[PATCH] nl80211: use the new NL80211_MFP_OPTIONAL option

Andrei Otcheretianski andrei.otcheretianski at intel.com
Thu Feb 1 06:21:57 PST 2018 

From: Emmanuel Grumbach <emmanuel.grumbach at intel.com>

Now we can configure the network block so that it allows
MFP for the NL80211_CMD_CONNECT command. If the kernel
finds an AP that requires MFP, it'll be able to connect
to it.
Note that since NL80211_MFP_OPTIONAL isn't supported for
NL80211_CMD_ASSOCIATE, we need to take the MFP
configuration outside nl80211_connect_common.
In addition, check that NL80211_EXT_FEATURE_MFP_OPTIONAL is
supported, to be backward compatible with older kernels.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach at intel.com>
---
 src/drivers/driver.h              |  2 ++
 src/drivers/driver_nl80211.c      | 17 +++++++++++++----
 src/drivers/driver_nl80211_capa.c |  4 ++++
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index e26479f..6eb349e 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1563,6 +1563,8 @@ struct wpa_driver_capa {
  * functionality but can support only OCE STA-CFON functionality.
  */
 #define WPA_DRIVER_FLAGS_OCE_STA_CFON		0x0020000000000000ULL
+/** Driver supports OPTIONAL MFP in the connect command */
+#define WPA_DRIVER_FLAGS_MFP_OPTIONAL		0x0040000000000000ULL
 	u64 flags;
 
 #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index b67f4a7..2911187 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -5367,10 +5367,6 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
 	     nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
 		return -1;
 
-	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED &&
-	    nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED))
-		return -1;
-
 	if (params->rrm_used) {
 		u32 drv_rrm_flags = drv->capa.rrm_flags;
 		if ((!((drv_rrm_flags &
@@ -5441,6 +5437,15 @@ static int wpa_driver_nl80211_try_connect(
 	if (ret)
 		goto fail;
 
+	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED &&
+	    nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED))
+		goto fail;
+
+	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_OPTIONAL &&
+	    (drv->capa.flags & WPA_DRIVER_FLAGS_MFP_OPTIONAL) &&
+	    nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_OPTIONAL))
+		goto fail;
+
 	algs = 0;
 	if (params->auth_alg & WPA_AUTH_ALG_OPEN)
 		algs++;
@@ -5552,6 +5557,10 @@ static int wpa_driver_nl80211_associate(
 	if (ret)
 		goto fail;
 
+	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED &&
+	    nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED))
+		goto fail;
+
 	if (params->fils_kek) {
 		wpa_printf(MSG_DEBUG, "  * FILS KEK (len=%u)",
 			   (unsigned int) params->fils_kek_len);
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index fd8b457..e5bc769 100644
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -407,6 +407,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
 	    ext_feature_isset(ext_features, len,
 			      NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
 		capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE;
+
+	if (ext_feature_isset(ext_features, len,
+			      NL80211_EXT_FEATURE_MFP_OPTIONAL))
+		capa->flags |= WPA_DRIVER_FLAGS_MFP_OPTIONAL;
 }
 
 
-- 
2.7.4

More information about the Hostap mailing list