diff mbox series

DPP: respond to GAS on the same channel it was received on

Message ID 20210303095333.8420-1-kazikcz@gmail.com
State New
Headers show
Series DPP: respond to GAS on the same channel it was received on | expand

Commit Message

Michal Kazior March 3, 2021, 9:53 a.m. UTC
From: Michal Kazior <michal@plume.com>

When I was testing dpp_auth_init on an AP with
Enrollee on a different channel from the AP I was
getting failures. This happened on hwsim in UML
with time-travel for me. I don't recall seeing
this with real devices, presumably because of lax
offchan implementation.

The DPP authentication would succeed. However the
station would then try to get configuration
through a GAS request and fail.

The AP reported the following logs (grepped):

> 1614762426.860212: RX_ACTION category 4 action 10 sa 02:00:00:00:01:00 da 02:00:00:00:00:00 len 227 freq 2412
> 1614762426.860212: wlan0: GAS: GAS Initial Request from 02:00:00:00:01:00 (dialog token 239)
> 1614762426.860233: DPP: Wait for Configuration Result
> 1614762426.860234: nl80211: Send Action frame (ifindex=5, freq=2462 MHz wait=0 ms no_cck=0 offchanok=0)
> 1614762428.861186: DPP: Timeout while waiting for Configuration Result
> 1614762428.861186: wlan0: DPP-CONF-FAILED

While the STA reported the following logs (grepped):

> 1614762426.860193: wlan1: DPP-AUTH-SUCCESS init=0
> 1614762426.860195: DPP: Stop listen on 2412 MHz
> 1614762426.860202: wlan1: GAS-QUERY-START addr=02:00:00:00:00:00 dialog_token=239 freq=2412
> 1614762428.861185: GAS: No response received for query to 02:00:00:00:00:00 dialog token 239
> 1614762428.861189: DPP: GAS query did not succeed
> 1614762428.861189: wlan1: DPP-CONF-FAILED

AP would still receive the GAS request on ch1 but
would then try to respond on ch11 while STA was
waiting on ch1.

Signed-off-by: Michal Kazior <michal@plume.com>
---

I'm not sure if this is the right thing to do. And
there seems to be more cases where APs freq is
used instead of the GAS req freq that could
potentially be updated. There's at least the GAS
comeback case I don't handle here. This as-is does
help with my hwsim test though.

On one hand it seems perhaps the Enrollee should
try to do GAS on the APs channel. But is it well
equiped/informed to do so? I'm not familiar with
the spec that much.

On another hand backward compat could be a problem
without this fix.

Happy to dig more into this if needed.


 src/ap/dpp_hostapd.c |  2 +-
 src/ap/gas_serv.c    | 11 ++++++-----
 src/ap/gas_serv.h    |  3 ++-
 src/ap/ieee802_11.c  |  2 +-
 4 files changed, 10 insertions(+), 8 deletions(-)

Comments

Jouni Malinen March 6, 2021, 10:03 a.m. UTC | #1
On Wed, Mar 03, 2021 at 09:53:33AM +0000, Michal Kazior wrote:
> When I was testing dpp_auth_init on an AP with
> Enrollee on a different channel from the AP I was
> getting failures. This happened on hwsim in UML
> with time-travel for me. I don't recall seeing
> this with real devices, presumably because of lax
> offchan implementation.

Is this with a hwsim test case that already exists in hostap.git? Does
it fail every time in your test setup?

> The AP reported the following logs (grepped):
> 
> > 1614762426.860212: RX_ACTION category 4 action 10 sa 02:00:00:00:01:00 da 02:00:00:00:00:00 len 227 freq 2412
> > 1614762426.860212: wlan0: GAS: GAS Initial Request from 02:00:00:00:01:00 (dialog token 239)
> > 1614762426.860233: DPP: Wait for Configuration Result
> > 1614762426.860234: nl80211: Send Action frame (ifindex=5, freq=2462 MHz wait=0 ms no_cck=0 offchanok=0)
> > 1614762428.861186: DPP: Timeout while waiting for Configuration Result
> > 1614762428.861186: wlan0: DPP-CONF-FAILED

Can you please share the full debug log for this? I'd like to understand
what exactly happened with the channel negotiation here.

> I'm not sure if this is the right thing to do. And
> there seems to be more cases where APs freq is
> used instead of the GAS req freq that could
> potentially be updated. There's at least the GAS
> comeback case I don't handle here. This as-is does
> help with my hwsim test though.
> 
> On one hand it seems perhaps the Enrollee should
> try to do GAS on the APs channel. But is it well
> equiped/informed to do so? I'm not familiar with
> the spec that much.

DPP configuration exchange (GAS) is supposed to happen on the same
channel on which the last frame of DPP authentication exchange happened.
Michal Kazior March 8, 2021, 8:45 a.m. UTC | #2
On Sat, Mar 6, 2021 at 11:03 AM Jouni Malinen <j@w1.fi> wrote:
>
> On Wed, Mar 03, 2021 at 09:53:33AM +0000, Michal Kazior wrote:
> > When I was testing dpp_auth_init on an AP with
> > Enrollee on a different channel from the AP I was
> > getting failures. This happened on hwsim in UML
> > with time-travel for me. I don't recall seeing
> > this with real devices, presumably because of lax
> > offchan implementation.
>
> Is this with a hwsim test case that already exists in hostap.git?

No. It's part of my test script that I hacked up. I'm testing a bit
more than just raw wpa_s/hostapd.


> Does it fail every time in your test setup?

Yes, it fails every time.


> > The AP reported the following logs (grepped):
> >
> > > 1614762426.860212: RX_ACTION category 4 action 10 sa 02:00:00:00:01:00 da 02:00:00:00:00:00 len 227 freq 2412
> > > 1614762426.860212: wlan0: GAS: GAS Initial Request from 02:00:00:00:01:00 (dialog token 239)
> > > 1614762426.860233: DPP: Wait for Configuration Result
> > > 1614762426.860234: nl80211: Send Action frame (ifindex=5, freq=2462 MHz wait=0 ms no_cck=0 offchanok=0)
> > > 1614762428.861186: DPP: Timeout while waiting for Configuration Result
> > > 1614762428.861186: wlan0: DPP-CONF-FAILED
>
> Can you please share the full debug log for this? I'd like to understand
> what exactly happened with the channel negotiation here.

Attaching tarball with logs. I reworked the test script to just
exercise wpa_s/hostapd. It's in the tarball as well. Just run
./run-it.


MichaƂ
diff mbox series

Patch

diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index e1e5a3ac4..c417b9172 100644
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -2198,7 +2198,7 @@  static void hostapd_dpp_relay_gas_resp_tx(void *ctx, const u8 *addr,
 {
 	struct hostapd_data *hapd = ctx;
 
-	gas_serv_req_dpp_processing(hapd, addr, dialog_token, prot, buf);
+	gas_serv_req_dpp_processing(hapd, addr, dialog_token, prot, buf, 0);
 }
 
 #endif /* CONFIG_DPP2 */
diff --git a/src/ap/gas_serv.c b/src/ap/gas_serv.c
index 90f15778b..24183685b 100644
--- a/src/ap/gas_serv.c
+++ b/src/ap/gas_serv.c
@@ -1524,7 +1524,8 @@  static void gas_serv_req_local_processing(struct hostapd_data *hapd,
 #ifdef CONFIG_DPP
 void gas_serv_req_dpp_processing(struct hostapd_data *hapd,
 				 const u8 *sa, u8 dialog_token,
-				 int prot, struct wpabuf *buf)
+				 int prot, struct wpabuf *buf,
+				 int freq)
 {
 	struct wpabuf *tx_buf;
 
@@ -1582,7 +1583,7 @@  void gas_serv_req_dpp_processing(struct hostapd_data *hapd,
 		return;
 	if (prot)
 		convert_to_protected_dual(tx_buf);
-	hostapd_drv_send_action(hapd, hapd->iface->freq, 0, sa,
+	hostapd_drv_send_action(hapd, freq ?: hapd->iface->freq, 0, sa,
 				wpabuf_head(tx_buf),
 				wpabuf_len(tx_buf));
 	wpabuf_free(tx_buf);
@@ -1593,7 +1594,7 @@  void gas_serv_req_dpp_processing(struct hostapd_data *hapd,
 static void gas_serv_rx_gas_initial_req(struct hostapd_data *hapd,
 					const u8 *sa,
 					const u8 *data, size_t len, int prot,
-					int std_addr3)
+					int std_addr3, int freq)
 {
 	const u8 *pos = data;
 	const u8 *end = data + len;
@@ -1688,7 +1689,7 @@  static void gas_serv_rx_gas_initial_req(struct hostapd_data *hapd,
 						  data, len);
 		if (!msg)
 			return;
-		gas_serv_req_dpp_processing(hapd, sa, dialog_token, prot, msg);
+		gas_serv_req_dpp_processing(hapd, sa, dialog_token, prot, msg, freq);
 		return;
 	}
 #endif /* CONFIG_DPP */
@@ -1871,7 +1872,7 @@  static void gas_serv_rx_public_action(void *ctx, const u8 *buf, size_t len,
 	switch (data[0]) {
 	case WLAN_PA_GAS_INITIAL_REQ:
 		gas_serv_rx_gas_initial_req(hapd, sa, data + 1, len - 1, prot,
-					    std_addr3);
+					    std_addr3, freq);
 		break;
 	case WLAN_PA_GAS_COMEBACK_REQ:
 		gas_serv_rx_gas_comeback_req(hapd, sa, data + 1, len - 1, prot,
diff --git a/src/ap/gas_serv.h b/src/ap/gas_serv.h
index 1528af4af..523fe8e94 100644
--- a/src/ap/gas_serv.h
+++ b/src/ap/gas_serv.h
@@ -90,6 +90,7 @@  void gas_serv_deinit(struct hostapd_data *hapd);
 
 void gas_serv_req_dpp_processing(struct hostapd_data *hapd,
 				 const u8 *sa, u8 dialog_token,
-				 int prot, struct wpabuf *buf);
+				 int prot, struct wpabuf *buf,
+				 int freq);
 
 #endif /* GAS_SERV_H */
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 1c01241bc..71245aad7 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -5973,7 +5973,7 @@  static int handle_action(struct hostapd_data *hapd,
 		if (hapd->public_action_cb2) {
 			hapd->public_action_cb2(hapd->public_action_cb2_ctx,
 						(u8 *) mgmt, len,
-						hapd->iface->freq);
+						freq);
 		}
 		if (hapd->public_action_cb || hapd->public_action_cb2)
 			return 1;