Commit graph

991 commits

Author SHA1 Message Date
Janusz Dziedzic
bb35e2d214 hostapd: Work around an interop connection issue in FT-PSK + WPA-PSK
While the AP is configured to enable both FT-PSK and WPA-PSK, an HP
printer request both AKMs (copied from AP?) in Association Request
frame, but don't add MDIE and don't use FT. This results in the
connection failing.

Next in logs we see:

RSN: Trying to use FT, but MDIE not included
IE - hexdump(len=26): 30 18 01 00 00 0f ac 04 01 00 00 0f ac 04
                      02 00 00 0f ac 02 00 0f ac 04 00 00

This is seen with some HP and Epson printers. Work around this by
stripping FT AKM(s) when MDE is not present and there is still a non-FT
AKM available.

Signed-off-by: Janusz Dziedzic <janusz@plumewifi.com>
2019-01-06 21:10:08 +02:00
Jouni Malinen
b686745c76 Android: Harden wpa_ctrl_open2() against potential race conditions
The Android-specific chmod and chown operations on the client socket
(for communication with wpa_supplicant) did not protect against file
replacement between the bind() and chmod()/chown() calls. If the
directory in which the client socket is created (depends a bit on the
version and platform, but /data/misc/wifi/sockets is commonly used)
allows write access to processes that are different (less privileged)
compared to the process calling wpa_ctrl_open2(), it might be possible
to delete the socket file and replace it with something else (mainly, a
symlink) before the chmod/chown operations occur. This could have
resulted in the owner or permissions of the target of that symlink being
modified.

In general, it would be safest to use a directory which has more limited
write privileges (/data/misc/wifi/sockets normally has 'wifi' group
(AID_WIFI) with write access), but if that cannot be easily changed due
to other constraints, it is better to make wpa_ctrl_open2() less likely
to enable this type of race condition between the operations.

Replace chown() with lchown() (i.e., a version that does not dereference
symlinks) and chmod() with fchmod() on the socket before the bind() call
which is also not going to dereference a symlink (whereas chmod()
would). lchown() is a standard operation, but the fchmod() on the socket
is less so (unspecified behavior in some systems). However, it seems to
work on Linux and in particular, on Android, where this code is
executed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-06 20:20:20 +02:00
Dmitry Lebed
ce6d9ce15b hostapd: Add supported channel bandwidth checking infrastructure
This adds checks to common code to verify supported bandwidth options
for each channel using nl80211-provided info. No support of additional
modes is added, just additional checks. Such checks are needed because
driver/hardware can declare more strict limitations than declared in the
IEEE 802.11 standard. Without this patch hostapd might select
unsupported channel and that will fail because Linux kernel does check
channel bandwidth limitations.

Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
2019-01-06 11:54:34 +02:00
Jouni Malinen
ed87f6a80e Use a helper function for checking Extended Capabilities field
The new ieee802_11_ext_capab() and wpa_bss_ext_capab() functions can be
used to check whether a specific extended capability bit is set instead
of having to implement bit parsing separately for each need.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-02 18:13:19 +02:00
Avraham Stern
ecef0687dc RRM: Support for Last Beacon Report Indication subelement
IEEE P802.11-REVmd/D2.0, 9.4.2.20.7 (Beacon request) and 9.4.2.21.7
(Beacon report) add the Last Beacon Report Indication subelement to
Beacon Request and Beacon Report elements.

Add the Last Beacon Report Indication subelement to all Beacon Report
elements if the Beacon Request indicated that this subelement is
requested.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2019-01-02 16:26:11 +02:00
Avraham Stern
3ec118780a RRM: Add support for beacon report fragmentation
When the frame body subelement would cause the measurement report
element to exceed the maximum element size, the frame body subelement
used to be truncated. In addition, some elements were always truncated
in order to keep the reported frame body short (e.g. RSN IE).

Alternatively, IEEE P802.11-REVmd/D2.0, 9.4.2.21.7 extension to Beacon
reporting can be used: The frame body subelement is fragmented across
multiple beacon report elements, and the reported frame body fragment ID
subelement is added.

Use beacon report fragmentation instead of truncating the frame body
as this method gives the AP a more complete information about the
reported APs.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2019-01-02 15:54:55 +02:00
Ben Greear
2a54979695 wpa_ctrl: Make wpa_cli ping/pong work more reliably
In 2013 or so, IFNAME=foo was prepended to at least the Unix socket
communication from wpa_supplicant to wpa_cli. This broke the (fragile)
logic that made ping/pong work more often when wpa_supplicant is busy
sending logging info to wpa_cli.

Adding check for IFNAME=foo makes this work better.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2019-01-02 00:45:59 +02:00
Sergey Matyukevich
fb60dbdcec vlan: Use new bridge ioctl()
Legacy ioctl() through SIOCDEVPRIVATE are deprecated. Follow the
approach taken by bridge-utils and make use of new bridge ioctl's
whenever possible.

For example, using legacy ioctl() breaks dynamic VLAN mode on 32-bit
Linux systems running 64-bit kernels.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
2019-01-02 00:23:43 +02:00
Beni Lev
19677b77c3 OCE: Add RSSI based association rejection support (STA)
An AP might refuse to connect a STA if it has a low RSSI. In such case,
the AP informs the STA with the desired RSSI delta and a retry timeout.
Any subsequent association attempt with that AP (BSS) should be avoided,
unless the RSSI level improved by the desired delta or the timeout has
expired.

Defined in Wi-Fi Alliance Optimized Connectivity Experience technical
specification v1.0, section 3.14 (RSSI-based association rejection
information).

Signed-off-by: Beni Lev <beni.lev@intel.com>
2019-01-01 17:56:25 +02:00
Veerendranath Jakkam
dbe7f6da77 Vendor command to query the supported AKMs from the driver
This new QCA vendor command is used to query the supported AKM suite
selectors from the driver. There has been no such capability indication
from the driver and thus the current user space has to assume the driver
to support all the AKMs. This may be the case with some drivers (e.g.,
mac80211-based ones) but there are cfg80211-based drivers that implement
SME and have constraints on which AKMs can be supported (e.g., such
drivers may need an update to support SAE AKM using
NL80211_CMD_EXTERNAL_AUTH). Allow such drivers to specify the exact set
of supported AKMs so that user space tools can determine what network
profile options should be allowed to be configured. This command returns
the list of supported AKM suite selectors in the attribute
NL80211_ATTR_AKM_SUITES.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-21 21:09:48 +02:00
Jouni Malinen
5bcddb9302 DPP: Fix build with LibreSSL 2.8.3
Looks like LibreSSL 2.8 pulled in the OpenSSL API change to mark the
first argument to X509_ALGOR_get0() const.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-21 12:21:03 +02:00
Venkateswara Naralasetty
9c06f0f6ae hostapd: Add Multi-AP protocol support
The purpose of Multi-AP specification is to enable inter-operability
across Wi-Fi access points (APs) from different vendors.

This patch introduces one new configuration parameter 'multi_ap' to
enable Multi-AP functionality and to configure the BSS as a backhaul
and/or fronthaul BSS.

Advertise vendor specific Multi-AP capabilities in (Re)Association
Response frame, if Multi-AP functionality is enabled through the
configuration parameter.

A backhaul AP must support receiving both 3addr and 4addr frames from a
backhaul STA, so create a VLAN for it just like is done for WDS, i.e.,
by calling hostapd_set_wds_sta(). Since Multi-AP requires WPA2 (never
WEP), we can safely call hostapd_set_wds_encryption() as well and we can
reuse the entire WDS condition.

To parse the Multi-AP Extension subelement, we use get_ie(): even though
that function is meant for parsing IEs, it works for subelements.

Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-12-20 01:04:14 +02:00
Mathy Vanhoef
f9da7505bf OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.

On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.

Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.

As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 15:42:23 +02:00
Mathy Vanhoef
697652085f OCV: Add function to verify a received OCI element
ocv_verify_tx_params() verifies that the receive OCI element includes
field values that are compatible with the local channel configuration.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 00:02:14 +02:00
Mathy Vanhoef
f53aeff415 OCV: Parse all types of OCI information elements
Add functionality to parse all variations of the OCI element.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 00:02:14 +02:00
Mathy Vanhoef
6ab73efa72 OCV: Add utility functions to insert OCI elements
This commit adds utility functions to insert various encoding of the OCI
element.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 00:02:14 +02:00
Mathy Vanhoef
b1d05aee8b OCV: Protocol definitions
Define protocol identifiers for Operating Channel Verification (OCV)
based on IEEE P802.11-REVmd/D2.0.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 20:31:21 +02:00
Mathy Vanhoef
d706e0d7a3 Add functions to convert channel bandwidth to an integer
This adds two utility functions to convert both operating classes and
and the chan_width enum to an integer representing the channel
bandwidth. This can then be used to compare bandwidth parameters in an
uniform manner.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Mathy Vanhoef
dbe473fd22 Add utility function to derive operating class and channel
This function can be used to easily convert the parameters returned
by the channel_info driver API, into their corresponding operating
class and channel number.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-16 18:35:30 +02:00
Jouni Malinen
2205ca0dfe HS 2.0: Update supported release number to 3
Release 3 functionality is included, so start advertising support for
that release.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-08 14:06:58 +02:00
Peng Xu
891e1668c0 hostapd: Update HE Capabilities and Operation element definition
Update HE Capabilities/Operation element definition based on IEEE
P802.11ax/D3.0.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-07 15:17:02 +02:00
Edayilliam Jayadev
4c02242d04 Define spectral scaling parameters as QCA vendor specific attributes
Add spectral scaling parameters as vendor attributes to the
QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_CAP_INFO vendor subcommand.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-12-04 20:57:32 +02:00
Jouni Malinen
368c9dc0bd The master branch is now used for v2.8 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 22:55:28 +02:00
Jouni Malinen
c2c6c01bb8 Update version to v2.7 and copyright years to include 2018
Also add the ChangeLog entries for both hostapd and wpa_supplicant to
describe main changes between v2.6 and v2.7.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 21:34:59 +02:00
Jouni Malinen
4a450ba201 DPP: Do not reply to PKEX request with identifier if no local identifier
The reverse case (local identifier configured but no identifier
received) was already covered, but PKEX is not going to complete
successfully if there is any difference in identifier configuration, so
ignore this other case as well. This avoids unnecessary responses to
PKEX requests with identifier from a device that is ready for PKEX in
general, but not for that particular request.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-12-02 12:30:11 +02:00
Jouni Malinen
810bedf23f DPP: Check own_bi/peer_bi pointers more consistently
This gets rid of smatch warnings about a dereference before check.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-30 21:28:19 +02:00
Jouni Malinen
89b6d8a2f0 DPP: Fix no-Status protocol testing in Auth Resp error case
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-27 17:20:41 +02:00
Sunil Dutt
acecac4c79 Define QCA_NL80211_VENDOR_SUBCMD_LINK_PROPERTIES also as an event
This commit enhances QCA_NL80211_VENDOR_SUBCMD_LINK_PROPERTIES to
also be an event, aimed to notify the link status (EX: connected
stations status on an AP link).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-27 00:27:18 +02:00
Jouni Malinen
06e62e11c7 DPP: Fix a debug print to use quotation marks consistently
The "DPP: Unexpected JWK kty" debug print missed one of the quotation
marks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 17:31:49 +02:00
Jouni Malinen
11f07f027a DPP: Fix error path handling for GAS Comeback Response building
A local memory allocation failuring during GAS Comeback Response frame
generation could result in freeing the response context without removing
it from the list. This would result in dereferencing freed memory when
processing the next comeback request.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 13:51:26 +02:00
Jouni Malinen
c7896ef9c6 DPP: Fix memory leaks in GAS server error path handling
If local memory allocation for the GAS response failed, couple of error
paths ended up leaking some memory maintaining the state for the
exchange. Fix that by freeing the context properly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-11-25 13:49:44 +02:00
Jouni Malinen
dc673aec46 HS 2.0: Generate AssocReq OSEN IE based on AP advertisement
Parse the OSEN IE from the AP to determine values used in the AssocReq
instead of using hardcoded cipher suites. This is needed to be able to
set the group cipher based on AP advertisement now that two possible
options exists for this (GTK_NOT_USED in separate OSEN BSS; CCMP or
GTK_NOT_USED in shared BSS case). Furthermore, this is a step towards
allowing other ciphers than CCMP to be used with OSEN.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-09 18:07:16 +02:00
Sachin Ahuja
d554402140 Define new QCA vendor command for coex priority config
Add QCA_NL80211_VENDOR_SUBCMD_COEX_CONFIG vendor command
to set the priorities among different types of traffic of
WLAN/BT/Zigbee during coex scenarios.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-09 00:20:09 +02:00
vamsi krishna
a626fb1070 Add QCA vendor event to indicate throughput changes
Add interface for drivers to report changes in TX/RX throughput
dynamically to user space. This information can be used by userspace
tools to tune kernel's TCP parameters in order to achieve peak
throughput. The driver may optionally provide guidance on which TCP
parameters to be configured for optimal performance along with the
values to be configured.

The TCP parameters that need to be tuned for peak performance are not
interface specific. Based on the guidance from the driver and
considering the other interfaces that may be affected with the new
configurations, a userspace tool has to choose the values to be
configured for these parameters to achieve optimal performance across
interfaces.

The throughput levels informed by the driver with this event are only
for providing guidance on TCP parameter tuning from userspace. The
driver may change the thresholds used to decide low or medium or high
throughput levels based on several parameters based on the PHY layer
capacity in the current connection, the number of packets being
dispatched per second, or the number of packets pending in queues, etc.
The throughput levels may not be consistent with the actual throughput
of the link.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-08 21:56:58 +02:00
Kiran Kumar Lokere
5d332a13f7 Add test config QCA vendor attribute for action frame Tx in TB PPDU
Add a new wifi test config QCA vendor attribute to configure action
frame transmission in HE trigger based PPDU.
This is used for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-02 12:10:18 +02:00
Kiran Kumar Lokere
a94aab6ddd Define test config QCA vendor attribute for HE SU PPDU Tx config
Add a new wifi test config QCA vendor attribute to configure HE
single user PPDU transmission.
This is used for testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-02 12:09:38 +02:00
Kiran Kumar Lokere
292bce08b3 Define test config QCA vendor attribute for HE OM control config
Add a new wifi test config QCA vendor attributes to configure HE
operating mode control field bandwidth, number of spatial streams, and
UL MU disable configuration. Define a new attribute to clear the
previously set HE OM control field configuration. This is used for
testbed configuration.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-11-02 12:09:22 +02:00
Jouni Malinen
d514b50265 WNM: Collocated Interference Reporting
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.

For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".

For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".

This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-30 14:07:51 +02:00
Peng Xu
2f186d598a Define vendor specific NDP attribute for peer NDPE support
Add NAN NDP attribute QCA_WLAN_VENDOR_ATTR_PEER_NDPE_SUPPORT which
indicates if NDP remote peer supports NDPE attribute or not.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-19 20:44:44 +03:00
Visweswara Tanuku
77fcd74753 QCA vendor subcommand and attributes to configure capture of CFR data
Add a subcommand for Channel Frequency Response (CFG) Capture
Configuration and define attributes for configuring CFR capture
parameters per peer and enabling/disabling CFR capture.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-11 12:12:30 +03:00
Jouni Malinen
cad810a98f HS 2.0: OSU Provider NAI List advertisement
Extend hostapd to allow the new OSU Provider NAI List ANQP-element to be
advertised in addition to the previously used OSU Providers list
ANQP-element. The new osu_nai2 configurator parameter option is used to
specify the OSU_NAI value for the shared BSS (Single SSID) case while
osu_nai remains to be used for the separate OSU BSS.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-05 20:49:42 +03:00
vamsi krishna
edb509d49f Add QCA vendor event to report roam scan events
Driver/firmware does roam scan when it finds the need to roam to a
different BSS. Add a QCA vendor event to indicate such roam scan events
from driver/firmware to user space.

Please note that some drivers may not send these events in few cases,
e.g., if the host processor is sleeping when this event is generated in
firmware to avoid undesired wakeups.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-10-04 00:31:45 +03:00
Ankita Bajaj
820ea0ba93 DPP: Fix a memory leak on Configurator keygen error path
The allocated configuration structure needs to be freed if the specified
curve is not supported.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-21 21:22:42 +03:00
Ankita Bajaj
5a052f92eb DPP: Fix a memory leak in L derivation
The temporary EC_POINT 'sum' needs to be freed at the end of the
function with the other OpenSSL allocations.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-21 21:21:14 +03:00
Ankita Bajaj
bae282e3e8 DPP: Fix an error path memory leak in URI public key parsing
The allocated buffer from base64_decode() needs to be freed on the
sha256_vector() error path.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-21 21:20:06 +03:00
Varun Reddy Yeturu
60377efcc1 QCA vendor command support for TWT test configuration
Define new QCA vendor specific test config attributes to configure TWT.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-18 13:03:02 +03:00
Jouni Malinen
2b92c4f3c0 DPP: Fix test functionality for invalid keys with OpenSSL 1.1.0
It looks like at least OpenSSL 1.1.0i includes the extra checks in
EC_POINT_set_affine_coordinates_GFp() that break the previously used
mechanism for generating invalid keys. Fix this by using the alternative
design that was used with OpenSSL 1.1.1 and BoringSSL.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-17 17:23:10 +03:00
Jouni Malinen
3ecb8a5203 ANQP: Parse and report Venue URL information
Parse the Venue URL ANQP-element payload and report it with the new
RX-VENUE-URL event messages if the query was done using PMF.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-15 05:17:49 +03:00
Kiran Kumar Lokere
13dd13fc01 Define test config attribute to configure OM control support
Define a new QCA vendor specific test config attribute to configure the
support for receiving the MPDU with operating mode control subfield.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-09-06 00:01:57 +03:00
Purushottam Kushwaha
20f612d998 DPP: Set group id through DPP_AUTH_INIT or dpp_configurator_params
This enhances DPP_AUTH_INIT, DPP_CONFIGURATOR_SIGN, and SET
dpp_configurator_params to allow optional setting of the DPP groupId
string for a Connector. If the value is not set, the previously wildcard
value ("*") is used by default.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-08-30 23:34:00 +03:00