diff --git a/components/esp_wifi/CMakeLists.txt b/components/esp_wifi/CMakeLists.txt index b6b5ec890c..569bc2efb7 100644 --- a/components/esp_wifi/CMakeLists.txt +++ b/components/esp_wifi/CMakeLists.txt @@ -63,7 +63,7 @@ idf_component_register(SRCS "${srcs}" PRIV_REQUIRES esp_pm esp_timer nvs_flash wpa_supplicant hal lwip esp_coex PRIV_INCLUDE_DIRS ../wpa_supplicant/src/ ../wpa_supplicant/esp_supplicant/src/ - wifi_apps/roaming_app/include + wifi_apps/roaming_app/include wifi_apps/roaming_app/src LDFRAGMENTS "${ldfragments}") if(CONFIG_ESP_WIFI_ENABLED OR CONFIG_ESP_HOST_WIFI_ENABLED) diff --git a/components/esp_wifi/wifi_apps/roaming_app/include/esp_roaming.h b/components/esp_wifi/wifi_apps/roaming_app/include/esp_roaming.h index 6ed20ce949..dff094c3b8 100644 --- a/components/esp_wifi/wifi_apps/roaming_app/include/esp_roaming.h +++ b/components/esp_wifi/wifi_apps/roaming_app/include/esp_roaming.h @@ -37,6 +37,10 @@ void roam_sta_disconnected(void *disconn); esp_err_t roam_get_config_params(struct roam_config *config); esp_err_t roam_set_config_params(struct roam_config *config); +#if CONFIG_ESP_WIFI_ENABLE_ROAMING_APP +void esp_wifi_roaming_set_current_bssid(const uint8_t *bssid); +#endif + #ifdef __cplusplus } #endif diff --git a/components/esp_wifi/wifi_apps/roaming_app/src/Kconfig.roaming b/components/esp_wifi/wifi_apps/roaming_app/src/Kconfig.roaming index 22f641377d..7406d9b12f 100644 --- a/components/esp_wifi/wifi_apps/roaming_app/src/Kconfig.roaming +++ b/components/esp_wifi/wifi_apps/roaming_app/src/Kconfig.roaming @@ -139,13 +139,7 @@ menu "Scan Configuration" Duration for which the results from the most recent scans can be used by the roaming app for determining the roaming candidates. - config ESP_WIFI_ROAMING_MAX_CANDIDATES - int "Max Candidates in the network" - default 3 - range 3 20 - help - Max candidates that can be considered while scanning as a part of the - network at one time. + endmenu #"Scan Configuration" @@ -182,3 +176,50 @@ config ESP_WIFI_ROAMING_RRM_MONITOR_THRESHOLD range -99 0 help The RSSI threshold beyond which we start sending periodic neighbor report requests. + +menu "Blacklist Configuration" + config ESP_WIFI_ROAMING_BSSID_BLACKLIST + bool "Enable BSSID blacklisting" + default n + help + Enable this to blacklist BSSIDs. + + config ESP_WIFI_ROAMING_AUTO_BLACKLISTING + bool "Enable automatic BSSID blacklisting" + depends on ESP_WIFI_ROAMING_BSSID_BLACKLIST + help + Enable this to automatically blacklist BSSIDs after multiple failed connection attempts. + + config ESP_WIFI_ROAMING_MAX_CONN_FAILURES + int "Maximum connection failures" + depends on ESP_WIFI_ROAMING_AUTO_BLACKLISTING + range 1 10 + default 3 + help + Maximum number of connection failures before a BSSID is blacklisted. + + config ESP_WIFI_ROAMING_BLACKLIST_TIMEOUT + int "Blacklist timeout (in seconds)" + depends on ESP_WIFI_ROAMING_BSSID_BLACKLIST + range 10 3600 + default 300 + help + Time in seconds for which a BSSID remains in the blacklist. + This applies to both automatically and manually blacklisted BSSIDs. + + config ESP_WIFI_ROAMING_MAX_CANDIDATES + int "Maximum number of roaming candidates" + range 1 10 + default 5 + help + Maximum number of roaming candidates to consider. This also defines the size of the blacklist. + + config ESP_WIFI_ROAMING_PREVENT_DOWNGRADE + bool "Prevent security downgrade when roaming" + default n + help + If the currently connected AP sends a "transition disable" bit, + this option will make the roaming logic ignore less secure APs. + This helps prevent security downgrades when roaming in a mixed + security environment (e.g., WPA2/WPA3). +endmenu # "Blacklist Configuration" diff --git a/components/esp_wifi/wifi_apps/roaming_app/src/esp_roaming_i.h b/components/esp_wifi/wifi_apps/roaming_app/src/esp_roaming_i.h index 9ca515e6af..4afda4c0aa 100644 --- a/components/esp_wifi/wifi_apps/roaming_app/src/esp_roaming_i.h +++ b/components/esp_wifi/wifi_apps/roaming_app/src/esp_roaming_i.h @@ -134,6 +134,16 @@ struct roaming_app { #endif #if PERIODIC_SCAN_MONITORING bool periodic_scan_active; +#endif +#if CONFIG_ESP_WIFI_ROAMING_BSSID_BLACKLIST + struct blacklist_entry { + uint8_t bssid[ETH_ALEN]; +#if CONFIG_ESP_WIFI_ROAMING_AUTO_BLACKLISTING + uint8_t failures; +#endif + struct timeval timestamp; + } bssid_blacklist[CONFIG_ESP_WIFI_ROAMING_MAX_CANDIDATES]; + uint8_t bssid_blacklist_count; #endif bool allow_reconnect; }; diff --git a/components/esp_wifi/wifi_apps/roaming_app/src/roaming_app.c b/components/esp_wifi/wifi_apps/roaming_app/src/roaming_app.c index 9f2d37261b..771d9e6bdc 100644 --- a/components/esp_wifi/wifi_apps/roaming_app/src/roaming_app.c +++ b/components/esp_wifi/wifi_apps/roaming_app/src/roaming_app.c @@ -28,7 +28,10 @@ #include "utils/eloop.h" #include "rom/ets_sys.h" #include "common/ieee802_11_defs.h" -static struct roaming_app g_roaming_app; +#include "common/wpa_common.h" +#include "esp_wpas_glue.h" + +struct roaming_app g_roaming_app; typedef void (* scan_done_cb_t)(void *arg, ETS_STATUS status); extern int esp_wifi_promiscuous_scan_start(wifi_scan_config_t *config, scan_done_cb_t cb); @@ -44,6 +47,7 @@ static void *neighbor_list_lock = NULL; static int wifi_post_roam_event(struct cand_bss *bss); static void determine_best_ap(int8_t rssi_threshold); +static bool is_bssid_blacklisted(const uint8_t *bssid); #if PERIODIC_RRM_MONITORING static void roaming_app_periodic_rrm_internal_handler(void *data, void *ctx); #endif @@ -53,6 +57,13 @@ static void roaming_app_periodic_scan_internal_handler(void *data, void *ctx); static const char *ROAMING_TAG = "ROAM"; +void esp_wifi_roaming_set_current_bssid(const uint8_t *bssid) +{ + if (bssid) { + memcpy(g_roaming_app.current_bss.ap.bssid, bssid, ETH_ALEN); + } +} + static inline long time_diff_sec(struct timeval *a, struct timeval *b) { return (a->tv_sec - b->tv_sec); @@ -179,23 +190,77 @@ static void roaming_app_disconnected_event_handler(void *ctx, void *data) #endif /*PERIODIC_SCAN_MONITORING*/ wifi_event_sta_disconnected_t *disconn = data; - ESP_LOGD(ROAMING_TAG, "station got disconnected reason=%d", disconn->reason); +#define RSSI_INVALID -128 + g_roaming_app.current_bss.ap.rssi = RSSI_INVALID; +#undef RSSI_INVALID + + ESP_LOGD(ROAMING_TAG, "station got disconnected reason=%d, rssi =%d", disconn->reason, disconn->rssi); +#if CONFIG_ESP_WIFI_ROAMING_AUTO_BLACKLISTING + if (disconn->reason == WIFI_REASON_CONNECTION_FAIL || disconn->reason == WIFI_REASON_AUTH_FAIL) { + bool found = false; + for (int i = 0; i < g_roaming_app.bssid_blacklist_count; i++) { + if (memcmp(g_roaming_app.bssid_blacklist[i].bssid, g_roaming_app.current_bss.ap.bssid, ETH_ALEN) == 0) { + g_roaming_app.bssid_blacklist[i].failures++; + gettimeofday(&g_roaming_app.bssid_blacklist[i].timestamp, NULL); + ESP_LOGD(ROAMING_TAG, "BSSID " MACSTR " connection failures: %d", MAC2STR(g_roaming_app.current_bss.ap.bssid), g_roaming_app.bssid_blacklist[i].failures); + if (g_roaming_app.bssid_blacklist[i].failures >= CONFIG_ESP_WIFI_ROAMING_MAX_CONN_FAILURES) { + ESP_LOGI(ROAMING_TAG, "BSSID " MACSTR " blacklisted", MAC2STR(g_roaming_app.current_bss.ap.bssid)); + /* The BSSID is now blacklisted. The logic later in this function + * will check the blacklist and trigger a scan for a new AP + * instead of trying to reconnect to this one. */ + } + found = true; + break; + } + } + if (!found) { + if (g_roaming_app.bssid_blacklist_count < CONFIG_ESP_WIFI_ROAMING_MAX_CANDIDATES) { + memcpy(g_roaming_app.bssid_blacklist[g_roaming_app.bssid_blacklist_count].bssid, g_roaming_app.current_bss.ap.bssid, ETH_ALEN); + g_roaming_app.bssid_blacklist[g_roaming_app.bssid_blacklist_count].failures = 1; + gettimeofday(&g_roaming_app.bssid_blacklist[g_roaming_app.bssid_blacklist_count].timestamp, NULL); + g_roaming_app.bssid_blacklist_count++; + ESP_LOGD(ROAMING_TAG, "BSSID " MACSTR " added to blacklist tracking", MAC2STR(g_roaming_app.current_bss.ap.bssid)); + } else { + int oldest_idx = 0; + for (int i = 1; i < g_roaming_app.bssid_blacklist_count; i++) { + if (g_roaming_app.bssid_blacklist[i].timestamp.tv_sec < g_roaming_app.bssid_blacklist[oldest_idx].timestamp.tv_sec) { + oldest_idx = i; + } + } + ESP_LOGD(ROAMING_TAG, "Blacklist is full. Replacing oldest entry for " MACSTR, MAC2STR(g_roaming_app.bssid_blacklist[oldest_idx].bssid)); + memcpy(g_roaming_app.bssid_blacklist[oldest_idx].bssid, g_roaming_app.current_bss.ap.bssid, ETH_ALEN); + g_roaming_app.bssid_blacklist[oldest_idx].failures = 1; + gettimeofday(&g_roaming_app.bssid_blacklist[oldest_idx].timestamp, NULL); + ESP_LOGD(ROAMING_TAG, "BSSID " MACSTR " added to blacklist tracking", MAC2STR(g_roaming_app.current_bss.ap.bssid)); + } + } + } +#endif if (disconn->reason == WIFI_REASON_ROAMING) { ESP_LOGD(ROAMING_TAG, "station roaming, do nothing"); } else if (g_roaming_app.allow_reconnect == false) { ESP_LOGD(ROAMING_TAG, "station initiated disconnect, do nothing"); } else { +#if CONFIG_ESP_WIFI_ROAMING_BSSID_BLACKLIST + if (is_bssid_blacklisted(g_roaming_app.current_bss.ap.bssid)) { + ESP_LOGD(ROAMING_TAG, "AP " MACSTR " is blacklisted, finding another AP", MAC2STR(g_roaming_app.current_bss.ap.bssid)); + determine_best_ap(0); + } else { +#endif #if LEGACY_ROAM_ENABLED - /* - * Resetting the Bssid param as it is possible that a previous force - * roam has set config to connect to a specific bssid and now further - * roaming attempts using BTM could lead to a spiral of connecting to - * the previous AP */ - if (g_roaming_app.force_roam_ongoing) { - legacy_roam_clear_bssid_flag(); - } + /* + * Resetting the Bssid param as it is possible that a previous force + * roam has set config to connect to a specific bssid and now further + * roaming attempts using BTM could lead to a spiral of connecting to + * the previous AP */ + if (g_roaming_app.force_roam_ongoing) { + legacy_roam_clear_bssid_flag(); + } #endif /*LEGACY_ROAM_ENABLED*/ - esp_wifi_connect(); + esp_wifi_connect(); +#if CONFIG_ESP_WIFI_ROAMING_BSSID_BLACKLIST + } +#endif } os_free(disconn); } @@ -444,6 +509,7 @@ static void trigger_legacy_roam(struct cand_bss *bss) wifi_cfg.sta.bssid_set = true; os_memcpy(wifi_cfg.sta.bssid, bss->bssid, ETH_ALEN); esp_wifi_internal_issue_disconnect(WIFI_REASON_BSS_TRANSITION_DISASSOC); + esp_wifi_roaming_set_current_bssid(bss->bssid); esp_wifi_set_config(WIFI_IF_STA, &wifi_cfg); esp_wifi_connect(); ESP_LOGI(ROAMING_TAG, "Disconnecting and connecting to "MACSTR" on account of better rssi",MAC2STR(bss->bssid)); @@ -458,7 +524,7 @@ void roaming_app_trigger_roam(struct cand_bss *bss) gettimeofday(&now, NULL); ESP_LOGD(ROAMING_TAG,"Processing trigger roaming request."); if (time_diff_sec(&now, &g_roaming_app.last_roamed_time) < g_roaming_app.config.backoff_time ) { - ESP_LOGD(ROAMING_TAG,"Ignoring request as time difference to last request is %ld",time_diff_sec(&now, &g_roaming_app.last_roamed_time)); + ESP_LOGD(ROAMING_TAG,"Ignoring request as time difference to last request is %ld",time_diff_sec(&now, &g_roaming_app.last_roamed_time)); goto free_bss; } #if NETWORK_ASSISTED_ROAMING_ENABLED @@ -492,7 +558,6 @@ void roaming_app_trigger_roam_internal_handler(void *ctx, void *data) } else { roaming_app_trigger_roam((struct cand_bss *)data); } - } static int wifi_post_roam_event(struct cand_bss *bss) @@ -529,7 +594,6 @@ void print_ap_records(struct scanned_ap_info *ap_info) } - #if PERIODIC_RRM_MONITORING static void periodic_rrm_request(struct timeval *now) { @@ -546,6 +610,35 @@ static void periodic_rrm_request(struct timeval *now) static bool candidate_security_match(wifi_ap_record_t candidate) { + u8 transition_disable = wpa_supplicant_get_transition_disable(); + +#if CONFIG_ESP_WIFI_ROAMING_PREVENT_DOWNGRADE + if (transition_disable & TRANSITION_DISABLE_WPA3_PERSONAL) { + if (candidate.authmode == WIFI_AUTH_WPA2_PSK) { + return false; + } + } + if (transition_disable & TRANSITION_DISABLE_ENHANCED_OPEN) { + if (candidate.authmode == WIFI_AUTH_OPEN) { + return false; + } + } + if (transition_disable & TRANSITION_DISABLE_WPA3_ENTERPRISE) { + if (candidate.authmode == WIFI_AUTH_WPA2_ENTERPRISE) { + return false; + } + } +#if TODO // application doesn't have a way to know SAE-PK enabled AP atm + if (transition_disable & TRANSITION_DISABLE_SAE_PK) { + /* This is a simplification. A more accurate check would involve + * parsing the candidate's RSN IE to see if it supports SAE-PK. + * For now, we reject all SAE APs if SAE-PK is enforced. */ + if (candidate.authmode == WIFI_AUTH_WPA3_PSK) { + return false; + } + } +#endif +#endif wifi_auth_mode_t curr_auth = g_roaming_app.current_bss.ap.authmode; wifi_auth_mode_t cand_auth = candidate.authmode; ESP_LOGV(ROAMING_TAG, "Cand authmode : %d, Current Authmode : %d", cand_auth, curr_auth); @@ -581,10 +674,45 @@ static bool candidate_security_match(wifi_ap_record_t candidate) return false; } -static bool candidate_profile_match(wifi_ap_record_t candidate) +#if CONFIG_ESP_WIFI_ROAMING_BSSID_BLACKLIST +static void remove_expired_blacklist_entries(void) { - return candidate_security_match(candidate); + struct timeval now; + gettimeofday(&now, NULL); + int j = 0; + for (int i = 0; i < g_roaming_app.bssid_blacklist_count; i++) { + if (time_diff_sec(&now, &g_roaming_app.bssid_blacklist[i].timestamp) <= CONFIG_ESP_WIFI_ROAMING_BLACKLIST_TIMEOUT) { + if (i != j) { + g_roaming_app.bssid_blacklist[j] = g_roaming_app.bssid_blacklist[i]; + } + j++; + } else { + ESP_LOGI(ROAMING_TAG, "BSSID " MACSTR " removed from blacklist due to timeout", MAC2STR(g_roaming_app.bssid_blacklist[i].bssid)); + } + } + g_roaming_app.bssid_blacklist_count = j; } +#endif + +static bool is_bssid_blacklisted(const uint8_t *bssid) +{ +#if CONFIG_ESP_WIFI_ROAMING_BSSID_BLACKLIST + remove_expired_blacklist_entries(); + for (int i = 0; i < g_roaming_app.bssid_blacklist_count; i++) { + if (memcmp(g_roaming_app.bssid_blacklist[i].bssid, bssid, ETH_ALEN) == 0) { +#if CONFIG_ESP_WIFI_ROAMING_AUTO_BLACKLISTING + if (g_roaming_app.bssid_blacklist[i].failures >= CONFIG_ESP_WIFI_ROAMING_MAX_CONN_FAILURES) { + return true; + } +#else + return true; +#endif + } + } +#endif + return false; +} + /* Remember to always call this function with the ROAM_SCAN_RESULTS_LOCK */ static void parse_scan_results_and_roam(void) { @@ -594,16 +722,18 @@ static void parse_scan_results_and_roam(void) int8_t rssi_diff = 0; uint8_t i; int8_t best_ap_index = -1; - wifi_ap_record_t ap_info; - roaming_app_get_ap_info(&ap_info); for (i = 0; i < g_roaming_app.scanned_aps.current_count; i++) { - rssi_diff = g_roaming_app.scanned_aps.ap_records[i].rssi - ap_info.rssi; + if (is_bssid_blacklisted(g_roaming_app.scanned_aps.ap_records[i].bssid)) { + ESP_LOGD(ROAMING_TAG, "BSSID " MACSTR " is blacklisted, skipping", MAC2STR(g_roaming_app.scanned_aps.ap_records[i].bssid)); + continue; + } + rssi_diff = g_roaming_app.scanned_aps.ap_records[i].rssi - g_roaming_app.current_bss.ap.rssi; ESP_LOGD(ROAMING_TAG, "The difference between ("MACSTR", "MACSTR") with rssi (%d,%d) is : %d while the threshold is %d and the best rssi diff yet is %d, thecand_auth is %d", - MAC2STR(g_roaming_app.scanned_aps.ap_records[i].bssid),MAC2STR(ap_info.bssid), - g_roaming_app.scanned_aps.ap_records[i].rssi, ap_info.rssi, + MAC2STR(g_roaming_app.scanned_aps.ap_records[i].bssid),MAC2STR(g_roaming_app.current_bss.ap.bssid), + g_roaming_app.scanned_aps.ap_records[i].rssi, g_roaming_app.current_bss.ap.rssi, rssi_diff, rssi_threshold, best_rssi_diff, g_roaming_app.scanned_aps.ap_records[i].authmode); - if ((memcmp(g_roaming_app.scanned_aps.ap_records[i].bssid, ap_info.bssid, ETH_ALEN) != 0) && - candidate_profile_match(g_roaming_app.scanned_aps.ap_records[i]) && rssi_diff > best_rssi_diff ) { + if ((memcmp(g_roaming_app.scanned_aps.ap_records[i].bssid, g_roaming_app.current_bss.ap.bssid, ETH_ALEN) != 0) && + candidate_security_match(g_roaming_app.scanned_aps.ap_records[i]) && rssi_diff > best_rssi_diff ) { best_rssi_diff = rssi_diff; best_ap_index = i; } @@ -646,7 +776,7 @@ static void scan_done_event_handler(void *arg, ETS_STATUS status) g_roaming_app.scan_ongoing = false; ROAM_SCAN_RESULTS_UNLOCK(); } -static void conduct_scan(void) +static bool conduct_scan(void) { /* Update scan time in global structure */ gettimeofday(&g_roaming_app.scanned_aps.time, NULL); @@ -654,9 +784,10 @@ static void conduct_scan(void) os_memset(&g_roaming_app.scanned_aps, 0, sizeof(struct scanned_ap_info)); if (esp_wifi_promiscuous_scan_start(&g_roaming_app.config.scan_config, scan_done_event_handler) < 0) { ESP_LOGE(ROAMING_TAG, "failed to issue scan"); - return; + return false; } ESP_LOGI(ROAMING_TAG, "Issued Scan"); + return true; } static void determine_best_ap(int8_t rssi_threshold) @@ -669,7 +800,9 @@ static void determine_best_ap(int8_t rssi_threshold) g_roaming_app.scan_ongoing = true; g_roaming_app.current_rssi_threshold = rssi_threshold; if (time_diff_sec(&now,&g_roaming_app.scanned_aps.time) > SCAN_RESULTS_USABILITY_WINDOW) { - conduct_scan(); + if (!conduct_scan()) { + g_roaming_app.scan_ongoing = false; + } } else { parse_scan_results_and_roam(); g_roaming_app.scan_ongoing = false; @@ -818,7 +951,6 @@ cleanup: return ret; } - static esp_err_t init_config_params(void) { g_roaming_app.config.backoff_time = ROAMING_BACKOFF_TIME; @@ -895,6 +1027,7 @@ void roam_init_app(void) ESP_LOGE(ROAMING_TAG, "No roaming method enabled. Roaming app cannot be initialized"); return; #endif + memset(&g_roaming_app, 0, sizeof(g_roaming_app)); #if LOW_RSSI_ROAMING_ENABLED ESP_ERROR_CHECK(esp_event_handler_register(WIFI_EVENT, WIFI_EVENT_STA_BSS_RSSI_LOW, &roaming_app_rssi_low_handler, NULL)); @@ -932,6 +1065,10 @@ void roam_deinit_app(void) &roaming_app_neighbor_report_recv_handler)); /* Disabling the periodic scan and RRM events */ g_roaming_app.periodic_rrm_active = false; + if (g_roaming_app.btm_neighbor_list) { + os_free(g_roaming_app.btm_neighbor_list); + g_roaming_app.btm_neighbor_list = NULL; + } if (neighbor_list_lock) { os_mutex_delete(neighbor_list_lock); neighbor_list_lock = NULL; @@ -943,6 +1080,92 @@ void roam_deinit_app(void) } } +#if CONFIG_ESP_WIFI_ROAMING_BSSID_BLACKLIST +static void roaming_app_blacklist_add_handler(void *ctx, void *data) +{ + uint8_t *bssid = data; + if (g_roaming_app.bssid_blacklist_count >= CONFIG_ESP_WIFI_ROAMING_MAX_CANDIDATES) { + ESP_LOGE(ROAMING_TAG, "Blacklist is full"); + os_free(bssid); + return; + } + for (int i = 0; i < g_roaming_app.bssid_blacklist_count; i++) { + if (memcmp(g_roaming_app.bssid_blacklist[i].bssid, bssid, ETH_ALEN) == 0) { + ESP_LOGD(ROAMING_TAG, "BSSID " MACSTR " already in blacklist", MAC2STR(bssid)); + os_free(bssid); + return; // Already blacklisted + } + } + memcpy(g_roaming_app.bssid_blacklist[g_roaming_app.bssid_blacklist_count].bssid, bssid, ETH_ALEN); +#if CONFIG_ESP_WIFI_ROAMING_AUTO_BLACKLISTING + g_roaming_app.bssid_blacklist[g_roaming_app.bssid_blacklist_count].failures = CONFIG_ESP_WIFI_ROAMING_MAX_CONN_FAILURES; +#endif + gettimeofday(&g_roaming_app.bssid_blacklist[g_roaming_app.bssid_blacklist_count].timestamp, NULL); + g_roaming_app.bssid_blacklist_count++; + ESP_LOGI(ROAMING_TAG, "BSSID " MACSTR " added to blacklist", MAC2STR(bssid)); + os_free(bssid); +} + +esp_err_t esp_wifi_blacklist_add(const uint8_t *bssid) +{ + if (!bssid) { + return ESP_ERR_INVALID_ARG; + } + uint8_t *bssid_copy = os_malloc(ETH_ALEN); + if (!bssid_copy) { + return ESP_ERR_NO_MEM; + } + memcpy(bssid_copy, bssid, ETH_ALEN); + if (eloop_register_timeout(0, 0, roaming_app_blacklist_add_handler, NULL, bssid_copy) != 0) { + os_free(bssid_copy); + return ESP_FAIL; + } + return ESP_OK; +} + +static void roaming_app_blacklist_remove_handler(void *ctx, void *data) +{ + uint8_t *bssid = data; + int found_index = -1; + for (int i = 0; i < g_roaming_app.bssid_blacklist_count; i++) { + if (memcmp(g_roaming_app.bssid_blacklist[i].bssid, bssid, ETH_ALEN) == 0) { + found_index = i; + break; + } + } + + if (found_index != -1) { + // Shift elements to fill the gap + int remaining_entries = g_roaming_app.bssid_blacklist_count - found_index - 1; + if (remaining_entries > 0) { + memmove(&g_roaming_app.bssid_blacklist[found_index], &g_roaming_app.bssid_blacklist[found_index + 1], remaining_entries * sizeof(struct blacklist_entry)); + } + g_roaming_app.bssid_blacklist_count--; + ESP_LOGI(ROAMING_TAG, "BSSID " MACSTR " removed from blacklist", MAC2STR(bssid)); + } else { + ESP_LOGD(ROAMING_TAG, "BSSID " MACSTR " not found in blacklist", MAC2STR(bssid)); + } + os_free(bssid); +} + +esp_err_t esp_wifi_blacklist_remove(const uint8_t *bssid) +{ + if (!bssid) { + return ESP_ERR_INVALID_ARG; + } + uint8_t *bssid_copy = os_malloc(ETH_ALEN); + if (!bssid_copy) { + return ESP_ERR_NO_MEM; + } + memcpy(bssid_copy, bssid, ETH_ALEN); + if (eloop_register_timeout(0, 0, roaming_app_blacklist_remove_handler, NULL, bssid_copy) != 0) { + os_free(bssid_copy); + return ESP_FAIL; + } + return ESP_OK; +} +#endif + /* No need for this to be done in pptask ctx */ esp_err_t roam_get_config_params(struct roam_config *config) { diff --git a/components/wpa_supplicant/CMakeLists.txt b/components/wpa_supplicant/CMakeLists.txt index 07d0f9566b..ff4659ee42 100644 --- a/components/wpa_supplicant/CMakeLists.txt +++ b/components/wpa_supplicant/CMakeLists.txt @@ -245,6 +245,7 @@ idf_component_register(SRCS "${srcs}" "${esp_srcs}" "${tls_src}" "${roaming_src} INCLUDE_DIRS include port/include esp_supplicant/include PRIV_INCLUDE_DIRS src src/utils esp_supplicant/src src/crypto ../esp_wifi/wifi_apps/roaming_app/include + ../esp_wifi/wifi_apps/roaming_app/src LDFRAGMENTS ${linker_fragments} PRIV_REQUIRES mbedtls esp_timer esp_wifi) diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_common.c b/components/wpa_supplicant/esp_supplicant/src/esp_common.c index 60e5cc0e5c..6d9f9d4b42 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_common.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_common.c @@ -24,6 +24,7 @@ #include "rsn_supp/wpa.h" #include "esp_private/wifi.h" #include "esp_wifi_types_generic.h" +#include "esp_roaming.h" /* Utility Functions */ esp_err_t esp_supplicant_str_to_mac(const char *str, uint8_t dest[6]) @@ -643,6 +644,9 @@ void wpa_supplicant_connect(struct wpa_supplicant *wpa_s, config->sta.channel = bss->channel; /* supplicant connect will only be called in case of bss transition(roaming) */ esp_wifi_internal_issue_disconnect(WIFI_REASON_BSS_TRANSITION_DISASSOC); +#if CONFIG_ESP_WIFI_ENABLE_ROAMING_APP + esp_wifi_roaming_set_current_bssid(bss->bssid); +#endif esp_wifi_set_config(WIFI_IF_STA, config); os_free(config); esp_wifi_connect(); diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c b/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c index 948f271397..42cbbe92d8 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.c @@ -189,4 +189,9 @@ void wpa_sm_disassociate(struct wpa_sm *sm, int reason_code) { /*check if need clear internal state and data value*/ } + +u8 wpa_supplicant_get_transition_disable(void) +{ + return wpa_sm_get_transition_disable(&gWpaSm); +} #endif diff --git a/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.h b/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.h index 48ff0a6379..1a1d57993b 100644 --- a/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.h +++ b/components/wpa_supplicant/esp_supplicant/src/esp_wpas_glue.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2019-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2019-2025 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -7,6 +7,8 @@ #ifndef WPAS_GLUE_H #define WPAS_GLUE_H +#include "rsn_supp/wpa_i.h" + u8 *wpa_sm_alloc_eapol(struct wpa_sm *sm, u8 type, const void *data, u16 data_len, size_t *msg_len, void **data_pos); @@ -35,4 +37,6 @@ void wpa_supplicant_transition_disable(struct wpa_sm *sm, u8 bitmap); int hostapd_send_eapol(const u8 *source, const u8 *sta_addr, const u8 *data, size_t data_len); + +u8 wpa_supplicant_get_transition_disable(void); #endif /* WPAS_GLUE_H */ diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index ff260dee9e..cbd0a2083b 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -1434,6 +1434,7 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, if (ie.transition_disable) { wpa_supplicant_transition_disable(sm, ie.transition_disable[0]); + sm->transition_disable = ie.transition_disable[0]; } if (sm->key_install && sm->key_info & WPA_KEY_INFO_INSTALL && sm->use_ext_key_id) { @@ -1451,6 +1452,11 @@ failed: wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); } +u8 wpa_sm_get_transition_disable(struct wpa_sm *sm) +{ + return sm->transition_disable; +} + static int wpa_supplicant_activate_ptk(struct wpa_sm *sm) { int keylen; diff --git a/components/wpa_supplicant/src/rsn_supp/wpa_i.h b/components/wpa_supplicant/src/rsn_supp/wpa_i.h index 42fcbc2e49..49955a6185 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa_i.h +++ b/components/wpa_supplicant/src/rsn_supp/wpa_i.h @@ -9,6 +9,8 @@ #ifndef WPA_I_H #define WPA_I_H +#include "common/defs.h" + extern struct wpa_sm gWpaSm; #define DEFAULT_EAPOL_VERSION 1 @@ -97,6 +99,7 @@ struct wpa_sm { struct wpa_gtk_data gd; //used for calllback save param u16 key_info; //used for txcallback param u16 txcb_flags; + u8 transition_disable; bool ap_notify_completed_rsne; wifi_pmf_config_t pmf_cfg; u8 eapol1_count; @@ -223,6 +226,8 @@ int wpa_set_bss(uint8_t *macddr, uint8_t *bssid, uint8_t pairwise_cipher, uint8_ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len); +u8 wpa_sm_get_transition_disable(struct wpa_sm *sm); + int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr, const struct wpa_eapol_key *key, struct wpa_ptk *ptk); #ifdef CONFIG_WPA3_COMPAT