The local network profile may not have matching SSID (it could be either
the wildcard 0-length SSID or visible SSID in case of OWE transition
mode), so check whether an exact match with a BSS entry can be made
using the current SSID information from the driver (i.e., the SSID of
the current association) when picking the BSS entry to use as the
current one for an association.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use the Same SSID and Colocated AP bits as an alternative way of finding
a match on the current SSID.
Signed-off-by: Ben Greear <greearb@candelatech.com>
The Reduced Neighbor Report element can include one or more TBTT
Information fields. Only the first one was parsed previously. Extend
this to use a loop to go through all included TBTT Information fields.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Beacon frames are allowed to optionally include one more more Reduced
Neighbor Report elements. Only the first one was parsed previously.
Extend this to use a loop to go through all included RNR elements.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Leverage the already available control socket cmd "DRIVER_FLAGS2" and
dump the driver capab "flags2" bitmask on triggering the new CLI CMD
"driver_flags2", similar to the already existing CLI CMD "driver_flags".
$ hostapd_cli -i wlan0 driver_flags2
(OR)
$ wpa_cli -i wlan0 driver_flags2
0000000000000020:
BEACON_RATE_HE
Signed-off-by: Gokul Sivakumar <gokulkumar.sivakumar@infineon.com>
gcc 12.1 complains about using pointer after realloc as it could
potentially be moved/freed, causing any uses after UB.
Fix this by doing checks before realloc and use those statuses and
update with new BSS.
Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Prevent loading arbitrary executable code based on config at runtime,
while allowing libraries to be specified at compile time when they are
known in advance.
Add the ability to configure libraries to load at compile time.
* CONFIG_PKCS11_ENGINE_PATH - pkcs11_engine library location.
* CONFIG_PKCS11_MODULE_PATH - pkcs11_module library location.
* CONFIG_OPENSC_ENGINE_PATH - opensc_engine library location.
Add flags with the ability to set each of the libraries to NULL and
prevent loading them at runtime.
* CONFIG_NO_PKCS11_ENGINE_PATH - prevents loading pkcs11_engine
library.
* CONFIG_NO_PKCS11_MODULE_PATH - prevents loading pkcs11_module
library.
* CONFIG_NO_OPENSC_ENGINE_PATH - prevents loading opensc_engine
library.
* CONFIG_NO_LOAD_DYNAMIC_EAP - prevents loading EAP libraries at
runtime.
Signed-off-by: David Ruth <druth@chromium.org>
wpas_dpp_connected() is called from wpa_supplicant_set_state(), i.e.,
from the middle of processing of the post 4-way handshake steps. Sending
a DPP Public Action frame at that point can delay other operations, so
allow those steps to be completed first before sending out the DPP
connection status result.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like mac80211 ROC handling can end up postponing offchannel TX
operation by the previously started and already canceled wait time if
the new NL80211_CMD_FRAME is issued immediately after
NL80211_CMD_FRAME_WAIT_CANCEL. Make this more robust by waiting for the
driver event that indicates completion of the cancel operation (i.e.,
NL80211_CMD_FRAME_WAIT_CANCEL as an event) before issuing
NL80211_CMD_FRAME for another channel. If the driver event is not
received within 10 ms, start the operation anyway to avoid unexpected
behavior if there are drivers that do not end up notifying end of the
wait.
This fixes some issues with authentication initiation for cases where
multiple channels are iterated. This can also significantly speed up
that process.
Signed-off-by: Jouni Malinen <j@w1.fi>
The first event could have theoretically been received with reltime
sec=0, so use the helper function to check whether the reltime value is
actually set so that the usec part is checked as well. This is not going
to have a difference in practice, but it was possible to hit this corner
case with mac80211_hwsim testing (ap_cipher_tkip_countermeasures_sta)
using UML and time travel.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Add support for Authentication negotiated over IEEE Std 802.1X
with key derivation function using SHA-384.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
When channel 140 is configured in mesh, interface fails to come up due
to channel bond (136,140). Since Channel 136 is not HT40+ capable,
validation for HT channel bonding fails when it checks whether first
channel in the bond (channel 136) is HT40+ capable.
In mesh, during channel setup, secondary channel offset for the
configured channel will be selected as +1 if primary channel is capable
of HT40+. In current code, channel 140 is not allowed as HT40+ and hence
secondary channel offset is selected as -1, which makes 136 as secondary
channel. But channel 136 is not HT40+ supported and fails in channel
bonding validation.
Add 140 to HT40+ allowed list as HT40+ is supported for the channel.
Signed-off-by: Ramya Gnanasekar <quic_rgnanase@quicinc.com>
Pointer entry->ssid might be passed to owe_trans_ssid_match() function
as argument 3 with NULL value, and it may be dereferenced there. This
looks like a theoretical case that would not be reached in practice, but
anyway, it is better to check entry->ssid != NULL more consistently.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Since wpa_supplicant version 2.10 the extended capabilities MSCS and SCS
are advertised in the (Re)Association Request frames.
This causes the association request to be rejected by several access
points. Issue was observed with:
- D-Link DIR600
- TP-Link AC1900
- Synology MR2200ac
To avoid this issue the extended capabilities MSCS and SCS shall only be
added if the bss also supports them. While this may not follow the exact
behavior described in IEEE 802.11, this is a reasonable compromise to
avoid interoperability issues since these capabilities cannot be used
with an AP that does not support them anyway.
Note: The Extended Capabilities element is only included in the
Association Request frames if the AP also sent its extended capabilities
(see wpas_populate_assoc_ies()) as a workaround for misbehaving APs.
This workaround exists since version 2.1.
Signed-off-by: Sebastian Priebe <sebastian.priebe@konplan.com>
There is a delay between sending Association Response frame after having
received Association Request frame, due to the fact that between
receiving the request and sending the response the Beacon frame contents
is updated, after analyzing inputs from the STA. There may be several
updates if multiple fields need to change. This can cause issues with
some devices in noisy environments with many BSSs and connected STAs.
Optimize this by updating the beacon only once, even if there are
multiple reasons for updates.
Signed-off-by: Jurijs Soloveckis <jsoloveckis@maxlinear.com>
Drivers will often report regdom changes in the middle of a scan if they
detect during that scan that the regulatory domain has changed. If this
happens and we enter a regdom that supports 6 GHz channels when the
previous one didn't (this often happens in 6 GHz-capable regdoms for
devices after suspend/resume), immediately trigger a 6 GHz-only scan if
we were not able to connect to an AP on a legacy band.
This should significantly improve connection time to 6 GHz AP after
regdom has been reset.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Store 6 GHz capability on channel list update for wpa_supplicant use.
This will be used in the next commit to extend scanning behavior based
on changes to 6 GHz channel availability.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
wpa_supplicant_trigger_scan() previously wouldn't include any of the IEs
generated by wpa_supplicant_extra_ies(). Instruct it to do so in most
cases. This is necessary because MBO STAs are required to include MBO
capabilities in their Probe Request frames.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
After GO negotiation is completed, the P2P Client needs to scan the GO
before connecting. Only SSID was specified for this and the driver still
might need to scan all channels which wastes time. wpa_supplicant can
pass the known BSSID in the scan request in additional P2P cases and
this allows the driver sto stop the scan once the specific BSSID is
found. This helps reduce some time for P2P connection.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Handler function for "Scan" method call of a network device doesn't set
non_coloc_6ghz, therefore wpa_supplicant doesn't scan non-PSC channels
on 6GHz band only if a co-located AP was reported on the channel.
Add NonColoc6GHz and 6GHzOnly flags to the wpas_dbus_handler_scan, so
that dBus scan requests can cover non-PSC channels and scan only 6 GHz
channels.
Signed-off-by: Kaidong Wang <kaidong@chromium.org>
Parse the reconfiguration Multi-Link element and:
- Don't select a BSS for connection if it is part of an MLD
and is going to be removed.
- Don't scan for missing links that are to be removed.
- Don't include removed links in association.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add a control interface to trigger ML probes for testing purposes.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add support for building and sending ML probe requests. During connect,
try to send an ML probe request if we are going to connect to an MLD AP
and the BSS information for some of the links is missing.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Extend 'struct wpa_driver_scan_params' to allow higher layer to indicate
if minimal probe request content should be included by the driver as part
of the scan logic.
Implement this with driver_nl80211, by setting
NL80211_SCAN_FLAG_MIN_PREQ_CONTENT.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Use the wpas_notify_mesh_peer_*() functions for sending the control
interface events in addition to the D-Bus events so that these are all
done consistently.
Signed-off-by: Jouni Malinen <j@w1.fi>
When using mesh we have incoherent
MESH-PEER-CONNECTED/MESH-PEER-DISCONNECTED messages when we restart one
of the devices without disconnecting it first. Sometimes we have the
right behavior, a peer disconnect and then a peer connect, sometimes we
only have a a peer connected without a peer disconnected first, and
sometimes we have nothing at all.
As the plink count seem to be correctly tracked and because we only send
the connected event on plink count increase, lets send the peer
disconnected event on plink count decrease.
Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
When using wpa_supplicant to connect to a mesh network or to create an
AP, the current code doesn't respect all CONFIG_XXX_OVERRIDES network
parameters, just disable_ht in CONFIG_HT_OVERRIDES.
Add support for some of the others modulation related disable flags:
- disable_ht40 with CONFIG_HT_OVERRIDES
- disable_vht with CONFIG_VHT_OVERRIDES
- disable_he with CONFIG_HE_OVERRIDES
Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
This should allow STA to make better choice about which BSS to roam to.
Use estimated throughput as comparison value. Can improve the estimated
throughput calculation to improve this selection criteria if wanted in
the future.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Along with canceling queued scan, abort ongoing scan if any, this
ensures Wi-Fi interface is in usable state after disconnect is issued,
else subsequent scan after disconnect might fail with EBUSY.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
If the current AP advertises disassociation imminent, move it to the
back of the candidate list so we don't select it again while other
candidates are available.
Signed-off-by: Po-Hao Huang <phhuang@realtek.com>
Some kind of race condition seemed to be hit at least in test sequence
"p2p_ext_vendor_elem_invitation pasn_comeback_after_0_sae" where the P2P
invitation response could have been received just after having scheduled
a new p2p-listen radio work, but before that work had been started. In
the case of accepted invitation, this could result in unnecessary extra
delay when that p2p-listen work ended up getting started at the exact
time that the local device was starting GO.
Avoid this race condition by removing the pending p2p-listen radio work
when P2P listen is stopped.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_supplicant underestimates 6 GHz SNR as it assumes 2 GHz default
noise in the estimation.
Use 6 GHz default noise when estimating 6 GHz SNR.
Signed-off-by: Kaidong Wang <kaidong@chromium.org>
It doesn't make sense to disconnect on updates to the
network's scan_freq, and in fact doing so causes some
(timing-/scheduling-dependent) test failures.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
wpa_supplicant postpones expired PMKSA deletion untillassociation is
lost for SAE to avoid forced disconnection. But during this time the
driver may use the expired PMKSA for reassociation with the current
connected AP.
Remove the current PMKSA for SAE from the driver after reauth threshold
is passed when the driver takes care of BSS selection.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Do not reject reauth threshold passed PMKSA indicated in successful
association event since the PMKSA is still valid.
Additionally, remove the reauth threshold passed PMKSA entry from the
driver to prevent using it further in the driver.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add the copied EHT capabilities into the sta_add() call when adding a
TDLS peer.
The mld_link_id value was previously only for AP mode, but it can now be
used for TDLS links as well to indicate the link on which a
single-link-TDLS direct link is negotiated.
Signed-off-by: Jouni Malinen <quic_klokere@quicinc.com>
This is needed to be able to determine which link is used for TDLS setup
when the current association is with an AP MLD.
Signed-off-by: Jouni Malinen <quic_klokere@quicinc.com>
This is needed to allow the driver to know on which operating channel
(as specified by the link that is affiliated with AP MLD for the current
association) is used for transmitting TDLS Discovery Response. This
commit adds the link_id parameter to various functions, but does not
implement the driver interface change itself.
Signed-off-by: Jouni Malinen <quic_klokere@quicinc.com>
Commit 9025def55c ("wpa_supplicant: Add support for pregenerated MAC")
added this capability, but did not update wpa_supplicant.conf to
document it. Add such documentation to match the information in
config_ssid.h.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The ap_mld_addr entry was added without introducing a new mask bit which
does not follow the expected style for adding new information into the
BSS command and might result in unexpected behavior for external
components. Define a new BSS command information mask bit for this AP
MLD address and print the AP MLD address in the BSS info only if the
mask bit is set.
Fixes: db99e7341a ("Add AP MLD address into BSS command output")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Send the actual MFP configuration value to the driver instead of
overriding it with MFP required based on the wpa_supplicant selected BSS
when the driver takes care of BSS selection.
This is needed to allow the driver to know whether it can select an MFP
disabled BSS.
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Per IEEE P802.11be/D4.0, 9.4.2.316 (QoS Characteristics element), enable
support for the following optional QoS Characteristics parameters:
- Maximum MSDU Size
- Service Start Time
- Service Start Time LinkID
- Mean Data Rate
- Delayed Bounded Burst Size
- MSDU Lifetime
- MSDU Delivery Info
- Medium Time
Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
Add support to configure the mandatory QoS Characteristics parameters
per IEEE P802.11be/D4.0, 9.4.2.316 (QoS Characteristics element), in SCS
request:
- Minimum Service Interval
- Maximum Service Interval
- Minimum Data Rate
- Delay Bound
Enable STA SCS traffic descriptor support for EHT connection when the
connected EHT AP advertises SCS traffic descriptor capability in the EHT
Capabilities element.
Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>
Set WFA capability to allow non-EHT SCS Traffic support in association
elements when the AP advertises support for non-EHT SCS Traffic support
via Beacon or Probe Response frame. This capability is upper layer
functionality and as such, does not need a separate driver capability
indication or configuration, but indicate this only if the AP supports
the feature to minimize risk of interoperability issues with a new
information element.
Signed-off-by: Purushottam Kushwaha <quic_pkushwah@quicinc.com>