3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-29 05:39:24 +01:00
Commit Graph

3934 Commits

Author SHA1 Message Date
James Prestwood
aed383b037 wiphy: make wiphy work queue reentrancy safe
Now both the do_work and destroy callback can safely insert new
work items without causing problems.
2021-11-22 15:29:51 -06:00
James Prestwood
876fe9f210 crypto: use void* for hkdf_expand
This makes it more flexible for other storage types
2021-11-22 15:29:31 -06:00
James Prestwood
b735c90c42 crypto: use void* args for aes_siv_{encrypt,decrypt}
This makes these APIs more flexible for other storage types
2021-11-22 15:29:27 -06:00
Fangrui Song
fa1c12453b build: treewide: Set retain attribute
LLD 13 and GNU ld 2.37 support -z start-stop-gc which allows garbage
collection of C identifier name sections despite the __start_/__stop_
references. GNU ld before 2015-10 had the behavior as well. Simply set
the retain attribute so that GCC 11 (if configure-time binutils is 2.36
or newer)/Clang 13 will set the SHF_GNU_RETAIN section attribute to
prevent garbage collection.

Without the patch, there are linker errors with -z start-stop-gc
(LLD default) when -Wl,--gc-sections is used:

```
ld.lld: error: undefined symbol: __start___eap
>>> referenced by eap.c
>>>               src/eap.o:(eap_init)
```

The remain attribute will not be needed if the metadata sections are
referenced by code directly.
2021-11-11 14:27:33 -06:00
Andrew Zaborowski
6ac062d151 netconfig: Move FILS override checks to common functions 2021-11-10 11:54:51 -06:00
Andrew Zaborowski
5e7949c144 netconfig: Split ipv4 route setters
Split this function into two, one for setting the gateway route and one
for setting the subnet route.
2021-11-10 11:25:27 -06:00
Andrew Zaborowski
c473290b47 ap: Delay ap_free if called inside event handler
ap.c has been mostly careful to call the event handler at the end of any
externally called function to allow methods like ap_free() to be called
within the handler, but that isn't enough.  For example in
ap_del_station we may end up emitting two events: STATION_REMOVED and
DHCP_LEASE_EXPIRED.  Use a slightly more complicated mechanism to
explicitly guard ap_free calls inside the event handler.

To make it easier, simplify cleanup in ap_assoc_reassoc with the use of
_auto_.

In ap_del_station reorder the actions to send the STATION_REMOVED event
first as the DHCP_LEASE_EXPIRED is a consequence of the former and it
makes sense for the handler to react to it first.
2021-11-09 14:29:52 -06:00
Denis Kenzior
cfd191a803 eap: Silence uninitialized var warning
src/eap.c: In function 'eap_rx_packet':
src/eap.c:419:50: error: 'vendor_type' may be used uninitialized in this function [-Werror=maybe-uninitialized]
  419 |  (type == EAP_TYPE_EXPANDED && vendor_id == (id) && vendor_type == (t))
      |                                                  ^~
src/eap.c:430:11: note: 'vendor_type' was declared here
  430 |  uint32_t vendor_type;

It isn't clear why GCC complains about vendor_type, but not vendor_id.
But in all cases if type == EAP_TYPE_EXPANDED, then vendor_type and
vendor_id are set.  Silence this spurious warning.
2021-11-08 15:12:25 -06:00
Torsten Schmitz
5a111ac902 station: Prevent a NULL pointer access
There is an unchecked NULL pointer access in network_has_open_pair.
open_info can be NULL, when out of multiple APs in range that advertise
the same SSID some advertise OWE transition elments and some don't.
2021-11-08 13:51:34 -06:00
James Prestwood
ea23556a40 scan: use signal strength if bss ranks are equal
If two BSS's end up with the same rank sort them based on signal
strength so IWD still prefers the higher strength BSS.
2021-11-08 13:49:50 -06:00
James Prestwood
f85fc4202a anqp: return the request ID rather than true 2021-11-08 11:31:49 -06:00
Marc-Antoine Perennou
b3991c1a40 eap: Remove nested function use
This allows building iwd with clang
2021-11-08 11:12:37 -06:00
James Prestwood
ba5f4616d2 station: set sysfs options required by HS2.0 spec
The Hotspot 2.0 spec has some requirements that IWD was missing depending
on a few bits in extended capabilities and the HS2.0 indication element.
These requirements correspond to a few sysfs options that can be set in
the kernel which are now set on CONNECTED and unset on DISCONNECTED.
2021-11-04 14:30:00 -05:00
James Prestwood
d4e3ec52b2 scan: keep track of HS20 DGAF Disable bit in scan_bss 2021-11-04 14:29:46 -05:00
James Prestwood
6852cf0a3e ie: parse DGAF Disable bit from HS20 indication element 2021-11-04 14:29:25 -05:00
James Prestwood
fd85192a54 scan: parse Proxy ARP bit from extended capabilities 2021-11-04 14:27:55 -05:00
James Prestwood
b4c20ef81c netconfig: netconfig_reconfigure check bool for setting ARP
Only set the gateway to the ARP cache if the caller requests.
2021-11-03 17:47:03 -05:00
James Prestwood
873924a027 station: set evict_nocarrier sysfs option during roaming
If the kernel supports evict_nocarrier set this during the roam
to prevent packet delays post roam.
2021-11-03 17:44:25 -05:00
James Prestwood
25936b1365 netconfig: remove sysfs static functions 2021-11-03 17:44:11 -05:00
James Prestwood
6ea58f9fde sysfs: introduce sysfs module
Netconfig was the only user of sysfs but now other modules will
also need it.

Adding existing API for IPv6 settings, a IPv4 and IPv6 'supports'
checker, and a setter for IPv4 settings.
2021-11-03 17:44:00 -05:00
James Prestwood
3a47181a50 netdev: add SA Query delay with OCV enabled
The way a SA Query was done following a channel switch was slightly
incorrect. One because it is only needed when OCVC is set, and two
because IWD was not waiting a random delay between 0 and 5000us as
lined out by the spec. This patch fixes both these issues.
2021-10-26 17:16:38 -05:00
Andrew Zaborowski
0971eb4d0c netconfig: Convert netconfig_load_settings to use _auto_
As requested do the cleanup in netconfig_load_settings using ell's
private _auto_() macro.
2021-10-22 12:12:17 -05:00
Andrew Zaborowski
f0a85ddeb4 netconfig: Track local domains lists
Cache the latest v4 and v6 domain string lists in struct netconfig state
to be able to more easily detect changes in those values in future
commits.  For that split netconfig_set_domains's code into this function,
which now only commits the values in netconfig->v{4,6}_domain{,s} to the
resolver, and netconfig_domains_update() which figures out the active
domains string list and saves it into netconfig->v{4,6}_domain{,s}.  This
probably saves some cycles as the callers can now decide to only
recalculate the domains list which may have changed.

While there simplify netconfig_set_domains return type to void as the
result was always 0 anyway and was never checked by callers.
2021-10-22 12:12:17 -05:00
Andrew Zaborowski
2b1b8cce54 netconfig: Track DNS address string lists
Cache the latest v4 and v6 DNS IP string lists in struct netconfig state
to be able to more easily detect changes in those values in future
commits.  For that split netconfig_set_dns's code into this function,
which now only commit the values in netconfig->dns{4,6}_list to the
resolver, and netconfig_dns_list_update() which figures out the active
DNS IP address list and saves it in netconfig->dns{4,6} list.  This
probably saves some cycles as the callers can now decide to only
recalculate the dns_list which may have changed.

While there simplify netconfig_set_dns return type to void as the result
was always 0 anyway and was never checked by callers.
2021-10-22 12:12:17 -05:00
Andrew Zaborowski
7e38962d59 netconfig: Track gateway address strings
Cache the latest v4 and v6 gateway IP string in struct netconfig state
to be able to more easily detect changes in those values in future
commits and perhaps to simplify the ..._routes_install functions.
netconfig_ipv4_get_gateway's out_mac parameter can now be NULL.  While
editing that function fix a small formatting annoyance.
2021-10-22 12:12:17 -05:00
Andrew Zaborowski
ec634ad2a7 netconfig: trivial: Fix double-empty space 2021-10-22 12:12:17 -05:00
Andrew Zaborowski
cfde6c3f55 netconfig: Refactor netconfig_ipv4_get_gateway
Use a separate fils variable to make the code a bit prettier.

Also make sure that the out_mac parameter is not NULL prior to storing
the gateway_mac in it.
2021-10-22 12:12:17 -05:00
Andrew Zaborowski
927a3dc322 netconfig: Cache the IPv6 l_rtnl_address object
For symmetry with netconfig->v4_address add a netconfig->v6_address
so that we can track what the current address is at any time.
2021-10-22 12:12:17 -05:00
Denis Kenzior
d702e037c0 main: Simplify away l_dbus_message_builder use
Since the dictionary attributes are static, l_dbus_message_set_arguments
can be used instead.
2021-10-22 12:12:17 -05:00
Andrew Zaborowski
23799d0cb4 treewide: Parse EnableNetworkConfiguration in one place
Add netconfig_enabled() and use that in all places that want to know
whether network configuration is enabled.  Drop the enable_network_config
deprecated setting, which was only being handled in one of these 5 or so
places.
2021-10-22 12:12:02 -05:00
James Prestwood
e4b78d83d6 network: fix autoconnect for Open networks
This code path was never tested and used to ensure a OWE transition
candidate gets selected over an open one (e.g. if all the BSS's are
blacklisted). But this logic was incorrect and the path was being
taken for BSS's that did not contain the owe_trans element, basically
all BSS's. For RSN's this was somewhat fine since the final check
would set a candidate, but for open BSS's the loop would start over
and potentially complete the loop without ever returning a candidate.
If fallback was false, NULL would be returned.

To fix this only take the OWE transition path if its an OWE transition
BSS, i.e. inverse the logic.
2021-10-20 16:52:16 -05:00
Denis Kenzior
3dc724d734 rrm: Consider requests w/ Beacon Reporting
Normally Beacon Reporting subelements are present only if repeated
measurements are requested.  However, an all-zero Beacon Reporting
subelement is included by some implementations.  Handle this case
similarly to the absent case.
2021-10-20 11:49:13 -05:00
Denis Kenzior
ae0ee89d72 rrm: relax Reporting Detail subelement length check
Since Reporting Detail subelement is listed as 'extensible', make sure
that the length check is not overly restrictive.  We only interpret the
first field.
2021-10-20 11:48:26 -05:00
James Prestwood
42ab82c20c station: disable OCV if offloading is supported
It was seen during testing that several offload-capable cards
were not including the OCI in the 4-way handshake. This made
any OCV capable AP unconnectable.

To be safe disable OCV on any cards that support offloading.
2021-10-19 17:04:42 -05:00
James Prestwood
747cb00c31 wiphy: add wiphy_can_offload
This is a convenience method for detecting any supported offload
extended features (4way/1x/SAE).
2021-10-19 17:04:39 -05:00
James Prestwood
2b88840316 station: don't enable OCV unless MFPC is supported 2021-10-19 15:41:16 -05:00
Denis Kenzior
659a63ae20 netdev: Print if SA Query is in progress 2021-10-19 15:40:26 -05:00
James Prestwood
4b88607b19 netdev: start SA Query on channel switch event
802.11 requires an STA initiate the SA Query procedure on channel
switch events. This patch refactors sending the SA Query into its
own routine and starts the procedure when the channel switch event
comes in.

In addition the OCI needs to be verified, so the channel info is
parsed and set into the handshakes chandef.
2021-10-19 13:28:18 -05:00
James Prestwood
8f036c229e nl80211cmd: make CH_SWITCH_STARTED_NOTIFY name unique
There are several events for channel switching, and nl80211cmd was
naming two of them "Channel Switch Notify". Change
CH_SWITCH_STARTED_NOTIFY to "Channel Switch Started Notify" to
distinguish the two events.
2021-10-19 13:28:07 -05:00
James Prestwood
bf5afa52e5 netdev: add OCI elements to SA Query request/response frames
SA query is the final protocol that requires OCI inclusion and
verification. The OCI element is now included and verified in
both request and response frames as required by 802.11.
2021-10-19 13:26:57 -05:00
James Prestwood
7fed9f758f ie: add ie_parse_oci
This is a very minimal parser, more or less to put the type
and length checks into a single location.
2021-10-19 13:26:49 -05:00
Denis Kenzior
224721e7f0 netconfig: Make sure gw is not NULL
strcmp behavior is undefined if one of the parameters is NULL.
Server-id is a mandatory value and cannot be NULL.  Gateway can be NULL
in DHCP, so check that explicitly.

Reported-by: Andrew Zaborowski <andrew.zaborowski@intel.com>
2021-10-18 10:43:41 -05:00
Denis Kenzior
2135a4f845 netconfig: Try to put gateway mac into ARP cache
In certain situations, it is possible for us to know the MAC of the
default gateway when DHCP finishes.  This is quite typical on many home
network and small network setups.  It is thus possible to pre-populate
the ARP cache with the gateway MAC address to save an extra round trip
at connection time.

Another advantage is during roaming.  After version 4.20, linux kernel
flushes ARP caches by default whenever netdev encounters a no carrier
condition (as is the case during roaming).  This can prevent packets
from going out after a roam for a significant amount of time due to
lost/delayed ARP responses.
2021-10-15 16:43:42 -05:00
Denis Kenzior
b6fd028fe7 ap: Use _u32 dhcp_lease getters 2021-10-13 17:56:51 -05:00
Denis Kenzior
f1b2bca6bd netconfig: Use l_dhcp_lease_get_prefix_length 2021-10-13 17:56:49 -05:00
Denis Kenzior
6b71a71e19 ap: Use l_dhcp_lease_get_prefix_length 2021-10-13 17:56:46 -05:00
James Prestwood
219e18323f station: limit extended key IDs to CCMP ciphers 2021-10-13 10:34:55 -05:00
James Prestwood
a205afe2de netdev: set TK index to zero for FT
Since FT re-uses the handshake the active TK index may be set to a
non-zero value.
2021-10-08 14:13:56 -05:00
Denis Kenzior
3d736d4c20 station: Only set our OCVC if the AP supports it 2021-10-08 13:33:11 -05:00
James Prestwood
1ec6c46a1d station: set extended key capability
If wiphy and the AP suppor it, set the Extended Key ID capability
bit in the RSN info.
2021-10-08 13:27:52 -05:00
James Prestwood
5ff7d113b9 netdev: support extended key IDs
This implements the new handshake callback for setting a TK with
an extended key ID. The procedure is different from legacy zero
index TKs.

First the new TK is set as RX only. Then message 4 should be sent
out (so it uses the existing TK). This poses a slight issue with
PAE sockets since message order is not guaranteed. In this case
the 4th message is stored and sent after the new TK is installed.
Then the new TK is modified using SET_KEY to both send and
receive.

In the case of control port over NL80211 the above can be avoided
and we can simply install the new key, send message 4, and modify
the TK as TX + RX all in sequence, without waiting for any callbacks.
2021-10-08 13:27:14 -05:00
James Prestwood
80135367cf handshake: update TK installer/builder to take key index 2021-10-08 13:26:25 -05:00
Denis Kenzior
a001740506 manager: Initialize all default interfaces
When UseDefaultInterface is set, iwd doesn't attempt to destroy and
recreate any default interfaces it detects.  However, only a single
default interface was ever remembered & initialized.  This is fine for
most cases since the kernel would typically only create a single netdev
by default.

However, some drivers can create multiple netdevs by default, if
configured to do so.  Other usecases, such as tethering, can also
benefit if iwd initialized & managed all default netdevs that were
detected at iwd start time or device hotplug.
2021-10-08 13:23:36 -05:00
Denis Kenzior
a584396147 eapol: Remove unneeded initialization
oci variable is always set during handshake_util_find_kde.  Do not
initialize it unnecessarily to help the compiler / static analysis find
potential issues.
2021-10-08 12:31:36 -05:00
Denis Kenzior
e519d1139a eapol: Remove unneeded assignment
gtk and igtk are already initialized to NULL at declaration time.
There's no need to set them to NULL here.
2021-10-08 12:31:10 -05:00
Denis Kenzior
80ed3ef5b2 eapol: Fix trying to include uninitialized data
If OCI is not used, then the oci array is never initialized.  Do not try
to include it in our GTK 2_of_2 message.

Fixes: ad4d639854 ("eapol: include OCI in GTK 2/2")
2021-10-08 12:31:10 -05:00
James Prestwood
24d4790537 eapol: support extended key IDs
802.11 added Extended Key IDs which aim to solve the issue of PTK
key replacement during rekeys. Since swapping out the existing PTK
may result in data loss because there may be in flight packets still
using the old PTK.

Extended Key IDs use two key IDs for the PTK, which toggle between
0 and 1. During a rekey a new PTK is derived which uses the key ID
not already taken by the existing PTK. This new PTK is added as RX
only, then message 4/4 is sent. This ensure message 4 is encrypted
using the previous PTK. Once sent, the new PTK can be modified to
both RX and TX and the rekey is complete.

To handle this in eapol the extended key ID KDE is parsed which
gives us the new PTK key index. Using the new handshake callback
(handshake_state_set_ext_tk) the new TK is installed. The 4th
message is also included as an argument which is taken care of by
netdev (in case waiting for NEW_KEY is required due to PAE socekts).
2021-10-08 08:52:52 -05:00
James Prestwood
cc850d3a3d nl80211util: set multicast on new group keys
This may not be required but setting the group key mode explicitly
to multicast makes things consistent, even if only for the benefit
of reading iwmon logs easier.
2021-10-08 08:48:58 -05:00
James Prestwood
63b0778c99 handshake: add callback for extended key IDs
The procedure for setting extended key IDs is different from the
single PTK key. The key ID is toggled between 0 and 1 and the new
key is set as RX only, then set to RX/TX after message 4/4 goes
out.

Since netdev needs to set this new key before sending message 4,
eapol can include a built message which netdev will store if
required (i.e. using PAE).
2021-10-08 08:40:29 -05:00
James Prestwood
fba3b90c11 handshake: add flags/key index for extended key IDs
ext_key_id_capable indicates the handshake has set the capability bit
in the RSN info. This will only be set if the AP also has the capability
set.

active_tk_index is the key index the AP chose in message 3. This is
now used for both legacy (always zero) and extended key IDs.
2021-10-08 08:39:27 -05:00
James Prestwood
898c7e636e wiphy: change wiphy_control_port_capable -> enabled
Move the reading of ControlPortOverNL80211 into wiphy itself and
renamed wiphy_control_port_capable to wiphy_control_port_enabled.
This makes things easier for any modules interested in control
port support since they will only have to check this one API rather
than read the settings and check capability.
2021-10-08 08:38:35 -05:00
Andrew Zaborowski
af47112a30 p2p: Add p2p.Peer.Address D-bus property
Expose the Device Address property for each peer.  The spec doesn't say
much about how permanent the address or the name are, although the
device address by definition lives longer than the interface addresses.
However the device address is defined to be unique and the name is not
so the address can be used to differentiate devices with identical name.
Being unique also may imply that it's assigned globally and thus
permanent.

Network Manager uses the P2P device address when saving connection
profiles (and will need it from the backend) and in this case it seems
better justified than using the name.

The address is already in the object path but the object path also
includes the local phy index which may change for no reason even when
the peer's address hasn't changed so the path is not useful for
remembering which device we've connected to before.  Looking at only
parts of the path is considered wrong.
2021-10-06 15:59:15 -05:00
James Prestwood
d2f52a6723 wiphy: add wiphy_supports_ext_key_id 2021-10-04 13:39:29 -05:00
Denis Kenzior
9766426b59 wiphy/netdev: Add & use wiphy_control_port_capable
Some drivers might not actually support control port properly even if
advertised by mac80211.  Introduce a new method to wiphy that will take
care of looking up any driver quirks that override the presence of
NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211
2021-10-01 09:38:38 -05:00
Denis Kenzior
6f925c4dae manager/wiphy: Move default if determination
Move the driver database into wiphy.c so it can be extended with other
potential driver quirks.
2021-10-01 09:28:56 -05:00
Denis Kenzior
c5890ac87f netconfig: Apply MDNS setting at _configure time 2021-09-29 16:08:12 -05:00
Denis Kenzior
7f55a241a4 netconfig: Allow consecutive calls to _load_settings()
Make consecutive calls to netconfig_load_settings() memory-leak safe by
introducing a netconfig_free_settings convenience method.  This method
will free any settings that are allocated as a result of
netconfig_load_settings() and will be called from netconfig_free() to
ensure that any settings are freed as a result of netconfig_destroy().
2021-09-29 16:03:39 -05:00
Andrew Zaborowski
3021472358 netconfig: Set netconfig_get_static6_gateway out param on success
Make sure to only set the netconfig_get_static6_gateway's out_mac
parameter on successful return and make sure to always set it, even if
to NULL.
2021-09-29 15:16:50 -05:00
Andrew Zaborowski
d71a604385 netconfig: Track the IPv6 route add netlink command
For symmetry with IPv4, save the command id for this netlink command so
we can later add logic to the callback as well as be able to cancel the
command.  No functional change in this commit alone.
2021-09-29 14:51:18 -05:00
James Prestwood
e6340996d7 eapol: netdev: allow rekeys using FT-FILS
Rekeying was overlooked when implementing FT-FILS and there were
many places where the AKM was never checked and the rekey was
failing.
2021-09-28 17:26:10 -05:00
James Prestwood
183a7a18a9 eapol: don't enforce PMKID on 1/4 if require_handshake is false
FT/FILS handle their own PMK derivation but rekeys still require
using the 4-way handshake. There is some ambiguity in the spec whether
or not the PMKID needs to be included in message 1/4 and it appears
that when rekeying after FT/FILS hostapd does not include a PMKID.
2021-09-28 17:26:10 -05:00
James Prestwood
ad4d639854 eapol: include OCI in GTK 2/2 2021-09-28 17:26:05 -05:00
James Prestwood
27be63fe65 ft: check authenticator_ie from ft_ds_info, not handshake
The handshake contains the current BSS's RSNE/WPA which may differ
from the FT-over-DS target. When verifying the target BSS's RSNE/WPA
IE needs to be checked, not the current BSS.
2021-09-28 17:24:59 -05:00
James Prestwood
ae358bd524 ft: netdev: store FT-over-DS target RSNE/WPA
Keep track of the target BSS's authenticator IE for verification.
It should not be assumed that the target BSS and original RSNE/WPA
IE matches.
2021-09-28 16:58:41 -05:00
James Prestwood
d0b0004c8c netdev: set result/status for deauth path
If the deauth path was triggered IWD would deauth but end up
calling the connect callback with whatever result netdev had
set, e.g. 'NETDEV_RESULT_OK'. This, of course, caused station
some confusion.
2021-09-28 16:53:25 -05:00
James Prestwood
7e9708ddbc station: start FT-over-DS actions after roaming
Once roamed IWD never sent out any FT Request frames. This prevented
FT-over-DS from being used after an initial roam.
2021-09-28 16:52:26 -05:00
James Prestwood
d68c9e69fa fils: support OCI in reassociation 2021-09-28 16:46:48 -05:00
James Prestwood
c4c14f3ac0 ft: set OCVC false for FT-over-DS
FT-over-DS cannot use OCV due to how the kernel works. This means
we could connect initially with OCVC set, but a FT-over-DS attempt
needs to unset OCVC. Set OCVC false when rebuilding the RSNE for
reassociation.
2021-09-28 11:51:52 -05:00
James Prestwood
bc0375fb30 ft: make Authenticate OCVC settable by caller
The FT-over-DS action stage builds an FT-Request which contains an
RSNE. Since FT-over-DS will not support OCV add a boolean to
ft_build_authenticate_ies so the OCVC bit can be disabled rather
than relying on the handshake setting.
2021-09-28 11:01:03 -05:00
James Prestwood
141b01f82a station: set OCVC for handshakes
Setting OCVC true for all connections unless disabled
2021-09-28 11:01:03 -05:00
James Prestwood
69cf481ca9 ft: get OCI prior to reassociation
This modifies the FT logic to fist call get_oci() before
reassociation. This allows the OCI to be included in reassociation
and in the 4-way handshake later on.

The code path for getting the OCI had to be slightly changed to
handle an OCI that is already set. First the handshake chandef is
NULL'ed out for any new connection. This prevents a stale OCI from
being used. Then some checks were added for this case in
netdev_connect_event and if chandef is already set, start the 4-way
handshake.
2021-09-28 11:01:00 -05:00
James Prestwood
10c8e5e263 netdev: change netdev_get_oci to be used as a callback
This can be reused to be called from ft.c
2021-09-28 10:51:48 -05:00
James Prestwood
7474ff0975 auth-proto: add auth_proto_rx_oci
This allows auth protos to get notified when the chandef has been
set. Since netdev sets chandef already there is no arguments.
2021-09-28 10:51:33 -05:00
James Prestwood
08936c1534 eapol: fix incorrect increment appending OCI
This was addign an extra byte to the buffer which hostapd accepted
unless there was additional data, like the RSNXE.
2021-09-28 10:51:30 -05:00
James Prestwood
e6aaceeb4b doc: add DisableOCV setting 2021-09-28 10:51:25 -05:00
Denis Kenzior
6c0eb76cb7 netconfig: Set address at configure time
netconfig_load_settings is called when establishing a new initial
association to a network.  This function tries to update dhcp/dhcpv6
clients with the MAC address of the netdev being used.  However, it is
too early to update the MAC here since netdev might need to powercycle
the underlying network device in order to update the MAC (i.e. when
AddressRandomization="network" is used).

If the MAC is set incorrectly, DHCP clients are unable to obtain the
lease properly and station is stuck in "connecting" mode indefinitely.
Fix this by delaying MAC address update until netconfig_configure() is
invoked.

Fixes: ad228461ab ("netconfig: Move loading settings to new method, refactor")
2021-09-28 10:11:20 -05:00
James Prestwood
8db2f442bc netdev: fix return value check for ft_over_ds_parse_action_ies
This returns a bool but was being treated as a signed int.
2021-09-27 19:32:52 -05:00
James Prestwood
2613564093 util: surround MAC_STR array access with ()
This allows printing from pointer offsets, for example:

MAC_STR(buf + 10)
2021-09-27 19:32:41 -05:00
James Prestwood
7e95480094 station: remove signal_low check for FT-over-DS
If the AP advertises FT-over-DS support it likely wants us to use
it. Additionally signal_low is probably going to be true since IWD
has started a roam attempt.
2021-09-27 12:44:40 -05:00
James Prestwood
61c804f5b2 ft: sent OCI in Reassociate 2021-09-27 12:42:45 -05:00
James Prestwood
1e9c3b3d1e eapol: send OCI in handshake 2/4 2021-09-27 12:42:37 -05:00
James Prestwood
23fb4493df ie: add OCI support in build_fast_bss_transition 2021-09-27 12:42:33 -05:00
James Prestwood
1187fcbf42 handshake: free chandef if already set
This can happen with FT, since the handshake object is reused.
2021-09-23 17:46:57 -05:00
James Prestwood
dfd304353d station: check if connected before allowing Roam() 2021-09-23 17:46:51 -05:00
James Prestwood
b6884df39a station: fix use-after-free on neighbor reports
When netdev goes down so does station, but prior to netdev calling
the neighbor report callback. The way the logic was written station
is dereferenced prior to checking for any errors, causing a use
after free.

Since -ENODEV is used in this case check for that early before
accessing station.
2021-09-23 17:46:34 -05:00
Denis Kenzior
a0deadc919 treewide: Remove double-empty lines 2021-09-23 17:45:29 -05:00
Denis Kenzior
a2990443d2 band: add oci_from_chandef
This adds a utility to convert a chandef obtained from the kernel into a
3 byte OCI element format containing the operating class, primary
  channel and secondary channel center frequency index.
2021-09-23 11:52:56 -05:00
James Prestwood
885c4c9632 scan: use oper_class/channel for OWE hidden scans
If these are included in the OWE transition IE use them to scan
for the OWE hidden network.
2021-09-22 14:40:10 -05:00
James Prestwood
e798d4fe9d scan: validate OWE transition operating class/channel
If the IE's operating class and channel doesn't validate don't bother
storing the IE at all.
2021-09-22 14:39:33 -05:00
James Prestwood
ea16ade5e0 ie: parse operating class/channel for ie_owe_transition_info 2021-09-22 14:32:50 -05:00
James Prestwood
22ff2a5f79 scan: use structure for OWE transition parsing
This changes scan_bss from using separate members for each
OWE transition element data type (ssid, ssid_len, and bssid)
to a structure that holds them all.

This is being done because OWE transition has option operating
class and channel bytes which will soon be parsed. This would
end up needing 5 separate members in scan_bss which is a bit
much for a single IE that needs to be parsed.

This makes checking the presense of the IE more convenient
as well since it can be done with a simple NULL pointer check
rather than having to l_memeqzero the BSSID.
2021-09-22 13:52:44 -05:00
James Prestwood
421f068903 ie: add info struct for OWE transition
These members are currently stored in scan_bss but with the
addition of operating class/band info this will become 5
separate members. This is a bit excessive to store in scan_bss
separately so instead this structure can hold everything related
to the OWE transition IE.
2021-09-22 13:52:36 -05:00
Denis Kenzior
c678ba16b8 netdev: Pretty print the unicast notification type 2021-09-22 08:28:46 -05:00
James Prestwood
6dc7fde272 ie: parse RSNXE Present bit 2021-09-21 16:34:36 -05:00
Denis Kenzior
06482b8116 netdev: Obtain operating channel info
Prior to starting the 4-way handshake, obtain operating channel
information (OCI) for possible operating channel validation (OCV)
processing.
2021-09-21 15:48:08 -05:00
Denis Kenzior
2aded60c94 eapol: Validate OCI in STA mode 2021-09-21 15:39:55 -05:00
Denis Kenzior
8ada894f70 handshake: Add OCV utilities
Add a utility for setting the OCI obtained from the hardware (prior to
handshake starting) as well as a utility to validate the OCI obtained
from the peer.
2021-09-21 15:39:07 -05:00
Denis Kenzior
b41106d359 band: Add oci_verify
Add a utility that will verify a peer's OCI element and validate it
given the current chandef obtained from the driver.
2021-09-21 15:34:40 -05:00
Denis Kenzior
ca767aa857 band: Add oci_to_frequency
This adds a utility that can convert an operating class + channel
combination to a frequency.  Operating class is assumed to be a global
operating class from 802.11 Appendix E4.

This information can be found in Operating Channel Information (OCI) IEs,
as well as OWE Transition Mode IEs.
2021-09-21 15:34:40 -05:00
Denis Kenzior
85a6fc25f1 nl80211util: Add chandef parser
Parse chandef elements from NL80211_CMD_GET_INTERFACE.  This provides
information on the current operating channel.
2021-09-21 15:21:39 -05:00
Denis Kenzior
5e631c8af8 handshake: Refactor ie setters
Calling handshake_state_setup_own_ciphers from within
handshate_state_set_authenticator_ie was misleading.  In all cases the
supplicant chooses the AKM.  This worked since our AP code only ever
advertises a single AKM, but would not work in the general case.

Similarly, the supplicant would choose which authentication type to use
by either sending the WPA1 or WPA2 IE (or OSEN).  Thus the setting of
the related variables in handshake_state_set_authenticator_ie was also
incorrect.  In iwd, the supplicant_ie would be set after the
authenticator_ie, so these settings would be overwritten in most cases.

Refactor these two setters so that the supplicant's chosen rsn_info
would be used to drive the handshake.
2021-09-20 15:19:27 -05:00
Denis Kenzior
63ef918671 ap: validate group cipher
Make sure to validate group_cipher from the STA similarly to how
akm_suites and pairwise_ciphers are validated.
2021-09-20 15:19:27 -05:00
Fabrice Fontaine
ec1c348b4f build: Add reallocarray to missing.h
reallocarray has been added to glibc relatively recently (version 2.26,
from 2017) and apparently not all users run new enough glibc. Moreover,
reallocarray is not available with uclibc-ng. So use realloc if
reallocarray is not available to avoid the following build failure
raised since commit 891b78e9e8:

/home/giuliobenetti/autobuild/run/instance-3/output-1/host/lib/gcc/xtensa-buildroot-linux-uclibc/10.3.0/../../../../xtensa-buildroot-linux-uclibc/bin/ld: src/sae.o: in function `sae_rx_authenticate':
sae.c:(.text+0xd74): undefined reference to `reallocarray'

Fixes:
 - http://autobuild.buildroot.org/results/c6d3f86282c44645b4f1c61882dc63ccfc8eb35a
2021-09-20 10:32:51 -05:00
James Prestwood
f45696485c network: reply to pending messages on network_unregister
If there is a connect_after_* message for ANQP or OWE hidden networks
reply to these before unregistering the network.
2021-09-17 18:13:15 -05:00
James Prestwood
8a735edac0 network: prefer OWE transition BSS over open
There isn't much control station has with how BSS's are inserted to
a network object. The rank algorithm makes that decision. Because of
this we could end up in a situation where the Open BSS is preferred
over the OWE transition BSS.

In attempt to better handle this any Open BSS in this type of network
will not be chosen unless its the only candidate (e.g. no other BSSs,
inability to connect with OWE, or an improperly configured network).
2021-09-17 18:05:07 -05:00
James Prestwood
e462dcda56 station: handle OWE Transition procedure
OWE Transition is described in the WiFi Alliance OWE Specification
version 1.1. The idea behind it is to support both legacy devices
without any concept of OWE as well as modern ones which support the
OWE protocol.

OWE is a somewhat special type of network. Where it advertises an
RSN element but is still "open". This apparently confuses older
devices so the OWE transition procedure was created.

The idea is simple: have two BSS's, one open, and one as a hidden
OWE network. Each network advertises a vendor IE which points to the
other. A device sees the open network and can connect (legacy) or
parse the IE, scan for the hidden OWE network, and connect to that
instead.

Care was taken to handle connections to hidden networks directly.
The policy is being set that any hidden network with the WFA OWE IE
is not connectable via ConnectHiddenNetwork(). These networks are
special, and can only be connected to via the network object for
the paired open network.

When scan results come in from any source (DBus, quick, autoconnect)
each BSS is checked for the OWE Transition IE. A few paths can be
taken here when the IE is found:

1. The BSS is open. The BSSID in the IE is checked against the
   current scan results (excluding hidden networks). If a match is
   found we should already have the hidden OWE BSS and nothing
   else needs to be done (3).

2. The BSS is open. The BSSID in the IE is not found in the
   current scan results, and the open network also has no OWE BSS
   in it. This will be processed after scan results.

3. The BSS is not open and contains the OWE IE. This BSS will
   automatically get added to the network object and nothing else
   needs to be done.

After the scan results each network is checked for any non-paired
open BSS's. If found a scan is started for these BSS's per-network.
Once these scan results come in the network is notified.

From here network.c can detect that this is an OWE transition
network and connect to the OWE BSS rather than the open one.
2021-09-17 17:59:54 -05:00
James Prestwood
71384da38f network: add network_get_station 2021-09-17 17:59:52 -05:00
James Prestwood
a6c4972290 scan: add scan API specifically for OWE transition networks
Specifically OWE networks with multiple open/hidden BSS's are troublesome
to scan for with the current APIs. The scan parameters are limited to a
single SSID and even if that was changed we have the potential of hitting
the max SSID's per scan limit. In all, it puts the burden onto the caller
to sort out the SSIDs/frequencies to scan for.

Rather than requiring station to handle this a new scan API was added,
scan_owe_hidden() which takes a list of open BSS's and will automatically
scan for the SSIDs in the OWE transition IE for each.

It is slightly optimized to first check if all the hidden SSID's are the
same. This is the most likely case (e.g. single pair or single network)
and a single scan command can be used. Otherwise individual scan commands
are queued for each SSID/frequency combo.
2021-09-17 17:59:43 -05:00
Denis Kenzior
c235c9fa54 handshake: Only bitwise compare when needed
handshake_util_ap_ie_matches() is used to make sure that the RSN element
received from the Authenticator during handshake / association response
is the same as the one advertised in Beacon/Probe Response frames.  This
utility tries to bitwise compare the element first, and only if that
fails, compares RSN members individually.

For FT, bitwise comparison will always fail since the PMKID has to be
included by the Authenticator in any RSN IEs included in Authenticate
& Association Response frames.

Perform the bitwise comparison as an optimization only during processing
of eapol message 3/4.  Also keep the parsed rsn information for future
use and to possibly avoid re-parsing it during later checks.
2021-09-17 09:19:26 -05:00
Denis Kenzior
4d95e3a161 handshake: Update KDE definitions to 802.11-2020 2021-09-17 08:27:20 -05:00
Denis Kenzior
77d2d79ac2 handshake: Also check OCVC bit 2021-09-17 08:22:40 -05:00
Denis Kenzior
171b2b90b8 ie: Add support for OCVC bit in RSNE utils 2021-09-17 08:22:15 -05:00
Denis Kenzior
64923913c2 station: Trigger autoconnect only on last subset
DBus scan is performed in several subsets.  In certain corner-case
circumstances it would be possible for autoconnect to run after each
subset scan.  Instead, trigger autoconnect only after the dbus scan
completes.

This also works around a condition where ANQP results could trigger
autoconnect too early.
2021-09-16 17:28:04 -05:00
Denis Kenzior
17827f1ff9 station: Commonize autoconnect starting logic 2021-09-16 16:41:59 -05:00
Denis Kenzior
c0fe7070a3 station: Simplify station_set_scan_results() calls
Several invocations of station_set_scan_results() base the
'add_to_autoconnect' parameter on station_is_autoconnecting().  Simplify
the code by having station_set_scan_results() invoke that itself.
'add_to_autoconnect' now becomes an 'intent' parameter, specifying
whether autoconnect path should be invoked as a result of these scan
results or not when station is in an appropriate state.  Rename
'add_to_autoconnect' parameter to make this clearer.
2021-09-16 16:38:16 -05:00
Denis Kenzior
514e3b2710 station: Don't autoconnect via debug scans
Scans triggered via the StationDebug interface should not trigger the
autoconnect logic.
2021-09-16 16:38:03 -05:00
James Prestwood
163fb868c2 station: Ignore OWE Transition BSSes
BSSes that advertise OWE Transition IE are special and should be ignored
for the purposes of ConnectHiddenNetwork
2021-09-16 16:35:57 -05:00
James Prestwood
e10bb3bd77 station: Do not re-process cached entries for anqp
If the frequency of the bss is not in the list of frequencies for the
current scan, then this is a cached bss.  It was likely already
processed for ANQP before, so skip it.
2021-09-16 16:35:15 -05:00
James Prestwood
a94c0ed29e scan: keep track of OWE Transition element 2021-09-16 11:21:32 -05:00
James Prestwood
df6221bcb2 scan: allow non-utf8 SSIDs to be scanned for
IWD has restricted SSIDs to only utf8 so they can be displayed but
with the addition of OWE transition networks this is an unneeded
restriction (for these networks). The SSID of an OWE transition
network is never displayed to the user so limiting to utf8 isn't
required.

Allow non-utf8 SSIDs to be scanned for by including the length in
the scan parameters and not relying on strlen().
2021-09-16 11:20:46 -05:00
James Prestwood
56c2cf9f10 ie: add ie_parse_owe_transition_from_data
This is a parser for the WFA OWE Transition element. For now the
optional band/channel bytes will not be parsed as hostapd does not
yet support these and would also require the 802.11 appendix E-1
to be added to IWD. Because of this OWE Transition networks are
assumed to be on the same channel as their open counterpart.
2021-09-16 11:20:14 -05:00
Andrew Zaborowski
42bd5ba7c2 netconfig: Remove usage of in6_addr.__in6_u
in6_addr.__in6_u.__u6_addr8 is glibc-specific and named differently in
the headers shipped with musl libc for example.  The POSIX compliant and
universal way of accessing it is in6_addr.s6_addr.
2021-09-16 11:09:51 -05:00
James Prestwood
c19dc6605f network: fix pending hidden OWE scan logic
This was actually broken if triggered because __network_connect
checks if network->connect_after_owe_hidden is set and returns
already in progress. We want to keep this behavior though for
obvious reasons.

To fix this station_connect_network can be called directly which
bypasses the check. This is essentially how ANQP avoids this
problem as well.
2021-09-15 18:36:54 -05:00
James Prestwood
f8b703efed network: support connect during OWE hidden scan
Similar to ANQP a connect call could come in while station is
scanning for OWE hidden networks. This is supported in the same
manor by saving away the dbus message and resuming the connection
after the hidden OWE scan.
2021-09-15 15:49:21 -05:00
James Prestwood
e6f5efbe73 station: add OWE_HIDDEN_STARTED/FINISHED events 2021-09-15 15:49:05 -05:00
James Prestwood
81816ce04d station: network: make ANQP watch a generic event
With the addition of OWE transition network needs to be notified
of the hidden OWE scan which is quite similar to how it is notified
of ANQP. The ANQP event watch can be made generic and reused to
allow other events besides ANQP.
2021-09-15 15:49:02 -05:00
James Prestwood
926dc608af network: set handshake SSID based on BSS, not network
This is being added to support OWE transition mode. For these
type of networks the OWE BSS may contain a different SSID than
that of the network, but the WFA spec requires this be hidden
from the user. This means we need to set the handshake SSID based
on the BSS rather than the network object.
2021-09-15 14:59:05 -05:00
James Prestwood
4329b669d0 ie: add WFA OWE Transition element type 2021-09-15 12:56:43 -05:00
Andrew Zaborowski
8b573fe398 netconfig: Refactor netconfig_set_dns
Refactor netconfig_set_dns to be a bit easier to follow and remove use
of macros.  Also bail out early if no DNS addresses are provided instead
of building an empty DNS list since resolve_set_dns() simply returns if
a NULL or empty DNS list is provided.
2021-09-14 15:12:12 -05:00
Denis Kenzior
23af586acd netdev: Properly handle auth_proto error returns
Kernel keeps transmitting authentication frames until told to stop or an
authentication frame the kernel considers 'final' is received.  Detect
cases where the kernel would keep retransmitting, and if auth_proto
encounters a fatal protocol error, prevent these retransmissions from
occuring by sending a Deauthenticate command to the kernel.

Additionally, treat -EBADMSG/-ENOMSG return from auth_proto specially.
These error codes are meant to convey that a frame should be silently
dropped and retransmissions should continue.
2021-09-08 17:04:36 -05:00
James Prestwood
3d82ab167f mpdu: add MMPDU_STATUS_CODE_SAE_PK 2021-09-08 16:47:36 -05:00
James Prestwood
305189523a auth-proto: document acceptable return values for auth-protos
Since all auth-protos are hidden behind an abstraction they need
to be consisten with the return values as some should be handled
specially.
2021-09-08 16:46:45 -05:00
James Prestwood
7e9b4170b1 sae: don't send commit/confirm in confirmed state
This works around a hostapd bug (described more in the TODO comment)
which is exposed because of the kernels overly agressive re-transmit
behavior on missed ACKs. Combined this results in a death if the
initial commit is not acked. This behavior has been identified in
consumer access points and likely won't ever be patched for older
devices. Because of this IWD must work around the problem which can
be eliminated by not sending out this commit message.

This bug was reported to the hostapd ML:

https://lists.infradead.org/pipermail/hostap/2021-September/039842.html

This change should not cause any compatibility problems to non-hostapd
access points and is identical to how wpa_supplicant treats this
scenario.
2021-09-08 16:46:07 -05:00
James Prestwood
f78ea26f13 fils: change fatal return code to -EPROTO
This keeps FILS consistent with what netdev expects for a fatal
auth-proto return.
2021-09-08 14:35:05 -05:00
James Prestwood
8ca638fb88 sae: fix a spec violation with duplicate commits
If a commit is received while in an accepted state the spec states
the scalar should be checked against the previous commit and if
equal the message should be silently dropped.
2021-09-08 14:16:40 -05:00
James Prestwood
799e7af9c7 sae: print state and transaction on received packets
This will make SAE a bit easier to debug in the future.
2021-09-07 20:03:02 -05:00
James Prestwood
7fe55567bd netdev: print error if CMD_ASSOCIATE fails 2021-09-07 20:02:45 -05:00
Denis Kenzior
9d045fae0e scan: Parse network cost IE info into scan_bss 2021-09-03 16:32:51 -05:00
Denis Kenzior
c93966d5a1 ie: Add parse utility for network cost vendor IE 2021-09-03 16:30:28 -05:00
Andrew Zaborowski
c545674918 station: Check ie_tlv_iter_next return value
This can't be false but check it to calm static analysis.
2021-09-03 14:49:25 -05:00
Andrew Zaborowski
48c5e8d215 netconfig: Actually use the DNS override values
In netconfig_load_settings apply the DNS overrides strings we've loaded
instead of leaking them.

Fixes: ad228461ab ("netconfig: Move loading settings to new method, refactor")
2021-09-03 14:49:15 -05:00
Denis Kenzior
dd9265f2db netdev: deauth if eapol_start fails 2021-09-03 14:40:16 -05:00
James Prestwood
8b6ad5d3b9 owe: netdev: refactor to remove OWE as an auth-proto 2021-09-03 14:34:30 -05:00
James Prestwood
038b9bff4d wsc: set ssid in handshake
netdev now assumes the SSID was set in the handshake (normally via
network_handshake_setup) but WSC calls netdev_connect directly so
it also should set the SSID.
2021-09-03 14:30:44 -05:00
James Prestwood
db2f14225d netdev: factor out scan_bss from CMD_CONNECT builder
In order to support OWE in the CMD_CONNECT path the scan_bss parameter
needs to be removed since this is lost after netdev_connect returns.
Nearly everything needed is also stored in the handshake except the
privacy capability which is now being mirrored in the netdev object
itself.
2021-09-03 14:30:44 -05:00
James Prestwood
3975e4eb6d station: check for duplicate frequencies in debug scan 2021-09-03 13:19:49 -05:00
Andrew Zaborowski
5b7ec7689a ap: Add MACs to FILS IP Assignment responses
Try to include the gateway and DNS MAC addresses in the corresponding
fields in the FILS IP Address Assignment IEs we send to the clients.
2021-08-31 10:10:05 -05:00
Andrew Zaborowski
093d23a869 netconfig: Apply MACs received in FILS IP Assigment
Use the MAC addresses for the gateways and DNS servers received in the
FILS IP Assigment IE together with the gateway IP and DNS server IP.
Commit the IP to MAC mappings directly to the ARP/NDP tables so that the
network stack can skip sending the corresponding queries over the air.
2021-08-31 10:07:13 -05:00
Andrew Zaborowski
eb1149ca1f ie: Extract same-subnet check code to util.h 2021-08-31 10:06:47 -05:00
Andrew Zaborowski
d383a49b7b station, netdev: Enable FILS IP Address Assignment
Send and receive the FILS IP Address Assignment IEs during association.
As implemented this would work independently of FILS although the only
AP software handling this mechanism without FILS is likely IWD itself.

No support is added for handling the IP assignment information sent from
the server after the initial Association Request/Response frames, i.e.
the information is only used if it is received directly in the
Association Response without the "response pending" bit, otherwise the
DHCP client will be started.
2021-08-31 10:04:36 -05:00
Andrew Zaborowski
581b6139dc netconfig: FILS IP assigment API
Add two methods that will allow station to implement FILS IP Address
Assigment, one method to decide whether to send the request during
association, and fill in the values to be used in the request IE, and
another to handle the response IE values received from the server and
apply them.  The netconfig->rtm_protocol value used when the address is
assigned this way remains RTPROT_DHCP because from the user's point of
view this is automatic IP assigment by the server, a replacement for
DHCP.
2021-08-31 10:01:11 -05:00
Andrew Zaborowski
ad228461ab netconfig: Move loading settings to new method, refactor
Split loading settings out of network_configure into a new method,
network_load_settings.  Make sure both consistently handle errors by
printing messages and informing the caller.
2021-08-31 08:37:47 -05:00
James Prestwood
4b38c92f26 netdev: force SAE group 19 if BSS requires 2021-08-25 13:05:15 -05:00
James Prestwood
6680a771e8 sae: add sae_sm_set_force_group_19
Setter which forces the use of group 19 rather than the group order
that ELL provides. Certain APs have been found to have buggy group
negotiation and only work if group 19 is tried first, and only. When
an AP like this this is found (based on vendor OUI match) SAE will
use group 19 unconditionally, and fail if group 19 does not work.
Other groups could be tried upon failure but per the spec group 19
must be supported so there isn't much use in trying other, optional
groups.
2021-08-25 13:05:05 -05:00
James Prestwood
194b4cf60e scan: set force_default_sae_group if OUI matches 2021-08-25 13:04:15 -05:00
James Prestwood
f26f51bf8c ie: add is_ie_default_sae_group_oui
Start an OUI list of vendors who have buggy SAE group negotiation
2021-08-25 12:58:55 -05:00
Andrew Zaborowski
58d2814a92 ap: Support FILS IP Address Assignment IE
Handle the 802.11ai FILS IP Address Assignment IEs in Association
Request frames when netconfig is enabled.  Only IPv4 is supported.
Like the P2P IP Allocation mechanism, since the payload format and logic
is independent from the rest of the FILS standard this is enabled
unconditionally for clients who want to use it even though we don't
actually do FILS in AP mode.
2021-08-25 08:32:16 -05:00
Andrew Zaborowski
8f5f62575d ie: Add FILS IP Address Assignment parsers and builders 2021-08-25 08:02:57 -05:00
Andrew Zaborowski
3045ef0770 ap: Expire client's leases on disconnect
If netconfig is enabled tell the DHCP server to expire any leases owned
by the client that is disconnecting by using l_dhcp_server_expire_by_mac
to return the IPs to the IP pool.  They're added to the expired list
so they'd only be used if there are no other addresses left in the pool
and can be reactivated if the client comes back before the address is
used by somebody else.

This should ensure that we're always able to offer an address to a new
client as long as there are fewer concurrent clients than addresses in
the configured subnet or IP range.
2021-08-25 08:02:38 -05:00
Andrew Zaborowski
bc046994db ap: Implement P2P GO-side 4-way handshake IP Allocation
Use the struct handshake_state::support_ip_allocation field already
supported in eapol.c authenticator side to enable the P2P IP Allocation
mechanism in ap.c.  Add the P2P_GROUP_CAP_IP_ALLOCATION bit in P2P group
capabilities to signal the feature is now supported.

There's no harm in enabling this feature in every AP (not just P2P Group
Owner) but the clients won't know whether we support it other than
through that P2P-specific group capability bit.
2021-08-25 08:02:13 -05:00
Andrew Zaborowski
a90c4025f1 handshake: Add HANDSHAKE_EVENT_P2P_IP_REQUEST
Add a handshake event for use by the AP side for mechanisms that
allocate client IPs during the handshake: P2P address allocation and
FILS address assignment.  This is emitted only when EAPOL or the
auth_proto is actually about to send the network configuration data to
the client so that ap.c can skip allocating a DHCP leases altogether if
the client doesn't send the required KDE or IE.
2021-08-25 08:01:23 -05:00
Denis Kenzior
a75126af39 netdev: Retry IF_OPER_UP
Some drivers ignore the initial IF_OPER_UP setting that was sent during
netdev_connect_ok().  Attempt to work around this by parsing New Link
events.  If OperState setting is still not correct in a subsequent event,
retry setting OperState to IF_OPER_UP.
2021-08-20 09:49:29 -05:00
James Prestwood
9eb3adc33b anqp: print MAC when sending ANQP request 2021-08-18 19:52:20 -05:00
James Prestwood
ea572f23fc network: handle NULL/hotspot networks when removing secrets
The hotspot case can actually result in network being NULL which
ends up crashing when accessing "->secrets". In addition any
secrets on this network were never removed for hotspot networks
since everything happened in network_unset_hotspot.
2021-08-18 16:58:31 -05:00
James Prestwood
99a94bc441 network: destroy secrets on known network removal
If a known network is removed explicitly IWD should forget any
secrets cached on the network object.
2021-08-17 11:44:36 -05:00
James Prestwood
cd2dd4e2dc station: Add generic Event signal
This is meant to be used as a generic notification to autotests. For
now 'no-roam-candidates' is the only event being sent. The idea
is to extend these events to signal conditions that are otherwise
undiscoverable in autotesting.
2021-08-13 14:44:24 -05:00
Andrew Zaborowski
2af0166970 ap: Make station removal safer
Replace instances of the ap_del_station() +
ap_sta_free()/ap_remove_sta() with calls to ap_station_disconnect to
make sure we consistently remove the station from the ap->sta_states
queue before using ap_del_station().  ap_del_station() may generate an
event to the ap.h API user (e.g. P2P) and this may end up tearing down
the AP completely.

For that scenario we also don't want ap_sta_free() to access sta->ap so
we make sure ap_del_station() performs these cleanup steps so that
ap_sta_free() has nothing to do that accesses sta->ap.
2021-08-13 10:49:28 -05:00
Andrew Zaborowski
97a34e6b4a ap: Fix an invalid access in ap_write_wsc_ie
client_frame is not valid for a beacon frame as beacons are not sent in
response to another frame.  Move the access to client_frame->address_2
to the conditional blocks for Probe Response and Association Response
frames.
2021-08-13 10:49:28 -05:00
Andrew Zaborowski
5c9de0cf23 eapol: Store IP address in network byte order
Switch handshake_state's .client_ip_addr, .subnet_mask and .go_ip_addr
from host byte order to network by order.
2021-08-13 10:47:05 -05:00
James Prestwood
dffff73e89 station: implement Scan on debug interface
This is to support the autotesting framework by allowing a smaller
scan subset. This will cut down on the amount of time spent scanning
via normal DBus scans (where the entire spectrum is scanned).
2021-08-13 10:44:26 -05:00
James Prestwood
ea3ce7a119 station: set autoconnect via setter
This updates the autoconnect property for the debug interface
2021-08-13 10:41:25 -05:00
James Prestwood
f6f08f9b96 station: disable autoconnect when in developer mode
Most autotests do not want autoconnect behavior so it is being
turned off by default. There are a few tests where it is needed
and in these few cases the test can enable autoconnect through
the new station debug property.
2021-08-12 16:53:58 -05:00
James Prestwood
249a1ef1c0 station: make autoconnect settable via debug interface
This adds the property "AutoConnect" to the station debug interface
which can be read/written to disable or enable autoconnect globally.
As one would expect this property is only going to be used for testing
hence why it was put on the debug interface. Mosts tests disable
autoconnect (or they should) because it leads to unexpected connections.
2021-08-12 15:57:00 -05:00
James Prestwood
77c4d311ff station: move Roam() under station debug interface 2021-08-12 14:59:19 -05:00
James Prestwood
3afa5e570d station: add ConnectBssid() developer method
This method will initiate a connection to a specific BSS rather
than relying on a network based connection (which the user has
no control over which specific BSS is selected).
2021-08-12 14:46:08 -05:00
James Prestwood
b543bf76f1 netdev: move failure point out of netdev_connect_common
The only point of failure in netdev_connect_common was setting
up the handshake type. Moving this outside of netdev_connect_common
makes the code flow much better in netdev_{connect,reassociate} as
nothing needs to be reset upon failure.
2021-08-12 13:05:58 -05:00
Matt Oberle
2e50e6fc05 hotspot: stat fallback for unknown d_type
Utilize 'storage_is_file' when readdir returns DT_UNKNOWN to ensure
features like autoconnect work on filesystems that don't return a d_type
(eg. XFS).
2021-08-12 10:00:11 -05:00
Matt Oberle
328cb02e4d knownnetworks: stat fallback for unknown d_type
Utilize 'storage_is_file' when readdir returns DT_UNKNOWN to ensure
features like autoconnect work on filesystems that don't return a d_type
(eg. XFS).
2021-08-12 09:59:47 -05:00
Matt Oberle
3ab0d8270a storage: provide storage_is_file
Add a function 'storage_is_file' which will use stat to verify a
file's existence given a path relative to the storage directory.

Not all filesystems provide a file type via readdir's d_type.
XFS is a notable system with optional d_type support.
When d_type is not supported stat must be used as a fallback.
If a stat fallback is not provided iwd will fail to load state files.
2021-08-12 09:59:17 -05:00
James Prestwood
b33d100f7b station: set preparing_roam flag on Roam()
The preparing_roam flag is expected to be set by a few roam
routines and normally this is done prior to the roam scan.
The Roam() developer option was not doing this and would
cause failed roams in some cases.
2021-08-06 22:29:52 -05:00
James Prestwood
04f563c3dc dbus: add StationDebug interface definition
This will hold methods/properties for developers to use.
2021-08-06 22:29:27 -05:00
James Prestwood
a4d18ecf8f network: add __network_connect
This is to support the ConnectBssid developer method which
bypasses the BSS selection logic in order to force a connection
to a specific BSS.
2021-08-06 22:28:44 -05:00
James Prestwood
80fec3f5f4 netdev: allow reassociation for auth-protos
This adds support in netdev_reassociate for all the auth
protocols (SAE/FILS/OWE) by moving the bulk of netdev_connect
into netdev_connect_common. In addition PREV_BSSID is set
in the associate message if 'in_reassoc' is true.
2021-08-06 22:03:13 -05:00
Denis Kenzior
da0fa4e012 station: Set network's vendor IEs into handshake
This guarantees that the vendor IEs will be used on ReAssociate and
Fast-Transition paths, as well as on all non-CMD_CONNECT based
connections.
2021-08-06 14:23:45 -05:00
Denis Kenzior
7e9971661b netdev: Append any vendor IEs from the handshake 2021-08-06 14:07:06 -05:00
Denis Kenzior
f24cfa481b handshake: Add setter for vendor IEs
Some connections, like Hotspot require additional IEs to be used during
the Association.  These are now passed as 'extra_ies' when invoking
netdev_connect, however they are also needed during ReAssociation and FT
to such APs.

Additionally, it may be that Hotspot-enabled APs will start utilizing
FILS or SAE.  In these cases the extra_ies need to be accounted for
somehow, either by making a copy in handshake_state, netdev, or the
auth_proto itself.  Similarly, P2P which heavily uses vendor IEs can be
used over SAE in the future.

Since a copy of these IEs is needed, might as well store them in
handshake_state itself for easy book-keeping by network/station.
2021-08-06 14:04:25 -05:00
Denis Kenzior
8f9e6b3f76 netdev: Send addititional IEs for FT/SAE/OWE/FILS
RM Enabled Capabilities and Extended Capabilities IEs were correctly
being sent when using CMD_CONNECT for initial connections and
re-associations.  However, for SoftMac SAE, FT, FILS and OWE connections,
these additional IEs were not added properly during the Associate step.
2021-08-05 21:01:37 -05:00
Denis Kenzior
289b8826bf netdev: Always send RM Enabled Capabilities
If the driver supports RRM, then we might as well always send the RM
Enabled Capabilities IE (and use the USE_RRM flag).  802.11-2020
suggests that this IE can be sent whenever
dot11RadioMeasurementActivated is true, and this setting is independent
of whether the peer supports RRM.  There's nothing to indicate that an
STA should not send these IEs if the AP is not RRM enabled.
2021-08-05 15:49:46 -05:00
Alvin Šipraga
aa7845ca98 netdev: update frequency on channel switch events
While we correctly emit a NETDEV_EVENT_CHANNEL_SWITCHED event from
netdev for other modules to respond to, we fail to actually update the
frequency of the netdev object in question. Since the netdev frequency
is used elsewhere (e.g. to send action frames), it needs updating too.

Fixes: 5eb0b7ca8e ("netdev: add a channel switch event")
2021-08-05 10:35:50 -05:00
Denis Kenzior
317e345a6a netdev: Remove prev_bssid member
This variable ended up being used only on the fast-transition path.  On
the re-associate path it was never used, but memcpy-ied nevertheless.
Since its only use is by auth_proto based protocols, move it to the
auth_proto object directly.

Due to how prepare_ft works (we need prev_bssid from the handshake, but
the handshake is reset), have netdev_ft_* methods take an 'orig_bss'
parameter, similar to netdev_reassociate.
2021-08-04 23:08:34 -05:00
Denis Kenzior
60e2a9994f netdev: Remove unused variable
This was set, but never used in any way
2021-08-04 15:55:30 -05:00
Denis Kenzior
17d653904f netdev: netdev_connect_common doesn't fail 2021-08-04 15:55:30 -05:00
Denis Kenzior
3f69ddb615 mpdu: Add ie sorting utility
IE elements in various management frames are ordered.  This ordering is
outlined in 802.11, Section 9.3.3.  The ordering is actually different
depending on the frame type.  Instead of trying to implement the order
manually, add a utility function that will sort the IEs in the order
expected by the particular management frame type.

Since we already have IE ordering look up tables in the various
management frame type validation functions, move them to global level
and re-use these lookup tables for the sorting utility.
2021-08-04 10:41:19 -05:00
Denis Kenzior
9a8129abd6 mpdu: Update IE ordering for 802.11-2020 2021-08-04 09:03:07 -05:00
James Prestwood
d58ae33e5c erp: take cache ref in erp_new
Since the erp_state is holding a pointer to the ERP cache, as
well as calling erp_cache_put on free, it should take a reference
for symmetry.
2021-08-03 16:29:47 -05:00
James Prestwood
95574e4538 handshake: unref erp_cache when handshake is freed
This makes the erp_cache ownership more consisten rather than
relying on the ERP state to free the cache.
2021-08-03 16:29:30 -05:00
James Prestwood
630c2c2a08 station: network: rework ERP/FILS code path
This refactors some code to eliminate getting the ERP entry twice
by simply returning it from network_has_erp_identity (now renamed
to network_get_erp_cache). In addition this code was moved into
station_build_handshake_rsn and properly cleaned up in case there
was an error or if a FILS AKM was not chosen.
2021-08-03 16:29:08 -05:00
James Prestwood
d4e8ba072a p2p: fix out of scope read
The authorized macs pointer was being set to either the wsc_beacon
or wsc_probe_response structures, which were initialized out of
scope to where 'amacs' was being used. This resulted in an out of
scope read, caught by address sanitizers.
2021-07-30 10:40:30 -05:00
James Prestwood
4bcfa21ca4 eap-aka: round to nearest word on message buffers
One of these message buffers was overflowing due to padding not
being taken into account (caught by sanitizers). Wrapped the length
of all message buffers with EAP_SIM_ROUND as to account for any
padding that attributes may add.
2021-07-30 10:38:26 -05:00
James Prestwood
1b4c6e9be8 knownnetworks: copy network_config on update
The network_config was not being copied to network_info when
updated. This caused any new settings to be lost if the network
configuration file was updated during runtime.
2021-07-29 17:51:25 -05:00
James Prestwood
befa448017 netdev: fix RoamThreshold5G
The RoamThreshold5G was never honored because it was being
set prior to any connections. This caused the logic inside
netdev_cqm_rssi_update to always choose the 2GHz threshold
(RoamThreshold) due to netdev->frequency being zero at this time.

Instead call netdev_cqm_rssi_update in all connect/transition
calls after netdev->frequency is updated. This will allow both
the 2G and 5G thresholds to be used depending on what frequency
the new BSS is.

The call to netdev_cqm_rssi_update in netdev_setup_interface
was also removed since it serves no purpose, at least now
that there are two thresholds to consider.
2021-07-28 10:04:41 -05:00
Denis Kenzior
30d32e4a58 treewide: Remove non-ascii characters 2021-07-28 10:03:27 -05:00
Denis Kenzior
78b9328db6 scan: Quiet down warning
Under certain conditions, access points with very low signal could be
detected.  This signal is too low to estimate a data rate and causes
this L_WARN to fire.  Fix this by returning a -ENETUNREACH error code in
case the signal is too low for any of the supported rates.
2021-07-28 09:53:21 -05:00
Denis Kenzior
74fa720e60 iwd.network: Document Transition Disable settings 2021-07-27 17:43:38 -05:00
Denis Kenzior
2e777a0d31 network: Enforce Transition Disable settings
Transition Disable indications and information stored in the network
profile needs to be enforced.  Since Transition Disable information is
now stored inside the network object, add a new method
'network_can_connect_bss' that will take this information into account.
wiphy_can_connect method is thus deprecated and removed.

Transition Disable can also result in certain AKMs and pairwise ciphers
being disabled, so wiphy_select_akm method's signature is changed and
takes the (possibly overriden) ie_rsn_info as input.
2021-07-27 17:43:38 -05:00
Denis Kenzior
ca8f3edc33 wiphy: Add wiphy_can_transition_disable 2021-07-27 17:43:38 -05:00
Denis Kenzior
0c8406780f knownnetworks: Parse Transition Disable settings 2021-07-27 17:43:35 -05:00
Denis Kenzior
51b437bbfe eapol: Add support for Transition Disable
If this indication is received in message 3/4, forward the contents as
a HANDSHAKE_EVENT_TRANSITION_DISABLE
2021-07-27 16:56:01 -05:00
Denis Kenzior
47ba837e98 network: Store Transition Disable info
This indication can come in via EAPoL message 3 or during
FILS Association.  It carries information as to whether certain
transition mode options should be disabled.  See WPA3 Specification,
version 3 for more details.
2021-07-27 16:55:58 -05:00
Denis Kenzior
8cfe038d67 network: Move parsing of additional options
Move parsing of AddressOverride and AlwaysRandomizeAddress settings to
knownnetwork.c to be in the same place as other global network settings.
2021-07-27 14:02:43 -05:00
Denis Kenzior
bedf2b0596 knownnetworks: Commonize parser for common settings
Some network settings keys are set / parsed in multiple files.  Add a
utility to parse all common network configuration settings in one place.

Also add some defines to make sure settings are always saved in the
expected group/key.
2021-07-27 14:02:43 -05:00
Denis Kenzior
46c19b6c6a eapol: Use handshake_util_find_kde
This returns the length of the actual contents, making the code a bit
easier to read and avoid the need to mask the KDE value which isn't
self-explanatory.
2021-07-27 14:02:43 -05:00
Denis Kenzior
f7b59750d0 handshake: Add handshake_util_find_kde 2021-07-27 14:02:43 -05:00
Denis Kenzior
8606f6e96a network: remove unused method 2021-07-27 14:01:21 -05:00
Denis Kenzior
87dde21ec5 erp: Fix missing comma
Fixes: fbe8b7a3c0 ("crypto: Add prf_plus function")
2021-07-27 14:01:19 -05:00
Denis Kenzior
38e3e72684 netdev: Send RSNXE element during SAE association 2021-07-14 09:58:42 -05:00
Denis Kenzior
c957d25dad sae: Add sae_is_h2e
Allows clients to know whether H2E was used by the SAE state machine
2021-07-14 09:58:42 -05:00
Denis Kenzior
f67e5ea6d8 netdev: Centralize mmpdu validation
Instead of requiring each auth_proto to perform validation of the frames
received via rx_authenticate & rx_associate, have netdev itself perform
the mpdu validation.  This is unlikely to happen anyway since the kernel
performs its own frame validation.  Print a warning in case the
validation fails.
2021-07-14 09:58:42 -05:00
Denis Kenzior
cb5939f941 network: Set SAE-PT into handshake
If the authenticator is SAE H2E capable, add the relevant PTs into the
handshake_state to enable use of SAE H2E.
2021-07-14 09:58:42 -05:00
Denis Kenzior
9c07741a0a network: Also support SAE PT for group 20
Generalize loading / saving of SAE PTs and add support for saving /
loading of ECC group 20 based SAE PT.
2021-07-14 09:58:42 -05:00
Denis Kenzior
a46269d5b0 sae: Don't destroy token on group change
There's no reason why a change in groups would result in the
anti-clogging token becoming invalid.  This might result in us needing
an extra round-trip if the peer is using countermeasures and our
requested group was deemed unsuitable.
2021-07-14 09:58:42 -05:00
Denis Kenzior
c02b1466c4 sae: Fix potential leak in sae_process_anti_clogging
We may receive multiple anti-clogging request messages.  We memdup the
token every time, without checking whether memory for one has already
been allocated.  Free the old token prior to allocating a new one.
2021-07-14 09:58:42 -05:00
Denis Kenzior
67be05ec3e sae: validate group in sae_process_anti_clogging
The group was not checked at all.  The specification doesn't
mention doing so specifically, but we are only likely to receive an Anti
Clogging Token Request message once we have sent our initial Commit.  So
the group should be something we could have sent or might potentially be
able to use.
2021-07-14 09:58:42 -05:00
Denis Kenzior
891b78e9e8 sae: Add basic H2E support 2021-07-14 09:58:42 -05:00
Denis Kenzior
d12ac0fa71 crypto: Generalize kdf_sha{256|384} as crypto_kdf
This also allows us to easily implement KDF with SHA512
2021-07-14 09:58:42 -05:00
Denis Kenzior
f0e3d92d00 sae: Fix sae_cn endianness issue
send_confirm was always passed in using host byte-order, but the hash
should be ran over send_confirm in LE order.
2021-07-14 09:58:42 -05:00
Denis Kenzior
03b99ba0d5 sae: Handle error conditions more consistently
In case an exceptional condition occurs, handle this more consistently
by returning the following errors:

  -ENOMSG -- If a message results in the retransmission timer t0 being
             restarted without actually sending anything.
  -EBADMSG -- If a received message is to be silently discarded without
              affecting the t0 timer.
  -ETIMEDOUT -- If SYNC_MAX has been exceeded
  -EPROTO -- If a fatal protocol error occurred
2021-07-14 09:58:42 -05:00
Denis Kenzior
fefa93e3ba sae: Drop unneeded state checks
Now that sae_verify_* methods no longer allow dropped frames though,
there's no reason to keep these checks.  sae_process_commit and
sae_process_confirm will now always receive messages in their respective
state.
2021-07-14 09:58:42 -05:00
Denis Kenzior
0925a362d6 sae: Return an error when dropping frames
sae_verify_* functions were correctly marking frames to be dropped, but
were returning 0, which caused the to-be-dropped frames to be further
processed inside sae_rx_authenticate.  Fix that by returning a proper
error.
2021-07-14 09:58:42 -05:00
Denis Kenzior
3474953d16 sae: Properly return -EAGAIN when retransmitting
Make sure to return -EAGAIN whenever a received frame from the peer
results in a retransmission.  This also prevents the frame from being
mistakenly processed further in sae_rx_authenticate.
2021-07-14 09:58:42 -05:00
Denis Kenzior
d8f9d9d45c sae: Transition to a new state explicitly
Do not try to transition to a new state from sae_send_commit /
sae_send_confirm since these methods can be called due to
retransmissions or other unexpected messages.  Instead, transition to
the new state explicitly from sae_process_commit / sae_process_confirm.
2021-07-14 09:58:42 -05:00
Denis Kenzior
cb810c12ff sae: Move Commit message length validation
Instead of verifying commit message length in the sae_process_commit
method, verify it in the verification function instead.
2021-07-14 09:58:42 -05:00
Denis Kenzior
18ec5589f8 sae: Reject group changes
SAE protocol is meant to authenticate peers simultaneously.  Hence it
includes a tie-breaker provision in case both peers enter into the
Committed state and the Commit messages arrive at the respective peers
near simultaneously.

However, in the case of STA or Infrastructure mode, only one peer (STA)
would normally enter the Committed state (via Init) and the tie-breaker
provision is not needed.  If this condition is detected, abort the
connection.

Also remove the uneeded group change check in process_commit.
2021-07-14 09:58:42 -05:00
Denis Kenzior
7d67192493 sae: Make sae_compute_pwe independent of sae_sm
sae_compute_pwe doesn't really depend on the state of sae_sm.  Only the
curve to be used for the PWE calculation is needed.  Rework the function
signature to reflect that and remove unneeded member of struct sae_sm.
2021-07-14 09:58:42 -05:00
Denis Kenzior
8de07357fd fils: mmpdu_body cannot fail 2021-07-14 09:58:42 -05:00
Denis Kenzior
08845fb19c ie: Change ie_tlv_builder_finalize signature
ie_tlv_builder_init takes a size_t as input, yet for some reason
ie_tlv_builder_finalize takes an unsigned int argument as output.  Fix
the latter to use size_t as well.
2021-07-14 09:58:42 -05:00
Denis Kenzior
8320e3ab92 mpdu: Add SAE_HASH_TO_ELEMENT Status Code 2021-07-14 09:58:42 -05:00
Denis Kenzior
993a934803 crypto: Expose crypto_sae_hash_from_ecc_prime_len 2021-07-14 09:58:42 -05:00
Denis Kenzior
77e387dd0c crypto: Add crypto_derive_sae_pwe_from_pt_ecc 2021-07-14 09:58:42 -05:00
Denis Kenzior
f7b5ebd097 netdev: Set Supplicant RSNXE to handshake_state 2021-07-14 09:58:09 -05:00
Denis Kenzior
636c6eb645 eapol: Send / Validate RSNXE in STA mode 2021-07-14 09:55:49 -05:00
Denis Kenzior
1a7c5786f6 eapol: Use a separate hs variable
Instead of using sm->handshake everywhere, use a short-hand hs variable.
This makes some lines a bit more readable.  No functional changes.
2021-07-14 09:55:49 -05:00
Denis Kenzior
10fd485d7d station: Set authenticator's RSNXE if present 2021-07-14 09:55:49 -05:00
Denis Kenzior
6470601a34 handshake: Add support for RSNXE
Allow handshake_state to track Authenticator & Supplicant RSN Extension
elements (RSNXE)s.
2021-07-14 09:55:49 -05:00
Denis Kenzior
37bc48add4 handshake: Optimize replacement of IEs
During processing of Connect events by netdev, some of these elements
might be updated even when already set.  Instead of issuing
l_free/l_memdup each time, check and see whether the elements are
bitwise identical first.
2021-07-14 09:55:49 -05:00
Denis Kenzior
7fafb627d8 scan: Save off RSNXE if present 2021-07-14 09:55:49 -05:00
Denis Kenzior
57a57646d8 wiphy: Add wiphy_get_rsnxe
Returns a template RSNX element that can be further modified by callers
to set any additional capabilities if required.  wiphy will fill in
those capabilities that are driver / firmware dependent.
2021-07-14 09:55:49 -05:00
Denis Kenzior
3f42e4df25 ie: Add ie_rsnxe_capable
Add convenience method for checking whether a given capability exists in
an RSN Extension element.
2021-07-14 09:55:49 -05:00
Denis Kenzior
f22c958b79 ie: Add certain IE definitions from 802.11-2020 2021-07-14 09:55:49 -05:00
Denis Kenzior
de04e6d723 handshake: Allow adding of ECC SAE-PT points 2021-07-14 09:55:49 -05:00
Denis Kenzior
ead1f0e96e network: Save / Load SAE PT for Group 19 2021-07-14 09:55:49 -05:00
Denis Kenzior
2a66b3bfe5 network: Move handshake parameter setup from station
Most parameters set into the handshake object are actually known by the
network object itself and not station.  This includes address
randomization settings, EAPoL settings, passphrase/psk/8021x settings,
etc.  Since the number of these settings will only keep growing, move
the handshake setup into network itself.  This also helps keep network
internals better encapsulated.
2021-07-14 09:55:49 -05:00
Denis Kenzior
869bcf59d5 network: Make network_sync_psk not repetitive
Refactor network_sync_psk to not require setting attributes into
multiple settings objects.  This is in fact unnecessary as the parsed
security parameters are used everywhere else instead.  Also make sure to
wipe the [Security] group first, in case any settings were invalid
during loading or otherwise invalidated.
2021-07-14 09:55:49 -05:00
Denis Kenzior
27583e6b35 network: Generate PSK lazily
In cases where networks are WPA3 only, there's no point to actually
generate the PSK.  Do so only if needed (network_get_psk gets called)
2021-07-14 09:55:49 -05:00
Denis Kenzior
a8e2023a8e netdev: netdev_build_cmd_authenticate doesn't fail 2021-07-14 09:55:49 -05:00
Denis Kenzior
29aea1d411 netdev: netdev_build_cmd_connect doesn't fail 2021-07-14 09:55:49 -05:00
Denis Kenzior
c1bf2376d4 netdev: Remove unused member 2021-07-13 17:00:07 -05:00
Denis Kenzior
10e5bee5ef wsc: Properly write provisioning files with a passphrase
Credentials obtained can now be either in passphrase or PSK form.  Prior
to commit 7a9891dbef, passphrase credentials were always converted to
PSK form by invoking crypto_psk_from_passphrase.  This was changed in
order to support WPA3 networks.  Unfortunately the provisioning logic
was never properly updated.  Fix that, and also try to not overwrite any
existing settings in case WSC is providing credentials for networks that
are already known.

Fixes: 7a9891dbef ("wsc: store plain text passphrase if available")
2021-07-09 10:33:02 -05:00
Denis Kenzior
277437f3d6 crypto: Add crypto_derive_sae_pt_ecc 2021-07-07 21:03:19 -05:00
Denis Kenzior
308071796a network: Update comment 2021-07-07 21:03:06 -05:00
Denis Kenzior
1d64c96a5c pwd/sae/owe: Update to ell ecc API changes 2021-07-07 20:56:53 -05:00
Denis Kenzior
dfdc8716be network: Rename _sync_psk to _sync_settings
There will be additional security-related settings that will be
introduced for settings files.  In particular, Hash-to-Curve PT
elements, Transition Disable settings and potentially others in the
future.  Since PSK is now not the only element that would require
update, rename this function to better reflect this.
2021-07-06 11:46:33 -05:00
Denis Kenzior
dcd48e1f66 anqp: Ensure a random token is used 2021-07-05 20:25:14 -05:00
Denis Kenzior
667023b01b wiphy: ensure CCMP support when considering SAE 2021-07-05 19:53:52 -05:00
Denis Kenzior
fbe8b7a3c0 crypto: Add prf_plus function
PRF+ from RFC 5295 is the more generic function using which HKDF_Expand
is defined.  Allow this function to take a vararg list of arguments to
be hashed (these are referred to as 'S' in the RFCs).

Implement hkdf_expand in terms of prf_plus and update all uses to the
new syntax.
2021-06-29 20:37:38 -05:00
Denis Kenzior
412fea3ffa crypto: Make hkdf_extract take void *
This makes it easier to use from unit tests and other places which might
be dealing with const char * data.
2021-06-29 11:55:16 -05:00
Michael Johnson
ed283d7b14 iwd.service: Add CAP_NET_BIND_SERVICE
This fixes an issue where the udp port was not being opened due to a
permission denied error. The result of this was the dhcp client would
fail to send the renewal request and so the dhcp lease would expire.

The addition of the CAP_NET_BIND_SERVICE capability allows the service
to open sockets in the restricted port range (<1024) which is required
for dhcp.
2021-06-29 11:43:26 -05:00
Michael Johnson
b6236255d2 Send hostname as part of DHCP request.
This is based on a previous patch by Roberto Santalla Fernández.

A new config is introduced into the network config file under IPv4
called SendHostname. If this is set to true then we add the hostname
into all DHCP requests. The default is false.
2021-06-18 13:05:59 -05:00
Andrew Zaborowski
19e5cc9b0d station: Remove diagnostics interface reliably
If the idea is that the interface should only be present when connected
then don't do this in the DISCONNECTING state as there are various
possible transitions from CONNECTED or ROAMING directly to DISCONNECTED.
2021-06-18 10:06:57 -05:00
Andrew Zaborowski
002fc2d632 station: Check if busy in station_get_diagnostics 2021-06-18 09:58:42 -05:00
Joseph Benden
7436cef012 eapol: Use constant-time comparison
This closes the possibility of a timing attack against PMKIDs.
2021-06-14 09:07:53 -05:00
Denis Kenzior
eb84e29c81 agent: Send Release/Cancel with no_reply flag set
These method calls did not process or expect a reply.
2021-06-09 10:34:22 -05:00
Andrew Zaborowski
d9c324a511 netconfig: Make gateway optional for client
Don't require a gateway address from the settings file or from the DHCP
server when doing netconfig.  Failing when the gateway address was
missing was breaking P2P but also small local networks.
2021-06-08 10:25:49 -05:00
Denis Kenzior
7f4dd181b2 ip-pool: Take out un-needed cast 2021-06-07 17:30:25 -05:00
Denis Kenzior
3dcf1fd9d8 ip-pool: Sanity check addr_str_list 2021-06-07 17:22:43 -05:00
Andrew Zaborowski
c295fba546 ip-pool: Validate prefix lengths in used addresses
Be paranoid and check that the prefix length in addresses from
used_addr4_list are not zero (they shouldn't be) and that address family
is AF_INET (it should be), mainly to quiet coverity warnings:

While there also fix one line's indentation.
2021-06-07 17:03:23 -05:00
Andrew Zaborowski
b1c8a57047 ip-pool: Make host address valid even if prefix_len != 24
At the end of ip_pool_select_addr4() we'd check if the selected address
is equal to the subnet address and increment it by 1 to produce a valid
host address for the AP.  That check was always correct only with 24-bit
prefix, extend it to actually use the prefix-dependent mask instead of
0xff.  Fixes a testAP failure triggered 50% of the times because the
netmask is 28 bit long there.
2021-06-07 17:02:09 -05:00
Denis Kenzior
6f99368935 ip-pool: Use inet_ntop instead of inet_ntoa 2021-06-04 14:11:25 -05:00
Denis Kenzior
094537efc6 netconfig: Use inet_ntop instead of inet_ntoa 2021-06-04 13:53:31 -05:00
Denis Kenzior
772aa687d7 ip-pool: Do not use inet_aton 2021-06-04 12:31:53 -05:00
Denis Kenzior
75a9199bc4 ap: Do not use inet_aton 2021-06-04 12:31:36 -05:00
Andrew Zaborowski
617e99a423 p2p: Set Linkmode/operstate on GO connection 2021-06-04 11:56:23 -05:00
Andrew Zaborowski
04bfe55c36 p2p: As GO delay connect success until client gets IP
Don't signal the connected state until the client has obtained a DHCP
lease and we can set the ConnectedIP property.  From now on that
property is always set when there's a connection.
2021-06-04 11:56:02 -05:00
Andrew Zaborowski
f7c6fe0ed6 p2p: Also set a DHCP timeout in Group Owner role
Move the loading of the [P2P].DHCPTimeout setting to initialization and
set the timeout both in P2P Client and P2P GO roles.
2021-06-04 11:55:29 -05:00
Andrew Zaborowski
0e865a7028 ap: Forward DHCP events to AP event handler 2021-06-04 11:55:06 -05:00
Andrew Zaborowski
42afc31cbe p2p: Fix parsing of Association Req P2P IEs
p2p_parse_association_req() already extracts the P2P IE payload from the
IE sequence, there's no need to call ie_tlv_extract_p2p_payload before
it.  Pass the IE sequence directly to p2p_parse_association_req().
2021-06-04 11:54:48 -05:00
Andrew Zaborowski
1399b5688b p2p: Fix a leak of ie_tlv_extract_p2p_payload() result 2021-06-04 11:54:40 -05:00
Andrew Zaborowski
69d9a07e34 p2putil: Ensure non-negative index in p2p_get_random_string 2021-06-04 11:53:31 -05:00
Andrew Zaborowski
d96f542951 wscutil: Fix a return statement
Fixes: 8d58f5b679 ('wscutil: Move DeviceType parsing from p2p & eap-wsc to a function')
2021-06-04 11:53:25 -05:00
Andrew Zaborowski
ec9260fa0c ap: Fix leaking of ap->wsc_pbc_timeout 2021-06-04 11:53:20 -05:00
Andrew Zaborowski
aa9a914975 ap: Warn about APRanges having been deprecated 2021-06-04 11:53:14 -05:00
Andrew Zaborowski
e9a33524a2 ap: Drop unneeded broadcast address calculation
It's already done in l_rtnl_address_new().
2021-06-04 11:53:04 -05:00
Denis Kenzior
45c7aa0d18 netconfig: Check l_rtnl_address_get_address return 2021-06-04 10:26:18 -05:00
Denis Kenzior
03b48b5621 station: Pretty-print the estimated BSS data rate 2021-06-04 10:14:04 -05:00
Denis Kenzior
647f1e9b91 ie: Remove old data rate estimation utilities 2021-06-04 10:14:04 -05:00
Denis Kenzior
43692cb377 wiphy: Use new data rate estimation utilities 2021-06-04 10:14:04 -05:00
Denis Kenzior
2d480f12e1 band: Add utility for estimating non-ht data rate 2021-06-04 10:14:04 -05:00
Denis Kenzior
575f603f89 band: Add HT RX rate estimation
Similarly to commit
27d302a0 ("band: Add a utility to estimate VHT rx data rate"), this
commit adds an RX data rate estimation utility for HT connections.
2021-06-04 10:14:04 -05:00
Denis Kenzior
a17745661e band: Add a utility to estimate VHT rx data rate
This function is meant to supercede a similar function in ie.c.  The
current approach results in very optimistic data rate estimates since it
only takes into account the VHT/HT Capabilities IEs.  It does not take
into account any local hardware limitations (such as no VHT/HT support),
limited RX MCS sets & number of spatial streams.  It also does not take
into account that the AP might not be actually operating on higher
bandwidth channels.

This function is meant to address that by matching peer TX MCS sets with
the local hardware RX MCS set capability.  It also takes into account
channel bandwidth capabilities of the local hardware, as well as whether
the AP is actually operating on a wider channel.
2021-06-04 10:14:04 -05:00
Denis Kenzior
842a70a307 band: Move ht/vht data rate calculation out of ie.c 2021-06-04 10:14:04 -05:00
Denis Kenzior
e41bee377d band: Add band.[ch]
Move the band definition out of wiphy.c and into band.[ch].  This is
done to make certain utilities that depend on band information capable
of being tested from unit tests.

The band concept will most likely grow over time.  For now, the only
user will be wiphy.c and unit tests, so the structures are kept public.
2021-06-04 10:14:04 -05:00
Denis Kenzior
46f6fb1bd1 netconfig: Cancel pending address set command
It is possible that the address set command succeeds just after a
netconfig object has been destroyed.

==6485== Invalid read of size 8
==6485==    at 0x458A6D: netconfig_ipv4_routes_install (netconfig.c:629)
==6485==    by 0x458D1C: netconfig_ipv4_ifaddr_add_cmd_cb (netconfig.c:689)
==6485==    by 0x4A5E7B: process_message (netlink.c:181)
==6485==    by 0x4A626A: can_read_data (netlink.c:289)
==6485==    by 0x4A3E19: io_callback (io.c:120)
==6485==    by 0x4A27B5: l_main_iterate (main.c:478)
==6485==    by 0x4A28F6: l_main_run (main.c:525)
==6485==    by 0x4A2C0E: l_main_run_with_signal (main.c:647)
==6485==    by 0x404D27: main (main.c:542)
==6485==  Address 0x4a47290 is 32 bytes inside a block of size 104 free'd
==6485==    at 0x48399CB: free (vg_replace_malloc.c:538)
==6485==    by 0x49998B: l_free (util.c:136)
==6485==    by 0x457699: netconfig_free (netconfig.c:130)
==6485==    by 0x45A038: netconfig_destroy (netconfig.c:1163)
==6485==    by 0x41FD16: station_free (station.c:3613)
==6485==    by 0x42020E: station_destroy_interface (station.c:3710)
==6485==    by 0x4B990E: interface_instance_free (dbus-service.c:510)
==6485==    by 0x4BC193: _dbus_object_tree_remove_interface (dbus-service.c:1694)
==6485==    by 0x4BA22A: _dbus_object_tree_object_destroy (dbus-service.c:795)
==6485==    by 0x4B078D: l_dbus_unregister_object (dbus.c:1537)
==6485==    by 0x417ACB: device_netdev_notify (device.c:361)
==6485==    by 0x4062B6: netdev_free (netdev.c:808)
==6485==  Block was alloc'd at
==6485==    at 0x483879F: malloc (vg_replace_malloc.c:307)
==6485==    by 0x499857: l_malloc (util.c:62)
==6485==    by 0x459DC0: netconfig_new (netconfig.c:1115)
==6485==    by 0x41FC29: station_create (station.c:3592)
==6485==    by 0x4207B3: station_netdev_watch (station.c:3864)
==6485==    by 0x411A17: netdev_initial_up_cb (netdev.c:5588)
==6485==    by 0x4A5E7B: process_message (netlink.c:181)
==6485==    by 0x4A626A: can_read_data (netlink.c:289)
==6485==    by 0x4A3E19: io_callback (io.c:120)
==6485==    by 0x4A27B5: l_main_iterate (main.c:478)
==6485==    by 0x4A28F6: l_main_run (main.c:525)
==6485==    by 0x4A2C0E: l_main_run_with_signal (main.c:647)
==6485==
2021-06-04 10:14:04 -05:00
Denis Kenzior
e39cdc7a29 wiphy: Print basic VHT info for each band 2021-06-04 10:14:04 -05:00
Denis Kenzior
77ea7ad437 netdev: Better detect connecting state
netdev_free relies on netdev->connected being set to detect whether a
connection is in progress.  This variable is only set once the driver
has been connected however, so for situations where a CMD_CONNECT is
still 'in flight' or if the wiphy work is still pending, the ongoing
connection will not be canceled.  Fix that by being more thorough when
trying to detect that a connection is in progress.

src/wiphy.c:wiphy_radio_work_next() Starting work item 2
Terminate
src/netdev.c:netdev_free() Freeing netdev wlan0[9]
src/device.c:device_free()
src/station.c:station_free()
src/netconfig.c:netconfig_destroy()
Removing scan context for wdev c
src/scan.c:scan_context_free() sc: 0x4a44c80
src/netdev.c:netdev_mlme_notify() MLME notification New Station(19)
src/netdev.c:netdev_link_notify() event 16 on ifindex 9
==6356== Invalid write of size 4
==6356==    at 0x40A253: netdev_cmd_connect_cb (netdev.c:2522)
==6356==    by 0x4A8886: process_unicast (genl.c:986)
==6356==    by 0x4A8C48: received_data (genl.c:1098)
==6356==    by 0x4A3DFD: io_callback (io.c:120)
==6356==    by 0x4A2799: l_main_iterate (main.c:478)
==6356==    by 0x4A28DA: l_main_run (main.c:525)
==6356==    by 0x4A2BF2: l_main_run_with_signal (main.c:647)
==6356==    by 0x404D27: main (main.c:542)
==6356==  Address 0x4a3e418 is 152 bytes inside a block of size 472 free'd
==6356==    at 0x48399CB: free (vg_replace_malloc.c:538)
==6356==    by 0x49996F: l_free (util.c:136)
==6356==    by 0x406662: netdev_free (netdev.c:886)
==6356==    by 0x4129C2: netdev_shutdown (netdev.c:5980)
==6356==    by 0x403A14: iwd_shutdown (main.c:79)
==6356==    by 0x403A7D: signal_handler (main.c:90)
==6356==    by 0x4A2AFB: sigint_handler (main.c:612)
==6356==    by 0x4A2F3B: handle_callback (signal.c:78)
==6356==    by 0x4A3030: signalfd_read_cb (signal.c:104)
==6356==    by 0x4A3DFD: io_callback (io.c:120)
==6356==    by 0x4A2799: l_main_iterate (main.c:478)
==6356==    by 0x4A28DA: l_main_run (main.c:525)
==6356==  Block was alloc'd at
==6356==    at 0x483879F: malloc (vg_replace_malloc.c:307)
==6356==    by 0x49983B: l_malloc (util.c:62)
==6356==    by 0x4121BD: netdev_create_from_genl (netdev.c:5776)
==6356==    by 0x451F6F: manager_new_station_interface_cb (manager.c:173)
==6356==    by 0x4A8886: process_unicast (genl.c:986)
==6356==    by 0x4A8C48: received_data (genl.c:1098)
==6356==    by 0x4A3DFD: io_callback (io.c:120)
==6356==    by 0x4A2799: l_main_iterate (main.c:478)
==6356==    by 0x4A28DA: l_main_run (main.c:525)
==6356==    by 0x4A2BF2: l_main_run_with_signal (main.c:647)
==6356==    by 0x404D27: main (main.c:542)
2021-06-01 18:16:03 -05:00
Denis Kenzior
683ff1a4e4 wiphy: Return -errno instead of false 2021-06-01 16:46:23 -05:00
Denis Kenzior
d773c0b4ac netdev: Do not leak netdev objects
If the daemon is started and killed rapidly on startup, it is possible
for netdev_shutdown to be called prior to manager processing messages
that actually create the netdev itself.  Since the netdev_list has
already been freed, the storage is lost.  Fix that by destroying
netdev_list only when the module is unloaded.
2021-06-01 13:41:56 -05:00
Denis Kenzior
2b0b5d4173 netdev: Check ifi_flags in netdev_connect/disconnect
Also, set the flags appropriately when removing the netdev object.  This
prevents callers from accidentally starting any actions that will simply
fail.
2021-06-01 13:41:56 -05:00
Denis Kenzior
11f42e2476 netdev: Always cleanup disconnect_cmd_id 2021-06-01 13:41:56 -05:00
Denis Kenzior
f6f5570bc8 netdev: Notify EVENT_DEL earlier
If we're going down, make sure to notify any watches about EVENT_DEL
earlier.  Not doing so might result in us not cleaning up requests that
might have been started as the result of this event.
2021-06-01 13:41:56 -05:00
Denis Kenzior
cf950f6d3f station: Do not call netdev_disconnect on in station_free
station_free() is invoked when one of two possibilities happen:
- Device has been powered down, and EVENT_DOWN has been emitted
- Device has been removed, and EVENT_DEL has been emitted

In both cases there is not much point for netdev_disconnect to be
invoked as that tries to cleanly shut down an existing connection.  The
only thing the ABORTED error accomplishes in this case is to send a
dbus_aborted_error for the pending_connect message, if it exists.
There's already code for doing this in station_free().

src/station.c:station_enter_state() Old State: autoconnect_quick, new state: connecting (auto)
src/scan.c:scan_cancel() Trying to cancel scan id 1 for wdev 7
src/wiphy.c:wiphy_radio_work_done() Work item 1 done
src/wiphy.c:wiphy_radio_work_next() Starting work item 2
Terminate
src/netdev.c:netdev_free() Freeing netdev wlan0[9]
src/device.c:device_free()
src/station.c:station_free()
src/wiphy.c:wiphy_radio_work_done() Work item 2 done
src/station.c:station_connect_cb() 9, result: 5
src/netconfig.c:netconfig_destroy()
Removing scan context for wdev 7
src/scan.c:scan_context_free() sc: 0x4a39490
src/netdev.c:netdev_mlme_notify() MLME notification New Station(19)
src/netdev.c:netdev_link_notify() event 16 on ifindex 9
src/netdev.c:netdev_link_notify() event 16 on ifindex 9
src/netdev.c:netdev_mlme_notify() MLME notification Authenticate(37)
src/netdev.c:netdev_link_notify() event 16 on ifindex 9
src/netdev.c:netdev_mlme_notify() MLME notification Associate(38)
src/netdev.c:netdev_link_notify() event 16 on ifindex 9
src/netdev.c:netdev_mlme_notify() MLME notification Connect(46)
src/netdev.c:netdev_link_notify() event 16 on ifindex 9
src/wiphy.c:wiphy_reg_notify() Notification of command Reg Change(36)
src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for (global) is US
src/netdev.c:netdev_link_notify() event 16 on ifindex 9
src/netdev.c:netdev_unicast_notify() Unicast notification 129
src/netdev.c:netdev_mlme_notify() MLME notification Del Station(20)
src/netdev.c:netdev_mlme_notify() MLME notification Deauthenticate(39)
src/netdev.c:netdev_mlme_notify() MLME notification Disconnect(48)
src/wiphy.c:wiphy_reg_notify() Notification of command Reg Change(36)
src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for (global) is XX
==20311== Invalid write of size 4
==20311==    at 0x406E74: netdev_cmd_disconnect_cb (netdev.c:1130)
==20311==    by 0x4A78A8: process_unicast (genl.c:986)
==20311==    by 0x4A7C6A: received_data (genl.c:1098)
==20311==    by 0x4A2E1F: io_callback (io.c:120)
==20311==    by 0x4A17BB: l_main_iterate (main.c:478)
==20311==    by 0x4A18FC: l_main_run (main.c:525)
==20311==    by 0x4A1C14: l_main_run_with_signal (main.c:647)
==20311==    by 0x404D27: main (main.c:542)
==20311==  Address 0x4a37a0c is 156 bytes inside a block of size 472 free'd
==20311==    at 0x48399CB: free (vg_replace_malloc.c:538)
==20311==    by 0x498991: l_free (util.c:136)
==20311==    by 0x406651: netdev_free (netdev.c:883)
==20311==    by 0x412976: netdev_shutdown (netdev.c:5970)
==20311==    by 0x403A14: iwd_shutdown (main.c:79)
==20311==    by 0x403A7D: signal_handler (main.c:90)
==20311==    by 0x4A1B1D: sigint_handler (main.c:612)
==20311==    by 0x4A1F5D: handle_callback (signal.c:78)
==20311==    by 0x4A2052: signalfd_read_cb (signal.c:104)
==20311==    by 0x4A2E1F: io_callback (io.c:120)
==20311==    by 0x4A17BB: l_main_iterate (main.c:478)
==20311==    by 0x4A18FC: l_main_run (main.c:525)
2021-06-01 13:41:56 -05:00
Denis Kenzior
dbd66bd497 wiphy: Print more basic wiphy info 2021-06-01 13:41:56 -05:00
Denis Kenzior
709b77794b scan: Use wiphy_estimate_data_rate 2021-06-01 13:41:56 -05:00
Denis Kenzior
74761fcdd3 wiphy: Add wiphy_estimate_data_rate
The data rate estimation belongs in wiphy since it should take hardware
capabilities into account.  Right now the data rate calculation simply
assumes the hardware is as capable as the AP.  scan.c will be ported to
use this utility and the data rate estimation will be expanded to take
wiphy capabilities into account.
2021-06-01 13:41:56 -05:00
Denis Kenzior
8679b82db4 scan: Simplify parsing logic
scan_parse_result used to parse the wdev and return this to the caller
where it was compared against the expected wdev.  Simplify this by
extract the wdev first, and proceeding with the bss parsing afterwards.
2021-06-01 13:41:56 -05:00
Denis Kenzior
10ac107ba6 wiphy: Parse HT Capabilities & MCS Set 2021-06-01 13:41:56 -05:00
Denis Kenzior
ea9bc11fc8 wiphy: Parse VHT Capabilities & MCS Set 2021-06-01 13:41:56 -05:00
Denis Kenzior
7a4d48c16d wiphy: Add a more formal representation of band
Right now a very limited set of band parameters are parsed into wiphy.
This includes the supported rates and the supported frequencies.
However, there is much more information that is given for each band.
Introduce a new band object that will store this information and can be
extended for future use.
2021-06-01 13:41:55 -05:00
Denis Kenzior
29f2ac2070 eap-md5: Do not check deprecated MD5-Secret 2021-06-01 10:44:57 -05:00
Denis Kenzior
d8b305d799 eap-gtc: Do not check deprecated GTC-Secret 2021-06-01 10:44:23 -05:00
Denis Kenzior
6d9d2f5b89 knownnetworks: Do not check legacy Autoconnect setting 2021-06-01 10:32:48 -05:00
Denis Kenzior
b9304eaf20 manager: Do not check deprecated use_default_interface 2021-06-01 10:29:42 -05:00
Denis Kenzior
d50ee161f5 resolve: Do not check deprecated dns_resolve_method 2021-06-01 10:28:47 -05:00
Denis Kenzior
f1bc1ed4be station: Do not check deprecated enable_network_config
Enough time has passed where everyone should have had the chance to
update this to the new setting.
2021-06-01 10:26:18 -05:00
Andrew Zaborowski
2471d4c3cd doc: Update AP settings in iwd.ap(5) and iwd.config(5) 2021-06-01 10:20:50 -05:00
Andrew Zaborowski
7163a9d9d7 ap: Save AP address as l_rtnl_address
Change the char *addr_str and uint8_t prefix_len pair to an
l_rtnl_address object and use ell/rtnl.h utilities that use that
directly.  Extend broadcast_from_ip to handle prefix_len.
2021-06-01 10:15:43 -05:00
Andrew Zaborowski
a6002562ef ap: Send a specific error message on async AP start failure
We generate the DBus error reply type from the errno only when
ap_start() was failing synchronously, now also send the errno through
the callbacks so that we can also return a specific DBus reply when
failing asynchronously.  Thea AP autotest relies on receiving the
AlreadyExists DBus error.
2021-06-01 10:15:16 -05:00
Andrew Zaborowski
ff2840f95f ap: Refactor global address pool loading
Deprecate the global [General].APRanges setting in favour of
[IPv4].APAddressPool with an extended (but backwards-compatible) syntax.
Drop the existing address pool creation code.

The new APAddressPool setting has the same syntax as the profile-local
[IPv4].Address setting and the subnet selection code will fall back
to the global setting if it's missing, this way we use common code to
handle both settings.
2021-06-01 10:11:37 -05:00
Andrew Zaborowski
c5d1a5c31f ap: Refactor DHCP settings loading
Extend the [IPv4].Address setting's syntax to allow a new format: a list
of <IP>/<prefix_len> -form strings that define the address space from
which a subnet is selected.  Rewrite the DHCP settings loading with
other notable changes:

 * validate some of the settings more thoroughly,
 * name all netconfig-related ap_state members with the netconfig_
   prefix,
 * make sure we always call l_dhcp_server_set_netmask(),
 * allow netmasks other than 24-bit and change the default to 28 bits,
 * as requested avoid using the l_net_ ioctl-based functions although
   l_dhcp still uses them internally,
 * as requested avoid touching the ap_state members until the end of
   some functions so that on error they're basically a no-op (for
   readability).
2021-06-01 10:04:35 -05:00
Andrew Zaborowski
e56e4ade90 ip-pool: Add subnet address selection logic
Add the ip_pool_select_addr4 function to select a random subnet of requested
size from an address space defined by a string list (for use with the
AP profile [IPv4].Address and the global [IPv4].APAddressPool settings),
avoiding those subnets that conflict with subnets in use.  We take care
to give a similar weight to all subnets contained in the specified
ranges regardless of how many ranges contain each, basically so that
overlapping ranges don't affect the probabilities (debatable.)
2021-06-01 10:03:04 -05:00
Andrew Zaborowski
6e5b26ba64 ip-pool: Track IPv4 addresses in use
Add the ip-pool submodule that tracks IPv4 addresses in use on the
system for use when selecting the address for a new AP.  l_rtnl_address
is used internally because if we're going to return l_rtnl_address
objects it would be misleading if we didn't fill in all of their
properties like flags etc.
2021-06-01 10:03:00 -05:00
Denis Kenzior
9518d68d9a eapolutil: Use flexible-array member
Instead of zero-length array, use the more preferred flexible-array
member.  See https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
2021-05-28 10:57:11 -05:00
Alvin Šipraga
920ac37a40 station: update current BSS frequency on netdev channel switch event
If the connected BSS changes channel, netdev will emit an event with the
new channel's frequency. In response, have station change the frequency
of the connected scan_bss struct and inform network about the update.
2021-05-27 13:53:51 -05:00
Alvin Šipraga
5eb0b7ca8e netdev: add a channel switch event
If the connected BSS announces that it is switching operating channel,
the kernel may emit the NL80211_CMD_CH_SWTICH_NOTIFY event when the
switch is complete. Add a new netdev event NETDEV_EVENT_CHANNEL_SWITCHED
to signal to interested modules that the connected BSS has changed
channel. The event carries a pointer to the new channel's frequency.
2021-05-27 13:53:02 -05:00
Alvin Šipraga
f50a51d943 network: sync known network frequency on BSS update
When a scan_bss is updated in the BSS list of a known network, it may be
on a new frequency. Sync the known frequencies list accordingly.
2021-05-27 13:49:43 -05:00
Alvin Šipraga
38ded68a38 scan: parse NL80211_BSS_LAST_SEEN_BOOTTIME in units of nanoseconds
NL80211_BSS_LAST_SEEN_BOOTTIME is expressed in nanoseconds, while BSS
timestamps are expressed in microseconds internally. Convert the
attribute to microseconds when using it to timestamp a BSS. This makes
iwd expire absent BSSes within 30 seconds as intended.

Fixes: 454cee12d4 ("scan: Use kernel-reported time-stamp if provided")
2021-05-26 10:20:48 -05:00
Denis Kenzior
1822062d55 station: Continue trying to autoconnect on failure
Right now, if a connection to a network selected by auto-connect fails,
the entire autoconnect process is restarted.  This means that scans are
kicked off again, auto-connect list is rebuilt, etc.  This was due to
auto-connect reusing the same failure path as connections triggered via
D-Bus.

The above behavior can lead to weird situations in certain corner cases.
For example, a highly preferred network configured with the wrong
password would result in auto-connect entering an infinite loop.

Fix this by making sure that all auto-connect entries are tried and
exhausted prior to re-scanning again.
2021-05-25 18:42:57 -05:00
Denis Kenzior
ca561be4b9 network: Clear temporary ban list in network_disconnected
The temporary ban list is cleared when a network is connected to
successfully, and also in network_connect_failed.  Unfortunately,
network_connect_failed is not called in all paths (i.e. during
autoconnect) since it messes with the state of secrets and passphrases.

Clear the list in network_disconnected() instead, since it is guaranteed
to be called in every circumstance.
2021-05-25 18:42:57 -05:00
Denis Kenzior
db3024eed6 station: Introduce CONNECTING_AUTO state
This will be effectively the same as the CONNECTING state, but can be
used to enable differing behavior, depending on whether connection was
triggered by autoconnect or via D-Bus.
2021-05-25 18:42:57 -05:00
Denis Kenzior
00763fde0d station: Break up station_connect_cb
Break this up into two parts, one handling the successful connect case,
the other for handling error conditions
2021-05-25 18:42:57 -05:00
Denis Kenzior
e265f95f45 ie: Fix VHT Capabilities to Data Rate conversion
Code that walked the VHT TX/RX MCS maps seemed to assume that bit_field
operated on bits that start at '1'.  But this utility actually operates
on bits that start at '0'.  I.e. the least significant bit is at
position 0.

While we're at it, rename the mcs variable into bitoffset to make it
clearer how the maps are being iterated over.  Supported MCS is actually
the value found in the map.
2021-05-25 18:42:57 -05:00
Denis Kenzior
efa5b0cc62 main: Document '-E', --developer option 2021-05-25 13:30:29 -05:00
Denis Kenzior
e47bc6ede4 main: Remove dbus-debug -B option
This option has not been used in a very long time, and is of limited
utility since the only thing D-Bus debugging does is hexdumps the
content of D-Bus messages to the terminal.
2021-05-25 13:20:07 -05:00
Denis Kenzior
c3b1425edd ie: Fix up HT/VHT data rate calculation
The current calculation was giving erroneous results when it came to VHT
MCS index 4 and VHT MCS index 8 & 9.

Switch to a precomputed look up table and add a multiplication factor
for short GI.
2021-05-24 18:39:26 -05:00
Denis Kenzior
edf7294c06 ap: Do not leak ap->server
ap_reset() seems to be called whenever the AP is stopped or removed due
to interface shutdown.  For some reason ap_reset did not remove the DHCP
server object, resulting in leaks:

==211==    at 0x483879F: malloc (vg_replace_malloc.c:307)
==211==    by 0x46B5AD: l_malloc (util.c:62)
==211==    by 0x49B0E2: l_dhcp_server_new (dhcp-server.c:715)
==211==    by 0x433AA3: ap_setup_dhcp (ap.c:2615)
==211==    by 0x433AA3: ap_load_dhcp (ap.c:2645)
==211==    by 0x433AA3: ap_load_config (ap.c:2753)
==211==    by 0x433AA3: ap_start (ap.c:2885)
==211==    by 0x434A96: ap_dbus_start_profile (ap.c:3329)
==211==    by 0x482DA9: _dbus_object_tree_dispatch (dbus-service.c:1815)
==211==    by 0x47A4D9: message_read_handler (dbus.c:285)
==211==    by 0x4720EB: io_callback (io.c:120)
==211==    by 0x47130C: l_main_iterate (main.c:478)
==211==    by 0x4713DB: l_main_run (main.c:525)
==211==    by 0x4713DB: l_main_run (main.c:507)
==211==    by 0x4715EB: l_main_run_with_signal (main.c:647)
==211==    by 0x403EE1: main (main.c:550)
2021-05-24 14:31:04 -05:00
Denis Kenzior
23451be606 netconfig: Do not leak l_acd if static IP is used
==209==    by 0x43E48A: netconfig_ipv4_select_and_install (netconfig.c:887)
==209==    by 0x43E48A: netconfig_configure (netconfig.c:1025)
==209==    by 0x41743C: station_connect_cb (station.c:2556)
==209==    by 0x408E0D: netdev_connect_ok (netdev.c:1311)
==209==    by 0x47549E: process_unicast (genl.c:994)
==209==    by 0x47549E: received_data (genl.c:1102)
==209==    by 0x4720EB: io_callback (io.c:120)
==209==    by 0x47130C: l_main_iterate (main.c:478)
==209==    by 0x4713DB: l_main_run (main.c:525)
==209==    by 0x4713DB: l_main_run (main.c:507)
==209==    by 0x4715EB: l_main_run_with_signal (main.c:647)
==209==    by 0x403EE1: main (main.c:550)
2021-05-24 14:31:04 -05:00
Denis Kenzior
66b73262df station: Check return of network_bss_select
network_bss_select can return NULL if no suitable BSSes are found, or if
all of them are blacklisted.  Make sure to skip the network if this
happens.
2021-05-19 09:56:59 -05:00
James Prestwood
877d910a44 station: autoconnect based on network, not BSS
Prior to the BSS blacklist a BSS based autoconnect list made
the most sense, but now station actually retries all BSS's upon
failure. This means that for each BSS in the autoconnect list
every other BSS under that SSID will be attempted to connect to
if there is a failure. Essentially this is a network based
autoconnect list, just an indirect way of doing it.

Intead the autoconnect list can be purely network based, using
the network rank for sorting. This avoids the need for a special
autoconnect_entry struct as well as ensures the last connected
network is chosen first (simply based on existing network ranking
logic).
2021-05-19 09:44:18 -05:00
James Prestwood
0be5beffc8 network: use WPA version and privacy for ranking
These ranking factors were moved out of scan.c and into
network.c as they are more relevant for network ranking
than BSS ranking.
2021-05-19 09:32:28 -05:00
James Prestwood
3fde169001 scan: rework BSS ranking
It was observed that IWD's ranking for BSS's did not always
end up with the fastest being chosen. This was due to IWD's
heavy weight on signal strength. This is a decent way of ranking
but even better is calculating a theoretical data rate which
was also done and factored in. The problem is the data rate
factor was always outdone by the signal strength.

Intead remove signal strength entirely as this is already taken
into account with the data rate calculation. This also removes
the check for rate IEs. If no IEs are found the parser will
base the data rate soley on RSSI.

There were a few other factors removed which will be added back
when ranking *networks* rather than BSS's. WPA version (or open)
was removed as well as the privacy capability. These values really
should not differ between BSS's in the same SSID and as such
should be used for network ranking instead.
2021-05-19 09:32:17 -05:00
James Prestwood
7c9561f027 ie: refactor parsing supported data rates
Both ext/supported rates IEs are obtained from scan results. These
IEs are passed to ie_tlv_init/ie_tlv_next, as well as direct length
checks (for supported rates at least, extended supported rates can
be as long as a single byte integer can hold, 1 - 255) which verifies
that the length in the IE matches the overall IE length that is
stored in scan_bss. Because of this, ie_parse_supported_rates_from_data
was doing double duty re-initializing a TLV iterator.

Intead, since we know the IE length is within bounds, the length/data
can simply be directly accessed out of the buffer. This avoids the need
for a wrapper function entirely.

The length parameters were also removed, since this is now obtained
directly from the IE.
2021-05-14 14:28:23 -05:00
Andrew Zaborowski
02e46542e3 ap: Make rtnl global static 2021-05-14 09:49:08 -05:00
James Prestwood
df04877a67 station: use IE_AKM_IS_FT when possible
Update a check to use IE_AKM_IS_FT as the condition is identical
to the macro.
2021-05-12 18:04:30 -05:00
James Prestwood
7fc0a8fc0f station: make station_can_fast_transition more robust
Check that the current handshake is using an FT AKM and that the
target BSS AKM suites contain an FT AKM.
2021-05-12 18:04:30 -05:00
James Prestwood
9a3639f2fa ie: use bitwise compare for IE_AKM_IS_FT
This has the same effect when passing a single AKM value, but also
handles AKM bit fields (e.g. ie_rsn_info->akm_suites)
2021-05-12 18:04:30 -05:00
James Prestwood
e5fcc93a9e netdev: remove callback/userdata/timeout from FT-over-DS action
Since netdev maintains the list of FT over DS info structs there is not
any need for station to get callbacks when the initial action frame
is received, or not. This removes the need for the callback handler,
user data, and response timeout.
2021-05-12 18:04:30 -05:00
James Prestwood
7385e2c90e station: send FT-over-DS actions upon connection
Roam times can be slightly improved by sending out the FT-over-DS
action frames to any BSS in the mobility domain immediately after
connecting. This preauthenticates IWD to each AP which means
Reassociation can happen right away when a roam is needed.

When a roam is needed station_transition_start will first try
FT-over-DS (if supported) via netdev_fast_transtion_over_ds. The
return is checked and if netdev has no cached entries FT-over-Air
will be used instead.
2021-05-12 18:04:30 -05:00
James Prestwood
78fe1cc0ef network: add network_bss_list_get_entries
Gets the first l_queue_entry in the networks BSS list. Useful
for iterating only a given networks BSS's outside of network.c.
2021-05-12 18:04:30 -05:00
James Prestwood
9b7d761db5 netdev: handle multiple concurrent FT-over-DS action frames
The beauty of FT-over-DS is that a station can send and receive
action frames to many APs to prepare for a future roam. Each
AP authenticates the station and when a roam happens the station
can immediately move to reassociation.

To handle this a queue of netdev_ft_over_ds_info structs is used
instead of a single entry. Using the new ft.c parser APIs these
info structs can be looked up when responses come in. For now
the timeouts/callbacks are kept but these will be removed as it
really does not matter if the AP sends a response (keeps station
happy until the next patch).
2021-05-12 18:04:30 -05:00
James Prestwood
ff333a112b ft: break up FT action parsing into two steps
This is to prepare for multiple concurrent FT-over-DS action frames.
A list will be kept in netdev and for lookup reasons it needs to
parse the start of the frame to grab the aa/spa addresses. In this
call the IEs are also returned and passed to the new
ft_over_ds_parse_action_response.

For now the address checks have been moved into netdev, but this will
eventually turn into a queue lookup.
2021-05-12 18:04:30 -05:00
James Prestwood
80712face4 station: remove ap_directed_roam check for over-DS
This flag was being checked but it is explicitly being set to
false prior.
2021-05-12 18:04:30 -05:00
James Prestwood
f95e3a02e8 station: factor out logic for choosing FT 2021-05-12 18:04:30 -05:00
Andrew Zaborowski
e8eb05feea netdev: ensure DISCONNECT_BY_SME uses a reason_code
Station callbacks expect a reason code (as opposed to status codes) with
this event type.
2021-05-11 11:34:17 -05:00
Andrew Zaborowski
dfe57b8bb0 main: Add NetworkConfigurationEnabled to Daemon.GetInfo() 2021-05-11 10:08:51 -05:00
Andrew Zaborowski
c0a1760f46 ap: Move sending CMD_START_AP to common function 2021-05-10 10:14:29 -05:00
James Prestwood
b89720ca47 doc: document [General].RoamThreshold5G 2021-05-10 10:12:46 -05:00
James Prestwood
968584d3f0 netdev: introduce [General].RoamThreshold5G
This value sets the roaming threshold on 5GHz networks. The
threshold has been separated from 2.4GHz because in many cases
5GHz can perform much better at low RSSI than 2.4GHz.

In addition the BSS ranking logic was re-worked and now 5GHz is
much more preferred, even at low RSSI. This means we need a
lower floor for RSSI before roaming, otherwise IWD would end
up roaming immediately after connecting due to low RSSI CQM
events.
2021-05-10 10:05:21 -05:00
James Prestwood
7b26a87d7a ie: fix ie_parse_data_rates to handle NULL
The code was partially there to handle NULL IEs but not
quite. If NULL IEs are passed in base the data rate totally
on the basic rate RSSI table.
2021-05-10 10:04:32 -05:00
James Prestwood
694ccf62d0 station: add Roam() diagnostics method
This is being added as a developer method and should not be used
in production. For testing purposes though, it is quite useful as
it forces IWD to roam to a provided BSS and bypasses IWD's roaming
and ranking logic for choosing a roam candidate.

To use this a BSSID is provided as the only parameter. If this
BSS is not in IWD's current scan results -EINVAL will be returned.
If IWD knows about the BSS it will attempt to roam to it whether
that is via FT, FT-over-DS, or Reassociation. These details are
still sorted out in IWDs station_transition_start() logic.
2021-05-07 08:45:42 -05:00
James Prestwood
174c14aefb main: add a --developer,-E option
This will enable developer features to be used. Currently the
only user of this will be StationDiagnostics.Roam() method which
should only be exposed in this mode.
2021-05-07 08:45:20 -05:00
Andrew Zaborowski
a8736b8df8 main: Add D-Bus Daemon.GetInfo method
Expose the state directory/storage directory path on D-Bus because it
can't be known to clients until IWD runs, and client might need to
occasionally fiddle with the network config files.  While there also
expose the IWD version string, similar to how some other D-Bus services
do.
2021-05-07 08:41:21 -05:00
James Prestwood
a3906272cc station: print reason why autoconnect failed 2021-05-04 10:30:55 -05:00
James Prestwood
8606bd6435 adhoc: set operstate on Start/Stop
Similar to 06aa84cca set the operstate when AdHoc is started and
stopped as it is no longer always set by netdev (only for station/p2p
interface types)
2021-04-30 20:07:19 -05:00
Denis Kenzior
29dd246f5e ap: Fix invalid length argument to ap_build_beacon_pr_head
Previously resp was a simple array of bytes allocated on the stack.
This was changed to a dynamically allocated array, but the sizeof(resp)
argument to ap_build_beacon_pr_head() was never changed appropriately.

Fix this by introducing a new resp_len variable that holds the number of
bytes allocated for resp.  Also, move the allocation after the basic
sanity checks have been performed to avoid allocating/freeing memory
unnecessarily.

Fixes: 18a63f91fd ("ap: Write extra frame IEs from the user")
2021-04-30 16:37:19 -05:00
James Prestwood
e0f21ed293 netdev: set connected to false in netdev_reassociate
Commit 1fe5070 added a workaround for drivers which may send the
connect event prior to the connect callback/ack. This caused IWD
to fail to start eapol if reassociation was used due to
netdev_reassociate never setting netdev->connected = false.

netdev_reassociate uses the same code path as normal connections,
but when the connect callback came in connected was already set
to true which then prevents eapol from being registered. Then,
once the connect event comes in, there is no frame watch for
eapol and IWD doesn't respond to any handshake frames.
2021-04-30 16:21:35 -05:00
James Prestwood
486c859ad6 ft: netdev: add return value to tx_associate
Prior to this, an error sending the FT Reassociation was treated
as fatal, which is correct for FT-over-Air but not for FT-over-DS.
If the actual l_genl_family_send call fails for FT-over-DS the
existing connection can be maintained and there is no need to
call netdev_connect_failed.

Adding a return to the tx_associate function works for both FT
types. In the FT-over-Air case this return will ultimately get
sent back up to auth_proto_rx_authenticate in which case will
call netdev_connect_failed. For FT-over-DS tx_associate is
actually called from the 'start' operation which can fail and
still maintain the existing connection.
2021-04-30 13:09:53 -05:00
James Prestwood
1b5a58233c station: separate FT-over-DS stages
FT-over-DS was refactored to separate the FT action frame and
reassociation. From stations standpoint IWD needs to call
netdev_fast_transition_over_ds_action prior to actually roaming.
For now these two stages are being combined and the action
roam happens immediately after the action response callback.
2021-04-30 13:09:13 -05:00
James Prestwood
c10b8d42e3 ft: netdev: refactor FT-over-DS into two stages
FT-over-DS followed the same pattern as FT-over-Air which worked,
but really limited how the protocol could be used. FT-over-DS is
unique in that we can authenticate to many APs by sending out
FT action frames and parsing the results. Once parsed IWD can
immediately Reassociate, or do so at a later time.

To take advantage of this IWD need to separate FT-over-DS into
two stages: action frame and reassociation.

The initial action frame stage is started by netdev. The target
BSS is sent an FT action frame and a new cache entry is created
in ft.c. Once the response is received the entry is updated
with all the needed data to Reassociate. To limit the record
keeping on netdev each FT-over-DS entry holds a userdata pointer
so netdev doesn't need to maintain its own list of data for
callbacks.

Once the action response is parsed netdev will call back signalling
the action frame sequence was completed (either successfully or not).
At this point the 'normal' FT procedure can start using the
FT-over-DS auth-proto.
2021-04-30 13:09:09 -05:00
Denis Kenzior
184b19c992 ap: Fix possible memleak of 'rates' 2021-04-30 11:38:04 -05:00
Denis Kenzior
d973c347be ap: Fix l_settings leak
l_settings is leaked if l_settings_load_from_file() fails.
2021-04-30 11:36:19 -05:00
Denis Kenzior
84ca680611 netdev: Refine error handling in roam_event 2021-04-30 11:31:22 -05:00
Denis Kenzior
f35a40c0c5 resolve: Simplify dbus_message error handling logic 2021-04-30 11:04:33 -05:00
James Prestwood
6c5fe246a7 netdev: separate over-air and over-ds netdev APIs 2021-04-30 09:59:46 -05:00
James Prestwood
0d45316891 ft: separate over-air from over-ds initializers 2021-04-30 09:59:31 -05:00
James Prestwood
37811a092c ft: create class for FT-over-DS targets
FT-over-DS is being separated into two independent stages. The
first of which is the processing of the action frame response.
This new class will hold all the parsed information from the action
frame and allowing it to be retrieved at a later time when IWD
needs to roam.

Initial info class should be created when the action frame is
being sent out. Once a response is received it can be parsed
with ft_over_ds_parse_action_response. This verifies the frame
and updates the ft_ds_info class with the parsed data.

ft_over_ds_prepare_handshake is the final step prior to
Reassociation. This sets all the stored IEs, anonce, and KH IDs
into the handshake and derives the new PTK.
2021-04-30 09:58:37 -05:00
James Prestwood
2c0234e161 ft: rework ft_parse_ies
This adds the RSNE verification to ft_parse_ies which will
be common between over-Air and over-DS. The MDE check was
also factored out into its own minimal function as to
retain the spec comment but allow reuse elsewhere.
2021-04-30 09:58:13 -05:00
Denis Kenzior
2697af428e nl80211cmd: Add additional command decoding 2021-04-29 21:37:38 -05:00
Denis Kenzior
acbbedb9d3 netdev: Remove unused member 2021-04-29 12:56:51 -05:00
James Prestwood
0531e9ab08 station: remove diagnostic interface on station_free
If station gets removed ungracefully (e.g. rfkill/hotplug) it
may not have a chance to disconnect, meaning the diagnostic
interface would remain up.
2021-04-28 14:46:16 -05:00
James Prestwood
3b3f6d33fe station: tie diagnostic interface cleanup to DISCONNECTING
Prior to this the diagnostic interface was taken down when station
transitioned to DISCONNECTED. This worked but once station is in
a DISCONNECTING state it then calls netdev_disconnect(). Trying to
get any diagnostic data during this time may not work as its
unknown what state exactly the kernel is in. To be safe take the
interface down when station is DISCONNECTING.
2021-04-28 14:31:33 -05:00
Denis Kenzior
dcfd0e2ade treewide: Get rid of non-ASCII characters 2021-04-28 14:16:06 -05:00
James Prestwood
f4d515fc79 ft: expose ft_build_authenticate_ies
The building of the FT IEs for Action/Authenticate
frames will need to be shared between ft and netdev
once FT-over-DS is refactored.

The building was refactored to work off the callers
buffer rather than internal stack buffers. An argument
'new_snonce' was included as FT-over-DS will generate
a new snonce for the initial action frame, hence the
handshakes snonce cannot be used.
2021-04-28 13:49:35 -05:00
James Prestwood
f3e4266add ft: factor out various parsing routines
Break up the rather large code block which parses out IEs,
verifies, and sets into the handshake. FT-over-DS needs these
steps broken up in order to parse the action frame response
without modifying the handshake.
2021-04-28 13:46:31 -05:00
James Prestwood
07fe995a5d netdev: add user_data to netdev_send_action_frame[v]
This makes this internal API a bit more usable by removing the
restriction of always having netdev as the user_data.
2021-04-28 13:35:21 -05:00
Denis Kenzior
a0911ca778 station: Make sure roam_scan_id is always canceled
Under very rare circumstances the roaming scan triggered might not be
canceled properly.  This is because we issue the roam scan recursively
from within a scan callback and re-use the id of the scan for the
subsequent request.  The destroy callback is invoked right after the
callback and resets the id.  This leads to the scan not being canceled
properly in roam_state_clear().

src/netdev.c:netdev_mlme_notify() MLME notification Notify CQM(64)
src/station.c:station_roam_trigger_cb() 37
src/station.c:station_roam_scan() ifindex: 37
src/station.c:station_roam_trigger_cb() Using cached neighbor report for roam
...
src/scan.c:get_scan_done() get_scan_done
src/station.c:station_roam_failed() 37
src/station.c:station_roam_scan() ifindex: 37
src/scan.c:scan_request_triggered() Active scan triggered for wdev 22
^CTerminate
src/netdev.c:netdev_free() Freeing netdev wlan0[37]
src/device.c:device_free()
src/station.c:station_free()
...
Removing scan context for wdev 22
src/scan.c:scan_context_free() sc: 0x4a362a0
src/wiphy.c:wiphy_radio_work_done() Work item 14 done
==19542== Invalid write of size 4
==19542==    at 0x411500: station_roam_scan_destroy (station.c:2010)
==19542==    by 0x420B5B: scan_request_free (scan.c:156)
==19542==    by 0x410BAC: destroy_work (wiphy.c:294)
==19542==    by 0x410BAC: wiphy_radio_work_done (wiphy.c:1613)
==19542==    by 0x46C66E: l_queue_clear (queue.c:107)
==19542==    by 0x46C6B8: l_queue_destroy (queue.c:82)
==19542==    by 0x420BAE: scan_context_free (scan.c:205)
==19542==    by 0x424135: scan_wdev_remove (scan.c:2272)
==19542==    by 0x408754: netdev_free (netdev.c:847)
==19542==    by 0x40E18C: netdev_shutdown (netdev.c:5773)
==19542==    by 0x404756: iwd_shutdown (main.c:78)
==19542==    by 0x404756: iwd_shutdown (main.c:65)
==19542==    by 0x470E21: handle_callback (signal.c:78)
==19542==    by 0x470E21: signalfd_read_cb (signal.c:104)
==19542==    by 0x47166B: io_callback (io.c:120)
==19542==  Address 0x4d81f98 is 200 bytes inside a block of size 288 free'd
==19542==    at 0x48399CB: free (vg_replace_malloc.c:538)
==19542==    by 0x47F3E5: interface_instance_free (dbus-service.c:510)
==19542==    by 0x481DEA: _dbus_object_tree_remove_interface (dbus-service.c:1694)
==19542==    by 0x481F1C: _dbus_object_tree_object_destroy (dbus-service.c:795)
==19542==    by 0x40894F: netdev_free (netdev.c:844)
==19542==    by 0x40E18C: netdev_shutdown (netdev.c:5773)
==19542==    by 0x404756: iwd_shutdown (main.c:78)
==19542==    by 0x404756: iwd_shutdown (main.c:65)
==19542==    by 0x470E21: handle_callback (signal.c:78)
==19542==    by 0x470E21: signalfd_read_cb (signal.c:104)
==19542==    by 0x47166B: io_callback (io.c:120)
==19542==    by 0x47088C: l_main_iterate (main.c:478)
==19542==    by 0x47095B: l_main_run (main.c:525)
==19542==    by 0x47095B: l_main_run (main.c:507)
==19542==    by 0x470B6B: l_main_run_with_signal (main.c:647)
==19542==  Block was alloc'd at
==19542==    at 0x483879F: malloc (vg_replace_malloc.c:307)
==19542==    by 0x46AB2D: l_malloc (util.c:62)
==19542==    by 0x416599: station_create (station.c:3448)
==19542==    by 0x406D55: netdev_newlink_notify (netdev.c:5324)
==19542==    by 0x46D4BC: l_hashmap_foreach (hashmap.c:612)
==19542==    by 0x472F46: process_broadcast (netlink.c:158)
==19542==    by 0x472F46: can_read_data (netlink.c:279)
==19542==    by 0x47166B: io_callback (io.c:120)
==19542==    by 0x47088C: l_main_iterate (main.c:478)
==19542==    by 0x47095B: l_main_run (main.c:525)
==19542==    by 0x47095B: l_main_run (main.c:507)
==19542==    by 0x470B6B: l_main_run_with_signal (main.c:647)
==19542==    by 0x403EDB: main (main.c:490)
==19542==
2021-04-28 13:15:45 -05:00
James Prestwood
06aa84ccaf ap: set link/operstate on AP start/stop
Prior to this netdev_connect_ok set setting this which really
only applies to station mode. In addition this happens for each
new station that connects to the AP. Instead set the operstate /
link mode when AP starts and stops.
2021-04-28 11:29:51 -05:00
James Prestwood
e0ffd94832 netdev: only call connect_ok in station/p2p_client mode
netdev_connect_ok is only for station/p2p_client modes but AP
also ends up on the same code path. Check the iftype before
calling netdev_connect_ok.
2021-04-28 11:29:43 -05:00
Andrew Zaborowski
e148e1ea99 eap: Print a hint if Identity is likely wrong 2021-04-28 11:27:14 -05:00
Andrew Zaborowski
694799c9c2 ap: Deduplicate writing authorized MACs into wsc_* structs 2021-04-28 11:26:42 -05:00
Andrew Zaborowski
ca9895692a doc: Update iwd.ap(5) man page
Try to document some of the settings moved from struct ap_config to the
settings object now passed to ap_start(), skip the strictly internal-use
ones.
2021-04-28 11:25:46 -05:00
Andrew Zaborowski
5cc0f68d51 doc: Clarify settings in iwd.ap(5)
Change some of the wording, add some references and more specific syntax
information (time units, IP list separator character, etc.)
2021-04-28 11:25:46 -05:00
Andrew Zaborowski
ab6cd7e465 ap: Drop struct ap_config in favor of l_settings
Change ap_start to load all of the AP configuration from a struct
l_settings, moving the 6 or so parameters from struct ap_config members
to the l_settings groups and keys.  This extends the ap profile concept
used for the DHCP settings.  ap_start callers create the l_settings
object and fill the values in it or read the settings in from a file.

Since ap_setup_dhcp and ap_load_profile_and_dhcp no longer do the
settings file loading, they needed to be refactored and some issues were
fixed in their logic, e.g. l_dhcp_server_set_ip_address() was never
called when the "IP pool" was used.  Also the IP pool was previously only
used if the ap->config->profile was NULL and this didn't match what the
docs said:
"If [IPv4].Address is not provided and no IP address is set on the
interface prior to calling StartProfile the IP pool will be used."
2021-04-28 11:25:46 -05:00
James Prestwood
11914431bc netdev: zero out diagnostic info
The info struct is on the stack which leads to the potential
for uninitialized data access. Zero out the info struct prior
to calling the get station callback:

==141137== Conditional jump or move depends on uninitialised value(s)
==141137==    at 0x458A6F: diagnostic_info_to_dict (diagnostic.c:109)
==141137==    by 0x41200B: station_get_diagnostic_cb (station.c:3620)
==141137==    by 0x405BE1: netdev_get_station_cb (netdev.c:4783)
==141137==    by 0x4722F9: process_unicast (genl.c:994)
==141137==    by 0x4722F9: received_data (genl.c:1102)
==141137==    by 0x46F28B: io_callback (io.c:120)
==141137==    by 0x46E5AC: l_main_iterate (main.c:478)
==141137==    by 0x46E65B: l_main_run (main.c:525)
==141137==    by 0x46E65B: l_main_run (main.c:507)
==141137==    by 0x46E86B: l_main_run_with_signal (main.c:647)
==141137==    by 0x403EA8: main (main.c:490)
2021-04-28 11:24:13 -05:00
Denis Kenzior
8cb61f9aae diagnostic: Fix crash with Open networks
It isn't safe to return a NULL from diagnostic_akm_suite_to_security()
since the value is used directly.  Also, if the AKM suite is 0, this
implies that the network is an Open network and not some unknown AKM.

==17982== Invalid read of size 1
==17982==    at 0x483BC92: strlen (vg_replace_strmem.c:459)
==17982==    by 0x47DE60: _dbus1_builder_append_basic (dbus-util.c:981)
==17982==    by 0x41ACB2: dbus_append_dict_basic (dbus.c:197)
==17982==    by 0x412050: station_get_diagnostic_cb (station.c:3614)
==17982==    by 0x405B19: netdev_get_station_cb (netdev.c:4801)
==17982==    by 0x47436E: process_unicast (genl.c:994)
==17982==    by 0x47436E: received_data (genl.c:1102)
==17982==    by 0x470FBB: io_callback (io.c:120)
==17982==    by 0x4701DC: l_main_iterate (main.c:478)
==17982==    by 0x4702AB: l_main_run (main.c:525)
==17982==    by 0x4702AB: l_main_run (main.c:507)
==17982==    by 0x4704BB: l_main_run_with_signal (main.c:647)
==17982==    by 0x403EDB: main (main.c:490)
==17982==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==17982==
Aborting (signal 11) [/home/denkenz/iwd/src/iwd]
++++++++ backtrace ++++++++
0  0x488a550 in /lib64/libc.so.6
1  0x483bc92 in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so
2  0x47de61 in _dbus1_builder_append_basic() at ell/dbus-util.c:983
3  0x41acb3 in dbus_append_dict_basic() at src/dbus.c:197
4  0x412051 in station_get_diagnostic_cb() at src/station.c:3618
5  0x405b1a in netdev_get_station_cb() at src/netdev.c:4801
2021-04-28 11:19:38 -05:00
Denis Kenzior
1c9a736ed5 netconfig: Cancel outstanding rtnl commands
It is possible for the RTNL command callback to come after
netconfig_reset or netconfig_destroy has been called.  Make sure that
any outstanding commands that might access the netconfig object are
canceled.

src/netconfig.c:netconfig_ipv4_dhcp_event_handler() DHCPv4 event 0
src/netconfig.c:netconfig_ifaddr_added() wlan0: ifaddr 192.168.1.55/24 broadcast 192.168.1.255
^CTerminate
src/netdev.c:netdev_free() Freeing netdev wlan0[15]
src/device.c:device_free()
src/station.c:station_free()
src/netconfig.c:netconfig_destroy()
src/netconfig.c:netconfig_reset()
src/netconfig.c:netconfig_reset_v4() 16
src/netconfig.c:netconfig_reset_v4() Stopping client
Removing scan context for wdev c
src/scan.c:scan_context_free() sc: 0x4a3cc10
==12792== Invalid read of size 8
==12792==    at 0x43BF5A: netconfig_route_add_cmd_cb (netconfig.c:600)
==12792==    by 0x4727FA: process_message (netlink.c:181)
==12792==    by 0x4727FA: can_read_data (netlink.c:289)
==12792==    by 0x470F4B: io_callback (io.c:120)
==12792==    by 0x47016C: l_main_iterate (main.c:478)
==12792==    by 0x47023B: l_main_run (main.c:525)
==12792==    by 0x47023B: l_main_run (main.c:507)
==12792==    by 0x47044B: l_main_run_with_signal (main.c:647)
==12792==    by 0x403EDB: main (main.c:490)
2021-04-28 11:19:34 -05:00
Denis Kenzior
e5550ed58f netdev: Detect netdev going down early
In case the netdev is brought down while we're trying to connect, try to
detect this and fail early instead of trying to send additional
commands.

src/station.c:station_enter_state() Old State: disconnected, new state: connecting
src/station.c:station_netdev_event() Associating
src/netdev.c:netdev_mlme_notify() MLME notification Connect(46)
src/netdev.c:netdev_connect_event()
src/netdev.c:netdev_link_notify() event 16 on ifindex 4
src/eapol.c:eapol_handle_ptk_1_of_4() ifindex=4
src/netdev.c:netdev_link_notify() event 16 on ifindex 4
src/eapol.c:eapol_handle_ptk_3_of_4() ifindex=4
src/netdev.c:netdev_set_gtk() 4
src/station.c:station_handshake_event() Setting keys
src/netdev.c:netdev_set_tk() 4
src/netdev.c:netdev_set_rekey_offload() 4
New Key for Group Key failed for ifindex: 4:Network is down
src/netdev.c:netdev_link_notify() event 16 on ifindex 4
src/station.c:station_free()
src/netdev.c:netdev_mlme_notify() MLME notification Disconnect(48)
src/netdev.c:netdev_disconnect_event()
src/wiphy.c:wiphy_reg_notify() Notification of command Reg Change(36)
src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for (global) is XX
src/netdev.c:netdev_link_notify() event 16 on ifindex 4
src/wiphy.c:wiphy_reg_notify() Notification of command Reg Change(36)
src/wiphy.c:wiphy_update_reg_domain() New reg domain country code for (global) is DE
src/wiphy.c:wiphy_radio_work_done() Work item 14 done
src/station.c:station_connect_cb() 4, result: 4
Segmentation fault
2021-04-27 17:33:37 -05:00
Denis Kenzior
775f4643b5 netdev: Move disconnect_cmd_id reset
This operation logically belongs in the callback, not a common operation
that is also invoked from event handlers.
2021-04-27 16:16:09 -05:00
James Prestwood
9d9c516596 wiphy: add fils_hint to wiphy_can_connect
A prior commit refactored the AKM selection in wiphy.c. This
ended up breaking FILS tests due to the hard coding of a
false fils_hint in wiphy_select_akm. Since our FILS tests
only advertise FILS AKMs wiphy_can_connect would return false
for these networks.

Similar to wiphy_select_akm, add a fils hint parameter to
wiphy_can_connect and pass that down directly to wiphy_select_akm.
2021-04-27 14:48:23 -05:00
James Prestwood
bba47527d3 station: update to use network_has_erp_identity 2021-04-27 14:48:09 -05:00
James Prestwood
936542fa79 network: copy station_has_erp_identity
This API is internal to station, but acts only on the network
object so it is being moved into network.c and exposed.
2021-04-27 14:47:16 -05:00
Denis Kenzior
1fe5070666 netdev: Work around CMD_CONNECT behavior on mwifiex 2021-04-27 14:00:24 -05:00
Denis Kenzior
337f5e062e netdev: Return -ENOTCONN in netdev_get_current_station 2021-04-27 10:22:46 -05:00
Denis Kenzior
654154e721 network: ensure passphrase is valid when psk is set
If PreSharedKey is set, the current logic does not validate the
Passphrase beyond its existence.  This can lead to strange situations
where an invalid WPA3-PSK passphrase might get used.  This can of course
only happen if the user (as root) or NetworkManager-iwd-backend writes
such a file incorrectly.
2021-04-27 09:34:22 -05:00
Andrew Zaborowski
8d58f5b679 wscutil: Move DeviceType parsing from p2p & eap-wsc to a function
Move the WSC Primary Device Type parsing from p2p.c and eap-wsc.c to a
common function in wscutil.c supporting both formats so that it can be
used in ap.c too.
2021-04-26 10:48:03 -05:00
Andrew Zaborowski
0ad463742b p2p,netdev: Fix event name typo in comments
Fix the spelling of NETDEV_RESULT_KEY_SETTING_FAILED in two comments.
2021-04-26 10:47:59 -05:00
Denis Kenzior
4a1dafb907 station: Move AP directed roam watch to station
Logically this frame watch belongs in station.  It was kept in device.c
for the purported reason that the station object was removed with
ifdown/ifup changes and hence the frame watch might need to be removed
and re-added unnecessarily.  Since the kernel does not actually allow to
unregister a frame watch (only when the netdev is removed or its iftype
changes), re-adding a frame watch might trigger a -EALREADY or similar
error.

Avoid this by registering the frame watch when a new netdev is detected
in STATION mode, or when the interface type changes to STATION.
2021-04-23 09:51:46 -05:00
Denis Kenzior
a83bb33ea5 rrm: React to IFTYPE_CHANGE events
If a netdev iftype is changed, all frame registrations are removed.
Make sure to re-register for the appropriate frame notifications in case
our iftype is switched back to 'station'.  In any other iftype, no frame
watches are registered and rrm_state object is effectively dormant.
2021-04-23 09:51:46 -05:00
Denis Kenzior
5e0069e146 rrm: Always create RRM state
Right now, RRM is created when a new netdev is detected and its iftype
is of type station.  That means that any devices that start their life
as any other iftype cannot be changed to a station and have RRM function
properly.  Fix that by always creating the RRM state regardless of the
initial iftype.
2021-04-23 09:51:46 -05:00
Denis Kenzior
23249c85c7 netdev: Add new iftype change event 2021-04-23 09:51:46 -05:00
Denis Kenzior
0611632d7b rrm: Track that station is removed
In the case that a netdev is powered down, or an interface type change
occurs, the station object will be removed and any watches will be
freed.

Since rrm is created when the netdev is created and persists across
iftype and power up/down changes, it should provide a destroy callback
to station_add_state_watch so that it can be notified when the watch is
removed.
2021-04-23 09:51:46 -05:00
Denis Kenzior
4fa2ce2cbe netdev: Re-add frame watches on iftype change
If the iftype changes, kernel silently wipes out any frame registrations
we may have registered.  Right now, frame registrations are only done when
the interface is created.  This can result in frame watches not being
added if the interface type is changed between station mode to ap mode
and then back to station mode, e.g.:

device wlan0 set-property Mode ap
device wlan0 set-property Mode station

Make sure to re-add frame registrations according to the mode if the
interface type is changed.
2021-04-23 09:51:46 -05:00
Denis Kenzior
b8ef64f6e3 frame-xchg: iftype changes to be managed by netdev
Since netdev now keeps track of iftype changes, let it call
frame_watch_wdev_remove on netdevs that it manages to clear frame
registrations that should be cleared due to an iftype change.

Note that P2P_DEVICE wdevs are not managed by any netdev object, but
since their iftype cannot be changed, they should not be affected
by this change.
2021-04-23 09:51:46 -05:00
Denis Kenzior
7a2719f314 netdev: Track SET_INTERFACE events
And set the interface type based on the event rather than the command
callback.  This allows us to track interface type changes even if they
come from outside iwd (which shouldn't happen.)
2021-04-23 09:51:46 -05:00
James Prestwood
d42549e46d netdev: move prepare_ft call which broke FT
The prepare_ft patch was an intermediate to a full patch
set and was not fully tested stand alone. Its placement
actually broke FT due to handshake->aa getting overwritten
prior to netdev->prev_bssid being copied out. This caused
FT to fail with "transport endpoint not connected (-107)"
2021-04-22 13:25:23 -05:00
James Prestwood
f98ddf2201 netdev: print error number on CMD_FRAME failure 2021-04-22 13:25:23 -05:00
Denis Kenzior
45dd5d2f7c frame-xchg: Make debugs a bit more useful
- Make sure to print the cookie information
- Don't print messages for frames we're not interested in.  This is
  particularly helpful when running auto-tests since frame acks from
  hostapd pollute the iwd log.
2021-04-21 11:03:55 -05:00
Denis Kenzior
ea324a7959 netdev: Fix connections to open networks
Fix a regression where connection to an open network results in an
NotSupported error being returned.

Fixes: d79e883e93 ("netdev: Introduce connection types")
2021-04-20 10:45:25 -05:00
Denis Kenzior
61d0abe910 netdev: Move iftype_to_string utility
Move and rename this utility into netdev_iftype_to_string away from
dbus.c.  This also allows us to drop including nl80211.h in dbus.c
2021-04-20 09:37:48 -05:00
Denis Kenzior
6096d8895d netdev: Mirror nl80211.h iftype enum values
This makes conversions simpler.  Also fixes a bug where P2P devices were
printed with an incorrect Mode value since dbus_iftype_to_string was
assuming that an iftype as defined in nl80211.h was being passed in,
while netdev was returning an enum value defined in netdev.h.
2021-04-20 09:37:48 -05:00
Denis Kenzior
89b3d34dd3 ie: Fix IE_AKM_IS_FILS macro
Fixes: e30345d699 ("ie: Add IE_AKM_IS_FILS macro")
2021-04-20 09:37:48 -05:00
Denis Kenzior
d3eef8b56a netdev: Move netdev finding to a common function 2021-04-16 14:47:48 -05:00
James Prestwood
9bbe14e7a3 netdev: factor out FT handshake preparation
This isolates the handshake/nhs preparation for
FT into its own function to be used by both
FT-over-Air and FT-over-DS after refactoring.
2021-04-16 11:32:55 -05:00
James Prestwood
726a12461f ft: separate ft_sm from ft_process_ies
To prepare for some refactoring remove the ft_sm dependency
from ft_process_ies and instead only make it depend on the
handshake_state object.
2021-04-16 11:13:46 -05:00
James Prestwood
b276e3f590 ap: remove rates requirement for fmac cards
It was seen that some full mac cards/drivers do not include any
rate information with the NEW_STATION event. This was causing
the NEW_STATION event to be ignored, preventing AP mode from
working on these cards.

Since the full mac path does not even require sta->rates the
parsing can be removed completely.
2021-04-12 14:15:18 -05:00
James Prestwood
d04ab5ad96 agent: call back even if agent disconnects
It was found that if the user cancels/disconnects the agent prior to
entering credentials, IWD would get stuck and could no longer accept
any connect calls with the error "Operation already in progress".
For example exiting iwctl in the Password prompt would cause this:

iwctl
$ station wlan0 connect myssid
$ Password: <Ctrl-C>

This was due to the agent never calling the network callback in the
case of an agent disconnect. Network would wait indefinitely for the
credentials, and disallow any future connect attempts.

To fix this agent_finalize_pending can be called in agent_disconnect
with a NULL reply which behaves the same as if there was an
internal timeout and ultimately allows network to fail the connection
2021-04-09 11:36:08 -05:00
James Prestwood
379ec4b952 netdev: implement netdev_set_pmk
The 8021x offloading procedure still does EAP in userspace which
negotiates the PMK. The kernel then expects to obtain this PMK
from userspace by calling SET_PMK. This then allows the firmware
to begin the 4-way handshake.

Using __eapol_install_set_pmk_func to install netdev_set_pmk,
netdev now gets called into once EAP finishes and can begin
the final userspace actions prior to the firmware starting
the 4-way handshake:

 - SET_PMK using PMK negotiated with EAP
 - Emit SETTING_KEYS event
 - netdev_connect_ok

One thing to note is that the kernel provides no way of knowing if
the 4-way handshake completed. Assuming SET_PMK/SET_STATION come
back with no errors, IWD assumes the PMK was valid. If not, or
due to some other issue in the 4-way, the kernel will send a
disconnect.
2021-04-09 11:33:20 -05:00
James Prestwood
026ec40e1c netdev: add CONNECTION_TYPE_8021X_OFFLOAD
This adds a new type for 8021x offload as well as support in
building CMD_CONNECT.

As described in the comment, 8021x offloading is not particularly
similar to PSK as far as the code flow in IWD is concerned. There
still needs to be an eapol_sm due to EAP being done in userspace.
This throws somewhat of a wrench into our 'is_offload' cases. And
as such this connection type is handled specially.
2021-04-09 11:32:34 -05:00
James Prestwood
93b49a72ac eapol: add PMK installer support
802.1x offloading needs a way to call SET_PMK after EAP finishes.
In the same manner as set_tk/gtk/igtk a new 'install_pmk' function
was added which eapol can call into after EAP completes.
2021-04-09 11:32:21 -05:00
Denis Kenzior
3284ed4e8e eapol: Work around an apparent GCC 8.3 bug
With GCC 8.3 on Rasberry Pi, iwd sends invalid EAPoL 1_of_4 packets:

< PAE: len 99                                                          8.785095
    Interface Index: 27
    EAPoL: len 99
        Protocol Version: 2 (802.1X-2004)
        Type: 3 (Key)
        Length: 95
        Checking mic len 16
        Frame len 99
        key data len 22
        Checking mic len 24
        Frame len 107
        Bad MIC len, malformed packet?
        02 03 00 5f 02 00 8a 00 10 00 00 00 00 00 00 00  ..._............
        02 94 40 a3 da c3 2b aa b7 a6 a5 5f 25 0a ae 74  ..@...+...._%..t
        b0 8d e2 62 9c 90 c9 e9 fd a5 33 1b e1 b4 9b 81  ...b......3.....
        42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  B...............
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        00 00 16

The trouble seems to be that eapol_key_data_append() correctly sets the
key_data_length field (the last 2 bytes of the message), but the actual
packet_length is not being set properly.

Dropping to O0 optimization level results in GCC correctly computing
the packet length.
2021-04-07 16:47:40 -05:00
James Prestwood
6c9f72380d netdev: use l_idle_create for disconnect idle
The chances were extremely low, but using l_idle_oneshot
could end up causing a invalid memory access if the netdev
went down while waiting for the disconnect idle callback.

Instead netdev can keep track of the idle with l_idle_create
and remove it if the netdev goes down prior to the idle callback.
2021-04-06 12:32:30 -05:00
James Prestwood
51fc2453ba netdev: fix spelling error 2021-04-05 17:49:36 -05:00
James Prestwood
135ad0880e sae: remove authenticate timeout handler
This fixes an infinite loop issue when authenticate frames time
out. If the AP is not responding IWD ends up retrying indefinitely
due to how SAE was handling this timeout. Inside sae_auth_timeout
it was actually sending another authenticate frame to reject
the SAE handshake. This, again, resulted in a timeout which called
the SAE timeout handler and repeated indefinitely.

The kernel resend behavior was not taken into account when writing
the SAE timeout behavior and in practice there is actually no need
for SAE to do much of anything in response to a timeout. The
kernel automatically resends Authenticate frames 3 times which mirrors
IWDs SAE behavior anyways. Because of this the authenticate timeout
handler can be completely removed, which will cause the connection
to fail in the case of an autentication timeout.
2021-04-05 17:47:42 -05:00
James Prestwood
fc4739f2db netdev: fix crash from carefully timed Connect()
This crash was caused from the disconnect_cb being called
immediately in cases where send_disconnect was false. The
previous patch actually addressed this separately as this
flag was being set improperly which will, indirectly, fix
one of the two code paths that could cause this crash.

Still, there is a situation where send_disconnect could
be false and in this case IWD would still crash. If IWD
is waiting to queue the connect item and netdev_disconnect
is called it would result in the callback being called
immediately. Instead we can add an l_idle as to allow the
callback to happen out of scope, which is what station
expects.

Prior to this patch, the crashing behavior can be tested using
the following script (or some variant of it, your system timing
may not be the same as mine).

iwctl station wlan0 disconnect
iwctl station wlan0 connect <network1> &
sleep 0.02
iwctl station wlan0 connect <network2>

++++++++ backtrace ++++++++
0  0x7f4e1504e530 in /lib64/libc.so.6
1  0x432b54 in network_get_security() at src/network.c:253
2  0x416e92 in station_handshake_setup() at src/station.c:937
3  0x41a505 in __station_connect_network() at src/station.c:2551
4  0x41a683 in station_disconnect_onconnect_cb() at src/station.c:2581
5  0x40b4ae in netdev_disconnect() at src/netdev.c:3142
6  0x41a719 in station_disconnect_onconnect() at src/station.c:2603
7  0x41a89d in station_connect_network() at src/station.c:2652
8  0x433f1d in network_connect_psk() at src/network.c:886
9  0x43483a in network_connect() at src/network.c:1183
10 0x4add11 in _dbus_object_tree_dispatch() at ell/dbus-service.c:1802
11 0x49ff54 in message_read_handler() at ell/dbus.c:285
12 0x496d2f in io_callback() at ell/io.c:120
13 0x495894 in l_main_iterate() at ell/main.c:478
14 0x49599b in l_main_run() at ell/main.c:521
15 0x495cb3 in l_main_run_with_signal() at ell/main.c:647
16 0x404add in main() at src/main.c:490
17 0x7f4e15038b25 in /lib64/libc.so.6
2021-04-05 17:23:41 -05:00
James Prestwood
d008b93444 netdev: add check for running work item in netdev_disconnect
The send_disconnect flag was being improperly set based only
on connect_cmd_id being zero. This does not take into account
the case of CMD_CONNECT having finished but not EAPoL. In this
case we do need to send a disconnect.
2021-04-05 17:23:28 -05:00
James Prestwood
1c0b001b53 wiphy: add wiphy_radio_work_is_running
This provides a way to know if a work item is actually running
vs only been queued and waiting to run.
2021-04-05 16:58:43 -05:00
James Prestwood
9e412f9fdd netdev: allow PSK offload for FT AKMs
This adds a new connection type, TYPE_PSK_OFFLOAD, which
allows the 4-way handshake to be offloaded by the firmware.
Offloading will be used if the driver advertises support.

The CMD_ROAM event path was also modified to take into account
handshake offloading. If the handshake is offloaded we still
must issue GET_SCAN, but not start eapol since the firmware
takes care of this.
2021-04-02 17:24:03 -05:00
James Prestwood
f5c5efa033 wiphy: allow FT AKM to be used if Auth/Assoc is not supported
Until now FT was only supported via Auth/Assoc commands which barred
any fullmac cards from using FT AKMs. With PSK offload support these
cards can do FT but only when offloading is used.
2021-04-02 17:23:07 -05:00
James Prestwood
81e3dc6ae6 netdev: fix CMD_ROAM for open networks
In the FW scan callback eapol was being stared unconditionally which
isn't correct as roaming on open networks is possible. Instead check
that a SM exists just like is done in netdev_connect_event.
2021-04-02 17:18:12 -05:00
James Prestwood
44625373bc netdev: better handle disconnect after FW scan
This should have been updated along with the connect and roam
event separation. Since netdev_connect_event is not being
re-used for CMD_ROAM the comment did not make sense anymore.
Still, there needs to be a check to ensure we were not disconnected
while waiting for GET_SCAN to come back.
2021-04-02 17:18:02 -05:00
James Prestwood
0d6b572ca5 netdev: separate netdev_{roam,connect}_event
netdev_connect_event was being reused for parsing of CMD_ROAM
attributes which made some amount of sense since these events
are nearly identical, but due to the nature of firmware roaming
there really isn't much IWD needs to parse from CMD_ROAM. In
addition netdev_connect_event was getting rather complicated
since it had to handle both CMD_ROAM and CMD_CONNECT.

The only bits of information IWD needs to parse from CMD_ROAM
is the roamed BSSID, authenticator IEs, and supplicant IEs. Since
this is so limited it now makes little sense to reuse the entire
netdev_connect_event function, and intead only parse what is
needed for CMD_ROAM.
2021-04-02 13:04:45 -05:00
James Prestwood
c390deafcb netdev: move request IE parsing into function
Moves the parsing of NL80211_ATTR_REQ_IE into its own parsing
function for use elsewhere.
2021-04-02 13:04:19 -05:00
Denis Kenzior
ca085d799d station: Do not set or use the offload bit
station should be isolated as much as possible from the details of the
driver type and how a particular AKM is handled under the hood.  It will
be up to wiphy to pick the best AKM for a given bss.  netdev in turn
will pick how to drive the particular AKM that was picked.
2021-03-31 11:27:10 -05:00
Denis Kenzior
d79e883e93 netdev: Introduce connection types
Currently netdev handles SoftMac and FullMac drivers mostly in the same
way, by building CMD_CONNECT nl80211 commands and letting the kernel
figure out the details.  Exceptions to this are FILS/OWE/SAE AKMs which
are only supported on SoftMac drivers by using
CMD_AUTHENTICATE/CMD_ASSOCIATE.

Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards
was introduced.  When offloaded, the control flow is very different than
under typical conditions and required additional logic checks in several
places.  The logic is now becoming quite complex.

Introduce a concept of a connection type in order to make it clearer
what driver and driver features are being used for this connection.  In
the future, connection types can be expanded with 802.1X handshake
offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE
connections.
2021-03-31 10:48:05 -05:00
Denis Kenzior
e30345d699 ie: Add IE_AKM_IS_FILS macro 2021-03-31 10:05:55 -05:00
Denis Kenzior
fa3fad37ce ie: Ad IE_AKM_IS_FT 2021-03-31 10:05:44 -05:00
James Prestwood
b5b815ef16 wiphy: Use wiphy_select_akm in wiphy_can_connect
Commit 6e8b76527 added a switch statement for AKM suites which
was not correct as this is a bitmask and may contain multiple
values. Intead we can rely on wiphy_select_akm which is a more
robust check anyways.

Fixes: 6e8b765278 ("wiphy: add check for CMD_AUTH/CMD_ASSOC support")
2021-03-30 17:29:04 -05:00
James Prestwood
19ce2d86dd netdev: remove unneeded goto/return code
All possible paths led to the same result so it was
simplified to remove two goto's and a return call.
2021-03-29 15:48:50 -05:00
James Prestwood
a04d4423f8 sae: add counter for associate retries
If there is an associate timeout, retry a few times in case
it was just a fluke. At this point SAE is fully negotiated
so it makes sense to attempt to save the connection.
2021-03-29 15:48:50 -05:00
James Prestwood
90485cb2ee netdev: better handle associate timeouts with auth_protos
Any auth proto which did not implement the assoc_timeout handler
could end up getting 'stuck' forever if there was an associate
timeout. This is because in the event of an associate timeout IWD
only sets a few flags and relies on the connect event to actually
handle the failure. The problem is a connect event never comes
if the failure was a timeout.

To fix this we can explicitly fail the connection if the auth
proto has not implemented assoc_timeout or if it returns false.
2021-03-29 15:48:50 -05:00
James Prestwood
28a7dd7fba station: get neighbor report after roaming
In the same vein as requesting a neighbor report after
connecting for the first time, it should also be done
after a roam to obtain the latest neighbor information.
2021-03-29 14:12:02 -05:00
James Prestwood
9b682d43db station: unify firmware/normal roaming
This doesn't change much functionally but does unify the
two roaming paths by ending with 'station_roamed()'.
2021-03-29 14:11:45 -05:00
James Prestwood
21e95dd2d8 station: clear out roam frequencies after roam 2021-03-29 14:11:37 -05:00
James Prestwood
c2330c5332 station: add Security key to GetDiagnostics 2021-03-29 13:18:01 -05:00
James Prestwood
2c2c1e3ebf diagnostic: add diagnostic_akm_suite_to_security
Converts ie_rsn_akm_suite values (and WPA1 hint) into a more
human readable security string such as:

WPA2-Personal, WPA3-Personal, WPA2-Personal + FT etc.
2021-03-29 13:17:36 -05:00
Denis Kenzior
e730baac4a station: Make sure to reset scanning property
When we cancel a quick scan that has already been triggered, the
Scanning property is never reset to false.  This doesn't fully reflect
the actual scanning state of the hardware since we don't (yet) abort
the scan, but at least corrects the public API behavior.

{Network} [/net/connman/iwd/0/7/73706733_psk] Connected = False
{Station} [/net/connman/iwd/0/7] Scanning = True
{Station} [/net/connman/iwd/0/7] State = connecting
{Station} [/net/connman/iwd/0/7] ConnectedNetwork =
/net/connman/iwd/0/7/73706733_psk
{Network} [/net/connman/iwd/0/7/73706733_psk] Connected = True
2021-03-29 10:44:02 -05:00
Denis Kenzior
9a67a21bd2 station: Add a warning of rekey fails 2021-03-24 13:10:32 -05:00
Denis Kenzior
d958239da9 eapol: Don't ignore EAPoL protocol version 2010
Some newer Cisco APs seem to send this protocol version by default
2021-03-22 17:47:53 -05:00
James Prestwood
73b247d72f netdev: prevent crash with open networks
The SAE offload changes assumed a handshake object would
exist in netdev, which is not the case for open networks.
2021-03-22 17:46:05 -05:00
James Prestwood
0b38aabde3 station: set handshake offload if required
If IWD is connecting to a SAE/WPA3 BSS and Auth/Assoc commands
are not supported the only option is SAE offload. At this point
network_connect should have verified that the extended feature
for SAE offload exists so we can simply enable offload if these
commands are not supported.
2021-03-22 14:16:31 -05:00
James Prestwood
b17f27f04d netdev: add SAE offload support
SAE offload support requires some minor tweaks to CMD_CONNECT
as well as special checks once the connect event comes in. Since
at this point we are fully connected.
2021-03-22 14:15:56 -05:00
James Prestwood
edad26b4be handshake: add offload flag
If true, this flag indicates the handshake is being offloaded to
the kernel/hardware.
2021-03-22 14:15:44 -05:00
James Prestwood
997c54f185 wiphy: check SAE offload in wiphy_can_connect
This allows this wiphy_can_connect to pass for an SAE BSS
if the hardware does not support user space SAE, but does
support SAE offload.
2021-03-22 14:14:16 -05:00
James Prestwood
3e3ef284de wiphy: check SAE offload in wiphy_select_akm
This allows an SAE AKM to be selected if the hardware does not
support SAE in userspace, but does support SAE offload.
2021-03-22 14:12:50 -05:00
James Prestwood
af3d0d21a0 wiphy: add getter for 'supports_cmds_auth_assoc' 2021-03-22 14:12:32 -05:00
James Prestwood
5033b5a24d netdev: parse SIGNAL_AVG when building diagnostics object 2021-03-16 11:25:53 -05:00
James Prestwood
fb0a1fba2a diagnostic: include AverageRSSI in GetDiagnostics 2021-03-16 11:25:39 -05:00
James Prestwood
2b5e566c9d station: use network_bss_update
This fixes a dangling pointer in network where station was
freeing the scan_bss but network still had a pointer to it
in its own bss_list.
2021-03-15 14:47:42 -05:00
James Prestwood
4577ee01f2 network: replace l_queue_get_entries loop
After adding network_bss_update, network now has a match_addr
queue function which can be used to replace an unneeded
l_queue_get_entries loop with l_queue_find.
2021-03-15 14:47:30 -05:00
James Prestwood
88d0a6a7c0 network: add network_bss_update
This will swap out a scan_bss object with a duplicate that may
exist in a networks bss_list. The duplicate will be removed by
since the object is owned by station it is assumed that it will
be freed elsewhere.
2021-03-15 14:47:07 -05:00
James Prestwood
97de24e694 station: disable roaming logic for auto-roaming cards
If the hardware roams automatically we want to be sure to not
react to CQM events and attempt to roam/disconnect on our own.

Note: this is only important for very new kernels where CQM
events were recently added to brcmfmac.
2021-03-15 13:32:35 -05:00
James Prestwood
2a46ab3042 wiphy: parse NL80211_ATTR_ROAM_SUPPORT flag
This tells us if the hardware is going to automatically
roam. We need this to know if station roaming logic should
be disabled.
2021-03-15 13:32:08 -05:00
James Prestwood
133347440e netdev: station: support full mac roaming
Roaming on a full mac card is quite different than soft mac
and needs to be specially handled. The process starts with
the CMD_ROAM event, which tells us the driver is already
roamed and associated with a new AP. After this it expects
the 4-way handshake to be initiated. This in itself is quite
simple, the complexity comes with how this is piped into IWD.

After CMD_ROAM fires its assumed that a scan result is
available in the kernel, which is obtained using a newly
added scan API scan_get_firmware_scan. The only special
bit of this is that it does not 'schedule' a scan but simply
calls GET_SCAN. This is treated special and will not be
queued behind any other pending scan requests. This lets us
reuse some parsing code paths in scan and initialize a
scan_bss object which ultimately gets handed to station so
it can update connected_bss/bss_list.

For consistency station must also transition to a roaming state.
Since this roam is all handled by netdev two new events were
added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow
station to transition between roaming/connected states, and ROAMED
provides station with the new scan_bss to replace connected_bss.
2021-03-15 13:14:39 -05:00
James Prestwood
e8c87c8b42 scan: add scan_get_firmware_scan
Adds support for getting firmware scan results from the kernel.
This is intended to be used after the firmware roamed automatically
and the scan result is require for handshake initialization.

The scan 'request' is competely separate from the normal scan
queue, though scan_results, scan_request, and the scan_context
are all used for consistency and code reuse.
2021-03-15 13:14:16 -05:00
Denis Kenzior
0c0d9e5696 iwd: Use test_bit from ell 2021-03-12 13:49:23 -06:00
Denis Kenzior
f51025e143 util: Remove unused util_bit_field 2021-03-11 22:35:13 -06:00
Denis Kenzior
74ec6530cb eap-pwd: Use bit_field from ell 2021-03-11 22:35:03 -06:00
Denis Kenzior
113c1086e2 fils: Use bit_field from ell 2021-03-11 22:34:26 -06:00
Denis Kenzior
d60c58f595 ie: Use bit_field from ell 2021-03-11 22:33:21 -06:00
Denis Kenzior
3dae0592b0 eapol: Use bit_field from ell 2021-03-11 22:33:06 -06:00
Denis Kenzior
a941d4169f util: Remove unused util_set_bit 2021-03-11 22:24:05 -06:00
Denis Kenzior
666402870e wiphy: Use ell's set_bit 2021-03-11 22:23:52 -06:00