The loop "if (i-- == 0) break" style construction works in practice fine
since the check against 0 is done before decrementation. However, this
hits an UBSan warning, so split that decrementation to happen as a
separate step after the check and break from the loop.
ctrl_iface.c:5086:9: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'size_t' (aka 'unsigned long')
Signed-off-by: Jouni Malinen <j@w1.fi>
The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a
backhaul STA through WPS. To enable this, the backhaul STA needs to add
a Multi-AP IE to the WFA vendor extension element in the WSC M1 message
that indicates it supports the Multi-AP backhaul STA role. The Registrar
(if it support Multi-AP onboarding) will respond to that with a WSC M8
message that also contains the Multi-AP IE, and that contains the
credentials for the backhaul SSID (which may be different from the SSID
on which WPS is performed).
Introduce a new parameter to wpas_wps_start_pbc() and allow it to be
set via control interface's new multi_ap=1 parameter of WPS_PBC call.
multi_ap_backhaul_sta is set to 1 in the automatically created SSID.
Thus, if the AP does not support Multi-AP, association will fail and
WPS will be terminated.
Only wps_pbc is supported.
This commit adds the multi_ap argument only to the control socket
interface, not to the D-Bus interface.
Since WPS associates with the fronthaul BSS instead of the backhaul BSS,
we should not drop association if the AP announces fronthaul-only BSS.
Still, we should only do that in the specific case of WPS. Therefore,
add a check to multi_ap_process_assoc_resp() to allow association with a
fronthaul-only BSS if and only if key_mgmt contains WPS.
Signed-off-by: Davina Lu <ylu@quantenna.com>
Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
This adds a wifi_generation=4/5/6 line to the STATUS output if the
driver reports (Re)Association Request frame and (Re)Association
Response frame information elements in the association or connection
event. Only the generations 4 (HT = 802.11n), 5 (VHT = 802.11ac), and 6
(HE = 802.11ax) are reported.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When setting scan with randomized MAC, check the requested scan type
against supported types, to ensure callers will not set an unsupported
type, since this can cause scan/connect failures later. It is better to
do this in wpas_mac_addr_rand_scan_set() instead of control interface
specific code to apply the constraint on all possible interfaces using
this setting.
Signed-off-by: Lior David <liord@codeaurora.org>
sme_event_unprot_disconnect() is only defined with CONFIG_IEEE80211W, so
the CONFIG_TESTING_OPTIONS command UNPROT_DEAUTH can be defined only
with builds that enable IEEE 802.11w support.
Signed-off-by: Lior David <liord@codeaurora.org>
An optional parameter "he" is added to p2p_connect, p2p_group_add, and
p2p_invite to enable 11ax HE support. The new p2p_go_he=1 configuration
parameter can be used to request this to be enabled by default.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The new ieee802_11_ext_capab() and wpa_bss_ext_capab() functions can be
used to check whether a specific extended capability bit is set instead
of having to implement bit parsing separately for each need.
Signed-off-by: Jouni Malinen <j@w1.fi>
These flags were used in SCAN_RESULTS command output, but not BSS. Make
these consistent by adding the flags to BSS as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
An AP might refuse to connect a STA if it has a low RSSI. In such case,
the AP informs the STA with the desired RSSI delta and a retry timeout.
Any subsequent association attempt with that AP (BSS) should be avoided,
unless the RSSI level improved by the desired delta or the timeout has
expired.
Defined in Wi-Fi Alliance Optimized Connectivity Experience technical
specification v1.0, section 3.14 (RSSI-based association rejection
information).
Signed-off-by: Beni Lev <beni.lev@intel.com>
Try to make sure the driver channel list state is synchronized with
wpa_supplicant whenever explicitly clearing state (e.g., between hwsim
test cases).
Signed-off-by: Jouni Malinen <j@w1.fi>
Provide information about SAE AKM support in "GET_CAPABILITY key_mgmt"
for completeness. The "GET_CAPABILITY auth_alg" case is already
providing information about SAE support through user space SME.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make this command more convenient to use by not requiring two space
characters between the command and the first parameter.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Indicate whether the driver advertises support for Multi-BSS STA
functionality with "GET_CAPABILITY multibss" (returns "MULTIBSS-STA" if
supported).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This new wpa_supplicant control interface command can be used to
simplify testing SA Query with OCV.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.
For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".
For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".
This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend wpa_supplicant to use a separate OSU_NAI information from OSU
Providers NAI List ANQP-element instead of the OSU_NAI information from
OSU Providers list ANQP-element when connecting to the shared BSS
(Single SSID) for OSU.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends wpa_supplicant Hotspot 2.0 ANQP routines to allow the
Operator Icon Metadata ANQP-element to be fetched with "ANQP_GET <bssid>
hs20:12". The result is available in the new hs20_operator_icon_metadata
entry in the "BSS <bssid>" output.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If any of the interfaces supports FILS (and similarly for FILS-SK-PFS),
include the "fils" (and "fils_sk_pfs") capability in D-Bus information.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
To retain configurator information across hostapd/wpa_supplicant
restart, private key need to be maintained to generate a valid pair of
authentication keys (connector, netaccess_key, csign) for new enrollees
in the network.
Add a DPP_CONFIGURATOR_GET_KEY control interface API through which the
private key of an existing configurator can be fetched.
Command format:
DPP_CONFIGURATOR_GET_KEY <configurator_id>
The output from this command can then be used with
"DPP_CONFIGURATOR_ADD key=<hexdump>" to create the same key again.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This header file pulls in an OpenSSL header file and as such, should not
be included without CONFIG_DPP=y to avoid bringing in an unnecessary
build dependency on OpenSSL header files.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new disable_fils parameter can be used to disable FILS functionality
in the driver. This is currently removing the FILS Capability bit in
Extended Capabilities and providing a callback to the driver wrappers.
driver_nl80211.c implements this using a QCA vendor specific command for
now.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add CONFIG_TESTING_OPTIONS ifdef protection to couple of forgotten DPP
test parameters in wpa_supplicant ctrl_iface.
Signed-off-by: Ashok Ponnaiah <aponnaia@qti.qualcomm.com>
This extends wpa_supplicant DPP implementation to retransmit DPP
Authentication Response frame every 10 seconds up to 5 times if the peer
does not reply with DPP Authentication Confirm frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, this command stopped listen operation immediately, but if
there was an ongoing authentication exchange, a new listen operation was
started. This is not really expected behavior, so stop the
authentication exchange first with this command to avoid restarting
listen operation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends wpa_supplicant to iterate over all available channels from
the intersection of what the peer indicates and the local device
supports when initiating DPP Authentication. In addition, retry DPP
Authentication Request frame up to five times if no response is
received.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit introduces the ACS functionality for the autonomous GO. The
optional parameter <freq> in p2p_group_add is enhanced to carry a value
"acs" with the intention to select the channels among any supported
band. freq = 2 / 5 carry the need to select the channels only in the
respective bands 2.4 / 5 GHz. This functionality is on top of the host
driver's capability to offload ACS, which is advertized through
WPA_DRIVER_FLAGS_ACS_OFFLOAD.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows wpa_supplicant dpp_config_obj_override,
dpp_discovery_override, and dpp_groups_override parameters to be cleared
by setting them to a zero-length value.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a generic mechanism for configuring the DPP implementation to behave
in particular different (mostly incorrect) ways for protocol testing
purposes. The new dpp_test parameter can be set to a non-zero integer to
indicate a specific behavior. This is only available in
CONFIG_TESTING_OPTIONS=y builds.
This commit include cases for an extra attribute being added after the
Wrapped Data attribute and Initiator/Responder capabilities having an
unexpected zero capability.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant RESEND_ASSOC command can be used to request the
last (Re)Association Request frame to be sent to the AP to test FT
protocol behavior.
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new wpa_supplicant "KEY_REQUEST <error=0/1> <pairwise=0/1>" command
can be used to request an EAPOL-Key Request frame to be sent to the AP.
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
This can be used to test replay protection. The "RESET_PN" command in
wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local
counters to zero for the last configured key. For hostapd, the address
parameter specifies which STA this operation is for or selects GTK
("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK").
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was originally added to allow the IEEE 802.11 protocol to be
tested, but there are no known fully functional implementations based on
this nor any known deployments of PeerKey functionality. Furthermore,
PeerKey design in the IEEE Std 802.11-2016 standard has already been
marked as obsolete for DLS and it is being considered for complete
removal in REVmd.
This implementation did not really work, so it could not have been used
in practice. For example, key configuration was using incorrect
algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in
mapping to an invalid WPA_ALG_* value for the actual driver operation.
As such, the derived key could not have been successfully set for the
link.
Since there are bugs in this implementation and there does not seem to
be any future for the PeerKey design with DLS (TDLS being the future for
DLS), the best approach is to simply delete all this code to simplify
the EAPOL-Key handling design and to get rid of any potential issues if
these code paths were accidentially reachable.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add support for using the OWE Transition Mode element to determine the
hidden SSID for an OWE BSS that is used in transition mode.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Update the default scan IEs when OCE is enabled/disabled to the
driver/firmware, so that the correct IEs will be sent out by the
driver/firmware in Probe Request frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new "SET sae_commit_override <hexdump>" control interface command
can be used to force wpa_supplicant to override SAE commit message
fields for testing purposes. This is included only in
CONFIG_TESTING_OPTIONS=y builds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Clear the get_pref_freq_list_override in p2p_ctrl_flush(). This fixes
the case when a dedicated P2P device interface is used.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add changes to control interface command get_capability to advertize
FILS capability, FILS AKMs suites, and FILS Authentication algorithms
based on the driver capabilities.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add support to scan for a specific BSSID through the wpa_supplicant
control interface.
Usage: wpa_cli scan bssid=ab:bc:cd🇩🇪ef:12
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The DPP Configurator can use this new command to generate its own signed
connector for the network that it manages.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows wpa_supplicant to be configured to act as the configurator
in the case where a peer device initiates DPP Authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This implements genric PKEX functionality in src/common/dpp.c and glue
code to use this in wpa_supplicant (i.e, hostapd DPP implementation does
not yet support PKEX).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds support for DPP Configuration Protocol using GAS. Full
generation and processing of the configuration object is not included in
this commit.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add wpa_supplicant control interface commands for parsing the bootstrap
info URI from a QR Code (get peer public key) and to generate a new
bootstrap info with private key for local use. The optional
key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to
specify the bootstrapping private key in OpenSSL ECPrivateKey DER
encoding format. This results in the local bootstrapping information
entry being created with the specified key instead of generating a new
random one.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Change in any network configuration at runtime will cause flush to
PMKSA cache. For most of the network parameters if there is no change
in value, PMKSA flush is not performed except 'bssid' and 'priority'.
Add 'bssid_hint' to exemption list of avoiding PMKSA flush on change.
This is needed to complete change in commit
43a356b268 ('Provide option to configure
BSSID hint for a network').
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add support to set ignore assoc disallow to the driver so that the
driver ignores assoc disallowed bit set by APs while connecting. This is
used by drivers that handle BSS selection and roaming internally.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
PMKSA_ADD and MESH_PMKSA_ADD command arguments include keying material,
so show it in debug log only if requested to do with the command line -K
argument.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a mechanism to configure the candidates for BTM query candidate list
manually. This can be used to verify AP behavior for various candidates
preferences.
usage:
wnm_bss_query <reason> [neighbor=<BSSID>,<BSSID information>,
<operating class>,<channel number>,
<PHY type>[,<hexdump of optional subelements>]]
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Previously, ANQP_GET required at least one IEEE 802.11 ANQP-element to
be requested. This is not really necessary, so allow a case where
num_ids == 0 as long as the request includes at least one Hotspot 2.0 or
MBO ANQP-element.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
MBO techspec v0.0_r27 changed the MBO ANQP-element format. The MBO
element in ANQP query should now include an MBO Query List element that
contains a list of MBO elements to query.
Add API to add the MBO Query List to an ANQP query.
Format:
ANQP_GET <addr> <info_id>[,<info_id>]...[,mbo:<subtype>...]
Example for querying neighbor report with MBO cellular data
connection preference:
ANQP_GET <bssid> 272,mbo:2
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This functionality was originally added in commit
204c9ac4ee ('Extend select_network command
with freq= to reduce scan time') re-using wpa_s->manual_scan_freqs and
MANUAL_SCAN_REQ. That got broken when commit
35d403096e ('Set NORMAL_SCAN_REQ on
SELECT_NETWORK/ENABLE_NETWORK') started overriding wpa_s->scan_req for
SELECT_NETWORK.
Fix this by adding a new scan frequency list specifically for
SELECT_NETWORK so that this does not need to depend on any specific
wpa_s->scan_req value.
Signed-off-by: Jouni Malinen <j@w1.fi>
The PMKSA_GET and PMKSA_ADD commands can now use an optional extra
parameter to fetch and add PMKSA cache entries with the FILS Cache
Identifier.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new "SET ric_ies <hexdump>" control interface command can now be
used to request wpa_supplicant to add the specified RIC elements into
Reassociation Request frame when using FT protocol. This is mainly for
testing purposes.
Signed-off-by: Jouni Malinen <j@w1.fi>
This new P2P_SET parameter uses <op_class>:<channel> format and is used
mainly for testing purposes to allow overriding the value of the GO
Negotiation Response frame Operating Channel attribute.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This can be used to override driver get_pref_freq_list() operation for
more convenient testing of preferred frequency list functionality.
Override string format:
<if_type1>:<freq1>,<freq2>,... <if_type2>:...
if_type: 0=STATION, 2=AP, 3=P2P_GO, 4=P2P_CLIENT, 8=TDLS, 9=IBSS
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add support to set sched scan relative RSSI parameters so that the
drivers can report BSSs after relative comparision with the current
connected BSS. This feature is applicable only when in connected mode.
The below commands can be used to configure relative RSSI parameters
SET relative_rssi <disable|rssi_value>
disable - to disable the feature
rssi_value - amount of relative RSSI in dB
SET relative_band_adjust <band:adjust_value>
band - "2G" or "5G" for 2.4 GHz or 5 GHz respectively
adjust_value - amount of RSSI to be adjusted in dB
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Relying on the group_capab from the P2P peer information can result in
improper information on whether the peer is currently operating as a GO.
However, there is a known implementation in Android that does this.
To reduce issues from this misuse in upper layer to try to determine
whether a specific peer is operationg a group, override the group_capab
value in P2P_PEER output with 0 if there are no BSS entries with the
peer P2P Device as a GO. This is not a perfect information since there
may not have been a recent scan on all channels, but this results in
less issues than trying to decide between new group formation and
joining an existing group based on stale or incorrect information.
Since no upper layer application is really supposed to use the
group_capab field value in P2P_PEER command, this change should not
cause any impact for properly design components and the possibility of
regressions is limited to cases that are already known to work
incorrectly in number of identifiable cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
To be more consistent with existing hwaddr_aton() and hexstr2bin()
callers, check the return values in this test command.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new wpa_supplicant control interface commands FILS_HLP_REQ_FLUSH and
FILS_HLP_REQ_ADD can now be used to request FILS HLP requests to be
added to the (Re)Association Request frame whenever FILS authentication
is used.
FILS_HLP_REQ_ADD parameters use the following format:
<destination MAC address> <hexdump of payload starting from ethertype>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These commnds are mesh version of PMKSA_GET/ADD commands. So the usage
and security risk is similar to them. Refer to
commit 3459381dd2 ('External persistent
storage for PMKSA cache entries') also.
The MESH_PMKSA_GET command requires peer MAC address or "any" as an
argument and outputs appropriate stored PMKSA cache. And the
MESH_PMKSA_ADD command receives an output of MESH_PMKSA_GET and re-store
the PMKSA cache into wpa_supplicant. By using re-stored PMKSA cache,
wpa_supplicant can skip commit message creation which can use
significant CPU resources.
The output of the MESH_PMKSA_GET command uses the following format:
<BSSID> <PMKID> <PMK> <expiration in seconds>
The example of MESH_PMKSA_ADD command is this.
MESH_PMKSA_ADD 02:00:00:00:03:00 231dc1c9fa2eed0354ea49e8ff2cc2dc cb0f6c9cab358a8146488566ca155421ab4f3ea4a6de2120050c149b797018fe 42930
MESH_PMKSA_ADD 02:00:00:00:04:00 d7e595916611640d3e4e8eac02909c3c eb414a33c74831275f25c2357b3c12e3d8bd2f2aab6cf781d6ade706be71321a 43180
This functionality is disabled by default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This control interface command can be used to inject scan results from
test scripts to make it easier to test various scan result processing
operations.
Signed-off-by: Jouni Malinen <j@w1.fi>
These parameters are global configuration parameters for wpa_supplicant
and the special control interface SET command handlers for them were
preventing the configuration update. Make this more consistent by
updating the configuration parameter as well since that is what all the
other SET <global config param> commands do.
Signed-off-by: Jouni Malinen <j@w1.fi>
non_pref_chan is a global configuration parameter for wpa_supplicant and
the special control interface SET command handler for it was preventing
the configuration update. Make this more consistent by updating the
configuration parameter as well since that is what all the other SET
<global config param> commands do.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was previously done for SCAN_RESULTS, but the BSS control interface
command did not show a similar flag. In addition, change "WPA2" to "RSN"
for mesh BSS to be consistent with the SCAN_RESULTS output.
Commit 638d945679 ('mesh: Show [MESH] flag
in scan results') did similar changes for SCAN_RESULTS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit extends the BSS commands to include "BSS CURRENT" as a way
to get the current BSS without having to walk the BSS list matching
against BSSID+SSID returned from the STATUS command.
This returns the BSS stored in wpa_s->current_bss.
Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
This makes both the Probe Response and Beacon frame IEs available to
upper layers if scan results include both IE sets. When the BSS command
mask includes WPA_BSS_MASK_BEACON_IE, a new beacon_ie=<hexdump> entry
will be included in output if the BSS entry has two separate sets of IEs
(ie=<hexdump> showing the Probe Response frame contents and
beacon_ie=<hexdump> the Beacon rame contents).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds new wpa_supplicant control interface commands PMKSA_GET and
PMKSA_ADD that can be used to store PMKSA cache entries in an external
persistent storage when terminating a wpa_supplicant process and then
restore those entries when starting a new process. The previously added
PMKSA-CACHE-ADDED/REMOVED events can be used to help in synchronizing
the external storage with the memory-only volatile storage within
wpa_supplicant.
"PMKSA_GET <network_id>" fetches all stored PMKSA cache entries bound to
a specific network profile. The network_id of the current profile is
available with the STATUS command (id=<network_id). In addition, the
network_id is included in the PMKSA-CACHE-ADDED/REMOVED events. The
output of the PMKSA_GET command uses the following format:
<BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds>
<akmp> <opportunistic>
For example:
02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30240 43200 1 0
02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30240 43200 1 0
The PMKSA_GET command uses the following format:
<network_id> <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration
in seconds> <akmp> <opportunistic>
(i.e., "PMKSA_ADD <network_id> " prefix followed by a line of PMKSA_GET
output data; however, the reauth_time and expiration values need to be
updated by decrementing them by number of seconds between the PMKSA_GET
and PMKSA_ADD commands)
For example:
PMKSA_ADD 0 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30140 43100 1 0
PMKSA_ADD 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30140 43100 1 0
This functionality is disabled be default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option. It should be
noted that this allows any process that has access to the wpa_supplicant
control interface to use PMKSA_ADD command to fetch keying material
(PMK), so this is for environments in which the control interface access
is restricted.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes wpa_supplicant behavior more consistent with FLUSH command to
clear all state. Previously, it was possible for an ongoing scan to be
aborted when the FLUSH command is issued and the scan results from that
aborted scan would still be processed and that would update the BSS
table which was supposed to cleared by the FLUSH command.
This could result in hwsim test case failures due to unexpected BSS
table entries being present after the FLUSH command.
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit adds a control interface command to configure the TDLS
trigger mode to the host driver. This TDLS mode is configured through
the "SET tdls_trigger_control" control interface command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
"GET_CAPABILITY fils" used to return "FILS" based on wpa_supplicant
configuration. This can be made more useful by checking both for
wpa_supplicant and driver support for FILS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This can be used to check whether the running wpa_supplicant version was
built with CONFIG_FILS=y.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to figure out why autoscan is not used even when
being configured through the control interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends ANQP_GET command to support querying MBO cellular
preference also. The cellular preference can be requested along with
neigbor report by appending mbo:1 to the command arguments.
For example:
ANQP_GET <bssid> 272,mbo:1
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>