[PATCH] bss: enable discovery of SSID for known OWE BSS

Jouni Malinen j at w1.fi
Thu Dec 26 09:42:37 PST 2024 

On Tue, Oct 08, 2024 at 03:14:03AM +0200, David Bauer wrote:
> OWE BSSIDs are beaconed with a hidden SSID set, including them with a
> hidden SSID in the scan_results when not explicitly proed for.
> 
> Currently wpa_supplicant creates suplicate entries for these BSSIDs in
> the scan-list instead of updating the hidden results with the learnt
> SSID when probing on a connection for OWE networks.
> 
> Update existing entries with hidden SSID instead. Also update entries
> with learnt SSID when receiving a beacon frame for this SSID.
> 
> This is required to consistently fix roaming when connected to an OWE
> network.

Would you be able to share a debug log showing a case which does not
work without this patch but works with the patch?

I'm not exactly fond of this type of changes as an OWE specific change
since none of the changes here are really using any information that
would be different for OWE transition mode than any other use of hidden
SSIDs. Furthermore, I do not think it is really correct to modify an
already adding BSS entry (i.e., replacing the zero length SSID with a
specific SSID) since those modified entries could result in unexpected
behavior for external programs.

> diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
> @@ -938,7 +941,76 @@ void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s,

> -	bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]);
> +#ifdef CONFIG_OWE
> +	rsn = wpa_scan_get_ie(res, WLAN_EID_RSN);
> +	owe = wpa_scan_get_vendor_ie(res, OWE_IE_VENDOR_TYPE);
> +
> +	if (owe && rsn) {
> +		struct wpa_bss *owe_tm_bss;
> +
> +		/*
> +		 * OWE Transition networks shall be handled in two ways:
> +		 * 1. Check if we have the network in our scan table
> +		 * 2.a Scan-Table entry has known SSID, current result has none
> +		 *     --> Abort
> +		 * 2.b Scan-Table entry has no known SSID, current Result has one
> +		 *     --> Update the scan-table entry
> +		 */
> +
> +		if (ssid[1] != 0 && ssid[2] != 0) {

What is that ssid[2] != 0 about? SSID is an arbitrary octet string of
1..32 octets and even 0x00 is a valid octet.. Sure, it is not commonly
used, but still, it is valid as far as the IEEE 802.11 standard is
concerned.

> +			/* Current result has SSID */
> +
> +			/* Check if we have a potential network with missing to update */
> +			dl_list_for_each(owe_tm_bss, &wpa_s->bss, struct wpa_bss, list) {
> +				if (!ether_addr_equal(owe_tm_bss->bssid, res->bssid))
> +					continue;
> +
> +				/* Need to be encrypted transition SSID*/
> +				if (!wpa_bss_get_ie(owe_tm_bss, WLAN_EID_RSN))
> +					continue;
> +
> +				if (!wpa_bss_get_vendor_ie(owe_tm_bss, OWE_IE_VENDOR_TYPE))
> +					continue;
> +
> +				if (owe_tm_bss->ssid_len != 0 && owe_tm_bss->ssid[0] != 0)
> +					continue;
> +
> +				/* We have a network to update */
> +				owe_tm_bss->ssid_len = ssid[1];
> +				os_memcpy(owe_tm_bss->ssid, ssid + 2, ssid[1]);
> +				break;

This is something I would prefer not to do, i.e., I would rather
maintain two BSS entries for any BSS that uses hidden SSIDs (regardless
of whether it is for OWE transition mode).

> +		} else {
> +			/* Current result lacks SSID */
> +
> +			/* Check if we've learnt an SSID for said network */
> +			dl_list_for_each(owe_tm_bss, &wpa_s->bss, struct wpa_bss, list) {
> +				if (!ether_addr_equal(owe_tm_bss->bssid, res->bssid))
> +					continue;
> +
> +				/* Need to be encrypted transition SSID*/
> +				if (!wpa_bss_get_ie(owe_tm_bss, WLAN_EID_RSN))
> +					continue;
> +
> +				if (!wpa_bss_get_vendor_ie(owe_tm_bss, OWE_IE_VENDOR_TYPE))
> +					continue;
> +
> +				if (owe_tm_bss->ssid_len == 0)
> +					continue;
> +
> +				/* Transition network is stored with SSID in scan-results.
> +				 * Continue with this result.
> +				 */
> +				bss = owe_tm_bss;
> +				break;

None of this really seems to be specific to OWE transition mode.. The
best approach for handling new scan results for entries that have no
SSID might be to iterate over all wpa_supplicant BSS entries and update
them if they have the same BSSID regardless of their SSID. Even better
would be to do that only for the entries that do not have a matching
SSID entry in the same scan update round (i.e., update the local BSS
entry with the same BSSID if that entry has ssid_len == 0 or if the
current set of scan results did not have an entry for the BSSID,SSID
tuple that is in in the current BSS but BSSID matches).

-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list