Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2229856/?format=api
{ "id": 2229856, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2229856/?format=api", "web_url": "http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-50-andrei.otcheretianski@intel.com/", "project": { "id": 22, "url": "http://patchwork.ozlabs.org/api/1.1/projects/22/?format=api", "name": "HostAP Development", "link_name": "hostap", "list_id": "hostap.lists.infradead.org", "list_email": "hostap@lists.infradead.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20260428200639.40243-50-andrei.otcheretianski@intel.com>", "date": "2026-04-28T20:05:50", "name": "[49/97] NAN: Control the support for beacon protection", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "6febffddaa5146a41343ce5e9700a47c1a406796", "submitter": { "id": 62065, "url": "http://patchwork.ozlabs.org/api/1.1/people/62065/?format=api", "name": "Andrei Otcheretianski", "email": "andrei.otcheretianski@intel.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/hostap/patch/20260428200639.40243-50-andrei.otcheretianski@intel.com/mbox/", "series": [ { "id": 501927, "url": "http://patchwork.ozlabs.org/api/1.1/series/501927/?format=api", "web_url": "http://patchwork.ozlabs.org/project/hostap/list/?series=501927", "date": "2026-04-28T20:05:05", "name": "NAN: Group keys support, schedule update and more", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/501927/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2229856/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2229856/checks/", "tags": {}, "headers": { "Return-Path": "\n <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=AT00a9wa;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=WMVXDr2L;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4s6X3SdBz1xrS\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 06:12:20 +1000 (AEST)", "from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHomW-00000002HvN-3vjY;\n\tTue, 28 Apr 2026 20:11:45 +0000", "from mgamail.intel.com ([198.175.65.16])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wHoju-00000002CcZ-3662\n\tfor hostap@lists.infradead.org;\n\tTue, 28 Apr 2026 20:09:11 +0000", "from fmviesa001.fm.intel.com ([10.60.135.141])\n by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:08:30 -0700", "from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n by smtpauth.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 28 Apr 2026 13:08:29 -0700" ], "DKIM-Signature": [ "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=1nRh17eTmuYwVpR3UCESf9Qju+vg8mmOTkDm6zL5q54=; b=AT00a9waxoxQ7E\n\tsBiZp7X/N0aIUMtP6FXsngRnPA2o1+9oxmtETco4Lbkab17a3vs9kRyJgDjeZtT6qVSnbeIT6Fn3F\n\tC3yllgaZy6qShroXEY75guT59v5j7CNEVag0kpVnnoIJwKISc9hFfZbm/zKLNAwtnm0jaqQG2QYf0\n\tJRuooAOosPfXzILaLlfrkLje4UFUxxxOu3Cfa6gI+xYaiemtb3DDQDvpboPioD5QWeAxWP9f3V197\n\t+9Qq5njHs46RWaCtHGRrNkZ9VTWAJs5HSixaM0smRE53lDRLS5yPb6Pj8H871XWiuOnpFtvZwLNQr\n\t1bINAt5j029ylURun4UA==;", "v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1777406942; x=1808942942;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=Ebd24LCk5iFNUwl1oX88WAPrONDdQzo8pyKlYgESSrc=;\n b=WMVXDr2LX47b+EQxnkZ7YlH3kUttLeI3FvhA1m3At+FTXJefW+AgLIDJ\n NBtnRqB9E7At7hx4TasX8wfErnzY3drKW1OgV4sCmC/Oov/nTZmRgv1SU\n 5auxFg81n32KJcep80wSHF/DiDiHIGyk4f3LhEXYhfgDMV5wtxB4diIqa\n 7sBh8SWNJPU8H19Ftj3Rlg2W0SpWV+2oRtqiUzStGc4rNA6kQl7fNL5Y7\n HFKrgKrVk4Xd6yWVFqUp29zkus57QPsilMod/TKK5D0Tj00em7bQ2Mg//\n 8LNVTsC8GpIgcoPF6SsafBcj0xHiFfUbx8/dST0YyobDi83ksKhG0x50r\n Q==;" ], "X-CSE-ConnectionGUID": [ "cpvv32TmRrmiFmIcQuF9wA==", "Vq04G1czQCaYVPzoJHQbIw==" ], "X-CSE-MsgGUID": [ "LI6hVxeeSu6S5Ipj8vtG4g==", "kp1uG4kHS8G3Wqllb9yd5Q==" ], "X-IronPort-AV": [ "E=McAfee;i=\"6800,10657,11770\"; a=\"78519443\"", "E=Sophos;i=\"6.23,204,1770624000\";\n d=\"scan'208\";a=\"78519443\"", "E=Sophos;i=\"6.23,204,1770624000\";\n d=\"scan'208\";a=\"257610504\"" ], "X-ExtLoop1": "1", "From": "Andrei Otcheretianski <andrei.otcheretianski@intel.com>", "To": "hostap@lists.infradead.org", "Cc": "vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tIlan Peer <ilan.peer@intel.com>", "Subject": "[PATCH 49/97] NAN: Control the support for beacon protection", "Date": "Tue, 28 Apr 2026 23:05:50 +0300", "Message-ID": "<20260428200639.40243-50-andrei.otcheretianski@intel.com>", "X-Mailer": "git-send-email 2.53.0", "In-Reply-To": "<20260428200639.40243-1-andrei.otcheretianski@intel.com>", "References": "<20260428200639.40243-1-andrei.otcheretianski@intel.com>", "MIME-Version": "1.0", "X-CRM114-Version": "20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ", "X-CRM114-CacheID": "sfid-20260428_130902_983326_6E2BA3B7 ", "X-CRM114-Status": "GOOD ( 16.41 )", "X-Spam-Score": "-4.5 (----)", "X-Spam-Report": "Spam detection software,\n running on the system \"bombadil.infradead.org\",\n has NOT identified this incoming email as spam. The original\n message has been attached to this so you can view it or label\n similar future email. If you have any questions, see\n the administrator of that system for details.\n Content preview: From: Ilan Peer <ilan.peer@intel.com> By default, even if\n the driver advertises support for beacon protection, do not enable it. Add\n a control interface configuration to enable/disable beacon protection.\n This\n is only possible before NAN operation is started.\n Content analysis details: (-4.5 points, 5.0 required)\n pts rule name description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/,\n medium trust\n [198.175.65.16 listed in list.dnswl.org]\n 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record\n -0.0 SPF_PASS SPF: sender matches SPF record\n -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from\n envelope-from domain\n 0.1 DKIM_SIGNED Message has a DKIM or DK signature,\n not necessarily valid\n -0.1 DKIM_VALID Message has at least one valid DKIM or DK\n signature\n -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from\n author's\n domain\n -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n [score: 0.0000]\n -0.1 DKIMWL_WL_HIGH DKIMwl.org - High trust sender", "X-BeenThere": "hostap@lists.infradead.org", "X-Mailman-Version": "2.1.34", "Precedence": "list", "List-Id": "<hostap.lists.infradead.org>", "List-Unsubscribe": "<http://lists.infradead.org/mailman/options/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>", "List-Archive": "<http://lists.infradead.org/pipermail/hostap/>", "List-Post": "<mailto:hostap@lists.infradead.org>", "List-Help": "<mailto:hostap-request@lists.infradead.org?subject=help>", "List-Subscribe": "<http://lists.infradead.org/mailman/listinfo/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=subscribe>", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Sender": "\"Hostap\" <hostap-bounces@lists.infradead.org>", "Errors-To": "hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org" }, "content": "From: Ilan Peer <ilan.peer@intel.com>\n\nBy default, even if the driver advertises support for beacon\nprotection, do not enable it.\n\nAdd a control interface configuration to enable/disable\nbeacon protection. This is only possible before NAN operation\nis started.\n\nSigned-off-by: Ilan Peer <ilan.peer@intel.com>\n---\n src/nan/nan.c | 47 +++++++++++++++++++++++++++++++++\n src/nan/nan.h | 1 +\n wpa_supplicant/nan_supplicant.c | 31 +++++++++++++++-------\n 3 files changed, 70 insertions(+), 9 deletions(-)", "diff": "diff --git a/src/nan/nan.c b/src/nan/nan.c\nindex 21b5e0ea69..e55936edd7 100644\n--- a/src/nan/nan.c\n+++ b/src/nan/nan.c\n@@ -3006,3 +3006,50 @@ int nan_set_mgmt_group_cipher(struct nan_data *nan, int cipher)\n \t\t\t~NAN_CS_INFO_CAPA_IGTK_USE_NCS_BIP_GMAC_256;\n \treturn 0;\n }\n+\n+\n+/**\n+ * nan_set_beacon_prot - Enable or disable NAN beacon protection\n+ *\n+ * @nan: Pointer to NAN data structure\n+ * @enable: true to enable beacon protection, false to disable\n+ *\n+ * Returns: 0 on success, -1 on failure\n+ *\n+ * This function enables or disables NAN beacon protection. Beacon protection\n+ * can only be changed when NAN is not started. Additionally, the device must\n+ * support management frame protection for this function to succeed.\n+ */\n+int nan_set_beacon_prot(struct nan_data *nan, bool enable)\n+{\n+\tu8 gtk_supp;\n+\n+\tif (!nan)\n+\t\treturn -1;\n+\n+\tif (nan->nan_started) {\n+\t\twpa_printf(MSG_DEBUG,\n+\t\t\t \"NAN: Cannot change beacon protection setting while NAN is started\");\n+\t\treturn -1;\n+\t}\n+\n+\tif (((nan->cfg->security_capab & NAN_CS_INFO_CAPA_GTK_SUPP_MASK) >>\n+\t NAN_CS_INFO_CAPA_GTK_SUPP_POS) == NAN_CS_INFO_CAPA_GTK_SUPP_NONE) {\n+\t\tif (enable) {\n+\t\t\twpa_printf(MSG_DEBUG,\n+\t\t\t\t \"NAN: Management frame protection is not supported by the device\");\n+\t\t\treturn -1;\n+\t\t}\n+\t\treturn 0;\n+\t}\n+\n+\tif (enable)\n+\t\tgtk_supp = NAN_CS_INFO_CAPA_GTK_SUPP_ALL;\n+\telse\n+\t\tgtk_supp = NAN_CS_INFO_CAPA_GTK_SUPP_NO_BIGTK;\n+\n+\tnan->cfg->security_capab &= ~NAN_CS_INFO_CAPA_GTK_SUPP_MASK;\n+\tnan->cfg->security_capab |= gtk_supp << NAN_CS_INFO_CAPA_GTK_SUPP_POS;\n+\n+\treturn 0;\n+}\ndiff --git a/src/nan/nan.h b/src/nan/nan.h\nindex 97644a7117..8b23f1ae93 100644\n--- a/src/nan/nan.h\n+++ b/src/nan/nan.h\n@@ -836,6 +836,7 @@ struct wpabuf * nan_crypto_derive_nira_tag(const u8 *nik, size_t nik_len,\n \t\t\t\t\t const u8 *nira_nonce);\n int nan_ndp_requested_gtk_csid(struct nan_data *nan, struct nan_ndp_id *ndp_id);\n int nan_set_mgmt_group_cipher(struct nan_data *nan, int cipher);\n+int nan_set_beacon_prot(struct nan_data *nan, bool enable);\n #ifdef CONFIG_PASN\n int nan_pairing_add_attrs(struct nan_data *nan_data, struct wpabuf *buf);\n int nan_pairing_initiate_pasn_auth(struct nan_data *nan_data, const u8 *addr,\ndiff --git a/wpa_supplicant/nan_supplicant.c b/wpa_supplicant/nan_supplicant.c\nindex 2559613d7f..774012da21 100644\n--- a/wpa_supplicant/nan_supplicant.c\n+++ b/wpa_supplicant/nan_supplicant.c\n@@ -1300,8 +1300,6 @@ int wpas_nan_init(struct wpa_supplicant *wpa_s)\n \t\t\t\t WPA_DRIVER_CAPA_ENC_GCMP_256)) &&\n \t\t (wpa_s->drv_enc & (WPA_DRIVER_CAPA_ENC_BIP |\n \t\t\t\t WPA_DRIVER_CAPA_ENC_BIP_GMAC_256))) {\n-\t\t\tu8 gtk_supp;\n-\n \t\t\t/*\n \t\t\t * By default, use BIP-CMAC-128 cipher suite for\n \t\t\t * group keys for maximum compatibility.\n@@ -1310,14 +1308,13 @@ int wpas_nan_init(struct wpa_supplicant *wpa_s)\n \t\t\t\tnan.security_capab |=\n \t\t\t\t\tNAN_CS_INFO_CAPA_IGTK_USE_NCS_BIP_GMAC_256;\n \n-\t\t\tif (wpa_s->nan_capa.drv_flags &\n-\t\t\t WPA_DRIVER_FLAGS_NAN_SUPPORT_BEACON_PROT)\n-\t\t\t\tgtk_supp = NAN_CS_INFO_CAPA_GTK_SUPP_ALL;\n-\t\t\telse\n-\t\t\t\tgtk_supp = NAN_CS_INFO_CAPA_GTK_SUPP_NO_BIGTK;\n-\n+\t\t\t/*\n+\t\t\t * By default enable only GTK/IGTK support. Beacon\n+\t\t\t * protection support can be enabled separately\n+\t\t\t */\n \t\t\tnan.security_capab |=\n-\t\t\t\tgtk_supp << NAN_CS_INFO_CAPA_GTK_SUPP_POS;\n+\t\t\t\tNAN_CS_INFO_CAPA_GTK_SUPP_NO_BIGTK <<\n+\t\t\t\tNAN_CS_INFO_CAPA_GTK_SUPP_POS;\n \t\t}\n \n \t\twpa_printf(MSG_DEBUG, \"NAN: security capabilities=0x%02x\",\n@@ -1673,6 +1670,22 @@ int wpas_nan_set(struct wpa_supplicant *wpa_s, char *cmd)\n \t\treturn nan_set_mgmt_group_cipher(wpa_s->nan, cipher);\n \t}\n \n+\tif (os_strcmp(\"set_beacon_prot\", cmd) == 0) {\n+\t\tbool val = !!atoi(param);\n+\n+\t\tif (val && !(wpa_s->nan_capa.drv_flags &\n+\t\t\t WPA_DRIVER_FLAGS_NAN_SUPPORT_BEACON_PROT)) {\n+\t\t\twpa_printf(MSG_DEBUG,\n+\t\t\t\t \"NAN: Beacon protection not supported by driver\");\n+\t\t\treturn -1;\n+\t\t}\n+\n+\t\tif (nan_set_beacon_prot(wpa_s->nan, val) < 0)\n+\t\t\treturn -1;\n+\n+\t\treturn 0;\n+\t}\n+\n #ifdef CONFIG_TESTING_OPTIONS\n \tif (os_strcmp(\"tx_mcast_fu_dual_prot\", cmd) == 0) {\n \t\tbool val = !!atoi(param);\n", "prefixes": [ "49/97" ] }