Replace channel_switch_supported flag of the
wpa_driver_nl80211_data by WPA_DRIVER_FLAGS_AP_CSA inside
wpa_driver_capa.flags. It makes more sense and also can
be accessed by wpa_supplicant.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This is just like the same command in wpa_supplicant, i.e., "hostapd_cli
status driver" can be used to fetch information about the driver status
and capabilities.
Signed-hostap: Jouni Malinen <j@w1.fi>
PEAPv2 implementation was not fully completed and there does not seem to
be any deployments of PEAPv2 nor any clear sign of such showing up in
the future either. As such, there is not much point in maintaining this
implementation in hostapd/wpa_supplicant.
Signed-hostap: Jouni Malinen <j@w1.fi>
The standard fragment_size network parameter can now be used to
configure EAP-pwd fragmentation limit instead of always using the
hardcoded value of 1020.
Signed-hostap: Jouni Malinen <j@w1.fi>
The standard fragment_size network parameter can now be used to
configure EAP-IKEv2 fragmentation limit instead of always using the
hardcoded value of 1400.
Signed-hostap: Jouni Malinen <j@w1.fi>
Setting methodState = DONE for the case where GPSK-1 is found to be
invalid or incompatible allows EAP state machine to proceed to FAILURE
state instead of remaining stuck until AP times out the connection.
Signed-hostap: Jouni Malinen <j@w1.fi>
phase1 parameter 'cipher' can now be used to specify which algorithm
proposal is selected, e.g., with phase1="cipher=1" selecting AES-based
design and cipher=2 SHA256-based. This is mainly for testing purposes,
but can also be used to enforce stronger algorithms to be used.
Signed-hostap: Jouni Malinen <j@w1.fi>
One of the RFC 4137 state transitions (METHOD -> FAILURE) had been
forgotten and this could result in EAP peer method processing not
reporting failure immediately and instead, remain stuck waiting for the
connection to time out. Fix this by adding the methodState == DONE &&
decision == FAIL case to allow immediate reporting of failures.
The condition from RFC 4137 as-is would cause problems for number of the
existing EAP method implementations since they use that in places where
the final message before EAP-Failure should really be sent to the EAP
server (e.g., WSC_Done in EAP-WSC). Address this by includng eapRespData
== NULL as an additional constraint for entering FAILURE state directly
from METHOD.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit e2f5a9889a was supposed to prevent
new scan request from pushing out the old one. However, it did not
really do that since eloop_deplete_timeout() returned 0 both for the
case where the old timeout existed (and was sooner) and if the old
timeout did not exist. It returned 1 only for the case where an old
timeout did exist and was larger than the new requested value. That case
used to result in wpa_supplicant_req_scan() rescheduling the timeout,
but hew code in eloop_deplete_timeout() did the exact same thing and as
such, did not really change anything apart from the debug log message.
Extend the eloop_deplete_timeout() (and eloop_replenish_timeout() for
that matter since it is very similar) to return three different values
based on whether the timeout existed or not and if yes, whether it was
modified. This allows wpa_supplicant_req_scan() to schedule a new
timeout only in the case there was no old timeout.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
Avoid concurrent P2P scan requests with any other exclusive use of the
radio by using the radio work queuing mechanism. This removes some of
the earlier workarounds that postponed scans depending on other
operations.
Signed-hostap: Jouni Malinen <j@w1.fi>
If the port status did not change or would not need to get an update
after portEnabled changes, there is no need to try to set the driver to
use the same value it is already using based on the previous state.
Remove such calls to reduce number of operations during reassociation.
In addition, this cleans up the debug log by removing unnecessary
duplicated entries.
Signed-hostap: Jouni Malinen <j@w1.fi>
If the BSS table within wpa_supplicant is flushed, request the driver to
flush its own scan result table during the next scan. This can avoid
unexpected old BSS entries showing up after BSS_FLUSH or FLUSH command
in cases where the driver may maintain its internal cache of scan
results (e.g., cfg80211 BSS table persists at least for 15 seconds).
In addition to doing this automatically on BSS_FLUSH/FLUSH, a new SCAN
command argument, only_new=1, can be used to request a manual scan
request to do same. Though, it should be noted that this maintains the
BSS table within wpa_supplicant. BSS_FLUSH followed by SCAN command can
be used to clear all BSS entries from both the driver and
wpa_supplicant.
Signed-hostap: Jouni Malinen <j@w1.fi>
This debugging mechanism has now been deprecated by the control
interface commands that can be used to fetch same internal information
from hostapd in a more convenient way. Leave the empty USR1 signal
handler and configuration file parameter for backwards compatibility.
They can be removed in future versions of hostapd.
Signed-hostap: Jouni Malinen <j@w1.fi>
The per-STA/Supplicant state information from the EAPOL authenticator
is now available through "STA <MAC Address> eapol" command.
Signed-hostap: Jouni Malinen <j@w1.fi>
This adds TX/RX statistics and information about association into the
per-STA data that is available through the hostapd control interface. In
addition, information about the EAP method is now included with the IEEE
802.1X data.
Signed-hostap: Jouni Malinen <j@w1.fi>
These old driver wrappers have been removed quite some time ago, but
some of the build configuration notes were still describing how they
are configured.
Signed-hostap: Jouni Malinen <j@w1.fi>
Print into the debug log the list of vendor commands and events that the
driver supports. In addition, add a generic handler for vendor events.
This can be extended for each vendor/subcmd.
Signed-hostap: Jouni Malinen <j@w1.fi>
The P2P_PRESENCE_REQ command did not give any easily available
indication of the response received from the GO. Make this more useful
by providing such response (if received) as a ctrl_iface monitor event
(P2P-PRESENCE-RESPONSE).
Signed-hostap: Jouni Malinen <j@w1.fi>
intval is marked le16 and should be used through proper byte order
conversion functions even if it ended up getting set correctly due to
the two operations cancelling each other.
Signed-hostap: Jouni Malinen <j@w1.fi>
These were somewhat more hidden to avoid direct use, but there are now
numerous places where these are needed and more justification to make
the extern int declarations available from wpa_debug.h. In addition,
this avoids some warnings from sparse.
Signed-hostap: Jouni Malinen <j@w1.fi>
use_monitor=1 and force_connect_cmd=1 driver parameters can now be used
to force older monitor interface design and the connect API (SME in
driver) to increase hwsim testing coverage.
Signed-hostap: Jouni Malinen <j@w1.fi>
If Action frame registration in nl80211_mgmt_subscribe_non_ap() failed
for any frame type, the previous implementation skipped
nl80211_mgmt_handle_register_eloop() call. This is not desirable since
none of the Action frame types could be received and even worse, the
following nl80211_destroy_eloop_handle() call for nl_mgmt would likely
result in crashing the process due to the ELOOP_SOCKET_INVALID XOR
operation. This could be triggered at least in a P2P group interface
startup failure case.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, it was possible for bss_info_handler() to end up dropping a
newer scan result entry if there were two entries with the same BSSID
and SSID (i.e., only frequency was different) and we were not associated
with either. This could happen, e.g., in some P2P use cases where device
discovery may happen on different channels. Fix this by checking the age
of the scan entries as well to prefer the most recent response.
Signed-hostap: Jouni Malinen <j@w1.fi>
Most of the attributes to these commands are identical and there is no
need to maintain two copies of the same functionality.
Signed-hostap: Jouni Malinen <j@w1.fi>
WPA_CIPHER_* and CIPHER_* are used for the exact same set of cipher
suites with the main difference being that the WPA_CIPHER_* version is
suitable to be used as a bitfield. Similarly, WPA_KEY_MGMT_* and
KEY_MGMT_* have similar design for AKMs. There is no need to maintain
two separate copies of the definitions since the bitfield compatible
version can be used for both needs. Get rid of the CIPHER_* and
KEY_MGMT_* versions to clean up the implementation by getting rid of
unnecessary mapping functions.
Signed-hostap: Jouni Malinen <j@w1.fi>
NL80211_ATTR_CONTROL_PORT was previously set only for
NL80211_CMD_ASSOCIATE, but it should also be set when using
NL80211_CMD_COMMAND (driver-based SME) even though none of the current
non-mac80211 drivers use this.
Signed-hostap: Jouni Malinen <j@w1.fi>
The option of handling upper layer P2P management operations within the
driver/firmware was originally planned to be used with wpa_supplicant,
but this has not really happened and there is no clear sign of this
being needed in the near term either. This functionality has not been
completed and it is certainly not being kept up-to-date or tested. As
such, it is best to remove it for now and if this or something similar
is needed in the future, it can be brought back once a clear need for it
has been demonstrated first.
Signed-hostap: Jouni Malinen <j@w1.fi>
prime_len was added to the start pointer twice and because of this, the
actual y coordinate was not verified to be valid. This could also result
in reading beyond the buffer in some cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
phase1 parameters dhgroup, encr, prf, and mac can now be used to specify
which algorithm proposal is selected, e.g., with phase1="dhgroup=3
encr=1 prf=1 mac=1" selecting the mandatory-to-implement case. This is
mainly for testing purposes, but can also be used to enforce stronger
algorithms to be used.
Signed-hostap: Jouni Malinen <j@w1.fi>
These information elements are not really used anywhere in hostapd or
wpa_supplicant nor is there any plan to use them. As such, there is no
need to keep the code here either, so save couple of bytes here.
Signed-hostap: Jouni Malinen <j@w1.fi>
This driver event was used separately for some Action frames, but all
the driver wrappers converted to this from information that would have
been enough to indicate an EVENT_RX_MGMT event. In addition, the
received event was then converted back to a full IEEE 802.11 management
frame for processing in most cases. This is unnecessary complexity, so
get rid of the extra path and use EVENT_RX_MGMT for Action frames as
well as other management frame subtypes.
Signed-hostap: Jouni Malinen <j@w1.fi>
This can be used to silence compiler warnings in cases where #ifdef
blocks can leave some variables or functions unused and there is no
cleaner way of avoiding the warnings.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 88b32a99d3 added support for using
some Action frame processing in hostapd for drivers that handle most of
SME/MLME internally (it added FT, this has since be extended for SA
Query and WNM). However, this was added in a way that ended up getting
both the hostapd_rx_action() and hostapd_action_rx() called for Action
frames. This could result in an attempt to process FT, SA Query, and WNM
Action frames twice.
There is need for more significant cleanup in Action frame processing in
hostapd depending on the driver type, but as a simple step to avoid
issues, skip the hostapd_action_rx() call if hostapd_rx_action()
processed the frame.
Signed-hostap: Jouni Malinen <j@w1.fi>
