Message ID | 20220923071550.24906-1-zhao.chen@mediatek.com |
---|---|
State | Changes Requested |
Headers | show |
Series | Only allow OWE and SAE H2E on 6 Ghz | expand |
On 23/09/2022 09:15, Zhao Chen wrote: > If the Bss is on 6 Gzh band, only allow OWE and SAE H2E to pass bss > check > > Signed-off-by: Zhao Chen <zhao.chen@mediatek.com> > --- > wpa_supplicant/events.c | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > IIRC wpasupplicant does not support OWE and H2E in ibss and mesh mode, so this patch will break these modes in 6 GHz.
On Fri, Sep 23, 2022 at 09:32:10AM +0200, Nicolas Cavallari wrote: > On 23/09/2022 09:15, Zhao Chen wrote: > > If the Bss is on 6 Gzh band, only allow OWE and SAE H2E to pass bss > > check > > > > Signed-off-by: Zhao Chen <zhao.chen@mediatek.com> > > --- > > wpa_supplicant/events.c | 16 ++++++++++++++++ > > 1 file changed, 16 insertions(+) > > > > IIRC wpasupplicant does not support OWE and H2E in ibss and mesh mode, so > this patch will break these modes in 6 GHz. For the time being, this type of constraint should be limited to apply only to infrastructure BSS cases. Furthermore, this is not really correct even for those. EAP, DPP, etc. needs to be allowed as well. In practice, it would be better to disallow known cases (e.g., unencrypted connection in open mode and SAE using hunting-and-pecking loop) instead of trying to come up with a complete list of what is allowed.
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index e0a97bc2e..5bf1520df 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -1403,6 +1403,22 @@ static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, } #endif /* CONFIG_SAE */ + /* Only OWE and SAE H2E are allowed for 6 GHz. */ + if(is_6ghz_freq(bss->freq)) + { + if (!(ssid->key_mgmt & WPA_KEY_MGMT_OWE) +#ifdef CONFIG_SAE + && !(wpa_key_mgmt_sae(ssid->key_mgmt) + && (rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) +#endif /* CONFIG_SAE */ + ) { + if (debug_print) + wpa_dbg(wpa_s, MSG_DEBUG, + " skip - 6 Ghz AP but not OWE and not SAE H2E"); + return false; + } + } + #ifdef CONFIG_SAE_PK if (ssid->sae_pk == SAE_PK_MODE_ONLY && !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK))) {
If the Bss is on 6 Gzh band, only allow OWE and SAE H2E to pass bss check Signed-off-by: Zhao Chen <zhao.chen@mediatek.com> --- wpa_supplicant/events.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)