From patchwork Wed Sep 4 11:11:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinayak Yadawad X-Patchwork-Id: 1980684 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=H8/Xzafj; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=broadcom.com header.i=@broadcom.com header.a=rsa-sha256 header.s=google header.b=efC5N5Lm; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4WzKb72mZDz1yg3 for ; Wed, 4 Sep 2024 21:12:33 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=Jmwng2xAUa4zSyvoJmB3uJc0pVSJizauyq50nGWhQEg=; b=H8/XzafjPiXPy8 vtYe5bVx1z33HdKDXySLnMmToFiRDTON0G6VrorrKuSb0bs8H8TpLRg3TW/BGYAqEDo8t/JVPyazs +Gv6d6o4OZDaOxlQon/8HegyOVNiGyoNj/9STBzHT9mGCZeEG2hNghO5QZ19yNO41YXk5CL6u9QRB 2V62BB53Vh7x1ll1DCDy1Z5/q7VhEikv4vXmmJq6cMYiiZmpbWFzMIQVevGSXk//3WNOApfpQMmfI hHQ0M+Q7pgBZoLmTYKTb58et5YBGRReC3usJyGrUZznzLL3T6bR3BieBEfvup4gMWCNR7lqcaH4+i zxpIRUbSBlFAYMAVKD3w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1slnve-000000043fD-3E7V; Wed, 04 Sep 2024 11:12:02 +0000 Received: from mail-pl1-x636.google.com ([2607:f8b0:4864:20::636]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1slnvJ-000000043a1-2M5s for hostap@lists.infradead.org; Wed, 04 Sep 2024 11:11:58 +0000 Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-202508cb8ebso40151015ad.3 for ; Wed, 04 Sep 2024 04:11:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1725448301; x=1726053101; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=5MH2Qh1sCnRoAoD2BDQ0xD/Ph4LZZbYx9XzkXRLA8tA=; b=efC5N5LmIbl0hXIaUy81x9olyeQm1V+CsBzUylEMNmjZvE5YotVlLWAaMoqDuAXCro hgM2Lh8oYcumePIPRRhflhSzPZ4hUEHFVd2cxSF9c4/bkjA1UFksJUo8NsoPhNxSECAo wZbUQXnVyngW0r5SscxfeT1FX7yu2XmzBCcfA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725448301; x=1726053101; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5MH2Qh1sCnRoAoD2BDQ0xD/Ph4LZZbYx9XzkXRLA8tA=; b=fapHxmSlCVOYq2425Hb3y7y8dwn2LDfSPHuPpsru7MUkpVjJfGA0doYipqFk3KD5d3 j7dG6PZNhd7a4Ip2wPyeY/X5hgv7nO0p9ujJcw2ctLkVEt9cQUnfHm3ZfkWiKpKgexXe 2rJSJMuw8/cbx1pmzwAxABWVIoReMlB+ga0sYy5+18yIAe87A9uXdP1AdbqaNyeS1jCA WsfBAvCJBlzfS3CnU10Hgm+Q4OUSMVgAHiXKPnLOLZjlNgMFkNqQUQr8BegsO4OG2aG5 uBi05qXiPgkozibV/YqIzZ5wZc5vLQ46MhdwtxFVD+LkOzDqDlXGHOjZghws+jxgDiWs 83Pg== X-Gm-Message-State: AOJu0YzvFdhPSPD90lnHjjf+GgY3/HKUN1EF9X9VxYt0b3gwYzUmK5fI YTPZig4+8a9ijgZqtr5B0kKEo1krOMD+X2cPpTSL5kF2oyRDdRpmrJ7YlNkD9DZpnXlTx9VL3oS xy+ZCCBoPSAgrnWt2/UOthvsn5yda+FgWOUwFkdRJ3B6T+5L7lqi3jMSmiugQiSjHyucA109nzJ PRW8dhxkRoIF3d4O0p4TdwnP7Tz4q4o1gilsxGV1eomIoPYNev4PKy X-Google-Smtp-Source: AGHT+IGWMverAu0z2kO33dkJdzwnn81C6H5hm1IQ6IQVTzl+sztXNohD8JixRaqcYHUA2C/kvzS0og== X-Received: by 2002:a17:903:2451:b0:201:f853:3e73 with SMTP id d9443c01a7336-205472c5bc6mr173443725ad.11.1725448300113; Wed, 04 Sep 2024 04:11:40 -0700 (PDT) Received: from ibnvda5015.ibn.broadcom.net ([192.19.252.234]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-206ae953da0sm11668735ad.109.2024.09.04.04.11.38 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 04 Sep 2024 04:11:39 -0700 (PDT) From: Vinayak Yadawad To: hostap@lists.infradead.org Cc: jithu.jance@broadcom.com, Vinayak Yadawad Subject: [PATCH v2 1/1] hostapd: Avoid EAPOL trigger in reassoc path for AP, in case of 4way HS offload Date: Wed, 4 Sep 2024 16:41:30 +0530 Message-ID: <0d7eb6d868e267d8a78cea5aeca785f8d3492a85.1725444846.git.vinayak.yadawad@broadcom.com> X-Mailer: git-send-email 2.43.4 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240904_041141_621565_BF4CA777 X-CRM114-Status: GOOD ( 14.47 ) X-Spam-Score: -2.2 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Currently avoiding of EAPOL exchange for AP with 4way HS offload is handled only in new STA assoc path. Current change avoids complete authentication trigger in case of AP reassoc path as well. Signed-off-by: Vinayak Yadawad --- v1->v2 : Addressed review comments to avoid EAPOL for new and reassoc paths. --- src/ap/wpa_auth.c | 36 ++++++++++++++++++++++++++++++ [...] Content analysis details: (-2.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:636 listed in] [list.dnswl.org] 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.0 T_SCC_BODY_TEXT_LINE No description available. -0.1 DKIMWL_WL_HIGH DKIMwl.org - High trust sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Currently avoiding of EAPOL exchange for AP with 4way HS offload is handled only in new STA assoc path. Current change avoids complete authentication trigger in case of AP reassoc path as well. Signed-off-by: Vinayak Yadawad --- v1->v2 : Addressed review comments to avoid EAPOL for new and reassoc paths. --- src/ap/wpa_auth.c | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 8304c6047..e2970f003 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -367,6 +367,15 @@ static inline int wpa_auth_start_ampe(struct wpa_authenticator *wpa_auth, #endif /* CONFIG_MESH */ +static inline int wpa_auth_get_drv_flags(struct wpa_authenticator *wpa_auth, + u64 *drv_flags, u64 *drv_flags2) +{ + if(!wpa_auth->cb->get_drv_flags) + return -1; + return wpa_auth->cb->get_drv_flags(wpa_auth->cb_ctx, drv_flags, + drv_flags2); +} + int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth, int (*cb)(struct wpa_state_machine *sm, void *ctx), void *cb_ctx) @@ -963,6 +972,9 @@ wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr, int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *sm) { + u64 drv_flags = 0; + u64 drv_flags2 = 0; + if (!wpa_auth || !wpa_auth->conf.wpa || !sm) return -1; @@ -1002,7 +1014,17 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, if (wpa_sm_step(sm) == 1) return 1; /* should not really happen */ sm->Init = false; - sm->AuthenticationRequest = true; + + if (wpa_auth_get_drv_flags(sm->wpa_auth, &drv_flags, &drv_flags2)) { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING, + "Failed to get driver flags"); + return 1; + } + if (drv_flags2 & WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK) + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, + "Skip EAPOL for 4way HS offload case"); + else + sm->AuthenticationRequest = true; return wpa_sm_step(sm); } @@ -2299,6 +2321,8 @@ void wpa_remove_ptk(struct wpa_state_machine *sm) int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) { int remove_ptk = 1; + u64 drv_flags = 0; + u64 drv_flags2 = 0; if (!sm) return -1; @@ -2347,7 +2371,15 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) if (wpa_sm_step(sm) == 1) return 1; /* should not really happen */ sm->Init = false; - sm->AuthenticationRequest = true; + + if (wpa_auth_get_drv_flags(sm->wpa_auth, &drv_flags, &drv_flags2)) { + wpa_printf(MSG_ERROR, "Failed to get driver flags"); + return 1; + } + if (drv_flags2 & WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK) + wpa_printf(MSG_INFO, "Skip EAPOL for 4way HS offload case"); + else + sm->AuthenticationRequest = true; break; }