Add a comment to note which fields are expected to be updated by the
driver. In addition, reorder subfield writing to match the order in
which the fields are in the frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
ieee80211_chan_to_freq() is not really meant for conversion of 20 MHz
primary channel numbers for wider VHT channels, so handle those as
special cases here for now.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpabuf_resize() can handle the initial allocation of a wpabuf and all
the other callers of wpas_rrm_report_elem() were already using a pointer
to a pointer and a wpabuf_resize() call. Simplify this by resizing the
wpabuf (if needed) within wpas_rrm_report_elem() instead of having to
calculate the needed size in all the callers. Thsi is also fixing one of
the allocation sizes to use the correct size instead of a size of a
struct that has nothing to do with the allocation (but is larger than
the needed five octets, so does not break anything).
Signed-off-by: Jouni Malinen <j@w1.fi>
There is only a single caller for wpas_rrm_send_neighbor_rep_request()
and it unconditionally uses a callback function, so cb cannot be NULL
here and there is no need for additional complexity and extra code size
to check for it explicitly.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, the check was done after we reached the maximum and another
scan was already triggered.
While at it, remove an irrelevant comment that the previous change in
the logic here missed.
Signed-off-by: Beni Lev <beni.lev@intel.com>
Previously, SIM state change with SIM_STATE_ERROR cleared all PMKSA
entries (including non-SIM networks). Limit this to networks which use
SIM-based authentication methods to avoid unnecessarily removal of PMKSA
entries.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The pending neighbor report state needs to be cleared on error path here
to avoid getting stuck with being unable to perform any additional
neighbor reports during the association.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Allow shorter request since the subelements are optional to include.
Also print the hexdump of the subelements into debug log.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The requested behavior can be approximated for most use cases even if
the driver does not support reporting exact TSF values for frames.
Enable this capability for all drivers to make beacon report processing
more useful for a common use case.
Signed-off-by: Jouni Malinen <j@w1.fi>
The special parameters for beacon report scan are not needed for the
beacon report when using the beacon table measurement mode. Advertise
support for this case regardless of whether the driver supports the scan
parameters.
Signed-off-by: Jouni Malinen <j@w1.fi>
Beacon Report Radio Measurement is defined in IEEE Std 802.11-2016,
11.11.9.1. Beacon Report is implemented by triggering a scan on the
requested channels with the requested parameters.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This conversion will be done several times in the code, so add a helper
function that does this conversion.
Signed-off-by: Avrahams Stern <avraham.stern@intel.com>
Extend verify_channel() to return whether IR is allowed on the channel
or not, and make it a global function so it can be used in other files,
too. This makes this function useful for checking not only if a channel
is supported but also if it is allowed for active and passive scan.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add the following parameters to scan request:
1. Dwell time on each channel.
2. Whether the specified dwell time is mandatory.
In addition, add to scan results info the time that the scan actually
started, and to each scan result the time the beacon/probe was received,
both in terms of TSF of the BSS that the interface that requested the
scan is connected to (if available).
Add flags to indicate whether the driver supports dwell time
configuration and scan information reporting.
This scan configuration and information is required to support beacon
report radio measurement.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
1. Change the return type to reflect whether building the report
succeeded or failed.
2. Change argument type to rrm_measurement_request_element instead
of raw packet data to ease processing the request.
3. Use already existing function to create the measurement report
and add it to the report buffer.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Send measurement report with the mode field set to incapable in response
to measurement requests with unsupported measurement types.
In addition, measurements requests that request parallel measurements
are rejected since these features are not supported.
Measurement request frames with the enable bit set are ignored since
these are not really requesting measurements and are not supported for
now.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
The length of a Measurement Report frame should be limited by the
maximum allowed MMPDU size (IEEE Std 802.11-2016, 9.6.2.3). Enforce this
size limit, and in case the report elements are longer than the allowed
size, split them between several MPDUs.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Extract the code dealing with processing the measurement request
elements to a separate function. This will be needed for beacon report
requests processing.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
RRM request frame should contain only information elements of type Radio
Measurement Request. Go through all the frame and validate that only
elements of this type are included.
In addition, if a truncated element is encountered, or the element
length field indicates that the element length is more than the
entire frame, abort the request.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
As support for new RRM measurements will be added, the RRM
implementation will become quite large, so move it to a dedicated file.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Commit 4a742011ab ('wpa_supplicant: Handle
LCI request') introduced LCI request parsing in a manner that
incremented the request pointer by four within
wpas_rrm_build_lci_report() without decrementing len correspondingly.
This could potentially result in get_ie() reading four octets beyond the
buffer if a corrupted request is received. This would be applicable only
if the LCI reporting was enabled explicitly ("SET LCI ..." control
interface command).
Fix this by updating the len variable to match the request pointer
changes.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds a new wpa_supplicant network profile parameter
mka_priority=0..255 to set the priority of the MKA Actor.
Signed-off-by: Badrish Adiga H R <badrish.adigahr@gmail.com>
This was previously done for SCAN_RESULTS, but the BSS control interface
command did not show a similar flag. In addition, change "WPA2" to "RSN"
for mesh BSS to be consistent with the SCAN_RESULTS output.
Commit 638d945679 ('mesh: Show [MESH] flag
in scan results') did similar changes for SCAN_RESULTS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit extends the BSS commands to include "BSS CURRENT" as a way
to get the current BSS without having to walk the BSS list matching
against BSSID+SSID returned from the STATUS command.
This returns the BSS stored in wpa_s->current_bss.
Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
This registers a new callback to indicate change in SIM state. This
helps to do some clean up (more specifically pmksa_flush) based on the
state change of the SIM. Without this, the reconnection using the cached
PMKSA could happen though the SIM is changed.
Currently eap_proxy_sim_state corresponds to only SIM_STATE_ERROR. This
can be further extended.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows user to start P2P Find/Scan on a particular frequency and
then move to scanning social channels. This support is already present
on control socket.
Signed-off-by: Amit Purwar <amit.purwar@samsung.com>
Add p2p_add_cli_chan=1 option to p2p_supplicant.conf to allow Wi-Fi P2P
operating as P2P client on passive scan channels.
In addition, add p2p_add_cli_chan=1 option to wpa_supplicant.conf to
have consistency in P2P channel list. There is a case where P2P channel
list is updated with different channels from p2p0 and wlan0.
Signed-off-by: Tomoharu Hatano <tomoharu.hatano@sonymobile.com>
Commit c579312736 ('Add
PMKSA-CACHE-ADDED/REMOVED events to wpa_supplicant') added new arguments
to these callback functions, but forgot to update the implementations in
preauth_test.c.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes both the Probe Response and Beacon frame IEs available to
upper layers if scan results include both IE sets. When the BSS command
mask includes WPA_BSS_MASK_BEACON_IE, a new beacon_ie=<hexdump> entry
will be included in output if the BSS entry has two separate sets of IEs
(ie=<hexdump> showing the Probe Response frame contents and
beacon_ie=<hexdump> the Beacon rame contents).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If 20/40 MHz co-ex scan resulted in switching primary and secondary
channels, mesh setup failed to update the frequency parameters for
hostapd side configuration and that could result in invalid secondary
channel configuration preventing creating of the mesh network. This
could happen, e.g., when trying to set up mesh on 5 GHz channel 36 and
co-ex scan finding a BSS on channel 40. Switching the pri/sec channels
resulted in hostapd code trying to check whether channel 32 is
available. Fix this by swapping the channels for hostapd configuration
when needed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds new wpa_supplicant control interface commands PMKSA_GET and
PMKSA_ADD that can be used to store PMKSA cache entries in an external
persistent storage when terminating a wpa_supplicant process and then
restore those entries when starting a new process. The previously added
PMKSA-CACHE-ADDED/REMOVED events can be used to help in synchronizing
the external storage with the memory-only volatile storage within
wpa_supplicant.
"PMKSA_GET <network_id>" fetches all stored PMKSA cache entries bound to
a specific network profile. The network_id of the current profile is
available with the STATUS command (id=<network_id). In addition, the
network_id is included in the PMKSA-CACHE-ADDED/REMOVED events. The
output of the PMKSA_GET command uses the following format:
<BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds>
<akmp> <opportunistic>
For example:
02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30240 43200 1 0
02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30240 43200 1 0
The PMKSA_GET command uses the following format:
<network_id> <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration
in seconds> <akmp> <opportunistic>
(i.e., "PMKSA_ADD <network_id> " prefix followed by a line of PMKSA_GET
output data; however, the reauth_time and expiration values need to be
updated by decrementing them by number of seconds between the PMKSA_GET
and PMKSA_ADD commands)
For example:
PMKSA_ADD 0 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30140 43100 1 0
PMKSA_ADD 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30140 43100 1 0
This functionality is disabled be default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option. It should be
noted that this allows any process that has access to the wpa_supplicant
control interface to use PMKSA_ADD command to fetch keying material
(PMK), so this is for environments in which the control interface access
is restricted.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These allow external program to monitor PMKSA cache updates in
preparation to enable external persistent storage of PMKSA cache.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Configuration file network block with disabled=2 is used for storing
information about a persistent group, so p2p_persitent_group should be
updated according to this when creating a struct wpa_ssid instance. This
will end up using D-Bus persistent network object path for the network.
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
Supported Operating Classes element and its use is define in the IEEE
802.11 standard and can be sent even when MBO is disabled in the build.
As such, move this functionality out from the CONFIG_MBO=y only mbo.c.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 192ad3d730 ('Interworking: Clear
SCANNING state if no match found') did this for the case where no
network matched credentials, but left the SCANNING state in place if
there were a match, but automatic connection was not enabled. Extend
this to cover the case where INTERWORKING_SELECT is not followed by a
connection attempt so that wpa_state is not left indefinitely to
SCANNING.
This fixes a hwsim test case failure in the following sequence:
ap_anqp_sharing scan_trigger_failure
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_s->sme.auth_alg could have been left to a previously value other
than WPA_AUTH_ALG_OPEN if IBSS network is used after an association that
used shared key, FT, or FILS authentication algorithm. This could result
in the IBSS setup failing due to incorrect authentication processing
steps.
Fix this by setting wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN whenever
starting an IBSS (or mesh, for that matter) network.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 8e84921efe ('P2P: Support driver
preferred freq list for Autonomous GO case') introduced this loop to go
through preferred channel list from the driver. The loop does bounds
checking of the index only after having read a value from the array.
That could in theory read one entry beyond the end of the stack buffer.
Fix this by moving the index variable check to be done before using it
to fetch a value from the array.
This code is used only if wpa_supplicant is build with
CONFIG_DRIVER_NL80211_QCA=y and if the driver supports the vendor
extension (get_pref_freq_list() driver op). In addition, the driver
would need to return more than P2P_MAX_PREF_CHANNELS (= 100) preferred
channels for this to actually be able to read beyond the buffer. No
driver is known to return that many preferred channels, so this does not
seem to be reachable in practice.
Signed-off-by: Amit Purwar <amit.purwar@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Commit 370017d968 ('P2P: Use preferred
frequency list from the local driver') introduced this loop to go
through preferred channel list from the driver. The loop does bounds
checking of the index only after having read a value from the array.
That could in theory read one entry beyond the end of the stack buffer.
Fix this by moving the index variable check to be done before using it
to fetch a value from the array.
This code is used only if wpa_supplicant is build with
CONFIG_DRIVER_NL80211_QCA=y and if the driver supports the vendor
extension (get_pref_freq_list() driver op). In addition, the driver
would need to return more than P2P_MAX_PREF_CHANNELS (= 100) preferred
channels for this to actually be able to read beyond the buffer. No
driver is known to return that many preferred channels, so this does not
seem to be reachable in practice.
Signed-off-by: Amit Purwar <amit.purwar@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
This makes wpa_supplicant behavior more consistent with FLUSH command to
clear all state. Previously, it was possible for an ongoing scan to be
aborted when the FLUSH command is issued and the scan results from that
aborted scan would still be processed and that would update the BSS
table which was supposed to cleared by the FLUSH command.
This could result in hwsim test case failures due to unexpected BSS
table entries being present after the FLUSH command.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reject a passphrase with control characters instead of trying to write
out an example network configuration block with such control characters
included.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Skipping the scan altogether will hurt auto-reconnect. Also move the PNO
check down since the scan might be canceled for other reasons before we
defer it.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
The way the removal of duplicated (one per frequency) BSS entries in the
cfg80211 scan results were removed in driver_nl80211_scan.c
bss_info_handler() depended on having the full scan results available to
allow iteration through the other entries. This is problematic for the
goal of being able to optimize memory allocations for scan result
fetching in a manner that would not build the full result buffer in
memory.
Move this duplicate removal into bss.c since it has sufficient
information available for doing the same determination of which one of
two BSS entries is more current.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_priv did not yet support Beacon frame IEs (res->beacon_ie_len) which
resulted in invalid scan data being accepted in driver_privsep.c. Add
support for res->beacon_ie_len and also fix the validation step to take
this new variable length field into account.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_priv has never really been fully up-to-date with the wpa_supplicant
driver interface extensions. This does not seem like something that
would change in the future either, so document this reduced
functionality as a potential drawback.
Signed-off-by: Jouni Malinen <j@w1.fi>
This avoids a theoretical resource leak on exit path if wpa_priv is
killed while there is a wpa_supplicant process using it.
Signed-off-by: Jouni Malinen <j@w1.fi>
This avoids some valgrind warnings about use of uninitialized memory in
cases where a struct may have padding octets between the fields.
Signed-off-by: Jouni Malinen <j@w1.fi>
This gets rid of some dependencies on how extra octets at the end of the
struct sockaddr_un get "uninitialized" consistently by only using the
exact length of the address data from the recvfrom() call. This resolves
number of valgrind warnings about use of uninitialized memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to be able to work with many wpa_supplicant use cases,
e.g., due to use of TDLS or RSN pre-authentication needing a separate
l2_packet socket.
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit enhances the existing implementation of abort scan to also
abort concurrent active vendor scans. This is achieved by passing the
the scan_cookie to the driver interface with the intention to abort
the specific scan request. This scan_cookie is returned from the driver
interface when the scan request is scheduled.
This scan_cookie is 0 if the scan is triggered through the upstream
cfg80211 interface. Thus, the scan_cookie is used to determine whether
to abort the cfg80211 or vendor scan request.
Also, the previous implementation of relying on scan_work/p2p_scan_work
for the active work to trigger the abort scan is enhanced to check for
the started state of either of these work operations. This should also
help to abort the concurrent active scan/p2p-scan operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit enhances the abort scan implementation to also abort the
vendor scan, if one was used to trigger the scan.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
cfg80211 rejects the scans issued with random MAC address if the STA is
in connected state. This resulted in failures when using MAC_RAND_SCAN
while connected (CTRL-EVENT-SCAN-FAILED ret=-95). Enable random MAC
address functionality only if the STA is not in connected state to avoid
this. The real MAC address of the STA is already revealed in the
association, so this is an acceptable fallback mechanism for now.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit adds IP address information into GroupStarted event on the
P2P client side like it is sent over the control interface.
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Previously, wpa_supplicant only supported hardcoded port == 1 in the
SCI, but users may want to choose a different port.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
So that the user can turn encryption on (MACsec provides
confidentiality+integrity) or off (MACsec provides integrity only). This
commit adds the configuration parameter while the actual behavior change
to disable encryption in the driver is handled in the following commit.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
This enables configuring key_mgmt=NONE + mka_ckn + mka_cak.
This allows wpa_supplicant to work in a peer-to-peer mode, where peers
are authenticated by the pre-shared (CAK,CKN) pair. In this mode, peers
can act as key server to distribute keys for the MACsec instances.
This is what some MACsec switches support, and even without HW
support, it's a convenient way to setup a network.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
BoringSSL is the only supported version of SSL, so remove this guard so
we can continue to compile when the flavor.mk is removed.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This provides more details on BSS selection process in the debug log.
Previously, the BSSs that were not either the current or the selected
one were not necessarily printed at all. Now all BSSs that match the
currently selected network are listed with their frequency and signal
strength details.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, the estimated throughput was used to enable roaming to a
better AP. However, this information was not used when considering a
roam to an AP that has better signal strength, but smaller estimated
throughput. This could result in allowing roaming from 5 GHz band to 2.4
GHz band in cases where 2.4 GHz band has significantly higher signal
strength, but still a lower throughput estimate.
Make this less likely to happen by increasing/reducing the minimum
required signal strength difference based on the estimated throughputs
of the current and selected AP. In addition, add more details about the
selection process to the debug log to make it easier to determine whaty
happened and why.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, CONFIG_IEEE80211R enabled build that supports FT for both
station mode and AP mode. However, in most wpa_supplicant cases only
station mode FT is required and there is no need for AP mode FT.
Add support to differentiate between station mode FT and AP mode FT in
wpa_supplicant builds by adding CONFIG_IEEE80211R_AP that should be used
when AP mode FT support is required in addition to station mode FT. This
allows binary size to be reduced for builds that require only the
station side FT functionality.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
CONFIG_MBO was defined inside ifdef CONFIG_AP, so when AP support
was not compiled, MBO was not compiled either. However, CONFIG_MBO
is not related AP support, so it should not depend on CONFIG_AP.
Fix this by moving CONFIG_MBO outside of ifdef CONFIG_AP.
Signed-off-by: Avrahams Stern <avraham.stern@intel.com>
This is specific to the macsec_qca driver. The core implementation
shouldn't care about this, and only deal with the complete secure
channel, and pass this down to the driver.
Drivers that have such limitations should take care of these in their
->create functions and throw an error.
Since the core MKA no longer saves the channel number, the macsec_qca
driver must be able to recover it. Add a map (which is just an array
since it's quite short) to match SCIs to channel numbers, and lookup
functions that will be called in every place where functions would get
the channel from the core code. Getting an available channel should be
part of channel creation, instead of being a preparation step.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
When starting ASP provisioning with connection capability set to NEW,
don't create the pending P2P interface as a GO interface because
Go negotiation will determine which side will be the GO and it is
possible that eventually this interface will become the client.
In this case, when the P2P client is started it will start scanning
and do other station specific operations while the interface type
is AP.
Instead, use type WPA_IF_P2P_GROUP when creating the interface which
means the interface type will be determined later.
Signed-off-by: Avrahams Stern <avraham.stern@intel.com>
Previously, a build without IBSS RSN support tried to start/join an IBSS
even if the profile was configured with RSN parameters. This does not
work and resulted in quite confusing debug log. Make this clearer by
explicitly checking for this case and reject the connection attempt with
a clearer debug log entry instead of trying something that is known to
fail.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit adds a control interface command to configure the TDLS
trigger mode to the host driver. This TDLS mode is configured through
the "SET tdls_trigger_control" control interface command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
"GET_CAPABILITY fils" used to return "FILS" based on wpa_supplicant
configuration. This can be made more useful by checking both for
wpa_supplicant and driver support for FILS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Decrypt the AES-SIV protected elements and verify Key-Auth. Parse and
configure keys to the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Filter out get_pref_freq_list() (i.e.,
QCA_NL80211_VENDOR_SUBCMD_GET_PREFERRED_FREQ_LIST) output in case of
channel negotiation by removing channels that do not allow P2P operation
at all. Previously, only the explicitly disallowed channels were removed
and that could have resulted in selecting an operating channel that is
not allowed for P2P and failing to complete the operation to start the
group.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If a PMKSA cache entry for the target AP is available, try to use FILS
with PMKSA caching.
If an ERP key for the target AP is available, try to use FILS with
EAP-Initiate/Re-auth added as Wrapper Data element.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This was already done in the case SME in the driver is used, but the SME
code path was resetting the local WPA/RSN IE only for association. While
that was fine for existing use cases, FILS needs a new RSN IE to be set
for PMKSA caching case in Authentication frames, so clear the local IE
before starting new authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it cleaner for the FILS implementation to use the same design
for setting Authentication frame elements as was already done with SAE.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add network id command completion support for identity, password,
new_password, pin, otp, passphrase, sim and bssid commands.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Add list_sta command to print addresses of all stations. Command
added to both wpa_cli and hostapd_cli.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
With mac_addr=0 and preassoc_mac_addr=1, the permanent MAC address
should be restored for association. Previously this did not happen when
reassociating to the same ESS.
Signed-off-by: Benjamin Richter <br@waldteufel.eu>
Scan results were not propagated to all interfaces if scan results
started a new operation, in order to prevent concurrent operations. But
this can cause other interfaces to trigger a new scan when scan results
are already available. Instead, always notify other interfaces of the
scan results, but note that new operations are not allowed.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
There are a couple of places in wpa_supplicant/hostapd where qsort() can
be called with a NULL base pointer. This results in undefined behavior
according to the C standard and with some standard C libraries (ARM RVCT
2.2) results in a data abort/memory exception. Fix this by skipping such
calls since there is nothing needing to be sorted.
Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
This was already done for most driver cases, but it is possible that the
BSSID/frequency is not forced if the driver reports BSS selection
capability (e.g., NL80211_ATTR_ROAM_SUPPORT). That could potentially
result in the driver ignoring the BSSID/frequency hint and associating
with another (incorrect) AP for the WPS provisioning step if that
another AP in the same ESS is more preferred (e.g., better signal
strength) by the driver and only one of the APs (the not preferred one)
is in active WPS registrar state.
While most drivers follow the BSSID hint for the initial connection to
an ESS, not doing it here for the WPS provisioning would break the
protocol. Fix this by enforcing a single BSSID/frequency to disallow the
driver from selecting an incorrect AP for the WPS provisioning
association.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This modifies wpa_eapol_key_send() to use AEAD cipher (AES-SIV for FILS
AKMs) to provide both integrity protection for the EAPOL-Key frame and
encryption for the Key Data field. It should be noted that this starts
encrypting the Key Data field in EAPOL-Key message 2/4 while it remains
unencrypted (but integrity protected) in non-FILS cases. Similarly, the
empty Key Data field in EAPOL-Key message 4/4 gets encrypted for AEAD
cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This can be used to check whether the running wpa_supplicant version was
built with CONFIG_FILS=y.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If FILS is supported, indicate that in Probe Request and (Re)Association
Request frames in the Extended Capabilities element.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds CONFIG_FILS=y build configuration option and new key
management options for FILS authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous implementation was hardcoded to use 128-bit AES key
(AEAD_AES_SIV_CMAC_256). Extend this by allowing AEAD_AES_SIV_CMAC_384
and AEAD_AES_SIV_CMAC_512 with 192-bit and 256-bit AES keys.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This also implements the macsec_get_capability for the macsec_qca
driver to maintain the existing behavior.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Clean up the driver interface by passing pointers to struct receive_sc
down the stack to the {create,delete}_recevie_sc() ops, instead of
passing the individual properties of the SC.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Clean up the driver interface by passing pointers to struct transmit_sc
down the stack to the {create,delete}_transmit_sc() ops, instead of
passing the individual arguments.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Clean up the driver interface by passing pointers to struct receive_sa
down the stack to the {create,enable,disable}_receive_sa() ops, instead
of passing the individual properties of the SA.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Clean up the driver interface by passing pointers to struct transmit_sa
down the stack to the {create,enable,disable}_transmit_sa ops, instead
of passing the individual properties of the SA.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Clean up the driver interface by passing pointers to structs transmit_sa
and receive_sa down the stack to get_receive_lowest_pn(),
get_transmit_next_pn(), and set_transmit_next_pn() ops, instead of
passing the individual arguments.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
This makes it easier to figure out why autoscan is not used even when
being configured through the control interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
PNO is sometimes restarted due to changes in scan parameters
(e.g., selected network changed or MAC randomization being
enabled/disabled). Restart is done by stopping PNO and immediately
starting it again. This may result in the SCHED_SCAN_STOPPED event being
received after the request for new PNO, which will make wpa_supplicant
believe PNO is not active although it is actually is. As a result, the
next request to start PNO will fail because PNO is active and should be
stopped first.
Fix this by deferring the request to start PNO until the
SCHED_SCAN_STOPPED event is received in case sched_scan is being
stopped.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
When scheduled scan stops without the interface request (for example,
driver stopped it unexpectedly), start a regular scan to continue
scanning for networks and avoid being left with no scan at all.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
In some cases, after a sudden AP disappearing and reconnection to
another AP in the same ESS, if another scan occurs, wpa_supplicant might
try to roam to the old AP (if it was better ranked than the new one)
because it is still saved in BSS list and the blacklist entry was
cleared in previous reconnect. This attempt is going to fail if the AP
is not present anymore and it'll cause long disconnections.
Remove an AP that is probably out of range from the BSS list to avoid
such disconnections. In particular mac80211-based drivers use the
WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in locally generated
disconnection events for cases where the AP does not reply anymore.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
As the scan channels might need to change when the channel list has been
updated by the kernel. Use the simulated sched_scan timeout
(wpas_scan_restart_sched_scan()) to handle a possible race where an
ongoing sched_scan has stopped asynchronously while trying to restart a
new sched_scan.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
This extends ANQP_GET command to support querying MBO cellular
preference also. The cellular preference can be requested along with
neigbor report by appending mbo:1 to the command arguments.
For example:
ANQP_GET <bssid> 272,mbo:1
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This code sequence was already used at two different places (and an
additional one has been proposed), so add a common helper function to
avoid having to copy-paste this functionality in multiple locations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If a scheduled scan is running on select network command,
cancel and reset it before kicking off a regular scan request.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
The reason detail field in non_pref_chan attribute was removed from MBO
draft v0.0_r25, so the STA should not include this field to be compliant
with the latest draft.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
For testing purposes, it is useful to have an option to be able to
reject BTM Request sent by AP in order to verify the AP behavior upon
BTM Request rejection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a testing mechanism to allow association disallowed set by AP to be
ignored. This can be used to verify AP behavior for disallowing a
specific association.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc
response loss and EAPOL RX packet loss by ignoring corresponding
incoming events.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
If authentication times out while reassociating to same ESS incorrect
BSSID may end up being blacklisted. Use pending_bssid field on
authentication timeout and deauthentication to ensure the correct AP
gets blacklisted. This is mainly to address cases related to Android
framework roaming behavior.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
When an interface becomes disabled (e.g., when RF-kill becomes blocked)
we should clear the stored scan results to avoid maintaining stale
information.
Fix this by flushing the BSS entries when an interface becomes
disabled.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Previously, struct hostapd_iface sta_seen list head was initialized only
when completing interface setup. This left a window for operation that
could potentially iterate through the list before the list head has been
initialized. While the existing code checked iface->num_sta_seen to
avoid this case, it is much cleaner to initialize the list when struct
hostapd_iface is allocated to avoid any accidental missing of the extra
checks before list iteration.
Signed-off-by: Jouni Malinen <j@w1.fi>
When starting a P2P GO, the struct p2p_go_neg_results may use
persistent_group == 2 to indicate use of persistent reconnect. Setting
ssid->p2p_persistent_group based on this did not take into account this
special case and that ended up in D-Bus code trying to encode 2 as a
DBUS_TYPE_BOOLEAN value which results in an assert from the library. Fix
this by setting ssid->p2p_persistent_group to 0 or 1 instead of raw
params->persistent_group value without any filtering.
This is similar to an earlier fix in commit
112fdee738 ('P2P: Fix D-Bus persistent
parameter in group started event') that addressed another code path in
sending out this D-Bus signal.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add configuration options that control publishing of fine timing
measurement (FTM) responder and initiator functionality via bits 70, 71
of Extended Capabilities element. Typically, FTM functionality is
controlled by a location framework outside wpa_supplicant. When
framework is activated, it will use wpa_supplicant to configure the
STA/AP to publish the FTM functionality. See IEEE P802.11-REVmc/D7.0,
9.4.2.27.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Some deployed stations incorrectly consider nsts capability in
(Re)Association Response frame as required capability instead of maximum
capability and if it is greater than station's capability then beamform
will not happen in uplink traffic.
This commit adds support for an optional workaround to use station's
nsts capability in (Re)Association Response frame if the station's nsts
is less than AP by using the use_sta_nsts=1 configuration parameter.
This configuration is introduced in this commit and it is disabled by
default.
Signed-off-by: Tamizh chelvam <c_traja@qti.qualcomm.com>
This patch aims to expose the configuration file path as an interface
property, like is done with the driver and the bridge name. Doing so,
higher layer programs become responsible to recreate interfaces with the
correct configuration file path when programs need to remove them.
Signed-off-by: Jose Blanquicet <blanquicet@gmail.com>
This is a known constant value (CS_ID_LEN, i.e., the length of the EUI64
identifier) and does not need to be provided separately in these
function calls.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Previously, this was initialized in hostapd_setup_bss() which made it
possible for a REMOVE_NEIGHBOR control interface command to be issued
prior to the list head pointers having been set. That resulted in a NULL
pointer dereference. Fix this by initializing the list head at the time
the data structure gets allocated.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
All the 3 control interfaces: socket based, dbus & binder needs to
perform the same sequence of steps for network add/remove. So, move
these to a common utility method in |wpa_supplicant.c| instead of
duplicating the code everywhere.
Signed-off-by: Roshan Pius <rpius@google.com>
Accoding to the comment of struct wpa_driver_mesh_bss_params, the
max_peer_links parameter should be under that struct.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>