[wpa_supplicant] cumilative patch from commit bb945b98f
Bug: 275651698
Test: Connect to open, WPA2, WPA3 and passpoint network
Test: Establish P2P connection
Test: Basic SoftAp tests
Test: Regression test (b/275948027)
BYPASS_INCLUSIVE_LANGUAGE_REASON=Merged from opne source
bb945b98f Add 40 and 80 MHz channels 165 and 173 for 5 GHz IBSS/mesh
0059fa5ba 6 GHz: Fix secondary channel setting
744295c8b Add 6 GHz channel validation during channel switching
5349a45d3 Set interface state as inactive if mesh bringup fails
a4af79624 Handle signal termination in hostapd_cli for all cases
cf8f13ac8 Add support to send 320 MHz bandwidth through vendor subcmd
a0403c023 EHT: Validate the puncturing bitmap for ACS
af0f60e7d EHT: Calculate puncturing bitmap for ACS
f3206fbe9 EHT: Configuration option for ACS puncturing threshold
e3621867c EHT: Process puncturing bitmap from channel switch event
e277e577c nl80211: Send EHT puncturing bitmap to the driver for switch command
29a882bed EHT: Configure puncturing bitmap during channel switch
4942b19ff EHT: Send puncturing bitmap to the driver for AP bring up
f9fc2eabb EHT: Add puncturing bitmap to EHT Operation element
46a5d989d EHT: Downgrade bandwidths for VHT and HE when using puncturing
7618269ec EHT: Validate puncturing bitmap
9102fda31 EHT: Add configuration option for puncturing in AP mode
9e79439fc nl80211: Retrieve driver support for EHT puncturing
507be376c Sync with wireless-next.git include/uapi/linux/nl80211.h
591256a8c FILS: 320 MHz support in FD frame
903e3a1e6 FILS: Fix maximum NSS calculation for FD frame
ecae45ff6 FILS: Make HE a requirement for FILS discovery
4e86692ff AP: Fix 6 GHz AP setup after disable-enable
a34b8477a ml80211: Put wiphy idx to obtain correct country code
1491fc64a Define QCA vendor per-enum 64-bit pad attributes
55e31699e qca-vendor: Add QCA_WLAN_VENDOR_ATTR_LL_STATS_IFACE_NF_CAL_VAL
b1f85957c Add QCA vendor commands to set and get MLO links state information
44b32a752 mesh: Add EHT support
c4cb62ca8 WPA_AUTH: MLO: Add functions to get the AA and SPA
cab963e9f AP: Split check_assoc_ies()
7a7a2256c common: Support parsing link specific association request
b39e35693 common: Add support for clearing elements
0b2fc4268 common: Split ieee8021_parse_elems()
df6561ec0 nl80211: AP MLD support for adding multi link stations
b8b4ceb8d nl80211: Properly stop and deinit MLO AP
2f8fc46ed nl80211: Provide link_id in EAPOL_RX and RX_MGMT events
821374d43 nl80211: Introduce and implement a callback to add an MLO link for AP MLD
47269be36 nl80211: Refactor i802_bss to support multiple links
eb146ee80 AP: Add some bridge port attribute settings
f628e6b30 nl80211: Make sure scan frequency debug buffer is NUL terminated
41d23254b nl80211: Fix frequencies array boundary check for scanned frequencies
a9012070a Android: Add wowlan_disconnect_on_deinit to template configuration
e2ea0fd70 EST: Write the RSA private key using the standard PRIVATE KEY format
bfd236df2 webkit2: Avoid deprecated function call
2c3202682 P2P: Filter out 6 GHz frequencies if not allowed for P2P connection
b2bf7e39e Update PMK in wpa_sm when roam+auth event indicated with authorized flag
6b9c86466 nl80211: Replace the channel flags for VHT support
6f63aca7b DPP: Allow both STA and AP configObject to be set
7292e30b7 DPP: Fix @CONF-OBJ-SEP@ parsing for multiple configs
c31600ce1 P2P: Allow GO BSSID to be specified for P2P_GROUP_ADD commands
0430756e6 P2P: Optimize join scan frequency
b3921db42 nl80211: Add frequency info in start AP command
40c139664 macsec_linux: Add support for MACsec hardware offload
6d24673ab mka: Allow configuration of MACsec hardware offload
3081a9cb6 hostapd: Output country_code and country3 when using STATUS
91ad7a309 FT: Store PTKSA entry for the correct BSSID in the FT protocol case
3f3e356fa Mark addr argument to storing PTKSA const
242c3ad99 FT: Store PTKSA from FT protocol
ba6954874 Mark wpa_auth_remove_ptksa() static
3b1ad1334 FT: Include KDK in FT specific PTK derivation on the AP
870a5bdc0 nl80211: Report guard interval and dual carrier modulation
edcad193a dbus: Add inactive time to D-Bus signal info
a678a510f dbus: Add D-Bus signal for PSK mismatch heuristics
691f729d5 P2P: Make invitation flow less aggressive
f4a7e2a07 Rework IBSS/mesh 80 MHz channel selection
f91f971bd Fix creating 6 GHz IBSS/mesh on 5/6 GHz-capable PHYs
c623cee42 Make arrays static const in ibss_mesh_select_*()
64043e615 Split ibss_mesh_setup_freq() into multiple functions
8085a7e65 wpa_supplicant: Add option to explicitly set 4addr mode
1ffc7d1c6 Apply bias towards 6 GHz in roaming
faa410292 WNM: Event report handling for BSS color collision and in-use
97405be96 Small textual improvements to wpa_supplicant man page
ec02a0e93 hostapd: Output hw_mode when using STATUS
390e24c6c EAP-TTLS server: Add Ident field to MS-CHAP-Error
4ae798a22 P2P: Pick the best driver pref freq for invitation process
6c75f1dfa Send broadcast Probe Response frames on the 6 GHz band
edfcb2f1a MLD STA: Indicate MLO support in NL80211_CMD_CONNECT
c91852044 MLD STA: Add support for SAE external authentication offload to userspace
575712450 qca-vendor: Add QCA_WLAN_VENDOR_MCC_QUOTA_TYPE_LOW_LATENCY
ba150059d FT: Store PMK-R0/PMK-R1 after EAPOL-Key msg 2/4 MIC validation
56662f36d Refine vendor subcmd QCA_NL80211_VENDOR_SUBCMD_ROAM_STATS
72b8193f4 MACsec: Remove EAP Session-Id length constraint
3915e8834 hostapd: Report error on unknown ACCEPT_ACL/DENY_ACL commands
2cff340d1 utils: Move log2pcap to python3
12de8112b Fix BSS age underflow
d31c2b43a Fix segfault in case of an invalid configuration
a32b424a3 MLD STA: Use AP MLD address in PMKSA cache attempts for driver-SME case
8c4790cef MLD STA: Store PMKSA with AP MLD address for MLO connection event
bf124a03d SAE: Update PT value at later point for SME cases, if needed
1aadcca0a P2P: Enable SAE-H2E for client when joining a 6 GHz group
37f8257c4 SAE: Extend automatic enabling of H2E on 6 GHz to additional cases
89377c6b9 OCV: Fix build without CONFIG_OCV=y
2e47ea22c P2P: Fix handling Service Discovery Response received by GO device
dc7e330e0 Set OCV capability based on Association Request frame RSNE
831be6514 WPS: Do not indicate incorrect PBC overlap based on partner link
c9fc12425 P2P: Make wpas_p2p_notif_pbc_overlap() static
Change-Id: I1eb61fc82b98b937a2ff37a30e60e28129fe143d
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index d41a71a..17b1b4a 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2316,6 +2316,8 @@
sizeof(conf->bss[0]->iface));
} else if (os_strcmp(buf, "bridge") == 0) {
os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
+ } else if (os_strcmp(buf, "bridge_hairpin") == 0) {
+ bss->bridge_hairpin = atoi(pos);
} else if (os_strcmp(buf, "vlan_bridge") == 0) {
os_strlcpy(bss->vlan_bridge, pos, sizeof(bss->vlan_bridge));
} else if (os_strcmp(buf, "wds_bridge") == 0) {
@@ -4471,6 +4473,8 @@
#endif /* CONFIG_FILS */
} else if (os_strcmp(buf, "multicast_to_unicast") == 0) {
bss->multicast_to_unicast = atoi(pos);
+ } else if (os_strcmp(buf, "bridge_multicast_to_unicast") == 0) {
+ bss->bridge_multicast_to_unicast = atoi(pos);
} else if (os_strcmp(buf, "broadcast_deauth") == 0) {
bss->broadcast_deauth = atoi(pos);
} else if (os_strcmp(buf, "notify_mgmt_frames") == 0) {
@@ -4640,6 +4644,16 @@
bss->macsec_replay_protect = macsec_replay_protect;
} else if (os_strcmp(buf, "macsec_replay_window") == 0) {
bss->macsec_replay_window = atoi(pos);
+ } else if (os_strcmp(buf, "macsec_offload") == 0) {
+ int macsec_offload = atoi(pos);
+
+ if (macsec_offload < 0 || macsec_offload > 2) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: invalid macsec_offload (%d): '%s'.",
+ line, macsec_offload, pos);
+ return 1;
+ }
+ bss->macsec_offload = macsec_offload;
} else if (os_strcmp(buf, "macsec_port") == 0) {
int macsec_port = atoi(pos);
@@ -4748,6 +4762,18 @@
conf->eht_phy_capab.su_beamformee = atoi(pos);
} else if (os_strcmp(buf, "eht_mu_beamformer") == 0) {
conf->eht_phy_capab.mu_beamformer = atoi(pos);
+ } else if (os_strcmp(buf, "punct_bitmap") == 0) {
+ conf->punct_bitmap = atoi(pos);
+ } else if (os_strcmp(buf, "punct_acs_threshold") == 0) {
+ int val = atoi(pos);
+
+ if (val < 0 || val > 100) {
+ wpa_printf(MSG_ERROR,
+ "Line %d: punct_acs_threshold must be between 0 and 100",
+ line);
+ return 1;
+ }
+ conf->punct_acs_threshold = val;
#endif /* CONFIG_IEEE80211BE */
} else {
wpa_printf(MSG_ERROR,
diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 94f31ee..ea9c444 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -38,6 +38,7 @@
#endif /* CONFIG_DPP */
#include "common/wpa_ctrl.h"
#include "common/ptksa_cache.h"
+#include "common/hw_features_common.h"
#include "crypto/tls.h"
#include "drivers/driver.h"
#include "eapol_auth/eapol_auth_sm.h"
@@ -2435,8 +2436,31 @@
#ifdef NEED_AP_MLME
-static int hostapd_ctrl_check_freq_params(struct hostapd_freq_params *params)
+static int hostapd_ctrl_check_freq_params(struct hostapd_freq_params *params,
+ u16 punct_bitmap)
{
+ u32 start_freq;
+
+ if (is_6ghz_freq(params->freq)) {
+ const int bw_idx[] = { 20, 40, 80, 160, 320 };
+ int idx, bw;
+
+ /* The 6 GHz band requires HE to be enabled. */
+ params->he_enabled = 1;
+
+ if (params->center_freq1) {
+ if (params->freq == 5935)
+ idx = (params->center_freq1 - 5925) / 5;
+ else
+ idx = (params->center_freq1 - 5950) / 5;
+
+ bw = center_idx_to_bw_6ghz(idx);
+ if (bw < 0 || bw > (int) ARRAY_SIZE(bw_idx) ||
+ bw_idx[bw] != params->bandwidth)
+ return -1;
+ }
+ }
+
switch (params->bandwidth) {
case 0:
/* bandwidth not specified: use 20 MHz by default */
@@ -2448,11 +2472,17 @@
if (params->center_freq2 || params->sec_channel_offset)
return -1;
+
+ if (punct_bitmap)
+ return -1;
break;
case 40:
if (params->center_freq2 || !params->sec_channel_offset)
return -1;
+ if (punct_bitmap)
+ return -1;
+
if (!params->center_freq1)
break;
switch (params->sec_channel_offset) {
@@ -2487,6 +2517,9 @@
return -1;
}
+ if (params->center_freq2 && punct_bitmap)
+ return -1;
+
/* Adjacent and overlapped are not allowed for 80+80 */
if (params->center_freq2 &&
params->center_freq1 - params->center_freq2 <= 80 &&
@@ -2521,6 +2554,29 @@
return -1;
}
+ if (!punct_bitmap)
+ return 0;
+
+ if (!params->eht_enabled) {
+ wpa_printf(MSG_ERROR,
+ "Preamble puncturing supported only in EHT");
+ return -1;
+ }
+
+ if (params->freq >= 2412 && params->freq <= 2484) {
+ wpa_printf(MSG_ERROR,
+ "Preamble puncturing is not supported in 2.4 GHz");
+ return -1;
+ }
+
+ start_freq = params->center_freq1 - (params->bandwidth / 2);
+ if (!is_punct_bitmap_valid(params->bandwidth,
+ (params->freq - start_freq) / 20,
+ punct_bitmap)) {
+ wpa_printf(MSG_ERROR, "Invalid preamble puncturing bitmap");
+ return -1;
+ }
+
return 0;
}
#endif /* NEED_AP_MLME */
@@ -2541,7 +2597,8 @@
if (ret)
return ret;
- ret = hostapd_ctrl_check_freq_params(&settings.freq_params);
+ ret = hostapd_ctrl_check_freq_params(&settings.freq_params,
+ settings.punct_bitmap);
if (ret) {
wpa_printf(MSG_INFO,
"chanswitch: invalid frequency settings provided");
@@ -3554,6 +3611,8 @@
if (hostapd_set_acl(hapd) ||
hostapd_disassoc_accept_mac(hapd))
reply_len = -1;
+ } else {
+ reply_len = -1;
}
} else if (os_strncmp(buf, "DENY_ACL ", 9) == 0) {
if (os_strncmp(buf + 9, "ADD_MAC ", 8) == 0) {
@@ -3579,6 +3638,8 @@
&hapd->conf->num_deny_mac);
if (hostapd_set_acl(hapd))
reply_len = -1;
+ } else {
+ reply_len = -1;
}
#ifdef CONFIG_DPP
} else if (os_strncmp(buf, "DPP_QR_CODE ", 12) == 0) {
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index c5e74a6..bc4a0f6 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1027,6 +1027,19 @@
#eht_oper_chwidth (see vht_oper_chwidth)
#eht_oper_centr_freq_seg0_idx
+# Disabled subchannel bitmap (16 bits) as per IEEE P802.11be/3.0,
+# Figure 9-1002c (EHT Operation Information field format). Each bit corresponds
+# to a 20 MHz channel, the lowest bit corresponds to the lowest frequency. A
+# bit set to 1 indicates that the channel is punctured (disabled). The default
+# value is 0 indicating that all channels are active.
+#punct_bitmap=0
+
+# Preamble puncturing threshold in automatic channel selection (ACS).
+# The value indicates the percentage of ideal channel average interference
+# factor above which a channel should be punctured.
+# Default is 0, indicates that ACS algorithm should not puncture any channel.
+#punct_acs_threshold=75
+
##### IEEE 802.1X-2004 related configuration ##################################
# Require IEEE 802.1X authorization
@@ -1117,6 +1130,14 @@
# 0: No replay window, strict check (default)
# 1..2^32-1: number of packets that could be misordered
#
+# macsec_offload: IEEE 802.1X/MACsec hardware offload
+# This setting applies only when MACsec is in use, i.e.,
+# - macsec_policy is enabled
+# - the key server has decided to enable MACsec
+# 0 = MACSEC_OFFLOAD_OFF (default)
+# 1 = MACSEC_OFFLOAD_PHY
+# 2 = MACSEC_OFFLOAD_MAC
+#
# macsec_port: IEEE 802.1X/MACsec port
# Port component of the SCI
# Range: 1-65534 (default: 1)
@@ -2112,6 +2133,8 @@
# If fils_discovery_max_interval is non-zero, the AP enables FILS Discovery
# frame transmission. These values use TUs as the unit and have allowed range
# of 0-10000. fils_discovery_min_interval defaults to 20.
+# This feature is currently supported only when ieee80211ax is enabled for
+# the radio and disable_11ax is not set for the BSS.
#fils_discovery_min_interval=20
#fils_discovery_max_interval=0
diff --git a/hostapd/hostapd_cli.c b/hostapd/hostapd_cli.c
index ec40dda..95edea8 100644
--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
@@ -314,6 +314,12 @@
}
+static void hostapd_cli_action_cb(char *msg, size_t len)
+{
+ hostapd_cli_action_process(msg, len);
+}
+
+
static int hostapd_cli_cmd_sta(struct wpa_ctrl *ctrl, int argc, char *argv[])
{
char buf[64];
@@ -2033,7 +2039,6 @@
os_snprintf(hfile, hfile_len, "%s/%s", home, fname);
}
- eloop_register_signal_terminate(hostapd_cli_eloop_terminate, NULL);
edit_init(hostapd_cli_edit_cmd_cb, hostapd_cli_edit_eof_cb,
hostapd_cli_edit_completion_cb, NULL, hfile, NULL);
eloop_register_timeout(ping_interval, 0, hostapd_cli_ping, NULL, NULL);
@@ -2057,40 +2062,46 @@
}
-static void hostapd_cli_action(struct wpa_ctrl *ctrl)
+static void hostapd_cli_action_ping(void *eloop_ctx, void *timeout_ctx)
{
- fd_set rfds;
- int fd, res;
- struct timeval tv;
+ struct wpa_ctrl *ctrl = eloop_ctx;
char buf[256];
size_t len;
- fd = wpa_ctrl_get_fd(ctrl);
-
- while (!hostapd_cli_quit) {
- FD_ZERO(&rfds);
- FD_SET(fd, &rfds);
- tv.tv_sec = ping_interval;
- tv.tv_usec = 0;
- res = select(fd + 1, &rfds, NULL, NULL, &tv);
- if (res < 0 && errno != EINTR) {
- perror("select");
- break;
- }
-
- if (FD_ISSET(fd, &rfds))
- hostapd_cli_recv_pending(ctrl, 0, 1);
- else {
- len = sizeof(buf) - 1;
- if (wpa_ctrl_request(ctrl, "PING", 4, buf, &len,
- hostapd_cli_action_process) < 0 ||
- len < 4 || os_memcmp(buf, "PONG", 4) != 0) {
- printf("hostapd did not reply to PING "
- "command - exiting\n");
- break;
- }
- }
+ /* verify that connection is still working */
+ len = sizeof(buf) - 1;
+ if (wpa_ctrl_request(ctrl, "PING", 4, buf, &len,
+ hostapd_cli_action_cb) < 0 ||
+ len < 4 || os_memcmp(buf, "PONG", 4) != 0) {
+ printf("hostapd did not reply to PING command - exiting\n");
+ eloop_terminate();
+ return;
}
+ eloop_register_timeout(ping_interval, 0, hostapd_cli_action_ping,
+ ctrl, NULL);
+}
+
+
+static void hostapd_cli_action_receive(int sock, void *eloop_ctx,
+ void *sock_ctx)
+{
+ struct wpa_ctrl *ctrl = eloop_ctx;
+
+ hostapd_cli_recv_pending(ctrl, 0, 1);
+}
+
+
+static void hostapd_cli_action(struct wpa_ctrl *ctrl)
+{
+ int fd;
+
+ fd = wpa_ctrl_get_fd(ctrl);
+ eloop_register_timeout(ping_interval, 0, hostapd_cli_action_ping,
+ ctrl, NULL);
+ eloop_register_read_sock(fd, hostapd_cli_action_receive, ctrl, NULL);
+ eloop_run();
+ eloop_cancel_timeout(hostapd_cli_action_ping, ctrl, NULL);
+ eloop_unregister_read_sock(fd);
}
@@ -2193,6 +2204,8 @@
continue;
}
+ eloop_register_signal_terminate(hostapd_cli_eloop_terminate, NULL);
+
if (action_file && !hostapd_cli_attached)
return -1;
if (daemonize && os_daemonize(pid_file) && eloop_sock_requeue())