Previously, send() was called with invalid fd = -1 in some error cases
for retransmission and this could even result in a loop of multiple such
attempts. This is obviously not going to work, so drop such attempts and
instead, try to reconnect a socket to the server if the current socket
is not valid.
In addition, initiate server failover immediately if the current socket
is not valid instead of waiting for a timeout.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the initial attempt at opening the socket connection to the RADIUS
server failed due to missing IP connectivity during startup, e.g., with
"connect[radius]: Network is unreachable", hostapd did not try to
reconnect when RADIUS messages were sent. Instead, it only reported "No
authentication server configured" even if the configuration did have a
server entry.
This was broken by commit 9ed4076673
('RADIUS client: Do not try to send message without socket') for the
initial case and the more recent fixes in RADIUS server failover cases
did not cover the initial failure case.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new hostapd parameters auth_server_addr_replace and
acct_server_addr_replace can now be used to replace the configured IP
address instead of adding a new RADIUS server. This is mainly useful for
testing purposes where the address can be changed over control interface
during AP operation.
Signed-off-by: Jouni Malinen <j@w1.fi>
It does not look likely that the old DSA design would be added into the
internal TLS implement, so remove this otherwise dead code.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like the 128M default memory size for the hwsim test setup was
not large enough to cover all the needs anymore. Some of the test cases
using tshark could hit OOM with that size. Increase the default
allocation to 192M to avoid this type of issues.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows wpa_supplicant to recover from some of the cases where
cfg80211 is unloaded and reloaded without restarting wpa_supplicant. The
netlink socket used for nl80211 events (global->nl_event) seemed to end
up in otherwise functionality state, but with all the event memberships
lost when cfg80211 gets reloaded.
There does not seem to be any clear way of determining when this has
happened, so it looks simplest to just try to re-subscribe to all the
events whenever an interface is re-enabled or added.
Signed-off-by: Jouni Malinen <j@w1.fi>
This verifies that the packet socket workaround does not get disabled if
EAPOL frames are processed during operation state (i.e., when processing
reauthentication/rekeying on a functional association).
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit e6dd8196e5 ('Work around Linux
packet socket regression') closed the workaround socket on the first
received EAPOL frame from the main packet socket. This can result in
closing the socket in cases where the kernel does not really work in the
expected way during the following initial association since
reauthentication/rekeying using EAPOL frames happens while operstate is
not dormant and as such, the frames can get delivered through the main
packet socket.
Fix this by closing the workaround socket only in case the first EAPOL
frame is received through the main packet socket. This case happens
while the interface is in dormant state and as such, is more likely to
show the more restricted case of kernel functionality.
In order to avoid processing the received EAPOL frames twice, verify a
checksum of the frame contents when receiving frames alternatively from
the main packet socket and the workaround socket.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, within-ESS roaming was skipped if the selected BSS did not
have a higher signal strength than the current BSS regardless of AP
capabilities. This could result in not moving to a BSS that would
provide higher throughput, e.g., due to larger channel bandwidth or
higher rates (HT/VHT MCS).
Use estimated throughput information from scan result processing to
allow within-ESS roaming if the selected BSS is likely to provide better
throughput even if the current BSS has larger RSSI.
Signed-off-by: Jouni Malinen <j@w1.fi>
These values were previously used only for sorting the scan results, but
it may be useful to provide access to the used values through the BSS
entries.
Signed-off-by: Jouni Malinen <j@w1.fi>
This modifies the BSS selection routines to calculate SNR and estimated
throughput for each scan result and then use the estimated throughput as
a criteria for sorting the results. This extends the earlier design by
taking into account higher throughput rates if both the AP and local
device supports HT20, HT40, or VHT80. In addition, the maximum rate is
restricted based on SNR.
In practice, this gives significantly higher probability of selecting
HT/VHT APs when there are multiple BSSes in the same ESS and SNR is not
low enough to prevent higher MCS use.
Signed-off-by: Jouni Malinen <j@w1.fi>
"make -C wpa_supplicant libwpa_ctrl.a" can now be used to build a static
library that can be linked with external programs using wpa_ctrl.h. This
makes it easier to create a separate library package that does not
depend in any other hostap.git file other than src/common/wpa_ctrl.h and
the libwpa_ctrl.a built with this new make target.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it somewhat easier to use CONFIG_WPA_TRACE=y build with
external programs that might not be aware of the initialization
requirement, e.g., when linking wpa_ctrl.c with a program that does not
use the os_*() wrappers.
Signed-off-by: Jouni Malinen <j@w1.fi>
This change adds the function hostapd_config_clear_wpa_psk() that
deletes an entire wpa_psk structure, making sure to follow the linked
list and to free the allocated memory of each PSK node. This helps to
prevent memory leaks when using PSKs from multiple sources and
reconfiguring the AP during runtime.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
This allows multiple dmesg files to be saved if a test case is executed
multiple times similarly to the other logfiles.
Signed-off-by: Jouni Malinen <j@w1.fi>
When an EVENT_SIGNAL_CHANGE occurs the bgscan is informed about this
change but the new RSSI value is not stored. In consequence, when
roaming candidates are evaluated, the RSSI value of the current BSS used
to compare is an old one obtained during the last scan rather than the
new one given by the signal change event. This leads sometimes to bad
decision when selecting a new BSS for roaming.
This patch solves the issue by updating the current BSS level when
receiving a signal change event in order to have a very up-to-date
current signal value when choosing an new BSS.
Signed-off-by: Matthieu Mauger <matthieux.mauger@intel.com>
When stopping the TKIP countermeasures, it would be preferable to
connect immediately. However if scheduled scan is in progress,
a connection attempt will be done only when scan results are received,
so cancel the scheduled scan to allow immediate scan and connection
attempt.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Configure the GO CTWindow on APstart if the driver supports it and this
parameter is set in wpa_supplicant configuration.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Read p2p_go_ctwindow (0-127 TUs) from the config file, and pass it to
the driver on GO start.
Use p2p_go_ctwindow=0 (no CTWindow) by default.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Some APs (e.g., Cisco 1260) sometimes add padding to the end of short
TDLS management packets and that can look like invalid IEs. This was
allowed on M3 and discovery packets, but not in others. Allow it for the
other packets as well, since required IEs are verified in the code
anyway.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
In addition, add support for returning the capability list through
the BSS control interface command.
Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
In addition, add support for returning the capability list through the
BSS control interface command.
Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
Instead of calling a dummy printf function use preprocessor to determine
if debugging mode is enabled. Also use native Qt debug function.
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
If a matching IBSS is found in scan results, change requested frequency
to match and disable OBSS scan.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Add fixed_freq=<0/1> network block parameter and pass it to the driver
when starting or joining an IBSS. If this flag is set, IBSS should not
try to look for other IBSS networks to merge with on different channels.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
The kernel had two bugs (one in hwsim and one more important one in
mac80211) in this area, add a test to make sure we can disconnect
without any kernel issues while in powersave.
Also make sure that the TIM bit gets set and cleared again (by checking
with tshark.)
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The '/usr/include/libnl3' header path is unsafe for cross-compilation.
Use pkg-config to find libnl-3.0 headers by default and alternatively,
allow LIBNL_INC=<path> to be used in .config to override.
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
The new reassoc_same_bss_optim=1 configuration parameter can now be used
to request wpa_supplicant to bypass the unnecessary Authentication frame
exchange when reassociating back to the same BSS with which the device
is already associated. This functionality is disabled by default since
it may cause undesired interoperability issues with some APs.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit c35e35ed81 ('Add passive_scan
configuration parameter') used incorrect parameter name when writing the
passive_scan parameter into a configuration file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In some error cases, pointers were dereferenced before NULL check is
done. Fix this by adding checks before the dereference.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These were not supposed to include a newline at the end of the message
text since such formatting gets handled by tls_show_errors(). In
addition, change the message about the issuer's issuer to be more
accurate.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If addition of a peer issuer certificate fails, the certs pointer would
be NULL when being passed to sk_X509_push() for peer issuer's issuer.
Fix this by skipping addition of issuer's issue if issuer addition
fails.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If addition of a peer issuer certificate fails, the certs pointer would
be NULL when being passed to sk_X509_push() for peer issuer's issuer.
Fix this by skipping addition of issuer's issue if issuer addition
fails.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These hs20-osu-client parameters were never applicable for Android
builds and were just copied from the non-Android Makefile as a reminder,
but not removed once rest of the Android build was fixed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These need to be done in the libxml2 build, not in hs20-osu-client. This
workaround was previously used to allow parts of the build to go
through, but that was not a complete fix and resulted in warnings now
that external/libxml2 in Android 5.0 is defining the same parameters.
Remove these from hs20-osu-client Android.mk to avoid that warning.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Numbers of hs20-osu-client functions do not use all of the parameters
currently. This makes the compiler output difficult to read due to
undesired warning messages. Get rid of those specific warnings for now.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The LOCAL_EXPORT_C_INCLUDE_DIRS from ICU did not seem to fully resolve
the build (e.g., "mm -B" failed to build, but following that with "mm"
allowed the build to complete). For now, add the include directory
manually here for Android 5.0.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>