This is similar to SAVE_CONFIG on control interface, which allow users
to update the configuration file.
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
The AP is not expected to send out a WNM-Sleep Mode Response frame
without the STA trying to use WNM-Sleep Mode. Drop such unexpected
responses to reduce unnecessary processing of the frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
WNM Sleep Mode Response frame is used to update GTK/IGTK only if PMF is
enabled. Verify that PMF is in use before using this field on station
side to avoid accepting unauthenticated key updates. (CVE-2015-5310)
Signed-off-by: Jouni Malinen <j@w1.fi>
Some APs may send RSC octets in EAPOL-Key message 3 of 4-Way Handshake
or in EAPOL-Key message 1 of Group Key Handshake in the opposite byte
order (or by some other corrupted way). Thus, after a successful
EAPOL-Key exchange the TSC values of received multicast packets, such as
DHCP, don't match the RSC one and as a result these packets are dropped
on replay attack TSC verification. An example of such AP is Sapido
RB-1732.
Work around this by setting RSC octets to 0 on GTK installation if the
AP RSC value is identified as a potentially having the byte order issue.
This may open a short window during which older (but valid)
group-addressed frames could be replayed. However, the local receive
counter will be updated on the first received group-addressed frame and
the workaround is enabled only if the common invalid cases are detected,
so this workaround is acceptable as not decreasing security
significantly. The wpa_rsc_relaxation global configuration property
allows the GTK RSC workaround to be disabled if it's not needed.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
The SCAN TYPE=ONLY results do not trigger a connection operation
automatically. As such, there was no explicit operation that would
change wpa_state after such a scan-only operation and WPA_SCANNING state
could have been left in effect until the next operation is triggered by
an external command. This is not desirable, so restore the wpa_state
that was in use when the scan was started in case WPA_SCANNING state is
still set when the scan operation completes.
This was triggered by the following mac80211_hwsim test sequence:
dbus_wps_oom scan_trigger_failure
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, wnm_deallocate_memory() was called only if we decided to
move to another BSS at the completion of an accepted BSS Transition
Management Request. This resulted in the candidate information being
left in effect for the following scan operation if we were already
associated with the preferred candidate. This could result in unexpected
behavior in the following connection attempt.
Fix this by clearing the candidate information even if we do not need to
roam to another BSS.
This was triggered with mac80211_hwsim test cases in this sequence:
wnm_bss_tm ap_track_sta_force_2ghz
Signed-off-by: Jouni Malinen <j@w1.fi>
libwpa_test1 and libwpa_test2 targets can now be used to check
libwpa_client linking for static and shared library cases respectively.
Signed-off-by: Jouni Malinen <j@w1.fi>
Building libwpa_client requires src/utils/common.c for bin_clear_free()
else loading the library fails with:
Error relocating /usr/lib/libwpa_client.so: bin_clear_free: symbol not found
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
All interface globals are now exposed as D-Bus properties of type
string, and parsed via the normal interface global parsing functions.
Signed-off-by: Dan Williams <dcbw@redhat.com>
hmac_sha256_kdf() got pulled in only if CONFIG_ERP=y is set. Fix
test_sha256() by making the test case conditional on the function being
present.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is useful for logrotate to be able to rotate the file even if the
control interface is not enabled (e.g., when using DBus).
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Linux packet socket workaround(*) has an impact in performance when the
workaround socket needs to be kept open to receive EAPOL frames. While
this is normally avoided with a kernel that has the issue addressed by
closing the workaround packet socket when detecting a frame through the
main socket, it is possible for that mechanism to not be sufficient,
e.g., when an open network connection (no EAPOL frames) is used.
Add a build option (CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y) to disable the
workaround. This build option is disabled by default and can be enabled
explicitly on distributions which have an older kernel or a fix for the
kernel regression.
Also remove the unused variable num_rx.
(*) Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596
('bridge: respect RFC2863 operational state') from 2012 introduced a
regression for using wpa_supplicant with EAPOL frames and a station
interface in a bridge.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
Instead of trying to associate in configuration that is known to result
in the AP rejecting the association, reject the BSS candidate based on
the MFPR=1 RSN capability when STA configuration has PMF disabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
This element is required to have at least four octets of actual payload.
This was not previously verified before use and the extra buffer data
after the IE might have been used instead if a received WNM-Sleep Mode
Response frame was invalid.
Signed-off-by: Jouni Malinen <j@w1.fi>
This moves the type cast needed for the current driver interface to
ieee802_11_set_tfs_ie() to allow the WNM-Sleep parsing routines to use
const pointers.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
If hostapd or wpa_supplicant is built from a git repository, add a
VERSION_STR postfix from the current git branch state. This is from "git
describe --dirty=+". VERSION_STR will thus look something like
"2.6-devel-hostap_2_5-132-g4363c0d+" for development builds from a
modified repository.
This behavior is enabled automatically if a build within git repository
is detected (based on ../.git existing). This can be disabled with
CONFIG_NO_GITVER=y in wpa_supplicant/.config and hostapd/.config.
Signed-off-by: Jouni Malinen <j@w1.fi>
Vendor specific IEs added to frame type P2P_ASSOC_RESP are saved in
the interface context, but as they are added as part of the P2P IEs,
they need to be saved in the global P2P context.
Fix this by directing vendor specific IEs added to P2P_ASSOC_RESP
frame type to the P2P context.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This makes it easier to analyze debug logs for issues related to
multiple pending Action TX frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Do not expire scan results entries based on scan results from a scan
that was aborted. The aborted scan did not scan all the requested
channels or SSIDs, so the fact that a BSS is missing from the scan
results does not mean it is not available.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
CTWindow was set for all AP interfaces if the driver supports it and
this parameter is set in wpa_supplicant configuration. This results in
failing to start an AP that is not a P2P GO as this setting is rejected
by the driver.
Fix that by setting the CTWindow only for P2P GO interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add a global D-Bus handler ExpectDisconnect for setting
wpa_s->own_disconnect_req flag. This flag will prevent wpa_supplicant
from adding blacklists and requesting incomplete scan upon the incoming
disconnection. This is mainly meant for a case where suspend/resume is
used and some external component knows about that and can provide the
information to wpa_supplicant before the disconnection happens.
Signed-off-by: Ningyuan Wang <nywang@google.com>
It was possible for wpa_s->own_disconnect_req to be left set to 1 from a
disconnection attempt from a prior connection. This could then prevent
proper connection failure processing with the new connection in
wpas_connection_failed(). This was triggered by the following hwsim test
case sequence: wpas_mesh_secure sae_no_ffc_by_default. In this sequence,
the SAE failure due to unsupported group did not result in proper
wpas_connection_failed() processing and retry.
Fix this by clearing wpa_s->own_disconnect_req in
wpa_supplicant_associate() before starting a new connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When one peer doesn't include a persistent group info in PD Request
the other peer shouldn't report a persistent group usage with this
peer even if such a persistent group exists locally. This condition
could be violated in the previous implementation.
In case a local persistent group exists and the
wpas_p2ps_prov_complete() function is called with persist_ssid parameter
set to NULL, wpa_supplicant reported P2PS-PROV-DONE with persist=<idx>
instead of conncap=<role> parameter.
This happened because the wpas_p2p_get_persistent() function was called
without verification whether the persist_ssid was set to NULL. In this
case the wpas_p2p_get_persistent() returns the first existing persistent
group matching the P2P Device Address without verifying the group's
SSID. After that the group ID is used as persist=<idx> parameter of
P2PS-PROV-DONE event.
Fix the issue by adding persist_ssid and persist_ssid_size verification
as a condition for the wpas_p2p_get_persistent() call.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
On successful P2P PD, report the chosen frequency in case the local
device is going to be the P2P GO, so in can later be used to instantiate
the new P2P GO, etc.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add operating channel selection and channel list processing similar to
that done when building GO Negotiation Request, i.e., consider the
currently used channels, configured channels, etc.
P2PS introduces a flow where a responder needs to provide channel data
without being previously aware of the current constraints, i.e., the
channels currently in use by other interfaces. To handle this, extend
the get_group_capability() callback to also handle channel selection
aspects of group capabilities.
In case there is an active P2P GO that is going to be used for the P2PS
PD, force its current operating frequency in the PD attributes.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Change the connection capability handling so that in case there are no
active roles, the peer has an active GO, and the advertisement supports
operation as a client, the returned connection capability is set to
client.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The code was iterating all the interfaces, and for each interface
iterated all the network blocks to count active P2P GO and P2P Client
interfaces.
Change the code to reuse wpas_p2p_get_go_group() to get a P2P GO
interface and add wpas_p2p_get_cli_group() and use it to find a
P2P Client interface, and use these objects when evaluating the
group capability.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Re-factor wpas_p2p_get_go_group() to:
1. Skip the dedicated P2P Device management interface if it is used.
2. Instead of iterating all the interface configured networks,
only access the current_ssid pointer to check if the current
interface is acting as a persistent P2P GO.
To avoid code duplication, also re-factor wpas_p2p_group_go_ssid()
to call wpas_p2p_get_go_group().
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This allows wpa_supplicant to expose internally unknown ANQP-elements in
the BSS command. For example, "ANQP_GET <BSSID> 265" can be used to
fetch the AP Geospatial Location ANQP-element and if the AP has this
information, the "BSS <BSSID>" command will include the response as
"anqp[265]=<hexdump>".
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The switch to BoringSSL broke keystore-backed keys because
wpa_supplicant was using the dynamic ENGINE loading to load
the keystore module.
The ENGINE-like functionality in BoringSSL is much simpler
and this change should enable it.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
IEEE Std 802.11-2012 13.3.1 states that the AID should be generated on
the local node for each peer. Previously, we were using the peer link ID
(generated by the peer) which may not be unique among all peers. Correct
this by reusing the AP AID generation code.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
dl_list_del() must be called before freeing the list entries. Neither of
these cases caused problems because the full list data structure was
freed, but still, it is better to do this properly.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some operations like a new scan result processing can result in large
number of wpa_supplicant control interface messages being generated.
Especially with multiple control interface monitors, this could result
in hitting the output queue length maximum and event messages getting
dropped. In worst case, that could even result in hitting ten
consecutive sendto() errors which could result in an attached monitor
socket getting detached.
Avoid this type of issues by throttling monitor event transmission based
on the output queue length. If more than half of the maximum send buffer
is used, postpone sending of following event messages until the pending
output queue has dropped below the limit.
Signed-off-by: Jouni Malinen <j@w1.fi>
The CSA channel and operating class values need to be set for all types
of channel switch (i.e., either if it's triggered by the control
interfaces or due to the GO-follows-STA flow). To do so, move the code
that sets them from the GO-follows-STA flow to the more generic
hostapd_fill_csa_settings() function.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Some management frames contain CSA counters which should be updated by
kernel. Change driver op send_mlme() allowing to send a frame,
specifying an array of offsets to the CSA counters which should be
updated. For example, CSA offsets parameters should be specified when
sending Probe Response frames during CSA period.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Channel switch notification was handled only for AP/GO interfaces. As
the notification can be sent on other interface types as well, extend
the handling to handle other interface types.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add new GO frequency move policy. The P2P_GO_FREQ_MOVE_SCM_ECSA prefers
SCM if all the clients advertise eCSA support and the candidate
frequency is one of the group common frequencies.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>