Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

networkmanager: backport support for Fast BSS Transition 

This commit backports the IEEE 802.11r support from the later version v1.20
and integrates it in NetworkManager v1.18 supported by Yocto 3.0 (Zeus)

https://jira.digi.com/browse/CC6UL-1110

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit is contained in:
Arturo Buzarra 2020-05-20 08:34:24 +02:00
parent 8f34bbc4f5
commit 9ddce7fde9
8 changed files with 890 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
meta-digi-dey/recipes-connectivity/networkmanager/networkmanager/0001-wifi-ap-recognize-FT-variants-of-wpa-psk-and-wpa-eap.patch Normal file
View File

@ -0,0 +1,25 @@
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Mon, 15 Jul 2019 11:30:12 +0000
Subject: [PATCH 1/7] wifi/ap: recognize FT variants of wpa-psk and wpa-eap
---
src/devices/wifi/nm-wifi-ap.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/devices/wifi/nm-wifi-ap.c b/src/devices/wifi/nm-wifi-ap.c
index feec8e7fa..8d60bee34 100644
--- a/src/devices/wifi/nm-wifi-ap.c
+++ b/src/devices/wifi/nm-wifi-ap.c
@@ -417,9 +417,11 @@ security_from_vardict (GVariant *security)
if ( g_variant_lookup (security, "KeyMgmt", "^a&s", &array)
&& array) {
- if (g_strv_contains (array, "wpa-psk"))
+ if (g_strv_contains (array, "wpa-psk") ||
+ g_strv_contains (array, "wpa-ft-psk"))
flags |= NM_802_11_AP_SEC_KEY_MGMT_PSK;
if (g_strv_contains (array, "wpa-eap") ||
+ g_strv_contains (array, "wpa-ft-eap") ||
g_strv_contains (array, "wpa-fils-sha256") ||
g_strv_contains (array, "wpa-fils-sha384"))
flags |= NM_802_11_AP_SEC_KEY_MGMT_802_1X;

235
meta-digi-dey/recipes-connectivity/networkmanager/networkmanager/0002-supplicant-detect-802.11r-fast-BSS-transition-FT.patch Normal file
View File

@ -0,0 +1,235 @@
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Mon, 15 Jul 2019 11:30:15 +0000
Subject: [PATCH 2/7] supplicant: detect 802.11r fast BSS transition (FT)
---
src/supplicant/nm-supplicant-interface.c | 33 +++++++++++++++++++++++-
src/supplicant/nm-supplicant-interface.h | 8 +++++-
src/supplicant/nm-supplicant-manager.c | 20 +++++++++++---
3 files changed, 55 insertions(+), 6 deletions(-)
diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c
index e94c98765..2eaa1401e 100644
--- a/src/supplicant/nm-supplicant-interface.c
+++ b/src/supplicant/nm-supplicant-interface.c
@@ -113,6 +113,7 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMSupplicantInterface,
PROP_FILS_SUPPORT,
PROP_P2P_SUPPORT,
PROP_WFD_SUPPORT,
+ PROP_FT_SUPPORT,
);
typedef struct {
@@ -125,6 +126,7 @@ typedef struct {
NMSupplicantFeature fils_support;
NMSupplicantFeature p2p_support;
NMSupplicantFeature wfd_support;
+ NMSupplicantFeature ft_support;
guint32 max_scan_ssids;
guint32 ready_count;
@@ -786,6 +788,12 @@ nm_supplicant_interface_get_wfd_support (NMSupplicantInterface *self)
return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->wfd_support;
}
+NMSupplicantFeature
+nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self)
+{
+ return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->ft_support;
+}
+
void
nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self,
NMSupplicantFeature ap_support)
@@ -844,6 +852,15 @@ nm_supplicant_interface_set_wfd_support (NMSupplicantInterface *self,
priv->wfd_support = wfd_support;
}
+void
+nm_supplicant_interface_set_ft_support (NMSupplicantInterface *self,
+ NMSupplicantFeature ft_support)
+{
+ NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
+
+ priv->ft_support = ft_support;
+}
+
/*****************************************************************************/
static void
@@ -2684,6 +2701,10 @@ set_property (GObject *object,
/* construct-only */
priv->wfd_support = g_value_get_int (value);
break;
+ case PROP_FT_SUPPORT:
+ /* construct-only */
+ priv->ft_support = g_value_get_int (value);
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -2709,7 +2730,8 @@ nm_supplicant_interface_new (const char *ifname,
NMSupplicantFeature pmf_support,
NMSupplicantFeature fils_support,
NMSupplicantFeature p2p_support,
- NMSupplicantFeature wfd_support)
+ NMSupplicantFeature wfd_support,
+ NMSupplicantFeature ft_support)
{
/* One of ifname or path need to be set */
g_return_val_if_fail (ifname != NULL || object_path != NULL, NULL);
@@ -2725,6 +2747,7 @@ nm_supplicant_interface_new (const char *ifname,
NM_SUPPLICANT_INTERFACE_FILS_SUPPORT, (int) fils_support,
NM_SUPPLICANT_INTERFACE_P2P_SUPPORT, (int) p2p_support,
NM_SUPPLICANT_INTERFACE_WFD_SUPPORT, (int) wfd_support,
+ NM_SUPPLICANT_INTERFACE_FT_SUPPORT, (int) ft_support,
NULL);
}
@@ -2883,6 +2906,14 @@ nm_supplicant_interface_class_init (NMSupplicantInterfaceClass *klass)
G_PARAM_WRITABLE |
G_PARAM_CONSTRUCT_ONLY |
G_PARAM_STATIC_STRINGS);
+ obj_properties[PROP_FT_SUPPORT] =
+ g_param_spec_int (NM_SUPPLICANT_INTERFACE_FT_SUPPORT, "", "",
+ NM_SUPPLICANT_FEATURE_UNKNOWN,
+ NM_SUPPLICANT_FEATURE_YES,
+ NM_SUPPLICANT_FEATURE_UNKNOWN,
+ G_PARAM_WRITABLE |
+ G_PARAM_CONSTRUCT_ONLY |
+ G_PARAM_STATIC_STRINGS);
g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties);
diff --git a/src/supplicant/nm-supplicant-interface.h b/src/supplicant/nm-supplicant-interface.h
index 2e124df92..0b33a4e41 100644
--- a/src/supplicant/nm-supplicant-interface.h
+++ b/src/supplicant/nm-supplicant-interface.h
@@ -68,6 +68,7 @@ typedef enum {
#define NM_SUPPLICANT_INTERFACE_FILS_SUPPORT "fils-support"
#define NM_SUPPLICANT_INTERFACE_P2P_SUPPORT "p2p-support"
#define NM_SUPPLICANT_INTERFACE_WFD_SUPPORT "wfd-support"
+#define NM_SUPPLICANT_INTERFACE_FT_SUPPORT "ft-support"
/* Signals */
#define NM_SUPPLICANT_INTERFACE_STATE "state"
@@ -95,7 +96,8 @@ NMSupplicantInterface * nm_supplicant_interface_new (const char *ifname,
NMSupplicantFeature pmf_support,
NMSupplicantFeature fils_support,
NMSupplicantFeature p2p_support,
- NMSupplicantFeature wfd_support);
+ NMSupplicantFeature wfd_support,
+ NMSupplicantFeature ft_support);
void nm_supplicant_interface_set_supplicant_available (NMSupplicantInterface *self,
gboolean available);
@@ -161,6 +163,7 @@ NMSupplicantFeature nm_supplicant_interface_get_pmf_support (NMSupplicantInterfa
NMSupplicantFeature nm_supplicant_interface_get_fils_support (NMSupplicantInterface *self);
NMSupplicantFeature nm_supplicant_interface_get_p2p_support (NMSupplicantInterface *self);
NMSupplicantFeature nm_supplicant_interface_get_wfd_support (NMSupplicantInterface *self);
+NMSupplicantFeature nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self);
void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self,
NMSupplicantFeature apmode);
@@ -180,6 +183,9 @@ void nm_supplicant_interface_set_p2p_support (NMSupplicantInterface *self,
void nm_supplicant_interface_set_wfd_support (NMSupplicantInterface *self,
NMSupplicantFeature wfd_support);
+void nm_supplicant_interface_set_ft_support (NMSupplicantInterface *self,
+ NMSupplicantFeature ft_support);
+
void nm_supplicant_interface_enroll_wps (NMSupplicantInterface *self,
const char *const type,
const char *bssid,
diff --git a/src/supplicant/nm-supplicant-manager.c b/src/supplicant/nm-supplicant-manager.c
index 2945d21ca..f7a3bdbf2 100644
--- a/src/supplicant/nm-supplicant-manager.c
+++ b/src/supplicant/nm-supplicant-manager.c
@@ -40,6 +40,7 @@ typedef struct {
NMSupplicantFeature fils_support;
NMSupplicantFeature p2p_support;
NMSupplicantFeature wfd_support;
+ NMSupplicantFeature ft_support;
guint die_count_reset_id;
guint die_count;
} NMSupplicantManagerPrivate;
@@ -231,7 +232,8 @@ nm_supplicant_manager_create_interface (NMSupplicantManager *self,
priv->pmf_support,
priv->fils_support,
priv->p2p_support,
- priv->wfd_support);
+ priv->wfd_support,
+ priv->ft_support);
priv->ifaces = g_slist_prepend (priv->ifaces, iface);
g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self);
@@ -288,7 +290,8 @@ nm_supplicant_manager_create_interface_from_path (NMSupplicantManager *self,
priv->pmf_support,
priv->fils_support,
priv->p2p_support,
- priv->wfd_support);
+ priv->wfd_support,
+ priv->ft_support);
priv->ifaces = g_slist_prepend (priv->ifaces, iface);
g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self);
@@ -324,8 +327,9 @@ update_capabilities (NMSupplicantManager *self)
priv->ap_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
priv->fils_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
- /* P2P support is newer than the capabilities property */
+ /* Support for the following is newer than the capabilities property */
priv->p2p_support = NM_SUPPLICANT_FEATURE_NO;
+ priv->ft_support = NM_SUPPLICANT_FEATURE_NO;
value = g_dbus_proxy_get_cached_property (priv->proxy, "Capabilities");
if (value) {
@@ -335,6 +339,7 @@ update_capabilities (NMSupplicantManager *self)
priv->pmf_support = NM_SUPPLICANT_FEATURE_NO;
priv->fils_support = NM_SUPPLICANT_FEATURE_NO;
priv->p2p_support = NM_SUPPLICANT_FEATURE_NO;
+ priv->ft_support = NM_SUPPLICANT_FEATURE_NO;
if (array) {
if (g_strv_contains (array, "ap"))
priv->ap_support = NM_SUPPLICANT_FEATURE_YES;
@@ -344,18 +349,21 @@ update_capabilities (NMSupplicantManager *self)
priv->fils_support = NM_SUPPLICANT_FEATURE_YES;
if (g_strv_contains (array, "p2p"))
priv->p2p_support = NM_SUPPLICANT_FEATURE_YES;
+ if (g_strv_contains (array, "ft"))
+ priv->ft_support = NM_SUPPLICANT_FEATURE_YES;
g_free (array);
}
}
g_variant_unref (value);
}
- /* Tell all interfaces about results of the AP/PMF/FILS/P2P check */
+ /* Tell all interfaces about results of the AP/PMF/FILS/P2P/FT check */
for (ifaces = priv->ifaces; ifaces; ifaces = ifaces->next) {
nm_supplicant_interface_set_ap_support (ifaces->data, priv->ap_support);
nm_supplicant_interface_set_pmf_support (ifaces->data, priv->pmf_support);
nm_supplicant_interface_set_fils_support (ifaces->data, priv->fils_support);
nm_supplicant_interface_set_p2p_support (ifaces->data, priv->p2p_support);
+ nm_supplicant_interface_set_ft_support (ifaces->data, priv->ft_support);
}
_LOGD ("AP mode is %ssupported",
@@ -370,6 +378,9 @@ update_capabilities (NMSupplicantManager *self)
_LOGD ("P2P is %ssupported",
(priv->p2p_support == NM_SUPPLICANT_FEATURE_YES) ? "" :
(priv->p2p_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly ");
+ _LOGD ("FT is %ssupported",
+ (priv->ft_support == NM_SUPPLICANT_FEATURE_YES) ? "" :
+ (priv->ft_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly ");
/* EAP-FAST */
priv->fast_support = NM_SUPPLICANT_FEATURE_NO;
@@ -508,6 +519,7 @@ name_owner_cb (GDBusProxy *proxy, GParamSpec *pspec, gpointer user_data)
priv->fast_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
priv->fils_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
+ priv->ft_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
set_running (self, FALSE);
}

233
meta-digi-dey/recipes-connectivity/networkmanager/networkmanager/0003-supplicant-detect-SHA384-support.patch Normal file
View File

@ -0,0 +1,233 @@
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Mon, 15 Jul 2019 11:30:19 +0000
Subject: [PATCH 3/7] supplicant: detect SHA384 support
---
src/supplicant/nm-supplicant-interface.c | 33 +++++++++++++++++++++++-
src/supplicant/nm-supplicant-interface.h | 8 +++++-
src/supplicant/nm-supplicant-manager.c | 18 ++++++++++---
3 files changed, 54 insertions(+), 5 deletions(-)
diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c
index 2eaa1401e..1c92b9a74 100644
--- a/src/supplicant/nm-supplicant-interface.c
+++ b/src/supplicant/nm-supplicant-interface.c
@@ -114,6 +114,7 @@ NM_GOBJECT_PROPERTIES_DEFINE (NMSupplicantInterface,
PROP_P2P_SUPPORT,
PROP_WFD_SUPPORT,
PROP_FT_SUPPORT,
+ PROP_SHA384_SUPPORT,
);
typedef struct {
@@ -127,6 +128,7 @@ typedef struct {
NMSupplicantFeature p2p_support;
NMSupplicantFeature wfd_support;
NMSupplicantFeature ft_support;
+ NMSupplicantFeature sha384_support;
guint32 max_scan_ssids;
guint32 ready_count;
@@ -794,6 +796,12 @@ nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self)
return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->ft_support;
}
+NMSupplicantFeature
+nm_supplicant_interface_get_sha384_support (NMSupplicantInterface *self)
+{
+ return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->sha384_support;
+}
+
void
nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self,
NMSupplicantFeature ap_support)
@@ -861,6 +869,15 @@ nm_supplicant_interface_set_ft_support (NMSupplicantInterface *self,
priv->ft_support = ft_support;
}
+void
+nm_supplicant_interface_set_sha384_support (NMSupplicantInterface *self,
+ NMSupplicantFeature sha384_support)
+{
+ NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
+
+ priv->sha384_support = sha384_support;
+}
+
/*****************************************************************************/
static void
@@ -2705,6 +2722,10 @@ set_property (GObject *object,
/* construct-only */
priv->ft_support = g_value_get_int (value);
break;
+ case PROP_SHA384_SUPPORT:
+ /* construct-only */
+ priv->sha384_support = g_value_get_int (value);
+ break;
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -2731,7 +2752,8 @@ nm_supplicant_interface_new (const char *ifname,
NMSupplicantFeature fils_support,
NMSupplicantFeature p2p_support,
NMSupplicantFeature wfd_support,
- NMSupplicantFeature ft_support)
+ NMSupplicantFeature ft_support,
+ NMSupplicantFeature sha384_support)
{
/* One of ifname or path need to be set */
g_return_val_if_fail (ifname != NULL || object_path != NULL, NULL);
@@ -2748,6 +2770,7 @@ nm_supplicant_interface_new (const char *ifname,
NM_SUPPLICANT_INTERFACE_P2P_SUPPORT, (int) p2p_support,
NM_SUPPLICANT_INTERFACE_WFD_SUPPORT, (int) wfd_support,
NM_SUPPLICANT_INTERFACE_FT_SUPPORT, (int) ft_support,
+ NM_SUPPLICANT_INTERFACE_SHA384_SUPPORT, (int) sha384_support,
NULL);
}
@@ -2914,6 +2937,14 @@ nm_supplicant_interface_class_init (NMSupplicantInterfaceClass *klass)
G_PARAM_WRITABLE |
G_PARAM_CONSTRUCT_ONLY |
G_PARAM_STATIC_STRINGS);
+ obj_properties[PROP_SHA384_SUPPORT] =
+ g_param_spec_int (NM_SUPPLICANT_INTERFACE_SHA384_SUPPORT, "", "",
+ NM_SUPPLICANT_FEATURE_UNKNOWN,
+ NM_SUPPLICANT_FEATURE_YES,
+ NM_SUPPLICANT_FEATURE_UNKNOWN,
+ G_PARAM_WRITABLE |
+ G_PARAM_CONSTRUCT_ONLY |
+ G_PARAM_STATIC_STRINGS);
g_object_class_install_properties (object_class, _PROPERTY_ENUMS_LAST, obj_properties);
diff --git a/src/supplicant/nm-supplicant-interface.h b/src/supplicant/nm-supplicant-interface.h
index 0b33a4e41..8e9eede6f 100644
--- a/src/supplicant/nm-supplicant-interface.h
+++ b/src/supplicant/nm-supplicant-interface.h
@@ -69,6 +69,7 @@ typedef enum {
#define NM_SUPPLICANT_INTERFACE_P2P_SUPPORT "p2p-support"
#define NM_SUPPLICANT_INTERFACE_WFD_SUPPORT "wfd-support"
#define NM_SUPPLICANT_INTERFACE_FT_SUPPORT "ft-support"
+#define NM_SUPPLICANT_INTERFACE_SHA384_SUPPORT "sha384-support"
/* Signals */
#define NM_SUPPLICANT_INTERFACE_STATE "state"
@@ -97,7 +98,8 @@ NMSupplicantInterface * nm_supplicant_interface_new (const char *ifname,
NMSupplicantFeature fils_support,
NMSupplicantFeature p2p_support,
NMSupplicantFeature wfd_support,
- NMSupplicantFeature ft_support);
+ NMSupplicantFeature ft_support,
+ NMSupplicantFeature sha384_support);
void nm_supplicant_interface_set_supplicant_available (NMSupplicantInterface *self,
gboolean available);
@@ -164,6 +166,7 @@ NMSupplicantFeature nm_supplicant_interface_get_fils_support (NMSupplicantInterf
NMSupplicantFeature nm_supplicant_interface_get_p2p_support (NMSupplicantInterface *self);
NMSupplicantFeature nm_supplicant_interface_get_wfd_support (NMSupplicantInterface *self);
NMSupplicantFeature nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self);
+NMSupplicantFeature nm_supplicant_interface_get_sha384_support (NMSupplicantInterface *self);
void nm_supplicant_interface_set_ap_support (NMSupplicantInterface *self,
NMSupplicantFeature apmode);
@@ -186,6 +189,9 @@ void nm_supplicant_interface_set_wfd_support (NMSupplicantInterface *self,
void nm_supplicant_interface_set_ft_support (NMSupplicantInterface *self,
NMSupplicantFeature ft_support);
+void nm_supplicant_interface_set_sha384_support (NMSupplicantInterface *self,
+ NMSupplicantFeature sha384_support);
+
void nm_supplicant_interface_enroll_wps (NMSupplicantInterface *self,
const char *const type,
const char *bssid,
diff --git a/src/supplicant/nm-supplicant-manager.c b/src/supplicant/nm-supplicant-manager.c
index f7a3bdbf2..d4b5bd831 100644
--- a/src/supplicant/nm-supplicant-manager.c
+++ b/src/supplicant/nm-supplicant-manager.c
@@ -41,6 +41,7 @@ typedef struct {
NMSupplicantFeature p2p_support;
NMSupplicantFeature wfd_support;
NMSupplicantFeature ft_support;
+ NMSupplicantFeature sha384_support;
guint die_count_reset_id;
guint die_count;
} NMSupplicantManagerPrivate;
@@ -233,7 +234,8 @@ nm_supplicant_manager_create_interface (NMSupplicantManager *self,
priv->fils_support,
priv->p2p_support,
priv->wfd_support,
- priv->ft_support);
+ priv->ft_support,
+ priv->sha384_support);
priv->ifaces = g_slist_prepend (priv->ifaces, iface);
g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self);
@@ -291,7 +293,8 @@ nm_supplicant_manager_create_interface_from_path (NMSupplicantManager *self,
priv->fils_support,
priv->p2p_support,
priv->wfd_support,
- priv->ft_support);
+ priv->ft_support,
+ priv->sha384_support);
priv->ifaces = g_slist_prepend (priv->ifaces, iface);
g_object_add_toggle_ref ((GObject *) iface, _sup_iface_last_ref, self);
@@ -330,6 +333,7 @@ update_capabilities (NMSupplicantManager *self)
/* Support for the following is newer than the capabilities property */
priv->p2p_support = NM_SUPPLICANT_FEATURE_NO;
priv->ft_support = NM_SUPPLICANT_FEATURE_NO;
+ priv->sha384_support = NM_SUPPLICANT_FEATURE_NO;
value = g_dbus_proxy_get_cached_property (priv->proxy, "Capabilities");
if (value) {
@@ -340,6 +344,7 @@ update_capabilities (NMSupplicantManager *self)
priv->fils_support = NM_SUPPLICANT_FEATURE_NO;
priv->p2p_support = NM_SUPPLICANT_FEATURE_NO;
priv->ft_support = NM_SUPPLICANT_FEATURE_NO;
+ priv->sha384_support = NM_SUPPLICANT_FEATURE_NO;
if (array) {
if (g_strv_contains (array, "ap"))
priv->ap_support = NM_SUPPLICANT_FEATURE_YES;
@@ -351,19 +356,22 @@ update_capabilities (NMSupplicantManager *self)
priv->p2p_support = NM_SUPPLICANT_FEATURE_YES;
if (g_strv_contains (array, "ft"))
priv->ft_support = NM_SUPPLICANT_FEATURE_YES;
+ if (g_strv_contains (array, "sha384"))
+ priv->sha384_support = NM_SUPPLICANT_FEATURE_YES;
g_free (array);
}
}
g_variant_unref (value);
}
- /* Tell all interfaces about results of the AP/PMF/FILS/P2P/FT check */
+ /* Tell all interfaces about results of the AP/PMF/FILS/P2P/FT/SHA384 check */
for (ifaces = priv->ifaces; ifaces; ifaces = ifaces->next) {
nm_supplicant_interface_set_ap_support (ifaces->data, priv->ap_support);
nm_supplicant_interface_set_pmf_support (ifaces->data, priv->pmf_support);
nm_supplicant_interface_set_fils_support (ifaces->data, priv->fils_support);
nm_supplicant_interface_set_p2p_support (ifaces->data, priv->p2p_support);
nm_supplicant_interface_set_ft_support (ifaces->data, priv->ft_support);
+ nm_supplicant_interface_set_sha384_support (ifaces->data, priv->sha384_support);
}
_LOGD ("AP mode is %ssupported",
@@ -381,6 +389,9 @@ update_capabilities (NMSupplicantManager *self)
_LOGD ("FT is %ssupported",
(priv->ft_support == NM_SUPPLICANT_FEATURE_YES) ? "" :
(priv->ft_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly ");
+ _LOGD ("SHA384 is %ssupported",
+ (priv->sha384_support == NM_SUPPLICANT_FEATURE_YES) ? "" :
+ (priv->sha384_support == NM_SUPPLICANT_FEATURE_NO) ? "not " : "possibly ");
/* EAP-FAST */
priv->fast_support = NM_SUPPLICANT_FEATURE_NO;
@@ -520,6 +531,7 @@ name_owner_cb (GDBusProxy *proxy, GParamSpec *pspec, gpointer user_data)
priv->pmf_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
priv->fils_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
priv->ft_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
+ priv->sha384_support = NM_SUPPLICANT_FEATURE_UNKNOWN;
set_running (self, FALSE);
}

69
meta-digi-dey/recipes-connectivity/networkmanager/networkmanager/0004-supplicant-reorganize-the-routine-that-sets-key_mgmt.patch Normal file
View File

@ -0,0 +1,69 @@
From 5480ec853702787a39bba2eec4cc7d03d07600c2 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Mon, 15 Jul 2019 11:30:27 +0000
Subject: [PATCH 4/7] supplicant: reorganize the routine that sets key_mgmt a
bit
This is functionally equivalent, it only makes it easier to plug in the FT
enablement logic at a later point.
---
src/supplicant/nm-supplicant-config.c | 25 +++++++++++++------------
1 file changed, 13 insertions(+), 12 deletions(-)
diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c
index 2fc898c9e..0e20a2790 100644
--- a/src/supplicant/nm-supplicant-config.c
+++ b/src/supplicant/nm-supplicant-config.c
@@ -754,7 +754,8 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
GError **error)
{
NMSupplicantConfigPrivate *priv = NM_SUPPLICANT_CONFIG_GET_PRIVATE (self);
- const char *key_mgmt, *key_mgmt_conf, *auth_alg;
+ nm_auto_free_gstring GString *key_mgmt_conf = NULL;
+ const char *key_mgmt, *auth_alg;
const char *psk;
gboolean set_pmf;
@@ -773,28 +774,28 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
fils = NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE;
}
- key_mgmt = key_mgmt_conf = nm_setting_wireless_security_get_key_mgmt (setting);
+ key_mgmt = nm_setting_wireless_security_get_key_mgmt (setting);
+ key_mgmt_conf = g_string_new (key_mgmt);
if (nm_streq (key_mgmt, "wpa-psk")) {
if (priv->support_pmf)
- key_mgmt_conf = "wpa-psk wpa-psk-sha256";
+ g_string_append (key_mgmt_conf, " wpa-psk-sha256");
} else if (nm_streq (key_mgmt, "wpa-eap")) {
+ if (priv->support_pmf)
+ g_string_append (key_mgmt_conf, " wpa-eap-sha256");
switch (fils) {
- case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL:
- key_mgmt_conf = priv->support_pmf
- ? "wpa-eap wpa-eap-sha256 fils-sha256 fils-sha384"
- : "wpa-eap fils-sha256 fils-sha384";
- break;
case NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED:
- key_mgmt_conf = "fils-sha256 fils-sha384";
+ g_string_assign (key_mgmt_conf, "fils-sha256 fils-sha384");
break;
- default:
+ case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL:
if (priv->support_pmf)
- key_mgmt_conf = "wpa-eap wpa-eap-sha256";
+ g_string_append (key_mgmt_conf, " fils-sha256 fils-sha384");
+ break;
+ default:
break;
}
}
- if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL, error))
+ if (!add_string_val (self, key_mgmt_conf->str, "key_mgmt", TRUE, NULL, error))
return FALSE;
auth_alg = nm_setting_wireless_security_get_auth_alg (setting);
--
2.17.1

168
meta-digi-dey/recipes-connectivity/networkmanager/networkmanager/0005-supplicant-allow-fast-transition-for-WPA-PSK-and-WPA.patch Normal file
View File

@ -0,0 +1,168 @@
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Mon, 15 Jul 2019 11:30:30 +0000
Subject: [PATCH 5/7] supplicant: allow fast transition for WPA-PSK and WPA-EAP
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/4
---
src/devices/nm-device-ethernet.c | 2 +-
src/devices/nm-device-macsec.c | 2 +-
src/devices/wifi/nm-device-wifi.c | 4 ++-
src/supplicant/nm-supplicant-config.c | 26 ++++++++++++++++---
src/supplicant/nm-supplicant-config.h | 3 ++-
.../nm-supplicant-settings-verify.c | 4 +--
src/supplicant/tests/test-supplicant-config.c | 2 +-
7 files changed, 33 insertions(+), 10 deletions(-)
diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c
index 0d45dfded..3e84847ed 100644
--- a/src/devices/nm-device-ethernet.c
+++ b/src/devices/nm-device-ethernet.c
@@ -560,7 +560,7 @@ build_supplicant_config (NMDeviceEthernet *self,
mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)),
nm_device_get_ifindex (NM_DEVICE (self)));
- config = nm_supplicant_config_new (FALSE, FALSE);
+ config = nm_supplicant_config_new (FALSE, FALSE, FALSE, FALSE);
security = nm_connection_get_setting_802_1x (connection);
if (!nm_supplicant_config_add_setting_8021x (config, security, con_uuid, mtu, TRUE, error)) {
diff --git a/src/devices/nm-device-macsec.c b/src/devices/nm-device-macsec.c
index 54e04a1bf..e3e3a895b 100644
--- a/src/devices/nm-device-macsec.c
+++ b/src/devices/nm-device-macsec.c
@@ -224,7 +224,7 @@ build_supplicant_config (NMDeviceMacsec *self, GError **error)
mtu = nm_platform_link_get_mtu (nm_device_get_platform (NM_DEVICE (self)),
nm_device_get_ifindex (NM_DEVICE (self)));
- config = nm_supplicant_config_new (FALSE, FALSE);
+ config = nm_supplicant_config_new (FALSE, FALSE, FALSE, FALSE);
s_macsec = nm_device_get_applied_setting (NM_DEVICE (self), NM_TYPE_SETTING_MACSEC);
diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c
index a1fa96be9..db6ccf5b2 100644
--- a/src/devices/wifi/nm-device-wifi.c
+++ b/src/devices/wifi/nm-device-wifi.c
@@ -2452,7 +2452,9 @@ build_supplicant_config (NMDeviceWifi *self,
config = nm_supplicant_config_new (
nm_supplicant_interface_get_pmf_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES,
- nm_supplicant_interface_get_fils_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES);
+ nm_supplicant_interface_get_fils_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES,
+ nm_supplicant_interface_get_ft_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES,
+ nm_supplicant_interface_get_sha384_support (priv->sup_iface) == NM_SUPPLICANT_FEATURE_YES);
/* Warn if AP mode may not be supported */
if ( g_strcmp0 (nm_setting_wireless_get_mode (s_wireless), NM_SETTING_WIRELESS_MODE_AP) == 0
diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c
index 0e20a2790..9873fc811 100644
--- a/src/supplicant/nm-supplicant-config.c
+++ b/src/supplicant/nm-supplicant-config.c
@@ -49,6 +49,8 @@ typedef struct {
gboolean dispose_has_run;
gboolean support_pmf;
gboolean support_fils;
+ gboolean support_ft;
+ gboolean support_sha384;
} NMSupplicantConfigPrivate;
struct _NMSupplicantConfig {
@@ -67,7 +69,8 @@ G_DEFINE_TYPE (NMSupplicantConfig, nm_supplicant_config, G_TYPE_OBJECT)
/*****************************************************************************/
NMSupplicantConfig *
-nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils)
+nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils,
+ gboolean support_ft, gboolean support_sha384)
{
NMSupplicantConfigPrivate *priv;
NMSupplicantConfig *self;
@@ -77,6 +80,8 @@ nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils)
priv->support_pmf = support_pmf;
priv->support_fils = support_fils;
+ priv->support_ft = support_ft;
+ priv->support_sha384 = support_sha384;
return self;
}
@@ -779,20 +784,35 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self,
if (nm_streq (key_mgmt, "wpa-psk")) {
if (priv->support_pmf)
g_string_append (key_mgmt_conf, " wpa-psk-sha256");
+ if (priv->support_ft)
+ g_string_append (key_mgmt_conf, " ft-psk");
} else if (nm_streq (key_mgmt, "wpa-eap")) {
if (priv->support_pmf)
g_string_append (key_mgmt_conf, " wpa-eap-sha256");
+ if (priv->support_ft)
+ g_string_append (key_mgmt_conf, " ft-eap");
+ if (priv->support_ft && priv->support_sha384)
+ g_string_append (key_mgmt_conf, " ft-eap-sha384");
switch (fils) {
case NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED:
- g_string_assign (key_mgmt_conf, "fils-sha256 fils-sha384");
- break;
+ g_string_truncate (key_mgmt_conf, 0);
+ if (!priv->support_pmf)
+ g_string_assign (key_mgmt_conf, "fils-sha256 fils-sha384");
+ /* fall-through */
case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL:
if (priv->support_pmf)
g_string_append (key_mgmt_conf, " fils-sha256 fils-sha384");
+ if (priv->support_pmf && priv->support_ft)
+ g_string_append (key_mgmt_conf, " ft-fils-sha256");
+ if (priv->support_pmf && priv->support_ft & priv->support_sha384)
+ g_string_append (key_mgmt_conf, " ft-fils-sha384");
break;
default:
break;
}
+ } else if (nm_streq (key_mgmt, "sae")) {
+ if (priv->support_ft)
+ g_string_append (key_mgmt_conf, " ft-sae");
}
if (!add_string_val (self, key_mgmt_conf->str, "key_mgmt", TRUE, NULL, error))
diff --git a/src/supplicant/nm-supplicant-config.h b/src/supplicant/nm-supplicant-config.h
index 93038ba5b..c4e7310d5 100644
--- a/src/supplicant/nm-supplicant-config.h
+++ b/src/supplicant/nm-supplicant-config.h
@@ -39,7 +39,8 @@ typedef struct _NMSupplicantConfigClass NMSupplicantConfigClass;
GType nm_supplicant_config_get_type (void);
-NMSupplicantConfig *nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils);
+NMSupplicantConfig *nm_supplicant_config_new (gboolean support_pmf, gboolean support_fils,
+ gboolean support_ft, gboolean support_sha384);
guint32 nm_supplicant_config_get_ap_scan (NMSupplicantConfig *self);
diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c
index b7f1a0223..20466af1d 100644
--- a/src/supplicant/nm-supplicant-settings-verify.c
+++ b/src/supplicant/nm-supplicant-settings-verify.c
@@ -66,8 +66,8 @@ static const struct validate_entry validate_table[] = {
const char * pairwise_allowed[] = { "CCMP", "TKIP", "NONE", NULL };
const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL };
const char * proto_allowed[] = { "WPA", "RSN", NULL };
-const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256",
- "WPA-EAP", "WPA-EAP-SHA256",
+const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "FT-PSK",
+ "WPA-EAP", "WPA-EAP-SHA256", "FT-EAP", "FT-EAP-SHA384",
"FILS-SHA256", "FILS-SHA384",
"IEEE8021X", "WPA-NONE", "SAE",
"NONE", NULL };
diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c
index 35330d0c8..819256fb7 100644
--- a/src/supplicant/tests/test-supplicant-config.c
+++ b/src/supplicant/tests/test-supplicant-config.c
@@ -110,7 +110,7 @@ build_supplicant_config (NMConnection *connection,
NMSetting8021x *s_8021x;
gboolean success;
- config = nm_supplicant_config_new (support_pmf, support_fils);
+ config = nm_supplicant_config_new (support_pmf, support_fils, FALSE, FALSE);
s_wifi = nm_connection_get_setting_wireless (connection);
g_assert (s_wifi);

121
meta-digi-dey/recipes-connectivity/networkmanager/networkmanager/0006-wifi-detect-FT-support-per-interface-and-avoid-enabl.patch Normal file
View File

@ -0,0 +1,121 @@
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 20 Aug 2019 15:50:32 +0200
Subject: [PATCH 6/7] wifi: detect FT support per interface and avoid enabling it
Previously we only cared whether supplicant is build with support for
FT. In that case we would pass FT-PSK to supplicant, like
Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 FT-PSK'
Supplicant would then always try FT with preference, regardless whether
the interface/driver support it. That results in a failure to associate, if
the driver does not support it.
NetworkManager[1356]: <info> [1566296144.9940] Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 FT-PSK'
...
wpa_supplicant[1348]: wlan0: WPA: AP key_mgmt 0x42 network profile key_mgmt 0x142; available key_mgmt 0x42
wpa_supplicant[1348]: wlan0: WPA: using KEY_MGMT FT/PSK
...
wpa_supplicant[1348]: * akm=0xfac04
...
kernel: ERROR @wl_set_key_mgmt :
kernel: invalid cipher group (1027076)
Since we pass a list of acceptable "key_mgmt" options to supplicant,
FT-PSK should not be used when supplicant knows it's not supported.
That is a supplicant bug.
Regardless, work around it by checking the per-interface capability, and
avoid it if support is apparently not present.
(cherry picked from commit 2f8a4e90f0fd0f900996e3081d49f8799bba4c6f)
---
src/supplicant/nm-supplicant-interface.c | 35 ++++++++++++++++++------
1 file changed, 26 insertions(+), 9 deletions(-)
diff --git a/src/supplicant/nm-supplicant-interface.c b/src/supplicant/nm-supplicant-interface.c
index dba1a57e0..1bae70380 100644
--- a/src/supplicant/nm-supplicant-interface.c
+++ b/src/supplicant/nm-supplicant-interface.c
@@ -128,7 +128,8 @@ typedef struct {
NMSupplicantFeature fils_support;
NMSupplicantFeature p2p_support;
NMSupplicantFeature wfd_support;
- NMSupplicantFeature ft_support;
+ NMSupplicantFeature ft_support_global;
+ NMSupplicantFeature ft_support_per_iface;
NMSupplicantFeature sha384_support;
guint32 max_scan_ssids;
guint32 ready_count;
@@ -602,14 +603,25 @@ static void
parse_capabilities (NMSupplicantInterface *self, GVariant *capabilities)
{
NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
- gboolean have_active = FALSE, have_p2p = FALSE, have_ssid = FALSE;
+ gboolean have_active = FALSE;
+ gboolean have_ssid = FALSE;
+ gboolean have_p2p = FALSE;
+ gboolean have_ft = FALSE;
gint32 max_scan_ssids = -1;
const char **array;
g_return_if_fail (capabilities && g_variant_is_of_type (capabilities, G_VARIANT_TYPE_VARDICT));
- if ( g_variant_lookup (capabilities, "Modes", "^a&s", &array)
- && array) {
+ if (g_variant_lookup (capabilities, "KeyMgmt", "^a&s", &array)) {
+ have_ft = g_strv_contains (array, "wpa-ft-psk");
+ g_free (array);
+ }
+
+ priv->ft_support_per_iface = have_ft
+ ? NM_SUPPLICANT_FEATURE_YES
+ : NM_SUPPLICANT_FEATURE_NO;
+
+ if (g_variant_lookup (capabilities, "Modes", "^a&s", &array)) {
if (g_strv_contains (array, "p2p"))
have_p2p = TRUE;
g_free (array);
@@ -620,8 +632,7 @@ parse_capabilities (NMSupplicantInterface *self, GVariant *capabilities)
_notify (self, PROP_P2P_AVAILABLE);
}
- if ( g_variant_lookup (capabilities, "Scan", "^a&s", &array)
- && array) {
+ if (g_variant_lookup (capabilities, "Scan", "^a&s", &array)) {
if (g_strv_contains (array, "active"))
have_active = TRUE;
if (g_strv_contains (array, "ssid"))
@@ -794,7 +805,13 @@ nm_supplicant_interface_get_wfd_support (NMSupplicantInterface *self)
NMSupplicantFeature
nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self)
{
- return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->ft_support;
+ NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
+
+ if (priv->ft_support_global == NM_SUPPLICANT_FEATURE_NO)
+ return NM_SUPPLICANT_FEATURE_NO;
+ if (priv->ft_support_per_iface != NM_SUPPLICANT_FEATURE_UNKNOWN)
+ return priv->ft_support_per_iface;
+ return priv->ft_support_global;
}
NMSupplicantFeature
@@ -867,7 +884,7 @@ nm_supplicant_interface_set_ft_support (NMSupplicantInterface *self,
{
NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
- priv->ft_support = ft_support;
+ priv->ft_support_global = ft_support;
}
void
@@ -2721,7 +2738,7 @@ set_property (GObject *object,
break;
case PROP_FT_SUPPORT:
/* construct-only */
- priv->ft_support = g_value_get_int (value);
+ priv->ft_support_global = g_value_get_int (value);
break;
case PROP_SHA384_SUPPORT:
/* construct-only */

27
meta-digi-dey/recipes-connectivity/networkmanager/networkmanager/0007-supplicant-add-FT-SAE-key-mgmt-to-verification-list.patch Normal file
View File

@ -0,0 +1,27 @@
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Mon, 16 Sep 2019 16:14:38 +0200
Subject: [PATCH 7/7] supplicant: add FT-SAE key-mgmt to verification list
FT-SAE is missing in the supplicant configuration verification list,
causing an activation failure when using SAE and the supplicant
supports FT.
Fixes: d17a0a090555 ('supplicant: allow fast transition for WPA-PSK and WPA-EAP')
(cherry picked from commit c177a38e88021392412a796154d47168b8b17598)
---
src/supplicant/nm-supplicant-settings-verify.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c
index 96666e94f..583aa861e 100644
--- a/src/supplicant/nm-supplicant-settings-verify.c
+++ b/src/supplicant/nm-supplicant-settings-verify.c
@@ -70,7 +70,7 @@ const char * proto_allowed[] = { "WPA", "RSN", NULL };
const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "FT-PSK",
"WPA-EAP", "WPA-EAP-SHA256", "FT-EAP", "FT-EAP-SHA384",
"FILS-SHA256", "FILS-SHA384",
- "IEEE8021X", "WPA-NONE", "SAE",
+ "IEEE8021X", "WPA-NONE", "SAE", "FT-SAE",
"NONE", NULL };
const char * auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL };
const char * eap_allowed[] = { "LEAP", "MD5", "TLS", "PEAP", "TTLS", "SIM",

12
meta-digi-dey/recipes-connectivity/networkmanager/networkmanager_%.bbappend
View File

@ -2,9 +2,21 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
# Fast BSS Transition (IEEE 802.11r)
FT_SUPPORT = " \
file://0001-wifi-ap-recognize-FT-variants-of-wpa-psk-and-wpa-eap.patch \
file://0002-supplicant-detect-802.11r-fast-BSS-transition-FT.patch \
file://0003-supplicant-detect-SHA384-support.patch \
file://0004-supplicant-reorganize-the-routine-that-sets-key_mgmt.patch \
file://0005-supplicant-allow-fast-transition-for-WPA-PSK-and-WPA.patch \
file://0006-wifi-detect-FT-support-per-interface-and-avoid-enabl.patch \
file://0007-supplicant-add-FT-SAE-key-mgmt-to-verification-list.patch \
"
SRC_URI += " \
file://0001-networkmanager-trigger-dispatcher-on-per-device-conn.patch \
file://0002-connectivity-add-config-option-for-response-timeout.patch \
${FT_SUPPORT} \
file://NetworkManager.conf \
file://networkmanager-init \
file://nm.cellular \