3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-23 14:22:36 +01:00
Commit Graph

3454 Commits

Author SHA1 Message Date
James Prestwood
69cf481ca9 ft: get OCI prior to reassociation
This modifies the FT logic to fist call get_oci() before
reassociation. This allows the OCI to be included in reassociation
and in the 4-way handshake later on.

The code path for getting the OCI had to be slightly changed to
handle an OCI that is already set. First the handshake chandef is
NULL'ed out for any new connection. This prevents a stale OCI from
being used. Then some checks were added for this case in
netdev_connect_event and if chandef is already set, start the 4-way
handshake.
2021-09-28 11:01:00 -05:00
James Prestwood
10c8e5e263 netdev: change netdev_get_oci to be used as a callback
This can be reused to be called from ft.c
2021-09-28 10:51:48 -05:00
James Prestwood
7474ff0975 auth-proto: add auth_proto_rx_oci
This allows auth protos to get notified when the chandef has been
set. Since netdev sets chandef already there is no arguments.
2021-09-28 10:51:33 -05:00
James Prestwood
08936c1534 eapol: fix incorrect increment appending OCI
This was addign an extra byte to the buffer which hostapd accepted
unless there was additional data, like the RSNXE.
2021-09-28 10:51:30 -05:00
James Prestwood
e6aaceeb4b doc: add DisableOCV setting 2021-09-28 10:51:25 -05:00
Denis Kenzior
6c0eb76cb7 netconfig: Set address at configure time
netconfig_load_settings is called when establishing a new initial
association to a network.  This function tries to update dhcp/dhcpv6
clients with the MAC address of the netdev being used.  However, it is
too early to update the MAC here since netdev might need to powercycle
the underlying network device in order to update the MAC (i.e. when
AddressRandomization="network" is used).

If the MAC is set incorrectly, DHCP clients are unable to obtain the
lease properly and station is stuck in "connecting" mode indefinitely.
Fix this by delaying MAC address update until netconfig_configure() is
invoked.

Fixes: ad228461ab ("netconfig: Move loading settings to new method, refactor")
2021-09-28 10:11:20 -05:00
James Prestwood
8db2f442bc netdev: fix return value check for ft_over_ds_parse_action_ies
This returns a bool but was being treated as a signed int.
2021-09-27 19:32:52 -05:00
James Prestwood
2613564093 util: surround MAC_STR array access with ()
This allows printing from pointer offsets, for example:

MAC_STR(buf + 10)
2021-09-27 19:32:41 -05:00
James Prestwood
7e95480094 station: remove signal_low check for FT-over-DS
If the AP advertises FT-over-DS support it likely wants us to use
it. Additionally signal_low is probably going to be true since IWD
has started a roam attempt.
2021-09-27 12:44:40 -05:00
James Prestwood
61c804f5b2 ft: sent OCI in Reassociate 2021-09-27 12:42:45 -05:00
James Prestwood
1e9c3b3d1e eapol: send OCI in handshake 2/4 2021-09-27 12:42:37 -05:00
James Prestwood
23fb4493df ie: add OCI support in build_fast_bss_transition 2021-09-27 12:42:33 -05:00
James Prestwood
1187fcbf42 handshake: free chandef if already set
This can happen with FT, since the handshake object is reused.
2021-09-23 17:46:57 -05:00
James Prestwood
dfd304353d station: check if connected before allowing Roam() 2021-09-23 17:46:51 -05:00
James Prestwood
b6884df39a station: fix use-after-free on neighbor reports
When netdev goes down so does station, but prior to netdev calling
the neighbor report callback. The way the logic was written station
is dereferenced prior to checking for any errors, causing a use
after free.

Since -ENODEV is used in this case check for that early before
accessing station.
2021-09-23 17:46:34 -05:00
Denis Kenzior
a0deadc919 treewide: Remove double-empty lines 2021-09-23 17:45:29 -05:00
Denis Kenzior
a2990443d2 band: add oci_from_chandef
This adds a utility to convert a chandef obtained from the kernel into a
3 byte OCI element format containing the operating class, primary
  channel and secondary channel center frequency index.
2021-09-23 11:52:56 -05:00
James Prestwood
885c4c9632 scan: use oper_class/channel for OWE hidden scans
If these are included in the OWE transition IE use them to scan
for the OWE hidden network.
2021-09-22 14:40:10 -05:00
James Prestwood
e798d4fe9d scan: validate OWE transition operating class/channel
If the IE's operating class and channel doesn't validate don't bother
storing the IE at all.
2021-09-22 14:39:33 -05:00
James Prestwood
ea16ade5e0 ie: parse operating class/channel for ie_owe_transition_info 2021-09-22 14:32:50 -05:00
James Prestwood
22ff2a5f79 scan: use structure for OWE transition parsing
This changes scan_bss from using separate members for each
OWE transition element data type (ssid, ssid_len, and bssid)
to a structure that holds them all.

This is being done because OWE transition has option operating
class and channel bytes which will soon be parsed. This would
end up needing 5 separate members in scan_bss which is a bit
much for a single IE that needs to be parsed.

This makes checking the presense of the IE more convenient
as well since it can be done with a simple NULL pointer check
rather than having to l_memeqzero the BSSID.
2021-09-22 13:52:44 -05:00
James Prestwood
421f068903 ie: add info struct for OWE transition
These members are currently stored in scan_bss but with the
addition of operating class/band info this will become 5
separate members. This is a bit excessive to store in scan_bss
separately so instead this structure can hold everything related
to the OWE transition IE.
2021-09-22 13:52:36 -05:00
Denis Kenzior
c678ba16b8 netdev: Pretty print the unicast notification type 2021-09-22 08:28:46 -05:00
James Prestwood
6dc7fde272 ie: parse RSNXE Present bit 2021-09-21 16:34:36 -05:00
Denis Kenzior
06482b8116 netdev: Obtain operating channel info
Prior to starting the 4-way handshake, obtain operating channel
information (OCI) for possible operating channel validation (OCV)
processing.
2021-09-21 15:48:08 -05:00
Denis Kenzior
2aded60c94 eapol: Validate OCI in STA mode 2021-09-21 15:39:55 -05:00
Denis Kenzior
8ada894f70 handshake: Add OCV utilities
Add a utility for setting the OCI obtained from the hardware (prior to
handshake starting) as well as a utility to validate the OCI obtained
from the peer.
2021-09-21 15:39:07 -05:00
Denis Kenzior
b41106d359 band: Add oci_verify
Add a utility that will verify a peer's OCI element and validate it
given the current chandef obtained from the driver.
2021-09-21 15:34:40 -05:00
Denis Kenzior
ca767aa857 band: Add oci_to_frequency
This adds a utility that can convert an operating class + channel
combination to a frequency.  Operating class is assumed to be a global
operating class from 802.11 Appendix E4.

This information can be found in Operating Channel Information (OCI) IEs,
as well as OWE Transition Mode IEs.
2021-09-21 15:34:40 -05:00
Denis Kenzior
85a6fc25f1 nl80211util: Add chandef parser
Parse chandef elements from NL80211_CMD_GET_INTERFACE.  This provides
information on the current operating channel.
2021-09-21 15:21:39 -05:00
Denis Kenzior
5e631c8af8 handshake: Refactor ie setters
Calling handshake_state_setup_own_ciphers from within
handshate_state_set_authenticator_ie was misleading.  In all cases the
supplicant chooses the AKM.  This worked since our AP code only ever
advertises a single AKM, but would not work in the general case.

Similarly, the supplicant would choose which authentication type to use
by either sending the WPA1 or WPA2 IE (or OSEN).  Thus the setting of
the related variables in handshake_state_set_authenticator_ie was also
incorrect.  In iwd, the supplicant_ie would be set after the
authenticator_ie, so these settings would be overwritten in most cases.

Refactor these two setters so that the supplicant's chosen rsn_info
would be used to drive the handshake.
2021-09-20 15:19:27 -05:00
Denis Kenzior
63ef918671 ap: validate group cipher
Make sure to validate group_cipher from the STA similarly to how
akm_suites and pairwise_ciphers are validated.
2021-09-20 15:19:27 -05:00
Fabrice Fontaine
ec1c348b4f build: Add reallocarray to missing.h
reallocarray has been added to glibc relatively recently (version 2.26,
from 2017) and apparently not all users run new enough glibc. Moreover,
reallocarray is not available with uclibc-ng. So use realloc if
reallocarray is not available to avoid the following build failure
raised since commit 891b78e9e8:

/home/giuliobenetti/autobuild/run/instance-3/output-1/host/lib/gcc/xtensa-buildroot-linux-uclibc/10.3.0/../../../../xtensa-buildroot-linux-uclibc/bin/ld: src/sae.o: in function `sae_rx_authenticate':
sae.c:(.text+0xd74): undefined reference to `reallocarray'

Fixes:
 - http://autobuild.buildroot.org/results/c6d3f86282c44645b4f1c61882dc63ccfc8eb35a
2021-09-20 10:32:51 -05:00
James Prestwood
f45696485c network: reply to pending messages on network_unregister
If there is a connect_after_* message for ANQP or OWE hidden networks
reply to these before unregistering the network.
2021-09-17 18:13:15 -05:00
James Prestwood
8a735edac0 network: prefer OWE transition BSS over open
There isn't much control station has with how BSS's are inserted to
a network object. The rank algorithm makes that decision. Because of
this we could end up in a situation where the Open BSS is preferred
over the OWE transition BSS.

In attempt to better handle this any Open BSS in this type of network
will not be chosen unless its the only candidate (e.g. no other BSSs,
inability to connect with OWE, or an improperly configured network).
2021-09-17 18:05:07 -05:00
James Prestwood
e462dcda56 station: handle OWE Transition procedure
OWE Transition is described in the WiFi Alliance OWE Specification
version 1.1. The idea behind it is to support both legacy devices
without any concept of OWE as well as modern ones which support the
OWE protocol.

OWE is a somewhat special type of network. Where it advertises an
RSN element but is still "open". This apparently confuses older
devices so the OWE transition procedure was created.

The idea is simple: have two BSS's, one open, and one as a hidden
OWE network. Each network advertises a vendor IE which points to the
other. A device sees the open network and can connect (legacy) or
parse the IE, scan for the hidden OWE network, and connect to that
instead.

Care was taken to handle connections to hidden networks directly.
The policy is being set that any hidden network with the WFA OWE IE
is not connectable via ConnectHiddenNetwork(). These networks are
special, and can only be connected to via the network object for
the paired open network.

When scan results come in from any source (DBus, quick, autoconnect)
each BSS is checked for the OWE Transition IE. A few paths can be
taken here when the IE is found:

1. The BSS is open. The BSSID in the IE is checked against the
   current scan results (excluding hidden networks). If a match is
   found we should already have the hidden OWE BSS and nothing
   else needs to be done (3).

2. The BSS is open. The BSSID in the IE is not found in the
   current scan results, and the open network also has no OWE BSS
   in it. This will be processed after scan results.

3. The BSS is not open and contains the OWE IE. This BSS will
   automatically get added to the network object and nothing else
   needs to be done.

After the scan results each network is checked for any non-paired
open BSS's. If found a scan is started for these BSS's per-network.
Once these scan results come in the network is notified.

From here network.c can detect that this is an OWE transition
network and connect to the OWE BSS rather than the open one.
2021-09-17 17:59:54 -05:00
James Prestwood
71384da38f network: add network_get_station 2021-09-17 17:59:52 -05:00
James Prestwood
a6c4972290 scan: add scan API specifically for OWE transition networks
Specifically OWE networks with multiple open/hidden BSS's are troublesome
to scan for with the current APIs. The scan parameters are limited to a
single SSID and even if that was changed we have the potential of hitting
the max SSID's per scan limit. In all, it puts the burden onto the caller
to sort out the SSIDs/frequencies to scan for.

Rather than requiring station to handle this a new scan API was added,
scan_owe_hidden() which takes a list of open BSS's and will automatically
scan for the SSIDs in the OWE transition IE for each.

It is slightly optimized to first check if all the hidden SSID's are the
same. This is the most likely case (e.g. single pair or single network)
and a single scan command can be used. Otherwise individual scan commands
are queued for each SSID/frequency combo.
2021-09-17 17:59:43 -05:00
Denis Kenzior
c235c9fa54 handshake: Only bitwise compare when needed
handshake_util_ap_ie_matches() is used to make sure that the RSN element
received from the Authenticator during handshake / association response
is the same as the one advertised in Beacon/Probe Response frames.  This
utility tries to bitwise compare the element first, and only if that
fails, compares RSN members individually.

For FT, bitwise comparison will always fail since the PMKID has to be
included by the Authenticator in any RSN IEs included in Authenticate
& Association Response frames.

Perform the bitwise comparison as an optimization only during processing
of eapol message 3/4.  Also keep the parsed rsn information for future
use and to possibly avoid re-parsing it during later checks.
2021-09-17 09:19:26 -05:00
Denis Kenzior
4d95e3a161 handshake: Update KDE definitions to 802.11-2020 2021-09-17 08:27:20 -05:00
Denis Kenzior
77d2d79ac2 handshake: Also check OCVC bit 2021-09-17 08:22:40 -05:00
Denis Kenzior
171b2b90b8 ie: Add support for OCVC bit in RSNE utils 2021-09-17 08:22:15 -05:00
Denis Kenzior
64923913c2 station: Trigger autoconnect only on last subset
DBus scan is performed in several subsets.  In certain corner-case
circumstances it would be possible for autoconnect to run after each
subset scan.  Instead, trigger autoconnect only after the dbus scan
completes.

This also works around a condition where ANQP results could trigger
autoconnect too early.
2021-09-16 17:28:04 -05:00
Denis Kenzior
17827f1ff9 station: Commonize autoconnect starting logic 2021-09-16 16:41:59 -05:00
Denis Kenzior
c0fe7070a3 station: Simplify station_set_scan_results() calls
Several invocations of station_set_scan_results() base the
'add_to_autoconnect' parameter on station_is_autoconnecting().  Simplify
the code by having station_set_scan_results() invoke that itself.
'add_to_autoconnect' now becomes an 'intent' parameter, specifying
whether autoconnect path should be invoked as a result of these scan
results or not when station is in an appropriate state.  Rename
'add_to_autoconnect' parameter to make this clearer.
2021-09-16 16:38:16 -05:00
Denis Kenzior
514e3b2710 station: Don't autoconnect via debug scans
Scans triggered via the StationDebug interface should not trigger the
autoconnect logic.
2021-09-16 16:38:03 -05:00
James Prestwood
163fb868c2 station: Ignore OWE Transition BSSes
BSSes that advertise OWE Transition IE are special and should be ignored
for the purposes of ConnectHiddenNetwork
2021-09-16 16:35:57 -05:00
James Prestwood
e10bb3bd77 station: Do not re-process cached entries for anqp
If the frequency of the bss is not in the list of frequencies for the
current scan, then this is a cached bss.  It was likely already
processed for ANQP before, so skip it.
2021-09-16 16:35:15 -05:00
James Prestwood
a94c0ed29e scan: keep track of OWE Transition element 2021-09-16 11:21:32 -05:00
James Prestwood
df6221bcb2 scan: allow non-utf8 SSIDs to be scanned for
IWD has restricted SSIDs to only utf8 so they can be displayed but
with the addition of OWE transition networks this is an unneeded
restriction (for these networks). The SSID of an OWE transition
network is never displayed to the user so limiting to utf8 isn't
required.

Allow non-utf8 SSIDs to be scanned for by including the length in
the scan parameters and not relying on strlen().
2021-09-16 11:20:46 -05:00
James Prestwood
56c2cf9f10 ie: add ie_parse_owe_transition_from_data
This is a parser for the WFA OWE Transition element. For now the
optional band/channel bytes will not be parsed as hostapd does not
yet support these and would also require the 802.11 appendix E-1
to be added to IWD. Because of this OWE Transition networks are
assumed to be on the same channel as their open counterpart.
2021-09-16 11:20:14 -05:00
Andrew Zaborowski
42bd5ba7c2 netconfig: Remove usage of in6_addr.__in6_u
in6_addr.__in6_u.__u6_addr8 is glibc-specific and named differently in
the headers shipped with musl libc for example.  The POSIX compliant and
universal way of accessing it is in6_addr.s6_addr.
2021-09-16 11:09:51 -05:00
James Prestwood
c19dc6605f network: fix pending hidden OWE scan logic
This was actually broken if triggered because __network_connect
checks if network->connect_after_owe_hidden is set and returns
already in progress. We want to keep this behavior though for
obvious reasons.

To fix this station_connect_network can be called directly which
bypasses the check. This is essentially how ANQP avoids this
problem as well.
2021-09-15 18:36:54 -05:00
James Prestwood
f8b703efed network: support connect during OWE hidden scan
Similar to ANQP a connect call could come in while station is
scanning for OWE hidden networks. This is supported in the same
manor by saving away the dbus message and resuming the connection
after the hidden OWE scan.
2021-09-15 15:49:21 -05:00
James Prestwood
e6f5efbe73 station: add OWE_HIDDEN_STARTED/FINISHED events 2021-09-15 15:49:05 -05:00
James Prestwood
81816ce04d station: network: make ANQP watch a generic event
With the addition of OWE transition network needs to be notified
of the hidden OWE scan which is quite similar to how it is notified
of ANQP. The ANQP event watch can be made generic and reused to
allow other events besides ANQP.
2021-09-15 15:49:02 -05:00
James Prestwood
926dc608af network: set handshake SSID based on BSS, not network
This is being added to support OWE transition mode. For these
type of networks the OWE BSS may contain a different SSID than
that of the network, but the WFA spec requires this be hidden
from the user. This means we need to set the handshake SSID based
on the BSS rather than the network object.
2021-09-15 14:59:05 -05:00
James Prestwood
4329b669d0 ie: add WFA OWE Transition element type 2021-09-15 12:56:43 -05:00
Andrew Zaborowski
8b573fe398 netconfig: Refactor netconfig_set_dns
Refactor netconfig_set_dns to be a bit easier to follow and remove use
of macros.  Also bail out early if no DNS addresses are provided instead
of building an empty DNS list since resolve_set_dns() simply returns if
a NULL or empty DNS list is provided.
2021-09-14 15:12:12 -05:00
Denis Kenzior
23af586acd netdev: Properly handle auth_proto error returns
Kernel keeps transmitting authentication frames until told to stop or an
authentication frame the kernel considers 'final' is received.  Detect
cases where the kernel would keep retransmitting, and if auth_proto
encounters a fatal protocol error, prevent these retransmissions from
occuring by sending a Deauthenticate command to the kernel.

Additionally, treat -EBADMSG/-ENOMSG return from auth_proto specially.
These error codes are meant to convey that a frame should be silently
dropped and retransmissions should continue.
2021-09-08 17:04:36 -05:00
James Prestwood
3d82ab167f mpdu: add MMPDU_STATUS_CODE_SAE_PK 2021-09-08 16:47:36 -05:00
James Prestwood
305189523a auth-proto: document acceptable return values for auth-protos
Since all auth-protos are hidden behind an abstraction they need
to be consisten with the return values as some should be handled
specially.
2021-09-08 16:46:45 -05:00
James Prestwood
7e9b4170b1 sae: don't send commit/confirm in confirmed state
This works around a hostapd bug (described more in the TODO comment)
which is exposed because of the kernels overly agressive re-transmit
behavior on missed ACKs. Combined this results in a death if the
initial commit is not acked. This behavior has been identified in
consumer access points and likely won't ever be patched for older
devices. Because of this IWD must work around the problem which can
be eliminated by not sending out this commit message.

This bug was reported to the hostapd ML:

https://lists.infradead.org/pipermail/hostap/2021-September/039842.html

This change should not cause any compatibility problems to non-hostapd
access points and is identical to how wpa_supplicant treats this
scenario.
2021-09-08 16:46:07 -05:00
James Prestwood
f78ea26f13 fils: change fatal return code to -EPROTO
This keeps FILS consistent with what netdev expects for a fatal
auth-proto return.
2021-09-08 14:35:05 -05:00
James Prestwood
8ca638fb88 sae: fix a spec violation with duplicate commits
If a commit is received while in an accepted state the spec states
the scalar should be checked against the previous commit and if
equal the message should be silently dropped.
2021-09-08 14:16:40 -05:00
James Prestwood
799e7af9c7 sae: print state and transaction on received packets
This will make SAE a bit easier to debug in the future.
2021-09-07 20:03:02 -05:00
James Prestwood
7fe55567bd netdev: print error if CMD_ASSOCIATE fails 2021-09-07 20:02:45 -05:00
Denis Kenzior
9d045fae0e scan: Parse network cost IE info into scan_bss 2021-09-03 16:32:51 -05:00
Denis Kenzior
c93966d5a1 ie: Add parse utility for network cost vendor IE 2021-09-03 16:30:28 -05:00
Andrew Zaborowski
c545674918 station: Check ie_tlv_iter_next return value
This can't be false but check it to calm static analysis.
2021-09-03 14:49:25 -05:00
Andrew Zaborowski
48c5e8d215 netconfig: Actually use the DNS override values
In netconfig_load_settings apply the DNS overrides strings we've loaded
instead of leaking them.

Fixes: ad228461ab ("netconfig: Move loading settings to new method, refactor")
2021-09-03 14:49:15 -05:00
Denis Kenzior
dd9265f2db netdev: deauth if eapol_start fails 2021-09-03 14:40:16 -05:00
James Prestwood
8b6ad5d3b9 owe: netdev: refactor to remove OWE as an auth-proto 2021-09-03 14:34:30 -05:00
James Prestwood
038b9bff4d wsc: set ssid in handshake
netdev now assumes the SSID was set in the handshake (normally via
network_handshake_setup) but WSC calls netdev_connect directly so
it also should set the SSID.
2021-09-03 14:30:44 -05:00
James Prestwood
db2f14225d netdev: factor out scan_bss from CMD_CONNECT builder
In order to support OWE in the CMD_CONNECT path the scan_bss parameter
needs to be removed since this is lost after netdev_connect returns.
Nearly everything needed is also stored in the handshake except the
privacy capability which is now being mirrored in the netdev object
itself.
2021-09-03 14:30:44 -05:00
James Prestwood
3975e4eb6d station: check for duplicate frequencies in debug scan 2021-09-03 13:19:49 -05:00
Andrew Zaborowski
5b7ec7689a ap: Add MACs to FILS IP Assignment responses
Try to include the gateway and DNS MAC addresses in the corresponding
fields in the FILS IP Address Assignment IEs we send to the clients.
2021-08-31 10:10:05 -05:00
Andrew Zaborowski
093d23a869 netconfig: Apply MACs received in FILS IP Assigment
Use the MAC addresses for the gateways and DNS servers received in the
FILS IP Assigment IE together with the gateway IP and DNS server IP.
Commit the IP to MAC mappings directly to the ARP/NDP tables so that the
network stack can skip sending the corresponding queries over the air.
2021-08-31 10:07:13 -05:00
Andrew Zaborowski
eb1149ca1f ie: Extract same-subnet check code to util.h 2021-08-31 10:06:47 -05:00
Andrew Zaborowski
d383a49b7b station, netdev: Enable FILS IP Address Assignment
Send and receive the FILS IP Address Assignment IEs during association.
As implemented this would work independently of FILS although the only
AP software handling this mechanism without FILS is likely IWD itself.

No support is added for handling the IP assignment information sent from
the server after the initial Association Request/Response frames, i.e.
the information is only used if it is received directly in the
Association Response without the "response pending" bit, otherwise the
DHCP client will be started.
2021-08-31 10:04:36 -05:00
Andrew Zaborowski
581b6139dc netconfig: FILS IP assigment API
Add two methods that will allow station to implement FILS IP Address
Assigment, one method to decide whether to send the request during
association, and fill in the values to be used in the request IE, and
another to handle the response IE values received from the server and
apply them.  The netconfig->rtm_protocol value used when the address is
assigned this way remains RTPROT_DHCP because from the user's point of
view this is automatic IP assigment by the server, a replacement for
DHCP.
2021-08-31 10:01:11 -05:00
Andrew Zaborowski
ad228461ab netconfig: Move loading settings to new method, refactor
Split loading settings out of network_configure into a new method,
network_load_settings.  Make sure both consistently handle errors by
printing messages and informing the caller.
2021-08-31 08:37:47 -05:00
James Prestwood
4b38c92f26 netdev: force SAE group 19 if BSS requires 2021-08-25 13:05:15 -05:00
James Prestwood
6680a771e8 sae: add sae_sm_set_force_group_19
Setter which forces the use of group 19 rather than the group order
that ELL provides. Certain APs have been found to have buggy group
negotiation and only work if group 19 is tried first, and only. When
an AP like this this is found (based on vendor OUI match) SAE will
use group 19 unconditionally, and fail if group 19 does not work.
Other groups could be tried upon failure but per the spec group 19
must be supported so there isn't much use in trying other, optional
groups.
2021-08-25 13:05:05 -05:00
James Prestwood
194b4cf60e scan: set force_default_sae_group if OUI matches 2021-08-25 13:04:15 -05:00
James Prestwood
f26f51bf8c ie: add is_ie_default_sae_group_oui
Start an OUI list of vendors who have buggy SAE group negotiation
2021-08-25 12:58:55 -05:00
Andrew Zaborowski
58d2814a92 ap: Support FILS IP Address Assignment IE
Handle the 802.11ai FILS IP Address Assignment IEs in Association
Request frames when netconfig is enabled.  Only IPv4 is supported.
Like the P2P IP Allocation mechanism, since the payload format and logic
is independent from the rest of the FILS standard this is enabled
unconditionally for clients who want to use it even though we don't
actually do FILS in AP mode.
2021-08-25 08:32:16 -05:00
Andrew Zaborowski
8f5f62575d ie: Add FILS IP Address Assignment parsers and builders 2021-08-25 08:02:57 -05:00
Andrew Zaborowski
3045ef0770 ap: Expire client's leases on disconnect
If netconfig is enabled tell the DHCP server to expire any leases owned
by the client that is disconnecting by using l_dhcp_server_expire_by_mac
to return the IPs to the IP pool.  They're added to the expired list
so they'd only be used if there are no other addresses left in the pool
and can be reactivated if the client comes back before the address is
used by somebody else.

This should ensure that we're always able to offer an address to a new
client as long as there are fewer concurrent clients than addresses in
the configured subnet or IP range.
2021-08-25 08:02:38 -05:00
Andrew Zaborowski
bc046994db ap: Implement P2P GO-side 4-way handshake IP Allocation
Use the struct handshake_state::support_ip_allocation field already
supported in eapol.c authenticator side to enable the P2P IP Allocation
mechanism in ap.c.  Add the P2P_GROUP_CAP_IP_ALLOCATION bit in P2P group
capabilities to signal the feature is now supported.

There's no harm in enabling this feature in every AP (not just P2P Group
Owner) but the clients won't know whether we support it other than
through that P2P-specific group capability bit.
2021-08-25 08:02:13 -05:00
Andrew Zaborowski
a90c4025f1 handshake: Add HANDSHAKE_EVENT_P2P_IP_REQUEST
Add a handshake event for use by the AP side for mechanisms that
allocate client IPs during the handshake: P2P address allocation and
FILS address assignment.  This is emitted only when EAPOL or the
auth_proto is actually about to send the network configuration data to
the client so that ap.c can skip allocating a DHCP leases altogether if
the client doesn't send the required KDE or IE.
2021-08-25 08:01:23 -05:00
Denis Kenzior
a75126af39 netdev: Retry IF_OPER_UP
Some drivers ignore the initial IF_OPER_UP setting that was sent during
netdev_connect_ok().  Attempt to work around this by parsing New Link
events.  If OperState setting is still not correct in a subsequent event,
retry setting OperState to IF_OPER_UP.
2021-08-20 09:49:29 -05:00
James Prestwood
9eb3adc33b anqp: print MAC when sending ANQP request 2021-08-18 19:52:20 -05:00
James Prestwood
ea572f23fc network: handle NULL/hotspot networks when removing secrets
The hotspot case can actually result in network being NULL which
ends up crashing when accessing "->secrets". In addition any
secrets on this network were never removed for hotspot networks
since everything happened in network_unset_hotspot.
2021-08-18 16:58:31 -05:00
James Prestwood
99a94bc441 network: destroy secrets on known network removal
If a known network is removed explicitly IWD should forget any
secrets cached on the network object.
2021-08-17 11:44:36 -05:00
James Prestwood
cd2dd4e2dc station: Add generic Event signal
This is meant to be used as a generic notification to autotests. For
now 'no-roam-candidates' is the only event being sent. The idea
is to extend these events to signal conditions that are otherwise
undiscoverable in autotesting.
2021-08-13 14:44:24 -05:00
Andrew Zaborowski
2af0166970 ap: Make station removal safer
Replace instances of the ap_del_station() +
ap_sta_free()/ap_remove_sta() with calls to ap_station_disconnect to
make sure we consistently remove the station from the ap->sta_states
queue before using ap_del_station().  ap_del_station() may generate an
event to the ap.h API user (e.g. P2P) and this may end up tearing down
the AP completely.

For that scenario we also don't want ap_sta_free() to access sta->ap so
we make sure ap_del_station() performs these cleanup steps so that
ap_sta_free() has nothing to do that accesses sta->ap.
2021-08-13 10:49:28 -05:00
Andrew Zaborowski
97a34e6b4a ap: Fix an invalid access in ap_write_wsc_ie
client_frame is not valid for a beacon frame as beacons are not sent in
response to another frame.  Move the access to client_frame->address_2
to the conditional blocks for Probe Response and Association Response
frames.
2021-08-13 10:49:28 -05:00
Andrew Zaborowski
5c9de0cf23 eapol: Store IP address in network byte order
Switch handshake_state's .client_ip_addr, .subnet_mask and .go_ip_addr
from host byte order to network by order.
2021-08-13 10:47:05 -05:00
James Prestwood
dffff73e89 station: implement Scan on debug interface
This is to support the autotesting framework by allowing a smaller
scan subset. This will cut down on the amount of time spent scanning
via normal DBus scans (where the entire spectrum is scanned).
2021-08-13 10:44:26 -05:00