3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-10-14 17:59:23 +02:00
Commit Graph

443 Commits

Author SHA1 Message Date
James Prestwood
d3f7458e26 netdev: fail connection if the link goes down
In certain rare cases IWD gets a link down event before nl80211 ever sends
a disconnect event. Netdev notifies station of the link down which causes
station to be freed, but netdev remains in the same state. Then later the
disconnect event arrives and netdev still thinks its connected, calls into
(the now freed) station object and causes a crash.

To fix this netdev_connect_free() is now called on any link down events
which will reset the netdev object to a proper state.

src/netdev.c:netdev_link_notify() event 16 on ifindex 16
src/netdev.c:netdev_mlme_notify() MLME notification Del Station(20)
src/netdev.c:netdev_link_notify() event 16 on ifindex 16
src/netdev.c:netdev_mlme_notify() MLME notification Deauthenticate(39)
src/netdev.c:netdev_deauthenticate_event()
src/netdev.c:netdev_link_notify() event 16 on ifindex 16
src/station.c:station_free()
src/netconfig.c:netconfig_destroy()
src/resolve.c:resolve_systemd_revert() ifindex: 16
src/station.c:station_roam_state_clear() 16
src/netdev.c:netdev_mlme_notify() MLME notification Disconnect(48)
src/netdev.c:netdev_disconnect_event()
Received Deauthentication event, reason: 3, from_ap: false

0 0x472fa4 in station_disconnect_event src/station.c:2916
1 0x472fa4 in station_netdev_event src/station.c:2954
2 0x43a262 in netdev_disconnect_event src/netdev.c:1213
3 0x43a262 in netdev_mlme_notify src/netdev.c:5471
4 0x6706eb in process_multicast ell/genl.c:1029
5 0x6706eb in received_data ell/genl.c:1096
6 0x65e630 in io_callback ell/io.c:120
7 0x65a94e in l_main_iterate ell/main.c:478
8 0x65b0b3 in l_main_run ell/main.c:525
9 0x65b0b3 in l_main_run ell/main.c:507
10 0x65b5cc in l_main_run_with_signal ell/main.c:647
11 0x4124d7 in main src/main.c:532
2022-02-22 16:27:02 -06:00
James Prestwood
2e0a7d265c netdev: fix crash from not cancelling netdev_get_oci
If netdev_connect_failed is called before netdev_get_oci_cb() the
netdev's handshake will be destroyed and ultimately crash when the
callback is called.

This patch moves the cancelation into netdev_connect_free rather than
netdev_free.

++++++++ backtrace ++++++++
0  0x7f4e1787d320 in /lib64/libc.so.6
1  0x42634c in handshake_state_set_chandef() at src/handshake.c:1057
2  0x40a11b in netdev_get_oci_cb() at src/netdev.c:2387
3  0x483d7b in process_unicast() at ell/genl.c:986
4  0x480d3c in io_callback() at ell/io.c:120
5  0x48004d in l_main_iterate() at ell/main.c:472 (discriminator 2)
6  0x4800fc in l_main_run() at ell/main.c:521
7  0x48032c in l_main_run_with_signal() at ell/main.c:649
8  0x403e95 in main() at src/main.c:532
9  0x7f4e17867b75 in /lib64/libc.so.6
+++++++++++++++++++++++++++
2022-02-07 13:51:04 -06:00
James Prestwood
672098118d netdev: fix bug setting OWE IE length
The length was being set to whatever the last nl80211 attribute was,
not the length for the RESP_IE iteration.
2022-02-03 11:40:08 -06:00
Andrew Zaborowski
4d2176df29 handshake: Allow event handler to free handshake
Like in ap.c, allow the event callback to mark the handshake state as
destroyed, without causing invalid accesses after the callback has
returned.  In this case the crash was because try_handshake_complete
needed to access members of handshake_state after emitting the event,
as well as access the netdev, which also has been destroyed:

==257707== Invalid read of size 8
==257707==    at 0x408C85: try_handshake_complete (netdev.c:1487)
==257707==    by 0x408C85: try_handshake_complete (netdev.c:1480)
(...)
==257707==  Address 0x4e187e8 is 856 bytes inside a block of size 872 free'd
==257707==    at 0x484621F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==257707==    by 0x437887: ap_stop_handshake (ap.c:151)
==257707==    by 0x439793: ap_del_station (ap.c:316)
==257707==    by 0x43EA92: ap_station_disconnect (ap.c:3411)
==257707==    by 0x43EA92: ap_station_disconnect (ap.c:3399)
==257707==    by 0x454276: p2p_group_event (p2p.c:1006)
==257707==    by 0x439147: ap_event (ap.c:281)
==257707==    by 0x4393AB: ap_new_rsna (ap.c:390)
==257707==    by 0x4393AB: ap_handshake_event (ap.c:1010)
==257707==    by 0x408C7F: try_handshake_complete (netdev.c:1485)
==257707==    by 0x408C7F: try_handshake_complete (netdev.c:1480)
(...)
2022-01-21 08:51:49 -06:00
James Prestwood
87e1045b11 netdev: use work priorities rather than hard coding 2022-01-11 12:37:44 -06:00
Denis Kenzior
8b9442efe0 treewide: Prefer not using assignment in if 2022-01-11 11:07:33 -06:00
Denis Kenzior
6ae1917733 netdev: Make code more readable
Introduce a new 'hs' variable to make the code a bit more compact and
readable.  Avoid splitting pointer dereferences on multiple lines.
2022-01-11 11:07:33 -06:00
Denis Kenzior
fe95cbe077 treewide: Various style fixups
- Mostly problems with whitespace:
	- Use of spaces instead of tabs
	- Stray spaces before closing ')
	- Missing spaces

- Missing 'void' from function declarations & definitions that
  take no arguments.

- Wrong indentation level
2022-01-11 11:07:05 -06:00
Denis Kenzior
7c30fc2cbf netdev: do not leak auth_cmd
Direct leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7fa226fbf0f8 in __interceptor_malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/9.4.0/libasan.so.5+0x10c0f8)
    #1 0x688c98 in l_malloc ell/util.c:62
    #2 0x6c2b19 in msg_alloc ell/genl.c:740
    #3 0x6cb32c in l_genl_msg_new_sized ell/genl.c:1567
    #4 0x424f57 in netdev_build_cmd_authenticate src/netdev.c:3285
    #5 0x425b50 in netdev_sae_tx_authenticate src/netdev.c:3385
2021-12-23 09:58:05 -06:00
James Prestwood
56ea2c4d15 treewide: update scan utility usage to use band_* 2021-11-29 17:07:44 -06:00
James Prestwood
7103bda058 netdev: always honor disconnect events if issued by AP
The disconnect event handler was mistakenly bailing out if FT or
reassociation was going on. This was done because a disconnect
event is sent by the kernel when CMD_AUTH/CMD_ASSOC is used.

The problem is an AP could also disconnect IWD which should never
be ignored.

To fix this always parse the disconnect event and, if issued by
the AP, always notify watchers of the disconnect.
2021-11-23 12:18:08 -06:00
James Prestwood
3a47181a50 netdev: add SA Query delay with OCV enabled
The way a SA Query was done following a channel switch was slightly
incorrect. One because it is only needed when OCVC is set, and two
because IWD was not waiting a random delay between 0 and 5000us as
lined out by the spec. This patch fixes both these issues.
2021-10-26 17:16:38 -05:00
Denis Kenzior
659a63ae20 netdev: Print if SA Query is in progress 2021-10-19 15:40:26 -05:00
James Prestwood
4b88607b19 netdev: start SA Query on channel switch event
802.11 requires an STA initiate the SA Query procedure on channel
switch events. This patch refactors sending the SA Query into its
own routine and starts the procedure when the channel switch event
comes in.

In addition the OCI needs to be verified, so the channel info is
parsed and set into the handshakes chandef.
2021-10-19 13:28:18 -05:00
James Prestwood
bf5afa52e5 netdev: add OCI elements to SA Query request/response frames
SA query is the final protocol that requires OCI inclusion and
verification. The OCI element is now included and verified in
both request and response frames as required by 802.11.
2021-10-19 13:26:57 -05:00
James Prestwood
a205afe2de netdev: set TK index to zero for FT
Since FT re-uses the handshake the active TK index may be set to a
non-zero value.
2021-10-08 14:13:56 -05:00
James Prestwood
5ff7d113b9 netdev: support extended key IDs
This implements the new handshake callback for setting a TK with
an extended key ID. The procedure is different from legacy zero
index TKs.

First the new TK is set as RX only. Then message 4 should be sent
out (so it uses the existing TK). This poses a slight issue with
PAE sockets since message order is not guaranteed. In this case
the 4th message is stored and sent after the new TK is installed.
Then the new TK is modified using SET_KEY to both send and
receive.

In the case of control port over NL80211 the above can be avoided
and we can simply install the new key, send message 4, and modify
the TK as TX + RX all in sequence, without waiting for any callbacks.
2021-10-08 13:27:14 -05:00
James Prestwood
80135367cf handshake: update TK installer/builder to take key index 2021-10-08 13:26:25 -05:00
James Prestwood
898c7e636e wiphy: change wiphy_control_port_capable -> enabled
Move the reading of ControlPortOverNL80211 into wiphy itself and
renamed wiphy_control_port_capable to wiphy_control_port_enabled.
This makes things easier for any modules interested in control
port support since they will only have to check this one API rather
than read the settings and check capability.
2021-10-08 08:38:35 -05:00
Denis Kenzior
9766426b59 wiphy/netdev: Add & use wiphy_control_port_capable
Some drivers might not actually support control port properly even if
advertised by mac80211.  Introduce a new method to wiphy that will take
care of looking up any driver quirks that override the presence of
NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211
2021-10-01 09:38:38 -05:00
James Prestwood
e6340996d7 eapol: netdev: allow rekeys using FT-FILS
Rekeying was overlooked when implementing FT-FILS and there were
many places where the AKM was never checked and the rekey was
failing.
2021-09-28 17:26:10 -05:00
James Prestwood
ae358bd524 ft: netdev: store FT-over-DS target RSNE/WPA
Keep track of the target BSS's authenticator IE for verification.
It should not be assumed that the target BSS and original RSNE/WPA
IE matches.
2021-09-28 16:58:41 -05:00
James Prestwood
d0b0004c8c netdev: set result/status for deauth path
If the deauth path was triggered IWD would deauth but end up
calling the connect callback with whatever result netdev had
set, e.g. 'NETDEV_RESULT_OK'. This, of course, caused station
some confusion.
2021-09-28 16:53:25 -05:00
James Prestwood
d68c9e69fa fils: support OCI in reassociation 2021-09-28 16:46:48 -05:00
James Prestwood
bc0375fb30 ft: make Authenticate OCVC settable by caller
The FT-over-DS action stage builds an FT-Request which contains an
RSNE. Since FT-over-DS will not support OCV add a boolean to
ft_build_authenticate_ies so the OCVC bit can be disabled rather
than relying on the handshake setting.
2021-09-28 11:01:03 -05:00
James Prestwood
69cf481ca9 ft: get OCI prior to reassociation
This modifies the FT logic to fist call get_oci() before
reassociation. This allows the OCI to be included in reassociation
and in the 4-way handshake later on.

The code path for getting the OCI had to be slightly changed to
handle an OCI that is already set. First the handshake chandef is
NULL'ed out for any new connection. This prevents a stale OCI from
being used. Then some checks were added for this case in
netdev_connect_event and if chandef is already set, start the 4-way
handshake.
2021-09-28 11:01:00 -05:00
James Prestwood
10c8e5e263 netdev: change netdev_get_oci to be used as a callback
This can be reused to be called from ft.c
2021-09-28 10:51:48 -05:00
James Prestwood
8db2f442bc netdev: fix return value check for ft_over_ds_parse_action_ies
This returns a bool but was being treated as a signed int.
2021-09-27 19:32:52 -05:00
Denis Kenzior
a0deadc919 treewide: Remove double-empty lines 2021-09-23 17:45:29 -05:00
Denis Kenzior
c678ba16b8 netdev: Pretty print the unicast notification type 2021-09-22 08:28:46 -05:00
Denis Kenzior
06482b8116 netdev: Obtain operating channel info
Prior to starting the 4-way handshake, obtain operating channel
information (OCI) for possible operating channel validation (OCV)
processing.
2021-09-21 15:48:08 -05:00
Denis Kenzior
23af586acd netdev: Properly handle auth_proto error returns
Kernel keeps transmitting authentication frames until told to stop or an
authentication frame the kernel considers 'final' is received.  Detect
cases where the kernel would keep retransmitting, and if auth_proto
encounters a fatal protocol error, prevent these retransmissions from
occuring by sending a Deauthenticate command to the kernel.

Additionally, treat -EBADMSG/-ENOMSG return from auth_proto specially.
These error codes are meant to convey that a frame should be silently
dropped and retransmissions should continue.
2021-09-08 17:04:36 -05:00
James Prestwood
7fe55567bd netdev: print error if CMD_ASSOCIATE fails 2021-09-07 20:02:45 -05:00
Denis Kenzior
dd9265f2db netdev: deauth if eapol_start fails 2021-09-03 14:40:16 -05:00
James Prestwood
8b6ad5d3b9 owe: netdev: refactor to remove OWE as an auth-proto 2021-09-03 14:34:30 -05:00
James Prestwood
db2f14225d netdev: factor out scan_bss from CMD_CONNECT builder
In order to support OWE in the CMD_CONNECT path the scan_bss parameter
needs to be removed since this is lost after netdev_connect returns.
Nearly everything needed is also stored in the handshake except the
privacy capability which is now being mirrored in the netdev object
itself.
2021-09-03 14:30:44 -05:00
Andrew Zaborowski
d383a49b7b station, netdev: Enable FILS IP Address Assignment
Send and receive the FILS IP Address Assignment IEs during association.
As implemented this would work independently of FILS although the only
AP software handling this mechanism without FILS is likely IWD itself.

No support is added for handling the IP assignment information sent from
the server after the initial Association Request/Response frames, i.e.
the information is only used if it is received directly in the
Association Response without the "response pending" bit, otherwise the
DHCP client will be started.
2021-08-31 10:04:36 -05:00
James Prestwood
4b38c92f26 netdev: force SAE group 19 if BSS requires 2021-08-25 13:05:15 -05:00
Denis Kenzior
a75126af39 netdev: Retry IF_OPER_UP
Some drivers ignore the initial IF_OPER_UP setting that was sent during
netdev_connect_ok().  Attempt to work around this by parsing New Link
events.  If OperState setting is still not correct in a subsequent event,
retry setting OperState to IF_OPER_UP.
2021-08-20 09:49:29 -05:00
James Prestwood
b543bf76f1 netdev: move failure point out of netdev_connect_common
The only point of failure in netdev_connect_common was setting
up the handshake type. Moving this outside of netdev_connect_common
makes the code flow much better in netdev_{connect,reassociate} as
nothing needs to be reset upon failure.
2021-08-12 13:05:58 -05:00
James Prestwood
80fec3f5f4 netdev: allow reassociation for auth-protos
This adds support in netdev_reassociate for all the auth
protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect
into netdev_connect_common. In addition PREV_BSSID is set
in the associate message if 'in_reassoc' is true.
2021-08-06 22:03:13 -05:00
Denis Kenzior
7e9971661b netdev: Append any vendor IEs from the handshake 2021-08-06 14:07:06 -05:00
Denis Kenzior
8f9e6b3f76 netdev: Send addititional IEs for FT/SAE/OWE/FILS
RM Enabled Capabilities and Extended Capabilities IEs were correctly
being sent when using CMD_CONNECT for initial connections and
re-associations.  However, for SoftMac SAE, FT, FILS and OWE connections,
these additional IEs were not added properly during the Associate step.
2021-08-05 21:01:37 -05:00
Denis Kenzior
289b8826bf netdev: Always send RM Enabled Capabilities
If the driver supports RRM, then we might as well always send the RM
Enabled Capabilities IE (and use the USE_RRM flag).  802.11-2020
suggests that this IE can be sent whenever
dot11RadioMeasurementActivated is true, and this setting is independent
of whether the peer supports RRM.  There's nothing to indicate that an
STA should not send these IEs if the AP is not RRM enabled.
2021-08-05 15:49:46 -05:00
Alvin Šipraga
aa7845ca98 netdev: update frequency on channel switch events
While we correctly emit a NETDEV_EVENT_CHANNEL_SWITCHED event from
netdev for other modules to respond to, we fail to actually update the
frequency of the netdev object in question. Since the netdev frequency
is used elsewhere (e.g. to send action frames), it needs updating too.

Fixes: 5eb0b7ca8e ("netdev: add a channel switch event")
2021-08-05 10:35:50 -05:00
Denis Kenzior
317e345a6a netdev: Remove prev_bssid member
This variable ended up being used only on the fast-transition path.  On
the re-associate path it was never used, but memcpy-ied nevertheless.
Since its only use is by auth_proto based protocols, move it to the
auth_proto object directly.

Due to how prepare_ft works (we need prev_bssid from the handshake, but
the handshake is reset), have netdev_ft_* methods take an 'orig_bss'
parameter, similar to netdev_reassociate.
2021-08-04 23:08:34 -05:00
Denis Kenzior
60e2a9994f netdev: Remove unused variable
This was set, but never used in any way
2021-08-04 15:55:30 -05:00
Denis Kenzior
17d653904f netdev: netdev_connect_common doesn't fail 2021-08-04 15:55:30 -05:00
James Prestwood
befa448017 netdev: fix RoamThreshold5G
The RoamThreshold5G was never honored because it was being
set prior to any connections. This caused the logic inside
netdev_cqm_rssi_update to always choose the 2GHz threshold
(RoamThreshold) due to netdev->frequency being zero at this time.

Instead call netdev_cqm_rssi_update in all connect/transition
calls after netdev->frequency is updated. This will allow both
the 2G and 5G thresholds to be used depending on what frequency
the new BSS is.

The call to netdev_cqm_rssi_update in netdev_setup_interface
was also removed since it serves no purpose, at least now
that there are two thresholds to consider.
2021-07-28 10:04:41 -05:00
Denis Kenzior
38e3e72684 netdev: Send RSNXE element during SAE association 2021-07-14 09:58:42 -05:00