[PATCH 01/11] netdev: Fix obtaining reason code from deauth frames

[PATCH 01/11] netdev: Fix obtaining reason code from deauth frames

[Denis Kenzior]

The reason code from deauthentication frame was being obtained as a
uint8_t instead of a uint16_t.  The value was only ever used in an
informational statement.  Since the value was in little endian, only the
first 8 bits of the reason code were obtained.  Fix that.

Fixes: 2bebb4bdc7ee ("netdev: Handle deauth frames prior to association")
---
 src/netdev.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/netdev.c b/src/netdev.c
index 867126583215..49854b16d846 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -1264,6 +1264,7 @@ static void netdev_deauthenticate_event(struct l_genl_msg *msg,
 	uint16_t type, len;
 	const void *data;
 	const struct mmpdu_header *hdr = NULL;
+	const struct mmpdu_deauthentication *deauth;
 	uint16_t reason_code;
 
 	l_debug("");
@@ -1298,7 +1299,8 @@ static void netdev_deauthenticate_event(struct l_genl_msg *msg,
 	if (!memcmp(hdr->address_2, netdev->addr, sizeof(netdev->addr)))
 		return;
 
-	reason_code = l_get_u8(mmpdu_body(hdr));
+	deauth = mmpdu_body(hdr);
+	reason_code = L_LE16_TO_CPU(deauth->reason_code);
 
 	l_info("deauth event, src="MAC" dest="MAC" bssid="MAC" reason=%u",
 			MAC_STR(hdr->address_2), MAC_STR(hdr->address_1),
-- 
2.42.0

[PATCH 02/11] netdev: sa_query: Fix reason code handling

[Denis Kenzior]

The reason code field was being obtained as a uint8_t value, while it is
actually a uint16_t in little-endian byte order.

Fixes: f3cc96499c44 ("netdev: added support for SA Query")
---
 src/netdev.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index 49854b16d846..72876f3a39a1 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -4956,8 +4956,7 @@ static void netdev_unprot_disconnect_event(struct l_genl_msg *msg,
 	if (!hdr)
 		return;
 
-	/* get reason code, first byte of frame */
-	reason_code = l_get_u8(mmpdu_body(hdr));
+	reason_code = l_get_le16(mmpdu_body(hdr));
 
 	l_info("disconnect event, src="MAC" dest="MAC" bssid="MAC" reason=%u",
 			MAC_STR(hdr->address_2), MAC_STR(hdr->address_1),
-- 
2.42.0

[PATCH 03/11] netdev: Use CMD_DISCONNECT if OCI fails

[Denis Kenzior]

If netdev_get_oci fails, a goto deauth is invoked in order to terminate
the current connection and return an error to the caller.  Unfortunately
the deauth label builds CMD_DEAUTHENTICATE in order to terminate the
connection.  This was fine because it used to handle authentication
protocols that ran over CMD_AUTHENTICATE and CMD_ASSOCIATE.  However,
OCI can also be used on FullMAC hardware that does not support them.
Use CMD_DISCONNECT instead which works everywhere.

Fixes: 06482b811626 ("netdev: Obtain operating channel info")
---
 src/netdev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/netdev.c b/src/netdev.c
index 72876f3a39a1..ebb93a74d8aa 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -2989,7 +2989,7 @@ error:
 deauth:
 	netdev->result = NETDEV_RESULT_ASSOCIATION_FAILED;
 	netdev->last_code = MMPDU_STATUS_CODE_UNSPECIFIED;
-	msg = netdev_build_cmd_deauthenticate(netdev,
+	msg = netdev_build_cmd_disconnect(netdev,
 						MMPDU_REASON_CODE_UNSPECIFIED);
 	netdev->disconnect_cmd_id = l_genl_family_send(nl80211,
 							msg,
-- 
2.42.0

[PATCH 04/11] netdev: Don't unnecessarily call netdev_connect_failed

[Denis Kenzior]

netdev_begin_connection() already invokes netdev_connect_failed on
error.  Remove any calls to netdev_connect_failed in callers of
netdev_begin_connection().

Fixes: 4165d9414f54 ("netdev: use wiphy radio work queue for connections")
---
 src/netdev.c | 30 +++++++++++-------------------
 1 file changed, 11 insertions(+), 19 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index ebb93a74d8aa..6792bb5601e2 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -3605,19 +3605,16 @@ static void netdev_mac_change_failed(struct netdev *netdev, int error)
 		WATCHLIST_NOTIFY(&netdev_watches, netdev_watch_func_t,
 				netdev, NETDEV_WATCH_EVENT_DOWN);
 
-		goto failed;
-	} else {
-		/* If the interface is up we can still try and connect */
-		l_info("Failed to change the MAC, continuing with connection");
-		if (netdev_begin_connection(netdev) < 0)
-			goto failed;
-
+		netdev_connect_failed(netdev, NETDEV_RESULT_ABORTED,
+				MMPDU_STATUS_CODE_UNSPECIFIED);
 		return;
 	}
 
-failed:
-	netdev_connect_failed(netdev, NETDEV_RESULT_ABORTED,
-				MMPDU_STATUS_CODE_UNSPECIFIED);
+	/* If the interface is up we can still try and connect */
+	l_info("Failed to change the MAC, continuing with connection");
+
+	if (netdev_begin_connection(netdev) < 0)
+		l_error("netdev_begin_connection() error in mac_change_failed");
 }
 
 static void netdev_mac_destroy(void *user_data)
@@ -3649,14 +3646,9 @@ static void netdev_mac_power_up_cb(int error, uint16_t type,
 		return;
 	}
 
-	/*
-	 * Pick up where we left off in netdev_connect_commmon.
-	 */
-	if (netdev_begin_connection(netdev) < 0) {
-		l_error("Failed to connect after changing MAC");
-		netdev_connect_failed(netdev, NETDEV_RESULT_ASSOCIATION_FAILED,
-				MMPDU_STATUS_CODE_UNSPECIFIED);
-	}
+	/* Pick up where we left off in netdev_connect_commmon */
+	if (netdev_begin_connection(netdev) < 0)
+		l_error("netdev_begin_connection() error in mac_power_up_cb");
 }
 
 static void netdev_mac_power_down_cb(int error, uint16_t type,
@@ -3870,7 +3862,7 @@ static bool netdev_connection_work_ready(struct wiphy_radio_work_item *item)
 	}
 
 	if (netdev_begin_connection(netdev) < 0)
-		goto failed;
+		return true;
 
 	return false;
 
-- 
2.42.0

[PATCH 05/11] netdev: Move CMD_DISCONNECT builder to nl80211util

[Denis Kenzior]

---
 src/netdev.c      | 22 +++++-----------------
 src/nl80211util.c | 12 ++++++++++++
 src/nl80211util.h |  3 +++
 3 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index 6792bb5601e2..1f6920028a03 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -1245,18 +1245,6 @@ static void netdev_cmd_disconnect_cb(struct l_genl_msg *msg, void *user_data)
 	disconnect_cb(netdev, r, disconnect_data);
 }
 
-static struct l_genl_msg *netdev_build_cmd_disconnect(struct netdev *netdev,
-							uint16_t reason_code)
-{
-	struct l_genl_msg *msg;
-
-	msg = l_genl_msg_new_sized(NL80211_CMD_DISCONNECT, 64);
-	l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
-	l_genl_msg_append_attr(msg, NL80211_ATTR_REASON_CODE, 2, &reason_code);
-
-	return msg;
-}
-
 static void netdev_deauthenticate_event(struct l_genl_msg *msg,
 							struct netdev *netdev)
 {
@@ -1460,7 +1448,7 @@ static void netdev_setting_keys_failed(struct netdev_handshake_state *nhs,
 			return;
 		}
 
-		msg = netdev_build_cmd_disconnect(netdev,
+		msg = nl80211_build_disconnect(netdev->index,
 						MMPDU_REASON_CODE_UNSPECIFIED);
 		netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg,
 							netdev_disconnect_cb,
@@ -2246,7 +2234,7 @@ void netdev_handshake_failed(struct handshake_state *hs, uint16_t reason_code)
 	switch (netdev->type) {
 	case NL80211_IFTYPE_STATION:
 	case NL80211_IFTYPE_P2P_CLIENT:
-		msg = netdev_build_cmd_disconnect(netdev, reason_code);
+		msg = nl80211_build_disconnect(netdev->index, reason_code);
 		netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg,
 							netdev_disconnect_cb,
 							netdev, NULL);
@@ -2989,7 +2977,7 @@ error:
 deauth:
 	netdev->result = NETDEV_RESULT_ASSOCIATION_FAILED;
 	netdev->last_code = MMPDU_STATUS_CODE_UNSPECIFIED;
-	msg = netdev_build_cmd_disconnect(netdev,
+	msg = nl80211_build_disconnect(netdev->index,
 						MMPDU_REASON_CODE_UNSPECIFIED);
 	netdev->disconnect_cmd_id = l_genl_family_send(nl80211,
 							msg,
@@ -4159,7 +4147,7 @@ int netdev_disconnect(struct netdev *netdev,
 	}
 
 	if (send_disconnect) {
-		disconnect = netdev_build_cmd_disconnect(netdev,
+		disconnect = nl80211_build_disconnect(netdev->index,
 					MMPDU_REASON_CODE_DEAUTH_LEAVING);
 		netdev->disconnect_cmd_id = l_genl_family_send(nl80211,
 					disconnect, netdev_cmd_disconnect_cb,
@@ -4695,7 +4683,7 @@ static void netdev_sa_query_timeout(struct l_timeout *timeout,
 	l_timeout_remove(netdev->sa_query_timeout);
 	netdev->sa_query_timeout = NULL;
 
-	msg = netdev_build_cmd_disconnect(netdev,
+	msg = nl80211_build_disconnect(netdev->index,
 			MMPDU_REASON_CODE_PREV_AUTH_NOT_VALID);
 	netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg,
 			netdev_disconnect_cb, netdev, NULL);
diff --git a/src/nl80211util.c b/src/nl80211util.c
index 8cc3ea39c4d3..44a8ebe50300 100644
--- a/src/nl80211util.c
+++ b/src/nl80211util.c
@@ -284,6 +284,18 @@ done:
 	return ret;
 }
 
+struct l_genl_msg *nl80211_build_disconnect(uint32_t ifindex,
+							uint16_t reason_code)
+{
+	struct l_genl_msg *msg;
+
+	msg = l_genl_msg_new_sized(NL80211_CMD_DISCONNECT, 64);
+	l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &ifindex);
+	l_genl_msg_append_attr(msg, NL80211_ATTR_REASON_CODE, 2, &reason_code);
+
+	return msg;
+}
+
 struct l_genl_msg *nl80211_build_new_key_group(uint32_t ifindex, uint32_t cipher,
 					uint8_t key_id, const uint8_t *key,
 					size_t key_len, const uint8_t *ctr,
diff --git a/src/nl80211util.h b/src/nl80211util.h
index d26d286f95a7..9eb8681900b8 100644
--- a/src/nl80211util.h
+++ b/src/nl80211util.h
@@ -28,6 +28,9 @@ struct band_freq_attrs;
 
 int nl80211_parse_attrs(struct l_genl_msg *msg, int tag, ...);
 
+struct l_genl_msg *nl80211_build_disconnect(uint32_t ifindex,
+							uint16_t reason_code);
+
 struct l_genl_msg *nl80211_build_new_key_group(uint32_t ifindex,
 					uint32_t cipher, uint8_t key_id,
 					const uint8_t *key, size_t key_len,
-- 
2.42.0

[PATCH 06/11] netdev: Move CMD_DEAUTHENTICATE builder to nl80211util

[Denis Kenzior]

---
 src/netdev.c      | 20 ++++----------------
 src/nl80211util.c | 14 ++++++++++++++
 src/nl80211util.h |  3 +++
 3 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index 1f6920028a03..6c35cd1b75e7 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -1298,20 +1298,6 @@ static void netdev_deauthenticate_event(struct l_genl_msg *msg,
 					MMPDU_STATUS_CODE_UNSPECIFIED);
 }
 
-static struct l_genl_msg *netdev_build_cmd_deauthenticate(struct netdev *netdev,
-							uint16_t reason_code)
-{
-	struct l_genl_msg *msg;
-
-	msg = l_genl_msg_new_sized(NL80211_CMD_DEAUTHENTICATE, 128);
-	l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
-	l_genl_msg_append_attr(msg, NL80211_ATTR_REASON_CODE, 2, &reason_code);
-	l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN,
-							netdev->handshake->aa);
-
-	return msg;
-}
-
 static struct l_genl_msg *netdev_build_cmd_del_station(struct netdev *netdev,
 							const uint8_t *sta,
 							uint16_t reason_code,
@@ -3028,7 +3014,8 @@ static void netdev_cmd_ft_reassociate_cb(struct l_genl_msg *msg,
 
 		netdev->result = NETDEV_RESULT_ASSOCIATION_FAILED;
 		netdev->last_code = MMPDU_STATUS_CODE_UNSPECIFIED;
-		cmd_deauth = netdev_build_cmd_deauthenticate(netdev,
+		cmd_deauth = nl80211_build_deauthenticate(netdev->index,
+						netdev->handshake->aa,
 						MMPDU_REASON_CODE_UNSPECIFIED);
 		netdev->disconnect_cmd_id = l_genl_family_send(nl80211,
 							cmd_deauth,
@@ -3163,7 +3150,8 @@ static void netdev_authenticate_event(struct l_genl_msg *msg,
 
 			netdev->result = NETDEV_RESULT_ASSOCIATION_FAILED;
 			netdev->last_code = MMPDU_STATUS_CODE_UNSPECIFIED;
-			cmd_deauth = netdev_build_cmd_deauthenticate(netdev,
+			cmd_deauth = nl80211_build_deauthenticate(netdev->index,
+						netdev->handshake->aa,
 						MMPDU_REASON_CODE_UNSPECIFIED);
 			netdev->disconnect_cmd_id = l_genl_family_send(nl80211,
 							cmd_deauth,
diff --git a/src/nl80211util.c b/src/nl80211util.c
index 44a8ebe50300..8ed260ad6f13 100644
--- a/src/nl80211util.c
+++ b/src/nl80211util.c
@@ -284,6 +284,20 @@ done:
 	return ret;
 }
 
+struct l_genl_msg *nl80211_build_deauthenticate(uint32_t ifindex,
+						const uint8_t addr[static 6],
+						uint16_t reason_code)
+{
+	struct l_genl_msg *msg;
+
+	msg = l_genl_msg_new_sized(NL80211_CMD_DEAUTHENTICATE, 128);
+	l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &ifindex);
+	l_genl_msg_append_attr(msg, NL80211_ATTR_REASON_CODE, 2, &reason_code);
+	l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
+
+	return msg;
+}
+
 struct l_genl_msg *nl80211_build_disconnect(uint32_t ifindex,
 							uint16_t reason_code)
 {
diff --git a/src/nl80211util.h b/src/nl80211util.h
index 9eb8681900b8..1553047d1b8a 100644
--- a/src/nl80211util.h
+++ b/src/nl80211util.h
@@ -28,6 +28,9 @@ struct band_freq_attrs;
 
 int nl80211_parse_attrs(struct l_genl_msg *msg, int tag, ...);
 
+struct l_genl_msg *nl80211_build_deauthenticate(uint32_t ifindex,
+						const uint8_t addr[static 6],
+						uint16_t reason_code);
 struct l_genl_msg *nl80211_build_disconnect(uint32_t ifindex,
 							uint16_t reason_code);
 
-- 
2.42.0

[PATCH 07/11] netdev: Move CMD_DEL_STATION builder to nl80211util

[Denis Kenzior]

While here, also get rid of netdev_del_station.  The only user of this
function was in ap.c and it could easily be replaced by invoking the new
nl80211_build_del_station function.  The callback used by
netdev_build_del_station only printed an error and didn't do anything
useful.  Get rid of it for now.
---
 src/ap.c          |  9 +++++++-
 src/netdev.c      | 56 +++++------------------------------------------
 src/nl80211util.c | 16 ++++++++++++++
 src/nl80211util.h |  5 +++++
 4 files changed, 35 insertions(+), 51 deletions(-)

diff --git a/src/ap.c b/src/ap.c
index 577f25a71def..bce389d39c9c 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -392,10 +392,17 @@ static void ap_del_station(struct sta_state *sta, uint16_t reason,
 				bool disassociate)
 {
 	struct ap_state *ap = sta->ap;
+	uint32_t ifindex = netdev_get_ifindex(ap->netdev);
 	struct ap_event_station_removed_data event_data;
 	bool send_event = false;
+	struct l_genl_msg *msg;
+	uint8_t subtype = disassociate ?
+			MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION :
+			MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION;
+
+	msg = nl80211_build_del_station(ifindex, sta->addr, reason, subtype);
+	l_genl_family_send(ap->nl80211, msg, NULL, NULL, NULL);
 
-	netdev_del_station(ap->netdev, sta->addr, reason, disassociate);
 	sta->associated = false;
 
 	if (sta->rsna) {
diff --git a/src/netdev.c b/src/netdev.c
index 6c35cd1b75e7..38fb759058c3 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -1298,52 +1298,6 @@ static void netdev_deauthenticate_event(struct l_genl_msg *msg,
 					MMPDU_STATUS_CODE_UNSPECIFIED);
 }
 
-static struct l_genl_msg *netdev_build_cmd_del_station(struct netdev *netdev,
-							const uint8_t *sta,
-							uint16_t reason_code,
-							bool disassociate)
-{
-	struct l_genl_msg *msg;
-	uint8_t subtype = disassociate ?
-			MPDU_MANAGEMENT_SUBTYPE_DISASSOCIATION :
-			MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION;
-
-	msg = l_genl_msg_new_sized(NL80211_CMD_DEL_STATION, 64);
-	l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
-	l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, 6, sta);
-	l_genl_msg_append_attr(msg, NL80211_ATTR_MGMT_SUBTYPE, 1, &subtype);
-	l_genl_msg_append_attr(msg, NL80211_ATTR_REASON_CODE, 2, &reason_code);
-
-	return msg;
-}
-
-static void netdev_del_sta_cb(struct l_genl_msg *msg, void *user_data)
-{
-	int err = l_genl_msg_get_error(msg);
-	const char *ext_error;
-
-	if (err >= 0)
-		return;
-
-	ext_error = l_genl_msg_get_extended_error(msg);
-	l_error("DEL_STATION failed: %s",
-			ext_error ? ext_error : strerror(-err));
-}
-
-int netdev_del_station(struct netdev *netdev, const uint8_t *sta,
-			uint16_t reason_code, bool disassociate)
-{
-	struct l_genl_msg *msg;
-
-	msg = netdev_build_cmd_del_station(netdev, sta, reason_code,
-						disassociate);
-
-	if (!l_genl_family_send(nl80211, msg, netdev_del_sta_cb, NULL, NULL))
-		return -EIO;
-
-	return 0;
-}
-
 static void netdev_operstate_cb(int error, uint16_t type,
 					const void *data,
 					uint32_t len, void *user_data)
@@ -1444,8 +1398,9 @@ static void netdev_setting_keys_failed(struct netdev_handshake_state *nhs,
 		if (err == -ENETDOWN)
 			return;
 
-		msg = netdev_build_cmd_del_station(netdev, nhs->super.spa,
-				MMPDU_REASON_CODE_UNSPECIFIED, false);
+		msg = nl80211_build_del_station(netdev->index,
+				nhs->super.spa, MMPDU_REASON_CODE_UNSPECIFIED,
+				MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION);
 		if (!l_genl_family_send(nl80211, msg, NULL, NULL, NULL))
 			l_error("error sending DEL_STATION");
 
@@ -2227,8 +2182,9 @@ void netdev_handshake_failed(struct handshake_state *hs, uint16_t reason_code)
 		break;
 	case NL80211_IFTYPE_AP:
 	case NL80211_IFTYPE_P2P_GO:
-		msg = netdev_build_cmd_del_station(netdev, nhs->super.spa,
-				reason_code, false);
+		msg = nl80211_build_del_station(netdev->index, nhs->super.spa,
+				reason_code,
+				MPDU_MANAGEMENT_SUBTYPE_DEAUTHENTICATION);
 		if (!l_genl_family_send(nl80211, msg, NULL, NULL, NULL))
 			l_error("error sending DEL_STATION");
 	}
diff --git a/src/nl80211util.c b/src/nl80211util.c
index 8ed260ad6f13..1d1d7099e575 100644
--- a/src/nl80211util.c
+++ b/src/nl80211util.c
@@ -310,6 +310,22 @@ struct l_genl_msg *nl80211_build_disconnect(uint32_t ifindex,
 	return msg;
 }
 
+struct l_genl_msg *nl80211_build_del_station(uint32_t ifindex,
+						const uint8_t addr[static 6],
+						uint16_t reason_code,
+						uint8_t subtype)
+{
+	struct l_genl_msg *msg;
+
+	msg = l_genl_msg_new_sized(NL80211_CMD_DEL_STATION, 64);
+	l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &ifindex);
+	l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, 6, addr);
+	l_genl_msg_append_attr(msg, NL80211_ATTR_MGMT_SUBTYPE, 1, &subtype);
+	l_genl_msg_append_attr(msg, NL80211_ATTR_REASON_CODE, 2, &reason_code);
+
+	return msg;
+}
+
 struct l_genl_msg *nl80211_build_new_key_group(uint32_t ifindex, uint32_t cipher,
 					uint8_t key_id, const uint8_t *key,
 					size_t key_len, const uint8_t *ctr,
diff --git a/src/nl80211util.h b/src/nl80211util.h
index 1553047d1b8a..755133a37bb7 100644
--- a/src/nl80211util.h
+++ b/src/nl80211util.h
@@ -34,6 +34,11 @@ struct l_genl_msg *nl80211_build_deauthenticate(uint32_t ifindex,
 struct l_genl_msg *nl80211_build_disconnect(uint32_t ifindex,
 							uint16_t reason_code);
 
+struct l_genl_msg *nl80211_build_del_station(uint32_t ifindex,
+						const uint8_t addr[static 6],
+						uint16_t reason_code,
+						uint8_t subtype);
+
 struct l_genl_msg *nl80211_build_new_key_group(uint32_t ifindex,
 					uint32_t cipher, uint8_t key_id,
 					const uint8_t *key, size_t key_len,
-- 
2.42.0

[PATCH 08/11] netdev: Move pairwise NEW_KEY builder to nl80211util

[Denis Kenzior]

---
 src/netdev.c      | 27 +++------------------------
 src/nl80211util.c | 20 ++++++++++++++++++++
 src/nl80211util.h |  6 ++++++
 3 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index 38fb759058c3..64d16d6dc8c6 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -1898,27 +1898,6 @@ error:
 	netdev_setting_keys_failed(nhs, err);
 }
 
-static struct l_genl_msg *netdev_build_cmd_new_key_pairwise(
-							struct netdev *netdev,
-							uint32_t cipher,
-							const uint8_t *aa,
-							const uint8_t *tk,
-							size_t tk_len,
-							uint8_t key_id)
-{
-	struct l_genl_msg *msg;
-
-	msg = l_genl_msg_new_sized(NL80211_CMD_NEW_KEY, 512);
-
-	l_genl_msg_append_attr(msg, NL80211_ATTR_KEY_DATA, tk_len, tk);
-	l_genl_msg_append_attr(msg, NL80211_ATTR_KEY_CIPHER, 4, &cipher);
-	l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, aa);
-	l_genl_msg_append_attr(msg, NL80211_ATTR_KEY_IDX, 1, &key_id);
-	l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
-
-	return msg;
-}
-
 static struct l_genl_msg *netdev_build_cmd_new_rx_key_pairwise(
 							struct netdev *netdev,
 							uint32_t cipher,
@@ -2024,9 +2003,9 @@ static void netdev_set_tk(struct handshake_state *hs, uint8_t key_index,
 	if (!netdev_copy_tk(tk_buf, tk, cipher, hs->authenticator))
 		goto invalid_key;
 
-	msg = netdev_build_cmd_new_key_pairwise(netdev, cipher, addr, tk_buf,
-						crypto_cipher_key_len(cipher),
-						key_index);
+	msg = nl80211_build_new_key_pairwise(netdev->index, cipher, addr,
+					tk_buf, crypto_cipher_key_len(cipher),
+					key_index);
 	nhs->pairwise_new_key_cmd_id =
 		l_genl_family_send(nl80211, msg, netdev_new_pairwise_key_cb,
 						nhs, NULL);
diff --git a/src/nl80211util.c b/src/nl80211util.c
index 1d1d7099e575..437a52d55941 100644
--- a/src/nl80211util.c
+++ b/src/nl80211util.c
@@ -359,6 +359,26 @@ struct l_genl_msg *nl80211_build_new_key_group(uint32_t ifindex, uint32_t cipher
 	return msg;
 }
 
+struct l_genl_msg *nl80211_build_new_key_pairwise(uint32_t ifindex,
+						uint32_t cipher,
+						const uint8_t addr[static 6],
+						const uint8_t *tk,
+						size_t tk_len,
+						uint8_t key_id)
+{
+	struct l_genl_msg *msg;
+
+	msg = l_genl_msg_new_sized(NL80211_CMD_NEW_KEY, 512);
+
+	l_genl_msg_append_attr(msg, NL80211_ATTR_KEY_DATA, tk_len, tk);
+	l_genl_msg_append_attr(msg, NL80211_ATTR_KEY_CIPHER, 4, &cipher);
+	l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
+	l_genl_msg_append_attr(msg, NL80211_ATTR_KEY_IDX, 1, &key_id);
+	l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &ifindex);
+
+	return msg;
+}
+
 static struct l_genl_msg *nl80211_build_set_station(uint32_t ifindex,
 					const uint8_t *addr,
 					struct nl80211_sta_flag_update *flags)
diff --git a/src/nl80211util.h b/src/nl80211util.h
index 755133a37bb7..00d1ea852671 100644
--- a/src/nl80211util.h
+++ b/src/nl80211util.h
@@ -44,6 +44,12 @@ struct l_genl_msg *nl80211_build_new_key_group(uint32_t ifindex,
 					const uint8_t *key, size_t key_len,
 					const uint8_t *ctr, size_t ctr_len,
 					const uint8_t *addr);
+struct l_genl_msg *nl80211_build_new_key_pairwise(uint32_t ifindex,
+						uint32_t cipher,
+						const uint8_t addr[static 6],
+						const uint8_t *tk,
+						size_t tk_len,
+						uint8_t key_id);
 
 struct l_genl_msg *nl80211_build_set_station_authorized(uint32_t ifindex,
 							const uint8_t *addr);
-- 
2.42.0

[PATCH 09/11] netdev: Move CMD_NEW_KEY RX-only builder to nl80211util

[Denis Kenzior]

---
 src/netdev.c      | 36 +++---------------------------------
 src/nl80211util.c | 29 +++++++++++++++++++++++++++++
 src/nl80211util.h |  6 ++++++
 3 files changed, 38 insertions(+), 33 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index 64d16d6dc8c6..086c3b9d158b 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -1898,36 +1898,6 @@ error:
 	netdev_setting_keys_failed(nhs, err);
 }
 
-static struct l_genl_msg *netdev_build_cmd_new_rx_key_pairwise(
-							struct netdev *netdev,
-							uint32_t cipher,
-							const uint8_t *aa,
-							const uint8_t *tk,
-							size_t tk_len,
-							uint8_t key_id)
-{
-	uint8_t key_mode = NL80211_KEY_NO_TX;
-	uint32_t key_type = NL80211_KEYTYPE_PAIRWISE;
-	struct l_genl_msg *msg;
-
-	msg = l_genl_msg_new_sized(NL80211_CMD_NEW_KEY, 512);
-
-	l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, aa);
-	l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
-
-	l_genl_msg_enter_nested(msg, NL80211_ATTR_KEY);
-
-	l_genl_msg_append_attr(msg, NL80211_KEY_DATA, tk_len, tk);
-	l_genl_msg_append_attr(msg, NL80211_KEY_CIPHER, 4, &cipher);
-	l_genl_msg_append_attr(msg, NL80211_KEY_IDX, 1, &key_id);
-	l_genl_msg_append_attr(msg, NL80211_KEY_MODE, 1, &key_mode);
-	l_genl_msg_append_attr(msg, NL80211_KEY_TYPE, 4, &key_type);
-
-	l_genl_msg_leave_nested(msg);
-
-	return msg;
-}
-
 static void netdev_group_timeout_cb(struct l_timeout *timeout, void *user_data)
 {
 	struct netdev_handshake_state *nhs = user_data;
@@ -2037,9 +2007,9 @@ static void netdev_set_ext_tk(struct handshake_state *hs, uint8_t key_idx,
 	if (!netdev_copy_tk(tk_buf, tk, cipher, hs->authenticator))
 		goto error;
 
-	msg = netdev_build_cmd_new_rx_key_pairwise(netdev, cipher, addr, tk_buf,
-						crypto_cipher_key_len(cipher),
-						hs->active_tk_index);
+	msg = nl80211_build_new_rx_key_pairwise(netdev->index, cipher, addr,
+					tk_buf, crypto_cipher_key_len(cipher),
+					hs->active_tk_index);
 	nhs->pairwise_new_key_cmd_id =
 		l_genl_family_send(nl80211, msg, netdev_new_rx_pairwise_key_cb,
 						nhs, NULL);
diff --git a/src/nl80211util.c b/src/nl80211util.c
index 437a52d55941..87e859c962e6 100644
--- a/src/nl80211util.c
+++ b/src/nl80211util.c
@@ -379,6 +379,35 @@ struct l_genl_msg *nl80211_build_new_key_pairwise(uint32_t ifindex,
 	return msg;
 }
 
+struct l_genl_msg *nl80211_build_new_rx_key_pairwise(uint32_t ifindex,
+						uint32_t cipher,
+						const uint8_t addr[static 6],
+						const uint8_t *tk,
+						size_t tk_len,
+						uint8_t key_id)
+{
+	uint8_t key_mode = NL80211_KEY_NO_TX;
+	uint32_t key_type = NL80211_KEYTYPE_PAIRWISE;
+	struct l_genl_msg *msg;
+
+	msg = l_genl_msg_new_sized(NL80211_CMD_NEW_KEY, 512);
+
+	l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
+	l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &ifindex);
+
+	l_genl_msg_enter_nested(msg, NL80211_ATTR_KEY);
+
+	l_genl_msg_append_attr(msg, NL80211_KEY_DATA, tk_len, tk);
+	l_genl_msg_append_attr(msg, NL80211_KEY_CIPHER, 4, &cipher);
+	l_genl_msg_append_attr(msg, NL80211_KEY_IDX, 1, &key_id);
+	l_genl_msg_append_attr(msg, NL80211_KEY_MODE, 1, &key_mode);
+	l_genl_msg_append_attr(msg, NL80211_KEY_TYPE, 4, &key_type);
+
+	l_genl_msg_leave_nested(msg);
+
+	return msg;
+}
+
 static struct l_genl_msg *nl80211_build_set_station(uint32_t ifindex,
 					const uint8_t *addr,
 					struct nl80211_sta_flag_update *flags)
diff --git a/src/nl80211util.h b/src/nl80211util.h
index 00d1ea852671..d8026a8ebc19 100644
--- a/src/nl80211util.h
+++ b/src/nl80211util.h
@@ -50,6 +50,12 @@ struct l_genl_msg *nl80211_build_new_key_pairwise(uint32_t ifindex,
 						const uint8_t *tk,
 						size_t tk_len,
 						uint8_t key_id);
+struct l_genl_msg *nl80211_build_new_rx_key_pairwise(uint32_t ifindex,
+						uint32_t cipher,
+						const uint8_t addr[static 6],
+						const uint8_t *tk,
+						size_t tk_len,
+						uint8_t key_id);
 
 struct l_genl_msg *nl80211_build_set_station_authorized(uint32_t ifindex,
 							const uint8_t *addr);
-- 
2.42.0

[PATCH 10/11] netdev: Move CMD_REKEY_OFFLOAD builder to nl80211util

[Denis Kenzior]

---
 src/netdev.c      | 26 +-------------------------
 src/nl80211util.c | 24 ++++++++++++++++++++++++
 src/nl80211util.h |  5 +++++
 3 files changed, 30 insertions(+), 25 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index 086c3b9d158b..418626d72579 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -2163,30 +2163,6 @@ static void hardware_rekey_cb(struct l_genl_msg *msg, void *data)
 	}
 }
 
-static struct l_genl_msg *netdev_build_cmd_replay_counter(struct netdev *netdev,
-							const uint8_t *kek,
-							const uint8_t *kck,
-							uint64_t replay_ctr)
-{
-	struct l_genl_msg *msg;
-
-	msg = l_genl_msg_new_sized(NL80211_CMD_SET_REKEY_OFFLOAD, 512);
-
-	l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
-
-	l_genl_msg_enter_nested(msg, NL80211_ATTR_REKEY_DATA);
-	l_genl_msg_append_attr(msg, NL80211_REKEY_DATA_KEK,
-					NL80211_KEK_LEN, kek);
-	l_genl_msg_append_attr(msg, NL80211_REKEY_DATA_KCK,
-					NL80211_KCK_LEN, kck);
-	l_genl_msg_append_attr(msg, NL80211_REKEY_DATA_REPLAY_CTR,
-			NL80211_REPLAY_CTR_LEN, &replay_ctr);
-
-	l_genl_msg_leave_nested(msg);
-
-	return msg;
-}
-
 static void netdev_set_rekey_offload(uint32_t ifindex,
 					const uint8_t *kek,
 					const uint8_t *kck,
@@ -2207,7 +2183,7 @@ static void netdev_set_rekey_offload(uint32_t ifindex,
 		return;
 
 	l_debug("%d", netdev->index);
-	msg = netdev_build_cmd_replay_counter(netdev, kek, kck, replay_counter);
+	msg = nl80211_build_rekey_offload(ifindex, kek, kck, replay_counter);
 	netdev->rekey_offload_cmd_id = l_genl_family_send(nl80211, msg,
 							hardware_rekey_cb,
 							netdev, NULL);
diff --git a/src/nl80211util.c b/src/nl80211util.c
index 87e859c962e6..ef69cc718e04 100644
--- a/src/nl80211util.c
+++ b/src/nl80211util.c
@@ -408,6 +408,30 @@ struct l_genl_msg *nl80211_build_new_rx_key_pairwise(uint32_t ifindex,
 	return msg;
 }
 
+struct l_genl_msg *nl80211_build_rekey_offload(uint32_t ifindex,
+						const uint8_t *kek,
+						const uint8_t *kck,
+						uint64_t replay_ctr)
+{
+	struct l_genl_msg *msg;
+
+	msg = l_genl_msg_new_sized(NL80211_CMD_SET_REKEY_OFFLOAD, 512);
+
+	l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &ifindex);
+
+	l_genl_msg_enter_nested(msg, NL80211_ATTR_REKEY_DATA);
+	l_genl_msg_append_attr(msg, NL80211_REKEY_DATA_KEK,
+					NL80211_KEK_LEN, kek);
+	l_genl_msg_append_attr(msg, NL80211_REKEY_DATA_KCK,
+					NL80211_KCK_LEN, kck);
+	l_genl_msg_append_attr(msg, NL80211_REKEY_DATA_REPLAY_CTR,
+			NL80211_REPLAY_CTR_LEN, &replay_ctr);
+
+	l_genl_msg_leave_nested(msg);
+
+	return msg;
+}
+
 static struct l_genl_msg *nl80211_build_set_station(uint32_t ifindex,
 					const uint8_t *addr,
 					struct nl80211_sta_flag_update *flags)
diff --git a/src/nl80211util.h b/src/nl80211util.h
index d8026a8ebc19..9f8ae17aeaa4 100644
--- a/src/nl80211util.h
+++ b/src/nl80211util.h
@@ -57,6 +57,11 @@ struct l_genl_msg *nl80211_build_new_rx_key_pairwise(uint32_t ifindex,
 						size_t tk_len,
 						uint8_t key_id);
 
+struct l_genl_msg *nl80211_build_rekey_offload(uint32_t ifindex,
+						const uint8_t *kek,
+						const uint8_t *kck,
+						uint64_t replay_ctr);
+
 struct l_genl_msg *nl80211_build_set_station_authorized(uint32_t ifindex,
 							const uint8_t *addr);
 
-- 
2.42.0

[PATCH 11/11] netdev: disambiguate between disconnection types

[Denis Kenzior]

There are generally three scenarios where iwd generates a disconnection
command to the kernel:
  1. Error conditions stemming from a connection related event.  For
     example if SAE/FT/FILS authentication fails during Authenticate or
     Associate steps and the kernel doesn't disconnect properly.
  2. Deauthentication after the connection has been established and not
     related to a connection attempt in progress.  For example, SA Query
     processing that triggers an disconnect.
  3. Disconnects that are triggered due to a handshake failure or if
     setting keys resulting from the handshake fails.  These disconnects
     can be triggered as a result of a pending connection or when a
     connection has been established (e.g. due to rekeying).

Distinguish between 1 and 2/3 by having the disconnect procedure take
different paths.  For now there are no functional changes since all
paths end up in netdev_connect_failed(), but this will change in the
future.
---
 src/netdev.c | 126 +++++++++++++++++++++++++++++++--------------------
 1 file changed, 76 insertions(+), 50 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index 418626d72579..d0ce0aaad5e7 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -858,7 +858,7 @@ static void netdev_connect_failed(struct netdev *netdev,
 	}
 }
 
-static void netdev_disconnect_cb(struct l_genl_msg *msg, void *user_data)
+static void netdev_connect_failed_cb(struct l_genl_msg *msg, void *user_data)
 {
 	struct netdev *netdev = user_data;
 
@@ -866,6 +866,63 @@ static void netdev_disconnect_cb(struct l_genl_msg *msg, void *user_data)
 	netdev_connect_failed(netdev, netdev->result, netdev->last_code);
 }
 
+static void netdev_send_and_fail_connection(struct netdev *netdev,
+						enum netdev_result result,
+						uint16_t status_code,
+						struct l_genl_msg *msg)
+{
+	netdev->result = result;
+	netdev->last_code = status_code;
+
+	netdev->disconnect_cmd_id =
+		l_genl_family_send(nl80211, msg, netdev_connect_failed_cb,
+					netdev, NULL);
+}
+
+static void netdev_disconnect_and_fail_connection(struct netdev *netdev,
+						enum netdev_result result,
+						uint16_t status_code)
+{
+	struct l_genl_msg *msg = nl80211_build_disconnect(netdev->index,
+						MMPDU_REASON_CODE_UNSPECIFIED);
+
+	netdev_send_and_fail_connection(netdev, result, status_code, msg);
+}
+
+static void netdev_deauth_and_fail_connection(struct netdev *netdev,
+						enum netdev_result result,
+						uint16_t status_code)
+{
+	struct l_genl_msg *msg = nl80211_build_deauthenticate(netdev->index,
+						netdev->handshake->aa,
+						MMPDU_REASON_CODE_UNSPECIFIED);
+
+	netdev_send_and_fail_connection(netdev, result, status_code, msg);
+}
+
+static void netdev_disconnect_sme_cb(struct l_genl_msg *msg, void *user_data)
+{
+	struct netdev *netdev = user_data;
+
+	netdev->disconnect_cmd_id = 0;
+	netdev_connect_failed(netdev, netdev->result, netdev->last_code);
+}
+
+static void netdev_disconnect_by_sme(struct netdev *netdev,
+					enum netdev_result result,
+					uint16_t reason_code)
+{
+	struct l_genl_msg *msg = nl80211_build_disconnect(netdev->index,
+								reason_code);
+
+	netdev->result = result;
+	netdev->last_code = reason_code;
+
+	netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg,
+						netdev_disconnect_sme_cb,
+						netdev, NULL);
+}
+
 static void netdev_free(void *data)
 {
 	struct netdev *netdev = data;
@@ -1388,11 +1445,9 @@ static void netdev_setting_keys_failed(struct netdev_handshake_state *nhs,
 			return;
 		}
 
-		msg = nl80211_build_disconnect(netdev->index,
-						MMPDU_REASON_CODE_UNSPECIFIED);
-		netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg,
-							netdev_disconnect_cb,
-							netdev, NULL);
+		netdev_disconnect_by_sme(netdev,
+					NETDEV_RESULT_KEY_SETTING_FAILED,
+					MMPDU_REASON_CODE_UNSPECIFIED);
 		break;
 	case NL80211_IFTYPE_AP:
 		if (err == -ENETDOWN)
@@ -1407,7 +1462,6 @@ static void netdev_setting_keys_failed(struct netdev_handshake_state *nhs,
 		break;
 	}
 
-	netdev->result = NETDEV_RESULT_KEY_SETTING_FAILED;
 	handshake_event(&nhs->super, HANDSHAKE_EVENT_SETTING_KEYS_FAILED, &err);
 }
 
@@ -2118,16 +2172,11 @@ void netdev_handshake_failed(struct handshake_state *hs, uint16_t reason_code)
 
 	netdev->sm = NULL;
 
-	netdev->result = NETDEV_RESULT_HANDSHAKE_FAILED;
-	netdev->last_code = reason_code;
-
 	switch (netdev->type) {
 	case NL80211_IFTYPE_STATION:
 	case NL80211_IFTYPE_P2P_CLIENT:
-		msg = nl80211_build_disconnect(netdev->index, reason_code);
-		netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg,
-							netdev_disconnect_cb,
-							netdev, NULL);
+		netdev_disconnect_by_sme(netdev, NETDEV_RESULT_HANDSHAKE_FAILED,
+						reason_code);
 		break;
 	case NL80211_IFTYPE_AP:
 	case NL80211_IFTYPE_P2P_GO:
@@ -2842,14 +2891,9 @@ error:
 	return;
 
 deauth:
-	netdev->result = NETDEV_RESULT_ASSOCIATION_FAILED;
-	netdev->last_code = MMPDU_STATUS_CODE_UNSPECIFIED;
-	msg = nl80211_build_disconnect(netdev->index,
-						MMPDU_REASON_CODE_UNSPECIFIED);
-	netdev->disconnect_cmd_id = l_genl_family_send(nl80211,
-							msg,
-							netdev_disconnect_cb,
-							netdev, NULL);
+	netdev_disconnect_and_fail_connection(netdev,
+					NETDEV_RESULT_ASSOCIATION_FAILED,
+					MMPDU_STATUS_CODE_UNSPECIFIED);
 }
 
 static struct l_genl_msg *netdev_build_cmd_associate_common(
@@ -2890,19 +2934,12 @@ static void netdev_cmd_ft_reassociate_cb(struct l_genl_msg *msg,
 
 	netdev->connect_cmd_id = 0;
 
-	if (l_genl_msg_get_error(msg) < 0) {
-		struct l_genl_msg *cmd_deauth;
+	if (l_genl_msg_get_error(msg) >= 0)
+		return;
 
-		netdev->result = NETDEV_RESULT_ASSOCIATION_FAILED;
-		netdev->last_code = MMPDU_STATUS_CODE_UNSPECIFIED;
-		cmd_deauth = nl80211_build_deauthenticate(netdev->index,
-						netdev->handshake->aa,
-						MMPDU_REASON_CODE_UNSPECIFIED);
-		netdev->disconnect_cmd_id = l_genl_family_send(nl80211,
-							cmd_deauth,
-							netdev_disconnect_cb,
-							netdev, NULL);
-	}
+	netdev_deauth_and_fail_connection(netdev,
+					NETDEV_RESULT_ASSOCIATION_FAILED,
+					MMPDU_STATUS_CODE_UNSPECIFIED);
 }
 
 static bool kernel_will_retry_auth(uint16_t status_code,
@@ -3027,17 +3064,9 @@ static void netdev_authenticate_event(struct l_genl_msg *msg,
 		 * to keep retrying, tell it to stop
 		 */
 		if (retry) {
-			struct l_genl_msg *cmd_deauth;
-
-			netdev->result = NETDEV_RESULT_ASSOCIATION_FAILED;
-			netdev->last_code = MMPDU_STATUS_CODE_UNSPECIFIED;
-			cmd_deauth = nl80211_build_deauthenticate(netdev->index,
-						netdev->handshake->aa,
-						MMPDU_REASON_CODE_UNSPECIFIED);
-			netdev->disconnect_cmd_id = l_genl_family_send(nl80211,
-							cmd_deauth,
-							netdev_disconnect_cb,
-							netdev, NULL);
+			netdev_deauth_and_fail_connection(netdev,
+					NETDEV_RESULT_ASSOCIATION_FAILED,
+					MMPDU_STATUS_CODE_UNSPECIFIED);
 			return;
 		}
 	}
@@ -4545,17 +4574,14 @@ static void netdev_sa_query_timeout(struct l_timeout *timeout,
 		void *user_data)
 {
 	struct netdev *netdev = user_data;
-	struct l_genl_msg *msg;
 
 	l_info("SA Query timed out, connection is invalid.  Disconnecting...");
 
 	l_timeout_remove(netdev->sa_query_timeout);
 	netdev->sa_query_timeout = NULL;
 
-	msg = nl80211_build_disconnect(netdev->index,
-			MMPDU_REASON_CODE_PREV_AUTH_NOT_VALID);
-	netdev->disconnect_cmd_id = l_genl_family_send(nl80211, msg,
-			netdev_disconnect_cb, netdev, NULL);
+	netdev_disconnect_by_sme(netdev, NETDEV_RESULT_ABORTED,
+					MMPDU_REASON_CODE_PREV_AUTH_NOT_VALID);
 }
 
 static void netdev_sa_query_req_cb(struct l_genl_msg *msg, void *user_data)
-- 
2.42.0

Re: [PATCH 11/11] netdev: disambiguate between disconnection types

[James Prestwood]

Hi Denis,

On 11/14/23 9:14 AM, Denis Kenzior wrote:
> There are generally three scenarios where iwd generates a disconnection
> command to the kernel:
>    1. Error conditions stemming from a connection related event.  For
>       example if SAE/FT/FILS authentication fails during Authenticate or
>       Associate steps and the kernel doesn't disconnect properly.
>    2. Deauthentication after the connection has been established and not
>       related to a connection attempt in progress.  For example, SA Query
>       processing that triggers an disconnect.
>    3. Disconnects that are triggered due to a handshake failure or if
>       setting keys resulting from the handshake fails.  These disconnects
>       can be triggered as a result of a pending connection or when a
>       connection has been established (e.g. due to rekeying).
> 
> Distinguish between 1 and 2/3 by having the disconnect procedure take
> different paths.  For now there are no functional changes since all
> paths end up in netdev_connect_failed(), but this will change in the
> future.

I'm guessing the future changes would be to handle a CMD_DISCONNECT 
event via the connect callback?

Thanks,
James

Re: [PATCH 11/11] netdev: disambiguate between disconnection types

[Denis Kenzior]

Hi James,

On 11/14/23 11:39, James Prestwood wrote:
> Hi Denis,
> 
> On 11/14/23 9:14 AM, Denis Kenzior wrote:
>> There are generally three scenarios where iwd generates a disconnection
>> command to the kernel:
>>    1. Error conditions stemming from a connection related event.  For
>>       example if SAE/FT/FILS authentication fails during Authenticate or
>>       Associate steps and the kernel doesn't disconnect properly.
>>    2. Deauthentication after the connection has been established and not
>>       related to a connection attempt in progress.  For example, SA Query
>>       processing that triggers an disconnect.
>>    3. Disconnects that are triggered due to a handshake failure or if
>>       setting keys resulting from the handshake fails.  These disconnects
>>       can be triggered as a result of a pending connection or when a
>>       connection has been established (e.g. due to rekeying).
>>
>> Distinguish between 1 and 2/3 by having the disconnect procedure take
>> different paths.  For now there are no functional changes since all
>> paths end up in netdev_connect_failed(), but this will change in the
>> future.
> 
> I'm guessing the future changes would be to handle a CMD_DISCONNECT event via 
> the connect callback?

Possibly.  Have not made up my mind completely yet, but we do it both ways right 
now and we need to stick to one.  Wanted to get the easy stuff out of the way 
first.  Any comments or should I push this out?

Regards,
-Denis

Re: [PATCH 11/11] netdev: disambiguate between disconnection types

[James Prestwood]

On 11/14/23 12:09 PM, Denis Kenzior wrote:
> Hi James,
> 
> On 11/14/23 11:39, James Prestwood wrote:
>> Hi Denis,
>>
>> On 11/14/23 9:14 AM, Denis Kenzior wrote:
>>> There are generally three scenarios where iwd generates a disconnection
>>> command to the kernel:
>>>    1. Error conditions stemming from a connection related event.  For
>>>       example if SAE/FT/FILS authentication fails during Authenticate or
>>>       Associate steps and the kernel doesn't disconnect properly.
>>>    2. Deauthentication after the connection has been established and not
>>>       related to a connection attempt in progress.  For example, SA 
>>> Query
>>>       processing that triggers an disconnect.
>>>    3. Disconnects that are triggered due to a handshake failure or if
>>>       setting keys resulting from the handshake fails.  These 
>>> disconnects
>>>       can be triggered as a result of a pending connection or when a
>>>       connection has been established (e.g. due to rekeying).
>>>
>>> Distinguish between 1 and 2/3 by having the disconnect procedure take
>>> different paths.  For now there are no functional changes since all
>>> paths end up in netdev_connect_failed(), but this will change in the
>>> future.
>>
>> I'm guessing the future changes would be to handle a CMD_DISCONNECT 
>> event via the connect callback?
> 
> Possibly.  Have not made up my mind completely yet, but we do it both 
> ways right now and we need to stick to one.  Wanted to get the easy 
> stuff out of the way first.  Any comments or should I push this out?

Nope, it looks good to me.

> 
> Regards,
> -Denis
> 

Re: [PATCH 11/11] netdev: disambiguate between disconnection types

[Alvin Šipraga]

Hi Denis,

On Tue, Nov 14, 2023 at 11:14:34AM -0600, Denis Kenzior wrote:
> There are generally three scenarios where iwd generates a disconnection
> command to the kernel:
>   1. Error conditions stemming from a connection related event.  For
>      example if SAE/FT/FILS authentication fails during Authenticate or
>      Associate steps and the kernel doesn't disconnect properly.
>   2. Deauthentication after the connection has been established and not
>      related to a connection attempt in progress.  For example, SA Query
>      processing that triggers an disconnect.
>   3. Disconnects that are triggered due to a handshake failure or if
>      setting keys resulting from the handshake fails.  These disconnects
>      can be triggered as a result of a pending connection or when a
>      connection has been established (e.g. due to rekeying).
> 
> Distinguish between 1 and 2/3 by having the disconnect procedure take
> different paths.  For now there are no functional changes since all
> paths end up in netdev_connect_failed(), but this will change in the
> future.

Sorry for not following up on the issue I raised the other week. I am
catching up with the mailing list now and see this patch. Am I right to
assume this is some preperatory work for solving the issue I identified?

I acknowledge your previous remark that the issue ought to be solved in
netdev.c and not in station.c.

Kind regards,
Alvin

Re: [PATCH 11/11] netdev: disambiguate between disconnection types

[Denis Kenzior]

Hi Alvin,

>> Distinguish between 1 and 2/3 by having the disconnect procedure take
>> different paths.  For now there are no functional changes since all
>> paths end up in netdev_connect_failed(), but this will change in the
>> future.
> 
> Sorry for not following up on the issue I raised the other week. I am
> catching up with the mailing list now and see this patch. Am I right to
> assume this is some preperatory work for solving the issue I identified?

Yep.  I got side-tracked by some oFono work, so don't have a fix for your 
particular problem yet.

Regards,
-Denis

Re: [PATCH 11/11] netdev: disambiguate between disconnection types

[Alvin Šipraga]

Hi Denis,

On Fri, Nov 24, 2023 at 10:25:40AM -0600, Denis Kenzior wrote:
> Hi Alvin,
> 
> > > Distinguish between 1 and 2/3 by having the disconnect procedure take
> > > different paths.  For now there are no functional changes since all
> > > paths end up in netdev_connect_failed(), but this will change in the
> > > future.
> > 
> > Sorry for not following up on the issue I raised the other week. I am
> > catching up with the mailing list now and see this patch. Am I right to
> > assume this is some preperatory work for solving the issue I identified?
> 
> Yep.  I got side-tracked by some oFono work, so don't have a fix for your
> particular problem yet.

Great, thanks a lot for following up on this. Sorry that I did not send
out a more robust patch, but I have not had time these days.

Please add me on CC if you work further on this and we can do some
additional internal testing to see if it works.

Kind regards,
Alvin

Re: [PATCH 01/11] netdev: Fix obtaining reason code from deauth frames

[Denis Kenzior]

On 11/14/23 11:14, Denis Kenzior wrote:
> The reason code from deauthentication frame was being obtained as a
> uint8_t instead of a uint16_t.  The value was only ever used in an
> informational statement.  Since the value was in little endian, only the
> first 8 bits of the reason code were obtained.  Fix that.
> 
> Fixes: 2bebb4bdc7ee ("netdev: Handle deauth frames prior to association")
> ---
>   src/netdev.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 

All applied.

Regards,
-Denis