wpa_supplicant used to maintain the list of rejected groups for SAE over
multiple failed attempts. This could have some DoS issues, so clear this
list if SAE authentication attempts fails continuously.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add support for SSID protection in 4-way handshake based on the
mechanism added in IEEE 802.11REVme/D6.0. This is a mitigation against
CVE-2023-52424 (a.k.a. the SSID Confusion Attack).
This functionality is disabled by default and can be enabled with
ssid_protection=1 in the network profile. Once there has been more
testing of this to confirm there is no significant interoperability
issues, the goal is to be able to change this to be enabled by default.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
wpa_supplicant might use a wrong BSS entry with the SSID different from
the current SSID of the current BSS while processing a roam event from
the driver when wpa_supplicant has a stale BSS entry with the old SSID
and the driver roams to the same BSS after it is restarted with a new
SSID.
To avoid this, update scan results from the driver when a BSS entry is
not found with the current SSID and try to fetch the BSS entry again
with the current SSID after this.
Also, with this change wpa_supplicant_get_new_bss() itself will update
the BSS table and search for the current BSS entry if it is not found in
the BSS table. So, remove the BSS table update and search logic from the
callers of wpa_supplicant_get_new_bss().
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add a new wpa_supplicant network profile parameter max_idle that can be
used to specify a specific maximum idle period in units of 1000 TUs
(1.024 s) for associations.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allocate static IPv4 address in EAPOL frames during 4-way handshake
instead of DHCP when using P2P invitation. wpa_s->current_bss needs to
be set for the P2P specific IP address assignment mechanism to be used
in wpa_supplicant_rsn_supp_set_config(). This worked for the initial P2P
connection, but not for some cases reinvoking a persistent group.
Since there is only one AP (P2P GO) in the P2P client case, the
conditions added in commit 4d3be9cdd1 ("Postpone updating of
wpa_s->current_bss till association event") are not needed and the
easiest approach for this is to allow current_bss to be set for
p2p_in_invitation cases. If the GO P2P Interface Address (BSSID) could
be determined for all the related cases, this could be addressed a bit
more cleanly by setting the go_bssid argument for
wpas_start_p2p_client(), but that can be left as a possible future step.
Signed-off-by: tzu-meng wang <tzu-meng.wang@mediatek.com>
Make the channel switch complete event, WPA_EVENT_CHANNEL_SWITCH,
accessible to the action script.
Signed-off-by: arun.jose <arun.jose.wg@bp.renesas.com>
D-Bus expects "persistent" to be a bool (0/1) and crashes otherwise.
Since persistent may also be 2 convert it to boolean.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
In case the channel map was updated to include the 6 GHz but these channels
were not scanned yet, do not allow fast associate.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
If one sends a Probe Request frame to a non-TX BSSID, no AP MLD ID
should be included in the request. Permit mld_id to be -1 so that it is
not a required argument and can be left out.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
When the authentication is an MLD authentication need to use the AP MLD
MAC address when requesting the driver to deauthenticate.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
In case of failure handling an Authentication frame from the AP MLD,
clear the MLD state only after the deauthentication is done. This allows
deauthentication process to use the AP MLD MAC address.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
If parsing the basic ML element in the Authenticate frame fails,
instead of only disassociating, completely deauthenticate so all
state machines would be in a consistent state.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
When considering to roam to a different BSS and the connection
is an MLD connection, do not roam to a BSS which is already
included in the MLD connection.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
wpa_s->connect_without_scan could have been left pointing to invalid
network when a network profile was removed. It seems to be possible for
this to happen in some hwsim test case scenarios under specific timing,
but the exact reason for this is not clear. In any case, this pointer
needs to be cleared.
Signed-off-by: Jouni Malinen <j@w1.fi>
OBSS scan can be required in different links if operating as an AP MLD.
When triggering scan, specify the link ID for the driver to find the
correct link to scan.
Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
Modules that use libpasn for PASN authentication need the context of
PASN data. PASN data is a common context for the library and the modules
using it. Hence, initialize the context through init and deinit
functions. Also use set and get functions to update the parameters.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
PMKSA cache API is included in libpasn.so used by external modules,
e.g., Wi-Fi Aware. To avoid dependency on IEEE8021X_EAPOL define for the
external modules at compile time, remove PMKSA cache static inline
functions from the header file and add wrapper function stubs.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
PTKSA cache API is included in libpasn.so used by external modules,
e.g., Wi-Fi Aware. To avoid dependency on CONFIG_PTKSA_CACHE define for
the external modules at compile time, remove PTKSA cache static inline
functions from the header file and add wrapper function stubs.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Try to find the BSS entry that contains the most likely current
information for the target BSS. This is mainly needed to avoid some
unusual behavior with APs changing their Beacon frame information in a
manner that shows up in automated testing, but this might help with some
more dynamic real world uses as well, so better do the BSS entry search
for the newest entry.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This wrapper function was not used at all, so remove it to make it
clearer that the set_ap() driver op is called only from hostapd code.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
In case we run command like:
wpa_cli -g <global_ctrl_path> command
don't print
"Selected interface " message.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@gmail.com>
When wpa_supplicant needed to update the internal BSS table with the
latest scan results from the driver, it fetched all BSSs and processed
them all. This is unnecessary for cases where an update is needed only
for a specific BSS. Optimize this by filtering out the unnecessary
entries from the results.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Commit 117e812d06 ("Update BSS table entry if roaming event indicates
frequency change") added wpa_supplicant BSS table update based on the
latest driver scan results whenever processing an association event that
results in the current operating channel changing. While that is needed
to cover the case where an AP changes its own operating channel (and
that is noticed as a roam or new connection instead of a channel switch
event), this should not really be needed for cases where the
wpa_supplicant entry for the new BSS is already up to date.
Skip the full BSS table update on association event if the event is for
a roaming case to a different BSS and the BSS entry for the target is
already available and for the current operating channel. This avoids
undesired latency when processing the association event.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Update EAP-WSC parameters to include Multi-AP profile info to pass the
profile information through the provisioning steps. This is needed for
provisioning the STA configuration when different profiles are used.
Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
Allow both hostapd and wpa_supplicant to be configured with the
supported Multi-AP profile. The configured value will be advertised in
the Multi-AP element.
Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
This makes it more convenient to handle extensions to the element and
allows code to be shared between hostapd and wpa_supplicant.
Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>
Add ANQP fields to the BSS properties to allow DBus clients to be
notified and obtain the values when it changes.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
Add a D-Bus method to perform ANQP get requests. The new method is
equivalent to the "anqp_get" command available in wpa_cli.
Signed-off-by: Damien Dejean <damiendejean@chromium.org>
To implement an action script that listens for DPP push button events
and for example blinks a LED it is useful to know when push button has
started. Emit an event when push button starts.
Signed-off-by: Evan Benn <evan.benn@morsemicro.com>
This is needed to be able to check validity of the channel parameters
for cases where EHT puncturing impacts what can be enabled for
HT/VHT/HE.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Only the 2.4 and 5 GHz channels were handled previously when removing
operating classes from the Supported Operating Classes element based on
the freq_list parameter. Extend this to include the 6 GHz band as well.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
A previous workaround was used to move the special operating class 130
to the end of the Supported Operating Classes element to avoid getting
any following entry being ignored or misunderstood. That is not really
the correct way of encoding the special cases, i.e., 80+80 MHz channels
that use two nonadjacent frequency segments.
Add support for encoding the 80+80 MHz channel with the 2-octet
operating class design using the Operating Class Duple sequence field of
the Supported Operating Classes element instead of listing the operating
classes that have the 80+ behavior limit set indication in Table E-4
(i.e., opclass 130 and 135) as 1-octet operating classes in the
Operating Classes field.
Fixes: a92660a00e ("Work around Supported Operating Classes element issues for 6 GHz")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Commit 085a3fc76e ("EHT: Add 320 channel width support") added this in
various places, but it did not cover everything. Extend this support to
be more complete. In particular, this allows wpa_supplicant to report
the operating class 137 in the Supported Operating Classes element and
to use it when processing beacon requests.
Signed-off-by: Ainy Kumari <quic_ainykuma@quicinc.com>
The INT_RANGE() cases for wpa_supplicant global and network profile
parameters ended up changing the configured value to the minimum value
if the provided value was too small or to the maximum value if the
provided value was too large. This does not seem most logical. Change
this to not change the configured value at all if the provided value is
outside the valid range.
Signed-off-by: Jouni Malinen <j@w1.fi>
These parameters have both a separate SET command handler and a global
configuration parameter handler. Only the global configuration parameter
handler for enforcing valid range checking. Do that for the SET command
as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
The following config file contains invalid items:
----
filter_rssi=1234 # should be rejected
network={
mode=-1 # should be rejected
ssid="ssid"
psk="password"
}
----
But it is accepted by the config parser. The issue is due to using NULL
to represent no limit. If a boundary is set to 0, it's disregarded.
Fix this.
Note that string parser is not affected as length cannot be negative and
we are not limiting any string to be always empty.
Signed-off-by: Chien Wong <m@xv97.com>
Use of wpa_s->p2p_go_no_pri_sec_switch needs to be conditional on
CONFIG_P2P being defined for the build to avoid a compilation error and
ssid->p2p_group to avoid using this for non-P2P AP mode case in
wpa_supplicant. Furthermore, it is better to clear this flag when
stopping a P2P GO to reduce risk of this getting used for a separate
instance of starting a GO.
Fixes: b18d957593 ("P2P: Disable pri/sec channel switch for GO with forced frequency")
Signed-off-by: Jouni Malinen <j@w1.fi>
In the MLD case, the information from the transition management request
is relevant during the association process in order to filter out links
that were disallowed by the BTM request. Also, the information remains
useful should a connection attempt fail.
To enable these scenarios, keep the information around until the
connection has completed. As this might make it impossible to establish
a connection, also clear this information at the same time that a normal
BSS ignore is cleared to avoid getting stuck in case the transition
fails unexpectedly.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
If the last link is dropped, it makes sense to follow the BTM procedure.
However, in that case we need to prevent reconnection to this link
specifically, while if the AP MLD is terminating we need to forbid
connecting to the AP MLD.
As such, add a new variable to track the BSSID or AP MLD MAC address.
Which one it refers to depends on whether wnm_link_removal is set.
This also simplifies the check in wnm_is_bss_excluded() and untangles it
from wpa_s->current_bss.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
All callers of wnm_send_bss_transition_mgmt_resp() are explicitly
passing wpa_s->wnm_dialog_token. As such, we might as well not pass it
and use the variable directly.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
There is no point in the caller to set it to zero. Just do so within
wnm_send_bss_transition_mgmt_resp().
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
The elements are (currently) not used except for sending an immediate
response similar to COLOC_INTF_REPORT with the main difference being
that the dialog token is included.
Do not store the elements. It easy enough to re-add this should the
implementation improve. And this fixes the fact that the variable is
cleared at odd times as wnm_deallocate_memory() is used specifically to
clear the neighbor report list of a BTM request.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
There is no need for this check as wpa_scan_res_match() already calls
the function through wpa_scan_res_ok() before accepting a match.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>