Allow authentication frames with a random local address as transmit
address if the driver supports.
This is required for below cases:
- Enabling use of randomized transmit address for PASN authentication
frames improve privacy of WLAN clients.
- To allow user space to use link address indicated by driver as
transmit address for authentication frames triggered by
NL80211_CMD_EXTERNAL_AUTH for MLO connection.
Signed-off-by: Veerendranath Jakkam <[email protected]>
---
include/uapi/linux/nl80211.h | 4 ++++
net/wireless/mlme.c | 11 +++++++++++
2 files changed, 15 insertions(+)
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index 279f9715919e..9e665f7b3e23 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -6225,6 +6225,9 @@ enum nl80211_feature_flags {
* @NL80211_EXT_FEATURE_RADAR_BACKGROUND: Device supports background radar/CAC
* detection.
*
+ * @NL80211_EXT_FEATURE_AUTH_TX_RANDOM_TA: Device supports randomized TA
+ * for authentication frames in @NL80211_CMD_FRAME.
+ *
* @NUM_NL80211_EXT_FEATURES: number of extended features.
* @MAX_NL80211_EXT_FEATURES: highest extended feature index.
*/
@@ -6292,6 +6295,7 @@ enum nl80211_ext_feature_index {
NL80211_EXT_FEATURE_BSS_COLOR,
NL80211_EXT_FEATURE_FILS_CRYPTO_OFFLOAD,
NL80211_EXT_FEATURE_RADAR_BACKGROUND,
+ NL80211_EXT_FEATURE_AUTH_TX_RANDOM_TA,
/* add new features before the definition below */
NUM_NL80211_EXT_FEATURES,
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 2bb4da97b66a..176513a75ddf 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -736,6 +736,16 @@ int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
}
if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) {
+ /* Allow random TA to be used with authentication frames if the
+ * driver has indicated support for this. Otherwise, only allow
+ * the local address to be used.
+ */
+ if (ieee80211_is_auth(mgmt->frame_control) &&
+ wiphy_ext_feature_isset(
+ &rdev->wiphy,
+ NL80211_EXT_FEATURE_AUTH_TX_RANDOM_TA))
+ goto out_tx;
+
/* Allow random TA to be used with Public Action frames if the
* driver has indicated support for this. Otherwise, only allow
* the local address to be used.
@@ -755,6 +765,7 @@ int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
return -EINVAL;
}
+out_tx:
/* Transmit the Action frame as requested by user space */
return rdev_mgmt_tx(rdev, wdev, params, cookie);
}
--
2.25.1
If external authentication request triggered during MLO connection, the
link address used by driver can be different from the interface address.
Add support to indicate transmit address to use for authentication
frames sent by user space for current external authentication request.
Signed-off-by: Veerendranath Jakkam <[email protected]>
---
include/net/cfg80211.h | 6 ++++++
net/wireless/nl80211.c | 9 +++++++++
2 files changed, 15 insertions(+)
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 140354f5f15b..be0ebed560f6 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -3553,6 +3553,11 @@ struct cfg80211_pmk_conf {
* the real status code for failures. Used only for the authentication
* response command interface (user space to driver).
* @pmkid: The identifier to refer a PMKSA.
+ * @tx_addr: Transmit address to use for current external authentication
+ * request. Only valid for the authentication request event. Driver must
+ * indicate support for randomizing transmit address of authentication
+ * frames with %NL80211_EXT_FEATURE_AUTH_TX_RANDOM_TA to fill non-zero
+ * value in this parameter.
*/
struct cfg80211_external_auth_params {
enum nl80211_external_auth_action action;
@@ -3561,6 +3566,7 @@ struct cfg80211_external_auth_params {
unsigned int key_mgmt_suite;
u16 status;
const u8 *pmkid;
+ u8 tx_addr[ETH_ALEN] __aligned(2);
};
/**
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index eda2ad029c90..e00539c98112 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -19280,6 +19280,15 @@ int cfg80211_external_auth_request(struct net_device *dev,
params->ssid.ssid))
goto nla_put_failure;
+ if (!is_zero_ether_addr(params->tx_addr)) {
+ if (!wiphy_ext_feature_isset(&rdev->wiphy,
+ NL80211_EXT_FEATURE_AUTH_TX_RANDOM_TA))
+ return -EINVAL;
+
+ if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->tx_addr))
+ goto nla_put_failure;
+ }
+
genlmsg_end(msg, hdr);
genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
wdev->conn_owner_nlportid);
--
2.25.1
Hi,
This patch doesn't apply now, sorry I let it linger across a lot of MLO
work.
> - To allow user space to use link address indicated by driver as
> transmit address for authentication frames triggered by
> NL80211_CMD_EXTERNAL_AUTH for MLO connection.
Maybe this is already covered by the changes that are actually
responsible for it not applying any more?
You can use the link address now, due to commit 6df2810ac9a9 ("wifi:
cfg80211: Allow MLO TX with link source address").
The PASN privacy thing seems something that would be desirable also for
mac80211, how would you think it would work there? Also for hwsim
testing I guess :)
> if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) {
> + /* Allow random TA to be used with authentication frames if the
> + * driver has indicated support for this. Otherwise, only allow
> + * the local address to be used.
> + */
> + if (ieee80211_is_auth(mgmt->frame_control) &&
> + wiphy_ext_feature_isset(
> + &rdev->wiphy,
> + NL80211_EXT_FEATURE_AUTH_TX_RANDOM_TA))
> + goto out_tx;
Could use else/if instead of goto? Not sure that's better though :)
johannes
On 8/26/2022 2:17 PM, Johannes Berg wrote:
>
>> - To allow user space to use link address indicated by driver as
>> transmit address for authentication frames triggered by
>> NL80211_CMD_EXTERNAL_AUTH for MLO connection.
> Maybe this is already covered by the changes that are actually
> responsible for it not applying any more?
>
> You can use the link address now, due to commit 6df2810ac9a9 ("wifi:
> cfg80211: Allow MLO TX with link source address").
The pointed commit changes not helpful in external authentication case
due to WDEV won't have link addresses information when external
authentication triggered. The link addresses in WDEV gets updated only
after association during connect response processing.
>
> The PASN privacy thing seems something that would be desirable also for
> mac80211, how would you think it would work there? Also for hwsim
> testing I guess :)
>
Need to check what additional changes needed in mac80211 to support this
feature. I will check and post required mac80211 changes in v2 series.
>> if (!ether_addr_equal(mgmt->sa, wdev_address(wdev))) {
>> + /* Allow random TA to be used with authentication frames if the
>> + * driver has indicated support for this. Otherwise, only allow
>> + * the local address to be used.
>> + */
>> + if (ieee80211_is_auth(mgmt->frame_control) &&
>> + wiphy_ext_feature_isset(
>> + &rdev->wiphy,
>> + NL80211_EXT_FEATURE_AUTH_TX_RANDOM_TA))
>> + goto out_tx;
> Could use else/if instead of goto? Not sure that's better though :)
sure, will do required changes in v2 series
- veeru