Till Kamppeter has proposed merging ~till-kamppeter/network-manager:master into
network-manager:master.
Commit message:
Backport detecting Wi-Fi FT support per interface, release as 1.20.0-1ubuntu2
See
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/commit/2f8a4e90f0f
Requested reviews:
Network-manager (network-manager)
For more details, see:
https://code.launchpad.net/~till-kamppeter/network-manager/+git/network-manager/+merge/372162
This is a backport of the upstream change to not prefer FT-PSK when it is only
supported by supplicant but not by the Wi-Fi interface or driver.
>From upstream:
Previously we only cared whether supplicant is build with support for
FT. In that case we would pass FT-PSK to supplicant, like
Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 FT-PSK'
Supplicant would then always try FT with preference, regardless whether
the interface/driver support it. That results in a failure to associate, if
the driver does not support it.
NetworkManager[1356]: <info> [1566296144.9940] Config: added 'key_mgmt'
value 'WPA-PSK WPA-PSK-SHA256 FT-PSK'
...
wpa_supplicant[1348]: wlan0: WPA: AP key_mgmt 0x42 network profile key_mgmt
0x142; available key_mgmt 0x42
wpa_supplicant[1348]: wlan0: WPA: using KEY_MGMT FT/PSK
...
wpa_supplicant[1348]: * akm=0xfac04
...
kernel: ERROR @wl_set_key_mgmt :
kernel: invalid cipher group (1027076)
Since we pass a list of acceptable "key_mgmt" options to supplicant,
FT-PSK should not be used when supplicant knows it's not supported.
That is a supplicant bug.
Regardless, work around it by checking the per-interface capability, and
avoid it if support is apparently not present.
--
Your team Network-manager is requested to review the proposed merge of
~till-kamppeter/network-manager:master into network-manager:master.
diff --git a/debian/changelog b/debian/changelog
index f626c1f..5893434 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+network-manager (1.20.0-1ubuntu2) eoan; urgency=medium
+
+ * Backported upstream patch to detect Wi-Fi FT support per interface
+ and avoid enabling it if there is no support by the interface/driver.
+
+ -- Till Kamppeter <[email protected]> Fri, 30 Aug 2019 21:23:42 +0200
+
network-manager (1.20.0-1ubuntu1) eoan; urgency=medium
* New upstream version, merged from Debian
diff --git a/debian/patches/WiFi-detect-FT-support-per-interface-and-avoid-enabling-it.patch b/debian/patches/WiFi-detect-FT-support-per-interface-and-avoid-enabling-it.patch
new file mode 100644
index 0000000..10eebe5
--- /dev/null
+++ b/debian/patches/WiFi-detect-FT-support-per-interface-and-avoid-enabling-it.patch
@@ -0,0 +1,116 @@
+From: Thomas Haller
+Date: Aug 20, 2019
+Subject: wifi: detect FT support per interface and avoid enabling it
+
+Previously we only cared whether supplicant is build with support for
+FT. In that case we would pass FT-PSK to supplicant, like
+
+ Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 FT-PSK'
+
+Supplicant would then always try FT with preference, regardless whether
+the interface/driver support it. That results in a failure to associate, if
+the driver does not support it.
+
+ NetworkManager[1356]: <info> [1566296144.9940] Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 FT-PSK'
+ ...
+ wpa_supplicant[1348]: wlan0: WPA: AP key_mgmt 0x42 network profile key_mgmt 0x142; available key_mgmt 0x42
+ wpa_supplicant[1348]: wlan0: WPA: using KEY_MGMT FT/PSK
+ ...
+ wpa_supplicant[1348]: * akm=0xfac04
+ ...
+ kernel: ERROR @wl_set_key_mgmt :
+ kernel: invalid cipher group (1027076)
+
+Since we pass a list of acceptable "key_mgmt" options to supplicant,
+FT-PSK should not be used when supplicant knows it's not supported.
+That is a supplicant bug.
+
+Regardless, work around it by checking the per-interface capability, and
+avoid it if support is apparently not present.
+
+See: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/commit/2f8a4e90f0f
+
+--- a/src/supplicant/nm-supplicant-interface.c
++++ b/src/supplicant/nm-supplicant-interface.c
+@@ -135,7 +135,8 @@
+ NMSupplicantFeature p2p_support;
+ NMSupplicantFeature mesh_support;
+ NMSupplicantFeature wfd_support;
+- NMSupplicantFeature ft_support;
++ NMSupplicantFeature ft_support_global;
++ NMSupplicantFeature ft_support_per_iface;
+ NMSupplicantFeature sha384_support;
+ guint32 max_scan_ssids;
+ guint32 ready_count;
+@@ -609,14 +610,25 @@
+ parse_capabilities (NMSupplicantInterface *self, GVariant *capabilities)
+ {
+ NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
+- gboolean have_active = FALSE, have_p2p = FALSE, have_ssid = FALSE;
++ gboolean have_active = FALSE;
++ gboolean have_ssid = FALSE;
++ gboolean have_p2p = FALSE;
++ gboolean have_ft = FALSE;
+ gint32 max_scan_ssids = -1;
+ const char **array;
+
+ g_return_if_fail (capabilities && g_variant_is_of_type (capabilities, G_VARIANT_TYPE_VARDICT));
+
+- if ( g_variant_lookup (capabilities, "Modes", "^a&s", &array)
+- && array) {
++ if (g_variant_lookup (capabilities, "KeyMgmt", "^a&s", &array)) {
++ have_ft = g_strv_contains (array, "wpa-ft-psk");
++ g_free (array);
++ }
++
++ priv->ft_support_per_iface = have_ft
++ ? NM_SUPPLICANT_FEATURE_YES
++ : NM_SUPPLICANT_FEATURE_NO;
++
++ if (g_variant_lookup (capabilities, "Modes", "^a&s", &array)) {
+ if (g_strv_contains (array, "p2p"))
+ have_p2p = TRUE;
+ g_free (array);
+@@ -627,8 +639,7 @@
+ _notify (self, PROP_P2P_AVAILABLE);
+ }
+
+- if ( g_variant_lookup (capabilities, "Scan", "^a&s", &array)
+- && array) {
++ if (g_variant_lookup (capabilities, "Scan", "^a&s", &array)) {
+ if (g_strv_contains (array, "active"))
+ have_active = TRUE;
+ if (g_strv_contains (array, "ssid"))
+@@ -807,7 +818,13 @@
+ NMSupplicantFeature
+ nm_supplicant_interface_get_ft_support (NMSupplicantInterface *self)
+ {
+- return NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self)->ft_support;
++ NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
++
++ if (priv->ft_support_global == NM_SUPPLICANT_FEATURE_NO)
++ return NM_SUPPLICANT_FEATURE_NO;
++ if (priv->ft_support_per_iface != NM_SUPPLICANT_FEATURE_UNKNOWN)
++ return priv->ft_support_per_iface;
++ return priv->ft_support_global;
+ }
+
+ NMSupplicantFeature
+@@ -889,7 +906,7 @@
+ {
+ NMSupplicantInterfacePrivate *priv = NM_SUPPLICANT_INTERFACE_GET_PRIVATE (self);
+
+- priv->ft_support = ft_support;
++ priv->ft_support_global = ft_support;
+ }
+
+ void
+@@ -2801,7 +2818,7 @@
+ break;
+ case PROP_FT_SUPPORT:
+ /* construct-only */
+- priv->ft_support = g_value_get_int (value);
++ priv->ft_support_global = g_value_get_int (value);
+ break;
+ case PROP_SHA384_SUPPORT:
+ /* construct-only */
diff --git a/debian/patches/series b/debian/patches/series
index 0a74930..292b5a3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,3 +7,4 @@ Update-dnsmasq-parameters.patch
Disable-core-with-expect.patch
libnm-Check-self-still-NMManager-or-not.patch
+WiFi-detect-FT-support-per-interface-and-avoid-enabling-it.patch
--
ubuntu-desktop mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop