From patchwork Tue Oct 8 01:14:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Bauer X-Patchwork-Id: 1993882 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=pC5OcUEZ; dkim=fail reason="signature verification failed" (4096-bit key; secure) header.d=david-bauer.net header.i=@david-bauer.net header.a=rsa-sha256 header.s=uberspace header.b=TSc3mvQh; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XMyk05gqTz1xsv for ; Tue, 8 Oct 2024 12:15:04 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:To :From:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=KfsBf7fc2bHCPVFSbUWhOCNDYPNoOSkQa0W3wHbkNpo=; b=pC5OcUEZVbpKJt EvYg3pHN8UUWeugTT2DPXIV2Y3LMY6yrhz0hu2N7GawjvMKC/b4b1dPuspo0d/m/e59B5ZcCuCoCf rwxS8vaaABpr645mZdvXLVFapmjAXW2ikB9eKukeBoKyinuR00xRUlbz4lomOrH0jRkdoMo4t6ci6 WY1kNKVDiMaWU5ohq+qJA7DzVlx/6Xw3ErB/82UJKmYE0lovNcAicjDmQN6gQ/u0ehkdTG1PbQest I12A6ZqmOTmMmaKP0WLEN2L1kSllnP0gXI+8O7mFIcfr+p8NSWDKxdn1R7In6twsR4tx+JcF2FVbr EzXHg6n9pvfretc1o1Vg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1sxyo3-00000004ATJ-11o6; Tue, 08 Oct 2024 01:14:31 +0000 Received: from mailgate02.uberspace.is ([2a00:d0c0:200:0:1c7b:a6ff:fee0:8ea4]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1sxynz-00000004ASU-2ehQ for hostap@lists.infradead.org; Tue, 08 Oct 2024 01:14:29 +0000 Received: from perseus.uberspace.de (perseus.uberspace.de [95.143.172.134]) by mailgate02.uberspace.is (Postfix) with ESMTPS id E505817FEC6 for ; Tue, 8 Oct 2024 03:14:16 +0200 (CEST) Received: (qmail 28848 invoked by uid 988); 8 Oct 2024 01:14:16 -0000 Authentication-Results: perseus.uberspace.de; auth=pass (plain) Received: from unknown (HELO unkown) (::1) by perseus.uberspace.de (Haraka/3.0.1) with ESMTPSA; Tue, 08 Oct 2024 03:14:16 +0200 From: David Bauer To: hostap@lists.infradead.org Subject: [PATCH] bss: enable discovery of SSID for known OWE BSS Date: Tue, 8 Oct 2024 03:14:03 +0200 Message-ID: <20241008011404.68281-1-mail@david-bauer.net> X-Mailer: git-send-email 2.45.2 MIME-Version: 1.0 X-Rspamd-Bar: - X-Rspamd-Report: MID_CONTAINS_FROM(1) BAYES_HAM(-2.999999) MIME_GOOD(-0.1) R_MISSING_CHARSET(0.5) X-Rspamd-Score: -1.599999 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=david-bauer.net; s=uberspace; h=from:to:subject:date; bh=Ri27YajEXWz9gar/X57+is/kfrJD8cD43/PHEtrOHvY=; b=TSc3mvQhpGjgzcdVDchUWq4ZRG6/kK/jY3fDGhEwbbTNSEfffQmaqCRGShIlcRuml948gntD0w /auMJ2DLGGpYRmfcWjJkE73J+BWVIRuL/eaei7trOu1d7lLG//E9Vx37yo2hXnhYfgpW58+YA01l OzjnekMhcIf1TxdSg875Z/5mysUhASuGBxfT7wMBEDN6TnDuL/GHNYY8QXyjB5AhcnZd3ZVz1GKY 9g45gxJsqCmphor6GKhJ0Q/VWuEkZew2HcsniE4sIZR0IUhSRxupvaPnmlqZDqP6cl4QheuCkM0H JvwuyzYs2Hoe2v789iRmFFNIbo1lUP8YDOZcaiA+fnEuwTLVs9p8m5Dyz6Fe5G9jDtDonqKAWs7w pUl7fqlLX6Wnbpq86kvwDrZKQbYNNZALNlIlBc3vW41Qju9dVjC9KQOrXUD6etWYSwj7pDFR3FA3 gJpSaqxnuwBXY7JJ85uvtN0UKLu99ztt4iIr7dnUb3NdS2WvDrF5Ako0x/Azv63LidIxPOpyis6U 5Ai5D//cP/OjNyd+k2T/oXqirATz2slS+Wzgt11PwYbmddF84oWMEeWttQNH9ENg8PLfuFH5Ps7M u0h9TK2HepWGPWPDJ73mAZ6HvnBKebPo9qvEezLc9O/qHr2BsNSFejyB1R9T8iRAXflaw5l7M2ji k= X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241007_181428_115483_AFB35B97 X-CRM114-Status: GOOD ( 15.98 ) X-Spam-Score: -2.1 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: OWE BSSIDs are beaconed with a hidden SSID set, including them with a hidden SSID in the scan_results when not explicitly proed for. Currently wpa_supplicant creates suplicate entries for these BSSIDs in the scan-list instead of updating the hidden results with the learnt SSID when probing on a connection for OWE networks. Content analysis details: (-2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org OWE BSSIDs are beaconed with a hidden SSID set, including them with a hidden SSID in the scan_results when not explicitly proed for. Currently wpa_supplicant creates suplicate entries for these BSSIDs in the scan-list instead of updating the hidden results with the learnt SSID when probing on a connection for OWE networks. Update existing entries with hidden SSID instead. Also update entries with learnt SSID when receiving a beacon frame for this SSID. This is required to consistently fix roaming when connected to an OWE network. Signed-off-by: David Bauer --- wpa_supplicant/bss.c | 76 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 74 insertions(+), 2 deletions(-) diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c index 39de8bac3..8f4b3ed79 100644 --- a/wpa_supplicant/bss.c +++ b/wpa_supplicant/bss.c @@ -884,7 +884,10 @@ void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s, struct os_reltime *fetch_time) { const u8 *ssid, *p2p, *mesh; - struct wpa_bss *bss; +#ifdef CONFIG_OWE + const u8 *owe, *rsn; +#endif + struct wpa_bss *bss = NULL; if (wpa_s->conf->ignore_old_scan_res) { struct os_reltime update; @@ -938,7 +941,76 @@ void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s, if (mesh && mesh[1] <= SSID_MAX_LEN) ssid = mesh; - bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]); +#ifdef CONFIG_OWE + rsn = wpa_scan_get_ie(res, WLAN_EID_RSN); + owe = wpa_scan_get_vendor_ie(res, OWE_IE_VENDOR_TYPE); + + if (owe && rsn) { + struct wpa_bss *owe_tm_bss; + + /* + * OWE Transition networks shall be handled in two ways: + * 1. Check if we have the network in our scan table + * 2.a Scan-Table entry has known SSID, current result has none + * --> Abort + * 2.b Scan-Table entry has no known SSID, current Result has one + * --> Update the scan-table entry + */ + + if (ssid[1] != 0 && ssid[2] != 0) { + /* Current result has SSID */ + + /* Check if we have a potential network with missing to update */ + dl_list_for_each(owe_tm_bss, &wpa_s->bss, struct wpa_bss, list) { + if (!ether_addr_equal(owe_tm_bss->bssid, res->bssid)) + continue; + + /* Need to be encrypted transition SSID*/ + if (!wpa_bss_get_ie(owe_tm_bss, WLAN_EID_RSN)) + continue; + + if (!wpa_bss_get_vendor_ie(owe_tm_bss, OWE_IE_VENDOR_TYPE)) + continue; + + if (owe_tm_bss->ssid_len != 0 && owe_tm_bss->ssid[0] != 0) + continue; + + /* We have a network to update */ + owe_tm_bss->ssid_len = ssid[1]; + os_memcpy(owe_tm_bss->ssid, ssid + 2, ssid[1]); + break; + } + } else { + /* Current result lacks SSID */ + + /* Check if we've learnt an SSID for said network */ + dl_list_for_each(owe_tm_bss, &wpa_s->bss, struct wpa_bss, list) { + if (!ether_addr_equal(owe_tm_bss->bssid, res->bssid)) + continue; + + /* Need to be encrypted transition SSID*/ + if (!wpa_bss_get_ie(owe_tm_bss, WLAN_EID_RSN)) + continue; + + if (!wpa_bss_get_vendor_ie(owe_tm_bss, OWE_IE_VENDOR_TYPE)) + continue; + + if (owe_tm_bss->ssid_len == 0) + continue; + + /* Transition network is stored with SSID in scan-results. + * Continue with this result. + */ + bss = owe_tm_bss; + break; + } + } + } +#endif + + if (bss == NULL) + bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]); + if (bss == NULL) bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res, fetch_time); else {