On Mon, 14 Oct 2024 at 18:10, Tim Small <tim@xxxxxxxxxxx> wrote: > > On 14/10/2024 13:53, Oscar Hellström wrote: > > > CONFIG_NO_WPA=y leads to lot's of wpa_ functions being undefined. > > Hi Oscar, > > I have only passing familiarity with the code base (looking into > allowing alternative destination mac addresses for EAPOL / 802.1X so > that MACsec links can traverse switches if desired), but I assume the > EAP support was introduced to the code base first for WPA, before only > later being used (in its EAP Over Lan form) to implement 802.1X. > > Possibly it's never been possible to have 802.1X functioning without > WPA. To check, I suppose you could try the 802.1X support in old > versions and if applicable git bisect to see when it broke. > > HTH, > > Tim. Hi Tim, Thanks for the suggestion. I started bisecting and have chosen to look at the two configs separately. For CONFIG_NO_SCAN_PROCESSING, this broke in commit cb90aa3acfba413507597d8157e2456d69235ef3, where a call to wpa_scan_res_match() was added in wpa_supplicant/bss.c. I really don't have the insights to understand how the code in wpa_supplicant/bss.c relates to the scan processing functions. I tried to move wpa_scan_res_match() outside of the #ifndef CONFIG_NO_SCAN_PROCESSING but this exploded in complexity, since the function uses a lot of helper functions... The best thing I could come up with was to restore the else if to else when scan processing is disabled, but I'm on really thin ice here. For CONFIG_NO_WPA, it seems a bit more complex. There are several commits which conflict with this option. I've tried to create some kind of crude patch for this as well, but again, I'm on really thin ice here. In the end, my patched tree allows me to save 0.3M (2.2M vs. 1.9M) with the two config options enabled. I'll have to see if this is relevant for our product. Building with CONFIG_NO_SCAN_PROCESSING broke in commit cb90aa3ac, where a call to wpa_scan_res_match() was introduced in wpa_supplicant/bss.c. Trying to not call functions in code disabled by CONFIG_NO_SCAN_PROCESSING. --- wpa_supplicant/bss.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c index 35b62cbe9..4145e0c5b 100644 --- a/wpa_supplicant/bss.c +++ b/wpa_supplicant/bss.c @@ -1621,6 +1621,7 @@ wpa_bss_parse_ml_rnr_ap_info(struct wpa_supplicant *wpa_s, if (!neigh_bss) { *missing |= BIT(link_id); +#ifndef CONFIG_NO_SCAN_PROCESSING } else if ((!ssid || (bss_params & (RNR_BSS_PARAM_SAME_SSID | RNR_BSS_PARAM_CO_LOCATED)) || @@ -1628,6 +1629,9 @@ wpa_bss_parse_ml_rnr_ap_info(struct wpa_supplicant *wpa_s, ssid, 1, 0)) && !wpa_bssid_ignore_is_listed( wpa_s, neigh_bss->bssid)) { +#else + } else { +#endif /* CONFIG_NO_SCAN_PROCESSING */ struct mld_link *l; bss->valid_links |= BIT(link_id); -- 2.43.0 Several commits (starting at 6d6c88775) broke the support for CONFIG_NO_WPA. This restores the ability to build with this config option. --- src/rsn_supp/wpa.h | 23 +++++++++++++++++++++-- wpa_supplicant/bss.c | 4 ++++ wpa_supplicant/events.c | 4 ++++ wpa_supplicant/scan.c | 4 ++++ 4 files changed, 33 insertions(+), 2 deletions(-) diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h index 57ee0a635..fc5fe370e 100644 --- a/src/rsn_supp/wpa.h +++ b/src/rsn_supp/wpa.h @@ -275,6 +275,8 @@ void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm, int wpa_fils_is_completed(struct wpa_sm *sm); void wpa_sm_pmksa_cache_reconfig(struct wpa_sm *sm); int wpa_sm_set_mlo_params(struct wpa_sm *sm, const struct wpa_sm_mlo *mlo); +void wpa_sm_set_driver_bss_selection(struct wpa_sm *sm, + bool driver_bss_selection); #else /* CONFIG_NO_WPA */ @@ -318,6 +320,10 @@ static inline void wpa_sm_set_config(struct wpa_sm *sm, { } +static inline void wpa_sm_set_ssid(struct wpa_sm *sm, const u8 *ssid, size_t ssid_len) +{ +} + static inline void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr) { } @@ -344,6 +350,11 @@ static inline int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, return -1; } +static inline int wpa_sm_set_assoc_rsnxe(struct wpa_sm *sm, const u8 *ie, size_t len) +{ + return -1; +} + static inline int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) { @@ -472,6 +483,11 @@ static inline int wpa_sm_has_ptk(struct wpa_sm *sm) return 0; } +static inline int wpa_sm_has_ptk_installed(struct wpa_sm *sm) +{ + return 0; +} + static inline void wpa_sm_update_replay_ctr(struct wpa_sm *sm, const u8 *replay_ctr) { @@ -513,6 +529,11 @@ static inline int wpa_sm_set_mlo_params(struct wpa_sm *sm, return 0; } +static inline void wpa_sm_set_driver_bss_selection(struct wpa_sm *sm, + bool driver_bss_selection) +{ +} + #endif /* CONFIG_NO_WPA */ #ifdef CONFIG_IEEE80211R @@ -653,7 +674,5 @@ struct rsn_pmksa_cache * wpa_sm_get_pmksa_cache(struct wpa_sm *sm); void wpa_sm_set_cur_pmksa(struct wpa_sm *sm, struct rsn_pmksa_cache_entry *entry); const u8 * wpa_sm_get_auth_addr(struct wpa_sm *sm); -void wpa_sm_set_driver_bss_selection(struct wpa_sm *sm, - bool driver_bss_selection); #endif /* WPA_H */ diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c index 4145e0c5b..6997136fb 100644 --- a/wpa_supplicant/bss.c +++ b/wpa_supplicant/bss.c @@ -2033,6 +2033,7 @@ static bool wpa_bss_supported_key_mgmt(struct wpa_supplicant *wpa_s, static bool wpa_bss_supported_rsne(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, const u8 *ie) { +#ifndef CONFIG_NO_WPA struct wpa_ie_data data; if (wpa_parse_wpa_ie_rsn(ie, 2 + ie[1], &data) < 0) @@ -2059,6 +2060,9 @@ static bool wpa_bss_supported_rsne(struct wpa_supplicant *wpa_s, } return true; +#else /* CONFIG_NO_WPA */ + return false; +#endif /* CONFIG_NO_WPA */ } diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index 7947b6f08..db6ddbf48 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -1266,7 +1266,9 @@ static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, { int res; bool wpa, check_ssid, osen, rsn_osen = false; +#ifndef CONFIG_NO_WPA struct wpa_ie_data data; +#endif /* CONFIG_NO_WPA */ #ifdef CONFIG_MBO const u8 *assoc_disallow; #endif /* CONFIG_MBO */ @@ -1280,9 +1282,11 @@ static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, wpa = ie && ie[1]; ie = wpa_bss_get_rsne(wpa_s, bss, ssid, false); wpa |= ie && ie[1]; +#ifndef CONFIG_NO_WPA if (ie && wpa_parse_wpa_ie_rsn(ie, 2 + ie[1], &data) == 0 && (data.key_mgmt & WPA_KEY_MGMT_OSEN)) rsn_osen = true; +#endif /* CONFIG_NO_WPA */ ie = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE); osen = ie != NULL; diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c index f0ab122f5..46dfcf24b 100644 --- a/wpa_supplicant/scan.c +++ b/wpa_supplicant/scan.c @@ -2368,7 +2368,9 @@ static int wpa_scan_result_compar(const void *a, const void *b) int wpa_a, wpa_b; int snr_a, snr_b, snr_a_full, snr_b_full; size_t ies_len; +#ifndef CONFIG_NO_WPA const u8 *rsne_a, *rsne_b; +#endif /* CONFIG_NO_WPA */ /* WPA/WPA2 support preferred */ wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL || @@ -2412,6 +2414,7 @@ static int wpa_scan_result_compar(const void *a, const void *b) snr_b = snr_b_full = wb->level; } +#ifndef CONFIG_NO_WPA /* If SNR of a SAE BSS is good or at least as high as the PSK BSS, * prefer SAE over PSK for mixed WPA3-Personal transition mode and * WPA2-Personal deployments */ @@ -2437,6 +2440,7 @@ static int wpa_scan_result_compar(const void *a, const void *b) (snr_b >= GREAT_SNR || snr_b >= snr_a)) return 1; } +#endif /* CONFIG_NO_WPA */ /* If SNR is close, decide by max rate or frequency band. For cases * involving the 6 GHz band, use the throughput estimate irrespective -- 2.43.0 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap