Commit graph

3387 commits

Author SHA1 Message Date
Jouni Malinen
43a66ecba3 Fix SCAN control interface command error cases
Update the scan parameters in wpa_s only in case the scan command is
going to be executed. In other words, do not change the parameters for
an ongoing scan (the SCAN command is rejected with FAIL-BUSY) or if any
of the parameters is invalid.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-12 01:12:15 +02:00
Jouni Malinen
2961bfa8e1 Remove unused send_eapol() driver op
The send_eapol() callback was used by driver_test.c, but with that
removed, there is no remaining users of the alternative EAPOL frame
transmitting mechanism in wpa_supplicant, i.e., all remaining driver
interfaces use l2_packet instead. Remove the send_eapol() to get rid of
unused code.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-11 15:40:07 +02:00
Jouni Malinen
b68d602dc4 Fix ANQP_GET/HS20_GET_ANQP parsing to skip space after address
The space following the BSSID was not skipped properly if the following
parameter started with the "hs20:" prefix. For other cases, atoi() ended
up ignoring the space, but it is cleaner to skip it anyway for all
cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-11 15:18:11 +02:00
Jouni Malinen
42a697256e P2P: Allow cross connection on the parent interface
Previously, any P2P capable interface was skipped in cross connection
uplink consideration. However, this ends up skipping more or less all
nl80211-based driver cases now since they mark the main interface P2P
capable. Relax this rule to allow the parent interface to be used as the
non-P2P station interface for cross connection purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-10 01:54:27 +02:00
Jouni Malinen
97cfe110dc Clear wpa_s->disconnected on ctrl_iface FLUSH
This is needed to get into more consistent state after the FLUSH
command. DISCONNECT followed by FLUSH could result in
wpa_s->disconnected being left to 1 and this resulted in a test failure,
e.g., when running wpas_ctrl_dup_network followed by
wpas_ctrl_enable_disable_network where the latter was expecting
ENABLE_NETWORK on a disabled network to connect automatically and that
does not happen if wpa_s->disconnected == 1.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-08 16:22:13 +02:00
Jouni Malinen
aaadd72733 Check os_snprintf() result more consistently - more checks
Add more os_snprintf() result validation checks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
1d39977136 Check os_snprintf() result more consistently
While these are using practically large enoungh buffer sizes, it is
better to be more consistent with checking os_snprintf() return value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
1f102d3bb0 Check os_snprintf() result more consistently - manual
This converts os_snprintf() result validation cases to use
os_snprintf_error() for cases that were note covered by spatch and
semantic patches.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
eeab4f2fda Check os_snprintf() result more consistently - automatic 3
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the comparison was 'res > size' instead of
'res >= size - 1'. These changes were done automatically with spatch
using the following semantic patch:

@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@

(
  E1 = os_snprintf(E2, E3, ...);
|
  int E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else if (E6)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = 0;
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else if (E6) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	E1 = os_snprintf(E2, E3, ...);
  }
)
? os_free(E4);
- if (E1 < 0 || (size_t) E1 >= E3 - 1)
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
7bdd8981f7 Check os_snprintf() result more consistently - automatic 2
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the comparison was 'res > size' instead of
'res >= size'. These changes were done automatically with spatch using
the following semantic patch:

@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@

(
  E1 = os_snprintf(E2, E3, ...);
|
  int E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else if (E6)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = 0;
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else if (E6) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	E1 = os_snprintf(E2, E3, ...);
  }
)
? os_free(E4);
- if (E1 < 0 || \( E1 > E3 \| (size_t) E1 > E3 \| E1 > (int) E3 \))
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
d85e1fc8a5 Check os_snprintf() result more consistently - automatic 1
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the exact rule used in os_snprintf_error() was
used. These changes were done automatically with spatch using the
following semantic patch:

@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@

(
  E1 = os_snprintf(E2, E3, ...);
|
  int E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else if (E6)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = 0;
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else if (E6) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	E1 = os_snprintf(E2, E3, ...);
  }
)
? os_free(E4);
- if (E1 < 0 || \( E1 >= E3 \| (size_t) E1 >= E3 \| (unsigned int) E1 >= E3 \| E1 >= (int) E3 \))
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
a80ba67a26 Check os_snprintf() result more consistently - success case
This converts os_snprintf() result validation cases to use
os_snprintf_error() in cases where success condition was used to execute
a step. These changes were done automatically with spatch using the
following semantic patch:

@@
expression E1,E2,E3;
statement S1;
@@

  E1 = os_snprintf(E2, E3, ...);
- if (\( E1 >= 0 \| E1 > 0 \) && \( (size_t) E1 < E3 \| E1 < (int) E3 \| E1 < E3 \))
+ if (!os_snprintf_error(E3, E1))
  S1

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
a9aaacbb50 Check os_snprintf() result more consistently - maximum length
This adds verification of os_snprintf() result against the maximum
buffer length. These changes were done automatically with spatch
using the following semantic patch:

@@
expression E1,E2,E3;
statement S1;
@@

  E1 = os_snprintf(E2, E3, ...);
- if (\( E1 < 0 \| E1 <= 0 \))
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
faebdeaa9e Use os_calloc() instead of os_zalloc()
Automatic changes with spatch using the following semantic patch:

@@
constant C;
type T;
@@

- os_zalloc(C*sizeof(T))
+ os_calloc(C,sizeof(T))

@@
expression E;
type T;
@@

- os_zalloc((E)*sizeof(T))
+ os_calloc(E,sizeof(T))

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
c054190603 Fix DUP_NETWORK debug print on error case
Incorrect network id was printed in debug output if DUP_NETWORK
destination network was not found.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
49328f0756 Remove unnecessary ctrl_iface command check
MESH_GROUP_REMOVE always passes in the cmd pointer, so this cannot
really be NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:06 +02:00
Jouni Malinen
d02dcb28bc Remove unnecessary ctrl_iface cmd check
This pointer cannot be NULL sicne it is called only from this file and
with a valid pointer to the received command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:07:56 +02:00
Jouni Malinen
d84416a2af Interworking: Make bounds checking easier for static analyzers
'num * 5 > end - pos' handles bounds checking a bit more efficiently,
but apparently that is not clear enough for all static analyzers.
Replace with 'num > left / 5' to avoid false reports. (CID 68117)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 19:25:14 +02:00
Jouni Malinen
8105821b39 Replace send_ft_action() driver_op with send_action()
This reduced number of unnecessarily duplicated driver interface
callback functions for sending Action frames by using the more generic
send_action() instead of FT specific send_ft_action().

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 18:13:29 +02:00
Jouni Malinen
bc0ba01d70 WFD: Allow WFD_SUBELEM_SET/GET all to be used with full IE buffer
This extends the previously used WFD_SUBELEM_SET/GET <subelem id> design
to allow special "all" value to be used as an id to indicate that all
WFD subelements are to be set/get. This uses similar interface as was
previously added over D-Bus.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 15:22:33 +02:00
Jouni Malinen
f80936094e WMM-AC: Use DEBUG verbosity for ignoring Action frame messages
There is no point in flooding the log with WARNING or ERROR level
messages if WMM-AC related Action frames are ignored in cases where they
were not expected. In addition, WARNING/ERROR should not really be used
in cases an invalid frame is dropped especially if this is not related
to a security setup since external devices could otherwise generate log
entries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 13:17:57 +02:00
Jouni Malinen
0570a3ea7d HS 2.0: Clarify OSU Provider list length validation
The previous version was somewhat too complex for some static analyzers.
Use local variables for the extracted length fields and explicitly
compare these against the remaining buffer length. (CID 68121)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-05 00:56:05 +02:00
Jouni Malinen
65d9a5e254 ERP: Add wpa_supplicant ERP_FLUSH ctrl_iface command
This can be used to flush all the ERP keys.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:16:29 +02:00
Jouni Malinen
02a8d45ace ERP: Add support for ERP on EAP peer
Derive rRK and rIK on EAP peer if ERP is enabled. The new wpa_supplicant
network configuration parameter erp=1 can now be used to configure the
EAP peer to derive EMSK, rRK, and rIK at the successful completion of an
EAP authentication method. This functionality is not included in the
default build and can be enabled with CONFIG_ERP=y.

If EAP authenticator indicates support for re-authentication protocol,
initiate this with EAP-Initiate/Re-auth and complete protocol when
receiving EAP-Finish/Re-auth.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:16:29 +02:00
Dmitry Shmidt
f34891a3af Return only full network line in list_networks
It makes more sense to truncate at line boundary especially with the new
LAST_ID parameter.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-12-03 22:31:53 +02:00
Vinit Deshpande
90903a77ef List all networks despite message limit of 4096 bytes
This change creates 'LIST_NETWORK LAST_ID=x' form to allow
retrieval of all networks saved in the system. Without this form,
only first few (whatever fills in first 4096 bytes) can be
retrieved.

Signed-off-by: Vinit Deshpande <vinitd@google.com>
2014-12-02 23:47:27 +02:00
Jouni Malinen
44177b69e8 Allow a BSS entry with all-zeros BSSID to expire
wpa_bss_in_use() used to determine that a BSS with BSSID of
00:00:00:00:00:00 is in use in almost every case since either
wpa_s->bssid or wpa_s->pending_bssid was likely to be cleared. This
could result in a corner case of a BSS entry remaining in the BSS table
indefinitely if one was added there with a (likely bogus) address of
00:00:00:00:00:00. Fix this by ignore wpa_s->bssid and
wpa_s->pending_bssid if the BSSID in the BSS table entry is
00:00:00:00:00:00.

In theory, that address is a valid BSSID, but it is unlikely to be used
in any production AP, so the potential expiration of a BSS entry with
that address during a connection attempt would not be a concern
(especially when a new scan would be enough to recover from that).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-02 19:46:58 +02:00
Jouni Malinen
e374522827 Do not start new radio work on scan completion during ext work
Externally triggered scan could result in a new radio work item getting
started even when external radio work was in progress. Delay such start
until the external work is completed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-01 20:17:08 +02:00
Jouni Malinen
4f9a5ea5cc WPS: Fix current_ssid clearing on duplicate network removal
It was possible for the current network profile to be deleted when
merging duplicated WPS credentials. However, this did not clear
wpa_s->current_ssid and it was possible for something else to end up
dereferencing that pointer to now freed memory. This could be hit, e.g.,
with ap_wps_mixed_cred. Fix this by clearing current_ssid also in this
code path similarly to other cases of network block getting removed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 15:53:11 +02:00
Jouni Malinen
e4a35f07d9 mesh: Skip fast-association when using connect_without_scan
The mesh group addition was designed to use wpa_s->connect_without_scan
to skip a scan. That path was skipped if wpa_supplicant_fast_associate()
allowed previous scan results to be used. This could result in undesired
double-initialization attempt for the mesh interface. Avoid this by not
using wpa_supplicant_fast_associate() when wpa_s->connect_without_scan
is set.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 15:53:11 +02:00
Jouni Malinen
608b0ff52a mesh: Check for initialization failures
It is possible that these location ended up getting called before mesh
startup operations had been completed and that could result in
dereferencing NULL pointers. Address those error cases by verifying that
the needed parameters are available before using them.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 15:53:11 +02:00
Jouni Malinen
9a700ff9ef Ignore auth/assoc timeout events in mesh configuration
It was possible for auth/assoc timeout/failure event from the driver to
result in unexpected processing during mesh group setup if that
operation was started before the previously started driver operation to
association/connect had completed. Since those events cannot happen in
mesh cases, ignore them to avoid issues due to this corner case.

For example, monitor_iface_unknown_sta followed by wpas_mesh_secure test
case resulted in failure without this change.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 15:53:11 +02:00
Jouni Malinen
763041b2e8 mesh: Avoid a false maybe-uninitialized compiler warning
An earlier check of the action_field value above the switch statement
already took care of all other possible cases, but that was apparently
too difficult for the compiler to notice. Bring back the default case to
avoid incorrect warnings about the event variable being maybe
uninitialized.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-30 15:53:11 +02:00
Jouni Malinen
c932b43e56 mesh: Add more debug information to MPM Action frame processing
This makes it easier to figure out why a peering message is dropped.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-28 23:02:29 +02:00
Jouni Malinen
fc0ef7c0e7 Add DATA_TEST_FRAME for testing Data frame processing
The new wpa_supplicant control interface command can be used in
automated testing to verify how AP processes Data frames with arbitrary
contents. This is enabled only in builds with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 23:51:46 +02:00
Jouni Malinen
b925506a91 Clear RSN preauth and PMKSA cache state on FLUSH command
There is no need for this state to maintained when the wpa_supplicant
FLUSH ctrl_iface command is used to request flushing of all state.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 19:56:15 +02:00
Jouni Malinen
3882a70841 WMM AC: Fix memory leak on deinit without disassoc event
It was possible for wmm_ac_deinit() not getting called when an interface
was removed in a sequence where disassociation was not reported and
wmm_ac_notify_disassoc() did not get called. This resulted in leaking
whatever memory was allocated for WMM AC parameters. Fix that by calling
wmm_ac_notify_disassoc() from wpa_supplicant_cleanup().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 19:00:02 +02:00
Jouni Malinen
5214f4fafc Clear scan_req to NORMAL_SCAN_REQ for connection attempt
This is needed to fix some sequencies where a real scan in ap_scan=2
case would be issued even when the connection case would expect direct
connection without a scan.

This fixed an issue shown in hwsim test case autoscan_exponential
followed by ibss_open_fixed_bssid.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 17:55:54 +02:00
Jouni Malinen
4e0990dc88 mesh: Send peering close message before leaving mesh
This is needed to allow proper Action frame transmission to work without
having to claim these to be offchannel operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-27 17:12:47 +02:00
Neelansh Mittal
3a7414b6a6 Do not re-open Android control sockets
On Android, the control socket being used may be the socket that is
created when wpa_supplicant is started as a /init.*.rc service. Such a
socket is maintained as a key-value pair in Android's environment.
Closing this control socket would leave wpa_supplicant in a bad state.
When wpa_supplicant re-opens the ctrl_iface socket, it will query the
Android's environment, and will be returned with the same socket
descriptor that has already been closed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-25 17:16:44 +02:00
Masashi Honma
a959a3b69d SAE: Fix Anti-Clogging Token request frame format
This commit inserts Finite Cyclic Group to Anti-Clogging Token request
frame because IEEE Std 802.11-2012, Table 8-29 says "Finite Cyclic Group
is present if Status is zero or 76".

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-25 16:08:53 +02:00
Jouni Malinen
849367afe9 SME: Fix a sign-compare warning
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-25 01:07:16 +02:00
Jouni Malinen
158211b2db WNM: Use country code, if available, to help in channel mapping
The country code from the current AP needs to be used in
ieee80211_chan_to_freq() to support cases where non-global operating
class table is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-24 10:57:38 +02:00
Jouni Malinen
5d017065a0 GAS: Clean up Query Response length validation
Previous version was correct, but apparently too complex for some static
analyzers. (CID 68119)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
355e17eb1b HS 2.0: Clarify OSU Server URI length validation
The previous version was valid, but apparently too complex for some
static analyzers. Use a local variable for uri_len and explicitly
compare it against the remaining buffer length. (CID 68121)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
5c58c0ce86 HS 2.0: More explicit hs20_osu_icon_fetch() length validation
The previous version was fine, but too much for some static analyzers to
understand as proper bounds checking. (CID 68122)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:03:40 +02:00
Jouni Malinen
fecc09edc3 WNM: Use a clearer validation step for key_len_total
The previous one based on pointer arithmetic was apparently too much for
some static analyzers (CID 68130).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 18:04:02 +02:00
Jouni Malinen
43aee94899 Interworking: Clearer ANQP element length validation
The upper bound for the element length was already verified, but that
was not apparently noticed by a static analyzer (CID 68128).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 17:41:13 +02:00
Jouni Malinen
f5f3728a81 WNM: Print debug message if Action frame sending fails
This makes wpa_drv_send_action() return value checking more consistent
(CID 75390).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 16:13:50 +02:00
Andrei Otcheretianski
70d1e72849 wpa_supplicant: Handle link measurement requests
Send link measurement response when a request is received. Advertise
only RCPI, computing it from the RSSI of the request. The TX power field
is left to be filled by the driver. All other fields are not published.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-11-22 21:45:07 +02:00
Assaf Krauss
66d2143435 wpa_cli: Add optional ssid to neighbor report request
Add optional 'ssid' parameter to command "neighbor_rep_request".

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:37:49 +02:00
Assaf Krauss
4c4b230527 wpa_supplicant: Add an option to specify SSID in neighbor report requests
Allow supplying an SSID for the SSID IE. If not supplied, no SSID IE is
sent, and the request implies the current SSID.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:36:42 +02:00
Assaf Krauss
fad14af93a wpa_cli: Add neighbor_rep_request command
Add neighbor_rep_request command to send a Neighbor Report Request
to the associated AP.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:29:41 +02:00
Assaf Krauss
f4b8bfae15 wpa_supplicant: Add NEIGHBOR_REP_REQUEST command to the control interface
Add NEIGHBOR_REP_REQUEST command to the wpa_supplicant ctrl_iface.
This command triggers the sending of a Neighbor Report Request to the
associated AP.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:28:52 +02:00
Assaf Krauss
d89c0701db wpa_supplicant: Add support for Neighbor Report
Add the ability to send a Neighbor Report Request (part of
RRM). Requester is then notified once the report arrives.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:23:14 +02:00
Assaf Krauss
b361d580ec SME: Add RRM support to association request
In case the AP we are associating with advertises support for RRM,
advertise our own RRM support in the (Re)Association Request frame. This
is done by adding an RRM Capabilities IE. The underlying driver is
expected to further add a Power Capabilities IE to the request, and set
the Radio Measurement flag in the Capability Info field. At this point
the RRM Capabilities IE advertises no measurement support.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:13:45 +02:00
Assaf Krauss
f936b73c4f wpa_supplicant: Store driver's RRM capabilities
Store the RRM capability flags reported by the underlying driver.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:07:56 +02:00
Jouni Malinen
75d65857d5 WNM: Use recent scan results on BSS transition request
If the last scans are recent (for now, less than ten seconds old), use
them instead of triggering a new scan when a BSS Transition Management
Request frame is received. As a fallback, allow a new scan to be
triggered if no matches were found.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 20:17:47 +02:00
Jouni Malinen
e1117c1c01 WNM: Optimize BSS transition management scans
When the list of preferred transition candidates is received, use the
identified channels to optimize the following scan so that no time is
wasted on other channels.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 20:17:47 +02:00
Jouni Malinen
d0b9ab69f6 WNM: Move transition candidate list processing to normal scan
This makes it easier to optimize transition request processing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 18:40:03 +02:00
Jouni Malinen
279b5486a6 WNM: Fix TM candidate freeing if multiple requests are processed
The previously cached candidate list needs to be free properly through a
call to wnm_deallocate_memory() to ensure all subelements gets freed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 18:40:03 +02:00
Jouni Malinen
027454d2e9 WNM: Allow BSS transition request in same ESS even if RSSI is worse
This allows an AP to steer us to another BSS within the ESS even if that
results in reduced signal strength as long as the signal strength with
the target BSS is expected to provide some connectivity.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 18:06:37 +02:00
Jouni Malinen
6900b6d96f WNM: Mark wnm_scan_response() static
This function is not used outside wnm_sta.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 18:06:37 +02:00
Jouni Malinen
ff2c5758bb WNM: Order BSS transmission candidate entries based on preference
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 18:06:37 +02:00
Jouni Malinen
093226783d WNM: Simplify how candidate subelements are stored
There is no need to use a separately allocated data structures for this.
A bitfield indicating which information is present and variables within
struct neighbor_report are simpler to use and more efficient.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 18:06:37 +02:00
Jouni Malinen
8c9af762f3 WNM: Calculate valid-until time for transition candidate list
This is of more use than the raw validity interval (number of beacon
intervals) that was recorded previously.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 18:06:27 +02:00
Jouni Malinen
4c381f0d1c WNM: Convert BSSID Info into a u32
This is more convenient to use than u8 array.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 17:03:15 +02:00
Jouni Malinen
8040dc53c2 WNM: Debug print WNM BSS Transition Candidate List
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-22 16:34:34 +02:00
Thomas Pedersen
9e5e03d77e Add examples of new mesh options into wpa_supplicant.conf
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
2014-11-20 16:31:09 +02:00
Johannes Berg
83b9d426e0 WMM AC: Notify driver before sending DelTS
Switch the stop and sending DelTS to avoid sending data packets
for the session after the DelTS, which is otherwise possible.

This also helps the mac80211 implementation as it requires stopping the
traffic flow before sending the DelTS as it may modify the AC parameters
for the affected queue, and that may in turn affect management frames.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-11-16 21:40:57 +02:00
Moshe Benji
8506ea6f17 WMM AC: Add wmm_ac_status control interface command
This wmm_ac_status command will show the current status for WMM AC.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 21:40:51 +02:00
Moshe Benji
df9d340c80 wpa_cli: WMM_AC_ADDTS and WMM_AC_DELTS commands
wmm_ac_addts command will add (or update) a traffic stream and
wmm_ac_delts command will delete an existing traffic stream.

Each of the above commands will call its corresponding
ctrl_iface command.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 21:16:03 +02:00
Moshe Benji
eb2f2088aa ctrl_iface: Add wmm_ac_addts and wmm_ac_delts commands
wmm_ac_addts command will add (or update) a traffic stream and
wmm_ac_delts command will delete an existing traffic stream.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 21:13:42 +02:00
Moshe Benji
d1f880013a WMM AC: Handle TSPEC action frames
Add the TSPEC to the driver on successful TSPEC ADDTS response. Delete
the TSPEC when receiving DELTS action.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 21:07:08 +02:00
Eliad Peller
674f6c073f WMM AC: Add basic ADDTS/DELTS sending functions
Add basic implementation for ADDTS and DELTS sending
functions.

wpas_wmm_ac_addts() will send ADDTS request public action,
containing TSPEC (traffic stream specification) with
the given params.

wpas_wmm_ac_delts() will look for the saved tspec with
the given tid, and send DELTS public action for it.

(Handling of ADDTS response and actually configuring the admission
control params will be added in following patches.)

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 21:03:56 +02:00
Moshe Benji
471cd6e10c WMM AC: Add add_tx_ts and del_tx_ts driver ops
Add add_tx_ts() and del_tx_ts() ops to notify the driver about
TSPEC add / delete.

Additionally, add wmm_ac_supported flag to indicate
whether the driver supports WMM AC.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 20:47:36 +02:00
Moshe Benji
a0413b1734 WMM AC: Parse WMM IE on association
Initialize WMM AC data structures upon successful association
with an AP that publishes WMM support, and deinitialize the data
structure when the association is no longer valid.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-11-16 20:47:34 +02:00
Masashi Honma
e609679984 mesh: Make plink params configurable
This patch makes four MIB variables for plink configurable and sets the
correct default values based on IEEE Std 802.11s-2011.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
0c6099f31b mesh: Check mesh key management method
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
44a1662a50 mesh: Add wpa_cli action script processing for mesh events
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
790709060d mesh: Add scan result for mesh network
Android 4.4 uses "BSS" command instead of "SCAN_RESULT" command.
So this patch add the mesh scan result for BSS command.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
2b2bb5a8b9 mesh: Make BSSBasicRateSet configurable
STAs that have different BSSBasicRateSet cannot connect to each other
as per IEEE 802.11s-2011 9.6.0c1:

"A mesh STA shall not establish a mesh peering with a mesh STA using a
different BSSBasicRateSet."

Make BSSBasicRateSet configurable to improve interoperability with other
stations.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Javier Lopez
603a3f34c4 Add mesh_group_{add,remove} control interface commands
Parse MESH_GROUP_ADD/REMOVE commands on ctrl interface and call
wpa_supplicant routines. These commands are used to start or
join and leave a mesh network.

The mesh id is given in the configuration file, therefore there is
no need to scan before joining a mesh network. We reuse the
connect_without_scan construct used by P2P for that same purpose.

Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Javier Lopez <jlopex@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
798b318223 mesh: Reduce none 11N Self-protected Action frame allocation size
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
9204e73831 mesh: Fix 11N capability in Self-protected Action frame
mesh_ht_mode default value is CHAN_UNDEFINED.
So previous code set 11N capability even though 11N is not used.

Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
edfefaed3c mesh: Set driver capability flags to mesh interface
Signed-off-by: Kenzoh Nishikawa <Kenzoh.Nishikawa@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
eac0231642 mesh: Fix segmentation fault by repeating MESH_GROUP_ADD/REMOVE
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Jason Mobarak
5cfb672dde mesh: Enable mesh HT mode
Add a new option "mesh_ht_mode" that specifies the HT mode for the
mesh, with this option on, mesh beacons, actions frames, and probe
responses with include the appropriate HT information elements.

[original implementation by Chun-Yeow Yeoh <yeohchunyeow@gmail.com>]
[some fixes by Masashi Honma <masashi.honma@gmail.com>]
Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
2014-11-16 19:43:11 +02:00
Chun-Yeow Yeoh
c596f3f083 mesh: Add timer for SAE authentication in RSN mesh
Add timer to do SAE re-authentication with number of tries defined
by MESH_AUTH_RETRY and timeout defined by MESH_AUTH_TIMEOUT.

Ignoring the sending of reply message on "SAE confirm before commit"
to avoid "ping-pong" issues with other mesh nodes. This is obvious when
number of mesh nodes in MBSS reaching 6.

Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-11-16 19:43:11 +02:00
Thomas Pedersen
0f950df029 mesh: Add mesh robust security network
This implementation provides:

- Mesh SAE authentication mechanism
- Key management (set/get PSK)
- Cryptographic key establishment
- Enhanced protection mechanisms for robust management frames

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
2014-11-16 19:43:06 +02:00
Dmitry Shmidt
88cb27c7a5 hostapd: Add wowlan_triggers config param
New kernels in wiphy_suspend() will call cfg80211_leave_all() that will
eventually end up in cfg80211_stop_ap() unless wowlan_triggers were set.
For now, use the parameters from the station mode as-is. It may be
desirable to extend (or constraint) this in the future for specific AP
mode needs.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-11-16 17:09:11 +02:00
Jouni Malinen
087a1f4efd Suite B: PMKID derivation for AKM 00-0F-AC:11
The new AKM uses a different mechanism of deriving the PMKID based on
KCK instead of PMK. hostapd was already doing this after the KCK had
been derived, but wpa_supplicant functionality needs to be moved from
processing of EAPOL-Key frame 1/4 to 3/4 to have the KCK available.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 17:09:11 +02:00
Jouni Malinen
666497c8e6 Suite B: Add AKM 00-0F-AC:11
This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The
functionality itself is not yet complete, i.e., this commit only
includes parts to negotiate the new AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 13:20:51 +02:00
Dmitry Shmidt
d10792199e Add CTRL-EVENT-SCAN-FAILED notification in case of scan failure
This is needed since the SCAN command with radio work returns before the
actual driver operation to trigger a scan has been executed and as such,
cannot return result of that operation.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-11-15 11:03:52 +02:00
Jouni Malinen
ee231fdb2b Remove completed to-do items
While this file has not really been updated in years, some of the
completed items can easily be removed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-01 16:24:36 +02:00
Jouni Malinen
01b32d5e36 Remove references to madwifi from various files
Number of documentation and configuration files had references to the
madwifi driver interface that was removed in the previous commit. Remove
these references as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-01 16:15:53 +02:00
Slava Monich
c66f23491e dbus: Fix memory leak in wpas_dbus_getter_bss_wps
Signed-off-by: Slava Monich <slava.monich@jolla.com>
2014-11-01 15:56:14 +02:00
Martin Kletzander
6721909fb1 wpa_gui: Use dialog window type
This helps window managers treat the window properly. Mostly tiling WMs
are affected by this. All other windows inherit this option from QDialog
already.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
2014-11-01 15:55:49 +02:00
Sunil Dutt
477b082cc4 P2P: Do not consider the p2p_scan results after p2p_stop_find
If p2p_stop_find is issued after the p2p_scan request is triggered to
the host driver, the obtained scan results are also considered to update
the P2P peer entries. This is not always desired behavior, i.e., it can
be clearer if no P2P-DEVICE-FOUND events are generated based of that
final pending scan.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-31 00:50:01 +02:00
Sunil Dutt
e7ce540239 P2P: Delay scan operation only when P2P is not in search state
With the radio work interface in place, station interface SCAN command
was not scheduled (i.e., it got continously delayed with "Delay station
mode scan while P2P operation is in progress") when a p2p_find was
operational. Fix this be delaying station mode scan only when a P2P
operation is in progress, but not in search state.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-31 00:49:14 +02:00
Sunil Dutt
b951a97454 P2P: Set p2p_scan_running based on driver scan request result
With the radio work interface, the actual request to start p2p_scan
operation is scheduled from a radio work and hence the initial return
value cannot provide the real result of the driver operation to trigger
a scan. Introduce a new notification API to indicate the scan trigger
status based on which the p2p_scan_running instance can be set using the
real return value from the driver operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-31 00:05:25 +02:00
Jouni Malinen
3586d55a5d P2P: Do not call wpas_p2p_disconnect_safely() if no match is found
In theory, wpas_p2p_disconnect_safely() could have dereferenced the
wpa_s == NULL argument, but in practice, it won't due to the
calling_wpa_s == wpa_s check and wpas_p2p_disconnect() accepting NULL.
Anyway, it is cleaner to add an explicit check for this. (CID 74492)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-28 01:50:22 +02:00
Jouni Malinen
a7f5271d52 Update pending connect radio work BSS pointer on scan update
It is possible for scan result processing or BSS entry removal to occur
while there is a pending connect or sme-connect radio work with a
previously selected BSS entry. The BSS pointer was previously verified
to be valid, i.e., still point to a BSS entry, at the time the actual
connection operation is started. However, that BSS entry could have
changed to point to another BSS if the old BSS entry was either removed
or reallocated and a new BSS entry was added at the same location in
memory. This could result in the connection attempt failing to configure
parameters properly due to different BSS information (e.g., different
BSSID).

Fix this by updated the pending connect radio work data on BSS entry
updates similarly to how the last_scan_res array was updated. If the
selected BSS entry is removed, this will still result in a failed
connection, but reallocated BSS entry is now followed properly and used
when the connection work starts.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-28 00:43:58 +02:00
Sunil Dutt
7465640066 Invoke connect work done for all the connection failure cases
This commit fixes couple of connection failure paths where
wpas_connect_work_done() was not called, thus enabling the radio work
interface to proceed with the other queued actions.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-27 20:19:35 +02:00
Jouni Malinen
76d81b3272 WPS: Fix ap_scan=2 special association case
Commit 22628eca34 ('Support driver-based
BSS selection in ap_scan=1 mode') ended up disabling the special
ap_scan=2 WPS case where ap_scan=1 like scan followed by association is
used to find the WPS AP using wildcard SSID. Fix this by allowing
association request even with wpas_driver_bss_selection() when searching
for a WPS AP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-27 20:13:39 +02:00
Tomasz Bursztyka
745d62322b dbus: Redirect P2P request to the managment device if present
In case of a P2P management device being present, it will be up to that
interface to handle P2P requests.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-10-27 17:15:09 +02:00
Tomasz Bursztyka
bb3df9a569 notify: Do not raise any signal from a P2P management interface
Such interface is not registered on DBus, thus there is no need to raise
any signal from it.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-10-27 17:15:09 +02:00
Tomasz Bursztyka
21efc940f6 wpa_supplicant: Do not register a P2P management interface on DBus
DBus client should always request the proper netdev interface. This will
be necessary to get a consistent behavior whatever driver is in use:
iwlwifi (which requires a P2P mgmt dev), ath9/10k (which does not),
etc...

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-10-27 17:15:09 +02:00
Tomasz Bursztyka
5aa839c80b wpa_supplicant: Parent interface should know about its dedicated P2P dev
This will be useful to hand-off P2P commands from the parent interface
to its dedicated P2P device if that one is present, in DBus interface.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-10-27 17:15:09 +02:00
Ahmad Masri
d77419d234 P2P: Support GCMP as part of 60 GHz support
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-27 17:15:09 +02:00
Jouni Malinen
bd43e67e59 Avoid unsigned vs. signed comparison warning
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-26 17:01:37 +02:00
Ilan Peer
1170239efa P2P: Save group common frequencies in invitation result
Save the group common frequencies when starting a GO due to
an invitation signaling requesting to re-invoke a persistent GO.

To do so, move the code that handles the translation of p2p_channels to
frequency list into a public function so it can be re-used both when GO
Negotiation is done and invitation signaling is done.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-10-26 01:24:28 +03:00
Ilan Peer
20beb96ff9 P2P: Save group common frequencies
Once a P2P GO interface is configured, save the group common
frequencies, as this can be useful later for channel selection
considerations during channel switch, etc.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-10-26 01:24:13 +03:00
Ilan Peer
0a44358055 wpa_supplicant: Use the 'no_ir' notation
Use the 'no_ir' notation instead of the 'passive scan' and
'no_ibss' notations to match the earlier change in nl80211.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-10-26 01:23:43 +03:00
Jouni Malinen
1f94e4ee3e Add test functionality to simulate driver increased ROC duration
The extra_roc_dur parameter can now be used in CONFIG_TESTING_OPTIONS=y
builds to simulate driver behavior where the ROC duration gets increased
without user space request.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-25 21:46:38 +03:00
Mikael Kanstrup
431dd8bb11 P2P: Use neg_freq when re-establish persistent group as GC
When GC receives invitation response and tries to re-establish
connection to a persistent group channels from passive list should
be allowed. A missing check for operation mode triggered reselection
of operating channel from active channels only to happen and thus fail
the connect attempt.

Add a check for operation mode and if GC instead use negotiated
frequency (i.e. GO operating channel from invitation response).

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2014-10-25 18:52:22 +03:00
Jason Abele
fbca4c893d mesh: Implement mesh scanning
When mesh is configured in, include the wildcard mesh id so that mesh
networks are returned.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Abele <jason.abele@gmail.com>
2014-10-25 17:45:35 +03:00
Jason Abele
d73b3f2ea0 mesh: Use mesh id instead of SSID in BSS table
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Abele <jason.abele@gmail.com>
2014-10-25 17:45:35 +03:00
Thomas Pedersen
07cb45ccb2 mesh: Add no_auto_peer config option
Add no_auto_peer parameter, which controls wheter a station will
automatically initiate peering to another mesh peer that comes into
range.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
2014-10-25 17:45:35 +03:00
Thomas Pedersen
476e6bb68d mesh: Add mesh mode config option
Modify network mode to support mode number 5 when CONFIG_MESH is
enabled.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
2014-10-25 17:45:35 +03:00
Thomas Pedersen
a3335ef518 mesh: Avoid join if already joined a mesh group
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
2014-10-25 17:45:35 +03:00
Bob Copeland
5f92659d88 mesh: Add mesh peering manager
The mesh peering manager establishes and maintains links among
mesh peers, tracking each peer link via a finite state machine.

This implementation supports open mesh peerings.

[assorted fixes from Yu Niiro <yu.niiro@gmail.com>]
[more fixes from Masashi Honma <masashi.honma@gmail.com>]
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-hostap: Bob Copeland <me@bobcopeland.com>
2014-10-25 17:45:31 +03:00
Thomas Pedersen
e45e898970 mesh: Add user_mpm config option
Add user_mpm config parameter, when this is set to 1 (the default) the
peer link management is done on userspace, otherwise the peer management
will be done by the kernel.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
2014-10-25 17:43:24 +03:00
Thomas Pedersen
8319e3120d mesh: Add mesh mode routines
Add routines to (de)initialize mesh interface data structures and
join and leave mesh networks.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
2014-10-25 17:43:20 +03:00
Jason Abele
638d945679 mesh: Show [MESH] flag in scan results
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Abele <jason.abele@gmail.com>
2014-10-25 13:45:05 +03:00
Jason Abele
be6b29f63d Add SAE and FT/SAE into scan results info
These key management options were missing from the previous set of
parsed information in scan results.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Abele <jason.abele@gmail.com>
2014-10-25 13:45:01 +03:00
Eliad Peller
04ee647d58 HT: Let the driver advertise its supported SMPS modes for AP mode
Add smps_modes field, and let the driver fill it with its supported SMPS
modes (static/dynamic). This will let us start an AP with specific SMPS
mode (e.g., dynamic) that will allow it to reduce its power usage.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-10-24 01:25:29 +03:00
Tomasz Bursztyka
eac687ee7d dbus: Do a full P2P find as it is in ctrl_iface.c
So the behavior is consistent whatever interface is in use.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-10-24 00:57:45 +03:00
Chet Lanctot
b41f26845a Add support for offloading key management operations to the driver
This commit introduces a QCA vendor command and event to provide an
option to use extended versions of the nl80211 connect/roam operations
in a way that allows drivers to offload key management operations to the
driver/firmware.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-23 18:38:50 +03:00
Jouni Malinen
7475d299ab P2P: Search all 2.4 GHz social channels regardless of disallow_freq
Commit 1595eb93ae ('P2P: Add support for
60 GHz social channel') had an unintended change to how P2P search scans
2.4 GHz social channels. Use of p2p_supported_freq() to filter the list
of social channels ended up using the disallow_freq setting to remove
social channels from the P2P search scans. This is not desired since
peers need to be found on any of the social channels even if those
channels have been disabled from P2P operating channel use. Restore the
previous behavior by included all the 2.4 GHz social channels in P2P
search scans if the driver indicated support for the 2.4 GHz band.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-22 20:02:48 +03:00
Kyeyoon Park
ec8f36afca AP: Add support for BSS load element (STA Count, Channel Utilization)
The new "bss_load_update_period" parameter can be used to configure
hostapd to advertise its BSS Load element in Beacon and Probe Response
frames. This parameter is in the units of BUs (Beacon Units).

When enabled, the STA Count and the Channel Utilization value will be
updated periodically in the BSS Load element. The AAC is set to 0 sinze
explicit admission control is not supported. Channel Utilization is
calculated based on the channel survey information from the driver and
as such, requires a driver that supports providing that information for
the current operating channel.

Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-10-21 23:25:48 +03:00
Jouni Malinen
c3c4b3ed3b P2P: Support dynamic addition of P2P Device triggering interface
This moves the addition of P2P Device interface into
wpa_supplicant_add_iface() so that this operation can be done
dynamically when adding an interface to an already running
wpa_supplicant process.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-21 17:35:19 +03:00
Jouni Malinen
26fc96e89b P2P: Remove all child interfaces when removing the parent
This is needed to allow dynamic removal of an interface that adds the
P2P Device interface without leaving behind the management interface
with invalid wpa_s->parent pointer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-21 17:35:15 +03:00
Jouni Malinen
5f797376f2 tests: Make RELOG command use global control interface
This allows RELOG to be used even if a wpa_supplicant process does not
have any interfaces configured.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-20 12:52:25 +03:00
Jouni Malinen
4a6cc86272 Add data test functionality
It is now possible to run hwsim_test like data connectivity test through
wpa_supplicant/hostapd control interface if CONFIG_TESTING_OPTIONS=y is
used for the build. Test functionality is enabled/disabled at runtime
with "DATA_TEST_CONFIG <1/0>". The "DATA_TEST_TX <dst> <src> <tos>"
command can be used to request a test frame to be transmitted.
"DATA-TEST-RX <dst> <src>" event is generated when the test frame is
received.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-19 20:51:45 +03:00
Jouni Malinen
2d6ee86f9b HS 2.0R2: Write OSEN key_mgmt value to config file
This was forgotten when the parser for key_mgmt=OSEN was added.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-19 12:58:13 +03:00
Thomas Pedersen
d3fd563f46 Write SAE and FT-SAE key_mgmt to config
This was forgotten when the key_mgmt parser for SAE and FT-SAE was
added.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
2014-10-19 12:58:13 +03:00
Bob Copeland
6c1664f605 nl80211: Add new commands to support mesh interfaces
Create init_mesh, mesh_join, and mesh_leave actions to kernel.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-10-19 12:58:13 +03:00
Bob Copeland
24bd4e0be5 nl80211: Add driver flag to indicate mesh support
Convert the driver flags variable to u64 since there was no room for
more flags.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-10-19 12:58:13 +03:00
Bob Copeland
f7072600be Implement RFC 5297 AES-SIV
Add an implementation of Synthetic Initialization Vector (SIV)
Authenticated Encryption Using the Advanced Encryption Standard (AES).

This mode of AES is used to protect peering frames when using
the authenticated mesh peering exchange.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-10-19 12:43:38 +03:00
Jouni Malinen
f2b3acc9d7 P2P: Fix group interface removal through interface ctrl_iface
It was possible to issue the P2P_GROUP_REMOVE command through the
per-interface control interface. This resulted in freed memory getting
accessed when trying to send the control interface response to the
operation that ended up deleting the group interface. Fix this by
postponing the removal operation until the caller has returned.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-18 16:22:25 +03:00
Jouni Malinen
bc26ac50dd SAE: Add support for PMKSA caching on the station side
This makes wpa_supplicant SME create PMKSA cache entries from SAE
authentication and try to use PMKSA caching if an entry is found for the
AP. If the AP rejects the attempt, fall back to SAE authentication is
used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-18 13:02:02 +03:00
Justin Shen
3f7ac05878 WPS: Extend startWhen to 2 if peer AP supports WPS 2.0
Increase EAPOL startWhen to 2 for the case where the AP/GO has
advertised it supports WPS 2.0. This is done to make it less likely for
the EAPOL-Start frame to be sent out since that is only required for WPS
1.0. Not sending it can remove one unnecessary round trip from the EAP
exchange when the AP is going to start with EAP-Request/Identity
immediately based on the Association Request frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-13 12:24:17 +03:00
Eduardo Abinader
a62941415a P2P: Remove unreachable code in wpas_p2p_stop_find()
Commit 152cff6ba6 ('P2P: Remove
WPA_DRIVER_FLAGS_P2P_MGMT option') removed the only non-zero return from
wpas_p2p_stop_find_oper(), but did not remove the useless return value
or the return check in wpas_p2p_stop_find(). Clean these up by removing
unreachable code and useless return value.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-10-12 18:34:25 +03:00
Jouni Malinen
2d4e9c2eb8 Include ieee802_11_common.c in wpa_supplicant build unconditionally
This is needed for number of items and it was possible to make a build
configuration that did not include ieee802_11_common.c while still
trying to use functions from there. While it would be possible to add
NEED_80211_COMMON=y to all the cases where this file is needed, the
extra complexity from this is not really justifiable anymore, so include
the file unconditionally.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-12 17:03:25 +03:00
Jouni Malinen
3eafc494d8 Fix CONFIG_NO_SCAN_PROCESSING=y build
ht_supported() was used but not defined in such a case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-12 17:02:23 +03:00
Jouni Malinen
cd3153a983 Fix build without IEEE8021X_EAPOL
The MACsec addition placed one of the calls outside the #ifdef
IEEE802X_EAPOL block while the variable needed for this was defined only
within the block.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-12 16:56:23 +03:00
Jouni Malinen
34d45ea0b6 P2P: Add new=0/1 flag to P2P-DEVICE-FOUND events
This information can be used to determine whether the event is generated
for a new peer that was added or due to an update in the information for
an existing peer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-12 16:45:33 +03:00
Jouni Malinen
07e2de3193 wpa_supplicant: Allow OpenSSL cipherlist string to be configured
The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled for TLS-based EAP methods when
OpenSSL is used as the TLS library. This parameter can be used both as a
global parameter to set the default for all network blocks and as a
network block parameter to override the default for each network
profile.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-12 11:55:13 +03:00
Jouni Malinen
e3a451118e eapol_test: Check inet_aton() result
This makes code more consistent (CID 72676).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-11 19:45:17 +03:00
Jouni Malinen
4debeb42a6 WFD: Use cleaner bounds checking for sub-element length field
Mark the variable as unsigned and make the length check use "len > end -
pos" version to makes this easier to understand for static analyzers
(CID 74155).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-11 18:40:32 +03:00
Jouni Malinen
c061ae590a P2P NFC: Make code easier for static analyzers
len + pos > end comparison here did verify that the length field had a
valid value, but that did not seem to enough to avoid TAINTED_SCALAR
warning. Re-order that validation step to be equivalent "len > end -
pos" to remove these false positives (CID 68116).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-11 18:34:25 +03:00
Jouni Malinen
01b3bbfc66 test: Remove driver_test.c
The driver_test.c driver wrapper (-Dtest in wpa_supplicant and
driver=test in hostapd) was previously used for testing without real
Wi-Fi hardware. mac80211_hwsim-based tests have practically replaced all
these needs and there has been no improvements or use for driver_test.c
in a long while. Because of this, there has not really been any effort
to maintain this older test tool and no justification to change this
either. Remove the obsoleted test mechanism to clean up the repository.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-11 17:46:04 +03:00
Jouni Malinen
6cbdb0c537 Set WoWLAN triggers only if driver capabilities are known
Previously, wpas_set_wowlan_triggers() could have been called in
uninitialized wpa_driver_capa data if the driver interface did not
support reporting of capabilities. While this would not really happen
with a driver wrapper that implements set_wowlan() and as such, would
not cause any difference in practice, it is better to clean this up to
make the code path easier to understand for static analyzers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-11 12:38:35 +03:00
Jouni Malinen
9d4ff04af3 Add external EAPOL transmission option for testing purposes
The new ext_eapol_frame_io parameter can be used to configure hostapd
and wpa_supplicant to use control interface for receiving and
transmitting EAPOL frames. This makes it easier to implement automated
test cases for protocol testing. This functionality is included only in
CONFIG_TESTING_OPTIONS=y builds.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-10 18:40:57 +03:00
Sunil Dutt
61fc90483f P2P: Handle improper WPS termination on GO during group formation
A P2P Client may be able to connect to the GO even if the WPS
provisioning step has not terminated cleanly (e.g., P2P Client does not
send WSC_Done). Such group formation attempt missed the event
notification about started group on the GO and also did not set the
internal state corresponding to the successful group formation.

This commit addresses the missing part by completing GO side group
formation on a successful first data connection if WPS does not complete
cleanly. Also, this commit reorders the STA authorization indications to
ensure that the group formation success notification is given prior to
the first STA connection to handle such scenarios.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-10 18:40:57 +03:00
Jouni Malinen
58b40fdbfd P2P: Clear p2p_go_group_formation_completed on GO start
Previously, this variable did not necessarily get cleared between group
formations and could result in some of the workaround operations from
not being executed after the first group formation when using the same
interface for all P2P groups. Fix this by clearing the variable whenever
starting the GO to make sure it is used consistently for each group
formation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-10 15:53:22 +03:00
Jouni Malinen
c155305fd3 Complete sme-connect radio work when clearing connection state
It was possible for local deauthentication request to leave sme-connect
radio work running even when there was no ongoing effort to complete the
connection anymore. Clean this up by marking sme-connect radio work
item, if any, done when clearing connection state after such
disconnection during connection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-10 01:33:58 +03:00
Jouni Malinen
debb2dacac P2P: Report group removal reason PSK_FAILURE in timeout case
It was possible for group formation timeout to be the trigger for
detecting the second PSK/4-way handshake failure. If that happened, the
special reason=PSK_FAILURE was not used in the P2P-GROUP-REMOVED event
even though P2P-PERSISTENT-PSK-FAIL did get reported. Fix this special
case by replacing the reason code with PSK_FAILURE if the PSK failure
timeout gets registed as part of the disconnection processing in the
formation timeout handler.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-10 01:31:57 +03:00
Jouni Malinen
5cb1440361 Update ChangeLog files for v2.3
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-09 17:41:31 +03:00
Jouni Malinen
c5f258de76 wpa_cli: Use os_exec() for action script execution
Use os_exec() to run the action script operations to avoid undesired
command line processing for control interface event strings. Previously,
it could have been possible for some of the event strings to include
unsanitized data which is not suitable for system() use. (CVE-2014-3686)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-09 17:38:25 +03:00
Dmitry Shmidt
1236eda131 Android: Remove ctrl_interface=wlan0 from config template
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-10-07 00:43:50 +03:00
Dmitry Shmidt
9ffd512924 Android: Set pmf=1 to default template
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-10-07 00:43:50 +03:00
Toby Gray
45d8501555 Fix out of bounds memory access when removing vendor elements
Commit 86bd36f0d5 ("Add generic
mechanism for adding vendor elements into frames") has a minor bug
where it miscalculates the length of memory to move using
os_memmove. If multiple vendor elements are specified then this can
lead to out of bounds memory accesses.

This patch fixes this by calculating the correct length of remaining
data to shift down in the information element.

Signed-off-by: Toby Gray <toby.gray@realvnc.com>
2014-10-07 00:43:47 +03:00
Janusz Dziedzic
dc152f32b4 wpa_supplicant: Enable HT for IBSS
Enable HT20 for IBSS when HT is supported by the driver.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-10-04 18:54:22 +03:00
Janusz Dziedzic
4ec68377ef wpa_supplicant: Use hostapd_freq_params in assoc_params
Use hostapd_freq_params instead of simple frequency parameter for driver
commands. This is preparation for IBSS configuration to allow use of
HT/VHT in IBSS.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-10-04 18:43:42 +03:00
Tomasz Bursztyka
1274ec2329 dbus: Add an interface configuration entry to set the WPS methods
It is thus possible to restrain WPS methods to prefered ones, like PBC
only, etc.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-10-04 18:29:33 +03:00
Jouni Malinen
f1a613118e P2P: Use only the -m config for P2P management device
Previously, the case of non-netdev P2P management device ended up
pulling in both the main interface (e.g., wlan0) and P2P Device
interface (from command line -m argument) as configuration. Similarly,
the main interface ended up included both configuration files. This is
not really helpful for various use cases, e.g., when permanent P2P group
information is stored in the P2P Devince interface, but it gets
duplicated in the main station interface configuration.

Clean this up by changing the -m<file> argument to replace, not
concatenate, configuration information. In other words, the main station
interface will not read this configuration and the P2P Device interface
(non-netdev) does not read parameters from the station interface
configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-03 22:50:21 +03:00
Arik Nemtsov
08d7665c6b TDLS: Use WMM IE for propagating peer WMM capability
Relying on qos qosinfo is not enough, as it can be 0 for WMM enabled
peers that don't support U-APSD. Further, some peers don't even contain
this IE (Google Nexus 5), but do contain the WMM IE during setup.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-10-03 11:52:56 +03:00
Arik Nemtsov
984dadc23a TDLS: Set the initiator during tdls_mgmt operations
Some drivers need to know the initiator of a TDLS connection in order
to generate a correct TDLS mgmt packet. It is used to determine
the link identifier IE. Pass this information to the driver.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-10-03 11:52:21 +03:00
Jouni Malinen
a313d17de9 Extend random MAC address support to allow OUI to be kept
mac_addr=2 and preassoc_mac_addr=2 parameters can now be used to
configure random MAC address to be generated by maintaining the OUI part
of the permanent MAC address (but with locally administered bit set to
1). Other than that, these values result in similar behavior with
mac_addr=1 and preassoc_mac_addr=1, respectively.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-30 00:40:23 +03:00
Ahmad Masri
1595eb93ae P2P: Add support for 60 GHz social channel
Support 60 GHz band in P2P module by selecting random social channel
from all supported social channels in 2.4 GHz and 60 GHz bands.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-29 12:01:46 +03:00
Bojan Prtvar
b6ebdfbedd Extend STATUS command with frequency information
This makes 'wpa_cli status' command more versatile.

Signed-off-by: Bojan Prtvar <bojan.prtvar@rt-rk.com>
2014-09-28 20:47:06 +03:00
Tomasz Bursztyka
6a60488745 dbus: Add a global property to set or unset WFD IEs
This permits to set or unset the WiFi Display subelements from DBus, by
providing the full WFD specific IE frame.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-09-28 20:47:06 +03:00
Tomasz Bursztyka
4bd7e1614f wifi_display: Add a utility function to set WFD subelements from IEs
This will be useful to update the WFD subelements from DBus.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-09-28 20:46:49 +03:00
Tomasz Bursztyka
d4177443d4 wifi_display: Add a utility function to get the sub-elements as IEs
This will be useful for DBus API to expose current WFD configuration.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-09-28 19:22:23 +03:00
Jouni Malinen
6e252b0db3 WPS: Fix WPS-in-search check when STA_AUTOCONNECT is disabled
If "STA_AUTOCONNECT 0" has been used to disable automatic connection on
disconnection event and the driver indicates multiple disconnection
events for the disconnection from the current AP when WPS is started, it
could have been possible to hit a case where wpa_s->disconnected was set
to 1 during WPS processing and the following scan result processing
would stop the operation.

wpa_s->key_mgmt == WPA_KEY_MGMT_WPS check was trying to avoid to skip
autoconnect when WPS was in use, but that does not seem to work anymore.
Fix this by checking through wpas_wps_searching() as well to avoid
setting wpa_s->disconnect = 1 when there is an ongoing WPS operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-28 11:03:48 +03:00
Eduardo Abinader
e5fdc05dce P2P: Remove unecessary sanity check for global p2p
This check is already being done on wpas_p2p_deinit_iface.
Of course, it is assumed wpa_s is not deinit when reaches
that point as a matter of fact.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-09-28 11:03:48 +03:00
Eduardo Abinader
ee285df457 P2P: Flush services based on global p2p init and not p2p ifaces
As P2P service are not necessarily attached to a iface, when
added, proceed with same approach on p2p global deinit. Such
approach solves memory leaks ocurring upon wpa_supplicant
termination, when p2p services were registered previously.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-09-28 11:03:48 +03:00
Jouni Malinen
c267753ba2 Add support for using random local MAC address
This adds experimental support for wpa_supplicant to assign random local
MAC addresses for both pre-association cases (scan, GAS/ANQP) and for
connections. MAC address policy for each part can be controlled
separately and the connection part can be set per network block.

This requires support from the driver to allow local MAC address to be
changed if random address policy is enabled. It should also be noted
that number of drivers would not support concurrent operations (e.g.,
P2P and station association) with random addresses in use for one or
both.

This functionality can be controlled with the global configuration
parameters mac_addr and preassoc_mac_addr which set the default MAC
address policies for connections and pre-association operations (scan
and GAS/ANQP while not connected). The global rand_addr_lifetime
parameter can be used to set the lifetime of a random MAC address in
seconds (default: 60 seconds). This is used to avoid unnecessarily
frequent MAC address changes since those are likely to result in driver
clearing most of its state. It should be noted that the random MAC
address does not expire during an ESS connection, i.e., this lifetime is
only for the case where the device is disconnected.

The mac_addr parameter can also be set in the network blocks to define
different behavior per network. For example, the global mac_addr=1 and
preassoc_mac_addr=1 settings and mac_addr=0 in a home network profile
would result in behavior where all scanning is performed using a random
MAC address while connections to new networks (e.g.,
Interworking/Hotspot 2.0) would use random address and connections to
the home network would use the permanent MAC address.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-27 20:07:19 +03:00
Jouni Malinen
fee354c74d nl80211: Add command for changing local MAC address
This can be used to allow wpa_supplicant to control local MAC address
for connections.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-27 19:11:24 +03:00
Ahmad Kholaif
79e2b1cc54 Add PMKSA_FLUSH ctrl_iface command
"PMKSA_FLUSH" can now be used to flush PMKSA cache entries over the
control interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-27 10:44:22 +03:00
Jouni Malinen
55c2bfa9eb wpa_cli: Support action scripts with global ctrl_iface
This extends "wpa_cli -a<action script>" functionality to work with the
global wpa_supplicant control interface. The IFNAME=<ifname> prefix is
removed from the event messages and converted to the control interface
name when present. Previously, action scripts could only be used with
the per-interface control interfaces.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-26 15:45:53 +03:00
Jouni Malinen
063f85043d wpa_cli: Increase event buffer size to 4096 bytes
Number of other buffers were already increased to this size, but the
buffer used for receiving unsolicited event messages from wpa_supplicant
(e.g., for wpa_cli action scripts) was still at the older 256 byte size.
This could result in some events getting truncated. Avoid this by using
the same 4096 byte buffer size here as in the other places receiving
messages from wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-26 15:45:53 +03:00
Jouni Malinen
fa0e91767d wpa_cli: Fix PING in interactive mode with ifname_prefix
The ifname_prefix string could change during line editing and the
periodic PING command running in the background ended up getting the
latest snapshot of the command line due to the pointer being left to
point to the edit buffer. This resulted in unexpected prefix strings
getting used with the periodic PING command. Fix this by temporarily
clearing the ifname_prefix whenever running such a periodic PING.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-26 15:45:53 +03:00
Jouni Malinen
068e38771e STA: Update scan results for ap_scan=1 skip-selection case also
The commit 5cd4740580 has rearranged the
update scan results code and hence the IEs were not getting updated
properly for ap_scan=1 case. This can result in a 4-way handshake
failure in the roaming case (IE mismatch in 3/4 EAPOL). Fix this by
updating the scan results even if ap_scan=1 is used and network does not
need to get reselected based on association information.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-13 17:31:58 +03:00
Dan Williams
7a4a93b959 dbus: Add SignalPoll() method to report current signal properties
Analogous to the control interface's SIGNAL_POLL request.

Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-09-13 17:21:54 +03:00
vandwalle
a6ab82d7b4 Android: Add NO_EVENTS parameter to status command
It also allows to use the STATUS command with default behavior,
say for debug, i.e., don't generate a "fake" CONNECTION and
SUPPLICANT_STATE_CHANGE events with the new STATUS-NO_EVENTS case.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-09-13 17:03:16 +03:00
Jouni Malinen
df2508d7a8 P2P: Check os_get_random() return value more consistently
In theory, this call could fail, so check the return value before using
the received data. These specific cases would not really care much about
the failures, but this keeps the code more consistent and keeps static
analyzer warnings more useful. (CID 72678, CID 72679, CID 72680,
CID 72683, CID 72689, CID 72698, CID 72703)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-13 16:27:52 +03:00
Jouni Malinen
0ef023e478 Add support for driver command to update roaming policy
The network block bssid parameter can be used to force a specific BSS to
be used for a connection. It is also possible to modify this parameter
during an association. Previously, that did not result in any
notification to the driver which was somewhat problematic with drivers
that take care of BSS selection. Add a new mechanism to allow
wpa_supplicant to provide a driver update if the bssid parameter change
for the current connection modifies roaming policy (roaming
allowed/disallowed within ESS).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-11 15:59:42 +03:00
Jouni Malinen
76db5b6b12 Work around broken AP PMKSA caching implementation
An interoperability issue with a deployed AP has been identified where
the connection fails due to that AP failing to operate correctly if
PMKID is included in the Association Request frame. To work around this,
allow EAPOL-Start packet to be transmitted on startWhen reaching 0 even
when trying to use PMKSA caching. In practice, this allows fallback to
full EAP authentication if the AP/Authenticator takes more than 1-2
seconds to initiate 4-way handshake for PMKSA caching or full EAP
authentication if there was no PMKSA cache match.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-08 17:18:01 +03:00
Jouni Malinen
b08d5fa793 WPS: Set EAPOL workarounds dynamically based on association
Previously, the shorter startWhen value was used based on build
parameters (i.e., if WPS was enabled). This is not really ideal and the
knowledge of WPS use can be provided to the EAPOL state machine to allow
this (and similar WPS workarounds) to be done only when the association
is for the purpose of WPS.

Reduce the default startWhen value from 3 to 2 seconds for non-WPS case
since WPS builds have likely received most testing for the past years
with the 1 second value and there is no strong justification for forcing
the longer 3 second wait should a frame be lost or something else
require the EAPOL-Start to initiate operation after a connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-08 17:16:04 +03:00
Dmitry Shmidt
abc05534aa Remove WPA_EVENT_SCAN_STARTED message from MSG_INFO log
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-09-07 19:54:39 +03:00
Eduardo Abinader
c45dabb855 P2P: Deauth p2p client just after dbus notify
Currently to signal PropertiesChanged upon group client
removal (group property), wpa_supplicant dbus uses wpa_s
members like go_dev_addr and current_ssid, for instance.
Thus, deferring p2p client deauth to after dbus notify,
but keeping the same order as before, solves the issue,
as wpa_s is not yet completely deinitialized.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-09-07 19:50:32 +03:00
Dan Williams
3bd3257a0a dbus: add BSS Age property to indicate last-seen time
"Age" is the age in seconds since the BSS was last seen, and is
emitted as a PropertyChanged signal whenever the BSS is updated
from a scan result. It also returns the correct age when queried
directly.

This property can be used to resolve issues where, if no other
properties of the BSS changed from scan results (for example,
if the BSS always had 100% signal) no D-Bus signals would be
emitted to indicate that the BSS had just been seen in the scan.

Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-09-07 19:18:45 +03:00
Jouni Malinen
cb5ef952c8 SME: Verify that os_get_random() succeeds for SA Query
Be more consistent on checking os_get_random() return value (CID 72706).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-07 18:27:42 +03:00
Jouni Malinen
5e62cfdf75 P2P: Verify that os_get_random() succeeds
Be more consistent with os_get_random() use (CID 72710).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-07 18:05:53 +03:00
Edhar, Mahesh Kumar
1c2aa04c96 P2P: Do not add P2P IEs on P2P disabled interface
While building Association Request frame IEs we should consider adding
P2P IEs only on interface where P2P functionality is enabled. Consider
per interface p2p_disabled parameter before adding P2P IEs to complete
the checks for this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-02 11:04:26 +03:00
Hu Wang
e5a4b85b2f WPS: Merge mixed-WPA/WPA2 credentials if received in same session
Some deployed APs send two credentials when in mixed-WPA/WPA2
configuration; one for the WPA-Personal/TKIP and the other for
WPA2-Personal/CCMP. Previously, this would result in two network blocks
getting added for the single AP. This can be somewhat confusing and
unnecessary, so merge such credentials into a single one that allows
both WPA and WPA2 to be used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-08-29 20:25:18 +03:00
Chandrasekaran, Manishekar
4e5367516b P2P: Overwrite pending interface only after verifying BSS entry
Previously, the P2P Interface Address of the peer gets updated in the
peer table every time based on the scan results.

For example, in a two port concurrency scenario, where the peer device
has two interfaces with unique P2P Interface Addresses and with same P2P
Device Address, based on the Probe Response/Beacon frames from these two
interfaces, their peer table gets updated, but each of these updates
happens in the peer table only based on the P2P Device Address. So, the
same peer's P2P Interface address is updated every time and hence, at
any instant, only one P2P Device Address to P2P Interface Address
mapping entry exist in the peer table for the peer which has two
interfaces.

When we try to join a group operated by the peer, lookup happens in the
peer table and when an interface entry is not available, the pending
interface address gets overwritten with the P2P Device Address and hence
the P2P connection can fail. Since the BSS table is the one that is
up-to-date, this fix will ensure that the interface overwriting will
happen only when there is no BSS entry for the pending P2P Interface
Address as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-08-26 18:58:54 +03:00
Bojan Prtvar
1cc0d6a0eb wpa_supplicant: Use freq_list scan filtar in sched_scan
Global freq_list scan filtar was taken into account only by
req_scan and not by req_sched_scan. We want to allow the user
to limit the channels that wpa_supplicant will scan in req_sched_scan
requests as well.

Signed-off-by: Bojan Prtvar <bojan.prtvar@rt-rk.com>
2014-08-12 16:44:04 +03:00
Eduardo Abinader
4aa9c156e5 dbus: Close dbus dict just after appending data
Before fixing this issue, calling wpas_dbus_getter_p2p_device_config
was causing early termination of dbus connection, due to writing
values to an already closed dict.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-08-10 11:29:49 +03:00
Eduardo Abinader
af65bc36bb P2P: Use ssid instead of wpa_ssid to find GO iface
In order to find a GO interface, there has to be a
comparison among two SSIDs, instead of a wpa_ssid and
a ssid.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-08-10 11:04:08 +03:00
Tomasz Bursztyka
4a0693a4d5 dbus: Declare and implement GroupFinished as for GroupStarted
First for better concistancy but also to tell about the group_object
that is getting removed, thus the client will know about it and will be
able to act accordingly.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-07-31 17:20:56 +03:00
Jithu Jance
2fa980f0f1 P2P: Cancel pending action TX radio work on p2p_cancel
When p2p_cancel is invoked while the GO Negotiation Action TX was
pending, the p2p_send_action_work was not getting cleared.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-07-31 17:13:46 +03:00
Philippe Nunes
8b627b7c47 Fix writing of the wowlan_triggers parameter
The parameter wowlan_triggers is a global string and is not recognised
if it is embraced with double-quotes.

Signed-off-by: Philippe Nunes <philippe.nunes@linux.intel.com>
2014-07-31 17:03:33 +03:00
Jouni Malinen
8b65fefeed Interworking: Remove unnecessary placeholder for PAME-BI
The PAME-BI bit in the Advertisement Protocol element is reserved for
non-AP STA, so this function will never set that bit to one and as such,
there is not much point in maintaining the placeholder dead code for
this either. (CID 68107)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-26 20:28:03 +03:00
Jouni Malinen
52f4abfd06 P2P: Remove PSK/passphrase from P2P-GROUP-STARTED debug log entry
The PSK/passphrase are needed for the control interface events since the
upper layer UI component is required by the specification to be able to
make this available for manual configuration. However, this is not
needed in the INFO verbosity level debug entry, so split the event
generation into two parts.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-26 13:26:59 +03:00
Jouni Malinen
f8723e1e9f P2P: Use a helper function for P2P_EVENT_GROUP_STARTED events
This makes it easier to change the event message message for indication
when P2P group has stated and removes some duplicated code.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-26 13:25:18 +03:00
Jouni Malinen
71a0e395b9 P2P: Make unrecognized vendor elements available in P2P_PEER
This allows external programs to use vendor specific information from
P2P peers without wpa_supplicant having to be able to parse and
understand all such vendor specific elements.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-08 15:57:30 +03:00
Jouni Malinen
86bd36f0d5 Add generic mechanism for adding vendor elements into frames
This adds following new control interface commands to allow arbitrary
vendor elements to be added into number of frames:

VENDOR_ELEM_ADD <frame id> <hexdump of elem(s)>
VENDOR_ELEM_GET <frame id>
VENDOR_ELEM_REMOVE <frame id> <hexdump of elem(s)>
VENDOR_ELEM_REMOVE <frame id> *

The following frames are supported in this commit (additional frames can
be added in the future):

0 = Probe Request frame in P2P device discovery
1 = Probe Response frame from P2P Device role
2 = Probe Response frame from P2P GO
3 = Beacon frame from P2P GO
4 = PD Req
5 = PD Resp
6 = GO Neg Req
7 = GO Neg Resp
8 = GO Neg Conf
9 = Invitation Request
10 = Invitation Response
11 = P2P Association Request
12 = P2P Association Response

One or more vendor element can be added/removed with the commands. The
hexdump of the element(s) needs to contain the full element (id, len,
payload) and the buffer needs to pass IE parsing requirements to be
accepted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-07 12:25:09 +03:00
Dmitry Shmidt
4ed3492206 PNO: Send Probe Request frames only for hidden SSIDs
Previously, offloaded scanning (PNO) on Android was including SSIDs from
all enabled networks regardless of the scan_ssid parameter which
resulted in different behavior for the offloaded case when comparing to
wpa_supplicant initiated scans.

Use the sched_scan match filter to allow broadcast SSID to be used for
scan_ssid=1 networks also with PNO to avoid running active scans for
SSIDs that have not been explicitly marked as requiring an SSID-specific
scan. This reduces exposure of configured network names on the device
when running offloaded scans while the host device is in sleep.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-07-03 16:44:43 +03:00
Jouni Malinen
8931a36ca4 P2P: Add explicit check for ssid->p2p_client_list != NULL
This would not really be needed since these functions check the pointer
above. However, this seems to be too difficult for some static analyzer,
so add the extra check to avoid false reports.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-03 00:53:13 +03:00
Dmitry Shmidt
e376290c66 HS 2.0R2: Add update_identifier field to network
This can be used to configure a Hotspot 2.0 Release 2 network externally
for a case where wpa_supplicant-based Interworking network selection is
not used and the update_identifier cannot be copied directly from a
cred.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-07-02 14:01:01 +03:00
Jouni Malinen
5bc285716e Fix some sparse warnings about u16 vs. le16
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:34:34 +03:00
Jouni Malinen
42619d68a6 Fix CTRL-EVENT-REGDOM-CHANGE event init= value
Incorrect field was used to determine the init=<value> in the regulatory
domain changed control interface event.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:09:00 +03:00
Jouni Malinen
a520bf4aeb Mark function static
This function is not used outside this file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:08:46 +03:00
Jouni Malinen
0cb79d355a dbus: Fix indentation level to match code logic
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:03:45 +03:00
Jouni Malinen
8f03ac9007 Mark functions static
These functions are not used outside this file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 13:03:22 +03:00
Li Jianyun
6891f0e6f4 Allow SCAN command to specify scan_ssid=1 SSIDs
The new "scan_id=<comma separated list of network ids>" parameter can
now be used to specify a list of network ids that have scan_ssid=1 to
indicate active scanning of the SSID. This adds the listed SSIDs to the
scan command to allow manual scan requests to perform active scans for
hidden SSIDs. For example, "SCAN scan_id=1,7,11" would run a scan with
the SSID fetched from the configured network blocks 1, 7, and 11
(assuming those are set with scan_ssid=1). The SSIDs will be included
even from network blocks that are currently disabled.

The maximum number of SSIDs added to the request is limited by the
driver support. If more than supported values are specified, the command
will fail (returns "FAIL").

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-02 12:52:08 +03:00
Jouni Malinen
19c48da06b Clear wpa_supplicant configuration keys explicitly
Use an explicit memset call to clear any wpa_supplicant configuration
parameter that contains private information like keys or identity. This
brings in an additional layer of protection by reducing the length of
time this type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
5dbbf36916 Interworking: Remove unnecessary dead increment
build_root_nai() will not be extended to write something after the
domain, so there is no need to update the pos pointer after the final
os_snprintf() call in the function. Remove this to make a static
analyzer happier.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
a1e46f320d Check for no key_mgmt/proto/auth_alg entries in config writer
This is not really necessary check, but it keeps a static analyzer
happier by avoiding dead increment. Doing it this way rather than
removing the increment is less likely to cause problems when new entries
are added here in the future (the "dead" increment would be very much
needed in those cases).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
290ea6a76e Remove unnecessary tracking of first entry
The pointer to the current position is enough to figure out whether the
proto string is the first one in the buffer. Removing the separate
tracking variable cleans up a static analyzer warning on dead
assignment.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
d3fa2bbb02 WFD: Explicit limit for subelement length (CID 68127)
This adds an explicit limit for the maximum Wi-Fi Display subelement
length for ASCII hexdump. This would not really be needed since the
buffer is already limited by maximum frame length. Anyway, since this
can make static analyzers happier and the subelement used with this
function is short, we may as well include an explicit check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
745ef18478 HS 2.0: Verify assoc_req_ie buffer size for indication elements
While the buffer is expected to be large enough for all the IEs, it is
better to check for this explicitly when adding the HS 2.0 Indication
element. (CID 68601)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
010fc5f507 dbus: Clean up array-array-type property getter
The previously used design was a bit too complex for static analyzers
(e.g., CID 68131, CID 68133) to understand which resulted in false
warnings about uninitialized memory. Avoid this by explicitly
initializing the pointer array to NULL and also skipping any invalid
NULL entry in the helper function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-29 18:20:13 +03:00
Tomasz Bursztyka
ea18024d78 dbus: Add PropertiesChanged signal to Peer object
This signal will be thrown when a Peer joins or leaves a group.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:28:14 +03:00
Tomasz Bursztyka
bf035663c9 dbus: Remove GroupMember object type and use Peer instead
GroupMember is unusable in itself and all the necessary informations are
stored in Peer objects, thus replace the use of GroupMember by Peer.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:19:12 +03:00
Tomasz Bursztyka
17a37d7110 dbus: Add a Groups property to a Peer object on which it belongs
If only the Peer is part of one or more group, this property will tell
those via listing their object paths.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:09:32 +03:00
Tomasz Bursztyka
6f04642fe3 P2P: Add utility functions to get GO/client interface
This will be useful for a peer to know if it is part of a group either
as a client of our local GO or as the peer GO.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:00:55 +03:00
Dmitry Shmidt
1de809e152 eapol_test: Fix -R option to not replace -s option value
Commit e9852462d5 ('eapol_test: Add PC/SC
reader and PIN command line arguments') did not add break to the switch
statement for the new -R command line option.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-06-28 10:51:29 +03:00
Johannes Berg
57a8f8af38 nl80211: Use low-priority scan for OBSS scan
Some drivers may support low-priority scans, if they do then
use that for OBSS scanning.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-06-22 00:47:06 +03:00
Jouni Malinen
1b928f96b6 P2P: Allow passphrase length to be configured
Previously, eight character random passphrase was generated
automatically for P2P GO. The new p2p_passphrase_len parameter can be
used to increase this length to generate a stronger passphrase for cases
where practicality of manual configuration of legacy devices is not a
concern.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-22 00:15:53 +03:00
Jouni Malinen
e9852462d5 eapol_test: Add PC/SC reader and PIN command line arguments
The new command line arguments -R<reader> and -P<PIN> can now be used to
specify which PC/SC reader (prefix match) and PIN are to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-21 22:46:28 +03:00
Jouni Malinen
5a620604f8 Use pcsc_reader configuration in one for scard_init() call
This allows PC/SC reader to be identified with the pcsc_reader
configuration parameter.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-21 22:45:31 +03:00
Jouni Malinen
3302b7c29f Rate limit SA Query procedure initiation on unprotected disconnect
There is no need to trigger new SA Query procedure to check the state of
the connection immediately after having performed such a check. Limit
the impact of burst of unprotected Deauth/Disassoc frames by starting a
new SA Query procedure only once at least 10 seconds has passed from the
previous SA Query that was triggered by reception of an unprotected
disconnection. The first SA Query procedure for each association does
not follow this rule to avoid issues with test cases that expect to see
an SA Query every time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-19 20:56:32 +03:00
Arik Nemtsov
38ddccae8f TDLS: Add ctrl_iface option for flushing all TDLS peers
"TDLS_TEARDOWN *" can now be used to tear down the direct links to all
TDLS peers. This is useful for debugging purposes.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-06-16 23:43:46 +03:00
Arik Nemtsov
947f900fb8 TDLS: Handle unreachable link teardown for external setup
If a link is unreachable, the specification mandates we should send a
teardown packet via the AP with a specific teardown reason. Force this
by first disabling the link and only then sending the teardown packet
for the LOW_ACK event.

Rename the TDLS LOW_ACK event handler to better reflect its purpose.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-06-16 23:34:06 +03:00
Jouni Malinen
fa21e6c35b Fix CONFIG_MODULE_TESTS=y build without CONFIG_P2P=y
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-15 19:35:22 +03:00
Jouni Malinen
bd10d93891 P2P: Clean up by moving ifdef CONFIG_P2P to p2p_suppplicant.h
This removes number of unnecessary #ifdef CONFIG_P2P blocks from generic
code by hiding the conditional build into p2p_supplicant.h with empty
inline functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-15 19:31:53 +03:00
Ilan Peer
e3bd6e9dc0 P2P: Use another interface operating channel as listen channel
Performing a P2P Device flow such as p2p_listen or
p2p_find, can degrade the performance of an active interface
connection, if the listen frequency is different than the
frequency used by that interface.

To reduce the effect of P2P Device flows on other interfaces,
try changing the listen channel of the P2P Device to match the
operating channel of one of the other active interfaces. This change
will be possible only in case that the listen channel is not forced
externally, and will be delayed to a point where the P2P Device
state machine is idle.

The optimization can be configured in the configuration file and
is disabled by default.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:46:11 +03:00
Ilan Peer
28812a8983 P2P: Try using one of the social channels for GO
In case there is no preference for the GO operating channel,
try using one of 1, 6, 11 (randomly), and only if the random
selection is not suitable traverse all the channels 1..11.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:33:52 +03:00
Avraham Stern
0a816e8cbf P2P: Remove duplicated code from get_shared_radio_freqs_data()
Remove the seperation between getting the local interface frequency and
other interfaces frequencies since going over all the radio interfaces
includes the local interface.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2014-06-15 00:21:41 +03:00
Jouni Malinen
504df28a1d Remove unused dump_freq_array()
This function is not used anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-15 00:21:41 +03:00
Ilan Peer
a0c90bb073 P2P: Collect and use extended data on used frequencies
When the number of frequencies supported by the kernel is bigger than
one, and there is a need to pick a frequency for a new flow such as P2P
GO Negotiation or P2P Invitation, the flow should be able to pick the
best frequency among all the frequencies currently used by the device.

In order to prioritize between the currently used frequencies, add
the ability to collect additional data about each used frequency
(if the frequency is used by a station interface or P2P Client)
and when needed select the best frequency, where:

1. Infrastructure interfaces have highest priority
2. P2P Client interfaces have higher priority over AP/GO
   interfaces.

The rational is that the frequency of an AP/GO can change while
that of a station interface cannot.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:21:40 +03:00
Avraham Stern
b278f323ed P2P: Remove unused code from get_shared_radio_freqs_data()
Remove the check for get_radio_name support from
get_shared_radio_freqs_data() since get_radio_name is no longer in use
in this function.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2014-06-15 00:21:40 +03:00
Jouni Malinen
25be28a375 dbus: Check return value more consistently (CID 62841)
Most of these calls are checked to return success and there is no reason
why these wouldn't, so be more consistent. This addresses CID 62841,
CID 62840, CID 62839, CID 62838, CID 62837, CID 62836.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-14 12:32:53 +03:00
Jouni Malinen
f62415df8a Note chmod() failure in debug log even in ignore case (CID 62843)
If this chmod() call fails, the global control interface is allowed to
be used since there was no change to its group. Anyway, it can be
helpful to note the error case in debug log instead of silently ignoring
it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-14 12:32:52 +03:00
Jouni Malinen
49d13df63c P2P: Fix wfd_dev_info parsing for P2P-DEVICE-FOUND (CID 68127)
Commit b125c48fce ('P2P: Add wfd_dev_info=
field for device found event') added Wi-Fi Display device info to the
P2P-DEVICE-FOUND events. However, it did not include proper bounds
checking in wifi_display_subelem_hex() and could accept subelements with
invalid length field values. This could result in buffer read overflow
of up to 64 kB and inclusion of heap memory in the local control
interface event and/or process crash due to invalid memory access. Fix
this by checking the validity of the length field before writing a
hexdump of the data.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 15:25:39 +03:00
Jouni Malinen
1851e17a64 dbus: Clean up P2P group vendor ext getter
The vendor_ext[i] = NULL setting did not make any sense since
num_vendor_ext should have been used to index the vendor_ext array. The
old code did not do any harm since i >= num_vendor_ext and none of the
already set entries could have been cleared. Anyway, better clean this
by making it skip the setting to NULL similarly to what was already done
in the P2P peer vendor ext getter.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:48:21 +03:00
Jouni Malinen
137ff332fd HS 2.0R2: Fix OSEN IE parsing for in cipher setup (CID 68132)
The OSEN code path hardcodes number of struct wpa_ie_data items.
However, it did not clear the full structure and some uninitialized
fields could have been used (e.g., ie.mgmt_group_cipher for a debug
print and ie.capabilities for checking MFPC). Fix this by clearing the
ie data before filling in the hardcoded OSEN values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:36:42 +03:00
Jouni Malinen
2703fb4ad9 WNM: Use cleaner way of generating pointer to a field (CID 68100)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
fb5d417178 P2P: Use cleaner way of generating pointer to a field (CID 68096)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
35c03184df P2P: Use cleaner way of generating pointer to a field (CID 68095)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
e987c70c85 dbus: Add explicit break statements to switch-default
There were couple of missing breaks in switch-default (before/after).
While these did not have any noticeable issues due to falling over to
the next step that just exited from the switch statement, it is cleaner
and more robust to have each case use an explicit break.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
6446420b24 dbus: Initialize temporary entry properly (CID 62877)
The tmpentry variable was not initialized and
_wpa_dbus_dict_entry_get_byte_array() does not set tmpentry.type, so it
would have been possible for the error path to end up trying to free
unexpected type of an entry or not free the memory at all.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
70d9537361 Use clearer way of getting pointer to a frame (CID 62835)
This avoids an incorrect ARRAY_VS_SINGLETON report for a case where a
pointer is taken to the specified field in a frame and not to a single
octet. Bounds checking was already handled separately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:11 +03:00
Jouni Malinen
0e87e798b5 Fix HS20_GET_NAI_HOME_REALM_LIST hex length check (CID 68108)
Due to an incorrect operation (MOD vs. AND), the code that was supposed
to return an error if the hex string has odd length was not really
reporting any failures. Instead of reporting an error, the invalid
control interface command would have been truncated. This is not an
issue in practice, but better fix the implementation anyway.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-12 19:45:27 +03:00
Jouni Malinen
beb9e1171e dbus: Avoid theoretical memory leaks with duplicated dict entries
If a dict would include duplicated items, the parsing code here would
have leaked memory by overwriting old os_strdup() result with the new
one. Fix this by explicitly freeing the previous entry. This addresses
CID 62852, CID 62851, CID 62850, CID 62849, CID 62847, CID 62846.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-12 19:45:06 +03:00
Jouni Malinen
ceb4cd89c9 dbus: Fix a potential double-free in on error path (CID 62880)
It would have been at least theoretically possible to hit the first
error in the loop and end up jumping to error handling which would call
os_free(value) without the value having been cleared after the os_free()
call at the end of the previous loop iteration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-12 19:45:02 +03:00
Jouni Malinen
5519241676 GAS: Limit TX wait time based on driver maximum value
The GAS query TX operation used a fixed wait time of 1000 ms for the
reply. However, it would be possible for the driver to not support this
long remain-on-channel maximum. Limit this wait time based on driver
support, if needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-12 10:56:06 +03:00
Nirav Shah
d3b204694a P2P: Make the default p2p_find delay value configurable
This makes the p2p_find default delay value configurable as
p2p_search_delay parameter through the configuration file (and through
control interface "SET p2p_search_delay <value>" on the P2P management
interface.

This parameter controls the number milliseconds of extra delay that is
added between search iterations when there is a concurrent operation in
progress. This can be used, e.g., p2p_search_delay=100 to make p2p_find
friendlier to concurrent operations by avoiding it from taking 100% of
the radio resources. The default value is the previous default, i.e.,
500 ms. Smaller values can be used to find peers more quickly at the
cost of larger effect to concurrent operations while a larger value
leaves more time for the concurrent operations at the cost of making
device discovery take longer time.

The optional p2p_find delay argument can still be used to override the
search delay for each search operation.

Since the P2P_CONCURRENT_SEARCH_DELAY macro is not used anymore, the
driver specific build parameter for bcmdhd from Android.mk is also
removed. Similar configuration can now be achieved with
p2p_search_delay=0 in the p2p0 interface configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-09 19:43:26 +03:00
Jouni Malinen
a01acc50d5 Check for EVENT_ASSOC data to be present for AP mode operation
wpa_supplicant_event() is required to include the event data for AP mode
events. In theory, a non-AP mode event could be sent here from the
driver wrapper, so reject such event.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 19:15:50 +03:00
Jouni Malinen
0bbaa9b93f Validate driver extended capabilities length against buffer length
Prepare for new extended capabilities bits by checking that the local
buffer is large enough to contain all the bits the driver requests. The
existing buffers are large enough to include anything defined until now,
but it would be possible to add more definitions in the future, so
increase them a bit as well to make this more future proof.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 16:35:30 +03:00
Jouni Malinen
9c6c5589e0 Interworking: Reject EAP configuration with unsupported inner method
Instead of allowing the connection attempt to occur with an unsupported
inner method, check for that explicitly at the time the network block is
added and drop the network if the identified inner method is not
supported.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 16:18:30 +03:00
Jouni Malinen
f2ca0e9770 Check eap_get_name() return against NULL to silence static analyzer
This cannot really be NULL in practice since cred->eap_method would
point to a valid EAP method. Anyway, to avoid false positive from
analyzers, check the pointer explicitly before printing it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 15:42:07 +03:00
Jouni Malinen
fb958ea76e Check current_ssid on unexpected association event
This is mainly to keep static analyzers silent since it does not look
like this code path can be reached in practice due to the way
association events are handled and current_ssid is either set before
resched here or the association is rejected. Anyway, if this could be
reached, the wpa_supplicant_set_wpa_none_key() call would end up
dereferencing a NULL pointer, so add an explicit check to make sure that
does not happen.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 13:32:13 +03:00
Jouni Malinen
6a98f67369 ChangeLog entries for v2.2
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-04 16:08:37 +03:00
Jouni Malinen
d4b951f31b Fix offchannel TX not to retransmit pending frame on callback
If the offchannel TX frame command was offloaded to the driver in
offchannel_send_action(), we must not send another copy of the frame if
a remain-on-channel event happens to be delivered between this TX
command and the matching TX status event. It was possible for the
duplicated frame to cause problems, e.g., with P2P invitation exchange
if the same Invitation Request frame got sent twice and only the first
one getting accepted by the peer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-04 16:07:59 +03:00
Jouni Malinen
df48efc5ab Fix external radio work stopping to not read freed memory
The dynamically allocated struct wpa_external_work contains the name of
the radio work in the type field and this is used in a debug print
within radio_work_done(). Re-order radio_work_done() and os_free() calls
on couple of paths where the memory was freed before that final user of
the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-31 22:58:51 +03:00
Amit Khatri
9a17b36e55 tests: Makefile change avoiding compiler error for module test
wpa_supplicant was giving below error when "CONFIG_MODULE_TESTS=y" and
"CONFIG_P2P=y" are in .config file:
"wpas_module_tests.c:84: undefined reference to `wps_module_tests'"

This error is coming because "CONFIG_WPS=y" is commented out in .config
file but CONFIG_WPS is getting enabled by CONFIG_P2P in Makefile.

Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
2014-05-31 13:36:59 +03:00
Mikael Kanstrup
b77aeae732 Interworking: Re-trigger scan if no connect attempt is done
For one specific case when running with Interworking enabled the
re-initialisation of the scan timer is missing. This makes auto connect
to a configured network fail.

The case is:
- Interworking credentials available, but do not match
- Auto interworking is enabled (auto_interworking=1)
- Interworking auto select is disabled (i.e., this is from
  auto_interworking=1, not from INTERWORKING_SELECT auto)
- No configured (enabled and non blacklisted) networks are present
  in scan results list with full match
- Interworking finds matching networks (it does not do full security
  policy match)

This patch covers the case and re-initialises the scan timer to allow
search for a suitable network to continue.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2014-05-31 13:23:00 +03:00
Jouni Malinen
2d2dd488be tests: Add module tests for src/common
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-28 00:56:13 +03:00
Jouni Malinen
829a1b3296 P2P: Clear p2p_auth_invite after each persistent group invitation
This makes the operations more consistent when going through multiple
persistent group re-invocation sequences in a row. Each invitation needs
to be accepted separately if persistent reconnect is not enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 12:09:25 +03:00
Boris Sorochkin
e403ba859e Parse DMG capabilities when reporting to external interfaces
This adds [DMG] and [PBSS] flags for scan results and BSS table entries
using the IEEE Std 802.11ad-2012 updated definition of the Capability
field.

Signed-off-by: Boris Sorochkin <qca_bsoroc@qca.qualcomm.com>
2014-05-26 23:35:52 +03:00
Jouni Malinen
8860e0f47c tests: Add printf encoding/decoding module tests
This replaces tests/test-printf.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
7bb70909a2 Add DRIVER_EVENT AVOID_FREQUENCIES for testing
This can be used to simulate driver events indicating frequencies to
avoid.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Masashi Honma
f0356ec85c eloop: Add epoll option for better performance
This patch adds epoll option for the eloop implementation. This can be
selected with the CONFIG_ELOOP_EPOLL=y build option.

[merit]
See Table1.

Table1. comparison table
+--------+--------+-----------+------------+-------------+
|        | add fd | remove fd | prepare fd | dispatch fd |
+--------+--------+-----------+------------+-------------+
| select | O(1)   | O(1)      | O(N)       | O(N)        |
+--------+--------+-----------+------------+-------------+
| poll   | O(1)   | O(1)      | O(N)       | O(N)        |
+--------+--------+-----------+------------+-------------+
| epoll  | O(1)   | O(1)      | 0          | O(M)        |
+--------+--------+-----------+------------+-------------+
"add fd" is addition of fd by eloop_sock_table_add_sock().
"remove fd" is removal of fd by eloop_sock_table_remove_sock().
"prepare fd" is preparation of fds before wait in eloop_run().
"dispatch fd" is dispatchment of fds by eloop_sock_table_dispatch().
"N" is all watching fds.
"M" is fds which could be dispatched after waiting.

As shown in Table1, epoll option has better performance on "prepare fd" column.
Because select/poll option requires setting fds before every select()/poll().
But epoll_wait() doesn't need it.

And epoll option has also better performance on "dispatch fd" column.
Because select/poll option needs to check all registered fds to find out
dispatchable fds. But epoll option doesn't require checking all registered fds.
Because epoll_wait() returns dispatchable fd set.

So epoll option is effective for GO/AP functionality.

[demerit]
The epoll option requires additional heap memory. In case of P2P GO, it is
about 8K bytes.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-05-16 18:25:51 +03:00
Tomasz Bursztyka
68d270069f dbus: No need to recompute group object path on GroupStarted signal
The group object is already registered on DBus at that point, thus wpa_s
structure holds its path already.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:20:17 +03:00
Tomasz Bursztyka
f3734e2377 dbus: Provide the P2P Device Address from the relevant structure
Fixes a minor mistake: the p2p_info structure should be used here
instead of the peer_handler_args one.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:19:37 +03:00
Tomasz Bursztyka
e956b830fc dbus: Fix interface DeviceFound signal specification
DeviceFound does not provide any properties, just the peer object path.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:19:10 +03:00
Tomasz Bursztyka
fc591a771c dbus: Declare GONegotiation signals properly
These signals delivers an array of key/value pairs, thus declaring those
as it should.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:18:39 +03:00
Dmitry Shmidt
b19c098e75 Send authentication failure reason in wpas_auth_failed()
"WRONG_KEY"   - possibly wrong psk
"AUTH_FAILED" - authentication failure
"CONN_FAILED" - continiuos connection failure

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-05-16 18:08:39 +03:00
Eduardo Abinader
5516ed32c5 WPS: Deinit before wpas_p2p_disconnect()
When there is a pending WPS negotiation for P2P and signal interrupt is
triggered, invalid read occurs in wpas_wps_terminate_pending() if
wpas_p2p_disconnect() removed the interface. Inverting deinit order
solves the issue.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-05-16 01:03:44 +03:00
Jouni Malinen
e9eb648e0e P2P: Reject P2P_FIND and P2P_LISTEN on disabled interface
This makes the P2P operations behave more consistently with the SCAN
command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 21:34:32 +03:00
Jouni Malinen
c71c241674 P2P: Clear P2P state if active interface is disabled
The radio works for the interface get removed if interface is disabled.
This could have left P2P module in invalid state if the interface got
disabled during a p2p_find or p2p_listen operation. Clear the state in
such a case to avoid blocking following operations due to P2P module
assuming it is still in progress of doing something.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 21:32:54 +03:00
Jouni Malinen
ad12f2f422 Add DRIVER_EVENT ctrl_iface command for testing purposes
This new command can be used to simulate driver events without having to
go through the driver wrapper or kernel code for this. This enables more
testing coverage with hwsim.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 21:09:48 +03:00
Jouni Malinen
3e66f78914 P2P: Make sure GO start does not miss connect_without_scan
It looks like there was a possible sequence for wpa_s->scan_req to be
MANUAL_SCAN_REQ at the moment a GO is to be started. This could result
in the "Request scan (that will be skipped) to start GO" to actually not
skip the scan and end up stuck waiting for something external to trigger
a scan before the GO could be started. Fix this by clearing
wpa_s->scan_req when deciding to start the GO.

This issue could be hit at least by first enabling autoscan and then
issuing P2P_GROUP_ADD. Other sequences that set wpa_s->scan_req to
MANUAL_SCAN_REQ without going through wpa_supplicant_scan() to clear it
immediately could also have similar effect (and there is even a small
window for the wpa_supplicant_scan() call to happen only after the
P2P_GROUP_ADD command is processed, so this could potentially have
happened even with SCAN + P2P_GROUP_ADD).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-15 16:56:49 +03:00
Rashmi Ramanna
28fa4eb2b2 P2P: Fix scan optimization for GO during persistent group invocation
Commit 41d5ce9e0b was intended to scan for
GO on the negotiated channel for few iterations, but it did not work
correctly due to incorrect operator being used. Fix this by requiring
both conditions to be met for the single channel scan.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-13 15:49:06 +03:00
Edhar, Mahesh Kumar
7b42862ac8 P2P: Validate GO operating channel on channel list changes
On receiving CHANNEL_LIST_CHANGED event from driver, verify that local
GO (if any) is operating in valid frequency. If not, we should remove
the group and reform on valid frequency. Indicate this similarly to the
avoid-frequency notification (i.e., a control interface message for
upper layers to react to this for now; potentially CSA later).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-12 19:43:59 +03:00
Alexandru Costache
fb2ac53df1 Remove leftover timeouts on cleanup
Signed-off-by: Alexandru Costache <alexandru.costache.100@gmail.com>
2014-05-12 19:43:59 +03:00
Dmitry Shmidt
1c330a2fdc Add 'dup_network <id_s> <id_d> <name>' command
This command allows to copy network variable from one network to
another, e.g., to clone the psk field without having to extract it from
wpa_supplicant.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-05-12 19:43:56 +03:00
Hannu Mallat
316f92cd33 dbus: Reorder deauthentication and cleanup calls when removing a network
Valgrind indicates reference to already freed memory if function
wpa_config_remove_network() is called prior to calling
wpa_supplicant_deauthenticate(), and this can lead to a crash.
Inverting the call order fixes the problem.

Signed-off-by: Hannu Mallat <hannu.mallat@jollamobile.com>
2014-05-12 18:05:38 +03:00
Jouni Malinen
cfdb32e88f eapol_test: Check EAP-Key-Name
The new command line argument -e can be used to request the server to
send EAP-Key-Name in Access-Accept. If both the local EAP peer
implementation and server provide the EAP Session-Id, compare those
values and indicate in debug log whether a match was seen.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 21:22:37 +03:00
Jouni Malinen
270c9a43e6 Interworking: Allow FT to be used for connection
This extends Interworking network selection to enable FT-EAP as an
optional key_mgmt value to allow FT to be used instead of hardcoding
WPA2-Enterprise without FT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 16:15:20 +03:00
Eduardo Abinader
81ed4991ae Remove duplicated ibss_rsn_deinit() call
No need to call ibss_rsn_deinit() again since it is already being called
by wpa_supplicant_mark_disassoc().

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-05-10 13:48:34 +03:00
Sunil Dutt
0f1034e388 P2P: Refrain from performing extended listen during P2P connection
Do not perform extended listen period operations when either a P2P
connection is in progress. This makes the connection more robust should
an extended listen timer trigger during such an operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
dd10abccc8 MACsec: wpa_supplicant integration
Add MACsec to the wpa_supplicant build system and configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
7baec808ef MACsec: Add driver_ops
This defines new driver_ops to be used with MACsec.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Hu Wang
0836c04b30 MACsec: Allow EAPOL version 3 to be configured
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Jouni Malinen
2cebdee66d Fix MinGW build
No need to use ENOBUFS within core wpa_supplicant, so just replace it
with -1 to work arounds MinGW build issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 18:59:12 +03:00
Eliad Peller
e4fa8b120b wpa_supplicant: Add Wake-on-WLAN configuration support
Add a new wowlan_triggers option to wpa_supplicant.conf. The triggers in
this key will be used to configure the kernel wowlan configuration.

For now, support only simple flags. More complex triggers can be added
later on.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-04-29 18:59:12 +03:00
Dmitry Shmidt
959214b260 Android: Use extended P2P functionality (ANDROID_P2P) for all vendors
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-04-29 18:59:12 +03:00
Sreenath Sharma
fa258a3df6 HS 2.0 R2: Fix writing of domain_suffix_match cred parameter
This was supposed to end with a newline character so that parameters are
aligned in configuration file.

Signed-off-by: Sreenath Sharma <sreenats@broadcom.com>
2014-04-29 17:25:19 +03:00
Jouni Malinen
0bceb8d6f4 Make dl_list_first() and dl_list_last() uses easier for static analyzers
The previous check for dl_list_len() or having an entry from the list is
sufficient, but some static analyzers cannot figure out that
dl_list_first() and dl_list_last() will return non-NULL in this type of
cases. Avoid invalid reports by explicitly checking for NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
ece88f7697 Make last_scan_res update easier for static analyzers
The check based on last_scan_res_used is sufficient for making sure that
last_scan_res is allocated. However, it is a bit too complex for static
analyzers to notice, so add an explicit check to avoid bogus reports.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:10 +03:00
Jouni Malinen
b7a6702fd4 Indicate disconnection event on interface disabled
It is possible for the disconnection event from the driver to not get
delivered when interface is disabled. To maintain consistent ctrl_iface
event behavior, indicate CTRL-EVENT-DISCONNECTED in such a case if we
were in connected state.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-28 16:54:09 +03:00
Jouni Malinen
b89962b4b9 Fix wpa_config_read() with existing config block
If two config files are merged together, the ssid and cred blocks may
not have been processed correctly since the tail pointers were not
updated to the last entry from the first configuration file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-28 16:54:09 +03:00
Ilan Peer
d0df643735 wpa_supplicant: Call frequency conflict handling during auth
Previously, the frequency conflict was handled only during the
association flow. However, some drivers, e.g., mac80211 based
drivers, will fail an authentication request in case that there
are no available channels for use (as they might be used by
other interfaces), and thus the frequency conflict resolution
is never called.

Fix this by calling frequency conflict resolution during
authentication (SME-in-wpa_supplicant) as well.

In addition, get the shared radio frequency from the wpa_s context in
both the SME-in-driver and SME-in-wpa_supplicant cases and not from the
driver.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-04-24 12:15:32 +03:00
Luciano Coelho
0cf24fdaed scan: Reset normal scan counter when a connection succeeds
The normal scan counter is used to trigger a few normal scans before a
scheduled scan is issued. The reason for doing this is that we get
results faster and some drivers support more SSIDs per normal scan
than during sched scan. After 2 normal scans, we start using
sched_scan. But the problem is that when a connection succeeds, we do
not reset this counter, so we will keep using sched scans.

To fix this, now we reset the counter when we switch to WPA_COMPLETED
state.

Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
2014-04-24 12:15:32 +03:00
Greg Hackmann
9176ec066e Android: Disable unused parameter warnings
This avoids large number of undesired compiler warnings since Android
build system is added -Wextra.

Signed-off-by: Greg Hackmann <ghackmann@google.com>
2014-04-24 12:15:32 +03:00
Naresh Jayaram
13f6a07efc Add SIM identifier to the network profile and cred block
This allows the specific SIM to be identified for authentication
purposes in multi-SIM devices. This SIM number represents the index of
the SIM slot. This SIM number shall be used for the authentication using
the respective SIM for the Wi-Fi connection to the corresponding
network.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-24 12:15:32 +03:00
Jouni Malinen
d41cc8ccf6 Allow HT 40 MHz intolerant flag to be set for association
This extends HT overrides to allow HT 40 MHz intolerant flag to be set
with ht40_intolerant=1.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-17 17:11:17 +03:00
Jouni Malinen
f777fd127f Fix writing of provisioning_sp cred parameter
This was supposed to be within quotation marks in the configuration
file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-16 01:41:38 +03:00
Jouni Malinen
a7ca6dac44 Fix P2P redirection of global ctrl_iface SET command
The previous version prevented all use of wpas_global_ctrl_iface_set().
That's not desirable since there may be more global parameters added in
the future. Instead, try to use the global version first and redirect to
P2P interface only if the global version returns an error.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-15 13:27:23 +03:00
Jouni Malinen
d6b818efe5 Remove SAVE_CONFIG redirect from global control interface
The P2P redirection for SAVE_CONFIG issued on the global control
interface was preventing wpas_global_ctrl_iface_save_config() from being
reached. The global version of SAVE_CONFIG was supposed to try to save
configuration files for all interface rather than just the P2P
management interface, so fix this by removing the unneeded and undesired
redirection.

Modify the global SAVE_CONFIG handler to return FAIL if no configuration
files were saved. This makes the behavior match with the per-interface
SAVE_CONFIG.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-15 13:26:48 +03:00
Jouni Malinen
128cc37558 eap_proxy: Use unique Makefile names for Android and non-Android
Rename the eap_proxy_*.mk file to eap_proxy_*.mak for non-Android builds
so that the same eap_proxy implementation can be more easily included in
the same directory for both cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-15 13:02:25 +03:00
Jouni Malinen
e83e15ee77 P2P: Fix interface remove to terminate all P2P groups
Previously, it was possible to remove the main interface and leave
behind dynamic P2P group interfaces. This would eventually result in
references freed memory, so it is not really suitable behavior. Instesd,
remove all the dynamic P2P group interfaces that were created through an
interface that is now removed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-15 00:20:17 +03:00
quiche@chromium.org
e9b32dae1a Propagate scan failures over D-Bus
If we receive a scan request via D-Bus and wpa_supplicant_scan_trigger
fails, return the failure to the caller over D-Bus.

Signed-hostap: mukesh agrawal <quiche@chromium.org>
2014-04-13 23:43:04 +03:00
Jouni Malinen
142817b2f9 Add a wpa_supplicant ctrl_iface event for regdom changes
CTRL-EVENT-REGDOM-CHANGE event provides an external notification of
regulatory domain (and any driver channel list) changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 16:32:38 +03:00
Jouni Malinen
150fd0b2b5 WPS: Split eapol_cb reconnect to a separate code path
Use eloop timeout to run the reconnect command after eapol_cb has
returned. This reduces stack use and can simplify the driver
command/event sequence by allowing the disconnection events from the
provisioning step to be processed before starting the actual data
connection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 11:47:03 +03:00
Jouni Malinen
ded4f944df WPS: Close p2p_group and temporary parameters to all network blocks
If a P2P GO issues multiple credentials for some reason, clone the
p2p_group and temporary parameters to all those based on the initial
network block that gets used for the first credential.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 11:44:57 +03:00
Jouni Malinen
e74dd0e55b Add forgotten ampdu_factor into wpa_supplicant.conf
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:53 +03:00
Jouni Malinen
759ff2f075 Re-enable use of wildcard SSID with passphrase
This used to work, but it looks like the disabled-PSK-network check
ended up rejecting confiurations that configured a wildcard SSID with a
passphrase (instead of PSK).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:53 +03:00
Jouni Malinen
023b466da4 Fix a debug print to have a space between words
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:52 +03:00
Jouni Malinen
0cd860284c Add CTRL-EVENT-SIGNAL-CHANGE for bgscan signal update events
This allows external programs to monitor driver signal change events
through wpa_supplicant when bgscan is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:52 +03:00
Jouni Malinen
bd8838a387 Fix ctrl_iface BLACKLIST return value
Adding a new entry was returning FAIL on success due to incorrect
assumption of wpa_blacklist_add() returning 0 on success (it returns the
positive blacklist count).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:51 +03:00
Andres Morales
f3ff948753 P2P: Add NFC_HANDOVER commands to p2p_redir list
These commands can be executed on the P2P interface thus should be
redirected to it when issued to the global control interface.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-04-11 19:22:00 +03:00
Fionn Cleary
481e66b1f8 Fix reassociate dbus method
- Reassociate was only working when there was already a connect in
  place, which is not how the REASSOCIATE command from the ctrl
  interface works.

Signed-off-by: Fionn Cleary <fionn.cleary@streamunlimited.com>
2014-04-11 19:22:00 +03:00
Daichi Ueura
2150c33337 wpa_cli: Fix wrong comparison in wpa_cli_cmd_interface
Signed-off-by: Daichi Ueura <daichi.ueura@gmail.com>
2014-04-11 19:22:00 +03:00
Sunil Dutt
8235f89f3f P2P: Mark the scan in p2p_in_invitation as p2p_probe
Mark the scan performed by the P2P Client in search of the GO
during the persistant reinvocation as a p2p_probe to avoid
unnecessary use of 802.11b rates.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-10 19:54:36 +03:00
Amarnath Hullur Subramanyam
38ce8e2709 Android: Add qca-vendor.h to be exported
Add qca-vendor.h along with wpa_ctrl.h to be exported to
common staged location.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-10 16:34:23 +03:00
Jouni Malinen
897a5ccee8 WNM: Remove unnecessary present flag
The structures are all allocated, so the pointer can be compared to NULL
to determine whether the subelement was present.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:34:17 +03:00
Jouni Malinen
f6ce70dc0d WNM: Fix neighbor report subelement formats
Number of of subelements were using incorrect format definition.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:32:28 +03:00
Jouni Malinen
e9cb7b9275 WNM: Fix neighbor report subelement parser to not leak memory
If a subelement is unexpectedly included multiple times, the parser must
not re-allocate memory for the entry without first freeing the old
allocation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:20:24 +03:00
Jouni Malinen
1aa6f953bb WNM: Fix neighbor report subelement parser
Only the Neighbor Report element should be included here, so verify that
the element id matches. In addition, verify that each subelement has
valid length before using the data.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:01:55 +03:00
Jouni Malinen
f8b10c1770 Fix CONFIG_AP=y build without CONFIG_P2P=y
Commit ca9bc5b566 used P2P functionality
from ap.c without proper ifdef CONFIG_P2P.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 13:40:58 +03:00
Jouni Malinen
f05cee9714 P2P: Clear p2p_in_invitation on cancel
Commit 41d5ce9e0b added scan optimizations
for P2P invitation cases. However, it left a path where the invitation
state was not cleared and as such, introduced potential issues for
following scans that ended up getting incorrectly optimized for a single
channel regardless of parameters. Fix this by clearing p2p_in_invitation
more carefully, especially on p2p_cancel command.

p2p_cancel is now also run from the FLUSH command to avoid issues with
hwsim test cases (e.g., persistent_group_per_sta_psk followed by
ap_open_tdls resulted in an error due to p2p_in_invitation remaining set
after FLUSH).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 13:40:58 +03:00
Jouni Malinen
ec331d09a2 WNM: Fix deinit path to clean neighbor report count
wnm_deallocate_memory() left wnm_num_neighbor_report set while freeing
the allocated buffer of neighbor reports. If this function was called
twice in a row without having went through new neighbor report parsing,
invalid pointers could have been freed resulted in segfault.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 13:40:45 +03:00
Jouni Malinen
679f2e7c5f WPS NFC: Remove NFC_RX_HANDOVER_SEL
The newer NFC_REPORT_HANDOVER command is more general version that
handles the cases where NFC_RX_HANDOVER_SEL could potentially have been
used. In addition, with the new WPS NFC design, it is important to
receive the handover request message that was used in the handover in
addition to the select message, so the NFC_RX_HANDOVER_SEL command on
its own would not be sufficient for this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:56:04 +03:00
Jouni Malinen
dc39004318 WPS: Remove unused WEP related functionality
Now that WPS 2.0 support is enabled unconditionally, WEP and Shared auth
type are not allowed. This made some of the older code unused and that
can now be removed to clean up the implementation. There is still one
place where WEP is allowed for testing purposes: wpa_supplicant as
Registrar trying to configure an AP to use WEP. That is now only allowed
in CONFIG_TESTING_OPTIONS=y builds, though.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 12:31:45 +03:00
Jouni Malinen
9ff4de6de4 Move DROP_SA command to be within ifdef CONFIG_TESTING_OPTIONS
This is a test command and has no use in production builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 23:59:31 +03:00
Jouni Malinen
9a147ba18d WNM: Fix regression in Sleep Mode exit key data parsing
Commit dbfb8e82ff changed the Action frame
RX payload pointer design to point to a different field. WNM Sleep Mode
Response handler updated one of the uses to accommodate this change, but
that commit missed another use for key data length. This resulted in GTK
and IGTK being ignored in many cases when waking up from WNM Sleep Mode
with PMF enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 20:42:13 +03:00
Dmitry Shmidt
204c9ac4ee Extend select_network command with freq= to reduce scan time
This allows a subset of channels to be specified for the scan used to
find the network when the SELECT_NETWORK ctrl_iface command is issued.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-04-04 23:07:17 +03:00
Jouni Malinen
75aea3e704 Interworking: Add writing of forgotten cred parameters into config file
req_conn_capab and required_roaming_consortium parameters were not
written into the cred block when requesting wpa_supplicant to write the
configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-04 22:57:15 +03:00
Jouni Malinen
c880ab87ee Interworking: Add GET_CRED ctrl_iface command
"GET_CRED <id> <field>" can now be used to fetch credential parameters
over the control interface. This does not allow passwords etc. private
material to be retrieved ("*" is returned for those if the value is set
regardless of the value). FAIL is returned if the requested parameter
has not been set. For cred parameters that can have multiple values,
newline separated list of values is returned.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-04 20:13:53 +03:00
Jouni Malinen
1619e9d512 Interworking: Add ctrl_iface events on cred block modifications
Following events are now sent to ctrl_iface monitors to indicate if
credential blocks have been added, modified, or removed:

CRED-ADDED <id>
CRED-MODIFIED <id> <field>
CRED-REMOVE <id>

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-04 19:10:47 +03:00
Pawel Kulakowski
39a5800f7c wpa_supplicant: Allow disabling LDPC
Allows user to disable LDPC coding.
This possibility is useful for testing purpose.

Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
2014-04-01 11:20:48 +03:00
Jean Trivelly
72300408d4 Interworking: Read IMSI if not read at supplicant start
It is required to read IMSI from SIM if it has not already been done
when comparing HS 2.0 AP 3GPP information with the local credentials.

Signed-off-by: Jean Trivelly <jean.trivelly@intel.com>
2014-03-31 23:44:59 +03:00
Jean Trivelly
62f736dd04 Interworking: Init scard when a credential requires SIM access
When an ANQP fetch is triggered and ANQP_3GPP_CELLULAR_NETWORK info is
required, initialize scard to be ready when comparing ANQP and
credentials.

Signed-off-by: Jean Trivelly <jean.trivelly@intel.com>
2014-03-31 23:35:08 +03:00
Jean Trivelly
729897a388 Interworking: Fix incorrect compile PCSC flag
CONFIG_PCSC is used instead of PCSC_FUNCS.

Signed-off-by: Jean Trivelly <jean.trivelly@intel.com>
2014-03-31 23:29:37 +03:00
Avraham Stern
ace0fbdb69 P2P: Fix segfault when PBC overlap is detected
If a separate P2P group interface is used, PBC overlap during group
formation causes the group interface to be removed, which ends up with
the interface context becoming invalid. Fix this by scheduling a timeout
to process the PBC overlap and interface removal instead of removing the
interface directly before the connection operation has returned.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2014-03-28 19:31:26 +02:00
Jouni Malinen
cf15b15cc1 Add writing of network block ocsp parameter
This was forgotten from the per-network ocsp parameter addition. The new
parameter needs to be stored to the configuration file similarly to the
other EAP parameters.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-28 16:56:41 +02:00
Ilan Peer
f1c4dbf5cd wpa_supplicant: Remove pending sme-connect radio work
If a new connection is attempted while there is a pending sme-connection
radio work, cancel the pending radio work and continue with the new
connection attempt. This is preferable over rejecting the new work and
continuing with the pending one, as it is possible that the previous
work is no longer valid.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-03-27 16:45:25 +02:00
Eliad Peller
4f560cdee3 wpa_supplicant: Override HT A-MPDU size if VHT A-MPDU was overridden
According to the standard, if the max A-MPDU VHT cap is <= 3, we
have to adjust the max A-MPDU HT cap to the same value. Otherwise
it should be set to 3.

Take care of it when the max VHT A-MPDU value is overridden.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-03-27 16:45:21 +02:00
Ilan Peer
782e2f785e P2P: Do not initiate scan on P2P Device when enabled
Do not start a scan on a P2P Device interface when processing an
interface enabled event.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-03-27 15:25:12 +02:00
Sunil Dutt
96ecea5eb1 Pass TDLS peer capability information in tdls_mgmt
While framing the TDLS Setup Confirmation frame, the driver needs to
know if the TDLS peer is VHT/HT/WMM capable and thus shall construct the
VHT/HT operation / WMM parameter elements accordingly. Supplicant
determines if the TDLS peer is VHT/HT/WMM capable based on the presence
of the respective IEs in the received TDLS Setup Response frame.

The host driver should not need to parse the received TDLS Response
frame and thus, should be able to rely on the supplicant to indicate
the capability of the peer through additional flags while transmitting
the TDLS Setup Confirmation frame through tdls_mgmt operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-27 15:18:48 +02:00
Dmitry Shmidt
cf28c66bcb HS 2.0: Extend ANQP_GET to accept Hotspot 2.0 subtypes
This allows a single ANQP query to be used to fetch both IEEE 802.11
defined ANQP elements and Hotspot 2.0 vendor specific elements.

ANQP_GET <addr> <info id>[,<info id>]...
[,hs20:<subtype>][...,hs20:<subtype>]

For example:
ANQP_GET 00:11:22:33:44:55:66 258,268,hs20:3,hs20:4

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-25 18:33:21 +02:00
Jouni Malinen
163f801ef2 nl80211: Indicate HS 2.0 OSEN AKM in connect/associate command
This allows drivers that build the WPA/RSN IEs internally to use similar
design for building the OSEN IE.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 18:33:21 +02:00
Jouni Malinen
c201f93a9e WPS: Enable WSC 2.0 support unconditionally
There is not much point in building devices with WPS 1.0 only supported
nowadays. As such, there is not sufficient justification for maintaining
extra complexity for the CONFIG_WPS2 build option either. Remove this by
enabling WSC 2.0 support unconditionally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 18:33:21 +02:00
Sunil Dutt Undekari
91364b7f10 P2P: Set a timeout for a persistent reinvoke on a P2P Client
Use P2P group formation timeout to wait for the 4-way handshake to
complete on a persistent reinvocation on a P2P Client.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 15:38:33 +02:00
Rashmi Ramanna
41d5ce9e0b P2P: Optimize scan for GO during persistent group invocation
Scan for GO on the negotiated operating channel for few iterations
before searching on all the supported channels during persistent group
reinvocation. In addition, use the already known SSID of the group in
the scans. These optimizations reduce group formation time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 15:38:33 +02:00
Jouni Malinen
31ded52e70 SME: Add more debug prints for OBSS scans and 20/40 MHz co-ex report
This makes it easier to debug wpa_supplicant behavior when reporting
20/40 MHz co-ex information based on OBSS scans.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-23 23:56:50 +02:00
Jouni Malinen
7f8eb34dee SME: Fix OBSS scan result processing for 20/40 MHz co-ex report
The 40 MHz intolerant bit needs to be checked before skipping the BSS
based on the channel already being in the lost (which could have
happened due to another BSS that does not indicate 40 MHz intolerant).
This fixed the 20/40 MHz co-ex report to indicate 20 MHz request
properly if there are both 40 MHz tolerant and intolerant BSSes on the
same channel.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-23 23:54:50 +02:00
Dmitry Shmidt
d3c9c35f32 Add freq= parameter to 'set pno' command
This allows channels-to-be-scanned to be specified for PNO similarly to
the scan command.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-21 23:56:46 +02:00
Tomasz Bursztyka
b998236543 dbus: Implement P2P Peers info IEs buffer getter
Since it declares providing such property, let's expose it relevantly.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:49:47 +02:00
Tomasz Bursztyka
c6f356f85b dbus: Export the peer's device address as a property
This could be useful in some cases.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:44:09 +02:00
Tomasz Bursztyka
442adfde3d dbus: Declare properly ServiceDiscoveryRequest method
It does return something: the reference of the request, as an integer,
which can be used then with ServiceDiscoveryCancelRequest to get
canceled.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:36:50 +02:00
Tomasz Bursztyka
890374118f dbus: Cancelling a service request always reply by an error
p2p_sd_cancel_request returns -1 in case of error, so does
wpas_p2p_sd_cancel_request.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:36:49 +02:00
Tomasz Bursztyka
13494c4478 dbus: Remove duplicate signal declaration
ServiceDiscoveryExternal is uselessly declared twice.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:36:49 +02:00
Eduardo Abinader
5eae87a7d6 P2P: Fix GO failed interface init
Whenever an ongoing GO Neg has failed, due to interface init, the P2P
Device should cancel timeouts and issue wpas_p2p_group_formation_failed,
so the other peer detects faster group formation has failed.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-03-21 23:26:16 +02:00
Andrei Otcheretianski
c46235aaf0 wpa_supplicant: Fix radio_remove_interface
Remove pending radio works when an interface is removed from a radio.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-03-21 22:21:37 +02:00
Dmitry Shmidt
2ce7e4fd74 Android: Enable CONFIG_EAP_AKA_PRIME option
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-21 22:21:26 +02:00
Prameela Rani Garnepudi
95bf699f76 Add get_radio_name() driver wrapper for wpa_supplicant
Signed-off-by: Prameela Rani Garnepudi <prameela.g@samsung.com>
2014-03-21 22:20:38 +02:00
Guoqiang Liu
d06ecab344 D-Bus: Make p2p_no_group_iface configurable
Some old device need to set p2p_no_group_iface=1 to set up a P2P
connection, so add a D-Bus interface to configure it.

Signed-off-by: Guoqiang Liu <guoqiang.liu@archermind.com>
2014-03-21 22:17:57 +02:00
Jouni Malinen
1120e45232 Allow config blobs to be set through ctrl_iface
"SET blob <name> <hexdump>" can now be used to set a configuration blob
through the wpa_supplicant control interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 23:51:37 +02:00
Jouni Malinen
6829da39e6 Fix external radio_work deinit path
The radio_work type was stored within the dynamically allocated
wpa_radio_work buffer and that buffer ended up getting freed before the
final use of the type string within radio_work_done(). This resulted in
freed memory being used for a debug print. Avoid this by freeing the
wpa_external_work instance after having completed radio_work_done() for
the related work.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:46 +02:00
Jouni Malinen
8dd9f9cdde Allow management group cipher to be configured
This allows hostapd to set a different management group cipher than the
previously hardcoded default BIP (AES-128-CMAC). The new configuration
file parameter group_mgmt_cipher can be set to BIP-GMAC-128,
BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in
IEEE Std 802.11ac-2013.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:45 +02:00
Manish Bansal
67d39cfb32 P2P: Do not create another group interface on NFC Token enable
If a group interface is present and the command was issued on the group
interface, enable the token for that interface instead of creating a new
one.

Signed-off-by: Manish <manish.bansal@broadcom.com>
2014-03-14 21:58:45 +02:00
Paul Stewart
6aa1cd4e06 wpa_supplicant: Apply VHT_OVERRIDES to wpas_start_assoc_cb()
A previous patch "Support VHT capability overrides" missed one
place where HT overrides were being applied and where it would
also be useful to apply VHT overrides.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2014-03-14 21:50:58 +02:00
Dmitry Shmidt
6e9375e4e1 TDLS: Add get_capability tdls command
Command returns info in format: UNSUPPORTED/INTERNAL/EXTERNAL

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-14 21:40:57 +02:00
Jouni Malinen
9a1a538fa5 wpa_supplicant AP: Allow PMF to be enabled with ieee80211w
The ieee80211w parameter was not previously copied to the hostapd BSS
structure from wpa_supplicant configuration, so PMF was practically
disabled. Allow it to be configured through the wpa_supplicant network
configuration block.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 18:22:25 +02:00
Jouni Malinen
daa70bdf68 Fix CONFIG_NO_SCAN_PROCESSING=y build
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 22:39:11 +02:00
Peter Qiu
0f44ec8eba Add a reattach command for fast reassociate-back-to-same-BSS
Add "reattach" command to perform single-channel single-ssid scan
instead of full scan when trying to reconnect to the currently
"connected" network (assuming old scan results are not current enough to
skip the scan completely). This allows the scan result to come back in
much faster time. In ath9k, the scan took around 12 seconds with full
background scan, and only 0.1 second with the single-channel single-ssid
scan. Thus, take much less time for the client to re-establish
connection with the currently "connected" network.

Signed-hostap: Peter Qiu <zqiu@chromium.org>
2014-03-11 19:38:01 +02:00
Ben Greear
5d0d72a3e5 wpa_supplicant: Put upper bound on initial scan time delay
This makes stations associate much faster when using lots of stations.
In addition, this avoids delaying the initial scan continuously for
dynamic interface removal/addition cases.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2014-03-11 19:23:17 +02:00
Alexander Bondar
5e3ddf4d23 PNO: Change sched_scan_stopped event to handle pending PNO properly
When a sched_scan_stopped event is received and there is a pending PNO,
it used regular scheduled scan parameters instead of PNO specific
parameters. Change it by calling wpas_start_pno().

Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-03-11 19:15:48 +02:00
Alexander Bondar
737e7a08b0 PNO: Move and rename pno_start()/pno_stop()
Move pno_start() and pno_stop() to scan.c as a more relevant location
and rename them to wpas_start_pno()/wpas_stop_pno().

Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-03-11 19:12:57 +02:00
Jouni Malinen
09eef142ea Use internal FIPS 186-2 PRF if needed
Previously, EAP-SIM/AKA/AKA' did not work with number of crypto
libraries (GnuTLS, CryptoAPI, NSS) since the required FIPS 186-2 PRF
function was not implemented. This resulted in somewhat confusing error
messages since the placeholder functions were silently returning an
error. Fix this by using the internal implementation of FIP 186-2 PRF
(including internal SHA-1 implementation) with crypto libraries that do
not implement this in case EAP-SIM/AKA/AKA' is included in the build.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-11 16:44:22 +02:00
Jouni Malinen
60b893dfb3 wpa_supplicant: Allow external management frame processing for testing
This enables more convenient protocol testing of AP and P2P
functionality in various error cases and unexpected sequences without
having to implement each test scenario within wpa_supplicant.
ext_mgmt_frame_handle parameter can be set to 1 to move all management
frame processing into an external program through control interface
events (MGMT-RX and MGMT-TX-STATUS) and command (MGMT_TX). This is
similar to the test interface that was added to hostapd previously, but
allows more control on offchannel operations and more direct integration
with the internal P2P module.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-08 20:21:21 +02:00
Ilan Peer
c16a7590cf wpa_supplicant: Add a configuration file for the P2P_DEVICE parameters
Add an option to specify a configuration file that can be used to hold
the P2P_DEVICE configuration parameters. If this option is not used, the
P2P_DEVICE configuration parameters will be read from interface
configuration file.

Note that it is advised to use this option in some cases such as:

If a P2P_DEVICE is supported by the driver, the wpa_supplicant creates a
dedicated P2P Device interface, where the configuration file used for
the main interface is used. As a consequence, if the configuration file
includes network definition etc., the wpa_supplicant will try to perform
station specific flows on the P2P Device interface which will fail.

If a P2P_DEVICE is supported by the driver and update_config is used,
the P2P Device configuration data will override the main interface
configuration data.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2014-03-07 00:11:04 +02:00
Jouni Malinen
8f05577d11 Configure beacon interval for IBSS command
wpa_supplicant already allowed beacon interval to be configured for AP
mode operations, but this was not passed to the driver for IBSS even
though the same parameter can used for that case. Add this for the
nl80211 driver interface to allow beacon interval to be controlled for
IBSS as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-06 23:09:20 +02:00
Moshe Benji
354c903f8e AP/GO interface teardown optimization
This commit adds an option to optimize AP teardown by leaving the
deletion of keys (including group keys) and stations to the driver.

This optimization option should be used if the driver supports stations
and keys removal when stopping an AP.

For example, the optimization option will always be used for cfg80211
drivers since cfg80211 shall always remove stations and keys when
stopping an AP (in order to support cases where the AP is disabled
without the knowledge of wpa_supplicant/hostapd).

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
2014-03-05 23:57:02 +02:00
Eliad Peller
3a94adbf42 P2P: Do not start scan for P2P Device interfaces at driver init
wpa_supplicant started delayed sched scan also on P2P Device interfaces,
resulting in erroneous scans and connection attempts. Skip that on
driver init when the interface is dedicated only for P2P management
purposes.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-03-04 22:34:00 +02:00
David Spinadel
aa10983004 P2P: Do not initialize bgscan on P2P interfaces
As a P2P group has a unique SSID and one security domain, it does
not make sense to enable background scanning for roaming purposes.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2014-03-04 22:32:24 +02:00
Alexander Bondar
54ac5aa271 config: Add bgscan option when saving global configuration
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
2014-03-04 22:27:39 +02:00
David Spinadel
268043d55f bgscan: Do not initialize bgscan if disabled by user
Do not initialize bgscan if the user explicitly set bgscan to an empty
string. Without this patch wpa_supplicant tries to initialize bgscan to
the first option if the string is empty.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2014-03-04 22:26:19 +02:00
Beni Lev
adef89480d nl80211: Add vendor command support
Add a callback to the driver interface that allows vendor specific
commands to be sent. In addition, a control interface command is added
to expose this new interface outside wpa_supplicant:

Vendor command's format:
VENDOR <vendor id> <sub command id> [<hex formatted data>]

The 3rd argument will be converted to binary data and then passed as
argument to the sub command.

This interface is driver independent, but for now, this is only
implemented for the nl80211 driver interface using the cfg80211 vendor
commands.

Signed-off-by: Beni Lev <beni.lev@intel.com>
2014-03-04 22:24:20 +02:00
Jouni Malinen
508e24c20b dbus: Clean up error reporting for TDLS peer address parsing
Passing a pointer to an error reply message is not very robust since
memory allocation could fail even for that error message. Instead, use a
separate error value as the return value from get_peer_hwaddr_helper()
and return a pointer to the error message through a pointer-to-pointer
so that the error case will always be clear.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
a7c37d92d2 dbus: Remove duplicated variable assignment
This gets rid of a static analyzer warning.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00