Every usage of these variables appends an extra slash, so keeping
a slash in the default values leads to double slashes in resulting
paths.
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
Some distros carry patches to specify driver fallback, but only in
specific conditions (e.g. the systemd service definition[1]). This leaves
other wpa_supplicant instances needing to define fallback themselves,
which leads to places where wpa_supplicant thinks it can't find a
driver[2]. Instead, when -D is not specified, have wpa_supplicant try
all the drivers it was built with in an attempt to find a working one
instead of just giving up if the first doesn't work.
[1] https://salsa.debian.org/debian/wpa/-/blob/debian/unstable/debian/patches/networkd-driver-fallback.patch
[2] https://bugs.launchpad.net/netplan/+bug/1814012
Signed-off-by: Kees Cook <kees@ubuntu.com>
Update PMKSA cache when interface is disabled and then enabled based on
the new MAC address. If the new MAC address is same as the previous MAC
address, the PMKSA cache entries are valid and hence update the PMKSA
cache entries to the driver. If the new MAC address is not same as the
previous MAC address, the PMKSA cache entries will not be valid anymore
and hence delete the PMKSA cache entries.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
While creating a cloned PMKSA entry for OKC both expiration and
reauth_time values are set to maximum values, but later only the
expiration time is copied from the old PMKSA entry to the new PMKSA
entry. Due to this there is a possibility of reauth_time becoming
greater than expiration time in some cloned entries. To avoid this copy
reauth_time also to the cloned entry.
Also, add check to reject control interface commands with reauth time
greater than expiration time.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Replaced the word "sanity" with the inclusive word "validity". The
comment in acs_survey_interference_factor() was referring a function
that does not exist, so remove it instead of trying rename the function.
Signed-off-by: Arowa Suliman <arowa@chromium.org>
Allow sae_pwe parameter to be configured per-network and enforce the
SAE hash-to-element mechanism for the P2P GO if it is started on
a 6 GHz channel.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
After roaming from WPA2-AP (group=CCMP) to WPA-AP (group=TKIP) using
driver-based SME and roaming trigger, GTK renewal failures are observed
for the currently associated WPA-AP because of group cipher mismatch,
resulting in deauthentication with the AP.
Update the group cipher and pairwise cipher values in wpa_sm from
association event received from the driver in case of SME offload to the
driver to address GTK renewal failures (and similar issues) that could
happen when the driver/firmware roams between APs with different
security profiles.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add an explicit check for modes != NULL instead of depending on
num_modes > 0 implying that. This is to silence invalid static analyzer
reports.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Support adding/deleting vendor elements dynamically for AP mode while it
is started by wpa_supplicant instead of hostapd which already supported
this. This adds ap_assocresp_elements global parameter and UPDATE_BEACON
control interface command to take the changed values into effect.
Usage in wpa_cli:
Add vendor IE for (Re)Association Response frames
> set ap_assocresp_elements=xxxx
Add vendor IE for Beacon/Probe Response frames
> set ap_vendor_elements=xxxx
Delete vendor IE from (Re)Association Response frames
> set ap_assocresp_elements
Delete vendor IE from Beacon/Probe Response frames
> set ap_vendor_elements
To make vendor IE changes take effect
> update_beacon
Signed-off-by: Chaoli Zhou <zchaoli@codeaurora.org>
Add support to send DSCP Policy Query frame using a new control
interface command DSCP_QUERY. This includes support for a wildcard DSCP
query and a DSCP query with a single Domain Name attribute.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Add support to parse WFA Capabilities element from the (Re)Association
Response frame. Also register a timeout for the station to wait before
sending a new DSCP query if requested by AP.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Indicate DSCP Policy capability by including a WFA Capabilities element
containing the relevant bit set to 1 in the (Re)Association Request
frames when enabled by user.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Add support to prepare and send DSCP response action frame to the
connected AP in response to a new control interface command DSCP_RESP.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Add support to parse received DSCP Policy Request frames and send the
request details as control interface events.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
The DSCP policy capability is disabled by default. The user frameworks
which have support for handling DSCP policy request messages need to
enable this capability explicitly to allow wpa_supplicant to advertise
the capability to the AP and allow the related frames to be processed.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
This function is not specific to GAS, so make it available throughout
wpa_supplicant without requiring CONFIG_GAS.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Enhance the P2P_GROUP_ADD command to support DFS channel with 80 and 160
MHz bandwidth to be used for autonomous GO when using offloaded DFS.
For example, 'P2P_GROUP_ADD freq=5500 max_oper_chwidth=80 ht40 vht'
- Previous behavior: AP fallback to channel 100 using 20 MHz with
"No VHT higher bandwidth support for the selected channel 100"
- Enhanced behavior: AP starts on channel 100 using 80 MHz with
"VHT center channel 106 for 80 or 80+80 MHz bandwidth"
This functionality is on top of the driver's capability to offload DFS,
which is advertized through WPA_DRIVER_FLAGS_DFS_OFFLOAD.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Enable support for P2P connection in 6 GHz with the channel width of 40
MHz, 80 MHz, and 160 MHz. The flag max_oper_chwidth is used to configure
the maximum channel width for P2P connection in 6 GHz with the commands
P2P_CONNECT, P2P_INVITE, and P2P_GROUP_ADD.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Current definition of wpas_p2p_get_ht40_mode() determines secondary
offset in the 5 GHz band. Enhance the functionality of this function to
determine offset to support 6 GHz channels also.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Clone pmf and p2p_6ghz_disable configuration values when creating a new
P2P group interface. PMF is required in 6 GHz band operation.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Currently while selecting a preferred frequency when no preference is
known, p2p_no_go_freq is not considered for 5 GHz and 60 GHz channels.
This results in starting GO on the channels that are configured not to
allow the local device as GO.
Use wpas_p2p_supported_freq_go api to check if the p2p_no_go_freq
configuration before selecting the preferred frequency for GO.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
For some 6 GHz operating class like 134, there is a possibility where
the ch variable used for channel iterator overflows when it is
incremented. Fix this by updating the datatype of ch variable to
avoid integer overflow while incrementing.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Generate an event on the control socket interface when a network is
added or removed. The event name CTRL-EVENT-NETWORK-<ADDED|REMOVED>
is followed by the network entry identifier. The event matches the
corresponding Network<Added|Removed> signal on the d-bus interface.
Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
The --conf option specifies a file containing a list of options
to configure the network used for running the test which will be
used in place of the defaults built into the script.
Signed-off-by: Nick Porter <nick@portercomputing.co.uk>
"SET disable_mscs_support 1" can be used to disable indication of MSCS
support in the Extended Capabilities element for testing purposes. This
is also disabling addition of the MSCS element even if valid
configuration parameters had been configured.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add support to receive and process SCS Response frames from the AP and
indicate the status to upper layers.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
"SET disable_scs_support 1" can be used to disable indication of SCS
support in the Extended Capabilities element for testing purposes.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add support to parse SCS control interface command and form the SCS
Request frame to be sent to SCS enabled AP.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Enable (and require) the management frame protection for the P2P GO if
it is started on a 6 GHz channel.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
P2P connections in the 6 GHz band use SAE authentication algorithm after
getting credentials with WPS connection. During WPS connection as it
doesn't use SAE, SAE PT is not derived. After getting SAE credentials,
the STA connects to the same SSID using SAE auth algorithm. Earlier, SAE
H2E PT was not derived while connecting to the same SSID to which the
STA is connected last time. Due to this, the P2P group formation fails
for 6 GHz channels when H2E is enabled as the PT will not be setup by
the P2P client before proceeding to the SAE authentication. Same could
happen with infrastructure WPS when wps_cred_add_sae=1 is used.
Set up the SAE H2E PT while connecting to the same SSID again also to
make sure that the H2E PT is set up in the STA to derive the PWE for
successful SAE authentication. The PT derivation will be skipped in
wpa_s_setup_sae_pt() if PT is already available for that SSID.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Though both 5 GHz channels and 6 GHz channels report the mode as
HOSTAPD_MODE_IEEE80211A, there is a possibility of different HT/VHT/HE
capabilities being available between these bands. Use get_mode() to
obtain correct capabilities to cover cases where the driver reports
different capability values for the 5 GHz and 6 GHz channels.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Determine if the TDLS peer supports TDLS in 6 GHz band based on the HE 6
GHz Band Capabilities element received in the TDLS Setup Response frame.
Indicate the peer's HE 6 GHz capabilities to the driver through
sta_add().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
External applications can store PMKSA entries persistently and
reconfigure them to wpa_supplicant after restart. This can result in
wpa_supplicant having a PMKSA for FILS authentication without having
matching ERP keys for it which would prevent the previously added
mechanism for dropping FILS PMKSA entries to recover from rejected
association attempts.
Fix this by clearing PMKSA entries configured by external applications
upon FILS connection failure even when ERP keys are not available.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
wpa_supplicant generates both a PMKSA cache entry and ERP keys upon
successful FILS connection and uses FILS authentication algorithm for
subsequent connections when either ERP keys or a PMKSA cache entry is
available.
In some cases, like AP/RADIUS server restart, both ERP keys and PMKSA
becomes invalid. But currently when an AP rejects an association,
wpa_supplicant marks only ERP keys as failed but not clearing PMKSA.
Since PMKSA is not cleared, consecutive connection attempts are still
happening with FILS authentication algorithm and connection attempts are
failing with the same association rejection again instead of trying to
recover from the state mismatch by deriving a new ERP key hierarchy.
Clear PMKSA entries as well on association rejection from an AP to allow
the following connection attempt to go with open authentication to
re-establish a valid ERP key hierarchy. Also, since clearing PMKSA
entries on unprotected (Re)Association Response frames could allow DoS
attack (reduce usability of PMKSA caching), clear PMKSA entries only
when ERP keys exists.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
CTRL-EVENT-AUTH-REJECT reporting was previously skipped when going
through SAE-specific Authentication frame handling. Add this event here
as well to be more consistent with control interface events.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use WPA3-Personal (SAE+PMF) for P2P connections in the 6 GHz band to
enable the Wi-Fi Display use case on the 6 GHz band without having to
use WPA2-Personal (PSK) on that new band.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Previously, 6 GHz channels were disabled for P2P operations. Use the new
allow_6ghz parameter with P2P_CONNECT, P2P_GROUP_ADD, and P2P_INVITE
commands for P2P connection on the 6 GHz channels when Wi-Fi Display is
enabled on both the devices.
However, the p2p_6ghz_disable parameter in the configuration takes a
higher precedence.
Indicate P2P 6 GHz band capable information in Device Capability Bitmap
of P2P Capability attribute to indicate the P2P Device is capable of P2P
operation in the 6 GHz band.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Introduce a new allow_6ghz parameter with P2P_CONNECT, P2P_GROUP_ADD,
and P2P_INVITE commands for P2P connection on the 6 GHz channels when
Wi-Fi Display is enabled on both the devices. This commit is only adding
the interface change without changing any actual P2P functionality.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Previously, the 6 GHz channels were disabled for P2P operations.
Introduce a new include_6ghz parameter for the P2P_FIND command to
configure P2P discovery on the 6 GHz channels.
However, the p2p_6ghz_disable parameter in the configuration takes a
higher priority. If the p2p_6ghz_disable parameter is not set in the
configuration, include_6ghz parameter can be used to enable or disable
the discovery operation in the 6 GHz channels for the P2P_FIND command.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Extend the previously 5 GHz specific 80 and 160 MHz channels helper
functions to support 6 GHz channels.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Do not skip scan results with zero length SSID (i.e., a hidden SSID)
when searching for potential BSS transition candidates since such
entries might be for the same ESS (i.e., for the current SSID). Use only
the BSSID check for such cases.
Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
This helper function returns enum chan_allowed values, so use it as the
return type instead of unnecessarily generic int.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
It is safer to remove and free these entries with a shared helper
function to avoid issues with potentially forgetting to unregister or
free something if this structure is extended in the future.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When a STA makes an association request that is rejected by an OCE AP
due to the RSSI being insufficient, the AP is added to the driver
disallow list by wpa_set_driver_tmp_disallow_list().
Once the AP increases TX power which makes the AP RSSI higher than
Association Rejection RSSI threshold, the AP is supposed to be removed
from the driver disallow list but that was not the case.
wpa_is_bss_tmp_disallowed() is called in the scan result handler, so it
is the best place to put the logic of removing the AP from the driver
disallow list with sufficient AP RSSI.
This is needed with drivers that use the temporarily disallowed BSS list
(which is currently supported only with a QCA vendor command). The
wpa_supplicant internal functionality was already taking care of this
with the wpa_is_bss_tmp_disallowed() return value even for cases where
the entry remaining in the list.
Signed-off-by: Hu Wang <huw@codeaurora.org>
APs in 6 GHz operating with LPI/VLP rules will have significantly lower
SNR values compared to 2.4/5 GHz band APs. Earlier, the estimated
throughputs were used for comparison only when the delta of SNRs between
both the APs was not greater than 7 and as a result for comparing 6 GHz
APs with 2.4/5 GHz APs, estimated throughputs were not getting used.
The estimated throughput calculations takes SNR value also into
consideration, hence remove RSSI delta check if any of the APs are from
the 6 GHz band. This change is limited to the 6 GHz band only in order
to avoid possible regressions with 2.4/5 GHz APs.
Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
This makes it convenient for an external test script to use
ext_eapol_frame_io=1 to delay and/or modify transmission of EAPOL-Key
msg 1/4 without having to use separate frame injection mechanisms.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Prefer 6 GHz APs when estimated throughputs are equal with APs from the
2.4/5 GHz bands while selecting APs for connection. Also add a 6 GHz
specific noise floor default value for the 6 GHz band (with the same
value as was used for 5 GHz previously) to make this step clearer.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support to consider HE rates while estimating throughputs for the
scan results from HE enabled APs. HE 0.8 usec GI rates are used in all
tables. The minimum SNR values for HE rates (1024-QAM) are derived by
adding the existing minimum SNR values of 256-QAM rates from VHT tables
and the difference between the values of minimum sensitivity levels of
256-QAM rates and 1024-QAM rates defined in Table 27-51 (Receiver
minimum input level sensitivity) in IEEE P802.11ax/D8.0.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support to calculate estimated throughputs for APs which support the
160 MHz (including 80+80 MHz) mode in VHT. The minimum SNR values for
VHT 160 MHz mode are derived from minimum SNR values used for VHT 80 MHz
mode + 3 dBm. The min-SNR values are derived relatively based on the
information that the minimum sensitivity levels defined in Table 21-25
(Receiver minimum input level sensitivity) in IEEE Std 802.11-2020 for
the 160 MHz mode are higher by 3 dBm compared to the values of the 80
MHz mode for each rate.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add checks for features supported by the specific hardware mode of the
local device that has the channel for which the throughput is being
estimated instead of assuming the local device supports all optional
features. This is more accurate for cases where the local capabilities
might differ based on the band. In addition, this is in preparation for
extending rate estimates to cover optional VHT and HE features.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When the driver provides a list of supported modes, chan6 ended getting
added even if the 2.4 GHz mode was not included. This resulted in
incorrect behavior of trying to transmit on a not supported channel in
case of 5 GHz only radios.
Fix this by adding the channel 6 by default only if the driver does not
provide a list of supported modes. Whenever the supported modes are
available, only add this channel if it is explicitly listed as an
enabled channel.
Fixes: 8e5739c3ac ("DPP2: Check channel 6 validity before adding it to chirp channel list")
Signed-off-by: Kani M <kanisumi@codeaurora.org>
Simplify the implementation by using shared functions for parsing the
capabilities instead of using various similar but not exactly identical
checks throughout the implementation.
Signed-off-by: Jouni Malinen <j@w1.fi>
IEEE Std 802.11-2020 mandates H2E to be used whenever an SAE password
identifier is used. While this was already covered in the
implementation, the sae_prepare_commit() function still included an
argument for specifying the password identifier since that was used in
an old test vector. Now that that test vector has been updated, there is
no more need for this argument anymore. Simplify the older non-H2E case
to not pass through a pointer to the (not really used) password
identifier.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Do so for both wpa_supplicant and hostapd. While this was not explicitly
required in IEEE P802.11az/D3.0, likely direction for the draft is to
start requiring use of H2E for all cases where SAE is used with PASN.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
When a PTK derivation is done as part of PASN authentication flow, a KDK
derivation should be done if and only if the higher layer protocol is
supported by both parties.
Fix the code accordingly, so KDK would be derived if and only if both
sides support Secure LTF.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Commit 3ab35a6603 ("Extend EAPOL frames processing workaround for
roaming cases") added a work around to address the issue of EAPOL frame
reception after reassociation replied to with an incorrect destination
address (the BSSID of the old AP). This is due to association events and
EAPOL RX events being reordered for the roaming cases with drivers that
perform BSS selection internally.
This mechanism relies on the fact that the driver always forwards the
EAPOL handshake to wpa_supplicant after the roaming (sets
last_eapol_matches_bssid during the EAPOL processing and resets on the
assoc/reassoc indication).
The above approach does not address the case where the driver does the
EAPOL handshake on the roam, indicating the authorized status to
wpa_supplicant but also forwards the EAPOL handshake to wpa_supplicant
for few other roam attempts. This is because the flag
last_eapol_matches_bssid is not set with the roam+authorized event from
the driver. Thus, the next reorder of roam and EAPOL RX events would
miss this workaround.
Address this by setting last_eapol_matches_bssid=1 on a roam+authorized
event from the driver.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
wpa_supplicant_ctrl_iface_deinit() was executed only if the
per-interface control interface initialization had been completed. This
is not the case if driver initialization fails and that could result in
leaving behind references to the freed wpa_s instance in a corner case
where control interface messages ended up getting queued.
Fix this by calling wpa_supplicant_ctrl_iface_deinit() in all cases to
cancel the potential eloop timeout for wpas_ctrl_msg_queue_timeout with
the reference to the wpa_s pointer. In addition, flush any pending
message from the global queue for this interface since such a message
cannot be of use after this and there is no need to leave them in the
queue until the global control interface gets deinitialized.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This is a 2 octet field, so need to use WPA_GET_LE16() here instead of
using only the first octet of the value.
Fixes: bbd3178af4 ("MSCS: Add support to process MSCS Response frames")
Signed-off-by: Jouni Malinen <j@w1.fi>
Process the received comeback cookie and retry automatically if the AP
allows this. Otherwise, provide the cookie to upper layers to allow a
later attempt with the cookie.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The new wpa_supplicant control interface command "PASN_DEAUTH
bssid=<BSSID>" can now be used to flush the local PTKSA cache for the
specified BSS and to notify the AP to request it to drop its PTKSA as
well.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
For testing purposes, add support for corrupting the MIC in PASN
Authentication frames for both wpa_supplicant and hostapd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
When a public key is included in the PASN Parameters element, it should
be encoded using the RFC 5480 conventions, and thus the first octet of
the Ephemeral Public Key field should indicate whether the public key is
compressed and the actual key part starts from the second octet.
Fix the implementation to properly adhere to the convention
requirements for both wpa_supplicant and hostapd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
An EAPOL frame may be pending when wpa_supplicant requests to
deauthenticate. At this stage the EAP SM cache is already cleaned by
calling eapol_sm_invalidate_cached_session(). Since at this stage the
wpa_supplicant's state is still set to associated, the EAPOL frame is
processed and results in a crash due to NULL dereference.
This wasn't seen previously as nl80211 wouldn't process the
NL80211_CMD_CONTROL_PORT_FRAME, since wpa_driver_nl80211_mlme() would
set the valid_handler to NULL. This behavior was changed in commit
ab89291928 exposing this race.
Fix it by ignoring EAPOL frames while the deauthentication is in
progress.
Fixes: ab89291928 ("nl80211: Use process_bss_event() for the nl_connect handler")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add the address family when manually constructing IPv4 addresses in
eapol_test on Windows. Otherwise other functions, like hostapd_ip_txt()
in src/utils/ip_addr.c, that rely on addr->af being set fail miserably.
The non-Windows option uses hostapd_parse_ip_addr() which does this as
part of the helper function.
Signed-off-by: Stefan Paetow <oss@eons.net>
This adds new control interface commands TWT_SETUP and TWT_TEARDOWN. For
now, these are only for testing purposes to be able to trigger
transmission of the TWT Action frames without configuring any local
behavior for TWT in the driver.
Signed-off-by: Ben Greear <greearb@candelatech.com>
The roam D-Bus and ROAM control itnerface commands flip the reassociate
bit before calling wpa_supplicant_connect(). wpa_supplicant connect
eventually aborts ongoing scans (if any), which causes scan results to
be reported. Since the reassociate bit is set, this will trigger a
connection attempt based on the aborted scan's scan results and cancel
the initial connetion request. This often causes wpa_supplicant to
reassociate to the same AP it is currently associated to instead of the
explicitly requested roaming target.
Add a roam_in_progress flag to indicate that we're currently attempting
to roam via an explicitly request to a specific BSS so that we don't
initiate another connection attempt based on the possibly received scan
results from a scan that was in progress at the time the roam command
was received.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
The wpa_ie buffer is now allocated here and needs to be freed before
returning from the function.
Fixes: d2ba0d719e ("Move assoc param setting into a helper function")
Signed-off-by: Jouni Malinen <j@w1.fi>
Use a shared code path for freeing the wpa_ie buffer to avoid
unnecessary complexity with a separate return for the non-FILS case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Build eap_*.so into the wpa_supplicant similarly with the wpa_supplicant
binary and include the shared helper functions from additional files
into the builds. This got broken at some point with the build system
changes.
Signed-off-by: Jouni Malinen <j@w1.fi>
These frames are used for verifying that a specific SA and protected
link is in functional state between two devices. The IEEE 802.11
standard defines only a case that uses individual MAC address as the
destination. While there is no explicit rule on the receiver to ignore
other cases, it seems safer to make sure group-addressed frames do not
end up resulting in undesired behavior. As such, drop such frames
instead of interpreting them as valid SA Query Request/Response.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
For an autonomous P2P group on the 5 GHz band, a channel was picked only
from the operating class 115 which is not available in the EU region
anymore. As a result, an autonomous group creation would always fail in
this generic 5 GHz channel case.
There are more possible available channels for the 5 GHz currently.
Especially in the EU region, the operating class 115 channels are no
longer available, but SRD channels (the operating class 124) are
available. Allow them to be used here if they are marked as allowed for
P2P GO use.
In addition, iterate through all the potential options instead of just
checking the first randomly picked channel. Start this iteration from
random position to maintain some randomness in this process.
Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
Determine if the TDLS peer is HE capable based on HE Capability element
received in the TDLS Setup Response frame. Indicate the peer's HE
capabilities to the driver through sta_add().
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
The TX event for the next frame in the sequence might be received before
the TX status for the final GAS response frame is processed. This used
to result in the Config Result getting discarded and the negotiation not
completing successfully on the Configurator side.
Accept the Config Result message as an indication of the final GAS
response frame having went through fine even if the TX status has not
yet been processed to avoid this issue from a potential race condition
on kernel events.
Signed-off-by: Jouni Malinen <j@w1.fi>
Don't use 'protected' as the name of the variable in bss.h since this
might be used in control interfaces that use C++.
Fixes: 1c77f3d3f9 ("Indicate whether additional ANQP elements were protected")
Signed-off-by: Jouni Malinen <j@w1.fi>
These defines are for the capability bit number, not the binary value
from the bit index. As such, need to use BIT() here to set the bitmap
appropriately.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
extra_buf allocation was missed in one of the error cases.
Fixes: 170775232d ("ANQP: Add support to specify frequency in ANQP_GET command")
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When the driver SME is used, offloaded RSN handshakes like SA Query, GTK
rekeying, FT authentication, etc. would fail if wpa_supplicant enables
OCV in initial connection based on configuration but the driver doesn't
support OCV. To avoid such failures check the driver's capability for
enabling OCV when the driver SME used.
This commit also adds a capability flag for indicating OCV support
by the driver.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Set conf.force_kdk_derivation within the same if block as all the other
parameters. This is used only if ssid is not NULL, so no need to have
any special handling for this parameter.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Enabling beacon protection will cause STA connection/AP setup failures
if the driver doesn't support beacon protection. To avoid this, check
the driver capability before enabling beacon protection.
This commit also adds a capability flag to indicate beacon protection
support in client mode only.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Prior to this patch, we failed to recreate bit-by-bit identical
copies of wpa_supplicant because it doesn't generate reproducible manpages.
Since the latest version(0.6.14-3 or new) of docbook-utils have already
support getting the date from sgml file [1], it is possible to make some
progress on the "reproducible builds" effort [2].
[1]: https://sources.debian.org/patches/docbook-utils/0.6.14-3
[2]: https://reproducible-builds.org
Signed-off-by: Hu Keping <hukeping@huawei.com>
It was not easily possible to separate configuration of an interface and
credentials when using the configuration file instead of the control
interface or D-Bus interface for setting up the network profiles. This
makes it hard to distribute configuration across a set of nodes which
use wpa_supplicant without also having to store credentials in the same
file. While this can be solved via scripting, having a native way to
achieve this would be preferable.
Turns out there already is a framework to have external password
storages. It only had a single "test" backend though, which is kind of
an in-memory store which gets initialized with all passwords up front
and is mainly for testing purposes. This isn't really suitable for the
above use case: the backend cannot be initialized as part of the central
configuration given that it needs the credentials, and we want to avoid
scripting.
This commit thus extends the infrastructure to implement a new backend,
which instead uses a simple configuration file containing key-value
pairs. The file follows the format which wpa_supplicant.conf(5) uses:
empty lines and comments are ignored, while passwords can be specified
with simple `password-name=password-value` assignments.
With this new backend, splitting up credentials and configuration
becomes trivial:
# /etc/wpa_supplicant/wpa_supplicant.conf
ext_password_backend=file:/etc/wpa_supplicant/psk.conf
network={
ssid="foobar"
psk=ext:foobar
}
# /etc/wpa_supplicant/psk.conf
foobar=ecdabff9c80632ec6fcffc4a8875e95d45cf93376d3b99da6881298853dc686b
Alternative approaches would be to support including other configuration
files in the main configuration, such that common configuration and
network declarations including credentials are split up into separate
files. But the implementation would probably have been more complex
compared to reusing the already-existing framework for external password
backends.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
The function wpa_config_get_line() is used by the wpa_supplicant config
file parser to retrieve the next non-comment non-blank line. We'll need
the same kind of functionality to implement the file-based external
password backend, so as a preparatory step this commit extracts the
function into its own standalone file in the utils package.
No functional changes are expected from this commit.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Number of the P2P+NFC test cases have been failing every now and then
and those failures seemed to be because of having somehow managed to
select the GO's operating channel as HT40+ on the channel 11 in the 2.4
GHz band, i.e., something that is clearly incorrect. The P2P check for
HT40 secondary channel is supported only on the 5 GHz band, so drop HT40
configuration if it shows up unexpectedly on the 2.4 GHz band to avoid
issues in GO being able to start.
Signed-off-by: Jouni Malinen <j@w1.fi>
There's a chance that prior to config reload being requested a scan work
was started. As such forcing wpa_supplicant to WPA_DISCONNECTED was
removing any hints that the actual driver is busy with work. That led to
wpa_supplicant reporting "Failed to initialize AP scan" over and over
again for a few seconds (depending on driver/capabilities) until the
untracked scan finished.
Cancelling a scan isn't really a solution because there's a bunch of
scanning state bits sprinkled across wpa_supplicant structure and they
get updated as driver events actually flow in in async manner.
As far as I can tell this is only preventing unnecessary warning
messages. This doesn't seem like it was crippling any logic per se.
Signed-off-by: Michal Kazior <michal@plume.com>
The chirp scan could override the scan_res_handler. This could lead to
wpa_supplicant getting stuck in a scanning state while not scanning at
all until forced to, e.g., via an explicit SCAN control command.
The condition for trigerring this problem in my testing was when
(interface_count % 3) == 2. This introduced a two second delay before
actual scan was triggered after starting the wpa_supplicant instance up.
If DPP chirping was requested fast enough, in between the queueing and
triggering, it would punt the scan request, never to be resumed again.
Chirp scan handler wouldn't resume it leaving wpa_supplicant
inadvertently idle.
Signed-off-by: Michal Kazior <michal@plume.com>
Previously, the channel number was set in hostapd_freq_params only with
the presence of HT capabilities. Set the channel number before the check
for HT mode to accommodate the 6 GHz band cases.
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
hostapd was already exposing this. There's no reason not to expose it in
wpa_supplicant. This allows 3rd party apps interacting with the control
interface to handle DPP events to get configs instead of needing to
dance around with update_config=1 and SAVE_CONFIG.
Signed-off-by: Michal Kazior <michal@plume.com>
hostapd was already exposing this. There's no reason not to expose it in
wpa_supplicant. This allows 3rd party apps interacting with the control
interface to handle DPP events to get configs instead of needing to
dance around with update_config=1 and SAVE_CONFIG.
Signed-off-by: Michal Kazior <michal@plume.com>
The Authentication Request frames triggered by the reception of a
Presence Announcement frame were sent to the broadcast address. This is
not correct behavior since the source MAC address of the Presence
Announcement frame was supposed to override the Responder MAC address.
Fix this by using that source MAC address to avoid unnecessary use of
broadcast frames.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The static function is_chanwidth160_supported() is called only within
CONFIG_P2P block so the function itself needs to have matching condition
for build.
Fixes: ed24bad1d9 ("AP: Check driver support while auto-selecting bandwidth for AP/P2P GO")
Signed-off-by: Jouni Malinen <j@w1.fi>
Use more accurate INTERWORKING_EXCLUDED for this. The actual event
prefix is not changed to remains compatible with external components
using this control interface event message.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use a more specific name for the control interface command used for
managing the list of BSSIDs that are temporarily ignored.
Signed-off-by: Jouni Malinen <j@w1.fi>
Rename the network profile parameters bssid_blacklist and
bssid_whitelist to bssid_ignore and bssid_accept to use more specific
names for the configuration of which BSSs are ignored/accepted during
BSS selection. The old parameter names are maintained as aliases for the
new names to avoid breaking compatibility with previously used
configurations.
Signed-off-by: Jouni Malinen <j@w1.fi>
For Android the default value of 5 seconds is usually too short for
scan results from last scan initiated from settings app to be
considered for fast-associate. Make the fast-associate timer value
configurable so that a suitable value can be set based on a systems
regular scan interval.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
wpa_supplicant does not send a D-Bus notification of the BSS frequency
change when a CSA happens. Sending a PropertyChanged signal with the
updated frequency will notify the network manager quickly, instead of
waiting for the next scan results.
Signed-off-by: Arowa Suliman <arowa@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Add option 2 to the p2p_device_random_mac_addr configuration option to
support device drivers which use by default random MAC adresses when
creating a new P2P Device interface (for instance, the BCM2711 80211
wireless device driver included in Raspberry Pi 4 Model B). In such
case, this option allows to create the P2P Device interface correctly
when using P2P permanent groups, enabling wpa_supplicant to reuse the
same MAC address when re-invoking a P2P permanent group.
update_config=1 is required.
Signed-off-by: Ircama <amacri@tiscali.it>
Use the helper instead of open-coding the check. Since the
helper doesn't handle a NULL BSS, keep that extra check.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The wpa_bss structure's last element is an empty array. The forgotten
code here assumed that the array of IEs was contiguous to the wpa_bss
structure. This is not always the case anymore. Update this missed case
to use the new wpa_bss_ie_ptr() wrapper to send the correct array of IEs
over DBus.
Fixes: be7ee264f6 ("BSS: Use wrapper function for getting a pointer to the IE buffer")
Signed-off-by: Brad Kemp <brad at beechwoods.com>
Currently, the external_scan_running flag is not reset when an interface
is removed. Thus, if a connection attempt is made on another iface, it
will fail due to wpa_supplicant incorrectly assuming the radio is still
busy due to the ongoing scan.
To fix this, convert external_scan_running to a pointer to the interface
that started the scan. If this interface is removed, also reset the
pointer to NULL so that other operations may continue on this radio.
Test:
1. Start scan on wlan0
2. Remove wlan0
3. Can connect to a network on wlan1
Signed-off-by: David Su <dysu@google.com>
Derive the KDK as part of PMK to PTK derivation if forced by
configuration or in case both the local station and the AP declare
support for secure LTF.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
IEEE P802.11az/D2.6 added definitions to include RSNXE in the PASN
negotiation. Implement the new functionality in both wpa_supplicant and
hostapd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add support for PASN authentication with FT key derivation:
- As IEEE P802.11az/D2.6 states that wrapped data is optional and
is only needed for further validation of the FT security parameters,
do not include them in the first PASN frame.
- PASN with FT key derivation requires knowledge of the PMK-R1 and
PMK-R1-Name for the target AP. As the WPA state machine stores PMK-R1,
etc. only for the currently associated AP, store the mapping of
BSSID to R1KH-ID for each previous association, so the R1KH-ID
could be used to derive PMK-R1 and PMK-R1-Name. Do so instead
of storing the PMK-R1 to avoid maintaining keys that might not
be used.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
As the PASN FILS authentication is only defined for FILS SK without PFS,
and to support PASN authentication with FILS, implement the PASN with
FILS processing as part of the PASN handling and not as part of the WPA
state machine.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add PASN implementation to wpa_supplicant
1. Add functions to initialize and clear PASN data.
2. Add functions to construct PASN Authentication frames.
3. Add function to process PASN Authentication frame.
4. Add function to handle PASN frame TX status.
5. Implement the station side flow processing for PASN.
The implementation is missing support for wrapped data and PMKSA
establishment for base AKMs, and only supports PASN authentication or
base AKM with PMKSA caching.
The missing parts will be added in later patches.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
PASN requires to store the PTK derived during PASN authentication
so it can later be used for secure LTF etc. This is also true
for a PTK derived during regular connection.
Add an instance of a PTKSA cache for each wpa_supplicant
interface when PASN is enabled in build configuration.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
1. Add a function to derive the PTK from a PMK and additional data.
2. Add a function to calculate the MIC for a PASN frames.
3. Add a function to compute the hash of an authentication frame body.
The above are built only in case that CONFIG_PASN is enabled at build
time.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Extend the wpa_pmk_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.
Update the wpa_supplicant and hostapd configuration and the
corresponding WPA and WPA Auth state machine, to allow enabling of KDK
derivation. For now, use a testing parameter to control whether KDK is
derived.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add support for new channels 173 and 177 in the operating classes 125 to
130 as defined in draft IEEE P802.11ax/D8.0.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
After sending DPP Auth Response, the Responder might not receive the
Auth Confirm either due to the Initiator not sending it or the reception
of the frame failing for some reason (e.g., Responder having already
left the negotiation channel). If this happens, following initiation
attempts would fail since the consecutive Auth Request would get
discarded since the previous authentication is still in progress.
Terminate DPP authentication on Responder, if no Auth Confirm is
received within one second of successfully sending Auth Response. This
allows the Responder to accept start of a new exchange.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Commit 02c21c02d0 ("wpa_supplicant: Do not disconnect on deinit if
WoWLAN is enabled") prevents the disconnection on deinit if the driver
indicates that WoWLAN is enabled. This is not the expected behavior in
some earlier use cases where the wpa_supplicant process is left running
when going to sleep and killing of the wpa_supplicant process is used
only when there is an expectation of Wi-Fi connection being disabled.
To support the use cases which require the WLAN to disconnect on deinit
even if WoWLAN is enabled, introduce a configuration parameter
wowlan_disconnect_on_deinit. This is set to 0 by default thereby not
impacting the functionality in the above mentioned commit. Setting it to
1 restores the old behavior before the commit identified above.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Export a new 'suiteb192' capability to indicate that wpa_supplicant was
built with WPA-EAP-SUITE-B-192 support and accepts
'key_mgmt=WPA-EAP-SUITE-B-192'.
Signed-off-by: Antonio Cardace <acardace@redhat.com>
WPS_EVENT_OVERLAP case was missing on wpa_cli_action_process function in
wpa_cli.c, so when the overlap event occurs, there was no event message
sent to the action script. Add this event case to the function.
Signed-off-by: Berkay Ercan <berkay.ercan@airties.com>
Signed-off-by: Veli Demirel <veli.demirel@airties.com>
When STA is performing roam from WPA3 AP to WPA2 AP, the STA was
including key mgmt FT-SAE instead of FT-PSK in FT Authentication request
RSNE when using driver-based SME. This is because the RSNE/MDE/FTE were
updated and forwarded to the driver using the NL80211_CMD_UPDATE_FT_IES
command before updating key mgmt properly. Because of this, the AP is
rejecting FT Authentication request with WLAN_REASON_UNSPECIFIED reason
code which is due to the invalid keymgmt in RSNE.
Fix this by reordering IE population to happen earlier in the sequence
so that the updated key mgmt information can be provided when using
NL80211_CMD_UPDATE_FT_IES.
Signed-off-by: Shiva Sankar Gajula <sgajula@codeaurora.org>
Add user configured vendor IEs for Probe Request frames to default scan
IEs so that these IEs will be included in the Probe Request frames for
the scans issued also by components other than wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Android has a mechanism to extend the driver interface in vendor
specific ways. This implementation of the vendor interface is done in
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB). Extend this to allow the vendor
events to be provided to this library to facilitate the event
processing.
Introduce a new board configuration via
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB_EVENT) rather than reusing
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB) to enable this event handling in the
private library. This is to avoid compilation issues for
wpa_driver_nl80211_driver_event() with the already existing private
library implementations defined with
$(BOARD_WPA_SUPPLICANT_PRIVATE_LIB).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When an external scan is in progress on the same radio, delay the P2P
search operation based on configuration parameter p2p_search_delay. The
"search_delay" configuration done through p2p_find always takes
precedence over this delay value set due to an external scan trigger.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add a handler to notify failures to fetch the scan results and provide
an option to override default behavior of requesting a new scan in one
second in such an error condition. Use this new handler mechanism to
continue the p2p_find operation (by invoking p2p_scan_res_handled) for
an interim scenario where the p2p_scan attempt fails to get the scan
results from the driver which can happen, e.g., if there are parallel
updates to the cfg80211 scan results.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If there is a disconnect command from wpa_supplicant immediately after
the driver sends a connection event to userspace but before that event
is received and processed by wpa_supplicant, wpa_supplicant processes
the disconnect command and a self-generated disconnected event first
followed by the connected event received from the driver. As a result
wpa_supplicant moves to the WPA_COMPLETED state. Whereas the driver
processes the disconnect command received from wpa_supplicant after it
sends the connected event and moves to the disconnected state. Due to
this race between the disconnect command from wpa_supplicant and the
connected event from the driver, wpa_supplicant is moving to the
connected state though the driver is moving to the disconnected state
which results in abnormal functionality.
Ignore the connection event coming from the driver when wpa_supplicant
is not trying to connect after a disconnect command is issued but before
the next connect command is issued to fix the above mentioned race
condition.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Replace the implicit boolean checks that used int variables with use of
a more explicit bool variable type.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Support possible band combinations of 2.4 GHz, 5 GHz, and 6 GHz with
QCA_WLAN_VENDOR_ATTR_SETBAND_MASK attribute. Ensure backwards
compatibility with old drivers that are using
QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE attribute and supporting only 2.4 GHz
and 5 GHz bands.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
This functionality was repeated for couple of times. Use a shared helper
function to avoid code duplication.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
When the driver sends a CQM RSSI threshold event, wpa_supplicant queries
the driver for the signal and noise values. However, it is possible that
by that time the station has already disconnected from the AP, so these
values are no longer valid. In this case, indicate that these values are
invalid by setting them to WPA_INVALID_NOISE.
Previously a value of 0 would be reported, which may be confusing as
this is a valid value.
Since nl80211_get_link_signal() and nl80211_get_link_noise() already set
invalid values for a case of failure, just use the value set by these
functions even if they fail.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Add initial_freq_list to wpa_supplicant configuration. This option
allows wpa_supplicant to scan a smaller list of frequencies when it
starts. This in turn allows for a faster connection to an already known
network. This limit applies only for the initial scan operation and does
not restrict other channels from being used in consecutive scans.
Tests have shown this to reduce the amount of time for connecting to a
network from roughly 3 seconds to roughly 0.1 second.
Signed-off-by: Frederik Juul <frederik.juul@3shape.com>
The hostapd DFS code deinitializes and initializes the AP interface, if
a clean channel switch is not possible. In this case the AP code paths
would deinit the driver, for example nl80211, without wpa_supplicant
code paths getting notice of this.
Therefore add callbacks for wpa_supplicant mesh methods, which are
called on init/deinit of the AP BSS. These callbacks are then used to
handle the reset in the mesh code.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Send mesh group started notification after join completion
callback is called.
Implement outstanding TODO, to leave the mesh network on deinit.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Only change freq params, if ifmsh->freq is set initially, which only
happens if hostapd_get_hw_features in setup_interface2 succeeds.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
The kernel requires indication of DFS handler residing in user space
(NL80211_ATTR_HANDLE_DFS) to enable DFS channels.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
Mesh interface would have used its channel parameters that were
configured during initialization even after channel switch due to DFS
radar detection during CAC which could result in a channel switch error.
Fix the error by updating the channel parameters when channel has been
changed from the initial one.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
ssid->frequency is one of the variables used to get the channel number
from a given frequency. Leaving it as unchanged when pri/sec channel
switch will cause picking up a wrong channel number after applying the
secondary channel offset for HT40 and leads to failing interface
bring-up.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
Mesh join function is the last function to be called during mesh join
process, but it's been called a bit earlier than it's supposed to be, so
that some mesh parameter values such as VHT capabilities were not
applied correct when mesh join is in process. Moreover, the current
design of mesh join that is called directly after mesh initialization
isn't suitable for DFS channels to use, since mesh join process should
be paused until DFS CAC is done and resumed after it's done.
The callback will be called by hostapd_setup_interface_complete_sync().
There is a possibility that completing mesh init fails, so add error
handling codes for that.
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
If the maximum operating channel width for AP/P2P GO is not specified,
it is auto-selected during configuration. While selecting the channel
width, if VHT is supported and 160 MHz channels are available, 160 MHz
channel width is preferred to 80 MHz.
During the selection of the channel width, the corresponding driver
capabilities were not checked. As a result, the AP/P2P GO configuration
was set to use the available 160 MHz channels even if the driver did not
have capability to support the 160 MHz channel width causing failure to
start the AP/P2P GO.
Fix this by checking the driver support for the 160 MHz channel width
while selecting the channel width for AP/P2P GO.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Store information on whether extra ANQP elements were received using the
protection alternative (protected GAS during an association using PMF)
and make this available through the control interface BSS command.
For example:
anqp[277]=<hexdump>
protected-anqp-info[277]=1
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Replace the previously used design "(u8 *) (bss + 1)" with a variable
length array at the end of struct wpa_bss bss->ies[] in hopes of making
this easier to understand for static analyzers.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This makes it easier to change the internal struct wpa_bss design for
storing the variable length IE buffers.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This removes need from the callers to know the struct wpa_bss details
for the location of the memory area for storing the IEs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use NL80211_ATTR_SAE_PWE attribute to indicate the sae_pwe value
to the driver during the NL80211_CMD_START_AP and NL80211_CMD_CONNECT
in WPA3-Personal networks which are using SAE authentication.
Signed-off-by: Rohan Dutta <drohan@codeaurora.org>
Previously, the configuration to disable the 6 GHz band remained local
to the P2P interface. With this there is a possibility of 6 GHz channels
being included in the channel list when the channel list needs to be
updated if the state changes on one of the interfaces.
Include the configuration to disable the 6 GHz band for P2P as a global
configuration value to prevent the inclusion of 6 GHz channels in the
channel list for P2P when the channel list needs to be updated during
the state change in one of the interfaces.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Add support to report a vendor specific connect fail reason code fetched
from the driver to users by adding the reason code to the event
CTRL-EVENT-ASSOC-REJECT. Fetch the connect fail reason code when the
driver sends a failure connection result and append the reason code, if
available, to assoc reject event.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The newer kernel versions enforce strict netlink attribute policy
validation and will cause cfg80211 to reject vendor commands with
NL80211_ATTR_VENDOR_DATA if NLA_F_NESTED attribute is not set but
if the vendor command is expecting nested data within
NL80211_ATTR_VENDOR_DATA attribute.
Most of the earlier instances were addressed by adding NLA_F_NESTED
flag in nla_nest_start(). This commit addresses the remaining
instance in which NL80211_ATTR_VENDOR_DATA is populated using data
set by user through the control interface.
Enhance the control interface VENDOR command to indicate whether the
vendor subcommand uses nested attributes within NL80211_ATTR_VENDOR_DATA
attribute or not.
Set NLA_F_NESTED flag for existing QCA vendor commands which use nested
attributes within the NL80211_ATTR_VENDOR_DATA attributes so that the
old frameworks implementations for already existing commands work
without any issues.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use the common IE parsing routine in hope of trying to make the length
checks easier for static analyzers. In addition, try to make the
*_vendor_ie_multi() cases easier to analyze as well even though they
cannot use for_each_element_id().
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Report failures at lower layer to the upper layer D-Bus handling of
socket registration to allow failures to be addressed more cleanly.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use the common IE parsing routine in hope of trying to make the length
checks easier for static analyzers.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This extends the changes in commit 0570a3ea7d ("HS 2.0: Clarify OSU
Provider list length validation") to cover the length field for the OSU
Friendly Name value to try to get this easier for static analyzers to
understand.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Commit e8b85c078e ("iface match: Unspecified matched interfaces should
not log driver fails") removed the only use of the added interface wpa_s
pointer, but left that pointer setting in place. Remove it to keep
static analyzers happy.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add support for missing 6 GHz operating classes as defined in
IEEE P802.11ax/D7.0.
This is needed to avoid OCV failures on the 6 GHz band when the channel
width is larger than 20 MHz.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Consider the BSS entry that is pending for the P2P group join operation
also as a known network along with the existing configured networks.
This prevents removal of the BSS entry that is still in the process of
P2P join operation from the BSS table when the number of entries exceed
bss_max_count.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
The dynamically created P2P group interface did not consider the
channels that can be used by the P2P client during the P2P group
formation. Copy the p2p_add_cli_chan parameter while cloning the
configuration to the P2P group interface. This allows the dynamically
created group interface case to form the group in the specific
client-only channels when the device is a P2P client in the group.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
pos can't be NULL in wpa_global_config_parse_str(), so there is no point
checking this, especially when pos was already dereferenced earlier.
Remove the redundant conditions.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Don't print potentially uninitialized variables in wpa_ctrl_command_bss().
Some compilers and analyzers may warn about it.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Fix compilation without CONFIG_P2P and only set secondary channel seg
idx if we use a mode supporting a sec channel for VHT/HE.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Fix pointer sent for decapsulating subelements from MSCS descriptor
IE while processing (re)association response frames.
Fixes: af8ab3208d ("MSCS: Parse result of MSCS setup in (Re)Association Response frames")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Enable VHT and HE as default config parameters in order for
wpa_supplicant AP mode to use it, if hw support is given.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Add some missing pieces to the interface configuration of AP/mesh mode
in wpa_supplicant.
- check for secondary channel and HT40 capability
- try to downgrade to IEEE 802.11b if 802.11g is not available
Especially with the HT40 check, this code now performs all settings,
which the deleted/duplicated mesh code did.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
wpa_supplicant_conf_ap_ht() has to happen before
hostapd_setup_interface() in order for its configuration settings to
have effect on interface configuration.
Disable primary and secondary channel switch because of missing tie
breaking rule/frames in mesh networks. A rather long comment about
this issue is placed in mesh.c in the corresponding place.
I was not able to reproduce the memory corruption during
mesh_secure_ocv_mix_legacy, which lead to a revert of a similar patch in
the past.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Some places in the code base were not using the wrappers like
hostapd_set_oper_centr_freq_seg0_idx and friends. This could lead to
errors, for example when joining 80 MHz mesh networks. Fix this, by
enforcing usage of these wrappers.
wpa_supplicant_conf_ap_ht() now checks for HE capability before dealing
with VHT in order for these wrappers to work, as they first check HE
support in the config.
While doing these changes, I've noticed that the extra channel setup
code for mesh networks in wpa_supplicant/mesh.c should not be necessary
anymore and dropped it. wpa_supplicant_conf_ap_ht() should handle this
setup already.
Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Use ppKey instead of C-sign-key to encrypted E-id to E'-id into Reconfig
Announcement frame on the Enrollee side.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Store the received privacy protection key from Connector into
wpa_supplicant network profile and indicate it through the control
interface similarly to C-sign-key.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add the DPP control interface chirp commands to the CLIs for greater
visibility and ease of use.
Signed-off-by: Wystan Schmidt <wystan.schmidt@charter.com>
We found that if REMOVE-AND-REFORM occurs before a group is started,
it would not send out GROUP-STARTED-EVENT after AP is enabled.
In the remove-and-reform process, ap_configured_cb is cleared. If a
group is not started, p2p_go_configured() will not be called after
completing AP setup. Fix this by preserving the callback parameters.
Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
We found a problem that p2p_fallback_to_go_neg is not handled correctly
after running out of GO scan attempts. When autojoin is enabled and a
group is found in old scan results, supplicant would try to scan the
group several times. If the group is still not found, it reports group
formation failure while p2p_fallback_to_go_neg is enabled already.
If p2p_fallback_to_go_neg is enabled, it should fallback to GO
negotiation, but not report group formation failure after running out of
GO scan attempts.
Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
Now that we no longer leave build artifacts outside the build folder, we
can clean up the gitignore a bit. Also move more things to per-folder
files that we mostly had already anyway.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The D-Bus implementation of RemoveAllNetworks differs wildly from the
CLI implementation. Let's share the implementations.
This resolves use-after-free bugs I noticed, where we continue to use
the 'wpa_s->current_ssid' wpa_ssid object after freeing it, because we
didn't bother to disconnect from (and set to NULL) current_ssid before
freeing it.
Signed-off-by: Brian Norris <briannorris@chromium.org>
When using NetworkManager to set up an access point, there seems to be a
race condition which can lead to a new log message every second.
The following message appears in AP mode:
CTRL-EVENT-SCAN-FAILED ret=-95 retry=1
Normally, this log message only appears once. But then (and only then)
the race is triggered and they appear every second, the following log
messages are also present:
Reject scan trigger since one is already pending
Failed to initiate AP scan
This patch just disables the retry for requests where the operation is
not supported anyway.
Signed-off-by: Georg Müller <georgmueller@gmx.net>
Otherwise the WPA_IF_P2P_DEVICE cannot be created if the base ifname is
long enough. As this is not a netdev device, it is acceptable if the
name is not completely unique. As such, simply insert a NUL byte at the
appropriate place.
Signed-off-by: Benjamin Berg <bberg@redhat.com>
wpa_drv_set_key() was called with a NULL address for IGTK and MGTK
before this patch. The nl80211 driver will then not add the
NL80211_KEY_DEFAULT_TYPE_MULTICAST flag for the key, which wrongly marks
this key also as a default unicast key in the Linux kernel.
With SAE this is no real problem in practice, as a pairwise key will be
negotiated in mesh mode, before the first data frame gets send. When
using IEEE 802.1X in a mesh network in the future, this gets a problem,
as Linux now will encrypt EAPOL frames with the default key, which is
also marked for unicast usage without this patch.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Add D-Bus interface for ROAM command, imitating the existing wpa_cli
command.
Chromium OS has been carrying a form of this patch for a very long time.
I've cleaned it up a bit and documented it.
Signed-off-by: Brian Norris <briannorris@chromium.org>
The 'H' in HESSID was originally spelled "homogenous" in IEEE Std
802.11-2016 abbreviations and acronyms list, but that was changed in
REVmd to the significantly more common spelling "homonegeneous". Update
this older version to match the new spelling to be consistent throughout
the repository.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the stored configurations for an SSID have changed, we can no longer
trust the current blacklist state of that SSID, since the updated
configs could change the behavior of the network. E.g., the BSS could be
blacklisted due to a bad password, and the config could be updated to
store the correct password. In this case, keeping the BSS in the
blacklist will prevent the user from connecting to the BSS after the
correct password has been updated.
Add the value was_changed_recently to the wpa_ssid struct. Update this
value every time a config is changed through wpa_set_config(). Check
this value in wpa_blacklist_get() to clear the blacklist whenever the
configs of current_ssid have changed.
This solution was chosen over simply clearing the blacklist whenever
configs change because the user should be able to change configs on an
inactive SSID without affecting the blacklist for the currently active
SSID. This way, the blacklist won't be cleared until the user attempts
to connect to the inactive network again. Furthermore, the blacklist is
stored per-BSSID while configs are stored per-SSID, so we don't have the
option to just clear out certain blacklist entries that would be
affected by the configs.
Finally, the function wpa_supplicant_reload_configuration() causes the
configs to be reloaded from scratch, so after a call to this function
all bets are off as to the relevance of our current blacklist state.
Thus, we clear the entire blacklist within this function.
Signed-off-by: Kevin Lund <kglund@google.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
This change adds some barebones tests for new blacklisting functionality
to wpas_module_tests.c. The tests ensure some basic functionality for
the functions wpa_blacklist_is_blacklisted() and wpa_blacklist_update().
Signed-off-by: Kevin Lund <kglund@google.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
This change adds the function wpa_blacklist_update(), which goes through
all blacklist entries and deletes them if their blacklist expired over
an hour ago. The purpose of this is to remove stale entries from the
blacklist which likely do not reflect the current condition of device's
network surroundings. This function is called whenever the blacklist is
polled, meaning that the caller always gets an up-to-date reflection of
the blacklist.
Another solution to clearing the blacklist that was considered was
to slowly reduce the counts of blacklist entries over time, and delete
them if the counts dropped below 0. We decided to go with the current
solution instead because an AP's "problematic" status is really a binary
thing: either the AP is no longer problematic, or it's still causing us
problems. So if we see any more problems within a reasonable amount of
time, it makes sense to just keep the blacklist where it was since the
AP is likely still undergoing the same issue. If we go a significant
amount of time (semi-arbitrarily chosen as 1 hour) without any issues
with an AP, it's reasonable to behave as if the AP is no longer
undergoing the same issue. If we see more problems at a later time, we
can start the blacklisting process fresh again, treating this as a brand
new issue.
Signed-off-by: Kevin Lund <kglund@google.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
wpa_supplicant keeps a blacklist of BSSs in order to prevent repeated
associations to problematic APs*. Currently, this blacklist is
completely cleared whenever we successfully connect to any AP. This
causes problematic behavior when in the presence of both a bad AP and
a good AP. The device can repeatedly attempt to roam to the bad AP
because it is clearing the blacklist every time it connects to the good
AP. This results in the connection constantly ping-ponging between the
APs, leaving the user stuck without connection.
Instead of clearing the blacklist, implement timeout functionality which
allows association attempts to blacklisted APs after some time has
passed. Each time a BSS would be added to the blacklist, increase the
duration of this timeout exponentially, up to a cap of 1800 seconds.
This means that the device will no longer be able to immediately attempt
to roam back to a bad AP whenever it successfully connects to any other
AP.
Other details:
The algorithm for building up the blacklist count and timeout duration
on a given AP has been designed to be minimally obtrusive. Starting with
a fresh blacklist, the device may attempt to connect to a problematic AP
no more than 6 times in any ~45 minute period. Once an AP has reached a
blacklist count >= 6, the device may attempt to connect to it no more
than once every 30 minutes. The goal of these limits is to find an
ideal balance between minimizing connection attempts to bad APs while
still trying them out occasionally to see if the problems have stopped.
The only exception to the above limits is that the blacklist is still
completely cleared whenever there are no APs available in a scan. This
means that if all nearby APs have been blacklisted, all APs will be
completely exonerated regardless of their blacklist counts or how close
their blacklist entries are to expiring. When all nearby APs have been
blacklisted we know that every nearby AP is in some way problematic.
Once we know that every AP is causing problems, it doesn't really make
sense to sort them beyond that because the blacklist count and timeout
duration don't necessarily reflect the degree to which an AP is
problematic (i.e. they can be manipulated by external factors such as
the user physically moving around). Instead, its best to restart the
blacklist and let the normal roaming algorithm take over to maximize
our chance of getting the best possible connection quality.
As stated above, the time-based blacklisting algorithm is designed to
be minimally obtrusive to user experience, so occasionally restarting
the process is not too impactful on the user.
*problematic AP: rejects new clients, frequently de-auths clients, very
poor connection quality, etc.
Signed-off-by: Kevin Lund <kglund@google.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Within wpas_connection_failed(), the 'count' value of wpa_blacklist is
erroneously used as a tally of the number times the device has failed
to associate to a given BSSID without making a successful connection.
This is not accurate because there are a variety of ways a BSS can be
added to the blacklist beyond failed association such as interference
or deauthentication. This 'count' is lost whenever the blacklist is
cleared, so the wpa_supplicant stores an additional value
'extra_blacklist_count' which helps persist the 'count' through clears.
These count values are used to determine how long to wait to rescan
after a failed connection attempt.
While this logic was already slightly wrong, it would have been
completely broken by the upcoming change which adds time-based
blacklisting functionality. With the upcoming change, 'count' values
are not cleared on association, and thus do not necessarily even
approximate the "consecutive connection failures" which they were being
used for.
This change seeks to remove this unnecessary overloading of the
blacklist 'count' by directly tracking consecutive connection failures
within the wpa_supplicant struct, independent of the blacklist. This new
'consecutive_conn_failures' is iterated with every connection failure
and cleared when any successful connection is made. This change also
removes the now unused 'extra_blacklist_count' value.
Signed-off-by: Kevin Lund <kglund@google.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
commit f4e3860f ("Fix AP mode default TXOP Limit values for AC_VI
and AC_VO") corrects the default values of txop_limit from 93/46
to 94/47 for AP. STA would also need the same change.
Signed-off-by: Yogesh Kulkarni <yogesh.kulkarni@nxp.com>
Signed-off-by: Cathy Luo <xiaohua.luo@nxp.com>
Signed-off-by: Ganapathi Bhat <ganapathi.bhat@nxp.com>
These are no longer needed now. Note that this was never actually
sufficient since src/drivers/ isn't the only thing shared, and thus a
cross-build detection didn't work in all cases.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If the .config file changes, basically everything needs to be
rebuilt since we don't try to detect which symbols changed or
such. Now that the .config file handling is in the common
build system, make everything depend on it if there's one.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of building in the source tree, put most object
files into the build/ folder at the root, and put each
thing that's being built into a separate folder.
This then allows us to build hostapd and wpa_supplicant
(or other combinations) without "make clean" inbetween.
For the tests keep the objects in place for now (and to
do that, add the build rule) so that we don't have to
rewrite all of that with $(call BUILDOBJS,...) which is
just noise there.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This will make it easier to split out the handling in
a proper way, and handle common cflags/dependencies.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Clean up in a more common fashion as well, initially for ../src/.
Also add $(Q) to the clean target in src/
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Some things are used by most of the binaries, pull them
into a common rule fragment that we can use properly.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If there is no matching interface given, but interface matching is
enabled, all interfaces on the system will try to be initialized. Non
wireless interfaces will fail and the loopback device will be one of
these, so just log a diagnostic rather than an error.
Signed-off-by: Roy Marples <roy@marples.name>
Instead, log a diagnostic so that noise to the user is reduced. This is
expected behavior with driver interfaces that do not report supported
operating modes/classes.
Signed-off-by: Roy Marples <roy@marples.name>
This is needed for clearing previously set parameters in a similar
manner that was already available through the control interface
SET_NETWORK command.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Teach wpa_supplicant to {de,}initialize bgscans when bgscan parameters
are set after initial connection.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Currently, wpa_config_set(), the function that sets wpa_supplicant
per-network properties, returns 1 when a property it attempts to set is
unchanged. Its global parallel, wpa_config_process_global(), doesn't do
this even though much of the code is very similar. Change this, and
several of the parser functions, to resemble the per-network parser and
setter functions.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
When network properties are updated via dbus, wpa_config_set() is used
to update the property in the wpa_ssid struct. If it returns 1, the
property was not changed and there's no need to perform any of the
update actions.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
D-Bus clients can call CreateInterface() once and use the resulting
Interface object to connect multiple times to different networks.
However, if the network interface gets added to a bridge, clients
currently have to remove the Interface object and create a new one.
Improve this by supporting the change of the BridgeIfname property of
an existing Interface object.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Add a new configuration parameter p2p_6ghz_disable=1 to disable P2P
operation in the 6 GHz band. This avoids additional delays caused by
scanning 6 GHz channels in p2p_find and p2p_join operations in the cases
where user doesn't want P2P connection in the 6 GHz band.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Generate a control interface event upon receipt of DPP Presence
Announcement frames. This allows external programs to instrument
wpa_supplicant with bootstrapping information on-demand.
Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com>
ignore_broadcast_ssid is supported when using with the config
file. But it generates an error if you try to set it via the
DBus interface.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Check if the 2.4 GHz channel 6 is in the list of available channels
advertised by the driver before adding in to the chirping frequency
list. This fixes issues, e.g., with a 5 GHz only interface.
Signed-off-by: Disha Das <dishad@codeaurora.org>
The per-interface P2P data freeing function did not cover this eloop
timeout that could potentially have been registered. Explicitly cancel
this timeout to make sure no references to freed memory can remain in
such a case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
wpa_supplicant_remove_iface() removes the P2P management interface from
the global interfaces list before calling wpa_supplicant_deinit_iface().
When wpas_p2p_group_remove() is called from
wpa_supplicant_deinit_iface(), the P2P group created on the calling
wpa_s was not getting cleared as the calling wpa_s is not in the list of
global->ifaces. This results in the P2P management interface being
removed without disconnecting the p2p_group created on it. This could
result in an illegal access of freed memory, e.g., when a pending eloop
task wpas_p2p_reconsider_moving_go() was triggered with the leftover ctx
pointer to the removed P2P interface instance.
Fix this by disconnecting the P2P group created on interface to be
deinitialized before deinitializing the interface.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
With the configuration defined in the global_op_class array, the
channels starting from 149 in the operating classes 128 and 130 were not
considered for P2P channel setup due to the non-continuous
incrementation of channel indexes. The other channels in these operating
classes were considered. Handle the channels from 149 to 161 in the
operating classes 128 and 130 for P2P channel setup by handling this
jump in the channel number incrementation.
Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
Previously this fallback from PFS enabled to disabled (and back to
enabled) was used only if the local network profile used key_mgmt=DPP,
i.e., did not enable another other AKM. That leaves out some valid cases
since the local network profile could actually enable both DPP and SAE.
Extend this check to accept cases DPP AKM is enabled and it was selected
for the connection even if there other enabled AKMs.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Enhance the return values of ocv_verify_tx_params with enum to indicate
different OCI verification failures to caller.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Previously wpabuf_head() of the buffer is passed to wpa_hexdump_buf()
instead of the wpabuf struct itself and it was causing wpa_supplicant to
crash. Fix this by using the correct pointer in the debug prints.
Fixes: a118047245 ("MSCS: Add support to send MSCS Request frames")
Fixes: c504ff5398 ("MSCS: Add support to populate MSCS Descriptor IE in (Re)AssocReq")
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
These were not really used anymore since the AP/Relay case did not set
msg_ctx or process_conf_obj in the global DPP context. Get the
appropriate pointers more directly from the more specific data
structures instead and remove these global values.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend hostapd support for DPP Controller to cover the DPP_CONTROLLER_*
cases that were previously implemented only in wpa_supplicant. This
allows hostapd/AP to be provisioned using DPP over TCP.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Share the same setup steps from the negotiated connection handover to
fix issues with NFC Tag write cases in AP mode. This addresses issues in
the AP mode DPP listen operation not actually receiving anything when
the write-a-tag code path was used.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The local network profile parameters for EAP are not available without
IEEE8021X_EAPOL, so do not try to set these in builds that do not
include any EAP support.
Signed-off-by: Jouni Malinen <j@w1.fi>
The updated socket.poll() loop did not terminate properly in cases where
no response is available. Fix that to check for both False and None.
Fixes: 1733e356e4 ("dpp-nfc: Fix handover client wait for receiving handover select")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Allow MSCS change/remove request to be sent only after an initial setup,
i.e., after an add request has been accepted.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add support to parse the (Re)Association Response frames to check if the
AP has accepted/declined the MSCS request in response to the
corresponding (Re)Association Request frame. AP indicates the result by
setting it in the optional MSCS Status subelement of MSCS Descriptor
element in (Re)Association Response frame.
This MSCS Status subelement is defined in the process of being added
into P802.11-REVmd/D4.0 (11-20-0516-17-000m-cr-mscs-and-cid4158).
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Include the MSCS Descriptor IE in the (Re)Association Request frames to
setup MSCS between the AP and the STA during association.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
Add support to receive and process MSCS Response frames from the AP and
indicate the status to upper layers.
Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
This was supposed to wait for up to 3.0 seconds for the handover select,
but the incorrect loop terminated ended up limiting this to a single
iteration of 0.1 second wait. This was too fast for some cases like the
AP mode operation where it may take significant time to enable the radio
for listening to DPP authentication messages.
Fix the loop to allow that full three second wait for the response to be
used. In addition, report the amount of time it takes to receive the
response.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Do not process channel switch event in wpa_supplicant's SME when SME is
offloaded to the driver/firmware to avoid SA Query initiation from both
wpa_supplicant and the driver/firmware for the OCV case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously, wpa_supplicant fetched BSS channel info from scan results to
send ANQP Query frames. If the scan results for the specified BSS are
not available, the ANQP_GET command request was getting rejected.
Add support to send ANQP Query frame on the specified frequency without
requiring the scan results to be available.
The control interface command format:
- ANQP_GET <dst_addr> [freq=<freq in MHz>] <Query ID1>[,<Query ID2>,..]
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
The GAS query source MAC address was not getting updated correctly when
preassoc_mac_addr is enabled. Fix this by copying the current MAC
address to the GAS query source address.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Skip unnecessary random MAC generation due to preassoc_mac_addr
parameter when gas_rand_mac_addr parameter is enabled.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
SAE-PK password can be set using psk parameter also in case of mixed
SAE+PSK networks, so look for acceptable SAE-PK BSS when SAE password
not set and psk parameter meets SAE-PK password criteria.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
The offchannel operations (scan, Public Action frame TX/RX) have
significantly more latency when performed while connected, so disconnect
when requested to initiate DPP reconfiguration to avoid this. The old
network profile (i.e., likely the current connection) is going to be
replaced in practice and as such, there is no need to try continue that
association any further.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend DPP authentication session search for the DPP_QR_CODE command to
cover the ongoing exchanges in Controller/Responder.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend the DPP_CONTROLLER_START command to accept the optional qr=mutual
parameter similarly to the DPP_LISTEN case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use the alternative channel list in the handover server role when
processing an alternative proposal. This was previously done only in the
handover client role, but with the updated design, both roles act in a
similar manner for the case where the alternative channel list is
specified.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Do not use the hardcoded channel 1 (2412 MHz) with DPP_LISTEN if a
channel list is specified when writing an NFC Tag. Instead, pick the
first channel from that list as the listen channel.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add an optional iter=# parameter to DPP_RECONFIG similarly to the way
this was handled with DPP_CHIRP.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add an encrypted Enrollee identifier into Reconfig Announcement frames
and decrypt that on the Configurator side. The actual E-id value is
currently not used for anything, but it can be used in the future to
provide better control over reconfiguration.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This was added to the protocol design to support cases where the
C-sign-key uses a different group than the netAccessKey. The Enrollee
now indicates its netAccessKey group in Reconfig Announcement and the
Configurator builds it own reconfig Connector using that group instead
of the group used for the C-sign-key.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Only the sae_password parameter was previously accepted for SAE-PK use.
That is not sufficient for covering mixed SAE+PSK cases. Extend this by
allowing the psk parameter to be used as well just like it can be used
for SAE without SAE-PK.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add override parameters to use the specified channel while populating
OCI element in EAPOL-Key group msg 2/2, FT reassoc request, FILS assoc
request and WNM sleep request frames.
Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Do not use red color for the "No response receive" message in case
another HR will be sent after this.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Fix processing of the case where no handover select is sent out and add
automatic (delayed) termination of the link on completing the handover
successfully.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
terminate_now was not being set in the only_one case with connection
handover. Set it for that case as well as the tag cases to automatically
close down the link once it is not needed anymore.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use a shorter polling interval in recv_octets() to be able to send out
the alternative HR more quickly when using a single thread and handover
client. In addition, fix recv_records() to handle normal exception cases
like not receiving anything.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Postpone closing of the handover client to allow the same client to be
used for sending both handover request messages if an alternative URI
needs to be tried.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Set logging level to various upper layer nfcpy modules to enable more
detailed debugging of the actual NFC operations when requested (-d on
the command line).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Do not try to perform DPP operations on the P2P management interface
when no specific interface has been identified.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If an alternative proposal (second handover request) is sent, the
response (or lack of it) to the initial handover request should be
ignored.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This avoids potential loops of endless alternative URI exchanges over
NFC negotiated connection handover. Only allow one such alternative
proposal and declarare the handover as a failure if another alternative
were needed.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Allow all actual DPP processing steps in wpa_supplicant to be skipped by
specifying hardcoded URI values. Also allow a hardcoded crn to be
specified to force specific handover requestor/selector roles.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Use the "tmp_disallow" name more consistently so that both the core
wpa_supplicant functionality (struct wpa_bss_tmp_disallowed) and the
wpa_driver_ops callback have more similar names.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
remove_on_tx_status needs to be set in this case even if
dpp_config_processing=2 is used since there will be no connection
attempt when receiving a Configurator backup instead of station config
object.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
For now, this is done only for the case where the NFC Device is not
usable and if writing a single tag fails.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Make the debug output easier to read when performing interactive NFC
operations on a device that has a terminal showing the log.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The change to checking DPP_LISTEN return value ended up overwriting the
actual URI information from wpas_get_nfc_uri().
Fixes: 288c0ffaaa ("dpp-nfc: Do not hardcode netrole for NFC Tag writing cases")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Allow netrole to be specified for NFC Tag writing cases. Previously,
this was hardcoded to use netrole=configurator when starting the listen
operation. Now the netrole parameter is not included by default, but any
netrole value can be specified with the new --netrole command line
argument.
In addition, fix the listening frequency for the case where a channel is
picked.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When removing a mesh peer with control interface commands (ACCEPT_ACL
DEL_MAC/DENY_ACL ADD_MAC/MESH_PEER_REMOVE) the plink count was not
decreased from its last connection. This resulted in peer link count
leakage and wpa_supplicant rejecting the connections after reaching
max_peer_links (default: 99).
Fix this by decreasing the plink count when removing a mesh peer which
is in PLINK_ESTAB state.
Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
wpa_s->dpp_auth did not get cleaner if dpp_config_processing=1 is used.
Clear this after having received TX status for Configuration Result to
avoid leaving behind the completed provisioning instance.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The pending authentication exchange will make us ignore Reconfig
Authentication Request, so do not allow reconfiguration to be started in
that state.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The use of the alternative channel list did not work properly for the
case were both ends were trying to initiate the negotiated connection
handover. Fix this by always starting a new connection handover client
thread for sending the alternative proposal and ignoring peer messages
(likely something from the first attempt) during this modified attempt.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
When a PMKSA cache entry is available and used for connection with FILS
key management suite, use FILS authentication algorithm for connection
even if ERP keys are not available. This scenario may happen when
applications using wpa_supplicant cache persistently only PMKSA but not
ERP keys and reconfigures wpa_supplicant with PMKSA cache after
restarting wpa_supplicant.
The previous implementation correctly handles SME-in-wpa_supplicant
cases. However, SME-in-driver cases, complete FILS authentication
without PMKSA caching is performed.
Fix SME-in-driver behavior by setting authentication algorithm to
WPA_AUTH_ALG_FILS when connecting to a FILS AP using PMKSA caching.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
The channel numbering/center frequencies was changed in IEEE
P802.11ax/D6.1. The center frequencies of the channels were shifted by
10 MHz. Also, a new operating class 136 was defined with a single
channel 2. Add required support to change the channelization as per IEEE
P802.11ax/D6.1.
Signed-off-by: Wu Gao<wugao@codeaurora.org>
Signed-off-by: Vamsi Krishna <vamsin@codeaurora.org>
If the peer's channel list in negotiated handover does not have any
common channels and the local end is configured with an alternative
channel list, try to initiate another negotiation handover with the
alternative channels.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Be clearer about only a tag read being allowed when dpp-nfc is
configured to not allow connection handover.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This fixes an issue where the pending authentication might have held a
reference to auth->tmp_peer_bi and dpp_auth_deinit() would try to free
that bootstrapping entry. This needs to happen before the call to
dpp_global_clear() to avoid double-removal of the bootstrapping entry
from the list.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Add events for within-ESS reassociation. This allows us to monitor roam
events, both skipped and allowed, in tests.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
Pull all the within-ESS roam code out of wpa_supplicant_need_to_roam()
and into its own function, wpa_supplicant_need_to_roam_within_ess().
This way, we avoid interleaving several #ifndef's in the original
function and wrap the new function in one big #ifndef. This also
modularizes the within-ESS roam code and makes it easier to test.
Signed-off-by: Matthew Wang <matthewmwang@chromium.org>