[wpa_supplicant] cumilative patch from commit 3a5d1a7e6
Bug: 329004037
Test: Connect to open, WPA2, WPA3 and OWE
Test: Establish P2P connection
Test: Basic SoftAp tests
Test: Ran above tests on Pixel6
Test: Regression test (b/329003970)
BYPASS_INCLUSIVE_LANGUAGE_REASON=Merged from open source
3a5d1a7e6 NAN: USD in hostapd
e3f9ab3c3 NAN: USD in wpa_supplicant
9eb0bc1f0 NAN: Unsynchronized service discovery (USD)
f2ea8791c NAN: Protocol definitions
4f557c594 Add os_reltime helpers to work with milliseconds
0b5d370c0 DPP: Fix DPP Action frame check for EVENT_RX_MGMT events
8fa52a797 FT: Allow wpa_supplicant to be configured to prepend PMKR1Name
9929426b9 FT: Allow PMKIDs from AssocReq to be in EAPOL-Key msg 2/4
560389997 AP MLD: Handle EAPOL only on the association link
7ba039ba1 AP MLD: Do not allow disabling first interface affiliated with an AP MLD
9a47ede87 AP MLD: Add support for hostapd_cli to disable/enable AP MLD
0102c5c60 hostapd: Do not use prefix matching for ENABLE/RELOAD/DISABLE
03e89de47 AP MLD: Process link info when handling new STA event with driver SME
d3d59967a Handle both HT40+ and HT40- allowed consistently in channel check
e650fa4d7 ACS: Handle ACS channel selected event in specified link
0e91a86ec ACS: Add link id if operating as an AP MLD
f972420e8 AP MLD: Fix AID allocation for legacy STA
fe36750b3 Add QCA vendor command to disassociate with peer
9fe2970ff OpenSSL: Use library functions for HPKE when possible
14c5f401f Remove forgotted STAKey related functionality in EAPOL-Key Request
3f60fcdd8 FILS: Fix EAPOL-Key request generation
b27086e6e Discard EAPOL-Key request without Secure=1
096794088 Discard EAPOL-Key Request frames during 4-way handshake
8037c1ad6 Move Key Replay Counter checks for EAPOL-Key frames to helper functions
2c6147404 Check Key Descriptor Version value earlier in the process
bd1e07899 Reject undefined Key Descriptor Version values explicitly
fff69bba1 Use more generic checks for Key Descriptor Version 2 and 3
74a25a660 Remove always true check on EAPOL-Key message in authenticator
9e9afd956 Extend frequency configuration to handle 6 GHz channel 2
8677844db Add a QCA vendor attribute to determine QCA device
576f46250 P2P: Accept P2P SD response without TX status
16a22ef34 nl80211: Increase the hard scan timeout for initial attempt
f20ca22dc DFS: Print the random channel list entry selection in debug print
d88fe8fe5 DFS: Fix a typo in a debug message
e3fb9e6f2 Send actual BTM capability when the driver takes care of BSS selection
6c334d9f0 nl80211: Set allowed frequency list per link for AP MLD
42cd2376f Enhance QCA vendor interface with new SAR version numbers
5ae8838a0 Make test code easier for static analyzers
c03377cf2 SAE: Fix resource leak on reading a separate password file
348c047af ACS: More consistent checking of the best channel pointer
5d54bf6fb Fix error path on Key Data field decryption
a4d599a53 FT: Fix architecture for RxKH loading from a file
0b95d1346 OpenSSL: Fix a memory leak on an error path
456bfec47 Avoid uninitialized seq number in debug print for testing functionality
c17900278 tests: Fix a memory leak in a module test
7184e63ce dbus: Avoid memory leak on error when signaling PropertiesChanged
4037c0ac1 nl80211: Fix wiphy event handling when the driver is deinitialized
1c90c8d24 DPP: Avoid a potential use-after-free on an error path in AP
32940c7a4 DPP: Fix use-after-free in connection status reporting when using TCP
9456adeeb DPP3: Fix potential use-after-free on push button bootstrap info
e3d6fce84 EAP-SIM/AKA peer: Fix use-after-free for privacy identity
fd71cae6c nl80211: Fix memory leak on libnl nl_cb
2814dbd6d OpenSSL: Fix a memory leak in crypto_ec_key_parse_priv()
aa1aa289c AP MLD: Optimize struct mld_link_info size
93eab9f0f Mark hostapd_gen_probe_resp() static
512b92524 AP MLD: Reduce struct mld_link_info size
b91572b30 AP MLD: Fix RADIUS deinit
fa79e46c7 AP MLD: Use a helper function to set whether a STA is a non-AP MLD
6bda0aca8 AP MLD: Use a helper function to check if a STA is a non-AP MLD
ee9375fb3 tests: Association comeback mechanism in wpa_supplicant
33179cd29 SME: Handle PMF association comeback when not handled in driver
0ef4b1e1d D-Bus: Add a signal for HS2.0 terms and conditions
4e3f6b847 wlantest: Add test vectors for S1G BIP
542ccf00b FT: Add control interface command to show configured RxKHs
392114a17 FT: Add dynamic reload of RxKH definitions from file
e94a7d794 FT: Move RxKH configuration clearing into a helper function
c69ce778f Fix building against OpenSSL 3
5589d62c5 nl80211: Avoid NL80211_WPA_VERSION_3 on older kernel versions
5ff6a2749 Remove the MLD specific exception for distinguishing EAPOL-Key msg 2 and 4
2314a3569 Testing functionality for EAPOL-Key Key Data field encryption
4abc37e67 Support Key Data field decryption for EAPOL-Key msg 2/4 and 4/4
f591732af Supplicant side testing functionality for EAPOL-Key Key Data field
f7a903654 Extend mechanism to distinguish EAPOL-Key msg 2/4 from 4/4
3547ed403 Authenticator side testing functionality for EAPOL-Key Key Data field
38719f113 Verify center frequency seg0/seg1 mapping result before use
acea0654f Initialize the variables before using it in channel update
af6e21faa P2P: Fix a logical error of workaround of extended listen failure
abc239a0b Get rid of multiple MIN macros
5290523db Apply a symmetrical bias against moving away from higher bands
05474b34b Decrease cross-threshold roam difficulty with bgscan_simple
73f06af14 wpa_supplicant: Do not invalidate PMKSA cache for bssid_* updates
05c167eb0 MLD: Fail connection if ML Authentication frame could not be parsed
a80dcf0e2 MLD: Read the correct BSSID from the RNR
906dade4f RRM: Handle scan TSF BSSID matching in context of MLD
12cdeb501 nl80211: Print driver name in debug output
197b440c4 nl80211: Print kernel version in debug output
5ae010aae nl80211: Avoid sending unsupported attributes
7fec9e7bc nl80211: Retrieve maxattr via genl for nl80211
f13683720 nl80211: Pass wiphy events to all affected interfaces
f9b3ecb0a DPP: Work arouind missing Auth Confirm ACK for testing
655794898 RRM: Fix the parsing of the Extended Request subelement in beacon req
b9983b35d MSCS: Process unsolciited MSCS Response frames
b427683bf MSCS: Extend MSCS response handling
db036b534 MSCS: Use a define for the MSCS Descriptor element fixed field length
2d83d224f Use ether_addr_equal() to compare whether two MAC addresses are equal
58027cfec WPS: Fix authorized MAC removal
95123ab3b Introduce ether_addr_equal()
76616a46b RSN: Fix (B)IGTK MLO KDE length print
f048e6626 wpa_supplicant: Don't assign pointer to bool
e0a2b3222 Fix compiler warnings on supplicant build with PASN but no FILS
8e8964cdb AP: Fix compilation warning in hapd_pasn_update_params()
a2fd63964 build: bgscan_simple depends on WNM
628f28610 trace: Fix compilation issue due to using an undefined symbol
cbcd056ec AP: Fix a typo in function name
594f85e30 mesh: Set the mld_link_id to -1 when adding a station
f40a58833 nl80211: Fix AP MLD MAC address on auth retry
38711a011 AP MLD: Remove link stations on a new station authentication
c6f519ff1 AP: Support deauthenticate/disassociate with MLD
9c937c889 AP: Move hostapd_ml_get_assoc_sta() to shared
ea401c168 AP MLD: Fix station lookup in hostapd_ml_get_assoc_sta()
e9f75a352 AP: Unify code handling deauthentication/disassociation
a1d7a9e3b build: Properly grab the libpcsclite cflags
9569315de Disable _FORTIFY_SOURCE when building with -O0
2112f0572 AP MLD: Correctly set the BSS parameters change count in RNR
0120d052d nl80211: Add NL80211_ATTR_MLO_LINK_ID for NL80211_CMD_REMAIN_ON_CHANNEL
bef417152 GAS: Accept GAS response using AP MLD MAC address
29814ee96 Extend pmf_in_use() to be aware of affiliated links on non-AP MLD
6ea81f323 nl80211: More detailed debug print for Management frame TX
9ccfc0d51 AP MLD: MLD address conversion for hostapd_drv_send_action_addr3_ap()
febb51bf8 AP MLD: Fix Association Response frame ACK handling
07f44a7c4 AP MLD: Prefer STA entry that has sta->wpa_sm initialized
0aeeaaaf1 Add QCA vendor command for flow policy configuration
064c233d1 AP: Fix a regression in indoor 6 GHz AP determination
196d6c83b Limit throughput estimation for HE 80/160 MHz based on VHT info
12c0f8ae3 Limit throughput estimation for HE 40 MHz based on HT info
98f3bd26d ACS: Extend the 320 MHz support
e6f2494c3 hostapd: Add eht_bw320_offset configuration option
733de8568 ACS: Fix not selecting the best channel in the segment
4881accbb ACS: Add HT40- support in the 2.4 GHz band
47e89935c dbus: Use PHY parameters from dbus or config for the GroupAdd command
fae12c4b1 Fix P2P_GROUP_ADD handling of the persistent group parameters
0143cf42c Move parse_freq() to be a common helper function
e3570f5e1 dbus: Use current_bss to get correct group BSSID and frequency on client
b91113e05 Support all PSK AKMs in case of AP mode PSK offload
4efb0247a Update definitions to point to the current IEEE 802.11 standard
121ccadeb AP: A helper function for determining whether the AP is an SP AP
24baffc8b AP: Share a common helper function for determining length of TPE elements
150ee0c06 AP: Add an additional TPE element when needed
3cbb3ac3f AP: Add TPE element for Indoor standard power AP
bcad7fec6 AP: Publish the correct PSD value in RNR TBTT information field
7065e5242 AP: Add configuration options for 6 GHz TPE Tx power
ada9083ac AP: Update the HE regulatory information AP types for the 6 GHz band
2d4f90521 RRM: Add support for including extended ID elements in beacon report
c88c08f0c SME: Remove comment in missing ML links handling
41e65efa3 ctrl_iface: Fix newline in print_ml()
a3a34c0eb HS 2.0: Remove useless debug print in non-Hotspot 2.0 cases
615835626 AP: Use the MLD MAC address for SAE authentication failures and testing
4a973718d Split hostapd_eid_rnr_iface() into two functions
0b55b8da3 AP: Add testing option to indicate an AP is disabled
2249b9f77 nl80211: Include disabled links indication in association command
5927455b8 MLD: Add support for disabled APs
981e8c1e4 nl80211: Add link ID to the queue parameters configuration print
409ebaaa1 AP: Support overriding EHT operation puncturing mask
26ad0be4f AP: Allow hex format for puncturing bitmap
799115a8e AP: Fix EHT MCS size validation for received element
14d7b9e37 ctrl_iface: Don't return -1 when dumping BSS information
12a957434 nl80211: Fix AP deinit path (link removal) in error cases
6c3438eef nl80211: Fix AP deinit path in error cases
6b7bb1001 Add QCA vendor attribute for EHT SCS traffic description support
f8657ea03 Add QCA vendor command for reporting firmware page fault informatin
ee00bbd29 Support VLAN offload with SAE password based selection
e748e50c6 SAE passwords from a separate file
40b255882 PASN: Select the latest available BSS entry for a BSSID
09d57e5f8 MBSSID: Element ID values in increasing order in Non-Inheritance element
88984bbb9 MLD STA: Update SAE PWE derivation in hunting-and-pecking loop case
c8dd70cfb Fix Multiple BSSID element length calculation
618df655a Use sta->vlan_id when needed for VLAN offload
afd306cf7 nl80211: Remove send_and_recv_msgs()
7c2f67cea nl80211: Add send_and_recv_resp() helper
ab506d777 nl80211: Add send_and_recv_cmd() helper
c73f9cde8 nl80211: Remove send_and_recv_msgs_connect_handle()
d2e6a395c nl80211: Do not set socket owner for NL80211_CMD_LEAVE_IBSS
35e58b741 nl80211: Remove send_and_recv_msgs_owner()
9823f4305 nl80211: Move control port attribute adding into more accurate location
0d619df8b nl80211: Use bss->nl_connect unconditionally
da0d51fee nl80211: Use socket cb instead of global->nl_cb in send_and_recv()
84fdc8cd8 nl80211: Accept NL80211_CMD_FRAME events in global context
828311ef3 AP MLD: More careful checking of Multi-Link element length fields
38a5ed5fd AP MLD: Skip unknown Multi-Link element subelements
62141825f tests: PASN authentication using driver event as trigger
2ab56694f Split ap_sta_set_authorized() into two steps
da8a38fec Remove unused assignment from Country element generation
33b5fc076 PKCS#1: Do not use pointer value after freeing
231d86ef9 OpenSSL: Check EVP_MAC_update() return value more consistently
a92694b00 OpenSSL: Check EVP_CIPHER_CTX_set_padding() return value more consistently
88bc6711a TDLS: Avoid unnecessary copying of the Link Identifier element
656cf50d8 More consistent sta pointer checks in handle_assoc()
29f38ebcf ACS: Check whether iface->current_mode is NULL before use
7fa840309 WNM: Skip current connection BSS when disassociate imminent is set
7a873c81e AP MLD: Do not schedule disconnection on BSS TM Request link removal
ec70d14f7 AP: MLD: Extend BSS transition management request for link removal
09988c435 WNM: Accept link removal BSS TM Request
80810929a WNM: Handle BTM request with Link Removal Imminent field set to 1
31e025c03 AP: When sending Action frames, use the AP MLD MAC address if needed
54e6c56d2 AP: Use AP MLD MAC address for terminating MLO association
7ee12fca4 WNM: Allow frames from AP MLD
0546f0e1b WNM: Use correct address when configured as AP MLD
1efdba5fd Handle PMKSA flush in the driver for SAE/OWE offload cases
6a793c5f2 bgscan: Fix bgscan_init() stub declaration
0af4c1478 hostapd: Check the bridge if ioctl SIOCBRADDIF fails
1b9006a8c Use the link BSSID to resolve current BSS for whether to roam check
c4dac077b wpa_supplicant: Remove redundant CONFIG_WNM in wnm_sta.c
d43a49a66 Remove a spurious tab in hostapd_eid_rnr()
a28ea8e51 AP: Fix setting MLD Parameters subfield in RNR element
07525cd5e Fix HE enabling for IBSS and mesh
40410c04f AP MLD: Channel switch for specific link
1b448c865 hostapd configuration file update using control interface
7dd7ae965 DFS: Change vht_capab according to user requested bandwidth
8920e0390 P2P: Force clearing of p2p-send-action radio work on P2P_STOP_FIND
8e294c3a2 P2P: Recover from successfully requested, but not started, listen
ceb7f65dc bgscan: Allow simple bgscan to do BTM queries
a83d3132e WNM: Define BSS transition management reason values
7ee7b046a nl80211: Use attribute NL80211_ATTR_BSSID to scan for specific BSSID
5bbc9462a tests: Test driver association ML link rejection flow
32434aa68 AP: Always include WPA_STA_AUTHORIZED in station flags mask
174a8fc41 AP MLD: Do not modify flags for link stations
0b5d11165 Fix MBO build with GAS dependency
58116877b EHT: Fix updating center freq segment 0 index for HE and VHT
40b04b703 Document Tunnel-Password encoding for passphrase/PSK
37d122c2f KaY: Make debug output consistent
f0cb82351 EHT: Add configuration for the EHT default PE duration
5a47bbc36 Add QCA vendor command to query transmit power information
9c2d6c423 Add QCA vendor attributes for link id for HT-scan/ACS command
7b6705579 Add QCA vendor commands for SDWF
20c82a270 Add an option to remove WMM-AC
32b5f7f50 Add an option to remove Robust AV (SCS, MSCS, QoS Management)
6ed8eba00 Add an option to remove RRM and supported operating class indication
4b80ad119 Populate the new beacon hint event to wpa_msg()
d8cae2d02 nl80211: Do not allow off channel when frequency is not specified
bbb0d3a40 mesh: Add for_each_sta implementation in wpa_auth_callbacks
4f69b4a31 mesh: Fix PMKSA cache entry addition with external PMKSA management
0302c3ad2 trace: binutils replaces bfd_hostptr_t with uintptr_t
033634019 Ignore missing set_secure_ranging_ctx callback for testing purposes
d54d0d898 AP MLD: Handle DFS in correct link
f1fee0d1f AP MLD: Handle channel switch event in correct link
fb6598864 nl80211: Add link ID when setting BSS attributes for AP MLD
5487d8d9e nl80211: Specify link ID when sending Management frames
859cbc396 nl80211: Remove links when stopping AP MLD in hostapd
780e72cc1 AP MLD: Do not include empty MLO KDEs
ecd9ea0c8 AP MLD: Do not access WPA authenticator object if not valid
21e8fcc80 nl80211: Add support for handling MLO removed links
cd79d834b trace: Add TEST_FAIL_TAG macro to allow more narrow matching
781e87c41 trace: Allow multiple failures in one test
e62d351ce trace: Document function pattern prefixes
5545d995b trace: Share common implementation for TEST_FAIL and TEST_ALLOC_FAIL
7d901dc7e trace: Use an array of skipped function names
e9bdecce4 Share TEST_FAIL/TEST_ALLOC_FAIL/GET_FAIL/GET_ALLOC_FAIL handler
2c89ca922 wpa_supplicant: Use wpa_msg() in bssid_ignore.c
6fc2d1357 AP: Get rid of wpa_auth_pmksa_add3()
e99670420 AP: Handle re-association from a non-AP MLD
a18f8ee0f AP MLD: Use MLD MAC address for SA query and response when needed
b9c81e200 MLD: Use MLD MAC address for deauthentication
f60287e6c AP: Avoid setting same MLD and link address
e5917e2a5 scan: MLD: Include SSID in ML probe request
b29ac99d5 scan: Include AP MLD ID in ML probe request if needed
d64ec9414 AP MLD: Don't include AP MLD ID in Beacon frames
3bde81175 ML: Add basic handling of ML probe requests
ecb22ba12 AP: MLO: Add helper to iterate all links of an AP MLD
db2bc0364 AP: Add parsing of ML probe requests
82453a348 AP: Split Probe Response frame IE generation into a separate function
6b5e00a80 AP: Use a struct for Probe Response generation in/out params
3cd377eb5 MLD: Ignore failed links from association attempt
4a1cd7f54 nl80211: Report link specific association failures from the kernel
6ba9b9440 nl80211: Add support to parse out link from error reply
e6eebd0d5 MLD: Do not consider ignored BSSs for links when parsing RNR info
92d8d1d76 MLD: Add a TEST_FAIL to fail one link in an MLD association.
846e65c7c MLD: Return status code for links when rejecting association
5af986c75 MLD: Also mark links as failed after association failure
c55a272f6 EHT: Define status codes from IEEE P802.11be/D4.0
d95838b79 AP: Add support for testing ML link removal
73a6f5c37 AP MLD: Make BSS parameter change variable
9160540ec wpa_supplicant: Fix ml_ie_len type in wpa_bss_parse_basic_ml_element()
cb90aa3ac wpa_supplicant: Remove duplicate logic in wpas_ml_element()
74b688430 wpa_supplicant: Add config parameters for MLD testing
6220fb52e dbus: Increase XML buffer size for an interface introspection data
b3aafd5a8 common: Simplify and avoid confusing defragmentation API
0f7d15dd3 ieee802_11_defs: Fix EHT_ML_PRES_BM_PROBE_REQ_AP_MLD_ID
9ffebf758 SME: Drop old disassoc_while_authenticating workaround
645ec9b58 nl80211: Do a roundtrip to reset event supressions
c8b4ad70b tests: Set wpa_s->global for module tests
69ea73bfe nl80211: Update port authorized indication for MLO address
6f014c0d0 ACS: Add 320 MHz support for EHT
f0aea885f EHT: Fix HE Channel Center Freq Seg0/Seg1 for 6 GHz 320 MHz cases
07c03a655 EHT: Fix conditions for including EHT Operation Information field
01d95b75b SAE: prime_len means length in bytes not bits
a02585cef MBSSID: Use BIGTK from the transmitted BSS for beacon protection
a768556f7 Prefer SAE over PSK in WPA3-Personal transition mode cases
43184bf06 OWE: Optimize transition mode AP scan with owe_only=1 STA configuration
4ff287e92 P2P: Do not skip updating BSS table when frequency is changed
73b49016f Fix references to correct driver capability flag for PSK/OWE offloads
415839406 OpenSSL: Allow openssl_ciphers override with Suite B config on server
e9b13938a Add EHT mode support for ratemask configuration vendor command
239469eb1 Define new command in qca_tsf_cmd to get AP channel switch TSF time
Change-Id: I1540a39cd343b6fb9915fcc78e3f6bd2cb8eb0d9
Signed-off-by: Sunil Ravi <sunilravi@google.com>
diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index 35ada83..35ae4fb 100644
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
@@ -253,6 +253,8 @@
OBJS += src/common/ocv.c
endif
+NEED_AES_UNWRAP=y
+
ifdef CONFIG_IEEE80211R
L_CFLAGS += -DCONFIG_IEEE80211R -DCONFIG_IEEE80211R_AP
OBJS += src/ap/wpa_auth_ft.c
@@ -599,6 +601,12 @@
endif
endif
+ifdef CONFIG_NAN_USD
+OBJS += src/common/nan_de.c
+OBJS += src/ap/nan_usd_ap.c
+L_CFLAGS += -DCONFIG_NAN_USD
+endif
+
ifdef CONFIG_PASN
L_CFLAGS += -DCONFIG_PASN
L_CFLAGS += -DCONFIG_PTKSA_CACHE
diff --git a/hostapd/Makefile b/hostapd/Makefile
index a2adc85..274a82d 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -167,7 +167,7 @@
ifdef CONFIG_CODE_COVERAGE
-CFLAGS += -O0 -fprofile-arcs -ftest-coverage
+CFLAGS += -O0 -fprofile-arcs -ftest-coverage -U_FORTIFY_SOURCE
LIBS += -lgcov
LIBS_c += -lgcov
LIBS_h += -lgcov
@@ -276,6 +276,8 @@
OBJS += ../src/common/ocv.o
endif
+NEED_AES_UNWRAP=y
+
ifdef CONFIG_IEEE80211R
CFLAGS += -DCONFIG_IEEE80211R -DCONFIG_IEEE80211R_AP
OBJS += ../src/ap/wpa_auth_ft.o
@@ -609,6 +611,12 @@
endif
endif
+ifdef CONFIG_NAN_USD
+OBJS += ../src/common/nan_de.o
+OBJS += ../src/ap/nan_usd_ap.o
+CFLAGS += -DCONFIG_NAN_USD
+endif
+
ifdef CONFIG_PASN
CFLAGS += -DCONFIG_PASN
CFLAGS += -DCONFIG_PTKSA_CACHE
diff --git a/hostapd/android.config b/hostapd/android.config
index 1c4dab2..9d20c8d 100644
--- a/hostapd/android.config
+++ b/hostapd/android.config
@@ -264,3 +264,6 @@
# certain percentage of probe requests or auth/(re)assoc frames.
# Each test case requires a flag set in hostapd.conf or through hostapd_cli
#CONFIG_TESTING_OPTIONS=y
+
+# Wi-Fi Aware unsynchronized service discovery (NAN USD)
+#CONFIG_NAN_USD=y
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index bfb152e..79cc1c2 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -1,6 +1,6 @@
/*
* hostapd / Configuration file parser
- * Copyright (c) 2003-2018, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2024, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -1020,6 +1020,78 @@
return 0;
}
+
+
+int hostapd_config_read_rxkh_file(struct hostapd_bss_config *conf,
+ const char *fname)
+{
+ FILE *f;
+ char buf[256], *pos;
+ int line = 0, errors = 0;
+
+ if (!fname)
+ return 0;
+
+ f = fopen(fname, "r");
+ if (!f) {
+ wpa_printf(MSG_ERROR, "rxkh file '%s' not found.", fname);
+ return -1;
+ }
+
+ while (fgets(buf, sizeof(buf), f)) {
+ line++;
+
+ if (buf[0] == '#')
+ continue;
+ pos = buf;
+ while (*pos != '\0') {
+ if (*pos == '\n') {
+ *pos = '\0';
+ break;
+ }
+ pos++;
+ }
+ if (buf[0] == '\0')
+ continue;
+
+ pos = os_strchr(buf, '=');
+ if (!pos) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid line '%s'",
+ line, buf);
+ errors++;
+ continue;
+ }
+ *pos = '\0';
+ pos++;
+
+ if (os_strcmp(buf, "r0kh") == 0) {
+ if (add_r0kh(conf, pos) < 0) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid r0kh '%s'",
+ line, pos);
+ errors++;
+ }
+ } else if (os_strcmp(buf, "r1kh") == 0) {
+ if (add_r1kh(conf, pos) < 0) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid r1kh '%s'",
+ line, pos);
+ errors++;
+ }
+ }
+ }
+
+ fclose(f);
+
+ if (errors) {
+ wpa_printf(MSG_ERROR,
+ "%d errors in configuring RxKHs from '%s'",
+ errors, fname);
+ return -1;
+ }
+ return 0;
+}
+
#endif /* CONFIG_IEEE80211R_AP */
@@ -2159,6 +2231,7 @@
#ifdef CONFIG_SAE
+
static int parse_sae_password(struct hostapd_bss_config *bss, const char *val)
{
struct sae_password_entry *pw;
@@ -2262,6 +2335,40 @@
os_free(pw);
return -1;
}
+
+
+static int parse_sae_password_file(struct hostapd_bss_config *bss,
+ const char *fname)
+{
+ FILE *f;
+ char buf[500], *pos;
+ unsigned int line = 0;
+
+ f = fopen(fname, "r");
+ if (!f) {
+ wpa_printf(MSG_ERROR, "sae_password_file '%s' not found.",
+ fname);
+ return -1;
+ }
+
+ while (fgets(buf, sizeof(buf), f)) {
+ pos = os_strchr(buf, '\n');
+ if (pos)
+ *pos = '\0';
+ line++;
+ if (parse_sae_password(bss, buf)) {
+ wpa_printf(MSG_ERROR,
+ "Invalid SAE password at line %d in '%s'",
+ line, fname);
+ fclose(f);
+ return -1;
+ }
+ }
+
+ fclose(f);
+ return 0;
+}
+
#endif /* CONFIG_SAE */
@@ -2311,6 +2418,24 @@
}
+#ifdef CONFIG_IEEE80211BE
+static int get_u16(const char *pos, int line, u16 *ret_val)
+{
+ char *end;
+ long int val = strtol(pos, &end, 0);
+
+ if (*end || val < 0 || val > 0xffff) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid value '%s'",
+ line, pos);
+ return -1;
+ }
+
+ *ret_val = val;
+ return 0;
+}
+#endif /* CONFIG_IEEE80211BE */
+
+
static int hostapd_config_fill(struct hostapd_config *conf,
struct hostapd_bss_config *bss,
const char *buf, char *pos, int line)
@@ -3047,6 +3172,21 @@
line, pos);
return 1;
}
+ } else if (os_strcmp(buf, "rxkh_file") == 0) {
+ os_free(bss->rxkh_file);
+ bss->rxkh_file = os_strdup(pos);
+ if (!bss->rxkh_file) {
+ wpa_printf(MSG_ERROR, "Line %d: allocation failed",
+ line);
+ return 1;
+ }
+ if (hostapd_config_read_rxkh_file(bss, pos)) {
+ wpa_printf(MSG_DEBUG,
+ "Line %d: failed to read rxkh_file '%s'",
+ line, pos);
+ /* Allow the file to be created later and read into
+ * already operating AP context. */
+ }
} else if (os_strcmp(buf, "pmk_r1_push") == 0) {
bss->pmk_r1_push = atoi(pos);
} else if (os_strcmp(buf, "ft_over_ds") == 0) {
@@ -3624,6 +3764,18 @@
}
} else if (os_strcmp(buf, "he_6ghz_reg_pwr_type") == 0) {
conf->he_6ghz_reg_pwr_type = atoi(pos);
+ if (conf->he_6ghz_reg_pwr_type > HE_REG_INFO_6GHZ_AP_TYPE_MAX) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid he_6ghz_reg_pwr_type value",
+ line);
+ return 1;
+ }
+ } else if (os_strcmp(buf, "reg_def_cli_eirp_psd") == 0) {
+ conf->reg_def_cli_eirp_psd = atoi(pos);
+ } else if (os_strcmp(buf, "reg_sub_cli_eirp_psd") == 0) {
+ conf->reg_sub_cli_eirp_psd = atoi(pos);
+ } else if (os_strcmp(buf, "reg_def_cli_eirp") == 0) {
+ conf->reg_def_cli_eirp = atoi(pos);
} else if (os_strcmp(buf, "he_oper_chwidth") == 0) {
conf->he_oper_chwidth = atoi(pos);
} else if (os_strcmp(buf, "he_oper_centr_freq_seg0_idx") == 0) {
@@ -4296,6 +4448,16 @@
bss->eap_skip_prot_success = atoi(pos);
} else if (os_strcmp(buf, "delay_eapol_tx") == 0) {
conf->delay_eapol_tx = atoi(pos);
+ } else if (os_strcmp(buf, "eapol_m1_elements") == 0) {
+ if (parse_wpabuf_hex(line, buf, &bss->eapol_m1_elements, pos))
+ return 1;
+ } else if (os_strcmp(buf, "eapol_m3_elements") == 0) {
+ if (parse_wpabuf_hex(line, buf, &bss->eapol_m3_elements, pos))
+ return 1;
+ } else if (os_strcmp(buf, "eapol_m3_no_encrypt") == 0) {
+ bss->eapol_m3_no_encrypt = atoi(pos);
+ } else if (os_strcmp(buf, "test_assoc_comeback_type") == 0) {
+ bss->test_assoc_comeback_type = atoi(pos);
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_SAE
} else if (os_strcmp(buf, "sae_password") == 0) {
@@ -4304,6 +4466,13 @@
line);
return 1;
}
+ } else if (os_strcmp(buf, "sae_password_file") == 0) {
+ if (parse_sae_password_file(bss, pos) < 0) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: Invalid sae_password in file",
+ line);
+ return 1;
+ }
#endif /* CONFIG_SAE */
} else if (os_strcmp(buf, "vendor_elements") == 0) {
if (parse_wpabuf_hex(line, buf, &bss->vendor_elements, pos))
@@ -4770,8 +4939,11 @@
conf->eht_phy_capab.su_beamformee = atoi(pos);
} else if (os_strcmp(buf, "eht_mu_beamformer") == 0) {
conf->eht_phy_capab.mu_beamformer = atoi(pos);
+ } else if (os_strcmp(buf, "eht_default_pe_duration") == 0) {
+ conf->eht_default_pe_duration = atoi(pos);
} else if (os_strcmp(buf, "punct_bitmap") == 0) {
- conf->punct_bitmap = atoi(pos);
+ if (get_u16(pos, line, &conf->punct_bitmap))
+ return 1;
} else if (os_strcmp(buf, "punct_acs_threshold") == 0) {
int val = atoi(pos);
@@ -4792,6 +4964,15 @@
line);
return 1;
}
+ } else if (os_strcmp(buf, "eht_bw320_offset") == 0) {
+ conf->eht_bw320_offset = atoi(pos);
+#ifdef CONFIG_TESTING_OPTIONS
+ } else if (os_strcmp(buf, "eht_oper_puncturing_override") == 0) {
+ if (get_u16(pos, line, &bss->eht_oper_puncturing_override))
+ return 1;
+ } else if (os_strcmp(buf, "mld_indicate_disabled") == 0) {
+ bss->mld_indicate_disabled = atoi(pos);
+#endif /* CONFIG_TESTING_OPTIONS */
#endif /* CONFIG_IEEE80211BE */
} else {
wpa_printf(MSG_ERROR,
diff --git a/hostapd/config_file.h b/hostapd/config_file.h
index c98bdb6..9ef6ac8 100644
--- a/hostapd/config_file.h
+++ b/hostapd/config_file.h
@@ -10,6 +10,8 @@
#define CONFIG_FILE_H
struct hostapd_config * hostapd_config_read(const char *fname);
+int hostapd_config_read_rxkh_file(struct hostapd_bss_config *conf,
+ const char *fname);
int hostapd_set_iface(struct hostapd_config *conf,
struct hostapd_bss_config *bss, const char *field,
char *value);
diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 57c9997..a6b16c2 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -39,6 +39,7 @@
#include "common/wpa_ctrl.h"
#include "common/ptksa_cache.h"
#include "common/hw_features_common.h"
+#include "common/nan_de.h"
#include "crypto/tls.h"
#include "drivers/driver.h"
#include "eapol_auth/eapol_auth_sm.h"
@@ -63,6 +64,7 @@
#include "ap/rrm.h"
#include "ap/dpp_hostapd.h"
#include "ap/dfs.h"
+#include "ap/nan_usd_ap.h"
#include "wps/wps_defs.h"
#include "wps/wps.h"
#include "fst/fst_ctrl_iface.h"
@@ -1435,7 +1437,7 @@
pmk_match = PMK_LEN == pmk_len &&
os_memcmp(psk->psk, pmk, pmk_len) == 0;
sta_match = psk->group == 0 &&
- os_memcmp(sta->addr, psk->addr, ETH_ALEN) == 0;
+ ether_addr_equal(sta->addr, psk->addr);
bss_match = psk->group == 1;
if (pmk_match && (sta_match || bss_match))
@@ -1474,6 +1476,79 @@
}
+#ifdef CONFIG_IEEE80211R_AP
+
+static int hostapd_ctrl_iface_get_rxkhs(struct hostapd_data *hapd,
+ char *buf, size_t buflen)
+{
+ int ret, start_pos;
+ char *pos, *end;
+ struct ft_remote_r0kh *r0kh;
+ struct ft_remote_r1kh *r1kh;
+ struct hostapd_bss_config *conf = hapd->conf;
+
+ pos = buf;
+ end = buf + buflen;
+
+ for (r0kh = conf->r0kh_list; r0kh; r0kh=r0kh->next) {
+ start_pos = pos - buf;
+ ret = os_snprintf(pos, end - pos, "r0kh=" MACSTR " ",
+ MAC2STR(r0kh->addr));
+ if (os_snprintf_error(end - pos, ret))
+ return start_pos;
+ pos += ret;
+ if (r0kh->id_len + 1 >= (size_t) (end - pos))
+ return start_pos;
+ os_memcpy(pos, r0kh->id, r0kh->id_len);
+ pos += r0kh->id_len;
+ *pos++ = ' ';
+ pos += wpa_snprintf_hex(pos, end - pos, r0kh->key,
+ sizeof(r0kh->key));
+ ret = os_snprintf(pos, end - pos, "\n");
+ if (os_snprintf_error(end - pos, ret))
+ return start_pos;
+ pos += ret;
+ }
+
+ for (r1kh = conf->r1kh_list; r1kh; r1kh=r1kh->next) {
+ start_pos = pos - buf;
+ ret = os_snprintf(pos, end - pos, "r1kh=" MACSTR " " MACSTR " ",
+ MAC2STR(r1kh->addr), MAC2STR(r1kh->id));
+ if (os_snprintf_error(end - pos, ret))
+ return start_pos;
+ pos += ret;
+ pos += wpa_snprintf_hex(pos, end - pos, r1kh->key,
+ sizeof(r1kh->key));
+ ret = os_snprintf(pos, end - pos, "\n");
+ if (os_snprintf_error(end - pos, ret))
+ return start_pos;
+ pos += ret;
+ }
+
+ return pos - buf;
+}
+
+
+static int hostapd_ctrl_iface_reload_rxkhs(struct hostapd_data *hapd)
+{
+ struct hostapd_bss_config *conf = hapd->conf;
+ int err;
+
+ hostapd_config_clear_rxkhs(conf);
+
+ err = hostapd_config_read_rxkh_file(conf, conf->rxkh_file);
+ if (err < 0) {
+ wpa_printf(MSG_ERROR, "Reloading RxKHs failed: %d",
+ err);
+ return -1;
+ }
+
+ return 0;
+}
+
+#endif /* CONFIG_IEEE80211R_AP */
+
+
#ifdef CONFIG_TESTING_OPTIONS
static int hostapd_ctrl_iface_radar(struct hostapd_data *hapd, char *cmd)
@@ -2010,74 +2085,6 @@
}
-static int hostapd_ctrl_test_alloc_fail(struct hostapd_data *hapd, char *cmd)
-{
-#ifdef WPA_TRACE_BFD
- char *pos;
-
- wpa_trace_fail_after = atoi(cmd);
- pos = os_strchr(cmd, ':');
- if (pos) {
- pos++;
- os_strlcpy(wpa_trace_fail_func, pos,
- sizeof(wpa_trace_fail_func));
- } else {
- wpa_trace_fail_after = 0;
- }
-
- return 0;
-#else /* WPA_TRACE_BFD */
- return -1;
-#endif /* WPA_TRACE_BFD */
-}
-
-
-static int hostapd_ctrl_get_alloc_fail(struct hostapd_data *hapd,
- char *buf, size_t buflen)
-{
-#ifdef WPA_TRACE_BFD
- return os_snprintf(buf, buflen, "%u:%s", wpa_trace_fail_after,
- wpa_trace_fail_func);
-#else /* WPA_TRACE_BFD */
- return -1;
-#endif /* WPA_TRACE_BFD */
-}
-
-
-static int hostapd_ctrl_test_fail(struct hostapd_data *hapd, char *cmd)
-{
-#ifdef WPA_TRACE_BFD
- char *pos;
-
- wpa_trace_test_fail_after = atoi(cmd);
- pos = os_strchr(cmd, ':');
- if (pos) {
- pos++;
- os_strlcpy(wpa_trace_test_fail_func, pos,
- sizeof(wpa_trace_test_fail_func));
- } else {
- wpa_trace_test_fail_after = 0;
- }
-
- return 0;
-#else /* WPA_TRACE_BFD */
- return -1;
-#endif /* WPA_TRACE_BFD */
-}
-
-
-static int hostapd_ctrl_get_fail(struct hostapd_data *hapd,
- char *buf, size_t buflen)
-{
-#ifdef WPA_TRACE_BFD
- return os_snprintf(buf, buflen, "%u:%s", wpa_trace_test_fail_after,
- wpa_trace_test_fail_func);
-#else /* WPA_TRACE_BFD */
- return -1;
-#endif /* WPA_TRACE_BFD */
-}
-
-
static int hostapd_ctrl_reset_pn(struct hostapd_data *hapd, const char *cmd)
{
struct sta_info *sta;
@@ -2640,6 +2647,12 @@
if (ret)
return ret;
+ settings.link_id = -1;
+#ifdef CONFIG_IEEE80211BE
+ if (iface->num_bss && iface->bss[0]->conf->mld_ap)
+ settings.link_id = iface->bss[0]->mld_link_id;
+#endif /* CONFIG_IEEE80211BE */
+
ret = hostapd_ctrl_check_freq_params(&settings.freq_params,
settings.punct_bitmap);
if (ret) {
@@ -3449,6 +3462,416 @@
#endif /* ANDROID */
+#ifdef CONFIG_IEEE80211BE
+
+static int hostapd_ctrl_iface_enable_mld(struct hostapd_iface *iface)
+{
+ unsigned int i;
+
+ if (!iface || !iface->bss[0]->conf->mld_ap) {
+ wpa_printf(MSG_ERROR,
+ "Trying to enable AP MLD on an interface that is not affiliated with an AP MLD");
+ return -1;
+ }
+
+ for (i = 0; i < iface->interfaces->count; ++i) {
+ struct hostapd_iface *h_iface = iface->interfaces->iface[i];
+ struct hostapd_data *h_hapd = h_iface->bss[0];
+ struct hostapd_bss_config *h_conf = h_hapd->conf;
+
+ if (!h_conf->mld_ap ||
+ h_conf->mld_id != iface->bss[0]->conf->mld_id)
+ continue;
+
+ if (hostapd_enable_iface(h_iface)) {
+ wpa_printf(MSG_ERROR, "Enabling of AP MLD failed");
+ return -1;
+ }
+ }
+ return 0;
+}
+
+
+static void hostapd_disable_iface_bss(struct hostapd_iface *iface)
+{
+ unsigned int i;
+
+ for (i = 0; i < iface->num_bss; i++)
+ hostapd_bss_deinit_no_free(iface->bss[i]);
+}
+
+
+static int hostapd_ctrl_iface_disable_mld(struct hostapd_iface *iface)
+{
+ unsigned int i;
+ struct hostapd_iface *first_iface = NULL;
+
+ if (!iface || !iface->bss[0]->conf->mld_ap) {
+ wpa_printf(MSG_ERROR,
+ "Trying to disable AP MLD on an interface that is not affiliated with an AP MLD.");
+ return -1;
+ }
+
+ /* First, disable BSSs before stopping beaconing and doing driver
+ * deinit so that the broadcast Deauthentication frames go out. */
+
+ for (i = 0; i < iface->interfaces->count; ++i) {
+ struct hostapd_iface *h_iface = iface->interfaces->iface[i];
+ struct hostapd_data *h_hapd = h_iface->bss[0];
+ struct hostapd_bss_config *h_conf = h_hapd->conf;
+
+ if (!h_conf->mld_ap ||
+ h_conf->mld_id != iface->bss[0]->conf->mld_id)
+ continue;
+
+ if (!h_hapd->mld_first_bss) {
+ first_iface = h_iface;
+ continue;
+ }
+ hostapd_disable_iface_bss(iface);
+ }
+
+ if (first_iface)
+ hostapd_disable_iface_bss(first_iface);
+
+ /* Then, fully disable interfaces */
+
+ for (i = 0; i < iface->interfaces->count; ++i) {
+ struct hostapd_iface *h_iface = iface->interfaces->iface[i];
+ struct hostapd_data *h_hapd = h_iface->bss[0];
+ struct hostapd_bss_config *h_conf = h_hapd->conf;
+
+ if (!h_conf->mld_ap ||
+ h_conf->mld_id != iface->bss[0]->conf->mld_id ||
+ !h_hapd->mld_first_bss)
+ continue;
+
+ if (hostapd_disable_iface(h_iface)) {
+ wpa_printf(MSG_ERROR, "Disabling AP MLD failed");
+ return -1;
+ }
+ }
+
+ if (first_iface && hostapd_disable_iface(first_iface)) {
+ wpa_printf(MSG_ERROR, "Disabling AP MLD failed");
+ return -1;
+ }
+
+ return 0;
+}
+
+
+#ifdef CONFIG_TESTING_OPTIONS
+static int hostapd_ctrl_iface_link_remove(struct hostapd_data *hapd, char *cmd,
+ char *buf, size_t buflen)
+{
+ int ret;
+ u32 count = atoi(cmd);
+
+ if (!count)
+ count = 1;
+
+ ret = hostapd_link_remove(hapd, count);
+ if (ret == 0) {
+ ret = os_snprintf(buf, buflen, "%s\n", "OK");
+ if (os_snprintf_error(buflen, ret))
+ ret = -1;
+ else
+ ret = 0;
+ }
+
+ return ret;
+}
+#endif /* CONFIG_TESTING_OPTIONS */
+#endif /* CONFIG_IEEE80211BE */
+
+
+#ifdef CONFIG_NAN_USD
+
+static int hostapd_ctrl_nan_publish(struct hostapd_data *hapd, char *cmd,
+ char *buf, size_t buflen)
+{
+ char *token, *context = NULL;
+ int publish_id;
+ struct nan_publish_params params;
+ const char *service_name = NULL;
+ struct wpabuf *ssi = NULL;
+ int ret = -1;
+ enum nan_service_protocol_type srv_proto_type = 0;
+
+ os_memset(¶ms, 0, sizeof(params));
+ /* USD shall use both solicited and unsolicited transmissions */
+ params.unsolicited = true;
+ params.solicited = true;
+ /* USD shall require FSD without GAS */
+ params.fsd = true;
+
+ while ((token = str_token(cmd, " ", &context))) {
+ if (os_strncmp(token, "service_name=", 13) == 0) {
+ service_name = token + 13;
+ continue;
+ }
+
+ if (os_strncmp(token, "ttl=", 4) == 0) {
+ params.ttl = atoi(token + 4);
+ continue;
+ }
+
+ if (os_strncmp(token, "srv_proto_type=", 15) == 0) {
+ srv_proto_type = atoi(token + 15);
+ continue;
+ }
+
+ if (os_strncmp(token, "ssi=", 4) == 0) {
+ if (ssi)
+ goto fail;
+ ssi = wpabuf_parse_bin(token + 4);
+ if (!ssi)
+ goto fail;
+ continue;
+ }
+
+ if (os_strcmp(token, "solicited=0") == 0) {
+ params.solicited = false;
+ continue;
+ }
+
+ if (os_strcmp(token, "unsolicited=0") == 0) {
+ params.unsolicited = false;
+ continue;
+ }
+
+ if (os_strcmp(token, "fsd=0") == 0) {
+ params.fsd = false;
+ continue;
+ }
+
+ wpa_printf(MSG_INFO, "CTRL: Invalid NAN_PUBLISH parameter: %s",
+ token);
+ goto fail;
+ }
+
+ publish_id = hostapd_nan_usd_publish(hapd, service_name, srv_proto_type,
+ ssi, ¶ms);
+ if (publish_id > 0)
+ ret = os_snprintf(buf, buflen, "%d", publish_id);
+fail:
+ wpabuf_free(ssi);
+ return ret;
+}
+
+
+static int hostapd_ctrl_nan_cancel_publish(struct hostapd_data *hapd,
+ char *cmd)
+{
+ char *token, *context = NULL;
+ int publish_id = 0;
+
+ while ((token = str_token(cmd, " ", &context))) {
+ if (sscanf(token, "publish_id=%i", &publish_id) == 1)
+ continue;
+ wpa_printf(MSG_INFO,
+ "CTRL: Invalid NAN_CANCEL_PUBLISH parameter: %s",
+ token);
+ return -1;
+ }
+
+ if (publish_id <= 0) {
+ wpa_printf(MSG_INFO,
+ "CTRL: Invalid or missing NAN_CANCEL_PUBLISH publish_id");
+ return -1;
+ }
+
+ hostapd_nan_usd_cancel_publish(hapd, publish_id);
+ return 0;
+}
+
+
+static int hostapd_ctrl_nan_update_publish(struct hostapd_data *hapd,
+ char *cmd)
+{
+ char *token, *context = NULL;
+ int publish_id = 0;
+ struct wpabuf *ssi = NULL;
+ int ret = -1;
+
+ while ((token = str_token(cmd, " ", &context))) {
+ if (sscanf(token, "publish_id=%i", &publish_id) == 1)
+ continue;
+ if (os_strncmp(token, "ssi=", 4) == 0) {
+ if (ssi)
+ goto fail;
+ ssi = wpabuf_parse_bin(token + 4);
+ if (!ssi)
+ goto fail;
+ continue;
+ }
+ wpa_printf(MSG_INFO,
+ "CTRL: Invalid NAN_UPDATE_PUBLISH parameter: %s",
+ token);
+ goto fail;
+ }
+
+ if (publish_id <= 0) {
+ wpa_printf(MSG_INFO,
+ "CTRL: Invalid or missing NAN_UPDATE_PUBLISH publish_id");
+ goto fail;
+ }
+
+ ret = hostapd_nan_usd_update_publish(hapd, publish_id, ssi);
+fail:
+ wpabuf_free(ssi);
+ return ret;
+}
+
+
+static int hostapd_ctrl_nan_subscribe(struct hostapd_data *hapd, char *cmd,
+ char *buf, size_t buflen)
+{
+ char *token, *context = NULL;
+ int subscribe_id;
+ struct nan_subscribe_params params;
+ const char *service_name = NULL;
+ struct wpabuf *ssi = NULL;
+ int ret = -1;
+ enum nan_service_protocol_type srv_proto_type = 0;
+
+ os_memset(¶ms, 0, sizeof(params));
+
+ while ((token = str_token(cmd, " ", &context))) {
+ if (os_strncmp(token, "service_name=", 13) == 0) {
+ service_name = token + 13;
+ continue;
+ }
+
+ if (os_strcmp(token, "active=1") == 0) {
+ params.active = true;
+ continue;
+ }
+
+ if (os_strncmp(token, "ttl=", 4) == 0) {
+ params.ttl = atoi(token + 4);
+ continue;
+ }
+
+ if (os_strncmp(token, "srv_proto_type=", 15) == 0) {
+ srv_proto_type = atoi(token + 15);
+ continue;
+ }
+
+ if (os_strncmp(token, "ssi=", 4) == 0) {
+ if (ssi)
+ goto fail;
+ ssi = wpabuf_parse_bin(token + 4);
+ if (!ssi)
+ goto fail;
+ continue;
+ }
+
+ wpa_printf(MSG_INFO,
+ "CTRL: Invalid NAN_SUBSCRIBE parameter: %s",
+ token);
+ goto fail;
+ }
+
+ subscribe_id = hostapd_nan_usd_subscribe(hapd, service_name,
+ srv_proto_type, ssi,
+ ¶ms);
+ if (subscribe_id > 0)
+ ret = os_snprintf(buf, buflen, "%d", subscribe_id);
+fail:
+ wpabuf_free(ssi);
+ return ret;
+}
+
+
+static int hostapd_ctrl_nan_cancel_subscribe(struct hostapd_data *hapd,
+ char *cmd)
+{
+ char *token, *context = NULL;
+ int subscribe_id = 0;
+
+ while ((token = str_token(cmd, " ", &context))) {
+ if (sscanf(token, "subscribe_id=%i", &subscribe_id) == 1)
+ continue;
+ wpa_printf(MSG_INFO,
+ "CTRL: Invalid NAN_CANCEL_SUBSCRIBE parameter: %s",
+ token);
+ return -1;
+ }
+
+ if (subscribe_id <= 0) {
+ wpa_printf(MSG_INFO,
+ "CTRL: Invalid or missing NAN_CANCEL_SUBSCRIBE subscribe_id");
+ return -1;
+ }
+
+ hostapd_nan_usd_cancel_subscribe(hapd, subscribe_id);
+ return 0;
+}
+
+
+static int hostapd_ctrl_nan_transmit(struct hostapd_data *hapd, char *cmd)
+{
+ char *token, *context = NULL;
+ int handle = 0;
+ int req_instance_id = 0;
+ struct wpabuf *ssi = NULL;
+ u8 peer_addr[ETH_ALEN];
+ int ret = -1;
+
+ os_memset(peer_addr, 0, ETH_ALEN);
+
+ while ((token = str_token(cmd, " ", &context))) {
+ if (sscanf(token, "handle=%i", &handle) == 1)
+ continue;
+
+ if (sscanf(token, "req_instance_id=%i", &req_instance_id) == 1)
+ continue;
+
+ if (os_strncmp(token, "address=", 8) == 0) {
+ if (hwaddr_aton(token + 8, peer_addr) < 0)
+ return -1;
+ continue;
+ }
+
+ if (os_strncmp(token, "ssi=", 4) == 0) {
+ if (ssi)
+ goto fail;
+ ssi = wpabuf_parse_bin(token + 4);
+ if (!ssi)
+ goto fail;
+ continue;
+ }
+
+ wpa_printf(MSG_INFO,
+ "CTRL: Invalid NAN_TRANSMIT parameter: %s",
+ token);
+ goto fail;
+ }
+
+ if (handle <= 0) {
+ wpa_printf(MSG_INFO,
+ "CTRL: Invalid or missing NAN_TRANSMIT handle");
+ goto fail;
+ }
+
+ if (is_zero_ether_addr(peer_addr)) {
+ wpa_printf(MSG_INFO,
+ "CTRL: Invalid or missing NAN_TRANSMIT address");
+ goto fail;
+ }
+
+ ret = hostapd_nan_usd_transmit(hapd, handle, ssi, NULL, peer_addr,
+ req_instance_id);
+fail:
+ wpabuf_free(ssi);
+ return ret;
+}
+
+#endif /* CONFIG_NAN_USD */
+
+
static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
char *buf, char *reply,
int reply_size,
@@ -3633,19 +4056,30 @@
} else if (os_strncmp(buf, "GET ", 4) == 0) {
reply_len = hostapd_ctrl_iface_get(hapd, buf + 4, reply,
reply_size);
- } else if (os_strncmp(buf, "ENABLE", 6) == 0) {
+ } else if (os_strcmp(buf, "ENABLE") == 0) {
if (hostapd_ctrl_iface_enable(hapd->iface))
reply_len = -1;
} else if (os_strcmp(buf, "RELOAD_WPA_PSK") == 0) {
if (hostapd_ctrl_iface_reload_wpa_psk(hapd))
reply_len = -1;
+#ifdef CONFIG_IEEE80211R_AP
+ } else if (os_strcmp(buf, "GET_RXKHS") == 0) {
+ reply_len = hostapd_ctrl_iface_get_rxkhs(hapd, reply,
+ reply_size);
+ } else if (os_strcmp(buf, "RELOAD_RXKHS") == 0) {
+ if (hostapd_ctrl_iface_reload_rxkhs(hapd))
+ reply_len = -1;
+#endif /* CONFIG_IEEE80211R_AP */
} else if (os_strcmp(buf, "RELOAD_BSS") == 0) {
if (hostapd_ctrl_iface_reload_bss(hapd))
reply_len = -1;
- } else if (os_strncmp(buf, "RELOAD", 6) == 0) {
+ } else if (os_strcmp(buf, "RELOAD_CONFIG") == 0) {
+ if (hostapd_reload_config(hapd->iface))
+ reply_len = -1;
+ } else if (os_strcmp(buf, "RELOAD") == 0) {
if (hostapd_ctrl_iface_reload(hapd->iface))
reply_len = -1;
- } else if (os_strncmp(buf, "DISABLE", 7) == 0) {
+ } else if (os_strcmp(buf, "DISABLE") == 0) {
if (hostapd_ctrl_iface_disable(hapd->iface))
reply_len = -1;
} else if (os_strcmp(buf, "UPDATE_BEACON") == 0) {
@@ -3681,16 +4115,15 @@
if (hostapd_ctrl_iface_data_test_frame(hapd, buf + 16) < 0)
reply_len = -1;
} else if (os_strncmp(buf, "TEST_ALLOC_FAIL ", 16) == 0) {
- if (hostapd_ctrl_test_alloc_fail(hapd, buf + 16) < 0)
+ if (testing_set_fail_pattern(true, buf + 16) < 0)
reply_len = -1;
} else if (os_strcmp(buf, "GET_ALLOC_FAIL") == 0) {
- reply_len = hostapd_ctrl_get_alloc_fail(hapd, reply,
- reply_size);
+ reply_len = testing_get_fail_pattern(true, reply, reply_size);
} else if (os_strncmp(buf, "TEST_FAIL ", 10) == 0) {
- if (hostapd_ctrl_test_fail(hapd, buf + 10) < 0)
+ if (testing_set_fail_pattern(false, buf + 10) < 0)
reply_len = -1;
} else if (os_strcmp(buf, "GET_FAIL") == 0) {
- reply_len = hostapd_ctrl_get_fail(hapd, reply, reply_size);
+ reply_len = testing_get_fail_pattern(false, reply, reply_size);
} else if (os_strncmp(buf, "RESET_PN ", 9) == 0) {
if (hostapd_ctrl_reset_pn(hapd, buf + 9) < 0)
reply_len = -1;
@@ -3983,6 +4416,26 @@
reply_len = -1;
#endif /* CONFIG_DPP3 */
#endif /* CONFIG_DPP */
+#ifdef CONFIG_NAN_USD
+ } else if (os_strncmp(buf, "NAN_PUBLISH ", 12) == 0) {
+ reply_len = hostapd_ctrl_nan_publish(hapd, buf + 12, reply,
+ reply_size);
+ } else if (os_strncmp(buf, "NAN_CANCEL_PUBLISH ", 19) == 0) {
+ if (hostapd_ctrl_nan_cancel_publish(hapd, buf + 19) < 0)
+ reply_len = -1;
+ } else if (os_strncmp(buf, "NAN_UPDATE_PUBLISH ", 19) == 0) {
+ if (hostapd_ctrl_nan_update_publish(hapd, buf + 19) < 0)
+ reply_len = -1;
+ } else if (os_strncmp(buf, "NAN_SUBSCRIBE ", 14) == 0) {
+ reply_len = hostapd_ctrl_nan_subscribe(hapd, buf + 14, reply,
+ reply_size);
+ } else if (os_strncmp(buf, "NAN_CANCEL_SUBSCRIBE ", 21) == 0) {
+ if (hostapd_ctrl_nan_cancel_subscribe(hapd, buf + 21) < 0)
+ reply_len = -1;
+ } else if (os_strncmp(buf, "NAN_TRANSMIT ", 13) == 0) {
+ if (hostapd_ctrl_nan_transmit(hapd, buf + 13) < 0)
+ reply_len = -1;
+#endif /* CONFIG_NAN_USD */
#ifdef RADIUS_SERVER
} else if (os_strncmp(buf, "DAC_REQUEST ", 12) == 0) {
if (radius_server_dac_request(hapd->radius_srv, buf + 12) < 0)
@@ -4000,6 +4453,20 @@
reply_len = hostapd_ctrl_iface_driver_cmd(hapd, buf + 7, reply,
reply_size);
#endif /* ANDROID */
+#ifdef CONFIG_IEEE80211BE
+ } else if (os_strcmp(buf, "ENABLE_MLD") == 0) {
+ if (hostapd_ctrl_iface_enable_mld(hapd->iface))
+ reply_len = -1;
+ } else if (os_strcmp(buf, "DISABLE_MLD") == 0) {
+ if (hostapd_ctrl_iface_disable_mld(hapd->iface))
+ reply_len = -1;
+#ifdef CONFIG_TESTING_OPTIONS
+ } else if (os_strncmp(buf, "LINK_REMOVE ", 12) == 0) {
+ if (hostapd_ctrl_iface_link_remove(hapd, buf + 12,
+ reply, reply_size))
+ reply_len = -1;
+#endif /* CONFIG_TESTING_OPTIONS */
+#endif /* CONFIG_IEEE80211BE */
} else {
os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
reply_len = 16;
@@ -4491,6 +4958,7 @@
#ifdef CONFIG_DPP
dpp_global_clear(interfaces->dpp);
#ifdef CONFIG_DPP3
+ interfaces->dpp_pb_bi = NULL;
{
int i;
diff --git a/hostapd/defconfig b/hostapd/defconfig
index 0a5ceee..5d769e9 100644
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -424,3 +424,6 @@
# DPP version 3 support (experimental and still changing; do not enable for
# production use)
#CONFIG_DPP3=y
+
+# Wi-Fi Aware unsynchronized service discovery (NAN USD)
+#CONFIG_NAN_USD=y
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index f02cd92..1357649 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -980,10 +980,22 @@
# 6 GHz Access Point type
# This config is to set the 6 GHz Access Point type. Possible options are:
-# 0 = Indoor AP (default)
-# 1 = Standard Power AP
+# 0 = Indoor AP
+# 1 = Standard power AP
+# 2 = Very low power AP (default)
+# 3 = Indoor enabled AP
+# 4 = Indoor standard power AP
# This has no impact for operation on other bands.
+# See IEEE P802.11-REVme/D4.0, Table E-12 (Regulatory Info subfield encoding)
+# for more details.
#he_6ghz_reg_pwr_type=0
+#
+# 6 GHz Maximum Tx Power used in Transmit Power Envelope elements, where the
+# "Transmit Power Interpretation" is set to "Regulatory client EIRP PSD".
+# For Maximum Transmit Power Category subfield encoding set to default (0):
+#reg_def_cli_eirp_psd=-1
+# For Maximum Transmit Power Category subfield encoding set to subordinate (1):
+#reg_sub_cli_eirp_psd=-1
# Unsolicited broadcast Probe Response transmission settings
# This is for the 6 GHz band only. If the interval is set to a non-zero value,
@@ -1027,6 +1039,20 @@
#eht_oper_chwidth (see vht_oper_chwidth)
#eht_oper_centr_freq_seg0_idx
+#eht_default_pe_duration: The duration of PE field in EHT TB PPDU
+# 0 = PE field duration is the same as he_default_pe_duration (default)
+# 1 = PE field duration is 20 us
+#eht_default_pe_duration=0
+
+#eht_bw320_offset: For automatic channel selection (ACS) to indicate a preferred
+# 320 MHz channelization in EHT mode.
+# If the channel is decided or the bandwidth is not 320 MHz, this option is
+# meaningless.
+# 0 = auto-detect by hostapd
+# 1 = 320 MHz-1 (channel center frequency 31, 95, 159)
+# 2 = 320 MHz-2 (channel center frequency 63, 127, 191)
+#eht_bw320_offset=0
+
# Disabled subchannel bitmap (16 bits) as per IEEE P802.11be/3.0,
# Figure 9-1002c (EHT Operation Information field format). Each bit corresponds
# to a 20 MHz channel, the lowest bit corresponds to the lowest frequency. A
@@ -1775,6 +1801,10 @@
# Tunnel-Password
# 3 = ask RADIUS server during 4-way handshake if there is no locally
# configured PSK/passphrase for the STA
+#
+# The Tunnel-Password attribute in Access-Accept can contain either the
+# 8..63 character ASCII passphrase or a 64 hex character encoding of the PSK.
+#
#wpa_psk_radius=0
# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
@@ -2032,6 +2062,10 @@
#sae_password=really secret|mac=ff:ff:ff:ff:ff:ff
#sae_password=example secret|mac=02:03:04:05:06:07|id=pw identifier
#sae_password=example secret|vlanid=3|id=pw identifier
+#
+# SAE passwords can also be read from a separate file in which each line
+# contains and entry in the same format as sae_password uses.
+#sae_password_file=/tc/hostapd.sae_passwords
# SAE threshold for anti-clogging mechanism (dot11RSNASAEAntiCloggingThreshold)
# This parameter defines how many open SAE instances can be in progress at the
@@ -2261,6 +2295,12 @@
# list and thus will receive push notifications.
#r1kh=00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff
+# Optionally, the list of RxKHs can be read from a text file. Format is the same
+# as specified above. File shall contain both r0kh and r1kh. Once this variable
+# is set, RxKHs can be reloaded at runtime without bringing down an interface
+# using the RELOAD_RXKHS command.
+#rxkh_file=<path>
+
# Timeout (seconds) for newly discovered R0KH/R1KH (see wildcard entries above)
# Special values: 0 -> do not expire
# Warning: do not cache implies no sequence number validation with wildcards
diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
index 45497cd..8fb6119 100644
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -1235,6 +1235,13 @@
}
+static int hostapd_cli_cmd_reload_config(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "RELOAD_CONFIG");
+}
+
+
static int hostapd_cli_cmd_disable(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
@@ -1242,6 +1249,20 @@
}
+static int hostapd_cli_cmd_enable_mld(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "ENABLE_MLD");
+}
+
+
+static int hostapd_cli_cmd_disable_mld(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "DISABLE_MLD");
+}
+
+
static int hostapd_cli_cmd_update_beacon(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
@@ -1584,6 +1605,24 @@
}
+#ifdef CONFIG_IEEE80211R_AP
+
+static int hostapd_cli_cmd_get_rxkhs(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "GET_RXKHS");
+}
+
+
+static int hostapd_cli_cmd_reload_rxkhs(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_ctrl_command(ctrl, "RELOAD_RXKHS");
+}
+
+#endif /* CONFIG_IEEE80211R_AP */
+
+
#ifdef ANDROID
static int hostapd_cli_cmd_driver(struct wpa_ctrl *ctrl, int argc, char *argv[])
{
@@ -1710,8 +1749,14 @@
"= reload configuration for current interface" },
{ "reload_bss", hostapd_cli_cmd_reload_bss, NULL,
"= reload configuration for current BSS" },
+ { "reload_config", hostapd_cli_cmd_reload_config, NULL,
+ "= reload configuration for current interface" },
{ "disable", hostapd_cli_cmd_disable, NULL,
"= disable hostapd on current interface" },
+ { "enable_mld", hostapd_cli_cmd_enable_mld, NULL,
+ "= enable AP MLD to which the interface is affiliated" },
+ { "disable_mld", hostapd_cli_cmd_disable_mld, NULL,
+ "= disable AP MLD to which the interface is affiliated" },
{ "update_beacon", hostapd_cli_cmd_update_beacon, NULL,
"= update Beacon frame contents\n"},
{ "erp_flush", hostapd_cli_cmd_erp_flush, NULL,
@@ -1795,6 +1840,12 @@
"<addr> [req_mode=] <measurement request hexdump> = send a Beacon report request to a station" },
{ "reload_wpa_psk", hostapd_cli_cmd_reload_wpa_psk, NULL,
"= reload wpa_psk_file only" },
+#ifdef CONFIG_IEEE80211R_AP
+ { "reload_rxkhs", hostapd_cli_cmd_reload_rxkhs, NULL,
+ "= reload R0KHs and R1KHs" },
+ { "get_rxkhs", hostapd_cli_cmd_get_rxkhs, NULL,
+ "= get R0KHs and R1KHs" },
+#endif /* CONFIG_IEEE80211R_AP */
#ifdef ANDROID
{ "driver", hostapd_cli_cmd_driver, NULL,
"<driver sub command> [<hex formatted data>] = send driver command data" },
diff --git a/hostapd/main.c b/hostapd/main.c
index 615dc2f..0fe2d74 100644
--- a/hostapd/main.c
+++ b/hostapd/main.c
@@ -249,8 +249,12 @@
* Use the configured MLD MAC address as the interface hardware address
* if this AP is a part of an AP MLD.
*/
- if (!is_zero_ether_addr(hapd->conf->mld_addr) && hapd->conf->mld_ap)
- params.bssid = hapd->conf->mld_addr;
+ if (hapd->conf->mld_ap) {
+ if (!is_zero_ether_addr(hapd->conf->mld_addr))
+ params.bssid = hapd->conf->mld_addr;
+ else
+ params.bssid = NULL;
+ }
#endif /* CONFIG_IEEE80211BE */
params.ifname = hapd->conf->iface;
@@ -340,6 +344,9 @@
return -1;
}
+ /* Initialize the BSS parameter change to 1 */
+ hapd->eht_mld_bss_param_change = 1;
+
wpa_printf(MSG_DEBUG,
"MLD: Set link_id=%u, mld_addr=" MACSTR
", own_addr=" MACSTR,