[PATCH 1/1] hostapd: Allow roam from OWE transition to OWE only AP

Vinayak Yadawad vinayak.yadawad at broadcom.com
Thu Jan 2 00:58:07 PST 2025 

Hi Jouni,

The scenario is of multiple APs containing both OWE-transition and OWE
only mode APs in same network. The OWE BSS of transition mode and OWE
only AP
is configured with same SSID and roam is attempted between them.
Initially the STA is connected to OWE-transition AP in OWE mode.
For e.g: open mode SSID is "SSID_open" and transition mode SSID is
"SSID1_owe". Now when a roam is triggered to an OWE-only AP with name
"SSID1_owe", the SSID comparison fails as ssid profile stores open BSS
SSID (SSID_open). The roam fails with error "No network configuration
found for the current AP".
 So the current change would help to compare the previous connection
SSID instead of conf->SSID.

Logs for roam failure from OWE-transition to OWE-only AP:
   689.959  2125  2125 D wpa_supplicant: wlan0: Associated to a new
BSS: BSSID=00:90:4c:4c:84:99
   689.959  2125  2125 D wpa_supplicant: wlan0: Driver-initiated BSS
selection changed the SSID to G3_Tb_58_AP_ROAM_2G_6_19_owe
   689.959  2125  2125 D wpa_supplicant: wlan0: Select network based
on association information
   689.959  2125  2125 I wpa_supplicant: wlan0: No network
configuration found for the current AP
   689.959  2125  2125 D wpa_supplicant: wlan0: Request to
deauthenticate - bssid=00:90:4c:4c:84:99
pending_bssid=00:00:00:00:00:00 reason=3 (DEAUTH_LEAVING)
state=ASSOCIATED valid_links=0x0 ap_mld_addr=00:00:00:00:00:00
   689.959  2125  2125 D wpa_supplicant: TDLS: Tear down peers
   689.959  2125  2125 D wpa_supplicant:
wpa_driver_nl80211_disconnect(reason_code=3)
   690.388  2125  2125 I wpa_supplicant: nl80211: send_event_marker
failed: Source based routing not supported
   690.388  2125  2125 D wpa_supplicant: wlan0: Event DEAUTH (11) received
   690.388  2125  2125 D wpa_supplicant: wlan0: Deauthentication notification
   690.388  2125  2125 D wpa_supplicant: wlan0:  * reason 3
(DEAUTH_LEAVING) locally_generated=1
   690.388  2125  2125 D wpa_supplicant: Deauthentication frame IE(s)
- hexdump(len=0): [NULL]
   690.388  2125  2125 I wpa_supplicant: wlan0:
CTRL-EVENT-DISCONNECTED bssid=00:90:4c:4c:84:99 reason=3
locally_generated=1

Regards,
Vinayak


On Fri, Dec 27, 2024 at 12:34 AM Jouni Malinen <j at w1.fi> wrote:
>
> On Fri, Dec 13, 2024 at 02:15:27PM +0530, Vinayak Yadawad wrote:
> > Currently STA roam works fine in case of OWE only AP to
> > OWE-transition mode AP. The roam fails when STA is connected
> > in OWE mode with OWE transition AP to an OWE only AP. In the
> > OWE transition case, the current_ssid stores only open network
> > SSID, specific check is required to compare the OWE BSS ssid
> > from the previous target and new target.
>
> The change in owe_trans_ssid() is a clear fix to a recent regression, so
> I applied that separately. As far as the changes in
> wpa_supplicant_select_config() are concerned, I'm not completely sure I
> understood them since the comment about the added OWE transition mode AP
> to OWE-only AP comparison of the SSID does not seem to match what I
> would have expected from the actual memcmp(). The SSID of the previous
> BSS (i.e., the transition mode AP) is a random value that does not match
> the network profile whereas the SSID of the selected BSS (i.e., OWE-only
> AP) is the SSID of the network profile. Those are different and as such,
> the new memcmp() == 0 case would not be met..
>
> Would you be able to share a debug log showing what fails without this
> patch?
>
> I did some cleanup while reviewing and trying to understand this and
> this is what I came up with while still not fully understanding what
> this trying to do:
>
> From: Vinayak Yadawad <vinayak.yadawad at broadcom.com>
> Date: Fri, 13 Dec 2024 14:15:27 +0530
> Subject: [PATCH] OWE: Allow roam from OWE transition mode AP to OWE-only AP
>
> Currently STA roam works fine in case of OWE only AP to
> OWE-transition mode AP. The roam fails when STA is connected
> in OWE mode with OWE transition AP to an OWE only AP. In the
> OWE transition case, the current_ssid stores only open network
> SSID, specific check is required to compare the OWE BSS ssid
> from the previous target and new target.
>
> Signed-off-by: Vinayak Yadawad <vinayak.yadawad at broadcom.com>
> ---
>  wpa_supplicant/events.c | 38 ++++++++++++++++++++++++++++++++------
>  1 file changed, 32 insertions(+), 6 deletions(-)
>
> diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
> index 279838afa2bf..e7285fcb5cea 100644
> --- a/wpa_supplicant/events.c
> +++ b/wpa_supplicant/events.c
> @@ -226,6 +226,15 @@ static int wpa_supplicant_select_config(struct wpa_supplicant *wpa_s,
>         int res;
>
>         if (wpa_s->conf->ap_scan == 1 && wpa_s->current_ssid) {
> +#ifdef CONFIG_OWE
> +               struct wpa_bss *prev_bss;
> +
> +               /* Remember the current BSS entry before update to a new one to
> +                * allow appropriate comparison in OWE transition mode cases
> +                * below. */
> +               prev_bss = wpa_s->current_bss;
> +#endif /* CONFIG_OWE */
> +
>                 wpa_supplicant_update_current_bss(wpa_s, wpa_s->bssid);
>
>                 if (wpa_s->current_ssid->ssid_len == 0)
> @@ -245,12 +254,29 @@ static int wpa_supplicant_select_config(struct wpa_supplicant *wpa_s,
>
>  #ifdef CONFIG_OWE
>                 if ((wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
> -                   wpa_s->current_bss &&
> -                   (wpa_s->current_bss->flags & WPA_BSS_OWE_TRANSITION) &&
> -                   drv_ssid_len == wpa_s->current_bss->ssid_len &&
> -                   os_memcmp(drv_ssid, wpa_s->current_bss->ssid,
> -                             drv_ssid_len) == 0)
> -                       return 0; /* current profile still in use */
> +                   wpa_s->current_bss) {
> +                       /* Handle the case where the selected BSS uses OWE
> +                        * transition mode */
> +                       if ((wpa_s->current_bss->flags &
> +                            WPA_BSS_OWE_TRANSITION) &&
> +                           drv_ssid_len == wpa_s->current_bss->ssid_len &&
> +                           os_memcmp(drv_ssid, wpa_s->current_bss->ssid,
> +                                     drv_ssid_len) == 0)
> +                               return 0; /* current profile still in use */
> +
> +                       /* Handle the case where the selected BSS uses OWE-only
> +                        * mode and the previous one uses OWE transition mode.
> +                        * The connected SSID would be that of the OWE network
> +                        * where as current_ssid stores the open network SSID.
> +                        */
> +                       if (prev_bss &&
> +                           (prev_bss->flags & WPA_BSS_OWE_TRANSITION) &&
> +                           (prev_bss->ssid_len ==
> +                            wpa_s->current_bss->ssid_len) &&
> +                           os_memcmp(prev_bss->ssid, wpa_s->current_bss->ssid,
> +                                     wpa_s->current_bss->ssid_len) == 0)
> +                               return 0; /* current profile still in use */
> +               }
>  #endif /* CONFIG_OWE */
>
>                 wpa_msg(wpa_s, MSG_DEBUG,
> --
> 2.43.0
>
> --
> Jouni Malinen                                            PGP id EFC895FA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4218 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20250102/892263df/attachment.p7s>

More information about the Hostap mailing list