3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-05 11:39:24 +01:00
Commit Graph

7049 Commits

Author SHA1 Message Date
James Prestwood
a1d30fe1cb station: remove early FT-over-DS action
IWD was optimizing FT-over-DS by authenticating to multiple BSS's
at the time of connecting which then made future roams slightly
faster since they could jump right into association. So far this
hasn't posed a problem but it was reported that some AP's actually
enforce a reassociation timeout (included in 4-way handshake).

Hostapd itself does no such enforcement but anything external to
hostapd could monitor FT events and clear the cache if any exceeded
this timeout.

For now remove the early action frames and treat FT-over-DS the
same as FT-over-Air. In the future we could parse the reassociation
timeout, batch out FT-Action frames and track responses but for the
time being this just fix the issue at a small performance cost.
2022-12-14 16:14:29 -06:00
James Prestwood
6a616df125 ft: gate FT-over-DS with a wiphy work item
Queue the FT action just like we do with FT Authenticate which makes
it able to be used the same way, i.e. call ft_action() then queue
the ft_associate work right away.

A timer was added to end the work item in case the target never
responds.
2022-12-14 16:13:13 -06:00
James Prestwood
59a0947c76 util: add scan_freq_set_remove
Removes one frequency from a scan_freq_set object.
2022-12-14 15:37:01 -06:00
James Prestwood
ea93e74a06 scan: remove early supported check for 6ghz in wiphy watch
If the regdom updates during a periodic scan the results will be
delayed until after the update in order to, potentially, add 6GHz
frequencies since they may become available. The delayed results
happen regardless of 6GHz support but scan_wiphy_watch() was
returning early if 6GHz was not supported causing the scan request
to never complete.
2022-12-13 14:18:48 -06:00
Alvin Šipraga
ed357d78b3 scan: call scan_finished() when periodic scans get aborted
The blamed commit argues that the periodic scan callback doesn't do
anything useful in the event of an aborted scan, but this is not
entirely true. In particular, the callback is responsible for re-arming
the periodic scan timer. Make sure to call scan_finished() so that iwd's
periodic scanning logic continues unabated even when a periodic scan is
aborted.

Also remove the periodic boolean member of struct scan_request, as it
serves no purpose anymore.

Fixes: 6051a14952 ("scan: Don't callback on SCAN_ABORTED")
2022-12-12 15:55:01 -06:00
James Prestwood
3c6a0647b3 doc: document 5GHz AP support 2022-12-09 14:59:32 -06:00
James Prestwood
9d003ae585 ap: select rates from hardware capabilities
Rather than a list of static rates, choose what the hardware
advertises. For the case of CCK rates only include rates 11mbps
or lower.
2022-12-09 14:59:20 -06:00
James Prestwood
c6792a4bcc ap: add support for 5GHz frequencies in AP mode
This enables IWD to use 5GHz frequencies in AP mode. Currently
6GHz is not supported so we can assume a [General].Channel value
36 or above indicates the 5GHz band.

It should be noted that the system will probably need a regulatory
domain set in order for 5GHz to be allowed in AP mode. This is due
to world roaming (00) restricting any/all 5GHz frequencies. This
can be accomplished by setting main.conf [General].Country=CC to
the country this AP will operate in.
2022-12-09 14:58:51 -06:00
James Prestwood
3cd93505d6 wiphy: use enum band_freq with rates getter
wiphy_get_supported_rates expected an enum defined in the nl80211
header but the argument type was an unsigned int, not exactly
intuitive to anyone using the API. Since the nl80211 enum value
was only used in a switch statement it could just as well be IWD's
internal enum band_freq.

This also allows modules which do not reference nl80211.h to use
wiphy_get_supported_rates().
2022-12-09 14:58:42 -06:00
Denis Kenzior
bce3ab2bf2 man: Update wording
Change wording to say that IPv6 support is enabled by default.  No
functional changes.

Fixes: 00baa75e96 ("netconfig: Enable IPV6 support by default")
2022-12-08 09:21:10 -06:00
Neehar Vijay
78efd60297 client: fix non-interactive mode in some cases
Before this change, I noticed that some non-interactive commands
don't work,

  $ iwctl version

  $ iwctl help

while other ones do.

  $ iwctl station wlan0 show

This seems to be a typo bug in the if clause checking for additional
arguments.
2022-11-22 11:19:12 -06:00
Neehar Vijay
13eb9c57d8 gitignore: add .ccls-cache
This directory is used by ccls.
2022-11-22 11:19:12 -06:00
Neehar Vijay
3e8868c8b9 gitignore: add compile_commands.json
This file is a compilation command database used by clangd and ccls,
and can be generated by tools like https://github.com/rizsotto/Bear.

  $ bear -- make clean all
2022-11-22 11:19:12 -06:00
Marcel Holtmann
2600d3938e Release 2.0 2022-11-18 13:30:30 +01:00
Marcel Holtmann
741c1fa021 build: Require at least version 0.54 when building with external ELL 2022-11-18 13:27:38 +01:00
Marcel Holtmann
27a00a6806 build: Add documention of manual pages to systemd service file 2022-11-18 10:50:31 +01:00
Alvin Šipraga
e192a237b6 scan: retry scan based on scan done events per wiphy, not wdev
If a CMD_TRIGGER_SCAN request fails with -EBUSY, iwd currently assumes
that a scan is ongoing on the underlying wdev and will retry the same
command when that scan is complete. It gets notified of that completion
via the scan_notify() function, and kicks the scan logic to try again.

However, if there is another wdev on the same wiphy and that wdev has a
scan request in flight, the kernel will also return -EBUSY. In other
words, only one scan request per wiphy is permitted.

As an example, the brcmfmac driver can create an AP interface on the
same wiphy as the default station interface, and scans can be triggered
on that AP interface.

If -EBUSY is returned because another wdev is scanning, then iwd won't
know when it can retry the original trigger request because the relevant
netlink event will arrive on a different wdev. Indeed, if no scan
context exists for that other wdev, then scan_notify will return early
and the scan logic will stall indefinitely.

Instead, and in the event that no scan context matches, use it as a cue
to retry a pending scan request that happens to be destined for the same
wiphy.
2022-11-17 16:50:45 -06:00
Denis Kenzior
00baa75e96 netconfig: Enable IPV6 support by default 2022-11-17 10:33:02 -06:00
Denis Kenzior
2f1c2930f0 station: Add dependency on known_networks module
The previous commit added an invocation of known_networks_watch_add, but
never updated the module dependency graph.

Fixes: a793a41662 ("station, eapol: Set up eap-tls-common for session caching")
2022-11-17 10:17:07 -06:00
Andrew Zaborowski
a793a41662 station, eapol: Set up eap-tls-common for session caching
Use eap_set_peer_id() to set a string identifying the TLS server,
currently the hex-encoded SSID of the network, to be used as group name
and primary key in the session cache l_settings object.  Provide pointers
to storage_eap_tls_cache_{load,sync} to eap-tls-common.c using
eap_tls_set_session_cache_ops().  Listen to Known Network removed
signals and call eap_tls_forget_peer() to have any session related to
the network also dropped from the cache.
2022-11-17 10:09:54 -06:00
Andrew Zaborowski
ef81917e8d eap-tls: Add session caching
Use l_tls_set_session_cache() to enable session cache/resume in the
TLS-based EAP methods.  Sessions for all 802.1x networks are stored in
one l_settings object.

eap_{get,set}_peer_id() API is added for the upper layers to set the
identifier of the authenticator (or the supplicant if we're the
authenticator, if there's ever a use case for that.)

eap-tls-common.c can't call storage_eap_tls_cache_{load,sync}()
or known_networks_watch_add() (to handle known network removals) because
it's linked into some executables that don't have storage.o,
knownnetworks.o or common.o so an upper layer (station.c) will call
eap_tls_set_session_cache_ops() and eap_tls_forget_peer() as needed.
2022-11-17 10:04:56 -06:00
Andrew Zaborowski
e63c5bf4f8 storage: Refactor storage_tls_session_{load,sync}
Minor changes to these two methods resulting from two rewrites of them.
Actual changes are:
 * storage_tls_session_sync parameter is const,
 * more specific naming,
 * storage_tls_session_load will return an empty l_settings instead of
   NULL so eap-tls-common.c doesn't have to handle this.

storage.c makes no assumptions about the group names in the l_settings
object and keeps no reference to that object, eap-tls-common.c is going
to maintain the memory copy of the cache since this cache and the disk
copy of it are reserved for EAP methods only.
2022-11-17 10:04:12 -06:00
Marcel Holtmann
b4406cce82 scan: Add support for separate 6Ghz band modifier 2022-11-14 11:07:10 -06:00
Andrew Zaborowski
644586e273 storage: Add TLS session cache file read/write utils
Add storage_tls_session_cache_{load,sync} similar to
storage_known_frequencies_{load,sync}.
2022-11-09 14:26:38 -06:00
James Prestwood
91c6dea57b doc: document AP properties PairwiseCiphers/GroupCipher 2022-11-04 12:04:05 -05:00
James Prestwood
ee850422ba auto-t: update test to work with PairwiseCiphers array 2022-11-04 12:04:00 -05:00
James Prestwood
55924fbb56 ap: change PairwiseCiphers to string array
A comma separated list as a string was ok for pure display purposes
but if any processing needed to be done on these values by external
consumers it really makes more sense to use a DBus array.
2022-11-04 12:03:27 -05:00
James Prestwood
809067c924 auto-t: add test for scanning in AP mode 2022-11-04 12:03:24 -05:00
James Prestwood
9ef440eb8e auto-t: iwd.py: allow certain APIs to be used in AP mode
AP mode implements a few DBus methods/properties which are named
the same as station: Scan, Scanning, and GetOrderedNetworks. Allow
the Device object to work with these in AP mode by calling the
correct method if the Mode is 'ap'.
2022-11-04 12:03:18 -05:00
James Prestwood
606769dbea ap: update Scanning property when AP starts
This wasn't being updated meaning the property is missing until a
scan is issued over DBus.

Rather than duplicate all the property changed calls they were all
factored out into a helper function.
2022-11-04 12:02:52 -05:00
James Prestwood
c89c37378b netconfig: add global MulticastDNS option
Adds the MulticastDNS option globally to main.conf. If set all
network connections (when netconfig is enabled) will set mDNS
support into the resolver. Note that an individual network profile
can still override the global value if it sets MulticastDNS.
2022-11-03 14:02:31 -05:00
James Prestwood
b9855f7d62 auto-t: add AP test for all pairwise/group cipher combos
Iterates through every possible cipher combination and verifies the
AP can authenticate the clients.
2022-11-03 09:23:58 -05:00
James Prestwood
13b7aa9715 auto-t: test AP fails to start with unsupported ciphers
If the profile lists unsupported ciphers it should fail to start with
NotSupported.
2022-11-03 09:23:55 -05:00
James Prestwood
ba067fcf94 auto-t: add proper AccessPoint object class
The AP mode device APIs were hacked together and only able to start
stop an AP. Now that the AP interface has more functionality its
best to use the DBus class template to access the full AP interface
capabilities.
2022-11-03 09:23:49 -05:00
James Prestwood
c53280062c client: add ap support for PairwiseCiphers/GroupCipher 2022-11-03 09:23:35 -05:00
James Prestwood
b627f99800 ap: update Frequency property on started
This was forgotten when adding the property
2022-11-03 09:23:24 -05:00
James Prestwood
0363d51c5c ap: add PairwiseCiphers/GroupCipher to dbus interface
Expose these values on the DBus interface so clients can view them.
2022-11-03 09:22:56 -05:00
James Prestwood
2b64b493d0 doc: document PairwiseCiphers/GroupCiphers AP settings 2022-11-03 09:22:33 -05:00
James Prestwood
7d4d868236 p2p: limit ciphers to CCMP
The limitation of cipher selection in ap.c was done so to allow p2p to
work. Now with the ability to specify ciphers in the AP config put the
burden on p2p to limit ciphers as it needs which is only CCMP according
to the spec.
2022-11-03 09:22:16 -05:00
James Prestwood
262685e818 ap: add profile settings PairwiseCiphers/GroupCipher
These can now be optionally provided in an AP profile and provide a
way to limit what ciphers can be chosen. This still is dependent on
what the hardware supports.
2022-11-03 09:21:39 -05:00
James Prestwood
5f84a78638 ie: add group/pairwise lists of supported ciphers
The validation of these ciphers for station is done when parsing
the BSS RSNE but for AP mode there is no such validation and
potentially any supported cipher could be chosen, even if its
incompatible for the type of key.
2022-11-03 09:21:33 -05:00
James Prestwood
a4678949f9 wiphy: add wiphy_get_supported_ciphers
Similar to wiphy_select_cipher but returns all supported ciphers
included in the mask rather than just one.
2022-11-03 09:21:27 -05:00
Denis Kenzior
b5121e28ac AUTHORS: Mention Neehar's contributions 2022-11-02 16:40:39 -05:00
Neehar Vijay
4e9948aacb gitignore: add .cache
This directory is used by clangd.
2022-11-02 16:40:01 -05:00
Neehar Vijay
c63783ee89 client: fix extra newlines in station show
This change removes duplicate calls to display_table_footer(), in
station show.

Before this change, the bug caused an extra newline to be output every
time the table updated. This only occurred when the network was
disconnected.

    $ iwctl
    [iwd]# station wlan0 show
2022-11-02 16:39:59 -05:00
James Prestwood
069d6d1d9c json: update internal type definition to match JSMN
Fixes: ceda955ba7 ("shared: Update JSMN to latest version")
2022-11-02 15:02:58 -05:00
Marcel Holtmann
ceda955ba7 shared: Update JSMN to latest version 2022-11-02 11:33:04 +01:00
Marcel Holtmann
4ffcde8125 json: Set defines before including shared/jsmn.h 2022-11-02 11:25:35 +01:00
James Prestwood
d4da6b5bec netdev: parse michael MIC failure message
This event indicates a security issue. The proper handling would be
to rekey but for now at least provide some information to the user.
2022-11-01 15:56:20 -05:00
James Prestwood
9f1fa53aae nl80211util: add key type/idx to nl80211_parse_attrs 2022-11-01 15:56:17 -05:00