[PATCH 1/7] monitor: Decode RMNet Mux Identifier

[PATCH 1/7] monitor: Decode RMNet Mux Identifier

[Denis Kenzior]

---
 monitor/nlmon.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/monitor/nlmon.c b/monitor/nlmon.c
index e5cd545173ce..941992595412 100644
--- a/monitor/nlmon.c
+++ b/monitor/nlmon.c
@@ -7597,8 +7597,15 @@ static void flags_str(const struct flag_names *table,
 	pos += sprintf(str + pos, "]");
 }
 
+static struct attr_entry link_info_data_entry[] = {
+	{ IFLA_RMNET_MUX_ID,	"RMNet Mux Id",		ATTR_U16 },
+	{ },
+};
+
 static struct attr_entry link_info_entry[] = {
 	{ IFLA_INFO_KIND,	"Kind",		ATTR_STRING },
+	{ IFLA_INFO_DATA,	"Info Data",
+				ATTR_NESTED, { link_info_data_entry } },
 	{ },
 };
 
-- 
2.45.2

[PATCH 2/7] monitor: Mask flags from attribute identifier

[Denis Kenzior]

Certain flags (for example, NLA_F_NESTED) are ORed with the netlink
attribute type identifier prior to being sent on the wire.  Such flags
need to be masked off and not taken into consideration when attribute
type is being compared against known values.
---
 monitor/nlmon.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/monitor/nlmon.c b/monitor/nlmon.c
index 941992595412..214246ea72c2 100644
--- a/monitor/nlmon.c
+++ b/monitor/nlmon.c
@@ -7762,7 +7762,7 @@ static void print_rtnl_attributes(int indent, const struct attr_entry *table,
 		return;
 
 	for (attr = rt_attr; RTA_OK(attr, len); attr = RTA_NEXT(attr, len)) {
-		uint16_t rta_type = attr->rta_type;
+		uint16_t rta_type = attr->rta_type & NLA_TYPE_MASK;
 		enum attr_type type = ATTR_UNSPEC;
 		attr_func_t function;
 		const struct attr_entry *nested;
-- 
2.45.2

[PATCH 3/7] wiphy: Fix use of wiphy_has_feature

[Denis Kenzior]

Features with the _EXT_ in the name must be queried using the
wiphy_has_ext_feature method.

Fixes: bc7b12d1a4a7 ("wiphy: handle FILS AKMs")
---
 src/wiphy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wiphy.c b/src/wiphy.c
index fb36ebb2b3c6..6b755ff8201d 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -276,7 +276,7 @@ enum ie_rsn_akm_suite wiphy_select_akm(struct wiphy *wiphy,
 	 * for fast transitions.  Otherwise use SHA256 version if present.
 	 */
 	if (security == SECURITY_8021X) {
-		if (wiphy_has_feature(wiphy, NL80211_EXT_FEATURE_FILS_STA) &&
+		if (wiphy_has_ext_feature(wiphy, NL80211_EXT_FEATURE_FILS_STA) &&
 				fils_capable_hint) {
 			if ((info->akm_suites &
 					IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384) &&
-- 
2.45.2

[PATCH 4/7] ie: Add IE_AKM_IS_OWE

[Denis Kenzior]

Similarly to IE_AKM_IS_SAE, IE_AKM_IS_FILS, etc
---
 src/ie.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/ie.h b/src/ie.h
index 024eacaa987d..82945de676a9 100644
--- a/src/ie.h
+++ b/src/ie.h
@@ -361,6 +361,11 @@ enum ie_rsn_akm_suite {
 	IE_RSN_AKM_SUITE_OSEN			= 0x40000,
 };
 
+static inline bool IE_AKM_IS_OWE(uint32_t akm)
+{
+	return akm & (IE_RSN_AKM_SUITE_OWE);
+}
+
 static inline bool IE_AKM_IS_SAE(uint32_t akm)
 {
 	return akm & (IE_RSN_AKM_SUITE_SAE_SHA256 |
-- 
2.45.2

[PATCH 5/7] netdev: Create owe_sm for fullmac connections

[Denis Kenzior]

Somehow this ability was lost in the refactoring.  OWE was intended to
be used on fullmac cards, but the state machine is only actually created
if the connection type ends up being softmac.

Fixes: 8b6ad5d3b9ec ("owe: netdev: refactor to remove OWE as an auth-proto")
---
 src/netdev.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index e27a0019b7ea..50e60c5d0c98 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -3826,6 +3826,12 @@ static void netdev_connect_common(struct netdev *netdev,
 	if (!is_rsn)
 		goto build_cmd_connect;
 
+	/* For OWE, always use the CMD_CONNECT path */
+	if (IE_AKM_IS_OWE(hs->akm_suite)) {
+		netdev->owe_sm = owe_sm_new(hs);
+		goto build_cmd_connect;
+	}
+
 	if (nhs->type != CONNECTION_TYPE_SOFTMAC)
 		goto build_cmd_connect;
 
@@ -3848,10 +3854,6 @@ static void netdev_connect_common(struct netdev *netdev,
 		}
 
 		break;
-	case IE_RSN_AKM_SUITE_OWE:
-		netdev->owe_sm = owe_sm_new(hs);
-
-		goto build_cmd_connect;
 	case IE_RSN_AKM_SUITE_FILS_SHA256:
 	case IE_RSN_AKM_SUITE_FILS_SHA384:
 	case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256:
-- 
2.45.2

[PATCH 6/7] fils: Ensure capability checks are consistent

[Denis Kenzior]

iwd supports FILS only on softmac drivers.  Ensure the capability check
is consistent between wiphy and netdev, both the softmac and the
relevant EXT_FEATURE bit must be checked.

CMD_EXTERNAL_AUTH could potentially be used for FILS for FullMAC cards,
but no hardware supporting this has been identified yet.
---
 src/netdev.c | 3 ++-
 src/wiphy.c  | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/netdev.c b/src/netdev.c
index 50e60c5d0c98..fb095fdca561 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -3776,7 +3776,8 @@ static int netdev_handshake_state_setup_connection_type(
 	case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256:
 	case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384:
 		/* FILS has no offload in any upstream driver */
-		if (softmac)
+		if (softmac && wiphy_has_ext_feature(wiphy,
+						NL80211_EXT_FEATURE_FILS_STA))
 			goto softmac;
 
 		return -ENOTSUP;
diff --git a/src/wiphy.c b/src/wiphy.c
index 6b755ff8201d..13d498a5cd0c 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -277,6 +277,7 @@ enum ie_rsn_akm_suite wiphy_select_akm(struct wiphy *wiphy,
 	 */
 	if (security == SECURITY_8021X) {
 		if (wiphy_has_ext_feature(wiphy, NL80211_EXT_FEATURE_FILS_STA) &&
+				wiphy->support_cmds_auth_assoc &&
 				fils_capable_hint) {
 			if ((info->akm_suites &
 					IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384) &&
-- 
2.45.2

[PATCH 7/7] netdev: Simplify FILS handling in netdev_connect_common

[Denis Kenzior]

---
 src/netdev.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index fb095fdca561..494e46a59de2 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -3833,6 +3833,14 @@ static void netdev_connect_common(struct netdev *netdev,
 		goto build_cmd_connect;
 	}
 
+	if (IE_AKM_IS_FILS(hs->akm_suite)) {
+		netdev->ap = fils_sm_new(hs, netdev_fils_tx_authenticate,
+						netdev_fils_tx_associate,
+						netdev_get_oci,
+						netdev);
+		goto done;
+	}
+
 	if (nhs->type != CONNECTION_TYPE_SOFTMAC)
 		goto build_cmd_connect;
 
@@ -3855,15 +3863,6 @@ static void netdev_connect_common(struct netdev *netdev,
 		}
 
 		break;
-	case IE_RSN_AKM_SUITE_FILS_SHA256:
-	case IE_RSN_AKM_SUITE_FILS_SHA384:
-	case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256:
-	case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384:
-		netdev->ap = fils_sm_new(hs, netdev_fils_tx_authenticate,
-						netdev_fils_tx_associate,
-						netdev_get_oci,
-						netdev);
-		break;
 	default:
 build_cmd_connect:
 		cmd_connect = netdev_build_cmd_connect(netdev, hs, prev_bssid);
@@ -3876,6 +3875,7 @@ build_cmd_connect:
 		}
 	}
 
+done:
 	netdev->connect_cmd = cmd_connect;
 	netdev->event_filter = event_filter;
 	netdev->connect_cb = cb;
-- 
2.45.2

Re: [PATCH 7/7] netdev: Simplify FILS handling in netdev_connect_common

[James Prestwood]

Hi Denis,

On 8/5/24 7:07 AM, Denis Kenzior wrote:
> ---
>   src/netdev.c | 18 +++++++++---------
>   1 file changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/src/netdev.c b/src/netdev.c
> index fb095fdca561..494e46a59de2 100644
> --- a/src/netdev.c
> +++ b/src/netdev.c
> @@ -3833,6 +3833,14 @@ static void netdev_connect_common(struct netdev *netdev,
>   		goto build_cmd_connect;
>   	}
>   
> +	if (IE_AKM_IS_FILS(hs->akm_suite)) {
> +		netdev->ap = fils_sm_new(hs, netdev_fils_tx_authenticate,
> +						netdev_fils_tx_associate,
> +						netdev_get_oci,
> +						netdev);
> +		goto done;
> +	}
> +
>   	if (nhs->type != CONNECTION_TYPE_SOFTMAC)
>   		goto build_cmd_connect;
>   
> @@ -3855,15 +3863,6 @@ static void netdev_connect_common(struct netdev *netdev,
>   		}
>   
>   		break;
> -	case IE_RSN_AKM_SUITE_FILS_SHA256:
> -	case IE_RSN_AKM_SUITE_FILS_SHA384:
> -	case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256:
> -	case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384:
> -		netdev->ap = fils_sm_new(hs, netdev_fils_tx_authenticate,
> -						netdev_fils_tx_associate,
> -						netdev_get_oci,
> -						netdev);
> -		break;
>   	default:
>   build_cmd_connect:
>   		cmd_connect = netdev_build_cmd_connect(netdev, hs, prev_bssid);
> @@ -3876,6 +3875,7 @@ build_cmd_connect:
>   		}
>   	}
>   
> +done:
>   	netdev->connect_cmd = cmd_connect;
>   	netdev->event_filter = event_filter;
>   	netdev->connect_cb = cb;

Mostly just an observation, but the switch block is pretty much just 
checks for SAE now, and the default build_cmd_connect case. It may look 
nicer to just have if/else if's for:

IE_AKM_IS_FILS()
IE_AKM_IS_OWE()
IE_AKM_IS_SAE()

But I'm also fine leaving it how you have it.

Re: [PATCH 1/7] monitor: Decode RMNet Mux Identifier

[James Prestwood]

Hi Denis,

On 8/5/24 7:07 AM, Denis Kenzior wrote:
> ---
>   monitor/nlmon.c | 7 +++++++
>   1 file changed, 7 insertions(+)
All look good to me.

Re: [PATCH 7/7] netdev: Simplify FILS handling in netdev_connect_common

[Denis Kenzior]

Hi James,

> 
> Mostly just an observation, but the switch block is pretty much just checks for 
> SAE now, and the default build_cmd_connect case. It may look nicer to just have 
> if/else if's for:
> 
> IE_AKM_IS_FILS()
> IE_AKM_IS_OWE()
> IE_AKM_IS_SAE()

Totally agreed.  I have taken out the switch in my pending patchset, but wanted 
to get the easy stuff out of the way first :)

Reminds me we should add IE_AKM_IS_PSK() as well.

Regards,
-Denis

Re: [PATCH 1/7] monitor: Decode RMNet Mux Identifier

[Denis Kenzior]

On 8/5/24 9:07 AM, Denis Kenzior wrote:
> ---
>   monitor/nlmon.c | 7 +++++++
>   1 file changed, 7 insertions(+)
> 

Applied