3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 21:22:37 +01:00
Commit Graph

7031 Commits

Author SHA1 Message Date
James Prestwood
9205308c47 auto-t: add fallback to reassociate test 2023-09-01 23:01:14 -05:00
James Prestwood
e74dd446fb station: fall back to reassociation under certain FT failures
The auth/action status is now tracked in ft.c. If an AP rejects the
FT attempt with "Invalid PMKID" we can now assume this AP is either
mis-configured for FT or is lagging behind getting the proper keys
from neighboring APs (e.g. was just rebooted).

If we see this condition IWD can now fall back to reassociation in
an attempt to still roam to the best candidate. The fallback decision
is still rank based: if a BSS fails FT it is marked as such, its
ranking is reset removing the FT factor and it is inserted back
into the queue.

The motivation behind this isn't necessarily to always force a roam,
but instead to handle two cases where IWD can either make a bad roam
decision or get 'stuck' and never roam:

  1. If there is one good roam candidate and other bad ones. For
     example say BSS A is experiencing this FT key pull issue:
         Current BSS: -85dbm
         BSS A:       -55dbm
         BSS B:       -80dbm
     The current logic would fail A, and roam to B. In this case
     reassociation would have likely succeeded so it makes more sense
     to reassociate to A as a fallback.

  2. If there is only one candidate, but its failing FT. IWD will
     never try anything other than FT and repeatedly fail.

Both of the above have been seen on real network deployments and
result in either poor performance (1) or eventually lead to a full
disconnect due to never roaming (2).
2023-09-01 22:56:25 -05:00
James Prestwood
0007699677 ft: track FT auth/action response status
Certain return codes, though failures, can indicate that the AP is
just confused or booting up and treating it as a full failure may
not be the best route.

For example in some production deployments if an AP is rebooted it
may take some time for neighboring APs to exchange keys for
current associations. If a client roams during that time it will
reject saying the PMKID is invalid.

Use the ft_associate call return to communicate the status (if any)
that was in the auth/action response. If there was a parsing error
or no response -ENOENT is still returned.
2023-09-01 22:49:21 -05:00
James Prestwood
927e27b8b5 auto-t: Update tests to use hostapd.default() 2023-08-30 20:41:25 -05:00
James Prestwood
df4d0eef5c auto-t: require a complete hostapd default config
In many tests the hostapd configuration does not include all the
values that a test uses. Its expected that each individual test
will add the values required. In many cases its required each test
slightly alter the configuration for each change every other test
has to set the value back to either a default or its own setting.
This results in a ton of duplicated code mainly setting things
back to defaults.

To help with this problem the hostapd configuration is read in
initially and stored as the default. Tests can then simply call
.default() to set everything back. This significantly reduces or
completely removes a ton of set_value() calls.

This does require that each hostapd configuration file includes all
values any of the subtests will set, which is a small price for the
convenience.
2023-08-30 20:40:55 -05:00
Marcel Holtmann
a9578c5f99 Release 2.8 2023-08-24 14:58:33 +02:00
Marcel Holtmann
783319b45f build: Require at least version 0.58 when building with external ELL 2023-08-24 14:56:10 +02:00
Salahaldeen Altous
4a0a973790 doc: APRanges is deprecated (use APAddressPool instead) 2023-08-08 00:00:05 -05:00
James Prestwood
822ad91faa scan: remove unneeded debug prints
Removed several debug prints which are very verbose and provide
little to no important information.

The get_scan_{done,callback} prints are pointless since all the
parsed scan results are printed by station anyways.

Printing the BSS load is also not that useful since it doesn't
include the BSSID. If anything the BSS load should be included
when station prints out each individual BSS (along with frequency,
rank, etc).

The advertisement protocol print was just just left in there by
accident when debugging, and also provides basically no useful
information.
2023-08-07 23:59:17 -05:00
Denis Kenzior
613ad4bc32 build: Update to the new ell files 2023-07-17 22:51:50 -05:00
James Prestwood
b736f07e2e netdev: relax requirement for OWE AKM in assoc reply
Some APs don't include the RSNE in the associate reply during
the OWE exchange. This causes IWD to be incompatible since it has
a hard requirement on the AKM being included.

This relaxes the requirement for the AKM and instead warns if it
is not included.

Below is an example of an association reply without the RSN element

IEEE 802.11 Association Response, Flags: ........
     Type/Subtype: Association Response (0x0001)
     Frame Control Field: 0x1000
     .000 0000 0011 1100 = Duration: 60 microseconds
     Receiver address: 64:c4:03:88:ff:26
     Destination address: 64:c4:03:88:ff:26
     Transmitter address: fc:34:97:2b:1b:48
     Source address: fc:34:97:2b:1b:48
     BSS Id: fc:34:97:2b:1b:48
     .... .... .... 0000 = Fragment number: 0
     0001 1100 1000 .... = Sequence number: 456
IEEE 802.11 wireless LAN
     Fixed parameters (6 bytes)
     Tagged parameters (196 bytes)
         Tag: Supported Rates 6(B), 9, 12(B), 18, 24(B), 36, 48, 54, [Mbit/sec]
         Tag: RM Enabled Capabilities (5 octets)
         Tag: Extended Capabilities (11 octets)
         Ext Tag: HE Capabilities (IEEE Std 802.11ax/D3.0)
         Ext Tag: HE Operation (IEEE Std 802.11ax/D3.0)
         Ext Tag: MU EDCA Parameter Set
         Ext Tag: HE 6GHz Band Capabilities
         Ext Tag: OWE Diffie-Hellman Parameter
             Tag Number: Element ID Extension (255)
             Ext Tag length: 51
             Ext Tag Number: OWE Diffie-Hellman Parameter (32)
             Group: 384-bit random ECP group (20)
             Public Key: 14ba9d8abeb2ecd5d95e6c12491b16489d1bcc303e7a7fbd…
         Tag: Vendor Specific: Broadcom
         Tag: Vendor Specific: Microsoft Corp.: WMM/WME: Parameter Element

Reported-By: Wen Gong <quic_wgong@quicinc.com>
Tested-By: Wen Gong <quic_wgong@quicinc.com>
2023-07-14 09:09:51 -05:00
James Prestwood
7418c5fd3c hwsim: handle ADD/DEL_MAC_ADDR events
Handling these events notifies hwsim of address changes for interface
creation/removal outside the initial namespace as well as address
changes due to scanning address randomization.

Interfaces that hwsim already knows about are still handled via
nl80211. But any interfaces not known when ADD/DEL_MAC_ADDR events
come will be treated specially.

For ADD, a dummy interface object will be created and added to the
queue. This lets the frame processing match the destination address
correctly. This can happen both for scan randomization and interface
creation outside of the initial namespace.

For the DEL event we handle similarly and don't touch any interfaces
found via nl80211 (i.e. have a 'name') but need to also be careful
with the dummy interfaces that were created outside the initial
namespace. We want to keep these around but scanning MAC changes can
also delete them. This is why a reference count was added so scanning
doesn't cause a removal.

For example, the following sequence:

ADD_MAC_ADDR (interface creation)
ADD_MAC_ADDR (scanning started)
DEL_MAC_ADDR (scanning done)
2023-07-05 22:03:32 -05:00
James Prestwood
5f4f15a600 hwsim: move frame processing into a separate function
The ADD/DEL_MAC_ADDR events come through the unicast handler so
move the frame processing to a separate function so these other
events can be handled.
2023-07-05 21:52:19 -05:00
James Prestwood
cda7644557 hwsim: add ADD/DEL_MAC_ADDR events
These events are important to support both moving radios to other
namespaces, and to allow scan address randomization to work.
2023-07-05 21:52:09 -05:00
Marcel Holtmann
0be288c5aa Release 2.7 2023-07-05 18:25:17 +02:00
James Prestwood
9479c31a72 handshake: add FT_OVER_8021X AKM for SHA256 PMKID derivation
Hostapd commit b6d3fd05e3 changed the PMKID derivation in accordance
with 802.11-2020 which then breaks PMKID validation in IWD. This
breaks the FT-8021x AKM in IWD if the AP uses this hostapd version
since the PMKID doesn't validate during EAPoL.

This updates the PMKID derivation to use the correct SHA hash for
this AKM and adds SHA1 based PMKID checking for interoperability
with older hostapd versions.
2023-07-05 18:16:01 +02:00
James Prestwood
8c4633ef72 handshake: split handshake_state_get_pmkid into separate APIs
The PMKID derivation has gotten messy due to the spec
updating/clarifying the hash size for the FT-8021X AKM. This
has led to hostapd updating the derivation which leaves older
hostapd versions using SHA1 and newer versions using SHA256.

To support this the checksum type is being fed to
handshake_state_get_pmkid so the caller can decide what sha to
use. In addition handshake_state_pmkid_matches is being added
which uses get_pmkid() but handles sorting out the hash type
automatically.

This lets preauthentication use handshake_state_get_pmkid where
there is the potential that a new PMKID is derived and eapol
can use handshake_state_pmkid_matches which only derives the
PMKID to compare against the peers.
2023-06-26 21:55:24 -05:00
James Prestwood
ae76fa876f crypto: modify crypto_derive_pmkid to take the length/checksum type
The existing API was limited to SHA1 or SHA256 and assumed a key
length of 32 bytes. Since other AKMs plan to be added update
this to take the checksum/length directly for better flexibility.
2023-06-26 21:32:11 -05:00
James Prestwood
d09b106998 ft: add debug prints for FT-over-DS
This is consistent with the over-Air path, and makes it clear when
reading the logs if over-DS was used, if there was a response frame,
and if the frame failed to parse in some way.
2023-06-26 21:31:20 -05:00
Marcel Holtmann
6ae9b4dc58 Release 2.6 2023-06-22 17:15:34 +02:00
James Prestwood
b1cc4c236b auto-t: fix testNetconfig lease parsing
The parsing code was breaking out of the loop on the first comment
which is incorrect and causes only part of the file to be parsed.
Its odd this hasn't popped up until now but its likely due to
differing dhcpd versions, some which add comments and others that
do not.
2023-06-19 20:54:25 -05:00
James Prestwood
6f7dd97607 auto-t: add comment about FILS rekeys
FILS rekeys were fixed in hostapd somewhat recently but older
versions will fail this test. Document that so we don't get
confused when running tests against older hostapd versions.
2023-06-19 20:54:17 -05:00
James Prestwood
2e2f6f991d wiphy: remove l_info's for control port/power save
These should not have been put into a getter for wiphy and now
the driver quirks are printed out in wiphy_print_basic_info.
2023-06-19 20:23:37 -05:00
James Prestwood
29edb1626d netdev: disable power save if required
Disable power save if the wiphy indicates its needed. Do this
before issuing GET_LINK so the netdev doesn't signal its up until
power save is disabled.
2023-06-19 20:23:28 -05:00
James Prestwood
b7872de90a netdev: move GETLINK into its own function, track command ID
Move this logic into its own function and track the command ID
so it can be canceled in case of netdev going down.
2023-06-19 20:23:14 -05:00
Denis Kenzior
c866f8dc9a doc: Add document describing code coverage testing 2023-06-19 15:35:25 -05:00
Denis Kenzior
b2e830739c gitignore: Add gcov output files 2023-06-19 15:35:18 -05:00
Denis Kenzior
92822bd53a build: Enable configuring with gcov
This allows generating code and test coverage reports using lcov &
genhtml.  Useful for understanding how much of the codebase is currently
covered by unit and autotests.
2023-06-19 15:34:36 -05:00
Denis Kenzior
6e98d6bf13 build: Make sure --disable-optimization works
acinclude.m4 still adds -O2 and various FORTIFY_SOURCE flags, even if
--disable-optimization is used during configure.  Fix that.
2023-06-19 15:29:02 -05:00
Denis Kenzior
dba29c1bfb doc: Update EnableIPv6 description in sample main.conf
The description incorrectly stated that EnableIPv6 defaulted to
disabled.
2023-06-18 14:06:24 -05:00
Denis Kenzior
f0ae46916f doc: Add 'none' NameResolvingService in sample main.conf 2023-06-18 14:06:24 -05:00
James Prestwood
8eab0229f1 doc: Document [DriverQuirks].PowerSaveDisable 2023-06-18 14:06:24 -05:00
James Prestwood
855318374e wiphy: print driver flags on startup
Similar to other basic information, print the driver flags so the
user is informed what is set.
2023-06-18 14:06:24 -05:00
James Prestwood
a50605a456 wiphy: add [DriverQuirks].PowerSaveDisable flag
Certain drivers do not handle power save very well resulting in
missed frames, firmware crashes, or other bad behavior. Its easy
enough to disable power save via iw, iwconfig, etc but since IWD
removes and creates the interface on startup it blows away any
previous power save setting. The setting must be done *after* IWD
creates the interface which can be done, but needs to be via some
external daemon monitoring IWD's state. For minimal systems,
e.g. without NetworkManager, it becomes difficult and annoying to
persistently disable power save.

For this reason a new driver flag POWER_SAVE_DISABLE is being
added. This can then be referenced when creating the interfaces
and if set, disable power save.
2023-06-18 14:06:21 -05:00
James Prestwood
0b4dc9d8a5 doc: document [DriverQuirks] group settings 2023-06-18 13:35:33 -05:00
James Prestwood
b1b45f5509 wiphy: allow for user-defined driver flags
The driver_infos list in wiphy.c is hard coded and, naturally,
not configurable from a user perspective. As drivers are updated
or added users may be left with their system being broken until the
driver is added, IWD released, and packaged.

This adds the ability to define driver flags inside main.conf under
the "DriverQuirks" group. Keys in this group correspond to values in
enum driver_flag and values are a list of glob matches for specific
drivers:

[DriverQuirks]
DefaultInterface=rtl81*,rtl87*,rtl88*,rtw_*,brcmfmac,bcmsdh_sdmmc
ForcePae=buggy_pae_*
2023-06-18 13:32:58 -05:00
James Prestwood
6065d86fa7 wiphy: store driver flags directly in wiphy object
Rather than keep a pointer to the driver_info entry copy the flags
into the wiphy object. This preps for supporting driver flags via
a configuration file, specifically allowing for entries that are a
subset of others. For example:

{ "rtl88*",          DEFAULT_IF },
{ "rtl88x2bu",       FORCE_PAE },

Before it was not possible to add entires like this since only the
last entry match would get set. Now DEFAULT_IF would get set to all
matches, and FORCE_PAE to only rtl88x2bu. This isn't especially
important for the static list since it could be modified to work
correctly, but will be needed when parsing flags from a
configuration file that may contain duplicates or subsets of the
static list.
2023-06-18 13:16:03 -05:00
James Prestwood
568048b0ee ft: add debugging in __ft_rx_authenticate
If there was some problem during the FT authenticate stage
its nice to know more of what happened: whether the AP didn't
respond, rejected the attempt, or sent an invalid frame/IEs.
2023-06-06 10:35:48 -05:00
Marcel Holtmann
7fc1d207e1 Release 2.5 2023-05-24 17:37:04 +02:00
Marcel Holtmann
464f5c25db build: Require at least version 0.57 when building with external ELL 2023-05-24 17:22:58 +02:00
James Prestwood
189c23a5d9 station: use wiphy_radio_work_reschedule in FT path
If FT fails the work item needs to be rescheduled rather than
inserted.
2023-05-22 09:37:25 -05:00
James Prestwood
109cb70f22 wiphy: make wiphy work queue reentrant
In some situations its convenient for the same work item to be
inserted (rescheduled) while its in progress. FT for example does
this now if a roam fails. The same ft_work item gets re-inserted
which, currently, is not safe to do since the item is modified
and removed once completed.

Fix this by introducing wiphy_radio_work_reschedule which is an
explicit API for re-inserting work items from within the do_work
callback.

The wiphy work logic was changed around slightly to remove the item
at the head of the queue prior to starting and note the ID going
into do_work. If do_work signaled done and ID changed we know it
was re-inserted and can skip the destroy logic and move onto the
next item. If the item is not done continue as normal but set the
priority to INT_MIN, as usual, to prevent other items from getting
to the head of the queue.
2023-05-22 09:35:20 -05:00
James Prestwood
0f5da071fa auto-t: increase timeout in testPSK-roam
This was causing random failures and increasing the timeout seems
to be a lot more reliable.
2023-05-22 09:35:15 -05:00
James Prestwood
563ecc63e8 auto-t: modify PSK-roam test to use FT failure path
This adds another radio so IWD hits the FT failure path after
authentication to the first BSS fails. This causes a wiphy work
item to be rescheduled which previously was unsafe.
2023-05-22 09:35:08 -05:00
James Prestwood
23f0f5717c station: allow roaming before netconfig finishes
If IWD connects under bad RF conditions and netconfig takes
a while to complete (e.g. slow DHCP), the roam timeout
could fire before DHCP is done. Then, after the roam,
IWD would transition automatically to connected before
DHCP was finished. In theory DHCP could still complete after
this point but any process depending on IWD's connected
state would be uninformed and assume IP networking is up.

Fix this by stopping netconfig prior to a roam if IWD is not
in a connected state. Then, once the roam either failed or
succeeded, start netconfig again.
2023-05-07 18:04:08 -05:00
Denis Kenzior
6c39a2f53f AUTHORS: Mention Ronan's contributions 2023-05-07 18:03:40 -05:00
Ronan Pigott
3687f7947b client: avoid segfault in iwctl quit
iwctl quit (running quit non-interactively) isn't a useful command,
but it shouldn't segfault. Let's avoid calling readline functions if
we haven't initialized readline in this run.
2023-05-07 18:03:11 -05:00
Marcel Holtmann
68089783b6 build: Require at least libedit >= 3.1 when selected 2023-05-03 19:31:04 +02:00
Marcel Holtmann
38f5aff139 linux: Update nl80211.h from Linux 6.3 2023-05-02 20:39:32 +02:00
James Prestwood
b080854d3e dpp: fix incorrect offchannel usage as configurator
When acting as a configurator the enrollee can start on a different
channel than IWD is connected to. IWD will begin the auth process
on this channel but tell the enrollee to transition to the current
channel after the auth request. Since a configurator must be
connected (a requirement IWD enforces) we can assume a channel
transition will always be to the currently connected channel. This
allows us to simply cancel the offchannel request and wait for a
response (rather than start another offchannel).

Doing this improves the DPP performance and reduces the potential
for a lost frame during the channel transition.

This patch also addresses the comment that we should wait for the
auth request ACK before canceling the offchannel. Now a flag is
set and IWD will cancel the offchannel once the ACK is received.
2023-04-30 13:03:48 -05:00