[RFC connman v2 0/1] Add wpa_supplicant WPA3-SAE support
by Ariel D'Alessandro
Hi all,
Here's another attemp on adding WPA3-SAE support to connman
(wpa_supplicant backend).
I'd like comments on the following mainly:
Based on plugin/iwd.c, a private data struct is added to each network
in plugin/wifi.c so it can keep track of keymgmt capabilities, needed to
use WPA3-SAE if it's available. See RFC v1 thread for more details.
Note that this is an RFC patchset. Feel free to give any kind of
feedback, always appreciated :-)
Changes from v1:
* Dropped changes to service API.
* Unified WPA3-SAE under WPA-PSK.
* Added private data struct to network in plugin/wifi.c
Regards,
Ariel D'Alessandro (1):
WIP: Add wpa_supplicant WPA3-SAE support
gsupplicant/gsupplicant.h | 10 ++++++++++
gsupplicant/supplicant.c | 33 ++++++++++++++++++++++++++++++---
plugins/wifi.c | 21 +++++++++++++++++++++
3 files changed, 61 insertions(+), 3 deletions(-)
--
2.30.2
1 year, 1 month
Buy 2/3Bhk Luxurious Apartments in Express Astra at Noida
by Rashmi Singh
Express astra is making very attractive flats for you that too at very low prices.Express Astra is situated at Greater Noida West. Express astra provides you all the facilities at your home.The makers of this dynamic residential project know this very well. That is why they have chosen innovative and attractive designs for the Express Astra. This project is made by express builders who are famous for their past works. If you have any queries please visit our site:- http://expressastra.co/
1 year, 1 month
[PATCH] auto-t: update deprecated option
by James Prestwood
testBSSBlacklist was using the old addressr randomization option
---
autotests/testBSSBlacklist/main.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/autotests/testBSSBlacklist/main.conf b/autotests/testBSSBlacklist/main.conf
index d1e78fef..f81a5ae8 100644
--- a/autotests/testBSSBlacklist/main.conf
+++ b/autotests/testBSSBlacklist/main.conf
@@ -2,4 +2,4 @@
InitialTimeout=10
[Scan]
-disable_mac_randomization=true
+DisableMacAddressRandomization=true
--
2.31.1
1 year, 1 month
[PATCH 1/2] eap-aka: round to nearest word on message buffers
by James Prestwood
One of these message buffers was overflowing due to padding not
being taken into account (caught by sanitizers). Wrapped the length
of all message buffers with EAP_SIM_ROUND as to account for any
padding that attributes may add.
---
src/eap-aka.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/eap-aka.c b/src/eap-aka.c
index 3ac0b662..9b693875 100644
--- a/src/eap-aka.c
+++ b/src/eap-aka.c
@@ -189,7 +189,7 @@ static void check_milenage_cb(const uint8_t *res, const uint8_t *ck,
struct eap_aka_handle *aka = eap_get_data(eap);
size_t resp_len = aka->protected ? 44 : 40;
- uint8_t response[resp_len + 4];
+ uint8_t response[EAP_SIM_ROUND(resp_len + 4)];
uint8_t *pos = response;
if (auts) {
@@ -512,7 +512,7 @@ static void handle_notification(struct eap_state *eap, const uint8_t *pkt,
if (value == EAP_SIM_SUCCESS && aka->protected &&
aka->state == EAP_AKA_STATE_CHALLENGE) {
/* header + MAC + MAC header */
- uint8_t response[8 + EAP_SIM_MAC_LEN + 4];
+ uint8_t response[EAP_SIM_ROUND(8 + EAP_SIM_MAC_LEN + 4)];
uint8_t *pos = response;
/*
@@ -564,7 +564,7 @@ static void handle_identity(struct eap_state *eap, const uint8_t *pkt,
size_t len)
{
struct eap_aka_handle *aka = eap_get_data(eap);
- uint8_t response[8 + strlen(aka->identity) + 4];
+ uint8_t response[EAP_SIM_ROUND(8 + strlen(aka->identity) + 4)];
uint8_t *pos = response;
if (aka->state != EAP_AKA_STATE_UNCONNECTED) {
--
2.31.1
1 year, 1 month
[PATCH 1/9] knownnetworks: copy network_config on update
by James Prestwood
The network_config was not being copied to network_info when
updated. This caused any new settings to be lost if the network
configuration file was updated during runtime.
---
src/knownnetworks.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/knownnetworks.c b/src/knownnetworks.c
index 09acdd3c..85648ead 100644
--- a/src/knownnetworks.c
+++ b/src/knownnetworks.c
@@ -464,6 +464,8 @@ void known_network_update(struct network_info *network,
}
known_network_set_autoconnect(network, new->is_autoconnectable);
+
+ memcpy(&network->config, new, sizeof(struct network_config));
}
bool known_networks_foreach(known_networks_foreach_func_t function,
--
2.31.1
1 year, 1 month
[PATCH] netdev: fix RoamThreshold5G
by James Prestwood
The RoamThreshold5G was never honored because it was being
set prior to any connections. This caused the logic inside
netdev_cqm_rssi_update to always choose the 2GHz threshold
(RoamThreshold) due to netdev->frequency being zero at this time.
Instead call netdev_cqm_rssi_update in all connect/transition
calls after netdev->frequency is updated. This will allow both
the 2G and 5G thresholds to be used depending on what frequency
the new BSS is.
The call to netdev_cqm_rssi_update in netdev_setup_interface
was also removed since it serves no purpose, at least now
that there are two thresholds to consider.
---
src/netdev.c | 192 +++++++++++++++++++++++++--------------------------
1 file changed, 96 insertions(+), 96 deletions(-)
diff --git a/src/netdev.c b/src/netdev.c
index 6a6deafd..deb780dc 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -3161,6 +3161,100 @@ static int netdev_start_powered_mac_change(struct netdev *netdev)
return 0;
}
+static struct l_genl_msg *netdev_build_cmd_cqm_rssi_update(
+ struct netdev *netdev,
+ const int8_t *levels,
+ size_t levels_num)
+{
+ struct l_genl_msg *msg;
+ uint32_t hyst = 5;
+ int thold_count;
+ int32_t thold_list[levels_num + 2];
+ int threshold = netdev->frequency > 4000 ? LOW_SIGNAL_THRESHOLD_5GHZ :
+ LOW_SIGNAL_THRESHOLD;
+
+ if (levels_num == 0) {
+ thold_list[0] = threshold;
+ thold_count = 1;
+ } else {
+ /*
+ * Build the list of all the threshold values we care about:
+ * - the low/high level threshold,
+ * - the value ranges requested by
+ * netdev_set_rssi_report_levels
+ */
+ unsigned int i;
+ bool low_sig_added = false;
+
+ thold_count = 0;
+ for (i = 0; i < levels_num; i++) {
+ int32_t val = levels[levels_num - i - 1];
+
+ if (i && thold_list[thold_count - 1] >= val)
+ return NULL;
+
+ if (val >= threshold && !low_sig_added) {
+ thold_list[thold_count++] = threshold;
+ low_sig_added = true;
+
+ /* Duplicate values are not allowed */
+ if (val == threshold)
+ continue;
+ }
+
+ thold_list[thold_count++] = val;
+ }
+ }
+
+ msg = l_genl_msg_new_sized(NL80211_CMD_SET_CQM, 32 + thold_count * 4);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
+ l_genl_msg_enter_nested(msg, NL80211_ATTR_CQM);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_CQM_RSSI_THOLD,
+ thold_count * 4, thold_list);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_CQM_RSSI_HYST, 4, &hyst);
+ l_genl_msg_leave_nested(msg);
+
+ return msg;
+}
+
+static void netdev_cmd_set_cqm_cb(struct l_genl_msg *msg, void *user_data)
+{
+ int err = l_genl_msg_get_error(msg);
+ const char *ext_error;
+
+ if (err >= 0)
+ return;
+
+ ext_error = l_genl_msg_get_extended_error(msg);
+ l_error("CMD_SET_CQM failed: %s",
+ ext_error ? ext_error : strerror(-err));
+}
+
+static int netdev_cqm_rssi_update(struct netdev *netdev)
+{
+ struct l_genl_msg *msg;
+
+ l_debug("");
+
+ if (!wiphy_has_ext_feature(netdev->wiphy,
+ NL80211_EXT_FEATURE_CQM_RSSI_LIST))
+ msg = netdev_build_cmd_cqm_rssi_update(netdev, NULL, 0);
+ else
+ msg = netdev_build_cmd_cqm_rssi_update(netdev,
+ netdev->rssi_levels,
+ netdev->rssi_levels_num);
+ if (!msg)
+ return -EINVAL;
+
+ if (!l_genl_family_send(nl80211, msg, netdev_cmd_set_cqm_cb,
+ NULL, NULL)) {
+ l_genl_msg_unref(msg);
+ return -EIO;
+ }
+
+ return 0;
+}
+
static bool netdev_connection_work_ready(struct wiphy_radio_work_item *item)
{
struct netdev *netdev = l_container_of(item, struct netdev, work);
@@ -3309,6 +3403,7 @@ static int netdev_connect_common(struct netdev *netdev,
netdev->frequency = bss->frequency;
netdev->cur_rssi = bss->signal_strength / 100;
netdev_rssi_level_init(netdev);
+ netdev_cqm_rssi_update(netdev);
handshake_state_set_authenticator_address(hs, bss->addr);
@@ -3804,6 +3899,7 @@ static void prepare_ft(struct netdev *netdev, struct scan_bss *target_bss)
}
netdev_rssi_polling_update(netdev);
+ netdev_cqm_rssi_update(netdev);
if (netdev->sm) {
eapol_sm_free(netdev->sm);
@@ -4904,75 +5000,6 @@ static void netdev_unicast_notify(struct l_genl_msg *msg, void *user_data)
}
}
-static struct l_genl_msg *netdev_build_cmd_cqm_rssi_update(
- struct netdev *netdev,
- const int8_t *levels,
- size_t levels_num)
-{
- struct l_genl_msg *msg;
- uint32_t hyst = 5;
- int thold_count;
- int32_t thold_list[levels_num + 2];
- int threshold = netdev->frequency > 4000 ? LOW_SIGNAL_THRESHOLD_5GHZ :
- LOW_SIGNAL_THRESHOLD;
-
- if (levels_num == 0) {
- thold_list[0] = threshold;
- thold_count = 1;
- } else {
- /*
- * Build the list of all the threshold values we care about:
- * - the low/high level threshold,
- * - the value ranges requested by
- * netdev_set_rssi_report_levels
- */
- unsigned int i;
- bool low_sig_added = false;
-
- thold_count = 0;
- for (i = 0; i < levels_num; i++) {
- int32_t val = levels[levels_num - i - 1];
-
- if (i && thold_list[thold_count - 1] >= val)
- return NULL;
-
- if (val >= threshold && !low_sig_added) {
- thold_list[thold_count++] = threshold;
- low_sig_added = true;
-
- /* Duplicate values are not allowed */
- if (val == threshold)
- continue;
- }
-
- thold_list[thold_count++] = val;
- }
- }
-
- msg = l_genl_msg_new_sized(NL80211_CMD_SET_CQM, 32 + thold_count * 4);
- l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
- l_genl_msg_enter_nested(msg, NL80211_ATTR_CQM);
- l_genl_msg_append_attr(msg, NL80211_ATTR_CQM_RSSI_THOLD,
- thold_count * 4, thold_list);
- l_genl_msg_append_attr(msg, NL80211_ATTR_CQM_RSSI_HYST, 4, &hyst);
- l_genl_msg_leave_nested(msg);
-
- return msg;
-}
-
-static void netdev_cmd_set_cqm_cb(struct l_genl_msg *msg, void *user_data)
-{
- int err = l_genl_msg_get_error(msg);
- const char *ext_error;
-
- if (err >= 0)
- return;
-
- ext_error = l_genl_msg_get_extended_error(msg);
- l_error("CMD_SET_CQM failed: %s",
- ext_error ? ext_error : strerror(-err));
-}
-
int netdev_set_rssi_report_levels(struct netdev *netdev, const int8_t *levels,
size_t levels_num)
{
@@ -5131,31 +5158,6 @@ int netdev_get_all_stations(struct netdev *netdev, netdev_get_station_cb_t cb,
return 0;
}
-static int netdev_cqm_rssi_update(struct netdev *netdev)
-{
- struct l_genl_msg *msg;
-
- l_debug("");
-
- if (!wiphy_has_ext_feature(netdev->wiphy,
- NL80211_EXT_FEATURE_CQM_RSSI_LIST))
- msg = netdev_build_cmd_cqm_rssi_update(netdev, NULL, 0);
- else
- msg = netdev_build_cmd_cqm_rssi_update(netdev,
- netdev->rssi_levels,
- netdev->rssi_levels_num);
- if (!msg)
- return -EINVAL;
-
- if (!l_genl_family_send(nl80211, msg, netdev_cmd_set_cqm_cb,
- NULL, NULL)) {
- l_genl_msg_unref(msg);
- return -EIO;
- }
-
- return 0;
-}
-
static void netdev_add_station_frame_watches(struct netdev *netdev)
{
static const uint8_t action_neighbor_report_prefix[2] = { 0x05, 0x05 };
@@ -5192,8 +5194,6 @@ static void netdev_setup_interface(struct netdev *netdev)
{
switch (netdev->type) {
case NL80211_IFTYPE_STATION:
- /* Set RSSI threshold for CQM notifications */
- netdev_cqm_rssi_update(netdev);
netdev_add_station_frame_watches(netdev);
break;
default:
--
2.31.1
1 year, 2 months
[PATCH 1/2] test-runner: set msize to remove runtime warning
by James Prestwood
Newer QEMU version warn that msize is set too low and may result
in poor IO performance. The default is 8KiB which QEMU claims is
too low. Explicitly setting to 10KiB removes the warning:
qemu-system-x86_64: warning: 9p: degraded performance: a
reasonable high msize should be chosen on client/guest side
(chosen msize is <= 8192).
See https://wiki.qemu.org/Documentation/9psetup#msize for details.
---
tools/test-runner | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/test-runner b/tools/test-runner
index bc37b80c..98164f7a 100755
--- a/tools/test-runner
+++ b/tools/test-runner
@@ -1364,7 +1364,7 @@ def run_tests():
config.ctx = TestContext(args)
if args.log:
- mount('logdir', args.log, '9p', 0, 'trans=virtio,version=9p2000.L')
+ mount('logdir', args.log, '9p', 0, 'trans=virtio,version=9p2000.L,msize=10240')
# Clear out any log files from other test runs
for f in glob('%s/*' % args.log):
print("removing %s" % f)
--
2.31.1
1 year, 2 months
Bug with RoamThreshold5G
by Michael Johnson
Hi everyone,
I noticed that iwd wasn't roaming as much as I would expect given a
modified RoamTheshold5G
value. Looking into it, it seems like when the threshold is registered
for updates in
netdev_build_cmd_cqm_rssi_update we always use RoamThreshold. When
this bit of code is
called the frequency seems to always be 0 and so the non-5G variant is
used. This in turn becomes an issue once the frequency is set and the
correct threshold is used for other checks (at least if
RoamThreshold5G is configured higher than RoamThreshold).
Code:
netdev_build_cmd_cqm_rssi_update(...)
int threshold = netdev->frequency > 4000 ? LOW_SIGNAL_THRESHOLD_5GHZ :
LOW_SIGNAL_THRESHOLD;
l_debug("frequency: %u, threshold: %d", netdev->frequency,
threshold); // added for debug
Config:
[General]
EnableNetworkConfiguration=true
RoamThreshold=-60
RoamThreshold5G=-65
Output:
src/netdev.c:netdev_build_cmd_cqm_rssi_update() frequency: 0, threshold: -60
I'm not really sure what the right fix for this is. Can it just
request notifications for both
thresholds?
Regards,
Michael
1 year, 2 months
[PATCH 1/2] ap: Implement P2P GO-side 4-way handshake IP Allocation
by Andrew Zaborowski
Use the struct handshake_state::support_ip_allocation field already
supported in eapol.c authenticator side to enable the P2P IP Allocation
mechanism in ap.c. Add the P2P_GROUP_CAP_IP_ALLOCATION bit in P2P group
capabilities to signal the feature is now supported.
There's no harm in enabling this feature in every AP (not just P2P Group
Owner) but the clients won't know whether we support it other than
through that P2P-specific group capability bit. We might want to start
sending the IP Allocation Requests in our station mode 4-Way Handshakes
just in case the AP is IWD-based or implements the same logic.
Including the extra KDE would add 7 bytes (potentially wasted) in the
handshake frame 2/4.
---
src/ap.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
src/p2p.c | 1 +
2 files changed, 57 insertions(+)
diff --git a/src/ap.c b/src/ap.c
index aa0f2511..cf52e144 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -118,6 +118,7 @@ struct sta_state {
struct l_settings *wsc_settings;
uint8_t wsc_uuid_e[16];
bool wsc_v2;
+ struct l_dhcp_lease *ip_alloc_lease;
};
struct ap_wsc_pbc_probe_record {
@@ -177,6 +178,10 @@ static void ap_sta_free(void *data)
if (sta->gtk_query_cmd_id)
l_genl_family_cancel(ap->nl80211, sta->gtk_query_cmd_id);
+ if (sta->ip_alloc_lease)
+ l_dhcp_server_release_lease(ap->netconfig_dhcp,
+ sta->ip_alloc_lease);
+
ap_stop_handshake(sta);
l_free(sta);
@@ -830,6 +835,12 @@ static uint32_t ap_send_mgmt_frame(struct ap_state *ap,
callback, user_data, NULL, NULL);
}
+#define IP4_FROM_STR(str) \
+ (__extension__ ({ \
+ struct in_addr ia; \
+ inet_pton(AF_INET, str, &ia) == 1 ? ntohl(ia.s_addr) : 0; \
+ }))
+
static void ap_start_handshake(struct sta_state *sta, bool use_eapol_start,
const uint8_t *gtk_rsc)
{
@@ -854,6 +865,34 @@ static void ap_start_handshake(struct sta_state *sta, bool use_eapol_start,
handshake_state_set_gtk(sta->hs, sta->ap->gtk,
sta->ap->gtk_index, gtk_rsc);
+ if (ap->netconfig_dhcp) {
+ L_AUTO_FREE_VAR(char *, lease_addr_str) = NULL;
+ L_AUTO_FREE_VAR(char *, lease_netmask_str) = NULL;
+ char own_addr_str[INET_ADDRSTRLEN];
+
+ if (!sta->ip_alloc_lease)
+ sta->ip_alloc_lease = l_dhcp_server_new_lease(
+ ap->netconfig_dhcp,
+ sta->addr);
+
+ if (!sta->ip_alloc_lease) {
+ l_error("l_dhcp_server_new_lease failed, see "
+ "IWD_DHCP_DEBUG output");
+ ap_stop_handshake(sta);
+ goto error;
+ }
+
+ lease_addr_str = l_dhcp_lease_get_address(sta->ip_alloc_lease);
+ lease_netmask_str =
+ l_dhcp_lease_get_netmask(sta->ip_alloc_lease);
+ l_rtnl_address_get_address(ap->netconfig_addr4, own_addr_str);
+
+ sta->hs->support_ip_allocation = true;
+ sta->hs->client_ip_addr = IP4_FROM_STR(lease_addr_str);
+ sta->hs->subnet_mask = IP4_FROM_STR(lease_netmask_str);
+ sta->hs->go_ip_addr = IP4_FROM_STR(own_addr_str);
+ }
+
sta->sm = eapol_sm_new(sta->hs);
if (!sta->sm) {
ap_stop_handshake(sta);
@@ -877,12 +916,18 @@ static void ap_handshake_event(struct handshake_state *hs,
enum handshake_event event, void *user_data, ...)
{
struct sta_state *sta = user_data;
+ struct ap_state *ap = sta->ap;
va_list args;
va_start(args, user_data);
switch (event) {
case HANDSHAKE_EVENT_COMPLETE:
+ if (sta->ip_alloc_lease && !sta->hs->support_ip_allocation)
+ /* Client sent no IP Address Request */
+ l_dhcp_server_release_lease(ap->netconfig_dhcp,
+ l_steal_ptr(sta->ip_alloc_lease));
+
ap_new_rsna(sta);
break;
case HANDSHAKE_EVENT_FAILED:
@@ -2044,6 +2089,14 @@ static void ap_start_failed(struct ap_state *ap, int err)
l_free(ap);
}
+static void ap_sta_lease_expired(void *data, void *user_data)
+{
+ struct sta_state *sta = data;
+
+ if (sta->ip_alloc_lease == user_data)
+ sta->ip_alloc_lease = NULL;
+}
+
static void ap_dhcp_event_cb(struct l_dhcp_server *server,
enum l_dhcp_server_event event, void *user_data,
const struct l_dhcp_lease *lease)
@@ -2057,6 +2110,9 @@ static void ap_dhcp_event_cb(struct l_dhcp_server *server,
break;
case L_DHCP_SERVER_EVENT_LEASE_EXPIRED:
+ l_queue_foreach(ap->sta_states, ap_sta_lease_expired,
+ (void *) lease);
+
ap->ops->handle_event(AP_EVENT_DHCP_LEASE_EXPIRED, lease,
ap->user_data);
break;
diff --git a/src/p2p.c b/src/p2p.c
index 124372e6..3fb08009 100644
--- a/src/p2p.c
+++ b/src/p2p.c
@@ -1276,6 +1276,7 @@ static void p2p_group_start(struct p2p_device *dev)
dev->capability.group_caps |= P2P_GROUP_CAP_GO;
dev->capability.group_caps |= P2P_GROUP_CAP_GROUP_FORMATION;
+ dev->capability.group_caps |= P2P_GROUP_CAP_IP_ALLOCATION;
dev->group = ap_start(dev->conn_netdev, config, &p2p_go_ops, NULL, dev);
l_settings_free(config);
--
2.30.2
1 year, 2 months
[PATCH 1/3] doc: Add net.connman.iwd.NetworkConfiguration API doc
by Andrew Zaborowski
---
doc/network-configuration-api.txt | 52 +++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
create mode 100644 doc/network-configuration-api.txt
diff --git a/doc/network-configuration-api.txt b/doc/network-configuration-api.txt
new file mode 100644
index 00000000..5c302a37
--- /dev/null
+++ b/doc/network-configuration-api.txt
@@ -0,0 +1,52 @@
+Network Configuration hierarchy
+===============================
+
+Service net.connman.iwd
+Interface net.connman.iwd.NetworkConfiguration [Experimental]
+Object path /net/connman/iwd/{phy0,phy1,...}/{1,2,...}/{ipv4,ipv6}
+Object path /net/connman/iwd/{phy0,phy1,...}/p2p_peers/{aa_bb_cc_dd_ee_ff}
+
+Properties object Device [readonly]
+
+ The object path of the station, access point or P2P
+ device that this network configuration is active on.
+
+ In station mode, when network configuration is
+ enabled there may be one or two objects using this
+ interface and active on the same device: two if both
+ IPv4 and IPv6 addresses have been configured.
+
+ In P2P mode, this interface always refers to IPv4
+ network configuration.
+
+ string Method [readonly]
+
+ Indicates whether the local address was set
+ statically (value "static") or obtained automatically
+ such as through DHCP (value "auto"). Even when the
+ address was obtained from the remote end some
+ configuration bits, such as DNS addresses, may have
+ been overridden locally.
+
+ string Address [readonly]
+
+ Holds the local IP address.
+
+ byte PrefixLength [readonly]
+
+ Holds the prefix-length of the local subnet. For
+ IPv4 this maps to the netmask.
+
+ string Gateway [readonly, optional]
+
+ Holds the gateway address for the IPv4 subnet if one
+ exists.
+
+ array(string) DomainNameServers [readonly, optional]
+
+ Holds the list of domain name servers configured if
+ any.
+
+ string DomainNames [readonly, optional]
+
+ Holds the network's local domain names if any exist.
--
2.30.2
1 year, 2 months
