The FILS(Fast Initial Link Setup) is a specification defined by IEEE 802.11ai to speed up roaming. This patch adds support of it.
I have tested with these cases. +-----+-------------------------+----------------+ | STA | AP | | |FILS | key-mgmt | result | +-----+-------------------------+----------------+ | 1 | WPA-EAP | O | +-----+-------------------------+----------------+ | 1 | WPA-EAP-SHA256 | O | +-----+-------------------------+----------------+ | 1 | FILS-SHA256 | X | +-----+-------------------------+----------------+ | 1 | FILS-SHA384 | X | +-----+-------------------------+----------------+ | 1 | WPA-EAP WPA-EAP-SHA256 | O | | | FILS-SHA256 FILS-SHA384 | WPA-EAP-SHA256 | +-----+-------------------------+----------------+ | 2 | WPA-EAP | O | +-----+-------------------------+----------------+ | 2 | WPA-EAP-SHA256 | O | +-----+-------------------------+----------------+ | 2 | FILS-SHA256 | O | +-----+-------------------------+----------------+ | 2 | FILS-SHA384 | O | +-----+-------------------------+----------------+ | 2 | WPA-EAP WPA-EAP-SHA256 | O | | | FILS-SHA256 FILS-SHA384 | FILS-SHA384 | +-----+-------------------------+----------------+ | 3 | WPA-EAP | X | +-----+-------------------------+----------------+ | 3 | WPA-EAP-SHA256 | X | +-----+-------------------------+----------------+ | 3 | FILS-SHA256 | O | +-----+-------------------------+----------------+ | 3 | FILS-SHA384 | O | +-----+-------------------------+----------------+ | 3 | WPA-EAP WPA-EAP-SHA256 | O | | | FILS-SHA256 FILS-SHA384 | FILS-SHA384 | +-----+-------------------------+----------------+ Signed-off-by: Masashi Honma <[email protected]> --- clients/common/settings-docs.h.in | 1 + libnm-core/nm-setting-wireless-security.c | 57 ++++++++++++++++++++++ libnm-core/nm-setting-wireless-security.h | 26 ++++++++++ libnm/libnm.ver | 2 + man/NetworkManager.conf.xml | 5 ++ src/devices/wifi/nm-device-wifi.c | 18 +++++++ src/devices/wifi/nm-wifi-ap.c | 4 +- .../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 7 +++ .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 7 +++ src/supplicant/nm-supplicant-config.c | 13 ++++- src/supplicant/nm-supplicant-config.h | 1 + src/supplicant/nm-supplicant-settings-verify.c | 1 + src/supplicant/tests/test-supplicant-config.c | 2 + 13 files changed, 142 insertions(+), 2 deletions(-) diff --git a/clients/common/settings-docs.h.in b/clients/common/settings-docs.h.in index a53c230..4a295a4 100644 --- a/clients/common/settings-docs.h.in +++ b/clients/common/settings-docs.h.in @@ -22,6 +22,7 @@ #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SSID N_("SSID of the Wi-Fi network. Must be specified.") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_TX_POWER N_("If non-zero, directs the device to use the specified transmit power. Units are dBm. This property is highly driver dependent and not all devices support setting a static transmit power.") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_AUTH_ALG N_("When WEP is used (ie, key-mgmt = \"none\" or \"ieee8021x\") indicate the 802.11 authentication algorithm required by the AP here. One of \"open\" for Open System, \"shared\" for Shared Key, or \"leap\" for Cisco LEAP. When using Cisco LEAP (ie, key-mgmt = \"ieee8021x\" and auth-alg = \"leap\") the \"leap-username\" and \"leap-password\" properties must be specified.") +#define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_FILS N_("Indicates whether Fast Initial Link Setup (802.11ai) must be enabled for the connection. One of NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (0) (use global default value), NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE (1) (disable FILS), NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL (2) (enable FILS if the supplicant and the access point support it) or NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED (3) (enable FILS and fail if not supported). When set to NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (0) and no global default is set, FILS will be optionally enabled.") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_GROUP N_("A list of group/broadcast encryption algorithms which prevents connections to Wi-Fi networks that do not utilize one of the algorithms in the list. For maximum compatibility leave this property empty. Each list element may be one of \"wep40\", \"wep104\", \"tkip\", or \"ccmp\".") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_KEY_MGMT N_("Key management used for the connection. One of \"none\" (WEP), \"ieee8021x\" (Dynamic WEP), \"wpa-none\" (Ad-Hoc WPA-PSK), \"wpa-psk\" (infrastructure WPA-PSK), or \"wpa-eap\" (WPA-Enterprise). This property must be set for any Wi-Fi connection that uses security.") #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD N_("The login password for legacy LEAP connections (ie, key-mgmt = \"ieee8021x\" and auth-alg = \"leap\").") diff --git a/libnm-core/nm-setting-wireless-security.c b/libnm-core/nm-setting-wireless-security.c index de77a49..31e386f 100644 --- a/libnm-core/nm-setting-wireless-security.c +++ b/libnm-core/nm-setting-wireless-security.c @@ -87,6 +87,9 @@ typedef struct { /* WPS */ NMSettingWirelessSecurityWpsMethod wps_method; + + /* FILS */ + NMSettingWirelessSecurityFils fils; } NMSettingWirelessSecurityPrivate; enum { @@ -110,6 +113,7 @@ enum { PROP_LEAP_PASSWORD, PROP_LEAP_PASSWORD_FLAGS, PROP_WPS_METHOD, + PROP_FILS, LAST_PROP }; @@ -814,6 +818,22 @@ nm_setting_wireless_security_get_wps_method (NMSettingWirelessSecurity *setting) return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->wps_method; } +/* + * nm_setting_wireless_security_get_fils: + * @setting: the #NMSettingWirelessSecurity + * + * Returns: the #NMSettingWirelessSecurity:fils property of the setting + * + * Since: 1.12 + **/ +NMSettingWirelessSecurityFils +nm_setting_wireless_security_get_fils (NMSettingWirelessSecurity *setting) +{ + g_return_val_if_fail (NM_IS_SETTING_WIRELESS_SECURITY (setting), 0); + + return NM_SETTING_WIRELESS_SECURITY_GET_PRIVATE (setting)->fils; +} + static GPtrArray * need_secrets (NMSetting *setting) { @@ -1327,6 +1347,9 @@ set_property (GObject *object, guint prop_id, case PROP_WPS_METHOD: priv->wps_method = g_value_get_uint (value); break; + case PROP_FILS: + priv->fils = g_value_get_int (value); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -1398,6 +1421,9 @@ get_property (GObject *object, guint prop_id, case PROP_WPS_METHOD: g_value_set_uint (value, priv->wps_method); break; + case PROP_FILS: + g_value_set_int (value, nm_setting_wireless_security_get_fils (setting)); + break; default: G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); break; @@ -1865,4 +1891,35 @@ nm_setting_wireless_security_class_init (NMSettingWirelessSecurityClass *setting G_PARAM_CONSTRUCT | NM_SETTING_PARAM_FUZZY_IGNORE | G_PARAM_STATIC_STRINGS)); + + /** + * NMSettingWirelessSecurity:fils: + * + * Indicates whether Fast Initial Link Setup (802.11ai) must be enabled for + * the connection. One of %NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT (use + * global default value), %NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE + * (disable FILS), %NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL (enable FILS + * if the supplicant and the access point support it) or + * %NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED (enable FILS and fail if not + * supported). When set to %NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT and + * no global default is set, FILS will be optionally enabled. + * + * Since: 1.12 + **/ + /* ---ifcfg-rh--- + * property: fils + * variable: FILS(+) + * values: default, disable, optional, required + * description: Enables or disables FILS (802.11ai) + * example: FILS=required + * ---end--- + */ + g_object_class_install_property + (object_class, PROP_FILS, + g_param_spec_int (NM_SETTING_WIRELESS_SECURITY_FILS, "", "", + G_MININT32, G_MAXINT32, 0, + G_PARAM_READWRITE | + G_PARAM_CONSTRUCT | + NM_SETTING_PARAM_FUZZY_IGNORE | + G_PARAM_STATIC_STRINGS)); } diff --git a/libnm-core/nm-setting-wireless-security.h b/libnm-core/nm-setting-wireless-security.h index e7641b3..5a732ac 100644 --- a/libnm-core/nm-setting-wireless-security.h +++ b/libnm-core/nm-setting-wireless-security.h @@ -109,6 +109,28 @@ typedef enum { NM_SETTING_WIRELESS_SECURITY_WPS_METHOD_PIN = 0x00000008, } NMSettingWirelessSecurityWpsMethod; +/** + * NMSettingWirelessSecurityFils: + * @NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT: use the default value + * @NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE: disable FILS + * @NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL: enable FILS if the supplicant and the AP support it + * @NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED: require FILS and fail if not available + * @_NM_SETTING_WIRELESS_SECURITY_FILS_NUM: placeholder value for bounds-checking + * @NM_SETTING_WIRELESS_SECURITY_FILS_LAST: placeholder value for bounds-checking + * + * These flags indicate whether FILS must be enabled. + * + * Since: 1.12 + **/ +typedef enum { + NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT = 0, + NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE = 1, + NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL = 2, + NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED = 3, + _NM_SETTING_WIRELESS_SECURITY_FILS_NUM, /*< skip >*/ + NM_SETTING_WIRELESS_SECURITY_FILS_LAST = _NM_SETTING_WIRELESS_SECURITY_FILS_NUM - 1, /*< skip >*/ +} NMSettingWirelessSecurityFils; + #define NM_SETTING_WIRELESS_SECURITY_KEY_MGMT "key-mgmt" #define NM_SETTING_WIRELESS_SECURITY_WEP_TX_KEYIDX "wep-tx-keyidx" #define NM_SETTING_WIRELESS_SECURITY_AUTH_ALG "auth-alg" @@ -128,6 +150,7 @@ typedef enum { #define NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD "leap-password" #define NM_SETTING_WIRELESS_SECURITY_LEAP_PASSWORD_FLAGS "leap-password-flags" #define NM_SETTING_WIRELESS_SECURITY_WPS_METHOD "wps-method" +#define NM_SETTING_WIRELESS_SECURITY_FILS "fils" /** * NMSettingWirelessSecurity: @@ -193,6 +216,9 @@ NMWepKeyType nm_setting_wireless_security_get_wep_key_type (NMSettingWirelessSec NM_AVAILABLE_IN_1_10 NMSettingWirelessSecurityWpsMethod nm_setting_wireless_security_get_wps_method (NMSettingWirelessSecurity *setting); +NM_AVAILABLE_IN_1_12 +NMSettingWirelessSecurityFils nm_setting_wireless_security_get_fils (NMSettingWirelessSecurity *setting); + G_END_DECLS #endif /* __NM_SETTING_WIRELESS_SECURITY_H__ */ diff --git a/libnm/libnm.ver b/libnm/libnm.ver index 29dfba7..179a225 100644 --- a/libnm/libnm.ver +++ b/libnm/libnm.ver @@ -1352,4 +1352,6 @@ global: nm_setting_ip_tunnel_get_flags; nm_setting_vpn_get_data_keys; nm_setting_vpn_get_secret_keys; + nm_setting_wireless_security_get_fils; + nm_setting_wireless_security_fils_get_type; } libnm_1_10_0; diff --git a/man/NetworkManager.conf.xml b/man/NetworkManager.conf.xml index 4171bfd..074ddc0 100644 --- a/man/NetworkManager.conf.xml +++ b/man/NetworkManager.conf.xml @@ -752,6 +752,11 @@ ipv6.ip6-privacy=0 <listitem><para>If left unspecified, the default value "<literal>optional</literal>" will be used.</para></listitem> </varlistentry> + <varlistentry> + <term><varname>wifi-sec.fils</varname></term> + <listitem><para>If left unspecified, the default value + "<literal>optional</literal>" will be used.</para></listitem> + </varlistentry> </variablelist> </para> </refsect2> diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c index f9441f8..6d6c271 100644 --- a/src/devices/wifi/nm-device-wifi.c +++ b/src/devices/wifi/nm-device-wifi.c @@ -2381,6 +2381,7 @@ build_supplicant_config (NMDeviceWifi *self, NMSettingWireless *s_wireless; NMSettingWirelessSecurity *s_wireless_sec; NMSettingWirelessSecurityPmf pmf; + NMSettingWirelessSecurityFils fils; gs_free char *value = NULL; g_return_val_if_fail (priv->sup_iface, NULL); @@ -2450,6 +2451,22 @@ build_supplicant_config (NMDeviceWifi *self, } } + /* Configure FILS (802.11ai) */ + fils = nm_setting_wireless_security_get_fils (s_wireless_sec); + if (fils == NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT) { + value = nm_config_data_get_connection_default (NM_CONFIG_GET_DATA, + "wifi-sec.fils", + NM_DEVICE (self)); + fils = _nm_utils_ascii_str_to_int64 (value, 10, + NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE, + NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED, + NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL); + } + + /* Don't try to enable FILS on non-EAP networks */ + if (!NM_IN_STRSET (nm_setting_wireless_security_get_key_mgmt (s_wireless_sec), "wpa-eap")) + fils = NM_SETTING_WIRELESS_SECURITY_FILS_DISABLE; + s_8021x = nm_connection_get_setting_802_1x (connection); if (!nm_supplicant_config_add_setting_wireless_security (config, s_wireless_sec, @@ -2457,6 +2474,7 @@ build_supplicant_config (NMDeviceWifi *self, con_uuid, mtu, pmf, + fils, error)) { g_prefix_error (error, "802-11-wireless-security: "); goto error; diff --git a/src/devices/wifi/nm-wifi-ap.c b/src/devices/wifi/nm-wifi-ap.c index 603eb57..c3c64e7 100644 --- a/src/devices/wifi/nm-wifi-ap.c +++ b/src/devices/wifi/nm-wifi-ap.c @@ -415,7 +415,9 @@ security_from_vardict (GVariant *security) && array) { if (g_strv_contains (array, "wpa-psk")) flags |= NM_802_11_AP_SEC_KEY_MGMT_PSK; - if (g_strv_contains (array, "wpa-eap")) + if (g_strv_contains (array, "wpa-eap") || + g_strv_contains (array, "wpa-fils-sha256") || + g_strv_contains (array, "wpa-fils-sha384")) flags |= NM_802_11_AP_SEC_KEY_MGMT_802_1X; g_free (array); } diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c index 400a7bd..aed73c3 100644 --- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c +++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c @@ -3542,6 +3542,13 @@ make_wpa_setting (shvarFile *ifcfg, return NULL; g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_PMF, i_val, NULL); + i_val = NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT; + if (!svGetValueEnum (ifcfg, "FILS", + nm_setting_wireless_security_fils_get_type (), + &i_val, error)) + return NULL; + g_object_set (wsec, NM_SETTING_WIRELESS_SECURITY_FILS, i_val, NULL); + nm_clear_g_free (&value); v = svGetValueStr (ifcfg, "SECURITYMODE", &value); if (NM_IN_STRSET (v, NULL, "open")) diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c index 32f056f..8fa4e5d 100644 --- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c +++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c @@ -794,6 +794,13 @@ write_wireless_security_setting (NMConnection *connection, nm_setting_wireless_security_get_pmf (s_wsec)); } + if (nm_setting_wireless_security_get_fils (s_wsec) == NM_SETTING_WIRELESS_SECURITY_FILS_DEFAULT) + svUnsetValue (ifcfg, "FILS"); + else { + svSetValueEnum (ifcfg, "FILS", nm_setting_wireless_security_fils_get_type (), + nm_setting_wireless_security_get_fils (s_wsec)); + } + return TRUE; } diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index e51e8ba..a2502bd 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -733,6 +733,7 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, const char *con_uuid, guint32 mtu, NMSettingWirelessSecurityPmf pmf, + NMSettingWirelessSecurityFils fils, GError **error) { const char *key_mgmt, *key_mgmt_conf, *auth_alg; @@ -747,7 +748,17 @@ nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig *self, if (nm_streq (key_mgmt, "wpa-psk")) key_mgmt_conf = "wpa-psk wpa-psk-sha256"; else if (nm_streq (key_mgmt, "wpa-eap")) - key_mgmt_conf = "wpa-eap wpa-eap-sha256"; + switch (fils) { + case NM_SETTING_WIRELESS_SECURITY_FILS_OPTIONAL: + key_mgmt_conf = "wpa-eap wpa-eap-sha256 fils-sha256 fils-sha384"; + break; + case NM_SETTING_WIRELESS_SECURITY_FILS_REQUIRED: + key_mgmt_conf = "fils-sha256 fils-sha384"; + break; + default: + key_mgmt_conf = "wpa-eap wpa-eap-sha256"; + break; + } if (!add_string_val (self, key_mgmt_conf, "key_mgmt", TRUE, NULL, error)) return FALSE; diff --git a/src/supplicant/nm-supplicant-config.h b/src/supplicant/nm-supplicant-config.h index d90d82b..39b8a9f 100644 --- a/src/supplicant/nm-supplicant-config.h +++ b/src/supplicant/nm-supplicant-config.h @@ -65,6 +65,7 @@ gboolean nm_supplicant_config_add_setting_wireless_security (NMSupplicantConfig const char *con_uuid, guint32 mtu, NMSettingWirelessSecurityPmf pmf, + NMSettingWirelessSecurityFils fils, GError **error); gboolean nm_supplicant_config_add_no_security (NMSupplicantConfig *self, diff --git a/src/supplicant/nm-supplicant-settings-verify.c b/src/supplicant/nm-supplicant-settings-verify.c index 14daf69..d53a13c 100644 --- a/src/supplicant/nm-supplicant-settings-verify.c +++ b/src/supplicant/nm-supplicant-settings-verify.c @@ -73,6 +73,7 @@ const char * group_allowed[] = { "CCMP", "TKIP", "WEP104", "WEP40", NULL }; const char * proto_allowed[] = { "WPA", "RSN", NULL }; const char * key_mgmt_allowed[] = { "WPA-PSK", "WPA-PSK-SHA256", "WPA-EAP", "WPA-EAP-SHA256", + "FILS-SHA256", "FILS-SHA384", "IEEE8021X", "WPA-NONE", "NONE", NULL }; const char * auth_alg_allowed[] = { "OPEN", "SHARED", "LEAP", NULL }; diff --git a/src/supplicant/tests/test-supplicant-config.c b/src/supplicant/tests/test-supplicant-config.c index f85c137..9420860 100644 --- a/src/supplicant/tests/test-supplicant-config.c +++ b/src/supplicant/tests/test-supplicant-config.c @@ -118,6 +118,7 @@ build_supplicant_config (NMConnection *connection, guint mtu, guint fixed_freq) s_wsec = nm_connection_get_setting_wireless_security (connection); if (s_wsec) { NMSettingWirelessSecurityPmf pmf = nm_setting_wireless_security_get_pmf (s_wsec); + NMSettingWirelessSecurityFils fils = nm_setting_wireless_security_get_fils (s_wsec); s_8021x = nm_connection_get_setting_802_1x (connection); success = nm_supplicant_config_add_setting_wireless_security (config, s_wsec, @@ -125,6 +126,7 @@ build_supplicant_config (NMConnection *connection, guint mtu, guint fixed_freq) nm_connection_get_uuid (connection), mtu, pmf, + fils, &error); } else { success = nm_supplicant_config_add_no_security (config, &error); -- 2.7.4 _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
