3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-23 14:22:36 +01:00
Commit Graph

3427 Commits

Author SHA1 Message Date
James Prestwood
cc850d3a3d nl80211util: set multicast on new group keys
This may not be required but setting the group key mode explicitly
to multicast makes things consistent, even if only for the benefit
of reading iwmon logs easier.
2021-10-08 08:48:58 -05:00
James Prestwood
63b0778c99 handshake: add callback for extended key IDs
The procedure for setting extended key IDs is different from the
single PTK key. The key ID is toggled between 0 and 1 and the new
key is set as RX only, then set to RX/TX after message 4/4 goes
out.

Since netdev needs to set this new key before sending message 4,
eapol can include a built message which netdev will store if
required (i.e. using PAE).
2021-10-08 08:40:29 -05:00
James Prestwood
fba3b90c11 handshake: add flags/key index for extended key IDs
ext_key_id_capable indicates the handshake has set the capability bit
in the RSN info. This will only be set if the AP also has the capability
set.

active_tk_index is the key index the AP chose in message 3. This is
now used for both legacy (always zero) and extended key IDs.
2021-10-08 08:39:27 -05:00
James Prestwood
898c7e636e wiphy: change wiphy_control_port_capable -> enabled
Move the reading of ControlPortOverNL80211 into wiphy itself and
renamed wiphy_control_port_capable to wiphy_control_port_enabled.
This makes things easier for any modules interested in control
port support since they will only have to check this one API rather
than read the settings and check capability.
2021-10-08 08:38:35 -05:00
Andrew Zaborowski
af47112a30 p2p: Add p2p.Peer.Address D-bus property
Expose the Device Address property for each peer.  The spec doesn't say
much about how permanent the address or the name are, although the
device address by definition lives longer than the interface addresses.
However the device address is defined to be unique and the name is not
so the address can be used to differentiate devices with identical name.
Being unique also may imply that it's assigned globally and thus
permanent.

Network Manager uses the P2P device address when saving connection
profiles (and will need it from the backend) and in this case it seems
better justified than using the name.

The address is already in the object path but the object path also
includes the local phy index which may change for no reason even when
the peer's address hasn't changed so the path is not useful for
remembering which device we've connected to before.  Looking at only
parts of the path is considered wrong.
2021-10-06 15:59:15 -05:00
James Prestwood
d2f52a6723 wiphy: add wiphy_supports_ext_key_id 2021-10-04 13:39:29 -05:00
Denis Kenzior
9766426b59 wiphy/netdev: Add & use wiphy_control_port_capable
Some drivers might not actually support control port properly even if
advertised by mac80211.  Introduce a new method to wiphy that will take
care of looking up any driver quirks that override the presence of
NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211
2021-10-01 09:38:38 -05:00
Denis Kenzior
6f925c4dae manager/wiphy: Move default if determination
Move the driver database into wiphy.c so it can be extended with other
potential driver quirks.
2021-10-01 09:28:56 -05:00
Denis Kenzior
c5890ac87f netconfig: Apply MDNS setting at _configure time 2021-09-29 16:08:12 -05:00
Denis Kenzior
7f55a241a4 netconfig: Allow consecutive calls to _load_settings()
Make consecutive calls to netconfig_load_settings() memory-leak safe by
introducing a netconfig_free_settings convenience method.  This method
will free any settings that are allocated as a result of
netconfig_load_settings() and will be called from netconfig_free() to
ensure that any settings are freed as a result of netconfig_destroy().
2021-09-29 16:03:39 -05:00
Andrew Zaborowski
3021472358 netconfig: Set netconfig_get_static6_gateway out param on success
Make sure to only set the netconfig_get_static6_gateway's out_mac
parameter on successful return and make sure to always set it, even if
to NULL.
2021-09-29 15:16:50 -05:00
Andrew Zaborowski
d71a604385 netconfig: Track the IPv6 route add netlink command
For symmetry with IPv4, save the command id for this netlink command so
we can later add logic to the callback as well as be able to cancel the
command.  No functional change in this commit alone.
2021-09-29 14:51:18 -05:00
James Prestwood
e6340996d7 eapol: netdev: allow rekeys using FT-FILS
Rekeying was overlooked when implementing FT-FILS and there were
many places where the AKM was never checked and the rekey was
failing.
2021-09-28 17:26:10 -05:00
James Prestwood
183a7a18a9 eapol: don't enforce PMKID on 1/4 if require_handshake is false
FT/FILS handle their own PMK derivation but rekeys still require
using the 4-way handshake. There is some ambiguity in the spec whether
or not the PMKID needs to be included in message 1/4 and it appears
that when rekeying after FT/FILS hostapd does not include a PMKID.
2021-09-28 17:26:10 -05:00
James Prestwood
ad4d639854 eapol: include OCI in GTK 2/2 2021-09-28 17:26:05 -05:00
James Prestwood
27be63fe65 ft: check authenticator_ie from ft_ds_info, not handshake
The handshake contains the current BSS's RSNE/WPA which may differ
from the FT-over-DS target. When verifying the target BSS's RSNE/WPA
IE needs to be checked, not the current BSS.
2021-09-28 17:24:59 -05:00
James Prestwood
ae358bd524 ft: netdev: store FT-over-DS target RSNE/WPA
Keep track of the target BSS's authenticator IE for verification.
It should not be assumed that the target BSS and original RSNE/WPA
IE matches.
2021-09-28 16:58:41 -05:00
James Prestwood
d0b0004c8c netdev: set result/status for deauth path
If the deauth path was triggered IWD would deauth but end up
calling the connect callback with whatever result netdev had
set, e.g. 'NETDEV_RESULT_OK'. This, of course, caused station
some confusion.
2021-09-28 16:53:25 -05:00
James Prestwood
7e9708ddbc station: start FT-over-DS actions after roaming
Once roamed IWD never sent out any FT Request frames. This prevented
FT-over-DS from being used after an initial roam.
2021-09-28 16:52:26 -05:00
James Prestwood
d68c9e69fa fils: support OCI in reassociation 2021-09-28 16:46:48 -05:00
James Prestwood
c4c14f3ac0 ft: set OCVC false for FT-over-DS
FT-over-DS cannot use OCV due to how the kernel works. This means
we could connect initially with OCVC set, but a FT-over-DS attempt
needs to unset OCVC. Set OCVC false when rebuilding the RSNE for
reassociation.
2021-09-28 11:51:52 -05:00
James Prestwood
bc0375fb30 ft: make Authenticate OCVC settable by caller
The FT-over-DS action stage builds an FT-Request which contains an
RSNE. Since FT-over-DS will not support OCV add a boolean to
ft_build_authenticate_ies so the OCVC bit can be disabled rather
than relying on the handshake setting.
2021-09-28 11:01:03 -05:00
James Prestwood
141b01f82a station: set OCVC for handshakes
Setting OCVC true for all connections unless disabled
2021-09-28 11:01:03 -05:00
James Prestwood
69cf481ca9 ft: get OCI prior to reassociation
This modifies the FT logic to fist call get_oci() before
reassociation. This allows the OCI to be included in reassociation
and in the 4-way handshake later on.

The code path for getting the OCI had to be slightly changed to
handle an OCI that is already set. First the handshake chandef is
NULL'ed out for any new connection. This prevents a stale OCI from
being used. Then some checks were added for this case in
netdev_connect_event and if chandef is already set, start the 4-way
handshake.
2021-09-28 11:01:00 -05:00
James Prestwood
10c8e5e263 netdev: change netdev_get_oci to be used as a callback
This can be reused to be called from ft.c
2021-09-28 10:51:48 -05:00
James Prestwood
7474ff0975 auth-proto: add auth_proto_rx_oci
This allows auth protos to get notified when the chandef has been
set. Since netdev sets chandef already there is no arguments.
2021-09-28 10:51:33 -05:00
James Prestwood
08936c1534 eapol: fix incorrect increment appending OCI
This was addign an extra byte to the buffer which hostapd accepted
unless there was additional data, like the RSNXE.
2021-09-28 10:51:30 -05:00
James Prestwood
e6aaceeb4b doc: add DisableOCV setting 2021-09-28 10:51:25 -05:00
Denis Kenzior
6c0eb76cb7 netconfig: Set address at configure time
netconfig_load_settings is called when establishing a new initial
association to a network.  This function tries to update dhcp/dhcpv6
clients with the MAC address of the netdev being used.  However, it is
too early to update the MAC here since netdev might need to powercycle
the underlying network device in order to update the MAC (i.e. when
AddressRandomization="network" is used).

If the MAC is set incorrectly, DHCP clients are unable to obtain the
lease properly and station is stuck in "connecting" mode indefinitely.
Fix this by delaying MAC address update until netconfig_configure() is
invoked.

Fixes: ad228461ab ("netconfig: Move loading settings to new method, refactor")
2021-09-28 10:11:20 -05:00
James Prestwood
8db2f442bc netdev: fix return value check for ft_over_ds_parse_action_ies
This returns a bool but was being treated as a signed int.
2021-09-27 19:32:52 -05:00
James Prestwood
2613564093 util: surround MAC_STR array access with ()
This allows printing from pointer offsets, for example:

MAC_STR(buf + 10)
2021-09-27 19:32:41 -05:00
James Prestwood
7e95480094 station: remove signal_low check for FT-over-DS
If the AP advertises FT-over-DS support it likely wants us to use
it. Additionally signal_low is probably going to be true since IWD
has started a roam attempt.
2021-09-27 12:44:40 -05:00
James Prestwood
61c804f5b2 ft: sent OCI in Reassociate 2021-09-27 12:42:45 -05:00
James Prestwood
1e9c3b3d1e eapol: send OCI in handshake 2/4 2021-09-27 12:42:37 -05:00
James Prestwood
23fb4493df ie: add OCI support in build_fast_bss_transition 2021-09-27 12:42:33 -05:00
James Prestwood
1187fcbf42 handshake: free chandef if already set
This can happen with FT, since the handshake object is reused.
2021-09-23 17:46:57 -05:00
James Prestwood
dfd304353d station: check if connected before allowing Roam() 2021-09-23 17:46:51 -05:00
James Prestwood
b6884df39a station: fix use-after-free on neighbor reports
When netdev goes down so does station, but prior to netdev calling
the neighbor report callback. The way the logic was written station
is dereferenced prior to checking for any errors, causing a use
after free.

Since -ENODEV is used in this case check for that early before
accessing station.
2021-09-23 17:46:34 -05:00
Denis Kenzior
a0deadc919 treewide: Remove double-empty lines 2021-09-23 17:45:29 -05:00
Denis Kenzior
a2990443d2 band: add oci_from_chandef
This adds a utility to convert a chandef obtained from the kernel into a
3 byte OCI element format containing the operating class, primary
  channel and secondary channel center frequency index.
2021-09-23 11:52:56 -05:00
James Prestwood
885c4c9632 scan: use oper_class/channel for OWE hidden scans
If these are included in the OWE transition IE use them to scan
for the OWE hidden network.
2021-09-22 14:40:10 -05:00
James Prestwood
e798d4fe9d scan: validate OWE transition operating class/channel
If the IE's operating class and channel doesn't validate don't bother
storing the IE at all.
2021-09-22 14:39:33 -05:00
James Prestwood
ea16ade5e0 ie: parse operating class/channel for ie_owe_transition_info 2021-09-22 14:32:50 -05:00
James Prestwood
22ff2a5f79 scan: use structure for OWE transition parsing
This changes scan_bss from using separate members for each
OWE transition element data type (ssid, ssid_len, and bssid)
to a structure that holds them all.

This is being done because OWE transition has option operating
class and channel bytes which will soon be parsed. This would
end up needing 5 separate members in scan_bss which is a bit
much for a single IE that needs to be parsed.

This makes checking the presense of the IE more convenient
as well since it can be done with a simple NULL pointer check
rather than having to l_memeqzero the BSSID.
2021-09-22 13:52:44 -05:00
James Prestwood
421f068903 ie: add info struct for OWE transition
These members are currently stored in scan_bss but with the
addition of operating class/band info this will become 5
separate members. This is a bit excessive to store in scan_bss
separately so instead this structure can hold everything related
to the OWE transition IE.
2021-09-22 13:52:36 -05:00
Denis Kenzior
c678ba16b8 netdev: Pretty print the unicast notification type 2021-09-22 08:28:46 -05:00
James Prestwood
6dc7fde272 ie: parse RSNXE Present bit 2021-09-21 16:34:36 -05:00
Denis Kenzior
06482b8116 netdev: Obtain operating channel info
Prior to starting the 4-way handshake, obtain operating channel
information (OCI) for possible operating channel validation (OCV)
processing.
2021-09-21 15:48:08 -05:00
Denis Kenzior
2aded60c94 eapol: Validate OCI in STA mode 2021-09-21 15:39:55 -05:00
Denis Kenzior
8ada894f70 handshake: Add OCV utilities
Add a utility for setting the OCI obtained from the hardware (prior to
handshake starting) as well as a utility to validate the OCI obtained
from the peer.
2021-09-21 15:39:07 -05:00