These commnds are mesh version of PMKSA_GET/ADD commands. So the usage
and security risk is similar to them. Refer to
commit 3459381dd2 ('External persistent
storage for PMKSA cache entries') also.
The MESH_PMKSA_GET command requires peer MAC address or "any" as an
argument and outputs appropriate stored PMKSA cache. And the
MESH_PMKSA_ADD command receives an output of MESH_PMKSA_GET and re-store
the PMKSA cache into wpa_supplicant. By using re-stored PMKSA cache,
wpa_supplicant can skip commit message creation which can use
significant CPU resources.
The output of the MESH_PMKSA_GET command uses the following format:
<BSSID> <PMKID> <PMK> <expiration in seconds>
The example of MESH_PMKSA_ADD command is this.
MESH_PMKSA_ADD 02:00:00:00:03:00 231dc1c9fa2eed0354ea49e8ff2cc2dc cb0f6c9cab358a8146488566ca155421ab4f3ea4a6de2120050c149b797018fe 42930
MESH_PMKSA_ADD 02:00:00:00:04:00 d7e595916611640d3e4e8eac02909c3c eb414a33c74831275f25c2357b3c12e3d8bd2f2aab6cf781d6ade706be71321a 43180
This functionality is disabled by default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This control interface command can be used to inject scan results from
test scripts to make it easier to test various scan result processing
operations.
Signed-off-by: Jouni Malinen <j@w1.fi>
These parameters are global configuration parameters for wpa_supplicant
and the special control interface SET command handlers for them were
preventing the configuration update. Make this more consistent by
updating the configuration parameter as well since that is what all the
other SET <global config param> commands do.
Signed-off-by: Jouni Malinen <j@w1.fi>
non_pref_chan is a global configuration parameter for wpa_supplicant and
the special control interface SET command handler for it was preventing
the configuration update. Make this more consistent by updating the
configuration parameter as well since that is what all the other SET
<global config param> commands do.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was previously done for SCAN_RESULTS, but the BSS control interface
command did not show a similar flag. In addition, change "WPA2" to "RSN"
for mesh BSS to be consistent with the SCAN_RESULTS output.
Commit 638d945679 ('mesh: Show [MESH] flag
in scan results') did similar changes for SCAN_RESULTS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit extends the BSS commands to include "BSS CURRENT" as a way
to get the current BSS without having to walk the BSS list matching
against BSSID+SSID returned from the STATUS command.
This returns the BSS stored in wpa_s->current_bss.
Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
This makes both the Probe Response and Beacon frame IEs available to
upper layers if scan results include both IE sets. When the BSS command
mask includes WPA_BSS_MASK_BEACON_IE, a new beacon_ie=<hexdump> entry
will be included in output if the BSS entry has two separate sets of IEs
(ie=<hexdump> showing the Probe Response frame contents and
beacon_ie=<hexdump> the Beacon rame contents).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds new wpa_supplicant control interface commands PMKSA_GET and
PMKSA_ADD that can be used to store PMKSA cache entries in an external
persistent storage when terminating a wpa_supplicant process and then
restore those entries when starting a new process. The previously added
PMKSA-CACHE-ADDED/REMOVED events can be used to help in synchronizing
the external storage with the memory-only volatile storage within
wpa_supplicant.
"PMKSA_GET <network_id>" fetches all stored PMKSA cache entries bound to
a specific network profile. The network_id of the current profile is
available with the STATUS command (id=<network_id). In addition, the
network_id is included in the PMKSA-CACHE-ADDED/REMOVED events. The
output of the PMKSA_GET command uses the following format:
<BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds>
<akmp> <opportunistic>
For example:
02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30240 43200 1 0
02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30240 43200 1 0
The PMKSA_GET command uses the following format:
<network_id> <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration
in seconds> <akmp> <opportunistic>
(i.e., "PMKSA_ADD <network_id> " prefix followed by a line of PMKSA_GET
output data; however, the reauth_time and expiration values need to be
updated by decrementing them by number of seconds between the PMKSA_GET
and PMKSA_ADD commands)
For example:
PMKSA_ADD 0 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30140 43100 1 0
PMKSA_ADD 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30140 43100 1 0
This functionality is disabled be default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option. It should be
noted that this allows any process that has access to the wpa_supplicant
control interface to use PMKSA_ADD command to fetch keying material
(PMK), so this is for environments in which the control interface access
is restricted.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes wpa_supplicant behavior more consistent with FLUSH command to
clear all state. Previously, it was possible for an ongoing scan to be
aborted when the FLUSH command is issued and the scan results from that
aborted scan would still be processed and that would update the BSS
table which was supposed to cleared by the FLUSH command.
This could result in hwsim test case failures due to unexpected BSS
table entries being present after the FLUSH command.
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit adds a control interface command to configure the TDLS
trigger mode to the host driver. This TDLS mode is configured through
the "SET tdls_trigger_control" control interface command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
"GET_CAPABILITY fils" used to return "FILS" based on wpa_supplicant
configuration. This can be made more useful by checking both for
wpa_supplicant and driver support for FILS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This can be used to check whether the running wpa_supplicant version was
built with CONFIG_FILS=y.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to figure out why autoscan is not used even when
being configured through the control interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends ANQP_GET command to support querying MBO cellular
preference also. The cellular preference can be requested along with
neigbor report by appending mbo:1 to the command arguments.
For example:
ANQP_GET <bssid> 272,mbo:1
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This code sequence was already used at two different places (and an
additional one has been proposed), so add a common helper function to
avoid having to copy-paste this functionality in multiple locations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
For testing purposes, it is useful to have an option to be able to
reject BTM Request sent by AP in order to verify the AP behavior upon
BTM Request rejection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a testing mechanism to allow association disallowed set by AP to be
ignored. This can be used to verify AP behavior for disallowing a
specific association.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc
response loss and EAPOL RX packet loss by ignoring corresponding
incoming events.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
All the 3 control interfaces: socket based, dbus & binder needs to
perform the same sequence of steps for network add/remove. So, move
these to a common utility method in |wpa_supplicant.c| instead of
duplicating the code everywhere.
Signed-off-by: Roshan Pius <rpius@google.com>
Move out the disconnect command handling from |ctrl_iface.c| to
|wpa_supplicant.c| so that it can be reused across the different
control interfaces (socket, dbus & binder).
Signed-off-by: Roshan Pius <rpius@google.com>
This is needed for hwsim test cases to allow multiple STA-initiated SA
Query operations in short amount of time.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is mainly for testing purposes to allow multiple FETCH_OSU ANQP
operations to be ran without having to wait for full scan between each
query.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows P2P Listen to be offloaded to device to enhance power
saving.
To start P2P listen offload, from wpa_cli interface, issue the command:
p2p_lo_start <freq> <period> <interval> <count>
To stop P2P listen offload, issue the command:
p2p_lo_stop
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In some cases parsing of the mesh scan info for a BSS or the P2P scan
info can fail. One reason can be that the Beacon/Probe Response frame
contained malformed length vendor IEs which are not parsed when adding
to the BSS table. Instead of skipping the whole BSS of the BSS command,
just skip the part that failed to parse.
Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
This allows using P2PS config method with or without PIN for connection.
wpa_supplicant should internally handle the default PIN "12345670" and
shall also allow connection irrespective of PIN used in P2P_CONNECT.
For example,
1. P2P_CONNECT 02:2a:fb:22:22:33 p2ps
2. P2P_CONNECT 02:2a:fb:22:22:33 xxxxxxxx p2ps
Where the second one is maintained for backwards compatibility.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
work->type was pointing to the allocated work->ctx buffer and the debug
print in radio_work_free() ended up using freed memory if a started
external radio work was removed as part of FLUSH command operations. Fix
this by updating work->type to point to a constant string in case the
dynamic version gets freed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to write hwsim test cases to verify management
frame processing sequences with dropped or modified frames. When
ext_mgmt_frame_handling is used, this new command can be used to request
wpa_supplicant to process a received a management frame, e.g., based on
information reported in the MGMT-RX events.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows local GO to fetch the P2P Interface Address of a P2P Client
in the group based on the P2P Device Address for the client. This
command should be sent only on a group interface (the same peer may be
in multiple concurrent groups).
Usage:
P2P_GROUP_MEMBER <P2P Device Address>
Output:
<P2P Interface Address>
Signed-off-by: Purushottam Kushwaha <pkushwah@qti.qualcomm.com>
Parse a received neighbor report and report for each neighbor report the
data received for it:
RRM-NEIGHBOR-REP-RECEIVED bssid=<BSSID> info=0x<hex> op_class=<class> chan=<chan> [lci=hex] [civic=hex]
Note that this modifies the previous format that originally reported
only the length of the received frame.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Handle radio measurement request that contains LCI request. Send
measurement report based on a configurable LCI report element. The LCI
report element is configured over the control interface with
SET lci <hexdump of the element>
and cleared with
SET lci ""
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Add an option to request LCI and Location Civic Measurement in Neighbor
Report Request frame, as described in IEEE P802.11-REVmc/D5.0, 9.6.7.6.
Note: This changes the encoding format of the NEIGHBOR_REP_REQUEST
ssid=<val> parameter. This used to be parsed as raw SSID data which is
problematic for accepting additional parameters. The new encoding allows
either a string within double-quotation marks or a hexdump of the raw
SSID.
Thew new format:
NEIGHBOR_REP_REQUEST [ssid=<SSID>] [lci] [civic]
Signed-off-by: David Spinadel <david.spinadel@intel.com>
This avoids unnecessary flushing of the PMKSA cache entry and EAP
session data when processing SET_NETWORK commands that set a network
profile parameter to the same value that the parameter already has.
Introduce a new wpa_config_set() and wpa_config_set_quoted() return
value (==1) signifying that the new value being set for the
corresponding field equals to the already configured one so that the
caller can determine that nothing changed in the profile.
For now, this does not cover all the network profile parameters, but
number of the most commonly used parameters are included to cover the
Android use cases where the framework may have issued SET_NETWORK
commands that would have unnecessarily prevented use of PMKSA caching or
EAP fast reauthentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This patch add functionality of mesh SAE PMKSA caching. If the local STA
already has peer's PMKSA entry in the cache, skip SAE authentication and
start AMPE with the cached value.
If the peer does not support PMKSA caching or does not have the local
STA's PMKSA entry in the cache, AMPE will fail and the PMKSA cache entry
of the peer will be removed. Then STA retries with ordinary SAE
authentication.
If the peer does not support PMKSA caching and the local STA uses
no_auto_peer=1, the local STA can not retry SAE authentication because
NEW_PEER_CANDIDATE event cannot start SAE authentication when
no_auto_peer=1. So this patch extends MESH_PEER_ADD command to use
duration(sec). Throughout the duration, the local STA can start SAE
authentication triggered by NEW_PEER_CANDIDATE even though
no_auto_peer=1.
This commit requires commit 70c93963ed
('SAE: Fix PMKID calculation for PMKSA cache'). Without that commit,
chosen PMK comparison will fail.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This extends the wpa_supplicant PMKSA_FLUSH control interface command to
allow the PMKSA list from the authenticator side to be flushed for AP
and mesh mode. In addition, this adds a hostapd PMKSA_FLUSH control
interface command to flush the PMKSA entries.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This extends the wpa_supplicant PMKSA control interface command to allow
the PMKSA list from the authenticator side to be listed for AP and mesh
mode. In addition, this adds a hostapd PMKSA control interface command
to show the same list for the AP case.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This allows a mesh peer connection to be initiated manually in
no_auto_peer mesh networks.
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This command allows the specified mesh peer to be disconnected.
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The bssid and priority parameters in a network block do not have any
effect on the validity of an EAP session entry, so avoid flushing the
cached session when only these parameters are changed. This is mainly to
allow forced roaming or network selection changes without causing fast
reauthentication to be disabled if the changes are done during RSN
association that used EAP.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The existing implementation in p2p_ctrl_set used a hard-coded operating
class 81 which is only suitable for the social channels in the 2.4 GHz
band, and will not work for the social channel in the 60 GHz band.
Extend this by adding an optional op_class argument to P2P_SET
listen_channel. If not specified, use the default value of 81 to match
existing behavior.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
"INTERFACES ctrl" can now be used to fetch a list of network interfaces
and their control interfaces, e.g., to fetch the UDP port information
for the control interface.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Add an option to configure a candidate list to BSS transition query
("list" as the second argument to WNM_BSS_QUERY). The candidate list is
built from the available scan results. If no updated scan results (< 10
sec) are available, the command fails.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Remove the fallback dependency on os_random() when generating a WPS pin.
This is exceptionally unlikely to ever be called as the call to
os_get_random() is unlikely to fail. The intention is to facilitate
future removal of os_random() as it uses a low quality PRNG.
Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
Ensure that characters are represented as unsigned char when using
isblank() and isspace(). These function take in a "int c" argument, but
it needs to be unsigned for the cases where EOF is not indicated.
Signed-off-by: Roy Marples <roy@marples.name>
This is needed to get proper P2P group removal processing for some test
cases. discovery_group_client followed by nfc_p2p_client was able to hit
a case where the P2P group idle timeout survived to the next group
instance because of the FLUSH command not clearing the group and this
timeout properly.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for the FLUSH command to trigger auto connect mechanism
to schedule a new scan in 100 ms. This is not desired since all the
network profiles will be removed immediately and the scan or an attempt
to reconnect would not be of any benefit here. Such a scan in 100 ms can
cause issues for cases where multiple test sequences are run back to
back, so prevent this by clearing wpa_supplicant state to DISCONNECTED
(which avoids scheduling of the 100 ms scan trigger on disconnection) if
the state was AUTHENTICATING or higher when the FLUSH command was
issued.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wps_force_{auth,encr}_types parameters can be used in test build
(CONFIG_WPS_TESTING) to force wpa_supplicant to use the specified value
in the Authentication/Encryption Type flags attribute. This can be used
to test AP behavior on various error cases for which there are
workarounds to cover deployed device behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new optional ssid=<hexdump> argument to P2P_CONNECT can be used to
make P2P Client operations during join-an-existing-group more robust by
filtering out scan results based on the SSID in addition to the P2P
Device/Interface Address. This can help if the same MAC address has been
used in multiple groups recently and the cached scan results may still
include an older BSS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
At least one of the wpas_p2p_connect() callers (NFC join case) already
had access to the Group SSID. Pass that information through
wpas_p2p_connect() to wpas_p2p_join() so that the join operation can
filter out incorrect groups more easily.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds a new command based Hotspot 2.0 icon retrieval option.
In short, here is the new command sequence:
1. REQ_HS20_ICON <bssid> <file-name>
2. event: RX-HS20-ICON <bssid> <file-name> <size>
3. GET_HS20_ICON <bssid> <file-name> <offset> <size>
(if needed, repeat with larger offset values until full icon is
fetched)
5. DEL_HS20_ICON <bssid> <file-name>
REQ_HS20_ICON is a new command that is analogous to HS20_ICON_REQUEST
with the slight difference that an entry to store the icon in memory is
prepared. The RX-HS20-ICON event has been augmented with BSSID,
file-name and size, and GET_HS20_ICON is used to retrieve a chunk of up
to <size> bytes of icon data at offset <offset>. Each chunk is returned
as a base64 encoded fragment, preceded by "HS20-ICON-DATA", BSSID, and
file-name as well as the starting offset of the data.
If there is no entry prepared for the icon when the ANQP result comes
back, hs20_process_icon_binary_file falls back to legacy behavior.
Finally the DEL_HS20_ICON command deletes (all) icons associated with
BSSID and file-name (there could be several if retries are used and they
have different dialog tokens).
Signed-off-by: Jan Nordqvist <jannq@google.com>
SIGNAL_MONITOR THRESHOLD=DD HYSTERESIS=DD command will request signal
strength monitoring events based on there having been requested amount
of drop in the signal strength. The threshold value is the RSSI
threshold in dBm for the event to be sent. 0 threshold can be used to
disable monitoring. The hysteresis value is RSSI hysteresis in dB to
specify the minimum amount of change before a consecutive event is
reported.
With nl80211 driver interface, these values map to the
NL80211_CMD_SET_CQM command with NL80211_ATTR_CQM_RSSI_THOLD and
NL80211_ATTR_CQM_RSSI_HYST attributes to the driver.
This command cannot be used when bgscan module is in use since that
depends on being able to control the connection monitoring parameters.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
The new wpa_supplicant control interface command "TEST_ASSOC_IE
<hexdump>" can now be used to override the WPA/RSN IE for Association
Request frame and following 4-way handshake to allow protocol testing of
AP side processing of WPA/RSN IE.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new methods are
1. VendorElemAdd "i" "ay" i=integer ay=array of bytes
2. VendorElemGet "i" i=integer (output array of bytes)
3. VendorElemRem "i" "ay" i=integer ay=array of bytes
These provide functionality similar to the control interface commands
VENDOR_ELEM_ADD, VENDOR_ELEM_GET, and VENDOR_ELEM_REMOVE.
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Dilshad Ahmad <dilshad.a@samsung.com>
[VendorElemGet to return array of bytes instead of string; cleanup]
Signed-off-by: Jouni Malinen <j@w1.fi>
This may speed up some hwsim test case sequencies by avoiding a wait for
a scan at the end of a test case to complete.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new max_oper_chwidth and freq2 arguments to P2P_CONNECT, P2P_INVITE,
and P2P_GROUP_ADD control interface commands can be used to request
larger VHT operating channel bandwidth to be used than the previously
used maximum 80 MHz.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Some drivers do not support having two station interfaces, so the fact
that wpa_supplicant always creates a new interface in station mode, even
if it will be used as another type of interface, may prevent
wpa_supplicant from creating new interfaces. Allow setting the interface
type when a new interface is created so that interfaces of supported
types can be created.
Currently supported types are station ("sta") and AP ("ap"). If the
interface type is not specified, a station interface will be created.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
The AP is not expected to send out a WNM-Sleep Mode Response frame
without the STA trying to use WNM-Sleep Mode. Drop such unexpected
responses to reduce unnecessary processing of the frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
Vendor specific IEs added to frame type P2P_ASSOC_RESP are saved in
the interface context, but as they are added as part of the P2P IEs,
they need to be saved in the global P2P context.
Fix this by directing vendor specific IEs added to P2P_ASSOC_RESP
frame type to the P2P context.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
On successful P2P PD, report the chosen frequency in case the local
device is going to be the P2P GO, so in can later be used to instantiate
the new P2P GO, etc.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This allows wpa_supplicant to expose internally unknown ANQP-elements in
the BSS command. For example, "ANQP_GET <BSSID> 265" can be used to
fetch the AP Geospatial Location ANQP-element and if the AP has this
information, the "BSS <BSSID>" command will include the response as
"anqp[265]=<hexdump>".
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commands like BSS and GET_NETWORK are used in some cases very frequently
and those can increase the amount of debug information from
wpa_supplicant without significant benefit. These were logged at the
DEBUG level (-d). Move logging of such read-only commands (i.e., no new
wpa_supplicant operation is started based on it) to EXCESSIVE level
(-ddd) which was already used for the PING command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, the BSS command returned an error if the WSC IE(s) in scan
results could not be parsed. This may be not ideal for all cases, to
instead of rejecting the command completely, return all other
information apart from the WPS information in such a case.
Signed-off-by: Jouni Malinen <j@w1.fi>
The P2P group is not yet operating when going through invitation
exchange for re-invocation. Previously, an old cached scan result could
be used to skip the scan immediately after the invitation exchange.
While this may result in the fastest possible connection, it does have
some issues with cases where the GO takes some time to start up. It
would also be at least theoretically possible for some of the BSS
parameters to be different, so having a fresh scan result from the new
GO instance may be desired in any case.
Add a mechanism to skip scan results that have been last updated before
a specific point in time and as the first user for this mechanism,
require chan results to be more recent than the invitation message
exchange for the P2P Client role in persistent group re-invocation case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When P2PS PD with default P2PS method is done, the peer that becomes GO
should authorize the client. However, P2PS specification doesn't require
the client to include its intended interface address in PD
Request/Response. As a result, the P2P Client's interface address may not
be known and any address may need to be authorized.
Previously, client's P2P Device Address was used for authorization,
which is not correct when a dedicated interface is used for P2P Client.
This is not resulting in a connection failure, however it causes a
significant delay (until WPS_PIN_TIME_IGNORE_SEL_REG elapses). Fix this
by authorizing the intended interface address, if known; or any address,
if not known.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Change P2PS P2P-PROV-SHOW-PIN/P2P-PROV-ENTER-PIN event notifications
on PD Request/Response handling to meet required P2PS behavior.
The new implemented scheme:
1. For a legacy P2P provision discovery the event behavior remains
without changes
2. P2PS PD, advertiser method: DISPLAY, autoaccept: TRUE:
Advertiser: SHOW-PIN on PD request replied with a status SUCCESS
Seeker: ENTER-PIN on PD response received with a status SUCCESS
3. P2PS PD, advertiser method: DISPLAY, autoaccept: FALSE:
Advertiser: SHOW-PIN on PD request replied with a status
INFO_CURRENTLY_UNAVAILABLE
Seeker: ENTER-PIN on Follow-on PD request with a status
SUCCESS_DEFERRED
4. P2PS PD, advertiser method: KEYPAD, autoaccept: TRUE/FALSE:
Advertiser: ENTER-PIN on PD request replied with a status
INFO_CURRENTLY_UNAVAILABLE
Seeker: SHOW-PIN on PD response received with a status
INFO_CURRENTLY_UNAVAILABLE
This change in behavior breaks the existing test cases
p2ps_connect_keypad_method_nonautoaccept and
p2ps_connect_display_method_nonautoaccept. Those will be fixed in a
followup commit.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
P2P_FLUSH command did not cleanly clear the p2p_go_avoid_freq data
structure, and left it in an inconsistent state, where the range field
was NULL but the num field was not 0. This would have resulted in an
invalid memory access in freq_range_list_includes().
Fix this.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
A P2P GO channel switch should not be triggered in all cases that
require channel list update. Specifically, a P2P GO CS should not
be triggered in case that the P2P GO state changed or in case that
that the P2P GO has just completed a CS.
To fix this, add reason code to wpas_p2p_channel_list_update() and
trigger CS flow only for the relevant cases.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This makes it possible to use these helper functions from hostapd as
well as the current use in wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Extend the QCA vendor specific nl80211 interface to query the preferred
frequency list from driver and add a new wpa_cli command to query this
information.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add vendor command to pass SET setband command to the driver and read
the updated channel list from driver when this notification succeeds.
This allows the driver to update its internal channel lists based on
setband configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a parameter allowing to specify a value of Coordination
Protocol Transport to P2PS_PROVISION and P2PS_PROVISION_RESP commands.
Extend the p2ps_provision structure to contain cpt_priority and
cpt_mask properties and initialize them on a P2PS PD request command.
The format of the parameter:
cpt=<cpt>[:cpt]
where <cpt> is CPT name e.g. UDP or MAC. The CPT names are listed
according to their preferences to be used for a specific P2PS session.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add Coordination Transport Protocol parameter to P2P_SERVICE_ADD
asp command.
Extend p2ps_advertisement structure to contain CPT priorities
and a supported CPT bitmask.
The format of the new parameter:
cpt=<cpt>[:<cpt>]
where <cpt> is a name of the Coordination Protocol Transport.
This implementation supports two CPT names: UDP and MAC.
The order of specified CPTs defines their priorities where
the first one has the highest priority.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Do not allow wpa_s->fst to be replaced when processing FST-ATTACH
command for an interface that has already been attached.
Signed-off-by: Jouni Malinen <j@w1.fi>
This header file is needed to get struct fst_iface_cfg and struct
fst_wpa_obj defined. While it does currently get pulled in through
ap/hostapd.h and ap/ap_config.h, a more explicit inclusion may be a
cleaner option for future.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This command allows network variables to be copied from one network to
another when the networks belong to different radios. This is similar to
the per-interface DUP_NETWORK command. On the global control interface,
the command syntax is as follows:
DUP_NETWORK <src ifname> <dst ifname> <src network id> <dst network id> <variable name>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The IPv4 header after the Ethernet header is not 32-bit aligned and the
previous version ended up accessing 32-bit members at misaligned
addresses.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new TEST_FAIL and GET_FAIL control interface commands can be used
similarly to the earlier TEST_ALLOC_FAIL/GET_ALLOC_FAIL design. The new
version is more generic framework allowing any function to be annotated
for failure testing with the TEST_FAIL() macro. This mechanism is only
available in builds with CONFIG_WPA_TRACE_BFD=y and
CONFIG_TESTING_OPTIONS=y. For other builds, the TEST_FAIL() macro is
defined to return 0 to allow the compiler to remove the test code from
normal production builds.
As the first test site, allow os_get_random() to be marked for failing
based on call backtrace.
Signed-off-by: Jouni Malinen <j@w1.fi>
In p2p_find command line processing a loop searching for multiple
'seek=' parameters modifies cmd buffer adding '\0' terminators.
The 'freq=' parameter is handled after that and can be
lost if a 'freq=' follows 'seek=' in a command line.
Fix it by moving a handling of 'freq=' parameter to be processed
before 'seek=' handling loop.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
p2p_ctrl_group_add() takes care of various configuration options (such
as ht/vht) before calling wpas_p2p_group_add(), so use it (just like
when P2P_GROUP_ADD is called with additional params).
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Parse each parameter individually and combine all the function calls.
This will allow further patch to call it with no parameters (currently
this might result in failure).
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Only the first seek=<service name> parameter was accepted from the
P2P_FIND command. Fix this to go through all seek parameters to
construct the list of service hash values to seek.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This fixes some issues where a disconnection event may get ignored if an
earlier operation to remove or disable a network resulted in an attempt
to disconnect event though no connection was in place.
wpa_s->current_ssid != NULL alone is not sufficient to determine that
there will be a driver event notifying completion of such disconnection
request. Set own_disconnect_req to 1 only if wpa_s->wpa_state is also
indicating that there is a connection or an attempt to complete one.
This showed up in a failure, e.g., when running the hwsim test case
scan_int followed by ap_vlan_wpa2_psk_radius_required where the latter
ended up not processing a connection failure event and getting stuck not
trying to run a new scan and connection attempt.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Support a request to scan specific SSIDs given by user with the SCAN
command. The SSID list can be suffixed to the scan command as follows.
For example, if SSIDs "ABC" and "abc123" need to be specifically
scanned, the command should be "SCAN ssid 414243 ssid 616263313233". The
value of the SSID is passed in hexadecimal representation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add the TDLS_LINK_STATUS command to the control interface. This command
shows what is the status of our current TDLS connection with the given
peer. Also, add the TDLS_LINK_STATUS command to wpa_cli.
Signed-off-by: Oren Givon <oren.givon@intel.com>
By analysing objdump output some read only structures were found in
.data section. To help compiler further optimize code declare these
as const.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
This makes source code more consistent. The use within Android driver
interface is left as-is to avoid changes in the old PNO interface
definition.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This fixes a regression caused by commit
efa232f915 ('Add support for virtual
interface creation/deletion') for the case where an empty extra argument
is included.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Extend interface_add and interface_remove commands via an optional
argument to allow wpa_supplicant to create/delete a new virtual
interface.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
Old code defaulted to WEP for an AP advertising OSEN. Show as OSEN
instead. Re-use most of the RSN parsing logic since all but the header
is the same.
Example output:
[root@ath9k-f lanforge]# ./local/bin/wpa_cli -i sta0 scan_results
bssid / frequency / signal level / flags / ssid
00:0e:8e:6f:40:49 2462 -23 [OSEN-OSEN-CCMP][ESS] ben-138
Signed-off-by: Ben Greear <greearb@candelatech.com>
If all networks are temporarily disabled, delay AP selection until at
least one network is enabled. Running AP selection when all networks are
disabled is useless as wpa_supplicant will not try to connect. In
addition, it will result in needless scan iterations that may delay the
connection when it is needed.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Extend p2p_service_del asp command to support 'all' parameter to delete
all ASP service advertisements.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reject external scan request while either ANQP fetch or Interworking
select is in progress. Not doing so could lead to a situation in which
Interworking automatic network selection does not get triggered because
of a new scan result event forcing the ANQP fetch cycle to be disrupted
and restarted all over again. Interworking automatic network selection
is only triggered when AQNP fetch cycle, that is, ANQP exchange with
every Interworking capable BSS in the current BSS list, is completed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant_deinit_iface() ends up removing all P2P groups if the
removed interface is the parent interface. This is correct behavior in
general, but this resulted in issues in the new group interface
initialization error path since wpa_s->parent was not assigned before
hitting this check. Fix this by assigning wpa_s->parent as part of
wpa_supplicant_add_iface().
Signed-off-by: Jouni Malinen <j@w1.fi>
There are number of cases where wpa_supplicant requests the current
connection to be disconnected before starting a new operation. Such
cases do not really indicate that there was an error in connecting or a
disconnection initiated by the AP, so do not add a temporary blacklist
entry in such sequences.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for the P2P_CONNECT control interface command to be
issued on an incorrect interface. While the upper layer component should
really use global control interface for this, make this work by
redirecting the command to the correct context if needed.
Signed-off-by: Jouni Malinen <j@w1.fi>
The optional freq=<MHz> can now be used with the P2P_FIND command to
specify a single channel to scan during the first round of P2P search.
For example, this can be used to replace the full initial scan with a
single channel scan of a known operation channel.
Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
These values were previously used only for sorting the scan results, but
it may be useful to provide access to the used values through the BSS
entries.
Signed-off-by: Jouni Malinen <j@w1.fi>
In addition, add support for returning the capability list through
the BSS control interface command.
Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
In addition, add support for returning the capability list through the
BSS control interface command.
Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
The new "DUMP" and "SET <variable>" control interface commands can be
used to fetch global wpa_supplicant configuration parameters.
Signed-off-by: Ola Olsson <ola.olsson@sonymobile.com>
This can be used to provide more control to upper layers on network
blocks generated as part of Interworking network selection.
INTERWORKING_ADD_NETWORK behaves otherwise identically to
INTERWORKING_CONNECT, but it does not request a new connection after
having added the network block and it returns the network id of the
added network.
INTERWORKING_ADD_NETWORK followed by REASSOCIATE would behave more or
less identically to INTERWORKING_CONNECT, but this allows the created
network profile to be modified, if desired, and/or stored externally.
SELECT_NETWORK can also be used with the network id returned from
INTERWORKING_ADD_NETWORK to enforce that specific network profile to be
used for the next connection (though, it should be noted that this
behavior may not meet all Hotspot 2.0 requirements if there were other
enabled networks that could have higher priority).
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit b31be3a0fd ('P2P: Add automatic GO
Negotiation vs. join-a-group selection') added this P2P_CONNECT 'auto'
parameter, but did not update any documentation on it.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 07cb45ccb2 ('mesh: Add no_auto_peer
config option') added a new struct wpa_ssid argument and added an
unnecessary parsing and setting of the value in
wpa_supplicant_ctrl_iface_update_network(). This is not needed since
wpa_config_set() takes care of parsing the parameters.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for a network profile to change its type from P2P
persistent group to a normal network and back. The D-Bus interface uses
different types of objects for those, so the object needs to
re-registered in case of type change. This fixes issues in leaving
behind an incorrect type of object and leaking memory when freeing such
a network block that has had its disabled parameter changed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to allow P2PS related new control interface commands to
be redirected for proper context processing.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This introduces a P2P module callback function that will be used to
create the pending P2PS group after sending PD Response and receiving
ACK status for it.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds new wpa_supplicant control interface commands
P2P_ASP_PROVISION and P2P_ASP_PROVISION_RESP.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends wpas_p2p_prov_disc() implementation to accept P2PS
parameters. None of the callers are yet using this functionality; the
following commit introduces a user.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends the P2P_SERV_DISC_REQ control interface command with a new
"asp" service type. This takes service id, service string, and optional
service info as arguments.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In addition, add a new P2P_SERVICE_REP command that can be used to
replace existing ASP advertisements.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This provides additional WPS definitions and rules for negotiating use
of P2PS default PIN configuration method.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
P2PS seek strings can now be specified in the P2P_FIND control interface
command with one or more optional "seek=<str>" parameters.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends GET_CAPABILITY command to allow the supported group
management frame cipher suites to be listed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
A control interface call to flush the current state used the
current wpa_s to clear the P2P state even though it might not
be the interface controlling the P2P state.
Fix it by using the correct interface to flush the P2P state.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The length should be 14 and not 10.
The current situation causes failure during parsing of the command.
Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
For CONFIG_TESTING_OPTIONS=y builds, add a new test parameter than can
be used to trigger various error cases within wpa_supplicant operations
to make it easier to test error path processing. "SET test_failure
<val>" is used to set which operation fails. For now, 0 = no failures
and 1 = scan trigger fails with EBUSY. More operations can be added in
the future to extend coverage.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Move the wpa_bss_flush() call to the end of the function to allow any
pending user of a BSS entry to be cleared before removing the unused
entries. There were number of cases where BSS entries could have been
left in the list and this resulted in some hwsim test failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
For Interworking connection to work, the SSID of the selected BSS needs
to be known to be able to associate with the AP. It was possible for the
scan results to include two BSS entries matching the BSSID when an
earlier scan with that AP has shown a hidden SSID configuration (e.g.,
when running hwsim test cases, but at least in theory, this could happen
with real use cases as well). When that happened, the incorrect BSS
entry may not have included RSN configuration and as such, it would get
rejected for Interworking connection.
Fix this by confirming that the selected BSS entry has a real SSID. If
not, try to find another BSS entry matching the same BSSID and use that,
if found with an SSID.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier for upper layer programs to figure out whether the
wpa_supplicant and and the driver supports mesh.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier for upper layer programs to figure out whether the
wpa_supplicant and and the driver supports SAE.
Signed-off-by: Jouni Malinen <j@w1.fi>
This new wpa_supplicant and hostapd control interface command can be
used to determine which TLS library is used in the build and what is the
version of that library.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new control interface command TEST_ALLOC_FAIL and GET_ALLOC_FAIL can
now be used to trigger memory allocation failures for testing purposes.
TEST_ALLOC_FAIL sets a failure conditions with
<count>:func[;func][;func]... string and GET_ALLOC_FAIL returns the
current state using the same format. Whenever an allocation is made with
a matching backtrace of calling functions, the count is decremented by
one and once zero is reached, the allocation is forced to fail.
Function names can be prefixed with either '=' or '?' to get different
matching behavior. '=' requires this specific function to be the next
one in the backtrace (i.e., do not skip any other functions in the list
which is the default behavior). '?' allows the function to be optionally
present in the backtrace.
Signed-off-by: Jouni Malinen <j@w1.fi>
The supplicant code does not try to control the actual channel of the
radio at any point. It simply passes the target peer and channel
parameters to the driver. It's the driver's responsibility to
periodically initiate TDLS channel-switch operations when TDLS
channel-switching is enabled.
Allow enable/disable operations to be invoked via the control interface.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
It was possible for old scan state to remain from a previous test case
when an operation like WNM neighbor scan or another-BSS-in-ESS was
started, but stopped at the end of a test case. This could result in
failures, e.g., when running wnm_bss_tm_req followed by scan_setband.
Signed-off-by: Jouni Malinen <j@w1.fi>
This helps hwsim test cases by avoiding undesired state from previously
executed test cases affecting following tests.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit faf9a8585d added mechanism for
selecting 2.4 or 5 GHz band for scan operation. However, no mechanism
for setting the setband value was added at that time. This commit adds a
new SET ctrl_iface parameter to allow the setband functionality to be
used. "SET setband <AUTO/5G/2G>" can be used to select all bands, 5 GHz
band only, or 2.4 GHz band only.
Signed-off-by: Jouni Malinen <j@w1.fi>
FAIL-BUSY was already returned for the case where a scan had been
started, but with the radio work design, it would have been possible to
schedule multiple scan requests if a non-scan radio work was in
progress. Multiple back-to-back scans are not usually very helpful, so
reject this type of cases where the SCAN command would be used to build
such a sequence.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The mesh gate is used to bridge (or route) between mesh network and
another network. For example, mesh gate acts as router between mesh
network and IEEE 802.11 BSS network.
This command makes a virtual mesh interface to be used for mesh gate.
This command expects to be used like this.
wpa_cli -i wlan0 MESH_INTERFACE_ADD ifname=mesh0
wpa_cli -i mesh0 add_network
wpa_cli -i mesh0 set_network 0 ssid '"commell_2X_mmm"'
wpa_cli -i mesh0 set_network 0 mode 5
wpa_cli -i mesh0 set_network 0 frequency 2412
wpa_cli -i mesh0 set_network 0 key_mgmt SAE
wpa_cli -i mesh0 set_network 0 psk '"01234567"'
wpa_cli -i mesh0 mesh_group_add 0
wpa_cli -i wlan0 mesh_group_remove mesh0
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This function could not fail and it can be replaced with a single
line variable update that takes less code than the function call.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_bss_flush*() cannot fail and as such, there is no need for
wpa_supplicant_ctrl_iface_bss_flush() to return a value either.
Signed-off-by: Jouni Malinen <j@w1.fi>
This function cannot return negative value, so no need to check for
that. If there is not enough room in the buffer or if something
unexpected happens, 0 is returned.
Signed-off-by: Jouni Malinen <j@w1.fi>
Update the scan parameters in wpa_s only in case the scan command is
going to be executed. In other words, do not change the parameters for
an ongoing scan (the SCAN command is rejected with FAIL-BUSY) or if any
of the parameters is invalid.
Signed-off-by: Jouni Malinen <j@w1.fi>
The space following the BSSID was not skipped properly if the following
parameter started with the "hs20:" prefix. For other cases, atoi() ended
up ignoring the space, but it is cleaner to skip it anyway for all
cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to get into more consistent state after the FLUSH
command. DISCONNECT followed by FLUSH could result in
wpa_s->disconnected being left to 1 and this resulted in a test failure,
e.g., when running wpas_ctrl_dup_network followed by
wpas_ctrl_enable_disable_network where the latter was expecting
ENABLE_NETWORK on a disabled network to connect automatically and that
does not happen if wpa_s->disconnected == 1.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
While these are using practically large enoungh buffer sizes, it is
better to be more consistent with checking os_snprintf() return value.
Signed-off-by: Jouni Malinen <j@w1.fi>
This converts os_snprintf() result validation cases to use
os_snprintf_error() for cases that were note covered by spatch and
semantic patches.
Signed-off-by: Jouni Malinen <j@w1.fi>
This converts os_snprintf() result validation cases to use
os_snprintf_error() in cases where success condition was used to execute
a step. These changes were done automatically with spatch using the
following semantic patch:
@@
expression E1,E2,E3;
statement S1;
@@
E1 = os_snprintf(E2, E3, ...);
- if (\( E1 >= 0 \| E1 > 0 \) && \( (size_t) E1 < E3 \| E1 < (int) E3 \| E1 < E3 \))
+ if (!os_snprintf_error(E3, E1))
S1
Signed-off-by: Jouni Malinen <j@w1.fi>
This pointer cannot be NULL sicne it is called only from this file and
with a valid pointer to the received command.
Signed-off-by: Jouni Malinen <j@w1.fi>
Derive rRK and rIK on EAP peer if ERP is enabled. The new wpa_supplicant
network configuration parameter erp=1 can now be used to configure the
EAP peer to derive EMSK, rRK, and rIK at the successful completion of an
EAP authentication method. This functionality is not included in the
default build and can be enabled with CONFIG_ERP=y.
If EAP authenticator indicates support for re-authentication protocol,
initiate this with EAP-Initiate/Re-auth and complete protocol when
receiving EAP-Finish/Re-auth.
Signed-off-by: Jouni Malinen <j@w1.fi>
This change creates 'LIST_NETWORK LAST_ID=x' form to allow
retrieval of all networks saved in the system. Without this form,
only first few (whatever fills in first 4096 bytes) can be
retrieved.
Signed-off-by: Vinit Deshpande <vinitd@google.com>
Externally triggered scan could result in a new radio work item getting
started even when external radio work was in progress. Delay such start
until the external work is completed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant control interface command can be used in
automated testing to verify how AP processes Data frames with arbitrary
contents. This is enabled only in builds with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need for this state to maintained when the wpa_supplicant
FLUSH ctrl_iface command is used to request flushing of all state.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Allow supplying an SSID for the SSID IE. If not supplied, no SSID IE is
sent, and the request implies the current SSID.
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
Add NEIGHBOR_REP_REQUEST command to the wpa_supplicant ctrl_iface.
This command triggers the sending of a Neighbor Report Request to the
associated AP.
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
This wmm_ac_status command will show the current status for WMM AC.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Android 4.4 uses "BSS" command instead of "SCAN_RESULT" command.
So this patch add the mesh scan result for BSS command.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Parse MESH_GROUP_ADD/REMOVE commands on ctrl interface and call
wpa_supplicant routines. These commands are used to start or
join and leave a mesh network.
The mesh id is given in the configuration file, therefore there is
no need to scan before joining a mesh network. We reuse the
connect_without_scan construct used by P2P for that same purpose.
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Javier Lopez <jlopex@gmail.com>
This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The
functionality itself is not yet complete, i.e., this commit only
includes parts to negotiate the new AKM.
Signed-off-by: Jouni Malinen <j@w1.fi>
If p2p_stop_find is issued after the p2p_scan request is triggered to
the host driver, the obtained scan results are also considered to update
the P2P peer entries. This is not always desired behavior, i.e., it can
be clearer if no P2P-DEVICE-FOUND events are generated based of that
final pending scan.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use the 'no_ir' notation instead of the 'passive scan' and
'no_ibss' notations to match the earlier change in nl80211.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The extra_roc_dur parameter can now be used in CONFIG_TESTING_OPTIONS=y
builds to simulate driver behavior where the ROC duration gets increased
without user space request.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add no_auto_peer parameter, which controls wheter a station will
automatically initiate peering to another mesh peer that comes into
range.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
These key management options were missing from the previous set of
parsed information in scan results.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Abele <jason.abele@gmail.com>
It is now possible to run hwsim_test like data connectivity test through
wpa_supplicant/hostapd control interface if CONFIG_TESTING_OPTIONS=y is
used for the build. Test functionality is enabled/disabled at runtime
with "DATA_TEST_CONFIG <1/0>". The "DATA_TEST_TX <dst> <src> <tos>"
command can be used to request a test frame to be transmitted.
"DATA-TEST-RX <dst> <src>" event is generated when the test frame is
received.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new ext_eapol_frame_io parameter can be used to configure hostapd
and wpa_supplicant to use control interface for receiving and
transmitting EAPOL frames. This makes it easier to implement automated
test cases for protocol testing. This functionality is included only in
CONFIG_TESTING_OPTIONS=y builds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 86bd36f0d5 ("Add generic
mechanism for adding vendor elements into frames") has a minor bug
where it miscalculates the length of memory to move using
os_memmove. If multiple vendor elements are specified then this can
lead to out of bounds memory accesses.
This patch fixes this by calculating the correct length of remaining
data to shift down in the information element.
Signed-off-by: Toby Gray <toby.gray@realvnc.com>
This adds experimental support for wpa_supplicant to assign random local
MAC addresses for both pre-association cases (scan, GAS/ANQP) and for
connections. MAC address policy for each part can be controlled
separately and the connection part can be set per network block.
This requires support from the driver to allow local MAC address to be
changed if random address policy is enabled. It should also be noted
that number of drivers would not support concurrent operations (e.g.,
P2P and station association) with random addresses in use for one or
both.
This functionality can be controlled with the global configuration
parameters mac_addr and preassoc_mac_addr which set the default MAC
address policies for connections and pre-association operations (scan
and GAS/ANQP while not connected). The global rand_addr_lifetime
parameter can be used to set the lifetime of a random MAC address in
seconds (default: 60 seconds). This is used to avoid unnecessarily
frequent MAC address changes since those are likely to result in driver
clearing most of its state. It should be noted that the random MAC
address does not expire during an ESS connection, i.e., this lifetime is
only for the case where the device is disconnected.
The mac_addr parameter can also be set in the network blocks to define
different behavior per network. For example, the global mac_addr=1 and
preassoc_mac_addr=1 settings and mac_addr=0 in a home network profile
would result in behavior where all scanning is performed using a random
MAC address while connections to new networks (e.g.,
Interworking/Hotspot 2.0) would use random address and connections to
the home network would use the permanent MAC address.
Signed-off-by: Jouni Malinen <j@w1.fi>
It also allows to use the STATUS command with default behavior,
say for debug, i.e., don't generate a "fake" CONNECTION and
SUPPLICANT_STATE_CHANGE events with the new STATUS-NO_EVENTS case.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
The network block bssid parameter can be used to force a specific BSS to
be used for a connection. It is also possible to modify this parameter
during an association. Previously, that did not result in any
notification to the driver which was somewhat problematic with drivers
that take care of BSS selection. Add a new mechanism to allow
wpa_supplicant to provide a driver update if the bssid parameter change
for the current connection modifies roaming policy (roaming
allowed/disallowed within ESS).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows external programs to use vendor specific information from
P2P peers without wpa_supplicant having to be able to parse and
understand all such vendor specific elements.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds following new control interface commands to allow arbitrary
vendor elements to be added into number of frames:
VENDOR_ELEM_ADD <frame id> <hexdump of elem(s)>
VENDOR_ELEM_GET <frame id>
VENDOR_ELEM_REMOVE <frame id> <hexdump of elem(s)>
VENDOR_ELEM_REMOVE <frame id> *
The following frames are supported in this commit (additional frames can
be added in the future):
0 = Probe Request frame in P2P device discovery
1 = Probe Response frame from P2P Device role
2 = Probe Response frame from P2P GO
3 = Beacon frame from P2P GO
4 = PD Req
5 = PD Resp
6 = GO Neg Req
7 = GO Neg Resp
8 = GO Neg Conf
9 = Invitation Request
10 = Invitation Response
11 = P2P Association Request
12 = P2P Association Response
One or more vendor element can be added/removed with the commands. The
hexdump of the element(s) needs to contain the full element (id, len,
payload) and the buffer needs to pass IE parsing requirements to be
accepted.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new "scan_id=<comma separated list of network ids>" parameter can
now be used to specify a list of network ids that have scan_ssid=1 to
indicate active scanning of the SSID. This adds the listed SSIDs to the
scan command to allow manual scan requests to perform active scans for
hidden SSIDs. For example, "SCAN scan_id=1,7,11" would run a scan with
the SSID fetched from the configured network blocks 1, 7, and 11
(assuming those are set with scan_ssid=1). The SSIDs will be included
even from network blocks that are currently disabled.
The maximum number of SSIDs added to the request is limited by the
driver support. If more than supported values are specified, the command
will fail (returns "FAIL").
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
"TDLS_TEARDOWN *" can now be used to tear down the direct links to all
TDLS peers. This is useful for debugging purposes.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Performing a P2P Device flow such as p2p_listen or
p2p_find, can degrade the performance of an active interface
connection, if the listen frequency is different than the
frequency used by that interface.
To reduce the effect of P2P Device flows on other interfaces,
try changing the listen channel of the P2P Device to match the
operating channel of one of the other active interfaces. This change
will be possible only in case that the listen channel is not forced
externally, and will be delayed to a point where the P2P Device
state machine is idle.
The optimization can be configured in the configuration file and
is disabled by default.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Due to an incorrect operation (MOD vs. AND), the code that was supposed
to return an error if the hex string has odd length was not really
reporting any failures. Instead of reporting an error, the invalid
control interface command would have been truncated. This is not an
issue in practice, but better fix the implementation anyway.
Signed-off-by: Jouni Malinen <j@w1.fi>
The dynamically allocated struct wpa_external_work contains the name of
the radio work in the type field and this is used in a debug print
within radio_work_done(). Re-order radio_work_done() and os_free() calls
on couple of paths where the memory was freed before that final user of
the buffer.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds [DMG] and [PBSS] flags for scan results and BSS table entries
using the IEEE Std 802.11ad-2012 updated definition of the Capability
field.
Signed-off-by: Boris Sorochkin <qca_bsoroc@qca.qualcomm.com>
This new command can be used to simulate driver events without having to
go through the driver wrapper or kernel code for this. This enables more
testing coverage with hwsim.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This command allows to copy network variable from one network to
another, e.g., to clone the psk field without having to extract it from
wpa_supplicant.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
No need to use ENOBUFS within core wpa_supplicant, so just replace it
with -1 to work arounds MinGW build issues.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous version prevented all use of wpas_global_ctrl_iface_set().
That's not desirable since there may be more global parameters added in
the future. Instead, try to use the global version first and redirect to
P2P interface only if the global version returns an error.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The P2P redirection for SAVE_CONFIG issued on the global control
interface was preventing wpas_global_ctrl_iface_save_config() from being
reached. The global version of SAVE_CONFIG was supposed to try to save
configuration files for all interface rather than just the P2P
management interface, so fix this by removing the unneeded and undesired
redirection.
Modify the global SAVE_CONFIG handler to return FAIL if no configuration
files were saved. This makes the behavior match with the per-interface
SAVE_CONFIG.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Adding a new entry was returning FAIL on success due to incorrect
assumption of wpa_blacklist_add() returning 0 on success (it returns the
positive blacklist count).
Signed-off-by: Jouni Malinen <j@w1.fi>
These commands can be executed on the P2P interface thus should be
redirected to it when issued to the global control interface.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Commit 41d5ce9e0b added scan optimizations
for P2P invitation cases. However, it left a path where the invitation
state was not cleared and as such, introduced potential issues for
following scans that ended up getting incorrectly optimized for a single
channel regardless of parameters. Fix this by clearing p2p_in_invitation
more carefully, especially on p2p_cancel command.
p2p_cancel is now also run from the FLUSH command to avoid issues with
hwsim test cases (e.g., persistent_group_per_sta_psk followed by
ap_open_tdls resulted in an error due to p2p_in_invitation remaining set
after FLUSH).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The newer NFC_REPORT_HANDOVER command is more general version that
handles the cases where NFC_RX_HANDOVER_SEL could potentially have been
used. In addition, with the new WPS NFC design, it is important to
receive the handover request message that was used in the handover in
addition to the select message, so the NFC_RX_HANDOVER_SEL command on
its own would not be sufficient for this.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows a subset of channels to be specified for the scan used to
find the network when the SELECT_NETWORK ctrl_iface command is issued.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
"GET_CRED <id> <field>" can now be used to fetch credential parameters
over the control interface. This does not allow passwords etc. private
material to be retrieved ("*" is returned for those if the value is set
regardless of the value). FAIL is returned if the requested parameter
has not been set. For cred parameters that can have multiple values,
newline separated list of values is returned.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Following events are now sent to ctrl_iface monitors to indicate if
credential blocks have been added, modified, or removed:
CRED-ADDED <id>
CRED-MODIFIED <id> <field>
CRED-REMOVE <id>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows a single ANQP query to be used to fetch both IEEE 802.11
defined ANQP elements and Hotspot 2.0 vendor specific elements.
ANQP_GET <addr> <info id>[,<info id>]...
[,hs20:<subtype>][...,hs20:<subtype>]
For example:
ANQP_GET 00:11:22:33:44:55:66 258,268,hs20:3,hs20:4
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
There is not much point in building devices with WPS 1.0 only supported
nowadays. As such, there is not sufficient justification for maintaining
extra complexity for the CONFIG_WPS2 build option either. Remove this by
enabling WSC 2.0 support unconditionally.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
"SET blob <name> <hexdump>" can now be used to set a configuration blob
through the wpa_supplicant control interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
The radio_work type was stored within the dynamically allocated
wpa_radio_work buffer and that buffer ended up getting freed before the
final use of the type string within radio_work_done(). This resulted in
freed memory being used for a debug print. Avoid this by freeing the
wpa_external_work instance after having completed radio_work_done() for
the related work.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add "reattach" command to perform single-channel single-ssid scan
instead of full scan when trying to reconnect to the currently
"connected" network (assuming old scan results are not current enough to
skip the scan completely). This allows the scan result to come back in
much faster time. In ath9k, the scan took around 12 seconds with full
background scan, and only 0.1 second with the single-channel single-ssid
scan. Thus, take much less time for the client to re-establish
connection with the currently "connected" network.
Signed-hostap: Peter Qiu <zqiu@chromium.org>
Move pno_start() and pno_stop() to scan.c as a more relevant location
and rename them to wpas_start_pno()/wpas_stop_pno().
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This enables more convenient protocol testing of AP and P2P
functionality in various error cases and unexpected sequences without
having to implement each test scenario within wpa_supplicant.
ext_mgmt_frame_handle parameter can be set to 1 to move all management
frame processing into an external program through control interface
events (MGMT-RX and MGMT-TX-STATUS) and command (MGMT_TX). This is
similar to the test interface that was added to hostapd previously, but
allows more control on offchannel operations and more direct integration
with the internal P2P module.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a callback to the driver interface that allows vendor specific
commands to be sent. In addition, a control interface command is added
to expose this new interface outside wpa_supplicant:
Vendor command's format:
VENDOR <vendor id> <sub command id> [<hex formatted data>]
The 3rd argument will be converted to binary data and then passed as
argument to the sub command.
This interface is driver independent, but for now, this is only
implemented for the nl80211 driver interface using the cfg80211 vendor
commands.
Signed-off-by: Beni Lev <beni.lev@intel.com>
The pos pointer can be compared to the start of the buffer pointer to
determine whether the entry is the first one in the list. This gets rid
of some static analyzer warnings about unused variable writes.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new provisioning_sp cred field can now be used to track which SP
provisioned the credential. This makes it easier to find the matching
PPS MO from the management tree (./Wi-Fi/<provisioning_sp>).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_cli fetch_osu command can be used to fetch information about
all OSU providers and write that to a text file with the icons in
separate files. cancel_osu_fetch command can be used to stop ongoing OSU
provider list fetch.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant can request OSU icon data with "hs20_icon_request <BSSID>
<icon filename>". This transmits an Icon Request ANQP element and
processes the response in Icon Binary File ANQP elements.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The HS 2.0 Indication element from wpa_supplicant now includes the
release number field and wpa_supplicant shows the release number of the
AP in STATUS command (hs20=1 replaced with hs20=<release>).
The new update_identifier field in the cred block can now be used to
configure the PPS MO ID so that wpa_supplicant adds it to the Indication
element in Association Request frames.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This parameter was actually used in some testing cases in a way that did
not really work well with the FLUSH command ending up disabling PMF.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, any network block could be used to select the BSS to connect
to when processing scan results after Interworking network selection.
This can result in somewhat unexpected network selection in cases where
credential preferences indicated that a specific network was selected,
but another network ended up getting used for the connection. While the
older networks continue to be valid, add special processing for this
initial post-interworking-connect case to get more consistent network
selection to match with the Interworking network selection result.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
CONFIG_MODULE_TESTS=y build option can now be used to build in module
tests into hostapd and wpa_supplicant binaries. These test cases will be
used to get better testing coverage for various details that are
difficult to test otherwise through the control interface control. A
single control interface command is used to executed these tests within
the hwsim test framework. This commit adds just the new mechanism, but no
module tests are yet integrated into this mechanism.
Signed-off-by: Jouni Malinen <j@w1.fi>
While testing rfkill blocking of a scanning interface, it
was seen that the ongoing scan never completes. This happens
since EVENT_SCAN_RESULTS is discarded on a disabled interface.
Fix this and also other possible radio work completion issues
by removing all the radio works (including started) of the
disabled interface.
To be able to remove already started radio works, make their
callbacks be reentrant with deinit flag (when the work
is started), so each radio work should be able to handle
its own termination.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The more generic NFC_REPORT_HANDOVER is now used to report completed NFC
connection handover operations in either role and NFC_RX_HANDOVER_REQ
did not have any implementation within wpa_supplicant.
Signed-off-by: Jouni Malinen <j@w1.fi>
Memory allocated by calling function ieee802_11_vendor_ie_concat()
was not freed on an error path int ctrl_iface BSS command.
Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
P2P persistent connection may fail due to 802.11d channel change event
invalidating support of the operating frequency sent in the invitation
request, before receiving the invitation response. If the operating
frequency is invalid at the time the invitation response is processed
and there is no forced frequency provided by user, allow frequency
re-selection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If P2P was disabled (e.g., due to driver not supporting it or through
p2p_disabled=1 configuration), setting Wi-Fi Display parameters could
result in segmentation fault when the WFD IE is updated without the P2P
module being initialized. Fix this by skipping the update if P2P module
is not in use. In addition, show Wi-Fi Display as disabled in "GET
wifi_display" and refuse to enable it with "SET wifi_display 1" if P2P
is not enabled.
Signed-hostap: Jouni Malinen <j@w1.fi>
This can be used to force an operating channel for P2P group formation
triggered by NFC operations.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
These optional attributes, if present, can be used to speed up the
initial connection by using a single channel scan.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If CONFIG_WPS_TESTING=y is enabled in build configuration, the new
wps_corrupt_pkhash parameter (similar to wps_testing_dummy_cred) can be
used to request public key hash to be corrupted in all generated OOB
Device Password attributes. This can be used for testing purposes to
validate public key hash validation steps.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When the NFC connection handover message received from a peer indicates
that the peer is operating as a GO on a specific channel, use that
information to avoid having to go through full scan. In addition, skip
the separate join-a-group scan since we already know the operating
channel, GO P2P Device Address, and SSID.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The device with the NFC Tag can be configured to enable NFC to be used
with "P2P_SET nfc_tag 1" and "P2P_LISTEN" commands to allow static
handover to be used.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
"NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to
report completed NFC negotiated connection handover in which the P2P
alternative carrier was selected.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
"NFC_GET_HANDOVER_{REQ,SEL} NDEF P2P-CR" can now be used to build P2P
alternative carrier record for NFC connection handover request/select
messages.
Static connection handover case can be enabled by configuring the DH
parameters (either with wps_nfc_* configuration parameters or with
WPS_NFC_TOKEN command at run time. The NFC Tag contents can be generated
with "NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG" after having configured
Listen channel (p2p_listen_reg_class/p2p_listen_channel).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
New functionality is needed for this with the update NFC connection
handover design that depends on the AP side using the public key hash
from the handover request.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It is more useful to be able to build a single NFC carrier record
instead of the full connection handover request message to allow
external components to decide whether to negotiate which alternative
carrier is used. This updates the carrier record contents to the new
design to include Enrollee public key hash and provides this as a
carrier record instead of full message. An external program is expected
to be used to build the full NFC connection handover message with
potentially other alternative carrier records included.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If the SSID of the WPS AP is known, it should be possible to limit AP
selection based on this when searching for an active WPS AP. This commit
adds a mechanism to specify SSID for this type of uses.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Since the Enrollee can now get the public key hash from the Registrar,
there is need to validate this during the WPS protocol run.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it more convenient for test scripts to change parameters for
a specific test case without having to separately clear them between
each test case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When start PNO request comes from control interface, wpa_supplicant
should wait until ongoing sched_scan (triggered by wpa_supplicant)
gets cancelled. Issuing cancel sched_scan and start PNO scan
one after another from pno_start() would lead wpa_supplicant to clear
wps->sched_scanning flag while getting sched_scan stopped event
from driver for cancel sched_scan request. In fact, PNO scan will
be in progress in driver and wpa_s->sched_scanning will not be set
in such cases.
In addition to this change, RSSI threshold limit is passed as part of
start sched_scan request. This was previously set only in pno_start(),
but the same parameter should be available for generic sched_scan calls
as well and this can now be reached through the new PNO start sequence.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Verify wpa_s->radio pointer before accessing it. If interface addition
fails, this could get called before wpa_s->radio has been set.
The segmentation fault details:
Program received signal SIGSEGV, Segmentation fault.
0x00000000004b9591 in wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
5754 dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,
Call stack:
0 wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
1 wpa_supplicant_deinit_iface (wpa_s=0x77fff0, notify=0, terminate=0) at wpa_supplicant.c:3619
2 wpa_supplicant_add_iface (global=0x75db10, iface=0x7fffffffe270) at wpa_supplicant.c:3691
3 wpas_p2p_add_p2pdev_interface (wpa_s=0x75dd20) at p2p_supplicant.c:3700
4 main (argc=<optimized out>, argv=<optimized out>) at main.c:317
Function:
5750 void wpas_ctrl_radio_work_flush(struct wpa_supplicant *wpa_s)
5751 {
5752 struct wpa_radio_work *work, *tmp;
5753
5754 dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,
5755 struct wpa_radio_work, list) {
5756 struct wpa_external_work *ework;
5757
5758 if (os_strncmp(work->type, "ext:", 4) != 0)
Root cause:
(gdb) p wpa_s->radio
$1 = (struct wpa_radio *) 0x0
Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
It should be noted that these commands are not exclusively used for P2P
or in the global context, so use of these commands through the global
control interface for operations that are specific to a single interface
have undefined behavior and that behavior may change in the future. As
such, these are recommend only for operations that are in the global
context (e.g., for P2P management).
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
All te network blocks and credentials were already cleared, but
configurations blobs should also be cleared here, e.g., to get
more consistent behavior test cases using EAP-FAST PACs.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, only the last response data was kept in memory. This
increases that to hold up to two last responses to allow some more
parallel operations to be requested. In addition, the response data is
now freed as soon as the external program has fetched it.
Signed-hostap: Jouni Malinen <j@w1.fi>
This can be used to limit which channels are scanned using the specified
list of frequency ranges in the same format that the SCAN command uses.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new radio work item concept can be used to request time for an
operation that requires exclusive radio control, e.g., a scan. Once the
radio is available, the registered callback function will be called.
radio_work_done() must be called once the exclusive radio operation has
been completed, so that the radio is freed for other operations. The
special case of deinit=1 is used to free the context data during
interface removal. That does not allow the callback function to start
the radio operation, i.e., it needs to free the allocated resources
and return.
Signed-hostap: Jouni Malinen <j@w1.fi>
The newer wpa_dbg() print includes the same information in a more
convenient form, so remove the duplicate RX ctrl_iface hexdump in the
cases where there is no key material in the control interface commands
(the possible-key-material case is still using wpa_hexdump_ascii_key).
Signed-hostap: Jouni Malinen <j@w1.fi>
If the BSS table within wpa_supplicant is flushed, request the driver to
flush its own scan result table during the next scan. This can avoid
unexpected old BSS entries showing up after BSS_FLUSH or FLUSH command
in cases where the driver may maintain its internal cache of scan
results (e.g., cfg80211 BSS table persists at least for 15 seconds).
In addition to doing this automatically on BSS_FLUSH/FLUSH, a new SCAN
command argument, only_new=1, can be used to request a manual scan
request to do same. Though, it should be noted that this maintains the
BSS table within wpa_supplicant. BSS_FLUSH followed by SCAN command can
be used to clear all BSS entries from both the driver and
wpa_supplicant.
Signed-hostap: Jouni Malinen <j@w1.fi>
These were somewhat more hidden to avoid direct use, but there are now
numerous places where these are needed and more justification to make
the extern int declarations available from wpa_debug.h. In addition,
this avoids some warnings from sparse.
Signed-hostap: Jouni Malinen <j@w1.fi>
This makes it easier to enable various testing parameters and
functionality in build configuration.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This allows users of wpa_supplicant control interface to figure out when
their specific scan command has been started and completed. For example:
CTRL-EVENT-SCAN-STARTED
> scan freq=2412,2417 passive=1 use_id=1
3
CTRL-EVENT-SCAN-RESULTS
CTRL-EVENT-SCAN-STARTED id=3
CTRL-EVENT-SCAN-RESULTS id=3
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows external programs to request wpa_supplicant to execute
a passive scan (i.e., do not send any Probe Request frames).
Signed-hostap: Jouni Malinen <j@w1.fi>
The new freq=<frequency ranges> parameter to the SCAN command can be
used to request a scan to be performed on the specified set of channels
instead of on all channels. For example, "wpa_cli scan
freq=2400-2500,5180" would scan channels 1-14 and 36. Only the channels
that the driver indicates as enabled and that are within the specified
ranges are included in the request.
Signed-hostap: Jouni Malinen <j@w1.fi>