提交 503c1fb9 编写于 作者: A Avraham Stern 提交者: Johannes Berg

cfg80211/nl80211: add a port authorized event

Add an event that indicates that a connection is authorized
(i.e. the 4 way handshake was performed by the driver). This event
should be sent by the driver after sending a connect/roamed event.

This is useful for networks that require 802.1X authentication.
In cases that the driver supports 4 way handshake offload, but the
802.1X authentication is managed by user space, the driver needs to
inform user space right after the 802.11 association was completed
so user space can initialize its 802.1X state machine etc.
However, it is also possible that the AP will choose to skip the
802.1X authentication (e.g. when PMKSA caching is used) and proceed
with the 4 way handshake immediately. In this case the driver needs
to inform user space that 802.1X authentication is no longer required
(e.g. to prevent user space from disconnecting since it did not get
any EAPOLs from the AP).

This is also useful for roaming, in which case it is possible that
the driver used the Fast Transition protocol so 802.1X is not
required.

Since there will now be a dedicated notification indicating that the
connection is authorized, the authorized flag can be removed from the
roamed event. Drivers can send the new port authorized event right
after sending the roamed event to indicate the new AP is already
authorized. This therefore reserves the old PORT_AUTHORIZED attribute.
Signed-off-by: NAvraham Stern <avraham.stern@intel.com>
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
上级 66b1bedf
...@@ -5428,9 +5428,6 @@ cfg80211_connect_timeout(struct net_device *dev, const u8 *bssid, ...@@ -5428,9 +5428,6 @@ cfg80211_connect_timeout(struct net_device *dev, const u8 *bssid,
* @req_ie_len: association request IEs length * @req_ie_len: association request IEs length
* @resp_ie: association response IEs (may be %NULL) * @resp_ie: association response IEs (may be %NULL)
* @resp_ie_len: assoc response IEs length * @resp_ie_len: assoc response IEs length
* @authorized: true if the 802.1X authentication was done by the driver or is
* not needed (e.g., when Fast Transition protocol was used), false
* otherwise. Ignored for networks that don't use 802.1X authentication.
*/ */
struct cfg80211_roam_info { struct cfg80211_roam_info {
struct ieee80211_channel *channel; struct ieee80211_channel *channel;
...@@ -5440,7 +5437,6 @@ struct cfg80211_roam_info { ...@@ -5440,7 +5437,6 @@ struct cfg80211_roam_info {
size_t req_ie_len; size_t req_ie_len;
const u8 *resp_ie; const u8 *resp_ie;
size_t resp_ie_len; size_t resp_ie_len;
bool authorized;
}; };
/** /**
...@@ -5464,6 +5460,23 @@ struct cfg80211_roam_info { ...@@ -5464,6 +5460,23 @@ struct cfg80211_roam_info {
void cfg80211_roamed(struct net_device *dev, struct cfg80211_roam_info *info, void cfg80211_roamed(struct net_device *dev, struct cfg80211_roam_info *info,
gfp_t gfp); gfp_t gfp);
/**
* cfg80211_port_authorized - notify cfg80211 of successful security association
*
* @dev: network device
* @bssid: the BSSID of the AP
* @gfp: allocation flags
*
* This function should be called by a driver that supports 4 way handshake
* offload after a security association was successfully established (i.e.,
* the 4 way handshake was completed successfully). The call to this function
* should be preceded with a call to cfg80211_connect_result(),
* cfg80211_connect_done(), cfg80211_connect_bss() or cfg80211_roamed() to
* indicate the 802.11 association.
*/
void cfg80211_port_authorized(struct net_device *dev, const u8 *bssid,
gfp_t gfp);
/** /**
* cfg80211_disconnected - notify cfg80211 that connection was dropped * cfg80211_disconnected - notify cfg80211 that connection was dropped
* *
......
...@@ -569,13 +569,14 @@ ...@@ -569,13 +569,14 @@
* authentication/association or not receiving a response from the AP. * authentication/association or not receiving a response from the AP.
* Non-zero %NL80211_ATTR_STATUS_CODE value is indicated in that case as * Non-zero %NL80211_ATTR_STATUS_CODE value is indicated in that case as
* well to remain backwards compatible. * well to remain backwards compatible.
* @NL80211_CMD_ROAM: notifcation indicating the card/driver roamed by itself. * When establishing a security association, drivers that support 4 way
* When the driver roamed in a network that requires 802.1X authentication, * handshake offload should send %NL80211_CMD_PORT_AUTHORIZED event when
* %NL80211_ATTR_PORT_AUTHORIZED should be set if the 802.1X authentication * the 4 way handshake is completed successfully.
* was done by the driver or if roaming was done using Fast Transition * @NL80211_CMD_ROAM: Notification indicating the card/driver roamed by itself.
* protocol (in which case 802.1X authentication is not needed). If * When a security association was established with the new AP (e.g. if
* %NL80211_ATTR_PORT_AUTHORIZED is not set, user space is responsible for * the FT protocol was used for roaming or the driver completed the 4 way
* the 802.1X authentication. * handshake), this event should be followed by an
* %NL80211_CMD_PORT_AUTHORIZED event.
* @NL80211_CMD_DISCONNECT: drop a given connection; also used to notify * @NL80211_CMD_DISCONNECT: drop a given connection; also used to notify
* userspace that a connection was dropped by the AP or due to other * userspace that a connection was dropped by the AP or due to other
* reasons, for this the %NL80211_ATTR_DISCONNECTED_BY_AP and * reasons, for this the %NL80211_ATTR_DISCONNECTED_BY_AP and
...@@ -982,6 +983,12 @@ ...@@ -982,6 +983,12 @@
* @NL80211_CMD_DEL_PMK: For offloaded 4-Way handshake, delete the previously * @NL80211_CMD_DEL_PMK: For offloaded 4-Way handshake, delete the previously
* configured PMK for the authenticator address identified by * configured PMK for the authenticator address identified by
* &NL80211_ATTR_MAC. * &NL80211_ATTR_MAC.
* @NL80211_CMD_PORT_AUTHORIZED: An event that indicates that the 4 way
* handshake was completed successfully by the driver. The BSSID is
* specified with &NL80211_ATTR_MAC. Drivers that support 4 way handshake
* offload should send this event after indicating 802.11 association with
* &NL80211_CMD_CONNECT or &NL80211_CMD_ROAM. If the 4 way handshake failed
* &NL80211_CMD_DISCONNECT should be indicated instead.
* *
* @NL80211_CMD_MAX: highest used command number * @NL80211_CMD_MAX: highest used command number
* @__NL80211_CMD_AFTER_LAST: internal use * @__NL80211_CMD_AFTER_LAST: internal use
...@@ -1185,6 +1192,8 @@ enum nl80211_commands { ...@@ -1185,6 +1192,8 @@ enum nl80211_commands {
NL80211_CMD_SET_PMK, NL80211_CMD_SET_PMK,
NL80211_CMD_DEL_PMK, NL80211_CMD_DEL_PMK,
NL80211_CMD_PORT_AUTHORIZED,
/* add new commands above here */ /* add new commands above here */
/* used to define NL80211_CMD_MAX below */ /* used to define NL80211_CMD_MAX below */
...@@ -2138,10 +2147,7 @@ enum nl80211_commands { ...@@ -2138,10 +2147,7 @@ enum nl80211_commands {
* in %NL80211_CMD_CONNECT to indicate that for 802.1X authentication it * in %NL80211_CMD_CONNECT to indicate that for 802.1X authentication it
* wants to use the supported offload of the 4-way handshake. * wants to use the supported offload of the 4-way handshake.
* @NL80211_ATTR_PMKR0_NAME: PMK-R0 Name for offloaded FT. * @NL80211_ATTR_PMKR0_NAME: PMK-R0 Name for offloaded FT.
* @NL80211_ATTR_PORT_AUTHORIZED: flag attribute used in %NL80211_CMD_ROAMED * @NL80211_ATTR_PORT_AUTHORIZED: (reserved)
* notification indicating that that 802.1X authentication was done by
* the driver or is not needed (because roaming used the Fast Transition
* protocol).
* *
* @NUM_NL80211_ATTR: total number of nl80211_attrs available * @NUM_NL80211_ATTR: total number of nl80211_attrs available
* @NL80211_ATTR_MAX: highest attribute number currently defined * @NL80211_ATTR_MAX: highest attribute number currently defined
......
...@@ -216,6 +216,7 @@ enum cfg80211_event_type { ...@@ -216,6 +216,7 @@ enum cfg80211_event_type {
EVENT_DISCONNECTED, EVENT_DISCONNECTED,
EVENT_IBSS_JOINED, EVENT_IBSS_JOINED,
EVENT_STOPPED, EVENT_STOPPED,
EVENT_PORT_AUTHORIZED,
}; };
struct cfg80211_event { struct cfg80211_event {
...@@ -235,6 +236,9 @@ struct cfg80211_event { ...@@ -235,6 +236,9 @@ struct cfg80211_event {
u8 bssid[ETH_ALEN]; u8 bssid[ETH_ALEN];
struct ieee80211_channel *channel; struct ieee80211_channel *channel;
} ij; } ij;
struct {
u8 bssid[ETH_ALEN];
} pa;
}; };
}; };
...@@ -385,6 +389,7 @@ int cfg80211_disconnect(struct cfg80211_registered_device *rdev, ...@@ -385,6 +389,7 @@ int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
bool wextev); bool wextev);
void __cfg80211_roamed(struct wireless_dev *wdev, void __cfg80211_roamed(struct wireless_dev *wdev,
struct cfg80211_roam_info *info); struct cfg80211_roam_info *info);
void __cfg80211_port_authorized(struct wireless_dev *wdev, const u8 *bssid);
int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev, int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev,
struct wireless_dev *wdev); struct wireless_dev *wdev);
void cfg80211_autodisconnect_wk(struct work_struct *work); void cfg80211_autodisconnect_wk(struct work_struct *work);
......
...@@ -13830,9 +13830,7 @@ void nl80211_send_roamed(struct cfg80211_registered_device *rdev, ...@@ -13830,9 +13830,7 @@ void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
info->req_ie)) || info->req_ie)) ||
(info->resp_ie && (info->resp_ie &&
nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len, nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
info->resp_ie)) || info->resp_ie)))
(info->authorized &&
nla_put_flag(msg, NL80211_ATTR_PORT_AUTHORIZED)))
goto nla_put_failure; goto nla_put_failure;
genlmsg_end(msg, hdr); genlmsg_end(msg, hdr);
...@@ -13846,6 +13844,36 @@ void nl80211_send_roamed(struct cfg80211_registered_device *rdev, ...@@ -13846,6 +13844,36 @@ void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
nlmsg_free(msg); nlmsg_free(msg);
} }
void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
struct net_device *netdev, const u8 *bssid)
{
struct sk_buff *msg;
void *hdr;
msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
if (!msg)
return;
hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
if (!hdr) {
nlmsg_free(msg);
return;
}
if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
goto nla_put_failure;
genlmsg_end(msg, hdr);
genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
NL80211_MCGRP_MLME, GFP_KERNEL);
return;
nla_put_failure:
genlmsg_cancel(msg, hdr);
nlmsg_free(msg);
}
void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
struct net_device *netdev, u16 reason, struct net_device *netdev, u16 reason,
const u8 *ie, size_t ie_len, bool from_ap) const u8 *ie, size_t ie_len, bool from_ap)
......
...@@ -58,6 +58,8 @@ void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, ...@@ -58,6 +58,8 @@ void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
void nl80211_send_roamed(struct cfg80211_registered_device *rdev, void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
struct net_device *netdev, struct net_device *netdev,
struct cfg80211_roam_info *info, gfp_t gfp); struct cfg80211_roam_info *info, gfp_t gfp);
void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
struct net_device *netdev, const u8 *bssid);
void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
struct net_device *netdev, u16 reason, struct net_device *netdev, u16 reason,
const u8 *ie, size_t ie_len, bool from_ap); const u8 *ie, size_t ie_len, bool from_ap);
......
...@@ -960,7 +960,6 @@ void cfg80211_roamed(struct net_device *dev, struct cfg80211_roam_info *info, ...@@ -960,7 +960,6 @@ void cfg80211_roamed(struct net_device *dev, struct cfg80211_roam_info *info,
ev->rm.resp_ie_len = info->resp_ie_len; ev->rm.resp_ie_len = info->resp_ie_len;
memcpy((void *)ev->rm.resp_ie, info->resp_ie, info->resp_ie_len); memcpy((void *)ev->rm.resp_ie, info->resp_ie, info->resp_ie_len);
ev->rm.bss = info->bss; ev->rm.bss = info->bss;
ev->rm.authorized = info->authorized;
spin_lock_irqsave(&wdev->event_lock, flags); spin_lock_irqsave(&wdev->event_lock, flags);
list_add_tail(&ev->list, &wdev->event_list); list_add_tail(&ev->list, &wdev->event_list);
...@@ -969,6 +968,50 @@ void cfg80211_roamed(struct net_device *dev, struct cfg80211_roam_info *info, ...@@ -969,6 +968,50 @@ void cfg80211_roamed(struct net_device *dev, struct cfg80211_roam_info *info,
} }
EXPORT_SYMBOL(cfg80211_roamed); EXPORT_SYMBOL(cfg80211_roamed);
void __cfg80211_port_authorized(struct wireless_dev *wdev, const u8 *bssid)
{
ASSERT_WDEV_LOCK(wdev);
if (WARN_ON(wdev->iftype != NL80211_IFTYPE_STATION))
return;
if (WARN_ON(!wdev->current_bss) ||
WARN_ON(!ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
return;
nl80211_send_port_authorized(wiphy_to_rdev(wdev->wiphy), wdev->netdev,
bssid);
}
void cfg80211_port_authorized(struct net_device *dev, const u8 *bssid,
gfp_t gfp)
{
struct wireless_dev *wdev = dev->ieee80211_ptr;
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
struct cfg80211_event *ev;
unsigned long flags;
if (WARN_ON(!bssid))
return;
ev = kzalloc(sizeof(*ev), gfp);
if (!ev)
return;
ev->type = EVENT_PORT_AUTHORIZED;
memcpy(ev->pa.bssid, bssid, ETH_ALEN);
/*
* Use the wdev event list so that if there are pending
* connected/roamed events, they will be reported first.
*/
spin_lock_irqsave(&wdev->event_lock, flags);
list_add_tail(&ev->list, &wdev->event_list);
spin_unlock_irqrestore(&wdev->event_lock, flags);
queue_work(cfg80211_wq, &rdev->event_work);
}
EXPORT_SYMBOL(cfg80211_port_authorized);
void __cfg80211_disconnected(struct net_device *dev, const u8 *ie, void __cfg80211_disconnected(struct net_device *dev, const u8 *ie,
size_t ie_len, u16 reason, bool from_ap) size_t ie_len, u16 reason, bool from_ap)
{ {
......
...@@ -846,6 +846,9 @@ void cfg80211_process_wdev_events(struct wireless_dev *wdev) ...@@ -846,6 +846,9 @@ void cfg80211_process_wdev_events(struct wireless_dev *wdev)
case EVENT_STOPPED: case EVENT_STOPPED:
__cfg80211_leave(wiphy_to_rdev(wdev->wiphy), wdev); __cfg80211_leave(wiphy_to_rdev(wdev->wiphy), wdev);
break; break;
case EVENT_PORT_AUTHORIZED:
__cfg80211_port_authorized(wdev, ev->pa.bssid);
break;
} }
wdev_unlock(wdev); wdev_unlock(wdev);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册