tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

wifi: mac80211: Check for MLE before appending in Authentication frame

Currently, in MLO connections, userspace constructs most of the
Authentication frame body, excluding the Multi-Link element (MLE),
which mac80211 appends later in ieee80211_send_auth(). At present,
mac80211 always adds the MLE itself, since userspace
(e.g. wpa_supplicant) does not yet include it.

However, for new authentication protocols such as Enhanced Privacy
Protection Key Exchange (EPPKE), as specified in
"IEEE P802.11bi/D3.0 section 12.16.9", the MLE must be included in
userspace so that the Message Integrity Code (MIC) can be computed
correctly over the complete frame body. Table 9-71 specifies that
the MIC is mandatory. If mac80211 appends the MLE again, the
Authentication frame becomes invalid.

Add a check in ieee80211_send_auth() to detect whether the MLE is
already present in the Authentication frame body before appending.
Skip the append if the MLE exists, otherwise add it as before.

Signed-off-by: Kavita Kavita <kavita.kavita@oss.qualcomm.com>
Link: https://patch.msgid.link/20260114111900.2196941-7-kavita.kavita@oss.qualcomm.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

authored by

Kavita Kavita and committed by
Johannes Berg 5329ed8f 63e7e3b6

+9 -3
+9 -3
net/mac80211/util.c
··· 1142 1142 .ml.control = cpu_to_le16(IEEE80211_ML_CONTROL_TYPE_BASIC), 1143 1143 .basic.len = sizeof(mle.basic), 1144 1144 }; 1145 + bool add_mle; 1145 1146 int err; 1146 1147 1147 - memcpy(mle.basic.mld_mac_addr, sdata->vif.addr, ETH_ALEN); 1148 + add_mle = (multi_link && 1149 + !cfg80211_find_ext_elem(WLAN_EID_EXT_EHT_MULTI_LINK, 1150 + extra, extra_len)); 1148 1151 1149 1152 /* 24 + 6 = header + auth_algo + auth_transaction + status_code */ 1150 1153 skb = dev_alloc_skb(local->hw.extra_tx_headroom + IEEE80211_WEP_IV_LEN + 1151 1154 24 + 6 + extra_len + IEEE80211_WEP_ICV_LEN + 1152 - multi_link * sizeof(mle)); 1155 + add_mle * sizeof(mle)); 1153 1156 if (!skb) 1154 1157 return; 1155 1158 ··· 1169 1166 mgmt->u.auth.status_code = cpu_to_le16(status); 1170 1167 if (extra) 1171 1168 skb_put_data(skb, extra, extra_len); 1172 - if (multi_link) 1169 + 1170 + if (add_mle) { 1171 + memcpy(mle.basic.mld_mac_addr, sdata->vif.addr, ETH_ALEN); 1173 1172 skb_put_data(skb, &mle, sizeof(mle)); 1173 + } 1174 1174 1175 1175 if (auth_alg == WLAN_AUTH_SHARED_KEY && transaction == 3) { 1176 1176 mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);