Commit graph

4012 commits

Author SHA1 Message Date
Jouni Malinen
db099951cb Print EAPOL-Key Replay Counter in Authenticator debug log
This makes it easier to debug issues relared to EAPOL-Key
retransmissions.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-21 15:35:19 +02:00
Jouni Malinen
066371ad52 Reserve QCA vendor specific nl80211 commands 53
These is reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-20 20:36:59 +02:00
Jouni Malinen
e503861f4d nl80211: Do not try to change STA capability on NL80211_CMD_SET_STATION
cfg80211 will reject any of these attributes regardless of whether the
values actually change or not when NL80211_CMD_SET_STATION is used for
something else than TDLS. This path is hit at least when setting up
mesh, so filter out the attributes from NL80211_CMD_SET_STATION to match
the rules in cfg80211.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-20 16:31:05 +02:00
Rashmi Ramanna
9d11832090 P2P: Do not change P2P state on GO Neg failure if it is P2P_SEARCH
Changing the P2P state to P2P_IDLE on GO Negotiation Failure would stop
the previously issued P2P_FIND operation without notifying the upper
layers. Leave the search operation running if in P2P_SEARCH state to
avoid unexpected behavior in case the upper layers issued a new P2P_FIND
while waiting for GO Negotiation to complete.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-19 16:59:03 +02:00
Kyeyoon Park
47261405d7 AP: Add support for multicast-to-unicast conversion for DGAF Disable
When DGAF Disable is on, perform multicast-to-unicast for DHCP packets
and Router Advertisement packets. This is a requirement for Hotspot 2.0.

Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-19 16:47:06 +02:00
Kyeyoon Park
bd00c4311c AP: Add Neighbor Discovery snooping mechanism for Proxy ARP
This commit establishes the infrastructure, and handles the Neighbor
Solicitation and Neighbor Advertisement frames. This will be extended
in the future to handle other frames.

Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-19 16:47:06 +02:00
Kyeyoon Park
5c58944d08 AP: Add multicast-to-unicast conversion send for "x_snoop"
Multicast-to-unicast conversion send will be needed in various part of
Proxy ARP and DGAF Disable.

Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-19 16:25:13 +02:00
Kyeyoon Park
ed4ddb6d77 AP: Extend the BSS bridge neighbor entry management to support IPv6
This allows adding/deleting an IPv6 neighbor entry to/from the bridge,
to which the BSS belongs. This commit adds the needed functionality in
driver_nl80211.c for the Linux bridge implementation. In theory, this
could be shared with multiple Linux driver interfaces, but for now, only
the main nl80211 interface is supported.

Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-19 16:23:38 +02:00
Kyeyoon Park
7e4d893978 l2_packet: Add support for NDISC packet filter in l2_packet_linux
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-19 16:15:26 +02:00
Kyeyoon Park
1d783762cf AP: Convert "dhcp_snoop" to use the generic "x_snoop"
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-19 16:14:15 +02:00
Kyeyoon Park
c127355cb8 AP: Add a generic "x_snoop" infrastructure for Proxy ARP
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-19 16:14:02 +02:00
Ilan Peer
38cb0a2db6 AP: Drop retransmitted auth/assoc/action frames
It is possible that a station device might miss an ACK for an
authentication, association, or action frame, and thus retransmit the
same frame although the frame is already being processed in the stack.
While the duplicated frame should really be dropped in the kernel or
firmware code where duplicate detection is implemented for data frames,
it is possible that pre-association cases are not fully addressed (which
is the case at least with mac80211 today) and the frame may be delivered
to upper layer stack.

In such a case, the local AP will process the retransmitted frame although
it has already handled the request, which might cause the station to get
confused and as a result disconnect from the AP, blacklist it, etc.

To avoid such a case, save the sequence control of the last processed
management frame and in case of retransmissions drop them.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-11-19 15:20:47 +02:00
Jouni Malinen
453553698c EAP-pwd: Remove unnecessary OpenSSL EVP_sha256() registration
This gets registered in tls_openssl.c from tls_init(), so there is no
need for EAP-pwd implementation to register explicitly. This avoids some
corner cases where OpenSSL resources do not get fully freed on exit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-17 01:20:10 +02:00
Jouni Malinen
afbe57d981 DFS: Fix hostapd operation without hw_mode driver data
If DFS implementation was built in, some configurations with drivers
that do not provide mode information could end up dereferencing a NULL
pointer. Fix this by skipping DFS operations in such cases since not
having information about modes and channels means that hostapd could not
perform DFS anyway (i.e., either this is not a wireless driver or the
driver takes care of DFS internally).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-17 01:14:35 +02:00
Jouni Malinen
e9b783d58c Fix hostapd operation without hw_mode driver data
Commit 7f0303d5b0 ('hostapd: Verify VHT
160/80+80 MHz driver support') added couple of hapd->iface->current_mode
dereferences of which the one in hostapd_set_freq() can be hit with some
configuration files when using driver wrappers that do not have hw_mode
data, i.e., when current_mode is NULL. This could result in segmentation
fault when trying to use driver=wired. Fix this by checking that
current_mode is not NULL before dereferencing it to get vht_capab.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-17 01:08:04 +02:00
Jouni Malinen
01b24c52df wired: Fix deinit path to unregister eloop read_sock
The previous version was leaving behind registered eloop socket
instances.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-17 00:57:15 +02:00
Moshe Benji
71d263ea70 Add wpa_scnprintf() helper function
This provides a simpler version of snprintf that doesn't require further
error checks.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 21:40:42 +02:00
Moshe Benji
dfa8787833 nl80211: Implement add_ts/del_ts ops
Add ops to notify about TSPECs to add/remove. Additionally, subscribe to
ADDTS/DELTS Action frames to be able to process WMM AC Action frames.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 21:21:22 +02:00
Eliad Peller
1b640fd27c Add str_token() function
Add helper function to get the next token from a string.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-11-16 21:11:23 +02:00
Moshe Benji
d1f880013a WMM AC: Handle TSPEC action frames
Add the TSPEC to the driver on successful TSPEC ADDTS response. Delete
the TSPEC when receiving DELTS action.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 21:07:08 +02:00
Moshe Benji
471cd6e10c WMM AC: Add add_tx_ts and del_tx_ts driver ops
Add add_tx_ts() and del_tx_ts() ops to notify the driver about
TSPEC add / delete.

Additionally, add wmm_ac_supported flag to indicate
whether the driver supports WMM AC.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-11-16 20:47:36 +02:00
Moshe Benji
a0413b1734 WMM AC: Parse WMM IE on association
Initialize WMM AC data structures upon successful association
with an AP that publishes WMM support, and deinitialize the data
structure when the association is no longer valid.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-11-16 20:47:34 +02:00
Eliad Peller
7e0e10693a nl80211: Parse WMM parameters on association
Set the relevant WMM parameters in the assoc_data event.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-11-16 20:19:04 +02:00
Eliad Peller
0f14a44e6b drivers: Add WMM parameters to association event data
The WMM parameters will be used later for setting default tspec values.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-11-16 20:16:58 +02:00
Jouni Malinen
d308d1a899 Sync with wireless-testing.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2014-11-11.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 20:08:00 +02:00
Masashi Honma
e609679984 mesh: Make plink params configurable
This patch makes four MIB variables for plink configurable and sets the
correct default values based on IEEE Std 802.11s-2011.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Masashi Honma
790709060d mesh: Add scan result for mesh network
Android 4.4 uses "BSS" command instead of "SCAN_RESULT" command.
So this patch add the mesh scan result for BSS command.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-16 19:43:11 +02:00
Javier Lopez
603a3f34c4 Add mesh_group_{add,remove} control interface commands
Parse MESH_GROUP_ADD/REMOVE commands on ctrl interface and call
wpa_supplicant routines. These commands are used to start or
join and leave a mesh network.

The mesh id is given in the configuration file, therefore there is
no need to scan before joining a mesh network. We reuse the
connect_without_scan construct used by P2P for that same purpose.

Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Javier Lopez <jlopex@gmail.com>
2014-11-16 19:43:11 +02:00
Jason Mobarak
5cfb672dde mesh: Enable mesh HT mode
Add a new option "mesh_ht_mode" that specifies the HT mode for the
mesh, with this option on, mesh beacons, actions frames, and probe
responses with include the appropriate HT information elements.

[original implementation by Chun-Yeow Yeoh <yeohchunyeow@gmail.com>]
[some fixes by Masashi Honma <masashi.honma@gmail.com>]
Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
2014-11-16 19:43:11 +02:00
Chun-Yeow Yeoh
c596f3f083 mesh: Add timer for SAE authentication in RSN mesh
Add timer to do SAE re-authentication with number of tries defined
by MESH_AUTH_RETRY and timeout defined by MESH_AUTH_TIMEOUT.

Ignoring the sending of reply message on "SAE confirm before commit"
to avoid "ping-pong" issues with other mesh nodes. This is obvious when
number of mesh nodes in MBSS reaching 6.

Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-11-16 19:43:11 +02:00
Bob Copeland
c50d94f1f8 mesh: Start mesh peering after successful authentication
[original patch by: Thomas Pedersen <thomas@noack.us>]
Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-11-16 19:43:11 +02:00
Bob Copeland
e96da42b0e SAE: Enhance AP implementation to handle auth for mesh interfaces
Add state transition logic to the SAE frame handling in order to more
fully implement the state machine from the IEEE 802.11 standard. Special
cases are needed for infrastructure BSS case to avoid unexpected
Authentication frame sequence by postponing transmission of the second
Authentication frame untile the STA sends its Confirm.

[original patch by: Thomas Pedersen <thomas@noack.us>]
Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-11-16 19:43:11 +02:00
Thomas Pedersen
0f950df029 mesh: Add mesh robust security network
This implementation provides:

- Mesh SAE authentication mechanism
- Key management (set/get PSK)
- Cryptographic key establishment
- Enhanced protection mechanisms for robust management frames

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
2014-11-16 19:43:06 +02:00
Dmitry Shmidt
88cb27c7a5 hostapd: Add wowlan_triggers config param
New kernels in wiphy_suspend() will call cfg80211_leave_all() that will
eventually end up in cfg80211_stop_ap() unless wowlan_triggers were set.
For now, use the parameters from the station mode as-is. It may be
desirable to extend (or constraint) this in the future for specific AP
mode needs.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-11-16 17:09:11 +02:00
Ilan Peer
f03996565a nl80211: Fix Android compilation by adding include for fcntl.h
This is needed for fcntl() at least with Android KK.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-11-16 17:09:11 +02:00
Jouni Malinen
929a2ea5df Suite B: Select EAPOL-Key integrity and key-wrap algorithms based on AKM
This adds support for AKM 00-0F-AC:11 to specify the integrity and
key-wrap algorithms for EAPOL-Key frames using the new design where
descriptor version is set to 0 and algorithms are determined based on
AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 17:09:11 +02:00
Jouni Malinen
087a1f4efd Suite B: PMKID derivation for AKM 00-0F-AC:11
The new AKM uses a different mechanism of deriving the PMKID based on
KCK instead of PMK. hostapd was already doing this after the KCK had
been derived, but wpa_supplicant functionality needs to be moved from
processing of EAPOL-Key frame 1/4 to 3/4 to have the KCK available.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 17:09:11 +02:00
Jouni Malinen
666497c8e6 Suite B: Add AKM 00-0F-AC:11
This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The
functionality itself is not yet complete, i.e., this commit only
includes parts to negotiate the new AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 13:20:51 +02:00
Jouni Malinen
35efa2479f OpenSSL: Allow TLS v1.1 and v1.2 to be negotiated by default
Use SSLv23_method() to enable TLS version negotiation for any version
equal to or newer than 1.0. If the old behavior is needed as a
workaround for some broken authentication servers, it can be configured
with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1".

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-15 12:35:10 +02:00
Andrei Otcheretianski
281ff42a01 EAP-IKEv2: Fix compilation warning
Fix signed/unsigned comparison compilation warning introduced in
08ef442 "EAP-IKEv2: Fix the payload parser".

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-11-15 11:41:09 +02:00
Dmitry Shmidt
d10792199e Add CTRL-EVENT-SCAN-FAILED notification in case of scan failure
This is needed since the SCAN command with radio work returns before the
actual driver operation to trigger a scan has been executed and as such,
cannot return result of that operation.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-11-15 11:03:52 +02:00
Jouni Malinen
9f6a7cddc4 Work around AP misbehavior on EAPOL-Key descriptor version
It looks like some APs are incorrectly selecting descriptor version 3
(AES-128-CMAC) for EAPOL-Key frames when version 2 (HMAC-SHA1) was
expected to be used. This is likely triggered by an attempt to negotiate
PMF with SHA1-based AKM.

Since AES-128-CMAC is considered stronger than HMAC-SHA1, allow the
incorrect, but stronger, option to be used in these cases to avoid
interoperability issues with deployed APs.

This issue shows up with "WPA: CCMP is used, but EAPOL-Key descriptor
version (3) is not 2" in debug log. With the new workaround, this issue
is ignored and "WPA: Interoperability workaround: allow incorrect
(should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor
version to be used" is written to the log.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-14 21:01:13 +02:00
Yanbo Li
e3a8ad4405 hostapd: Change drv_flags from unsigned int to u64
Some flag already using a bit larger than 32, so extend the hostapd
drv_flags type similarly to the earlier wpa_supplicant change to get the
full flag content.

Signed-off-by: Yanbo Li <yanbol@qti.qualcomm.com>
2014-11-14 12:55:53 +02:00
Jouni Malinen
41a233572e Assign QCA vendor specific nl80211 command id 52 for APFIND
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-11-13 16:27:23 +02:00
Jouni Malinen
68ee1cdca0 Remove unused EVENT_MLME_RX
This was used in driver_test.c, but that driver wrapper has been removed
and there are no remaining or expected users for EVENT_MLME_RX.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-01 19:31:23 +02:00
Jouni Malinen
0f812c993b Remove unused EVENT_FT_RRB_RX
This was used in hostapd driver_test.c, but that driver wrapper has been
removed and there are no remaining or expected users for
EVENT_FT_RRB_RX.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-01 19:27:48 +02:00
Jouni Malinen
f21495ad38 madwifi: Remove obsolete madwifi driver interface
The MadWifi project is not active anymore and the last release happened
in early 2008. As such, there is no remaining justification for
maintaining the madwifi-specific driver interface for hostapd either.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-01 16:15:29 +02:00
Jouni Malinen
b5ea99377f P2P: Document p2p_in_progress() return value 2
Function documentation was not in sync with the implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-31 00:50:01 +02:00
Sunil Dutt
b951a97454 P2P: Set p2p_scan_running based on driver scan request result
With the radio work interface, the actual request to start p2p_scan
operation is scheduled from a radio work and hence the initial return
value cannot provide the real result of the driver operation to trigger
a scan. Introduce a new notification API to indicate the scan trigger
status based on which the p2p_scan_running instance can be set using the
real return value from the driver operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-31 00:05:25 +02:00
Jouni Malinen
43d8592718 MACsec: Fix policy configuration
macsec_validate variable was set incorrectly to FALSE(0) or TRUE(1)
instead of the enum validate_frames values (Disabled(0), Checked(1),
Strict(2). This ended up policy == SHOULD_SECURE to be mapped to
macsec_validate == Checked instead of Strict. This could have resulted
in unintended SecY forwarding of invalid packets rather than dropping
them.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-30 11:43:47 +02:00
Jouni Malinen
8c00fd00cd P2P: Clean up p2p_go_neg_failed() calls
This function is always called with the peer argument equal to
p2p->go_neg_peer, so there is no need for that argument to be there. In
addition, p2p->go_neg_peer is not NULL in cases where there is an
ongoing GO Negotiation, so the function can be simplified to just check
once whether the peer pointer is set and if not, skip all processing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-29 13:04:09 +02:00
Rashmi Ramanna
0c6eee8b75 P2P: Use timer to fail GO Negotation while waiting for peer
The timeout check while waiting for the peer to accept the GO
Negotiation depended on the WAIT_PEER_IDLE or WAIT_PEER_CONNECT states
being in use. Any P2P command to alter such states would have resulted
in the failure to time out GO Negotiation and thus ended up in not
indicating GO Negotiation failure or left the selected peer available
for new GO negotiation after the expected two minute timeout.

Fix this by using a separate timer to time out GO Negotiation
irrespective of the P2P state.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-29 12:50:32 +02:00
Jouni Malinen
10bbe8b8ed nl80211: Fix a copy-paste error in key offload management
Commit b41f26845a ('Add support for
offloading key management operations to the driver') used incorrect
variable for determining the KCK length. This does not get triggered in
normal use cases since KCK and KEK are always included and of the same
length (in currently supported key management cases). Anyway, this needs
to be fixed to check the correct attribute. (CID 74491)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-28 01:41:57 +02:00
Kyeyoon Park
7d597d4617 AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.

This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.

Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-10-28 01:08:29 +02:00
Kyeyoon Park
6897556455 common: Add definition for ETH_HLEN
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-10-28 01:08:29 +02:00
Kyeyoon Park
7565752d47 AP: Add support for setting bridge network parameter
This allows setting a network parameter on the bridge that the BSS
belongs to.

This commit adds the needed functionality in driver_nl80211.c for the
Linux bridge implementation. In theory, this could be shared with
multiple Linux driver interfaces, but for now, only the main nl80211
interface is supported.

Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-10-28 01:08:29 +02:00
Kyeyoon Park
73d2294fbe AP: Add support for setting bridge port attributes
This allows setting a bridge port attribute. Specifically, the bridge
port in this context is the port to which the BSS belongs.

This commit adds the needed functionality in driver_nl80211.c for the
Linux bridge implementation. In theory, this could be shared with
multiple Linux driver interfaces, but for now, only the main nl80211
interface is supported.

Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-10-28 01:08:29 +02:00
Kyeyoon Park
71103bed42 AP: Add support for IPv4 neighbor entry management to the BSS bridge
This allows adding/deleting an IPv4 neighbor entry to/from the bridge,
to which the BSS belongs. This commit adds the needed functionality in
driver_nl80211.c for the Linux bridge implementation. In theory, this
could be shared with multiple Linux driver interfaces, but for now, only
the main nl80211 interface is supported.

Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-10-28 01:08:29 +02:00
Kyeyoon Park
6c6678e7a4 nl80211: Make br_ifindex available in i802_bss
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-10-28 01:08:29 +02:00
Kyeyoon Park
7d20dd66f3 l2_packet: Add support for DHCP packet filter in l2_packet_linux
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-10-28 01:08:29 +02:00
Ahmad Masri
d77419d234 P2P: Support GCMP as part of 60 GHz support
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-27 17:15:09 +02:00
Jouni Malinen
159a17916f nl80211: Move more event processing into driver_nl80211_event.c
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-26 17:54:56 +02:00
Jouni Malinen
8a906d1251 nl80211: Move event handling into a separate file
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-26 17:54:56 +02:00
Jouni Malinen
0fafeb5454 nl80211: Move capability determination into a separate file
This moves significant amount of code away from large driver_nl80211.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-26 17:54:56 +02:00
Jouni Malinen
906bc4c7d3 nl80211: Move QCA DFS offload capability determination to init time
There is no need to fetch this capability for each get_capa() call.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-26 17:54:56 +02:00
Jouni Malinen
981cf85a41 nl80211: Move AP monitor interface handling to a separate file
This moves the old monitor interface design to driver_nl80211_monitor.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-26 17:54:56 +02:00
Jouni Malinen
f3407c66c2 nl80211: Make some helper functions non-static
This allows more functionality to be moved to separate files.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-26 17:54:56 +02:00
Jouni Malinen
70a96c8116 nl80211: Move most of the Android code into a separate file
This moves most of the Android specific implementation from
driver_nl80211.c to driver_nl80211_android.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-26 17:54:56 +02:00
Jouni Malinen
1474e6e917 nl80211: Move definitions into separate header files
This is an initial step in starting to split the large driver_nl80211.c
implementation into somewhat smaller parts.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-26 17:03:24 +02:00
Jouni Malinen
2f06bcb361 Write human readable version of channel width to CSA event debug log
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-26 11:36:14 +02:00
Jouni Malinen
392dfd37e8 nl80211: Store externally managed bridge name in driver status
This makes it easier to figure out from hostapd control interface
whether an interface had been added to a bridge externally at the time
hostapd interface was enabled or if the interface gets added during
hostapd operations.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-26 11:27:31 +02:00
Jouni Malinen
ab93fdebf1 hostapd: Add INTERFACE-ENABLED and INTERFACE-DISABLED events
These can be convenient for upper layer programs to determine if the
hostapd interface gets disabled/re-enabled, e.g., due to rfkill
block/unblock.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-26 10:52:54 +02:00
Ilan Peer
1170239efa P2P: Save group common frequencies in invitation result
Save the group common frequencies when starting a GO due to
an invitation signaling requesting to re-invoke a persistent GO.

To do so, move the code that handles the translation of p2p_channels to
frequency list into a public function so it can be re-used both when GO
Negotiation is done and invitation signaling is done.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-10-26 01:24:28 +03:00
Ilan Peer
f64d3f0e15 WPS: Add missing device types
Add missing device category and device sub category definitions.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-10-26 01:24:08 +03:00
Ilan Peer
9bc5cfa338 nl80211: Clear beacon_set when deleting a beacon from deinit_ap()
When a beacon was deleted from the kernel in
wpa_driver_nl80211_deinit_ap(), bss->beacon_set was not cleared so
restarting the AP again was not possible.

Fix this by clearing the variable once the beacon was deleted.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-10-26 01:24:03 +03:00
Ilan Peer
ea6bf29ea3 nl80211: Add indoor only and GO concurrent flags
Add the following channel flags:

* INDOOR_ONLY: The channel can be used if and only if there is a clear
  assessment that the device is operating in an indoor environment, i.e.,
  it is AC power.

* CONCURRENT_GO: The channel can be used for instantiating a GO if and
  only if there is an additional station interface that is currently
  connected to an AP on the same channel or on the same U-NII band
  (assuming that the AP is an authorized master).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-10-26 01:23:46 +03:00
Ilan Peer
0a44358055 wpa_supplicant: Use the 'no_ir' notation
Use the 'no_ir' notation instead of the 'passive scan' and
'no_ibss' notations to match the earlier change in nl80211.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-10-26 01:23:43 +03:00
Constantin Musca
a902d5a64b P2P: Stop driver listen in p2p_state_timeout()
When a P2P timeout occurs and p2p_state_timeout is executed, the
stop_listen function can be called besides setting in_listen to zero in
cases where the driver is still in ROC. That should not really happen in
normal cases, but it is possible for some drivers to extend the ROC
duration. If that happens, the next start_listen request may get
rejected with "P2P: Reject start_listen since p2p_listen_work already
exists".

Signed-off-by: Constantin Musca <constantin.musca@intel.com>
2014-10-25 21:37:18 +03:00
Javier Lopez
01e2231fdc hostapd: Skip some configuration steps for mesh cases
Modify hostapd.c logic to add checks for valid mconf data structure:

- For hostapd_setup_bss we don't need to flush old stations in case
  we're rejoining a mesh network.

- In hostapd_setup_interface_complete, we don't need to setup the
  interface until we join the mesh (same reasoning for
  hostapd_tx_queue_params).

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
2014-10-25 17:45:36 +03:00
Bob Copeland
f3e9899e02 mesh: Accept Action frames without BSSID match
[original patch by: Thomas Pedersen <thomas@noack.us>]
Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-10-25 17:45:35 +03:00
Thomas Pedersen
476e6bb68d mesh: Add mesh mode config option
Modify network mode to support mode number 5 when CONFIG_MESH is
enabled.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
2014-10-25 17:45:35 +03:00
Bob Copeland
5f92659d88 mesh: Add mesh peering manager
The mesh peering manager establishes and maintains links among
mesh peers, tracking each peer link via a finite state machine.

This implementation supports open mesh peerings.

[assorted fixes from Yu Niiro <yu.niiro@gmail.com>]
[more fixes from Masashi Honma <masashi.honma@gmail.com>]
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-hostap: Bob Copeland <me@bobcopeland.com>
2014-10-25 17:45:31 +03:00
Thomas Pedersen
8319e3120d mesh: Add mesh mode routines
Add routines to (de)initialize mesh interface data structures and
join and leave mesh networks.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
2014-10-25 17:43:20 +03:00
Bob Copeland
5551bc9cb2 nl80211: Do not try to change supported rates
For mesh mode to work properly, set supported rates only once.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-10-25 15:54:57 +03:00
Bob Copeland
7a228b5c3f nl80211: Add STA flag WPA_STA_AUTHENTICATED
This is needed for managing STA entries for mesh use cases.

Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-10-25 15:54:47 +03:00
Bob Copeland
7c7e7877fc nl80211: Add plink_action_field to hostapd_sta_add_params
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-10-25 15:54:38 +03:00
Bob Copeland
0d391b03e7 nl80211: Reject deauth/disassoc for mesh interface
sta_info call these to send out the disassoc and deauth frame
which are both not relevent to mesh. So don't send them.

Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-10-25 13:47:48 +03:00
Bob Copeland
afb0550a39 nl80211: Register to receive mesh frames
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-10-25 13:47:12 +03:00
Jouni Malinen
aed8d4d1ff nl80211: Write channel type in debug log on channel switch event
This makes it easier to understand what kind of channel switch was
indicated by the driver.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-25 11:28:56 +03:00
Jouni Malinen
5de748187e Fix channel switch to disable VHT with HT
If both HT and VHT was enabled on AP and channel switch event from the
driver indicated that HT was disabled, VHT was left enabled. This
resulted in the following channel configuration failing. Fix this by
disabling VHT if HT gets disabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-25 11:27:48 +03:00
Eliad Peller
da1080d721 nl80211: Advertise and configure SMPS modes
Advertise static/dynamic SMPS mode support (according to the wiphy
feature bits) and pass the configured smps_mode when starting the AP.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-10-24 01:29:08 +03:00
Eliad Peller
8f461b50cf HT: Pass the smps_mode in AP parameters
The driver needs to know what SMPS mode it should use.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-10-24 01:27:31 +03:00
Eliad Peller
04ee647d58 HT: Let the driver advertise its supported SMPS modes for AP mode
Add smps_modes field, and let the driver fill it with its supported SMPS
modes (static/dynamic). This will let us start an AP with specific SMPS
mode (e.g., dynamic) that will allow it to reduce its power usage.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2014-10-24 01:25:29 +03:00
Jouni Malinen
4db207518d P2P: Stop TX wait on SD query TX status failure
The previous TX operation could be on another channel if there are
multiple peers with pending SD queries. To avoid failing to send the
following query, stop the last one to allow any Listen channel to be
used for the following query during p2p_find iteration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-23 21:52:05 +03:00
Jouni Malinen
44abecbf02 P2P: Limit number of SD retries during find
Commit 7139cf4a4f ('P2P: Decrement
sd_pending_bcast_queries when sd returns success') added support for
retrying P2P SD queries. However, it did this without limiting how many
retries are allowed. This can result in excessive number of retries if a
peer device does not show up on its Listen channel and there is a
pending SD query to it. Limit the maximum number of SD retries to 100
per p2p_find operation for each peer to avoid unlimited retries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-23 21:51:48 +03:00
Jouni Malinen
e706b8c8e5 P2P: Iterate through all peers in pending pre-find operation
Commit 7139cf4a4f ('P2P: Decrement
sd_pending_bcast_queries when sd returns success') changed P2P SD
behavior in a way that the P2P search loop ended up in continuing with
the first peer entry until it acknowledged receipt of a pending
broadcast SD request while the previous design went through all peers
once. While it is reasonable to retry SD, getting stuck with the first
peer is not really desirable. Change the p2p_continue_find() loop to
continue from the next peer in each iteration to allow progress through
all peers that have pending operations if any other peer is not
acknowledging frames (e.g., due to not being on Listen channel).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-23 21:30:32 +03:00
Chet Lanctot
b41f26845a Add support for offloading key management operations to the driver
This commit introduces a QCA vendor command and event to provide an
option to use extended versions of the nl80211 connect/roam operations
in a way that allows drivers to offload key management operations to the
driver/firmware.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-23 18:38:50 +03:00
Jouni Malinen
a6b1215769 GAS: Do not reply to P2P SD query from generic GAS/ANQP server
This avoids an issue where a wpa_supplicant build with CONFIG_P2P=y and
CONFIG_HS20=y ended up processing a P2P SD query twice when operating as
a GO and sending out two replies. Only the P2P SD implementation should
reply to P2P SD query in such a case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-22 19:21:42 +03:00
Johannes Berg
97752f7930 Revert "nl80211: Do not indicate P2P_DEVICE support by default"
This reverts commit 851b0c5581.

The kernel now has full support for this (and it is turned off
by default for hwsim) so wpa_supplicant should really go back
to autodetecting this so clients don't have to figure out what
to do.

Also add a debug message stating that P2P_DEVICE support is used.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-10-22 10:54:02 +03:00
Jouni Malinen
ccf79ab256 browser-android: Use execv() directly instead of os_exec()
This allows the URL to be passed as a single argument to the program
instead of getting split into multiple by os_exec(). This makes the
operation more robust for cases where the URL could have been received
from an external source and could potentially add extra arguments to the
command line.

In addition, fix the /system/bin/input execution by using system() for
it instead of execv() through os_exec(). /system/bin/input is a script
that execv() won't be able to run. Since the full command line is
specified, system() can be used for this. The keycode is also changed
from 3 to KEYCODE_HOME to make this work with current Android version.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-21 23:32:17 +03:00