| Message ID | 20231206150708.2080336-6-prestwoj@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Reassoc/FT roaming unification | expand |
| Context | Check | Description |
|---|---|---|
| tedd_an/pre-ci_am | success | Success |
| prestwoj/iwd-ci-gitlint | success | GitLint |
Hi James, On 12/6/23 09:07, James Prestwood wrote: > This will be called from station after FT-authentication has > finished. It sets up the handshake object to perform reassociation. > > This is essentially a copy-paste of ft_associate without sending > the actual frame. > --- > src/ft.c | 32 ++++++++++++++++++++++++++++++++ > src/ft.h | 2 ++ > 2 files changed, 34 insertions(+) > > diff --git a/src/ft.c b/src/ft.c > index 358a4594..738e08c3 100644 > --- a/src/ft.c > +++ b/src/ft.c > @@ -1276,6 +1276,38 @@ int ft_associate(uint32_t ifindex, const uint8_t *addr) > return ret; > } > > +int ft_handshake_setup(uint32_t ifindex, const uint8_t *target) > +{ > + struct netdev *netdev = netdev_find(ifindex); > + struct handshake_state *hs = netdev_get_handshake(netdev); > + struct ft_info *info; > + > + info = ft_info_find(ifindex, target); > + if (!info) > + return -ENOENT; > + > + /* > + * Either failed or no response. This may have been an FT-over-DS > + * attempt so clear out the entry so FT-over-Air can try again. > + */ > + if (info->status != 0) { > + int status = info->status; > + > + l_queue_remove(info_list, info); > + ft_info_destroy(info); > + > + return status; > + } > + > + if (L_WARN_ON(!ft_prepare_handshake(info, hs))) > + return -EINVAL; It isn't quite clear how this case should be handled? Would you still remove it from the queue and destroy this info object? Or destroy all authentications for the ifindex? > + > + /* After this no previous auths will be valid */ > + ft_clear_authentications(ifindex); > + > + return 0; > +} > + > static bool remove_ifindex(void *data, void *user_data) > { > struct ft_info *info = data; Regards, -Denis
Hi Denis, On 12/6/23 08:38, Denis Kenzior wrote: > Hi James, > > On 12/6/23 09:07, James Prestwood wrote: >> This will be called from station after FT-authentication has >> finished. It sets up the handshake object to perform reassociation. >> >> This is essentially a copy-paste of ft_associate without sending >> the actual frame. >> --- >> src/ft.c | 32 ++++++++++++++++++++++++++++++++ >> src/ft.h | 2 ++ >> 2 files changed, 34 insertions(+) >> >> diff --git a/src/ft.c b/src/ft.c >> index 358a4594..738e08c3 100644 >> --- a/src/ft.c >> +++ b/src/ft.c >> @@ -1276,6 +1276,38 @@ int ft_associate(uint32_t ifindex, const >> uint8_t *addr) >> return ret; >> } >> +int ft_handshake_setup(uint32_t ifindex, const uint8_t *target) >> +{ >> + struct netdev *netdev = netdev_find(ifindex); >> + struct handshake_state *hs = netdev_get_handshake(netdev); >> + struct ft_info *info; >> + >> + info = ft_info_find(ifindex, target); >> + if (!info) >> + return -ENOENT; >> + >> + /* >> + * Either failed or no response. This may have been an FT-over-DS >> + * attempt so clear out the entry so FT-over-Air can try again. >> + */ >> + if (info->status != 0) { >> + int status = info->status; >> + >> + l_queue_remove(info_list, info); >> + ft_info_destroy(info); >> + >> + return status; >> + } >> + >> + if (L_WARN_ON(!ft_prepare_handshake(info, hs))) >> + return -EINVAL; > > It isn't quite clear how this case should be handled? Would you still > remove it from the queue and destroy this info object? Or destroy all > authentications for the ifindex? Hmm good point. If that fails we've already wiped the old keys from the handshake so I don't think we could even try and roam elsewhere. This case wasn't handled prior, we would just send the associate without deriving the proper IEs. So I think we either need to handle this in station and fatally fail the roam, and disconnect I don't feel like doing it at the moment but we could create a new handshake object too and set only after everything succeeds. >> + /* After this no previous auths will be valid */ >> + ft_clear_authentications(ifindex); >> + >> + return 0; >> +} >> + >> static bool remove_ifindex(void *data, void *user_data) >> { >> struct ft_info *info = data; > > Regards, > -Denis >
diff --git a/src/ft.c b/src/ft.c index 358a4594..738e08c3 100644 --- a/src/ft.c +++ b/src/ft.c @@ -1276,6 +1276,38 @@ int ft_associate(uint32_t ifindex, const uint8_t *addr) return ret; } +int ft_handshake_setup(uint32_t ifindex, const uint8_t *target) +{ + struct netdev *netdev = netdev_find(ifindex); + struct handshake_state *hs = netdev_get_handshake(netdev); + struct ft_info *info; + + info = ft_info_find(ifindex, target); + if (!info) + return -ENOENT; + + /* + * Either failed or no response. This may have been an FT-over-DS + * attempt so clear out the entry so FT-over-Air can try again. + */ + if (info->status != 0) { + int status = info->status; + + l_queue_remove(info_list, info); + ft_info_destroy(info); + + return status; + } + + if (L_WARN_ON(!ft_prepare_handshake(info, hs))) + return -EINVAL; + + /* After this no previous auths will be valid */ + ft_clear_authentications(ifindex); + + return 0; +} + static bool remove_ifindex(void *data, void *user_data) { struct ft_info *info = data; diff --git a/src/ft.h b/src/ft.h index 51bbe3bc..23d0136e 100644 --- a/src/ft.h +++ b/src/ft.h @@ -39,6 +39,8 @@ void __ft_rx_action(uint32_t ifindex, const uint8_t *frame, size_t frame_len); void __ft_rx_authenticate(uint32_t ifindex, const uint8_t *frame, size_t frame_len); +int ft_handshake_setup(uint32_t ifindex, const uint8_t *target); + void ft_clear_authentications(uint32_t ifindex); int ft_action(uint32_t ifindex, uint32_t freq, const struct scan_bss *target); int ft_associate(uint32_t ifindex, const uint8_t *addr);