From: Ilan Peer <ilan.peer@xxxxxxxxx> Handle 802.1X port authorization in the context of MLO. Signed-off-by: Ilan Peer <ilan.peer@xxxxxxxxx> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@xxxxxxxxx> --- src/ap/ieee802_11.c | 2 +- src/ap/ieee802_11.h | 1 + src/ap/ieee802_1x.c | 86 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 88 insertions(+), 1 deletion(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index cb868e8671..43558a0e46 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -4432,7 +4432,7 @@ out: sizeof(link->resp_sta_profile)); } -static bool hostapd_is_mld_ap(struct hostapd_data *hapd) +bool hostapd_is_mld_ap(struct hostapd_data *hapd) { if (!hapd->conf->mld_ap) return false; diff --git a/src/ap/ieee802_11.h b/src/ap/ieee802_11.h index 2eb40a33ce..cc05c98a18 100644 --- a/src/ap/ieee802_11.h +++ b/src/ap/ieee802_11.h @@ -237,4 +237,5 @@ u8 * hostapd_eid_mbssid(struct hostapd_data *hapd, u8 *eid, u8 *end, void punct_update_legacy_bw(u16 bitmap, u8 pri_chan, enum oper_chan_width *width, u8 *seg0, u8 *seg1); +bool hostapd_is_mld_ap(struct hostapd_data *hapd); #endif /* IEEE802_11_H */ diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c index 274fd2f613..33d47802f6 100644 --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c @@ -104,6 +104,90 @@ static void ieee802_1x_send(struct hostapd_data *hapd, struct sta_info *sta, } +#ifdef CONFIG_IEEE80211BE + +static void ieee802_1x_ml_set_link_sta_auth(struct hostapd_data *hapd, + struct sta_info *sta, + bool authorized) +{ + int res; + + if (sta->flags & WLAN_STA_PREAUTH) + return; + + ap_sta_set_authorized(hapd, sta, !!authorized); + res = hostapd_set_authorized(hapd, sta, !!authorized); + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, "%sauthorizing port", + authorized ? "" : "un"); + + if (res) { + wpa_printf(MSG_DEBUG, + "MLD: Could not set station " MACSTR " flags", + MAC2STR(sta->addr)); + } + + if (authorized) { + os_get_reltime(&sta->connected_time); + accounting_sta_start(hapd, sta); + } +} + +#endif /* CONFIG_IEEE80211BE */ + + +static void ieee802_1x_ml_set_sta_authorized(struct hostapd_data *hapd, + struct sta_info *sta, + bool authorized) +{ +#ifdef CONFIG_IEEE80211BE + u8 i, link_id; + + if (!hostapd_is_mld_ap(hapd)) + return; + + /* + * Authorizing the station should be done only in the station + * performing the association + */ + if (authorized && hapd->mld_link_id != sta->mld_assoc_link_id) + return; + + for (link_id = 0; link_id < MAX_NUM_MLD_LINKS; link_id++) { + struct mld_link_info *link = &sta->mld_info.links[link_id]; + + if (!link->valid) + continue; + + for (i = 0; i < hapd->iface->interfaces->count; i++) { + struct sta_info *tmp_sta; + struct hostapd_data *tmp_hapd = + hapd->iface->interfaces->iface[i]->bss[0]; + + if (tmp_hapd->conf->mld_ap || + hapd->conf->mld_id != tmp_hapd->conf->mld_id) + continue; + + for (tmp_sta = tmp_hapd->sta_list; tmp_sta; + tmp_sta = tmp_sta->next) { + if (tmp_sta == sta || + tmp_sta->mld_assoc_link_id != + sta->mld_assoc_link_id || + tmp_sta->aid != sta->aid) + continue; + + ieee802_1x_ml_set_link_sta_auth(tmp_hapd, + tmp_sta, + authorized); + break; + } + } + } +#endif /* CONFIG_IEEE80211BE */ +} + + + void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd, struct sta_info *sta, int authorized) { @@ -134,6 +218,8 @@ void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd, os_get_reltime(&sta->connected_time); accounting_sta_start(hapd, sta); } + + ieee802_1x_ml_set_sta_authorized(hapd, sta, !!authorized); } -- 2.38.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap