There is no need to leave this temporary key in stack memory after
having been configured to the WPA state machine.
Signed-off-by: Jouni Malinen <j@w1.fi>
ap_ft_sae test case managed to hit a somewhat unclear error case which
resulted in "WPA: Failed to select WPA/RSN" print and not enough
information to figure out what exactly had went wrong.
Signed-off-by: Jouni Malinen <j@w1.fi>
Android framework maintains a state to process the scan results after
the scan is issued. If wpa_supplicant issues the scan during the
initialization, the one issued by the framework may fail (with EBUSY) if
the host driver is already processing the scan. Thus, the scan results
returned for the first scan triggered by wpa_supplicant are not
processed for getting displayed resulting in delay for the display of
the first scan results after the Wi-Fi subsystem initialization. Thus,
trigger the scan only based on the framework request on Android.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The mesh gate is used to bridge (or route) between mesh network and
another network. For example, mesh gate acts as router between mesh
network and IEEE 802.11 BSS network.
This command makes a virtual mesh interface to be used for mesh gate.
This command expects to be used like this.
wpa_cli -i wlan0 MESH_INTERFACE_ADD ifname=mesh0
wpa_cli -i mesh0 add_network
wpa_cli -i mesh0 set_network 0 ssid '"commell_2X_mmm"'
wpa_cli -i mesh0 set_network 0 mode 5
wpa_cli -i mesh0 set_network 0 frequency 2412
wpa_cli -i mesh0 set_network 0 key_mgmt SAE
wpa_cli -i mesh0 set_network 0 psk '"01234567"'
wpa_cli -i mesh0 mesh_group_add 0
wpa_cli -i wlan0 mesh_group_remove mesh0
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The send_eapol() callback was used by driver_test.c, but with that
removed, there is no remaining users of the alternative EAPOL frame
transmitting mechanism in wpa_supplicant, i.e., all remaining driver
interfaces use l2_packet instead. Remove the send_eapol() to get rid of
unused code.
Signed-off-by: Jouni Malinen <j@w1.fi>
Externally triggered scan could result in a new radio work item getting
started even when external radio work was in progress. Delay such start
until the external work is completed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The mesh group addition was designed to use wpa_s->connect_without_scan
to skip a scan. That path was skipped if wpa_supplicant_fast_associate()
allowed previous scan results to be used. This could result in undesired
double-initialization attempt for the mesh interface. Avoid this by not
using wpa_supplicant_fast_associate() when wpa_s->connect_without_scan
is set.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for wmm_ac_deinit() not getting called when an interface
was removed in a sequence where disassociation was not reported and
wmm_ac_notify_disassoc() did not get called. This resulted in leaking
whatever memory was allocated for WMM AC parameters. Fix that by calling
wmm_ac_notify_disassoc() from wpa_supplicant_cleanup().
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to fix some sequencies where a real scan in ap_scan=2
case would be issued even when the connection case would expect direct
connection without a scan.
This fixed an issue shown in hwsim test case autoscan_exponential
followed by ibss_open_fixed_bssid.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Send link measurement response when a request is received. Advertise
only RCPI, computing it from the RSSI of the request. The TX power field
is left to be filled by the driver. All other fields are not published.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Allow supplying an SSID for the SSID IE. If not supplied, no SSID IE is
sent, and the request implies the current SSID.
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
Add the ability to send a Neighbor Report Request (part of
RRM). Requester is then notified once the report arrives.
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
In case the AP we are associating with advertises support for RRM,
advertise our own RRM support in the (Re)Association Request frame. This
is done by adding an RRM Capabilities IE. The underlying driver is
expected to further add a Power Capabilities IE to the request, and set
the Radio Measurement flag in the Capability Info field. At this point
the RRM Capabilities IE advertises no measurement support.
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
When the list of preferred transition candidates is received, use the
identified channels to optimize the following scan so that no time is
wasted on other channels.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add add_tx_ts() and del_tx_ts() ops to notify the driver about
TSPEC add / delete.
Additionally, add wmm_ac_supported flag to indicate
whether the driver supports WMM AC.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Parse MESH_GROUP_ADD/REMOVE commands on ctrl interface and call
wpa_supplicant routines. These commands are used to start or
join and leave a mesh network.
The mesh id is given in the configuration file, therefore there is
no need to scan before joining a mesh network. We reuse the
connect_without_scan construct used by P2P for that same purpose.
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Javier Lopez <jlopex@gmail.com>
New kernels in wiphy_suspend() will call cfg80211_leave_all() that will
eventually end up in cfg80211_stop_ap() unless wowlan_triggers were set.
For now, use the parameters from the station mode as-is. It may be
desirable to extend (or constraint) this in the future for specific AP
mode needs.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The
functionality itself is not yet complete, i.e., this commit only
includes parts to negotiate the new AKM.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for scan result processing or BSS entry removal to occur
while there is a pending connect or sme-connect radio work with a
previously selected BSS entry. The BSS pointer was previously verified
to be valid, i.e., still point to a BSS entry, at the time the actual
connection operation is started. However, that BSS entry could have
changed to point to another BSS if the old BSS entry was either removed
or reallocated and a new BSS entry was added at the same location in
memory. This could result in the connection attempt failing to configure
parameters properly due to different BSS information (e.g., different
BSSID).
Fix this by updated the pending connect radio work data on BSS entry
updates similarly to how the last_scan_res array was updated. If the
selected BSS entry is removed, this will still result in a failed
connection, but reallocated BSS entry is now followed properly and used
when the connection work starts.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit fixes couple of connection failure paths where
wpas_connect_work_done() was not called, thus enabling the radio work
interface to proceed with the other queued actions.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 22628eca34 ('Support driver-based
BSS selection in ap_scan=1 mode') ended up disabling the special
ap_scan=2 WPS case where ap_scan=1 like scan followed by association is
used to find the WPS AP using wildcard SSID. Fix this by allowing
association request even with wpas_driver_bss_selection() when searching
for a WPS AP.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
DBus client should always request the proper netdev interface. This will
be necessary to get a consistent behavior whatever driver is in use:
iwlwifi (which requires a P2P mgmt dev), ath9/10k (which does not),
etc...
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Add smps_modes field, and let the driver fill it with its supported SMPS
modes (static/dynamic). This will let us start an AP with specific SMPS
mode (e.g., dynamic) that will allow it to reduce its power usage.
Signed-off-by: Eliad Peller <eliad@wizery.com>
This commit introduces a QCA vendor command and event to provide an
option to use extended versions of the nl80211 connect/roam operations
in a way that allows drivers to offload key management operations to the
driver/firmware.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This moves the addition of P2P Device interface into
wpa_supplicant_add_iface() so that this operation can be done
dynamically when adding an interface to an already running
wpa_supplicant process.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to allow dynamic removal of an interface that adds the
P2P Device interface without leaving behind the management interface
with invalid wpa_s->parent pointer.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is now possible to run hwsim_test like data connectivity test through
wpa_supplicant/hostapd control interface if CONFIG_TESTING_OPTIONS=y is
used for the build. Test functionality is enabled/disabled at runtime
with "DATA_TEST_CONFIG <1/0>". The "DATA_TEST_TX <dst> <src> <tos>"
command can be used to request a test frame to be transmitted.
"DATA-TEST-RX <dst> <src>" event is generated when the test frame is
received.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes wpa_supplicant SME create PMKSA cache entries from SAE
authentication and try to use PMKSA caching if an entry is found for the
AP. If the AP rejects the attempt, fall back to SAE authentication is
used.
Signed-off-by: Jouni Malinen <j@w1.fi>
Increase EAPOL startWhen to 2 for the case where the AP/GO has
advertised it supports WPS 2.0. This is done to make it less likely for
the EAPOL-Start frame to be sent out since that is only required for WPS
1.0. Not sending it can remove one unnecessary round trip from the EAP
exchange when the AP is going to start with EAP-Request/Identity
immediately based on the Association Request frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The MACsec addition placed one of the calls outside the #ifdef
IEEE802X_EAPOL block while the variable needed for this was defined only
within the block.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled for TLS-based EAP methods when
OpenSSL is used as the TLS library. This parameter can be used both as a
global parameter to set the default for all network blocks and as a
network block parameter to override the default for each network
profile.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, wpas_set_wowlan_triggers() could have been called in
uninitialized wpa_driver_capa data if the driver interface did not
support reporting of capabilities. While this would not really happen
with a driver wrapper that implements set_wowlan() and as such, would
not cause any difference in practice, it is better to clean this up to
make the code path easier to understand for static analyzers.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for local deauthentication request to leave sme-connect
radio work running even when there was no ongoing effort to complete the
connection anymore. Clean this up by marking sme-connect radio work
item, if any, done when clearing connection state after such
disconnection during connection.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use hostapd_freq_params instead of simple frequency parameter for driver
commands. This is preparation for IBSS configuration to allow use of
HT/VHT in IBSS.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Previously, the case of non-netdev P2P management device ended up
pulling in both the main interface (e.g., wlan0) and P2P Device
interface (from command line -m argument) as configuration. Similarly,
the main interface ended up included both configuration files. This is
not really helpful for various use cases, e.g., when permanent P2P group
information is stored in the P2P Devince interface, but it gets
duplicated in the main station interface configuration.
Clean this up by changing the -m<file> argument to replace, not
concatenate, configuration information. In other words, the main station
interface will not read this configuration and the P2P Device interface
(non-netdev) does not read parameters from the station interface
configuration file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
mac_addr=2 and preassoc_mac_addr=2 parameters can now be used to
configure random MAC address to be generated by maintaining the OUI part
of the permanent MAC address (but with locally administered bit set to
1). Other than that, these values result in similar behavior with
mac_addr=1 and preassoc_mac_addr=1, respectively.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds experimental support for wpa_supplicant to assign random local
MAC addresses for both pre-association cases (scan, GAS/ANQP) and for
connections. MAC address policy for each part can be controlled
separately and the connection part can be set per network block.
This requires support from the driver to allow local MAC address to be
changed if random address policy is enabled. It should also be noted
that number of drivers would not support concurrent operations (e.g.,
P2P and station association) with random addresses in use for one or
both.
This functionality can be controlled with the global configuration
parameters mac_addr and preassoc_mac_addr which set the default MAC
address policies for connections and pre-association operations (scan
and GAS/ANQP while not connected). The global rand_addr_lifetime
parameter can be used to set the lifetime of a random MAC address in
seconds (default: 60 seconds). This is used to avoid unnecessarily
frequent MAC address changes since those are likely to result in driver
clearing most of its state. It should be noted that the random MAC
address does not expire during an ESS connection, i.e., this lifetime is
only for the case where the device is disconnected.
The mac_addr parameter can also be set in the network blocks to define
different behavior per network. For example, the global mac_addr=1 and
preassoc_mac_addr=1 settings and mac_addr=0 in a home network profile
would result in behavior where all scanning is performed using a random
MAC address while connections to new networks (e.g.,
Interworking/Hotspot 2.0) would use random address and connections to
the home network would use the permanent MAC address.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, the shorter startWhen value was used based on build
parameters (i.e., if WPS was enabled). This is not really ideal and the
knowledge of WPS use can be provided to the EAPOL state machine to allow
this (and similar WPS workarounds) to be done only when the association
is for the purpose of WPS.
Reduce the default startWhen value from 3 to 2 seconds for non-WPS case
since WPS builds have likely received most testing for the past years
with the 1 second value and there is no strong justification for forcing
the longer 3 second wait should a frame be lost or something else
require the EAPOL-Start to initiate operation after a connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds following new control interface commands to allow arbitrary
vendor elements to be added into number of frames:
VENDOR_ELEM_ADD <frame id> <hexdump of elem(s)>
VENDOR_ELEM_GET <frame id>
VENDOR_ELEM_REMOVE <frame id> <hexdump of elem(s)>
VENDOR_ELEM_REMOVE <frame id> *
The following frames are supported in this commit (additional frames can
be added in the future):
0 = Probe Request frame in P2P device discovery
1 = Probe Response frame from P2P Device role
2 = Probe Response frame from P2P GO
3 = Beacon frame from P2P GO
4 = PD Req
5 = PD Resp
6 = GO Neg Req
7 = GO Neg Resp
8 = GO Neg Conf
9 = Invitation Request
10 = Invitation Response
11 = P2P Association Request
12 = P2P Association Response
One or more vendor element can be added/removed with the commands. The
hexdump of the element(s) needs to contain the full element (id, len,
payload) and the buffer needs to pass IE parsing requirements to be
accepted.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use an explicit memset call to clear any wpa_supplicant configuration
parameter that contains private information like keys or identity. This
brings in an additional layer of protection by reducing the length of
time this type of private data is kept in memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
While the buffer is expected to be large enough for all the IEs, it is
better to check for this explicitly when adding the HS 2.0 Indication
element. (CID 68601)
Signed-off-by: Jouni Malinen <j@w1.fi>
This removes number of unnecessary #ifdef CONFIG_P2P blocks from generic
code by hiding the conditional build into p2p_supplicant.h with empty
inline functions.
Signed-off-by: Jouni Malinen <j@w1.fi>
Performing a P2P Device flow such as p2p_listen or
p2p_find, can degrade the performance of an active interface
connection, if the listen frequency is different than the
frequency used by that interface.
To reduce the effect of P2P Device flows on other interfaces,
try changing the listen channel of the P2P Device to match the
operating channel of one of the other active interfaces. This change
will be possible only in case that the listen channel is not forced
externally, and will be delayed to a point where the P2P Device
state machine is idle.
The optimization can be configured in the configuration file and
is disabled by default.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Remove the seperation between getting the local interface frequency and
other interfaces frequencies since going over all the radio interfaces
includes the local interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
When the number of frequencies supported by the kernel is bigger than
one, and there is a need to pick a frequency for a new flow such as P2P
GO Negotiation or P2P Invitation, the flow should be able to pick the
best frequency among all the frequencies currently used by the device.
In order to prioritize between the currently used frequencies, add
the ability to collect additional data about each used frequency
(if the frequency is used by a station interface or P2P Client)
and when needed select the best frequency, where:
1. Infrastructure interfaces have highest priority
2. P2P Client interfaces have higher priority over AP/GO
interfaces.
The rational is that the frequency of an AP/GO can change while
that of a station interface cannot.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Remove the check for get_radio_name support from
get_shared_radio_freqs_data() since get_radio_name is no longer in use
in this function.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
The OSEN code path hardcodes number of struct wpa_ie_data items.
However, it did not clear the full structure and some uninitialized
fields could have been used (e.g., ie.mgmt_group_cipher for a debug
print and ie.capabilities for checking MFPC). Fix this by clearing the
ie data before filling in the hardcoded OSEN values.
Signed-off-by: Jouni Malinen <j@w1.fi>
Prepare for new extended capabilities bits by checking that the local
buffer is large enough to contain all the bits the driver requests. The
existing buffers are large enough to include anything defined until now,
but it would be possible to add more definitions in the future, so
increase them a bit as well to make this more future proof.
Signed-off-by: Jouni Malinen <j@w1.fi>
When there is a pending WPS negotiation for P2P and signal interrupt is
triggered, invalid read occurs in wpas_wps_terminate_pending() if
wpas_p2p_disconnect() removed the interface. Inverting deinit order
solves the issue.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Add a new wowlan_triggers option to wpa_supplicant.conf. The triggers in
this key will be used to configure the kernel wowlan configuration.
For now, support only simple flags. More complex triggers can be added
later on.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Previously, the frequency conflict was handled only during the
association flow. However, some drivers, e.g., mac80211 based
drivers, will fail an authentication request in case that there
are no available channels for use (as they might be used by
other interfaces), and thus the frequency conflict resolution
is never called.
Fix this by calling frequency conflict resolution during
authentication (SME-in-wpa_supplicant) as well.
In addition, get the shared radio frequency from the wpa_s context in
both the SME-in-driver and SME-in-wpa_supplicant cases and not from the
driver.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The normal scan counter is used to trigger a few normal scans before a
scheduled scan is issued. The reason for doing this is that we get
results faster and some drivers support more SSIDs per normal scan
than during sched scan. After 2 normal scans, we start using
sched_scan. But the problem is that when a connection succeeds, we do
not reset this counter, so we will keep using sched scans.
To fix this, now we reset the counter when we switch to WPA_COMPLETED
state.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Previously, it was possible to remove the main interface and leave
behind dynamic P2P group interfaces. This would eventually result in
references freed memory, so it is not really suitable behavior. Instesd,
remove all the dynamic P2P group interfaces that were created through an
interface that is now removed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This used to work, but it looks like the disabled-PSK-network check
ended up rejecting confiurations that configured a wildcard SSID with a
passphrase (instead of PSK).
Signed-off-by: Jouni Malinen <j@w1.fi>
According to the standard, if the max A-MPDU VHT cap is <= 3, we
have to adjust the max A-MPDU HT cap to the same value. Otherwise
it should be set to 3.
Take care of it when the max VHT A-MPDU value is overridden.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
This allows hostapd to set a different management group cipher than the
previously hardcoded default BIP (AES-128-CMAC). The new configuration
file parameter group_mgmt_cipher can be set to BIP-GMAC-128,
BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in
IEEE Std 802.11ac-2013.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
A previous patch "Support VHT capability overrides" missed one
place where HT overrides were being applied and where it would
also be useful to apply VHT overrides.
Signed-hostap: Paul Stewart <pstew@chromium.org>
This makes stations associate much faster when using lots of stations.
In addition, this avoids delaying the initial scan continuously for
dynamic interface removal/addition cases.
Signed-hostap: Ben Greear <greearb@candelatech.com>
Add an option to specify a configuration file that can be used to hold
the P2P_DEVICE configuration parameters. If this option is not used, the
P2P_DEVICE configuration parameters will be read from interface
configuration file.
Note that it is advised to use this option in some cases such as:
If a P2P_DEVICE is supported by the driver, the wpa_supplicant creates a
dedicated P2P Device interface, where the configuration file used for
the main interface is used. As a consequence, if the configuration file
includes network definition etc., the wpa_supplicant will try to perform
station specific flows on the P2P Device interface which will fail.
If a P2P_DEVICE is supported by the driver and update_config is used,
the P2P Device configuration data will override the main interface
configuration data.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
wpa_supplicant already allowed beacon interval to be configured for AP
mode operations, but this was not passed to the driver for IBSS even
though the same parameter can used for that case. Add this for the
nl80211 driver interface to allow beacon interval to be controlled for
IBSS as well.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant started delayed sched scan also on P2P Device interfaces,
resulting in erroneous scans and connection attempts. Skip that on
driver init when the interface is dedicated only for P2P management
purposes.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
As a P2P group has a unique SSID and one security domain, it does
not make sense to enable background scanning for roaming purposes.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Do not initialize bgscan if the user explicitly set bgscan to an empty
string. Without this patch wpa_supplicant tries to initialize bgscan to
the first option if the string is empty.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
This is needed to limit the number of consecutive authentication
attempts to no more than 10 within a 10-minute interval to avoid
unnecessary load on the authentication server. In addition, use a random
component in the delay to avoid multiple stations hitting the same
timing in case of simultaneous disconnection from the network.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_cli fetch_osu command can be used to fetch information about
all OSU providers and write that to a text file with the icons in
separate files. cancel_osu_fetch command can be used to stop ongoing OSU
provider list fetch.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Subscription remediation notification WNM-Notification Request is now
shown in the following way in wpa_supplicant control interface:
<3>HS20-SUBSCRIPTION-REMEDIATION http://example.com/foo/
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The HS 2.0 Indication element from wpa_supplicant now includes the
release number field and wpa_supplicant shows the release number of the
AP in STATUS command (hs20=1 replaced with hs20=<release>).
The new update_identifier field in the cred block can now be used to
configure the PPS MO ID so that wpa_supplicant adds it to the Indication
element in Association Request frames.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the connect or sme-connect radio work to get
re-scheduled while an earlier request was still pending, e.g.,
select_network is issued at the moment a scan radio work is in progress
and the old scan results are recent enough for starting the connection.
This could result in unexpected attempt to re-associate immediately
after completing the first connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
While testing rfkill blocking of a scanning interface, it
was seen that the ongoing scan never completes. This happens
since EVENT_SCAN_RESULTS is discarded on a disabled interface.
Fix this and also other possible radio work completion issues
by removing all the radio works (including started) of the
disabled interface.
To be able to remove already started radio works, make their
callbacks be reentrant with deinit flag (when the work
is started), so each radio work should be able to handle
its own termination.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This uses the new nl80211 attributes to allow the connect command to
provide bssid and freq hints to the driver without limiting roaming to
the specific BSS/frequency. This can be used by drivers that perform
internal BSS selection (WPA_DRIVER_FLAGS_BSS_SELECTION) as a candidate
for initial association.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
1. In wpa_config_process_bgscan() fix memory leak after
calling wpa_config_parse_string()
2. In hostapd_config_defaults(), on failure to allocate bss->radius,
conf->bss was not freed.
3. In p2p_deauth_nofif(), memory allocated in p2p_parse_ies() was not
freed in case of NULL minor_reason_code.
4. In p2p_disassoc_nofif(), memory allocated in p2p_parse_ies() was
not freed in case of NULL minor_reason_code.
5. In p2p_process_go_neg_conf(), memory allocated was not freed in
case that the P2P Device interface was not waiting for a
GO Negotiation Confirm.
6. In wpa_set_pkcs11_engine_and_module_path(), the wrong pointer was
checked.
Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
This new mechanism allows P2P Client to request an IPv4 address from the
GO as part of the 4-way handshake to avoid use of DHCP exchange after
4-way handshake. If the new mechanism is used, the assigned IP address
is shown in the P2P-GROUP-STARTED event on the client side with
following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP
address is included in the AP-STA-CONNECTED event on the GO side as a
new ip_addr parameter. The IP address is valid for the duration of the
association.
The IP address pool for this new mechanism is configured as global
wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask,
ip_addr_star, ip_addr_end. For example:
ip_addr_go=192.168.42.1
ip_addr_mask=255.255.255.0
ip_addr_start=192.168.42.2
ip_addr_end=192.168.42.100
DHCP mechanism is expected to be enabled at the same time to support P2P
Devices that do not use the new mechanism. The easiest way of managing
the IP addresses is by splitting the IP address range into two parts and
assign a separate range for wpa_supplicant and DHCP server.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This adds a QCA vendor specific nl80211 event to allow the driver to
indicate a list of frequency ranges that should be avoided due to
interference or possible known co-existance constraints. Such
frequencies are marked as not allowed for P2P use to force groups to be
formed on different channels.
If a P2P GO is operating on a channel that the driver recommended not to
use, a notification about this is sent on the control interface and
upper layer code may decide to tear down the group and optionally
restart it on another channel. As a TODO item, this could also be changed
to use CSA to avoid removing the group.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This patch resets the static interface_count to zero in case of
wpa_supplicant_driver_init() call for wpa_s which is in
INTERFACE_DISABLED state. This interface_count is used for the delay of
the scan which is now minimal for dynamically added interfaces. This may
collide with a scan for another interface, but the same is true for any
chosen delay in this scenario. Also the state change to DISCONNECTED is
moved to wpa_supplicant_driver_init() so it will move from
INTERFACE_DISABLED to INACTIVE when there are no enabled networks.
Tested-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Depending on the implementation, the scheduled scan may not give results
quickly when in DISCONNECTED state. This patch resets
wpa_s::normal_scans upon entering to the INTERFACE_DISABLED state so a
normal scan is assured upon going to DISCONNECTED state after the
interface has been re-enabled. This mainly solves a long reconnect time
observed upon repeated kernel driver reloads, i.e., third reload
resulted in a scheduled scan.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-hostap: Arend van Spriel <arend@broadcom.com>
Some EAP methods can go through a step that is expected to fail and as
such, should not trigger temporary network disabling when processing
EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as
a special case, but similar behavior is needed for EAP-FAST with
unauthenticated provisioning.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, only the last response data was kept in memory. This
increases that to hold up to two last responses to allow some more
parallel operations to be requested. In addition, the response data is
now freed as soon as the external program has fetched it.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
If an external program triggers a scan, wpa_supplicant does not have a
wpa_radio work item for this operation to protect against other
offchannel operations. This can result in operations failing, so try to
avoid damage by not starting any new wpa_radio work items during a scan
that was started by another process.
Signed-hostap: Jouni Malinen <j@w1.fi>
This type of protection against concurrent connection and scan
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.
Signed-hostap: Jouni Malinen <j@w1.fi>
Avoid concurrent P2P scan requests with any other exclusive use of the
radio by using the radio work queuing mechanism. This removes some of
the earlier workarounds that postponed scans depending on other
operations.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new radio work item concept can be used to request time for an
operation that requires exclusive radio control, e.g., a scan. Once the
radio is available, the registered callback function will be called.
radio_work_done() must be called once the exclusive radio operation has
been completed, so that the radio is freed for other operations. The
special case of deinit=1 is used to free the context data during
interface removal. That does not allow the callback function to start
the radio operation, i.e., it needs to free the allocated resources
and return.
Signed-hostap: Jouni Malinen <j@w1.fi>
Track set_key operations per-key index and clear keys on disconnection
only if the key was set (or may have been set which is the case for the
first operation after wpa_supplicant start).
Signed-hostap: Jouni Malinen <j@w1.fi>
These were somewhat more hidden to avoid direct use, but there are now
numerous places where these are needed and more justification to make
the extern int declarations available from wpa_debug.h. In addition,
this avoids some warnings from sparse.
Signed-hostap: Jouni Malinen <j@w1.fi>
WPA_CIPHER_* and CIPHER_* are used for the exact same set of cipher
suites with the main difference being that the WPA_CIPHER_* version is
suitable to be used as a bitfield. Similarly, WPA_KEY_MGMT_* and
KEY_MGMT_* have similar design for AKMs. There is no need to maintain
two separate copies of the definitions since the bitfield compatible
version can be used for both needs. Get rid of the CIPHER_* and
KEY_MGMT_* versions to clean up the implementation by getting rid of
unnecessary mapping functions.
Signed-hostap: Jouni Malinen <j@w1.fi>
The earlier changes to buffer EAPOL frames when not associated to avoid
race conditions (especially commit
3ab35a6603 but maybe something even before
that) broke PeerKey 4-way handshake. Fix this by using a separate check
before the race condition workaround to process PeerKey 4-way handshake
EAPOL-Key messages differently.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new freq=<frequency ranges> parameter to the SCAN command can be
used to request a scan to be performed on the specified set of channels
instead of on all channels. For example, "wpa_cli scan
freq=2400-2500,5180" would scan channels 1-14 and 36. Only the channels
that the driver indicates as enabled and that are within the specified
ranges are included in the request.
Signed-hostap: Jouni Malinen <j@w1.fi>
In wpa_supplicant_terminate_proc(), while iterating and
terminating interfaces, after an interface is terminated,
we can no longer access its memory as it is no longer valid
and causes a crash.
Fix this by saving the pointer to the next interface before freeing
the current one to avoid accessing an invalid memory location.
Signed-hostap: Moshe Benji <moshe.benji@intel.com>
Temporarily disabled networks are disabled for a certain
duration, so the code should use monotonic time.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The EAPOL RX workaround checks that the events are less than 100 ms
apart, so only uses relative times and should use monotonic time.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Stopping bgscan on any state other than COMPLETED results
in bgscan reset (stop + start) on every rekeying operation.
Signed-hostap: Eliad Peller <eliad@wizery.com>
Do not assume the driver supports QoS Mapping, but instead, advertise
support for this only if CONFIG_INTERWORKING is defined and driver
indicates support for configuring QoS Map.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 202dec2a94 introduced a never
ending loop for a case where a single wpa_supplicant process is used
with multiple radios. Fix this by advancing the iface pointer properly
to the next interface in the loop until a NULL pointer is hit.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Based on priority, remove the connection with least priority whenever
a frequency conflict is detected.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
struct wpa_radio is used as a shared data structure between all struct
wpa_supplicant instances that share the same physical radio.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit eb32460029 left an unneeded
sim_type argument to scard_init(). Remove that unnecessary argument to
clean up the implementation.
Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
This prints out get_shared_radio_freqs() results and related information
from P2P operations to make debug logs more helpful for figuring out
issues related to multi-channel concurrency.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The idx variable was mistakenly set to 0 at the beginning of the
interface iteration. This could result in the operating channel of the
interface calling the function from being removed from the returned
frequency array if other interfaces were operating.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
This option can be used to globally configure bgscan parameters
for all the network blocks.
Note that this configuration will not override a network block
specific bgscan settings, but will only be used in case that
the network block does not have a valid bgscan configuration.
Signed-hostap: Haim Dreyfuss <haim.dreyfuss@intel.com>
Both of these variables can result in optimized WPS scans, so better
clear these more consistently to avoid unexpected single-channel scans.
Signed-hostap: Jouni Malinen <j@w1.fi>
wpa_s->conf cannot be NULL because wpa_supplicant_init_iface() would not
allow wpa_supplicant_add_iface() to return wpa_s instance in such state.
Signed-hostap: Jouni Malinen <j@w1.fi>
Trying to access the SIM card details without checking if the eap_proxy
layer has been initialized can results in a crash. Address this by
sending the request for the IMSI through eapol_supp_sm.c which can
verify that eap_proxy has been initialized.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
DISCONNECT followed by ENABLE_NETWORK ended up starting a scan for a new
connection due to wpa_supplicant_enable_one_network() setting
wpa_s->reassociate = 1. This was done regardless of wpa_s->disconnected
being 1 which should imply that wpa_supplicant should not try to connect
before asked explicitly with REASSOCIATE or RECONNECT.
Fix this by making ENABLE_NETWORK setting of reassociate = 1 and
starting of scans for connection conditional on wpa_s->disconnected ==
0. This will make ENABLE_NETWORK trigger a connection only if
wpa_supplicant is already in a state where it would try to connect if
there are any enabled networks.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Offchannel operations needed for a GAS query can conflict with ongoing
scan/connection progress, so delay GAS queries if such an operation is
in progress on the current interface or any virtual interface sharing
the same radio.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new configuration parameter external_sim=<0/1> can now be used to
configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM
authentication for EAP-SIM or UMTS authentication for EAP-AKA). The
requests and responses for such operations are sent over the ctrl_iface
CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing
password query mechanism.
Changes to the EAP methods to use this new mechanism will be added in
separate commits.
Signed-hostap: Jouni Malinen <j@w1.fi>
Indicate support for QoS Mapping and configure driver to update the QoS
Map if QoS Map Set elements is received from the AP either in
(Re)Association Response or QoS Map Configure frame.
This commit adds support for receiving the frames with nl80211 drivers,
but the actual QoS Map configuration command is still missing.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add Extended Capabilities element to association request only if the AP
included this element in Beacon/Probe Response frames. This is a
workaround to address interoperability issues with some older APs that
do not seem to be able to handle Extended Capabilities element in
(Re)Association Request frames.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Killing the wpa_supplicant process or using TERMINATE ctrl_iface command
resulted in the process existing without cleaning up possibly added
dynamic P2P group interfaces. Clean this up by stopping each P2P group
before stopping eloop.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant crashes if driver configuration for AP mode interface
configuration fails after group negotiation. This is because of a
regression from commit 1075b29571 that
ends up freeing the wpa_s instance from within
wpa_supplicant_create_ap() without the caller knowing.
Fix this by using an eloop timeout to free remove the P2P group so that
wpa_supplicant_create_ap() and especially wpa_supplicant_associate()
callers do not need to know about interface getting possibly removed. In
addition, move the P2P specific code into p2p_supplicant.c where it
really belongs. This allows the already existing group formation timeout
to be used by reducing the timeout to zero.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Record all generated per-client PSKs in the persistent group network
block and configure these for the GO Authenticator whenever re-starting
the persistent group. This completes per-client PSK support for
persistent groups.
Signed-hostap: Jouni Malinen <j@w1.fi>
There were some code paths that allowed obsolete configuration data
pointer to be maintained within EAPOL supplicant in case a network was
removed while not connection to it (i.e., wpa_s->current_ssid not
pointing to the network that was removed). This could result in use of
freed memory, e.g., from eap_sm_notify_ctrl_attached() when a new
control interface connected prior to the EAPOL supplicant configuration
pointer got updated.
Signed-hostap: Jouni Malinen <j@w1.fi>
4-way handshake may fail under extremely noisy environment and if this
happens during P2P group formation, the 10 second extra delay added in
wpas_auth_failed() can result in running over the 15 second timeout.
Avoid this by skipping the delay mechanism in wpas_auth_failed() for the
P2P group formation case. The P2P formation timeout will take care of
stopping the attempts if the failure condition does not get resolved.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Some driver interfaces may not support the get_radio_name() design and
get_shared_radio_freqs() needs to be aware of such possibility when
determining shared radio frequencies.
Signed-hostap: Jouni Malinen <j@w1.fi>
There are devices that can operate several channels concurrently.
Change shared_vif_oper_freq() to get_shared_radio_freqs() that can
return an array of frequencies currently used by all the virtual
interfaces that share the same radio.
In addition, move it to wpa_supplicant.c, so it can be used by other
modules.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Signed-hostap: David Spinadel <david.spinadel@intel.com>
Previously, drivers only reported if they support multiple concurrent
channels, but did not report the maximum number of supported channels.
Add this reporting to the driver capabilities and add the implementation
to driver_nl80211.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Signed-hostap: David Spinadel <david.spinadel@intel.com>
Because a delayed scheduled scan will access the members of struct
wpa_supplicant which is freed and this can result in a crash,
wpa_supplicant needs to cancel delayed scheduled scan during cleanups.
Signed-hostap: Chengyi Zhao <chengyix.zhao@gmail.com>
Adding a new wpa_supplicant control interface for the dedicated
P2P_DEVICE would be quite confusing for programs that manage P2P
operations. Remove this control interface and require the global control
interface to be used since it will provide consistent interface for both
the new dedicated P2P_DEVICE (non-netdev) and old style P2P management
through a netdev.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit c68f6200a7 made these calls
conditional on !p2p_mgmt, but forced p2p_mgmt=1 for cases where the
driver does not use the dedicated P2P Device. Fix this by making the
!p2p_mgmt condition apply only if the driver does indicate use of a
dedicated P2P Device.
Signed-hostap: Jouni Malinen <j@w1.fi>
If the capability flag of the driver indicates a dedicated P2P Device is
supported, a P2P Device interface is created.
Create the P2P Device in main interface creation loop when the added
interface flags support and P2P supplicant is not yet initialized
avoiding recursion of add_interface.
Do not register l2_packet for P2P Device interface (both for EAPOL and
for TDLS).
Signed-hostap: Arend van Spriel <arend@broadcom.com>
In wpa_supplicant_deinit(), the function wpas_p2p_deinit_global()
was called. Remove it as it will be called from wpas_deinit_iface()
upon removal of the P2P management interface.
Signed-hostap: Arend van Spriel <arend@broadcom.com>
This makes ENABLE_NETWORK behave similarily to SELECT_NETWORK by
allowing a scan to be skipped if recent scan results are available.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The optional -G<group> command line argument can be used to specify the
group that can access the global control interface.
Signed-hostap: Jouni Malinen <j@w1.fi>
This cleans up debug log by not trying to process the disconnection
event as a failure that could result in blacklist addition and auto
connect attempt. These are pointless operations since the interface is
going to removed immediately after this.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
There is no point in marking a BSS temporarily blacklisted based on a
connection failure or disconnection case if that happens as a result of
a local request to disconnect. The blacklist entry could result on
unexpected BSS getting selected on the next connection attempt. In
addition, the code to try to find another BSS within the ESS could
result in scanning a single channel on the next attempt. Fix these
issues by handling the connection failure events only if we are not in
disconnected state (i.e., would try to reconnect after this
automatically).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Scanning can delay concurrent operations considerably, so it is better
to avoid that while trying to connect on any of the virtual interfaces
that share the same radio.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
cfg80211 rejects the set_key operations before the IBSS network has been
fully formed, so add one more attempt to set the key for WPA-None at
IBSS joined driver event.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need to repeat the driver capability fetch for each
operation since we already cache driver flags in wpa_s->drv_flags.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The Hotspot 2.0 specification seems to mandate this element to be
included in all (Re)Association Request frames if the station is Hotspot
2.0 capable. However, that results in conflicts with other requirements
like no TKIP use when this element is present. The design is really
supposed to include the indication element only for Hotspot 2.0
associations regardless of what the current specification implies.
Remove the HS 2.0 Indication element from (Re)Association Request frame
whenever the connection is not for Hotspot 2.0 purposes.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, only explicit indications of authentication failures were
used to disable a network block temporarily. Extend this to use multiple
failed connection attempts as a sign of a possible authentication or
authorization failure to reduce the frequency of connection attempts
with a network that does not seem to allow connection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
All wpa_supplicant_deinit_iface() callers ended up freeing wpa_s
immediately after this call. Move os_free(wpa_s) into the deinit
function to share the same call and make the deinit sequence clearer.
Signed-hostap: Jouni Malinen <j@w1.fi>
This option can be used only for global parameters that are not going
to be changed from settings.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Iliyan Malchev <malchev@google.com>
Some extended capabilities (I'm currently interested in "Operating Mode
Notification" for VHT) are implemented by the kernel driver and exported
in nl80211. Use these in hostapd/wpa_supplicant.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Make the implementation more consistent and cleaner by using a single
function for addressing all the cases where completion of a station mode
scan operation allows a P2P operation (search) to be re-started.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This fixes the lookup of a usable PMKSA entry in the cache. Using
wpa_s->current_ssid often returns nothing when a usable PMKSA exists in
the cache since wpa_s->current_ssid does not necessarily point to the
correct network entry at this point in time (prior to association).
Signed-hostap: Partha Narasimhan <parthan@gmail.com>
If a peer replies to persistent group invitation with status code 8
(unknown group), remove the peer from the p2p_client_list if we are the
GO or remove the persistent group if we are the P2P client since it
looks like that the peer has dropped persistent group credentials and
the provisioning step needs to be executed again.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add support for VHT capability overrides to allow testing connections
with a subset of the VHT capabilities that are actually supported by
the device. The only thing that isn't currently supported (by mac80211
and this code) is the RX/TX highest rate field.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Stop sched scan, if running, after any disabling or removing of
a network, and request a new scan if needed.
Signed-hostap: David Spinadel <david.spinadel@intel.com>
Move enabling a network to a separate function. Try to reconnect if not
associated to an AP. Abort scheduled scan in any case of a new scan.
Signed-hostap: David Spinadel <david.spinadel@intel.com>
This patch uses existing scan results for fast connection on REASSOCIATE
and RECONNECT commands.
Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
A TDLS Teardown frame with Reason Code 3 (Deauthenticated because
sending STA is leaving (or has left) IBSS or ESS) shall be transmitted
to all TDLS peer STAs (via the AP or via the direct path) prior to
transmitting a Disassociation frame or a Deauthentication frame to the
AP.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If scan results are available when we perform a SelectNetwork, use
them to make an associate decision. This can save an entire scan
interval-worth of time in situations where something external to
wpa_supplicant (like a connection manager) has just previously
requested a scan before calling SelectNetwork.
Signed-hostap: Paul Stewart <pstew@chromium.org>
When the scan interval is changed the new interval is effective
after the old interval timer fires off one last time. This can cause
an unacceptable long delay when updating the interval.
Change this behaviour to use MIN(left of old interval, new interval)
for the scan interval following the interval change.
Signed-hostap: Pontus Fuchs <pontus.fuchs@gmail.com>
This was used to select between "(auth)" and "(reauth)" in
CTRL-EVENT-CONNECTED events. However, the variable was not cleared
anywhere else apart from the AP deinit case. As such, it did not really
provide correct information and is not really of much use even with
proper clearing added. As such, it is cleaner to just get rid of this
altogether.
Signed-hostap: Jouni Malinen <j@w1.fi>
Add some more functionality for BSS Transition Management:
- advertise support for BSS Transition Management in extended
capabilities element
- add hostapd.conf parameter bss_transition=1 for enabling support
for BSS Transition Management
- add "hostapd_cli disassoc_imminent <STA> <num TBTTs>" for sending
disassociation imminent notifications for testing purposes
- wpa_supplicant: trigger a new scan to find another BSS if the
current AP indicates disassociation imminent (TODO: the old AP needs
to be marked to use lower priority to avoid re-selecting it)
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 1ff733383f added a mechanism to
work around issues due to association events and EAPOL RX events being
getting reordered. However, this applied only for the case where
wpa_supplicant is not in associated state. The same issue can happen in
roaming case with drivers that perform BSS selection internally (or in
firmware). Handle that case similarly by delaying received EAPOL frame
processing if the source address of the EAPOL frame does not match the
current BSSID.
Since wired IEEE 802.1X do not have BSSID, make this additional
workaround conditional on BSSID match having been observed during the
previous association.
This fixes issues where the initial EAPOL frame after reassociation was
either dropped (e.g., due to replay counter not increasing) or replied
to with incorrect destination address (the BSSID of the old AP). This
can result in significantly more robust roaming behavior with drivers
that do not use wpa_supplicant for BSS selection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Requires Linux kernel patch to make the SGI-20 properly disabled. SGI-40
will already work since Linux 3.4 or so.
Signed-hostap: Ben Greear <greearb@candelatech.com>
Signed-off-by: Ben Greear <greearb@candelatech.com>
Both the ctrl_iface and D-Bus interface use similar functionality to
request a new connection. Combine these to a single function to avoid
need to maintain duplicated implementation.
Signed-hostap: Jouni Malinen <j@w1.fi>
wpas_connection_failed() uses the blacklist count to figure out a
suitable time to wait for the next scan. This mechanism did not work
properly in cases where the temporary blacklist gets cleared due to no
other BSSes being available. Address this by maintaining an additional
count of blacklisting values over wpa_blacklist_clear() calls. In
addition, add one more step in the count to timeout mapping to go to 10
second interval if more than four failures are seen.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, PMF (protected management frames, IEEE 802.11w) could be
enabled only with a per-network parameter (ieee80211w). The new global
parameter (pmf) can now be used to change the default behavior to be PMF
enabled (pmf=1) or required (pmf=2) for network blocks that do not
override this with the ieee80211w parameter.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, OKC (opportunistic key caching, a.k.a. proactive key
caching) could be enabled only with a per-network parameter
(proactive_key_caching). The new global parameter (okc) can now be used
to change the default behavior to be OKC enabled (okc=1) for network
blocks that do not override this with the proactive_key_caching
parameter.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This function is now unused after the last couple of commits that
removed the last uses, so remove this to keep code simpler since all
places that disassociate, can use deauthentication instead.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
cfg80211/mac80211 may reject disassociation command if association has
not yet been formed. Use deauthentication in cases where it is possible
that we are associating at the moment the command is issued.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant_{disassociate,deauthenticate}() need to inform the driver
about decision to disconnect even if this happens during the time when
the driver is still trying to complete association. During that time,
wpa_s->bssid is not set, so the code in these functions needs to figure
out the correct BSSID based on that field or wpa_s->pending_bssid. In
addition, it is possible that the BSSID is not even known at
wpa_supplicant at this point in time when using drivers that perform BSS
selection internally. In those cases, the disconnect command needs to be
sent to the driver without the BSSID.
This fixes issues where the driver (or cfg80211 in particular) may be
left in mismatching state with wpa_supplicant when disconnection (e.g.,
due to a ctrl_iface command) happens between connection request and
association event.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This introduces new AKM for SAE and FT-SAE and adds the initial parts
for going through the SAE Authentication frame exchange. The actual SAE
algorithm and new fields in Authentication frames are not yet included
in this commit and will be added separately. This version is able to
complete a dummy authentication with the correct authentication
algorithm and transaction values to allow cfg80211/mac80211 drivers to
be tested (all the missing parts can be handled with
hostapd/wpa_supplicant changes).
Signed-hostap: Jouni Malinen <j@w1.fi>
External programs can use this new parameter to prevent wpa_supplicant
from connecting to a list of BSSIDs and/or SSIDs. The disallowed BSSes
will still be visible in scan results and it is possible to run ANQP
operations with them, but BSS selection for connection will skip any
BSS that matches an entry in the disallowed list.
The new parameter can be set with the control interface SET command
using following syntax:
SET disallow_aps <disallow_list>
disallow_list ::= <ssid_spec> | <bssid_spec> | <disallow_list> | “”
SSID_SPEC ::= ssid <SSID_HEX>
BSSID_SPEC ::= bssid <BSSID_HEX>
For example:
wpa_cli set disallow_list "ssid 74657374 bssid 001122334455 ssid 68656c6c6f"
wpa_cli set disallow_list
(the empty value removes all entries)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If the AP creation failed (missing freq= or driver error) the supplicant
would previously stay in SCANNING state forever. Instead, it should
handle the error a bit better and drop back to DISCONNECTED so clients
know something went wrong.
Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
Since we have a global P2P module, the flag to trigger scan completion
events to it needs to be in similar context. The previous design
maintained this separately for each virtual interface and if P2P module
did not run its scan operation on the virtual interface that completed
the scan, P2P module would not be allowed to restart operations
properly.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows last results to be used even after they have been freed
since the information is copied to the BSS entries anyway and this new
array provides the order in which scan results were processed.
Signed-hostap: Jouni Malinen <j@w1.fi>
This commit adds control interface commands and internal storage of
Wi-Fi Display related configuration. In addition, WFD IE is now added
to various P2P frames, Probe Request/Response, and (Re)Association
Request/Response frames. WFD subelements from peers are stored in the
P2P peer table.
Following control interface commands are now available:
SET wifi_display <0/1>
GET wifi_display
WFD_SUBELEM_SET <subelem> [hexdump of length+body]
WFD_SUBELEM_GET <subelem>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This allows both hostapd and wpa_supplicant to be used to derive and
configure keys for GCMP. This is quite similar to CCMP key
configuration, but a different cipher suite and somewhat different rules
are used in cipher selection. It should be noted that GCMP is not
included in default parameters at least for now, so explicit
pairwise/group configuration is needed to enable it. This may change in
the future to allow GCMP to be selected automatically in cases where
CCMP could have been used.
This commit does not included changes to WPS or P2P to allow GCMP to be
used.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new gas_request and gas_response_get commands can be used to request
arbitary GAS queries to be performed. These can be used with ANQP or
with other (including vendor specific) advertisement protocols.
gas_request <BSSID> <AdvProtoID> [Query]
gas_response_get <addr> <dialog token> [offset,length]
For example, ANQP query for Capability list in interactive wpa_cli
session:
> gas_request 02:00:00:00:01:00 00 000102000101
<3>GAS-RESPONSE-INFO addr=02:00:00:00:01:00 dialog_token=0
status_code=0 resp_len=32
> gas_response_get 02:00:00:00:01:00 00
01011c00010102010501070108010c01dddd0c00506f9a110200020304050607
> gas_response_get 02:00:00:00:01:00 00 0,10
01011c00010102010501
> gas_response_get 02:00:00:00:01:00 00 10,10
070108010c01dddd0c00
> gas_response_get 02:00:00:00:01:00 00 20,10
506f9a11020002030405
> gas_response_get 02:00:00:00:01:00 00 30,2
0607
It should be noted that the maximum length of the response buffer is
currently 4096 bytes which allows about 2000 bytes of the response data
to be fetched with a single gas_response_get command. If the response is
longer, it can be fetched in pieces as shown in the example above.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This makes wpa_supplicant state somewhat cleaner since the information
from previously used connection is not maintained after getting
disconnected.
Signed-hostap: Jouni Malinen <j@w1.fi>
If 4-way handshake fails due to likely PSK failure or if EAP
authentication fails, disable the network block temporarily. Use longer
duration if multiple consecutive failures are seen.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 99fcd40409 added a call to update
search delay after failed authentication attempt. This change was
supposed to be only in p2p_supplicant.c for the successful case. The
extra call does not really do anything, but it's good to remove it to
avoid any confusion in the future.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, all station mode scan operations were either skipped or
delayed while any P2P operation was in progress. To make concurrent
operations easier to use, reduce this limitation by allowing a scan
operation to be completed in the middle of a p2p_find. In addition,
allow station mode association to be completed. When the station mode
operation is run to its completion (scan results not acted on,
connection to an AP completed, connection failed), resume the p2p_find
operation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If bgscan is enabled, then bgscan is initiated after the connection,
with no bss scan result information. Since a scan was performed prior to
the connection, the information exists and can be used to initialize the
bgscan's cache.
Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
If key_mgmt was set to allow both WPA and non-WPA IEEE 802.1X (i.e., to
IEEE8021X WPA-EAP), non-WPA IEEE 802.1X was rejected while preparing
association parameters. Allow this special case to be handled by
selecting non-WPA case if the scan results for the AP do not include
either WPA or RSN elements.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows wpa_supplicant configuration file to be created without
the PSK/passphrase value included in the file when a backend for
external password storage is available.
Following example can be used for developer testing:
ext_password_backend=test:psk1=12345678
network={
ssid="test-psk"
key_mgmt=WPA-PSK
psk=ext:psk1
}
Signed-hostap: Jouni Malinen <j@w1.fi>
This new mechanism can be used to make wpa_supplicant using external
storage (e.g., key store in the operating system) for passwords,
passphrases, and PSKs. This commit is only adding the framework part
needed to support this, i.e., no actual configuration parameter can
yet use this new mechanism. In addition, only a simple test backend
is added to allow developer testing of the functionality.
Signed-hostap: Jouni Malinen <j@w1.fi>
Instead of rejecting network blocks without PSK/passphrase at the time
the configuration file is read, allow such configuration to be loaded
and only behave as if the network block with missing PSK/passphrase is
disabled.
Signed-hostap: Jouni Malinen <j@w1.fi>
Use wpa_supplicant_set_state() to initialize state to DISCONNECT so that
autoscan gets initialized properly. This needs a change in
autoscan_init() to avoid extra scan request that would postpone the
first scan request when an interface is added.
Signed-hostap: Jouni Malinen <j@w1.fi>
Like bgscan, autoscan is an optional module based feature to automate
scanning but while disconnected or inactive.
Instead of requesting directly a scan, it only sets the scan_interval
and the sched_scan_interval. So, if the driver supports sched_scan,
autoscan will be able to tweak its interval. Otherwise, the tweaked
scan_interval will be used. If scan parameters needs to be tweaked, an
autoscan_params pointer in wpa_s will provide those. So req_scan /
req_sched_scan will not set the scan parameters as they usually do, but
instead will use this pointer.
Modules will not have to request a scan directly, like bgscan does.
Instead, it will need to return the interval it wants after each
notification.
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Some of the authentication/association failure paths left wpa_state to
its previous value. This can result in unexpected behavior when
wpa_supplicant tries to find an AP to connect to since the uncleared
state can result the in the selected BSS being ignored if it is same as
the previously used BSS. This could happen, e.g., when wpa_supplicant
SME was used and the AP rejected authentication. Fix this by explicitly
setting state to DISCONNECTED on auth/assoc failures that did not yet do
this.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
Add an additional parameter to prioritize either sta or p2p connection
to resolve conflicts arising during single channel concurrency.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period
information to the (Re)Association Response frame from the AP and parse
this information on the station. For SME-in-wpa_supplicant case, add a
timer to handle periodic transmission of the keep-alive frame. The
actual request for the driver to transmit a frame is not yet
implemented.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, wpa_supplicant did not specify BSSID to any connection
request if the driver indicated that it will take care of BSS selection.
This is fine for most use cases, but can result to issues if the network
block has an explicit bssid parameter to select which BSS is to be used.
Fix this by setting BSSID and channel when the network block includes the
bssid parameter even if the driver indicates support for BSS selection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
The nl80211 driver interface does not allow 128-bit WEP to be used
without a vendor specific cipher suite and no such suite is defined for
this purpose. Do not accept WEP key length 16 for nl80211 driver
interface forn ow. wext-interface can still try to use these for
backwards compatibility.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The P2P implementation assumes that the first wpa_s interface instance
is used to manage P2P operations and the P2P module maintains a pointer
to this interface in msg_ctx. This can result in issues (e.g., use of
freed memory) when the management interface is removed. Fix this by
deinitializing global P2P data if the interface that created it is
removed. This will disable P2P until the next interface is added.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
Do not try to associate with a network that has an invalid or incomplete
configuration because the association or at least data connection would
fail anyway. This commits adds a common function for checking whether a
network block is disabled to make it easier to check network blocks
without having to reject them during configuration file parsing (which
would prevent wpa_supplicant from starting). The only additional check
added in this commit is to verify the WEP key length. Similar checks for
other parameters can be added in future commits.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add support for HT STA to report 40 MHz intolerance to the associated AP.
A HT station generates a report (20/40 BSS coexistence) of channel list
if it finds a non-HT capable AP or a HT AP which prohibits 40 MHz
transmission (i.e., 40 MHz intolerant bit is set in HT capabilities IE)
from the scan results.
Parse the OBSS scan parameter from Beacon or Probe Response frames and
schedule periodic scan to generate 20/40 coexistence channel report if
requested to do so. This patch decodes Scan Interval alone from the OBSS
Scan Parameters element and triggers scan on timeout.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 7de5688d68 started using
wpa_supplicant_ctrl_iface_ctrl_rsp_handle() from the D-Bus code, but
left this function in ctrl_iface.c that is included conditionally. Fix
this by moving the common function into wpa_supplicant.c so that it can
be included for builds that include only either ctrl_iface or D-Bus.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
Enable control of wpa_s->scan_interval via D-Bus. This parameter
controls the delay between successive scans for a suitable AP.
Also, update dbus.doxygen with ScanInterval, and some other
parameters that were undocumented.
Signed-hostap: Mukesh Agrawal <quiche@chromium.org>
Add the option (-T) to wpa_supplicant to log all debug messages into the
kernel tracing, allowing to aggregate kernel debugging with
wpa_supplicant debugging and recording all with trace-cmd.
Since tracing has relatively low overhead and can be filtered
afterwards, record all messages regardless of log level. However, it
will honor the -K option and not record key material by default.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
A network block specific background scan period can now be configured
for drivers that implement internal background scan mechanism for
roaming and BSS selection.
Signed-hostap: Bala Shanmugam <bkamatch@qca.qualcomm.com>
If multiple station mode radios are bridged together on the same device,
it is possible for wpa_supplicant to receive EAPOL frames from the
bridge interface and then process them separately for each interface.
This can results in problems since multiple instances of supplicant side
could end up trying to process a single 4-way handshake. Avoid this
problem by filtering bridge interface EAPOL RX based on the desctination
MAC address. It should be noted that this works only when unicast
addresses are used (e.g., with WLAN) and not with the IEEE 802.1X EAPOL
group address (e.g., most wired networks).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 6bf731e8ce broke handling of
EVENT_CHANNEL_LIST_CHANGED by introducing a cached copy of the driver
channel list that does not get updated even if driver changes its list.
Fix this by synchronizing the cacched wpa_s->hw.modes information
whenever EVENT_CHANNEL_LIST_CHANGED is processed. This fixes P2P channel
list updates based on regulatory domain hints that may trigger driver to
change its supported channel list.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
When wpa_supplicant disconnects, e.g., due to authentication timeout,
we need to go through the EVENT_DISASSOC/DEAUTH processing similarly
to the driver triggered cases to get correct events delivered to the
ctrl_iface. Fix this by calling wpa_supplicant_event() in these cases
and by filtering out the confusing CTRL-EVENT-DISCONNECTED event with
all zeros BSSID.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
New global configuration parameters pcsc_reader and pcsc_pin can now be
used to initialize PC/SC reader context at start of wpa_supplicant.
Signed-hostap: Jouni Malinen <j@w1.fi>
A list of disallowed frequencies for P2P channel list can now be
configured with P2P_SET disallow_freq. The frequencies (or frequency
pairs) are comma separated. For example:
wpa_cli p2p_set disallow_freq 2462,5000-6000
The allowed P2P channel list is constructed by removing explicitly
disallowed channels from the channel list received from the driver.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This was previously fixed for most cases in commit
ffad885837, but the check here for
drivers that implement SME/MLME was missed in that commit.
This removes the P2P IE from (Re)Association Request frame with
drivers that do not use wpa_supplicant SME implementation and are
P2P cabable when associating with a non-P2P AP (i.e., not a GO or
P2P WLAN manager AP).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
wpa_supplicant can now be configured to filter out scan results based
on a BSSID filter. Space-separated set of allowed BSSIDs can be set
with wpa_cli set bssid_filter command. Filtering mechanism can be
disabled by setting this variable to an empty list. When set, only
the BSSes that have a matching entry in this list will be accepted
from scan results.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Simplify licensing terms for hostap.git by selecting the BSD license
alternative for any future distribution. This drops the GPL v2
alternative from distribution terms and from contribution requirements.
The BSD license alternative that has been used in hostap.git (the one
with advertisement clause removed) is compatible with GPL and as such
the software in hostap.git can still be used with GPL projects. In
addition, any new contribution to hostap.git is expected to be licensed
under the BSD terms that allow the changes to be merged into older
hostap repositories that still include the GPL v2 alternative.
Signed-hostap: Jouni Malinen <j@w1.fi>
Driver global init was considered a hard failure. Thus if, for example,
you used the Broadcom STA driver and didn't have nl80211 or cfg80211
loaded into the kernel, and specified a driver value of "nl80211,wext",
the nl80211 driver's global init would fail with the following message:
nl80211: 'nl80211' generic netlink not found
Failed to initialize driver 'nl80211'
but since global init was a hard failure, creating the supplicant
interface would fail and the WEXT driver would not be tried.
Give other drivers a chance instead.
Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
When looking for PMKSA cache entries to use with a new association, only
accept entries created with the same network block that was used to
create the cache entry.
Signed-hostap: Jouni Malinen <j@w1.fi>
The disconnection command results in disassociation and deauthentication
events which were previously processed during the scan in case of
select_network command being used while associated with another network.
While this works in most cases, it can result in confusing event
messages in ctrl_iface and debug log. Avoid this by using a short delay
between the disconnection and scan request to allow the disconnection
events to be processed prior to starting the new scan.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
This allows HT capabilities overrides on kernels that
support these features.
MCS Rates can be disabled to force to slower speeds when using HT.
Rates cannot be forced higher.
HT can be disabled, forcing an 802.11a/b/g/n station to act like
an 802.11a/b/g station.
HT40 can be disabled.
MAX A-MSDU can be disabled.
A-MPDU Factor and A-MPDU Density can be modified.
Please note that these are suggestions to the kernel. Only mac80211
drivers will work at all. The A-MPDU Factor can only be decreased and
the A-MPDU Density can only be increased currently.
Signed-hostap: Ben Greear <greearb@candelatech.com>
Now that CTRL-EVENT-TERMINATING even is sent at the end of interface
removal in case wpa_supplicant process is going to terminate, there
is no need for this duplicated event in the signal handler.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows TERMINATING ctrl_iface event to be sent at the end of the
deinit sequence to avoid race conditions with new operations that this
event may trigger while wpa_supplicant would still be running through
the deinitialization path.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This avoids issues with some external program starting to use the
interface based on the interface removal event before wpa_supplicant
has completed deinitialization of the driver interface.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This will be needed to be able to move ctrl_iface TERMINATING event to
the end of interface removal.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
For drivers limited to scan a single SSID at a time, this prevents
waiting too long for a wildcard scan in case there are several
scan_ssid networks in the configuration.
Signed-hostap: Eyal Shapira <eyal@wizery.com>
When the "bssid=" option is set for an IBSS network and ap_scan = 2,
ask the driver to fix this BSSID, if possible.
Previously, any "bssid=" option were ignored in IBSS mode when ap_scan=2.
Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
The authentication timeout could be triggered after the connection has
already been known to have failed. The event at that point can be
confusing, so better cancel the timeout when processing connection
failure.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows the MAC address of the interface to be changed when the
interface is set down even if the interface does not get completed
removed and re-added.
Signed-hostap: Jouni Malinen <j@w1.fi>
I have a test case where I remove and insert another network adapter
between two connections to AP. The interface get the same interface name
but switches macadresses between the connections. When running WPA2 I
got a failure in EAPOL negotiation and found out that the reason for
this was that the supplicant did not update the MAC address in the
correct place.
This cleans up the source code and makes it less likely that new AKM
addition misses some needed changes in the future.
Signed-hostap: Jouni Malinen <j@w1.fi>
Use a driver_ndis.c specific initialization function to fill in the
wpa_driver_ops information to make it easier to modify struct
wpa_driver_ops in the future. Being able to build driver_ndis.c
with MSVC was the only reason for having to maintain the same order
of function pointers in struct wpa_driver_ops and for having to
update driver_ndis.c for all changes in that structure.
Signed-hostap: Jouni Malinen <j@w1.fi>