mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-22 13:02:44 +01:00
7199f61dc2
If Re-Key Offload is enabled, and a re-key occurs, the kernel will send us an event with the updated Replay Counter. This information needs to be processed accordingly.
391 lines
12 KiB
Plaintext
391 lines
12 KiB
Plaintext
Background
|
|
==========
|
|
|
|
- Priority scale: High, Medium and Low
|
|
|
|
- Complexity scale: C1, C2, C4 and C8. The complexity scale is exponential,
|
|
with complexity 1 being the lowest complexity. Complexity is a function
|
|
of both task 'complexity' and task 'scope'.
|
|
|
|
The general rule of thumb is that a complexity 1 task should take 1-2 weeks
|
|
for a person very familiar with the codebase. Higher complexity tasks
|
|
require more time and have higher uncertainty.
|
|
|
|
Higher complexity tasks should be refined into several lower complexity tasks
|
|
once the task is better understood.
|
|
|
|
|
|
mac80211_hwsim
|
|
==============
|
|
|
|
- Add support for HWSIM_CMD_SET_RADIO command
|
|
|
|
To allow modifying an existing radio, add the HWSIM_CMD_SET_RADIO. The
|
|
first possible feature should be to emulate the hardware RFKILL switch.
|
|
|
|
It might be required to add a HWSIM_ATTR_RADIO_HW_RFKILL attribute flag
|
|
to the HWSIM_CMD_NEW_RADIO to enable virtual radios with a hardware
|
|
level RFKILL switch.
|
|
|
|
Priority: Medium
|
|
Complexity: C1
|
|
|
|
- Allow configuration of MAC address or list of MAC addresses
|
|
|
|
The radios are auto-generating a fake MAC address. It would be useful
|
|
to allow specifying a MAC address to be used. In certain cases it might
|
|
be also useful to provide a list of MAC addresses so that for example
|
|
with secondary interfaces these can be used.
|
|
|
|
Priority: Low
|
|
Complexity: C2
|
|
|
|
- Move mac80211_hwsim.h header file to UAPI includes
|
|
|
|
The mac80211_hwsim.h is the public API description of this netlink
|
|
interface and thus it should be provided via UAPI includes.
|
|
|
|
For this work work the mac80211_hwsim.h header needs to be modified
|
|
so that it also compiles from userspace. At the moment it throws
|
|
errors. And it needs to become part of the UAPI headers of the
|
|
Linux kernel.
|
|
|
|
In addition it should provide HWSIM_GENL_NAME that provides the
|
|
generic netlink "MAC82011_HWSIM" family string.
|
|
|
|
Priority: Low
|
|
Complexity: C1
|
|
|
|
- Provide kernel option to allow defining the number of initial radios
|
|
|
|
By default the mac80211_hwsim modules creates 2 radios by default unless
|
|
it is overwritten with the radios=x module parameter.
|
|
|
|
To allow loading the mac80211_hwsim by default and even with accidental
|
|
loading of the module, it would be good to provide a kernel configuration
|
|
option that allows changing the default value here.
|
|
|
|
For our testing we want to load mac80211_hwsim without any radios. Maybe
|
|
this should be the default for the new kernel option.
|
|
|
|
If the default of initial radios can be changed to zero, then it is also
|
|
possible to add MODULE_ALIAS_GENL_FAMILY to support auto-loading of
|
|
the mac80211_hwsim kernel module.
|
|
|
|
Priority: Low
|
|
Complexity: C1
|
|
|
|
- New configuration options for radios
|
|
|
|
At the moment the radios created are all equal and feature rich. However
|
|
for testing we want to create radios with different emulated hardware
|
|
capabilities. Provide new attributes or flags that allow enabling or
|
|
disabling certain mac80211 features.
|
|
|
|
For example AP mode, P2P mode, number of interface combinations, TDLS
|
|
support, number of Scan SSIDs, supported ciphers and so on.
|
|
|
|
Priority: Low
|
|
Complexity: C2
|
|
|
|
|
|
cfg80211 / nl80211
|
|
==================
|
|
|
|
- Disconnect from network / station when client crashes
|
|
|
|
When associating or connecting to a network, it should be possible to
|
|
bind this transaction to a specific netlink client. So that in case
|
|
this client terminates without, any connection will be also terminated.
|
|
|
|
This should affect NL80211_CMD_ASSOCIATE and NL80211_CMD_CONNECT. It
|
|
seems that this is not needed for NL80211_CMD_AUTHENTICATE since that
|
|
command will eventually time out, but it might be a good idea to even
|
|
support it there.
|
|
|
|
Maybe a new attribute similar to NL80211_ATTR_IFACE_SOCKET_OWNER should
|
|
be used for this behavior.
|
|
|
|
Priority: High
|
|
Complexity: C4
|
|
|
|
- Add missing support for NL80211_CMD_GET_INTERFACE filtering
|
|
|
|
The NL80211_CMD_GET_INTERFACE command description indicates that you
|
|
can filter results based NL80211_ATTR_WIPHY. This feature has never
|
|
been implemented.
|
|
|
|
Either remove that feature from the description since it does not exist
|
|
or actually implemented the filtering on wiphy. Johannes indicated that
|
|
fixing the description might be the better approach. If the feature is
|
|
easy to add, then it should be added. However if filtering on wiphy is
|
|
a rather complicated task, then better just update the description to
|
|
match the reality.
|
|
|
|
Priority: Low
|
|
Complexity: C2
|
|
|
|
|
|
Wireless monitor
|
|
================
|
|
|
|
- Add support for Information Element (IE) decoding
|
|
|
|
Several netlink attributes provide binary blobs representing IEs. Add
|
|
support for decoding them inline using the src/ie.c infrastructure.
|
|
|
|
Priority: Medium
|
|
Complexity: C1
|
|
Owner: Patrik Flykt <patrik.flykt@linux.intel.com>
|
|
|
|
- Add support for PACKET_RECV_OUTPUT socket option of AF_PACKET
|
|
|
|
Instead of having to switch every interface manually into promiscuous
|
|
mode, it would be useful to set PACKET_RECV_OUTPUT to receive also
|
|
the traffic that leaves the system.
|
|
|
|
This would make tracing PAE / EAPoL traffic easy and provides better
|
|
sniffing capabilities.
|
|
|
|
Priority: High
|
|
Complexity: C1
|
|
|
|
- Subscribe to all nl80211 multicast groups at startup
|
|
|
|
It seems the nlmon packets are limited to actual subscribed mutlicast
|
|
groups. To get a complete picture of all the nl80211 commands and
|
|
events, it is required that iwmon adds membership to all multicast
|
|
groups that the nl80211 lists.
|
|
|
|
This means that the netlink socket used for resolving nl80211 family
|
|
name needs to be kept open and actively processed since it will also
|
|
receive these multicast events. However the event itself can be dropped
|
|
since the one from nlmon with the proper kernel level timestamps should
|
|
be taken into account.
|
|
|
|
An alternative is to fix the netlink_deliver_tap() function in the
|
|
kernel netlink layer to not be affected by the broadcast filtering.
|
|
|
|
Priority: Medium
|
|
Complexity: C1
|
|
|
|
- Add support for receiving kernel side timestamps
|
|
|
|
When packets are received from nlmon, they should be marked with an
|
|
appropiate timestamp. Enable SO_TIMESTAMP socket option.
|
|
|
|
Priority: Medium
|
|
Complexity: C1
|
|
|
|
- Colorize the command, response and event packets
|
|
|
|
Use terminal colors to separate command, response and event packets
|
|
with different colors.
|
|
|
|
Priority: Medium
|
|
Complexity: C1
|
|
|
|
- Add support for writing PCAP files
|
|
|
|
The new -w <file> option should allow for writing PCAP files with the
|
|
Linux SLL link type.
|
|
|
|
When creating PCAP files using tcpdump a lot of extra information from
|
|
all netlink sockets are written. This write support should only write
|
|
the information related to nl80211. However parts from the generic
|
|
netlink control channel from resolving the nl80211 family name must
|
|
be included as well.
|
|
|
|
It might be also beneficial to include RTNL messages related to the
|
|
wireless network interfaces. Currently these are all filtered out.
|
|
|
|
Priority: Medium
|
|
Complexity: C2
|
|
|
|
- Track RTNL messages for wireless network interface
|
|
|
|
The RTNL messages indicate operation state changes and with are also
|
|
relevant for a complete picture of the userspace kernel communication.
|
|
|
|
However the complicated part is to identify which network interfaces
|
|
are wireless related and which are not. Obviously the non-wireless
|
|
network interfaces need to be filtered out.
|
|
|
|
Priority: Medium
|
|
Complexity: C2
|
|
Owner: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
|
|
|
|
- Handle netlink core control messages correctly
|
|
|
|
The core control netlink messages for NLMSG_ERROR and NLMSG_DONE are
|
|
not decoded properly. Add detailed decoding and also decode all the
|
|
flags that are related to the core control messages.
|
|
|
|
Priority: High
|
|
Complexity: C1
|
|
Owner: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
|
|
|
|
- Decode netlink REKEY_DATA attribute
|
|
|
|
According to nl80211, NL80211_ATTR_REKEY_DATA is a 'nested attribute
|
|
containing the information necessary for GTK rekeying in the device'. The
|
|
data seems to contain TK, GTK and Replay Counter attributes. However, the
|
|
format of the 'nesting' is not specified.
|
|
|
|
Priority: High
|
|
Complexity: C1
|
|
|
|
|
|
Wireless simulator
|
|
==================
|
|
|
|
- Add support for builtin wireless access point emulator
|
|
|
|
When creating a pair of mac80211_hwsim radios, allow one to operate as
|
|
access point. The hwsim utility will emulate the access point on the
|
|
second interface for as long as it is running. Which means that from
|
|
the first interface it is possible to scan and connect to this access
|
|
point using standard wireless tools (including iwd and iwctl).
|
|
|
|
Code for the AP mode can be shared from iwd feature for access point
|
|
operation once that has been implemented.
|
|
|
|
Priority: Medium
|
|
Complexity: C8
|
|
|
|
|
|
Wireless daemon
|
|
===============
|
|
|
|
- Building 802.11 authentications management frames
|
|
|
|
The other way round, provide a core API to encode an authentication
|
|
or deauthentication frame from a generic structure representing the
|
|
MPDU.
|
|
|
|
Priority: High
|
|
Complexity: C2
|
|
Owner: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
|
|
|
|
- Handle the relevant logic of the authentication management frames
|
|
|
|
When an authentication management frame is received, such frame needs
|
|
to be understood and handled properly.
|
|
|
|
Priority: High
|
|
Complexity: C2
|
|
|
|
- Add support for 4-way handshake authentication and key generation
|
|
|
|
The 4-way handshake key generation for pre-shared keys (PSK) should be
|
|
a standalone feature (independent from EAP).
|
|
|
|
It is also important to have extensive unit test support for 4-way
|
|
handshake messages and key generation itself.
|
|
|
|
Priority: High
|
|
Complexity: C4
|
|
Owner: Denis Kenzior <denkenz@gmail.com>
|
|
|
|
- Add support for EAP based authentication and key generation
|
|
|
|
Provide full EAP support for enterprise wireless. However it should be
|
|
possible to build wireless daemon without EAP support.
|
|
|
|
It is also intended that this EAP code can be utilized as shared library
|
|
and be beneficial for systemd-networkd for wired authentication.
|
|
|
|
Priority: Low
|
|
Complexity: C8
|
|
|
|
- Create a document to doc describing general architecture and relation
|
|
between different objects.
|
|
|
|
Current understanding is that diffrent relation between elements
|
|
looks probably like this:
|
|
Manager->Wiphy->NetDevice->AvailableNetwork
|
|
|
|
Wiphy is the actual physical device, NetDevice is the network interface
|
|
and AvailableNetwork is {SSID, security} combo. Each network can have
|
|
a list of BSSs.
|
|
Consider also multi-wifi device scenarios. If user has multiple USB
|
|
WiFi dongles and switches between those cards, all previously configured
|
|
networks should still be available.
|
|
|
|
Priority: High
|
|
Complexity: C2
|
|
|
|
- Centralize scanning logic and handling into scan.c.
|
|
|
|
There can be passive, active, listening (P2P) scanning to handle.
|
|
We need to handle background scan for roaming. Also scheduled scan
|
|
might need to be simulated when hw does not support it.
|
|
All scanning operations should be cancellable.
|
|
|
|
Priority: High
|
|
Complexity: C4
|
|
|
|
- Implement agent support in iwd.
|
|
|
|
If something needs to be asked from user, like passphrase etc.
|
|
a DBus agent interface can be registered by the user.
|
|
This is similar as what is implemented in ConnMan and BlueZ.
|
|
|
|
Priority: Medium
|
|
Complexity: C2
|
|
|
|
- Implement ARC4 cipher in iwd
|
|
|
|
ARC4 is used to encrypt EAPoL frames that are exchanged during WPA
|
|
authentication.
|
|
|
|
Priority: High
|
|
Complexity: C1
|
|
Owner: Denis Kenzior <denkenz@gmail.com>
|
|
|
|
- Implement AES cipher in iwd
|
|
|
|
AES is used to encrypt EAPoL frames that are exchanged during WPA2
|
|
authentication.
|
|
|
|
Priority: High
|
|
Complexity: C1
|
|
Owner: Denis Kenzior <denkenz@gmail.com>
|
|
|
|
- Coalesce BSS and security parameters into Network object
|
|
|
|
Coalesce all the BSS with the same SSID and security parameters into one
|
|
Network object in wiphy.c
|
|
|
|
Priority: High
|
|
Complexity: C2
|
|
Owner: Jukka Rissanen <jukka.rissanen@linux.intel.com>
|
|
|
|
- Add utility to create netlink REKEY_DATA attributes
|
|
|
|
The REKEY_DATA needs to be uploaded to the driver so that if re-keying is
|
|
triggered by the AP, the TK is updated properly. Additionally, helper
|
|
function to send NL80211_CMD_SET_REKEY_OFFLOAD command is required.
|
|
|
|
Priority: High
|
|
Complexity: C1
|
|
|
|
- React to NL80211_CMD_SET_REKEY_OFFLOAD events
|
|
|
|
This command can be sent to userspace whenever a re-key transaction has
|
|
occurred. The information contains the Replay Counter. The Replay Counter
|
|
used by iwd needs to be updated with the new value.
|
|
|
|
Priority: Medium
|
|
Complexity: C1
|
|
|
|
|
|
Client
|
|
======
|
|
|
|
- Remove kdbus left-overs, and implement the client properly with ell
|
|
library.
|
|
|
|
Priority: Low
|
|
Complexity: C1
|