Commit graph

5727 commits

Author SHA1 Message Date
Jouni Malinen
bd6ec7f7ca Fix MAC ACL query freeing on deinit
hapd->acl_cache and hapd->acl_queries were not reset back to NULL in
hostapd_acl_deinit() when cached results and pending ACL queries were
freed. This left stale pointers to freed memory in hapd. While this was
normally followed by freeing of the hapd data, it is possible to re-use
that hapd when disabling and re-enabling an interface. That sequence
could result in use of freed memory if done while there were cached
results or pending ACL operations with a RADIUS server (especially, if
that server did not reply).

Fix this by setting hapd->acl_queries to NULL when the pending entries
are freed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-08 23:48:19 +02:00
Jouni Malinen
0d6dc6830c FILS: Clean up HLP resize check
The "!wpabuf_resize(...) == 0" condition does not make any sense. It
happens to work, but this is really supposed to simple check with
wpabuf_resize() returns non-zero and "wpabuf_resize(...)" is the
cleanest way of doing so.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 20:50:33 +02:00
Vamsi Krishna
8331c9b316 nl80211: Add support for mgmt_tx with random TA
This adds support for specifying a random TA for management frame
transmission commands and driver capability flags for indicating whether
this is supported in not-connected and connected states.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 19:35:34 +02:00
Jouni Malinen
14fa723a9c Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2017-01-13.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-07 18:55:35 +02:00
Jouni Malinen
65ab7eb1fa GAS: Fix OSU Providers List response with invalid configuration
If the OSU Providers configuration was invalid (included osu_server_uri
but not osu_method_list), it was possible for the GAS response
generation to hit a NULL dereference. Fix this by checking for the
invalid configuration before trying to fill in the OSU methods.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-07 17:47:58 +02:00
Günther Kelleter
4bb9b674c8 Add a log message when GTK rekeying failed
It can happen if the station is unreachable or sleeping longer than
the actual total GTK rekey timeout. To fix the latter case
wpa_group_update_count may be increased.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
2017-02-07 00:25:36 +02:00
Günther Kelleter
41f140d386 Add hostapd options wpa_group_update_count and wpa_pairwise_update_count
wpa_group_update_count and wpa_pairwise_update_count can now be used to
set the GTK and PTK rekey retry limits (dot11RSNAConfigGroupUpdateCount
and dot11RSNAConfigPairwiseUpdateCount). Defaults set to current
hardcoded value (4).

Some stations may suffer from frequent deauthentications due to GTK
rekey failures: EAPOL 1/2 frame is not answered during the total timeout
period of currently ~3.5 seconds. For example, a Galaxy S6 with Android
6.0.1 appears to go into power save mode for up to 5 seconds. Increasing
wpa_group_update_count to 6 fixed this issue.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
2017-02-07 00:25:36 +02:00
Badrish Adiga H R
e54691106b mka: Some bug fixes for MACsec in PSK mode
Issue:
------
The test setup has 2 peers running MACsec in PSK mode, Peer A with
MAC address higher than MAC Address of peer B. Test sequence is
1. Peer B starts with actor_priority 255
2. Peer A starts with priority 16, becomes key server.
3. Peer A stops..
4. Peer A restarts with priority 255, but because of the stale values
participant->is_key_server(=TRUE) and participant->is_elected(=TRUE)
it continues to remain as Key Server.
5. For peer B, key server election happens and since it has lower MAC
address as compared to MAC address of A, it becomes the key server.
Now we have 2 key servers in CA and is not correct.

Root-cause & fix:
-----------------
When number of live peers become 0, the flags such lrx, ltx, orx,
otx, etc. need to be cleared. In MACsec PSK mode, these stale values
create problems while re-establishing CA.

Signed-off-by: Badrish Adiga H R <badrish.adigahr@gmail.com>
2017-02-06 21:02:53 +02:00
Badrish Adiga H R
7faf403f9f mka: Fix an incorrect update of participant->to_use_sak
API ieee802_1x_mka_decode_dist_sak_body() wrongly puts
participant->to_use_sak to TRUE, if Distributed SAK Parameter Set of
length 0 is received. In MACsec PSK mode, this stale incorrect value can
create problems while re-establishing CA. In MACsec PSK mode, CA goes
down if interface goes down and ideally we should be able to
re-establish the CA once interface comes up.

Signed-off-by: Badrish Adiga H R <badrish.adigahr@gmail.com>
2017-02-06 20:37:58 +02:00
Eduardo Abinader
276e936548 hw_features: Clean center freq for falling back HT40 channels
Some channels fail to be set, when falling back to 20 MHz, due to
remaining VHT info of center freq. As we are going to 20 MHz, reset the
VHT center frequency segment information as well.

Signed-off-by: Eduardo Abinader <eduardoabinader@gmail.com>
2017-02-06 19:26:07 +02:00
Dedy Lansky
89fa633afb nl80211: Fix error while enabling AP mode with driver-SME
Following commit a70cd0db87 ('Don't
register for Beacon frames for IEEE 802.11ad AP'),
nl80211_get_wiphy_data_ap() is unconditionally called when starting AP.
This function tries to register for Beacon frames RX which fails for
some driver which don't support such registration and do not need it in
case the driver implements AP mode SME functionality.

Fix this by conditionally calling nl80211_get_wiphy_data_ap() like prior
to commit a70cd0db87.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2017-02-05 20:48:23 +02:00
Jouni Malinen
84bb12aa6d FILS: Fix send_assoc_resp() HLP extension to cover sta == NULL
Commit 91d91abf6f ('FILS: DHCP relay for
HLP requests') added steps that are conditional on sta->fils_hlp_resp
being non-NULL. One of these cases within send_assoc_resp() was properly
protected from sta == NULL error case (that is now possible after a
recent DMG change), but the first one was not. A DMG error case in a
CONFIG_FILS=y build could have hit a NULL pointer dereference here. Fix
this by verifying sta != NULL more consistently.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-05 16:40:15 +02:00
Jouni Malinen
275cc94280 FILS: Stop processing if fils_rmsk_to_pmk() fails
While the key derivation steps are not expected to fail, this was
already done on the AP side, so do the same in the STA side.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-05 14:38:07 +02:00
Jouni Malinen
caab23f192 Set EAPOL-Key Key Length field to 0 for group message 1/2 in RSN
P802.11i/D3.0 described the Key Length as having value 16 for the group
key handshake. However, this was changed to 0 in the published IEEE Std
802.11i-2004 amendment (and still remains 0 in the current standard IEEE
Std 802.11-2016). We need to maintain the non-zero value for WPA (v1)
cases, but the RSN case can be changed to 0 to be closer to the current
standard.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-05 13:52:43 +02:00
Jouni Malinen
b0fb2be77a Do not send GNonce in EAPOL-Key group message 1/2
While the IEEE Std 802.11-2016 is still indicating that GNonce would be
exchanged in EAPOL-Key messages (see, e.g., Figure 12-52 showing the
Send EAPOL-Key operation in the REKEYNEGOTIATING state or the sample
group key handshake in Figure 12-47), there are also examples of
describing this field as having value zero (e.g., 12.7.7.2 Group key
handshake message 1).

GNonce is used only with the Authenticator and the Supplicant does not
have any use for it, so it is better not to expose that internal value.
Hardcode the Key Nonce field to 0 in EAPOL-Key group message 1/2.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-05 13:39:57 +02:00
Jouni Malinen
3bbc470502 Fix EAPOL-Key Install bit in Group Key 1/2 with FT and FILS auth
sm->Pair needs to be initialized to TRUE since unicast cipher is
supported and this is an ESS. However, the normal place for setting this
(WPA_PTK::INITIALIZE) is skipped with using FT protocol or FILS
authentication, so need to do that separately when forcing PTKINITDONE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-05 13:28:42 +02:00
Jouni Malinen
db5e53cb06 mesh: Fix struct hostapd_data initialization
The local custom version of allocating and initializing struct
hostapd_data within wpa_supplicant_mesh_init() is problematic. This has
already missed couple of initialization steps that are required. Instead
of trying to remember to keep this up to date, use
hostapd_alloc_bss_data() so that there is only one place for this
initialization.

This is fixing a recent issue where FILS HLP started using
hapd->dhcp_server and expected that to be initialized to -1. For the
mesh case, that did not happen and when removing the interface, the FILS
HLP implementation ended up unregistering eloop socket for
hapd->dhcp_server (= 0). This could result in missing socket callbacks
for an arbitrary socket.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-04 22:17:54 +02:00
Jouni Malinen
4d6e79f867 Use defines in hostapd_set_freq_params()
Use the defines for vht_oper_chwidth values more consistently in
hostapd_set_freq_params() to make this more readable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-04 20:50:16 +02:00
Liu Li
0217b8d874 eloop: Fix comments mismatch eloop_event/timeout_handler definitions
Signed-off-by: Liu Li <lli_njupt@163.com>
2017-02-04 20:41:12 +02:00
Jouni Malinen
09a97eb27e Update the copyright notice years for QCA vendor definitions
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-04 17:05:30 +02:00
Sunil Dutt
841e9a8c73 QCA vendor command to set the trace levels for the specific QCA module
This commit introduces the vendor command to set the trace level
for the respective QCA host driver module.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-04 17:05:21 +02:00
Jouni Malinen
d77f330418 FILS: Fix AES-SIV AAD for (Re)Association Request frame decryption
The hostapd processing of the AES-SIV AAD was incorrect. The design for
the AAD changed between P802.11ai/D7.0 and D8.0 from a single vector
with concatenated data to separate vectors. The change in the
implementation had missed the change in the aes_siv_decrypt() call for
the num_elem parameter. This happened to work with the mac80211
implementation due to a similar error there.

Fix this by using the correct numbers of vectors in the SIV AAD so that
all the vectors get checked. The last vector was also 14 octets too long
due to incorrect starting pointer, so fix that as well. The changes here
are not backwards compatible, i.e., a similar fix in the Linux mac80211
is needed to make things interoperate again.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-04 13:09:52 +02:00
Jouni Malinen
7a6c3de23a ERP: Use macro for EMSKname length instead of hardcoded integer value
While RFC 5295 uses "8" as the value to use in the length field in KDF
context when deriving EMSKname, it is clearer to use the macro defining
EMSKname as the value since the KDF design in RFC 5295 encodes the
length of the derived data in octets in that part of the context data.
This change is just making the implementation easier to understand while
not actually changing the behavior.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-03 15:35:21 +02:00
Jouni Malinen
bb3ea71a23 ERP: Fix rIK derivation
Unlike the EMSKname and rRK derivations, rIK derivation is actually
using the "optional data" component in the context data (see RFC 5295).
RFC 6696 defines that optional data to be the cryptosuite field for rIK.
This was missing from the previous implementation and that resulted in
incorrect rIK being derived.

In addition, the rIK Label string does not actually include the "EAP "
prefix in the way as the rRK Label in RFC 6696 does. This would also
have resulted in incorrect rIK value.

Fix rIK derivation by adding the cryptosuite value into the KDF context
data and fixing the label string. This change is not backwards
compatible and breaks all ERP use cases (including FILS shared key
authentication) with older (broken) and new (fixed)
hostapd/wpa_supplicant builds.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-03 15:34:59 +02:00
Jouni Malinen
124ddfa19e FILS: Parse and report received FILS HLP Containers from response
The new FILS-HLP-RX control interface event is now used to report
received FILS HLP responses from (Re)Association Response frame as a
response to the HLP requests configured with FILS_HLP_REQ_ADD.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-01 18:17:39 +02:00
Jouni Malinen
91d91abf6f FILS: DHCP relay for HLP requests
The new dhcp_server configuration parameter can now be used to configure
hostapd to act as a DHCP relay for DHCPDISCOVER messages received as
FILS HLP requests. The dhcp_rapid_commit_proxy=1 parameter can be used
to configure hostapd to convert 4 message DHCP exchange into a 2 message
exchange in case the DHCP server does not support DHCP rapid commit
option.

The fils_hlp_wait_time parameter can be used to set the time hostapd
waits for an HLP response. This matches the dot11HLPWaitTime in IEEE Std
802.11ai-2016.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-01 18:17:39 +02:00
Jouni Malinen
54b04d6f39 FILS: Move HLP request handling into a separate file
This is independent functionality from the core IEEE 802.11 management
handling and will increase significantly in size, so it is cleaner to
maintain this in a separate source code file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-31 17:46:13 +02:00
Jouni Malinen
5a9d504938 ProxyARP: Use more robust DHCP option parsing
Do not depend on undefined behavior with pointer arithmetic when
checking whether there is sufficient room for an option.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-31 17:46:13 +02:00
Jouni Malinen
e64c13febb Move DHCP definitions into a common file
These can be reused for other purposes than just the DHCP snoofing for
Proxy ARP. In addition, use more complete definition of the parameters
based on the current IANA registry.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-31 17:46:11 +02:00
Kanchanapally, Vidyullatha
70407ee5c3 Add QCA vendor definitions for BSS transition status
Introduce definitions for QCA vendor specific subcommands and attributes
for fetching BSS transition status.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-30 22:31:46 +02:00
Dedy Lansky
53d171440f AP: Check ACL upon association request for 802.11ad
With device_ap_sme disabled, ACL was checked upon authentication
request. In 802.11ad there is no authentication phase so need to check
ACL upon association.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2017-01-30 22:22:40 +02:00
Daniel Kim
4cc61c3866 GAS: Set temporary session timeout bigger than gas_comeback_delay
Previously, the temporary STA session timeout was set to 5 seconds. If
gas_comeback_delay is configured to be longer than 5 seconds, GAS
Comeback Response frame can't include queried information as all pending
data has already been cleared due to session timeout. This commit
resolves the issue by setting session timeout to be larger than
gas_comeback_delay.

Signed-off-by: Daniel Kim <kimdan@qca.qualcomm.com>
2017-01-30 13:25:48 +02:00
Sunil Dutt
a9491695b3 QCA vendor command to set/get NUD statistics
This commit introduces QCA vendor commands and the corresponding
attributes to set/get NUD (Network Unreachability Detection) statistics.
The set NUD statistics configures the requisite parameters to the host
driver and thereby triggers the start/stop of collection of statistics.
The get stats fetches the statistics collected in the host driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-30 01:54:30 +02:00
Sunil Dutt
f593b6c11d nl80211: Do not reset vendor_scan_cookie after scan timeout
If vendor_scan_cookie is set to 0 after the scan_abort due to the scan
timeout ends in a cookie mismatch when processing the following
QCA_NL80211_VENDOR_SUBCMD_SCAN_DONE indication. This ends up considering
the scan results as being for an external scan and thus the current
ongoing scan is not removed from the radio_work. Hence, do not reset
this vendor_scan_cookie after the scan abort so that the scan completion
event gets processed properly and vendor_scan_cookie gets cleared at
that point.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-30 01:54:30 +02:00
Paul Stewart
6d08f23f0a OpenSSL/BoringSSL: Read certificate chain from client_cert on Android
If the keychain holds additional certificates other than the end
certificate, read them into the certificate chain.

Signed-off-by: Paul Stewart <pstew@google.com>
2017-01-30 01:54:30 +02:00
Wojciech Dubowik
cc3dae85bd hostapd: Add possibility to send debug messages to syslog
We can only send module specific messages to syslog and not debug
messages printed with wpa_printf. Add an extra command line parameter
'-s' to allow it. The feature is enabled with compile flag
CONFIG_DEBUG_SYSLOG as for wpa_supplicant and behaves in the same manner
as the wpa_supplicant -s command line argument.

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
2017-01-30 00:57:13 +02:00
Jouni Malinen
968dce9b13 FST: Silence compiler warning on WPA_ASSERT
This was triggering a sign-compare warning.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-29 18:45:29 +02:00
Jouni Malinen
17e20b1e2b FST: Remove a bogus WPA_ASSERT()
own_addr is not defined here, so no idea what this WPA_ASSERT() was
trying to check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-29 18:44:36 +02:00
Johannes Berg
cef8fac04b wpa_auth: Make struct wpa_auth_callbacks const
Instead of copying the struct wpa_auth_callbacks, just keep a pointer to
it, keep the context pointer separate, and let the user just provide a
static const structure. This reduces the attack surface of heap
overwrites, since the function pointers move elsewhere.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-01-29 18:41:26 +02:00
Johannes Berg
30eddf3529 Fix or supress various sparse warnings
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-01-29 18:33:10 +02:00
Masashi Honma
9eb5757a86 Define helper function set_disable_ht40()
This functionality can be used outside wpa_set_disable_ht40(), so move
the generic part to a helper function.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-01-29 18:04:21 +02:00
Masashi Honma
7813b7c34d nl80211: Fix a memory leak on deinit with HT enabled mesh
Commit a70cd0db87 ('nl80211: Don't
register for Beacon frames for IEEE 802.11ad AP') could cause a trailing
memory leak on IEEE 802.11n enabled mesh. This commit fixes the issue.

-----------------
ELOOP: remaining socket: sock=12 eloop_data=0xba8260 user_data=0xbb3d90 handler=0x4aeb90
WPA_TRACE: eloop unregistered socket handler: 0x4aeb90
     nl80211_recv_beacons() ../src/drivers/driver_nl80211.c:625
WPA_TRACE: eloop sock - START
[0]: ./hostap/wpa_supplicant/wpa_supplicant() [0x431f2a]
     eloop_sock_table_add_sock() ../src/utils/eloop.c:360
[1]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4b0e49]
     nl80211_register_eloop_read() ../src/drivers/driver_nl80211.c:153
[2]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4bacf0]
     dl_list_add() src/utils/list.h:30
     nl80211_get_wiphy_data_ap() ../src/drivers/driver_nl80211.c:728
     wpa_driver_nl80211_set_ap() ../src/drivers/driver_nl80211.c:3786
[3]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacon+0x150) [0x469700]
     ieee802_11_set_beacon() ../src/ap/beacon.c:1349
[4]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacons+0x45) [0x469805]
     ieee802_11_set_beacons() ../src/ap/beacon.c:1368
[5]: ./hostap/wpa_supplicant/wpa_supplicant() [0x437559]
     mesh_mpm_add_peer() mesh_mpm.c:688
[6]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_new_mesh_peer+0x42) [0x439182]
     wpa_mesh_new_mesh_peer() mesh_mpm.c:737
[7]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_notify_peer+0x80) [0x436460]
     wpa_mesh_notify_peer() mesh.c:347
[8]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_event+0xc7a) [0x4a69ba]
     wpa_supplicant_event() events.c:4312
[9]: ./hostap/wpa_supplicant/wpa_supplicant(process_global_event+0xaf0) [0x4c2d40]
     nl80211_new_peer_candidate() ../src/drivers/driver_nl80211_event.c:1247
     do_process_drv_event() ../src/drivers/driver_nl80211_event.c:2322
     process_global_event() ../src/drivers/driver_nl80211_event.c:2360
[10]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs_report+0x3dc) [0x7f937176873c]
[11]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs+0x9) [0x7f9371768ba9]
[12]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4aeb58]
     wpa_driver_nl80211_event_receive() ../src/drivers/driver_nl80211.c:1457
[13]: ./hostap/wpa_supplicant/wpa_supplicant() [0x43242e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:598
[14]: ./hostap/wpa_supplicant/wpa_supplicant(eloop_run+0x22e) [0x432e0e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:589
     eloop_run() ../src/utils/eloop.c:1219
[15]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_run+0x77) [0x49e327]
     wpa_supplicant_run() wpa_supplicant.c:5608
WPA_TRACE: eloop sock - END
MEMLEAK[0xba81b0]: len 72
WPA_TRACE: memleak - START
[0]: ./hostap/wpa_supplicant/wpa_supplicant(os_malloc+0x57) [0x430d67]
     os_malloc() ../src/utils/os_unix.c:690
[1]: ./hostap/wpa_supplicant/wpa_supplicant(os_zalloc+0xe) [0x430fce]
     os_zalloc() ../src/utils/os_unix.c:749
[2]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4babaa]
     nl80211_get_wiphy_data_ap() ../src/drivers/driver_nl80211.c:692
     wpa_driver_nl80211_set_ap() ../src/drivers/driver_nl80211.c:3786
[3]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacon+0x150) [0x469700]
     ieee802_11_set_beacon() ../src/ap/beacon.c:1349
[4]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacons+0x45) [0x469805]
     ieee802_11_set_beacons() ../src/ap/beacon.c:1368
[5]: ./hostap/wpa_supplicant/wpa_supplicant() [0x437559]
     mesh_mpm_add_peer() mesh_mpm.c:688
[6]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_new_mesh_peer+0x42) [0x439182]
     wpa_mesh_new_mesh_peer() mesh_mpm.c:737
[7]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_notify_peer+0x80) [0x436460]
     wpa_mesh_notify_peer() mesh.c:347
[8]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_event+0xc7a) [0x4a69ba]
     wpa_supplicant_event() events.c:4312
[9]: ./hostap/wpa_supplicant/wpa_supplicant(process_global_event+0xaf0) [0x4c2d40]
     nl80211_new_peer_candidate() ../src/drivers/driver_nl80211_event.c:1247
     do_process_drv_event() ../src/drivers/driver_nl80211_event.c:2322
     process_global_event() ../src/drivers/driver_nl80211_event.c:2360
[10]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs_report+0x3dc) [0x7f937176873c]
[11]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs+0x9) [0x7f9371768ba9]
[12]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4aeb58]
     wpa_driver_nl80211_event_receive() ../src/drivers/driver_nl80211.c:1457
[13]: ./hostap/wpa_supplicant/wpa_supplicant() [0x43242e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:598
[14]: ./hostap/wpa_supplicant/wpa_supplicant(eloop_run+0x22e) [0x432e0e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:589
     eloop_run() ../src/utils/eloop.c:1219
[15]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_run+0x77) [0x49e327]
     wpa_supplicant_run() wpa_supplicant.c:5608
WPA_TRACE: memleak - END
MEMLEAK: total 72 bytes
-----------------

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-01-29 17:55:10 +02:00
Jouni Malinen
5208160b4b FILS: Parse received FILS HLP requests
This adds parsing of received FILS HLP requests from (Re)Association
Request frames. The reassembled requests are verified to be in valid
format and are printed in debug output. However, actual processing or
forwarding of the packets is not yet implemented, i.e., the vendor
specific frame filtering logic is for now practically dropping all HLP
requests.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-29 14:32:17 +02:00
Jouni Malinen
5732b770f4 FILS: Allow FILS HLP requests to be added
The new wpa_supplicant control interface commands FILS_HLP_REQ_FLUSH and
FILS_HLP_REQ_ADD can now be used to request FILS HLP requests to be
added to the (Re)Association Request frame whenever FILS authentication
is used.

FILS_HLP_REQ_ADD parameters use the following format:
<destination MAC address> <hexdump of payload starting from ethertype>

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-29 14:32:17 +02:00
Jouni Malinen
a1aa2aebc2 Remove unused WLAN_CIPHER_SUITE_* definitions
This gets rid of an unnecessary duplication of the definitions since all
the code has now been moved to using the earlier RSN_CIPHER_SUITE_*
definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 14:05:44 +02:00
Jouni Malinen
a042e39acf nl80211: Use RSN_CIPHER_SUITE_* instead of WLAN_CIPHER_SUITE_*
This is a step towards getting rid of the unnecessary duplication of
definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 14:04:44 +02:00
Jouni Malinen
2373a31170 Define all RSN_CIPHER_SUITE_* values
This adds the cipher suite selector values for ciphers that are not
really used with RSN, but are needed to be able to replace
WLAN_CIPHER_SUITE_* definitions with RSN_CIPHER_SUITE_*.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 14:03:34 +02:00
Jouni Malinen
89ba101e14 Remove unused WLAN_AKM_SUITE_* definitions
This gets rid of an unnecessary duplication of the definitions since all
the code has now been moved to using the earlier RSN_AUTH_KEY_MGMT_*
definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 12:36:13 +02:00
Jouni Malinen
bf9f8a0525 Use RSN_AUTH_KEY_MGMT_* instead of WLAN_AKM_SUITE_* for wpa_akm_to_suite()
This is a step towards getting rid of the unnecessary duplication of
definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 12:34:49 +02:00
Jouni Malinen
3aa24db953 nl80211: Use RSN_AUTH_KEY_MGMT_* instead of WLAN_AKM_SUITE_*
This is a step towards getting rid of the unnecessary duplication of
definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 12:27:48 +02:00