Commit graph

99 commits

Author SHA1 Message Date
Krishna T
12de8112b7 Fix BSS age underflow
While checking for stale BSSes, the current time is used as a basis and
then based on age the stale check time is calculated, but if this is
done too early in the boot and if either BOOTTIME/MONOTONIC (the one
Zephyr uses by default) are used then the stale check time underflows
and goes to future causing active BSS entries in the scan to be treated
as stale and flushed.

Fix this by adding a check before calculating stale time and ignore this
check till the system reaches the BSS expiration time (this would never
happen with REALTIME clock).

Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Signed-off-by: Sridhar Nuvusetty <sridhar.nuvusetty@nordicsemi.no>
2023-02-01 18:30:27 +02:00
Andrei Otcheretianski
8f89661df5 SME: Add support for handling authentication with MLD
In case both the local driver and the AP support MLD, request an MLD
authentication from the driver. When processing the authentication event
from the driver verify that the MLD address in the authentication data
matches that of the requested AP.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2022-12-17 17:31:41 +02:00
김우용
00a762c26e Do not drop connection attempt when reconnecting to the same ESS
Connection attempt could have been intermittently drop when reconnecting
to the same ESS due the current BSS entry getting removed immediately
after the disconnection for the purpose of reconnecting to the same ESS.

Avoid this by not removing a BSS entry for the same ESS when in this
special state of trying to reconnect to the same ESS.

Signed-off-by : WooYong Kim <wykim@newratek.com>
2022-11-05 12:36:56 +02:00
Veerendranath Jakkam
4bd3165249 bss: Parse and store MLD address of the AP from Multi-Link element
Parse Multi-Link element received in scan result to get AP MLD address
and cache it in the wpa_bss structure.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2022-09-15 16:00:51 +03:00
Shivani Baranwal
7784964cbe MLD STA: Fetch MLO connection info into core wpa_supplicant
Add support to fetch MLO connection info from the driver to the
wpa_supplicant instance of corresponding MLD STA interface. In addition,
return true for BSSs associated with MLO links from wpa_bss_in_use() to
avoid getting them cleared from scan results.

Co-authored-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
2022-09-15 05:55:40 +03:00
Jouni Malinen
b859b9bcea Simplify wpa_bss_get_vendor_ie_multi_beacon() bounds checking
This makes it easier for static analyzers to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-05-08 17:28:58 +03:00
Jouni Malinen
284e3ad196 Determine whether Beacon frame information is newer in scan results
It can be helpful to know whether the information elements from the
Beacon frame or the Probe Response frame are newer when using BSS table
entries, so make this information known, if available. This allows the
Beacon frame elements to be preferred over the Probe Response frame
elements when desired.

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-24 12:08:28 +03:00
Arowa Suliman
b829b7003a wpa_supplicant: Notify freq change on CH_SWITCH
wpa_supplicant does not send a D-Bus notification of the BSS frequency
change when a CSA happens. Sending a PropertyChanged signal with the
updated frequency will notify the network manager quickly, instead of
waiting for the next scan results.

Signed-off-by: Arowa Suliman <arowa@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
2021-02-06 16:50:19 +02:00
Jouni Malinen
8f557d2047 Make wpa_bss_ext_capab() handle NULL bss argument
This simplifies the callers that use wpa_s->current_bss (which could be
NULL).

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-06 12:09:30 +02:00
Jouni Malinen
454ebb504c BSS: Use variable length array for IEs at the end of struct wpa_bss
Replace the previously used design "(u8 *) (bss + 1)" with a variable
length array at the end of struct wpa_bss bss->ies[] in hopes of making
this easier to understand for static analyzers.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 16:25:17 +02:00
Jouni Malinen
be7ee264f6 BSS: Use wrapper function for getting a pointer to the IE buffer
This makes it easier to change the internal struct wpa_bss design for
storing the variable length IE buffers.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 16:21:56 +02:00
Jouni Malinen
95edd81441 BSS: Add wpa_bss_get_ie_ext() wrapper
This removes need from the callers to know the struct wpa_bss details
for the location of the memory area for storing the IEs.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 16:00:21 +02:00
Jouni Malinen
dba4f7a545 Mark wpa_bss_get_fils_cache_id() argument const
This function does not modify the BSS entry.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-16 15:52:22 +02:00
Jouni Malinen
f4de21a77a BSS/scan: More conversions to for_each_element_id()
Use the common IE parsing routine in hope of trying to make the length
checks easier for static analyzers. In addition, try to make the
*_vendor_ie_multi() cases easier to analyze as well even though they
cannot use for_each_element_id().

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-04 19:50:34 +02:00
Jouni Malinen
56a1df71e5 BSS: Convert wpa_bss_get_vendor_ie() to use for_each_element_id()
Use the common IE parsing routine in hope of trying to make the length
checks easier for static analyzers.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-11-03 21:10:01 +02:00
Sreeramya Soratkal
c575904761 P2P: Consider BSS entry pending for P2P joining as a known BSS
Consider the BSS entry that is pending for the P2P group join operation
also as a known network along with the existing configured networks.
This prevents removal of the BSS entry that is still in the process of
P2P join operation from the BSS table when the number of entries exceed
bss_max_count.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
2020-10-26 22:39:42 +02:00
Jouni Malinen
4391ddd639 Use size_t instead of unsigned_int for last_scan_res
This avoids a theoretical unsigned integer overflow case with 32-bit
integers, but something that could potentially be hit with 16-bit int
(though, even that part looks pretty theoretical in this particular case
of number of BSSs in scan results).

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-22 18:50:04 +02:00
Hu Wang
8214b45ba0 P2P: Use latest BSS entry if multiple P2P Device Addr matches found
If an AP (P2P GO) has changed its operating channel or SSID recently,
the BSS table may have multiple entries for the same BSSID.

Commit 702621e6dd ('WPS: Use latest updated BSS entry if multiple
BSSID matches found') fetches latest updated BSS entry based on
BSSID. Do the same when fetching an entry based on the P2P Device
Address.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-13 16:22:05 +03:00
Jouni Malinen
7deb0450bc Interworking: Print HESSID in debug messages
This makes it easier to understand ANQP queries needed during
Interworking network selection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-05 21:09:57 +03:00
Jouni Malinen
ed87f6a80e Use a helper function for checking Extended Capabilities field
The new ieee802_11_ext_capab() and wpa_bss_ext_capab() functions can be
used to check whether a specific extended capability bit is set instead
of having to implement bit parsing separately for each need.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-02 18:13:19 +02:00
Jouni Malinen
baf4c86379 HS 2.0: Request and process OSU Providers NAI List ANQP-element
Extend wpa_supplicant to use a separate OSU_NAI information from OSU
Providers NAI List ANQP-element instead of the OSU_NAI information from
OSU Providers list ANQP-element when connecting to the shared BSS
(Single SSID) for OSU.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-05 20:51:51 +03:00
Jouni Malinen
6a8a04d742 HS 2.0: Add fetching of Operator Icon Metadata ANQP-element
This extends wpa_supplicant Hotspot 2.0 ANQP routines to allow the
Operator Icon Metadata ANQP-element to be fetched with "ANQP_GET <bssid>
hs20:12". The result is available in the new hs20_operator_icon_metadata
entry in the "BSS <bssid>" output.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 16:40:42 +03:00
Jouni Malinen
869af30728 FILS: Use FILS Cache Identifier to extend PMKSA applicability
This allows PMKSA cache entries for FILS-enabled BSSs to be shared
within an ESS when the BSSs advertise the same FILS Cache Identifier
value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Jouni Malinen
d734201435 RRM: Enable beacon report with active/passive scan for all drivers
The requested behavior can be approximated for most use cases even if
the driver does not support reporting exact TSF values for frames.
Enable this capability for all drivers to make beacon report processing
more useful for a common use case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-03 19:53:03 +02:00
Jouni Malinen
9cad618679 FILS: Add Realm Information ANQP-element in BSS data
Add a named BSS command output entry for FILS Realm Information
ANQP-element (anqp_fils_realm_info).

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 11:41:51 +02:00
Jouni Malinen
cfadab269f nl80211: Move duplicate scan result removal to bss.c
The way the removal of duplicated (one per frequency) BSS entries in the
cfg80211 scan results were removed in driver_nl80211_scan.c
bss_info_handler() depended on having the full scan results available to
allow iteration through the other entries. This is problematic for the
goal of being able to optimize memory allocations for scan result
fetching in a manner that would not build the full result buffer in
memory.

Move this duplicate removal into bss.c since it has sufficient
information available for doing the same determination of which one of
two BSS entries is more current.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 19:26:47 +02:00
David Spinadel
1ac388633a Remove disconnected APs from BSS table if likely out-of-range
In some cases, after a sudden AP disappearing and reconnection to
another AP in the same ESS, if another scan occurs, wpa_supplicant might
try to roam to the old AP (if it was better ranked than the new one)
because it is still saved in BSS list and the blacklist entry was
cleared in previous reconnect. This attempt is going to fail if the AP
is not present anymore and it'll cause long disconnections.

Remove an AP that is probably out of range from the BSS list to avoid
such disconnections. In particular mac80211-based drivers use the
WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in locally generated
disconnection events for cases where the AP does not reply anymore.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-10-01 11:14:02 +03:00
vamsi krishna
00ec535060 WPS: Fix memory leak with wps_ie in wpa_bss_is_wps_candidate()
Fix possible memory leak in case if WPS is not enabled on the interface
for connection. This path was missed in commit
fae7b37260 ('WPS: Do not expire probable
BSSes for WPS connection').

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-17 12:39:14 +03:00
vamsi krishna
fae7b37260 WPS: Do not expire probable BSSes for WPS connection
When the BSS count reaches max_bss_count, the oldest BSS will be removed
in order to accommodate a new BSS. Exclude WPS enabled BSSes when going
through a WPS connection so that a possible WPS candidate will not be
lost.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-17 00:01:08 +03:00
Avraham Stern
231b04b6cb utils: Share a single helper function to get IE by ID
Add a helper function to find a certain IE inside IEs buffer by ID and
use this function in several places that implemented similar
functionality locally.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-21 17:14:56 +02:00
Jouni Malinen
1f32a23962 Avoid undefined behavior in pointer arithmetic in BSS IE parsing
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-24 21:43:54 +03:00
Avraham Stern
1a21fd37f9 Do not expire scan results based on aborted scan
Do not expire scan results entries based on scan results from a scan
that was aborted. The aborted scan did not scan all the requested
channels or SSIDs, so the fact that a BSS is missing from the scan
results does not mean it is not available.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-10-14 21:12:28 +03:00
Jouni Malinen
8c4a1026b8 Interworking: Support unknown ANQP-elements in BSS table
This allows wpa_supplicant to expose internally unknown ANQP-elements in
the BSS command. For example, "ANQP_GET <BSSID> 265" can be used to
fetch the AP Geospatial Location ANQP-element and if the AP has this
information, the "BSS <BSSID>" command will include the response as
"anqp[265]=<hexdump>".

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-07 17:07:21 +03:00
Jouni Malinen
dcc8bc82e0 Add BSS operating frequency to more debug messages
This makes it easier to analyze debug logs when figuring out channel
related issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 20:40:44 +03:00
Jingxiang Ge
3008d0a6b8 Do not mark BSS entry in use if SSID has changed
This allows a BSS entry to be expired if the AP has changed its SSID
while maintaining the same BSSID and we are associated with the BSS.
Previously, the same BSSID was enough to mark all BSS entries from the
BSSID as in use regardless of the SSID and as such, they could remain in
the wpa_supplicant BSS table indefinitely as long as the association
remaining.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-26 16:46:28 +03:00
Jouni Malinen
8c0d0ff22e Use a single cleanup timer per wpa_supplicant process
Previously, one timeout per process (by default every 30 seconds) was
used P2P peer expiration and another per-interface timeout (every 10
seconds) was used to expire BSS entries. Merge these to a single
per-process timeout that triggers every 10 seconds to minimize number of
process wakeups due to periodic operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:28:12 +03:00
Jouni Malinen
a6da824b19 Do not use C++ reserved words as variable names
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-26 13:36:55 +03:00
Jouni Malinen
d9d1b9527a Use SSID_MAX_LEN define instead of value 32 when comparing SSID length
This makes the implementation easier to understand.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-22 11:44:18 +03:00
Jouni Malinen
1d747e2a98 Add snr and est_throughput to the BSS entries
These values were previously used only for sorting the scan results, but
it may be useful to provide access to the used values through the BSS
entries.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 11:09:54 +02:00
ASHUTOSH NARAYAN
5ce6ac11ab Inteworking: Add support to update the ANQP Capability List into the BSS
In addition, add support for returning the capability list through
the BSS control interface command.

Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
2015-02-21 16:07:53 +02:00
ASHUTOSH NARAYAN
185ada4770 HS 2.0: Add support to update the HS20 Capability List into the BSS
In addition, add support for returning the capability list through the
BSS control interface command.

Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
2015-02-21 16:07:53 +02:00
Jouni Malinen
44177b69e8 Allow a BSS entry with all-zeros BSSID to expire
wpa_bss_in_use() used to determine that a BSS with BSSID of
00:00:00:00:00:00 is in use in almost every case since either
wpa_s->bssid or wpa_s->pending_bssid was likely to be cleared. This
could result in a corner case of a BSS entry remaining in the BSS table
indefinitely if one was added there with a (likely bogus) address of
00:00:00:00:00:00. Fix this by ignore wpa_s->bssid and
wpa_s->pending_bssid if the BSSID in the BSS table entry is
00:00:00:00:00:00.

In theory, that address is a valid BSSID, but it is unlikely to be used
in any production AP, so the potential expiration of a BSS entry with
that address during a connection attempt would not be a concern
(especially when a new scan would be enough to recover from that).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-02 19:46:58 +02:00
Jouni Malinen
a7f5271d52 Update pending connect radio work BSS pointer on scan update
It is possible for scan result processing or BSS entry removal to occur
while there is a pending connect or sme-connect radio work with a
previously selected BSS entry. The BSS pointer was previously verified
to be valid, i.e., still point to a BSS entry, at the time the actual
connection operation is started. However, that BSS entry could have
changed to point to another BSS if the old BSS entry was either removed
or reallocated and a new BSS entry was added at the same location in
memory. This could result in the connection attempt failing to configure
parameters properly due to different BSS information (e.g., different
BSSID).

Fix this by updated the pending connect radio work data on BSS entry
updates similarly to how the last_scan_res array was updated. If the
selected BSS entry is removed, this will still result in a failed
connection, but reallocated BSS entry is now followed properly and used
when the connection work starts.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-28 00:43:58 +02:00
Jason Abele
d73b3f2ea0 mesh: Use mesh id instead of SSID in BSS table
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Abele <jason.abele@gmail.com>
2014-10-25 17:45:35 +03:00
Dan Williams
3bd3257a0a dbus: add BSS Age property to indicate last-seen time
"Age" is the age in seconds since the BSS was last seen, and is
emitted as a PropertyChanged signal whenever the BSS is updated
from a scan result. It also returns the correct age when queried
directly.

This property can be used to resolve issues where, if no other
properties of the BSS changed from scan results (for example,
if the BSS always had 100% signal) no D-Bus signals would be
emitted to indicate that the BSS had just been seen in the scan.

Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-09-07 19:18:45 +03:00
Jouni Malinen
ece88f7697 Make last_scan_res update easier for static analyzers
The check based on last_scan_res_used is sufficient for making sure that
last_scan_res is allocated. However, it is a bit too complex for static
analyzers to notice, so add an explicit check to avoid bogus reports.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:10 +03:00
Jouni Malinen
1d2215fc67 HS 2.0R2: Add OSU Providers list ANQP element
wpa_supplicant can now request OSU Providers list with "hs20_anqp_get
<BSSID> 8".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
949938aadf Ask driver to report only new scan results if requested
If the BSS table within wpa_supplicant is flushed, request the driver to
flush its own scan result table during the next scan. This can avoid
unexpected old BSS entries showing up after BSS_FLUSH or FLUSH command
in cases where the driver may maintain its internal cache of scan
results (e.g., cfg80211 BSS table persists at least for 15 seconds).

In addition to doing this automatically on BSS_FLUSH/FLUSH, a new SCAN
command argument, only_new=1, can be used to request a manual scan
request to do same. Though, it should be noted that this maintains the
BSS table within wpa_supplicant. BSS_FLUSH followed by SCAN command can
be used to clear all BSS entries from both the driver and
wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 23:03:31 +02:00
Jouni Malinen
69278f7328 Remove unused last_scan_full
This parameter was not really used for anything else apart from a debug
message in the same function that set it. In addition, cfg80211 returns
the set of scanned frequencies even for the full scan, so the code that
was setting this conditionally on frequency list not being there was not
really ever entered either.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:27:48 +02:00
Johannes Berg
a12d34546a wpa_supplicant: Use monotonic time for last_scan check
This just serves to check if there was a scan within
the last 5 seconds, hence it should use monotonic time.
While at it, also use os_reltime_expired().

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 08:21:18 +02:00