Instead of requiring low-level access to an NFC device and synchronous
operations, the new WPS_NFC_TOKEN and WPS_NFC ctrl_iface commands can be
used to build a NFC password token and initiate WPS protocol run using
that token (or pre-configured values) as separate commands. The
WPS_NFC_TOKEN output can be written to a NFC tag using an external
program, i.e., wpa_supplicant does not need to have low-level code for
NFC operations for this.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, a pending scan request could be left running when processing
DISCONNECT command from control interface. This can result in unexpected
scan, so cancel the request to avoid this.
Signed-hostap: Jouni Malinen <j@w1.fi>
Use wpa_supplicant_set_state() to initialize state to DISCONNECT so that
autoscan gets initialized properly. This needs a change in
autoscan_init() to avoid extra scan request that would postpone the
first scan request when an interface is added.
Signed-hostap: Jouni Malinen <j@w1.fi>
Add an additional parameter to prioritize either sta or p2p connection
to resolve conflicts arising during single channel concurrency.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
This is a workaround for interoperability issues with some deployed P2P
implementations that require a Provision Discovery exchange to be used
before GO Negotiation. The new provdisc parameter for the p2p_connect
command can be used to request this behavior without having to run a
separate p2p_prov_disc command.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The nl80211 driver interface does not allow 128-bit WEP to be used
without a vendor specific cipher suite and no such suite is defined for
this purpose. Do not accept WEP key length 16 for nl80211 driver
interface forn ow. wext-interface can still try to use these for
backwards compatibility.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If the AP indicates support for Hotspot 2.0, show this in the
ctrl_iface commands for BSS table and status.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Do not try to associate with a network that has an invalid or incomplete
configuration because the association or at least data connection would
fail anyway. This commits adds a common function for checking whether a
network block is disabled to make it easier to check network blocks
without having to reject them during configuration file parsing (which
would prevent wpa_supplicant from starting). The only additional check
added in this commit is to verify the WEP key length. Similar checks for
other parameters can be added in future commits.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 7de5688d68 started using
wpa_supplicant_ctrl_iface_ctrl_rsp_handle() from the D-Bus code, but
left this function in ctrl_iface.c that is included conditionally. Fix
this by moving the common function into wpa_supplicant.c so that it can
be included for builds that include only either ctrl_iface or D-Bus.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
An existing persistent group information can now be used to force GO
Negotiation to use the previously used SSID/passphrase from a persistent
group if we become a GO. This can be used as an alternative to inviting
a new P2P peer to join the group (i.e., use GO Negotiation with GO
intent 15 instead of starting an autonomous GO and using invitation),
e.g., in case a GO Negotiation Request is received from a peer while we
are not running as a GO. The persistent group to use for parameters is
indicated with persistent=<network id> parameter to p2p_connect.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant can now be requested to automatically figure out whether
the indicated peer is operating as a GO and if so, use join-a-group
style PD instead of pre-GO Negotiation PD.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
p2p_connect command can now be used with an optional "auto" parameter
to request wpa_supplicant to determine automatically whether to use
join-a-group operation (if the peer is operating as a GO) or group
formation. This makes it easier for external programs to handle
connection type selection by offloading this to wpa_supplicant. The
previously used p2p_connect join commands can be replaced with
p2p_connect auto to use this new mechanism.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This optional parameter to the BSS command can be used to select which
fields are included in the output to avoid having to parse through
unneeded information and to reduce the buffer size.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Enable control of wpa_s->scan_interval via D-Bus. This parameter
controls the delay between successive scans for a suitable AP.
Also, update dbus.doxygen with ScanInterval, and some other
parameters that were undocumented.
Signed-hostap: Mukesh Agrawal <quiche@chromium.org>
There is no need to use reassociation instead of association in a case
the previous connection was explicitly disconnected.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This allows the ctrl_iface SCAN command to be used to run through a scan
to collect full scan results when sched_scan is in progress. sched_scan
will be re-started automatically after the full scan.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Move disassociate and deauthenticate commands to ctrl_iface_ap.c, so
that they ares accessible for wpa_supplicant AP mode and wpa_cli (with
CONFIG_AP option enabled).
Signed-hostap: Jithu Jance <jithu@broadcom.com>
A list of disallowed frequencies for P2P channel list can now be
configured with P2P_SET disallow_freq. The frequencies (or frequency
pairs) are comma separated. For example:
wpa_cli p2p_set disallow_freq 2462,5000-6000
The allowed P2P channel list is constructed by removing explicitly
disallowed channels from the channel list received from the driver.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
New wpa_cli commands list_creds, add_cred, remove_cred, and set_cred
can now be used to manage credentials similarly to the commands used
with network blocks.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant can now be configured to filter out scan results based
on a BSSID filter. Space-separated set of allowed BSSIDs can be set
with wpa_cli set bssid_filter command. Filtering mechanism can be
disabled by setting this variable to an empty list. When set, only
the BSSes that have a matching entry in this list will be accepted
from scan results.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Extra parameter "no-connect" can now be added to the ENABLE_NETWORK
ctrl_iface command to avoid automatic connection to the enabled
network.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
"wpa_cli set radio_disabled 1/0" can be used to disable/enable
radio to simulate out-of-radio-range condition in a testbed
device.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The BSS ctrl_iface command can sow the age of a BSS table entry to
make it easier for external programs to figure out whether an entry
is still current depending on the use case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
"BSS p2p_dev_addr=<P2P Device Address>" can now be used to fetch a
specific BSS entry based on the P2P Device Address of the GO to avoid
having to iterate through the full BSS table when an external program
needs to figure out whether a specific peer is currently operating as
a GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When a GO is operating a persistent group and invites a peer that has
been a P2P client in that persistent group, the Invitation Type in the
Invitation Request frame can be set to 1 to indicate that this is a
reinvocation of a persistent group. Do this based on the maintained
list of P2P clients that have been provided the credentials to this
group.
Signed-hostap: Jouni Malinen <j@w1.fi>
This will be needed to be able to move ctrl_iface TERMINATING event to
the end of interface removal.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
dev_id=<P2P Device Addr> can now be specified as an argument to
p2p_find to request P2P find for a specific P2P device.
Signed-hostap: Jouni Malinen <j@w1.fi>
Add "persistent=<network id>" line to P2P_PEER ctrl_iface data
if a persistent group credentials are available for this peer.
This makes it easier for external programs to figure out when
a persistent group could be re-invoked with this peer.
For now, this information is only available on the P2P client,
but similar information can be added for GO once a list of P2P
clients is maintained with the persistent group data.
Signed-hostap: Jouni Malinen <j@w1.fi>
The P2P module provides access to public peer data in struct
p2p_peer_info. Use this to build the P2P_PEER information in
ctrl_iface.c instead of providing such text format data from the P2P
module.
The internal data that was previously built in p2p_get_peer_info() as
part of the text format peer data is now available through a separate
p2p_get_peer_info_txt() function. This is still included in P2P_PEER
output to maintain backwards compatibility with external programs that
could have started to use this. However, it should be noted that this
data is not really supposed to be used for anything else apart from
debugging purposes and its format is subject to change.
Signed-hostap: Jouni Malinen <j@w1.fi>
Need to remove ROAM command processing since the needed functionality
for it gets removed with CONFIG_NO_SCAN_PROCESSING=y.
Signed-hostap: Jouni Malinen <j@w1.fi>
The whole wpa_supplicant_ctrl_iface_ctrl_rsp_handle() function operates
on the ssid->eap field which exists only if IEEE8021X_EAPOL has been
defined. Therefore the whole function body needs to be enclosed within
an #ifdef/endif block.
Signed-hostap: Antonio Quartulli <ordex@autistici.org>
Convert core wpa_supplicant code to use u64 instead of void * for the
P2P service discovery reference. Use uintptr_t in type casts in
p2p_supplicant.c to handle the conversion without warnings.
Note: This needs to be revisited for 128-bit CPU where sizeof(void *)
could be larger than sizeof(u64).
Signed-hostap: Jouni Malinen <j@w1.fi>
This can be used to request Provision Discovery Request to be sent
for the purpose of joining a running group, e.g., to request the GO
to display a PIN that we can then use with p2p_connect join command.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
"wpa_cli status wps" can now be used to fetch the WPA2-Personal
passphrase from AP mode operation with wpa_supplicant to make it
easier to meet WPS requirements for legacy STA support.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When normal scan can speed up operations, use that for the first three
scan runs before starting the sched_scan to allow user space sleep more.
We do this only if the normal scan has functionality that is suitable
for this or if the sched_scan does not have better support for multiple
SSIDs.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
"SET pno <1/0>" ctrl_iface command can now be used to start/stop PNO
with sched_scan driver commands. This will request offloading of
scanning to find any of the enabled networks in the configuration.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Use capability information to decide whether to perform a given TDLS
operation internally or through mgmt-frame Tx.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
This command allows an external program manage the BSS blacklist
and display its current contents.
Note: The blacklist is considered to be internal mechanism within
wpa_supplicant and changing it can have unexpected results.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This can be used to display the current debugging level and to change
the log level during run time.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This adds the basic mechanism for running through network selection:
scan, ANQP fetch, network selection, and connection. Actual rules for
network selection and the creation of the network block are still
missing, but will be added in separate commits.
Add mechanism for using GAS/ANQP to query Interworking related
information from APs. The received information is stored in the BSS
table and can be viewed with ctrl_iface BSS command.
New ctrl_iface command ANQP_GET can be used to fetch ANQP elements from
a specific AP. Additional commands FETCH_ANQP and STOP_FETCH_ANQP can be
used to initiate and stop an iteration through all APs in the BSS table
that indicate support Interworking to fetch ANQP elements from them.
The P2P specification (3.1.4.3) disallows use of the Label configuration
method between two P2P devices. This was previously enforced at upper
level, but the obsolete code can be removed from wpa_supplicant. This
adds a bit more strict enforcement of the policy, but should not result
in practical differences since no known P2P implementation uses Label
config method.
If a network configuration block is removed or modified, flush
all PMKSA cache entries that were created using that network
configuration. Similarly, invalidate EAP state (fast re-auth).
The special case for OKC on wpa_supplicant reconfiguration
(network_ctx pointer change) is now addressed as part of the
PMKSA cache flushing, so it does not need a separate mechanism
for clearing the network_ctx values in the PMKSA cache.
Make sure that the WPA and EAPOL state machines do not hold a pointer
to a network configuration that is about to be freed. This can fix
potential issues with references to freed memory.
It is now possible to configure the the time in seconds that
wpa_supplicant waits before requesting a new scan after failing to find
a suitable network in scan results.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Replace compile-time BSS cache expiration age and scan count by config
parameters that can be set via wpa_cli and the new D-Bus API. The latter
is done with interface properties BSSExpireAge and BSSExpireCount.
Use a specific return value, WPS-PBC-OVERLAP, to indicate a reason
for rejecting a wps_pbc command in wpa_supplicant AP mode if the
PBC mode cannot be started due to PBC session overlap having been
detected during monitor time.
If there is already a link the requested peer, request start of
renegotiation instead of completely new link. This seems to be needed
to allow some driver to accept the trigger for a new negotiation.
These special test cases can be configured at run time with "wpa_cli
tdls_testing <value>" where <value> is an integer (either as a decimal
or as a hex value with 0x prefix) bitmap of special features with
following bits available at this point:
bit 0 = long frame (add dummy subelement to make FTIE very long)
bit 1 = use alternative RSN IE (different RSN capab value and no extra
replay counters)
bit 2 = send incorrect BSSID in Link Identifier of TDLS Setup Request
(e.g., 1 = long FTIE, 2 = different RSN IE, 3 = both of those)
This is disabled by default and can be enabled for the build by
adding the following line to .config:
CFLAGS += -DCONFIG_TDLS_TESTING
Previous code was assuming that the P2P module is always initialized.
However, that is not the case anymore with drivers that do not support
P2P. Add verification of whether P2P is enabled before trying to execute
P2P commands.
An optional parameter, p2p_dev_addr, can now be given to WPS_PBC
command on P2P GO to indicate that only the P2P device with the
specified P2P Device Address is allowed to connect using PBC. If
any other device tries to use PBC, a session overlap is indicated
and the negotiation is rejected with M2D. The command format for
specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g.,
WPS_PBC p2p_dev_addr=02:03:04:05:06:07
In addition, show the PBC session overlap indication as a WPS failure
event on an AP/GO interface. This particular new case shows up as
"WPS-FAIL msg=4 config_error=12".
I tried these commands:
./wpa_cli -i wlan0 p2p_group_add
./wpa_cli -i wlan0 p2p_find
The second one results in following messages because it is invalid
operation.
-------
nl80211: Scan trigger failed: ret=-95 (Operation not supported)
P2P: Failed to start p2p_scan
-------
But the second one shows "OK" on control console.
This patch makes it to show "FAIL".
Previously, both NULL and ff:ff:ff:ff:ff:ff addr were used in various
places to indicate default/broadcast keys. Make this more consistent
and useful by defining NULL to mean default key (i.e., used both for
unicast and broadcast) and ff:ff:ff:ff:ff:ff to indicate broadcast
key (i.e., used only with broadcast).
The destination address for p2p_serv_disc_resp must always be set
to an individual MAC address unlike p2p_serv_disc_req which may use
00:00:00:00:00:00 to indicate wildcard query. As such, we should not
try to check for this special case here.
Replacing the BSSID with 'any' has never worked with wps_reg
command, so better not claim it could work. In addition, reject
this is wpa_supplicant to make it clearer that the operation
fails.
This command can be used to enroll a network based on a local
network configuration block instead of having to (re-)learn the
current AP settings with wps_er_learn.
The driver wrapper can now indicate whether the driver supports
concurrent operations on multiple channels (e.g., infra STA connection
on 5 GHz channel 36 and P2P group on 2.4 GHz channel 1). If not,
P2P_CONNECT commands will be rejected if they would require
multi-channel concurrency.
The new failure codes for P2P_CONNECT:
FAIL-CHANNEL-UNAVAILABLE:
The requested/needed channel is not currently available (i.e., user has
an option of disconnecting another interface to make the channel
available).
FAIL-CHANNEL-UNSUPPORTED:
The request channel is not available for P2P.
This cleans up debug log from unnecessary entries when using
wpa_cli/hostapd_cli or other ctrl_iface monitors that PING
periodically to check connectivity.
Instead of build time options (CONFIG_WPS_TESTING_EXTRA_CRED and
CONFIG_WPS_EXTENSIBILITY_TESTING), use a single build option
(CONFIG_WPS_TESTING) and runtime configuration of which testing
operations are enabled. This allows a single binary to be used
for various tests.
The runtime configuration can be done through control interface
with wpa_cli/hostapd_cli commands:
Enable extensibility tests:
set wps_version_number 0x57
Disable extensibility tests (WPS2 build):
set wps_version_number 0x20
Enable extra credential tests:
set wps_testing_dummy_cred 1
Disable extra credential tests:
set wps_testing_dummy_cred 0
ctrl_interface STA_AUTOCONNECT command can now be used to disable
automatic reconnection on receiving disconnection event. The default
behavior is for wpa_supplicant to try to reconnect automatically, i.e.,
to maintain previous behavior.
A new ctrl_interface command, WPS_CANCEL, can now be used to cancel
a pending or ongoing WPS operation. For now, this is only available
with wpa_supplicant (either in station or AP mode). Similar
functionality should be added for hostapd, too.