3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-27 03:19:24 +01:00
Commit Graph

5586 Commits

Author SHA1 Message Date
James Prestwood
9e412f9fdd netdev: allow PSK offload for FT AKMs
This adds a new connection type, TYPE_PSK_OFFLOAD, which
allows the 4-way handshake to be offloaded by the firmware.
Offloading will be used if the driver advertises support.

The CMD_ROAM event path was also modified to take into account
handshake offloading. If the handshake is offloaded we still
must issue GET_SCAN, but not start eapol since the firmware
takes care of this.
2021-04-02 17:24:03 -05:00
James Prestwood
f5c5efa033 wiphy: allow FT AKM to be used if Auth/Assoc is not supported
Until now FT was only supported via Auth/Assoc commands which barred
any fullmac cards from using FT AKMs. With PSK offload support these
cards can do FT but only when offloading is used.
2021-04-02 17:23:07 -05:00
James Prestwood
81e3dc6ae6 netdev: fix CMD_ROAM for open networks
In the FW scan callback eapol was being stared unconditionally which
isn't correct as roaming on open networks is possible. Instead check
that a SM exists just like is done in netdev_connect_event.
2021-04-02 17:18:12 -05:00
James Prestwood
44625373bc netdev: better handle disconnect after FW scan
This should have been updated along with the connect and roam
event separation. Since netdev_connect_event is not being
re-used for CMD_ROAM the comment did not make sense anymore.
Still, there needs to be a check to ensure we were not disconnected
while waiting for GET_SCAN to come back.
2021-04-02 17:18:02 -05:00
James Prestwood
0d6b572ca5 netdev: separate netdev_{roam,connect}_event
netdev_connect_event was being reused for parsing of CMD_ROAM
attributes which made some amount of sense since these events
are nearly identical, but due to the nature of firmware roaming
there really isn't much IWD needs to parse from CMD_ROAM. In
addition netdev_connect_event was getting rather complicated
since it had to handle both CMD_ROAM and CMD_CONNECT.

The only bits of information IWD needs to parse from CMD_ROAM
is the roamed BSSID, authenticator IEs, and supplicant IEs. Since
this is so limited it now makes little sense to reuse the entire
netdev_connect_event function, and intead only parse what is
needed for CMD_ROAM.
2021-04-02 13:04:45 -05:00
James Prestwood
c390deafcb netdev: move request IE parsing into function
Moves the parsing of NL80211_ATTR_REQ_IE into its own parsing
function for use elsewhere.
2021-04-02 13:04:19 -05:00
Denis Kenzior
ca085d799d station: Do not set or use the offload bit
station should be isolated as much as possible from the details of the
driver type and how a particular AKM is handled under the hood.  It will
be up to wiphy to pick the best AKM for a given bss.  netdev in turn
will pick how to drive the particular AKM that was picked.
2021-03-31 11:27:10 -05:00
Denis Kenzior
d79e883e93 netdev: Introduce connection types
Currently netdev handles SoftMac and FullMac drivers mostly in the same
way, by building CMD_CONNECT nl80211 commands and letting the kernel
figure out the details.  Exceptions to this are FILS/OWE/SAE AKMs which
are only supported on SoftMac drivers by using
CMD_AUTHENTICATE/CMD_ASSOCIATE.

Recently, basic support for SAE (WPA3-Personal) offload on FullMac cards
was introduced.  When offloaded, the control flow is very different than
under typical conditions and required additional logic checks in several
places.  The logic is now becoming quite complex.

Introduce a concept of a connection type in order to make it clearer
what driver and driver features are being used for this connection.  In
the future, connection types can be expanded with 802.1X handshake
offload, PSK handshake offload and CMD_EXTERNAL_AUTH based SAE
connections.
2021-03-31 10:48:05 -05:00
Denis Kenzior
e30345d699 ie: Add IE_AKM_IS_FILS macro 2021-03-31 10:05:55 -05:00
Denis Kenzior
fa3fad37ce ie: Ad IE_AKM_IS_FT 2021-03-31 10:05:44 -05:00
James Prestwood
b5b815ef16 wiphy: Use wiphy_select_akm in wiphy_can_connect
Commit 6e8b76527 added a switch statement for AKM suites which
was not correct as this is a bitmask and may contain multiple
values. Intead we can rely on wiphy_select_akm which is a more
robust check anyways.

Fixes: 6e8b765278 ("wiphy: add check for CMD_AUTH/CMD_ASSOC support")
2021-03-30 17:29:04 -05:00
James Prestwood
19ce2d86dd netdev: remove unneeded goto/return code
All possible paths led to the same result so it was
simplified to remove two goto's and a return call.
2021-03-29 15:48:50 -05:00
James Prestwood
a04d4423f8 sae: add counter for associate retries
If there is an associate timeout, retry a few times in case
it was just a fluke. At this point SAE is fully negotiated
so it makes sense to attempt to save the connection.
2021-03-29 15:48:50 -05:00
James Prestwood
90485cb2ee netdev: better handle associate timeouts with auth_protos
Any auth proto which did not implement the assoc_timeout handler
could end up getting 'stuck' forever if there was an associate
timeout. This is because in the event of an associate timeout IWD
only sets a few flags and relies on the connect event to actually
handle the failure. The problem is a connect event never comes
if the failure was a timeout.

To fix this we can explicitly fail the connection if the auth
proto has not implemented assoc_timeout or if it returns false.
2021-03-29 15:48:50 -05:00
James Prestwood
28a7dd7fba station: get neighbor report after roaming
In the same vein as requesting a neighbor report after
connecting for the first time, it should also be done
after a roam to obtain the latest neighbor information.
2021-03-29 14:12:02 -05:00
James Prestwood
9b682d43db station: unify firmware/normal roaming
This doesn't change much functionally but does unify the
two roaming paths by ending with 'station_roamed()'.
2021-03-29 14:11:45 -05:00
James Prestwood
21e95dd2d8 station: clear out roam frequencies after roam 2021-03-29 14:11:37 -05:00
James Prestwood
874b17ca56 client: add Security key to diagnostics 2021-03-29 13:18:17 -05:00
James Prestwood
c2330c5332 station: add Security key to GetDiagnostics 2021-03-29 13:18:01 -05:00
James Prestwood
2c2c1e3ebf diagnostic: add diagnostic_akm_suite_to_security
Converts ie_rsn_akm_suite values (and WPA1 hint) into a more
human readable security string such as:

WPA2-Personal, WPA3-Personal, WPA2-Personal + FT etc.
2021-03-29 13:17:36 -05:00
James Prestwood
c66ade2eac doc: document Security diagnostic value 2021-03-29 13:14:56 -05:00
James Prestwood
4913a4dd6e client: re-enable iwctl refresh for 'station <wlan> show'
When diagnostics got added to iwctl the refresh capabilities were
accidentally removed. This re-enables refresh.
2021-03-29 13:11:50 -05:00
Denis Kenzior
e730baac4a station: Make sure to reset scanning property
When we cancel a quick scan that has already been triggered, the
Scanning property is never reset to false.  This doesn't fully reflect
the actual scanning state of the hardware since we don't (yet) abort
the scan, but at least corrects the public API behavior.

{Network} [/net/connman/iwd/0/7/73706733_psk] Connected = False
{Station} [/net/connman/iwd/0/7] Scanning = True
{Station} [/net/connman/iwd/0/7] State = connecting
{Station} [/net/connman/iwd/0/7] ConnectedNetwork =
/net/connman/iwd/0/7/73706733_psk
{Network} [/net/connman/iwd/0/7/73706733_psk] Connected = True
2021-03-29 10:44:02 -05:00
Marcel Holtmann
f80189d161 Release 1.13 2021-03-29 15:04:34 +02:00
Marcel Holtmann
24cb11dfd4 build: Require at least version 0.39 when building with external ELL 2021-03-29 14:35:33 +02:00
James Prestwood
b531444a7c monitor: print out extended feature name
This prints out the NL80211_* enum name for extended features
rather than a hex string.
2021-03-24 14:38:32 -05:00
Denis Kenzior
9a67a21bd2 station: Add a warning of rekey fails 2021-03-24 13:10:32 -05:00
Denis Kenzior
d958239da9 eapol: Don't ignore EAPoL protocol version 2010
Some newer Cisco APs seem to send this protocol version by default
2021-03-22 17:47:53 -05:00
James Prestwood
73b247d72f netdev: prevent crash with open networks
The SAE offload changes assumed a handshake object would
exist in netdev, which is not the case for open networks.
2021-03-22 17:46:05 -05:00
James Prestwood
0b38aabde3 station: set handshake offload if required
If IWD is connecting to a SAE/WPA3 BSS and Auth/Assoc commands
are not supported the only option is SAE offload. At this point
network_connect should have verified that the extended feature
for SAE offload exists so we can simply enable offload if these
commands are not supported.
2021-03-22 14:16:31 -05:00
James Prestwood
b17f27f04d netdev: add SAE offload support
SAE offload support requires some minor tweaks to CMD_CONNECT
as well as special checks once the connect event comes in. Since
at this point we are fully connected.
2021-03-22 14:15:56 -05:00
James Prestwood
edad26b4be handshake: add offload flag
If true, this flag indicates the handshake is being offloaded to
the kernel/hardware.
2021-03-22 14:15:44 -05:00
James Prestwood
997c54f185 wiphy: check SAE offload in wiphy_can_connect
This allows this wiphy_can_connect to pass for an SAE BSS
if the hardware does not support user space SAE, but does
support SAE offload.
2021-03-22 14:14:16 -05:00
James Prestwood
3e3ef284de wiphy: check SAE offload in wiphy_select_akm
This allows an SAE AKM to be selected if the hardware does not
support SAE in userspace, but does support SAE offload.
2021-03-22 14:12:50 -05:00
James Prestwood
af3d0d21a0 wiphy: add getter for 'supports_cmds_auth_assoc' 2021-03-22 14:12:32 -05:00
James Prestwood
e7c7e7de41 client: add AverageRSSI to list of diagnostic values 2021-03-16 11:26:05 -05:00
James Prestwood
5033b5a24d netdev: parse SIGNAL_AVG when building diagnostics object 2021-03-16 11:25:53 -05:00
James Prestwood
fb0a1fba2a diagnostic: include AverageRSSI in GetDiagnostics 2021-03-16 11:25:39 -05:00
James Prestwood
f6801be8a3 doc: document new AverageRSSI diagnostics key 2021-03-16 11:25:28 -05:00
James Prestwood
2b5e566c9d station: use network_bss_update
This fixes a dangling pointer in network where station was
freeing the scan_bss but network still had a pointer to it
in its own bss_list.
2021-03-15 14:47:42 -05:00
James Prestwood
4577ee01f2 network: replace l_queue_get_entries loop
After adding network_bss_update, network now has a match_addr
queue function which can be used to replace an unneeded
l_queue_get_entries loop with l_queue_find.
2021-03-15 14:47:30 -05:00
James Prestwood
88d0a6a7c0 network: add network_bss_update
This will swap out a scan_bss object with a duplicate that may
exist in a networks bss_list. The duplicate will be removed by
since the object is owned by station it is assumed that it will
be freed elsewhere.
2021-03-15 14:47:07 -05:00
James Prestwood
97de24e694 station: disable roaming logic for auto-roaming cards
If the hardware roams automatically we want to be sure to not
react to CQM events and attempt to roam/disconnect on our own.

Note: this is only important for very new kernels where CQM
events were recently added to brcmfmac.
2021-03-15 13:32:35 -05:00
James Prestwood
2a46ab3042 wiphy: parse NL80211_ATTR_ROAM_SUPPORT flag
This tells us if the hardware is going to automatically
roam. We need this to know if station roaming logic should
be disabled.
2021-03-15 13:32:08 -05:00
James Prestwood
133347440e netdev: station: support full mac roaming
Roaming on a full mac card is quite different than soft mac
and needs to be specially handled. The process starts with
the CMD_ROAM event, which tells us the driver is already
roamed and associated with a new AP. After this it expects
the 4-way handshake to be initiated. This in itself is quite
simple, the complexity comes with how this is piped into IWD.

After CMD_ROAM fires its assumed that a scan result is
available in the kernel, which is obtained using a newly
added scan API scan_get_firmware_scan. The only special
bit of this is that it does not 'schedule' a scan but simply
calls GET_SCAN. This is treated special and will not be
queued behind any other pending scan requests. This lets us
reuse some parsing code paths in scan and initialize a
scan_bss object which ultimately gets handed to station so
it can update connected_bss/bss_list.

For consistency station must also transition to a roaming state.
Since this roam is all handled by netdev two new events were
added, NETDEV_EVENT_ROAMING and NETDEV_EVENT_ROAMED. Both allow
station to transition between roaming/connected states, and ROAMED
provides station with the new scan_bss to replace connected_bss.
2021-03-15 13:14:39 -05:00
James Prestwood
e8c87c8b42 scan: add scan_get_firmware_scan
Adds support for getting firmware scan results from the kernel.
This is intended to be used after the firmware roamed automatically
and the scan result is require for handshake initialization.

The scan 'request' is competely separate from the normal scan
queue, though scan_results, scan_request, and the scan_context
are all used for consistency and code reuse.
2021-03-15 13:14:16 -05:00
Denis Kenzior
0c0d9e5696 iwd: Use test_bit from ell 2021-03-12 13:49:23 -06:00
Denis Kenzior
ea3dedffd9 monitor: Use test_bit from ell 2021-03-12 13:46:04 -06:00
Denis Kenzior
f51025e143 util: Remove unused util_bit_field 2021-03-11 22:35:13 -06:00
Denis Kenzior
74ec6530cb eap-pwd: Use bit_field from ell 2021-03-11 22:35:03 -06:00