[PATCH v2 21/44] AP: MLO: Handle 802.1X port authorization

Andrei Otcheretianski andrei.otcheretianski at intel.com
Mon May 22 12:33:49 PDT 2023


From: Ilan Peer <ilan.peer at intel.com>

Handle 802.1X port authorization in the context of MLO.

Signed-off-by: Ilan Peer <ilan.peer at intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski at intel.com>
---
 src/ap/ieee802_11.c |  2 +-
 src/ap/ieee802_11.h |  1 +
 src/ap/ieee802_1x.c | 86 +++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 88 insertions(+), 1 deletion(-)

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index cb868e8671..43558a0e46 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -4432,7 +4432,7 @@ out:
 					      sizeof(link->resp_sta_profile));
 }
 
-static bool hostapd_is_mld_ap(struct hostapd_data *hapd)
+bool hostapd_is_mld_ap(struct hostapd_data *hapd)
 {
 	if (!hapd->conf->mld_ap)
 		return false;
diff --git a/src/ap/ieee802_11.h b/src/ap/ieee802_11.h
index 2eb40a33ce..cc05c98a18 100644
--- a/src/ap/ieee802_11.h
+++ b/src/ap/ieee802_11.h
@@ -237,4 +237,5 @@ u8 * hostapd_eid_mbssid(struct hostapd_data *hapd, u8 *eid, u8 *end,
 void punct_update_legacy_bw(u16 bitmap, u8 pri_chan,
 			    enum oper_chan_width *width, u8 *seg0, u8 *seg1);
 
+bool hostapd_is_mld_ap(struct hostapd_data *hapd);
 #endif /* IEEE802_11_H */
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index 274fd2f613..33d47802f6 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -104,6 +104,90 @@ static void ieee802_1x_send(struct hostapd_data *hapd, struct sta_info *sta,
 }
 
 
+#ifdef CONFIG_IEEE80211BE
+
+static void ieee802_1x_ml_set_link_sta_auth(struct hostapd_data *hapd,
+					    struct sta_info *sta,
+					    bool authorized)
+{
+	int res;
+
+	if (sta->flags & WLAN_STA_PREAUTH)
+		return;
+
+	ap_sta_set_authorized(hapd, sta, !!authorized);
+	res = hostapd_set_authorized(hapd, sta, !!authorized);
+	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+		       HOSTAPD_LEVEL_DEBUG, "%sauthorizing port",
+		       authorized ? "" : "un");
+
+	if (res) {
+		wpa_printf(MSG_DEBUG,
+			   "MLD: Could not set station " MACSTR " flags",
+			   MAC2STR(sta->addr));
+	}
+
+	if (authorized) {
+		os_get_reltime(&sta->connected_time);
+		accounting_sta_start(hapd, sta);
+	}
+}
+
+#endif /* CONFIG_IEEE80211BE */
+
+
+static void ieee802_1x_ml_set_sta_authorized(struct hostapd_data *hapd,
+					     struct sta_info *sta,
+					     bool authorized)
+{
+#ifdef CONFIG_IEEE80211BE
+	u8 i, link_id;
+
+	if (!hostapd_is_mld_ap(hapd))
+		return;
+
+	/*
+	 * Authorizing the station should be done only in the station
+	 * performing the association
+	 */
+	if (authorized && hapd->mld_link_id != sta->mld_assoc_link_id)
+		return;
+
+	for (link_id = 0; link_id < MAX_NUM_MLD_LINKS; link_id++) {
+		struct mld_link_info *link = &sta->mld_info.links[link_id];
+
+		if (!link->valid)
+			continue;
+
+		for (i = 0; i < hapd->iface->interfaces->count; i++) {
+			struct sta_info *tmp_sta;
+			struct hostapd_data *tmp_hapd =
+				hapd->iface->interfaces->iface[i]->bss[0];
+
+			if (tmp_hapd->conf->mld_ap ||
+			    hapd->conf->mld_id != tmp_hapd->conf->mld_id)
+				continue;
+
+			for (tmp_sta = tmp_hapd->sta_list; tmp_sta;
+			     tmp_sta = tmp_sta->next) {
+				if (tmp_sta == sta ||
+				    tmp_sta->mld_assoc_link_id !=
+				    sta->mld_assoc_link_id ||
+				    tmp_sta->aid != sta->aid)
+					continue;
+
+				ieee802_1x_ml_set_link_sta_auth(tmp_hapd,
+								tmp_sta,
+								authorized);
+				break;
+			}
+		}
+	}
+#endif /* CONFIG_IEEE80211BE */
+}
+
+
+
 void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd,
 				   struct sta_info *sta, int authorized)
 {
@@ -134,6 +218,8 @@ void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd,
 		os_get_reltime(&sta->connected_time);
 		accounting_sta_start(hapd, sta);
 	}
+
+	ieee802_1x_ml_set_sta_authorized(hapd, sta, !!authorized);
 }
 
 
-- 
2.38.1




More information about the Hostap mailing list