This patch series is to add support for randomizing transmit address of
the authentication and deauthentication frames.
The changes submitted in this patch series can be verified with
hostap.git HWSIM test case changes submitted in below link
https://patchwork.ozlabs.org/project/hostap/list/?series=335502&state=*
Veerendranath Jakkam (3):
wifi: nl80211: Add support for randomizing TA of auth and deauth
frames
wifi: mac80211: Add support to randomize TA of auth and deauth frames
wifi: mac80211_hwsim: Add support for randomizing auth and deauth
frames TA
drivers/net/wireless/mac80211_hwsim.c | 26 +++++++++++++
include/net/mac80211.h | 12 ++++++
include/uapi/linux/nl80211.h | 5 +++
net/mac80211/main.c | 3 +-
net/mac80211/offchannel.c | 38 ++++++++++++++++++
net/mac80211/rx.c | 18 +++++++--
net/mac80211/util.c | 7 +++-
net/wireless/mlme.c | 55 ++++++++++++++++++---------
8 files changed, 139 insertions(+), 25 deletions(-)
--
2.25.1
Add support to use a random local address in authentication and
deauthentication frames sent to unassociated peer when the driver
supports.
The driver needs to configure receive behavior to accept frames with
random transmit address specified in TX path authentication frames
during the time of the frame exchange is pending and such frames need to
be acknowledged similarly to frames sent to the local permanent address
when this random address functionality is used.
This capability allows use of randomized transmit address for PASN
authentication frames to improve privacy of WLAN clients.
Signed-off-by: Veerendranath Jakkam <[email protected]>
---
v2:
- Move random address allowed checks to separate function.
---
include/uapi/linux/nl80211.h | 5 ++++
net/wireless/mlme.c | 55 +++++++++++++++++++++++-------------
2 files changed, 41 insertions(+), 19 deletions(-)
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index c14a91bbca7c..6bfcc3d2ec06 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -6294,6 +6294,10 @@ enum nl80211_feature_flags {
* might apply, e.g. no scans in progress, no offchannel operations
* in progress, and no active connections.
*
+ * @NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA: Device supports randomized TA
+ * in authentication and deauthentication frames sent to unassociated peer
+ * using @NL80211_CMD_FRAME.
+ *
* @NUM_NL80211_EXT_FEATURES: number of extended features.
* @MAX_NL80211_EXT_FEATURES: highest extended feature index.
*/
@@ -6362,6 +6366,7 @@ enum nl80211_ext_feature_index {
NL80211_EXT_FEATURE_FILS_CRYPTO_OFFLOAD,
NL80211_EXT_FEATURE_RADAR_BACKGROUND,
NL80211_EXT_FEATURE_POWERED_ADDR_CHANGE,
+ NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA,
/* add new features before the definition below */
NUM_NL80211_EXT_FEATURES,
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 58e1fb18f85a..cfacda5bd80b 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -673,6 +673,39 @@ static bool cfg80211_allowed_address(struct wireless_dev *wdev, const u8 *addr)
return ether_addr_equal(addr, wdev_address(wdev));
}
+static bool cfg80211_allowed_random_address(struct wireless_dev *wdev,
+ const struct ieee80211_mgmt *mgmt)
+{
+ if (ieee80211_is_auth(mgmt->frame_control) ||
+ ieee80211_is_deauth(mgmt->frame_control)) {
+ /* Allow random TA to be used with authentication and
+ * deauthentication frames if the driver has indicated support.
+ */
+ if (wiphy_ext_feature_isset(
+ wdev->wiphy,
+ NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA))
+ return true;
+ } else if (ieee80211_is_action(mgmt->frame_control) &&
+ mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
+ /* Allow random TA to be used with Public Action frames if the
+ * driver has indicated support.
+ */
+ if (!wdev->connected &&
+ wiphy_ext_feature_isset(
+ wdev->wiphy,
+ NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA))
+ return true;
+
+ if (wdev->connected &&
+ wiphy_ext_feature_isset(
+ wdev->wiphy,
+ NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED))
+ return true;
+ }
+
+ return false;
+}
+
int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
struct wireless_dev *wdev,
struct cfg80211_mgmt_tx_params *params, u64 *cookie)
@@ -771,25 +804,9 @@ int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
return err;
}
- if (!cfg80211_allowed_address(wdev, mgmt->sa)) {
- /* Allow random TA to be used with Public Action frames if the
- * driver has indicated support for this. Otherwise, only allow
- * the local address to be used.
- */
- if (!ieee80211_is_action(mgmt->frame_control) ||
- mgmt->u.action.category != WLAN_CATEGORY_PUBLIC)
- return -EINVAL;
- if (!wdev->connected &&
- !wiphy_ext_feature_isset(
- &rdev->wiphy,
- NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA))
- return -EINVAL;
- if (wdev->connected &&
- !wiphy_ext_feature_isset(
- &rdev->wiphy,
- NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED))
- return -EINVAL;
- }
+ if (!cfg80211_allowed_address(wdev, mgmt->sa) &&
+ !cfg80211_allowed_random_address(wdev, mgmt))
+ return -EINVAL;
/* Transmit the management frame as requested by user space */
return rdev_mgmt_tx(rdev, wdev, params, cookie);
--
2.25.1
Add changes to support randomizing TA of the authentication and
deauthentication frames and indicate the support to upper layers.
Signed-off-by: Veerendranath Jakkam <[email protected]>
---
drivers/net/wireless/mac80211_hwsim.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index c57c8903b7c0..40469d2723e5 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -720,6 +720,9 @@ struct mac80211_hwsim_data {
int rx_rssi;
struct mac80211_hwsim_link_data link_data[IEEE80211_MLD_MAX_NUM_LINKS];
+
+ /* Ack the frames with RA as configured temporary address */
+ u8 temp_addr[ETH_ALEN];
};
static const struct rhashtable_params hwsim_rht_params = {
@@ -1237,6 +1240,10 @@ static bool mac80211_hwsim_addr_match(struct mac80211_hwsim_data *data,
if (data->scanning && memcmp(addr, data->scan_addr, ETH_ALEN) == 0)
return true;
+ if (!is_zero_ether_addr(data->temp_addr) &&
+ ether_addr_equal(addr, data->temp_addr))
+ return true;
+
memcpy(md.addr, addr, ETH_ALEN);
ieee80211_iterate_active_interfaces_atomic(data->hw,
@@ -2285,6 +2292,7 @@ static void mac80211_hwsim_vif_info_changed(struct ieee80211_hw *hw,
u64 changed)
{
struct hwsim_vif_priv *vp = (void *)vif->drv_priv;
+ struct mac80211_hwsim_data *hwsim = hw->priv;
hwsim_check_magic(vif);
@@ -2297,6 +2305,22 @@ static void mac80211_hwsim_vif_info_changed(struct ieee80211_hw *hw,
vp->assoc = vif->cfg.assoc;
vp->aid = vif->cfg.aid;
}
+
+ if (changed & BSS_CHANGED_TEMP_ADDR) {
+ wiphy_dbg(hw->wiphy, " TMP_ADDR: vif->cfg.temp_addr=%pM\n",
+ vif->cfg.temp_addr);
+
+ if (!is_zero_ether_addr(hwsim->temp_addr))
+ mac80211_hwsim_config_mac_nl(hw, hwsim->temp_addr,
+ false);
+ if (!is_zero_ether_addr(vif->cfg.temp_addr)) {
+ ether_addr_copy(hwsim->temp_addr, vif->cfg.temp_addr);
+ mac80211_hwsim_config_mac_nl(hw, hwsim->temp_addr,
+ true);
+ } else {
+ eth_zero_addr(hwsim->temp_addr);
+ }
+ }
}
static void mac80211_hwsim_link_info_changed(struct ieee80211_hw *hw,
@@ -4445,6 +4469,8 @@ static int mac80211_hwsim_new_radio(struct genl_info *info,
NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS);
wiphy_ext_feature_set(hw->wiphy,
NL80211_EXT_FEATURE_BEACON_RATE_LEGACY);
+ wiphy_ext_feature_set(hw->wiphy,
+ NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA);
hw->wiphy->interface_modes = param->iftypes;
--
2.25.1
Cache the TA of the authentication and deauthentication frames
temporarily till the response waiting time offchannel period complete
and indicate the temporary address to driver when driver supports
randomizing TA of auth and deauth frames. Driver should allow TX and RX
of the frames when the temporary address is TA and RA respectively.
Allow the authentication and deauthentication frames with cached
address as RA in RX path.
Reported-by: kernel test robot <[email protected]>
Signed-off-by: Veerendranath Jakkam <[email protected]>
---
v2:
- Modify the implementation to allow the authentication and
deauthentication frames with the random address till the response
waiting time off-channel period complete.
- Use BSS changed flag to indicate change in allowed random address to
driver.
v3:
- Fix warning reported by kernel test robot <[email protected]>
---
include/net/mac80211.h | 12 ++++++++++++
net/mac80211/main.c | 3 ++-
net/mac80211/offchannel.c | 38 ++++++++++++++++++++++++++++++++++++++
net/mac80211/rx.c | 18 ++++++++++++++----
net/mac80211/util.c | 7 ++++++-
5 files changed, 72 insertions(+), 6 deletions(-)
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index 689da327ce2e..a6f0987f88a1 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -340,6 +340,8 @@ struct ieee80211_vif_chanctx_switch {
* @BSS_CHANGED_FILS_DISCOVERY: FILS discovery status changed.
* @BSS_CHANGED_UNSOL_BCAST_PROBE_RESP: Unsolicited broadcast probe response
* status changed.
+ * @BSS_CHANGED_TEMP_ADDR: Temporary self address allowed for authentication and
+ * deauthentication frames is changed.
*
*/
enum ieee80211_bss_change {
@@ -375,6 +377,7 @@ enum ieee80211_bss_change {
BSS_CHANGED_HE_BSS_COLOR = 1<<29,
BSS_CHANGED_FILS_DISCOVERY = 1<<30,
BSS_CHANGED_UNSOL_BCAST_PROBE_RESP = 1<<31,
+ BSS_CHANGED_TEMP_ADDR = 1ULL<<32,
/* when adding here, make sure to change ieee80211_reconfig */
};
@@ -1771,6 +1774,14 @@ enum ieee80211_offload_flags {
* your driver/device needs to do.
* @ap_addr: AP MLD address, or BSSID for non-MLO connections
* (station mode only)
+ * @temp_addr: Temporary self address allowed for the authentication and
+ * deauthentication frames till the response waiting time offchannel period
+ * complete. Driver should allow TX and RX of the frames with the temporary
+ * address as TA and RA respectively when it is non zero. This will be set
+ * to zero address when there is no temporary self address is active.
+ * Change in the value of this will be indicated with
+ * @BSS_CHANGED_TEMP_ADDR. This will be indicated only when driver supports
+ * %NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA.
*/
struct ieee80211_vif_cfg {
/* association related data */
@@ -1786,6 +1797,7 @@ struct ieee80211_vif_cfg {
bool s1g;
bool idle;
u8 ap_addr[ETH_ALEN] __aligned(2);
+ u8 temp_addr[ETH_ALEN] __aligned(2);
};
/**
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 846528850612..238cbf05d08d 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -205,7 +205,8 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
BSS_CHANGED_PS |\
BSS_CHANGED_IBSS |\
BSS_CHANGED_ARP_FILTER |\
- BSS_CHANGED_SSID)
+ BSS_CHANGED_SSID |\
+ BSS_CHANGED_TEMP_ADDR)
void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
u64 changed)
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
index d78c82d6b696..54233be31e9b 100644
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -187,6 +187,12 @@ static void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)
roc->mgmt_tx_cookie,
roc->chan, GFP_KERNEL);
+ if (!is_zero_ether_addr(roc->sdata->vif.cfg.temp_addr)) {
+ eth_zero_addr(roc->sdata->vif.cfg.temp_addr);
+ ieee80211_vif_cfg_change_notify(roc->sdata,
+ BSS_CHANGED_TEMP_ADDR);
+ }
+
list_del(&roc->list);
kfree(roc);
}
@@ -234,6 +240,36 @@ static bool ieee80211_recalc_sw_work(struct ieee80211_local *local,
return true;
}
+static void ieee80211_config_temp_addr(struct ieee80211_sub_if_data *sdata,
+ const struct ieee80211_hdr *hdr)
+{
+ unsigned int link;
+
+ if (!wiphy_ext_feature_isset(sdata->local->hw.wiphy,
+ NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA))
+ return;
+
+ if (memcmp(sdata->vif.addr, hdr->addr2, ETH_ALEN) == 0 ||
+ memcmp(sdata->vif.cfg.temp_addr, hdr->addr2, ETH_ALEN) == 0) {
+ return;
+ } else if (sdata->vif.valid_links) {
+ rcu_read_lock();
+ for (link = 0; link < ARRAY_SIZE(sdata->vif.link_conf); link++) {
+ struct ieee80211_bss_conf *link_conf;
+
+ link_conf = rcu_dereference(sdata->vif.link_conf[link]);
+ if (!link_conf)
+ continue;
+ if (memcmp(link_conf->addr, hdr->addr2, ETH_ALEN) == 0)
+ return;
+ }
+ rcu_read_unlock();
+ }
+
+ memcpy(sdata->vif.cfg.temp_addr, hdr->addr2, ETH_ALEN);
+ ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_TEMP_ADDR);
+}
+
static void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc,
unsigned long start_time)
{
@@ -245,6 +281,8 @@ static void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc,
if (roc->mgmt_tx_cookie) {
if (!WARN_ON(!roc->frame)) {
+ ieee80211_config_temp_addr(roc->sdata,
+ (void *) roc->frame->data);
ieee80211_tx_skb_tid_band(roc->sdata, roc->frame, 7,
roc->chan->band);
roc->frame = NULL;
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 7e3ab6e1b28f..a611697cecd0 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -4192,6 +4192,12 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
u8 *bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type);
bool multicast = is_multicast_ether_addr(hdr->addr1) ||
ieee80211_is_s1g_beacon(hdr->frame_control);
+ bool skip_addr1_check = false;
+
+ if ((ieee80211_is_auth(hdr->frame_control) ||
+ ieee80211_is_deauth(hdr->frame_control)) &&
+ ether_addr_equal(sdata->vif.cfg.temp_addr, hdr->addr1))
+ skip_addr1_check = true;
switch (sdata->vif.type) {
case NL80211_IFTYPE_STATION:
@@ -4201,6 +4207,8 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
return false;
if (multicast)
return true;
+ if (skip_addr1_check)
+ return true;
return ieee80211_is_our_addr(sdata, hdr->addr1, &rx->link_id);
case NL80211_IFTYPE_ADHOC:
if (!bssid)
@@ -4213,7 +4221,7 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
return true;
if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid))
return false;
- if (!multicast &&
+ if (!multicast && !skip_addr1_check &&
!ether_addr_equal(sdata->vif.addr, hdr->addr1))
return false;
if (!rx->sta) {
@@ -4233,7 +4241,7 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
return false;
if (!is_broadcast_ether_addr(bssid))
return false;
- if (!multicast &&
+ if (!multicast && !skip_addr1_check &&
!ether_addr_equal(sdata->dev->dev_addr, hdr->addr1))
return false;
if (!rx->sta) {
@@ -4251,10 +4259,12 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
return false;
if (multicast)
return true;
+ if (skip_addr1_check)
+ return true;
return ether_addr_equal(sdata->vif.addr, hdr->addr1);
case NL80211_IFTYPE_AP_VLAN:
case NL80211_IFTYPE_AP:
- if (!bssid)
+ if (!bssid && !skip_addr1_check)
return ieee80211_is_our_addr(sdata, hdr->addr1,
&rx->link_id);
@@ -4266,7 +4276,7 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
* and location updates. Note that mac80211
* itself never looks at these frames.
*/
- if (!multicast &&
+ if (!multicast && !skip_addr1_check &&
!ieee80211_is_our_addr(sdata, hdr->addr1,
&rx->link_id))
return false;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 6f5407038459..fd7e77938023 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -2663,7 +2663,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
/* Finally also reconfigure all the BSS information */
list_for_each_entry(sdata, &local->interfaces, list) {
unsigned int link_id;
- u32 changed;
+ u64 changed;
if (!ieee80211_sdata_running(sdata))
continue;
@@ -2712,6 +2712,11 @@ int ieee80211_reconfig(struct ieee80211_local *local)
BSS_CHANGED_TXPOWER |
BSS_CHANGED_MCAST_RATE;
+ if (!is_zero_ether_addr(sdata->vif.cfg.temp_addr)) {
+ eth_zero_addr(sdata->vif.cfg.temp_addr);
+ changed |= BSS_CHANGED_TEMP_ADDR;
+ }
+
if (sdata->vif.bss_conf.mu_mimo_owner)
changed |= BSS_CHANGED_MU_GROUPS;
--
2.25.1
From: Veerendranath Jakkam <[email protected]>
Cache the TA of the authentication and deauthentication frames
temporarily till the response waiting time offchannel period complete
and indicate the temporary address to driver when driver supports
randomizing TA of auth and deauth frames. Driver should allow TX and RX
of the frames when the temporary address is TA and RA respectively.
Allow the authentication and deauthentication frames with cached
address as RA in RX path.
Signed-off-by: Veerendranath Jakkam <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
[simplify, fix locking]
Signed-off-by: Johannes Berg <[email protected]>
---
So this is the patch I ended up with after some cleanups, but
then at the end I noticed you didn't unset the temp address
when the remain-on-channel expires, and wasn't sure exactly
how that should be handled, and you probably have the better
test setup right now too ...
johannes
---
include/net/mac80211.h | 12 ++++++++++++
net/mac80211/main.c | 3 ++-
net/mac80211/offchannel.c | 38 ++++++++++++++++++++++++++++++++++++++
net/mac80211/rx.c | 18 ++++++++++++++----
net/mac80211/util.c | 7 ++++++-
5 files changed, 72 insertions(+), 6 deletions(-)
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index f12edca660ba..d6ff3bd1dd72 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -341,6 +341,8 @@ struct ieee80211_vif_chanctx_switch {
* @BSS_CHANGED_UNSOL_BCAST_PROBE_RESP: Unsolicited broadcast probe response
* status changed.
* @BSS_CHANGED_EHT_PUNCTURING: The channel puncturing bitmap changed.
+ * @BSS_CHANGED_TEMP_ADDR: Temporary self address allowed for authentication and
+ * deauthentication frames is changed.
*/
enum ieee80211_bss_change {
BSS_CHANGED_ASSOC = 1<<0,
@@ -376,6 +378,7 @@ enum ieee80211_bss_change {
BSS_CHANGED_FILS_DISCOVERY = 1<<30,
BSS_CHANGED_UNSOL_BCAST_PROBE_RESP = 1<<31,
BSS_CHANGED_EHT_PUNCTURING = BIT_ULL(32),
+ BSS_CHANGED_TEMP_ADDR = BIT_ULL(33),
/* when adding here, make sure to change ieee80211_reconfig */
};
@@ -1805,6 +1808,14 @@ enum ieee80211_offload_flags {
* your driver/device needs to do.
* @ap_addr: AP MLD address, or BSSID for non-MLO connections
* (station mode only)
+ * @temp_addr: Temporary self address allowed for the authentication and
+ * deauthentication frames till the response waiting time offchannel period
+ * complete. Driver should allow TX and RX of the frames with the temporary
+ * address as TA and RA respectively when it is non zero. This will be set
+ * to zero address when no temporary self address is active.
+ * Change in the value of this will be indicated with
+ * %BSS_CHANGED_TEMP_ADDR. This will be used only when driver supports
+ * %NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA.
*/
struct ieee80211_vif_cfg {
/* association related data */
@@ -1820,6 +1831,7 @@ struct ieee80211_vif_cfg {
bool s1g;
bool idle;
u8 ap_addr[ETH_ALEN] __aligned(2);
+ u8 temp_addr[ETH_ALEN] __aligned(2);
};
/**
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 846528850612..238cbf05d08d 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -205,7 +205,8 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
BSS_CHANGED_PS |\
BSS_CHANGED_IBSS |\
BSS_CHANGED_ARP_FILTER |\
- BSS_CHANGED_SSID)
+ BSS_CHANGED_SSID |\
+ BSS_CHANGED_TEMP_ADDR)
void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
u64 changed)
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
index d78c82d6b696..74d2b826916a 100644
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -187,6 +187,12 @@ static void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)
roc->mgmt_tx_cookie,
roc->chan, GFP_KERNEL);
+ if (!is_zero_ether_addr(roc->sdata->vif.cfg.temp_addr)) {
+ eth_zero_addr(roc->sdata->vif.cfg.temp_addr);
+ ieee80211_vif_cfg_change_notify(roc->sdata,
+ BSS_CHANGED_TEMP_ADDR);
+ }
+
list_del(&roc->list);
kfree(roc);
}
@@ -234,6 +240,36 @@ static bool ieee80211_recalc_sw_work(struct ieee80211_local *local,
return true;
}
+static void ieee80211_config_temp_addr(struct ieee80211_sub_if_data *sdata,
+ const struct ieee80211_hdr *hdr)
+{
+ unsigned int link;
+
+ if (!wiphy_ext_feature_isset(sdata->local->hw.wiphy,
+ NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA))
+ return;
+
+ if (ether_addr_equal(sdata->vif.cfg.temp_addr, hdr->addr2))
+ return;
+
+ rcu_read_lock();
+ for (link = 0; link < ARRAY_SIZE(sdata->vif.link_conf); link++) {
+ struct ieee80211_bss_conf *link_conf;
+
+ link_conf = rcu_dereference(sdata->vif.link_conf[link]);
+ if (!link_conf)
+ continue;
+ if (ether_addr_equal(link_conf->addr, hdr->addr2)) {
+ rcu_read_unlock();
+ return;
+ }
+ }
+ rcu_read_unlock();
+
+ memcpy(sdata->vif.cfg.temp_addr, hdr->addr2, ETH_ALEN);
+ ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_TEMP_ADDR);
+}
+
static void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc,
unsigned long start_time)
{
@@ -245,6 +281,8 @@ static void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc,
if (roc->mgmt_tx_cookie) {
if (!WARN_ON(!roc->frame)) {
+ ieee80211_config_temp_addr(roc->sdata,
+ (void *) roc->frame->data);
ieee80211_tx_skb_tid_band(roc->sdata, roc->frame, 7,
roc->chan->band);
roc->frame = NULL;
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 0255c5745e1c..fb2c54367046 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -4255,6 +4255,12 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
u8 *bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type);
bool multicast = is_multicast_ether_addr(hdr->addr1) ||
ieee80211_is_s1g_beacon(hdr->frame_control);
+ bool skip_addr1_check = false;
+
+ if ((ieee80211_is_auth(hdr->frame_control) ||
+ ieee80211_is_deauth(hdr->frame_control)) &&
+ ether_addr_equal(sdata->vif.cfg.temp_addr, hdr->addr1))
+ skip_addr1_check = true;
switch (sdata->vif.type) {
case NL80211_IFTYPE_STATION:
@@ -4265,6 +4271,8 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
return false;
if (multicast)
return true;
+ if (skip_addr1_check)
+ return true;
return ieee80211_is_our_addr(sdata, hdr->addr1, &rx->link_id);
case NL80211_IFTYPE_ADHOC:
if (!bssid)
@@ -4277,7 +4285,7 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
return true;
if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid))
return false;
- if (!multicast &&
+ if (!multicast && !skip_addr1_check &&
!ether_addr_equal(sdata->vif.addr, hdr->addr1))
return false;
if (!rx->sta) {
@@ -4297,7 +4305,7 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
return false;
if (!is_broadcast_ether_addr(bssid))
return false;
- if (!multicast &&
+ if (!multicast && !skip_addr1_check &&
!ether_addr_equal(sdata->dev->dev_addr, hdr->addr1))
return false;
if (!rx->sta) {
@@ -4315,10 +4323,12 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
return false;
if (multicast)
return true;
+ if (skip_addr1_check)
+ return true;
return ether_addr_equal(sdata->vif.addr, hdr->addr1);
case NL80211_IFTYPE_AP_VLAN:
case NL80211_IFTYPE_AP:
- if (!bssid)
+ if (!bssid && !skip_addr1_check)
return ieee80211_is_our_addr(sdata, hdr->addr1,
&rx->link_id);
@@ -4330,7 +4340,7 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
* and location updates. Note that mac80211
* itself never looks at these frames.
*/
- if (!multicast &&
+ if (!multicast && !skip_addr1_check &&
!ieee80211_is_our_addr(sdata, hdr->addr1,
&rx->link_id))
return false;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 1a28fe5cb614..017bfb0e5387 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -2614,7 +2614,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
/* Finally also reconfigure all the BSS information */
list_for_each_entry(sdata, &local->interfaces, list) {
unsigned int link_id;
- u32 changed;
+ u64 changed;
if (!ieee80211_sdata_running(sdata))
continue;
@@ -2663,6 +2663,11 @@ int ieee80211_reconfig(struct ieee80211_local *local)
BSS_CHANGED_TXPOWER |
BSS_CHANGED_MCAST_RATE;
+ if (!is_zero_ether_addr(sdata->vif.cfg.temp_addr)) {
+ eth_zero_addr(sdata->vif.cfg.temp_addr);
+ changed |= BSS_CHANGED_TEMP_ADDR;
+ }
+
if (sdata->vif.bss_conf.mu_mimo_owner)
changed |= BSS_CHANGED_MU_GROUPS;
--
2.39.2
Applied this one, FWIW.
johannes
On 3/7/2023 3:52 PM, Johannes Berg wrote:
> ---
> So this is the patch I ended up with after some cleanups, but
> then at the end I noticed you didn't unset the temp address
> when the remain-on-channel expires, and wasn't sure exactly
> how that should be handled, and you probably have the better
> test setup right now too ...
>
> johannes
> ---
Apologies for the delayed response. Thanks for the cleaning up the patch.
Regarding the comment on clearing temp address, I think the temp address
should get cleared with below changes added in
ieee80211_roc_notify_destroy() when remain-on-channel expires. Please
let me know if I am missing something.
> diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
> index d78c82d6b696..74d2b826916a 100644
> --- a/net/mac80211/offchannel.c
> +++ b/net/mac80211/offchannel.c
> @@ -187,6 +187,12 @@ static void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)
> roc->mgmt_tx_cookie,
> roc->chan, GFP_KERNEL);
>
> + if (!is_zero_ether_addr(roc->sdata->vif.cfg.temp_addr)) {
> + eth_zero_addr(roc->sdata->vif.cfg.temp_addr);
> + ieee80211_vif_cfg_change_notify(roc->sdata,
> + BSS_CHANGED_TEMP_ADDR);
> + }
> +
> list_del(&roc->list);
> kfree(roc);
> }
--
veeru
On Thu, 2023-04-06 at 18:47 +0530, Veerendranath Jakkam wrote:
> On 3/7/2023 3:52 PM, Johannes Berg wrote:
> > ---
> > So this is the patch I ended up with after some cleanups, but
> > then at the end I noticed you didn't unset the temp address
> > when the remain-on-channel expires, and wasn't sure exactly
> > how that should be handled, and you probably have the better
> > test setup right now too ...
> Apologies for the delayed response. Thanks for the cleaning up the patch.
>
> Regarding the comment on clearing temp address, I think the temp address
> should get cleared with below changes added in
> ieee80211_roc_notify_destroy() when remain-on-channel expires. Please
> let me know if I am missing something.
>
>
> > diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
> > index d78c82d6b696..74d2b826916a 100644
> > --- a/net/mac80211/offchannel.c
> > +++ b/net/mac80211/offchannel.c
> > @@ -187,6 +187,12 @@ static void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)
> > roc->mgmt_tx_cookie,
> > roc->chan, GFP_KERNEL);
> >
> > + if (!is_zero_ether_addr(roc->sdata->vif.cfg.temp_addr)) {
> > + eth_zero_addr(roc->sdata->vif.cfg.temp_addr);
> > + ieee80211_vif_cfg_change_notify(roc->sdata,
> > + BSS_CHANGED_TEMP_ADDR);
> > + }
> > +
> > list_del(&roc->list);
> > kfree(roc);
> > }
>
Huh, yeah, looks like I just missed that? Sorry about that.
Seeing that though, I remembered another thing - don't we have to adjust
the merging logic in ieee80211_start_roc_work() and maybe also
ieee80211_coalesce_hw_started_roc()?
johannes
On 4/11/2023 3:45 PM, Johannes Berg wrote:
>
> Huh, yeah, looks like I just missed that? Sorry about that.
>
> Seeing that though, I remembered another thing - don't we have to adjust
> the merging logic in ieee80211_start_roc_work() and maybe also
> ieee80211_coalesce_hw_started_roc()?
>
> johannes
All the cases(HW/SW RoCs, merged/combined RoCs) handled in
ieee80211_start_roc_work() and ieee80211_coalesce_hw_started_roc()
should end up calling ieee80211_handle_roc_started(), hence kept the
temp_address configuration logic in ieee80211_handle_roc_started().
Please let me know if I am missing something?
--
veeru
On 3/7/2023 3:52 PM, Johannes Berg wrote:
> ---
> So this is the patch I ended up with after some cleanups, but
> then at the end I noticed you didn't unset the temp address
> when the remain-on-channel expires, and wasn't sure exactly
> how that should be handled, and you probably have the better
> test setup right now too ...
>
> johannes
> ---
Hi Johannes,
I verified this patch using below "mac80211_hwsim" and hostap patches.
It is working fine.
https://patchwork.kernel.org/project/linux-wireless/patch/[email protected]/
https://patchwork.ozlabs.org/project/hostap/list/?series=335502&state=*
<https://patchwork.ozlabs.org/project/hostap/list/?series=335502&state=*>
- hostap HWSIM test changes
---
veeru