Add new attributes for supporting MBSSID multi groups notifications
to qca_wlan_vendor_attr_mbssid_tx_vdev_status
(QCA_NL80211_VENDOR_SUBCMD_MBSSID_TX_VDEV_STATUS).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
QCA_ROAM_REASON_USER_TRIGGER was wrongly documented as
QCA_ROAM_REASON_EXPLICIT_REQUEST, so correct it.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Enhance the P2P_GROUP_ADD command to support DFS channel with 80 and 160
MHz bandwidth to be used for autonomous GO when using offloaded DFS.
For example, 'P2P_GROUP_ADD freq=5500 max_oper_chwidth=80 ht40 vht'
- Previous behavior: AP fallback to channel 100 using 20 MHz with
"No VHT higher bandwidth support for the selected channel 100"
- Enhanced behavior: AP starts on channel 100 using 80 MHz with
"VHT center channel 106 for 80 or 80+80 MHz bandwidth"
This functionality is on top of the driver's capability to offload DFS,
which is advertized through WPA_DRIVER_FLAGS_DFS_OFFLOAD.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add QCA vendor interface support for configuring background scan related
parameters to the driver/firmware.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Commit 45c3e72952 ("Add frequency to operating class determination
for 5 GHz 100..140") extends ieee80211_freq_to_channel_ext() with
knowledge of the operating classes for the 5 GHz channels 100..140.
Per "Table E-4 - Global operating classes" in IEEE Std 802.11-2020, 5
GHz channel 144 also maps to same operating classes, so update hostapd
code to reflect the change.
This issue is found when OCV enabled and 4-way-handshake failed due
to client OCI includes op_class 0 for channel 144. This showed
up in following manner in the debug log:
WPA: OCI KDE in EAPOL-Key - hexdump(len=9): dd 07 00 0f ac 0d 00 90 00
Error interpreting OCI: unrecognized opclass/channel pair (0/144)
Signed-off-by: Hu Wang <huw@codeaurora.org>
Enable support for P2P connection in 6 GHz with the channel width of 40
MHz, 80 MHz, and 160 MHz. The flag max_oper_chwidth is used to configure
the maximum channel width for P2P connection in 6 GHz with the commands
P2P_CONNECT, P2P_INVITE, and P2P_GROUP_ADD.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Current definition of wpas_p2p_get_ht40_mode() determines secondary
offset in the 5 GHz band. Enhance the functionality of this function to
determine offset to support 6 GHz channels also.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Clone pmf and p2p_6ghz_disable configuration values when creating a new
P2P group interface. PMF is required in 6 GHz band operation.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Add a new attribute into qca_wlan_vendor_attr_ll_stats_results to
support getting interface time slicing duty cycle info.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Channel 100 is a valid channel to choose for 80 MHz operation. However,
it was converted to 5500 MHz, not 5550 MHz, for the 80 MHz case while
the conversion to other bandwidths was done correctly. In fact, there is
no channel assigned to this frequency 5550 MHz.
Fix this obvious typo to allow ACS to select channel 100 for 80 MHz
operation again.
Fixes: bef5eee4f7 ("Convert channel to frequency based selection for AP mode ACS")
Signed-off-by: David Bauer <mail@david-bauer.net>
Align the p2p_buf_add_pref_channel_list() prototype and definition in
p2p_build.c and p2p_i.h. Use unsigned int over u32 as it is actully
called with an unsigned int parameter.
This removes compilation warning on platform where u32 != unsigned int.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
IEEE Std 802.11ax-2021 added channel 177 into global operating class 125
and consequently channel 173 in global operating class 126 (HT40+) and
channel 177 in global operating class 127 (HT40-).
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Skip the test of HE PHY capability bit "Support for a 40 MHz and 80 MHz
channel width" when starting an AP with a 20 MHz channel on the 5 GHz
band.
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
Currently while selecting a preferred frequency when no preference is
known, p2p_no_go_freq is not considered for 5 GHz and 60 GHz channels.
This results in starting GO on the channels that are configured not to
allow the local device as GO.
Use wpas_p2p_supported_freq_go api to check if the p2p_no_go_freq
configuration before selecting the preferred frequency for GO.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
For some 6 GHz operating class like 134, there is a possibility where
the ch variable used for channel iterator overflows when it is
incremented. Fix this by updating the datatype of ch variable to
avoid integer overflow while incrementing.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Add a QCA vendor attribute to configure the driver/firmware the allowed
bands for roaming by userpace. This attribute is also used to get the
configured roam bands from the driver.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Using __del__ for any kind of cleanup is not a good idea
as it's not guaranteed to be called at any particular time,
it's only called whenever the next garbage collect cycle
kicks in.
Use a context manager instead, which basically removes the
need for the try/finally and fixes the reliance on __del__.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Use monitor interface to send_mlme only when the interface is configured
in AP mode. In multiple interface setup, one interface can be configured
in AP mode using monitor interface and another interface in station
mode. The station interface may also require sending the management
frames without using monitor interface, e.g., support external SAE
authentication to send Authentication frames without monitor interface.
This change allows sending management frames to the driver for a station
interface where the AP interface uses monitor interface.
Additionally, the monitor interface is only valid for AP mode
(nl80211_create_monitor_interface() is called in nl80211_setup_ap) so
interface type check ensures to use monitor interface only when required
by the specific interface.
Signed-off-by: Ajay Singh <ajay.kathat@microchip.com>
Signed-off-by: Peter Reen <peter.reen@microchip.com>
For the function hostapd_get_sta_tx_rx(), the name
hostapd_get_sta_info() is more appropriate as it is also responsible for
getting many other STA specific params like RSSI, inactive milliseconds
along with TX and RX bytes.
Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
When a Mesh interface is managed by wpa_supplicant, include the peer
link connected time (secs) in the output of "sta <addr>", "all_sta"
wpa_cli cmds for each peer. This will be helpful to find when the peer
link connection got established. The NL80211_STA_INFO_CONNECTED_TIME
netlink attribute data is used for this purpose if available.
$ wpa_cli -i mesh0 all_sta
02:00:00:00:02:00
flags=[ASSOC][WMM][HT]
aid=1
capability=0x0
listen_interval=0
supported_rates=82 84 8b 96 8c 12 98 24 b0 48 60 6c
timeout_next=NULLFUNC POLL
rx_packets=77
tx_packets=3
rx_bytes=8510
tx_bytes=284
inactive_msec=104
signal=-30
rx_rate_info=65 mcs 0
tx_rate_info=65 mcs 0
ht_mcs_bitmask=ffff0000000000000000
connected_time=24
ht_caps_info=0x103c
The connected_time field in the output of "hostapd_cli -i ap0 all_sta"
cmd is not affected and it will continue to show the connected time
maintained by hostapd for each STA.
Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
../src/ap/ieee802_11.c: In function ‘pasn_wd_handle_sae_commit’:
../src/ap/ieee802_11.c:2401:60: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short. len=%lu",
~~^
%u
buf_len);
~~~~~~~
../src/ap/ieee802_11.c: In function ‘pasn_wd_handle_sae_confirm’:
../src/ap/ieee802_11.c:2477:60: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short. len=%lu",
~~^
%u
buf_len);
~~~~~~~
../src/ap/ieee802_11.c: In function ‘pasn_wd_handle_fils’:
../src/ap/ieee802_11.c:2707:62: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
wpa_printf(MSG_DEBUG, "PASN: FILS: Buffer too short. len=%lu",
~~^
%u
buf_len);
~~~~~~~
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The number of nlctrl name resolution calls required to connect to a
WPA2-PSK AP is 12. And each nlctrl name resolution call spends 55 micro
seconds on a lower spec CPU like Intel Atom N270. Reduce the number of
nctrl name resolution calls from 12 to 1 by caching the results of nctrl
name resolution calls on int size memory to speed up the connection
process a little bit.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Try to parse the private_key blob as private key in PEM format encoded
PKCS#8. PEM format is already supported for private_key file and is now
also supported for private_key blob.
Signed-off-by: Wolfgang Steinwender <wsteinwender@pcs.com>
Generate an event on the control socket interface when a network is
added or removed. The event name CTRL-EVENT-NETWORK-<ADDED|REMOVED>
is followed by the network entry identifier. The event matches the
corresponding Network<Added|Removed> signal on the d-bus interface.
Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
The --conf option specifies a file containing a list of options
to configure the network used for running the test which will be
used in place of the defaults built into the script.
Signed-off-by: Nick Porter <nick@portercomputing.co.uk>
==19798==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110000663f8 at pc 0x55a2c485a232 bp 0x7ffeb42dcaf0 sp 0x7ffeb42dcae0
READ of size 8 at 0x6110000663f8 thread T0
Connect STA wlan0 to AP
#0 0x55a2c485a231 in ptksa_cache_add ../src/common/ptksa_cache.c:310
#1 0x55a2c4398045 in hostapd_store_ptksa ../src/ap/wpa_auth_glue.c:943
#2 0x55a2c4430980 in wpa_auth_store_ptksa ../src/ap/wpa_auth.c:232
#3 0x55a2c44578e1 in sm_WPA_PTK_PTKINITDONE_Enter ../src/ap/wpa_auth.c:3650
#4 0x55a2c44578e1 in sm_WPA_PTK_Step ../src/ap/wpa_auth.c:3798
#5 0x55a2c44578e1 in wpa_sm_step ../src/ap/wpa_auth.c:4437
#6 0x55a2c445d99d in wpa_receive ../src/ap/wpa_auth.c:1411
#7 0x55a2c43e7747 in ieee802_1x_receive ../src/ap/ieee802_1x.c:1118
#8 0x55a2c43bbf73 in hostapd_event_eapol_rx ../src/ap/drv_callbacks.c:1542
#9 0x55a2c43bbf73 in wpa_supplicant_event ../src/ap/drv_callbacks.c:1932
#10 0x55a2c466cb2d in drv_event_eapol_rx ../src/drivers/driver.h:6074
#11 0x55a2c466cb2d in nl80211_control_port_frame ../src/drivers/driver_nl80211_event.c:2822
#12 0x55a2c466cb2d in process_bss_event ../src/drivers/driver_nl80211_event.c:3194
#13 0x7feed9e90b9b in nl_cb_call ./include/netlink-private/netlink.h:145
#14 0x7feed9e90b9b in recvmsgs ./lib/nl.c:1006
#15 0x7feed9e90b9b in nl_recvmsgs_report ./lib/nl.c:1057
#16 0x7feed9e91058 in nl_recvmsgs ./lib/nl.c:1081
#17 0x55a2c45f2e8c in wpa_driver_nl80211_event_receive ../src/drivers/driver_nl80211.c:1782
#18 0x55a2c44b9afa in eloop_sock_table_dispatch ../src/utils/eloop.c:603
#19 0x55a2c44be122 in eloop_run ../src/utils/eloop.c:1228
#20 0x55a2c43360bf in hostapd_global_run /home/mbr/hostapd/hostapd/main.c:451
#21 0x55a2c43360bf in main /home/mbr/hostapd/hostapd/main.c:898
#22 0x7feed8ce20b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#23 0x55a2c432f3fd in _start (/home/mbr/hostapd/hostapd/hostapd+0x9f23fd)
0x6110000663f8 is located 184 bytes inside of 216-byte region [0x611000066340,0x611000066418)
freed by thread T0 here:
#0 0x7feeda1477cf in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
#1 0x55a2c44ce56b in os_free ../src/utils/os_unix.c:773
#2 0x55a2c451a986 in radius_msg_free ../src/radius/radius.c:137
#3 0x55a2c4527104 in radius_client_msg_free ../src/radius/radius_client.c:261
#4 0x55a2c452f53c in radius_client_list_add ../src/radius/radius_client.c:715
#5 0x55a2c452f53c in radius_client_send ../src/radius/radius_client.c:807
#6 0x55a2c453b24c in accounting_sta_report ../src/ap/accounting.c:352
#7 0x55a2c453d6e9 in accounting_sta_stop ../src/ap/accounting.c:384
#8 0x55a2c44190fd in ap_free_sta ../src/ap/sta_info.c:194
#9 0x55a2c4934530 in handle_deauth ../src/ap/ieee802_11.c:6035
#10 0x55a2c4934530 in ieee802_11_mgmt ../src/ap/ieee802_11.c:6399
#11 0x55a2c43bf114 in hostapd_mgmt_rx ../src/ap/drv_callbacks.c:1468
#12 0x55a2c43bf114 in wpa_supplicant_event ../src/ap/drv_callbacks.c:1912
#13 0x55a2c465faf7 in mlme_event_mgmt ../src/drivers/driver_nl80211_event.c:823
#14 0x55a2c4661774 in mlme_event ../src/drivers/driver_nl80211_event.c:1135
#15 0x55a2c466c43b in process_bss_event ../src/drivers/driver_nl80211_event.c:3177
#16 0x7feed9e90b9b in nl_cb_call ./include/netlink-private/netlink.h:145
#17 0x7feed9e90b9b in recvmsgs ./lib/nl.c:1006
#18 0x7feed9e90b9b in nl_recvmsgs_report ./lib/nl.c:1057
previously allocated by thread T0 here:
#0 0x7feeda147bc8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
#1 0x55a2c44cd387 in os_malloc ../src/utils/os_unix.c:715
#2 0x55a2c44ceb7f in os_zalloc ../src/utils/os_unix.c:779
#3 0x55a2c451a9f2 in radius_msg_new ../src/radius/radius.c:109
#4 0x55a2c4539a6e in accounting_msg ../src/ap/accounting.c:46
#5 0x55a2c453be15 in accounting_report_state ../src/ap/accounting.c:439
#6 0x55a2c453d91d in accounting_init ../src/ap/accounting.c:534
#7 0x55a2c4378952 in hostapd_setup_bss ../src/ap/hostapd.c:1333
#8 0x55a2c4382530 in hostapd_setup_interface_complete_sync ../src/ap/hostapd.c:2094
#9 0x55a2c4382815 in hostapd_setup_interface_complete ../src/ap/hostapd.c:2229
#10 0x55a2c4384100 in setup_interface2 ../src/ap/hostapd.c:1726
#11 0x55a2c4386b58 in setup_interface ../src/ap/hostapd.c:1628
#12 0x55a2c4386b58 in hostapd_setup_interface ../src/ap/hostapd.c:2318
#13 0x55a2c4387a57 in hostapd_enable_iface ../src/ap/hostapd.c:2730
#14 0x55a2c455d723 in hostapd_ctrl_iface_enable /home/mbr/hostapd/hostapd/ctrl_iface.c:1606
#15 0x55a2c455d723 in hostapd_ctrl_iface_receive_process /home/mbr/hostapd/hostapd/ctrl_iface.c:3607
#16 0x55a2c456821e in hostapd_ctrl_iface_receive /home/mbr/hostapd/hostapd/ctrl_iface.c:4018
#17 0x55a2c44b9afa in eloop_sock_table_dispatch ../src/utils/eloop.c:603
#18 0x55a2c44be122 in eloop_run ../src/utils/eloop.c:1228
#19 0x55a2c43360bf in hostapd_global_run /home/mbr/hostapd/hostapd/main.c:451
#20 0x55a2c43360bf in main /home/mbr/hostapd/hostapd/main.c:898
#21 0x7feed8ce20b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
SUMMARY: AddressSanitizer: heap-use-after-free ../src/common/ptksa_cache.c:310 in ptksa_cache_add
Shadow bytes around the buggy address:
0x0c2280004c20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2280004c30: 00 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280004c40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2280004c50: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa
0x0c2280004c60: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c2280004c70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]
0x0c2280004c80: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2280004c90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2280004ca0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
0x0c2280004cb0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c2280004cc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==19798==ABORTING
Fixes: a4e3691616 ("WPA: Add PTKSA cache implementation")
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
according to OpenSSL documentation [1], EVP_CIPHER_CTX_set_padding()
should be called after EVP_EncryptInit_ex(), EVP_DecryptInit_ex(), or
EVP_CipherInit_ex(). Not doing this causes EVP_CIPHER_CTX_set_padding()
to return false on OpenSSL-3.0.0, resulting in the impossibility to
connect in many scenarios. Fix this changing the order of function calls
where needed.
[1] https://www.openssl.org/docs/man1.1.1/man3/EVP_CIPHER_CTX_set_padding.html
Reported-by: Vladimir Benes <vbenes@redhat.com>
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
NetworkManager-CI detected systematic failures on test scenarios using
MSCHAPv2 when wpa_supplicant uses OpenSSL-3.0.0.
The 'test_module_tests.py' script also fails, and the following log is
shown:
1627404013.761569: generate_nt_response failed
1627404013.761582: ms_funcs: 1 error
It seems that either DES_set_key() or DES_ecb_encrypt() changed their
semantic, but it doesn't make sense to fix them since their use has been
deprecated. Converting des_encrypt() to avoid use of deprecated
functions proved to fix the problem, and removed a couple of build
warnings at the same time.
Reported-by: Vladimir Benes <vbenes@redhat.com>
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
Found using x86_64-cros-linux-gnu-clang (Chromium OS
12.0_pre416183_p20210305-r3 clang version 12.0.0):
radius_client.c:818:24: warning: cast to smaller integer ...
RadiusType msg_type = (RadiusType) sock_ctx;
Signed-off-by: Joshua Emele <jemele@chromium.org>
"SET disable_mscs_support 1" can be used to disable indication of MSCS
support in the Extended Capabilities element for testing purposes. This
is also disabling addition of the MSCS element even if valid
configuration parameters had been configured.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add support to receive and process SCS Response frames from the AP and
indicate the status to upper layers.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
"SET disable_scs_support 1" can be used to disable indication of SCS
support in the Extended Capabilities element for testing purposes.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add support to parse SCS control interface command and form the SCS
Request frame to be sent to SCS enabled AP.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Commit 0b8889d8e5 ("P2P: Do not stop Listen state if it is on
correct channel") added a optimization to use Listen state's
remain-on-channel to send out GO Negotiation response frame quickly.
But in Listen state, if GO Negotiation request frame is received before
the remain-on-channel started event from the driver, the above
optimization is not triggered. This showed up in following manner in the
debug log:
p2p0: Starting radio work 'p2p-listen'@0xb4000070ae22d420 after 0.000114 second wait
nl80211: Remain-on-channel cookie 0x100 for freq=2412 MHz duration=204
P2P: Received GO Negotiation Request from 6e:fa:a7:86:e5:e5(freq=2412)
P2P: GO Negotiation with 6e:fa:a7:86:e5:e5
P2P: Stopping find
P2P: Clear timeout (state=WAIT_PEER_CONNECT)
P2P: State WAIT_PEER_CONNECT -> IDLE
nl80211: Cancel remain-on-channel with cookie 0x100
p2p0: Radio work 'p2p-listen'@0xb4000070ae22d420 done in 0.074348 seconds
p2p0: radio_work_free('p2p-listen'@0xb4000070ae22d420): num_active_works --> 0
P2P: State IDLE -> GO_NEG
P2P: Sending GO Negotiation Response
Off-channel: Send action frame: freq=2412 dst=6e:fa:a7:86:e5:e5 src=da:3c:83:7d:70:2b bssid=da:3c:83:7d:70:2b len=196
nl80211: Remain-on-channel event (cancel=0 freq=2412 channel_type=0 duration=400 cookie=0x100 (match))
nl80211: Remain-on-channel event (cancel=1 freq=2412 channel_type=0 duration=0 cookie=0x100 (match))
P2P: GO Negotiation Response (failure) TX callback: success=0
Fix this by adding p2p->pending_listen_freq == freq condition for the
optimization so that the case where the remain-on-channel command has
already been issued to the driver, but the start event has not yet been
received, is covered as well.
Fixes: 0b8889d8e5 ("P2P: Do not stop Listen state if it is on correct channel")
Signed-off-by: Hu Wang <huw@codeaurora.org>
Add QCA new status vendor attribute
QCA_WLAN_VENDOR_TWT_STATUS_POWER_SAVE_EXIT_TERMINATE
to indicate the TWT session termination due to power save
exit request from userspace.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add the following vendor attribute to indicate the bandwidth to be used
for spectral scan operation:
- QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_BANDWIDTH
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>