add PMF support to qwx
This device needs to handle IGTK/BIP in software. It is possible to send
protected multicast management frames with this device even while running
in station mode. Which is neat for testing but not useful in general so
the code path which makes the driver do this is unreachable without
additional hacks in net80211 that I am not going to commit (sending
protected deauth frames to the broadcast address).
Tested:
qwx QCNFA765: landry, Mark Patruck, kevlo, stsp
Add PMF support to iwx. Also make MLD devices remove crypto keys from firmware.
This driver was already offloading group key encryption to the device, and is
now also offloading IGTK/BIP. We cannot send protected multicast management
frames in station mode because the firmware won't allow it. But we do receive
such frames just fine, which is all we really need in station mode.
Thanks to Johannes Berg from Linux / Intel for hints about firmware behaviour
regarding IGTK/BIP, and explaining how driver behaviour needs to be tested.
Tested:
iwx AX200: jmc, Mark Patruck, stsp
iwx AX201: kirill
iwx AX210: lraab, remi (interop issue with PSK-SHA256-only Arista AP)
iwx AX211: sthen, kevlo, kn, jca
implement PMF support for iwm
For now, keep using software crypto for multicast data frames and multicast
management frames even though iwm devices support offloading crypto for both.
We should eventually add support for offloading this because in the present
state iwm is not receiving protected multicast management frames (IGTK/BIP).
In practice, this does not matter much because such frames are only used by
802.11 features which our net80211 stack does not yet support anyway.
Protected unicast management frames work as expected which is what matters
the most, and is much better than having no PMF support at all.
Tested:
iwm 3168: kevlo
iwm 7265: stsp
iwm 9260: florian, landry
iwm 9560: stsp
check the correct flag before using PMF in ieee80211_mgmt_output()
The capability flag only indicates whether our driver supports PMF, not
whether our peer supports it. The flag in ni_flags indicates whether PMF
is mutually supported by us and the peer, and should be used here.
Fix KDF sha256 inputs to match the implementation in w1.fi hostap.
Cross-checked with the 802.11 spec, which mentions the use of an extra
zero byte in case of PFK and mentions nothing of the sort in case of KDF.
I was led here by hints left behind by github user pigworlds in
https://github.com/OpenIntelWireless/itlwm/pull/676
ok kevlo@ sthen@
vmd(8): fix race in vm pause barrier usage.
Moves the barrier initialization and destruction outside of the
pause_vm function to eliminate a race between the vcpu thread waiting
on the barrier and the event thread processing the pause request
creating the barrier.
ok mlarkin@
rpki-client: convert cert.c and crl.c to use opaque ASN1_STRING
Mostly mechanical. If the length is not zero, the data isn't NULL either
because this is a deserialized extension, so drop a check.
ok claudio
Rework the interface to rde_generate_updates() and up_genrate_XYZ()
to pass the old prefix as just the path_id_tx identifier.
Only up_generate_addpath_all() actually uses this information and there
this is enough to find the affected prefix in the adj-rib-out.
Also adjust the order of operation in up_generate_addpath_all() so the
prefix is not first removed and readded for the case where a prefix
is simply updated.
Rework the code in prefix_evaluate_nexthop() to be much more like
prefix_evaluate(), it should be possible to factor out common code at
some point. In peer_add() ensure that path_id_tx can't be 0. Since 0
is now reserved for no-such-path.
OK tb@
Change noattr to be an explicit attribute in the style so that it works
correctly and does not delete attributes set in the style itself, GitHub
issue 4713.
Add horizontal border case to server_client_check_mouse_in_pane to fix
mouse resizing. GitHub issue 4720 from Michael Grant, reported by
someone in GitHub issue 4715.
some tweaks around tpmr port refs.
use the refcnt api instead of a u_int and atomic ops for counting
refs. release the port ref given to the SMR pointers after
smr_barrier, not before.
pfctl_parser.c, ifa_load() should distinguish between broadcast
and PPP peer address when it populates interface table for rule
parser.
OK @claudio, OK @dlg
Reset getopts to decouple rcctl and daemon_flags; from obsd at mulh.net; OK sthen
ksh(1)'s OPTIND is global and only saved/restored for `function' style functions.
That means passing, e.g. -d to rcctl(8) would leave OPTIND=2 for rc_pre() in
rc.subr(8) scripts using getopts, thus starting (continuing, really) parsing
options at the second argument.
fix some bpf code.
jsg@ pointed out that i was unconditionally calling bpf_mtap when
the convention is to test if the bpf if pointer is set before calling
bpf_mdap.
while here drop incoming packets if the bpf filter tells us to to
be consistent with the if_input handlers.
original nit pointed out by jsg@
