External programs can use this new parameter to prevent wpa_supplicant
from connecting to a list of BSSIDs and/or SSIDs. The disallowed BSSes
will still be visible in scan results and it is possible to run ANQP
operations with them, but BSS selection for connection will skip any
BSS that matches an entry in the disallowed list.
The new parameter can be set with the control interface SET command
using following syntax:
SET disallow_aps <disallow_list>
disallow_list ::= <ssid_spec> | <bssid_spec> | <disallow_list> | “”
SSID_SPEC ::= ssid <SSID_HEX>
BSSID_SPEC ::= bssid <BSSID_HEX>
For example:
wpa_cli set disallow_list "ssid 74657374 bssid 001122334455 ssid 68656c6c6f"
wpa_cli set disallow_list
(the empty value removes all entries)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If two P2P_FIND commands and a station mode SCAN command are issued in a
sequence with the second P2P_FIND and SCAN commands started before the
initial scan from the first P2P_FIND command has completed,
sta_scan_pending may be left set without an automatic way of getting it
cleared. This can get P2P search stuck if no further station mode scan
operations are run.
Fix this by clearing the sta_scan_pending flag whenever station mode scans
are stopped due to no enabled networks resulting in INACTIVE mode getting
entered. In addition, avoid setting sta_scan_pending flag when a special
scan_res_handler is set so that this does not get enabled on the P2P
Device interface during a P2P search operation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If a connection operation is started on an interface based on scan
results, other virtual interfaces should not be information about the
results to avoid potential concurrent operations during the association
steps. Since the sibling notification of scan results received was added
as an optimization, skipping it for this type of cases is the simplest
way of avoiding unnecessary concurrent operations.
Signed-hostap: Jouni Malinen <j@w1.fi>
This makes sure that the interrupted station mode scan can be completed
after the P2P operations have had their chance of using the radio.
Signed-hostap: Jouni Malinen <j@w1.fi>
Since we have a global P2P module, the flag to trigger scan completion
events to it needs to be in similar context. The previous design
maintained this separately for each virtual interface and if P2P module
did not run its scan operation on the virtual interface that completed
the scan, P2P module would not be allowed to restart operations
properly.
Signed-hostap: Jouni Malinen <j@w1.fi>
If the scan results from before ANQP fetch are fresh (less than five
seconds old), do not run a new scan when selecting the BSS after having
used Interworking network selection.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows the BSS selection functions to be called without having the
scan result data structure. This can be used to skip extra scans in
cases where previous results can be considered fresh.
Signed-hostap: Jouni Malinen <j@w1.fi>
The same information is available in the BSS table, so we can reduce the
need for using the raw scan results in wpa_supplicant_need_to_roam().
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 0d30cc240f forced
wpa_s->current_ssid to be cleared in wpa_supplicant_mark_disassoc()
which gets called from wpa_supplicant_event_disassoc(). This broke SME
disassoc-while-authenticating workaround for cfg80211. Fix this by
restoring wpa_s->current_ssid in case SME authentication is in progress.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 0d30cc240f forced
wpa_s->current_ssid and wpa_s->key_mgmt to be cleared in
wpa_supplicant_mark_disassoc() which gets called from
wpa_supplicant_event_disassoc(). This broke IEEE 802.1X authentication
failure processing and P2P deauthentication notification (group
termination).
Fix this by splitting wpa_supplicant_event_disassoc() into two parts and
make wpas_p2p_deauth_notif() indicate whether the interface was removed.
If so, the last part of disassocition event processing is skipped. Since
the wpa_supplicant_mark_disassoc() call is in the second part, the above
mentioned issues are resolved. In addition, this cleans up the P2P group
interface removal case by not trying to use fast reconnection mechanism
just before the interface gets removed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The variables used within the #ifndef block here needs to be defined in
the beginning of the function to avoid issues with some compilers.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
auto_interworking=1 configuration parameter can be used to request
wpa_supplicant to use Interworking network selection automatically as a
part of the normal (non-Interworking) network selection if the scan
results do not match with enabled networks. This makes scanning work
similarly to the "interworking_select auto" command.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Maintain state of WPS APs during iteration to find the correct AP for
WPS PIN operation when no specific BSSID is specified. This information
can be used for optimizing the order in which the APs are tried. This
commit is only adding the collection of the information and more
detailed debug information to make debug logs more helpful in figuring
out how the AP selection order could be improved.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This makes wpa_supplicant state somewhat cleaner since the information
from previously used connection is not maintained after getting
disconnected.
Signed-hostap: Jouni Malinen <j@w1.fi>
If 4-way handshake fails due to likely PSK failure or if EAP
authentication fails, disable the network block temporarily. Use longer
duration if multiple consecutive failures are seen.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, all station mode scan operations were either skipped or
delayed while any P2P operation was in progress. To make concurrent
operations easier to use, reduce this limitation by allowing a scan
operation to be completed in the middle of a p2p_find. In addition,
allow station mode association to be completed. When the station mode
operation is run to its completion (scan results not acted on,
connection to an AP completed, connection failed), resume the p2p_find
operation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If key_mgmt was set to allow both WPA and non-WPA IEEE 802.1X (i.e., to
IEEE8021X WPA-EAP), non-WPA IEEE 802.1X was rejected while preparing
association parameters. Allow this special case to be handled by
selecting non-WPA case if the scan results for the AP do not include
either WPA or RSN elements.
Signed-hostap: Jouni Malinen <j@w1.fi>
The os_memcmp of bssid and wpa_s->bssid cannot return 0 in this
code path since identical os_memcmp was already done above.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is the normal flow for association:
wpa_supplicant <--(EVENT_ASSOC event )-- device driver
wpa_supplicant --( get_bssid() )--> device driver
wpa_supplicant <--( return BSSID )-- device driver
However, a device driver could return EINVAL for get_bssid() because it
recognizes it has already been disconnected. When the wpa_supplicant
received EINVAL, the bssid field could be used uninitialized in the
following flow:
wpa_supplicant <--(EVENT_ASSOC event )-- device driver
device driver (receive deauth)
wpa_supplicant --( get_bssid() )--> device driver
wpa_supplicant <--( return EINVAL )-- device driver
Prevent this by requiring the get_bssid() call to succeed when
processing association events.
When a special scan_res_handler is used the scan parameters may not have
been suitable for other purposes (e.g., during a p2p_find operation). As
such, do not indicate such scan results to other virtual interfaces
using the same radio.
Signed-hostap: Jouni Malinen <j@w1.fi>
In the properties changed signal, added a new property
"DisconnectReason", which carries the IEEE 802.11 reason code of the
most recent disassociation or deauthentication event. The reason code is
negative if it is locally generated. The property is sent to the DBUS
immediately so as to prevent it from being coalesced with other
disconnect events.
Signed-off-by: Gary Morain <gmorain@chromium.org>
Like bgscan, autoscan is an optional module based feature to automate
scanning but while disconnected or inactive.
Instead of requesting directly a scan, it only sets the scan_interval
and the sched_scan_interval. So, if the driver supports sched_scan,
autoscan will be able to tweak its interval. Otherwise, the tweaked
scan_interval will be used. If scan parameters needs to be tweaked, an
autoscan_params pointer in wpa_s will provide those. So req_scan /
req_sched_scan will not set the scan parameters as they usually do, but
instead will use this pointer.
Modules will not have to request a scan directly, like bgscan does.
Instead, it will need to return the interval it wants after each
notification.
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Some drivers may independently decide to switch channels. Handle this by
updating the hostapd and wpa_supplicant AP and GO configuration.
Signed-hostap: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
This avoids issues with some APs rejecting a reassociation if the
station is not currently associated as reported by Yossi Wortzel.
The change is based on a patch from Arik Nemtsov.
Signed-hostap: Jouni Malinen <j@w1.fi>
Use an empty IPv4 packet as the keep-alive packet for WNM BSS max idle
period mechanism. This is not really the best possible frame to use for
this, but for now, it can do until a more suitable frame is figured out
for this (e.g., special LLC header to indicate link test purposes).
Signed-hostap: Jouni Malinen <j@w1.fi>
If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period
information to the (Re)Association Response frame from the AP and parse
this information on the station. For SME-in-wpa_supplicant case, add a
timer to handle periodic transmission of the keep-alive frame. The
actual request for the driver to transmit a frame is not yet
implemented.
Signed-hostap: Jouni Malinen <j@w1.fi>
The nl80211 driver interface does not allow 128-bit WEP to be used
without a vendor specific cipher suite and no such suite is defined for
this purpose. Do not accept WEP key length 16 for nl80211 driver
interface forn ow. wext-interface can still try to use these for
backwards compatibility.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Previusly the peer was assumed to not be operating a GO if the BSS entry
for it was not updated in the single scan run started by
p2p_connect-auto. This is not very robust since a scan may miss the peer
if either a Probe Request or Probe Response frame is lost. Improve
robustness by assuming the peer is still operating the GO and starting
the join operation. If the GO is not found during PD-for-join or the
single-channel scans during the join, fall back to GO Negotiation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Do not try to associate with a network that has an invalid or incomplete
configuration because the association or at least data connection would
fail anyway. This commits adds a common function for checking whether a
network block is disabled to make it easier to check network blocks
without having to reject them during configuration file parsing (which
would prevent wpa_supplicant from starting). The only additional check
added in this commit is to verify the WEP key length. Similar checks for
other parameters can be added in future commits.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Both EAP-AKA and EAP-AKA' use USIM. Without this change, use of real
USIM card for EAP-AKA' was not allowed to proceed, i.e., only the
software simulated USIM operations were supported.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
Add support for HT STA to report 40 MHz intolerance to the associated AP.
A HT station generates a report (20/40 BSS coexistence) of channel list
if it finds a non-HT capable AP or a HT AP which prohibits 40 MHz
transmission (i.e., 40 MHz intolerant bit is set in HT capabilities IE)
from the scan results.
Parse the OBSS scan parameter from Beacon or Probe Response frames and
schedule periodic scan to generate 20/40 coexistence channel report if
requested to do so. This patch decodes Scan Interval alone from the OBSS
Scan Parameters element and triggers scan on timeout.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Make wpa_supplicant_event() more consistent by not checking
data in either location handling EVENT_RX_MGMT events. This event
is required to specify the data so this pointer cannot be NULL.
Signed-hostap: Jouni Malinen <j@w1.fi>
The GO can indicate that the P2P Group session is ending by sending a
Deauthentication frame with reason code 3 (Deauthenticated because
sending STA is leaving) based on P2P specification section 3.2.9. Use
this reason code to remove the P2P client group without waiting for the
group idle timeout.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 2d43d37ff2 broke EVENT_RX_MGMT
processing in wpa_supplicant AP mode. ap_mgmt_rx() needs to be called
for Probe Request frames even if they get notified through the new
D-Bus signal mechanism.
Signed-hostap: Jouni Malinen <j@w1.fi>
Some applications require knowing about probe requests to identify
devices. This can be the case in AP mode to see the devices before they
connect, or even in P2P mode when operating as a P2P device to identify
non-P2P peers (P2P peers are identified via PeerFound signals).
As there are typically a lot of probe requests, require that an
interested application subscribes to this signal so the bus isn't always
flooded with these notifications. The notifications in DBus are then
unicast only to that application.
A small test script is also included.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The signal strength is currently never used as the only driver reporting
it is nl80211 which uses IEEE80211_RADIOTAP_DB_ANTSIGNAL which is never
populated by the kernel. The kernel will (soon) populate
IEEE80211_RADIOTAP_DBM_ANTSIGNAL instead though, so use that.
Also, since it was never really populated, we can redefine the signal
field to be in dBm units only.
My next patch will also require knowing the signal strength of probe
requests throughout the code (where available), so add it to the
necessary APIs.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Commit 6bf731e8ce broke handling of
EVENT_CHANNEL_LIST_CHANGED by introducing a cached copy of the driver
channel list that does not get updated even if driver changes its list.
Fix this by synchronizing the cacched wpa_s->hw.modes information
whenever EVENT_CHANNEL_LIST_CHANGED is processed. This fixes P2P channel
list updates based on regulatory domain hints that may trigger driver to
change its supported channel list.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
When wpa_supplicant disconnects, e.g., due to authentication timeout,
we need to go through the EVENT_DISASSOC/DEAUTH processing similarly
to the driver triggered cases to get correct events delivered to the
ctrl_iface. Fix this by calling wpa_supplicant_event() in these cases
and by filtering out the confusing CTRL-EVENT-DISCONNECTED event with
all zeros BSSID.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
New global configuration parameters pcsc_reader and pcsc_pin can now be
used to initialize PC/SC reader context at start of wpa_supplicant.
Signed-hostap: Jouni Malinen <j@w1.fi>
This can be used to disable wpa_supplicant controlled roaming. It should
be noted that the WPA_DRIVER_FLAGS_BSS_SELECTION capability is the
preferred way for this and CONFIG_NO_ROAMING should be obsoleted once
drivers support the new NL80211_ATTR_ROAM_SUPPORT capability
advertisement.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This makes WPA_INTERFACE_DISABLED more consistent in indicating that
wpa_supplicant cannot currently control the interface regardless of
whether the interface is disabled or completely removed.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
This fixes a build regression from commit
cd2f4ddfb9 by moving
wpa_supplicant_assoc_update_ie() outside the no-scan-processing ifdef
block.
Signed-hostap: Jouni Malinen <j@w1.fi>
Even though we may not update P2P peer entry while connected to the
peer as a P2P client, we should not be expiring a P2P peer entry while
that peer is the GO in a group where we are connected as a P2P client.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When a P2P group is removed, we better not leave possibly started
sched_scan running. This could happen when a separate group interface
was not used.
In addition, it looks safer to explicitly stop sched_scan before
starting P2P Listen or Find operations to make sure the offloaded
scanning is not running when doing similar P2P operations.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This patch fixes an issue with roaming for drivers that set
WPA_DRIVER_FLAGS_BSS_SELECTION (currently ath6kl). On moving to an AP
with a different BSSID, an EVENT_ASSOC is received and the subsequent
4-way handshake may fail because of a mismatch between the RSN IE in
message 3/4 and in Beacon/Probe Response. This happens only when the APs
use different RSN IE contents and ap_scan is set to 1, since
wpa_supplicant fails to update its cached IEs.
Initial association may fail, too, in case of multiple APs with
the same SSID, since BSSID selection is done by the driver and again
a mismatch could be seen.
Fix these two issues by clearing and updating the cached IEs on
receiving an Association event from the driver. Also, retrieve the
scan results when the new BSS information is not present locally.
Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
The deauthentication and disassociation events from nl80211 were being
processed identically regardless of whether the frame was generated by
the local STA or the AP. This resulted in fast reconnection mechanism
getting triggered even in the case where the disconnection was detected
locally (e.g., due to beacon loss) while this was supposed to happen
only in the case where the AP is sending an explicit Deauthentication
or Disassociation frame with a specific reason code.
Fix this by adding a new deauth/disassoc event variable to indicate
whether the event was generated locally.
Signed-hostap: Jouni Malinen <j@w1.fi>