3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-30 06:39:46 +01:00
Commit Graph

3403 Commits

Author SHA1 Message Date
Andrew Zaborowski
d0ccb8496a scan: Fix tracking external scans in sc->state
sc->state would get set when the TRIGGERED event arrived or when the
triggered callback for our own SCAN_TRIGGER command is received.
However it would not get reset to NOT_RUNNING when the NEW_SCAN_RESULTS
event is received, instead we'd first request the results with GET_SCAN
and only reset sc->state when that returns.  If during that command a
new scan gets triggered, the GET_SCAN callback would still reset
sc->state and clobber the value set by the new scan.

To fix that repurpose sc->state to only track that period from the
TRIGGERED signal to the NEW_SCAN_RESULTS signal.  sc->triggered can be
used to check if we're still waiting for the GET_SCAN command and
sc->start_cmd_id to check if we're waiting for the scan to get
triggered, so one of these three variables will now always indicate if
a scan is in progress.
2019-03-11 17:28:41 -05:00
Denis Kenzior
e295b73c4c netdev: Fix crash when aborting a connection
We can crash if we abort the connection, but the connect command has
already gone through.  In this case we will get a sequence of
authenticate_event, associate_event, connect_event.  The first and last
events don't crash since they check whether netdev->connected is true.
However, this causes an annoying warning to be printed.

Fix this by introducing an 'aborting' flag and ignore all connection
related events if it is set.

++++++++ backtrace ++++++++
2019-03-08 16:28:15 -06:00
Tim Kourt
1677f6b046 doc: Update software versions 2019-03-08 11:10:17 -06:00
Tim Kourt
c26af17ca0 doc: Add config options for High Throughput 2019-03-08 11:09:29 -06:00
Tim Kourt
4b9abde3e5 scan: Optimize frequency set foreach logic 2019-03-07 16:27:24 -06:00
James Prestwood
ef06f06cfb owe: handle all non-zero status codes in owe_rx_associate
Now that the OWE failure/retry is handled in netdev, we can catch
all associate error status' inside owe_rx_associate rather than only
catching UNSUPP_FINITE_CYCLIC_GROUP.
2019-03-05 16:20:40 -06:00
James Prestwood
e3f4bfb428 netdev: process association in netdev_associate_event
Apart from OWE, the association event was disregarded and all association
processing was done in netdev_connect_event. This led to
netdev_connect_event having to handle all the logic of both success and
failure, as well as parsing the association for FT and OWE. Also, without
checking the status code in the associate frame there is the potential
for the kernel to think we are connected even if association failed
(e.g. rogue AP).

This change introduces two flags into netdev, expect_connect_failure and
ignore_connect_event. All the FT processing that was once in
netdev_connect_event has now been moved into netdev_associate_event, as
well as non-FT associate frame processing. The connect event now only
handles failure cases for soft/half MAC cards.

Note: Since fullmac cards rely on the connect event, the eapol_start
and netdev_connect_ok were left in netdev_connect_event. Since neither
auth/assoc events come in on fullmac we shouldn't have any conflict with
the new flags.

Once a connection has completed association, EAPoL is started from
netdev_associate_event (if required) and the ignore_connect_event flag can
be set. This will bypass the connect event.

If a connection has failed during association for whatever reason, we can
set expect_connect_failure, the netdev reason, and the MPDU status code.
This allows netdev_connect_event to both handle the error, and, if required,
send a deauth telling the kernel that we have failed (protecting against the
rogue AP situation).
2019-03-05 16:02:52 -06:00
James Prestwood
5027bd3d0b ftutil: add associate parser
Helper to obtain RSNE, MDE, and FTE from associate frame.
2019-03-05 11:44:41 -06:00
James Prestwood
210b8645b7 netdev: remove OWE handling from netdev_connect_event
OWE processing can be completely taken care of inside
netdev_authenticate_event and netdev_associate_event. This removes
the need for OWE specific checks inside netdev_connect_event. We can
now return early out of the connect event if OWE is in progress.
2019-03-01 17:16:17 -06:00
James Prestwood
6de133aee7 auto-t: add timeout test for testOWE
This simulates an authenticate timeout. This test really just proves
that IWD doesn't crash in this case.
2019-03-01 17:15:22 -06:00
James Prestwood
981892470a auto-t: test for temporary blacklist
The simplest way to test this was to create a new AP, where
max_num_sta=1. This only allows a single STA to connect to this AP.
We connect a device to this AP, then try and connect with another.
This results in hostapd failing with DENIED_NO_MORE_STAS, which will
cause a temporary blacklist. We can then disconnect both devices,
and reconnect the device that previously got denied. If it connects
then we know the blacklist only persisted for that earlier connection.
2019-03-01 13:13:19 -06:00
James Prestwood
cd6e32bf90 station: temporarily blacklist BSS for certain status codes
Several Auth/Assoc failure status codes indicate that the connection
failed for reasons such as bandwidth issues, poor channel conditions
etc. These conditions should not result in the BSS being blacklisted
since its likely only a temporary issue and the AP is not actually
"broken" per-se.

This adds support in station.c to temporarily blacklist these BSS's
on a per-network basis. After the connection has completed we clear
out these blacklist entries.
2019-03-01 13:13:08 -06:00
James Prestwood
64dedd9aa5 network: add APIs to blacklist BSS's per-network
Certain error conditions require that a BSS be blacklisted only for
the duration of the current connection. The existing blacklist
does not allow for this, and since this blacklist is shared between
all interfaces it doesnt make sense to use it for this purpose.

Instead, each network object can contain its own blacklist of
scan_bss elements. New elements can be added with network_blacklist_add.
The blacklist is cleared when the connection completes, either
successfully or not.

Now inside network_bss_select both the per-network blacklist as well as
the global blacklist will be checked before returning a BSS.
2019-03-01 13:08:01 -06:00
James Prestwood
3af51558f2 netdev: pass event data to netdev events
Several netdev events benefit from including event data in the callback.
This is similar to how the connect callback works as well. The content
of the event data is documented in netdev.h (netdev_event_func_t).

By including event data for the two disconnect events, we can pass the
reason code to better handle the failure in station.c. Now, inside
station_disconnect_event, we still check if there is a pending connection,
and if so we can call the connect callback directly with HANDSHAKE_FAILED.
Doing it this way unifies the code path into a single switch statment to
handle all failures.

In addition, we pass the RSSI level index as event data to
RSSI_LEVEL_NOTIFY. This removes the need for a getter to be exposed in
netdev.h.
2019-02-28 18:26:45 -06:00
Tim Kourt
a5424829b6 scan: Standardize nomenclature between scan triggers 2019-02-28 18:25:44 -06:00
Tim Kourt
c5d6b70520 scan: Deprecate scan_send_start()
On successful send, scan_send_start(..) used to set msg to NULL,
therefore the further management of the command by the caller was
impossible. This patch removes wrapper around l_genl_family_send()
and lets the callers to take responsibility for the command.
2019-02-28 18:25:15 -06:00
James Prestwood
8fed50a448 netdev: station: fix status/reason code in callbacks
This change cleans up the mess of status vs reason codes. The two
types of codes have already been separated into different enumerations,
but netdev was still treating them the same (with last_status_code).

A new 'event_data' argument was added to the connect callback, which
has a different meaning depending on the result of the connection
(described inside netdev.h, netdev_connect_cb_t). This allows for the
removal of netdev_get_last_status_code since the status or reason
code is now passed via event_data.

Inside the netdev object last_status_code was renamed to last_code, for
the purpose of storing either status or reason. This is only used when
a disconnect needs to be emitted before failing the connection. In all
other cases we just pass the code directly into the connect_cb and do
not store it.

All ocurrences of netdev_connect_failed were updated to use the proper
code depending on the netdev result. Most of these simply changed from
REASON_CODE_UNSPECIFIED to STATUS_CODE_UNSPECIFIED. This was simply for
consistency (both codes have the same value).

netdev_[authenticate|associate]_event's were updated to parse the
status code and, if present, use that if their was a failure rather
than defaulting to UNSPECIFIED.
2019-02-28 13:38:36 -06:00
Andrew Zaborowski
6017dc5730 eap-ttls: Check phase2-method is non-NULL in load_settings
Even though .check_settings in our EAP method implementations does the
settings validation, .load_settings also has minimum sanity checks to
rule out segfaults if the settings have changed since the last
.check_settings call.
2019-02-28 13:02:26 -06:00
Tim Kourt
8f09a0c937 wiphy: Add accessor for supported frequencies 2019-02-28 10:53:04 -06:00
Tim Kourt
9f52036b85 scan: Let ELL to handle the message sizing 2019-02-28 10:52:53 -06:00
Denis Kenzior
9e11175cf8 doc: update coding style
To add forward-declaration of statics rule.  This rule is already
enforced, but for some reason the document in iwd did not have this rule
in it (it is in other projects, like oFono)
2019-02-28 09:15:46 -06:00
James Prestwood
d6abf62946 netdev: remove unneeded disconnect for OWE failure
If OWE fails in association there is no reason to send a disconnect
since its already known that we failed. Instead we can directly
call netdev_connect_failed
2019-02-27 16:29:18 -06:00
James Prestwood
51f21c1c9b mpdu: remove invalid reason codes 2019-02-27 16:16:25 -06:00
James Prestwood
8fbd0870fc unit: fix test-sae to use new status codes 2019-02-27 16:16:03 -06:00
James Prestwood
e5e2922eee netdev: sae: owe: update to use new status codes 2019-02-27 16:15:23 -06:00
James Prestwood
ffd8e81774 mpdu: add new status code enum
mpdu.h reason codes were being abused as status codes for Auth/Assoc
protocols. This adds a whole new enum for status codes.
2019-02-27 16:15:12 -06:00
Tim Kourt
45e5c42726 scan: Add ref to cmd to make it reusable on failure 2019-02-27 16:14:22 -06:00
Denis Kenzior
917815e99a netdev: netdev_setting_keys_failed takes an errno
Instead of sending a reason_code to netdev_setting_keys_failed, make it
take an errno (negative) instead.  Since key setting failures are
entirely a system / software issue, and not a protocol issue, it makes
no sense to use a protocol error code.
2019-02-27 14:22:42 -06:00
Tim Kourt
8e44760c34 scan: Fix scan request retry logic
While triggering scan, we leave the scan command in the queue,
so it can be replayed in the case of a busy device.
2019-02-26 18:02:48 -06:00
Tim Kourt
8fc7c0e5c4 scan: Rename request triggered cb 2019-02-26 17:16:52 -06:00
James Prestwood
df923cd962 scan: increase rate factor range
The rate factor range was quite small. This increases the range a bit,
which should make higher throughput AP's preferred more.
2019-02-26 12:35:56 -06:00
James Prestwood
ba9990a94a doc: document rank_5g_factor 2019-02-26 12:35:53 -06:00
James Prestwood
a0d8511331 scan: allow 5G factor to be user configurable
Some users may need their own control over 2.4/5GHz preference. This
adds a new user option, 'rank_5g_factor', which allows users to increase
or decrease their 5G preference.
2019-02-26 12:35:50 -06:00
Tim Kourt
569ffdd508 client: Add 'show' command to device in station mode 2019-02-26 12:33:26 -06:00
James Prestwood
d47e31954b auto-t: add test for HT/VHT rates
This is a VERY simple test for HT/VHT. Since there are so many potential
options in the IE this really just tests that drops in RSSI will cause
IWD to choose a different BSS, even if that means choosing HT over VHT,
or even basic rates over HT/VHT.
2019-02-25 15:10:31 -06:00
James Prestwood
49b02907a8 ie: scan: use VHT rates in scan ranking
This adds support for parsing the VHT IE, which allows a BSS supporting
VHT (80211ac) to be ranked higher than a BSS supporting only HT/basic
rates. Now, with basic/HT/VHT parsing we can calculate the theoretical
maximum data rate for all three and rank the BSS based on that.
2019-02-25 15:07:41 -06:00
James Prestwood
ad2bf340a4 ie: scan: use HT rates in scan ranking
This adds HT IE parsing and data rate calculation for HT (80211n)
rates. Now, a BSS supporting HT rates will be ranked higher than
a basic rate BSS, assuming the RSSI is at an acceptable level.
2019-02-25 11:52:58 -06:00
James Prestwood
5ce6e173ba ie: make rate_rssi_map const 2019-02-25 11:47:54 -06:00
James Prestwood
7d7fcff03b ie: scan: take into account RSSI when parsing data rate
The spec dictates RSSI thresholds for different modulation schemes, which
correlate to different data rates. Until now were were ranking a BSS with
only looking at its advertised data rate, which may not even be possible
if the RSSI does not meet the threshold.

Now, RSSI is taken into consideration and the data rate returned from
parsing (Ext) Supported Rates IE(s) will reflect that.
2019-02-22 17:44:06 -06:00
James Prestwood
922e10e82c ie: add macro for calculating an IE's length
All over the place we do "ie[1] + 2" for getting the IE length. It
is much clearer to use a macro to do this. The macro also checks
for NULL, and returns zero in this case.
2019-02-22 17:41:11 -06:00
James Prestwood
c18b1289a5 ap: move ie_parse_supported_rates into ap.c
Supported rates will soon be parsed along with HT/VHT capabilities
to determine the best data rate. This will remove the need for the
supported_rates uintset element in scan_bss, as well as the single
API to only parse the supported rates IE. AP still does rely on
this though (since it only supports basic rates), so the parsing
function was moved into ap.c.
2019-02-22 17:41:01 -06:00
Denis Kenzior
c638fd50c8 unit: Add IWD_TLS_DEBUG environment variable handling 2019-02-22 14:48:44 -06:00
James Prestwood
7b3831515a test-runner: allow test to set the regulatory domain
HT/VHT require setting the regulatory domain to something other
than 00. This adds an option to the hardware config which allows
the regulatory domain to be set to any country.
2019-02-21 16:45:30 -06:00
James Prestwood
c275581389 tools: add option to disable reg domain verification
HT/VHT require channels who's use is restricted depending on
country. When using these channels, cfg80211 tries to load the
regulatory.db file in /lib/firmware and verify the signature.
This poses a problem as the host machine may not have a signed
regulatory.db, or it may have not been signed with the expected
signature which would cause cfg80211 to fail to load the database.

If cfg80211 fails to load the database the country will be set to
00, which is the most restrictive "world roaming" setting. This
does not allow HT/VHT to work properly.

In the context of test-runner we can simply disable the verification.
Unforunately this is not a very common practice, so CONFIG_EXPERT
must be enabled.

If your system does not have /lib/firmware/regulatory.db you must
get it. More info can be found here:

https://wireless.wiki.kernel.org/en/developers/regulatory/wireless-regdb
2019-02-21 16:42:48 -06:00
Denis Kenzior
261eeb511b doc: Document ControlPortOverNL80211 option 2019-02-18 11:33:10 -06:00
Mat Martineau
645b7dda4b tools: Add CONFIG_CRYPTO_USER_API_AEAD for full TLS support 2019-02-17 20:43:38 -06:00
Andrew Zaborowski
dbd619c231 eap-tls-common: More complete certificate validation
In the methods' check_settings do a more complete early check for
possible certificate / private key misconfiguration, including check
that the certificate and the private key are always present or absent
together and that they actually match each other.  Do this by encrypting
and decrypting a small buffer because we have no better API for that.
2019-02-08 13:59:32 -06:00
Andrew Zaborowski
d9f0cc47d0 eap: Remove redundant error messages in .load_settings
A method's .check_settings method checks for inconsistent setting files
and prints readable errors so there's no need to do that again in
.load_settings, although at some point after removing the duplicate
error messages from the load_settings methods we agreed to keep minimum
checks that could cause a crash e.g. in a corner case like when the
setting file got modified between the check_settings and the
load_settings call.  Some error messages have been re-added to
load_settings after that (e.g. in
bb4e1ebd4f) but they're incomplete and not
useful so remove them.
2019-02-08 13:43:05 -06:00
Andrew Zaborowski
451a7e9b52 eap-ttls: Check Phase 2 method name is not NULL 2019-02-08 13:42:51 -06:00
Andrew Zaborowski
8dfb8e9207 handshake: Remove unused handshake_state_get_8021x_config 2019-02-08 13:42:44 -06:00