path: root/wpa_supplicant/mesh_mpm.c
Commit message (Collapse)AuthorAgeFilesLines
* mesh: Calculate MTK before sending it to MAC in case Open is droppedPeter Oh2016-05-131-0/+2
| | | | | | | | | | | | | | | IEEE Std 802.11-2012 State transitions require an action sending SETKEYS primitive to MAC when OPN_ACPT event occurs in CNF_RCVD state in case of AMPE is used, but since MTK calculation is missed in this condition, all zero valued key are passed to MAC and cause unicast packet decryption error. This could happen if the first transmission of plink Open frame is dropped and Confirm frame is processed first followed by retransmitted Open frame. Fix this by calculating the MTK also in this sequence of unexpected messages. Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
* mesh: Add missing action to cancel timerPeter Oh2016-05-131-0/+1
| | | | | | | | | | | | | IEEE Std 802.11-2012 Table 13-2, MPM finite state machine requires to clear retryTimer when CNF_ACPT event occurs in OPN_SNT state which is missing, so add it to comply with the standard. This was found while debugging an MTK issue and this commit fixes a potential issue that mesh sends invalid event (PLINK_OPEN) which will lead another invalid timer register such as MeshConfirm Timer. This behaviour might lead to undefined mesh state. Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
* mesh: Add support for PMKSA cachingMasashi Honma2016-03-201-5/+35
| | | | | | | | | | | | | | | | | | | | | | | | | This patch add functionality of mesh SAE PMKSA caching. If the local STA already has peer's PMKSA entry in the cache, skip SAE authentication and start AMPE with the cached value. If the peer does not support PMKSA caching or does not have the local STA's PMKSA entry in the cache, AMPE will fail and the PMKSA cache entry of the peer will be removed. Then STA retries with ordinary SAE authentication. If the peer does not support PMKSA caching and the local STA uses no_auto_peer=1, the local STA can not retry SAE authentication because NEW_PEER_CANDIDATE event cannot start SAE authentication when no_auto_peer=1. So this patch extends MESH_PEER_ADD command to use duration(sec). Throughout the duration, the local STA can start SAE authentication triggered by NEW_PEER_CANDIDATE even though no_auto_peer=1. This commit requires commit 70c93963edefa37ef84b73efb9d04ea10268341c ('SAE: Fix PMKID calculation for PMKSA cache'). Without that commit, chosen PMK comparison will fail. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Add MESH_PEER_ADD commandMasashi Honma2016-03-201-0/+44
| | | | | | | | This allows a mesh peer connection to be initiated manually in no_auto_peer mesh networks. Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Add MESH_PEER_REMOVE commandMasashi Honma2016-03-201-2/+23
| | | | | | | This command allows the specified mesh peer to be disconnected. Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Fix peer link counting when a mesh peer reconnectsSrinivasa Duvvuri2016-02-061-1/+3
| | | | | | | | | | | | | | | | | | | When a mesh point reconnects by starting from Authentication frame sequence, the plink count was not decremented from its last connection. This resulted in leaking peer link count and causing wpa_supplicant to reject the connection after max_peer_links (default: 99) reconnects. This was reproduced by pre-configuring 2 mesh points with mesh credentials. Boot both mesh points and make sure they connect to each other. Then in a loop reboot one of the mesh points after it successfully connects while leaving the other mesh point up and running. After 99 iterations the supplicant on mesh point that is not rebooting will reject the connection request from the other mesh point. Fix this by decrementing num_plinks when freeing a STA entry that is still in PLINK_ESTAB state. Signed-off-by: Srinivasa Duvvuri <sduvvuri@chromium.org>
* mesh: Do not force another peering exchange on driver eventJouni Malinen2016-01-061-3/+6
| | | | | | | | | | | If the local driver indicated a peer candidate event when the peer had already initiated peering exchange in open mesh case, we used to force a new exchange to be started instead of allowing the previously started exchange to complete. This is not desirable, so make this initiation of the new exchange conditional on there not being an already started (or successfully completed) exchange. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Do not clear link state on driver event if exchange was startedJouni Malinen2016-01-061-1/+2
| | | | | | | | | | | | | | If the local driver event for a new peer candidate arrived only after the peer had already initiated the peering exchange, we used to clear the link state. This resulted in the already completed (or in progress) exchange getting abandoned and a new exchange initiated. This is not desirable since the already started (or even completed) exchange can be used. Clear the link state only when adding the new STA entry for the first time, i.e., use the same !sta->my_lid condition in handling the driver event similarly to how the peer initiated cases were already handled. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Add some more details to MPM debug messagesJouni Malinen2016-01-061-2/+7
| | | | | | | This makes it easier to follow the debug log when trying to figure out issues with mesh peering exchange. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Connection and group started/removed events into debug logJouni Malinen2016-01-061-5/+4
| | | | | | | | The messages were sent out with wpa_msg_ctrl() so they were not visible in the debug log. However, these would be quite helpful strings to search for in the debug log, so change these messages to use wpa_msg(). Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Document Mesh Peering Management element structure in more detailJouni Malinen2015-12-281-12/+12
| | | | | | | | Provide details on the pointers to the subfields and rename "pmk" to "chosen_pmk" and use SAE_PMKID_LEN macro with it to make the code more readable. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Check PMKID in AMPE Action framesBob Copeland2015-12-281-1/+2
| | | | | | | | | | | | | From IEEE Std 802.11-2012 13.3.5: If the incoming Mesh Peering Management frame is for AMPE and the Chosen PMK from the received frame contains a PMKID that does not identify a valid mesh PMKSA, the frame shall be silently discarded. We were not checking the PMKID previously, and we also weren't parsing it correctly, so fix both. Signed-off-by: Bob Copeland <me@bobcopeland.com>
* Add VHT support for MeshPeter Oh2015-11-191-3/+23
| | | | | | | | | | Mesh Points themselves have capability to support VHT as long as hardware supports it. However, supporting VHT in mesh mode was disabled because no one had clearly tested and confirmed its functionality. Since VHT80 has now been verified to work with ath10k QCA988X driver and mac80211_hwsim, enable VHT support in mesh mode. Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
* Set WMM flag to Mesh STA by defaultPeter Oh2015-11-191-0/+3
| | | | | | | | Set WLAN_STA_WMM flag to Mesh STA by default since Mesh STAs are QoS STAs. Mesh STA's HT capabilities won't be parsed properly without the flag. Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
* mesh: Generate proper AID for peerBob Copeland2015-10-051-2/+8
| | | | | | | | | IEEE Std 802.11-2012 13.3.1 states that the AID should be generated on the local node for each peer. Previously, we were using the peer link ID (generated by the peer) which may not be unique among all peers. Correct this by reusing the AP AID generation code. Signed-off-by: Bob Copeland <me@bobcopeland.com>
* mesh: Add RSN IE to Mesh Peering Open/Confirm framesMasashi Honma2015-09-051-0/+6
| | | | | | | | | | The RSN IE is required by IEEE Std 802.11-2012 on SAE use case: Table 8-262 Mesh Peering Open frame Action field format Table 8-263 Mesh Peering Confirm frame Action field format Add the RSN IE to these frames. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Simplify HT Capabilities element parsingJouni Malinen2015-04-221-2/+1
| | | | | | | Check the element length in the parser and remove the length field from struct ieee802_11_elems since the element is of fixed length. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Create new station entry on popen framesBob Copeland2015-01-281-9/+42
| | | | | | | | | | | | | | Currently, there is a race in open mesh networks where mesh STA A receives a beacon from B and sends a peering open frame to initiate peering. STA B, having not yet received a beacon from A and thus created the corresponding station entry, will ignore all such open frames. If the beacon interval is sufficiently long then peering will not succeed as a result. In fact B can simply create the station entry when the popen is received, as is done in Linux's in-kernel MPM, avoiding the issue. Signed-off-by: Bob Copeland <me@bobcopeland.com>
* mesh: Always free the station if peering failedBob Copeland2015-01-281-8/+1
| | | | | | | | | | | | | Previously, we would only free the station entry if a peering close frame was received (freeing the station entry causes the kernel to start sending peer candidate events again when suitable beacons are received, triggering peering or authentication to restart). The end result is the same in any case regardless of close reason: if we leave holding state then peering has started again, so go ahead and remove the station in all cases. Signed-off-by: Bob Copeland <me@bobcopeland.com>
* mesh: Sync plink state with kernelMasashi Honma2015-01-281-4/+9
| | | | | | | | The plink_state exists both wpa_supplicant and kernel. Synchronize them with wpa_mesh_set_plink_state(). Signed-off-by: Kenzoh Nishikawa <Kenzoh.Nishikawa@jp.sony.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Use a separate variable to track whether HT is enabledJouni Malinen2015-01-101-4/+2
| | | | | | | A network profile parameter should not be used to check whether the currently operating mesh has HT enabled. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Delay Authentication frame process with no_auto_peerJouni Malinen2014-12-231-0/+23
| | | | | | | | | | | | There is a possible race condition between receiving the NEW_PEER_CANDIDATE event and the Authentication frame from the peer. Previously, if the Authentication frame RX event was indicated first, that frame got dropped silently. Now, this frame is still dropped, but a copy of it is stored and the frame gets processed on the following NEW_PEER_CANDIDATE event if that is received for the same peer within two seconds. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Fill Number of Peerings field in Mesh Formation InfoMasashi Honma2014-12-211-2/+5
| | | | Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Add debug message when peering limit is reachedMasashi Honma2014-12-211-5/+13
| | | | Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Check for initialization failuresJouni Malinen2014-11-301-1/+6
| | | | | | | | | It is possible that these location ended up getting called before mesh startup operations had been completed and that could result in dereferencing NULL pointers. Address those error cases by verifying that the needed parameters are available before using them. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Avoid a false maybe-uninitialized compiler warningJouni Malinen2014-11-301-0/+7
| | | | | | | | | | An earlier check of the action_field value above the switch statement already took care of all other possible cases, but that was apparently too difficult for the compiler to notice. Bring back the default case to avoid incorrect warnings about the event variable being maybe uninitialized. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Add more debug information to MPM Action frame processingJouni Malinen2014-11-281-21/+52
| | | | | | This makes it easier to figure out why a peering message is dropped. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Make plink params configurableMasashi Honma2014-11-161-23/+34
| | | | | | | This patch makes four MIB variables for plink configurable and sets the correct default values based on IEEE Std 802.11s-2011. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Reduce none 11N Self-protected Action frame allocation sizeMasashi Honma2014-11-161-11/+18
| | | | | Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Fix 11N capability in Self-protected Action frameMasashi Honma2014-11-161-1/+1
| | | | | | | | mesh_ht_mode default value is CHAN_UNDEFINED. So previous code set 11N capability even though 11N is not used. Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Enable mesh HT modeJason Mobarak2014-11-161-2/+19
| | | | | | | | | | | | Add a new option "mesh_ht_mode" that specifies the HT mode for the mesh, with this option on, mesh beacons, actions frames, and probe responses with include the appropriate HT information elements. [original implementation by Chun-Yeow Yeoh <yeohchunyeow@gmail.com>] [some fixes by Masashi Honma <masashi.honma@gmail.com>] Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
* mesh: Add timer for SAE authentication in RSN meshChun-Yeow Yeoh2014-11-161-0/+8
| | | | | | | | | | | | Add timer to do SAE re-authentication with number of tries defined by MESH_AUTH_RETRY and timeout defined by MESH_AUTH_TIMEOUT. Ignoring the sending of reply message on "SAE confirm before commit" to avoid "ping-pong" issues with other mesh nodes. This is obvious when number of mesh nodes in MBSS reaching 6. Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: Bob Copeland <me@bobcopeland.com>
* mesh: Add mesh robust security networkThomas Pedersen2014-11-161-2/+52
| | | | | | | | | | | | | | This implementation provides: - Mesh SAE authentication mechanism - Key management (set/get PSK) - Cryptographic key establishment - Enhanced protection mechanisms for robust management frames Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
* mesh: Add no_auto_peer config optionThomas Pedersen2014-10-251-0/+7
| | | | | | | | | | Add no_auto_peer parameter, which controls wheter a station will automatically initiate peering to another mesh peer that comes into range. Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
* mesh: Add mesh peering managerBob Copeland2014-10-251-0/+853
The mesh peering manager establishes and maintains links among mesh peers, tracking each peer link via a finite state machine. This implementation supports open mesh peerings. [assorted fixes from Yu Niiro <yu.niiro@gmail.com>] [more fixes from Masashi Honma <masashi.honma@gmail.com>] Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-hostap: Bob Copeland <me@bobcopeland.com>