destroy);
if (!netdev->set_powered_cmd_id)
return -EIO;
netdev->set_powered_cb = callback;
netdev->set_powered_user_data = user_data;
netdev->set_powered_destroy = destroy;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
return 0;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
}
netdev: parse rates in netdev_get_station
2021-01-14 21:54:38 +01:00
static bool netdev_parse_bitrate(struct l_genl_attr *attr,
netdev: move netdev_station_info to diagnostic.h With AP now getting its own diagnostic interface it made sense to move the netdev_station_info struct definition into its own header which eventually can be accompanied by utilities in diagnostic.c. These utilities can then be shared with AP and station as needed.
2021-01-22 21:38:42 +01:00
enum diagnostic_mcs_type *type_out,
netdev: parse rates in netdev_get_station
2021-01-14 21:54:38 +01:00
uint32_t *rate_out,
uint8_t *mcs_out)
{
uint16_t type, len;
const void *data;
uint32_t rate = 0;
uint8_t mcs = 0;
netdev: move netdev_station_info to diagnostic.h With AP now getting its own diagnostic interface it made sense to move the netdev_station_info struct definition into its own header which eventually can be accompanied by utilities in diagnostic.c. These utilities can then be shared with AP and station as needed.
2021-01-22 21:38:42 +01:00
enum diagnostic_mcs_type mcs_type = DIAGNOSTIC_MCS_TYPE_NONE;
netdev: parse rates in netdev_get_station
2021-01-14 21:54:38 +01:00
while (l_genl_attr_next(attr, &type, &len, &data)) {
switch (type) {
case NL80211_RATE_INFO_BITRATE32:
if (len != 4)
return false;
rate = l_get_u32(data);
break;
case NL80211_RATE_INFO_MCS:
if (len != 1)
return false;
mcs = l_get_u8(data);
netdev: move netdev_station_info to diagnostic.h With AP now getting its own diagnostic interface it made sense to move the netdev_station_info struct definition into its own header which eventually can be accompanied by utilities in diagnostic.c. These utilities can then be shared with AP and station as needed.
2021-01-22 21:38:42 +01:00
mcs_type = DIAGNOSTIC_MCS_TYPE_HT;
netdev: parse rates in netdev_get_station
2021-01-14 21:54:38 +01:00
break;
case NL80211_RATE_INFO_VHT_MCS:
if (len != 1)
return false;
mcs = l_get_u8(data);
netdev: move netdev_station_info to diagnostic.h With AP now getting its own diagnostic interface it made sense to move the netdev_station_info struct definition into its own header which eventually can be accompanied by utilities in diagnostic.c. These utilities can then be shared with AP and station as needed.
2021-01-22 21:38:42 +01:00
mcs_type = DIAGNOSTIC_MCS_TYPE_VHT;
netdev: parse rates in netdev_get_station
2021-01-14 21:54:38 +01:00
break;
case NL80211_RATE_INFO_HE_MCS:
if (len != 1)
return false;
mcs = l_get_u8(data);
netdev: move netdev_station_info to diagnostic.h With AP now getting its own diagnostic interface it made sense to move the netdev_station_info struct definition into its own header which eventually can be accompanied by utilities in diagnostic.c. These utilities can then be shared with AP and station as needed.
2021-01-22 21:38:42 +01:00
mcs_type = DIAGNOSTIC_MCS_TYPE_HE;
netdev: parse rates in netdev_get_station
2021-01-14 21:54:38 +01:00
break;
}
}
if (!rate)
return false;
*type_out = mcs_type;
*rate_out = rate;
netdev: move netdev_station_info to diagnostic.h With AP now getting its own diagnostic interface it made sense to move the netdev_station_info struct definition into its own header which eventually can be accompanied by utilities in diagnostic.c. These utilities can then be shared with AP and station as needed.
2021-01-22 21:38:42 +01:00
if (mcs_type != DIAGNOSTIC_MCS_TYPE_NONE)
netdev: parse rates in netdev_get_station
2021-01-14 21:54:38 +01:00
*mcs_out = mcs;
return true;
}
netdev: add netdev_get_station/current_station This adds a generalized API for GET_STATION. This API handles calling and parsing the results into a new structure, netdev_station_info. This results structure will hold any data needed by consumers of netdev_get_station. A helper API (netdev_get_current_station) was added as a convenience which automatically passes handshake->aa as the MAC. For now only the RSSI is parsed as this is already being done for RSSI polling/events. Looking further more info will be added such as rx/tx rates and estimated throughput.
2021-01-12 18:17:17 +01:00
static bool netdev_parse_sta_info(struct l_genl_attr *attr,
netdev: move netdev_station_info to diagnostic.h With AP now getting its own diagnostic interface it made sense to move the netdev_station_info struct definition into its own header which eventually can be accompanied by utilities in diagnostic.c. These utilities can then be shared with AP and station as needed.
2021-01-22 21:38:42 +01:00
struct diagnostic_station_info *info)
netdev: add netdev_get_station/current_station This adds a generalized API for GET_STATION. This API handles calling and parsing the results into a new structure, netdev_station_info. This results structure will hold any data needed by consumers of netdev_get_station. A helper API (netdev_get_current_station) was added as a convenience which automatically passes handshake->aa as the MAC. For now only the RSSI is parsed as this is already being done for RSSI polling/events. Looking further more info will be added such as rx/tx rates and estimated throughput.
2021-01-12 18:17:17 +01:00
{
uint16_t type, len;
const void *data;
netdev: parse rates in netdev_get_station
2021-01-14 21:54:38 +01:00
struct l_genl_attr nested;
netdev: add netdev_get_station/current_station This adds a generalized API for GET_STATION. This API handles calling and parsing the results into a new structure, netdev_station_info. This results structure will hold any data needed by consumers of netdev_get_station. A helper API (netdev_get_current_station) was added as a convenience which automatically passes handshake->aa as the MAC. For now only the RSSI is parsed as this is already being done for RSSI polling/events. Looking further more info will be added such as rx/tx rates and estimated throughput.
2021-01-12 18:17:17 +01:00
while (l_genl_attr_next(attr, &type, &len, &data)) {
switch (type) {
netdev: use NL80211_STA_INFO_SIGNAL rather than average Since GET_STATION (and in turn GetDiagnostics) gets the most current station info this attribute serves as a better indication of the current signal strength. In addition full mac cards don't appear to always have the average attribute.
2021-03-10 21:27:41 +01:00
case NL80211_STA_INFO_SIGNAL:
netdev: add netdev_get_station/current_station This adds a generalized API for GET_STATION. This API handles calling and parsing the results into a new structure, netdev_station_info. This results structure will hold any data needed by consumers of netdev_get_station. A helper API (netdev_get_current_station) was added as a convenience which automatically passes handshake->aa as the MAC. For now only the RSSI is parsed as this is already being done for RSSI polling/events. Looking further more info will be added such as rx/tx rates and estimated throughput.
2021-01-12 18:17:17 +01:00
if (len != 1)
return false;
info->cur_rssi = *(const int8_t *) data;
info->have_cur_rssi = true;
netdev: parse SIGNAL_AVG when building diagnostics object
2021-03-16 16:38:35 +01:00
break;
case NL80211_STA_INFO_SIGNAL_AVG:
if (len != 1)
return false;
info->avg_rssi = *(const int8_t *) data;
info->have_avg_rssi = true;
netdev: parse rates in netdev_get_station
2021-01-14 21:54:38 +01:00
break;
case NL80211_STA_INFO_RX_BITRATE:
if (!l_genl_attr_recurse(attr, &nested))
return false;
if (!netdev_parse_bitrate(&nested, &info->rx_mcs_type,
&info->rx_bitrate,
&info->rx_mcs))
return false;
info->have_rx_bitrate = true;
netdev: move netdev_station_info to diagnostic.h With AP now getting its own diagnostic interface it made sense to move the netdev_station_info struct definition into its own header which eventually can be accompanied by utilities in diagnostic.c. These utilities can then be shared with AP and station as needed.
2021-01-22 21:38:42 +01:00
if (info->rx_mcs_type != DIAGNOSTIC_MCS_TYPE_NONE)
netdev: parse rates in netdev_get_station
2021-01-14 21:54:38 +01:00
info->have_rx_mcs = true;
break;
case NL80211_STA_INFO_TX_BITRATE:
if (!l_genl_attr_recurse(attr, &nested))
return false;
if (!netdev_parse_bitrate(&nested, &info->tx_mcs_type,
&info->tx_bitrate,
&info->tx_mcs))
return false;
info->have_tx_bitrate = true;
netdev: move netdev_station_info to diagnostic.h With AP now getting its own diagnostic interface it made sense to move the netdev_station_info struct definition into its own header which eventually can be accompanied by utilities in diagnostic.c. These utilities can then be shared with AP and station as needed.
2021-01-22 21:38:42 +01:00
if (info->tx_mcs_type != DIAGNOSTIC_MCS_TYPE_NONE)
netdev: parse rates in netdev_get_station
2021-01-14 21:54:38 +01:00
info->have_tx_mcs = true;
netdev: add netdev_get_station/current_station This adds a generalized API for GET_STATION. This API handles calling and parsing the results into a new structure, netdev_station_info. This results structure will hold any data needed by consumers of netdev_get_station. A helper API (netdev_get_current_station) was added as a convenience which automatically passes handshake->aa as the MAC. For now only the RSSI is parsed as this is already being done for RSSI polling/events. Looking further more info will be added such as rx/tx rates and estimated throughput.
2021-01-12 18:17:17 +01:00
break;
netdev: parse expected throughput in netdev_get_station
2021-01-14 21:54:39 +01:00
case NL80211_STA_INFO_EXPECTED_THROUGHPUT:
if (len != 4)
return false;
info->expected_throughput = l_get_u32(data);
info->have_expected_throughput = true;
break;
netdev: add netdev_get_station/current_station This adds a generalized API for GET_STATION. This API handles calling and parsing the results into a new structure, netdev_station_info. This results structure will hold any data needed by consumers of netdev_get_station. A helper API (netdev_get_current_station) was added as a convenience which automatically passes handshake->aa as the MAC. For now only the RSSI is parsed as this is already being done for RSSI polling/events. Looking further more info will be added such as rx/tx rates and estimated throughput.
2021-01-12 18:17:17 +01:00
}
}
return true;
}
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
static void netdev_set_rssi_level_idx(struct netdev *netdev)
{
uint8_t new_level;
for (new_level = 0; new_level < netdev->rssi_levels_num; new_level++)
if (netdev->cur_rssi >= netdev->rssi_levels[new_level])
break;
netdev->cur_rssi_level_idx = new_level;
}
static void netdev_rssi_poll_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = user_data;
struct l_genl_attr attr, nested;
uint16_t type, len;
const void *data;
bool found;
netdev: move netdev_station_info to diagnostic.h With AP now getting its own diagnostic interface it made sense to move the netdev_station_info struct definition into its own header which eventually can be accompanied by utilities in diagnostic.c. These utilities can then be shared with AP and station as needed.
2021-01-22 21:38:42 +01:00
struct diagnostic_station_info info;
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
uint8_t prev_rssi_level_idx = netdev->cur_rssi_level_idx;
netdev->rssi_poll_cmd_id = 0;
if (!l_genl_attr_init(&attr, msg))
goto done;
found = false;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
if (type != NL80211_ATTR_STA_INFO)
continue;
netdev: update RSSI polling to use station info parser
2021-01-12 18:17:22 +01:00
if (!l_genl_attr_recurse(&attr, &nested))
goto done;
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
netdev: update RSSI polling to use station info parser
2021-01-12 18:17:22 +01:00
if (!netdev_parse_sta_info(&nested, &info))
goto done;
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
found = true;
break;
}
netdev: update RSSI polling to use station info parser
2021-01-12 18:17:22 +01:00
if (!found || !info.have_cur_rssi)
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
goto done;
netdev: update RSSI polling to use station info parser
2021-01-12 18:17:22 +01:00
netdev->cur_rssi = info.cur_rssi;
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
/*
* Note we don't have to handle LOW_SIGNAL_THRESHOLD here. The
* CQM single threshold RSSI monitoring should work even if the
* kernel driver doesn't support multiple thresholds. So the
* polling only handles the client-supplied threshold list.
*/
netdev_set_rssi_level_idx(netdev);
if (netdev->cur_rssi_level_idx != prev_rssi_level_idx)
netdev->event_filter(netdev, NETDEV_EVENT_RSSI_LEVEL_NOTIFY,
netdev: pass event data to netdev events Several netdev events benefit from including event data in the callback. This is similar to how the connect callback works as well. The content of the event data is documented in netdev.h (netdev_event_func_t). By including event data for the two disconnect events, we can pass the reason code to better handle the failure in station.c. Now, inside station_disconnect_event, we still check if there is a pending connection, and if so we can call the connect callback directly with HANDSHAKE_FAILED. Doing it this way unifies the code path into a single switch statment to handle all failures. In addition, we pass the RSSI level index as event data to RSSI_LEVEL_NOTIFY. This removes the need for a getter to be exposed in netdev.h.
2019-03-01 00:41:51 +01:00
&netdev->cur_rssi_level_idx,
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
netdev->user_data);
done:
/* Rearm timer */
l_timeout_modify(netdev->rssi_poll_timeout, 6);
}
static void netdev_rssi_poll(struct l_timeout *timeout, void *user_data)
{
struct netdev *netdev = user_data;
struct l_genl_msg *msg;
msg = l_genl_msg_new_sized(NL80211_CMD_GET_STATION, 64);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN,
netdev->handshake->aa);
netdev->rssi_poll_cmd_id = l_genl_family_send(nl80211, msg,
netdev_rssi_poll_cb,
netdev, NULL);
}
/* To be called whenever operational or rssi_levels_num are updated */
static void netdev_rssi_polling_update(struct netdev *netdev)
{
wiphy: Rename get_ext_feature API to has_ext_feature
2018-05-24 20:12:36 +02:00
if (wiphy_has_ext_feature(netdev->wiphy,
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
NL80211_EXT_FEATURE_CQM_RSSI_LIST))
return;
if (netdev->operational && netdev->rssi_levels_num > 0) {
if (netdev->rssi_poll_timeout)
return;
netdev->rssi_poll_timeout =
l_timeout_create(1, netdev_rssi_poll, netdev, NULL);
} else {
if (!netdev->rssi_poll_timeout)
return;
l_timeout_remove(netdev->rssi_poll_timeout);
netdev->rssi_poll_timeout = NULL;
if (netdev->rssi_poll_cmd_id) {
l_genl_family_cancel(nl80211, netdev->rssi_poll_cmd_id);
netdev->rssi_poll_cmd_id = 0;
}
}
}
netdev: Add netdev_preauthenticate Add preauthentication logic. The callback receives the new PMK only.
2017-04-29 03:53:27 +02:00
static void netdev_preauth_destroy(void *data)
{
struct netdev_preauth_state *state = data;
if (state->cb)
state->cb(state->netdev, NETDEV_RESULT_ABORTED, NULL,
state->user_data);
l_free(state);
}
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
static void netdev_ft_ds_entry_free(void *data)
{
struct netdev_ft_over_ds_info *info = data;
ft_ds_info_free(&info->super);
}
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
static void netdev_connect_free(struct netdev *netdev)
{
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
if (netdev->work.id)
wiphy_radio_work_done(netdev->wiphy, netdev->work.id);
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
if (netdev->sm) {
eapol_sm_free(netdev->sm);
netdev->sm = NULL;
}
fils: netdev: update to use auth_proto concepts
2019-05-03 20:59:51 +02:00
if (netdev->ap) {
auth_proto_free(netdev->ap);
netdev->ap = NULL;
}
netdev: Add netdev_preauthenticate Add preauthentication logic. The callback receives the new PMK only.
2017-04-29 03:53:27 +02:00
eapol_preauth_cancel(netdev->index);
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
if (netdev->handshake) {
handshake_state_free(netdev->handshake);
netdev->handshake = NULL;
netdev: Fix double-free We should only call eapol_cancel if netdev_connect_free was not triggered as a result of handshake failure.
2016-08-23 20:15:00 +02:00
}
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev: More neighbor_report_req error handling Make sure that the Neighbor Report timeout is cancelled when connection breaks or device is being destroyed, and call the callback. Add an errno parameter to the callback to indicate the cause.
2017-01-23 12:38:40 +01:00
if (netdev->neighbor_report_cb) {
netdev->neighbor_report_cb(netdev, -ENOTCONN, NULL, 0,
netdev->user_data);
netdev->neighbor_report_cb = NULL;
l_timeout_remove(netdev->neighbor_report_timeout);
}
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
if (netdev->sa_query_timeout) {
l_timeout_remove(netdev->sa_query_timeout);
netdev->sa_query_timeout = NULL;
}
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
if (netdev->group_handshake_timeout) {
l_timeout_remove(netdev->group_handshake_timeout);
netdev->group_handshake_timeout = NULL;
}
netdev: Handle deauth frames prior to association In some cases the AP can send a deauthenticate frame right after accepting our authentication. In this case the kernel never properly sends a CMD_CONNECT event with a failure, even though CMD_COONNECT was used to initiate the connection. Try to work around that by detecting that a Deauthenticate event arrives prior to any Associte or Connect events and handle this case as a connect failure.
2021-01-13 20:31:23 +01:00
netdev->associated = false;
netdev: keep track of operational state We should not attempt to call connect_failed if we're have become operational. E.g. successfully associated, ran eapol if necessary and set operstate.
2016-09-22 22:55:07 +02:00
netdev->operational = false;
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev->connected = false;
netdev->connect_cb = NULL;
netdev->event_filter = NULL;
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
netdev->user_data = NULL;
netdev->result = NETDEV_RESULT_OK;
netdev: station: fix status/reason code in callbacks This change cleans up the mess of status vs reason codes. The two types of codes have already been separated into different enumerations, but netdev was still treating them the same (with last_status_code). A new 'event_data' argument was added to the connect callback, which has a different meaning depending on the result of the connection (described inside netdev.h, netdev_connect_cb_t). This allows for the removal of netdev_get_last_status_code since the status or reason code is now passed via event_data. Inside the netdev object last_status_code was renamed to last_code, for the purpose of storing either status or reason. This is only used when a disconnect needs to be emitted before failing the connection. In all other cases we just pass the code directly into the connect_cb and do not store it. All ocurrences of netdev_connect_failed were updated to use the proper code depending on the netdev result. Most of these simply changed from REASON_CODE_UNSPECIFIED to STATUS_CODE_UNSPECIFIED. This was simply for consistency (both codes have the same value). netdev_[authenticate|associate]_event's were updated to parse the status code and, if present, use that if their was a failure rather than defaulting to UNSPECIFIED.
2019-02-28 18:32:40 +01:00
netdev->last_code = 0;
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
netdev->in_ft = false;
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
netdev->in_reassoc = false;
netdev: process association in netdev_associate_event Apart from OWE, the association event was disregarded and all association processing was done in netdev_connect_event. This led to netdev_connect_event having to handle all the logic of both success and failure, as well as parsing the association for FT and OWE. Also, without checking the status code in the associate frame there is the potential for the kernel to think we are connected even if association failed (e.g. rogue AP). This change introduces two flags into netdev, expect_connect_failure and ignore_connect_event. All the FT processing that was once in netdev_connect_event has now been moved into netdev_associate_event, as well as non-FT associate frame processing. The connect event now only handles failure cases for soft/half MAC cards. Note: Since fullmac cards rely on the connect event, the eapol_start and netdev_connect_ok were left in netdev_connect_event. Since neither auth/assoc events come in on fullmac we shouldn't have any conflict with the new flags. Once a connection has completed association, EAPoL is started from netdev_associate_event (if required) and the ignore_connect_event flag can be set. This will bypass the connect event. If a connection has failed during association for whatever reason, we can set expect_connect_failure, the netdev reason, and the MPDU status code. This allows netdev_connect_event to both handle the error, and, if required, send a deauth telling the kernel that we have failed (protecting against the rogue AP situation).
2019-03-05 22:42:33 +01:00
netdev->ignore_connect_event = false;
netdev->expect_connect_failure = false;
netdev: preserve cur_rssi_low across reassociation Fix an issue with the recent changes to signal monitoring from commit f456501b ("station: retry roaming unless notified of a high RSSI"): 1. driver sends NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW 2. netdev->cur_rssi_low changes from FALSE to TRUE 3. netdev sends NETDEV_EVENT_RSSI_THRESHOLD_LOW to station 4. on roam reassociation, cur_rssi_low is reset to FALSE 5. station still assumes RSSI is low, periodically roams until netdev sends NETDEV_EVENT_RSSI_THRESHOLD_HIGH 6. driver sends NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH 7. netdev->cur_rssi_low doesn't change (still FALSE) 8. netdev never sends NETDEV_EVENT_RSSI_THRESHOLD_HIGH 9. station remains stuck in an infinite roaming loop The commit in question introduced the logic in (5). Previously the assumption in station was - like in netdev - that if the signal was still low, the driver would send a duplicate LOW event after reassociation. This change makes netdev follow the same new logic as station, i.e. assume the same signal state (LOW/HIGH) until told otherwise by the driver.
2021-01-28 14:24:30 +01:00
netdev->cur_rssi_low = false;
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
if (netdev->connect_cmd) {
l_genl_msg_unref(netdev->connect_cmd);
netdev->connect_cmd = NULL;
}
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
netdev_rssi_polling_update(netdev);
netdev: Cancel the CMD_CONNECT genl command on disconnect CMD_DISCONNECT fails on some occasions when CMD_CONNECT is still running. When this happens the DBus disconnect command receives an error reply but iwd's device state is left as disconnected even though there's a connection at the kernel level which times out a few seconds later. If the CMD_CONNECT is cancelled I couldn't reproduce this so far. src/network.c:network_connect() src/network.c:network_connect_psk() src/network.c:network_connect_psk() psk: 69ae3f8b2f84a438cf6a44275913182dd2714510ccb8cbdf8da9dc8b61718560 src/network.c:network_connect_psk() len: 32 src/network.c:network_connect_psk() ask_psk: false src/device.c:device_enter_state() Old State: disconnected, new state: connecting src/scan.c:scan_notify() Scan notification 33 src/device.c:device_netdev_event() Associating src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/device.c:device_dbus_disconnect() src/device.c:device_connect_cb() 6, result: 5 src/device.c:device_enter_state() Old State: connecting, new state: disconnecting src/device.c:device_disconnect_cb() 6, success: 0 src/device.c:device_enter_state() Old State: disconnecting, new state: disconnected src/scan.c:scan_notify() Scan notification 34 src/netdev.c:netdev_mlme_notify() MLME notification 19 src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 37 src/netdev.c:netdev_authenticate_event() src/scan.c:get_scan_callback() get_scan_callback src/scan.c:get_scan_done() get_scan_done src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 19 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 38 src/netdev.c:netdev_associate_event() src/netdev.c:netdev_mlme_notify() MLME notification 46 src/netdev.c:netdev_connect_event() <delay> src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 src/netdev.c:netdev_mlme_notify() MLME notification 39 src/netdev.c:netdev_deauthenticate_event()
2016-08-05 14:25:34 +02:00
if (netdev->connect_cmd_id) {
l_genl_family_cancel(nl80211, netdev->connect_cmd_id);
netdev->connect_cmd_id = 0;
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
} else if (netdev->disconnect_cmd_id) {
l_genl_family_cancel(nl80211, netdev->disconnect_cmd_id);
netdev->disconnect_cmd_id = 0;
netdev: Cancel the CMD_CONNECT genl command on disconnect CMD_DISCONNECT fails on some occasions when CMD_CONNECT is still running. When this happens the DBus disconnect command receives an error reply but iwd's device state is left as disconnected even though there's a connection at the kernel level which times out a few seconds later. If the CMD_CONNECT is cancelled I couldn't reproduce this so far. src/network.c:network_connect() src/network.c:network_connect_psk() src/network.c:network_connect_psk() psk: 69ae3f8b2f84a438cf6a44275913182dd2714510ccb8cbdf8da9dc8b61718560 src/network.c:network_connect_psk() len: 32 src/network.c:network_connect_psk() ask_psk: false src/device.c:device_enter_state() Old State: disconnected, new state: connecting src/scan.c:scan_notify() Scan notification 33 src/device.c:device_netdev_event() Associating src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/device.c:device_dbus_disconnect() src/device.c:device_connect_cb() 6, result: 5 src/device.c:device_enter_state() Old State: connecting, new state: disconnecting src/device.c:device_disconnect_cb() 6, success: 0 src/device.c:device_enter_state() Old State: disconnecting, new state: disconnected src/scan.c:scan_notify() Scan notification 34 src/netdev.c:netdev_mlme_notify() MLME notification 19 src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 37 src/netdev.c:netdev_authenticate_event() src/scan.c:get_scan_callback() get_scan_callback src/scan.c:get_scan_done() get_scan_done src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 19 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 38 src/netdev.c:netdev_associate_event() src/netdev.c:netdev_mlme_notify() MLME notification 46 src/netdev.c:netdev_connect_event() <delay> src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 src/netdev.c:netdev_mlme_notify() MLME notification 39 src/netdev.c:netdev_deauthenticate_event()
2016-08-05 14:25:34 +02:00
}
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
if (netdev->ft_ds_list) {
l_queue_destroy(netdev->ft_ds_list, netdev_ft_ds_entry_free);
netdev->ft_ds_list = NULL;
}
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
}
netdev: store mpdu status and add getter Soon BSS blacklisting will be added, and in order to properly decide if a BSS should be blacklisted we need the status code on a failed connection. This change stores the status code when there is a failure in netdev and adds a getter to retrieve later. In many cases we have the actual status code from the AP, but in some corner cases its not obtainable (e.g. an error sending an NL80211 command) in which case we just default to MMPDU_REASON_CODE_UNSPECIFIED. Rather than continue with the pattern of setting netdev->result and now netdev->last_status_code, the netdev_connect_failed function was redefined so its no longer used as both a NL80211 callback and called directly. Instead a new function was added, netdev_disconnect_cb which just calls netdev_connect_failed. netdev_disconnect_cb should not be used for all the NL80211 disconnect commands. Now netdev_connect_failed takes both a result and status code which it sets in the netdev object. In the case where we were using netdev_connect_failed as a callback we still need to set the result and last_status_code but at least this is better than having to set those in all cases.
2019-01-24 21:56:23 +01:00
static void netdev_connect_failed(struct netdev *netdev,
enum netdev_result result,
netdev: station: fix status/reason code in callbacks This change cleans up the mess of status vs reason codes. The two types of codes have already been separated into different enumerations, but netdev was still treating them the same (with last_status_code). A new 'event_data' argument was added to the connect callback, which has a different meaning depending on the result of the connection (described inside netdev.h, netdev_connect_cb_t). This allows for the removal of netdev_get_last_status_code since the status or reason code is now passed via event_data. Inside the netdev object last_status_code was renamed to last_code, for the purpose of storing either status or reason. This is only used when a disconnect needs to be emitted before failing the connection. In all other cases we just pass the code directly into the connect_cb and do not store it. All ocurrences of netdev_connect_failed were updated to use the proper code depending on the netdev result. Most of these simply changed from REASON_CODE_UNSPECIFIED to STATUS_CODE_UNSPECIFIED. This was simply for consistency (both codes have the same value). netdev_[authenticate|associate]_event's were updated to parse the status code and, if present, use that if their was a failure rather than defaulting to UNSPECIFIED.
2019-02-28 18:32:40 +01:00
uint16_t status_or_reason)
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
{
netdev_connect_cb_t connect_cb = netdev->connect_cb;
netdev: Emit DISCONNECT_BY_SME event on eapol failures There are situations when a CMD_DISCONNECT or deauthenticate will be issued locally because of an error detected locally where netdev would not be able to emit a event to the device object. The CMD_DISCONNECT handler can only send an event if the disconnect is triggered by the AP because we don't have an enum value defined for other diconnects. We have these values defined for the connect callback but those errors may happen when the connect callback is already NULL because a connection has been estabilshed. So add an event type for local errors. These situations may occur in a transition negotiation or in an eapol handshake failure during rekeying resulting in a call to netdev_handshake_failed.
2016-12-12 18:34:28 +01:00
netdev_event_func_t event_filter = netdev->event_filter;
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
void *connect_data = netdev->user_data;
netdev: store mpdu status and add getter Soon BSS blacklisting will be added, and in order to properly decide if a BSS should be blacklisted we need the status code on a failed connection. This change stores the status code when there is a failure in netdev and adds a getter to retrieve later. In many cases we have the actual status code from the AP, but in some corner cases its not obtainable (e.g. an error sending an NL80211 command) in which case we just default to MMPDU_REASON_CODE_UNSPECIFIED. Rather than continue with the pattern of setting netdev->result and now netdev->last_status_code, the netdev_connect_failed function was redefined so its no longer used as both a NL80211 callback and called directly. Instead a new function was added, netdev_disconnect_cb which just calls netdev_connect_failed. netdev_disconnect_cb should not be used for all the NL80211 disconnect commands. Now netdev_connect_failed takes both a result and status code which it sets in the netdev object. In the case where we were using netdev_connect_failed as a callback we still need to set the result and last_status_code but at least this is better than having to set those in all cases.
2019-01-24 21:56:23 +01:00
netdev: Fix typo
2016-12-20 17:31:33 +01:00
/* Done this way to allow re-entrant netdev_connect calls */
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
netdev_connect_free(netdev);
if (connect_cb)
netdev: station: fix status/reason code in callbacks This change cleans up the mess of status vs reason codes. The two types of codes have already been separated into different enumerations, but netdev was still treating them the same (with last_status_code). A new 'event_data' argument was added to the connect callback, which has a different meaning depending on the result of the connection (described inside netdev.h, netdev_connect_cb_t). This allows for the removal of netdev_get_last_status_code since the status or reason code is now passed via event_data. Inside the netdev object last_status_code was renamed to last_code, for the purpose of storing either status or reason. This is only used when a disconnect needs to be emitted before failing the connection. In all other cases we just pass the code directly into the connect_cb and do not store it. All ocurrences of netdev_connect_failed were updated to use the proper code depending on the netdev result. Most of these simply changed from REASON_CODE_UNSPECIFIED to STATUS_CODE_UNSPECIFIED. This was simply for consistency (both codes have the same value). netdev_[authenticate|associate]_event's were updated to parse the status code and, if present, use that if their was a failure rather than defaulting to UNSPECIFIED.
2019-02-28 18:32:40 +01:00
connect_cb(netdev, result, &status_or_reason, connect_data);
netdev: ensure DISCONNECT_BY_SME uses a reason_code Station callbacks expect a reason code (as opposed to status codes) with this event type.
2021-05-10 12:12:04 +02:00
else if (event_filter) {
/* NETDEV_EVENT_DISCONNECT_BY_SME expects a reason code */
if (result != NETDEV_RESULT_HANDSHAKE_FAILED)
status_or_reason = MMPDU_REASON_CODE_UNSPECIFIED;
netdev: Emit DISCONNECT_BY_SME event on eapol failures There are situations when a CMD_DISCONNECT or deauthenticate will be issued locally because of an error detected locally where netdev would not be able to emit a event to the device object. The CMD_DISCONNECT handler can only send an event if the disconnect is triggered by the AP because we don't have an enum value defined for other diconnects. We have these values defined for the connect callback but those errors may happen when the connect callback is already NULL because a connection has been estabilshed. So add an event type for local errors. These situations may occur in a transition negotiation or in an eapol handshake failure during rekeying resulting in a call to netdev_handshake_failed.
2016-12-12 18:34:28 +01:00
event_filter(netdev, NETDEV_EVENT_DISCONNECT_BY_SME,
netdev: pass event data to netdev events Several netdev events benefit from including event data in the callback. This is similar to how the connect callback works as well. The content of the event data is documented in netdev.h (netdev_event_func_t). By including event data for the two disconnect events, we can pass the reason code to better handle the failure in station.c. Now, inside station_disconnect_event, we still check if there is a pending connection, and if so we can call the connect callback directly with HANDSHAKE_FAILED. Doing it this way unifies the code path into a single switch statment to handle all failures. In addition, we pass the RSSI level index as event data to RSSI_LEVEL_NOTIFY. This removes the need for a getter to be exposed in netdev.h.
2019-03-01 00:41:51 +01:00
&status_or_reason,
netdev: Emit DISCONNECT_BY_SME event on eapol failures There are situations when a CMD_DISCONNECT or deauthenticate will be issued locally because of an error detected locally where netdev would not be able to emit a event to the device object. The CMD_DISCONNECT handler can only send an event if the disconnect is triggered by the AP because we don't have an enum value defined for other diconnects. We have these values defined for the connect callback but those errors may happen when the connect callback is already NULL because a connection has been estabilshed. So add an event type for local errors. These situations may occur in a transition negotiation or in an eapol handshake failure during rekeying resulting in a call to netdev_handshake_failed.
2016-12-12 18:34:28 +01:00
connect_data);
netdev: ensure DISCONNECT_BY_SME uses a reason_code Station callbacks expect a reason code (as opposed to status codes) with this event type.
2021-05-10 12:12:04 +02:00
}
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
}
netdev: store mpdu status and add getter Soon BSS blacklisting will be added, and in order to properly decide if a BSS should be blacklisted we need the status code on a failed connection. This change stores the status code when there is a failure in netdev and adds a getter to retrieve later. In many cases we have the actual status code from the AP, but in some corner cases its not obtainable (e.g. an error sending an NL80211 command) in which case we just default to MMPDU_REASON_CODE_UNSPECIFIED. Rather than continue with the pattern of setting netdev->result and now netdev->last_status_code, the netdev_connect_failed function was redefined so its no longer used as both a NL80211 callback and called directly. Instead a new function was added, netdev_disconnect_cb which just calls netdev_connect_failed. netdev_disconnect_cb should not be used for all the NL80211 disconnect commands. Now netdev_connect_failed takes both a result and status code which it sets in the netdev object. In the case where we were using netdev_connect_failed as a callback we still need to set the result and last_status_code but at least this is better than having to set those in all cases.
2019-01-24 21:56:23 +01:00
static void netdev_disconnect_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = user_data;
netdev: Move disconnect_cmd_id reset This operation logically belongs in the callback, not a common operation that is also invoked from event handlers.
2021-04-27 23:15:24 +02:00
netdev->disconnect_cmd_id = 0;
netdev: station: fix status/reason code in callbacks This change cleans up the mess of status vs reason codes. The two types of codes have already been separated into different enumerations, but netdev was still treating them the same (with last_status_code). A new 'event_data' argument was added to the connect callback, which has a different meaning depending on the result of the connection (described inside netdev.h, netdev_connect_cb_t). This allows for the removal of netdev_get_last_status_code since the status or reason code is now passed via event_data. Inside the netdev object last_status_code was renamed to last_code, for the purpose of storing either status or reason. This is only used when a disconnect needs to be emitted before failing the connection. In all other cases we just pass the code directly into the connect_cb and do not store it. All ocurrences of netdev_connect_failed were updated to use the proper code depending on the netdev result. Most of these simply changed from REASON_CODE_UNSPECIFIED to STATUS_CODE_UNSPECIFIED. This was simply for consistency (both codes have the same value). netdev_[authenticate|associate]_event's were updated to parse the status code and, if present, use that if their was a failure rather than defaulting to UNSPECIFIED.
2019-02-28 18:32:40 +01:00
netdev_connect_failed(netdev, netdev->result, netdev->last_code);
netdev: store mpdu status and add getter Soon BSS blacklisting will be added, and in order to properly decide if a BSS should be blacklisted we need the status code on a failed connection. This change stores the status code when there is a failure in netdev and adds a getter to retrieve later. In many cases we have the actual status code from the AP, but in some corner cases its not obtainable (e.g. an error sending an NL80211 command) in which case we just default to MMPDU_REASON_CODE_UNSPECIFIED. Rather than continue with the pattern of setting netdev->result and now netdev->last_status_code, the netdev_connect_failed function was redefined so its no longer used as both a NL80211 callback and called directly. Instead a new function was added, netdev_disconnect_cb which just calls netdev_connect_failed. netdev_disconnect_cb should not be used for all the NL80211 disconnect commands. Now netdev_connect_failed takes both a result and status code which it sets in the netdev object. In the case where we were using netdev_connect_failed as a callback we still need to set the result and last_status_code but at least this is better than having to set those in all cases.
2019-01-24 21:56:23 +01:00
}
netdev: Add netdev_find
2016-06-01 22:35:26 +02:00
static void netdev_free(void *data)
{
struct netdev *netdev = data;
l_debug("Freeing netdev %s[%d]", netdev->name, netdev->index);
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
netdev: Check ifi_flags in netdev_connect/disconnect Also, set the flags appropriately when removing the netdev object. This prevents callers from accidentally starting any actions that will simply fail.
2021-05-29 05:39:05 +02:00
netdev->ifi_flags &= ~IFF_UP;
netdev: Notify EVENT_DEL earlier If we're going down, make sure to notify any watches about EVENT_DEL earlier. Not doing so might result in us not cleaning up requests that might have been started as the result of this event.
2021-05-29 05:34:39 +02:00
if (netdev->events_ready)
WATCHLIST_NOTIFY(&netdev_watches, netdev_watch_func_t,
netdev, NETDEV_WATCH_EVENT_DEL);
netdev: More neighbor_report_req error handling Make sure that the Neighbor Report timeout is cancelled when connection breaks or device is being destroyed, and call the callback. Add an errno parameter to the callback to indicate the cause.
2017-01-23 12:38:40 +01:00
if (netdev->neighbor_report_cb) {
netdev->neighbor_report_cb(netdev, -ENODEV, NULL, 0,
netdev->user_data);
netdev->neighbor_report_cb = NULL;
l_timeout_remove(netdev->neighbor_report_timeout);
}
netdev: Better detect connecting state netdev_free relies on netdev->connected being set to detect whether a connection is in progress. This variable is only set once the driver has been connected however, so for situations where a CMD_CONNECT is still 'in flight' or if the wiphy work is still pending, the ongoing connection will not be canceled. Fix that by being more thorough when trying to detect that a connection is in progress. src/wiphy.c:wiphy_radio_work_next() Starting work item 2 Terminate src/netdev.c:netdev_free() Freeing netdev wlan0[9] src/device.c:device_free() src/station.c:station_free() src/netconfig.c:netconfig_destroy() Removing scan context for wdev c src/scan.c:scan_context_free() sc: 0x4a44c80 src/netdev.c:netdev_mlme_notify() MLME notification New Station(19) src/netdev.c:netdev_link_notify() event 16 on ifindex 9 ==6356== Invalid write of size 4 ==6356== at 0x40A253: netdev_cmd_connect_cb (netdev.c:2522) ==6356== by 0x4A8886: process_unicast (genl.c:986) ==6356== by 0x4A8C48: received_data (genl.c:1098) ==6356== by 0x4A3DFD: io_callback (io.c:120) ==6356== by 0x4A2799: l_main_iterate (main.c:478) ==6356== by 0x4A28DA: l_main_run (main.c:525) ==6356== by 0x4A2BF2: l_main_run_with_signal (main.c:647) ==6356== by 0x404D27: main (main.c:542) ==6356== Address 0x4a3e418 is 152 bytes inside a block of size 472 free'd ==6356== at 0x48399CB: free (vg_replace_malloc.c:538) ==6356== by 0x49996F: l_free (util.c:136) ==6356== by 0x406662: netdev_free (netdev.c:886) ==6356== by 0x4129C2: netdev_shutdown (netdev.c:5980) ==6356== by 0x403A14: iwd_shutdown (main.c:79) ==6356== by 0x403A7D: signal_handler (main.c:90) ==6356== by 0x4A2AFB: sigint_handler (main.c:612) ==6356== by 0x4A2F3B: handle_callback (signal.c:78) ==6356== by 0x4A3030: signalfd_read_cb (signal.c:104) ==6356== by 0x4A3DFD: io_callback (io.c:120) ==6356== by 0x4A2799: l_main_iterate (main.c:478) ==6356== by 0x4A28DA: l_main_run (main.c:525) ==6356== Block was alloc'd at ==6356== at 0x483879F: malloc (vg_replace_malloc.c:307) ==6356== by 0x49983B: l_malloc (util.c:62) ==6356== by 0x4121BD: netdev_create_from_genl (netdev.c:5776) ==6356== by 0x451F6F: manager_new_station_interface_cb (manager.c:173) ==6356== by 0x4A8886: process_unicast (genl.c:986) ==6356== by 0x4A8C48: received_data (genl.c:1098) ==6356== by 0x4A3DFD: io_callback (io.c:120) ==6356== by 0x4A2799: l_main_iterate (main.c:478) ==6356== by 0x4A28DA: l_main_run (main.c:525) ==6356== by 0x4A2BF2: l_main_run_with_signal (main.c:647) ==6356== by 0x404D27: main (main.c:542)
2021-06-02 01:16:03 +02:00
if (netdev->connected || netdev->connect_cmd_id || netdev->work.id)
[PATCH netdev: Don't generate disconnect event in netdev_free As discussed previously there's no point in having device.c change state to autoconnect when device_remove will be called next.
2017-02-10 03:23:15 +01:00
netdev_connect_free(netdev);
netdev: Always cleanup disconnect_cmd_id
2021-05-29 05:36:56 +02:00
if (netdev->disconnect_cmd_id) {
netdev: Finalize disconnects on device removal When device is removed or otherwise freed, netdev_connect callbacks are invoked. Treat disconnects similarly
2016-09-21 22:20:51 +02:00
l_genl_family_cancel(nl80211, netdev->disconnect_cmd_id);
netdev->disconnect_cmd_id = 0;
if (netdev->disconnect_cb)
netdev->disconnect_cb(netdev, true, netdev->user_data);
netdev->disconnect_cb = NULL;
netdev->user_data = NULL;
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
}
netdev: Move eapol_read to eapol.c
2016-06-28 23:58:17 +02:00
netdev: Always cleanup disconnect_cmd_id
2021-05-29 05:36:56 +02:00
if (netdev->disconnect_idle) {
l_idle_remove(netdev->disconnect_idle);
netdev->disconnect_idle = NULL;
}
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
if (netdev->join_adhoc_cmd_id) {
l_genl_family_cancel(nl80211, netdev->join_adhoc_cmd_id);
netdev->join_adhoc_cmd_id = 0;
}
if (netdev->leave_adhoc_cmd_id) {
l_genl_family_cancel(nl80211, netdev->leave_adhoc_cmd_id);
netdev->leave_adhoc_cmd_id = 0;
}
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
if (netdev->set_powered_cmd_id) {
l_netlink_cancel(rtnl, netdev->set_powered_cmd_id);
netdev->set_powered_cmd_id = 0;
}
netdev: add an ability to cancel hw rekey cmd ==1628== Invalid read of size 1 ==1628== at 0x405E71: hardware_rekey_cb (netdev.c:1381) ==1628== by 0x444E5B: process_unicast (genl.c:415) ==1628== by 0x444E5B: received_data (genl.c:534) ==1628== by 0x442032: io_callback (io.c:126) ==1628== by 0x4414CD: l_main_iterate (main.c:387) ==1628== by 0x44158B: l_main_run (main.c:434) ==1628== by 0x403775: main (main.c:489) ==1628== Address 0x5475208 is 312 bytes inside a block of size 320 free'd ==1628== at 0x4C2ED18: free (vg_replace_malloc.c:530) ==1628== by 0x43D94D: l_queue_clear (queue.c:107) ==1628== by 0x43D998: l_queue_destroy (queue.c:82) ==1628== by 0x40B431: netdev_shutdown (netdev.c:4765) ==1628== by 0x403B17: iwd_shutdown (main.c:81) ==1628== by 0x4419D2: signal_callback (signal.c:82) ==1628== by 0x4414CD: l_main_iterate (main.c:387) ==1628== by 0x44158B: l_main_run (main.c:434) ==1628== by 0x403775: main (main.c:489) ==1628== Block was alloc'd at ==1628== at 0x4C2DB6B: malloc (vg_replace_malloc.c:299) ==1628== by 0x43CA4D: l_malloc (util.c:62) ==1628== by 0x40A853: netdev_create_from_genl (netdev.c:4517) ==1628== by 0x444E5B: process_unicast (genl.c:415) ==1628== by 0x444E5B: received_data (genl.c:534) ==1628== by 0x442032: io_callback (io.c:126) ==1628== by 0x4414CD: l_main_iterate (main.c:387) ==1628== by 0x44158B: l_main_run (main.c:434) ==1628== by 0x403775: main (main.c:489)
2018-10-19 23:19:26 +02:00
if (netdev->rekey_offload_cmd_id) {
l_genl_family_cancel(nl80211, netdev->rekey_offload_cmd_id);
netdev->rekey_offload_cmd_id = 0;
}
netdev: handle QoS Map IE/Frame The QoS Map can come in either as a management frame or via the Associate Response. In either case this IE simply needs to be forwarded back to the kernel.
2019-09-14 00:26:31 +02:00
if (netdev->qos_map_cmd_id) {
l_genl_family_cancel(nl80211, netdev->qos_map_cmd_id);
netdev->qos_map_cmd_id = 0;
}
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
if (netdev->mac_change_cmd_id) {
l_netlink_cancel(rtnl, netdev->mac_change_cmd_id);
netdev->mac_change_cmd_id = 0;
}
netdev: add netdev_get_station/current_station This adds a generalized API for GET_STATION. This API handles calling and parsing the results into a new structure, netdev_station_info. This results structure will hold any data needed by consumers of netdev_get_station. A helper API (netdev_get_current_station) was added as a convenience which automatically passes handshake->aa as the MAC. For now only the RSSI is parsed as this is already being done for RSSI polling/events. Looking further more info will be added such as rx/tx rates and estimated throughput.
2021-01-12 18:17:17 +01:00
if (netdev->get_station_cmd_id) {
l_genl_family_cancel(nl80211, netdev->get_station_cmd_id);
netdev->get_station_cmd_id = 0;
}
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
if (netdev->fw_roam_bss)
scan_bss_free(netdev->fw_roam_bss);
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
if (netdev->ft_ds_list) {
l_queue_destroy(netdev->ft_ds_list, netdev_ft_ds_entry_free);
netdev->ft_ds_list = NULL;
}
device/netdev: init scan in netdev instead of device Commit 1057d8aa743a changed the device interface creation logic from being unconditional inside netdev.c to instead use NETDEV_WATCH_* events. However, this broke the assumption that the device interface was created before all others. The effect is that the scan_wdev_add might no longer be called prior to station interface being created. Fix this by moving scan_wdev_add/remove calls to netdev.c instead. Fixes: 1057d8aa743a ("device: Move device creation from netdev.c to event watch")
2019-12-06 17:11:51 +01:00
scan_wdev_remove(netdev->wdev_id);
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
watchlist_destroy(&netdev->station_watches);
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
l_io_destroy(netdev->pae_io);
netdev: Properly cleanup removed interfaces
2016-07-20 00:45:48 +02:00
l_free(netdev);
}
static void netdev_shutdown_one(void *data, void *user_data)
{
struct netdev *netdev = data;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
if (netdev_get_is_up(netdev))
netdev: Use ell's rtnl APIs
2020-02-15 10:48:39 +01:00
l_rtnl_set_powered(rtnl, netdev->index, false,
NULL, NULL, NULL);
netdev: Add netdev_find
2016-06-01 22:35:26 +02:00
}
static bool netdev_match(const void *a, const void *b)
{
const struct netdev *netdev = a;
uint32_t ifindex = L_PTR_TO_UINT(b);
return (netdev->index == ifindex);
}
struct netdev *netdev_find(int ifindex)
{
return l_queue_find(netdev_list, netdev_match, L_UINT_TO_PTR(ifindex));
}
netdev: add conf option to set RSSI threshold Environments with several AP's, all at low signal strength may want to lower the roaming RSSI threshold to prevent IWD from roaming excessively. This adds an option 'roam_rssi_threshold', which is still defaulted to -70.
2019-03-21 17:03:45 +01:00
/* Threshold RSSI for roaming to trigger, configurable in main.conf */
static int LOW_SIGNAL_THRESHOLD;
netdev: introduce [General].RoamThreshold5G This value sets the roaming threshold on 5GHz networks. The threshold has been separated from 2.4GHz because in many cases 5GHz can perform much better at low RSSI than 2.4GHz. In addition the BSS ranking logic was re-worked and now 5GHz is much more preferred, even at low RSSI. This means we need a lower floor for RSSI before roaming, otherwise IWD would end up roaming immediately after connecting due to low RSSI CQM events.
2021-05-07 22:26:18 +02:00
static int LOW_SIGNAL_THRESHOLD_5GHZ;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
static void netdev_cqm_event_rssi_threshold(struct netdev *netdev,
uint32_t rssi_event)
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
{
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
int event;
netdev: fix segfault due to roaming before connected In this situation the kernel is sending a low RSSI event which netdev picks up, but since we set netdev->connected so early the event is forwarded to station before IWD has fully connected. Station then tries to get a neighbor report, which may fail and cause a known frequency scan. If this is a new network the frequency scan tries to get any known frequencies in network_info which will be unset and cause a segfault. This can be avoided by only sending RSSI events when netdev->operational is set rather than netdev->connected.
2020-05-04 23:30:55 +02:00
if (!netdev->operational)
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
return;
if (rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH)
return;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
if (!netdev->event_filter)
return;
netdev->cur_rssi_low =
(rssi_event == NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW);
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
event = netdev->cur_rssi_low ? NETDEV_EVENT_RSSI_THRESHOLD_LOW :
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
NETDEV_EVENT_RSSI_THRESHOLD_HIGH;
netdev: pass event data to netdev events Several netdev events benefit from including event data in the callback. This is similar to how the connect callback works as well. The content of the event data is documented in netdev.h (netdev_event_func_t). By including event data for the two disconnect events, we can pass the reason code to better handle the failure in station.c. Now, inside station_disconnect_event, we still check if there is a pending connection, and if so we can call the connect callback directly with HANDSHAKE_FAILED. Doing it this way unifies the code path into a single switch statment to handle all failures. In addition, we pass the RSSI level index as event data to RSSI_LEVEL_NOTIFY. This removes the need for a getter to be exposed in netdev.h.
2019-03-01 00:41:51 +01:00
netdev->event_filter(netdev, event, NULL, netdev->user_data);
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
}
static void netdev_rssi_level_init(struct netdev *netdev)
{
if (netdev->connected && netdev->rssi_levels_num)
netdev_set_rssi_level_idx(netdev);
}
static void netdev_cqm_event_rssi_value(struct netdev *netdev, int rssi_val)
{
bool new_rssi_low;
uint8_t prev_rssi_level_idx = netdev->cur_rssi_level_idx;
netdev: introduce [General].RoamThreshold5G This value sets the roaming threshold on 5GHz networks. The threshold has been separated from 2.4GHz because in many cases 5GHz can perform much better at low RSSI than 2.4GHz. In addition the BSS ranking logic was re-worked and now 5GHz is much more preferred, even at low RSSI. This means we need a lower floor for RSSI before roaming, otherwise IWD would end up roaming immediately after connecting due to low RSSI CQM events.
2021-05-07 22:26:18 +02:00
int threshold = netdev->frequency > 4000 ? LOW_SIGNAL_THRESHOLD_5GHZ :
LOW_SIGNAL_THRESHOLD;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
if (!netdev->connected)
return;
if (rssi_val > 127)
rssi_val = 127;
else if (rssi_val < -127)
rssi_val = -127;
netdev->cur_rssi = rssi_val;
if (!netdev->event_filter)
return;
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
netdev: introduce [General].RoamThreshold5G This value sets the roaming threshold on 5GHz networks. The threshold has been separated from 2.4GHz because in many cases 5GHz can perform much better at low RSSI than 2.4GHz. In addition the BSS ranking logic was re-worked and now 5GHz is much more preferred, even at low RSSI. This means we need a lower floor for RSSI before roaming, otherwise IWD would end up roaming immediately after connecting due to low RSSI CQM events.
2021-05-07 22:26:18 +02:00
new_rssi_low = rssi_val < threshold;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
if (netdev->cur_rssi_low != new_rssi_low) {
int event = new_rssi_low ?
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
NETDEV_EVENT_RSSI_THRESHOLD_LOW :
NETDEV_EVENT_RSSI_THRESHOLD_HIGH;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
netdev->cur_rssi_low = new_rssi_low;
netdev: pass event data to netdev events Several netdev events benefit from including event data in the callback. This is similar to how the connect callback works as well. The content of the event data is documented in netdev.h (netdev_event_func_t). By including event data for the two disconnect events, we can pass the reason code to better handle the failure in station.c. Now, inside station_disconnect_event, we still check if there is a pending connection, and if so we can call the connect callback directly with HANDSHAKE_FAILED. Doing it this way unifies the code path into a single switch statment to handle all failures. In addition, we pass the RSSI level index as event data to RSSI_LEVEL_NOTIFY. This removes the need for a getter to be exposed in netdev.h.
2019-03-01 00:41:51 +01:00
netdev->event_filter(netdev, event, NULL, netdev->user_data);
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
}
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
if (!netdev->rssi_levels_num)
return;
netdev_set_rssi_level_idx(netdev);
if (netdev->cur_rssi_level_idx != prev_rssi_level_idx)
netdev->event_filter(netdev, NETDEV_EVENT_RSSI_LEVEL_NOTIFY,
netdev: pass event data to netdev events Several netdev events benefit from including event data in the callback. This is similar to how the connect callback works as well. The content of the event data is documented in netdev.h (netdev_event_func_t). By including event data for the two disconnect events, we can pass the reason code to better handle the failure in station.c. Now, inside station_disconnect_event, we still check if there is a pending connection, and if so we can call the connect callback directly with HANDSHAKE_FAILED. Doing it this way unifies the code path into a single switch statment to handle all failures. In addition, we pass the RSSI level index as event data to RSSI_LEVEL_NOTIFY. This removes the need for a getter to be exposed in netdev.h.
2019-03-01 00:41:51 +01:00
&netdev->cur_rssi_level_idx,
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
netdev->user_data);
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
}
netdev: Move CQM event handling out of wiphy.c
2016-06-16 18:06:17 +02:00
static void netdev_cqm_event(struct l_genl_msg *msg, struct netdev *netdev)
{
struct l_genl_attr attr;
struct l_genl_attr nested;
uint16_t type, len;
const void *data;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
uint32_t *rssi_event = NULL;
int32_t *rssi_val = NULL;
netdev: Move CQM event handling out of wiphy.c
2016-06-16 18:06:17 +02:00
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_CQM:
if (!l_genl_attr_recurse(&attr, &nested))
return;
while (l_genl_attr_next(&nested, &type, &len, &data)) {
switch (type) {
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
case NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT:
if (len != 4)
continue;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
rssi_event = (uint32_t *) data;
break;
case NL80211_ATTR_CQM_RSSI_LEVEL:
if (len != 4)
continue;
rssi_val = (int32_t *) data;
netdev: Monitor CQM RSSI level, emit RSSI LOW/HIGH events
2016-12-23 11:38:03 +01:00
break;
netdev: Move CQM event handling out of wiphy.c
2016-06-16 18:06:17 +02:00
}
}
break;
}
}
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
if (rssi_event) {
if (rssi_val)
netdev_cqm_event_rssi_value(netdev, *rssi_val);
else
netdev_cqm_event_rssi_threshold(netdev, *rssi_event);
}
netdev: Move CQM event handling out of wiphy.c
2016-06-16 18:06:17 +02:00
}
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
static void netdev_rekey_offload_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
struct l_genl_attr attr;
struct l_genl_attr nested;
uint16_t type, len;
const void *data;
uint64_t replay_ctr;
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
netdev: simplify
2016-07-20 00:52:36 +02:00
if (type != NL80211_ATTR_REKEY_DATA)
continue;
if (!l_genl_attr_recurse(&attr, &nested))
return;
while (l_genl_attr_next(&nested, &type, &len, &data)) {
if (type != NL80211_REKEY_DATA_REPLAY_CTR)
continue;
if (len != sizeof(uint64_t)) {
l_warn("Invalid replay_ctr");
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
return;
netdev: simplify
2016-07-20 00:52:36 +02:00
}
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
netdev: simplify
2016-07-20 00:52:36 +02:00
replay_ctr = *((uint64_t *) data);
__eapol_update_replay_counter(netdev->index,
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
netdev->addr,
netdev: Drop netdev->remote_addr
2016-12-12 18:34:21 +01:00
netdev->handshake->aa,
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
replay_ctr);
netdev: simplify
2016-07-20 00:52:36 +02:00
return;
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
}
}
}
netdev: Move disconnect event handling .. out of wiphy.c
2016-06-16 18:21:12 +02:00
static void netdev_disconnect_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
struct l_genl_attr attr;
uint16_t type, len;
const void *data;
uint16_t reason_code = 0;
bool disconnect_by_ap = false;
netdev: Allow disconnect_by_ap to be re-entrant
2016-10-11 08:53:59 +02:00
netdev_event_func_t event_filter;
void *event_data;
netdev: Move disconnect event handling .. out of wiphy.c
2016-06-16 18:21:12 +02:00
l_debug("");
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
if (!netdev->connected || netdev->disconnect_cmd_id > 0 ||
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
netdev->in_ft || netdev->in_reassoc)
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
return;
netdev: Move disconnect event handling .. out of wiphy.c
2016-06-16 18:21:12 +02:00
if (!l_genl_attr_init(&attr, msg)) {
l_error("attr init failed");
return;
}
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_REASON_CODE:
if (len != sizeof(uint16_t))
l_warn("Invalid reason code attribute");
else
reason_code = *((uint16_t *) data);
break;
case NL80211_ATTR_DISCONNECTED_BY_AP:
disconnect_by_ap = true;
break;
}
}
l_info("Received Deauthentication event, reason: %hu, from_ap: %s",
reason_code, disconnect_by_ap ? "true" : "false");
netdev: Allow disconnect_by_ap to be re-entrant
2016-10-11 08:53:59 +02:00
event_filter = netdev->event_filter;
event_data = netdev->user_data;
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev_connect_free(netdev);
netdev: Allow disconnect_by_ap to be re-entrant
2016-10-11 08:53:59 +02:00
netdev: Handle CMD_DISCONNECT without "by AP" flag There are situations including after beacon loss and during FT where the cfg80211 will detect we're now disconnected (in some cases will send a Deauthenticate frame too) and generate this event, or the driver may do this. For example in ieee80211_report_disconnect in net/mac80211/mlme.c will (through cfg80211) generate a CMD_DEAUTHENTICATE followed by a CMD_DISCONNECT.
2017-08-14 14:31:17 +02:00
if (!event_filter)
return;
if (disconnect_by_ap)
netdev: Allow disconnect_by_ap to be re-entrant
2016-10-11 08:53:59 +02:00
event_filter(netdev, NETDEV_EVENT_DISCONNECT_BY_AP,
netdev: pass event data to netdev events Several netdev events benefit from including event data in the callback. This is similar to how the connect callback works as well. The content of the event data is documented in netdev.h (netdev_event_func_t). By including event data for the two disconnect events, we can pass the reason code to better handle the failure in station.c. Now, inside station_disconnect_event, we still check if there is a pending connection, and if so we can call the connect callback directly with HANDSHAKE_FAILED. Doing it this way unifies the code path into a single switch statment to handle all failures. In addition, we pass the RSSI level index as event data to RSSI_LEVEL_NOTIFY. This removes the need for a getter to be exposed in netdev.h.
2019-03-01 00:41:51 +01:00
&reason_code, event_data);
netdev: Handle CMD_DISCONNECT without "by AP" flag There are situations including after beacon loss and during FT where the cfg80211 will detect we're now disconnected (in some cases will send a Deauthenticate frame too) and generate this event, or the driver may do this. For example in ieee80211_report_disconnect in net/mac80211/mlme.c will (through cfg80211) generate a CMD_DEAUTHENTICATE followed by a CMD_DISCONNECT.
2017-08-14 14:31:17 +02:00
else
event_filter(netdev, NETDEV_EVENT_DISCONNECT_BY_SME,
netdev: pass event data to netdev events Several netdev events benefit from including event data in the callback. This is similar to how the connect callback works as well. The content of the event data is documented in netdev.h (netdev_event_func_t). By including event data for the two disconnect events, we can pass the reason code to better handle the failure in station.c. Now, inside station_disconnect_event, we still check if there is a pending connection, and if so we can call the connect callback directly with HANDSHAKE_FAILED. Doing it this way unifies the code path into a single switch statment to handle all failures. In addition, we pass the RSSI level index as event data to RSSI_LEVEL_NOTIFY. This removes the need for a getter to be exposed in netdev.h.
2019-03-01 00:41:51 +01:00
&reason_code, event_data);
netdev: Move disconnect event handling .. out of wiphy.c
2016-06-16 18:21:12 +02:00
}
netdev: Use CMD_DISCONNECT for non-FT cases CMD_DEAUTHENTICATE is not available for FullMAC based cards. We already use CMD_CONNECT in the non-FT cases, which works on all cards. However, for some reason we kept using CMD_DEAUTHENTICATE instead of CMD_DISCONNECT. For FT (error) cases, keep using CMD_DEAUTHENTICATE.
2017-05-31 18:08:40 +02:00
static void netdev_cmd_disconnect_cb(struct l_genl_msg *msg, void *user_data)
netdev: Move deauthenticate handling out of wiphy.c
2016-06-16 23:05:34 +02:00
{
struct netdev *netdev = user_data;
netdev: Make invoking disconnect_cb reentrant safe
2016-09-22 23:20:33 +02:00
void *disconnect_data;
netdev_disconnect_cb_t disconnect_cb;
netdev: Move deauthenticate handling out of wiphy.c
2016-06-16 23:05:34 +02:00
bool r;
netdev: Make sure to set disconnect_cmd_id to 0
2016-09-23 04:03:00 +02:00
netdev->disconnect_cmd_id = 0;
netdev: Fix crash when aborting a connection We can crash if we abort the connection, but the connect command has already gone through. In this case we will get a sequence of authenticate_event, associate_event, connect_event. The first and last events don't crash since they check whether netdev->connected is true. However, this causes an annoying warning to be printed. Fix this by introducing an 'aborting' flag and ignore all connection related events if it is set. ++++++++ backtrace ++++++++
2019-03-08 23:09:42 +01:00
netdev->aborting = false;
netdev: Make invoking disconnect_cb reentrant safe
2016-09-22 23:20:33 +02:00
if (!netdev->disconnect_cb) {
netdev->user_data = NULL;
return;
}
disconnect_data = netdev->user_data;
disconnect_cb = netdev->disconnect_cb;
netdev->user_data = NULL;
netdev->disconnect_cb = NULL;
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev: Move deauthenticate handling out of wiphy.c
2016-06-16 23:05:34 +02:00
if (l_genl_msg_get_error(msg) < 0)
r = false;
else
r = true;
netdev: Make invoking disconnect_cb reentrant safe
2016-09-22 23:20:33 +02:00
disconnect_cb(netdev, r, disconnect_data);
netdev: Move deauthenticate handling out of wiphy.c
2016-06-16 23:05:34 +02:00
}
netdev: Use CMD_DISCONNECT for non-FT cases CMD_DEAUTHENTICATE is not available for FullMAC based cards. We already use CMD_CONNECT in the non-FT cases, which works on all cards. However, for some reason we kept using CMD_DEAUTHENTICATE instead of CMD_DISCONNECT. For FT (error) cases, keep using CMD_DEAUTHENTICATE.
2017-05-31 18:08:40 +02:00
static struct l_genl_msg *netdev_build_cmd_disconnect(struct netdev *netdev,
uint16_t reason_code)
{
struct l_genl_msg *msg;
msg = l_genl_msg_new_sized(NL80211_CMD_DISCONNECT, 64);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_REASON_CODE, 2, &reason_code);
return msg;
}
static void netdev_deauthenticate_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
netdev: Handle deauth frames prior to association In some cases the AP can send a deauthenticate frame right after accepting our authentication. In this case the kernel never properly sends a CMD_CONNECT event with a failure, even though CMD_COONNECT was used to initiate the connection. Try to work around that by detecting that a Deauthenticate event arrives prior to any Associte or Connect events and handle this case as a connect failure.
2021-01-13 20:31:23 +01:00
struct l_genl_attr attr;
uint16_t type, len;
const void *data;
const struct mmpdu_header *hdr = NULL;
uint16_t reason_code;
netdev: Use CMD_DISCONNECT for non-FT cases CMD_DEAUTHENTICATE is not available for FullMAC based cards. We already use CMD_CONNECT in the non-FT cases, which works on all cards. However, for some reason we kept using CMD_DEAUTHENTICATE instead of CMD_DISCONNECT. For FT (error) cases, keep using CMD_DEAUTHENTICATE.
2017-05-31 18:08:40 +02:00
l_debug("");
netdev: Handle deauth frames prior to association In some cases the AP can send a deauthenticate frame right after accepting our authentication. In this case the kernel never properly sends a CMD_CONNECT event with a failure, even though CMD_COONNECT was used to initiate the connection. Try to work around that by detecting that a Deauthenticate event arrives prior to any Associte or Connect events and handle this case as a connect failure.
2021-01-13 20:31:23 +01:00
/*
* If we got to the association phase, process the connect event
* instead
*/
if (!netdev->connected || netdev->associated)
return;
/*
* Handle the bizarre case of AP accepting authentication, then
* deauthenticating immediately afterwards
*/
if (L_WARN_ON(!l_genl_attr_init(&attr, msg)))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_FRAME:
hdr = mpdu_validate(data, len);
break;
}
}
if (L_WARN_ON(!hdr))
return;
netdev: Ignore locally generated deauth frames Fixes: 2bebb4bdc7ee ("netdev: Handle deauth frames prior to association")
2021-02-04 20:54:33 +01:00
/* Ignore any locally generated frames */
if (!memcmp(hdr->address_2, netdev->addr, sizeof(netdev->addr)))
return;
netdev: Handle deauth frames prior to association In some cases the AP can send a deauthenticate frame right after accepting our authentication. In this case the kernel never properly sends a CMD_CONNECT event with a failure, even though CMD_COONNECT was used to initiate the connection. Try to work around that by detecting that a Deauthenticate event arrives prior to any Associte or Connect events and handle this case as a connect failure.
2021-01-13 20:31:23 +01:00
reason_code = l_get_u8(mmpdu_body(hdr));
l_info("deauth event, src="MAC" dest="MAC" bssid="MAC" reason=%u",
MAC_STR(hdr->address_2), MAC_STR(hdr->address_1),
MAC_STR(hdr->address_3), reason_code);
netdev_connect_failed(netdev, NETDEV_RESULT_AUTHENTICATION_FAILED,
MMPDU_STATUS_CODE_UNSPECIFIED);
netdev: Use CMD_DISCONNECT for non-FT cases CMD_DEAUTHENTICATE is not available for FullMAC based cards. We already use CMD_CONNECT in the non-FT cases, which works on all cards. However, for some reason we kept using CMD_DEAUTHENTICATE instead of CMD_DISCONNECT. For FT (error) cases, keep using CMD_DEAUTHENTICATE.
2017-05-31 18:08:40 +02:00
}
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
static struct l_genl_msg *netdev_build_cmd_deauthenticate(struct netdev *netdev,
uint16_t reason_code)
{
struct l_genl_msg *msg;
msg = l_genl_msg_new_sized(NL80211_CMD_DEAUTHENTICATE, 128);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_REASON_CODE, 2, &reason_code);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN,
netdev: Drop netdev->remote_addr
2016-12-12 18:34:21 +01:00
netdev->handshake->aa);
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
return msg;
}
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
static struct l_genl_msg *netdev_build_cmd_del_station(struct netdev *netdev,
const uint8_t *sta,
uint16_t reason_code,
bool disassociate)
{
struct l_genl_msg *msg;
uint8_t subtype = disassociate ?
MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION :
MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION;
msg = l_genl_msg_new_sized(NL80211_CMD_DEL_STATION, 64);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, 6, sta);
l_genl_msg_append_attr(msg, NL80211_ATTR_MGMT_SUBTYPE, 1, &subtype);
l_genl_msg_append_attr(msg, NL80211_ATTR_REASON_CODE, 2, &reason_code);
return msg;
}
netdev: expose netdev_del_station This removes the need for duplicate code in AP/netdev for issuing a DEL_STATION command. Now AP can issue a DEL_STATION with netdev_del_station, and specify to either disassociate or deauth depending on state.
2018-07-03 23:36:34 +02:00
static void netdev_del_sta_cb(struct l_genl_msg *msg, void *user_data)
{
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
int err = l_genl_msg_get_error(msg);
const char *ext_error;
if (err >= 0)
return;
ext_error = l_genl_msg_get_extended_error(msg);
l_error("DEL_STATION failed: %s",
ext_error ? ext_error : strerror(-err));
netdev: expose netdev_del_station This removes the need for duplicate code in AP/netdev for issuing a DEL_STATION command. Now AP can issue a DEL_STATION with netdev_del_station, and specify to either disassociate or deauth depending on state.
2018-07-03 23:36:34 +02:00
}
int netdev_del_station(struct netdev *netdev, const uint8_t *sta,
uint16_t reason_code, bool disassociate)
{
struct l_genl_msg *msg;
msg = netdev_build_cmd_del_station(netdev, sta, reason_code,
disassociate);
if (!l_genl_family_send(nl80211, msg, netdev_del_sta_cb, NULL, NULL))
return -EIO;
return 0;
}
netdev: Don't crash on operstate callbacks The way that netdev_set_linkmode_and_operstate was used resulted in potential crashes when the netdev was destroyed. This is because netdev was given as data to l_netlink_send and could be destroyed between the time of the call and the callback. Since the result of calls to netdev_set_linkmode_and_operstate is inconsequential, it isn't really worthwhile tracking these calls in order to cancel them. This patch simplies the handling of these rtnl calls, makes sure that netdev isn't passed as user data and rewrites the netdev_set_linkmode_and_operstate signature to be more consistent with rtnl_set_powered.
2018-08-17 21:04:44 +02:00
static void netdev_operstate_cb(int error, uint16_t type,
const void *data,
uint32_t len, void *user_data)
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
{
netdev: Don't crash on operstate callbacks The way that netdev_set_linkmode_and_operstate was used resulted in potential crashes when the netdev was destroyed. This is because netdev was given as data to l_netlink_send and could be destroyed between the time of the call and the callback. Since the result of calls to netdev_set_linkmode_and_operstate is inconsequential, it isn't really worthwhile tracking these calls in order to cancel them. This patch simplies the handling of these rtnl calls, makes sure that netdev isn't passed as user data and rewrites the netdev_set_linkmode_and_operstate signature to be more consistent with rtnl_set_powered.
2018-08-17 21:04:44 +02:00
if (!error)
return;
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev: Don't crash on operstate callbacks The way that netdev_set_linkmode_and_operstate was used resulted in potential crashes when the netdev was destroyed. This is because netdev was given as data to l_netlink_send and could be destroyed between the time of the call and the callback. Since the result of calls to netdev_set_linkmode_and_operstate is inconsequential, it isn't really worthwhile tracking these calls in order to cancel them. This patch simplies the handling of these rtnl calls, makes sure that netdev isn't passed as user data and rewrites the netdev_set_linkmode_and_operstate signature to be more consistent with rtnl_set_powered.
2018-08-17 21:04:44 +02:00
l_debug("netdev: %u, error: %s", L_PTR_TO_UINT(user_data),
strerror(-error));
netdev: On connect success don't wait for netdev_operstate_cb Send the link_mode and operstate RTNL command in parallel with the connect Ok event, don't wait for the RTNL callback as it's non-critical.
2017-05-30 14:26:19 +02:00
}
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
netdev: On connect success don't wait for netdev_operstate_cb Send the link_mode and operstate RTNL command in parallel with the connect Ok event, don't wait for the RTNL callback as it's non-critical.
2017-05-30 14:26:19 +02:00
static void netdev_connect_ok(struct netdev *netdev)
{
netdev: Use ell's rtnl APIs
2020-02-15 10:48:39 +01:00
l_rtnl_set_linkmode_and_operstate(rtnl, netdev->index,
netdev: use rtnlutil for linkmode/operstate
2019-05-06 20:17:53 +02:00
IF_LINK_MODE_DORMANT, IF_OPER_UP,
netdev_operstate_cb,
netdev: Don't crash on operstate callbacks The way that netdev_set_linkmode_and_operstate was used resulted in potential crashes when the netdev was destroyed. This is because netdev was given as data to l_netlink_send and could be destroyed between the time of the call and the callback. Since the result of calls to netdev_set_linkmode_and_operstate is inconsequential, it isn't really worthwhile tracking these calls in order to cancel them. This patch simplies the handling of these rtnl calls, makes sure that netdev isn't passed as user data and rewrites the netdev_set_linkmode_and_operstate signature to be more consistent with rtnl_set_powered.
2018-08-17 21:04:44 +02:00
L_UINT_TO_PTR(netdev->index), NULL);
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
netdev: keep track of operational state We should not attempt to call connect_failed if we're have become operational. E.g. successfully associated, ran eapol if necessary and set operstate.
2016-09-22 22:55:07 +02:00
netdev->operational = true;
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
if (netdev->fw_roam_bss) {
if (netdev->event_filter)
netdev->event_filter(netdev, NETDEV_EVENT_ROAMED,
netdev->fw_roam_bss,
netdev->user_data);
else
scan_bss_free(netdev->fw_roam_bss);
netdev->fw_roam_bss = NULL;
}
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
if (netdev->ft_ds_list) {
l_queue_destroy(netdev->ft_ds_list, netdev_ft_ds_entry_free);
netdev->ft_ds_list = NULL;
}
netdev: Clear connect_cb when connected Prevents situations like this: src/device.c:device_enter_state() Old State: connecting, new state: connected src/scan.c:scan_periodic_stop() Stopping periodic scan for ifindex: 3 src/device.c:device_dbus_disconnect() src/device.c:device_connect_cb() 3 src/device.c:device_disassociated() 3 src/device.c:device_enter_state() Old State: connected, new state: autoconnect
2016-08-04 17:46:41 +02:00
if (netdev->connect_cb) {
netdev: station: fix status/reason code in callbacks This change cleans up the mess of status vs reason codes. The two types of codes have already been separated into different enumerations, but netdev was still treating them the same (with last_status_code). A new 'event_data' argument was added to the connect callback, which has a different meaning depending on the result of the connection (described inside netdev.h, netdev_connect_cb_t). This allows for the removal of netdev_get_last_status_code since the status or reason code is now passed via event_data. Inside the netdev object last_status_code was renamed to last_code, for the purpose of storing either status or reason. This is only used when a disconnect needs to be emitted before failing the connection. In all other cases we just pass the code directly into the connect_cb and do not store it. All ocurrences of netdev_connect_failed were updated to use the proper code depending on the netdev result. Most of these simply changed from REASON_CODE_UNSPECIFIED to STATUS_CODE_UNSPECIFIED. This was simply for consistency (both codes have the same value). netdev_[authenticate|associate]_event's were updated to parse the status code and, if present, use that if their was a failure rather than defaulting to UNSPECIFIED.
2019-02-28 18:32:40 +01:00
netdev->connect_cb(netdev, NETDEV_RESULT_OK, NULL,
netdev->user_data);
netdev: Clear connect_cb when connected Prevents situations like this: src/device.c:device_enter_state() Old State: connecting, new state: connected src/scan.c:scan_periodic_stop() Stopping periodic scan for ifindex: 3 src/device.c:device_dbus_disconnect() src/device.c:device_connect_cb() 3 src/device.c:device_disassociated() 3 src/device.c:device_enter_state() Old State: connected, new state: autoconnect
2016-08-04 17:46:41 +02:00
netdev->connect_cb = NULL;
}
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
netdev_rssi_polling_update(netdev);
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
if (netdev->work.id)
wiphy_radio_work_done(netdev->wiphy, netdev->work.id);
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
}
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
static void netdev_setting_keys_failed(struct netdev_handshake_state *nhs,
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
int err)
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev *netdev = nhs->netdev;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
struct l_genl_msg *msg;
/*
netdev: Remove un-needed pairwise set_key call This seems to be no longer needed as the kernel looks up the key by the sta specific key index.
2018-06-22 02:32:54 +02:00
* Something went wrong with our sequence:
* 1. new_key(ptk)
* 2. new_key(gtk) [optional]
* 3. new_key(igtk) [optional]
netdev: Cancel ongoing rekey offload We need to cancel an ongoing rekey offload in a few additional places besides the netdev destructor.
2018-10-20 17:38:56 +02:00
* 4. rekey offload [optional]
* 5. set_station
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
*
* Cancel all pending commands, then de-authenticate
*/
netdev: Put command cancelation into a common function
2018-10-20 17:35:28 +02:00
netdev_handshake_state_cancel_all(nhs);
netdev: Cancel ongoing rekey offload We need to cancel an ongoing rekey offload in a few additional places besides the netdev destructor.
2018-10-20 17:38:56 +02:00
if (netdev->rekey_offload_cmd_id) {
l_genl_family_cancel(nl80211, netdev->rekey_offload_cmd_id);
netdev->rekey_offload_cmd_id = 0;
}
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
if (netdev->group_handshake_timeout) {
l_timeout_remove(netdev->group_handshake_timeout);
netdev->group_handshake_timeout = NULL;
}
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
switch (netdev->type) {
case NL80211_IFTYPE_STATION:
netdev: Handle P2P-client iftype in netdev_setting_keys_failed
2020-04-30 15:48:45 +02:00
case NL80211_IFTYPE_P2P_CLIENT:
netdev: Detect netdev going down early In case the netdev is brought down while we're trying to connect, try to detect this and fail early instead of trying to send additional commands. src/station.c:station_enter_state() Old State: disconnected, new state: connecting src/station.c:station_netdev_event() Associating src/netdev.c:netdev_mlme_notify() MLME notification Connect(46) src/netdev.c:netdev_connect_event() src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/eapol.c:eapol_handle_ptk_1_of_4() ifindex=4 src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/eapol.c:eapol_handle_ptk_3_of_4() ifindex=4 src/netdev.c:netdev_set_gtk() 4 src/station.c:station_handshake_event() Setting keys src/netdev.c:netdev_set_tk() 4 src/netdev.c:netdev_set_rekey_offload() 4 New Key for Group Key failed for ifindex: 4:Network is down src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/station.c:station_free() src/netdev.c:netdev_mlme_notify() MLME notification Disconnect(48) src/netdev.c:netdev_disconnect_event() src/wiphy.c:wiphy_reg_notify() Notification of command Reg Change(36) src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for (global) is XX src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/wiphy.c:wiphy_reg_notify() Notification of command Reg Change(36) src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for (global) is DE src/wiphy.c:wiphy_radio_work_done() Work item 14 done src/station.c:station_connect_cb() 4, result: 4 Segmentation fault
2021-04-28 00:33:37 +02:00
/*
* If we failed due to the netdev being brought down,
* just abort the connection and do not try to send a
* CMD_DISCONNECT
*/
if (err == -ENETDOWN) {
netdev_connect_failed(netdev, NETDEV_RESULT_ABORTED,
MMPDU_STATUS_CODE_UNSPECIFIED);
return;
}
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
msg = netdev_build_cmd_disconnect(netdev,
MMPDU_REASON_CODE_UNSPECIFIED);
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg,
netdev: store mpdu status and add getter Soon BSS blacklisting will be added, and in order to properly decide if a BSS should be blacklisted we need the status code on a failed connection. This change stores the status code when there is a failure in netdev and adds a getter to retrieve later. In many cases we have the actual status code from the AP, but in some corner cases its not obtainable (e.g. an error sending an NL80211 command) in which case we just default to MMPDU_REASON_CODE_UNSPECIFIED. Rather than continue with the pattern of setting netdev->result and now netdev->last_status_code, the netdev_connect_failed function was redefined so its no longer used as both a NL80211 callback and called directly. Instead a new function was added, netdev_disconnect_cb which just calls netdev_connect_failed. netdev_disconnect_cb should not be used for all the NL80211 disconnect commands. Now netdev_connect_failed takes both a result and status code which it sets in the netdev object. In the case where we were using netdev_connect_failed as a callback we still need to set the result and last_status_code but at least this is better than having to set those in all cases.
2019-01-24 21:56:23 +01:00
netdev_disconnect_cb,
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
netdev, NULL);
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
break;
case NL80211_IFTYPE_AP:
netdev: Detect netdev going down early In case the netdev is brought down while we're trying to connect, try to detect this and fail early instead of trying to send additional commands. src/station.c:station_enter_state() Old State: disconnected, new state: connecting src/station.c:station_netdev_event() Associating src/netdev.c:netdev_mlme_notify() MLME notification Connect(46) src/netdev.c:netdev_connect_event() src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/eapol.c:eapol_handle_ptk_1_of_4() ifindex=4 src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/eapol.c:eapol_handle_ptk_3_of_4() ifindex=4 src/netdev.c:netdev_set_gtk() 4 src/station.c:station_handshake_event() Setting keys src/netdev.c:netdev_set_tk() 4 src/netdev.c:netdev_set_rekey_offload() 4 New Key for Group Key failed for ifindex: 4:Network is down src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/station.c:station_free() src/netdev.c:netdev_mlme_notify() MLME notification Disconnect(48) src/netdev.c:netdev_disconnect_event() src/wiphy.c:wiphy_reg_notify() Notification of command Reg Change(36) src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for (global) is XX src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/wiphy.c:wiphy_reg_notify() Notification of command Reg Change(36) src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for (global) is DE src/wiphy.c:wiphy_radio_work_done() Work item 14 done src/station.c:station_connect_cb() 4, result: 4 Segmentation fault
2021-04-28 00:33:37 +02:00
if (err == -ENETDOWN)
return;
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
msg = netdev_build_cmd_del_station(netdev, nhs->super.spa,
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
MMPDU_REASON_CODE_UNSPECIFIED, false);
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
if (!l_genl_family_send(nl80211, msg, NULL, NULL, NULL))
l_error("error sending DEL_STATION");
netdev: Detect netdev going down early In case the netdev is brought down while we're trying to connect, try to detect this and fail early instead of trying to send additional commands. src/station.c:station_enter_state() Old State: disconnected, new state: connecting src/station.c:station_netdev_event() Associating src/netdev.c:netdev_mlme_notify() MLME notification Connect(46) src/netdev.c:netdev_connect_event() src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/eapol.c:eapol_handle_ptk_1_of_4() ifindex=4 src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/eapol.c:eapol_handle_ptk_3_of_4() ifindex=4 src/netdev.c:netdev_set_gtk() 4 src/station.c:station_handshake_event() Setting keys src/netdev.c:netdev_set_tk() 4 src/netdev.c:netdev_set_rekey_offload() 4 New Key for Group Key failed for ifindex: 4:Network is down src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/station.c:station_free() src/netdev.c:netdev_mlme_notify() MLME notification Disconnect(48) src/netdev.c:netdev_disconnect_event() src/wiphy.c:wiphy_reg_notify() Notification of command Reg Change(36) src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for (global) is XX src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/wiphy.c:wiphy_reg_notify() Notification of command Reg Change(36) src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for (global) is DE src/wiphy.c:wiphy_radio_work_done() Work item 14 done src/station.c:station_connect_cb() 4, result: 4 Segmentation fault
2021-04-28 00:33:37 +02:00
break;
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
}
netdev: Detect netdev going down early In case the netdev is brought down while we're trying to connect, try to detect this and fail early instead of trying to send additional commands. src/station.c:station_enter_state() Old State: disconnected, new state: connecting src/station.c:station_netdev_event() Associating src/netdev.c:netdev_mlme_notify() MLME notification Connect(46) src/netdev.c:netdev_connect_event() src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/eapol.c:eapol_handle_ptk_1_of_4() ifindex=4 src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/eapol.c:eapol_handle_ptk_3_of_4() ifindex=4 src/netdev.c:netdev_set_gtk() 4 src/station.c:station_handshake_event() Setting keys src/netdev.c:netdev_set_tk() 4 src/netdev.c:netdev_set_rekey_offload() 4 New Key for Group Key failed for ifindex: 4:Network is down src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/station.c:station_free() src/netdev.c:netdev_mlme_notify() MLME notification Disconnect(48) src/netdev.c:netdev_disconnect_event() src/wiphy.c:wiphy_reg_notify() Notification of command Reg Change(36) src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for (global) is XX src/netdev.c:netdev_link_notify() event 16 on ifindex 4 src/wiphy.c:wiphy_reg_notify() Notification of command Reg Change(36) src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for (global) is DE src/wiphy.c:wiphy_radio_work_done() Work item 14 done src/station.c:station_connect_cb() 4, result: 4 Segmentation fault
2021-04-28 00:33:37 +02:00
netdev->result = NETDEV_RESULT_KEY_SETTING_FAILED;
handshake_event(&nhs->super, HANDSHAKE_EVENT_SETTING_KEYS_FAILED, &err);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
}
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
static void try_handshake_complete(struct netdev_handshake_state *nhs)
{
if (nhs->ptk_installed && nhs->gtk_installed && nhs->igtk_installed &&
!nhs->complete) {
nhs->complete = true;
handshake: Convert handshake event callbacks variadic functions Convert the handshake event callback type to use variable argument list to allow for more flexibility in event-specific arguments passed to the callbacks. Note the uint16_t reason code is promoted to an int when using variable arguments so va_arg(args, int) has to be used.
2019-10-28 15:04:57 +01:00
handshake_event(&nhs->super, HANDSHAKE_EVENT_COMPLETE);
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
netdev: only call connect_ok in station/p2p_client mode netdev_connect_ok is only for station/p2p_client modes but AP also ends up on the same code path. Check the iftype before calling netdev_connect_ok.
2021-04-28 01:34:51 +02:00
if (nhs->netdev->type == NL80211_IFTYPE_STATION ||
nhs->netdev->type == NL80211_IFTYPE_P2P_CLIENT)
netdev_connect_ok(nhs->netdev);
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
}
}
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
static void netdev_set_station_cb(struct l_genl_msg *msg, void *user_data)
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state *nhs = user_data;
struct netdev *netdev = nhs->netdev;
netdev: Ignore CMD_SET_STATION errors Certain WiFi drivers do not support using CMD_SET_STATION (e.g. mwifiex). It is not completely clear how such drivers handle the AUTHORIZED state, but they don't seem to take it into account. So for such drivers, ignore the -ENOTSUPP error return from CMD_SET_STATION.
2017-05-30 23:55:56 +02:00
int err;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->set_station_cmd_id = 0;
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
nhs->ptk_installed = true;
netdev: Track the id of the SET_STATION netlink command This way we make sure it gets cancelled any sort of connect abort of netdev removal and don't leak the message on error.
2017-10-21 01:27:21 +02:00
netdev: choose correct address on NEW_KEY/SET_STATION With the introduction of Ad-Hoc, its not as simple as choosing aa/spa addresses when setting the keys. Since Ad-Hoc acts as both the authenticator and supplicant we must check how the netdev address relates to the particular handshake object as well as choose the correct key depending on the value of the AA/SPA address. 802.11 states that the higher of the two addresses is to be used to set the key for the Ad-Hoc connection. A simple helper was added to choose the correct addressed based on netdev type and handshake state. netdev_set_tk also checks that aa > spa in the handshake object when in Ad-Hoc mode. If this is true then the keys from that handshake are used, otherwise return and the other handshake key will be used (aa will be > spa). The station/ap mode behaves exactly the same as before.
2018-07-17 00:29:18 +02:00
if (netdev->type == NL80211_IFTYPE_STATION && !netdev->connected)
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
return;
netdev: Ignore CMD_SET_STATION errors Certain WiFi drivers do not support using CMD_SET_STATION (e.g. mwifiex). It is not completely clear how such drivers handle the AUTHORIZED state, but they don't seem to take it into account. So for such drivers, ignore the -ENOTSUPP error return from CMD_SET_STATION.
2017-05-30 23:55:56 +02:00
err = l_genl_msg_get_error(msg);
netdev: Allow both -EOPNOTSUPP and -ENOTSUPP It seems that the kernel uses -EOPNOTSUPP if the change_station operation is not implemented by the driver. However, some drivers do implement change_station and choose to report -ENOTSUPP instead of -EOPNOTSUPP. To add to the confusion, EOPNOTSUPP and -ENOTSUPP are the same on some systems (e.g. Gentoo). Be paranoid and allow both errors to be ignored when sending CMD_SET_STATION. Fixes: 0238ffb8d999 ("netdev: Use -EOPNOTSUPP instead of -ENOTSUPP")
2019-12-17 23:10:46 +01:00
if (err == -EOPNOTSUPP || err == -ENOTSUPP)
netdev: Ignore CMD_SET_STATION errors Certain WiFi drivers do not support using CMD_SET_STATION (e.g. mwifiex). It is not completely clear how such drivers handle the AUTHORIZED state, but they don't seem to take it into account. So for such drivers, ignore the -ENOTSUPP error return from CMD_SET_STATION.
2017-05-30 23:55:56 +02:00
goto done;
if (err < 0) {
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
const char *ext_error = l_genl_msg_get_extended_error(msg);
l_error("Set Station failed for ifindex %d:%s", netdev->index,
ext_error ? ext_error : strerror(-err));
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
netdev_setting_keys_failed(nhs, err);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
return;
}
netdev: Ignore CMD_SET_STATION errors Certain WiFi drivers do not support using CMD_SET_STATION (e.g. mwifiex). It is not completely clear how such drivers handle the AUTHORIZED state, but they don't seem to take it into account. So for such drivers, ignore the -ENOTSUPP error return from CMD_SET_STATION.
2017-05-30 23:55:56 +02:00
done:
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
try_handshake_complete(nhs);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
}
static void netdev_new_group_key_cb(struct l_genl_msg *msg, void *data)
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state *nhs = data;
struct netdev *netdev = nhs->netdev;
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
int err = l_genl_msg_get_error(msg);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->group_new_key_cmd_id = 0;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
if (err < 0) {
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
const char *ext_error = l_genl_msg_get_extended_error(msg);
l_error("New Key for Group Key failed for ifindex: %d:%s",
netdev->index,
ext_error ? ext_error : strerror(-err));
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
netdev_setting_keys_failed(nhs, err);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
return;
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
}
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
nhs->gtk_installed = true;
try_handshake_complete(nhs);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
}
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
static void netdev_new_group_management_key_cb(struct l_genl_msg *msg,
void *data)
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state *nhs = data;
struct netdev *netdev = nhs->netdev;
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
int err = l_genl_msg_get_error(msg);
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->group_management_new_key_cmd_id = 0;
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
if (err < 0) {
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
const char *ext_error = l_genl_msg_get_extended_error(msg);
l_error("New Key for Group Mgmt failed for ifindex: %d:%s",
netdev->index,
ext_error ? ext_error : strerror(-err));
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
netdev_setting_keys_failed(nhs, err);
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
return;
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
}
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
nhs->igtk_installed = true;
try_handshake_complete(nhs);
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
}
netdev: refactored code to prep for AP code Added several helpers for code that will be reused by AP
2018-06-20 20:05:13 +02:00
static bool netdev_copy_tk(uint8_t *tk_buf, const uint8_t *tk,
uint32_t cipher, bool authenticator)
{
switch (cipher) {
case CRYPTO_CIPHER_CCMP:
/*
* 802.11-2016 12.8.3 Mapping PTK to CCMP keys:
* "A STA shall use the temporal key as the CCMP key
* for MPDUs between the two communicating STAs."
*/
memcpy(tk_buf, tk, 16);
break;
case CRYPTO_CIPHER_TKIP:
/*
* 802.11-2016 12.8.1 Mapping PTK to TKIP keys:
* "A STA shall use bits 0-127 of the temporal key as its
* input to the TKIP Phase 1 and Phase 2 mixing functions.
*
* A STA shall use bits 128-191 of the temporal key as
* the michael key for MSDUs from the Authenticator's STA
* to the Supplicant's STA.
*
* A STA shall use bits 192-255 of the temporal key as
* the michael key for MSDUs from the Supplicant's STA
* to the Authenticator's STA."
*/
if (authenticator) {
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_ENCR_KEY,
tk, 16);
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY,
tk + 16, 8);
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY,
tk + 24, 8);
} else {
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_ENCR_KEY,
tk, 16);
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY,
tk + 16, 8);
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY,
tk + 24, 8);
}
break;
default:
l_error("Unexpected cipher: %x", cipher);
return false;
}
return true;
}
netdev: simplify netdev_choose_key_address The key address can be chosen regardless of iftype. The deciding factor is the authenticator bit in the handshake.
2018-10-06 01:03:12 +02:00
static const uint8_t *netdev_choose_key_address(
struct netdev_handshake_state *nhs)
{
return (nhs->super.authenticator) ? nhs->super.spa : nhs->super.aa;
}
handshake: Change signature of (i)gtk setters
2020-04-02 07:41:02 +02:00
static void netdev_set_gtk(struct handshake_state *hs, uint16_t key_index,
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
const uint8_t *gtk, uint8_t gtk_len,
const uint8_t *rsc, uint8_t rsc_len,
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
uint32_t cipher)
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state *nhs =
netdev: Use l_container_of
2019-04-03 18:47:09 +02:00
l_container_of(hs, struct netdev_handshake_state, super);
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev *netdev = nhs->netdev;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
uint8_t gtk_buf[32];
struct l_genl_msg *msg;
nl80211: support per-mac GTK on _new_key_group AdHoc will require a per-mac GTK to be set. For this reason nl80211_build_new_key_group has been updated to optionally take a MAC address.
2018-10-08 22:44:12 +02:00
const uint8_t *addr = (netdev->type == NL80211_IFTYPE_ADHOC) ?
nhs->super.aa : NULL;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
nhs->gtk_installed = false;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
l_debug("%d", netdev->index);
netdev: Check GTK / IGTK buffer length before memcpying from it Move key length checks in netdev_set_gtk/netdev_set_igtk to before we memcpy from the buffer.
2017-01-31 03:42:54 +01:00
if (crypto_cipher_key_len(cipher) != gtk_len) {
l_error("Unexpected key length: %d", gtk_len);
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
netdev_setting_keys_failed(nhs, -ERANGE);
netdev: Check GTK / IGTK buffer length before memcpying from it Move key length checks in netdev_set_gtk/netdev_set_igtk to before we memcpy from the buffer.
2017-01-31 03:42:54 +01:00
return;
}
netdev: refactored code to prep for AP code Added several helpers for code that will be reused by AP
2018-06-20 20:05:13 +02:00
if (!netdev_copy_tk(gtk_buf, gtk, cipher, false)) {
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
netdev_setting_keys_failed(nhs, -ENOENT);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
return;
}
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
if (hs->wait_for_gtk) {
l_timeout_remove(netdev->group_handshake_timeout);
netdev->group_handshake_timeout = NULL;
}
nl80211: introduce nl80211 utility API's Netdev/AP share several NL80211 commands and each has their own builder API's. These were moved into a common file nl80211_util.[ch]. A helper was added to AP for building NEW_STATION to make the associate callback look cleaner (rather than manually building NEW_STATION).
2018-10-08 22:44:09 +02:00
msg = nl80211_build_new_key_group(netdev->index, cipher, key_index,
nl80211: support per-mac GTK on _new_key_group AdHoc will require a per-mac GTK to be set. For this reason nl80211_build_new_key_group has been updated to optionally take a MAC address.
2018-10-08 22:44:12 +02:00
gtk_buf, gtk_len, rsc, rsc_len, addr);
nl80211: introduce nl80211 utility API's Netdev/AP share several NL80211 commands and each has their own builder API's. These were moved into a common file nl80211_util.[ch]. A helper was added to AP for building NEW_STATION to make the associate callback look cleaner (rather than manually building NEW_STATION).
2018-10-08 22:44:09 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->group_new_key_cmd_id =
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
l_genl_family_send(nl80211, msg, netdev_new_group_key_cb,
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs, NULL);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
if (nhs->group_new_key_cmd_id > 0)
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
return;
l_genl_msg_unref(msg);
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
netdev_setting_keys_failed(nhs, -EIO);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
}
handshake: Change signature of (i)gtk setters
2020-04-02 07:41:02 +02:00
static void netdev_set_igtk(struct handshake_state *hs, uint16_t key_index,
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
const uint8_t *igtk, uint8_t igtk_len,
const uint8_t *ipn, uint8_t ipn_len,
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
uint32_t cipher)
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state *nhs =
netdev: Use l_container_of
2019-04-03 18:47:09 +02:00
l_container_of(hs, struct netdev_handshake_state, super);
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
uint8_t igtk_buf[16];
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev *netdev = nhs->netdev;
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
struct l_genl_msg *msg;
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
nhs->igtk_installed = false;
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
l_debug("%d", netdev->index);
netdev: Check GTK / IGTK buffer length before memcpying from it Move key length checks in netdev_set_gtk/netdev_set_igtk to before we memcpy from the buffer.
2017-01-31 03:42:54 +01:00
if (crypto_cipher_key_len(cipher) != igtk_len) {
l_error("Unexpected key length: %d", igtk_len);
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
netdev_setting_keys_failed(nhs, -ERANGE);
netdev: Check GTK / IGTK buffer length before memcpying from it Move key length checks in netdev_set_gtk/netdev_set_igtk to before we memcpy from the buffer.
2017-01-31 03:42:54 +01:00
return;
}
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
switch (cipher) {
case CRYPTO_CIPHER_BIP:
memcpy(igtk_buf, igtk, 16);
break;
default:
l_error("Unexpected cipher: %x", cipher);
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
netdev_setting_keys_failed(nhs, -ENOENT);
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
return;
}
netdev: work around APs that send igtk in big endian It seems some APs send the IGTK key in big endian format (it is a uin16). The kernel rightly reports an -EINVAL error when iwd issues a NEW_KEY with such a value, resulting in the connection being aborted. Work around this by trying to detect big-endian key indexes and 'fixing' them up.
2020-04-02 07:45:55 +02:00
if (key_index == 0x0400 || key_index == 0x0500) {
l_warn("Received an invalid IGTK key index (%04hx)"
" that is likely in"
" big endian format. Trying to fix and"
" proceed anyway", key_index);
key_index = bswap_16(key_index);
}
nl80211: introduce nl80211 utility API's Netdev/AP share several NL80211 commands and each has their own builder API's. These were moved into a common file nl80211_util.[ch]. A helper was added to AP for building NEW_STATION to make the associate callback look cleaner (rather than manually building NEW_STATION).
2018-10-08 22:44:09 +02:00
msg = nl80211_build_new_key_group(netdev->index, cipher, key_index,
nl80211: support per-mac GTK on _new_key_group AdHoc will require a per-mac GTK to be set. For this reason nl80211_build_new_key_group has been updated to optionally take a MAC address.
2018-10-08 22:44:12 +02:00
igtk_buf, igtk_len, ipn, ipn_len, NULL);
nl80211: introduce nl80211 utility API's Netdev/AP share several NL80211 commands and each has their own builder API's. These were moved into a common file nl80211_util.[ch]. A helper was added to AP for building NEW_STATION to make the associate callback look cleaner (rather than manually building NEW_STATION).
2018-10-08 22:44:09 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->group_management_new_key_cmd_id =
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
l_genl_family_send(nl80211, msg,
netdev_new_group_management_key_cb,
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs, NULL);
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
if (nhs->group_management_new_key_cmd_id > 0)
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
return;
l_genl_msg_unref(msg);
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
netdev_setting_keys_failed(nhs, -EIO);
netdev: implement netdev_set_igtk
2016-10-28 23:49:54 +02:00
}
netdev: Remove un-needed pairwise set_key call This seems to be no longer needed as the kernel looks up the key by the sta specific key index.
2018-06-22 02:32:54 +02:00
static void netdev_new_pairwise_key_cb(struct l_genl_msg *msg, void *data)
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state *nhs = data;
struct netdev *netdev = nhs->netdev;
netdev: choose correct address on NEW_KEY/SET_STATION With the introduction of Ad-Hoc, its not as simple as choosing aa/spa addresses when setting the keys. Since Ad-Hoc acts as both the authenticator and supplicant we must check how the netdev address relates to the particular handshake object as well as choose the correct key depending on the value of the AA/SPA address. 802.11 states that the higher of the two addresses is to be used to set the key for the Ad-Hoc connection. A simple helper was added to choose the correct addressed based on netdev type and handshake state. netdev_set_tk also checks that aa > spa in the handshake object when in Ad-Hoc mode. If this is true then the keys from that handshake are used, otherwise return and the other handshake key will be used (aa will be > spa). The station/ap mode behaves exactly the same as before.
2018-07-17 00:29:18 +02:00
const uint8_t *addr = netdev_choose_key_address(nhs);
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
int err = l_genl_msg_get_error(msg);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->pairwise_new_key_cmd_id = 0;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
if (err < 0) {
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
const char *ext_error = l_genl_msg_get_extended_error(msg);
l_error("New Key for Pairwise Key failed for ifindex: %d:%s",
netdev->index,
ext_error ? ext_error : strerror(-err));
netdev: Send SET STATION in pairwise key callback When the 4-Way Handshake is done eapol.c calls netdev_set_tk, then optionally netdev_set_gtk and netdev_set_igtk. To support the no group key option send the final SET STATION enabling the controlled port inside the callback for the netdev_set_tk operation which always means the end of a 4-Way Handshake rather than in the netdev_set_gtk callback. The spec says exactly that the controlled port is enabled at the end of the 4-Way Handshake. The netlink operations will still be queued in the same order because the netdev_set_tk/netdev_set_gtk/netdev_set_igtk calls happen in one main loop iteration but even if the order changed it wouldn't matter. On failure of any of the three operations netdev_setting_keys_failed gets called and the remaining operations are cancelled.
2017-10-21 01:27:20 +02:00
goto error;
}
netdev: Make sure we send SET_STATION after FT Make sure that we set the AUTHORIZED sta flag after an FT in netdev_set_pairwise_key_cb, I broke this in a03839f8efa080ec13e0eca5b0c6f142984deb45.
2018-01-15 14:31:22 +01:00
/*
* Set the AUTHORIZED flag using a SET_STATION command even if
* we're already operational, it will not hurt during re-keying
* and is necessary after an FT.
*/
nl80211: introduce nl80211 utility API's Netdev/AP share several NL80211 commands and each has their own builder API's. These were moved into a common file nl80211_util.[ch]. A helper was added to AP for building NEW_STATION to make the associate callback look cleaner (rather than manually building NEW_STATION).
2018-10-08 22:44:09 +02:00
msg = nl80211_build_set_station_authorized(netdev->index, addr);
netdev: Send SET STATION in pairwise key callback When the 4-Way Handshake is done eapol.c calls netdev_set_tk, then optionally netdev_set_gtk and netdev_set_igtk. To support the no group key option send the final SET STATION enabling the controlled port inside the callback for the netdev_set_tk operation which always means the end of a 4-Way Handshake rather than in the netdev_set_gtk callback. The spec says exactly that the controlled port is enabled at the end of the 4-Way Handshake. The netlink operations will still be queued in the same order because the netdev_set_tk/netdev_set_gtk/netdev_set_igtk calls happen in one main loop iteration but even if the order changed it wouldn't matter. On failure of any of the three operations netdev_setting_keys_failed gets called and the remaining operations are cancelled.
2017-10-21 01:27:20 +02:00
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->set_station_cmd_id =
netdev: Track the id of the SET_STATION netlink command This way we make sure it gets cancelled any sort of connect abort of netdev removal and don't leak the message on error.
2017-10-21 01:27:21 +02:00
l_genl_family_send(nl80211, msg, netdev_set_station_cb,
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs, NULL);
if (nhs->set_station_cmd_id > 0)
netdev: Track the id of the SET_STATION netlink command This way we make sure it gets cancelled any sort of connect abort of netdev removal and don't leak the message on error.
2017-10-21 01:27:21 +02:00
return;
netdev: Send SET STATION in pairwise key callback When the 4-Way Handshake is done eapol.c calls netdev_set_tk, then optionally netdev_set_gtk and netdev_set_igtk. To support the no group key option send the final SET STATION enabling the controlled port inside the callback for the netdev_set_tk operation which always means the end of a 4-Way Handshake rather than in the netdev_set_gtk callback. The spec says exactly that the controlled port is enabled at the end of the 4-Way Handshake. The netlink operations will still be queued in the same order because the netdev_set_tk/netdev_set_gtk/netdev_set_igtk calls happen in one main loop iteration but even if the order changed it wouldn't matter. On failure of any of the three operations netdev_setting_keys_failed gets called and the remaining operations are cancelled.
2017-10-21 01:27:20 +02:00
netdev: Track the id of the SET_STATION netlink command This way we make sure it gets cancelled any sort of connect abort of netdev removal and don't leak the message on error.
2017-10-21 01:27:21 +02:00
l_genl_msg_unref(msg);
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
err = -EIO;
netdev: Send SET STATION in pairwise key callback When the 4-Way Handshake is done eapol.c calls netdev_set_tk, then optionally netdev_set_gtk and netdev_set_igtk. To support the no group key option send the final SET STATION enabling the controlled port inside the callback for the netdev_set_tk operation which always means the end of a 4-Way Handshake rather than in the netdev_set_gtk callback. The spec says exactly that the controlled port is enabled at the end of the 4-Way Handshake. The netlink operations will still be queued in the same order because the netdev_set_tk/netdev_set_gtk/netdev_set_igtk calls happen in one main loop iteration but even if the order changed it wouldn't matter. On failure of any of the three operations netdev_setting_keys_failed gets called and the remaining operations are cancelled.
2017-10-21 01:27:20 +02:00
error:
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
netdev_setting_keys_failed(nhs, err);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
}
static struct l_genl_msg *netdev_build_cmd_new_key_pairwise(
struct netdev *netdev,
uint32_t cipher,
const uint8_t *aa,
const uint8_t *tk,
size_t tk_len)
{
uint8_t key_id = 0;
struct l_genl_msg *msg;
msg = l_genl_msg_new_sized(NL80211_CMD_NEW_KEY, 512);
l_genl_msg_append_attr(msg, NL80211_ATTR_KEY_DATA, tk_len, tk);
l_genl_msg_append_attr(msg, NL80211_ATTR_KEY_CIPHER, 4, &cipher);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, aa);
l_genl_msg_append_attr(msg, NL80211_ATTR_KEY_IDX, 1, &key_id);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
return msg;
}
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
static void netdev_group_timeout_cb(struct l_timeout *timeout, void *user_data)
{
struct netdev_handshake_state *nhs = user_data;
/*
* There was a problem with the ptk, this should have triggered a key
* setting failure event already.
*/
if (!nhs->ptk_installed)
return;
/*
* If this happens, we never completed the group handshake. We can still
* complete the connection, but we will not have group traffic.
*/
l_warn("completing connection with no group traffic on ifindex %d",
nhs->netdev->index);
nhs->complete = true;
handshake: Convert handshake event callbacks variadic functions Convert the handshake event callback type to use variable argument list to allow for more flexibility in event-specific arguments passed to the callbacks. Note the uint16_t reason code is promoted to an int when using variable arguments so va_arg(args, int) has to be used.
2019-10-28 15:04:57 +01:00
handshake_event(&nhs->super, HANDSHAKE_EVENT_COMPLETE);
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
netdev_connect_ok(nhs->netdev);
}
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
static void netdev_set_tk(struct handshake_state *hs,
const uint8_t *tk, uint32_t cipher)
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
{
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev_handshake_state *nhs =
netdev: Use l_container_of
2019-04-03 18:47:09 +02:00
l_container_of(hs, struct netdev_handshake_state, super);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
uint8_t tk_buf[32];
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
struct netdev *netdev = nhs->netdev;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
struct l_genl_msg *msg;
netdev: choose correct address on NEW_KEY/SET_STATION With the introduction of Ad-Hoc, its not as simple as choosing aa/spa addresses when setting the keys. Since Ad-Hoc acts as both the authenticator and supplicant we must check how the netdev address relates to the particular handshake object as well as choose the correct key depending on the value of the AA/SPA address. 802.11 states that the higher of the two addresses is to be used to set the key for the Ad-Hoc connection. A simple helper was added to choose the correct addressed based on netdev type and handshake state. netdev_set_tk also checks that aa > spa in the handshake object when in Ad-Hoc mode. If this is true then the keys from that handshake are used, otherwise return and the other handshake key will be used (aa will be > spa). The station/ap mode behaves exactly the same as before.
2018-07-17 00:29:18 +02:00
const uint8_t *addr = netdev_choose_key_address(nhs);
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
int err;
netdev: choose correct address on NEW_KEY/SET_STATION With the introduction of Ad-Hoc, its not as simple as choosing aa/spa addresses when setting the keys. Since Ad-Hoc acts as both the authenticator and supplicant we must check how the netdev address relates to the particular handshake object as well as choose the correct key depending on the value of the AA/SPA address. 802.11 states that the higher of the two addresses is to be used to set the key for the Ad-Hoc connection. A simple helper was added to choose the correct addressed based on netdev type and handshake state. netdev_set_tk also checks that aa > spa in the handshake object when in Ad-Hoc mode. If this is true then the keys from that handshake are used, otherwise return and the other handshake key will be used (aa will be > spa). The station/ap mode behaves exactly the same as before.
2018-07-17 00:29:18 +02:00
netdev: signal handshake complete after setting all keys Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing the SET_STATION (after setting the pairwise key). Depending on the timing this may happen before the GTK/IGTK are set which will result in group traffic not working initially (the GTK/IGTK would still get set, but group traffic would not work immediately after DBus said you were connected, this mainly poses a problem with autotests). In order to fix this, several flags were added in netdev_handshake_state: ptk_installed, gtk_installed, igtk_installed, and completed. Each of these flags are set true when their respective keys are set, and in each key callback we try to trigger the handshake complete event (assuming all the flags are true). Initially the gtk/igtk flags are set to true, for reasons explained below. In the WPA2 case, all the key setter functions are called sequentially from eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is because the gtk/igtk are optional and only set if group traffic is allowed. If the gtk/igtk are not used, we set the PTK and can immediately trigger the handshake complete event (since gtk_installed/igtk_installed are initialized as true). When the gtk/igtk are being set, we immediately set their flags to false and wait for their callbacks in addition to the PTK callback. Doing it this way handles both group traffic and non group traffic paths. WPA1 throws a wrench into this since the group keys are obtained in a separate handshake. For this case a new flag was added to the handshake_state, 'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way, but still wait for the gtk/igtk setters to get called before triggering the handshake complete event. As a precaution, netdev sets a timeout that will trigger if the gtk/igtk setters are never called. In this case we can still complete the connection, but print a warning that group traffic will not be allowed.
2018-10-26 18:44:58 +02:00
/*
* WPA1 does the group handshake after the 4-way finishes so we can't
* rely on the gtk/igtk being set immediately after the ptk. Since
* 'gtk_installed' is initially set to true (to handle NO_GROUP_TRAFFIC)
* we must set it false so we don't notify that the connection was
* successful until we get the gtk/igtk callbacks. Note that we do not
* need to set igtk_installed false because the igtk could not happen at
* all.
*/
if (hs->wait_for_gtk) {
nhs->gtk_installed = false;
netdev->group_handshake_timeout = l_timeout_create(2,
netdev_group_timeout_cb, nhs, NULL);
}
netdev: choose correct address on NEW_KEY/SET_STATION With the introduction of Ad-Hoc, its not as simple as choosing aa/spa addresses when setting the keys. Since Ad-Hoc acts as both the authenticator and supplicant we must check how the netdev address relates to the particular handshake object as well as choose the correct key depending on the value of the AA/SPA address. 802.11 states that the higher of the two addresses is to be used to set the key for the Ad-Hoc connection. A simple helper was added to choose the correct addressed based on netdev type and handshake state. netdev_set_tk also checks that aa > spa in the handshake object when in Ad-Hoc mode. If this is true then the keys from that handshake are used, otherwise return and the other handshake key will be used (aa will be > spa). The station/ap mode behaves exactly the same as before.
2018-07-17 00:29:18 +02:00
/*
* 802.11 Section 4.10.4.3:
* Because in an IBSS there are two 4-way handshakes between
* any two Supplicants and Authenticators, the pairwise key used
* between any two STAs is from the 4-way handshake initiated
* by the STA Authenticator with the higher MAC address...
*/
if (netdev->type == NL80211_IFTYPE_ADHOC &&
adhoc: wait for both handshakes before adding peer Adhoc was not waiting for BOTH handshakes to complete before adding the new peer to the ConnectedPeers property. Actually waiting for the gtk/igtk (in a previous commit) helps with this, but adhoc also needed to keep track of which handshakes had completed, and only add the peer once BOTH were done. This required a small change in netdev, where we memcmp the addresses from both handshakes and only set the PTK on one.
2018-10-26 18:44:59 +02:00
memcmp(nhs->super.aa, nhs->super.spa, 6) < 0) {
nhs->ptk_installed = true;
try_handshake_complete(nhs);
netdev: choose correct address on NEW_KEY/SET_STATION With the introduction of Ad-Hoc, its not as simple as choosing aa/spa addresses when setting the keys. Since Ad-Hoc acts as both the authenticator and supplicant we must check how the netdev address relates to the particular handshake object as well as choose the correct key depending on the value of the AA/SPA address. 802.11 states that the higher of the two addresses is to be used to set the key for the Ad-Hoc connection. A simple helper was added to choose the correct addressed based on netdev type and handshake state. netdev_set_tk also checks that aa > spa in the handshake object when in Ad-Hoc mode. If this is true then the keys from that handshake are used, otherwise return and the other handshake key will be used (aa will be > spa). The station/ap mode behaves exactly the same as before.
2018-07-17 00:29:18 +02:00
return;
adhoc: wait for both handshakes before adding peer Adhoc was not waiting for BOTH handshakes to complete before adding the new peer to the ConnectedPeers property. Actually waiting for the gtk/igtk (in a previous commit) helps with this, but adhoc also needed to keep track of which handshakes had completed, and only add the peer once BOTH were done. This required a small change in netdev, where we memcmp the addresses from both handshakes and only set the PTK on one.
2018-10-26 18:44:59 +02:00
}
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
l_debug("%d", netdev->index);
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
err = -ENOENT;
netdev: refactored code to prep for AP code Added several helpers for code that will be reused by AP
2018-06-20 20:05:13 +02:00
if (!netdev_copy_tk(tk_buf, tk, cipher, false))
goto invalid_key;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
netdev: added checks for station/ap iftype These checks allow both a station and authenticator to use the same netdev key install functions. For NEW_KEY and SET_STATION, the iftype is checked and either handshake->aa or ->spa is used as the station address for the KEY/STATION commands. Also, in the failure cases, a disconnect command is issued only if the iftype is station as this doesn't apply to AP.
2018-06-22 20:13:28 +02:00
msg = netdev_build_cmd_new_key_pairwise(netdev, cipher, addr, tk_buf,
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
crypto_cipher_key_len(cipher));
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs->pairwise_new_key_cmd_id =
netdev: Remove un-needed pairwise set_key call This seems to be no longer needed as the kernel looks up the key by the sta specific key index.
2018-06-22 02:32:54 +02:00
l_genl_family_send(nl80211, msg, netdev_new_pairwise_key_cb,
handshake: Switch to superclass api
2018-06-22 02:32:55 +02:00
nhs, NULL);
if (nhs->pairwise_new_key_cmd_id > 0)
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
return;
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
err = -EIO;
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
l_genl_msg_unref(msg);
netdev: refactored code to prep for AP code Added several helpers for code that will be reused by AP
2018-06-20 20:05:13 +02:00
invalid_key:
netdev: netdev_setting_keys_failed takes an errno Instead of sending a reason_code to netdev_setting_keys_failed, make it take an errno (negative) instead. Since key setting failures are entirely a system / software issue, and not a protocol issue, it makes no sense to use a protocol error code.
2019-02-27 21:22:42 +01:00
netdev_setting_keys_failed(nhs, err);
netdev: Move key setting logic out of wiphy.c
2016-06-16 21:45:56 +02:00
}
netdev: implement netdev_set_pmk The 8021x offloading procedure still does EAP in userspace which negotiates the PMK. The kernel then expects to obtain this PMK from userspace by calling SET_PMK. This then allows the firmware to begin the 4-way handshake. Using __eapol_install_set_pmk_func to install netdev_set_pmk, netdev now gets called into once EAP finishes and can begin the final userspace actions prior to the firmware starting the 4-way handshake: - SET_PMK using PMK negotiated with EAP - Emit SETTING_KEYS event - netdev_connect_ok One thing to note is that the kernel provides no way of knowing if the 4-way handshake completed. Assuming SET_PMK/SET_STATION come back with no errors, IWD assumes the PMK was valid. If not, or due to some other issue in the 4-way, the kernel will send a disconnect.
2021-04-09 18:14:46 +02:00
static void netdev_set_pmk_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev_handshake_state *nhs = user_data;
struct netdev *netdev = nhs->netdev;
int err = l_genl_msg_get_error(msg);
nhs->set_pmk_cmd_id = 0;
if (err < 0) {
l_error("Error with SET_PMK/SET_STATION");
netdev_setting_keys_failed(nhs, err);
return;
}
handshake_event(netdev->handshake, HANDSHAKE_EVENT_SETTING_KEYS);
netdev_connect_ok(netdev);
}
static void netdev_set_pmk(struct handshake_state *hs, const uint8_t *pmk,
size_t pmk_len)
{
struct l_genl_msg *msg;
struct netdev_handshake_state *nhs = l_container_of(hs,
struct netdev_handshake_state, super);
struct netdev *netdev = nhs->netdev;
/* Only relevent for 8021x offload */
if (nhs->type != CONNECTION_TYPE_8021X_OFFLOAD)
return;
msg = l_genl_msg_new(NL80211_CMD_SET_PMK);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, 6, netdev->handshake->aa);
l_genl_msg_append_attr(msg, NL80211_ATTR_PMK,
netdev->handshake->pmk_len,
netdev->handshake->pmk);
nhs->set_pmk_cmd_id = l_genl_family_send(nl80211, msg,
netdev_set_pmk_cb,
nhs, NULL);
if (!nhs->set_pmk_cmd_id) {
l_error("Failed to set SET_PMK");
netdev_setting_keys_failed(nhs, -EIO);
return;
}
}
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
void netdev_handshake_failed(struct handshake_state *hs, uint16_t reason_code)
wiphy: Move handshake_failed handler out of wiphy.c
2016-06-16 18:35:45 +02:00
{
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
struct netdev_handshake_state *nhs =
netdev: Use l_container_of
2019-04-03 18:47:09 +02:00
l_container_of(hs, struct netdev_handshake_state, super);
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
struct netdev *netdev = nhs->netdev;
wiphy: Move handshake_failed handler out of wiphy.c
2016-06-16 18:35:45 +02:00
struct l_genl_msg *msg;
netdev: Print handshake failure reason code
2018-05-02 00:05:42 +02:00
l_error("4-Way handshake failed for ifindex: %d, reason: %u",
netdev/eapol: removed eapol deauthenticate This removes the need for the eapol/netdev deauthenticate function. netdev_handshake_failed was exposed so device.c could issue the disconnect.
2018-06-27 23:08:24 +02:00
netdev->index, reason_code);
wiphy: Move handshake_failed handler out of wiphy.c
2016-06-16 18:35:45 +02:00
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
netdev->sm = NULL;
netdev: Properly cleanup removed interfaces
2016-07-20 00:45:48 +02:00
netdev: Deauthenticate prior to calling connect_cb
2016-09-21 23:19:47 +02:00
netdev->result = NETDEV_RESULT_HANDSHAKE_FAILED;
netdev: station: fix status/reason code in callbacks This change cleans up the mess of status vs reason codes. The two types of codes have already been separated into different enumerations, but netdev was still treating them the same (with last_status_code). A new 'event_data' argument was added to the connect callback, which has a different meaning depending on the result of the connection (described inside netdev.h, netdev_connect_cb_t). This allows for the removal of netdev_get_last_status_code since the status or reason code is now passed via event_data. Inside the netdev object last_status_code was renamed to last_code, for the purpose of storing either status or reason. This is only used when a disconnect needs to be emitted before failing the connection. In all other cases we just pass the code directly into the connect_cb and do not store it. All ocurrences of netdev_connect_failed were updated to use the proper code depending on the netdev result. Most of these simply changed from REASON_CODE_UNSPECIFIED to STATUS_CODE_UNSPECIFIED. This was simply for consistency (both codes have the same value). netdev_[authenticate|associate]_event's were updated to parse the status code and, if present, use that if their was a failure rather than defaulting to UNSPECIFIED.
2019-02-28 18:32:40 +01:00
netdev->last_code = reason_code;
netdev: added checks for station/ap iftype These checks allow both a station and authenticator to use the same netdev key install functions. For NEW_KEY and SET_STATION, the iftype is checked and either handshake->aa or ->spa is used as the station address for the KEY/STATION commands. Also, in the failure cases, a disconnect command is issued only if the iftype is station as this doesn't apply to AP.
2018-06-22 20:13:28 +02:00
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
switch (netdev->type) {
case NL80211_IFTYPE_STATION:
netdev: Extend checks for P2P scenarios Extend the iftype-based checks to handle the P2P iftypes and remove a warning that may be triggered in normal situations in the P2P scenarios.
2019-10-21 15:55:02 +02:00
case NL80211_IFTYPE_P2P_CLIENT:
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
msg = netdev_build_cmd_disconnect(netdev, reason_code);
netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg,
netdev: store mpdu status and add getter Soon BSS blacklisting will be added, and in order to properly decide if a BSS should be blacklisted we need the status code on a failed connection. This change stores the status code when there is a failure in netdev and adds a getter to retrieve later. In many cases we have the actual status code from the AP, but in some corner cases its not obtainable (e.g. an error sending an NL80211 command) in which case we just default to MMPDU_REASON_CODE_UNSPECIFIED. Rather than continue with the pattern of setting netdev->result and now netdev->last_status_code, the netdev_connect_failed function was redefined so its no longer used as both a NL80211 callback and called directly. Instead a new function was added, netdev_disconnect_cb which just calls netdev_connect_failed. netdev_disconnect_cb should not be used for all the NL80211 disconnect commands. Now netdev_connect_failed takes both a result and status code which it sets in the netdev object. In the case where we were using netdev_connect_failed as a callback we still need to set the result and last_status_code but at least this is better than having to set those in all cases.
2019-01-24 21:56:23 +01:00
netdev_disconnect_cb,
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
netdev, NULL);
break;
case NL80211_IFTYPE_AP:
netdev: Extend checks for P2P scenarios Extend the iftype-based checks to handle the P2P iftypes and remove a warning that may be triggered in normal situations in the P2P scenarios.
2019-10-21 15:55:02 +02:00
case NL80211_IFTYPE_P2P_GO:
netdev: fixed key setting failure If netdev fails to set the keys, there was no way for device/ap to know. A new handshake event was added for this. The key setting failure function was also fixed to support both AP/station iftypes. It will now automatically send either a disconnect or del_station depending on the interface type. In similar manner, netdev_handshake_failed was also modified to support both AP/station iftypes. Now, any handshake event listeners should call netdev_handshake_failed upon a handshake failure event, including AP.
2018-07-03 23:36:33 +02:00
msg = netdev_build_cmd_del_station(netdev, nhs->super.spa,
reason_code, false);
if (!l_genl_family_send(nl80211, msg, NULL, NULL, NULL))
l_error("error sending DEL_STATION");
}
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
if (netdev->work.id)
wiphy_radio_work_done(netdev->wiphy, netdev->work.id);
wiphy: Move handshake_failed handler out of wiphy.c
2016-06-16 18:35:45 +02:00
}
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
static void hardware_rekey_cb(struct l_genl_msg *msg, void *data)
{
struct netdev *netdev = data;
int err;
netdev: add an ability to cancel hw rekey cmd ==1628== Invalid read of size 1 ==1628== at 0x405E71: hardware_rekey_cb (netdev.c:1381) ==1628== by 0x444E5B: process_unicast (genl.c:415) ==1628== by 0x444E5B: received_data (genl.c:534) ==1628== by 0x442032: io_callback (io.c:126) ==1628== by 0x4414CD: l_main_iterate (main.c:387) ==1628== by 0x44158B: l_main_run (main.c:434) ==1628== by 0x403775: main (main.c:489) ==1628== Address 0x5475208 is 312 bytes inside a block of size 320 free'd ==1628== at 0x4C2ED18: free (vg_replace_malloc.c:530) ==1628== by 0x43D94D: l_queue_clear (queue.c:107) ==1628== by 0x43D998: l_queue_destroy (queue.c:82) ==1628== by 0x40B431: netdev_shutdown (netdev.c:4765) ==1628== by 0x403B17: iwd_shutdown (main.c:81) ==1628== by 0x4419D2: signal_callback (signal.c:82) ==1628== by 0x4414CD: l_main_iterate (main.c:387) ==1628== by 0x44158B: l_main_run (main.c:434) ==1628== by 0x403775: main (main.c:489) ==1628== Block was alloc'd at ==1628== at 0x4C2DB6B: malloc (vg_replace_malloc.c:299) ==1628== by 0x43CA4D: l_malloc (util.c:62) ==1628== by 0x40A853: netdev_create_from_genl (netdev.c:4517) ==1628== by 0x444E5B: process_unicast (genl.c:415) ==1628== by 0x444E5B: received_data (genl.c:534) ==1628== by 0x442032: io_callback (io.c:126) ==1628== by 0x4414CD: l_main_iterate (main.c:387) ==1628== by 0x44158B: l_main_run (main.c:434) ==1628== by 0x403775: main (main.c:489)
2018-10-19 23:19:26 +02:00
netdev->rekey_offload_cmd_id = 0;
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
err = l_genl_msg_get_error(msg);
if (err < 0) {
if (err == -EOPNOTSUPP) {
l_error("hardware_rekey not supported");
netdev->rekey_offload_support = false;
}
netdev: Add a TODO about Rekey Offload errors
2018-10-20 17:36:42 +02:00
/*
* TODO: Ignore all other errors for now, until WoWLAN is
* supported properly
*/
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
}
}
static struct l_genl_msg *netdev_build_cmd_replay_counter(struct netdev *netdev,
netdev: Fix style
2018-11-19 19:09:27 +01:00
const uint8_t *kek,
const uint8_t *kck,
uint64_t replay_ctr)
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
{
struct l_genl_msg *msg;
msg = l_genl_msg_new_sized(NL80211_CMD_SET_REKEY_OFFLOAD, 512);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_enter_nested(msg, NL80211_ATTR_REKEY_DATA);
l_genl_msg_append_attr(msg, NL80211_REKEY_DATA_KEK,
NL80211_KEK_LEN, kek);
l_genl_msg_append_attr(msg, NL80211_REKEY_DATA_KCK,
NL80211_KCK_LEN, kck);
l_genl_msg_append_attr(msg, NL80211_REKEY_DATA_REPLAY_CTR,
NL80211_REPLAY_CTR_LEN, &replay_ctr);
l_genl_msg_leave_nested(msg);
return msg;
}
static void netdev_set_rekey_offload(uint32_t ifindex,
const uint8_t *kek,
const uint8_t *kck,
uint64_t replay_counter,
void *user_data)
{
struct netdev *netdev;
struct l_genl_msg *msg;
netdev = netdev_find(ifindex);
if (!netdev)
return;
netdev: added checks for station/ap iftype These checks allow both a station and authenticator to use the same netdev key install functions. For NEW_KEY and SET_STATION, the iftype is checked and either handshake->aa or ->spa is used as the station address for the KEY/STATION commands. Also, in the failure cases, a disconnect command is issued only if the iftype is station as this doesn't apply to AP.
2018-06-22 20:13:28 +02:00
if (netdev->type != NL80211_IFTYPE_STATION)
return;
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
if (!netdev->rekey_offload_support)
return;
l_debug("%d", netdev->index);
netdev: add an ability to cancel hw rekey cmd ==1628== Invalid read of size 1 ==1628== at 0x405E71: hardware_rekey_cb (netdev.c:1381) ==1628== by 0x444E5B: process_unicast (genl.c:415) ==1628== by 0x444E5B: received_data (genl.c:534) ==1628== by 0x442032: io_callback (io.c:126) ==1628== by 0x4414CD: l_main_iterate (main.c:387) ==1628== by 0x44158B: l_main_run (main.c:434) ==1628== by 0x403775: main (main.c:489) ==1628== Address 0x5475208 is 312 bytes inside a block of size 320 free'd ==1628== at 0x4C2ED18: free (vg_replace_malloc.c:530) ==1628== by 0x43D94D: l_queue_clear (queue.c:107) ==1628== by 0x43D998: l_queue_destroy (queue.c:82) ==1628== by 0x40B431: netdev_shutdown (netdev.c:4765) ==1628== by 0x403B17: iwd_shutdown (main.c:81) ==1628== by 0x4419D2: signal_callback (signal.c:82) ==1628== by 0x4414CD: l_main_iterate (main.c:387) ==1628== by 0x44158B: l_main_run (main.c:434) ==1628== by 0x403775: main (main.c:489) ==1628== Block was alloc'd at ==1628== at 0x4C2DB6B: malloc (vg_replace_malloc.c:299) ==1628== by 0x43CA4D: l_malloc (util.c:62) ==1628== by 0x40A853: netdev_create_from_genl (netdev.c:4517) ==1628== by 0x444E5B: process_unicast (genl.c:415) ==1628== by 0x444E5B: received_data (genl.c:534) ==1628== by 0x442032: io_callback (io.c:126) ==1628== by 0x4414CD: l_main_iterate (main.c:387) ==1628== by 0x44158B: l_main_run (main.c:434) ==1628== by 0x403775: main (main.c:489)
2018-10-19 23:19:26 +02:00
msg = netdev_build_cmd_replay_counter(netdev, kek, kck, replay_counter);
netdev->rekey_offload_cmd_id = l_genl_family_send(nl80211, msg,
hardware_rekey_cb,
netdev, NULL);
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
}
netdev: handle QoS Map IE/Frame The QoS Map can come in either as a management frame or via the Associate Response. In either case this IE simply needs to be forwarded back to the kernel.
2019-09-14 00:26:31 +02:00
static void netdev_qos_map_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = user_data;
int err = l_genl_msg_get_error(msg);
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
const char *ext_error;
netdev: handle QoS Map IE/Frame The QoS Map can come in either as a management frame or via the Associate Response. In either case this IE simply needs to be forwarded back to the kernel.
2019-09-14 00:26:31 +02:00
netdev->qos_map_cmd_id = 0;
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
if (err >= 0)
return;
ext_error = l_genl_msg_get_extended_error(msg);
l_error("Couuld not set QoS Map in kernel: %s",
ext_error ? ext_error : strerror(-err));
netdev: handle QoS Map IE/Frame The QoS Map can come in either as a management frame or via the Associate Response. In either case this IE simply needs to be forwarded back to the kernel.
2019-09-14 00:26:31 +02:00
}
/*
* TODO: Fix this in the kernel:
*
* The QoS Map is really of no use to IWD. The kernel requires it to map QoS
* network values properly to what it puts into the IP header. The way we have
* to let the kernel know is to receive the IE, then give it right back...
*
* The kernel/driver/firmware *could* simply obtain this information as the
treewide: fix typos
2020-01-21 07:21:38 +01:00
* frame comes in and not require userspace to forward it back... but that's a
netdev: handle QoS Map IE/Frame The QoS Map can come in either as a management frame or via the Associate Response. In either case this IE simply needs to be forwarded back to the kernel.
2019-09-14 00:26:31 +02:00
* battle for another day.
*/
static void netdev_send_qos_map_set(struct netdev *netdev,
const uint8_t *qos_set, size_t qos_len)
{
struct l_genl_msg *msg;
if (!wiphy_supports_qos_set_map(netdev->wiphy)) {
l_warn("AP sent QoS Map, but capability was not advertised!");
return;
}
/*
* Since this IE comes in on either a management frame or during
* Association response we could have potentially already set this.
*/
if (netdev->qos_map_cmd_id)
return;
msg = l_genl_msg_new_sized(NL80211_CMD_SET_QOS_MAP, 128 + qos_len);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_QOS_MAP, qos_len, qos_set);
netdev->qos_map_cmd_id = l_genl_family_send(nl80211, msg,
netdev_qos_map_cb,
netdev, NULL);
}
netdev: move request IE parsing into function Moves the parsing of NL80211_ATTR_REQ_IE into its own parsing function for use elsewhere.
2021-04-02 19:11:13 +02:00
static void parse_request_ies(struct netdev *netdev, const uint8_t *ies,
size_t ies_len)
{
struct ie_tlv_iter iter;
const void *data;
netdev: Set Supplicant RSNXE to handshake_state
2021-07-09 05:45:13 +02:00
const uint8_t *rsnxe = NULL;
netdev: move request IE parsing into function Moves the parsing of NL80211_ATTR_REQ_IE into its own parsing function for use elsewhere.
2021-04-02 19:11:13 +02:00
/*
* The driver may have modified the IEs we passed to CMD_CONNECT
* before sending them out, the actual IE sent is reflected in the
* ATTR_REQ_IE sequence. These are the values EAPoL will need to use.
*/
ie_tlv_iter_init(&iter, ies, ies_len);
while (ie_tlv_iter_next(&iter)) {
data = ie_tlv_iter_get_data(&iter);
switch (ie_tlv_iter_get_tag(&iter)) {
case IE_TYPE_RSN:
handshake_state_set_supplicant_ie(netdev->handshake,
data - 2);
break;
netdev: Set Supplicant RSNXE to handshake_state
2021-07-09 05:45:13 +02:00
case IE_TYPE_RSNX:
if (!rsnxe)
rsnxe = data - 2;
break;
netdev: move request IE parsing into function Moves the parsing of NL80211_ATTR_REQ_IE into its own parsing function for use elsewhere.
2021-04-02 19:11:13 +02:00
case IE_TYPE_VENDOR_SPECIFIC:
if (!is_ie_wpa_ie(data, ie_tlv_iter_get_length(&iter)))
break;
handshake_state_set_supplicant_ie(netdev->handshake,
data - 2);
break;
case IE_TYPE_MOBILITY_DOMAIN:
handshake_state_set_mde(netdev->handshake, data - 2);
break;
}
}
netdev: Set Supplicant RSNXE to handshake_state
2021-07-09 05:45:13 +02:00
/* RSNXE element might be omitted when FTing */
handshake_state_set_supplicant_rsnxe(netdev->handshake, rsnxe);
netdev: move request IE parsing into function Moves the parsing of NL80211_ATTR_REQ_IE into its own parsing function for use elsewhere.
2021-04-02 19:11:13 +02:00
}
netdev: Work around CMD_CONNECT behavior on mwifiex
2021-04-27 21:00:24 +02:00
static void netdev_driver_connected(struct netdev *netdev)
{
netdev->connected = true;
if (netdev->event_filter)
netdev->event_filter(netdev, NETDEV_EVENT_ASSOCIATING, NULL,
netdev->user_data);
/*
* We register the eapol state machine here, in case the PAE
* socket receives EAPoL packets before the nl80211 socket
* receives the connected event. The logical sequence of
* events can be reversed (e.g. connect_event, then PAE data)
* due to scheduling
*/
if (netdev->sm)
eapol_register(netdev->sm);
}
netdev: Fix style
2018-11-19 19:09:27 +01:00
static void netdev_connect_event(struct l_genl_msg *msg, struct netdev *netdev)
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
{
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
struct l_genl_attr attr;
uint16_t type, len;
const void *data;
const uint16_t *status_code = NULL;
netdev: Update Associate IEs with the values actually sent station.c generates the IEs we will need to use for the Authenticate/Associate and EAPoL frames and sets them into the handshake_state object. However the driver may modify some of them during CMD_CONNECT and we need to use those update values so the AP isn't confused about differing IEs in diffent frames from us. Specifically the "wl" driver seems to do this at least for the RSN IE.
2019-03-19 01:25:16 +01:00
const uint8_t *ies = NULL;
size_t ies_len = 0;
struct ie_tlv_iter iter;
netdev: Fix handshake failures on FT-PSK + FullMac The latest refactoring ended up assuming that FT related elements would be handled in netdev_associate_event. However, FullMac cards (that do not generate netdev_associate_event) could still connect using FT AKMs and perform the Initial mobility association. In such cases the FTE element was required but ended up not being set into the handshake. This caused the handshake to fail during PTK 1_of_4 processing. Fix this by making sure that FTE + related info is set into the handshake, albeit with a lower sanity checking level since the elements have been processed by the firmware already. Note that it is currently impossible for actual FTs to be performed on FullMac cards, so the extra logic and sanity checking to handle these can be skipped.
2019-04-15 22:32:28 +02:00
const uint8_t *resp_ies = NULL;
size_t resp_ies_len;
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
l_debug("");
netdev: Fix crash when aborting a connection We can crash if we abort the connection, but the connect command has already gone through. In this case we will get a sequence of authenticate_event, associate_event, connect_event. The first and last events don't crash since they check whether netdev->connected is true. However, this causes an annoying warning to be printed. Fix this by introducing an 'aborting' flag and ignore all connection related events if it is set. ++++++++ backtrace ++++++++
2019-03-08 23:09:42 +01:00
if (netdev->aborting)
return;
netdev: process association in netdev_associate_event Apart from OWE, the association event was disregarded and all association processing was done in netdev_connect_event. This led to netdev_connect_event having to handle all the logic of both success and failure, as well as parsing the association for FT and OWE. Also, without checking the status code in the associate frame there is the potential for the kernel to think we are connected even if association failed (e.g. rogue AP). This change introduces two flags into netdev, expect_connect_failure and ignore_connect_event. All the FT processing that was once in netdev_connect_event has now been moved into netdev_associate_event, as well as non-FT associate frame processing. The connect event now only handles failure cases for soft/half MAC cards. Note: Since fullmac cards rely on the connect event, the eapol_start and netdev_connect_ok were left in netdev_connect_event. Since neither auth/assoc events come in on fullmac we shouldn't have any conflict with the new flags. Once a connection has completed association, EAPoL is started from netdev_associate_event (if required) and the ignore_connect_event flag can be set. This will bypass the connect event. If a connection has failed during association for whatever reason, we can set expect_connect_failure, the netdev reason, and the MPDU status code. This allows netdev_connect_event to both handle the error, and, if required, send a deauth telling the kernel that we have failed (protecting against the rogue AP situation).
2019-03-05 22:42:33 +01:00
if (netdev->ignore_connect_event)
netdev: remove OWE handling from netdev_connect_event OWE processing can be completely taken care of inside netdev_authenticate_event and netdev_associate_event. This removes the need for OWE specific checks inside netdev_connect_event. We can now return early out of the connect event if OWE is in progress.
2019-03-01 23:58:12 +01:00
return;
netdev: Work around CMD_CONNECT behavior on mwifiex
2021-04-27 21:00:24 +02:00
/* Work around mwifiex which sends a Connect Event prior to the Ack */
if (netdev->connect_cmd_id)
netdev_driver_connected(netdev);
netdev: Add sanity checks In the case we get a connect or authenticate event, make sure we're actually trying to connect. Otherwise, it could be another supplicant is running
2017-03-24 17:44:26 +01:00
if (!netdev->connected) {
l_warn("Unexpected connection related event -- "
"is another supplicant running?");
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
return;
netdev: Add sanity checks In the case we get a connect or authenticate event, make sure we're actually trying to connect. Otherwise, it could be another supplicant is running
2017-03-24 17:44:26 +01:00
}
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
if (!l_genl_attr_init(&attr, msg)) {
l_debug("attr init failed");
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
goto error;
}
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_TIMED_OUT:
l_warn("authentication timed out");
goto error;
case NL80211_ATTR_STATUS_CODE:
if (len == sizeof(uint16_t))
status_code = data;
netdev: FT version of association messages If an MD IE is supplied to netdev_connect, pass that MD IE in the associate request, then validate and handle the MD IE and FT IE in the associate response from AP.
2016-11-02 23:46:16 +01:00
break;
netdev: Update Associate IEs with the values actually sent station.c generates the IEs we will need to use for the Authenticate/Associate and EAPoL frames and sets them into the handshake_state object. However the driver may modify some of them during CMD_CONNECT and we need to use those update values so the AP isn't confused about differing IEs in diffent frames from us. Specifically the "wl" driver seems to do this at least for the RSN IE.
2019-03-19 01:25:16 +01:00
case NL80211_ATTR_REQ_IE:
ies = data;
ies_len = len;
break;
netdev: Fix handshake failures on FT-PSK + FullMac The latest refactoring ended up assuming that FT related elements would be handled in netdev_associate_event. However, FullMac cards (that do not generate netdev_associate_event) could still connect using FT AKMs and perform the Initial mobility association. In such cases the FTE element was required but ended up not being set into the handshake. This caused the handshake to fail during PTK 1_of_4 processing. Fix this by making sure that FTE + related info is set into the handshake, albeit with a lower sanity checking level since the elements have been processed by the firmware already. Note that it is currently impossible for actual FTs to be performed on FullMac cards, so the extra logic and sanity checking to handle these can be skipped.
2019-04-15 22:32:28 +02:00
case NL80211_ATTR_RESP_IE:
resp_ies = data;
resp_ies_len = len;
break;
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
}
}
netdev: process association in netdev_associate_event Apart from OWE, the association event was disregarded and all association processing was done in netdev_connect_event. This led to netdev_connect_event having to handle all the logic of both success and failure, as well as parsing the association for FT and OWE. Also, without checking the status code in the associate frame there is the potential for the kernel to think we are connected even if association failed (e.g. rogue AP). This change introduces two flags into netdev, expect_connect_failure and ignore_connect_event. All the FT processing that was once in netdev_connect_event has now been moved into netdev_associate_event, as well as non-FT associate frame processing. The connect event now only handles failure cases for soft/half MAC cards. Note: Since fullmac cards rely on the connect event, the eapol_start and netdev_connect_ok were left in netdev_connect_event. Since neither auth/assoc events come in on fullmac we shouldn't have any conflict with the new flags. Once a connection has completed association, EAPoL is started from netdev_associate_event (if required) and the ignore_connect_event flag can be set. This will bypass the connect event. If a connection has failed during association for whatever reason, we can set expect_connect_failure, the netdev reason, and the MPDU status code. This allows netdev_connect_event to both handle the error, and, if required, send a deauth telling the kernel that we have failed (protecting against the rogue AP situation).
2019-03-05 22:42:33 +01:00
if (netdev->expect_connect_failure) {
/*
* The kernel may think we are connected when we are actually
* expecting a failure here, e.g. if Authenticate/Associate had
* previously failed. If so we need to deauth to let the kernel
* know.
*/
if (status_code && *status_code == 0)
goto deauth;
else
goto error;
netdev: FT version of association messages If an MD IE is supplied to netdev_connect, pass that MD IE in the associate request, then validate and handle the MD IE and FT IE in the associate response from AP.
2016-11-02 23:46:16 +01:00
}
netdev: separate netdev_{roam,connect}_event netdev_connect_event was being reused for parsing of CMD_ROAM attributes which made some amount of sense since these events are nearly identical, but due to the nature of firmware roaming there really isn't much IWD needs to parse from CMD_ROAM. In addition netdev_connect_event was getting rather complicated since it had to handle both CMD_ROAM and CMD_CONNECT. The only bits of information IWD needs to parse from CMD_ROAM is the roamed BSSID, authenticator IEs, and supplicant IEs. Since this is so limited it now makes little sense to reuse the entire netdev_connect_event function, and intead only parse what is needed for CMD_ROAM.
2021-04-02 19:11:14 +02:00
/* AP Rejected the authenticate / associate */
if (!status_code || *status_code != 0)
goto error;
netdev: Handle the FT Reassociation Response message Validate the fourth message of the fast transition sequence and save the new keys and state as current values in the netdev object. The FT-specific IE validation that was already present in the initial MD is moved to a new function.
2017-01-12 09:36:02 +01:00
netdev: Skip IE processing of no request IEs sent
2019-10-18 00:30:11 +02:00
if (!ies)
goto process_resp_ies;
netdev: Update Associate IEs with the values actually sent station.c generates the IEs we will need to use for the Authenticate/Associate and EAPoL frames and sets them into the handshake_state object. However the driver may modify some of them during CMD_CONNECT and we need to use those update values so the AP isn't confused about differing IEs in diffent frames from us. Specifically the "wl" driver seems to do this at least for the RSN IE.
2019-03-19 01:25:16 +01:00
netdev: move request IE parsing into function Moves the parsing of NL80211_ATTR_REQ_IE into its own parsing function for use elsewhere.
2021-04-02 19:11:13 +02:00
parse_request_ies(netdev, ies, ies_len);
netdev: Update Associate IEs with the values actually sent station.c generates the IEs we will need to use for the Authenticate/Associate and EAPoL frames and sets them into the handshake_state object. However the driver may modify some of them during CMD_CONNECT and we need to use those update values so the AP isn't confused about differing IEs in diffent frames from us. Specifically the "wl" driver seems to do this at least for the RSN IE.
2019-03-19 01:25:16 +01:00
netdev: Skip IE processing of no request IEs sent
2019-10-18 00:30:11 +02:00
process_resp_ies:
netdev: handle QoS Map IE/Frame The QoS Map can come in either as a management frame or via the Associate Response. In either case this IE simply needs to be forwarded back to the kernel.
2019-09-14 00:26:31 +02:00
if (resp_ies) {
netdev: Fix handshake failures on FT-PSK + FullMac The latest refactoring ended up assuming that FT related elements would be handled in netdev_associate_event. However, FullMac cards (that do not generate netdev_associate_event) could still connect using FT AKMs and perform the Initial mobility association. In such cases the FTE element was required but ended up not being set into the handshake. This caused the handshake to fail during PTK 1_of_4 processing. Fix this by making sure that FTE + related info is set into the handshake, albeit with a lower sanity checking level since the elements have been processed by the firmware already. Note that it is currently impossible for actual FTs to be performed on FullMac cards, so the extra logic and sanity checking to handle these can be skipped.
2019-04-15 22:32:28 +02:00
const uint8_t *fte = NULL;
netdev: handle QoS Map IE/Frame The QoS Map can come in either as a management frame or via the Associate Response. In either case this IE simply needs to be forwarded back to the kernel.
2019-09-14 00:26:31 +02:00
const uint8_t *qos_set = NULL;
size_t qos_len = 0;
netdev: Fix handshake failures on FT-PSK + FullMac The latest refactoring ended up assuming that FT related elements would be handled in netdev_associate_event. However, FullMac cards (that do not generate netdev_associate_event) could still connect using FT AKMs and perform the Initial mobility association. In such cases the FTE element was required but ended up not being set into the handshake. This caused the handshake to fail during PTK 1_of_4 processing. Fix this by making sure that FTE + related info is set into the handshake, albeit with a lower sanity checking level since the elements have been processed by the firmware already. Note that it is currently impossible for actual FTs to be performed on FullMac cards, so the extra logic and sanity checking to handle these can be skipped.
2019-04-15 22:32:28 +02:00
struct ie_ft_info ft_info;
ie_tlv_iter_init(&iter, resp_ies, resp_ies_len);
while (ie_tlv_iter_next(&iter)) {
data = ie_tlv_iter_get_data(&iter);
switch (ie_tlv_iter_get_tag(&iter)) {
case IE_TYPE_FAST_BSS_TRANSITION:
fte = data - 2;
break;
netdev: handle QoS Map IE/Frame The QoS Map can come in either as a management frame or via the Associate Response. In either case this IE simply needs to be forwarded back to the kernel.
2019-09-14 00:26:31 +02:00
case IE_TYPE_QOS_MAP_SET:
qos_set = data;
qos_len = ie_tlv_iter_get_length(&iter);
break;
netdev: Fix handshake failures on FT-PSK + FullMac The latest refactoring ended up assuming that FT related elements would be handled in netdev_associate_event. However, FullMac cards (that do not generate netdev_associate_event) could still connect using FT AKMs and perform the Initial mobility association. In such cases the FTE element was required but ended up not being set into the handshake. This caused the handshake to fail during PTK 1_of_4 processing. Fix this by making sure that FTE + related info is set into the handshake, albeit with a lower sanity checking level since the elements have been processed by the firmware already. Note that it is currently impossible for actual FTs to be performed on FullMac cards, so the extra logic and sanity checking to handle these can be skipped.
2019-04-15 22:32:28 +02:00
}
}
netdev: handle QoS Map IE/Frame The QoS Map can come in either as a management frame or via the Associate Response. In either case this IE simply needs to be forwarded back to the kernel.
2019-09-14 00:26:31 +02:00
/* FILS handles its own FT key derivation */
if (fte && !(netdev->handshake->akm_suite &
(IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 |
IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384))) {
ie: allow 24 byte FTE MIC FT over FILS-SHA384 uses a 24 byte FT MIC rather than the 16 byte MIC used for all other AKMs. This change allows both the FT builder/parser to handle both lengths of MIC. The mic length is now passed directly into ie_parse_fast_bss_transition and ie_build_fast_bss_transition
2019-05-23 00:24:00 +02:00
uint32_t kck_len =
handshake_state_get_kck_len(netdev->handshake);
netdev: Fix handshake failures on FT-PSK + FullMac The latest refactoring ended up assuming that FT related elements would be handled in netdev_associate_event. However, FullMac cards (that do not generate netdev_associate_event) could still connect using FT AKMs and perform the Initial mobility association. In such cases the FTE element was required but ended up not being set into the handshake. This caused the handshake to fail during PTK 1_of_4 processing. Fix this by making sure that FTE + related info is set into the handshake, albeit with a lower sanity checking level since the elements have been processed by the firmware already. Note that it is currently impossible for actual FTs to be performed on FullMac cards, so the extra logic and sanity checking to handle these can be skipped.
2019-04-15 22:32:28 +02:00
/*
* If we are here, then most likely we have a FullMac
* hw performing initial mobility association. We need
* to set the FTE element or the handshake will fail
* The firmware accepted the FTE element, so do not
* sanitize the contents and just assume they're okay.
*/
if (ie_parse_fast_bss_transition_from_data(fte,
ie: allow 24 byte FTE MIC FT over FILS-SHA384 uses a 24 byte FT MIC rather than the 16 byte MIC used for all other AKMs. This change allows both the FT builder/parser to handle both lengths of MIC. The mic length is now passed directly into ie_parse_fast_bss_transition and ie_build_fast_bss_transition
2019-05-23 00:24:00 +02:00
fte[1] + 2, kck_len, &ft_info) >= 0) {
netdev: Fix handshake failures on FT-PSK + FullMac The latest refactoring ended up assuming that FT related elements would be handled in netdev_associate_event. However, FullMac cards (that do not generate netdev_associate_event) could still connect using FT AKMs and perform the Initial mobility association. In such cases the FTE element was required but ended up not being set into the handshake. This caused the handshake to fail during PTK 1_of_4 processing. Fix this by making sure that FTE + related info is set into the handshake, albeit with a lower sanity checking level since the elements have been processed by the firmware already. Note that it is currently impossible for actual FTs to be performed on FullMac cards, so the extra logic and sanity checking to handle these can be skipped.
2019-04-15 22:32:28 +02:00
handshake_state_set_fte(netdev->handshake, fte);
handshake_state_set_kh_ids(netdev->handshake,
ft_info.r0khid,
ft_info.r0khid_len,
ft_info.r1khid);
} else {
l_info("CMD_CONNECT Succeeded, but parsing FTE"
" failed. Expect handshake failure");
}
}
netdev: handle QoS Map IE/Frame The QoS Map can come in either as a management frame or via the Associate Response. In either case this IE simply needs to be forwarded back to the kernel.
2019-09-14 00:26:31 +02:00
if (qos_set)
netdev_send_qos_map_set(netdev, qos_set, qos_len);
netdev: Fix handshake failures on FT-PSK + FullMac The latest refactoring ended up assuming that FT related elements would be handled in netdev_associate_event. However, FullMac cards (that do not generate netdev_associate_event) could still connect using FT AKMs and perform the Initial mobility association. In such cases the FTE element was required but ended up not being set into the handshake. This caused the handshake to fail during PTK 1_of_4 processing. Fix this by making sure that FTE + related info is set into the handshake, albeit with a lower sanity checking level since the elements have been processed by the firmware already. Note that it is currently impossible for actual FTs to be performed on FullMac cards, so the extra logic and sanity checking to handle these can be skipped.
2019-04-15 22:32:28 +02:00
}
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
if (netdev->sm) {
eapol: Cache early EAPoL frames until ready to process Split eapol_start into two calls, one to register the state machine so that the PAE read handler knows not to discard frames for that ifindex, and eapol_start to actually start processing the frames. This is needed because, as per the comment in netdev.c, due to scheduling the PAE socket read handler may trigger before the CMD_CONNECT event handler, which needs to parse the FTE from the Associate Response frame and supply it to the eapol SM before it can do anything with the message 1 of 4 of the FT handshake. Another issue is that depending on the driver or timing, the underlying link might not be marked as 'ready' by the kernel. In this case, our response to Message 1 of the 4-way Handshake is written and accepted by the kernel, but gets dropped on the floor internally. Which leads to timeouts if the AP doesn't retransmit.
2016-10-04 05:48:08 +02:00
/*
* Start processing EAPoL frames now that the state machine
* has all the input data even in FT mode.
*/
netdev: fail early on unsuccessful eapol_start
2017-10-27 23:41:01 +02:00
if (!eapol_start(netdev->sm))
goto error;
netdev: Rework link_mode and operstate setting These flags are documented in RFC2863 and kernel's Documentation/networking/operstates.txt. Operstate doesn't have any siginificant effect on normal connectivity or on our autotests because it is not used by the kernel except in some rare cases but it is supposed to affect some userspace daemons that watch for RTM_NEWLINK events, so I believe we *should* set them according to this documentation. Changes: * There's no point setting link_mode or operstate of the netdev when we're bringing the admin state DOWN as that overrides operstate. * Instead of numerical values for link_mode use the if.h defines. * Set IF_OPER_UP when association succeeds also in the Fast Transition case. The driver will have set carrier off and then on so the operstate should be IF_OPER_DORMANT at this point and needs to be reset to UP.
2017-05-30 14:26:18 +02:00
netdev: process association in netdev_associate_event Apart from OWE, the association event was disregarded and all association processing was done in netdev_connect_event. This led to netdev_connect_event having to handle all the logic of both success and failure, as well as parsing the association for FT and OWE. Also, without checking the status code in the associate frame there is the potential for the kernel to think we are connected even if association failed (e.g. rogue AP). This change introduces two flags into netdev, expect_connect_failure and ignore_connect_event. All the FT processing that was once in netdev_connect_event has now been moved into netdev_associate_event, as well as non-FT associate frame processing. The connect event now only handles failure cases for soft/half MAC cards. Note: Since fullmac cards rely on the connect event, the eapol_start and netdev_connect_ok were left in netdev_connect_event. Since neither auth/assoc events come in on fullmac we shouldn't have any conflict with the new flags. Once a connection has completed association, EAPoL is started from netdev_associate_event (if required) and the ignore_connect_event flag can be set. This will bypass the connect event. If a connection has failed during association for whatever reason, we can set expect_connect_failure, the netdev reason, and the MPDU status code. This allows netdev_connect_event to both handle the error, and, if required, send a deauth telling the kernel that we have failed (protecting against the rogue AP situation).
2019-03-05 22:42:33 +01:00
return;
netdev: Rework link_mode and operstate setting These flags are documented in RFC2863 and kernel's Documentation/networking/operstates.txt. Operstate doesn't have any siginificant effect on normal connectivity or on our autotests because it is not used by the kernel except in some rare cases but it is supposed to affect some userspace daemons that watch for RTM_NEWLINK events, so I believe we *should* set them according to this documentation. Changes: * There's no point setting link_mode or operstate of the netdev when we're bringing the admin state DOWN as that overrides operstate. * Instead of numerical values for link_mode use the if.h defines. * Set IF_OPER_UP when association succeeds also in the Fast Transition case. The driver will have set carrier off and then on so the operstate should be IF_OPER_DORMANT at this point and needs to be reset to UP.
2017-05-30 14:26:18 +02:00
}
netdev: Handle the FT Reassociation Response message Validate the fourth message of the fast transition sequence and save the new keys and state as current values in the netdev object. The FT-specific IE validation that was already present in the initial MD is moved to a new function.
2017-01-12 09:36:02 +01:00
netdev: allow PSK offload for FT AKMs This adds a new connection type, TYPE_PSK_OFFLOAD, which allows the 4-way handshake to be offloaded by the firmware. Offloading will be used if the driver advertises support. The CMD_ROAM event path was also modified to take into account handshake offloading. If the handshake is offloaded we still must issue GET_SCAN, but not start eapol since the firmware takes care of this.
2021-04-03 00:06:17 +02:00
/* Allow station to sync the PSK to disk */
if (is_offload(netdev->handshake))
handshake_event(netdev->handshake,
HANDSHAKE_EVENT_SETTING_KEYS);
netdev: On connect success don't wait for netdev_operstate_cb Send the link_mode and operstate RTNL command in parallel with the connect Ok event, don't wait for the RTNL callback as it's non-critical.
2017-05-30 14:26:19 +02:00
netdev_connect_ok(netdev);
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
return;
error:
netdev: store mpdu status and add getter Soon BSS blacklisting will be added, and in order to properly decide if a BSS should be blacklisted we need the status code on a failed connection. This change stores the status code when there is a failure in netdev and adds a getter to retrieve later. In many cases we have the actual status code from the AP, but in some corner cases its not obtainable (e.g. an error sending an NL80211 command) in which case we just default to MMPDU_REASON_CODE_UNSPECIFIED. Rather than continue with the pattern of setting netdev->result and now netdev->last_status_code, the netdev_connect_failed function was redefined so its no longer used as both a NL80211 callback and called directly. Instead a new function was added, netdev_disconnect_cb which just calls netdev_connect_failed. netdev_disconnect_cb should not be used for all the NL80211 disconnect commands. Now netdev_connect_failed takes both a result and status code which it sets in the netdev object. In the case where we were using netdev_connect_failed as a callback we still need to set the result and last_status_code but at least this is better than having to set those in all cases.
2019-01-24 21:56:23 +01:00
netdev_connect_failed(netdev, NETDEV_RESULT_ASSOCIATION_FAILED,
netdev: process association in netdev_associate_event Apart from OWE, the association event was disregarded and all association processing was done in netdev_connect_event. This led to netdev_connect_event having to handle all the logic of both success and failure, as well as parsing the association for FT and OWE. Also, without checking the status code in the associate frame there is the potential for the kernel to think we are connected even if association failed (e.g. rogue AP). This change introduces two flags into netdev, expect_connect_failure and ignore_connect_event. All the FT processing that was once in netdev_connect_event has now been moved into netdev_associate_event, as well as non-FT associate frame processing. The connect event now only handles failure cases for soft/half MAC cards. Note: Since fullmac cards rely on the connect event, the eapol_start and netdev_connect_ok were left in netdev_connect_event. Since neither auth/assoc events come in on fullmac we shouldn't have any conflict with the new flags. Once a connection has completed association, EAPoL is started from netdev_associate_event (if required) and the ignore_connect_event flag can be set. This will bypass the connect event. If a connection has failed during association for whatever reason, we can set expect_connect_failure, the netdev reason, and the MPDU status code. This allows netdev_connect_event to both handle the error, and, if required, send a deauth telling the kernel that we have failed (protecting against the rogue AP situation).
2019-03-05 22:42:33 +01:00
(status_code) ? *status_code :
MMPDU_STATUS_CODE_UNSPECIFIED);
return;
deauth:
msg = netdev_build_cmd_deauthenticate(netdev,
MMPDU_REASON_CODE_UNSPECIFIED);
netdev->disconnect_cmd_id = l_genl_family_send(nl80211,
msg,
netdev_disconnect_cb,
netdev, NULL);
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
}
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
static unsigned int ie_rsn_akm_suite_to_nl80211(enum ie_rsn_akm_suite akm)
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
{
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
switch (akm) {
case IE_RSN_AKM_SUITE_8021X:
return CRYPTO_AKM_8021X;
case IE_RSN_AKM_SUITE_PSK:
return CRYPTO_AKM_PSK;
case IE_RSN_AKM_SUITE_FT_OVER_8021X:
return CRYPTO_AKM_FT_OVER_8021X;
case IE_RSN_AKM_SUITE_FT_USING_PSK:
return CRYPTO_AKM_FT_USING_PSK;
case IE_RSN_AKM_SUITE_8021X_SHA256:
return CRYPTO_AKM_8021X_SHA256;
case IE_RSN_AKM_SUITE_PSK_SHA256:
return CRYPTO_AKM_PSK_SHA256;
case IE_RSN_AKM_SUITE_TDLS:
return CRYPTO_AKM_TDLS;
case IE_RSN_AKM_SUITE_SAE_SHA256:
return CRYPTO_AKM_SAE_SHA256;
case IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256:
return CRYPTO_AKM_FT_OVER_SAE_SHA256;
case IE_RSN_AKM_SUITE_AP_PEER_KEY_SHA256:
return CRYPTO_AKM_AP_PEER_KEY_SHA256;
case IE_RSN_AKM_SUITE_8021X_SUITE_B_SHA256:
return CRYPTO_AKM_8021X_SUITE_B_SHA256;
case IE_RSN_AKM_SUITE_8021X_SUITE_B_SHA384:
return CRYPTO_AKM_8021X_SUITE_B_SHA384;
case IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384:
return CRYPTO_AKM_FT_OVER_8021X_SHA384;
ie: crypto: add FILS AKMs ie_rsn_info had to be updated to allow for 32 bit AKM values rather than 16 bit.
2019-04-04 22:43:13 +02:00
case IE_RSN_AKM_SUITE_FILS_SHA256:
return CRYPTO_AKM_FILS_SHA256;
case IE_RSN_AKM_SUITE_FILS_SHA384:
return CRYPTO_AKM_FILS_SHA384;
case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256:
return CRYPTO_AKM_FT_OVER_FILS_SHA256;
case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384:
return CRYPTO_AKM_FT_OVER_FILS_SHA384;
netdev: add translation for OWE AKM type
2018-11-16 23:22:44 +01:00
case IE_RSN_AKM_SUITE_OWE:
return CRYPTO_AKM_OWE;
ie: add IE_RSN_AKM_SUITE_OSEN
2019-06-07 22:58:43 +02:00
case IE_RSN_AKM_SUITE_OSEN:
return CRYPTO_AKM_OSEN;
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
}
return 0;
}
static struct l_genl_msg *netdev_build_cmd_associate_common(
struct netdev *netdev)
{
struct handshake_state *hs = netdev->handshake;
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
bool is_rsn = hs->supplicant_ie != NULL;
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
struct l_genl_msg *msg;
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
msg = l_genl_msg_new_sized(NL80211_CMD_ASSOCIATE, 600);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_WIPHY_FREQ, 4,
&netdev->frequency);
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, hs->aa);
l_genl_msg_append_attr(msg, NL80211_ATTR_SSID, hs->ssid_len, hs->ssid);
netdev: Use NL80211_ATTR_SOCKET_OWNER flag Use the new NL80211_ATTR_SOCKET_OWNER with CMD_CONNECT and CMD_ASSOCIATE to make sure an iwd crash results in deauthentication.
2017-05-22 10:49:48 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_SOCKET_OWNER, 0, NULL);
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
if (is_rsn) {
uint32_t nl_cipher;
uint32_t nl_akm;
uint32_t wpa_version;
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_CONTROL_PORT, 0, NULL);
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
netdev: Use EAPoL over nl80211 if CONTROL_PORT set Our logic would set CONTROL_PORT_OVER_NL80211 even in cases where CONTROL_PORT wasn't used (e.g. for open networks). While the kernel ignored this attribute in this case, it is nicer to set this only if CONTROL_PORT is intended to be used.
2018-08-09 22:16:45 +02:00
if (netdev->pae_over_nl80211)
l_genl_msg_append_attr(msg,
NL80211_ATTR_CONTROL_PORT_OVER_NL80211,
0, NULL);
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
if (hs->pairwise_cipher == IE_RSN_CIPHER_SUITE_CCMP)
nl_cipher = CRYPTO_CIPHER_CCMP;
else
nl_cipher = CRYPTO_CIPHER_TKIP;
l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
4, &nl_cipher);
if (hs->group_cipher == IE_RSN_CIPHER_SUITE_CCMP)
nl_cipher = CRYPTO_CIPHER_CCMP;
else
nl_cipher = CRYPTO_CIPHER_TKIP;
l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
4, &nl_cipher);
if (hs->mfp) {
uint32_t use_mfp = NL80211_MFP_REQUIRED;
l_genl_msg_append_attr(msg, NL80211_ATTR_USE_MFP,
4, &use_mfp);
}
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
nl_akm = ie_rsn_akm_suite_to_nl80211(hs->akm_suite);
if (nl_akm)
l_genl_msg_append_attr(msg, NL80211_ATTR_AKM_SUITES,
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
4, &nl_akm);
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
if (hs->wpa_ie)
wpa_version = NL80211_WPA_VERSION_1;
else
wpa_version = NL80211_WPA_VERSION_2;
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
l_genl_msg_append_attr(msg, NL80211_ATTR_WPA_VERSIONS,
4, &wpa_version);
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
}
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
netdev: break out FT associate into common function SAE will require some of the same CMD_ASSOCIATE building code that FT currently uses. This breaks out the common code from FT into netdev_build_cmd_associate_common.
2018-08-09 20:13:57 +02:00
return msg;
}
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
static void netdev_cmd_ft_reassociate_cb(struct l_genl_msg *msg,
void *user_data)
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
{
struct netdev *netdev = user_data;
netdev: Cancel the CMD_CONNECT genl command on disconnect CMD_DISCONNECT fails on some occasions when CMD_CONNECT is still running. When this happens the DBus disconnect command receives an error reply but iwd's device state is left as disconnected even though there's a connection at the kernel level which times out a few seconds later. If the CMD_CONNECT is cancelled I couldn't reproduce this so far. src/network.c:network_connect() src/network.c:network_connect_psk() src/network.c:network_connect_psk() psk: 69ae3f8b2f84a438cf6a44275913182dd2714510ccb8cbdf8da9dc8b61718560 src/network.c:network_connect_psk() len: 32 src/network.c:network_connect_psk() ask_psk: false src/device.c:device_enter_state() Old State: disconnected, new state: connecting src/scan.c:scan_notify() Scan notification 33 src/device.c:device_netdev_event() Associating src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/device.c:device_dbus_disconnect() src/device.c:device_connect_cb() 6, result: 5 src/device.c:device_enter_state() Old State: connecting, new state: disconnecting src/device.c:device_disconnect_cb() 6, success: 0 src/device.c:device_enter_state() Old State: disconnecting, new state: disconnected src/scan.c:scan_notify() Scan notification 34 src/netdev.c:netdev_mlme_notify() MLME notification 19 src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 37 src/netdev.c:netdev_authenticate_event() src/scan.c:get_scan_callback() get_scan_callback src/scan.c:get_scan_done() get_scan_done src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 19 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 38 src/netdev.c:netdev_associate_event() src/netdev.c:netdev_mlme_notify() MLME notification 46 src/netdev.c:netdev_connect_event() <delay> src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 src/netdev.c:netdev_mlme_notify() MLME notification 39 src/netdev.c:netdev_deauthenticate_event()
2016-08-05 14:25:34 +02:00
netdev->connect_cmd_id = 0;
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
if (l_genl_msg_get_error(msg) < 0) {
struct l_genl_msg *cmd_deauth;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
netdev->result = NETDEV_RESULT_ASSOCIATION_FAILED;
netdev: station: fix status/reason code in callbacks This change cleans up the mess of status vs reason codes. The two types of codes have already been separated into different enumerations, but netdev was still treating them the same (with last_status_code). A new 'event_data' argument was added to the connect callback, which has a different meaning depending on the result of the connection (described inside netdev.h, netdev_connect_cb_t). This allows for the removal of netdev_get_last_status_code since the status or reason code is now passed via event_data. Inside the netdev object last_status_code was renamed to last_code, for the purpose of storing either status or reason. This is only used when a disconnect needs to be emitted before failing the connection. In all other cases we just pass the code directly into the connect_cb and do not store it. All ocurrences of netdev_connect_failed were updated to use the proper code depending on the netdev result. Most of these simply changed from REASON_CODE_UNSPECIFIED to STATUS_CODE_UNSPECIFIED. This was simply for consistency (both codes have the same value). netdev_[authenticate|associate]_event's were updated to parse the status code and, if present, use that if their was a failure rather than defaulting to UNSPECIFIED.
2019-02-28 18:32:40 +01:00
netdev->last_code = MMPDU_STATUS_CODE_UNSPECIFIED;
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
cmd_deauth = netdev_build_cmd_deauthenticate(netdev,
mpdu: Refactor mpdu structs Refactor management frame structures to take into account optional presence of some parts of the header: * drop the single structure for management header and body since the body offset is variable. * add mmpdu_get_body to locate the start of frame body. * drop the union of different management frame type bodies. * prefix names specific to management frames with "mmpdu" instead of "mpdu" including any enums based on 802.11-2012 section 8.4. * move the FC field to the mmpdu_header structure.
2017-08-31 04:04:41 +02:00
MMPDU_REASON_CODE_UNSPECIFIED);
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
netdev->disconnect_cmd_id = l_genl_family_send(nl80211,
cmd_deauth,
netdev: store mpdu status and add getter Soon BSS blacklisting will be added, and in order to properly decide if a BSS should be blacklisted we need the status code on a failed connection. This change stores the status code when there is a failure in netdev and adds a getter to retrieve later. In many cases we have the actual status code from the AP, but in some corner cases its not obtainable (e.g. an error sending an NL80211 command) in which case we just default to MMPDU_REASON_CODE_UNSPECIFIED. Rather than continue with the pattern of setting netdev->result and now netdev->last_status_code, the netdev_connect_failed function was redefined so its no longer used as both a NL80211 callback and called directly. Instead a new function was added, netdev_disconnect_cb which just calls netdev_connect_failed. netdev_disconnect_cb should not be used for all the NL80211 disconnect commands. Now netdev_connect_failed takes both a result and status code which it sets in the netdev object. In the case where we were using netdev_connect_failed as a callback we still need to set the result and last_status_code but at least this is better than having to set those in all cases.
2019-01-24 21:56:23 +01:00
netdev_disconnect_cb,
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
netdev, NULL);
}
}
netdev: Start eapol earlier
2016-09-23 00:34:27 +02:00
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
static void netdev_authenticate_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
struct l_genl_attr attr;
uint16_t type, len;
const void *data;
const uint8_t *frame = NULL;
size_t frame_len = 0;
fils: netdev: update to use auth_proto concepts
2019-05-03 20:59:51 +02:00
int ret;
uint16_t status_code = MMPDU_STATUS_CODE_UNSPECIFIED;
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
l_debug("");
netdev: Fix crash when aborting a connection We can crash if we abort the connection, but the connect command has already gone through. In this case we will get a sequence of authenticate_event, associate_event, connect_event. The first and last events don't crash since they check whether netdev->connected is true. However, this causes an annoying warning to be printed. Fix this by introducing an 'aborting' flag and ignore all connection related events if it is set. ++++++++ backtrace ++++++++
2019-03-08 23:09:42 +01:00
if (netdev->aborting)
return;
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
if (!netdev->connected) {
l_warn("Unexpected connection related event -- "
"is another supplicant running?");
return;
}
/*
* During Fast Transition we use the authenticate event to start the
* reassociation step because the FTE necessary before we can build
* the FT Associate command is included in the attached frame and is
* not available in the Authenticate command callback.
*/
netdev: remove in_ft checks and set_use_eapol_start In both netdev_{authenticate,associate}_event there is no need to check for in_ft at the start since netdev->ap will always be set if in_ft is set. There was also no need to set eapol_sm_set_use_eapol_start, as setting require_handshake implies this and achieves the same result when starting the SM.
2019-05-07 21:46:48 +02:00
if (!netdev->ap)
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
return;
if (!l_genl_attr_init(&attr, msg)) {
l_debug("attr init failed");
goto auth_error;
}
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_TIMED_OUT:
l_warn("authentication timed out");
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
if (auth_proto_auth_timeout(netdev->ap))
fils: netdev: update to use auth_proto concepts
2019-05-03 20:59:51 +02:00
return;
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
goto auth_error;
case NL80211_ATTR_FRAME:
if (frame)
goto auth_error;
frame = data;
frame_len = len;
break;
}
}
netdev: Centralize mmpdu validation Instead of requiring each auth_proto to perform validation of the frames received via rx_authenticate & rx_associate, have netdev itself perform the mpdu validation. This is unlikely to happen anyway since the kernel performs its own frame validation. Print a warning in case the validation fails.
2021-07-13 01:32:02 +02:00
if (L_WARN_ON(!frame))
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
goto auth_error;
netdev: ft: refactor FT into an auth-proto Since FT operates over Authenticate/Associate, it makes the most sense for it to behave like the other auth-protos. This change moves all the FT specific processing out of netdev and into ft.c. The bulk of the changes were strait copy-pastes from netdev into ft.c with minor API changes (e.g. remove struct netdev). The 'in_ft' boolean unforunately is still required for a few reasons: - netdev_disconnect_event relies on this flag so it can ignore the disconnect which comes in when doing a fast transition. We cannot simply check netdev->ap because this would cause the other auth-protos to not handle a disconnect correctly. - netdev_associate_event needs to correctly setup the eapol_sm when in FT mode by setting require_handshake and use_eapol_start to false. This cannot be handled inside eapol by checking the AKM because an AP may only advertise a FT AKM, and the initial mobility association does require the 4-way handshake.
2019-05-07 20:53:42 +02:00
if (netdev->ap) {
netdev: Centralize mmpdu validation Instead of requiring each auth_proto to perform validation of the frames received via rx_authenticate & rx_associate, have netdev itself perform the mpdu validation. This is unlikely to happen anyway since the kernel performs its own frame validation. Print a warning in case the validation fails.
2021-07-13 01:32:02 +02:00
const struct mmpdu_header *hdr;
const struct mmpdu_authentication *auth;
if (L_WARN_ON(!(hdr = mpdu_validate(frame, frame_len))))
goto auth_error;
auth = mmpdu_body(hdr);
status_code = L_CPU_TO_LE16(auth->status);
fils: netdev: update to use auth_proto concepts
2019-05-03 20:59:51 +02:00
ret = auth_proto_rx_authenticate(netdev->ap, frame, frame_len);
if (ret == 0 || ret == -EAGAIN)
return;
else if (ret > 0)
status_code = (uint16_t)ret;
netdev: remove unneeded goto/return code All possible paths led to the same result so it was simplified to remove two goto's and a return call.
2021-03-29 22:43:51 +02:00
}
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
auth_error:
netdev: store mpdu status and add getter Soon BSS blacklisting will be added, and in order to properly decide if a BSS should be blacklisted we need the status code on a failed connection. This change stores the status code when there is a failure in netdev and adds a getter to retrieve later. In many cases we have the actual status code from the AP, but in some corner cases its not obtainable (e.g. an error sending an NL80211 command) in which case we just default to MMPDU_REASON_CODE_UNSPECIFIED. Rather than continue with the pattern of setting netdev->result and now netdev->last_status_code, the netdev_connect_failed function was redefined so its no longer used as both a NL80211 callback and called directly. Instead a new function was added, netdev_disconnect_cb which just calls netdev_connect_failed. netdev_disconnect_cb should not be used for all the NL80211 disconnect commands. Now netdev_connect_failed takes both a result and status code which it sets in the netdev object. In the case where we were using netdev_connect_failed as a callback we still need to set the result and last_status_code but at least this is better than having to set those in all cases.
2019-01-24 21:56:23 +01:00
netdev_connect_failed(netdev, NETDEV_RESULT_AUTHENTICATION_FAILED,
fils: netdev: update to use auth_proto concepts
2019-05-03 20:59:51 +02:00
status_code);
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
}
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
static void netdev_associate_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
struct l_genl_attr attr;
uint16_t type, len;
const void *data;
size_t frame_len = 0;
netdev: process association in netdev_associate_event Apart from OWE, the association event was disregarded and all association processing was done in netdev_connect_event. This led to netdev_connect_event having to handle all the logic of both success and failure, as well as parsing the association for FT and OWE. Also, without checking the status code in the associate frame there is the potential for the kernel to think we are connected even if association failed (e.g. rogue AP). This change introduces two flags into netdev, expect_connect_failure and ignore_connect_event. All the FT processing that was once in netdev_connect_event has now been moved into netdev_associate_event, as well as non-FT associate frame processing. The connect event now only handles failure cases for soft/half MAC cards. Note: Since fullmac cards rely on the connect event, the eapol_start and netdev_connect_ok were left in netdev_connect_event. Since neither auth/assoc events come in on fullmac we shouldn't have any conflict with the new flags. Once a connection has completed association, EAPoL is started from netdev_associate_event (if required) and the ignore_connect_event flag can be set. This will bypass the connect event. If a connection has failed during association for whatever reason, we can set expect_connect_failure, the netdev reason, and the MPDU status code. This allows netdev_connect_event to both handle the error, and, if required, send a deauth telling the kernel that we have failed (protecting against the rogue AP situation).
2019-03-05 22:42:33 +01:00
const uint8_t *frame = NULL;
uint16_t status_code = MMPDU_STATUS_CODE_UNSPECIFIED;
fils: netdev: update to use auth_proto concepts
2019-05-03 20:59:51 +02:00
int ret;
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
l_debug("");
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
netdev: Check connected when handling Associate An unexpected Associate event would cause iwd to crash when accessing netdev->handshake->mde. netdev->handshake is only set if we're attempting to connect or connected somewhere so check netdev->connected first.
2019-05-02 12:55:18 +02:00
if (!netdev->connected || netdev->aborting)
netdev: Fix crash when aborting a connection We can crash if we abort the connection, but the connect command has already gone through. In this case we will get a sequence of authenticate_event, associate_event, connect_event. The first and last events don't crash since they check whether netdev->connected is true. However, this causes an annoying warning to be printed. Fix this by introducing an 'aborting' flag and ignore all connection related events if it is set. ++++++++ backtrace ++++++++
2019-03-08 23:09:42 +01:00
return;
netdev: Handle deauth frames prior to association In some cases the AP can send a deauthenticate frame right after accepting our authentication. In this case the kernel never properly sends a CMD_CONNECT event with a failure, even though CMD_COONNECT was used to initiate the connection. Try to work around that by detecting that a Deauthenticate event arrives prior to any Associte or Connect events and handle this case as a connect failure.
2021-01-13 20:31:23 +01:00
if (!netdev->ap) {
netdev->associated = true;
netdev: skip associate event when not in OWE/FT The associate event is only important for OWE and FT. If neither of these conditions (or FT initial association) are happening we do not need to continue further processing the associate event.
2019-04-06 00:32:54 +02:00
return;
netdev: Handle deauth frames prior to association In some cases the AP can send a deauthenticate frame right after accepting our authentication. In this case the kernel never properly sends a CMD_CONNECT event with a failure, even though CMD_COONNECT was used to initiate the connection. Try to work around that by detecting that a Deauthenticate event arrives prior to any Associte or Connect events and handle this case as a connect failure.
2021-01-13 20:31:23 +01:00
}
netdev: skip associate event when not in OWE/FT The associate event is only important for OWE and FT. If neither of these conditions (or FT initial association) are happening we do not need to continue further processing the associate event.
2019-04-06 00:32:54 +02:00
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
if (!l_genl_attr_init(&attr, msg)) {
l_debug("attr init failed");
return;
}
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_TIMED_OUT:
netdev: Fix typo
2018-11-19 18:53:30 +01:00
l_warn("association timed out");
fils: netdev: update to use auth_proto concepts
2019-05-03 20:59:51 +02:00
if (auth_proto_assoc_timeout(netdev->ap))
return;
netdev: better handle associate timeouts with auth_protos Any auth proto which did not implement the assoc_timeout handler could end up getting 'stuck' forever if there was an associate timeout. This is because in the event of an associate timeout IWD only sets a few flags and relies on the connect event to actually handle the failure. The problem is a connect event never comes if the failure was a timeout. To fix this we can explicitly fail the connection if the auth proto has not implemented assoc_timeout or if it returns false.
2021-03-29 22:43:49 +02:00
/*
* There will be no connect event when Associate times
* out. The failed connection must be explicitly
* initiated here.
*/
netdev_connect_failed(netdev,
NETDEV_RESULT_ASSOCIATION_FAILED,
status_code);
return;
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
case NL80211_ATTR_FRAME:
frame = data;
frame_len = len;
netdev: process association in netdev_associate_event Apart from OWE, the association event was disregarded and all association processing was done in netdev_connect_event. This led to netdev_connect_event having to handle all the logic of both success and failure, as well as parsing the association for FT and OWE. Also, without checking the status code in the associate frame there is the potential for the kernel to think we are connected even if association failed (e.g. rogue AP). This change introduces two flags into netdev, expect_connect_failure and ignore_connect_event. All the FT processing that was once in netdev_connect_event has now been moved into netdev_associate_event, as well as non-FT associate frame processing. The connect event now only handles failure cases for soft/half MAC cards. Note: Since fullmac cards rely on the connect event, the eapol_start and netdev_connect_ok were left in netdev_connect_event. Since neither auth/assoc events come in on fullmac we shouldn't have any conflict with the new flags. Once a connection has completed association, EAPoL is started from netdev_associate_event (if required) and the ignore_connect_event flag can be set. This will bypass the connect event. If a connection has failed during association for whatever reason, we can set expect_connect_failure, the netdev reason, and the MPDU status code. This allows netdev_connect_event to both handle the error, and, if required, send a deauth telling the kernel that we have failed (protecting against the rogue AP situation).
2019-03-05 22:42:33 +01:00
break;
}
}
netdev: Centralize mmpdu validation Instead of requiring each auth_proto to perform validation of the frames received via rx_authenticate & rx_associate, have netdev itself perform the mpdu validation. This is unlikely to happen anyway since the kernel performs its own frame validation. Print a warning in case the validation fails.
2021-07-13 01:32:02 +02:00
if (L_WARN_ON(!frame))
netdev: process association in netdev_associate_event Apart from OWE, the association event was disregarded and all association processing was done in netdev_connect_event. This led to netdev_connect_event having to handle all the logic of both success and failure, as well as parsing the association for FT and OWE. Also, without checking the status code in the associate frame there is the potential for the kernel to think we are connected even if association failed (e.g. rogue AP). This change introduces two flags into netdev, expect_connect_failure and ignore_connect_event. All the FT processing that was once in netdev_connect_event has now been moved into netdev_associate_event, as well as non-FT associate frame processing. The connect event now only handles failure cases for soft/half MAC cards. Note: Since fullmac cards rely on the connect event, the eapol_start and netdev_connect_ok were left in netdev_connect_event. Since neither auth/assoc events come in on fullmac we shouldn't have any conflict with the new flags. Once a connection has completed association, EAPoL is started from netdev_associate_event (if required) and the ignore_connect_event flag can be set. This will bypass the connect event. If a connection has failed during association for whatever reason, we can set expect_connect_failure, the netdev reason, and the MPDU status code. This allows netdev_connect_event to both handle the error, and, if required, send a deauth telling the kernel that we have failed (protecting against the rogue AP situation).
2019-03-05 22:42:33 +01:00
goto assoc_failed;
owe: netdev: update to use auth_proto concepts
2019-05-03 20:59:53 +02:00
if (netdev->ap) {
netdev: Centralize mmpdu validation Instead of requiring each auth_proto to perform validation of the frames received via rx_authenticate & rx_associate, have netdev itself perform the mpdu validation. This is unlikely to happen anyway since the kernel performs its own frame validation. Print a warning in case the validation fails.
2021-07-13 01:32:02 +02:00
const struct mmpdu_header *hdr;
const struct mmpdu_association_response *assoc;
if (L_WARN_ON(!(hdr = mpdu_validate(frame, frame_len))))
goto assoc_failed;
assoc = mmpdu_body(hdr);
status_code = L_CPU_TO_LE16(assoc->status_code);
fils: netdev: update to use auth_proto concepts
2019-05-03 20:59:51 +02:00
ret = auth_proto_rx_associate(netdev->ap, frame, frame_len);
if (ret == 0) {
eapol: Use the require_handshake flag for FILS In both FT or FILS EAPoL isn't used for the initial handshake and only for the later re-keys. For FT we added the eapol_sm_set_require_handshake mechanism to tell EAPoL to not require the initial handshake and we can re-use it for FILS.
2020-08-13 02:50:12 +02:00
bool fils = !!(netdev->handshake->akm_suite &
(IE_RSN_AKM_SUITE_FILS_SHA256 |
IE_RSN_AKM_SUITE_FILS_SHA384 |
IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384 |
IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256));
fils: netdev: update to use auth_proto concepts
2019-05-03 20:59:51 +02:00
auth_proto_free(netdev->ap);
netdev->ap = NULL;
netdev->sm = eapol_sm_new(netdev->handshake);
eapol_register(netdev->sm);
netdev: move connect completion into netdev_connect_event The duplicate/similar code in netdev_associate_event and netdev_connect_event leads to very hard to follow code, especially when you throw OWE/SAE/FILS or full mac cards into the mix. Currently these protocols finish the connection inside netdev_associate_event, and set ignore_connect_event. But for full mac cards we must finish the connection in netdev_connect_event. In attempt to simplify this, all connections will be completed and/or the 4-way started in netdev_connect_event. This satisfies both soft/full mac cards as well as simplifies the FT processing in netdev_associate_event. Since the FT IEs can be processed in netdev_connect_event (as they already are to support full mac) we can assume that any FT processing inside netdev_associate_event is for a fast transition, not initial mobility association. This simplifies netdev_ft_process_associate by removing all the blocks that would get hit if transition == false. Handling FT this way also fixes FT-SAE which was broken after the auth-proto changes since the initial mobility association was never processed if there was an auth-proto running.
2019-05-07 18:50:47 +02:00
/* Just in case this was a retry */
netdev->ignore_connect_event = false;
netdev: ft: refactor FT into an auth-proto Since FT operates over Authenticate/Associate, it makes the most sense for it to behave like the other auth-protos. This change moves all the FT specific processing out of netdev and into ft.c. The bulk of the changes were strait copy-pastes from netdev into ft.c with minor API changes (e.g. remove struct netdev). The 'in_ft' boolean unforunately is still required for a few reasons: - netdev_disconnect_event relies on this flag so it can ignore the disconnect which comes in when doing a fast transition. We cannot simply check netdev->ap because this would cause the other auth-protos to not handle a disconnect correctly. - netdev_associate_event needs to correctly setup the eapol_sm when in FT mode by setting require_handshake and use_eapol_start to false. This cannot be handled inside eapol by checking the AKM because an AP may only advertise a FT AKM, and the initial mobility association does require the 4-way handshake.
2019-05-07 20:53:42 +02:00
/*
eapol: Use the require_handshake flag for FILS In both FT or FILS EAPoL isn't used for the initial handshake and only for the later re-keys. For FT we added the eapol_sm_set_require_handshake mechanism to tell EAPoL to not require the initial handshake and we can re-use it for FILS.
2020-08-13 02:50:12 +02:00
* If in FT and/or FILS we don't force an initial 4-way
* handshake and instead just keep the EAPoL state
* machine for the rekeys.
netdev: ft: refactor FT into an auth-proto Since FT operates over Authenticate/Associate, it makes the most sense for it to behave like the other auth-protos. This change moves all the FT specific processing out of netdev and into ft.c. The bulk of the changes were strait copy-pastes from netdev into ft.c with minor API changes (e.g. remove struct netdev). The 'in_ft' boolean unforunately is still required for a few reasons: - netdev_disconnect_event relies on this flag so it can ignore the disconnect which comes in when doing a fast transition. We cannot simply check netdev->ap because this would cause the other auth-protos to not handle a disconnect correctly. - netdev_associate_event needs to correctly setup the eapol_sm when in FT mode by setting require_handshake and use_eapol_start to false. This cannot be handled inside eapol by checking the AKM because an AP may only advertise a FT AKM, and the initial mobility association does require the 4-way handshake.
2019-05-07 20:53:42 +02:00
*/
eapol: Use the require_handshake flag for FILS In both FT or FILS EAPoL isn't used for the initial handshake and only for the later re-keys. For FT we added the eapol_sm_set_require_handshake mechanism to tell EAPoL to not require the initial handshake and we can re-use it for FILS.
2020-08-13 02:50:12 +02:00
if (netdev->in_ft || fils)
netdev: ft: refactor FT into an auth-proto Since FT operates over Authenticate/Associate, it makes the most sense for it to behave like the other auth-protos. This change moves all the FT specific processing out of netdev and into ft.c. The bulk of the changes were strait copy-pastes from netdev into ft.c with minor API changes (e.g. remove struct netdev). The 'in_ft' boolean unforunately is still required for a few reasons: - netdev_disconnect_event relies on this flag so it can ignore the disconnect which comes in when doing a fast transition. We cannot simply check netdev->ap because this would cause the other auth-protos to not handle a disconnect correctly. - netdev_associate_event needs to correctly setup the eapol_sm when in FT mode by setting require_handshake and use_eapol_start to false. This cannot be handled inside eapol by checking the AKM because an AP may only advertise a FT AKM, and the initial mobility association does require the 4-way handshake.
2019-05-07 20:53:42 +02:00
eapol_sm_set_require_handshake(netdev->sm,
false);
eapol: Use the require_handshake flag for FILS In both FT or FILS EAPoL isn't used for the initial handshake and only for the later re-keys. For FT we added the eapol_sm_set_require_handshake mechanism to tell EAPoL to not require the initial handshake and we can re-use it for FILS.
2020-08-13 02:50:12 +02:00
netdev->in_ft = false;
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
netdev->in_reassoc = false;
netdev: Handle deauth frames prior to association In some cases the AP can send a deauthenticate frame right after accepting our authentication. In this case the kernel never properly sends a CMD_CONNECT event with a failure, even though CMD_COONNECT was used to initiate the connection. Try to work around that by detecting that a Deauthenticate event arrives prior to any Associte or Connect events and handle this case as a connect failure.
2021-01-13 20:31:23 +01:00
netdev->associated = true;
netdev: move connect completion into netdev_connect_event The duplicate/similar code in netdev_associate_event and netdev_connect_event leads to very hard to follow code, especially when you throw OWE/SAE/FILS or full mac cards into the mix. Currently these protocols finish the connection inside netdev_associate_event, and set ignore_connect_event. But for full mac cards we must finish the connection in netdev_connect_event. In attempt to simplify this, all connections will be completed and/or the 4-way started in netdev_connect_event. This satisfies both soft/full mac cards as well as simplifies the FT processing in netdev_associate_event. Since the FT IEs can be processed in netdev_connect_event (as they already are to support full mac) we can assume that any FT processing inside netdev_associate_event is for a fast transition, not initial mobility association. This simplifies netdev_ft_process_associate by removing all the blocks that would get hit if transition == false. Handling FT this way also fixes FT-SAE which was broken after the auth-proto changes since the initial mobility association was never processed if there was an auth-proto running.
2019-05-07 18:50:47 +02:00
return;
fils: netdev: update to use auth_proto concepts
2019-05-03 20:59:51 +02:00
} else if (ret == -EAGAIN) {
/*
* Here to support OWE retries. OWE will retry
netdev: fix spelling error
2021-04-05 20:44:02 +02:00
* internally, but a connect event will still be emitted
fils: netdev: update to use auth_proto concepts
2019-05-03 20:59:51 +02:00
*/
netdev->ignore_connect_event = true;
return;
} else if (ret > 0)
status_code = (uint16_t)ret;
goto assoc_failed;
netdev: process association in netdev_associate_event Apart from OWE, the association event was disregarded and all association processing was done in netdev_connect_event. This led to netdev_connect_event having to handle all the logic of both success and failure, as well as parsing the association for FT and OWE. Also, without checking the status code in the associate frame there is the potential for the kernel to think we are connected even if association failed (e.g. rogue AP). This change introduces two flags into netdev, expect_connect_failure and ignore_connect_event. All the FT processing that was once in netdev_connect_event has now been moved into netdev_associate_event, as well as non-FT associate frame processing. The connect event now only handles failure cases for soft/half MAC cards. Note: Since fullmac cards rely on the connect event, the eapol_start and netdev_connect_ok were left in netdev_connect_event. Since neither auth/assoc events come in on fullmac we shouldn't have any conflict with the new flags. Once a connection has completed association, EAPoL is started from netdev_associate_event (if required) and the ignore_connect_event flag can be set. This will bypass the connect event. If a connection has failed during association for whatever reason, we can set expect_connect_failure, the netdev reason, and the MPDU status code. This allows netdev_connect_event to both handle the error, and, if required, send a deauth telling the kernel that we have failed (protecting against the rogue AP situation).
2019-03-05 22:42:33 +01:00
}
return;
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
assoc_failed:
netdev: process association in netdev_associate_event Apart from OWE, the association event was disregarded and all association processing was done in netdev_connect_event. This led to netdev_connect_event having to handle all the logic of both success and failure, as well as parsing the association for FT and OWE. Also, without checking the status code in the associate frame there is the potential for the kernel to think we are connected even if association failed (e.g. rogue AP). This change introduces two flags into netdev, expect_connect_failure and ignore_connect_event. All the FT processing that was once in netdev_connect_event has now been moved into netdev_associate_event, as well as non-FT associate frame processing. The connect event now only handles failure cases for soft/half MAC cards. Note: Since fullmac cards rely on the connect event, the eapol_start and netdev_connect_ok were left in netdev_connect_event. Since neither auth/assoc events come in on fullmac we shouldn't have any conflict with the new flags. Once a connection has completed association, EAPoL is started from netdev_associate_event (if required) and the ignore_connect_event flag can be set. This will bypass the connect event. If a connection has failed during association for whatever reason, we can set expect_connect_failure, the netdev reason, and the MPDU status code. This allows netdev_connect_event to both handle the error, and, if required, send a deauth telling the kernel that we have failed (protecting against the rogue AP situation).
2019-03-05 22:42:33 +01:00
netdev->result = NETDEV_RESULT_ASSOCIATION_FAILED;
netdev->last_code = status_code;
netdev->expect_connect_failure = true;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
}
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
static void netdev_cmd_connect_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = user_data;
netdev->connect_cmd_id = 0;
if (l_genl_msg_get_error(msg) >= 0) {
/*
netdev: Work around CMD_CONNECT behavior on mwifiex
2021-04-27 21:00:24 +02:00
* connected should be false if the connect event hasn't come
* in yet. i.e. the CMD_CONNECT ack arrived first (typical).
* Mark the connection as 'connected'
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
*/
netdev: Work around CMD_CONNECT behavior on mwifiex
2021-04-27 21:00:24 +02:00
if (!netdev->connected)
netdev_driver_connected(netdev);
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
return;
}
netdev: store mpdu status and add getter Soon BSS blacklisting will be added, and in order to properly decide if a BSS should be blacklisted we need the status code on a failed connection. This change stores the status code when there is a failure in netdev and adds a getter to retrieve later. In many cases we have the actual status code from the AP, but in some corner cases its not obtainable (e.g. an error sending an NL80211 command) in which case we just default to MMPDU_REASON_CODE_UNSPECIFIED. Rather than continue with the pattern of setting netdev->result and now netdev->last_status_code, the netdev_connect_failed function was redefined so its no longer used as both a NL80211 callback and called directly. Instead a new function was added, netdev_disconnect_cb which just calls netdev_connect_failed. netdev_disconnect_cb should not be used for all the NL80211 disconnect commands. Now netdev_connect_failed takes both a result and status code which it sets in the netdev object. In the case where we were using netdev_connect_failed as a callback we still need to set the result and last_status_code but at least this is better than having to set those in all cases.
2019-01-24 21:56:23 +01:00
netdev_connect_failed(netdev, NETDEV_RESULT_ASSOCIATION_FAILED,
netdev: station: fix status/reason code in callbacks This change cleans up the mess of status vs reason codes. The two types of codes have already been separated into different enumerations, but netdev was still treating them the same (with last_status_code). A new 'event_data' argument was added to the connect callback, which has a different meaning depending on the result of the connection (described inside netdev.h, netdev_connect_cb_t). This allows for the removal of netdev_get_last_status_code since the status or reason code is now passed via event_data. Inside the netdev object last_status_code was renamed to last_code, for the purpose of storing either status or reason. This is only used when a disconnect needs to be emitted before failing the connection. In all other cases we just pass the code directly into the connect_cb and do not store it. All ocurrences of netdev_connect_failed were updated to use the proper code depending on the netdev result. Most of these simply changed from REASON_CODE_UNSPECIFIED to STATUS_CODE_UNSPECIFIED. This was simply for consistency (both codes have the same value). netdev_[authenticate|associate]_event's were updated to parse the status code and, if present, use that if their was a failure rather than defaulting to UNSPECIFIED.
2019-02-28 18:32:40 +01:00
MMPDU_STATUS_CODE_UNSPECIFIED);
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
2017-01-12 09:36:01 +01:00
}
netdev: Fix style
2018-11-19 19:09:27 +01:00
static struct l_genl_msg *netdev_build_cmd_authenticate(struct netdev *netdev,
netdev: unify ft/auth_proto authenticate builders build_cmd_ft_authenticate and build_cmd_authenticate were virtually identical. These have been unified into a single builder. We were also incorrectly including ATTR_IE to every authenticate command, which violates the spec for certain protocols, This was removed and any auth protocols will now add any IEs that they require.
2020-05-07 23:50:58 +02:00
uint32_t auth_type)
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
{
struct handshake_state *hs = netdev->handshake;
struct l_genl_msg *msg;
msg = l_genl_msg_new_sized(NL80211_CMD_AUTHENTICATE, 512);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_WIPHY_FREQ,
4, &netdev->frequency);
netdev: unify ft/auth_proto authenticate builders build_cmd_ft_authenticate and build_cmd_authenticate were virtually identical. These have been unified into a single builder. We were also incorrectly including ATTR_IE to every authenticate command, which violates the spec for certain protocols, This was removed and any auth protocols will now add any IEs that they require.
2020-05-07 23:50:58 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN,
netdev->handshake->aa);
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
l_genl_msg_append_attr(msg, NL80211_ATTR_SSID, hs->ssid_len, hs->ssid);
l_genl_msg_append_attr(msg, NL80211_ATTR_AUTH_TYPE, 4, &auth_type);
return msg;
}
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
static void netdev_scan_cb(struct l_genl_msg *msg, void *user_data)
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
{
struct netdev *netdev = user_data;
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
if (l_genl_msg_get_error(msg) < 0) {
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
netdev_connect_failed(netdev,
NETDEV_RESULT_AUTHENTICATION_FAILED,
MMPDU_STATUS_CODE_UNSPECIFIED);
return;
}
netdev->retry_auth = true;
}
static void netdev_auth_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = user_data;
struct handshake_state *hs = netdev->handshake;
int err = l_genl_msg_get_error(msg);
struct l_genl_msg *scan_msg;
if (!err) {
l_genl_msg_unref(netdev->auth_cmd);
netdev->auth_cmd = NULL;
return;
}
l_debug("Error during auth: %d", err);
if (!netdev->auth_cmd || err != -ENOENT) {
netdev_connect_failed(netdev,
NETDEV_RESULT_AUTHENTICATION_FAILED,
MMPDU_STATUS_CODE_UNSPECIFIED);
return;
}
/* Kernel can't find the BSS in its cache, scan and retry */
scan_msg = scan_build_trigger_scan_bss(netdev->index, netdev->wiphy,
netdev->frequency,
hs->ssid, hs->ssid_len);
if (!l_genl_family_send(nl80211, scan_msg,
netdev_scan_cb, netdev, NULL)) {
l_genl_msg_unref(scan_msg);
netdev_connect_failed(netdev,
NETDEV_RESULT_AUTHENTICATION_FAILED,
MMPDU_STATUS_CODE_UNSPECIFIED);
}
}
static void netdev_new_scan_results_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
if (!netdev->retry_auth)
return;
netdev: station: support FT over SAE Boiled down, FT over SAE is no different than FT over PSK, apart from the different AKM suite. The bulk of this change fixes the current netdev/station logic related to SAE by rebuilding the RSNE and adding the MDE if present in the handshake to match what the PSK logic does. A common function was introduced into station which will rebuild the handshake rsne's for a target network. This is used for both new network connections as well as fast transitions.
2018-09-19 20:30:36 +02:00
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
l_debug("");
if (!l_genl_family_send(nl80211, netdev->auth_cmd,
netdev_auth_cb, netdev, NULL)) {
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
netdev_connect_failed(netdev,
NETDEV_RESULT_AUTHENTICATION_FAILED,
MMPDU_STATUS_CODE_UNSPECIFIED);
return;
netdev: station: support FT over SAE Boiled down, FT over SAE is no different than FT over PSK, apart from the different AKM suite. The bulk of this change fixes the current netdev/station logic related to SAE by rebuilding the RSNE and adding the MDE if present in the handshake to match what the PSK logic does. A common function was introduced into station which will rebuild the handshake rsne's for a target network. This is used for both new network connections as well as fast transitions.
2018-09-19 20:30:36 +02:00
}
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
netdev->auth_cmd = NULL;
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
}
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
static void netdev_assoc_cb(struct l_genl_msg *msg, void *user_data)
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
{
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
struct netdev *netdev = user_data;
if (l_genl_msg_get_error(msg) < 0) {
l_error("Error sending CMD_ASSOCIATE");
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
netdev_connect_failed(netdev, NETDEV_RESULT_ASSOCIATION_FAILED,
MMPDU_STATUS_CODE_UNSPECIFIED);
}
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
}
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
static void netdev_sae_tx_authenticate(const uint8_t *body,
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
size_t body_len, void *user_data)
{
struct netdev *netdev = user_data;
struct l_genl_msg *msg;
netdev: unify ft/auth_proto authenticate builders build_cmd_ft_authenticate and build_cmd_authenticate were virtually identical. These have been unified into a single builder. We were also incorrectly including ATTR_IE to every authenticate command, which violates the spec for certain protocols, This was removed and any auth protocols will now add any IEs that they require.
2020-05-07 23:50:58 +02:00
msg = netdev_build_cmd_authenticate(netdev, NL80211_AUTHTYPE_SAE);
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_AUTH_DATA, body_len, body);
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
if (!l_genl_family_send(nl80211, msg, netdev_auth_cb, netdev, NULL)) {
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
l_genl_msg_unref(msg);
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
netdev_connect_failed(netdev,
NETDEV_RESULT_AUTHENTICATION_FAILED,
MMPDU_STATUS_CODE_UNSPECIFIED);
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
return;
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
}
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
netdev->auth_cmd = l_genl_msg_ref(msg);
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
}
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
static void netdev_sae_tx_associate(void *user_data)
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
{
struct netdev *netdev = user_data;
netdev: Send RSNXE element during SAE association
2021-07-14 00:49:41 +02:00
struct handshake_state *hs = netdev->handshake;
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
struct l_genl_msg *msg;
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
struct iovec iov[64];
netdev: Send RSNXE element during SAE association
2021-07-14 00:49:41 +02:00
unsigned int n_iov = L_ARRAY_SIZE(iov);
unsigned int n_used = 0;
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
enum mpdu_management_subtype subtype =
MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST;
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
msg = netdev_build_cmd_associate_common(netdev);
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
netdev: Send RSNXE element during SAE association
2021-07-14 00:49:41 +02:00
n_used = iov_ie_append(iov, n_iov, n_used, hs->supplicant_ie);
n_used = iov_ie_append(iov, n_iov, n_used, hs->mde);
n_used = iov_ie_append(iov, n_iov, n_used, hs->supplicant_rsnxe);
netdev: Append any vendor IEs from the handshake
2021-08-06 20:56:55 +02:00
n_used = netdev_populate_common_ies(netdev, hs, msg,
iov, n_iov, n_used);
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
mpdu_sort_ies(subtype, iov, n_used);
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
netdev: Send RSNXE element during SAE association
2021-07-14 00:49:41 +02:00
l_genl_msg_append_attrv(msg, NL80211_ATTR_IE, iov, n_used);
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
/* If doing a non-FT Reassociation */
if (netdev->in_reassoc)
l_genl_msg_append_attr(msg, NL80211_ATTR_PREV_BSSID, 6,
netdev->ap->prev_bssid);
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
if (!l_genl_family_send(nl80211, msg, netdev_assoc_cb, netdev, NULL)) {
l_genl_msg_unref(msg);
netdev_connect_failed(netdev, NETDEV_RESULT_ASSOCIATION_FAILED,
netdev: station: fix status/reason code in callbacks This change cleans up the mess of status vs reason codes. The two types of codes have already been separated into different enumerations, but netdev was still treating them the same (with last_status_code). A new 'event_data' argument was added to the connect callback, which has a different meaning depending on the result of the connection (described inside netdev.h, netdev_connect_cb_t). This allows for the removal of netdev_get_last_status_code since the status or reason code is now passed via event_data. Inside the netdev object last_status_code was renamed to last_code, for the purpose of storing either status or reason. This is only used when a disconnect needs to be emitted before failing the connection. In all other cases we just pass the code directly into the connect_cb and do not store it. All ocurrences of netdev_connect_failed were updated to use the proper code depending on the netdev result. Most of these simply changed from REASON_CODE_UNSPECIFIED to STATUS_CODE_UNSPECIFIED. This was simply for consistency (both codes have the same value). netdev_[authenticate|associate]_event's were updated to parse the status code and, if present, use that if their was a failure rather than defaulting to UNSPECIFIED.
2019-02-28 18:32:40 +01:00
MMPDU_STATUS_CODE_UNSPECIFIED);
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
}
}
static void netdev_owe_tx_authenticate(void *user_data)
{
struct netdev *netdev = user_data;
struct l_genl_msg *msg;
msg = netdev_build_cmd_authenticate(netdev,
netdev: unify ft/auth_proto authenticate builders build_cmd_ft_authenticate and build_cmd_authenticate were virtually identical. These have been unified into a single builder. We were also incorrectly including ATTR_IE to every authenticate command, which violates the spec for certain protocols, This was removed and any auth protocols will now add any IEs that they require.
2020-05-07 23:50:58 +02:00
NL80211_AUTHTYPE_OPEN_SYSTEM);
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
if (!l_genl_family_send(nl80211, msg, netdev_auth_cb,
netdev: Fix style
2018-11-19 19:09:27 +01:00
netdev, NULL)) {
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
l_genl_msg_unref(msg);
netdev: store mpdu status and add getter Soon BSS blacklisting will be added, and in order to properly decide if a BSS should be blacklisted we need the status code on a failed connection. This change stores the status code when there is a failure in netdev and adds a getter to retrieve later. In many cases we have the actual status code from the AP, but in some corner cases its not obtainable (e.g. an error sending an NL80211 command) in which case we just default to MMPDU_REASON_CODE_UNSPECIFIED. Rather than continue with the pattern of setting netdev->result and now netdev->last_status_code, the netdev_connect_failed function was redefined so its no longer used as both a NL80211 callback and called directly. Instead a new function was added, netdev_disconnect_cb which just calls netdev_connect_failed. netdev_disconnect_cb should not be used for all the NL80211 disconnect commands. Now netdev_connect_failed takes both a result and status code which it sets in the netdev object. In the case where we were using netdev_connect_failed as a callback we still need to set the result and last_status_code but at least this is better than having to set those in all cases.
2019-01-24 21:56:23 +01:00
netdev_connect_failed(netdev,
NETDEV_RESULT_AUTHENTICATION_FAILED,
netdev: station: fix status/reason code in callbacks This change cleans up the mess of status vs reason codes. The two types of codes have already been separated into different enumerations, but netdev was still treating them the same (with last_status_code). A new 'event_data' argument was added to the connect callback, which has a different meaning depending on the result of the connection (described inside netdev.h, netdev_connect_cb_t). This allows for the removal of netdev_get_last_status_code since the status or reason code is now passed via event_data. Inside the netdev object last_status_code was renamed to last_code, for the purpose of storing either status or reason. This is only used when a disconnect needs to be emitted before failing the connection. In all other cases we just pass the code directly into the connect_cb and do not store it. All ocurrences of netdev_connect_failed were updated to use the proper code depending on the netdev result. Most of these simply changed from REASON_CODE_UNSPECIFIED to STATUS_CODE_UNSPECIFIED. This was simply for consistency (both codes have the same value). netdev_[authenticate|associate]_event's were updated to parse the status code and, if present, use that if their was a failure rather than defaulting to UNSPECIFIED.
2019-02-28 18:32:40 +01:00
MMPDU_STATUS_CODE_UNSPECIFIED);
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
return;
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
}
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
netdev->auth_cmd = l_genl_msg_ref(msg);
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
}
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
static void netdev_owe_tx_associate(struct iovec *owe_iov, size_t n_owe_iov,
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
void *user_data)
{
struct netdev *netdev = user_data;
netdev: Append any vendor IEs from the handshake
2021-08-06 20:56:55 +02:00
struct handshake_state *hs = netdev->handshake;
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
struct l_genl_msg *msg;
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
struct iovec iov[64];
unsigned int n_iov = L_ARRAY_SIZE(iov);
unsigned int c_iov = 0;
enum mpdu_management_subtype subtype =
MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST;
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
msg = netdev_build_cmd_associate_common(netdev);
netdev: Append any vendor IEs from the handshake
2021-08-06 20:56:55 +02:00
c_iov = netdev_populate_common_ies(netdev, hs, msg, iov, n_iov, c_iov);
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
if (!L_WARN_ON(n_iov - c_iov < n_owe_iov)) {
memcpy(iov + c_iov, owe_iov, sizeof(*owe_iov) * n_owe_iov);
c_iov += n_owe_iov;
}
mpdu_sort_ies(subtype, iov, c_iov);
l_genl_msg_append_attrv(msg, NL80211_ATTR_IE, iov, c_iov);
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
/* If doing a non-FT Reassociation */
if (netdev->in_reassoc)
l_genl_msg_append_attr(msg, NL80211_ATTR_PREV_BSSID, 6,
netdev->ap->prev_bssid);
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
if (!l_genl_family_send(nl80211, msg, netdev_assoc_cb,
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
netdev, NULL)) {
l_genl_msg_unref(msg);
netdev: store mpdu status and add getter Soon BSS blacklisting will be added, and in order to properly decide if a BSS should be blacklisted we need the status code on a failed connection. This change stores the status code when there is a failure in netdev and adds a getter to retrieve later. In many cases we have the actual status code from the AP, but in some corner cases its not obtainable (e.g. an error sending an NL80211 command) in which case we just default to MMPDU_REASON_CODE_UNSPECIFIED. Rather than continue with the pattern of setting netdev->result and now netdev->last_status_code, the netdev_connect_failed function was redefined so its no longer used as both a NL80211 callback and called directly. Instead a new function was added, netdev_disconnect_cb which just calls netdev_connect_failed. netdev_disconnect_cb should not be used for all the NL80211 disconnect commands. Now netdev_connect_failed takes both a result and status code which it sets in the netdev object. In the case where we were using netdev_connect_failed as a callback we still need to set the result and last_status_code but at least this is better than having to set those in all cases.
2019-01-24 21:56:23 +01:00
netdev_connect_failed(netdev, NETDEV_RESULT_ASSOCIATION_FAILED,
netdev: station: fix status/reason code in callbacks This change cleans up the mess of status vs reason codes. The two types of codes have already been separated into different enumerations, but netdev was still treating them the same (with last_status_code). A new 'event_data' argument was added to the connect callback, which has a different meaning depending on the result of the connection (described inside netdev.h, netdev_connect_cb_t). This allows for the removal of netdev_get_last_status_code since the status or reason code is now passed via event_data. Inside the netdev object last_status_code was renamed to last_code, for the purpose of storing either status or reason. This is only used when a disconnect needs to be emitted before failing the connection. In all other cases we just pass the code directly into the connect_cb and do not store it. All ocurrences of netdev_connect_failed were updated to use the proper code depending on the netdev result. Most of these simply changed from REASON_CODE_UNSPECIFIED to STATUS_CODE_UNSPECIFIED. This was simply for consistency (both codes have the same value). netdev_[authenticate|associate]_event's were updated to parse the status code and, if present, use that if their was a failure rather than defaulting to UNSPECIFIED.
2019-02-28 18:32:40 +01:00
MMPDU_STATUS_CODE_UNSPECIFIED);
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
}
}
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
static void netdev_fils_tx_authenticate(const uint8_t *body,
size_t body_len,
void *user_data)
{
struct netdev *netdev = user_data;
struct l_genl_msg *msg;
netdev: unify ft/auth_proto authenticate builders build_cmd_ft_authenticate and build_cmd_authenticate were virtually identical. These have been unified into a single builder. We were also incorrectly including ATTR_IE to every authenticate command, which violates the spec for certain protocols, This was removed and any auth protocols will now add any IEs that they require.
2020-05-07 23:50:58 +02:00
msg = netdev_build_cmd_authenticate(netdev, NL80211_AUTHTYPE_FILS_SK);
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_AUTH_DATA, body_len, body);
if (!l_genl_family_send(nl80211, msg, netdev_auth_cb,
netdev, NULL)) {
l_genl_msg_unref(msg);
netdev_connect_failed(netdev,
NETDEV_RESULT_AUTHENTICATION_FAILED,
MMPDU_STATUS_CODE_UNSPECIFIED);
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
return;
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
}
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
netdev->auth_cmd = l_genl_msg_ref(msg);
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
}
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
static void netdev_fils_tx_associate(struct iovec *fils_iov, size_t n_fils_iov,
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
const uint8_t *kek, size_t kek_len,
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
const uint8_t *nonces,
size_t nonces_len,
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
void *user_data)
{
struct netdev *netdev = user_data;
netdev: Append any vendor IEs from the handshake
2021-08-06 20:56:55 +02:00
struct handshake_state *hs = netdev->handshake;
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
struct l_genl_msg *msg;
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
struct iovec iov[64];
unsigned int n_iov = L_ARRAY_SIZE(iov);
unsigned int c_iov = 0;
enum mpdu_management_subtype subtype =
MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST;
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
msg = netdev_build_cmd_associate_common(netdev);
netdev: Append any vendor IEs from the handshake
2021-08-06 20:56:55 +02:00
c_iov = netdev_populate_common_ies(netdev, hs, msg, iov, n_iov, c_iov);
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
if (!L_WARN_ON(n_iov - c_iov < n_fils_iov)) {
memcpy(iov + c_iov, fils_iov, sizeof(*fils_iov) * n_fils_iov);
c_iov += n_fils_iov;
}
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
mpdu_sort_ies(subtype, iov, c_iov);
l_genl_msg_append_attrv(msg, NL80211_ATTR_IE, iov, c_iov);
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_FILS_KEK, kek_len, kek);
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_FILS_NONCES,
nonces_len, nonces);
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
/* If doing a non-FT Reassociation */
if (netdev->in_reassoc)
l_genl_msg_append_attr(msg, NL80211_ATTR_PREV_BSSID, 6,
netdev->ap->prev_bssid);
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
if (!l_genl_family_send(nl80211, msg, netdev_assoc_cb,
netdev, NULL)) {
l_genl_msg_unref(msg);
netdev_connect_failed(netdev, NETDEV_RESULT_ASSOCIATION_FAILED,
MMPDU_STATUS_CODE_UNSPECIFIED);
}
}
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
struct scan_bss *bss,
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
struct handshake_state *hs,
netdev: Allow to send extra vendor IEs when connecting
2019-07-12 23:00:01 +02:00
const uint8_t *prev_bssid,
netdev: make vendor_ies const on netdev_connect()
2019-09-06 20:11:05 +02:00
const struct iovec *vendor_ies,
netdev: Allow to send extra vendor IEs when connecting
2019-07-12 23:00:01 +02:00
size_t num_vendor_ies)
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
{
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
struct netdev_handshake_state *nhs =
l_container_of(hs, struct netdev_handshake_state, super);
netdev: add SAE offload support SAE offload support requires some minor tweaks to CMD_CONNECT as well as special checks once the connect event comes in. Since at this point we are fully connected.
2021-03-22 17:01:55 +01:00
uint32_t auth_type = IE_AKM_IS_SAE(hs->akm_suite) ?
NL80211_AUTHTYPE_SAE :
NL80211_AUTHTYPE_OPEN_SYSTEM;
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
enum mpdu_management_subtype subtype = prev_bssid ?
MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST :
MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_REQUEST;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
struct l_genl_msg *msg;
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
struct iovec iov[64];
unsigned int n_iov = L_ARRAY_SIZE(iov);
unsigned int c_iov = 0;
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
bool is_rsn = hs->supplicant_ie != NULL;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
msg = l_genl_msg_new_sized(NL80211_CMD_CONNECT, 512);
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_WIPHY_FREQ,
4, &bss->frequency);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, bss->addr);
l_genl_msg_append_attr(msg, NL80211_ATTR_SSID,
bss->ssid_len, bss->ssid);
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_AUTH_TYPE, 4, &auth_type);
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
switch (nhs->type) {
case CONNECTION_TYPE_SOFTMAC:
case CONNECTION_TYPE_FULLMAC:
break;
case CONNECTION_TYPE_SAE_OFFLOAD:
l_genl_msg_append_attr(msg, NL80211_ATTR_SAE_PASSWORD,
netdev: add SAE offload support SAE offload support requires some minor tweaks to CMD_CONNECT as well as special checks once the connect event comes in. Since at this point we are fully connected.
2021-03-22 17:01:55 +01:00
strlen(hs->passphrase), hs->passphrase);
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
break;
netdev: allow PSK offload for FT AKMs This adds a new connection type, TYPE_PSK_OFFLOAD, which allows the 4-way handshake to be offloaded by the firmware. Offloading will be used if the driver advertises support. The CMD_ROAM event path was also modified to take into account handshake offloading. If the handshake is offloaded we still must issue GET_SCAN, but not start eapol since the firmware takes care of this.
2021-04-03 00:06:17 +02:00
case CONNECTION_TYPE_PSK_OFFLOAD:
l_genl_msg_append_attr(msg, NL80211_ATTR_PMK, 32, hs->pmk);
break;
netdev: add CONNECTION_TYPE_8021X_OFFLOAD This adds a new type for 8021x offload as well as support in building CMD_CONNECT. As described in the comment, 8021x offloading is not particularly similar to PSK as far as the code flow in IWD is concerned. There still needs to be an eapol_sm due to EAP being done in userspace. This throws somewhat of a wrench into our 'is_offload' cases. And as such this connection type is handled specially.
2021-04-09 18:14:45 +02:00
case CONNECTION_TYPE_8021X_OFFLOAD:
l_genl_msg_append_attr(msg, NL80211_ATTR_WANT_1X_4WAY_HS,
0, NULL);
netdev: add SAE offload support SAE offload support requires some minor tweaks to CMD_CONNECT as well as special checks once the connect event comes in. Since at this point we are fully connected.
2021-03-22 17:01:55 +01:00
}
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
if (prev_bssid)
l_genl_msg_append_attr(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
prev_bssid);
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
if (bss->capability & IE_BSS_CAP_PRIVACY)
l_genl_msg_append_attr(msg, NL80211_ATTR_PRIVACY, 0, NULL);
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
netdev: Use NL80211_ATTR_SOCKET_OWNER flag Use the new NL80211_ATTR_SOCKET_OWNER with CMD_CONNECT and CMD_ASSOCIATE to make sure an iwd crash results in deauthentication.
2017-05-22 10:49:48 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_SOCKET_OWNER, 0, NULL);
netdev: Always require handshake_state with netdev_connect
2016-12-12 18:34:19 +01:00
if (is_rsn) {
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
uint32_t nl_cipher;
netdev: Send additional attributes For fullmac drivers, these attributes are also needed
2016-11-15 20:15:45 +01:00
uint32_t nl_akm;
uint32_t wpa_version;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
if (hs->pairwise_cipher == IE_RSN_CIPHER_SUITE_CCMP)
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
nl_cipher = CRYPTO_CIPHER_CCMP;
else
nl_cipher = CRYPTO_CIPHER_TKIP;
l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
4, &nl_cipher);
eapol: Use handshake_state to store state Remove the keys and other data from struct eapol_sm, update device.c, netdev.c and wsc.c to use the handshake_state object instead of eapol_sm. This also gets rid of eapol_cancel and the ifindex parameter in some of the eapol functions where sm->handshake->ifindex can be used instead.
2016-11-02 23:46:19 +01:00
if (hs->group_cipher == IE_RSN_CIPHER_SUITE_CCMP)
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
nl_cipher = CRYPTO_CIPHER_CCMP;
else
nl_cipher = CRYPTO_CIPHER_TKIP;
l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
4, &nl_cipher);
netdev: set NL80211_ATTR_USE_MFP if mfp is enabled
2016-12-08 15:26:16 +01:00
if (hs->mfp) {
netdev: Fixup USE_MFP atribute usage The kernel parses NL80211_ATTR_USE_MFP to mean an enumeration nl80211_mfp. So instead of using a boolean, we should be using the value NL80211_MFP_REQUIRED.
2016-12-13 16:26:42 +01:00
uint32_t use_mfp = NL80211_MFP_REQUIRED;
netdev: set NL80211_ATTR_USE_MFP if mfp is enabled
2016-12-08 15:26:16 +01:00
l_genl_msg_append_attr(msg, NL80211_ATTR_USE_MFP,
netdev: Fixup USE_MFP atribute usage The kernel parses NL80211_ATTR_USE_MFP to mean an enumeration nl80211_mfp. So instead of using a boolean, we should be using the value NL80211_MFP_REQUIRED.
2016-12-13 16:26:42 +01:00
4, &use_mfp);
netdev: set NL80211_ATTR_USE_MFP if mfp is enabled
2016-12-08 15:26:16 +01:00
}
netdev: Send additional attributes For fullmac drivers, these attributes are also needed
2016-11-15 20:15:45 +01:00
nl_akm = ie_rsn_akm_suite_to_nl80211(hs->akm_suite);
if (nl_akm)
l_genl_msg_append_attr(msg, NL80211_ATTR_AKM_SUITES,
4, &nl_akm);
netdev: add SAE offload support SAE offload support requires some minor tweaks to CMD_CONNECT as well as special checks once the connect event comes in. Since at this point we are fully connected.
2021-03-22 17:01:55 +01:00
if (IE_AKM_IS_SAE(hs->akm_suite))
wpa_version = NL80211_WPA_VERSION_3;
else if (hs->wpa_ie)
netdev: Send additional attributes For fullmac drivers, these attributes are also needed
2016-11-15 20:15:45 +01:00
wpa_version = NL80211_WPA_VERSION_1;
else
wpa_version = NL80211_WPA_VERSION_2;
l_genl_msg_append_attr(msg, NL80211_ATTR_WPA_VERSIONS,
4, &wpa_version);
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_CONTROL_PORT, 0, NULL);
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
c_iov = iov_ie_append(iov, n_iov, c_iov, hs->supplicant_ie);
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
}
netdev: fix WPS test (with ControlPortOverNL80211 on) At some point the connect command builder was modified, and the control port over NL80211 check was moved to inside if (is_rsn). For WPS, no supplicant_ie was set, so CONTROL_PORT_OVER_NL80211 was never set into CMD_CONNECT. This caused IWD to expect WPS frames over netlink, but the kernel was sending them over the legacy route.
2019-03-19 19:45:03 +01:00
if (netdev->pae_over_nl80211)
l_genl_msg_append_attr(msg,
NL80211_ATTR_CONTROL_PORT_OVER_NL80211,
0, NULL);
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
c_iov = iov_ie_append(iov, n_iov, c_iov, hs->mde);
netdev: Append any vendor IEs from the handshake
2021-08-06 20:56:55 +02:00
c_iov = netdev_populate_common_ies(netdev, hs, msg, iov, n_iov, c_iov);
netdev: FT version of association messages If an MD IE is supplied to netdev_connect, pass that MD IE in the associate request, then validate and handle the MD IE and FT IE in the associate response from AP.
2016-11-02 23:46:16 +01:00
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
mpdu_sort_ies(subtype, iov, c_iov);
netdev: Send extended capabilities IE on connect
2019-07-10 17:53:38 +02:00
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
if (vendor_ies && !L_WARN_ON(n_iov - c_iov < num_vendor_ies)) {
memcpy(iov + c_iov, vendor_ies,
netdev: Allow to send extra vendor IEs when connecting
2019-07-12 23:00:01 +02:00
sizeof(*vendor_ies) * num_vendor_ies);
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
c_iov += num_vendor_ies;
netdev: Allow to send extra vendor IEs when connecting
2019-07-12 23:00:01 +02:00
}
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
if (c_iov)
l_genl_msg_append_attrv(msg, NL80211_ATTR_IE, iov, c_iov);
netdev: FT version of association messages If an MD IE is supplied to netdev_connect, pass that MD IE in the associate request, then validate and handle the MD IE and FT IE in the associate response from AP.
2016-11-02 23:46:16 +01:00
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
return msg;
}
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
struct rtnl_data {
struct netdev *netdev;
uint8_t addr[ETH_ALEN];
int ref;
};
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
static int netdev_begin_connection(struct netdev *netdev)
netdev: Add initial netdev_connect logic
2016-06-14 18:17:43 +02:00
{
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
if (netdev->connect_cmd) {
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
netdev->connect_cmd_id = l_genl_family_send(nl80211,
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
netdev->connect_cmd,
netdev_cmd_connect_cb, netdev,
NULL);
netdev: Cancel the CMD_CONNECT genl command on disconnect CMD_DISCONNECT fails on some occasions when CMD_CONNECT is still running. When this happens the DBus disconnect command receives an error reply but iwd's device state is left as disconnected even though there's a connection at the kernel level which times out a few seconds later. If the CMD_CONNECT is cancelled I couldn't reproduce this so far. src/network.c:network_connect() src/network.c:network_connect_psk() src/network.c:network_connect_psk() psk: 69ae3f8b2f84a438cf6a44275913182dd2714510ccb8cbdf8da9dc8b61718560 src/network.c:network_connect_psk() len: 32 src/network.c:network_connect_psk() ask_psk: false src/device.c:device_enter_state() Old State: disconnected, new state: connecting src/scan.c:scan_notify() Scan notification 33 src/device.c:device_netdev_event() Associating src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/device.c:device_dbus_disconnect() src/device.c:device_connect_cb() 6, result: 5 src/device.c:device_enter_state() Old State: connecting, new state: disconnecting src/device.c:device_disconnect_cb() 6, success: 0 src/device.c:device_enter_state() Old State: disconnecting, new state: disconnected src/scan.c:scan_notify() Scan notification 34 src/netdev.c:netdev_mlme_notify() MLME notification 19 src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 37 src/netdev.c:netdev_authenticate_event() src/scan.c:get_scan_callback() get_scan_callback src/scan.c:get_scan_done() get_scan_done src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 19 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 38 src/netdev.c:netdev_associate_event() src/netdev.c:netdev_mlme_notify() MLME notification 46 src/netdev.c:netdev_connect_event() <delay> src/netdev.c:netdev_mlme_notify() MLME notification 60 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 MLME notification is missing ifindex attribute src/netdev.c:netdev_mlme_notify() MLME notification 20 src/netdev.c:netdev_mlme_notify() MLME notification 39 src/netdev.c:netdev_deauthenticate_event()
2016-08-05 14:25:34 +02:00
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
if (!netdev->connect_cmd_id)
goto failed;
netdev->connect_cmd = NULL;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
}
netdev: Add initial netdev_connect logic
2016-06-14 18:17:43 +02:00
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
/*
* Set the supplicant address now, this may have already been done for
* a non-randomized address connect, but if we are randomizing we need
* to set it again as the address should have now changed.
*/
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
handshake_state_set_supplicant_address(netdev->handshake, netdev->addr);
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
if (netdev->ap) {
if (!auth_proto_start(netdev->ap))
goto failed;
/*
* set connected since the auth protocols cannot do
* so internally
*/
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
netdev->connected = true;
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
}
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
return 0;
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
failed:
netdev_connect_failed(netdev, NETDEV_RESULT_ABORTED,
MMPDU_STATUS_CODE_UNSPECIFIED);
return -EIO;
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
}
static void netdev_mac_change_failed(struct netdev *netdev,
struct rtnl_data *req, int error)
{
l_error("Error setting mac address on %d: %s", netdev->index,
strerror(-error));
/*
* If the interface is down and we failed to up it we need to notify
* any watchers since we have been skipping the notification while
* mac_change_cmd_id was set.
*/
if (!netdev_get_is_up(netdev)) {
WATCHLIST_NOTIFY(&netdev_watches, netdev_watch_func_t,
netdev, NETDEV_WATCH_EVENT_DOWN);
goto failed;
} else {
/*
* If the interface is up we can still try and connect. This
* is a very rare case and most likely will never happen.
*/
l_info("Interface still up after failing to change the MAC, "
"continuing with connection");
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
if (netdev_begin_connection(netdev) < 0)
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
goto failed;
return;
}
failed:
netdev_connect_failed(netdev, NETDEV_RESULT_ABORTED,
MMPDU_STATUS_CODE_UNSPECIFIED);
}
static void netdev_mac_destroy(void *user_data)
{
struct rtnl_data *req = user_data;
req->ref--;
/* still pending requests? */
if (req->ref)
return;
l_free(req);
}
static void netdev_mac_power_up_cb(int error, uint16_t type,
const void *data, uint32_t len,
void *user_data)
{
struct rtnl_data *req = user_data;
struct netdev *netdev = req->netdev;
netdev->mac_change_cmd_id = 0;
if (error) {
l_error("Error taking interface %u up for per-network MAC "
"generation: %s", netdev->index, strerror(-error));
netdev_mac_change_failed(netdev, req, error);
return;
}
/*
* Pick up where we left off in netdev_connect_commmon.
*/
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
if (netdev_begin_connection(netdev) < 0) {
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
l_error("Failed to connect after changing MAC");
netdev_connect_failed(netdev, NETDEV_RESULT_ASSOCIATION_FAILED,
MMPDU_STATUS_CODE_UNSPECIFIED);
}
}
static void netdev_mac_power_down_cb(int error, uint16_t type,
const void *data, uint32_t len,
void *user_data)
{
struct rtnl_data *req = user_data;
struct netdev *netdev = req->netdev;
netdev->mac_change_cmd_id = 0;
if (error) {
l_error("Error taking interface %u down for per-network MAC "
"generation: %s", netdev->index, strerror(-error));
netdev_mac_change_failed(netdev, req, error);
return;
}
l_debug("Setting generated address on ifindex: %d to: "MAC,
netdev->index, MAC_STR(req->addr));
netdev->mac_change_cmd_id = l_rtnl_set_mac(rtnl, netdev->index,
req->addr, true,
netdev_mac_power_up_cb, req,
netdev_mac_destroy);
if (!netdev->mac_change_cmd_id) {
netdev_mac_change_failed(netdev, req, -EIO);
return;
}
req->ref++;
}
/*
* TODO: There are some potential race conditions that are being ignored. There
* is nothing that IWD itself can do to solve these, they require kernel
* changes:
*
* 1. A perfectly timed ifdown could be ignored. If an external process
* brings down an interface just before calling this function we would only
* get a single newlink event since there is no state change doing a second
* ifdown (nor an error from the kernel). This newlink event would be ignored
* since IWD thinks its from our own doing. This would result in IWD changing
* the MAC and bringing the interface back up which would look very strange
* and unexpected to someone who just tried to ifdown an interface.
*
* 2. A perfectly timed ifup could result in a failed connection. If an external
* process ifup's just after IWD ifdown's but before changing the MAC this
* would cause the MAC change to fail. This failure would result in a failed
* connection.
*
* Returns 0 if a MAC change procedure was started.
* Returns -EALREADY if the requested MAC matched our current MAC
* Returns -EIO if there was an IO error when powering down
*/
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
static int netdev_start_powered_mac_change(struct netdev *netdev)
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
{
struct rtnl_data *req;
uint8_t new_addr[6];
netdev: honor handshake->spa if set In order to support AlwaysRandomizeAddress and AddressOverride, station will set the desired address into the handshake object. Then, netdev checks if this was done and will use that address rather than generate one.
2020-03-19 23:59:00 +01:00
/* No address set in handshake, use per-network MAC generation */
treewide: replace util_mem_is_zero with l_memeqzero
2021-03-09 22:40:35 +01:00
if (l_memeqzero(netdev->handshake->spa, ETH_ALEN))
netdev: honor handshake->spa if set In order to support AlwaysRandomizeAddress and AddressOverride, station will set the desired address into the handshake object. Then, netdev checks if this was done and will use that address rather than generate one.
2020-03-19 23:59:00 +01:00
wiphy_generate_address_from_ssid(netdev->wiphy,
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
(const char *)netdev->handshake->ssid,
new_addr);
netdev: honor handshake->spa if set In order to support AlwaysRandomizeAddress and AddressOverride, station will set the desired address into the handshake object. Then, netdev checks if this was done and will use that address rather than generate one.
2020-03-19 23:59:00 +01:00
else
memcpy(new_addr, netdev->handshake->spa, ETH_ALEN);
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
/*
* MAC has already been changed previously, no need to again
*/
if (!memcmp(new_addr, netdev->addr, sizeof(new_addr)))
return -EALREADY;
req = l_new(struct rtnl_data, 1);
req->netdev = netdev;
/* This message will need to be unreffed upon any error */
req->ref++;
memcpy(req->addr, new_addr, sizeof(req->addr));
netdev->mac_change_cmd_id = l_rtnl_set_powered(rtnl, netdev->index,
false, netdev_mac_power_down_cb,
req, netdev_mac_destroy);
if (!netdev->mac_change_cmd_id) {
l_free(req);
return -EIO;
}
return 0;
}
netdev: fix RoamThreshold5G The RoamThreshold5G was never honored because it was being set prior to any connections. This caused the logic inside netdev_cqm_rssi_update to always choose the 2GHz threshold (RoamThreshold) due to netdev->frequency being zero at this time. Instead call netdev_cqm_rssi_update in all connect/transition calls after netdev->frequency is updated. This will allow both the 2G and 5G thresholds to be used depending on what frequency the new BSS is. The call to netdev_cqm_rssi_update in netdev_setup_interface was also removed since it serves no purpose, at least now that there are two thresholds to consider.
2021-07-28 00:50:23 +02:00
static struct l_genl_msg *netdev_build_cmd_cqm_rssi_update(
struct netdev *netdev,
const int8_t *levels,
size_t levels_num)
{
struct l_genl_msg *msg;
uint32_t hyst = 5;
int thold_count;
int32_t thold_list[levels_num + 2];
int threshold = netdev->frequency > 4000 ? LOW_SIGNAL_THRESHOLD_5GHZ :
LOW_SIGNAL_THRESHOLD;
if (levels_num == 0) {
thold_list[0] = threshold;
thold_count = 1;
} else {
/*
* Build the list of all the threshold values we care about:
* - the low/high level threshold,
* - the value ranges requested by
* netdev_set_rssi_report_levels
*/
unsigned int i;
bool low_sig_added = false;
thold_count = 0;
for (i = 0; i < levels_num; i++) {
int32_t val = levels[levels_num - i - 1];
if (i && thold_list[thold_count - 1] >= val)
return NULL;
if (val >= threshold && !low_sig_added) {
thold_list[thold_count++] = threshold;
low_sig_added = true;
/* Duplicate values are not allowed */
if (val == threshold)
continue;
}
thold_list[thold_count++] = val;
}
}
msg = l_genl_msg_new_sized(NL80211_CMD_SET_CQM, 32 + thold_count * 4);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_enter_nested(msg, NL80211_ATTR_CQM);
l_genl_msg_append_attr(msg, NL80211_ATTR_CQM_RSSI_THOLD,
thold_count * 4, thold_list);
l_genl_msg_append_attr(msg, NL80211_ATTR_CQM_RSSI_HYST, 4, &hyst);
l_genl_msg_leave_nested(msg);
return msg;
}
static void netdev_cmd_set_cqm_cb(struct l_genl_msg *msg, void *user_data)
{
int err = l_genl_msg_get_error(msg);
const char *ext_error;
if (err >= 0)
return;
ext_error = l_genl_msg_get_extended_error(msg);
l_error("CMD_SET_CQM failed: %s",
ext_error ? ext_error : strerror(-err));
}
static int netdev_cqm_rssi_update(struct netdev *netdev)
{
struct l_genl_msg *msg;
l_debug("");
if (!wiphy_has_ext_feature(netdev->wiphy,
NL80211_EXT_FEATURE_CQM_RSSI_LIST))
msg = netdev_build_cmd_cqm_rssi_update(netdev, NULL, 0);
else
msg = netdev_build_cmd_cqm_rssi_update(netdev,
netdev->rssi_levels,
netdev->rssi_levels_num);
if (!msg)
return -EINVAL;
if (!l_genl_family_send(nl80211, msg, netdev_cmd_set_cqm_cb,
NULL, NULL)) {
l_genl_msg_unref(msg);
return -EIO;
}
return 0;
}
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
static bool netdev_connection_work_ready(struct wiphy_radio_work_item *item)
{
struct netdev *netdev = l_container_of(item, struct netdev, work);
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
netdev->retry_auth = false;
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
if (mac_per_ssid) {
int ret = netdev_start_powered_mac_change(netdev);
if (!ret)
return false;
else if (ret != -EALREADY)
goto failed;
}
if (netdev_begin_connection(netdev) < 0)
goto failed;
return false;
failed:
netdev_connect_failed(netdev, NETDEV_RESULT_ABORTED,
MMPDU_STATUS_CODE_UNSPECIFIED);
return true;
}
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
static void netdev_connection_work_destroy(struct wiphy_radio_work_item *item)
{
struct netdev *netdev = l_container_of(item, struct netdev, work);
if (netdev->auth_cmd) {
l_genl_msg_unref(netdev->auth_cmd);
netdev->auth_cmd = NULL;
}
netdev->retry_auth = false;
}
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
static const struct wiphy_radio_work_item_ops connect_work_ops = {
.do_work = netdev_connection_work_ready,
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
.destroy = netdev_connection_work_destroy,
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
};
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
static int netdev_handshake_state_setup_connection_type(
struct handshake_state *hs)
{
struct netdev_handshake_state *nhs = l_container_of(hs,
struct netdev_handshake_state, super);
struct wiphy *wiphy = nhs->netdev->wiphy;
bool softmac = wiphy_supports_cmds_auth_assoc(wiphy);
bool canroam = wiphy_supports_firmware_roam(wiphy);
netdev: move failure point out of netdev_connect_common The only point of failure in netdev_connect_common was setting up the handshake type. Moving this outside of netdev_connect_common makes the code flow much better in netdev_{connect,reassociate} as nothing needs to be reset upon failure.
2021-08-09 19:42:56 +02:00
if (hs->supplicant_ie == NULL)
goto softmac;
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
/*
* Sanity check that any FT AKMs are set only on softmac or on
* devices that support firmware roam
*/
if (L_WARN_ON(IE_AKM_IS_FT(hs->akm_suite) && !softmac && !canroam))
return -ENOTSUP;
switch (hs->akm_suite) {
netdev: allow PSK offload for FT AKMs This adds a new connection type, TYPE_PSK_OFFLOAD, which allows the 4-way handshake to be offloaded by the firmware. Offloading will be used if the driver advertises support. The CMD_ROAM event path was also modified to take into account handshake offloading. If the handshake is offloaded we still must issue GET_SCAN, but not start eapol since the firmware takes care of this.
2021-04-03 00:06:17 +02:00
case IE_RSN_AKM_SUITE_PSK:
case IE_RSN_AKM_SUITE_FT_USING_PSK:
case IE_RSN_AKM_SUITE_PSK_SHA256:
if (wiphy_has_ext_feature(wiphy,
NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
goto psk_offload;
netdev: add CONNECTION_TYPE_8021X_OFFLOAD This adds a new type for 8021x offload as well as support in building CMD_CONNECT. As described in the comment, 8021x offloading is not particularly similar to PSK as far as the code flow in IWD is concerned. There still needs to be an eapol_sm due to EAP being done in userspace. This throws somewhat of a wrench into our 'is_offload' cases. And as such this connection type is handled specially.
2021-04-09 18:14:45 +02:00
if (softmac)
goto softmac;
goto fullmac;
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
case IE_RSN_AKM_SUITE_8021X:
case IE_RSN_AKM_SUITE_FT_OVER_8021X:
case IE_RSN_AKM_SUITE_8021X_SHA256:
case IE_RSN_AKM_SUITE_8021X_SUITE_B_SHA256:
case IE_RSN_AKM_SUITE_8021X_SUITE_B_SHA384:
case IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384:
netdev: add CONNECTION_TYPE_8021X_OFFLOAD This adds a new type for 8021x offload as well as support in building CMD_CONNECT. As described in the comment, 8021x offloading is not particularly similar to PSK as far as the code flow in IWD is concerned. There still needs to be an eapol_sm due to EAP being done in userspace. This throws somewhat of a wrench into our 'is_offload' cases. And as such this connection type is handled specially.
2021-04-09 18:14:45 +02:00
if (wiphy_has_ext_feature(wiphy,
NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
goto offload_1x;
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
if (softmac)
goto softmac;
goto fullmac;
case IE_RSN_AKM_SUITE_SAE_SHA256:
case IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256:
if (wiphy_has_ext_feature(wiphy,
NL80211_EXT_FEATURE_SAE_OFFLOAD))
goto sae_offload;
if (softmac && wiphy_has_feature(wiphy, NL80211_FEATURE_SAE))
goto softmac;
return -EINVAL;
case IE_RSN_AKM_SUITE_OWE:
case IE_RSN_AKM_SUITE_FILS_SHA256:
case IE_RSN_AKM_SUITE_FILS_SHA384:
case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256:
case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384:
/* FILS and OWE have no offload in any upstream driver */
if (softmac)
goto softmac;
return -ENOTSUP;
case IE_RSN_AKM_SUITE_TDLS:
case IE_RSN_AKM_SUITE_AP_PEER_KEY_SHA256:
case IE_RSN_AKM_SUITE_OSEN:
return -ENOTSUP;
}
return -ENOTSUP;
softmac:
nhs->type = CONNECTION_TYPE_SOFTMAC;
return 0;
fullmac:
nhs->type = CONNECTION_TYPE_FULLMAC;
return 0;
sae_offload:
nhs->type = CONNECTION_TYPE_SAE_OFFLOAD;
return 0;
netdev: allow PSK offload for FT AKMs This adds a new connection type, TYPE_PSK_OFFLOAD, which allows the 4-way handshake to be offloaded by the firmware. Offloading will be used if the driver advertises support. The CMD_ROAM event path was also modified to take into account handshake offloading. If the handshake is offloaded we still must issue GET_SCAN, but not start eapol since the firmware takes care of this.
2021-04-03 00:06:17 +02:00
psk_offload:
nhs->type = CONNECTION_TYPE_PSK_OFFLOAD;
return 0;
netdev: add CONNECTION_TYPE_8021X_OFFLOAD This adds a new type for 8021x offload as well as support in building CMD_CONNECT. As described in the comment, 8021x offloading is not particularly similar to PSK as far as the code flow in IWD is concerned. There still needs to be an eapol_sm due to EAP being done in userspace. This throws somewhat of a wrench into our 'is_offload' cases. And as such this connection type is handled specially.
2021-04-09 18:14:45 +02:00
offload_1x:
nhs->type = CONNECTION_TYPE_8021X_OFFLOAD;
return 0;
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
}
netdev: move failure point out of netdev_connect_common The only point of failure in netdev_connect_common was setting up the handshake type. Moving this outside of netdev_connect_common makes the code flow much better in netdev_{connect,reassociate} as nothing needs to be reset upon failure.
2021-08-09 19:42:56 +02:00
static void netdev_connect_common(struct netdev *netdev,
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
struct scan_bss *bss,
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
struct scan_bss *prev_bss,
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
struct handshake_state *hs,
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
const struct iovec *vendor_ies,
size_t num_vendor_ies,
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
netdev_event_func_t event_filter,
netdev_connect_cb_t cb, void *user_data)
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
{
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
struct netdev_handshake_state *nhs = l_container_of(hs,
struct netdev_handshake_state, super);
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
struct l_genl_msg *cmd_connect = NULL;
wsc: Move eapol_sm creation to netdev_connect_wsc
2016-12-12 18:34:18 +01:00
struct eapol_sm *sm = NULL;
handshake: Rename own_ie/ap_ie and related setters To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2018-08-25 03:54:24 +02:00
bool is_rsn = hs->supplicant_ie != NULL;
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
const uint8_t *prev_bssid = prev_bss ? prev_bss->addr : NULL;
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
netdev: move failure point out of netdev_connect_common The only point of failure in netdev_connect_common was setting up the handshake type. Moving this outside of netdev_connect_common makes the code flow much better in netdev_{connect,reassociate} as nothing needs to be reset upon failure.
2021-08-09 19:42:56 +02:00
if (!is_rsn)
netdev: Fix connections to open networks Fix a regression where connection to an open network results in an NotSupported error being returned. Fixes: d79e883e93df ("netdev: Introduce connection types")
2021-04-20 17:45:25 +02:00
goto build_cmd_connect;
netdev: Introduce connection types Currently netdev handles SoftMac and FullMac drivers mostly in the same way, by building CMD_CONNECT nl80211 commands and letting the kernel figure out the details. Exceptions to this are FILS/OWE/SAE AKMs which are only supported on SoftMac drivers by using CMD_AUTHENTICATE/CMD_ASSOCIATE. Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards was introduced. When offloaded, the control flow is very different than under typical conditions and required additional logic checks in several places. The logic is now becoming quite complex. Introduce a concept of a connection type in order to make it clearer what driver and driver features are being used for this connection. In the future, connection types can be expanded with 802.1X handshake offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE connections.
2021-03-31 17:48:05 +02:00
if (nhs->type != CONNECTION_TYPE_SOFTMAC)
goto build_cmd_connect;
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
switch (hs->akm_suite) {
case IE_RSN_AKM_SUITE_SAE_SHA256:
case IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256:
sae: netdev: update to use auth_proto concepts SAE was a bit trickier than OWE/FILS because the initial implementation for SAE did not include parsing raw authenticate frames (netdev skipped the header and passed just the authentication data). OWE/FILS did not do this and parse the entire frame in the RX callbacks. Because of this it was not as simple as just setting some RX callbacks. In addition, the TX functions include some of the authentication header/data, but not all (thanks NL80211), so this will require an overhaul to test-sae since the unit test passes frames from one SM to another to test the protocol end-to-end (essentially the header needs to be prepended to any data coming from the TX functions for the end-to-end tests).
2019-05-03 20:59:54 +02:00
netdev->ap = sae_sm_new(hs, netdev_sae_tx_authenticate,
netdev_sae_tx_associate,
netdev);
netdev: Send RSNXE element during SAE association
2021-07-14 00:49:41 +02:00
if (sae_sm_is_h2e(netdev->ap)) {
uint8_t own_rsnxe[20];
if (wiphy_get_rsnxe(netdev->wiphy,
own_rsnxe, sizeof(own_rsnxe))) {
set_bit(own_rsnxe + 2, IE_RSNX_SAE_H2E);
handshake_state_set_supplicant_rsnxe(hs,
own_rsnxe);
}
}
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
break;
case IE_RSN_AKM_SUITE_OWE:
owe: netdev: update to use auth_proto concepts
2019-05-03 20:59:53 +02:00
netdev->ap = owe_sm_new(hs, netdev_owe_tx_authenticate,
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
netdev_owe_tx_associate,
netdev);
break;
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
case IE_RSN_AKM_SUITE_FILS_SHA256:
case IE_RSN_AKM_SUITE_FILS_SHA384:
station: netdev: allow FILS-FT AKMs This adds some checks for the FT_OVER_FILS AKMs in station and netdev allowing the FILS-FT AKMs to be selected during a connection. Inside netdev_connect_event we actually have to skip parsing the IEs because FILS itself takes care of this (needs to handle them specially)
2019-05-23 00:24:04 +02:00
case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256:
case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384:
fils: netdev: update to use auth_proto concepts
2019-05-03 20:59:51 +02:00
netdev->ap = fils_sm_new(hs, netdev_fils_tx_authenticate,
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
netdev_fils_tx_associate,
fils: netdev: update to use auth_proto concepts
2019-05-03 20:59:51 +02:00
netdev);
netdev: add FILS support From netdev's prospective FILS works the same as OWE/SAE where we create a fils_sm and forward all auth/assoc frames into the FILS module. The only real difference is we do not start EAPoL once FILS completes.
2019-04-22 19:11:45 +02:00
break;
netdev/station: Add OWE support The changes to station.c are minor. Specifically, station_build_handshake_rsn was modified to always build up the RSN information, not just for SECURITY_8021X and SECURITY_PSK. This is because OWE needs this RSN information, even though it is still SECURITY_NONE. Since "regular" open networks don't need this, a check was added (security == NONE && akm != OWE) which skips the RSN building. netdev.c needed to be changed in nearly the same manor as it was for SAE. When connecting, we check if the AKM is for OWE, and if so create a new OWE SM and start it. OWE handles all the ECDH, and netdev handles sending CMD_AUTHENTICATE and CMD_ASSOCIATE when triggered by OWE. The incoming authenticate/associate events just get forwarded to OWE as they do with SAE.
2018-11-16 23:22:55 +01:00
default:
netdev: add SAE offload support SAE offload support requires some minor tweaks to CMD_CONNECT as well as special checks once the connect event comes in. Since at this point we are fully connected.
2021-03-22 17:01:55 +01:00
build_cmd_connect:
netdev: Allow to send extra vendor IEs when connecting
2019-07-12 23:00:01 +02:00
cmd_connect = netdev_build_cmd_connect(netdev, bss, hs,
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
prev_bssid, vendor_ies, num_vendor_ies);
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
netdev: add CONNECTION_TYPE_8021X_OFFLOAD This adds a new type for 8021x offload as well as support in building CMD_CONNECT. As described in the comment, 8021x offloading is not particularly similar to PSK as far as the code flow in IWD is concerned. There still needs to be an eapol_sm due to EAP being done in userspace. This throws somewhat of a wrench into our 'is_offload' cases. And as such this connection type is handled specially.
2021-04-09 18:14:45 +02:00
if (!is_offload(hs) && (is_rsn || hs->settings_8021x)) {
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
sm = eapol_sm_new(hs);
netdev: add CONNECTION_TYPE_8021X_OFFLOAD This adds a new type for 8021x offload as well as support in building CMD_CONNECT. As described in the comment, 8021x offloading is not particularly similar to PSK as far as the code flow in IWD is concerned. There still needs to be an eapol_sm due to EAP being done in userspace. This throws somewhat of a wrench into our 'is_offload' cases. And as such this connection type is handled specially.
2021-04-09 18:14:45 +02:00
if (nhs->type == CONNECTION_TYPE_8021X_OFFLOAD)
eapol_sm_set_require_handshake(sm, false);
}
netdev: added sae functionality to netdev In order to plug SAE into the existing connect mechanism the actual CMD_CONNECT message is never sent, rather sae_register takes care of sending out CMD_AUTHENTICATE. This required some shuffling of code in order to handle both eapol and sae. In the case of non-SAE authentication everything behaves as it did before. When using SAE an sae_sm is created when a connection is attempted but the eapol_sm is not. After SAE succeeds it will start association and then create the eapol_sm and start the 4-way handshake. This change also adds the handshake SAE events to device and initializes SAE in main.
2018-08-14 01:25:48 +02:00
}
wsc: Move eapol_sm creation to netdev_connect_wsc
2016-12-12 18:34:18 +01:00
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
netdev->connect_cmd = cmd_connect;
netdev->event_filter = event_filter;
netdev->connect_cb = cb;
netdev->user_data = user_data;
netdev->handshake = hs;
netdev->sm = sm;
netdev->frequency = bss->frequency;
netdev->cur_rssi = bss->signal_strength / 100;
netdev_rssi_level_init(netdev);
netdev_cqm_rssi_update(netdev);
handshake_state_set_authenticator_address(hs, bss->addr);
if (!wiphy_has_ext_feature(netdev->wiphy,
NL80211_EXT_FEATURE_CAN_REPLACE_PTK0))
handshake_state_set_no_rekey(hs, true);
wiphy_radio_work_insert(netdev->wiphy, &netdev->work, 1,
&connect_work_ops);
netdev: Add netdev_connect_wsc
2016-09-14 03:50:24 +02:00
}
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
int netdev_connect(struct netdev *netdev, struct scan_bss *bss,
struct handshake_state *hs,
const struct iovec *vendor_ies,
size_t num_vendor_ies,
netdev_event_func_t event_filter,
netdev_connect_cb_t cb, void *user_data)
{
if (!(netdev->ifi_flags & IFF_UP))
return -ENETDOWN;
if (netdev->type != NL80211_IFTYPE_STATION &&
netdev->type != NL80211_IFTYPE_P2P_CLIENT)
return -ENOTSUP;
if (netdev->connected || netdev->connect_cmd_id || netdev->work.id)
return -EISCONN;
netdev: move failure point out of netdev_connect_common The only point of failure in netdev_connect_common was setting up the handshake type. Moving this outside of netdev_connect_common makes the code flow much better in netdev_{connect,reassociate} as nothing needs to be reset upon failure.
2021-08-09 19:42:56 +02:00
if (netdev_handshake_state_setup_connection_type(hs) < 0)
return -ENOTSUP;
netdev_connect_common(netdev, bss, NULL, hs, vendor_ies,
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
num_vendor_ies, event_filter, cb,
user_data);
netdev: move failure point out of netdev_connect_common The only point of failure in netdev_connect_common was setting up the handshake type. Moving this outside of netdev_connect_common makes the code flow much better in netdev_{connect,reassociate} as nothing needs to be reset upon failure.
2021-08-09 19:42:56 +02:00
return 0;
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
}
netdev: use l_idle_create for disconnect idle The chances were extremely low, but using l_idle_oneshot could end up causing a invalid memory access if the netdev went down while waiting for the disconnect idle callback. Instead netdev can keep track of the idle with l_idle_create and remove it if the netdev goes down prior to the idle callback.
2021-04-06 18:58:26 +02:00
static void disconnect_idle(struct l_idle *idle, void *user_data)
netdev: fix crash from carefully timed Connect() This crash was caused from the disconnect_cb being called immediately in cases where send_disconnect was false. The previous patch actually addressed this separately as this flag was being set improperly which will, indirectly, fix one of the two code paths that could cause this crash. Still, there is a situation where send_disconnect could be false and in this case IWD would still crash. If IWD is waiting to queue the connect item and netdev_disconnect is called it would result in the callback being called immediately. Instead we can add an l_idle as to allow the callback to happen out of scope, which is what station expects. Prior to this patch, the crashing behavior can be tested using the following script (or some variant of it, your system timing may not be the same as mine). iwctl station wlan0 disconnect iwctl station wlan0 connect <network1> & sleep 0.02 iwctl station wlan0 connect <network2> ++++++++ backtrace ++++++++ 0 0x7f4e1504e530 in /lib64/libc.so.6 1 0x432b54 in network_get_security() at src/network.c:253 2 0x416e92 in station_handshake_setup() at src/station.c:937 3 0x41a505 in __station_connect_network() at src/station.c:2551 4 0x41a683 in station_disconnect_onconnect_cb() at src/station.c:2581 5 0x40b4ae in netdev_disconnect() at src/netdev.c:3142 6 0x41a719 in station_disconnect_onconnect() at src/station.c:2603 7 0x41a89d in station_connect_network() at src/station.c:2652 8 0x433f1d in network_connect_psk() at src/network.c:886 9 0x43483a in network_connect() at src/network.c:1183 10 0x4add11 in _dbus_object_tree_dispatch() at ell/dbus-service.c:1802 11 0x49ff54 in message_read_handler() at ell/dbus.c:285 12 0x496d2f in io_callback() at ell/io.c:120 13 0x495894 in l_main_iterate() at ell/main.c:478 14 0x49599b in l_main_run() at ell/main.c:521 15 0x495cb3 in l_main_run_with_signal() at ell/main.c:647 16 0x404add in main() at src/main.c:490 17 0x7f4e15038b25 in /lib64/libc.so.6
2021-04-06 00:18:36 +02:00
{
struct netdev *netdev = user_data;
netdev: use l_idle_create for disconnect idle The chances were extremely low, but using l_idle_oneshot could end up causing a invalid memory access if the netdev went down while waiting for the disconnect idle callback. Instead netdev can keep track of the idle with l_idle_create and remove it if the netdev goes down prior to the idle callback.
2021-04-06 18:58:26 +02:00
l_idle_remove(idle);
netdev->disconnect_idle = NULL;
netdev: fix crash from carefully timed Connect() This crash was caused from the disconnect_cb being called immediately in cases where send_disconnect was false. The previous patch actually addressed this separately as this flag was being set improperly which will, indirectly, fix one of the two code paths that could cause this crash. Still, there is a situation where send_disconnect could be false and in this case IWD would still crash. If IWD is waiting to queue the connect item and netdev_disconnect is called it would result in the callback being called immediately. Instead we can add an l_idle as to allow the callback to happen out of scope, which is what station expects. Prior to this patch, the crashing behavior can be tested using the following script (or some variant of it, your system timing may not be the same as mine). iwctl station wlan0 disconnect iwctl station wlan0 connect <network1> & sleep 0.02 iwctl station wlan0 connect <network2> ++++++++ backtrace ++++++++ 0 0x7f4e1504e530 in /lib64/libc.so.6 1 0x432b54 in network_get_security() at src/network.c:253 2 0x416e92 in station_handshake_setup() at src/station.c:937 3 0x41a505 in __station_connect_network() at src/station.c:2551 4 0x41a683 in station_disconnect_onconnect_cb() at src/station.c:2581 5 0x40b4ae in netdev_disconnect() at src/netdev.c:3142 6 0x41a719 in station_disconnect_onconnect() at src/station.c:2603 7 0x41a89d in station_connect_network() at src/station.c:2652 8 0x433f1d in network_connect_psk() at src/network.c:886 9 0x43483a in network_connect() at src/network.c:1183 10 0x4add11 in _dbus_object_tree_dispatch() at ell/dbus-service.c:1802 11 0x49ff54 in message_read_handler() at ell/dbus.c:285 12 0x496d2f in io_callback() at ell/io.c:120 13 0x495894 in l_main_iterate() at ell/main.c:478 14 0x49599b in l_main_run() at ell/main.c:521 15 0x495cb3 in l_main_run_with_signal() at ell/main.c:647 16 0x404add in main() at src/main.c:490 17 0x7f4e15038b25 in /lib64/libc.so.6
2021-04-06 00:18:36 +02:00
netdev->disconnect_cb(netdev, true, netdev->user_data);
}
netdev: Add stubs for netdev_disconnect
2016-06-14 19:15:18 +02:00
int netdev_disconnect(struct netdev *netdev,
netdev_disconnect_cb_t cb, void *user_data)
{
netdev: Use CMD_DISCONNECT for non-FT cases CMD_DEAUTHENTICATE is not available for FullMAC based cards. We already use CMD_CONNECT in the non-FT cases, which works on all cards. However, for some reason we kept using CMD_DEAUTHENTICATE instead of CMD_DISCONNECT. For FT (error) cases, keep using CMD_DEAUTHENTICATE.
2017-05-31 18:08:40 +02:00
struct l_genl_msg *disconnect;
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
bool send_disconnect = true;
netdev: Move deauthenticate handling out of wiphy.c
2016-06-16 23:05:34 +02:00
netdev: Check ifi_flags in netdev_connect/disconnect Also, set the flags appropriately when removing the netdev object. This prevents callers from accidentally starting any actions that will simply fail.
2021-05-29 05:39:05 +02:00
if (!(netdev->ifi_flags & IFF_UP))
return -ENETDOWN;
netdev: Extend checks for P2P scenarios Extend the iftype-based checks to handle the P2P iftypes and remove a warning that may be triggered in normal situations in the P2P scenarios.
2019-10-21 15:55:02 +02:00
if (netdev->type != NL80211_IFTYPE_STATION &&
netdev->type != NL80211_IFTYPE_P2P_CLIENT)
netdev: ensure proper iftype on connect/disconnect Now that the device mode can be changed, netdev must check that the iftype is correct before starting a connection or disconnecting. netdev_connect, netdev_connect_wsc, and netdev_disconnect now check that the iftype is station before continuing.
2018-07-17 23:15:58 +02:00
return -ENOTSUP;
netdev: Return -EINPROGRESS if already disconnecting
2016-09-22 18:48:32 +02:00
if (netdev->disconnect_cmd_id)
return -EINPROGRESS;
netdev: keep track of operational state We should not attempt to call connect_failed if we're have become operational. E.g. successfully associated, ran eapol if necessary and set operstate.
2016-09-22 22:55:07 +02:00
/* Only perform this if we haven't successfully fully associated yet */
if (!netdev->operational) {
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
/*
* Three possibilities here:
* 1. We do not actually have a connect in progress (work.id
* is zero), then we can bail out early with an error.
* 2. We have sent CMD_CONNECT but not fully connected. The
* CMD_CONNECT needs to be canceled and a disconnect should
* be sent.
* 3. Queued up the connect work, but haven't sent CMD_CONNECT
* to the kernel. This case we do not need to send a
* disconnect.
*/
if (!netdev->work.id)
return -ENOTCONN;
netdev: Fix crash when aborting a connection We can crash if we abort the connection, but the connect command has already gone through. In this case we will get a sequence of authenticate_event, associate_event, connect_event. The first and last events don't crash since they check whether netdev->connected is true. However, this causes an annoying warning to be printed. Fix this by introducing an 'aborting' flag and ignore all connection related events if it is set. ++++++++ backtrace ++++++++
2019-03-08 23:09:42 +01:00
if (netdev->connect_cmd_id) {
l_genl_family_cancel(nl80211, netdev->connect_cmd_id);
netdev->connect_cmd_id = 0;
netdev: add check for running work item in netdev_disconnect The send_disconnect flag was being improperly set based only on connect_cmd_id being zero. This does not take into account the case of CMD_CONNECT having finished but not EAPoL. In this case we do need to send a disconnect.
2021-04-06 00:18:35 +02:00
} else if (!wiphy_radio_work_is_running(netdev->wiphy,
netdev->work.id))
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
send_disconnect = false;
netdev: Fix crash when aborting a connection We can crash if we abort the connection, but the connect command has already gone through. In this case we will get a sequence of authenticate_event, associate_event, connect_event. The first and last events don't crash since they check whether netdev->connected is true. However, this causes an annoying warning to be printed. Fix this by introducing an 'aborting' flag and ignore all connection related events if it is set. ++++++++ backtrace ++++++++
2019-03-08 23:09:42 +01:00
netdev: store mpdu status and add getter Soon BSS blacklisting will be added, and in order to properly decide if a BSS should be blacklisted we need the status code on a failed connection. This change stores the status code when there is a failure in netdev and adds a getter to retrieve later. In many cases we have the actual status code from the AP, but in some corner cases its not obtainable (e.g. an error sending an NL80211 command) in which case we just default to MMPDU_REASON_CODE_UNSPECIFIED. Rather than continue with the pattern of setting netdev->result and now netdev->last_status_code, the netdev_connect_failed function was redefined so its no longer used as both a NL80211 callback and called directly. Instead a new function was added, netdev_disconnect_cb which just calls netdev_connect_failed. netdev_disconnect_cb should not be used for all the NL80211 disconnect commands. Now netdev_connect_failed takes both a result and status code which it sets in the netdev object. In the case where we were using netdev_connect_failed as a callback we still need to set the result and last_status_code but at least this is better than having to set those in all cases.
2019-01-24 21:56:23 +01:00
netdev_connect_failed(netdev, NETDEV_RESULT_ABORTED,
MMPDU_REASON_CODE_UNSPECIFIED);
netdev: keep track of operational state We should not attempt to call connect_failed if we're have become operational. E.g. successfully associated, ran eapol if necessary and set operstate.
2016-09-22 22:55:07 +02:00
} else {
netdev_connect_free(netdev);
}
netdev: Improve netdev_connect error/cancel logic Try to make the connect and disconnect operations look more like a transaction where the callback is always called eventually, also with a clear indication if the operation is in profress. The connected state lasts from the start of the connection attempt until the disconnect. 1. Non-null netdev->connected or disconnect_cb indicate that the operation is active. 2. Every entry-point in netdev.c checks if connected is still set before executing the next step of the connection setup. CMD_CONNECT and the subsequent commands may succeed even if CMD_DISCONNECT is called in the middle so they can't only rely on the error value for that. 3. netdev->connect_cb and other elements of the connection state are reset by netdev_connect_free which groups the clean-up operations to make sure we don't miss anything. Since the callback pointers are reset device.c doesn't need to check that it receives a spurious event in those callbacks for example after calling netdev_disconnect.
2016-08-02 22:48:11 +02:00
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
if (send_disconnect) {
disconnect = netdev_build_cmd_disconnect(netdev,
mpdu: Refactor mpdu structs Refactor management frame structures to take into account optional presence of some parts of the header: * drop the single structure for management header and body since the body offset is variable. * add mmpdu_get_body to locate the start of frame body. * drop the union of different management frame type bodies. * prefix names specific to management frames with "mmpdu" instead of "mpdu" including any enums based on 802.11-2012 section 8.4. * move the FC field to the mmpdu_header structure.
2017-08-31 04:04:41 +02:00
MMPDU_REASON_CODE_DEAUTH_LEAVING);
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
netdev->disconnect_cmd_id = l_genl_family_send(nl80211,
disconnect, netdev_cmd_disconnect_cb,
netdev, NULL);
netdev: Finalize disconnects on device removal When device is removed or otherwise freed, netdev_connect callbacks are invoked. Treat disconnects similarly
2016-09-21 22:20:51 +02:00
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
if (!netdev->disconnect_cmd_id) {
l_genl_msg_unref(disconnect);
return -EIO;
}
netdev: Move deauthenticate handling out of wiphy.c
2016-06-16 23:05:34 +02:00
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
netdev->disconnect_cb = cb;
netdev->user_data = user_data;
netdev->aborting = true;
netdev: fix crash from carefully timed Connect() This crash was caused from the disconnect_cb being called immediately in cases where send_disconnect was false. The previous patch actually addressed this separately as this flag was being set improperly which will, indirectly, fix one of the two code paths that could cause this crash. Still, there is a situation where send_disconnect could be false and in this case IWD would still crash. If IWD is waiting to queue the connect item and netdev_disconnect is called it would result in the callback being called immediately. Instead we can add an l_idle as to allow the callback to happen out of scope, which is what station expects. Prior to this patch, the crashing behavior can be tested using the following script (or some variant of it, your system timing may not be the same as mine). iwctl station wlan0 disconnect iwctl station wlan0 connect <network1> & sleep 0.02 iwctl station wlan0 connect <network2> ++++++++ backtrace ++++++++ 0 0x7f4e1504e530 in /lib64/libc.so.6 1 0x432b54 in network_get_security() at src/network.c:253 2 0x416e92 in station_handshake_setup() at src/station.c:937 3 0x41a505 in __station_connect_network() at src/station.c:2551 4 0x41a683 in station_disconnect_onconnect_cb() at src/station.c:2581 5 0x40b4ae in netdev_disconnect() at src/netdev.c:3142 6 0x41a719 in station_disconnect_onconnect() at src/station.c:2603 7 0x41a89d in station_connect_network() at src/station.c:2652 8 0x433f1d in network_connect_psk() at src/network.c:886 9 0x43483a in network_connect() at src/network.c:1183 10 0x4add11 in _dbus_object_tree_dispatch() at ell/dbus-service.c:1802 11 0x49ff54 in message_read_handler() at ell/dbus.c:285 12 0x496d2f in io_callback() at ell/io.c:120 13 0x495894 in l_main_iterate() at ell/main.c:478 14 0x49599b in l_main_run() at ell/main.c:521 15 0x495cb3 in l_main_run_with_signal() at ell/main.c:647 16 0x404add in main() at src/main.c:490 17 0x7f4e15038b25 in /lib64/libc.so.6
2021-04-06 00:18:36 +02:00
} else if (cb) {
netdev->disconnect_cb = cb;
netdev->user_data = user_data;
netdev: use l_idle_create for disconnect idle The chances were extremely low, but using l_idle_oneshot could end up causing a invalid memory access if the netdev went down while waiting for the disconnect idle callback. Instead netdev can keep track of the idle with l_idle_create and remove it if the netdev goes down prior to the idle callback.
2021-04-06 18:58:26 +02:00
netdev->disconnect_idle = l_idle_create(disconnect_idle,
netdev, NULL);
netdev: fix crash from carefully timed Connect() This crash was caused from the disconnect_cb being called immediately in cases where send_disconnect was false. The previous patch actually addressed this separately as this flag was being set improperly which will, indirectly, fix one of the two code paths that could cause this crash. Still, there is a situation where send_disconnect could be false and in this case IWD would still crash. If IWD is waiting to queue the connect item and netdev_disconnect is called it would result in the callback being called immediately. Instead we can add an l_idle as to allow the callback to happen out of scope, which is what station expects. Prior to this patch, the crashing behavior can be tested using the following script (or some variant of it, your system timing may not be the same as mine). iwctl station wlan0 disconnect iwctl station wlan0 connect <network1> & sleep 0.02 iwctl station wlan0 connect <network2> ++++++++ backtrace ++++++++ 0 0x7f4e1504e530 in /lib64/libc.so.6 1 0x432b54 in network_get_security() at src/network.c:253 2 0x416e92 in station_handshake_setup() at src/station.c:937 3 0x41a505 in __station_connect_network() at src/station.c:2551 4 0x41a683 in station_disconnect_onconnect_cb() at src/station.c:2581 5 0x40b4ae in netdev_disconnect() at src/netdev.c:3142 6 0x41a719 in station_disconnect_onconnect() at src/station.c:2603 7 0x41a89d in station_connect_network() at src/station.c:2652 8 0x433f1d in network_connect_psk() at src/network.c:886 9 0x43483a in network_connect() at src/network.c:1183 10 0x4add11 in _dbus_object_tree_dispatch() at ell/dbus-service.c:1802 11 0x49ff54 in message_read_handler() at ell/dbus.c:285 12 0x496d2f in io_callback() at ell/io.c:120 13 0x495894 in l_main_iterate() at ell/main.c:478 14 0x49599b in l_main_run() at ell/main.c:521 15 0x495cb3 in l_main_run_with_signal() at ell/main.c:647 16 0x404add in main() at src/main.c:490 17 0x7f4e15038b25 in /lib64/libc.so.6
2021-04-06 00:18:36 +02:00
}
netdev: Move deauthenticate handling out of wiphy.c
2016-06-16 23:05:34 +02:00
netdev: Add stubs for netdev_disconnect
2016-06-14 19:15:18 +02:00
return 0;
}
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
int netdev_reassociate(struct netdev *netdev, struct scan_bss *target_bss,
netdev: Allow reassociation if not currently connected Allow attempts to connect to a new AP using the Reassociation frame even if netdev->operational is false. This is needed if we want to continue an ongoing roam attempt after the original connection broke and will be needed when we start using cached PMKSAs in the future.
2017-08-14 14:31:19 +02:00
struct scan_bss *orig_bss, struct handshake_state *hs,
netdev_event_func_t event_filter,
netdev_connect_cb_t cb, void *user_data)
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
{
struct handshake_state *old_hs;
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
struct eapol_sm *old_sm;
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
old_sm = netdev->sm;
old_hs = netdev->handshake;
netdev: move failure point out of netdev_connect_common The only point of failure in netdev_connect_common was setting up the handshake type. Moving this outside of netdev_connect_common makes the code flow much better in netdev_{connect,reassociate} as nothing needs to be reset upon failure.
2021-08-09 19:42:56 +02:00
if (netdev_handshake_state_setup_connection_type(hs) < 0)
return -ENOTSUP;
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
netdev: Handle deauth frames prior to association In some cases the AP can send a deauthenticate frame right after accepting our authentication. In this case the kernel never properly sends a CMD_CONNECT event with a failure, even though CMD_COONNECT was used to initiate the connection. Try to work around that by detecting that a Deauthenticate event arrives prior to any Associte or Connect events and handle this case as a connect failure.
2021-01-13 20:31:23 +01:00
netdev->associated = false;
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
netdev->operational = false;
netdev: set connected to false in netdev_reassociate Commit 1fe5070 added a workaround for drivers which may send the connect event prior to the connect callback/ack. This caused IWD to fail to start eapol if reassociation was used due to netdev_reassociate never setting netdev->connected = false. netdev_reassociate uses the same code path as normal connections, but when the connect callback came in connected was already set to true which then prevents eapol from being registered. Then, once the connect event comes in, there is no frame watch for eapol and IWD doesn't respond to any handshake frames.
2021-04-30 23:15:26 +02:00
netdev->connected = false;
netdev: allow reassociation for auth-protos This adds support in netdev_reassociate for all the auth protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect into netdev_connect_common. In addition PREV_BSSID is set in the associate message if 'in_reassoc' is true.
2021-08-07 00:59:05 +02:00
netdev->in_reassoc = true;
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
netdev: move failure point out of netdev_connect_common The only point of failure in netdev_connect_common was setting up the handshake type. Moving this outside of netdev_connect_common makes the code flow much better in netdev_{connect,reassociate} as nothing needs to be reset upon failure.
2021-08-09 19:42:56 +02:00
netdev_connect_common(netdev, target_bss, orig_bss, hs, NULL, 0,
event_filter, cb, user_data);
if (netdev->ap)
memcpy(netdev->ap->prev_bssid, orig_bss->addr, ETH_ALEN);
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
netdev_rssi_polling_update(netdev);
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
if (old_sm)
eapol_sm_free(old_sm);
netdev: Allow reassociation if not currently connected Allow attempts to connect to a new AP using the Reassociation frame even if netdev->operational is false. This is needed if we want to continue an ongoing roam attempt after the original connection broke and will be needed when we start using cached PMKSAs in the future.
2017-08-14 14:31:19 +02:00
if (old_hs)
handshake_state_free(old_hs);
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
netdev: netdev_connect_common doesn't fail
2021-08-04 20:36:07 +02:00
return 0;
netdev: Add netdev_reassociate netdev_reassociate transitions to another BSS without FT. Similar to netdev_connect but uses reassociation instead of association and requires and an existing connection.
2017-03-31 14:43:01 +02:00
}
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
static void netdev_join_adhoc_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = user_data;
netdev->join_adhoc_cmd_id = 0;
if (netdev->adhoc_cb)
netdev->adhoc_cb(netdev, l_genl_msg_get_error(msg),
netdev->user_data);
}
int netdev_join_adhoc(struct netdev *netdev, const char *ssid,
struct iovec *extra_ie, size_t extra_ie_elems,
netdev: Remove redundant typedefs Unify command specific typedefs which had the same signature into a single netdev_command_cb_t
2018-08-20 01:25:23 +02:00
bool control_port, netdev_command_cb_t cb,
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
void *user_data)
{
struct l_genl_msg *cmd;
netdev: Don't use device_get_ifindex in join_adhoc This is pointless as the ifindex is already available on the netdev object.
2018-08-17 21:42:07 +02:00
uint32_t ifindex = netdev->index;
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
uint32_t ch_freq = scan_channel_to_freq(6, SCAN_BAND_2_4_GHZ);
uint32_t ch_type = NL80211_CHAN_HT20;
if (netdev->type != NL80211_IFTYPE_ADHOC) {
l_error("iftype is invalid for adhoc: %u",
netdev_get_iftype(netdev));
return -ENOTSUP;
}
if (netdev->join_adhoc_cmd_id || netdev->leave_adhoc_cmd_id)
return -EBUSY;
netdev->adhoc_cb = cb;
netdev->user_data = user_data;
cmd = l_genl_msg_new_sized(NL80211_CMD_JOIN_IBSS, 128);
l_genl_msg_append_attr(cmd, NL80211_ATTR_IFINDEX, 4, &ifindex);
l_genl_msg_append_attr(cmd, NL80211_ATTR_SSID, strlen(ssid), ssid);
l_genl_msg_append_attr(cmd, NL80211_ATTR_WIPHY_FREQ, 4, &ch_freq);
l_genl_msg_append_attr(cmd, NL80211_ATTR_WIPHY_CHANNEL_TYPE, 4,
&ch_type);
l_genl_msg_append_attrv(cmd, NL80211_ATTR_IE, extra_ie, extra_ie_elems);
l_genl_msg_append_attr(cmd, NL80211_ATTR_SOCKET_OWNER, 0, NULL);
netdev: Use EAPoL over nl80211 if CONTROL_PORT set Our logic would set CONTROL_PORT_OVER_NL80211 even in cases where CONTROL_PORT wasn't used (e.g. for open networks). While the kernel ignored this attribute in this case, it is nicer to set this only if CONTROL_PORT is intended to be used.
2018-08-09 22:16:45 +02:00
if (control_port) {
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
l_genl_msg_append_attr(cmd, NL80211_ATTR_CONTROL_PORT, 0, NULL);
netdev: Use EAPoL over nl80211 if CONTROL_PORT set Our logic would set CONTROL_PORT_OVER_NL80211 even in cases where CONTROL_PORT wasn't used (e.g. for open networks). While the kernel ignored this attribute in this case, it is nicer to set this only if CONTROL_PORT is intended to be used.
2018-08-09 22:16:45 +02:00
if (netdev->pae_over_nl80211)
l_genl_msg_append_attr(cmd,
NL80211_ATTR_CONTROL_PORT_OVER_NL80211,
0, NULL);
}
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
netdev->join_adhoc_cmd_id = l_genl_family_send(nl80211, cmd,
netdev_join_adhoc_cb, netdev, NULL);
if (!netdev->join_adhoc_cmd_id) {
netdev->adhoc_cb = NULL;
netdev->user_data = NULL;
return -EIO;
}
return 0;
}
static void netdev_leave_adhoc_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = user_data;
netdev->leave_adhoc_cmd_id = 0;
if (netdev->adhoc_cb)
netdev->adhoc_cb(netdev, l_genl_msg_get_error(msg),
netdev->user_data);
netdev->adhoc_cb = NULL;
}
netdev: Remove redundant typedefs Unify command specific typedefs which had the same signature into a single netdev_command_cb_t
2018-08-20 01:25:23 +02:00
int netdev_leave_adhoc(struct netdev *netdev, netdev_command_cb_t cb,
netdev: add join_adhoc/leave_adhoc API's These will issue a JOIN/LEAVE_IBSS to the kernel. There is a TODO regarding network configuration. For now, only the SSID is configurable. This configuration is also required for AP, but needs to be thought out. Since the current AP Dbus API has nothing related to configuration items such as freq/channel or RSN elements they are hard coded, and will be for Ad-Hoc as well (for now).
2018-07-17 23:15:59 +02:00
void *user_data)
{
struct l_genl_msg *cmd;
if (netdev->type != NL80211_IFTYPE_ADHOC) {
l_error("iftype is invalid for adhoc: %u",
netdev_get_iftype(netdev));
return -ENOTSUP;
}
if (netdev->join_adhoc_cmd_id || netdev->leave_adhoc_cmd_id)
return -EBUSY;
netdev->adhoc_cb = cb;
netdev->user_data = user_data;
cmd = l_genl_msg_new_sized(NL80211_CMD_LEAVE_IBSS, 64);
l_genl_msg_append_attr(cmd, NL80211_ATTR_IFINDEX, 4, &netdev->index);
netdev->leave_adhoc_cmd_id = l_genl_family_send(nl80211, cmd,
netdev_leave_adhoc_cb, netdev,
NULL);
if (!netdev->leave_adhoc_cmd_id)
return -EIO;
return 0;
}
netdev: support basic ANQP requests This adds a new API netdev_anqp_request which will send out a GAS request, parses the GAS portion of the response and forwards the ANQP response to the callers callback.
2019-06-14 23:56:13 +02:00
static uint32_t netdev_send_action_framev(struct netdev *netdev,
const uint8_t *to,
struct iovec *iov, size_t iov_len,
uint32_t freq,
netdev: add user_data to netdev_send_action_frame[v] This makes this internal API a bit more usable by removing the restriction of always having netdev as the user_data.
2021-04-27 21:49:39 +02:00
l_genl_msg_func_t callback,
void *user_data)
netdev: support basic ANQP requests This adds a new API netdev_anqp_request which will send out a GAS request, parses the GAS portion of the response and forwards the ANQP response to the callers callback.
2019-06-14 23:56:13 +02:00
{
uint32_t id;
nl80211util: move CMD_FRAME builder into nl80211util This will be needed outside of netdev
2019-06-27 00:15:53 +02:00
struct l_genl_msg *msg = nl80211_build_cmd_frame(netdev->index,
netdev->addr,
to, freq,
iov, iov_len);
netdev: support basic ANQP requests This adds a new API netdev_anqp_request which will send out a GAS request, parses the GAS portion of the response and forwards the ANQP response to the callers callback.
2019-06-14 23:56:13 +02:00
netdev: add user_data to netdev_send_action_frame[v] This makes this internal API a bit more usable by removing the restriction of always having netdev as the user_data.
2021-04-27 21:49:39 +02:00
id = l_genl_family_send(nl80211, msg, callback, user_data, NULL);
netdev: modify netdev_send_action_frame for ft-over-ds To support FT-over-DS this API needed some slight modifications: - Instead of setting the DA to netdev->handshake->aa, it is just set to the same address as the 'to' parameter. The kernel actually requires and checks for these addresses to match. All occurences were passing the handshake->aa anyways so this change should have no adverse affects; and its actually required by ft-over-ds to pass in the previous BSSID, so hard coding handshake->aa will not work. - The frequency is is also passed in now, as ft-over-ds needs to use the frequency of the currently connected AP (netdev->frequency get set to the new target in netdev_fast_transition. Previous frequency is also saved now). - A new vector variant (netdev_send_action_framev) was added as well to support sending out the FT Request action frame since the FT TX authenticate function provides an iovec of the IEs. The existing function was already having to prepend the action frame header to the body, so its not any more or less copying to do the same thing with an iovec instead.
2019-05-09 20:16:27 +02:00
if (!id)
l_genl_msg_unref(msg);
return id;
}
static uint32_t netdev_send_action_frame(struct netdev *netdev,
const uint8_t *to,
const uint8_t *body, size_t body_len,
uint32_t freq,
netdev: add user_data to netdev_send_action_frame[v] This makes this internal API a bit more usable by removing the restriction of always having netdev as the user_data.
2021-04-27 21:49:39 +02:00
l_genl_msg_func_t callback,
void *user_data)
netdev: modify netdev_send_action_frame for ft-over-ds To support FT-over-DS this API needed some slight modifications: - Instead of setting the DA to netdev->handshake->aa, it is just set to the same address as the 'to' parameter. The kernel actually requires and checks for these addresses to match. All occurences were passing the handshake->aa anyways so this change should have no adverse affects; and its actually required by ft-over-ds to pass in the previous BSSID, so hard coding handshake->aa will not work. - The frequency is is also passed in now, as ft-over-ds needs to use the frequency of the currently connected AP (netdev->frequency get set to the new target in netdev_fast_transition. Previous frequency is also saved now). - A new vector variant (netdev_send_action_framev) was added as well to support sending out the FT Request action frame since the FT TX authenticate function provides an iovec of the IEs. The existing function was already having to prepend the action frame header to the body, so its not any more or less copying to do the same thing with an iovec instead.
2019-05-09 20:16:27 +02:00
{
struct iovec iov[1];
iov[0].iov_base = (void *)body;
iov[0].iov_len = body_len;
netdev: add user_data to netdev_send_action_frame[v] This makes this internal API a bit more usable by removing the restriction of always having netdev as the user_data.
2021-04-27 21:49:39 +02:00
return netdev_send_action_framev(netdev, to, iov, 1, freq, callback,
user_data);
netdev: modify netdev_send_action_frame for ft-over-ds To support FT-over-DS this API needed some slight modifications: - Instead of setting the DA to netdev->handshake->aa, it is just set to the same address as the 'to' parameter. The kernel actually requires and checks for these addresses to match. All occurences were passing the handshake->aa anyways so this change should have no adverse affects; and its actually required by ft-over-ds to pass in the previous BSSID, so hard coding handshake->aa will not work. - The frequency is is also passed in now, as ft-over-ds needs to use the frequency of the currently connected AP (netdev->frequency get set to the new target in netdev_fast_transition. Previous frequency is also saved now). - A new vector variant (netdev_send_action_framev) was added as well to support sending out the FT Request action frame since the FT TX authenticate function provides an iovec of the IEs. The existing function was already having to prepend the action frame header to the body, so its not any more or less copying to do the same thing with an iovec instead.
2019-05-09 20:16:27 +02:00
}
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
static void netdev_cmd_authenticate_ft_cb(struct l_genl_msg *msg,
void *user_data)
{
struct netdev *netdev = user_data;
netdev->connect_cmd_id = 0;
netdev: store mpdu status and add getter Soon BSS blacklisting will be added, and in order to properly decide if a BSS should be blacklisted we need the status code on a failed connection. This change stores the status code when there is a failure in netdev and adds a getter to retrieve later. In many cases we have the actual status code from the AP, but in some corner cases its not obtainable (e.g. an error sending an NL80211 command) in which case we just default to MMPDU_REASON_CODE_UNSPECIFIED. Rather than continue with the pattern of setting netdev->result and now netdev->last_status_code, the netdev_connect_failed function was redefined so its no longer used as both a NL80211 callback and called directly. Instead a new function was added, netdev_disconnect_cb which just calls netdev_connect_failed. netdev_disconnect_cb should not be used for all the NL80211 disconnect commands. Now netdev_connect_failed takes both a result and status code which it sets in the netdev object. In the case where we were using netdev_connect_failed as a callback we still need to set the result and last_status_code but at least this is better than having to set those in all cases.
2019-01-24 21:56:23 +01:00
if (l_genl_msg_get_error(msg) < 0)
netdev_connect_failed(netdev,
NETDEV_RESULT_AUTHENTICATION_FAILED,
netdev: station: fix status/reason code in callbacks This change cleans up the mess of status vs reason codes. The two types of codes have already been separated into different enumerations, but netdev was still treating them the same (with last_status_code). A new 'event_data' argument was added to the connect callback, which has a different meaning depending on the result of the connection (described inside netdev.h, netdev_connect_cb_t). This allows for the removal of netdev_get_last_status_code since the status or reason code is now passed via event_data. Inside the netdev object last_status_code was renamed to last_code, for the purpose of storing either status or reason. This is only used when a disconnect needs to be emitted before failing the connection. In all other cases we just pass the code directly into the connect_cb and do not store it. All ocurrences of netdev_connect_failed were updated to use the proper code depending on the netdev result. Most of these simply changed from REASON_CODE_UNSPECIFIED to STATUS_CODE_UNSPECIFIED. This was simply for consistency (both codes have the same value). netdev_[authenticate|associate]_event's were updated to parse the status code and, if present, use that if their was a failure rather than defaulting to UNSPECIFIED.
2019-02-28 18:32:40 +01:00
MMPDU_STATUS_CODE_UNSPECIFIED);
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
}
ft: netdev: move Authenticate IE building into ft.c Since FT already handles processing the FT IE's (and building for associate) it didn't make sense to have all the IE building inside netdev_build_cmd_ft_authenticate. Instead this logic was moved into ft.c, and an iovec is now passed from FT into netdev_ft_tx_authenticate. This leaves the netdev command builder unburdened by the details of FT, as well as prepares for FT-over-DS.
2019-05-09 19:14:12 +02:00
static void netdev_ft_tx_authenticate(struct iovec *iov,
size_t iov_len, void *user_data)
netdev: ft: refactor FT into an auth-proto Since FT operates over Authenticate/Associate, it makes the most sense for it to behave like the other auth-protos. This change moves all the FT specific processing out of netdev and into ft.c. The bulk of the changes were strait copy-pastes from netdev into ft.c with minor API changes (e.g. remove struct netdev). The 'in_ft' boolean unforunately is still required for a few reasons: - netdev_disconnect_event relies on this flag so it can ignore the disconnect which comes in when doing a fast transition. We cannot simply check netdev->ap because this would cause the other auth-protos to not handle a disconnect correctly. - netdev_associate_event needs to correctly setup the eapol_sm when in FT mode by setting require_handshake and use_eapol_start to false. This cannot be handled inside eapol by checking the AKM because an AP may only advertise a FT AKM, and the initial mobility association does require the 4-way handshake.
2019-05-07 20:53:42 +02:00
{
struct netdev *netdev = user_data;
struct l_genl_msg *cmd_authenticate;
netdev: unify ft/auth_proto authenticate builders build_cmd_ft_authenticate and build_cmd_authenticate were virtually identical. These have been unified into a single builder. We were also incorrectly including ATTR_IE to every authenticate command, which violates the spec for certain protocols, This was removed and any auth protocols will now add any IEs that they require.
2020-05-07 23:50:58 +02:00
cmd_authenticate = netdev_build_cmd_authenticate(netdev,
NL80211_AUTHTYPE_FT);
ft: netdev: move Authenticate IE building into ft.c Since FT already handles processing the FT IE's (and building for associate) it didn't make sense to have all the IE building inside netdev_build_cmd_ft_authenticate. Instead this logic was moved into ft.c, and an iovec is now passed from FT into netdev_ft_tx_authenticate. This leaves the netdev command builder unburdened by the details of FT, as well as prepares for FT-over-DS.
2019-05-09 19:14:12 +02:00
l_genl_msg_append_attrv(cmd_authenticate, NL80211_ATTR_IE, iov,
iov_len);
netdev: ft: refactor FT into an auth-proto Since FT operates over Authenticate/Associate, it makes the most sense for it to behave like the other auth-protos. This change moves all the FT specific processing out of netdev and into ft.c. The bulk of the changes were strait copy-pastes from netdev into ft.c with minor API changes (e.g. remove struct netdev). The 'in_ft' boolean unforunately is still required for a few reasons: - netdev_disconnect_event relies on this flag so it can ignore the disconnect which comes in when doing a fast transition. We cannot simply check netdev->ap because this would cause the other auth-protos to not handle a disconnect correctly. - netdev_associate_event needs to correctly setup the eapol_sm when in FT mode by setting require_handshake and use_eapol_start to false. This cannot be handled inside eapol by checking the AKM because an AP may only advertise a FT AKM, and the initial mobility association does require the 4-way handshake.
2019-05-07 20:53:42 +02:00
netdev->connect_cmd_id = l_genl_family_send(nl80211,
cmd_authenticate,
netdev_cmd_authenticate_ft_cb,
netdev, NULL);
if (!netdev->connect_cmd_id) {
l_genl_msg_unref(cmd_authenticate);
goto restore_snonce;
}
return;
restore_snonce:
memcpy(netdev->handshake->snonce, netdev->prev_snonce, 32);
netdev_connect_failed(netdev, NETDEV_RESULT_AUTHENTICATION_FAILED,
MMPDU_STATUS_CODE_UNSPECIFIED);
}
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
static int netdev_ft_tx_associate(struct iovec *ft_iov, size_t n_ft_iov,
netdev: ft: refactor FT into an auth-proto Since FT operates over Authenticate/Associate, it makes the most sense for it to behave like the other auth-protos. This change moves all the FT specific processing out of netdev and into ft.c. The bulk of the changes were strait copy-pastes from netdev into ft.c with minor API changes (e.g. remove struct netdev). The 'in_ft' boolean unforunately is still required for a few reasons: - netdev_disconnect_event relies on this flag so it can ignore the disconnect which comes in when doing a fast transition. We cannot simply check netdev->ap because this would cause the other auth-protos to not handle a disconnect correctly. - netdev_associate_event needs to correctly setup the eapol_sm when in FT mode by setting require_handshake and use_eapol_start to false. This cannot be handled inside eapol by checking the AKM because an AP may only advertise a FT AKM, and the initial mobility association does require the 4-way handshake.
2019-05-07 20:53:42 +02:00
void *user_data)
{
struct netdev *netdev = user_data;
netdev: Remove prev_bssid member This variable ended up being used only on the fast-transition path. On the re-associate path it was never used, but memcpy-ied nevertheless. Since its only use is by auth_proto based protocols, move it to the auth_proto object directly. Due to how prepare_ft works (we need prev_bssid from the handshake, but the handshake is reset), have netdev_ft_* methods take an 'orig_bss' parameter, similar to netdev_reassociate.
2021-08-04 22:38:38 +02:00
struct auth_proto *ap = netdev->ap;
netdev: Append any vendor IEs from the handshake
2021-08-06 20:56:55 +02:00
struct handshake_state *hs = netdev->handshake;
netdev: ft: refactor FT into an auth-proto Since FT operates over Authenticate/Associate, it makes the most sense for it to behave like the other auth-protos. This change moves all the FT specific processing out of netdev and into ft.c. The bulk of the changes were strait copy-pastes from netdev into ft.c with minor API changes (e.g. remove struct netdev). The 'in_ft' boolean unforunately is still required for a few reasons: - netdev_disconnect_event relies on this flag so it can ignore the disconnect which comes in when doing a fast transition. We cannot simply check netdev->ap because this would cause the other auth-protos to not handle a disconnect correctly. - netdev_associate_event needs to correctly setup the eapol_sm when in FT mode by setting require_handshake and use_eapol_start to false. This cannot be handled inside eapol by checking the AKM because an AP may only advertise a FT AKM, and the initial mobility association does require the 4-way handshake.
2019-05-07 20:53:42 +02:00
struct l_genl_msg *msg;
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
struct iovec iov[64];
unsigned int n_iov = L_ARRAY_SIZE(iov);
unsigned int c_iov = 0;
enum mpdu_management_subtype subtype =
MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_REQUEST;
netdev: ft: refactor FT into an auth-proto Since FT operates over Authenticate/Associate, it makes the most sense for it to behave like the other auth-protos. This change moves all the FT specific processing out of netdev and into ft.c. The bulk of the changes were strait copy-pastes from netdev into ft.c with minor API changes (e.g. remove struct netdev). The 'in_ft' boolean unforunately is still required for a few reasons: - netdev_disconnect_event relies on this flag so it can ignore the disconnect which comes in when doing a fast transition. We cannot simply check netdev->ap because this would cause the other auth-protos to not handle a disconnect correctly. - netdev_associate_event needs to correctly setup the eapol_sm when in FT mode by setting require_handshake and use_eapol_start to false. This cannot be handled inside eapol by checking the AKM because an AP may only advertise a FT AKM, and the initial mobility association does require the 4-way handshake.
2019-05-07 20:53:42 +02:00
msg = netdev_build_cmd_associate_common(netdev);
netdev: Append any vendor IEs from the handshake
2021-08-06 20:56:55 +02:00
c_iov = netdev_populate_common_ies(netdev, hs, msg, iov, n_iov, c_iov);
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
if (!L_WARN_ON(n_iov - c_iov < n_ft_iov)) {
memcpy(iov + c_iov, ft_iov, sizeof(*ft_iov) * n_ft_iov);
c_iov += n_ft_iov;
}
mpdu_sort_ies(subtype, iov, c_iov);
netdev: ft: refactor FT into an auth-proto Since FT operates over Authenticate/Associate, it makes the most sense for it to behave like the other auth-protos. This change moves all the FT specific processing out of netdev and into ft.c. The bulk of the changes were strait copy-pastes from netdev into ft.c with minor API changes (e.g. remove struct netdev). The 'in_ft' boolean unforunately is still required for a few reasons: - netdev_disconnect_event relies on this flag so it can ignore the disconnect which comes in when doing a fast transition. We cannot simply check netdev->ap because this would cause the other auth-protos to not handle a disconnect correctly. - netdev_associate_event needs to correctly setup the eapol_sm when in FT mode by setting require_handshake and use_eapol_start to false. This cannot be handled inside eapol by checking the AKM because an AP may only advertise a FT AKM, and the initial mobility association does require the 4-way handshake.
2019-05-07 20:53:42 +02:00
l_genl_msg_append_attr(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
netdev: Remove prev_bssid member This variable ended up being used only on the fast-transition path. On the re-associate path it was never used, but memcpy-ied nevertheless. Since its only use is by auth_proto based protocols, move it to the auth_proto object directly. Due to how prepare_ft works (we need prev_bssid from the handshake, but the handshake is reset), have netdev_ft_* methods take an 'orig_bss' parameter, similar to netdev_reassociate.
2021-08-04 22:38:38 +02:00
ap->prev_bssid);
netdev: Send addititional IEs for FT/SAE/OWE/FILS RM Enabled Capabilities and Extended Capabilities IEs were correctly being sent when using CMD_CONNECT for initial connections and re-associations. However, for SoftMac SAE, FT, FILS and OWE connections, these additional IEs were not added properly during the Associate step.
2021-08-05 16:44:11 +02:00
l_genl_msg_append_attrv(msg, NL80211_ATTR_IE, iov, c_iov);
netdev: ft: refactor FT into an auth-proto Since FT operates over Authenticate/Associate, it makes the most sense for it to behave like the other auth-protos. This change moves all the FT specific processing out of netdev and into ft.c. The bulk of the changes were strait copy-pastes from netdev into ft.c with minor API changes (e.g. remove struct netdev). The 'in_ft' boolean unforunately is still required for a few reasons: - netdev_disconnect_event relies on this flag so it can ignore the disconnect which comes in when doing a fast transition. We cannot simply check netdev->ap because this would cause the other auth-protos to not handle a disconnect correctly. - netdev_associate_event needs to correctly setup the eapol_sm when in FT mode by setting require_handshake and use_eapol_start to false. This cannot be handled inside eapol by checking the AKM because an AP may only advertise a FT AKM, and the initial mobility association does require the 4-way handshake.
2019-05-07 20:53:42 +02:00
netdev->connect_cmd_id = l_genl_family_send(nl80211, msg,
netdev_cmd_ft_reassociate_cb,
netdev, NULL);
if (!netdev->connect_cmd_id) {
l_genl_msg_unref(msg);
ft: netdev: add return value to tx_associate Prior to this, an error sending the FT Reassociation was treated as fatal, which is correct for FT-over-Air but not for FT-over-DS. If the actual l_genl_family_send call fails for FT-over-DS the existing connection can be maintained and there is no need to call netdev_connect_failed. Adding a return to the tx_associate function works for both FT types. In the FT-over-Air case this return will ultimately get sent back up to auth_proto_rx_authenticate in which case will call netdev_connect_failed. For FT-over-DS tx_associate is actually called from the 'start' operation which can fail and still maintain the existing connection.
2021-04-30 19:47:04 +02:00
return -EIO;
netdev: ft: refactor FT into an auth-proto Since FT operates over Authenticate/Associate, it makes the most sense for it to behave like the other auth-protos. This change moves all the FT specific processing out of netdev and into ft.c. The bulk of the changes were strait copy-pastes from netdev into ft.c with minor API changes (e.g. remove struct netdev). The 'in_ft' boolean unforunately is still required for a few reasons: - netdev_disconnect_event relies on this flag so it can ignore the disconnect which comes in when doing a fast transition. We cannot simply check netdev->ap because this would cause the other auth-protos to not handle a disconnect correctly. - netdev_associate_event needs to correctly setup the eapol_sm when in FT mode by setting require_handshake and use_eapol_start to false. This cannot be handled inside eapol by checking the AKM because an AP may only advertise a FT AKM, and the initial mobility association does require the 4-way handshake.
2019-05-07 20:53:42 +02:00
}
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
ft: netdev: add return value to tx_associate Prior to this, an error sending the FT Reassociation was treated as fatal, which is correct for FT-over-Air but not for FT-over-DS. If the actual l_genl_family_send call fails for FT-over-DS the existing connection can be maintained and there is no need to call netdev_connect_failed. Adding a return to the tx_associate function works for both FT types. In the FT-over-Air case this return will ultimately get sent back up to auth_proto_rx_authenticate in which case will call netdev_connect_failed. For FT-over-DS tx_associate is actually called from the 'start' operation which can fail and still maintain the existing connection.
2021-04-30 19:47:04 +02:00
return 0;
netdev: ft: refactor FT into an auth-proto Since FT operates over Authenticate/Associate, it makes the most sense for it to behave like the other auth-protos. This change moves all the FT specific processing out of netdev and into ft.c. The bulk of the changes were strait copy-pastes from netdev into ft.c with minor API changes (e.g. remove struct netdev). The 'in_ft' boolean unforunately is still required for a few reasons: - netdev_disconnect_event relies on this flag so it can ignore the disconnect which comes in when doing a fast transition. We cannot simply check netdev->ap because this would cause the other auth-protos to not handle a disconnect correctly. - netdev_associate_event needs to correctly setup the eapol_sm when in FT mode by setting require_handshake and use_eapol_start to false. This cannot be handled inside eapol by checking the AKM because an AP may only advertise a FT AKM, and the initial mobility association does require the 4-way handshake.
2019-05-07 20:53:42 +02:00
}
netdev: Remove prev_bssid member This variable ended up being used only on the fast-transition path. On the re-associate path it was never used, but memcpy-ied nevertheless. Since its only use is by auth_proto based protocols, move it to the auth_proto object directly. Due to how prepare_ft works (we need prev_bssid from the handshake, but the handshake is reset), have netdev_ft_* methods take an 'orig_bss' parameter, similar to netdev_reassociate.
2021-08-04 22:38:38 +02:00
static void prepare_ft(struct netdev *netdev, const struct scan_bss *target_bss)
netdev: factor out FT handshake preparation This isolates the handshake/nhs preparation for FT into its own function to be used by both FT-over-Air and FT-over-DS after refactoring.
2021-04-16 00:45:05 +02:00
{
struct netdev_handshake_state *nhs;
netdev: separate over-air and over-ds netdev APIs
2021-04-30 01:08:38 +02:00
/*
* We reuse the handshake_state object and reset what's needed.
* Could also create a new object and copy most of the state but
* we would end up doing more work.
*/
memcpy(netdev->prev_snonce, netdev->handshake->snonce, 32);
netdev: factor out FT handshake preparation This isolates the handshake/nhs preparation for FT into its own function to be used by both FT-over-Air and FT-over-DS after refactoring.
2021-04-16 00:45:05 +02:00
netdev->frequency = target_bss->frequency;
netdev: separate over-air and over-ds netdev APIs
2021-04-30 01:08:38 +02:00
handshake_state_set_authenticator_address(netdev->handshake,
target_bss->addr);
if (target_bss->rsne)
handshake_state_set_authenticator_ie(netdev->handshake,
target_bss->rsne);
memcpy(netdev->handshake->mde + 2, target_bss->mde, 3);
netdev: factor out FT handshake preparation This isolates the handshake/nhs preparation for FT into its own function to be used by both FT-over-Air and FT-over-DS after refactoring.
2021-04-16 00:45:05 +02:00
netdev->associated = false;
netdev->operational = false;
netdev->in_ft = true;
/*
* Cancel commands that could be running because of EAPoL activity
* like re-keying, this way the callbacks for those commands don't
* have to check if failures resulted from the transition.
*/
nhs = l_container_of(netdev->handshake,
struct netdev_handshake_state, super);
/* reset key states just as we do in initialization */
nhs->complete = false;
nhs->ptk_installed = false;
nhs->gtk_installed = true;
nhs->igtk_installed = true;
if (nhs->group_new_key_cmd_id) {
l_genl_family_cancel(nl80211, nhs->group_new_key_cmd_id);
nhs->group_new_key_cmd_id = 0;
}
if (nhs->group_management_new_key_cmd_id) {
l_genl_family_cancel(nl80211,
nhs->group_management_new_key_cmd_id);
nhs->group_management_new_key_cmd_id = 0;
}
if (netdev->rekey_offload_cmd_id) {
l_genl_family_cancel(nl80211, netdev->rekey_offload_cmd_id);
netdev->rekey_offload_cmd_id = 0;
}
netdev_rssi_polling_update(netdev);
netdev: fix RoamThreshold5G The RoamThreshold5G was never honored because it was being set prior to any connections. This caused the logic inside netdev_cqm_rssi_update to always choose the 2GHz threshold (RoamThreshold) due to netdev->frequency being zero at this time. Instead call netdev_cqm_rssi_update in all connect/transition calls after netdev->frequency is updated. This will allow both the 2G and 5G thresholds to be used depending on what frequency the new BSS is. The call to netdev_cqm_rssi_update in netdev_setup_interface was also removed since it serves no purpose, at least now that there are two thresholds to consider.
2021-07-28 00:50:23 +02:00
netdev_cqm_rssi_update(netdev);
netdev: factor out FT handshake preparation This isolates the handshake/nhs preparation for FT into its own function to be used by both FT-over-Air and FT-over-DS after refactoring.
2021-04-16 00:45:05 +02:00
if (netdev->sm) {
eapol_sm_free(netdev->sm);
netdev->sm = NULL;
}
}
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
static void netdev_ft_over_ds_auth_failed(struct netdev_ft_over_ds_info *info,
uint16_t status)
ft: netdev: station: support FT-over-DS FT-over-DS is a way to do a Fast BSS Transition using action frames for the authenticate step. This allows a station to start a fast transition to a target AP while still being connected to the original AP. This, in theory, can result in less carrier downtime. The existing ft_sm_new was removed, and two new constructors were added; one for over-air, and another for over-ds. The internals of ft.c mostly remain the same. A flag to distinguish between air/ds was added along with a new parser to parse the action frames rather than authenticate frames. The IE parsing is identical. Netdev now just initializes the auth-proto differently depending on if its doing over-air or over-ds. A new TX authenticate function was added and used for over-ds. This will send out the IEs from ft.c with an FT Request action frame. The FT Response action frame is then recieved from the AP and fed into the auth-proto state machine. After this point ft-over-ds behaves the same as ft-over-air (associate to the target AP). Some simple code was added in station.c to determine if over-air or over-ds should be used. FT-over-DS can be beneficial in cases where the AP is directing us to roam, or if the RSSI falls below a threshold. It should not be used if we have lost communication to the AP all (beacon lost) as it only works while we can still talk to the original AP.
2019-05-09 20:16:28 +02:00
{
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
l_queue_remove(info->netdev->ft_ds_list, info);
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
ft_ds_info_free(&info->super);
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
}
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
struct ft_ds_finder {
const uint8_t *spa;
const uint8_t *aa;
};
static bool match_ft_ds_info(const void *a, const void *b)
{
const struct netdev_ft_over_ds_info *info = a;
const struct ft_ds_finder *finder = b;
if (memcmp(info->super.spa, finder->spa, 6))
return false;
if (memcmp(info->super.aa, finder->aa, 6))
return false;
return true;
ft: netdev: station: support FT-over-DS FT-over-DS is a way to do a Fast BSS Transition using action frames for the authenticate step. This allows a station to start a fast transition to a target AP while still being connected to the original AP. This, in theory, can result in less carrier downtime. The existing ft_sm_new was removed, and two new constructors were added; one for over-air, and another for over-ds. The internals of ft.c mostly remain the same. A flag to distinguish between air/ds was added along with a new parser to parse the action frames rather than authenticate frames. The IE parsing is identical. Netdev now just initializes the auth-proto differently depending on if its doing over-air or over-ds. A new TX authenticate function was added and used for over-ds. This will send out the IEs from ft.c with an FT Request action frame. The FT Response action frame is then recieved from the AP and fed into the auth-proto state machine. After this point ft-over-ds behaves the same as ft-over-air (associate to the target AP). Some simple code was added in station.c to determine if over-air or over-ds should be used. FT-over-DS can be beneficial in cases where the AP is directing us to roam, or if the RSSI falls below a threshold. It should not be used if we have lost communication to the AP all (beacon lost) as it only works while we can still talk to the original AP.
2019-05-09 20:16:28 +02:00
}
netdev: Switch to new frame watch API
2020-01-16 03:40:59 +01:00
static void netdev_ft_response_frame_event(const struct mmpdu_header *hdr,
ft: netdev: station: support FT-over-DS FT-over-DS is a way to do a Fast BSS Transition using action frames for the authenticate step. This allows a station to start a fast transition to a target AP while still being connected to the original AP. This, in theory, can result in less carrier downtime. The existing ft_sm_new was removed, and two new constructors were added; one for over-air, and another for over-ds. The internals of ft.c mostly remain the same. A flag to distinguish between air/ds was added along with a new parser to parse the action frames rather than authenticate frames. The IE parsing is identical. Netdev now just initializes the auth-proto differently depending on if its doing over-air or over-ds. A new TX authenticate function was added and used for over-ds. This will send out the IEs from ft.c with an FT Request action frame. The FT Response action frame is then recieved from the AP and fed into the auth-proto state machine. After this point ft-over-ds behaves the same as ft-over-air (associate to the target AP). Some simple code was added in station.c to determine if over-air or over-ds should be used. FT-over-DS can be beneficial in cases where the AP is directing us to roam, or if the RSSI falls below a threshold. It should not be used if we have lost communication to the AP all (beacon lost) as it only works while we can still talk to the original AP.
2019-05-09 20:16:28 +02:00
const void *body, size_t body_len,
netdev: Switch to new frame watch API
2020-01-16 03:40:59 +01:00
int rssi, void *user_data)
ft: netdev: station: support FT-over-DS FT-over-DS is a way to do a Fast BSS Transition using action frames for the authenticate step. This allows a station to start a fast transition to a target AP while still being connected to the original AP. This, in theory, can result in less carrier downtime. The existing ft_sm_new was removed, and two new constructors were added; one for over-air, and another for over-ds. The internals of ft.c mostly remain the same. A flag to distinguish between air/ds was added along with a new parser to parse the action frames rather than authenticate frames. The IE parsing is identical. Netdev now just initializes the auth-proto differently depending on if its doing over-air or over-ds. A new TX authenticate function was added and used for over-ds. This will send out the IEs from ft.c with an FT Request action frame. The FT Response action frame is then recieved from the AP and fed into the auth-proto state machine. After this point ft-over-ds behaves the same as ft-over-air (associate to the target AP). Some simple code was added in station.c to determine if over-air or over-ds should be used. FT-over-DS can be beneficial in cases where the AP is directing us to roam, or if the RSSI falls below a threshold. It should not be used if we have lost communication to the AP all (beacon lost) as it only works while we can still talk to the original AP.
2019-05-09 20:16:28 +02:00
{
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
struct netdev *netdev = user_data;
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
struct netdev_ft_over_ds_info *info;
ft: netdev: station: support FT-over-DS FT-over-DS is a way to do a Fast BSS Transition using action frames for the authenticate step. This allows a station to start a fast transition to a target AP while still being connected to the original AP. This, in theory, can result in less carrier downtime. The existing ft_sm_new was removed, and two new constructors were added; one for over-air, and another for over-ds. The internals of ft.c mostly remain the same. A flag to distinguish between air/ds was added along with a new parser to parse the action frames rather than authenticate frames. The IE parsing is identical. Netdev now just initializes the auth-proto differently depending on if its doing over-air or over-ds. A new TX authenticate function was added and used for over-ds. This will send out the IEs from ft.c with an FT Request action frame. The FT Response action frame is then recieved from the AP and fed into the auth-proto state machine. After this point ft-over-ds behaves the same as ft-over-air (associate to the target AP). Some simple code was added in station.c to determine if over-air or over-ds should be used. FT-over-DS can be beneficial in cases where the AP is directing us to roam, or if the RSSI falls below a threshold. It should not be used if we have lost communication to the AP all (beacon lost) as it only works while we can still talk to the original AP.
2019-05-09 20:16:28 +02:00
int ret;
uint16_t status_code = MMPDU_STATUS_CODE_UNSPECIFIED;
ft: break up FT action parsing into two steps This is to prepare for multiple concurrent FT-over-DS action frames. A list will be kept in netdev and for lookup reasons it needs to parse the start of the frame to grab the aa/spa addresses. In this call the IEs are also returned and passed to the new ft_over_ds_parse_action_response. For now the address checks have been moved into netdev, but this will eventually turn into a queue lookup.
2021-05-13 01:01:40 +02:00
const uint8_t *aa;
const uint8_t *spa;
const uint8_t *ies;
size_t ies_len;
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
struct ft_ds_finder finder;
ft: netdev: station: support FT-over-DS FT-over-DS is a way to do a Fast BSS Transition using action frames for the authenticate step. This allows a station to start a fast transition to a target AP while still being connected to the original AP. This, in theory, can result in less carrier downtime. The existing ft_sm_new was removed, and two new constructors were added; one for over-air, and another for over-ds. The internals of ft.c mostly remain the same. A flag to distinguish between air/ds was added along with a new parser to parse the action frames rather than authenticate frames. The IE parsing is identical. Netdev now just initializes the auth-proto differently depending on if its doing over-air or over-ds. A new TX authenticate function was added and used for over-ds. This will send out the IEs from ft.c with an FT Request action frame. The FT Response action frame is then recieved from the AP and fed into the auth-proto state machine. After this point ft-over-ds behaves the same as ft-over-air (associate to the target AP). Some simple code was added in station.c to determine if over-air or over-ds should be used. FT-over-DS can be beneficial in cases where the AP is directing us to roam, or if the RSSI falls below a threshold. It should not be used if we have lost communication to the AP all (beacon lost) as it only works while we can still talk to the original AP.
2019-05-09 20:16:28 +02:00
ft: break up FT action parsing into two steps This is to prepare for multiple concurrent FT-over-DS action frames. A list will be kept in netdev and for lookup reasons it needs to parse the start of the frame to grab the aa/spa addresses. In this call the IEs are also returned and passed to the new ft_over_ds_parse_action_response. For now the address checks have been moved into netdev, but this will eventually turn into a queue lookup.
2021-05-13 01:01:40 +02:00
ret = ft_over_ds_parse_action_response(body, body_len, &spa, &aa,
&ies, &ies_len);
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
if (ret < 0)
ft: break up FT action parsing into two steps This is to prepare for multiple concurrent FT-over-DS action frames. A list will be kept in netdev and for lookup reasons it needs to parse the start of the frame to grab the aa/spa addresses. In this call the IEs are also returned and passed to the new ft_over_ds_parse_action_response. For now the address checks have been moved into netdev, but this will eventually turn into a queue lookup.
2021-05-13 01:01:40 +02:00
return;
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
finder.spa = spa;
finder.aa = aa;
info = l_queue_find(netdev->ft_ds_list, match_ft_ds_info, &finder);
if (!info)
ft: break up FT action parsing into two steps This is to prepare for multiple concurrent FT-over-DS action frames. A list will be kept in netdev and for lookup reasons it needs to parse the start of the frame to grab the aa/spa addresses. In this call the IEs are also returned and passed to the new ft_over_ds_parse_action_response. For now the address checks have been moved into netdev, but this will eventually turn into a queue lookup.
2021-05-13 01:01:40 +02:00
return;
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
/* Lookup successful, now check the status code */
if (ret > 0) {
status_code = (uint16_t)ret;
goto ft_error;
}
ft: break up FT action parsing into two steps This is to prepare for multiple concurrent FT-over-DS action frames. A list will be kept in netdev and for lookup reasons it needs to parse the start of the frame to grab the aa/spa addresses. In this call the IEs are also returned and passed to the new ft_over_ds_parse_action_response. For now the address checks have been moved into netdev, but this will eventually turn into a queue lookup.
2021-05-13 01:01:40 +02:00
ret = ft_over_ds_parse_action_ies(&info->super, netdev->handshake,
ies, ies_len);
ft: netdev: station: support FT-over-DS FT-over-DS is a way to do a Fast BSS Transition using action frames for the authenticate step. This allows a station to start a fast transition to a target AP while still being connected to the original AP. This, in theory, can result in less carrier downtime. The existing ft_sm_new was removed, and two new constructors were added; one for over-air, and another for over-ds. The internals of ft.c mostly remain the same. A flag to distinguish between air/ds was added along with a new parser to parse the action frames rather than authenticate frames. The IE parsing is identical. Netdev now just initializes the auth-proto differently depending on if its doing over-air or over-ds. A new TX authenticate function was added and used for over-ds. This will send out the IEs from ft.c with an FT Request action frame. The FT Response action frame is then recieved from the AP and fed into the auth-proto state machine. After this point ft-over-ds behaves the same as ft-over-air (associate to the target AP). Some simple code was added in station.c to determine if over-air or over-ds should be used. FT-over-DS can be beneficial in cases where the AP is directing us to roam, or if the RSSI falls below a threshold. It should not be used if we have lost communication to the AP all (beacon lost) as it only works while we can still talk to the original AP.
2019-05-09 20:16:28 +02:00
if (ret < 0)
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
goto ft_error;
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
info->parsed = true;
ft: netdev: station: support FT-over-DS FT-over-DS is a way to do a Fast BSS Transition using action frames for the authenticate step. This allows a station to start a fast transition to a target AP while still being connected to the original AP. This, in theory, can result in less carrier downtime. The existing ft_sm_new was removed, and two new constructors were added; one for over-air, and another for over-ds. The internals of ft.c mostly remain the same. A flag to distinguish between air/ds was added along with a new parser to parse the action frames rather than authenticate frames. The IE parsing is identical. Netdev now just initializes the auth-proto differently depending on if its doing over-air or over-ds. A new TX authenticate function was added and used for over-ds. This will send out the IEs from ft.c with an FT Request action frame. The FT Response action frame is then recieved from the AP and fed into the auth-proto state machine. After this point ft-over-ds behaves the same as ft-over-air (associate to the target AP). Some simple code was added in station.c to determine if over-air or over-ds should be used. FT-over-DS can be beneficial in cases where the AP is directing us to roam, or if the RSSI falls below a threshold. It should not be used if we have lost communication to the AP all (beacon lost) as it only works while we can still talk to the original AP.
2019-05-09 20:16:28 +02:00
return;
ft_error:
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
l_debug("FT-over-DS to "MAC" failed (%d)", MAC_STR(info->super.aa),
status_code);
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
netdev_ft_over_ds_auth_failed(info, status_code);
ft: netdev: station: support FT-over-DS FT-over-DS is a way to do a Fast BSS Transition using action frames for the authenticate step. This allows a station to start a fast transition to a target AP while still being connected to the original AP. This, in theory, can result in less carrier downtime. The existing ft_sm_new was removed, and two new constructors were added; one for over-air, and another for over-ds. The internals of ft.c mostly remain the same. A flag to distinguish between air/ds was added along with a new parser to parse the action frames rather than authenticate frames. The IE parsing is identical. Netdev now just initializes the auth-proto differently depending on if its doing over-air or over-ds. A new TX authenticate function was added and used for over-ds. This will send out the IEs from ft.c with an FT Request action frame. The FT Response action frame is then recieved from the AP and fed into the auth-proto state machine. After this point ft-over-ds behaves the same as ft-over-air (associate to the target AP). Some simple code was added in station.c to determine if over-air or over-ds should be used. FT-over-DS can be beneficial in cases where the AP is directing us to roam, or if the RSSI falls below a threshold. It should not be used if we have lost communication to the AP all (beacon lost) as it only works while we can still talk to the original AP.
2019-05-09 20:16:28 +02:00
}
netdev: Switch to new frame watch API
2020-01-16 03:40:59 +01:00
static void netdev_qos_map_frame_event(const struct mmpdu_header *hdr,
netdev: handle QoS Map IE/Frame The QoS Map can come in either as a management frame or via the Associate Response. In either case this IE simply needs to be forwarded back to the kernel.
2019-09-14 00:26:31 +02:00
const void *body, size_t body_len,
netdev: Switch to new frame watch API
2020-01-16 03:40:59 +01:00
int rssi, void *user_data)
netdev: handle QoS Map IE/Frame The QoS Map can come in either as a management frame or via the Associate Response. In either case this IE simply needs to be forwarded back to the kernel.
2019-09-14 00:26:31 +02:00
{
netdev: Switch to new frame watch API
2020-01-16 03:40:59 +01:00
struct netdev *netdev = user_data;
netdev: handle QoS Map IE/Frame The QoS Map can come in either as a management frame or via the Associate Response. In either case this IE simply needs to be forwarded back to the kernel.
2019-09-14 00:26:31 +02:00
/* No point telling the kernel */
if (!netdev->connected)
return;
if (memcmp(netdev->handshake->aa, hdr->address_2, ETH_ALEN))
return;
if (body_len < 5)
return;
if (l_get_u8(body + 2) != IE_TYPE_QOS_MAP_SET)
return;
netdev_send_qos_map_set(netdev, body + 4, body_len - 4);
}
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
static bool netdev_ft_work_ready(struct wiphy_radio_work_item *item)
{
struct netdev *netdev = l_container_of(item, struct netdev, work);
if (!auth_proto_start(netdev->ap)) {
/* Restore original nonce */
memcpy(netdev->handshake->snonce, netdev->prev_snonce, 32);
netdev_connect_failed(netdev, NETDEV_RESULT_ABORTED,
MMPDU_STATUS_CODE_UNSPECIFIED);
return true;
}
return false;
}
static const struct wiphy_radio_work_item_ops ft_work_ops = {
.do_work = netdev_ft_work_ready,
};
netdev: Remove prev_bssid member This variable ended up being used only on the fast-transition path. On the re-associate path it was never used, but memcpy-ied nevertheless. Since its only use is by auth_proto based protocols, move it to the auth_proto object directly. Due to how prepare_ft works (we need prev_bssid from the handshake, but the handshake is reset), have netdev_ft_* methods take an 'orig_bss' parameter, similar to netdev_reassociate.
2021-08-04 22:38:38 +02:00
int netdev_fast_transition(struct netdev *netdev,
const struct scan_bss *target_bss,
const struct scan_bss *orig_bss,
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
netdev_connect_cb_t cb)
{
if (!netdev->operational)
return -ENOTCONN;
if (!netdev->handshake->mde || !target_bss->mde_present ||
l_get_le16(netdev->handshake->mde + 2) !=
l_get_le16(target_bss->mde))
return -EINVAL;
netdev: move prepare_ft call which broke FT The prepare_ft patch was an intermediate to a full patch set and was not fully tested stand alone. Its placement actually broke FT due to handshake->aa getting overwritten prior to netdev->prev_bssid being copied out. This caused FT to fail with "transport endpoint not connected (-107)"
2021-04-22 19:37:46 +02:00
prepare_ft(netdev, target_bss);
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
handshake_state_new_snonce(netdev->handshake);
netdev: factor out FT handshake preparation This isolates the handshake/nhs preparation for FT into its own function to be used by both FT-over-Air and FT-over-DS after refactoring.
2021-04-16 00:45:05 +02:00
netdev->connect_cb = cb;
netdev: ft: refactor FT into an auth-proto Since FT operates over Authenticate/Associate, it makes the most sense for it to behave like the other auth-protos. This change moves all the FT specific processing out of netdev and into ft.c. The bulk of the changes were strait copy-pastes from netdev into ft.c with minor API changes (e.g. remove struct netdev). The 'in_ft' boolean unforunately is still required for a few reasons: - netdev_disconnect_event relies on this flag so it can ignore the disconnect which comes in when doing a fast transition. We cannot simply check netdev->ap because this would cause the other auth-protos to not handle a disconnect correctly. - netdev_associate_event needs to correctly setup the eapol_sm when in FT mode by setting require_handshake and use_eapol_start to false. This cannot be handled inside eapol by checking the AKM because an AP may only advertise a FT AKM, and the initial mobility association does require the 4-way handshake.
2019-05-07 20:53:42 +02:00
netdev: separate over-air and over-ds netdev APIs
2021-04-30 01:08:38 +02:00
netdev->ap = ft_over_air_sm_new(netdev->handshake,
ft: netdev: station: support FT-over-DS FT-over-DS is a way to do a Fast BSS Transition using action frames for the authenticate step. This allows a station to start a fast transition to a target AP while still being connected to the original AP. This, in theory, can result in less carrier downtime. The existing ft_sm_new was removed, and two new constructors were added; one for over-air, and another for over-ds. The internals of ft.c mostly remain the same. A flag to distinguish between air/ds was added along with a new parser to parse the action frames rather than authenticate frames. The IE parsing is identical. Netdev now just initializes the auth-proto differently depending on if its doing over-air or over-ds. A new TX authenticate function was added and used for over-ds. This will send out the IEs from ft.c with an FT Request action frame. The FT Response action frame is then recieved from the AP and fed into the auth-proto state machine. After this point ft-over-ds behaves the same as ft-over-air (associate to the target AP). Some simple code was added in station.c to determine if over-air or over-ds should be used. FT-over-DS can be beneficial in cases where the AP is directing us to roam, or if the RSSI falls below a threshold. It should not be used if we have lost communication to the AP all (beacon lost) as it only works while we can still talk to the original AP.
2019-05-09 20:16:28 +02:00
netdev_ft_tx_authenticate,
netdev_ft_tx_associate, netdev);
netdev: Remove prev_bssid member This variable ended up being used only on the fast-transition path. On the re-associate path it was never used, but memcpy-ied nevertheless. Since its only use is by auth_proto based protocols, move it to the auth_proto object directly. Due to how prepare_ft works (we need prev_bssid from the handshake, but the handshake is reset), have netdev_ft_* methods take an 'orig_bss' parameter, similar to netdev_reassociate.
2021-08-04 22:38:38 +02:00
memcpy(netdev->ap->prev_bssid, orig_bss->addr, ETH_ALEN);
ft: netdev: station: support FT-over-DS FT-over-DS is a way to do a Fast BSS Transition using action frames for the authenticate step. This allows a station to start a fast transition to a target AP while still being connected to the original AP. This, in theory, can result in less carrier downtime. The existing ft_sm_new was removed, and two new constructors were added; one for over-air, and another for over-ds. The internals of ft.c mostly remain the same. A flag to distinguish between air/ds was added along with a new parser to parse the action frames rather than authenticate frames. The IE parsing is identical. Netdev now just initializes the auth-proto differently depending on if its doing over-air or over-ds. A new TX authenticate function was added and used for over-ds. This will send out the IEs from ft.c with an FT Request action frame. The FT Response action frame is then recieved from the AP and fed into the auth-proto state machine. After this point ft-over-ds behaves the same as ft-over-air (associate to the target AP). Some simple code was added in station.c to determine if over-air or over-ds should be used. FT-over-DS can be beneficial in cases where the AP is directing us to roam, or if the RSSI falls below a threshold. It should not be used if we have lost communication to the AP all (beacon lost) as it only works while we can still talk to the original AP.
2019-05-09 20:16:28 +02:00
netdev: use wiphy radio work queue for connections This adds connection/FT attempts to the radio work queue. This will ensure that connections aren't delayed or done concurrently with scanning.
2020-07-15 23:29:17 +02:00
wiphy_radio_work_insert(netdev->wiphy, &netdev->work, 1,
&ft_work_ops);
ft: netdev: station: support FT-over-DS FT-over-DS is a way to do a Fast BSS Transition using action frames for the authenticate step. This allows a station to start a fast transition to a target AP while still being connected to the original AP. This, in theory, can result in less carrier downtime. The existing ft_sm_new was removed, and two new constructors were added; one for over-air, and another for over-ds. The internals of ft.c mostly remain the same. A flag to distinguish between air/ds was added along with a new parser to parse the action frames rather than authenticate frames. The IE parsing is identical. Netdev now just initializes the auth-proto differently depending on if its doing over-air or over-ds. A new TX authenticate function was added and used for over-ds. This will send out the IEs from ft.c with an FT Request action frame. The FT Response action frame is then recieved from the AP and fed into the auth-proto state machine. After this point ft-over-ds behaves the same as ft-over-air (associate to the target AP). Some simple code was added in station.c to determine if over-air or over-ds should be used. FT-over-DS can be beneficial in cases where the AP is directing us to roam, or if the RSSI falls below a threshold. It should not be used if we have lost communication to the AP all (beacon lost) as it only works while we can still talk to the original AP.
2019-05-09 20:16:28 +02:00
netdev: Implement netdev_fast_transition Build and send the FT Authentication Request frame, the initial Fast Transition message. In this version the assumption is that once we start a transition attempt there's no going back so the old handshake_state, scan_bss, etc. can be replaced by the new objects immediately and there's no point at which both the old and the new connection states are needed. Also the disconnect event for the old connection is implicit. At netdev level the state during a transition is almost the same with a new connection setup. The first disconnect event on the netlink socket after the FT Authenticate is assumed to be the one generated by the kernel for the old connection. The disconnect event doesn't contain the AP bssid (unlike the deauthenticate event preceding it), otherwise we could check to see if the bssid is the one we are interested in or could check connect_cmd_id assuming a disconnect doesn't happen before the connect command finishes.
2017-01-12 09:36:00 +01:00
return 0;
}
ft: netdev: station: support FT-over-DS FT-over-DS is a way to do a Fast BSS Transition using action frames for the authenticate step. This allows a station to start a fast transition to a target AP while still being connected to the original AP. This, in theory, can result in less carrier downtime. The existing ft_sm_new was removed, and two new constructors were added; one for over-air, and another for over-ds. The internals of ft.c mostly remain the same. A flag to distinguish between air/ds was added along with a new parser to parse the action frames rather than authenticate frames. The IE parsing is identical. Netdev now just initializes the auth-proto differently depending on if its doing over-air or over-ds. A new TX authenticate function was added and used for over-ds. This will send out the IEs from ft.c with an FT Request action frame. The FT Response action frame is then recieved from the AP and fed into the auth-proto state machine. After this point ft-over-ds behaves the same as ft-over-air (associate to the target AP). Some simple code was added in station.c to determine if over-air or over-ds should be used. FT-over-DS can be beneficial in cases where the AP is directing us to roam, or if the RSSI falls below a threshold. It should not be used if we have lost communication to the AP all (beacon lost) as it only works while we can still talk to the original AP.
2019-05-09 20:16:28 +02:00
int netdev_fast_transition_over_ds(struct netdev *netdev,
netdev: Remove prev_bssid member This variable ended up being used only on the fast-transition path. On the re-associate path it was never used, but memcpy-ied nevertheless. Since its only use is by auth_proto based protocols, move it to the auth_proto object directly. Due to how prepare_ft works (we need prev_bssid from the handshake, but the handshake is reset), have netdev_ft_* methods take an 'orig_bss' parameter, similar to netdev_reassociate.
2021-08-04 22:38:38 +02:00
const struct scan_bss *target_bss,
const struct scan_bss *orig_bss,
ft: netdev: station: support FT-over-DS FT-over-DS is a way to do a Fast BSS Transition using action frames for the authenticate step. This allows a station to start a fast transition to a target AP while still being connected to the original AP. This, in theory, can result in less carrier downtime. The existing ft_sm_new was removed, and two new constructors were added; one for over-air, and another for over-ds. The internals of ft.c mostly remain the same. A flag to distinguish between air/ds was added along with a new parser to parse the action frames rather than authenticate frames. The IE parsing is identical. Netdev now just initializes the auth-proto differently depending on if its doing over-air or over-ds. A new TX authenticate function was added and used for over-ds. This will send out the IEs from ft.c with an FT Request action frame. The FT Response action frame is then recieved from the AP and fed into the auth-proto state machine. After this point ft-over-ds behaves the same as ft-over-air (associate to the target AP). Some simple code was added in station.c to determine if over-air or over-ds should be used. FT-over-DS can be beneficial in cases where the AP is directing us to roam, or if the RSSI falls below a threshold. It should not be used if we have lost communication to the AP all (beacon lost) as it only works while we can still talk to the original AP.
2019-05-09 20:16:28 +02:00
netdev_connect_cb_t cb)
{
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
struct netdev_ft_over_ds_info *info;
struct ft_ds_finder finder;
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
netdev: separate over-air and over-ds netdev APIs
2021-04-30 01:08:38 +02:00
if (!netdev->operational)
return -ENOTCONN;
if (!netdev->handshake->mde || !target_bss->mde_present ||
l_get_le16(netdev->handshake->mde + 2) !=
l_get_le16(target_bss->mde))
return -EINVAL;
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
finder.spa = netdev->addr;
finder.aa = target_bss->addr;
info = l_queue_find(netdev->ft_ds_list, match_ft_ds_info, &finder);
if (!info || !info->parsed)
return -ENOENT;
netdev: separate over-air and over-ds netdev APIs
2021-04-30 01:08:38 +02:00
prepare_ft(netdev, target_bss);
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
ft_over_ds_prepare_handshake(&info->super, netdev->handshake);
netdev: separate over-air and over-ds netdev APIs
2021-04-30 01:08:38 +02:00
netdev->connect_cb = cb;
netdev->ap = ft_over_ds_sm_new(netdev->handshake,
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
netdev_ft_tx_associate,
netdev);
netdev: Remove prev_bssid member This variable ended up being used only on the fast-transition path. On the re-associate path it was never used, but memcpy-ied nevertheless. Since its only use is by auth_proto based protocols, move it to the auth_proto object directly. Due to how prepare_ft works (we need prev_bssid from the handshake, but the handshake is reset), have netdev_ft_* methods take an 'orig_bss' parameter, similar to netdev_reassociate.
2021-08-04 22:38:38 +02:00
memcpy(netdev->ap->prev_bssid, orig_bss->addr, ETH_ALEN);
netdev: separate over-air and over-ds netdev APIs
2021-04-30 01:08:38 +02:00
wiphy_radio_work_insert(netdev->wiphy, &netdev->work, 1,
&ft_work_ops);
return 0;
ft: netdev: station: support FT-over-DS FT-over-DS is a way to do a Fast BSS Transition using action frames for the authenticate step. This allows a station to start a fast transition to a target AP while still being connected to the original AP. This, in theory, can result in less carrier downtime. The existing ft_sm_new was removed, and two new constructors were added; one for over-air, and another for over-ds. The internals of ft.c mostly remain the same. A flag to distinguish between air/ds was added along with a new parser to parse the action frames rather than authenticate frames. The IE parsing is identical. Netdev now just initializes the auth-proto differently depending on if its doing over-air or over-ds. A new TX authenticate function was added and used for over-ds. This will send out the IEs from ft.c with an FT Request action frame. The FT Response action frame is then recieved from the AP and fed into the auth-proto state machine. After this point ft-over-ds behaves the same as ft-over-air (associate to the target AP). Some simple code was added in station.c to determine if over-air or over-ds should be used. FT-over-DS can be beneficial in cases where the AP is directing us to roam, or if the RSSI falls below a threshold. It should not be used if we have lost communication to the AP all (beacon lost) as it only works while we can still talk to the original AP.
2019-05-09 20:16:28 +02:00
}
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
static void netdev_ft_request_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev_ft_over_ds_info *info = user_data;
if (l_genl_msg_get_error(msg) < 0) {
l_error("Could not send CMD_FRAME for FT-over-DS");
netdev_ft_over_ds_auth_failed(info,
MMPDU_STATUS_CODE_UNSPECIFIED);
}
}
static void netdev_ft_ds_info_free(struct ft_ds_info *ft)
{
struct netdev_ft_over_ds_info *info = l_container_of(ft,
struct netdev_ft_over_ds_info, super);
l_free(info);
}
int netdev_fast_transition_over_ds_action(struct netdev *netdev,
netdev: remove callback/userdata/timeout from FT-over-DS action Since netdev maintains the list of FT over DS info structs there is not any need for station to get callbacks when the initial action frame is received, or not. This removes the need for the callback handler, user data, and response timeout.
2021-05-13 01:01:44 +02:00
const struct scan_bss *target_bss)
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
{
struct netdev_ft_over_ds_info *info;
uint8_t ft_req[14];
struct handshake_state *hs = netdev->handshake;
struct iovec iovs[5];
uint8_t buf[512];
size_t len;
if (!netdev->operational)
return -ENOTCONN;
if (!netdev->handshake->mde || !target_bss->mde_present ||
l_get_le16(netdev->handshake->mde + 2) !=
l_get_le16(target_bss->mde))
return -EINVAL;
l_debug("");
info = l_new(struct netdev_ft_over_ds_info, 1);
info->netdev = netdev;
memcpy(info->super.spa, hs->spa, ETH_ALEN);
memcpy(info->super.aa, target_bss->addr, ETH_ALEN);
memcpy(info->super.mde, target_bss->mde, sizeof(info->super.mde));
l_getrandom(info->super.snonce, 32);
info->super.free = netdev_ft_ds_info_free;
ft_req[0] = 6; /* FT category */
ft_req[1] = 1; /* FT Request action */
memcpy(ft_req + 2, netdev->addr, 6);
memcpy(ft_req + 8, info->super.aa, 6);
iovs[0].iov_base = ft_req;
iovs[0].iov_len = sizeof(ft_req);
if (!ft_build_authenticate_ies(hs, info->super.snonce, buf, &len))
goto failed;
iovs[1].iov_base = buf;
iovs[1].iov_len = len;
iovs[2].iov_base = NULL;
netdev: handle multiple concurrent FT-over-DS action frames The beauty of FT-over-DS is that a station can send and receive action frames to many APs to prepare for a future roam. Each AP authenticates the station and when a roam happens the station can immediately move to reassociation. To handle this a queue of netdev_ft_over_ds_info structs is used instead of a single entry. Using the new ft.c parser APIs these info structs can be looked up when responses come in. For now the timeouts/callbacks are kept but these will be removed as it really does not matter if the AP sends a response (keeps station happy until the next patch).
2021-05-13 01:01:41 +02:00
if (!netdev->ft_ds_list)
netdev->ft_ds_list = l_queue_new();
l_queue_push_head(netdev->ft_ds_list, info);
ft: netdev: refactor FT-over-DS into two stages FT-over-DS followed the same pattern as FT-over-Air which worked, but really limited how the protocol could be used. FT-over-DS is unique in that we can authenticate to many APs by sending out FT action frames and parsing the results. Once parsed IWD can immediately Reassociate, or do so at a later time. To take advantage of this IWD need to separate FT-over-DS into two stages: action frame and reassociation. The initial action frame stage is started by netdev. The target BSS is sent an FT action frame and a new cache entry is created in ft.c. Once the response is received the entry is updated with all the needed data to Reassociate. To limit the record keeping on netdev each FT-over-DS entry holds a userdata pointer so netdev doesn't need to maintain its own list of data for callbacks. Once the action response is parsed netdev will call back signalling the action frame sequence was completed (either successfully or not). At this point the 'normal' FT procedure can start using the FT-over-DS auth-proto.
2021-04-30 19:47:02 +02:00
netdev_send_action_framev(netdev, netdev->handshake->aa, iovs, 2,
netdev->frequency,
netdev_ft_request_cb,
info);
return 0;
failed:
l_free(info);
return -EIO;
}
netdev: Add netdev_preauthenticate Add preauthentication logic. The callback receives the new PMK only.
2017-04-29 03:53:27 +02:00
static void netdev_preauth_cb(const uint8_t *pmk, void *user_data)
{
struct netdev_preauth_state *preauth = user_data;
netdev_preauthenticate_cb_t cb = preauth->cb;
preauth->cb = NULL;
cb(preauth->netdev,
pmk ? NETDEV_RESULT_OK : NETDEV_RESULT_HANDSHAKE_FAILED,
pmk, preauth->user_data);
}
int netdev_preauthenticate(struct netdev *netdev, struct scan_bss *target_bss,
netdev_preauthenticate_cb_t cb, void *user_data)
{
struct netdev_preauth_state *preauth;
if (!netdev->operational)
return -ENOTCONN;
preauth = l_new(struct netdev_preauth_state, 1);
if (!eapol_preauth_start(target_bss->addr, netdev->handshake,
netdev_preauth_cb, preauth,
netdev_preauth_destroy)) {
l_free(preauth);
return -EIO;
}
preauth->cb = cb;
preauth->user_data = user_data;
preauth->netdev = netdev;
return 0;
}
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
static void netdev_neighbor_report_req_cb(struct l_genl_msg *msg,
void *user_data)
{
struct netdev *netdev = user_data;
if (!netdev->neighbor_report_cb)
return;
if (l_genl_msg_get_error(msg) < 0) {
netdev: More neighbor_report_req error handling Make sure that the Neighbor Report timeout is cancelled when connection breaks or device is being destroyed, and call the callback. Add an errno parameter to the callback to indicate the cause.
2017-01-23 12:38:40 +01:00
netdev->neighbor_report_cb(netdev, l_genl_msg_get_error(msg),
NULL, 0, netdev->user_data);
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
netdev->neighbor_report_cb = NULL;
l_timeout_remove(netdev->neighbor_report_timeout);
}
}
static void netdev_neighbor_report_timeout(struct l_timeout *timeout,
void *user_data)
{
struct netdev *netdev = user_data;
netdev: More neighbor_report_req error handling Make sure that the Neighbor Report timeout is cancelled when connection breaks or device is being destroyed, and call the callback. Add an errno parameter to the callback to indicate the cause.
2017-01-23 12:38:40 +01:00
netdev->neighbor_report_cb(netdev, -ETIMEDOUT, NULL, 0,
netdev->user_data);
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
netdev->neighbor_report_cb = NULL;
netdev: More neighbor_report_req error handling Make sure that the Neighbor Report timeout is cancelled when connection breaks or device is being destroyed, and call the callback. Add an errno parameter to the callback to indicate the cause.
2017-01-23 12:38:40 +01:00
l_timeout_remove(netdev->neighbor_report_timeout);
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
}
int netdev_neighbor_report_req(struct netdev *netdev,
netdev_neighbor_report_cb_t cb)
{
const uint8_t action_frame[] = {
0x05, /* Category: Radio Measurement */
0x04, /* Radio Measurement Action: Neighbor Report Request */
0x01, /* Dialog Token: a non-zero value (unused) */
};
if (netdev->neighbor_report_cb || !netdev->connected)
return -EBUSY;
if (!netdev_send_action_frame(netdev, netdev->handshake->aa,
action_frame, sizeof(action_frame),
netdev: modify netdev_send_action_frame for ft-over-ds To support FT-over-DS this API needed some slight modifications: - Instead of setting the DA to netdev->handshake->aa, it is just set to the same address as the 'to' parameter. The kernel actually requires and checks for these addresses to match. All occurences were passing the handshake->aa anyways so this change should have no adverse affects; and its actually required by ft-over-ds to pass in the previous BSSID, so hard coding handshake->aa will not work. - The frequency is is also passed in now, as ft-over-ds needs to use the frequency of the currently connected AP (netdev->frequency get set to the new target in netdev_fast_transition. Previous frequency is also saved now). - A new vector variant (netdev_send_action_framev) was added as well to support sending out the FT Request action frame since the FT TX authenticate function provides an iovec of the IEs. The existing function was already having to prepend the action frame header to the body, so its not any more or less copying to do the same thing with an iovec instead.
2019-05-09 20:16:27 +02:00
netdev->frequency,
netdev: add user_data to netdev_send_action_frame[v] This makes this internal API a bit more usable by removing the restriction of always having netdev as the user_data.
2021-04-27 21:49:39 +02:00
netdev_neighbor_report_req_cb,
netdev))
netdev: Support sending Neighbor Report requests
2016-12-23 11:38:01 +01:00
return -EIO;
netdev->neighbor_report_cb = cb;
/* Set a 3-second timeout */
netdev->neighbor_report_timeout =
l_timeout_create(3, netdev_neighbor_report_timeout,
netdev, NULL);
return 0;
}
netdev: Switch to new frame watch API
2020-01-16 03:40:59 +01:00
static void netdev_neighbor_report_frame_event(const struct mmpdu_header *hdr,
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
const void *body, size_t body_len,
netdev: Switch to new frame watch API
2020-01-16 03:40:59 +01:00
int rssi, void *user_data)
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
{
netdev: Switch to new frame watch API
2020-01-16 03:40:59 +01:00
struct netdev *netdev = user_data;
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
if (body_len < 3) {
l_debug("Neighbor Report frame too short");
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
return;
}
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
if (!netdev->neighbor_report_cb)
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
return;
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
/*
* Don't use the dialog token (byte 3), return the first Neighbor
* Report Response received.
*
* Byte 1 is 0x05 for Radio Measurement, byte 2 is 0x05 for
* Neighbor Report.
*/
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
netdev->neighbor_report_cb(netdev, 0, body + 3, body_len - 3,
netdev->user_data);
netdev->neighbor_report_cb = NULL;
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
netdev: Refactor netdev_register_frame Rename netdev_register_frame to netdev_frame_watch_add and expose to be usable outside of netdev.c, add netdev_frame_watch_remove also. Update the Neighbor Report handling which was the only user of netdev_register_frame. The handler is now simpler because we use a lookup list with all the prefixes and individual frame handlers only see the frames matching the right prefix. This is also useful for the future Access-Point mode.
2017-08-31 04:04:45 +02:00
l_timeout_remove(netdev->neighbor_report_timeout);
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
}
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
static void netdev_sa_query_resp_cb(struct l_genl_msg *msg, void *user_data)
netdev: basic support for receiving SA Query requests
2018-02-07 22:01:43 +01:00
{
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
int err = l_genl_msg_get_error(msg);
const char *ext_error;
if (err >= 0)
return;
ext_error = l_genl_msg_get_extended_error(msg);
l_debug("error sending SA Query request: %s",
ext_error ? ext_error : strerror(-err));
netdev: basic support for receiving SA Query requests
2018-02-07 22:01:43 +01:00
}
netdev: Switch to new frame watch API
2020-01-16 03:40:59 +01:00
static void netdev_sa_query_req_frame_event(const struct mmpdu_header *hdr,
const void *body, size_t body_len,
int rssi, void *user_data)
netdev: basic support for receiving SA Query requests
2018-02-07 22:01:43 +01:00
{
uint8_t sa_resp[4];
uint16_t transaction;
netdev: Switch to new frame watch API
2020-01-16 03:40:59 +01:00
struct netdev *netdev = user_data;
netdev: basic support for receiving SA Query requests
2018-02-07 22:01:43 +01:00
if (body_len < 4) {
l_debug("SA Query request too short");
return;
}
if (!netdev->connected)
return;
/* only care about SA Queries from our connected AP */
if (memcmp(hdr->address_2, netdev->handshake->aa, 6))
return;
transaction = l_get_u16(body + 2);
sa_resp[0] = 0x08; /* SA Query */
sa_resp[1] = 0x01; /* Response */
memcpy(sa_resp + 2, &transaction, 2);
l_info("received SA Query request from "MAC", transaction=%u",
MAC_STR(hdr->address_2), transaction);
if (!netdev_send_action_frame(netdev, netdev->handshake->aa,
sa_resp, sizeof(sa_resp),
netdev: modify netdev_send_action_frame for ft-over-ds To support FT-over-DS this API needed some slight modifications: - Instead of setting the DA to netdev->handshake->aa, it is just set to the same address as the 'to' parameter. The kernel actually requires and checks for these addresses to match. All occurences were passing the handshake->aa anyways so this change should have no adverse affects; and its actually required by ft-over-ds to pass in the previous BSSID, so hard coding handshake->aa will not work. - The frequency is is also passed in now, as ft-over-ds needs to use the frequency of the currently connected AP (netdev->frequency get set to the new target in netdev_fast_transition. Previous frequency is also saved now). - A new vector variant (netdev_send_action_framev) was added as well to support sending out the FT Request action frame since the FT TX authenticate function provides an iovec of the IEs. The existing function was already having to prepend the action frame header to the body, so its not any more or less copying to do the same thing with an iovec instead.
2019-05-09 20:16:27 +02:00
netdev->frequency,
netdev: add user_data to netdev_send_action_frame[v] This makes this internal API a bit more usable by removing the restriction of always having netdev as the user_data.
2021-04-27 21:49:39 +02:00
netdev_sa_query_resp_cb, netdev)) {
netdev: basic support for receiving SA Query requests
2018-02-07 22:01:43 +01:00
l_error("error sending SA Query response");
return;
}
}
netdev: Switch to new frame watch API
2020-01-16 03:40:59 +01:00
static void netdev_sa_query_resp_frame_event(const struct mmpdu_header *hdr,
const void *body, size_t body_len,
int rssi, void *user_data)
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
{
netdev: Switch to new frame watch API
2020-01-16 03:40:59 +01:00
struct netdev *netdev = user_data;
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
if (body_len < 4) {
l_debug("SA Query frame too short");
return;
}
l_debug("SA Query src="MAC" dest="MAC" bssid="MAC" transaction=%u",
MAC_STR(hdr->address_2), MAC_STR(hdr->address_1),
MAC_STR(hdr->address_3), l_get_u16(body + 2));
if (!netdev->sa_query_timeout) {
l_debug("no SA Query request sent");
return;
}
/* check if this is from our connected BSS */
if (memcmp(hdr->address_2, netdev->handshake->aa, 6)) {
l_debug("received SA Query from non-connected AP");
return;
}
if (memcmp(body + 2, &netdev->sa_query_id, 2)) {
l_debug("SA Query transaction ID's did not match");
return;
}
l_info("SA Query response from connected BSS received, "
"keeping the connection active");
l_timeout_remove(netdev->sa_query_timeout);
netdev->sa_query_timeout = NULL;
}
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
static void netdev_sa_query_req_cb(struct l_genl_msg *msg, void *user_data)
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
{
struct netdev *netdev = user_data;
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
int err = l_genl_msg_get_error(msg);
const char *ext_error;
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
if (err >= 0)
return;
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
ext_error = l_genl_msg_get_extended_error(msg);
l_debug("error sending SA Query request: %s",
ext_error ? ext_error : strerror(-err));
l_timeout_remove(netdev->sa_query_timeout);
netdev->sa_query_timeout = NULL;
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
}
static void netdev_sa_query_timeout(struct l_timeout *timeout,
void *user_data)
{
struct netdev *netdev = user_data;
struct l_genl_msg *msg;
l_info("SA Query timed out, connection is invalid. Disconnecting...");
l_timeout_remove(netdev->sa_query_timeout);
netdev->sa_query_timeout = NULL;
msg = netdev_build_cmd_disconnect(netdev,
MMPDU_REASON_CODE_PREV_AUTH_NOT_VALID);
netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg,
netdev: store mpdu status and add getter Soon BSS blacklisting will be added, and in order to properly decide if a BSS should be blacklisted we need the status code on a failed connection. This change stores the status code when there is a failure in netdev and adds a getter to retrieve later. In many cases we have the actual status code from the AP, but in some corner cases its not obtainable (e.g. an error sending an NL80211 command) in which case we just default to MMPDU_REASON_CODE_UNSPECIFIED. Rather than continue with the pattern of setting netdev->result and now netdev->last_status_code, the netdev_connect_failed function was redefined so its no longer used as both a NL80211 callback and called directly. Instead a new function was added, netdev_disconnect_cb which just calls netdev_connect_failed. netdev_disconnect_cb should not be used for all the NL80211 disconnect commands. Now netdev_connect_failed takes both a result and status code which it sets in the netdev object. In the case where we were using netdev_connect_failed as a callback we still need to set the result and last_status_code but at least this is better than having to set those in all cases.
2019-01-24 21:56:23 +01:00
netdev_disconnect_cb, netdev, NULL);
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
}
static void netdev_unprot_disconnect_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
const struct mmpdu_header *hdr = NULL;
struct l_genl_attr attr;
uint16_t type;
uint16_t len;
const void *data;
uint8_t action_frame[4];
uint8_t reason_code;
if (!netdev->connected)
return;
/* ignore excessive disassociate requests */
if (netdev->sa_query_timeout)
return;
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_FRAME:
hdr = mpdu_validate(data, len);
break;
}
}
/* check that ATTR_FRAME was actually included */
if (!hdr)
return;
/* get reason code, first byte of frame */
reason_code = l_get_u8(mmpdu_body(hdr));
l_info("disconnect event, src="MAC" dest="MAC" bssid="MAC" reason=%u",
MAC_STR(hdr->address_2), MAC_STR(hdr->address_1),
MAC_STR(hdr->address_3), reason_code);
if (memcmp(hdr->address_2, netdev->handshake->aa, 6)) {
l_debug("received invalid disassociate frame");
return;
}
if (reason_code != MMPDU_REASON_CODE_CLASS2_FRAME_FROM_NONAUTH_STA &&
reason_code !=
MMPDU_REASON_CODE_CLASS3_FRAME_FROM_NONASSOC_STA) {
l_debug("invalid reason code %u", reason_code);
return;
}
action_frame[0] = 0x08; /* Category: SA Query */
action_frame[1] = 0x00; /* SA Query Action: Request */
/* Transaction ID */
l_getrandom(action_frame + 2, 2);
if (!netdev_send_action_frame(netdev, netdev->handshake->aa,
action_frame, sizeof(action_frame),
netdev: modify netdev_send_action_frame for ft-over-ds To support FT-over-DS this API needed some slight modifications: - Instead of setting the DA to netdev->handshake->aa, it is just set to the same address as the 'to' parameter. The kernel actually requires and checks for these addresses to match. All occurences were passing the handshake->aa anyways so this change should have no adverse affects; and its actually required by ft-over-ds to pass in the previous BSSID, so hard coding handshake->aa will not work. - The frequency is is also passed in now, as ft-over-ds needs to use the frequency of the currently connected AP (netdev->frequency get set to the new target in netdev_fast_transition. Previous frequency is also saved now). - A new vector variant (netdev_send_action_framev) was added as well to support sending out the FT Request action frame since the FT TX authenticate function provides an iovec of the IEs. The existing function was already having to prepend the action frame header to the body, so its not any more or less copying to do the same thing with an iovec instead.
2019-05-09 20:16:27 +02:00
netdev->frequency,
netdev: add user_data to netdev_send_action_frame[v] This makes this internal API a bit more usable by removing the restriction of always having netdev as the user_data.
2021-04-27 21:49:39 +02:00
netdev_sa_query_req_cb, netdev)) {
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
l_error("error sending SA Query action frame");
return;
}
netdev->sa_query_id = l_get_u16(action_frame + 2);
netdev->sa_query_timeout = l_timeout_create(3,
netdev_sa_query_timeout, netdev, NULL);
}
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
static void netdev_station_event(struct l_genl_msg *msg,
struct netdev *netdev, bool added)
{
struct l_genl_attr attr;
uint16_t type;
uint16_t len;
const void *data;
const uint8_t *mac = NULL;
if (netdev_get_iftype(netdev) != NETDEV_IFTYPE_ADHOC)
return;
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_MAC:
mac = data;
break;
}
}
if (!mac) {
l_error("%s station event did not include MAC attribute",
added ? "new" : "del");
return;
}
WATCHLIST_NOTIFY(&netdev->station_watches,
netdev_station_watch_func_t, netdev, mac, added);
}
netdev: Move netdev finding to a common function
2021-04-16 21:47:48 +02:00
static struct netdev *netdev_from_message(struct l_genl_msg *msg)
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
{
uint32_t ifindex;
if (nl80211_parse_attrs(msg, NL80211_ATTR_IFINDEX, &ifindex,
NL80211_ATTR_UNSPEC) < 0)
netdev: Move netdev finding to a common function
2021-04-16 21:47:48 +02:00
return NULL;
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
netdev: Move netdev finding to a common function
2021-04-16 21:47:48 +02:00
return netdev_find(ifindex);
}
static void netdev_scan_notify(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev;
netdev = netdev_from_message(msg);
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
if (!netdev)
return;
switch (l_genl_msg_get_command(msg)) {
case NL80211_CMD_NEW_SCAN_RESULTS:
netdev_new_scan_results_event(msg, netdev);
break;
}
}
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
static bool match_addr(const void *a, const void *b)
{
const struct scan_bss *bss = a;
return memcmp(bss->addr, b, 6) == 0;
}
static bool netdev_get_fw_scan_cb(int err, struct l_queue *bss_list,
const struct scan_freq_set *freqs,
void *user_data)
{
struct netdev *netdev = user_data;
struct scan_bss *bss = NULL;
/*
netdev: better handle disconnect after FW scan This should have been updated along with the connect and roam event separation. Since netdev_connect_event is not being re-used for CMD_ROAM the comment did not make sense anymore. Still, there needs to be a check to ensure we were not disconnected while waiting for GET_SCAN to come back.
2021-04-03 00:06:14 +02:00
* If we happened to be disconnected prior to GET_SCAN coming back
* just bail out now. This disconnect should already have been handled.
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
*/
netdev: better handle disconnect after FW scan This should have been updated along with the connect and roam event separation. Since netdev_connect_event is not being re-used for CMD_ROAM the comment did not make sense anymore. Still, there needs to be a check to ensure we were not disconnected while waiting for GET_SCAN to come back.
2021-04-03 00:06:14 +02:00
if (!netdev->connected)
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
return false;
if (err < 0) {
l_error("Failed to get scan after roam (%d)", err);
netdev: fix CMD_ROAM for open networks In the FW scan callback eapol was being stared unconditionally which isn't correct as roaming on open networks is possible. Instead check that a SM exists just like is done in netdev_connect_event.
2021-04-03 00:06:15 +02:00
goto failed;
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
}
/*
* We don't actually need the entire list since we only provide
* station with the roamed BSS. We can remove the BSS we want and by
* returning false scan will keep ownership of the list.
*/
bss = l_queue_remove_if(bss_list, match_addr, netdev->handshake->aa);
if (!bss) {
l_error("Roam target BSS not found in scan results");
netdev: fix CMD_ROAM for open networks In the FW scan callback eapol was being stared unconditionally which isn't correct as roaming on open networks is possible. Instead check that a SM exists just like is done in netdev_connect_event.
2021-04-03 00:06:15 +02:00
goto failed;
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
}
netdev->fw_roam_bss = bss;
handshake_state_set_authenticator_ie(netdev->handshake, bss->rsne);
netdev: allow PSK offload for FT AKMs This adds a new connection type, TYPE_PSK_OFFLOAD, which allows the 4-way handshake to be offloaded by the firmware. Offloading will be used if the driver advertises support. The CMD_ROAM event path was also modified to take into account handshake offloading. If the handshake is offloaded we still must issue GET_SCAN, but not start eapol since the firmware takes care of this.
2021-04-03 00:06:17 +02:00
if (is_offload(netdev->handshake)) {
netdev_connect_ok(netdev);
return false;
}
netdev: fix CMD_ROAM for open networks In the FW scan callback eapol was being stared unconditionally which isn't correct as roaming on open networks is possible. Instead check that a SM exists just like is done in netdev_connect_event.
2021-04-03 00:06:15 +02:00
if (netdev->sm) {
if (!eapol_start(netdev->sm))
goto failed;
}
return false;
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
netdev: fix CMD_ROAM for open networks In the FW scan callback eapol was being stared unconditionally which isn't correct as roaming on open networks is possible. Instead check that a SM exists just like is done in netdev_connect_event.
2021-04-03 00:06:15 +02:00
failed:
netdev_connect_failed(netdev, NETDEV_RESULT_ABORTED,
MMPDU_REASON_CODE_UNSPECIFIED);
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
return false;
}
/*
* CMD_ROAM indicates that the driver has already roamed/associated with a new
* AP. This event is nearly identical to the CMD_CONNECT event which is why
* netdev_connect_event will handle all the parsing of IE's just as it does
* normally.
*
* Using GET_SCAN we can grab all the required scan_bss data, create that object
* and provide it to station.
*
* The current handshake/netdev_handshake objects are reused after being
* reset to allow eapol to happen again without it thinking this is a re-key.
*/
netdev: separate netdev_{roam,connect}_event netdev_connect_event was being reused for parsing of CMD_ROAM attributes which made some amount of sense since these events are nearly identical, but due to the nature of firmware roaming there really isn't much IWD needs to parse from CMD_ROAM. In addition netdev_connect_event was getting rather complicated since it had to handle both CMD_ROAM and CMD_CONNECT. The only bits of information IWD needs to parse from CMD_ROAM is the roamed BSSID, authenticator IEs, and supplicant IEs. Since this is so limited it now makes little sense to reuse the entire netdev_connect_event function, and intead only parse what is needed for CMD_ROAM.
2021-04-02 19:11:14 +02:00
static void netdev_roam_event(struct l_genl_msg *msg, struct netdev *netdev)
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
{
struct netdev_handshake_state *nhs =
l_container_of(netdev->handshake,
struct netdev_handshake_state,
super);
netdev: separate netdev_{roam,connect}_event netdev_connect_event was being reused for parsing of CMD_ROAM attributes which made some amount of sense since these events are nearly identical, but due to the nature of firmware roaming there really isn't much IWD needs to parse from CMD_ROAM. In addition netdev_connect_event was getting rather complicated since it had to handle both CMD_ROAM and CMD_CONNECT. The only bits of information IWD needs to parse from CMD_ROAM is the roamed BSSID, authenticator IEs, and supplicant IEs. Since this is so limited it now makes little sense to reuse the entire netdev_connect_event function, and intead only parse what is needed for CMD_ROAM.
2021-04-02 19:11:14 +02:00
struct l_genl_attr attr;
uint16_t type, len;
const void *data;
const uint8_t *mac = NULL;
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
l_debug("");
netdev->operational = false;
netdev: Refine error handling in roam_event
2021-04-30 18:31:22 +02:00
if (!l_genl_attr_init(&attr, msg))
goto failed;
netdev: separate netdev_{roam,connect}_event netdev_connect_event was being reused for parsing of CMD_ROAM attributes which made some amount of sense since these events are nearly identical, but due to the nature of firmware roaming there really isn't much IWD needs to parse from CMD_ROAM. In addition netdev_connect_event was getting rather complicated since it had to handle both CMD_ROAM and CMD_CONNECT. The only bits of information IWD needs to parse from CMD_ROAM is the roamed BSSID, authenticator IEs, and supplicant IEs. Since this is so limited it now makes little sense to reuse the entire netdev_connect_event function, and intead only parse what is needed for CMD_ROAM.
2021-04-02 19:11:14 +02:00
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_MAC:
mac = data;
break;
case NL80211_ATTR_REQ_IE:
parse_request_ies(netdev, data, len);
break;
}
}
if (!mac) {
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
l_error("Failed to parse ATTR_MAC from CMD_ROAM");
goto failed;
}
netdev: allow PSK offload for FT AKMs This adds a new connection type, TYPE_PSK_OFFLOAD, which allows the 4-way handshake to be offloaded by the firmware. Offloading will be used if the driver advertises support. The CMD_ROAM event path was also modified to take into account handshake offloading. If the handshake is offloaded we still must issue GET_SCAN, but not start eapol since the firmware takes care of this.
2021-04-03 00:06:17 +02:00
/* Handshake completed in firmware, just get the roamed BSS */
if (is_offload(netdev->handshake))
goto get_fw_scan;
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
/* Reset handshake state */
nhs->complete = false;
nhs->ptk_installed = false;
nhs->gtk_installed = true;
nhs->igtk_installed = true;
netdev->handshake->ptk_complete = false;
netdev: allow PSK offload for FT AKMs This adds a new connection type, TYPE_PSK_OFFLOAD, which allows the 4-way handshake to be offloaded by the firmware. Offloading will be used if the driver advertises support. The CMD_ROAM event path was also modified to take into account handshake offloading. If the handshake is offloaded we still must issue GET_SCAN, but not start eapol since the firmware takes care of this.
2021-04-03 00:06:17 +02:00
get_fw_scan:
handshake_state_set_authenticator_address(netdev->handshake, mac);
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
if (!scan_get_firmware_scan(netdev->wdev_id, netdev_get_fw_scan_cb,
netdev, NULL))
goto failed;
netdev: separate netdev_{roam,connect}_event netdev_connect_event was being reused for parsing of CMD_ROAM attributes which made some amount of sense since these events are nearly identical, but due to the nature of firmware roaming there really isn't much IWD needs to parse from CMD_ROAM. In addition netdev_connect_event was getting rather complicated since it had to handle both CMD_ROAM and CMD_CONNECT. The only bits of information IWD needs to parse from CMD_ROAM is the roamed BSSID, authenticator IEs, and supplicant IEs. Since this is so limited it now makes little sense to reuse the entire netdev_connect_event function, and intead only parse what is needed for CMD_ROAM.
2021-04-02 19:11:14 +02:00
if (netdev->event_filter)
netdev->event_filter(netdev, NETDEV_EVENT_ROAMING,
NULL, netdev->user_data);
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
netdev: separate netdev_{roam,connect}_event netdev_connect_event was being reused for parsing of CMD_ROAM attributes which made some amount of sense since these events are nearly identical, but due to the nature of firmware roaming there really isn't much IWD needs to parse from CMD_ROAM. In addition netdev_connect_event was getting rather complicated since it had to handle both CMD_ROAM and CMD_CONNECT. The only bits of information IWD needs to parse from CMD_ROAM is the roamed BSSID, authenticator IEs, and supplicant IEs. Since this is so limited it now makes little sense to reuse the entire netdev_connect_event function, and intead only parse what is needed for CMD_ROAM.
2021-04-02 19:11:14 +02:00
return;
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
failed:
netdev: Refine error handling in roam_event
2021-04-30 18:31:22 +02:00
l_error("Failed to properly handle the ROAM event -- submit logs!");
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
netdev_connect_failed(netdev, NETDEV_RESULT_ABORTED,
MMPDU_REASON_CODE_UNSPECIFIED);
}
netdev: add a channel switch event If the connected BSS announces that it is switching operating channel, the kernel may emit the NL80211_CMD_CH_SWTICH_NOTIFY event when the switch is complete. Add a new netdev event NETDEV_EVENT_CHANNEL_SWITCHED to signal to interested modules that the connected BSS has changed channel. The event carries a pointer to the new channel's frequency.
2021-05-27 16:22:28 +02:00
static void netdev_channel_switch_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
struct l_genl_attr attr;
uint16_t type, len;
const void *data;
uint32_t *freq = NULL;
l_debug("");
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_WIPHY_FREQ:
if (len != 4)
continue;
freq = (uint32_t *) data;
break;
}
}
if (!freq)
return;
l_debug("Channel switch event, frequency: %u", *freq);
netdev: update frequency on channel switch events While we correctly emit a NETDEV_EVENT_CHANNEL_SWITCHED event from netdev for other modules to respond to, we fail to actually update the frequency of the netdev object in question. Since the netdev frequency is used elsewhere (e.g. to send action frames), it needs updating too. Fixes: 5eb0b7ca8e04 ("netdev: add a channel switch event")
2021-08-05 17:40:24 +02:00
netdev->frequency = *freq;
netdev: add a channel switch event If the connected BSS announces that it is switching operating channel, the kernel may emit the NL80211_CMD_CH_SWTICH_NOTIFY event when the switch is complete. Add a new netdev event NETDEV_EVENT_CHANNEL_SWITCHED to signal to interested modules that the connected BSS has changed channel. The event carries a pointer to the new channel's frequency.
2021-05-27 16:22:28 +02:00
if (!netdev->event_filter)
return;
netdev->event_filter(netdev, NETDEV_EVENT_CHANNEL_SWITCHED, freq,
netdev->user_data);
}
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
static void netdev_mlme_notify(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = NULL;
uint8_t cmd;
cmd = l_genl_msg_get_command(msg);
treewide: Use nl80211cmd_to_string Using integer ids for event notifications received was hard to debug. Use the nl80211cmd_to_string function to prettify these.
2019-07-15 21:04:43 +02:00
l_debug("MLME notification %s(%u)", nl80211cmd_to_string(cmd), cmd);
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
netdev: Move netdev finding to a common function
2021-04-16 21:47:48 +02:00
netdev = netdev_from_message(msg);
netdev: Extend checks for P2P scenarios Extend the iftype-based checks to handle the P2P iftypes and remove a warning that may be triggered in normal situations in the P2P scenarios.
2019-10-21 15:55:02 +02:00
if (!netdev)
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
return;
switch (cmd) {
case NL80211_CMD_AUTHENTICATE:
netdev_authenticate_event(msg, netdev);
netdev: Move deauthenticate event handling .. out of wiphy.c
2016-06-15 21:02:24 +02:00
break;
case NL80211_CMD_DEAUTHENTICATE:
netdev_deauthenticate_event(msg, netdev);
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
break;
netdev: Move associate event handling .. out of wiphy.c
2016-06-16 17:54:20 +02:00
case NL80211_CMD_ASSOCIATE:
netdev_associate_event(msg, netdev);
break;
netdev: station: support full mac roaming Roaming on a full mac card is quite different than soft mac and needs to be specially handled. The process starts with the CMD_ROAM event, which tells us the driver is already roamed and associated with a new AP. After this it expects the 4-way handshake to be initiated. This in itself is quite simple, the complexity comes with how this is piped into IWD. After CMD_ROAM fires its assumed that a scan result is available in the kernel, which is obtained using a newly added scan API scan_get_firmware_scan. The only special bit of this is that it does not 'schedule' a scan but simply calls GET_SCAN. This is treated special and will not be queued behind any other pending scan requests. This lets us reuse some parsing code paths in scan and initialize a scan_bss object which ultimately gets handed to station so it can update connected_bss/bss_list. For consistency station must also transition to a roaming state. Since this roam is all handled by netdev two new events were added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow station to transition between roaming/connected states, and ROAMED provides station with the new scan_bss to replace connected_bss.
2021-03-15 18:29:29 +01:00
case NL80211_CMD_ROAM:
netdev: separate netdev_{roam,connect}_event netdev_connect_event was being reused for parsing of CMD_ROAM attributes which made some amount of sense since these events are nearly identical, but due to the nature of firmware roaming there really isn't much IWD needs to parse from CMD_ROAM. In addition netdev_connect_event was getting rather complicated since it had to handle both CMD_ROAM and CMD_CONNECT. The only bits of information IWD needs to parse from CMD_ROAM is the roamed BSSID, authenticator IEs, and supplicant IEs. Since this is so limited it now makes little sense to reuse the entire netdev_connect_event function, and intead only parse what is needed for CMD_ROAM.
2021-04-02 19:11:14 +02:00
netdev_roam_event(msg, netdev);
break;
netdev: add a channel switch event If the connected BSS announces that it is switching operating channel, the kernel may emit the NL80211_CMD_CH_SWTICH_NOTIFY event when the switch is complete. Add a new netdev event NETDEV_EVENT_CHANNEL_SWITCHED to signal to interested modules that the connected BSS has changed channel. The event carries a pointer to the new channel's frequency.
2021-05-27 16:22:28 +02:00
case NL80211_CMD_CH_SWITCH_NOTIFY:
netdev_channel_switch_event(msg, netdev);
break;
netdev: Use CMD_CONNECT
2016-06-27 23:35:31 +02:00
case NL80211_CMD_CONNECT:
netdev_connect_event(msg, netdev);
break;
netdev: Move disconnect event handling .. out of wiphy.c
2016-06-16 18:21:12 +02:00
case NL80211_CMD_DISCONNECT:
netdev_disconnect_event(msg, netdev);
break;
netdev: Move CQM event handling out of wiphy.c
2016-06-16 18:06:17 +02:00
case NL80211_CMD_NOTIFY_CQM:
netdev_cqm_event(msg, netdev);
break;
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
case NL80211_CMD_SET_REKEY_OFFLOAD:
netdev_rekey_offload_event(msg, netdev);
break;
netdev: added support for SA Query SA Query procedure is used when an unprotected disassociate frame is received (with frame protection enabled). There are two code paths that can occur when this disassociate frame is received: 1. Send out SA Query and receive a response from the AP within a timeout. This means that the disassociate frame was not sent from the AP and can be ignored. 2. Send out SA Query and receive no response. In this case it is assumed that the AP went down ungracefully and is now back up. Since frame protection is enabled, you must re-associate with the AP.
2018-02-01 18:22:39 +01:00
case NL80211_CMD_UNPROT_DEAUTHENTICATE:
case NL80211_CMD_UNPROT_DISASSOCIATE:
netdev_unprot_disconnect_event(msg, netdev);
break;
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
case NL80211_CMD_NEW_STATION:
netdev_station_event(msg, netdev, true);
break;
case NL80211_CMD_DEL_STATION:
netdev_station_event(msg, netdev, false);
break;
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
}
}
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
static void netdev_pae_destroy(void *user_data)
{
struct netdev *netdev = user_data;
netdev->pae_io = NULL;
}
static bool netdev_pae_read(struct l_io *io, void *user_data)
{
int fd = l_io_get_fd(io);
struct sockaddr_ll sll;
socklen_t sll_len;
ssize_t bytes;
uint8_t frame[IEEE80211_MAX_DATA_LEN];
memset(&sll, 0, sizeof(sll));
sll_len = sizeof(sll);
bytes = recvfrom(fd, frame, sizeof(frame), 0,
(struct sockaddr *) &sll, &sll_len);
if (bytes <= 0) {
l_error("EAPoL read socket: %s", strerror(errno));
return false;
}
if (sll.sll_halen != ETH_ALEN)
return true;
__eapol_rx_packet(sll.sll_ifindex, sll.sll_addr,
ntohs(sll.sll_protocol), frame, bytes, false);
return true;
}
netdev: React to CONTROL_PORT unicast
2018-03-13 21:27:20 +01:00
static void netdev_control_port_frame_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
struct l_genl_attr attr;
uint16_t type;
uint16_t len;
const void *data;
const uint8_t *frame = NULL;
uint16_t frame_len = 0;
const uint8_t *src = NULL;
uint16_t proto = 0;
bool unencrypted = false;
l_debug("");
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_FRAME:
if (frame)
return;
frame = data;
frame_len = len;
break;
case NL80211_ATTR_MAC:
if (src)
return;
src = data;
break;
case NL80211_ATTR_CONTROL_PORT_ETHERTYPE:
if (len != sizeof(proto))
return;
proto = *((const uint16_t *) data);
break;
case NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT:
unencrypted = true;
break;
}
}
if (!src || !frame || !proto)
return;
__eapol_rx_packet(netdev->index, src, proto,
frame, frame_len, unencrypted);
}
netdev: Handle Control Port TX path
2018-05-01 20:31:20 +02:00
static struct l_genl_msg *netdev_build_control_port_frame(struct netdev *netdev,
const uint8_t *to,
uint16_t proto,
bool unencrypted,
const void *body,
size_t body_len)
{
struct l_genl_msg *msg;
msg = l_genl_msg_new_sized(NL80211_CMD_CONTROL_PORT_FRAME,
128 + body_len);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_FRAME, body_len, body);
l_genl_msg_append_attr(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, 2,
&proto);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, to);
if (unencrypted)
l_genl_msg_append_attr(msg,
NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT, 0, NULL);
return msg;
}
static void netdev_control_port_frame_cb(struct l_genl_msg *msg,
void *user_data)
{
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
int err = l_genl_msg_get_error(msg);
const char *ext_error;
netdev: Handle Control Port TX path
2018-05-01 20:31:20 +02:00
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
if (err >= 0)
return;
netdev: Handle Control Port TX path
2018-05-01 20:31:20 +02:00
netdev: Add support for extended errors
2020-04-02 07:30:17 +02:00
ext_error = l_genl_msg_get_extended_error(msg);
l_error("CMD_CONTROL_PORT failed: %s",
ext_error ? ext_error : strerror(-err));
netdev: Handle Control Port TX path
2018-05-01 20:31:20 +02:00
}
static int netdev_control_port_write_pae(struct netdev *netdev,
const uint8_t *dest,
uint16_t proto,
const struct eapol_frame *ef,
bool noencrypt)
{
int fd = l_io_get_fd(netdev->pae_io);
struct sockaddr_ll sll;
size_t frame_size = sizeof(struct eapol_header) +
L_BE16_TO_CPU(ef->header.packet_len);
ssize_t r;
memset(&sll, 0, sizeof(sll));
sll.sll_family = AF_PACKET;
sll.sll_ifindex = netdev->index;
sll.sll_protocol = htons(proto);
sll.sll_halen = ETH_ALEN;
memcpy(sll.sll_addr, dest, ETH_ALEN);
r = sendto(fd, ef, frame_size, 0,
(struct sockaddr *) &sll, sizeof(sll));
if (r < 0)
l_error("EAPoL write socket: %s", strerror(errno));
return r;
}
static int netdev_control_port_frame(uint32_t ifindex,
const uint8_t *dest, uint16_t proto,
const struct eapol_frame *ef,
bool noencrypt,
void *user_data)
{
struct l_genl_msg *msg;
struct netdev *netdev;
size_t frame_size;
netdev = netdev_find(ifindex);
if (!netdev)
return -ENOENT;
frame_size = sizeof(struct eapol_header) +
L_BE16_TO_CPU(ef->header.packet_len);
netdev: Allow iwd.conf to specify PAE over NL80211 Right now iwd uses Control Port over NL80211 feature if the kernel / driver supports it. On some kernels this feature is still buggy, so add an iwd.conf entry to allow the user to override id. For now the default is to disable this feature until it is more stable.
2018-07-02 03:35:22 +02:00
if (!netdev->pae_over_nl80211)
netdev: Handle Control Port TX path
2018-05-01 20:31:20 +02:00
return netdev_control_port_write_pae(netdev, dest, proto,
ef, noencrypt);
msg = netdev_build_control_port_frame(netdev, dest, proto, noencrypt,
ef, frame_size);
if (!msg)
return -ENOMEM;
if (!l_genl_family_send(nl80211, msg, netdev_control_port_frame_cb,
netdev, NULL)) {
l_genl_msg_unref(msg);
return -EINVAL;
}
return 0;
}
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
static void netdev_unicast_notify(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = NULL;
struct l_genl_attr attr;
uint16_t type, len;
const void *data;
uint8_t cmd;
cmd = l_genl_msg_get_command(msg);
if (!cmd)
return;
l_debug("Unicast notification %u", cmd);
if (!l_genl_attr_init(&attr, msg))
return;
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_IFINDEX:
if (len != sizeof(uint32_t)) {
l_warn("Invalid interface index attribute");
return;
}
netdev = netdev_find(*((uint32_t *) data));
break;
}
}
netdev: Don't warn on genl messages not matching a netdev This is going to be a normal situation when we start using interfaces without an ifindex.
2019-05-13 15:44:29 +02:00
if (!netdev)
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
return;
switch (cmd) {
netdev: React to CONTROL_PORT unicast
2018-03-13 21:27:20 +01:00
case NL80211_CMD_CONTROL_PORT_FRAME:
netdev_control_port_frame_event(msg, netdev);
break;
netdev: Handle Action Frames in netdev Action Frames are sent by nl80211 as unicast data. We're not receiving any other unicast packets in iwd at this time so let netdev directly handle all unicast data on the genl socket.
2016-12-23 11:38:00 +01:00
}
}
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
int netdev_set_rssi_report_levels(struct netdev *netdev, const int8_t *levels,
size_t levels_num)
{
struct l_genl_msg *cmd_set_cqm;
netdev: Tweak debugging for SET_CQM
2019-08-04 08:16:56 +02:00
l_debug("ifindex: %d, num_levels: %zu", netdev->index, levels_num);
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
if (levels_num > L_ARRAY_SIZE(netdev->rssi_levels))
return -ENOSPC;
wiphy: Rename get_ext_feature API to has_ext_feature
2018-05-24 20:12:36 +02:00
if (!wiphy_has_ext_feature(netdev->wiphy,
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
NL80211_EXT_FEATURE_CQM_RSSI_LIST))
goto done;
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
cmd_set_cqm = netdev_build_cmd_cqm_rssi_update(netdev, levels,
levels_num);
if (!cmd_set_cqm)
return -EINVAL;
if (!l_genl_family_send(nl80211, cmd_set_cqm, netdev_cmd_set_cqm_cb,
NULL, NULL)) {
l_genl_msg_unref(cmd_set_cqm);
return -EIO;
}
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
done:
netdev: Skip a memcpy when no data to copy
2019-01-15 07:34:06 +01:00
if (levels_num)
memcpy(netdev->rssi_levels, levels, levels_num);
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
netdev->rssi_levels_num = levels_num;
netdev_rssi_level_init(netdev);
netdev: RSSI polling support for less capable drivers If the kernel device driver or the kernel nl80211 version doesn't support the new RSSI threshold list CQM monitoring, implement similar logic in iwd with periodic polling. This is only active when an RSSI agent is registered to receive the events. I tested this with the same testRSSIAgent autotests that tests the driver-side rssi monitoring except with all timeouts multiplied by ~20.
2017-08-18 14:22:58 +02:00
netdev_rssi_polling_update(netdev);
netdev: Implement RSSI level notifications API Add an methods and an event using the new NL80211_EXT_FEATURE_CQM_RSSI_LIST kernel feature to request RSSI monitoring with notifications only when RSSI moves from one of the N intervals requested to another. device.c will call netdev_set_rssi_report_levels to request NETDEV_EVENT_RSSI_LEVEL_NOTIFY events every time the RSSI level changes, level meaning one of the intervals delimited by the threshold values passed as argument. Inside the event handler it can call netdev_get_rssi_level to read the new level. There's no fallback to periodic polling implemented in this patch for the case of older kernels and/or the driver not supporting NL80211_EXT_FEATURE_CQM_RSSI_LIST.
2017-05-20 16:33:13 +02:00
return 0;
}
netdev: add netdev_get_station/current_station This adds a generalized API for GET_STATION. This API handles calling and parsing the results into a new structure, netdev_station_info. This results structure will hold any data needed by consumers of netdev_get_station. A helper API (netdev_get_current_station) was added as a convenience which automatically passes handshake->aa as the MAC. For now only the RSSI is parsed as this is already being done for RSSI polling/events. Looking further more info will be added such as rx/tx rates and estimated throughput.
2021-01-12 18:17:17 +01:00
static void netdev_get_station_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev = user_data;
struct l_genl_attr attr, nested;
uint16_t type, len;
const void *data;
netdev: move netdev_station_info to diagnostic.h With AP now getting its own diagnostic interface it made sense to move the netdev_station_info struct definition into its own header which eventually can be accompanied by utilities in diagnostic.c. These utilities can then be shared with AP and station as needed.
2021-01-22 21:38:42 +01:00
struct diagnostic_station_info info;
netdev: add netdev_get_station/current_station This adds a generalized API for GET_STATION. This API handles calling and parsing the results into a new structure, netdev_station_info. This results structure will hold any data needed by consumers of netdev_get_station. A helper API (netdev_get_current_station) was added as a convenience which automatically passes handshake->aa as the MAC. For now only the RSSI is parsed as this is already being done for RSSI polling/events. Looking further more info will be added such as rx/tx rates and estimated throughput.
2021-01-12 18:17:17 +01:00
netdev->get_station_cmd_id = 0;
if (!l_genl_attr_init(&attr, msg))
goto parse_error;
netdev: zero out diagnostic info The info struct is on the stack which leads to the potential for uninitialized data access. Zero out the info struct prior to calling the get station callback: ==141137== Conditional jump or move depends on uninitialised value(s) ==141137== at 0x458A6F: diagnostic_info_to_dict (diagnostic.c:109) ==141137== by 0x41200B: station_get_diagnostic_cb (station.c:3620) ==141137== by 0x405BE1: netdev_get_station_cb (netdev.c:4783) ==141137== by 0x4722F9: process_unicast (genl.c:994) ==141137== by 0x4722F9: received_data (genl.c:1102) ==141137== by 0x46F28B: io_callback (io.c:120) ==141137== by 0x46E5AC: l_main_iterate (main.c:478) ==141137== by 0x46E65B: l_main_run (main.c:525) ==141137== by 0x46E65B: l_main_run (main.c:507) ==141137== by 0x46E86B: l_main_run_with_signal (main.c:647) ==141137== by 0x403EA8: main (main.c:490)
2021-04-28 18:21:13 +02:00
memset(&info, 0, sizeof(info));
netdev: add netdev_get_station/current_station This adds a generalized API for GET_STATION. This API handles calling and parsing the results into a new structure, netdev_station_info. This results structure will hold any data needed by consumers of netdev_get_station. A helper API (netdev_get_current_station) was added as a convenience which automatically passes handshake->aa as the MAC. For now only the RSSI is parsed as this is already being done for RSSI polling/events. Looking further more info will be added such as rx/tx rates and estimated throughput.
2021-01-12 18:17:17 +01:00
while (l_genl_attr_next(&attr, &type, &len, &data)) {
switch (type) {
case NL80211_ATTR_STA_INFO:
if (!l_genl_attr_recurse(&attr, &nested))
goto parse_error;
if (!netdev_parse_sta_info(&nested, &info))
goto parse_error;
break;
case NL80211_ATTR_MAC:
if (len != 6)
goto parse_error;
memcpy(info.addr, data, 6);
break;
}
}
if (netdev->get_station_cb)
netdev->get_station_cb(&info, netdev->get_station_data);
return;
parse_error:
if (netdev->get_station_cb)
netdev->get_station_cb(NULL, netdev->get_station_data);
}
static void netdev_get_station_destroy(void *user_data)
{
struct netdev *netdev = user_data;
netdev->get_station_cmd_id = 0;
if (netdev->get_station_destroy)
netdev->get_station_destroy(netdev->get_station_data);
}
int netdev_get_station(struct netdev *netdev, const uint8_t *mac,
netdev_get_station_cb_t cb, void *user_data,
netdev_destroy_func_t destroy)
{
struct l_genl_msg *msg;
if (netdev->get_station_cmd_id)
return -EBUSY;
msg = l_genl_msg_new_sized(NL80211_CMD_GET_STATION, 64);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, mac);
netdev->get_station_cmd_id = l_genl_family_send(nl80211, msg,
netdev_get_station_cb, netdev,
netdev_get_station_destroy);
if (!netdev->get_station_cmd_id) {
l_genl_msg_unref(msg);
return -EIO;
}
netdev->get_station_cb = cb;
netdev->get_station_data = user_data;
netdev->get_station_destroy = destroy;
return 0;
}
int netdev_get_current_station(struct netdev *netdev,
netdev_get_station_cb_t cb, void *user_data,
netdev_destroy_func_t destroy)
{
netdev: Return -ENOTCONN in netdev_get_current_station
2021-04-26 17:17:22 +02:00
if (!netdev->handshake)
return -ENOTCONN;
netdev: add netdev_get_station/current_station This adds a generalized API for GET_STATION. This API handles calling and parsing the results into a new structure, netdev_station_info. This results structure will hold any data needed by consumers of netdev_get_station. A helper API (netdev_get_current_station) was added as a convenience which automatically passes handshake->aa as the MAC. For now only the RSSI is parsed as this is already being done for RSSI polling/events. Looking further more info will be added such as rx/tx rates and estimated throughput.
2021-01-12 18:17:17 +01:00
return netdev_get_station(netdev, netdev->handshake->aa, cb,
user_data, destroy);
}
netdev: add netdev_get_all_stations This is a nl80211 dump version of netdev_get_station aimed at AP mode. This will dump all stations, parse into netdev_station_info structs, and call the callback for each individual station found. Once the dump is completed the destroy callback is called.
2021-01-20 19:30:30 +01:00
int netdev_get_all_stations(struct netdev *netdev, netdev_get_station_cb_t cb,
void *user_data, netdev_destroy_func_t destroy)
{
struct l_genl_msg *msg;
if (netdev->get_station_cmd_id)
return -EBUSY;
msg = l_genl_msg_new_sized(NL80211_CMD_GET_STATION, 64);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
netdev->get_station_cmd_id = l_genl_family_dump(nl80211, msg,
netdev_get_station_cb, netdev,
netdev_get_station_destroy);
if (!netdev->get_station_cmd_id) {
l_genl_msg_unref(msg);
return -EIO;
}
netdev->get_station_cb = cb;
netdev->get_station_data = user_data;
netdev->get_station_destroy = destroy;
return 0;
}
netdev: Re-add frame watches on iftype change If the iftype changes, kernel silently wipes out any frame registrations we may have registered. Right now, frame registrations are only done when the interface is created. This can result in frame watches not being added if the interface type is changed between station mode to ap mode and then back to station mode, e.g.: device wlan0 set-property Mode ap device wlan0 set-property Mode station Make sure to re-add frame registrations according to the mode if the interface type is changed.
2021-04-16 22:48:35 +02:00
static void netdev_add_station_frame_watches(struct netdev *netdev)
{
static const uint8_t action_neighbor_report_prefix[2] = { 0x05, 0x05 };
static const uint8_t action_sa_query_resp_prefix[2] = { 0x08, 0x01 };
static const uint8_t action_sa_query_req_prefix[2] = { 0x08, 0x00 };
static const uint8_t action_ft_response_prefix[] = { 0x06, 0x02 };
static const uint8_t action_qos_map_prefix[] = { 0x01, 0x04 };
uint64_t wdev = netdev->wdev_id;
/* Subscribe to Management -> Action -> RM -> Neighbor Report frames */
frame_watch_add(wdev, 0, 0x00d0, action_neighbor_report_prefix,
sizeof(action_neighbor_report_prefix),
netdev_neighbor_report_frame_event, netdev, NULL);
frame_watch_add(wdev, 0, 0x00d0, action_sa_query_resp_prefix,
sizeof(action_sa_query_resp_prefix),
netdev_sa_query_resp_frame_event, netdev, NULL);
frame_watch_add(wdev, 0, 0x00d0, action_sa_query_req_prefix,
sizeof(action_sa_query_req_prefix),
netdev_sa_query_req_frame_event, netdev, NULL);
frame_watch_add(wdev, 0, 0x00d0, action_ft_response_prefix,
sizeof(action_ft_response_prefix),
netdev_ft_response_frame_event, netdev, NULL);
if (wiphy_supports_qos_set_map(netdev->wiphy))
frame_watch_add(wdev, 0, 0x00d0, action_qos_map_prefix,
sizeof(action_qos_map_prefix),
netdev_qos_map_frame_event, netdev, NULL);
}
static void netdev_setup_interface(struct netdev *netdev)
{
switch (netdev->type) {
case NL80211_IFTYPE_STATION:
netdev_add_station_frame_watches(netdev);
break;
default:
break;
}
}
netdev: Track SET_INTERFACE events And set the interface type based on the event rather than the command callback. This allows us to track interface type changes even if they come from outside iwd (which shouldn't happen.)
2021-04-16 22:24:00 +02:00
static void netdev_set_interface_event(struct l_genl_msg *msg,
struct netdev *netdev)
{
uint32_t iftype;
frame-xchg: iftype changes to be managed by netdev Since netdev now keeps track of iftype changes, let it call frame_watch_wdev_remove on netdevs that it manages to clear frame registrations that should be cleared due to an iftype change. Note that P2P_DEVICE wdevs are not managed by any netdev object, but since their iftype cannot be changed, they should not be affected by this change.
2021-04-19 23:31:42 +02:00
uint64_t wdev_id;
netdev: Track SET_INTERFACE events And set the interface type based on the event rather than the command callback. This allows us to track interface type changes even if they come from outside iwd (which shouldn't happen.)
2021-04-16 22:24:00 +02:00
if (nl80211_parse_attrs(msg, NL80211_ATTR_IFTYPE, &iftype,
frame-xchg: iftype changes to be managed by netdev Since netdev now keeps track of iftype changes, let it call frame_watch_wdev_remove on netdevs that it manages to clear frame registrations that should be cleared due to an iftype change. Note that P2P_DEVICE wdevs are not managed by any netdev object, but since their iftype cannot be changed, they should not be affected by this change.
2021-04-19 23:31:42 +02:00
NL80211_ATTR_WDEV, &wdev_id,
netdev: Track SET_INTERFACE events And set the interface type based on the event rather than the command callback. This allows us to track interface type changes even if they come from outside iwd (which shouldn't happen.)
2021-04-16 22:24:00 +02:00
NL80211_ATTR_UNSPEC) < 0)
return;
if (iftype == netdev->type)
return;
l_debug("Interface type changed from %s to %s",
netdev_iftype_to_string(netdev->type),
netdev_iftype_to_string(iftype));
netdev->type = iftype;
frame-xchg: iftype changes to be managed by netdev Since netdev now keeps track of iftype changes, let it call frame_watch_wdev_remove on netdevs that it manages to clear frame registrations that should be cleared due to an iftype change. Note that P2P_DEVICE wdevs are not managed by any netdev object, but since their iftype cannot be changed, they should not be affected by this change.
2021-04-19 23:31:42 +02:00
frame_watch_wdev_remove(wdev_id);
netdev: Track SET_INTERFACE events And set the interface type based on the event rather than the command callback. This allows us to track interface type changes even if they come from outside iwd (which shouldn't happen.)
2021-04-16 22:24:00 +02:00
netdev: Re-add frame watches on iftype change If the iftype changes, kernel silently wipes out any frame registrations we may have registered. Right now, frame registrations are only done when the interface is created. This can result in frame watches not being added if the interface type is changed between station mode to ap mode and then back to station mode, e.g.: device wlan0 set-property Mode ap device wlan0 set-property Mode station Make sure to re-add frame registrations according to the mode if the interface type is changed.
2021-04-16 22:48:35 +02:00
netdev_setup_interface(netdev);
netdev: Add new iftype change event
2021-04-16 23:56:13 +02:00
WATCHLIST_NOTIFY(&netdev_watches, netdev_watch_func_t,
netdev, NETDEV_WATCH_EVENT_IFTYPE_CHANGE);
netdev: Track SET_INTERFACE events And set the interface type based on the event rather than the command callback. This allows us to track interface type changes even if they come from outside iwd (which shouldn't happen.)
2021-04-16 22:24:00 +02:00
}
static void netdev_config_notify(struct l_genl_msg *msg, void *user_data)
{
struct netdev *netdev;
netdev = netdev_from_message(msg);
if (!netdev)
return;
switch (l_genl_msg_get_command(msg)) {
case NL80211_CMD_SET_INTERFACE:
netdev_set_interface_event(msg, netdev);
break;
}
}
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
static struct l_genl_msg *netdev_build_cmd_set_interface(struct netdev *netdev,
uint32_t iftype)
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
{
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
struct l_genl_msg *msg =
l_genl_msg_new_sized(NL80211_CMD_SET_INTERFACE, 32);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFTYPE, 4, &iftype);
return msg;
}
struct netdev_set_iftype_request {
netdev_command_cb_t cb;
void *user_data;
netdev_destroy_func_t destroy;
uint32_t pending_type;
uint32_t ref;
struct netdev *netdev;
bool bring_up;
};
static void netdev_set_iftype_request_destroy(void *user_data)
{
struct netdev_set_iftype_request *req = user_data;
struct netdev *netdev = req->netdev;
req->ref--;
if (req->ref)
return;
netdev->set_powered_cmd_id = 0;
netdev->set_interface_cmd_id = 0;
if (req->destroy)
req->destroy(req->user_data);
l_free(req);
}
static void netdev_set_iftype_up_cb(int error, uint16_t type,
const void *data,
uint32_t len, void *user_data)
{
struct netdev_set_iftype_request *req = user_data;
struct netdev *netdev = req->netdev;
if (req->cb)
req->cb(netdev, error, req->user_data);
}
static void netdev_set_iftype_cb(struct l_genl_msg *msg, void *user_data)
{
struct netdev_set_iftype_request *req = user_data;
struct netdev *netdev = req->netdev;
int error = l_genl_msg_get_error(msg);
if (error != 0)
goto done;
/* If the netdev was down originally, we're done */
if (!req->bring_up)
goto done;
netdev->set_powered_cmd_id =
netdev: Use ell's rtnl APIs
2020-02-15 10:48:39 +01:00
l_rtnl_set_powered(rtnl, netdev->index, true,
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
netdev_set_iftype_up_cb, req,
netdev_set_iftype_request_destroy);
if (!netdev->set_powered_cmd_id) {
error = -EIO;
goto done;
}
req->ref++;
netdev->set_interface_cmd_id = 0;
return;
done:
if (req->cb)
req->cb(netdev, error, req->user_data);
}
static void netdev_set_iftype_down_cb(int error, uint16_t type,
const void *data,
uint32_t len, void *user_data)
{
struct netdev_set_iftype_request *req = user_data;
struct netdev *netdev = req->netdev;
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
struct l_genl_msg *msg;
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
if (error != 0)
goto error;
msg = netdev_build_cmd_set_interface(netdev, req->pending_type);
netdev->set_interface_cmd_id =
l_genl_family_send(nl80211, msg, netdev_set_iftype_cb, req,
netdev_set_iftype_request_destroy);
if (!netdev->set_interface_cmd_id) {
l_genl_msg_unref(msg);
error = -EIO;
goto error;
}
req->ref++;
netdev->set_powered_cmd_id = 0;
return;
error:
if (req->cb)
req->cb(netdev, error, req->user_data);
}
int netdev_set_iftype(struct netdev *netdev, enum netdev_iftype type,
netdev_command_cb_t cb, void *user_data,
netdev_destroy_func_t destroy)
{
netdev: Add IFTYPE_ADHOC interface type netdev_set_iftype and get_iftype were also changed to account for all three interface types.
2018-07-17 00:29:14 +02:00
uint32_t iftype;
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
struct netdev_set_iftype_request *req;
netdev: Add IFTYPE_ADHOC interface type netdev_set_iftype and get_iftype were also changed to account for all three interface types.
2018-07-17 00:29:14 +02:00
switch (type) {
case NETDEV_IFTYPE_AP:
iftype = NL80211_IFTYPE_AP;
break;
case NETDEV_IFTYPE_ADHOC:
iftype = NL80211_IFTYPE_ADHOC;
break;
case NETDEV_IFTYPE_STATION:
iftype = NL80211_IFTYPE_STATION;
break;
default:
l_error("unsupported iftype %u", type);
return -EINVAL;
}
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
if (netdev->set_powered_cmd_id ||
netdev->set_interface_cmd_id)
return -EBUSY;
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
req = l_new(struct netdev_set_iftype_request, 1);
req->cb = cb;
req->user_data = user_data;
req->destroy = destroy;
req->pending_type = iftype;
req->netdev = netdev;
req->ref = 1;
req->bring_up = netdev_get_is_up(netdev);
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
if (!req->bring_up) {
struct l_genl_msg *msg =
netdev_build_cmd_set_interface(netdev, iftype);
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
netdev->set_interface_cmd_id =
l_genl_family_send(nl80211, msg,
netdev_set_iftype_cb, req,
netdev_set_iftype_request_destroy);
if (netdev->set_interface_cmd_id)
return 0;
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
l_genl_msg_unref(msg);
} else {
netdev->set_powered_cmd_id =
netdev: Use ell's rtnl APIs
2020-02-15 10:48:39 +01:00
l_rtnl_set_powered(rtnl, netdev->index, false,
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
netdev_set_iftype_down_cb, req,
netdev_set_iftype_request_destroy);
if (netdev->set_powered_cmd_id)
return 0;
}
netdev: fixed netdev_set_iftype While this would issue a SET_INTERFACE to the kernel it would not actually set netdev->type, so netdev_get_iftype would return incorrectly.
2018-06-19 22:28:01 +02:00
device/netdev: Properly implement mode switching
2018-08-20 05:07:15 +02:00
l_free(req);
return -EIO;
netdev: Add interface type setter and getter Modify netdev_get_iftype, which was until now unused, and add netdev_set_iftype. Don't skip interfaces with types other than STATION on startup, instead reset the type to STATION in device.c. netdev_get_iftype is modified to use our own interface type enum to avoid forcing users to include "nl80211.h". Note that setting an interface UP and DOWN wouldn't generally reset the iftype to STATION. Another process may still change the type while iwd is running and iwd would not detect this as it would detect another interface setting interface DOWN, not sure how far we want to go in monitoring all of the properties this way.
2017-08-14 14:49:16 +02:00
}
netdev: handle netlink events on bridge ports When a wifi interface is added/removed to/from a bridge, a RTM_NEW/DELLINK event is issued. This is the same event used to signal when an interface is created/deleted. For this reason the event generated by the bridge code has to be properly distinguished and handled accordingly. Failing to do so will result in inconsistencies in iwd which will think an interface has been deleted when it was actually not. Detect incoming NEW/DELLINK bridge events and reacts accordingly. For now, this simply means printing a simple message, as there is no special logic in iwd for this yet.
2018-06-12 06:20:18 +02:00
static void netdev_bridge_port_event(const struct ifinfomsg *ifi, int bytes,
bool added)
{
struct netdev *netdev;
struct rtattr *attr;
uint32_t master = 0;
netdev = netdev_find(ifi->ifi_index);
if (!netdev)
return;
for (attr = IFLA_RTA(ifi); RTA_OK(attr, bytes);
attr = RTA_NEXT(attr, bytes)) {
switch (attr->rta_type) {
case IFLA_MASTER:
memcpy(&master, RTA_DATA(attr), sizeof(master));
break;
}
}
l_debug("netdev: %d %s bridge: %d", ifi->ifi_index,
(added ? "added to" : "removed from"), master);
}
netdev: add helper to set/unset 4ADDR property
2018-06-14 04:11:23 +02:00
struct set_4addr_cb_data {
struct netdev *netdev;
bool value;
netdev: Remove redundant typedefs Unify command specific typedefs which had the same signature into a single netdev_command_cb_t
2018-08-20 01:25:23 +02:00
netdev_command_cb_t callback;
netdev: add helper to set/unset 4ADDR property
2018-06-14 04:11:23 +02:00
void *user_data;
netdev_destroy_func_t destroy;
};
static void netdev_set_4addr_cb(struct l_genl_msg *msg, void *user_data)
{
struct set_4addr_cb_data *cb_data = user_data;
int error = l_genl_msg_get_error(msg);
if (!cb_data)
return;
/* cache the value that has just been set */
if (!error)
cb_data->netdev->use_4addr = cb_data->value;
netdev: Fix unneeded error negation device.c expects errors to be negative for both set_powered and set_4addr.
2018-06-14 04:25:01 +02:00
cb_data->callback(cb_data->netdev, error, cb_data->user_data);
netdev: add helper to set/unset 4ADDR property
2018-06-14 04:11:23 +02:00
}
static void netdev_set_4addr_destroy(void *user_data)
{
struct set_4addr_cb_data *cb_data = user_data;
if (!cb_data)
return;
if (cb_data->destroy)
cb_data->destroy(cb_data->user_data);
l_free(cb_data);
}
int netdev_set_4addr(struct netdev *netdev, bool use_4addr,
netdev: Remove redundant typedefs Unify command specific typedefs which had the same signature into a single netdev_command_cb_t
2018-08-20 01:25:23 +02:00
netdev_command_cb_t cb, void *user_data,
netdev: add helper to set/unset 4ADDR property
2018-06-14 04:11:23 +02:00
netdev_destroy_func_t destroy)
{
struct set_4addr_cb_data *cb_data = NULL;
uint8_t attr_4addr = (use_4addr ? 1 : 0);
struct l_genl_msg *msg;
l_debug("netdev: %d use_4addr: %d", netdev->index, use_4addr);
msg = l_genl_msg_new_sized(NL80211_CMD_SET_INTERFACE, 32);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
l_genl_msg_append_attr(msg, NL80211_ATTR_4ADDR, 1, &attr_4addr);
if (cb) {
cb_data = l_new(struct set_4addr_cb_data, 1);
cb_data->netdev = netdev;
cb_data->value = use_4addr;
cb_data->callback = cb;
cb_data->user_data = user_data;
cb_data->destroy = destroy;
}
if (!l_genl_family_send(nl80211, msg, netdev_set_4addr_cb, cb_data,
netdev_set_4addr_destroy)) {
l_error("CMD_SET_INTERFACE (4addr) failed");
l_genl_msg_unref(msg);
l_free(cb_data);
return -EIO;
}
return 0;
}
bool netdev_get_4addr(struct netdev *netdev)
{
return netdev->use_4addr;
}
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
static void netdev_newlink_notify(const struct ifinfomsg *ifi, int bytes)
{
struct netdev *netdev;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
bool old_up, new_up;
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
char old_name[IFNAMSIZ];
netdev: React to interface address change Handle the changes of interface address in RTNL New Link messages similarly to the name changes, emit a NETDEV_WATCH_EVENT_ADDRESS_CHANGE event and a propety change on dbus. Note this can only happen when the interface is down so it doesn't break anything but we need to handle it anyway.
2017-03-08 15:07:14 +01:00
uint8_t old_addr[ETH_ALEN];
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
struct rtattr *attr;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
netdev: handle netlink events on bridge ports When a wifi interface is added/removed to/from a bridge, a RTM_NEW/DELLINK event is issued. This is the same event used to signal when an interface is created/deleted. For this reason the event generated by the bridge code has to be properly distinguished and handled accordingly. Failing to do so will result in inconsistencies in iwd which will think an interface has been deleted when it was actually not. Detect incoming NEW/DELLINK bridge events and reacts accordingly. For now, this simply means printing a simple message, as there is no special logic in iwd for this yet.
2018-06-12 06:20:18 +02:00
if (ifi->ifi_family == AF_BRIDGE) {
netdev_bridge_port_event(ifi, bytes, true);
return;
}
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
netdev = netdev_find(ifi->ifi_index);
if (!netdev)
return;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
old_up = netdev_get_is_up(netdev);
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
strcpy(old_name, netdev->name);
netdev: React to interface address change Handle the changes of interface address in RTNL New Link messages similarly to the name changes, emit a NETDEV_WATCH_EVENT_ADDRESS_CHANGE event and a propety change on dbus. Note this can only happen when the interface is down so it doesn't break anything but we need to handle it anyway.
2017-03-08 15:07:14 +01:00
memcpy(old_addr, netdev->addr, ETH_ALEN);
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
netdev->ifi_flags = ifi->ifi_flags;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
for (attr = IFLA_RTA(ifi); RTA_OK(attr, bytes);
attr = RTA_NEXT(attr, bytes)) {
netdev: React to interface address change Handle the changes of interface address in RTNL New Link messages similarly to the name changes, emit a NETDEV_WATCH_EVENT_ADDRESS_CHANGE event and a propety change on dbus. Note this can only happen when the interface is down so it doesn't break anything but we need to handle it anyway.
2017-03-08 15:07:14 +01:00
switch (attr->rta_type) {
case IFLA_IFNAME:
strcpy(netdev->name, RTA_DATA(attr));
break;
case IFLA_ADDRESS:
if (RTA_PAYLOAD(attr) < ETH_ALEN)
break;
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
netdev: React to interface address change Handle the changes of interface address in RTNL New Link messages similarly to the name changes, emit a NETDEV_WATCH_EVENT_ADDRESS_CHANGE event and a propety change on dbus. Note this can only happen when the interface is down so it doesn't break anything but we need to handle it anyway.
2017-03-08 15:07:14 +01:00
memcpy(netdev->addr, RTA_DATA(attr), ETH_ALEN);
break;
}
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
}
device: Move device creation from netdev.c to event watch Create and destroy the device state struct and the DBus interfaces in a way more similar to the Station, AdHoc and AP interfaces. Drop netdev_get_device() and the device specific code in netdev that as far as I can tell wasn't needed.
2019-11-20 23:23:42 +01:00
if (!netdev->events_ready) /* Did we send NETDEV_WATCH_EVENT_NEW yet? */
netdev: Don't emit events before NETDEV_WATCH_EVENT_NEW
2018-09-22 18:48:21 +02:00
return;
netdev: Add netdev_set_powered
2016-07-13 04:26:27 +02:00
new_up = netdev_get_is_up(netdev);
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
/*
* If mac_change_cmd_id is set we are in the process of changing the
* MAC address and this event is a result of powering down/up. In this
* case we do not want to emit a netdev DOWN/UP event as this would
* cause other modules to behave as such. We do, however, want to emit
* address changes so other modules get the new MAC address updated.
*/
if (old_up != new_up && !netdev->mac_change_cmd_id)
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
WATCHLIST_NOTIFY(&netdev_watches, netdev_watch_func_t,
netdev: Simplify event watches using watchlist
2017-09-01 01:18:41 +02:00
netdev, new_up ? NETDEV_WATCH_EVENT_UP :
NETDEV_WATCH_EVENT_DOWN);
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
netdev: Simplify event watches using watchlist
2017-09-01 01:18:41 +02:00
if (strcmp(old_name, netdev->name))
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
WATCHLIST_NOTIFY(&netdev_watches, netdev_watch_func_t,
netdev: Simplify event watches using watchlist
2017-09-01 01:18:41 +02:00
netdev, NETDEV_WATCH_EVENT_NAME_CHANGE);
netdev: Track interface name changes
2016-07-14 02:38:05 +02:00
netdev: Simplify event watches using watchlist
2017-09-01 01:18:41 +02:00
if (memcmp(old_addr, netdev->addr, ETH_ALEN))
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
WATCHLIST_NOTIFY(&netdev_watches, netdev_watch_func_t,
netdev: Simplify event watches using watchlist
2017-09-01 01:18:41 +02:00
netdev, NETDEV_WATCH_EVENT_ADDRESS_CHANGE);
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
}
netdev: React to removed netdevs
2016-07-01 21:49:34 +02:00
static void netdev_dellink_notify(const struct ifinfomsg *ifi, int bytes)
{
struct netdev *netdev;
netdev: handle netlink events on bridge ports When a wifi interface is added/removed to/from a bridge, a RTM_NEW/DELLINK event is issued. This is the same event used to signal when an interface is created/deleted. For this reason the event generated by the bridge code has to be properly distinguished and handled accordingly. Failing to do so will result in inconsistencies in iwd which will think an interface has been deleted when it was actually not. Detect incoming NEW/DELLINK bridge events and reacts accordingly. For now, this simply means printing a simple message, as there is no special logic in iwd for this yet.
2018-06-12 06:20:18 +02:00
if (ifi->ifi_family == AF_BRIDGE) {
netdev_bridge_port_event(ifi, bytes, false);
return;
}
netdev: React to removed netdevs
2016-07-01 21:49:34 +02:00
netdev = l_queue_remove_if(netdev_list, netdev_match,
L_UINT_TO_PTR(ifi->ifi_index));
if (!netdev)
return;
netdev_free(netdev);
}
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
static void netdev_initial_up_cb(int error, uint16_t type, const void *data,
uint32_t len, void *user_data)
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
{
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
struct netdev *netdev = user_data;
netdev->set_powered_cmd_id = 0;
netdev: Update ifi_flags in rntl_set_powered callbacks When we detect a new device we either bring it down and then up or only up. The IFF_UP flag in netdev->ifi_flags is updated before that, then we send the two rtnl commands and then fire the NETDEV_WATCH_EVENT_NEW event if either the bring up succeeded or -ERFKILL was returned, so the device may either be UP or DOWN at that point. It seems that a RTNL NEWLINK notification is usually received before the RTNL command callback but I don't think this is guaranteed so update the IFF_UP flag in the callbacks so that the NETDEV_WATCH_EVENT_NEW handlers can reliably use netdev_get_is_up()
2018-09-22 18:48:20 +02:00
if (!error)
netdev->ifi_flags |= IFF_UP;
else {
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
l_error("Error bringing interface %i up: %s", netdev->index,
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
strerror(-error));
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
if (error != -ERFKILL)
netdev: Allow ERFKILL during initial bring up If initial bring up returns ERFKILL proceed and the inteface can be explicitly brought up by the client once rfkill is disabled. Also fix the error number returned to netdev_set_powered callback to be negative as expected by netdev_initial_up_cb.
2016-07-26 14:42:20 +02:00
return;
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
}
netdev: Use ell's rtnl APIs
2020-02-15 10:48:39 +01:00
l_rtnl_set_linkmode_and_operstate(rtnl, netdev->index,
netdev: use rtnlutil for linkmode/operstate
2019-05-06 20:17:53 +02:00
IF_LINK_MODE_DORMANT, IF_OPER_DOWN,
netdev_operstate_cb,
netdev: Don't crash on operstate callbacks The way that netdev_set_linkmode_and_operstate was used resulted in potential crashes when the netdev was destroyed. This is because netdev was given as data to l_netlink_send and could be destroyed between the time of the call and the callback. Since the result of calls to netdev_set_linkmode_and_operstate is inconsequential, it isn't really worthwhile tracking these calls in order to cancel them. This patch simplies the handling of these rtnl calls, makes sure that netdev isn't passed as user data and rewrites the netdev_set_linkmode_and_operstate signature to be more consistent with rtnl_set_powered.
2018-08-17 21:04:44 +02:00
L_UINT_TO_PTR(netdev->index), NULL);
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
netdev: add helper to set/unset 4ADDR property
2018-06-14 04:11:23 +02:00
/*
* we don't know the initial status of the 4addr property on this
* netdev, therefore we set it to zero by default.
*/
netdev_set_4addr(netdev, netdev->use_4addr, NULL, NULL, NULL);
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
l_debug("Interface %i initialized", netdev->index);
device/netdev: init scan in netdev instead of device Commit 1057d8aa743a changed the device interface creation logic from being unconditional inside netdev.c to instead use NETDEV_WATCH_* events. However, this broke the assumption that the device interface was created before all others. The effect is that the scan_wdev_add might no longer be called prior to station interface being created. Fix this by moving scan_wdev_add/remove calls to netdev.c instead. Fixes: 1057d8aa743a ("device: Move device creation from netdev.c to event watch")
2019-12-06 17:11:51 +01:00
scan_wdev_add(netdev->wdev_id);
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
WATCHLIST_NOTIFY(&netdev_watches, netdev_watch_func_t,
netdev, NETDEV_WATCH_EVENT_NEW);
device: Move device creation from netdev.c to event watch Create and destroy the device state struct and the DBus interfaces in a way more similar to the Station, AdHoc and AP interfaces. Drop netdev_get_device() and the device specific code in netdev that as far as I can tell wasn't needed.
2019-11-20 23:23:42 +01:00
netdev->events_ready = true;
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
}
netdev: Replace bool randomize_mac with specific address Allow netdev_create_from_genl callers to draw a random or non-random MAC and pass it in the parameter instead of a bool to tell us to generating the MAC locally. In P2P we are generating the MAC some time before creating the netdev in order to pass it to the peer during negotiation.
2019-12-19 04:50:56 +01:00
static bool netdev_check_set_mac(struct netdev *netdev)
{
treewide: replace util_mem_is_zero with l_memeqzero
2021-03-09 22:40:35 +01:00
if (l_memeqzero(netdev->set_mac_once, 6))
netdev: Replace bool randomize_mac with specific address Allow netdev_create_from_genl callers to draw a random or non-random MAC and pass it in the parameter instead of a bool to tell us to generating the MAC locally. In P2P we are generating the MAC some time before creating the netdev in order to pass it to the peer during negotiation.
2019-12-19 04:50:56 +01:00
return false;
l_debug("Setting initial address on ifindex: %d to: " MAC,
netdev->index, MAC_STR(netdev->set_mac_once));
netdev->set_powered_cmd_id =
netdev: update use of l_rtnl_set_mac This API was updated to take an extra boolean which will automatically power up the device while changing the MAC address. Since this is what IWD does anyways we can avoid the need for an intermediate callback and go right into netdev_initial_up_cb.
2020-03-11 23:52:51 +01:00
l_rtnl_set_mac(rtnl, netdev->index, netdev->set_mac_once, true,
netdev_initial_up_cb, netdev, NULL);
netdev: Replace bool randomize_mac with specific address Allow netdev_create_from_genl callers to draw a random or non-random MAC and pass it in the parameter instead of a bool to tell us to generating the MAC locally. In P2P we are generating the MAC some time before creating the netdev in order to pass it to the peer during negotiation.
2019-12-19 04:50:56 +01:00
memset(netdev->set_mac_once, 0, 6);
return true;
}
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
static void netdev_initial_down_cb(int error, uint16_t type, const void *data,
uint32_t len, void *user_data)
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
{
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
struct netdev *netdev = user_data;
netdev: Update ifi_flags in rntl_set_powered callbacks When we detect a new device we either bring it down and then up or only up. The IFF_UP flag in netdev->ifi_flags is updated before that, then we send the two rtnl commands and then fire the NETDEV_WATCH_EVENT_NEW event if either the bring up succeeded or -ERFKILL was returned, so the device may either be UP or DOWN at that point. It seems that a RTNL NEWLINK notification is usually received before the RTNL command callback but I don't think this is guaranteed so update the IFF_UP flag in the callbacks so that the NETDEV_WATCH_EVENT_NEW handlers can reliably use netdev_get_is_up()
2018-09-22 18:48:20 +02:00
if (!error)
netdev->ifi_flags &= ~IFF_UP;
else {
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
l_error("Error taking interface %i down: %s", netdev->index,
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
strerror(-error));
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
netdev->set_powered_cmd_id = 0;
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
return;
}
netdev: Replace bool randomize_mac with specific address Allow netdev_create_from_genl callers to draw a random or non-random MAC and pass it in the parameter instead of a bool to tell us to generating the MAC locally. In P2P we are generating the MAC some time before creating the netdev in order to pass it to the peer during negotiation.
2019-12-19 04:50:56 +01:00
if (netdev_check_set_mac(netdev))
netdev: Add logic to randomize address on creation
2019-07-02 01:29:37 +02:00
return;
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
netdev->set_powered_cmd_id =
netdev: Use ell's rtnl APIs
2020-02-15 10:48:39 +01:00
l_rtnl_set_powered(rtnl, netdev->index, true,
rtnlutil: Move rtnl_set_powered from netdev to rtnlutil This function fits with the other utilities in rtnlutil and netdev.c can slim down.
2019-11-20 23:23:44 +01:00
netdev_initial_up_cb, netdev, NULL);
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
}
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
static void netdev_getlink_cb(int error, uint16_t type, const void *data,
uint32_t len, void *user_data)
{
const struct ifinfomsg *ifi = data;
unsigned int bytes;
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
struct netdev *netdev;
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
l_netlink_command_func_t cb;
bool powered;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
netdev: Fix crash src/netdev.c:netdev_create_from_genl() Skipping duplicate netdev wlp2s0[3] Aborting (signal 11) [/home/denkenz/iwd/src/iwd] ++++++++ backtrace ++++++++ #0 0x7fc4c7a4e930 in /lib64/libc.so.6 #1 0x40ea13 in netdev_getlink_cb() at src/netdev.c:4654 #2 0x468cab in process_message() at ell/netlink.c:183 #3 0x4690a3 in can_read_data() at ell/netlink.c:289 #4 0x46681d in io_callback() at ell/io.c:126 #5 0x4651cd in l_main_iterate() at ell/main.c:473 #6 0x46530e in l_main_run() at ell/main.c:516 #7 0x465626 in l_main_run_with_signal() at ell/main.c:642 #8 0x403df8 in main() at src/main.c:513 #9 0x7fc4c7a39bde in /lib64/libc.so.6
2019-04-16 21:23:43 +02:00
if (error != 0) {
l_error("RTM_GETLINK error %i: %s", error, strerror(-error));
return;
}
if (ifi->ifi_type != ARPHRD_ETHER || type != RTM_NEWLINK) {
l_debug("Non-ethernet address or not newlink message -- "
"ifi_type: %i, type: %i", ifi->ifi_type, type);
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
return;
}
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
netdev = netdev_find(ifi->ifi_index);
if (!netdev)
return;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
bytes = len - NLMSG_ALIGN(sizeof(struct ifinfomsg));
netdev_newlink_notify(ifi, bytes);
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
/*
netdev: Add logic to randomize address on creation
2019-07-02 01:29:37 +02:00
* If the interface is UP, reset it to ensure a clean state.
* Otherwise, if we need to set a random mac, do so. If not, just
* bring the interface UP.
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
*/
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
powered = netdev_get_is_up(netdev);
netdev: Add logic to randomize address on creation
2019-07-02 01:29:37 +02:00
netdev: Replace bool randomize_mac with specific address Allow netdev_create_from_genl callers to draw a random or non-random MAC and pass it in the parameter instead of a bool to tell us to generating the MAC locally. In P2P we are generating the MAC some time before creating the netdev in order to pass it to the peer during negotiation.
2019-12-19 04:50:56 +01:00
if (!powered && netdev_check_set_mac(netdev))
netdev: Add logic to randomize address on creation
2019-07-02 01:29:37 +02:00
return;
netdev: Make sure set_powered calls are cancelable Since all netdevs share the rtnl l_netlink object, it was possible for netdevs to be destroyed with outstanding commands still executing on the rtnl object. This can lead to crashes and other nasty situations. This patch makes sure that Powered requests are always tracked via set_powered_cmd_id and the request is canceled when netdev is destroyed. This also implies that netdev_set_powered can now return an -EBUSY error in case a request is already outstanding.
2018-08-17 19:37:47 +02:00
cb = powered ? netdev_initial_down_cb : netdev_initial_up_cb;
netdev->set_powered_cmd_id =
netdev: Use ell's rtnl APIs
2020-02-15 10:48:39 +01:00
l_rtnl_set_powered(rtnl, ifi->ifi_index, !powered, cb, netdev,
rtnlutil: Move rtnl_set_powered from netdev to rtnlutil This function fits with the other utilities in rtnlutil and netdev.c can slim down.
2019-11-20 23:23:44 +01:00
NULL);
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
}
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
static struct l_io *pae_open(uint32_t ifindex)
{
/*
* BPF filter to match skb->dev->type == 1 (ARPHRD_ETHER) and
* match skb->protocol == 0x888e (PAE) or 0x88c7 (preauthentication).
*/
struct sock_filter pae_filter[] = {
{ 0x20, 0, 0, 0xfffff008 }, /* ld #ifidx */
{ 0x15, 0, 6, 0x00000000 }, /* jne #0, drop */
{ 0x28, 0, 0, 0xfffff01c }, /* ldh #hatype */
{ 0x15, 0, 4, 0x00000001 }, /* jne #1, drop */
{ 0x28, 0, 0, 0xfffff000 }, /* ldh #proto */
{ 0x15, 1, 0, 0x0000888e }, /* je #0x888e, keep */
{ 0x15, 0, 1, 0x000088c7 }, /* jne #0x88c7, drop */
{ 0x06, 0, 0, 0xffffffff }, /* keep: ret #-1 */
{ 0x06, 0, 0, 0000000000 }, /* drop: ret #0 */
};
const struct sock_fprog pae_fprog = {
.len = L_ARRAY_SIZE(pae_filter),
.filter = pae_filter
};
struct l_io *io;
int fd;
fd = socket(PF_PACKET, SOCK_DGRAM | SOCK_CLOEXEC | SOCK_NONBLOCK,
htons(ETH_P_ALL));
if (fd < 0)
return NULL;
/*
* Here we modify the k value in the BPF program above to match the
* given ifindex. We do it this way instead of using bind to attach
* to a specific interface index to avoid having to re-open the fd
* whenever the device is powered down / up
*/
pae_filter[1].k = ifindex;
if (setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER,
&pae_fprog, sizeof(pae_fprog)) < 0)
goto error;
io = l_io_new(fd);
l_io_set_close_on_destroy(io, true);
return io;
error:
close(fd);
return NULL;
}
netdev: Replace bool randomize_mac with specific address Allow netdev_create_from_genl callers to draw a random or non-random MAC and pass it in the parameter instead of a bool to tell us to generating the MAC locally. In P2P we are generating the MAC some time before creating the netdev in order to pass it to the peer during negotiation.
2019-12-19 04:50:56 +01:00
struct netdev *netdev_create_from_genl(struct l_genl_msg *msg,
const uint8_t *set_mac)
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
{
netdev: Use nl80211_parse_attrs
2019-12-17 23:57:21 +01:00
const char *ifname;
const uint8_t *ifaddr;
uint32_t ifindex;
uint32_t iftype;
uint64_t wdev;
uint32_t wiphy_id;
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
struct netdev *netdev;
struct wiphy *wiphy = NULL;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
struct ifinfomsg *rtmmsg;
size_t bufsize;
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
struct l_io *pae_io = NULL;
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
netdev: Use nl80211_parse_attrs
2019-12-17 23:57:21 +01:00
if (nl80211_parse_attrs(msg, NL80211_ATTR_IFINDEX, &ifindex,
NL80211_ATTR_WDEV, &wdev,
NL80211_ATTR_IFNAME, &ifname,
NL80211_ATTR_WIPHY, &wiphy_id,
NL80211_ATTR_IFTYPE, &iftype,
NL80211_ATTR_MAC, &ifaddr,
NL80211_ATTR_UNSPEC) < 0) {
l_warn("Required attributes missing");
netdev: Make netdev_create_from_genl, netdev_destroy public Make netdev_create_from_genl public and change signature to return the created netdev or NULL. Also add netdev_destroy that destroys and unregisters the created netdevs. Both will be used to move the whole interface management to a new file.
2019-04-11 03:10:20 +02:00
return NULL;
netdev: Skip non-STA interfaces
2016-07-19 23:03:26 +02:00
}
netdev: Use nl80211_parse_attrs
2019-12-17 23:57:21 +01:00
wiphy = wiphy_find(wiphy_id);
if (!wiphy) {
l_warn("No wiphy: %d", wiphy_id);
netdev: Make netdev_create_from_genl, netdev_destroy public Make netdev_create_from_genl public and change signature to return the created netdev or NULL. Also add netdev_destroy that destroys and unregisters the created netdevs. Both will be used to move the whole interface management to a new file.
2019-04-11 03:10:20 +02:00
return NULL;
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
}
netdev: Use nl80211_parse_attrs
2019-12-17 23:57:21 +01:00
if (netdev_find(ifindex)) {
l_debug("Skipping duplicate netdev %s[%d]", ifname, ifindex);
netdev: Make netdev_create_from_genl, netdev_destroy public Make netdev_create_from_genl public and change signature to return the created netdev or NULL. Also add netdev_destroy that destroys and unregisters the created netdevs. Both will be used to move the whole interface management to a new file.
2019-04-11 03:10:20 +02:00
return NULL;
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
}
wiphy: Rename get_ext_feature API to has_ext_feature
2018-05-24 20:12:36 +02:00
if (!wiphy_has_ext_feature(wiphy,
netdev: Use CamelCase for pae over nl80211 setting
2019-10-25 04:36:03 +02:00
NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211) ||
!pae_over_nl80211) {
netdev: Use nl80211_parse_attrs
2019-12-17 23:57:21 +01:00
pae_io = pae_open(ifindex);
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
if (!pae_io) {
l_error("Unable to open PAE interface");
netdev: Make netdev_create_from_genl, netdev_destroy public Make netdev_create_from_genl public and change signature to return the created netdev or NULL. Also add netdev_destroy that destroys and unregisters the created netdevs. Both will be used to move the whole interface management to a new file.
2019-04-11 03:10:20 +02:00
return NULL;
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
}
}
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
netdev = l_new(struct netdev, 1);
netdev: Use nl80211_parse_attrs
2019-12-17 23:57:21 +01:00
netdev->index = ifindex;
netdev->wdev_id = wdev;
netdev->type = iftype;
netdev: support for REKEY_OFFLOAD and its event handling
2016-06-23 00:49:16 +02:00
netdev->rekey_offload_support = true;
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
memcpy(netdev->addr, ifaddr, sizeof(netdev->addr));
netdev: Use nl80211_parse_attrs
2019-12-17 23:57:21 +01:00
l_strlcpy(netdev->name, ifname, IFNAMSIZ);
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
netdev->wiphy = wiphy;
netdev: Use CamelCase for pae over nl80211 setting
2019-10-25 04:36:03 +02:00
netdev->pae_over_nl80211 = pae_io == NULL;
netdev: Replace bool randomize_mac with specific address Allow netdev_create_from_genl callers to draw a random or non-random MAC and pass it in the parameter instead of a bool to tell us to generating the MAC locally. In P2P we are generating the MAC some time before creating the netdev in order to pass it to the peer during negotiation.
2019-12-19 04:50:56 +01:00
if (set_mac)
memcpy(netdev->set_mac_once, set_mac, 6);
netdev: Open PAE transport if needed If Control Port over NL80211 is not supported, open up a PAE socket and stuff it into an l_io on the netdev object. Install a read handler on the l_io and call __eapol_rx_packet as needed.
2018-05-01 18:08:19 +02:00
if (pae_io) {
netdev->pae_io = pae_io;
l_io_set_read_handler(netdev->pae_io, netdev_pae_read, netdev,
netdev_pae_destroy);
}
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
watchlist_init(&netdev->station_watches, NULL);
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
l_queue_push_tail(netdev_list, netdev);
netdev: Add netdev_get_wdev_id
2019-07-08 16:02:58 +02:00
l_debug("Created interface %s[%d %" PRIx64 "]", netdev->name,
netdev->index, netdev->wdev_id);
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
/* Query interface flags */
netdev: Add padding to netlink family headers Use the NLMSG_ALIGN macro on the family header size (struct ifinfomsg in this case). The ascii graphics in include/net/netlink.h show that both the netlink header and the family header should be padded. The netlink header (nlmsghdr) is already padded in ell. To "document" this requirementin ell what we could do is take two buffers, one for the family header and one for the attributes. This doesn't change anything for most people because ifinfomsg is already 16-byte long on the usual architectures.
2016-11-07 16:42:02 +01:00
bufsize = NLMSG_ALIGN(sizeof(struct ifinfomsg));
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
rtmmsg = l_malloc(bufsize);
memset(rtmmsg, 0, bufsize);
rtmmsg->ifi_family = AF_UNSPEC;
netdev: Use nl80211_parse_attrs
2019-12-17 23:57:21 +01:00
rtmmsg->ifi_index = ifindex;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
netdev: Squash kernel warning netlink: 16 bytes leftover after parsing attributes in process `iwd'.
2016-10-18 18:40:26 +02:00
l_netlink_send(rtnl, RTM_GETLINK, 0, rtmmsg, bufsize,
netdev: Don't set userdata for getlink
2018-08-17 20:29:05 +02:00
netdev_getlink_cb, NULL, NULL);
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
l_free(rtmmsg);
netdev: Register for and parse Neighbor Report responses
2016-12-23 11:38:02 +01:00
netdev: Re-add frame watches on iftype change If the iftype changes, kernel silently wipes out any frame registrations we may have registered. Right now, frame registrations are only done when the interface is created. This can result in frame watches not being added if the interface type is changed between station mode to ap mode and then back to station mode, e.g.: device wlan0 set-property Mode ap device wlan0 set-property Mode station Make sure to re-add frame registrations according to the mode if the interface type is changed.
2021-04-16 22:48:35 +02:00
netdev_setup_interface(netdev);
netdev: Make netdev_create_from_genl, netdev_destroy public Make netdev_create_from_genl public and change signature to return the created netdev or NULL. Also add netdev_destroy that destroys and unregisters the created netdevs. Both will be used to move the whole interface management to a new file.
2019-04-11 03:10:20 +02:00
return netdev;
}
bool netdev_destroy(struct netdev *netdev)
{
if (!l_queue_remove(netdev_list, netdev))
return false;
netdev_free(netdev);
return true;
netdev: Move netdev enumeration to netdev.c
2016-06-02 00:23:33 +02:00
}
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
static void netdev_link_notify(uint16_t type, const void *data, uint32_t len,
void *user_data)
{
const struct ifinfomsg *ifi = data;
unsigned int bytes;
if (ifi->ifi_type != ARPHRD_ETHER)
return;
rtnlutil: Move rtnl_set_powered from netdev to rtnlutil This function fits with the other utilities in rtnlutil and netdev.c can slim down.
2019-11-20 23:23:44 +01:00
l_debug("event %u on ifindex %u", type, ifi->ifi_index);
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
bytes = len - NLMSG_ALIGN(sizeof(struct ifinfomsg));
switch (type) {
case RTM_NEWLINK:
netdev_newlink_notify(ifi, bytes);
break;
netdev: React to removed netdevs
2016-07-01 21:49:34 +02:00
case RTM_DELLINK:
netdev_dellink_notify(ifi, bytes);
break;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
}
}
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
uint32_t netdev_station_watch_add(struct netdev *netdev,
netdev_station_watch_func_t func, void *user_data)
netdev: netdev watch support
2016-06-20 12:42:04 +02:00
{
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
return watchlist_add(&netdev->station_watches, func, user_data, NULL);
netdev: netdev watch support
2016-06-20 12:42:04 +02:00
}
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
bool netdev_station_watch_remove(struct netdev *netdev, uint32_t id)
netdev: netdev watch support
2016-06-20 12:42:04 +02:00
{
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
return watchlist_remove(&netdev->station_watches, id);
netdev: netdev watch support
2016-06-20 12:42:04 +02:00
}
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
uint32_t netdev_watch_add(netdev_watch_func_t func,
void *user_data, netdev_destroy_func_t destroy)
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
{
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
return watchlist_add(&netdev_watches, func, user_data, destroy);
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
}
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
bool netdev_watch_remove(uint32_t id)
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
{
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
return watchlist_remove(&netdev_watches, id);
netdev: added station watch For Ad-Hoc networks, the kernel takes care of auth/assoc and issues a NEW_STATION event when that is complete. This provides a way to notify when NEW_STATION events occur as well as forward the MAC of the station to Ad-Hoc. The two new API's added: - netdev_station_watch_add() - netdev_station_watch_remove()
2018-07-17 00:29:15 +02:00
}
netdev: utilize IWD_MODULE Since iwd_modules_init is now defered until nl80211_appeared, we can assume the nl80211 object is available. This removes the need for netdev_set_nl80211 completely.
2019-10-11 21:29:23 +02:00
static int netdev_init(void)
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
{
main: Update to the new genl api
2019-05-18 00:05:52 +02:00
struct l_genl *genl = iwd_get_genl();
netdev: add conf option to set RSSI threshold Environments with several AP's, all at low signal strength may want to lower the roaming RSSI threshold to prevent IWD from roaming excessively. This adds an option 'roam_rssi_threshold', which is still defaulted to -70.
2019-03-21 17:03:45 +01:00
const struct l_settings *settings = iwd_get_config();
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
const char *rand_addr_str;
netdev: add conf option to set RSSI threshold Environments with several AP's, all at low signal strength may want to lower the roaming RSSI threshold to prevent IWD from roaming excessively. This adds an option 'roam_rssi_threshold', which is still defaulted to -70.
2019-03-21 17:03:45 +01:00
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
if (rtnl)
netdev: utilize IWD_MODULE Since iwd_modules_init is now defered until nl80211_appeared, we can assume the nl80211 object is available. This removes the need for netdev_set_nl80211 completely.
2019-10-11 21:29:23 +02:00
return -EALREADY;
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
netdev: Use the global rtnl object
2020-04-08 19:28:00 +02:00
rtnl = iwd_get_rtnl();
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
if (!l_netlink_register(rtnl, RTNLGRP_LINK,
netdev_link_notify, NULL, NULL)) {
l_error("Failed to register for RTNL link notifications");
netdev: Fix resource leaks in netdev_init
2019-10-11 22:34:54 +02:00
goto fail_netlink;
}
nl80211 = l_genl_family_new(genl, NL80211_GENL_NAME);
if (!nl80211) {
l_error("Failed to obtain nl80211");
goto fail_netlink;
netdev: Track interface UP flag
2016-06-20 12:42:03 +02:00
}
netdev: Use CamelCase for roam threshold setting
2019-10-25 04:16:49 +02:00
if (!l_settings_get_int(settings, "General", "RoamThreshold",
netdev: add conf option to set RSSI threshold Environments with several AP's, all at low signal strength may want to lower the roaming RSSI threshold to prevent IWD from roaming excessively. This adds an option 'roam_rssi_threshold', which is still defaulted to -70.
2019-03-21 17:03:45 +01:00
&LOW_SIGNAL_THRESHOLD))
LOW_SIGNAL_THRESHOLD = -70;
netdev: introduce [General].RoamThreshold5G This value sets the roaming threshold on 5GHz networks. The threshold has been separated from 2.4GHz because in many cases 5GHz can perform much better at low RSSI than 2.4GHz. In addition the BSS ranking logic was re-worked and now 5GHz is much more preferred, even at low RSSI. This means we need a lower floor for RSSI before roaming, otherwise IWD would end up roaming immediately after connecting due to low RSSI CQM events.
2021-05-07 22:26:18 +02:00
if (!l_settings_get_int(settings, "General", "RoamThreshold5G",
&LOW_SIGNAL_THRESHOLD_5GHZ))
LOW_SIGNAL_THRESHOLD_5GHZ = -76;
netdev: Use CamelCase for pae over nl80211 setting
2019-10-25 04:36:03 +02:00
if (!l_settings_get_bool(settings, "General", "ControlPortOverNL80211",
&pae_over_nl80211))
pae_over_nl80211 = true;
netdev: support per-network MAC addresses For privacy reasons its advantageous to randomize or mask the MAC address when connecting to networks, especially public networks. This patch allows netdev to generate a new MAC address on a per-network basis. The generated MAC will remain the same when connecting to the same network. This allows reauthentications or roaming to work, and not have to fully re-connect (which would be required if the MAC changed on every connection). Changing the MAC requires bringing the interface down. This does lead to potential race conditions with respect to external processes. There are two potential conditions which are explained in a TODO comment in this patch.
2020-03-18 19:54:19 +01:00
rand_addr_str = l_settings_get_value(settings, "General",
"AddressRandomization");
if (rand_addr_str && !strcmp(rand_addr_str, "network"))
mac_per_ssid = true;
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
watchlist_init(&netdev_watches, NULL);
netdev: Add netdev_find
2016-06-01 22:35:26 +02:00
netdev_list = l_queue_new();
netdev: Rework netdev_init/exit
2018-08-18 06:23:19 +02:00
__handshake_set_install_tk_func(netdev_set_tk);
__handshake_set_install_gtk_func(netdev_set_gtk);
__handshake_set_install_igtk_func(netdev_set_igtk);
__eapol_set_rekey_offload_func(netdev_set_rekey_offload);
__eapol_set_tx_packet_func(netdev_control_port_frame);
netdev: implement netdev_set_pmk The 8021x offloading procedure still does EAP in userspace which negotiates the PMK. The kernel then expects to obtain this PMK from userspace by calling SET_PMK. This then allows the firmware to begin the 4-way handshake. Using __eapol_install_set_pmk_func to install netdev_set_pmk, netdev now gets called into once EAP finishes and can begin the final userspace actions prior to the firmware starting the 4-way handshake: - SET_PMK using PMK negotiated with EAP - Emit SETTING_KEYS event - netdev_connect_ok One thing to note is that the kernel provides no way of knowing if the 4-way handshake completed. Assuming SET_PMK/SET_STATION come back with no errors, IWD assumes the PMK was valid. If not, or due to some other issue in the 4-way, the kernel will send a disconnect.
2021-04-09 18:14:46 +02:00
__eapol_set_install_pmk_func(netdev_set_pmk);
netdev: Rework netdev_init/exit
2018-08-18 06:23:19 +02:00
main: Update to the new genl api
2019-05-18 00:05:52 +02:00
unicast_watch = l_genl_add_unicast_watch(genl, NL80211_GENL_NAME,
netdev_unicast_notify,
NULL, NULL);
if (!unicast_watch)
l_error("Registering for unicast notification failed");
wiphy: Move association logic out of wiphy.c The eapol state machine parameters are now built inside device.c when the network connection is attempted. The reason is that the device object knows about network settings, wiphy constraints and should contain the main 'management' logic. netdev now manages the actual low-level process of building association messages, detecting authentication events, etc.
2016-06-15 17:54:13 +02:00
if (!l_genl_family_register(nl80211, "mlme", netdev_mlme_notify,
NULL, NULL))
l_error("Registering for MLME notification failed");
netdev: utilize IWD_MODULE Since iwd_modules_init is now defered until nl80211_appeared, we can assume the nl80211 object is available. This removes the need for netdev_set_nl80211 completely.
2019-10-11 21:29:23 +02:00
netdev: Scan & Retry CMD_AUTHENTICATE Handle situations where the BSS we're trying to connect to is no longer in the kernel scan result cache. Normally, the kernel will re-scan the target frequency if this happens on the CMD_CONNECT path, and retry the connection. Unfortunately, CMD_AUTHENTICATE path used for WPA3, OWE and FILS does not have this scanning behavior. CMD_AUTHENTICATE simply fails with a -ENOENT error. Work around this by trying a limited scan of the target frequency and re-trying CMD_AUTHENTICATE once.
2021-02-05 18:21:33 +01:00
if (!l_genl_family_register(nl80211, "scan", netdev_scan_notify,
NULL, NULL))
l_error("Registering for scan notifications failed");
netdev: Track SET_INTERFACE events And set the interface type based on the event rather than the command callback. This allows us to track interface type changes even if they come from outside iwd (which shouldn't happen.)
2021-04-16 22:24:00 +02:00
if (!l_genl_family_register(nl80211, "config", netdev_config_notify,
NULL, NULL))
l_error("Registering for config notifications failed");
netdev: utilize IWD_MODULE Since iwd_modules_init is now defered until nl80211_appeared, we can assume the nl80211 object is available. This removes the need for netdev_set_nl80211 completely.
2019-10-11 21:29:23 +02:00
return 0;
netdev: Fix resource leaks in netdev_init
2019-10-11 22:34:54 +02:00
fail_netlink:
rtnl = NULL;
return -EIO;
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
}
netdev: utilize IWD_MODULE Since iwd_modules_init is now defered until nl80211_appeared, we can assume the nl80211 object is available. This removes the need for netdev_set_nl80211 completely.
2019-10-11 21:29:23 +02:00
static void netdev_exit(void)
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
{
main: Update to the new genl api
2019-05-18 00:05:52 +02:00
struct l_genl *genl = iwd_get_genl();
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
if (!rtnl)
netdev: Rework netdev_init/exit
2018-08-18 06:23:19 +02:00
return;
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
main: Update to the new genl api
2019-05-18 00:05:52 +02:00
l_genl_remove_unicast_watch(genl, unicast_watch);
netdev/device: Combine watches There was somewhat overlapping functionality in the device_watch infrastructure as well as the netdev_event_watch. This commit combines the two into a single watch based on the netdev object and cleans up the various interface additions / removals. With this commit the interfaces are created when the netdev/device is switched to Powered=True state AND when the netdev iftype is also in the correct state for that interface. If the device is brought down, then all interfaces except the .Device interface are removed. This will make it easy to implement Device.Mode property properly since most nl80211 devices need to be brought into Powered=False state prior to switching the iftype.
2018-08-18 06:40:49 +02:00
watchlist_destroy(&netdev_watches);
netdev: Squash memory leak on module_init failure In the case of module_init failing due to a module that comes after netdev, the netdev module doesn't clean up netdev_list properly. ==6254== 24 bytes in 1 blocks are still reachable in loss record 1 of 1 ==6254== at 0x483777F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==6254== by 0x4675ED: l_malloc (util.c:61) ==6254== by 0x46909D: l_queue_new (queue.c:63) ==6254== by 0x406AE4: netdev_init (netdev.c:5038) ==6254== by 0x44A7B3: iwd_modules_init (module.c:152) ==6254== by 0x404713: nl80211_appeared (main.c:171) ==6254== by 0x4713DE: process_unicast (genl.c:993) ==6254== by 0x4713DE: received_data (genl.c:1101) ==6254== by 0x46E00B: io_callback (io.c:118) ==6254== by 0x46D20C: l_main_iterate (main.c:477) ==6254== by 0x46D2DB: l_main_run (main.c:524) ==6254== by 0x46D2DB: l_main_run (main.c:506) ==6254== by 0x46D502: l_main_run_with_signal (main.c:656) ==6254== by 0x403EDB: main (main.c:490)
2021-01-29 20:39:20 +01:00
l_queue_destroy(netdev_list, netdev_free);
netdev: Do not leak netdev objects If the daemon is started and killed rapidly on startup, it is possible for netdev_shutdown to be called prior to manager processing messages that actually create the netdev itself. Since the netdev_list has already been freed, the storage is lost. Fix that by destroying netdev_list only when the module is unloaded.
2021-05-29 05:50:05 +02:00
netdev_list = NULL;
netdev: utilize IWD_MODULE Since iwd_modules_init is now defered until nl80211_appeared, we can assume the nl80211 object is available. This removes the need for netdev_set_nl80211 completely.
2019-10-11 21:29:23 +02:00
l_genl_family_free(nl80211);
netdev: Make netdev_init accept nl80211
2016-06-01 21:58:51 +02:00
nl80211 = NULL;
netdev: Don't track NEWLINK & DELLINK The plan is to use the much more reliable NEW_WIPHY, DEL_WIPHY, NEW_INTERFACE, DEL_INTERFACE events.
2016-05-31 23:23:12 +02:00
rtnl = NULL;
core: Add tracking of network interfaces via RTNL
2014-06-21 13:41:40 +02:00
}
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
void netdev_shutdown(void)
{
netdev: Fix re-entrancy bug in netdev_shutdown netdev_shutdown calls queue_destroy on the netdev_list, which in turn calls netdev_free. netdev_free invokes the watches to notify them about the netdev being removed. Those clients, or anything downstream can still invoke netdev_find. Unfortunately queue_destroy is not re-entrant safe, so netdev_find might return stale data. Fix that by using l_queue_peek_head / l_queue_pop_head instead. src/station.c:station_enter_state() Old State: connecting, new state: connected ^CTerminate src/netdev.c:netdev_free() Freeing netdev wlan1[6] src/device.c:device_free() Removing scan context for wdev 100000001 src/scan.c:scan_context_free() sc: 0x4ae9ca0 src/netdev.c:netdev_free() Freeing netdev wlan0[48] src/device.c:device_free() src/station.c:station_free() src/netconfig.c:netconfig_destroy() ==103174== Invalid read of size 8 ==103174== at 0x467AA9: l_queue_find (queue.c:346) ==103174== by 0x43ACFF: netconfig_reset (netconfig.c:1027) ==103174== by 0x43AFFC: netconfig_destroy (netconfig.c:1123) ==103174== by 0x414379: station_free (station.c:3369) ==103174== by 0x414379: station_destroy_interface (station.c:3466) ==103174== by 0x47C80C: interface_instance_free (dbus-service.c:510) ==103174== by 0x47C80C: _dbus_object_tree_remove_interface (dbus-service.c:1694) ==103174== by 0x47C99C: _dbus_object_tree_object_destroy (dbus-service.c:795) ==103174== by 0x409A87: netdev_free (netdev.c:770) ==103174== by 0x4677AE: l_queue_clear (queue.c:107) ==103174== by 0x4677F8: l_queue_destroy (queue.c:82) ==103174== by 0x40CDC1: netdev_shutdown (netdev.c:5089) ==103174== by 0x404736: iwd_shutdown (main.c:78) ==103174== by 0x404736: iwd_shutdown (main.c:65) ==103174== by 0x46BD61: handle_callback (signal.c:78) ==103174== by 0x46BD61: signalfd_read_cb (signal.c:104)
2021-01-29 21:53:00 +01:00
struct netdev *netdev;
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
if (!rtnl)
return;
l_queue_foreach(netdev_list, netdev_shutdown_one, NULL);
netdev: Call netdev_free in netdev_shutdown This is to make sure device_remove and netdev_connect_free are called early so we don't continue setting up a connection and don't let DBus clients power device back up after we've called netdev_set_powered.
2016-08-02 22:48:12 +02:00
netdev: Fix re-entrancy bug in netdev_shutdown netdev_shutdown calls queue_destroy on the netdev_list, which in turn calls netdev_free. netdev_free invokes the watches to notify them about the netdev being removed. Those clients, or anything downstream can still invoke netdev_find. Unfortunately queue_destroy is not re-entrant safe, so netdev_find might return stale data. Fix that by using l_queue_peek_head / l_queue_pop_head instead. src/station.c:station_enter_state() Old State: connecting, new state: connected ^CTerminate src/netdev.c:netdev_free() Freeing netdev wlan1[6] src/device.c:device_free() Removing scan context for wdev 100000001 src/scan.c:scan_context_free() sc: 0x4ae9ca0 src/netdev.c:netdev_free() Freeing netdev wlan0[48] src/device.c:device_free() src/station.c:station_free() src/netconfig.c:netconfig_destroy() ==103174== Invalid read of size 8 ==103174== at 0x467AA9: l_queue_find (queue.c:346) ==103174== by 0x43ACFF: netconfig_reset (netconfig.c:1027) ==103174== by 0x43AFFC: netconfig_destroy (netconfig.c:1123) ==103174== by 0x414379: station_free (station.c:3369) ==103174== by 0x414379: station_destroy_interface (station.c:3466) ==103174== by 0x47C80C: interface_instance_free (dbus-service.c:510) ==103174== by 0x47C80C: _dbus_object_tree_remove_interface (dbus-service.c:1694) ==103174== by 0x47C99C: _dbus_object_tree_object_destroy (dbus-service.c:795) ==103174== by 0x409A87: netdev_free (netdev.c:770) ==103174== by 0x4677AE: l_queue_clear (queue.c:107) ==103174== by 0x4677F8: l_queue_destroy (queue.c:82) ==103174== by 0x40CDC1: netdev_shutdown (netdev.c:5089) ==103174== by 0x404736: iwd_shutdown (main.c:78) ==103174== by 0x404736: iwd_shutdown (main.c:65) ==103174== by 0x46BD61: handle_callback (signal.c:78) ==103174== by 0x46BD61: signalfd_read_cb (signal.c:104)
2021-01-29 21:53:00 +01:00
while ((netdev = l_queue_peek_head(netdev_list))) {
netdev_free(netdev);
l_queue_pop_head(netdev_list);
}
netdev: Reset interface state on init and exit Take any managed interface down when iwd detects it and bring it back up to start with a clean state. On exit take interfaces down.
2016-07-13 04:29:52 +02:00
}
netdev: utilize IWD_MODULE Since iwd_modules_init is now defered until nl80211_appeared, we can assume the nl80211 object is available. This removes the need for netdev_set_nl80211 completely.
2019-10-11 21:29:23 +02:00
IWD_MODULE(netdev, netdev_init, netdev_exit);
eapol: utilize IWD_MODULE This converts eapol to using IWD modules. The init/exit APIs did need to remain exposed for unit tests. Netdev was updated to depend on eapol.
2019-10-11 21:29:24 +02:00
IWD_MODULE_DEPENDS(netdev, eapol);