3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-09 13:39:23 +01:00
Commit Graph

6984 Commits

Author SHA1 Message Date
Marcel Holtmann
27a00a6806 build: Add documention of manual pages to systemd service file 2022-11-18 10:50:31 +01:00
Alvin Šipraga
e192a237b6 scan: retry scan based on scan done events per wiphy, not wdev
If a CMD_TRIGGER_SCAN request fails with -EBUSY, iwd currently assumes
that a scan is ongoing on the underlying wdev and will retry the same
command when that scan is complete. It gets notified of that completion
via the scan_notify() function, and kicks the scan logic to try again.

However, if there is another wdev on the same wiphy and that wdev has a
scan request in flight, the kernel will also return -EBUSY. In other
words, only one scan request per wiphy is permitted.

As an example, the brcmfmac driver can create an AP interface on the
same wiphy as the default station interface, and scans can be triggered
on that AP interface.

If -EBUSY is returned because another wdev is scanning, then iwd won't
know when it can retry the original trigger request because the relevant
netlink event will arrive on a different wdev. Indeed, if no scan
context exists for that other wdev, then scan_notify will return early
and the scan logic will stall indefinitely.

Instead, and in the event that no scan context matches, use it as a cue
to retry a pending scan request that happens to be destined for the same
wiphy.
2022-11-17 16:50:45 -06:00
Denis Kenzior
00baa75e96 netconfig: Enable IPV6 support by default 2022-11-17 10:33:02 -06:00
Denis Kenzior
2f1c2930f0 station: Add dependency on known_networks module
The previous commit added an invocation of known_networks_watch_add, but
never updated the module dependency graph.

Fixes: a793a41662 ("station, eapol: Set up eap-tls-common for session caching")
2022-11-17 10:17:07 -06:00
Andrew Zaborowski
a793a41662 station, eapol: Set up eap-tls-common for session caching
Use eap_set_peer_id() to set a string identifying the TLS server,
currently the hex-encoded SSID of the network, to be used as group name
and primary key in the session cache l_settings object.  Provide pointers
to storage_eap_tls_cache_{load,sync} to eap-tls-common.c using
eap_tls_set_session_cache_ops().  Listen to Known Network removed
signals and call eap_tls_forget_peer() to have any session related to
the network also dropped from the cache.
2022-11-17 10:09:54 -06:00
Andrew Zaborowski
ef81917e8d eap-tls: Add session caching
Use l_tls_set_session_cache() to enable session cache/resume in the
TLS-based EAP methods.  Sessions for all 802.1x networks are stored in
one l_settings object.

eap_{get,set}_peer_id() API is added for the upper layers to set the
identifier of the authenticator (or the supplicant if we're the
authenticator, if there's ever a use case for that.)

eap-tls-common.c can't call storage_eap_tls_cache_{load,sync}()
or known_networks_watch_add() (to handle known network removals) because
it's linked into some executables that don't have storage.o,
knownnetworks.o or common.o so an upper layer (station.c) will call
eap_tls_set_session_cache_ops() and eap_tls_forget_peer() as needed.
2022-11-17 10:04:56 -06:00
Andrew Zaborowski
e63c5bf4f8 storage: Refactor storage_tls_session_{load,sync}
Minor changes to these two methods resulting from two rewrites of them.
Actual changes are:
 * storage_tls_session_sync parameter is const,
 * more specific naming,
 * storage_tls_session_load will return an empty l_settings instead of
   NULL so eap-tls-common.c doesn't have to handle this.

storage.c makes no assumptions about the group names in the l_settings
object and keeps no reference to that object, eap-tls-common.c is going
to maintain the memory copy of the cache since this cache and the disk
copy of it are reserved for EAP methods only.
2022-11-17 10:04:12 -06:00
Marcel Holtmann
b4406cce82 scan: Add support for separate 6Ghz band modifier 2022-11-14 11:07:10 -06:00
Andrew Zaborowski
644586e273 storage: Add TLS session cache file read/write utils
Add storage_tls_session_cache_{load,sync} similar to
storage_known_frequencies_{load,sync}.
2022-11-09 14:26:38 -06:00
James Prestwood
91c6dea57b doc: document AP properties PairwiseCiphers/GroupCipher 2022-11-04 12:04:05 -05:00
James Prestwood
ee850422ba auto-t: update test to work with PairwiseCiphers array 2022-11-04 12:04:00 -05:00
James Prestwood
55924fbb56 ap: change PairwiseCiphers to string array
A comma separated list as a string was ok for pure display purposes
but if any processing needed to be done on these values by external
consumers it really makes more sense to use a DBus array.
2022-11-04 12:03:27 -05:00
James Prestwood
809067c924 auto-t: add test for scanning in AP mode 2022-11-04 12:03:24 -05:00
James Prestwood
9ef440eb8e auto-t: iwd.py: allow certain APIs to be used in AP mode
AP mode implements a few DBus methods/properties which are named
the same as station: Scan, Scanning, and GetOrderedNetworks. Allow
the Device object to work with these in AP mode by calling the
correct method if the Mode is 'ap'.
2022-11-04 12:03:18 -05:00
James Prestwood
606769dbea ap: update Scanning property when AP starts
This wasn't being updated meaning the property is missing until a
scan is issued over DBus.

Rather than duplicate all the property changed calls they were all
factored out into a helper function.
2022-11-04 12:02:52 -05:00
James Prestwood
c89c37378b netconfig: add global MulticastDNS option
Adds the MulticastDNS option globally to main.conf. If set all
network connections (when netconfig is enabled) will set mDNS
support into the resolver. Note that an individual network profile
can still override the global value if it sets MulticastDNS.
2022-11-03 14:02:31 -05:00
James Prestwood
b9855f7d62 auto-t: add AP test for all pairwise/group cipher combos
Iterates through every possible cipher combination and verifies the
AP can authenticate the clients.
2022-11-03 09:23:58 -05:00
James Prestwood
13b7aa9715 auto-t: test AP fails to start with unsupported ciphers
If the profile lists unsupported ciphers it should fail to start with
NotSupported.
2022-11-03 09:23:55 -05:00
James Prestwood
ba067fcf94 auto-t: add proper AccessPoint object class
The AP mode device APIs were hacked together and only able to start
stop an AP. Now that the AP interface has more functionality its
best to use the DBus class template to access the full AP interface
capabilities.
2022-11-03 09:23:49 -05:00
James Prestwood
c53280062c client: add ap support for PairwiseCiphers/GroupCipher 2022-11-03 09:23:35 -05:00
James Prestwood
b627f99800 ap: update Frequency property on started
This was forgotten when adding the property
2022-11-03 09:23:24 -05:00
James Prestwood
0363d51c5c ap: add PairwiseCiphers/GroupCipher to dbus interface
Expose these values on the DBus interface so clients can view them.
2022-11-03 09:22:56 -05:00
James Prestwood
2b64b493d0 doc: document PairwiseCiphers/GroupCiphers AP settings 2022-11-03 09:22:33 -05:00
James Prestwood
7d4d868236 p2p: limit ciphers to CCMP
The limitation of cipher selection in ap.c was done so to allow p2p to
work. Now with the ability to specify ciphers in the AP config put the
burden on p2p to limit ciphers as it needs which is only CCMP according
to the spec.
2022-11-03 09:22:16 -05:00
James Prestwood
262685e818 ap: add profile settings PairwiseCiphers/GroupCipher
These can now be optionally provided in an AP profile and provide a
way to limit what ciphers can be chosen. This still is dependent on
what the hardware supports.
2022-11-03 09:21:39 -05:00
James Prestwood
5f84a78638 ie: add group/pairwise lists of supported ciphers
The validation of these ciphers for station is done when parsing
the BSS RSNE but for AP mode there is no such validation and
potentially any supported cipher could be chosen, even if its
incompatible for the type of key.
2022-11-03 09:21:33 -05:00
James Prestwood
a4678949f9 wiphy: add wiphy_get_supported_ciphers
Similar to wiphy_select_cipher but returns all supported ciphers
included in the mask rather than just one.
2022-11-03 09:21:27 -05:00
Denis Kenzior
b5121e28ac AUTHORS: Mention Neehar's contributions 2022-11-02 16:40:39 -05:00
Neehar Vijay
4e9948aacb gitignore: add .cache
This directory is used by clangd.
2022-11-02 16:40:01 -05:00
Neehar Vijay
c63783ee89 client: fix extra newlines in station show
This change removes duplicate calls to display_table_footer(), in
station show.

Before this change, the bug caused an extra newline to be output every
time the table updated. This only occurred when the network was
disconnected.

    $ iwctl
    [iwd]# station wlan0 show
2022-11-02 16:39:59 -05:00
James Prestwood
069d6d1d9c json: update internal type definition to match JSMN
Fixes: ceda955ba7 ("shared: Update JSMN to latest version")
2022-11-02 15:02:58 -05:00
Marcel Holtmann
ceda955ba7 shared: Update JSMN to latest version 2022-11-02 11:33:04 +01:00
Marcel Holtmann
4ffcde8125 json: Set defines before including shared/jsmn.h 2022-11-02 11:25:35 +01:00
James Prestwood
d4da6b5bec netdev: parse michael MIC failure message
This event indicates a security issue. The proper handling would be
to rekey but for now at least provide some information to the user.
2022-11-01 15:56:20 -05:00
James Prestwood
9f1fa53aae nl80211util: add key type/idx to nl80211_parse_attrs 2022-11-01 15:56:17 -05:00
James Prestwood
53469c5c0d netdev: fix key setting for authenticators
The netdev_copy_tk function was being hard coded with authenticator
set to false. This isn't important for any ciphers except TKIP but
now that AP mode supports TKIP it needs to be fixed.
2022-11-01 15:52:56 -05:00
James Prestwood
707b12abf8 netdev: add more info to key setting debug messages
Specify that the ifindex is being printed and print the key ID
as well.
2022-11-01 15:52:39 -05:00
James Prestwood
91daa22ed4 auto-t: fix testAP-no-support disabled ciphers
The disabled cipher list contained a '.' instead of ',' which prevented
the subsequent ciphers from being disabled. This was only group management
ciphers so it didn't have any effect on the test.
2022-11-01 15:51:53 -05:00
James Prestwood
802e9e5916 hwsim: add remaining ciphers to supported list
This list was not updated when adding the new ciphers which prevented
these ciphers from being disabled.
2022-11-01 15:50:41 -05:00
James Prestwood
47b6da81b4 client: show frequency with ap show 2022-11-01 15:49:12 -05:00
James Prestwood
0f95c97649 ap: add frequency to AP interface 2022-11-01 15:48:59 -05:00
Denis Kenzior
d129c54364 doc: Add Frequency property to Access Point 2022-11-01 15:48:56 -05:00
James Prestwood
99c0cdfab4 monitor: put nortnl check into nlmon_print_rtnl
Doing this allows --nortnl to work when reading pcaps.
2022-10-27 14:11:14 -05:00
Marcel Holtmann
342acc9a67 README: Update links to mailing list and its archive 2022-10-27 17:02:56 +02:00
James Prestwood
4af66b8cac auto-t: test AP mode using TKIP
This limits all supported ciphers to TKIP and verifies the AP
starts and can authenticate clients.
2022-10-27 09:40:41 -05:00
James Prestwood
81e48eaba5 hwsim: add additional ciphers to disable list
Allows these ciphers to be disabled when creating radios.
2022-10-27 09:40:32 -05:00
James Prestwood
13bdb5ee80 monitor: remove -F option
This is now handled automatically by setting read_only which
bypasses the family ID check.
2022-10-26 16:48:45 -05:00
James Prestwood
ad51250835 monitor: allow parsing pcaps without -F option
The -F option is undocumented but allows you to pass a nl80211
family ID so iwmon doesn't ignore messages which don't match the
systems nl80211 family ID (i.e. pcaps from other systems).

This is somewhat of a pain to use since its unclear what the other
system's family ID actually is until you run it though something
like wireshark. Instead iwmon can ignore the family ID when in
read mode which makes reading other systems pcap files automatic.
2022-10-26 16:48:21 -05:00
James Prestwood
5ebcc48814 monitor: pass config to nlmon_create
Expand nlmon_create to be useful for both pcaps and monitoring. Doing
this also lets iwmon filter pcaps based on --no-ies,rtnl,scan etc
flags since they are part of the config.
2022-10-26 16:47:46 -05:00
James Prestwood
5d8b86ff7c eapol: add TKIP support in AP mode
Though TKIP is deprecated and insecure its trivial to support it in
AP mode as we already do in station. This is only to allow AP mode
for old hardware that may only support TKIP. If the hardware supports
any higher level cipher that will be chosen automatically.
2022-10-26 14:20:25 -05:00