Scanning can delay concurrent operations considerably, so it is better
to avoid that while trying to connect on any of the virtual interfaces
that share the same radio.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
cfg80211 rejects the set_key operations before the IBSS network has been
fully formed, so add one more attempt to set the key for WPA-None at
IBSS joined driver event.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This option can be used only for global parameters that are not going
to be changed from settings.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Iliyan Malchev <malchev@google.com>
There may be cases where multiple BSS entries for a single BSSID are in
the table. This is mostly in automated test cases due to the AP
configuration changes, but something similar could potentially happen as
a corner case in more realistic networks, too, e.g., when an AP changes
its operating channel. Make network selection more robust by trying to
find the exact BSS entry instead of any BSS entry with a matching BSSID
when storing GAS/ANQP response.
Signed-hostap: Jouni Malinen <j@w1.fi>
Some extended capabilities (I'm currently interested in "Operating Mode
Notification" for VHT) are implemented by the kernel driver and exported
in nl80211. Use these in hostapd/wpa_supplicant.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
If WPS provisioning step is completed with an AP that is in WPS
configured state, we can skip a second scan after the provisioning step
since the AP is unlikely to change its configuration in such a case.
This can speed up WPS connection a bit by removing an unneeded scan.
Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
This can be used to configure wpa_supplicant to ignore old scan results
from the driver cache in cases where such results were not updated after
the scan trigger from wpa_supplicant. This can be useful in some cases
where the driver may cache information for a significant time and the AP
configuration is changing. Many such cases are for testing scripts, but
this could potentially be useful for some WPS use cases, too.
Signed-hostap: Jouni Malinen <j@w1.fi>
If a peer replies to persistent group invitation with status code 8
(unknown group), remove the peer from the p2p_client_list if we are the
GO or remove the persistent group if we are the P2P client since it
looks like that the peer has dropped persistent group credentials and
the provisioning step needs to be executed again.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add support for VHT capability overrides to allow testing connections
with a subset of the VHT capabilities that are actually supported by
the device. The only thing that isn't currently supported (by mac80211
and this code) is the RX/TX highest rate field.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Addition of wpa_supplicant_fast_associate() made it unnecessary to call
wpas_select_network_from_last_scan() directly from other files.
Signed-hostap: Jouni Malinen <j@w1.fi>
If scan results are available when we perform a SelectNetwork, use
them to make an associate decision. This can save an entire scan
interval-worth of time in situations where something external to
wpa_supplicant (like a connection manager) has just previously
requested a scan before calling SelectNetwork.
Signed-hostap: Paul Stewart <pstew@chromium.org>
hostapd.conf sae_groups parameter can now be used to limit the set of
groups that the AP allows for SAE. Similarly, sae_groups parameter is
wpa_supplicant.conf can be used to set the preferred order of groups. By
default, all implemented groups are enabled.
Signed-hostap: Jouni Malinen <j@w1.fi>
hostapd can now be configured to use anti-clogging mechanism based on
the new sae_anti_clogging_threshold parameter (which is
dot11RSNASAEAntiCloggingThreshold in the standard). The token is
generated using a temporary key and the peer station's MAC address.
wpa_supplicant will re-try SAE authentication with the token included if
commit message is rejected with a token request.
Signed-hostap: Jouni Malinen <j@w1.fi>
This was used to select between "(auth)" and "(reauth)" in
CTRL-EVENT-CONNECTED events. However, the variable was not cleared
anywhere else apart from the AP deinit case. As such, it did not really
provide correct information and is not really of much use even with
proper clearing added. As such, it is cleaner to just get rid of this
altogether.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 1ff733383f added a mechanism to
work around issues due to association events and EAPOL RX events being
getting reordered. However, this applied only for the case where
wpa_supplicant is not in associated state. The same issue can happen in
roaming case with drivers that perform BSS selection internally (or in
firmware). Handle that case similarly by delaying received EAPOL frame
processing if the source address of the EAPOL frame does not match the
current BSSID.
Since wired IEEE 802.1X do not have BSSID, make this additional
workaround conditional on BSSID match having been observed during the
previous association.
This fixes issues where the initial EAPOL frame after reassociation was
either dropped (e.g., due to replay counter not increasing) or replied
to with incorrect destination address (the BSSID of the old AP). This
can result in significantly more robust roaming behavior with drivers
that do not use wpa_supplicant for BSS selection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Both the ctrl_iface and D-Bus interface use similar functionality to
request a new connection. Combine these to a single function to avoid
need to maintain duplicated implementation.
Signed-hostap: Jouni Malinen <j@w1.fi>
wpas_connection_failed() uses the blacklist count to figure out a
suitable time to wait for the next scan. This mechanism did not work
properly in cases where the temporary blacklist gets cleared due to no
other BSSes being available. Address this by maintaining an additional
count of blacklisting values over wpa_blacklist_clear() calls. In
addition, add one more step in the count to timeout mapping to go to 10
second interval if more than four failures are seen.
Signed-hostap: Jouni Malinen <j@w1.fi>
If the driver does not support multi-channel concurrency and a virtual
interface that shares the same radio with the current interface is
operating there may not be need to scan other channels apart from the
current operating channel on the other virtual interface. Filter out
other channels in case we are trying to find a connection for a station
interface when we are not configured to prefer station connection and a
concurrent operation is already in process.
Signed-hostap: Jouni Malinen <j@w1.fi>
p2p_prov_disc_req() used the join parameter to figure out whether the PD
request was a user initiated or not. This does not cover all use cases
of PD, so add a separate parameter to allow caller to indicate whether
the user requested the operation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This function is now unused after the last couple of commits that
removed the last uses, so remove this to keep code simpler since all
places that disassociate, can use deauthentication instead.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When WPS is used with NFC connection handover, the AP may indicate its
operating channel within the credential information. Use this
informatiom, if present, to speed up the scan process.
Signed-hostap: Jouni Malinen <j@w1.fi>
This replaces the previously used bogus test data in SAE messages with
the first real field. The actual SAE authentication mechanism is still
missing and the Scaler, Element, and Confirm fields are not included.
Signed-hostap: Jouni Malinen <j@w1.fi>
External programs can use this new parameter to prevent wpa_supplicant
from connecting to a list of BSSIDs and/or SSIDs. The disallowed BSSes
will still be visible in scan results and it is possible to run ANQP
operations with them, but BSS selection for connection will skip any
BSS that matches an entry in the disallowed list.
The new parameter can be set with the control interface SET command
using following syntax:
SET disallow_aps <disallow_list>
disallow_list ::= <ssid_spec> | <bssid_spec> | <disallow_list> | “”
SSID_SPEC ::= ssid <SSID_HEX>
BSSID_SPEC ::= bssid <BSSID_HEX>
For example:
wpa_cli set disallow_list "ssid 74657374 bssid 001122334455 ssid 68656c6c6f"
wpa_cli set disallow_list
(the empty value removes all entries)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Since we have a global P2P module, the flag to trigger scan completion
events to it needs to be in similar context. The previous design
maintained this separately for each virtual interface and if P2P module
did not run its scan operation on the virtual interface that completed
the scan, P2P module would not be allowed to restart operations
properly.
Signed-hostap: Jouni Malinen <j@w1.fi>
Use configured credentials to figure out which ANQP information needs to
be fetched and only fetch those when using Interworking network
selection. The fetch_anqp command is still fetching all ANQP
information.
Signed-hostap: Jouni Malinen <j@w1.fi>
If the scan results from before ANQP fetch are fresh (less than five
seconds old), do not run a new scan when selecting the BSS after having
used Interworking network selection.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows last results to be used even after they have been freed
since the information is copied to the BSS entries anyway and this new
array provides the order in which scan results were processed.
Signed-hostap: Jouni Malinen <j@w1.fi>
The freq and ht40 parameters can now be used with the p2p_invite
command when reinvoking a persistent group as the GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit adds control interface commands and internal storage of
Wi-Fi Display related configuration. In addition, WFD IE is now added
to various P2P frames, Probe Request/Response, and (Re)Association
Request/Response frames. WFD subelements from peers are stored in the
P2P peer table.
Following control interface commands are now available:
SET wifi_display <0/1>
GET wifi_display
WFD_SUBELEM_SET <subelem> [hexdump of length+body]
WFD_SUBELEM_GET <subelem>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
auto_interworking=1 configuration parameter can be used to request
wpa_supplicant to use Interworking network selection automatically as a
part of the normal (non-Interworking) network selection if the scan
results do not match with enabled networks. This makes scanning work
similarly to the "interworking_select auto" command.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new gas_request and gas_response_get commands can be used to request
arbitary GAS queries to be performed. These can be used with ANQP or
with other (including vendor specific) advertisement protocols.
gas_request <BSSID> <AdvProtoID> [Query]
gas_response_get <addr> <dialog token> [offset,length]
For example, ANQP query for Capability list in interactive wpa_cli
session:
> gas_request 02:00:00:00:01:00 00 000102000101
<3>GAS-RESPONSE-INFO addr=02:00:00:00:01:00 dialog_token=0
status_code=0 resp_len=32
> gas_response_get 02:00:00:00:01:00 00
01011c00010102010501070108010c01dddd0c00506f9a110200020304050607
> gas_response_get 02:00:00:00:01:00 00 0,10
01011c00010102010501
> gas_response_get 02:00:00:00:01:00 00 10,10
070108010c01dddd0c00
> gas_response_get 02:00:00:00:01:00 00 20,10
506f9a11020002030405
> gas_response_get 02:00:00:00:01:00 00 30,2
0607
It should be noted that the maximum length of the response buffer is
currently 4096 bytes which allows about 2000 bytes of the response data
to be fetched with a single gas_response_get command. If the response is
longer, it can be fetched in pieces as shown in the example above.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Maintain state of WPS APs during iteration to find the correct AP for
WPS PIN operation when no specific BSSID is specified. This information
can be used for optimizing the order in which the APs are tried. This
commit is only adding the collection of the information and more
detailed debug information to make debug logs more helpful in figuring
out how the AP selection order could be improved.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If 4-way handshake fails due to likely PSK failure or if EAP
authentication fails, disable the network block temporarily. Use longer
duration if multiple consecutive failures are seen.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, all station mode scan operations were either skipped or
delayed while any P2P operation was in progress. To make concurrent
operations easier to use, reduce this limitation by allowing a scan
operation to be completed in the middle of a p2p_find. In addition,
allow station mode association to be completed. When the station mode
operation is run to its completion (scan results not acted on,
connection to an AP completed, connection failed), resume the p2p_find
operation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_s->removal_reason was set only when calling wpas_p2p_group_delete()
and while couple of call places did not set this, it should really be
set in each case. As such, it works better as a function parameter than
a variable in struct wpa_supplicant.
Signed-hostap: Jouni Malinen <j@w1.fi>
This new mechanism can be used to make wpa_supplicant using external
storage (e.g., key store in the operating system) for passwords,
passphrases, and PSKs. This commit is only adding the framework part
needed to support this, i.e., no actual configuration parameter can
yet use this new mechanism. In addition, only a simple test backend
is added to allow developer testing of the functionality.
Signed-hostap: Jouni Malinen <j@w1.fi>
In the properties changed signal, added a new property
"DisconnectReason", which carries the IEEE 802.11 reason code of the
most recent disassociation or deauthentication event. The reason code is
negative if it is locally generated. The property is sent to the DBUS
immediately so as to prevent it from being coalesced with other
disconnect events.
Signed-off-by: Gary Morain <gmorain@chromium.org>
Like bgscan, autoscan is an optional module based feature to automate
scanning but while disconnected or inactive.
Instead of requesting directly a scan, it only sets the scan_interval
and the sched_scan_interval. So, if the driver supports sched_scan,
autoscan will be able to tweak its interval. Otherwise, the tweaked
scan_interval will be used. If scan parameters needs to be tweaked, an
autoscan_params pointer in wpa_s will provide those. So req_scan /
req_sched_scan will not set the scan parameters as they usually do, but
instead will use this pointer.
Modules will not have to request a scan directly, like bgscan does.
Instead, it will need to return the interval it wants after each
notification.
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Add an additional parameter to prioritize either sta or p2p connection
to resolve conflicts arising during single channel concurrency.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Perform addition additional scan runs on the operating channel of the GO
(if known from previous scan results) and fall back to initiate the PD
for GO Negotiation if these additional scans do not detect the peer as
GO.
Signed-hostap: Sunil Dutt Undekari <duttus@codeaurora.org>