jeltz
/
hostap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
vlan_per_psk_v2
vlan_per_psk
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'vlan_per_psk'
${ noResults }
hostap/wpa_supplicant/events.c

5657 lines
154 KiB
C
Raw Permalink Normal View History Unescape Escape

Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
/*
* WPA Supplicant - Driver event processing
UBSan: Fix RRM beacon processing attempt without scan_info Some driver interfaces (e.g., wext) might not include the data->scan_info information and data could be NULL here. Do not try to call the RRM handler in this case since that would dereference the NULL pointer when determining where scan_info is located and could potentially result in trying to read from unexpected location if RRM is enabled with a driver interface that does not support it. events.c:1907:59: runtime error: member access within null pointer of type 'union wpa_event_data' Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
* Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
*
Remove the GPL notification from files contributed by Jouni Malinen Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
* This software may be distributed under the terms of the BSD license.
* See README for more details.
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
*/
#include "includes.h"
#include "common.h"
#include "eapol_supp/eapol_supp_sm.h"
Remove src/rsn_supp from default header path
15 years ago
#include "rsn_supp/wpa.h"
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
#include "eloop.h"
#include "config.h"
#include "l2_packet/l2_packet.h"
#include "wpa_supplicant_i.h"
Add preliminary hostapd data structure initialization for AP mode wpa_supplicant can now initialize hostapd data structures when mode=2 is used to set up an AP. The hostapd configuration is not yet set based on wpa_supplicant network configuration block. In addition, the glue code for hostapd driver_ops needs number of functions that will be needed for AP functionality.
15 years ago
#include "driver_i.h"
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
#include "pcsc_funcs.h"
Remove src/rsn_supp from default header path
15 years ago
#include "rsn_supp/preauth.h"
#include "rsn_supp/pmksa_cache.h"
Remove src/common from default header file path This makes it clearer which files are including header from src/common. Some of these cases should probably be cleaned up in the future not to do that. In addition, src/common/nl80211_copy.h and wireless_copy.h were moved into src/drivers since they are only used by driver wrappers and do not need to live in src/common.
15 years ago
#include "common/wpa_ctrl.h"
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
#include "eap_peer/eap.h"
Use generic driver event notification for AP mode assoc/disassoc
15 years ago
#include "ap/hostapd.h"
P2P: Skip GO Neg Conf ack failure workaround of send failures The workaround to ignore no ctrl::ack received for GO Negotiation Confirmation frame was only supposed to be used when the frame was actually transmitted and just the ack was not received. However, due to the way the driver failure on transmitting the frame were reported, this ended up getting applied for all failures in sending the GO Negotiation Confirmation frame. Improve this by providing a mechanism to indicate whether send_action operations fail locally before the frame was actually transmitted or because of not receiving ack frame after having transmitted the frame.
14 years ago
#include "p2p/p2p.h"
FST: Send FST Action frame for processing (wpa_supplicant) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
#include "fst/fst.h"
WNM: Add WNM-Sleep Mode for station mode Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
#include "wnm_sta.h"
Add wpa_supplicant notification calls This introduces a new mechanism for collecting notification calls into a single place (notify.c). As a result of this, most of the wpa_supplicant code does not need to know about dbus (etc. mechanisms that could use the notifications). Some empty placeholder functions are also added in preparation of new dbus code that needs more event notifications.
15 years ago
#include "notify.h"
Remove src/common from default header file path This makes it clearer which files are including header from src/common. Some of these cases should probably be cleaned up in the future not to do that. In addition, src/common/nl80211_copy.h and wireless_copy.h were moved into src/drivers since they are only used by driver wrappers and do not need to live in src/common.
15 years ago
#include "common/ieee802_11_defs.h"
WPS 2.0: Validate WPS attributes in management frames and WSC messages If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and reject the frames if any of the mandatory attributes is missing or if an included attribute uses an invalid value. In addition, verify that all mandatory attributes are included and have valid values in the WSC messages.
14 years ago
#include "common/ieee802_11_common.h"
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#include "common/gas_server.h"
DPP2: PFS for PTK derivation Use Diffie-Hellman key exchange to derivate additional material for PMK-to-PTK derivation to get PFS. The Diffie-Hellman Parameter element (defined in OWE RFC 8110) is used in association frames to exchange the DH public keys. For backwards compatibility, ignore missing request/response DH parameter and fall back to no PFS in such cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
#include "common/dpp.h"
WPA: Add PTKSA cache to wpa_supplicant for PASN PASN requires to store the PTK derived during PASN authentication so it can later be used for secure LTF etc. This is also true for a PTK derived during regular connection. Add an instance of a PTKSA cache for each wpa_supplicant interface when PASN is enabled in build configuration. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
3 years ago
#include "common/ptksa_cache.h"
Maintain internal entropy pool for augmenting random number generation By default, make hostapd and wpa_supplicant maintain an internal entropy pool that is fed with following information: hostapd: - Probe Request frames (timing, RSSI) - Association events (timing) - SNonce from Supplicants wpa_supplicant: - Scan results (timing, signal/noise) - Association events (timing) The internal pool is used to augment the random numbers generated with the OS mechanism (os_get_random()). While the internal implementation is not expected to be very strong due to limited amount of generic (non-platform specific) information to feed the pool, this may strengthen key derivation on some devices that are not configured to provide strong random numbers through os_get_random() (e.g., /dev/urandom on Linux/BSD). This new mechanism is not supposed to replace proper OS provided random number generation mechanism. The OS mechanism needs to be initialized properly (e.g., hw random number generator, maintaining entropy pool over reboots, etc.) for any of the security assumptions to hold. If the os_get_random() is known to provide strong ramdom data (e.g., on Linux/BSD, the board in question is known to have reliable source of random data from /dev/urandom), the internal hostapd random pool can be disabled. This will save some in binary size and CPU use. However, this should only be considered for builds that are known to be used on devices that meet the requirements described above. The internal pool is disabled by adding CONFIG_NO_RANDOM_POOL=y to the .config file.
14 years ago
#include "crypto/random.h"
Rename blacklist.[ch] to bssid_ignore.[ch] This completes renaming of this functionality for a list of temporarily ignored BSSIDs. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
#include "bssid_ignore.h"
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
#include "wpas_glue.h"
WPS: Added support for fragmented WPS IE in Beacon and Probe Response Fragment WPS IE if needed to fit into the IE length limits in hostapd and Reassemble WPS IE data from multiple IEs in wpa_supplicant. In addition, moved WPS code from events.c into wps_supplicant.c to clean up module interfaces.
16 years ago
#include "wps_supplicant.h"
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
16 years ago
#include "ibss_rsn.h"
Add SME support (separate authentication and association) This can be used, e.g., with mac80211-based Linux drivers with nl80211. This allows over-the-air FT protocol to be used (IEEE 802.11r). Since the nl80211 interface needed for this is very recent (added today into wireless-testing.git), driver_nl80211.c has backwards compatibility code that uses WEXT for association if the kernel does not support the new commands. This compatibility code can be disabled by defining NO_WEXT_COMPAT. That code will also be removed at some point to clean up driver_nl80211.c.
15 years ago
#include "sme.h"
GAS: Add a generic GAS query module This implements GAS request mechanism that is aimed at being used to replace use case specific GAS/ANQP implementations in the future. Compared to the earlier implementation in P2P SD, this implementation includes support for multiple concurrent requests and more thorough validation of frames against the pending query data. GAS header processing, including comeback and reassembly, are handled within gas_query.c and the users of this module will only need to provide the Query Request and process the (possibly reassembled) Query Response.
13 years ago
#include "gas_query.h"
P2P: Map driver events to P2P event notifications
14 years ago
#include "p2p_supplicant.h"
Add preliminary background scan and roaming module design This allows background scanning and roaming decisions to be contained in a single place based on a defined set of notification events which will hopefully make it easier to experiment with roaming improvements. In addition, this allows multiple intra-ESS roaming policies to be used (each network configuration block can configure its own bgscan module). The beacon loss and signal strength notifications are implemented for the bgscan API, but the actual events are not yet available from the driver. The included sample bgscan module ("simple") is an example of what can be done with the new bgscan mechanism. It requests periodic background scans when the device remains associated with an ESS and has couple of notes on what a more advanced bgscan module could do to optimize background scanning and roaming. The periodic scans will cause the scan result handler to pick a better AP if one becomes available. This bgscan module can be taken into use by adding bgscan="simple" (or bgscan="simple:<bgscan interval in seconds>") into the network configuration block.
15 years ago
#include "bgscan.h"
Add automatic scanning support Like bgscan, autoscan is an optional module based feature to automate scanning but while disconnected or inactive. Instead of requesting directly a scan, it only sets the scan_interval and the sched_scan_interval. So, if the driver supports sched_scan, autoscan will be able to tweak its interval. Otherwise, the tweaked scan_interval will be used. If scan parameters needs to be tweaked, an autoscan_params pointer in wpa_s will provide those. So req_scan / req_sched_scan will not set the scan parameters as they usually do, but instead will use this pointer. Modules will not have to request a scan directly, like bgscan does. Instead, it will need to return the interval it wants after each notification. Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
12 years ago
#include "autoscan.h"
Use generic driver events for TX status and RX reporting Replace driver wrapper calls to hostapd_tx_status(), hostapd_rx_from_unknown_sta(), hostapd_mgmt_rx(), and hostapd_mgmt_tx_cb() with new generic driver events EVENT_TX_STATUS, EVENT_RX_FROM_UNKNOWN, and EVENT_RX_MGMT. This cleans up lot of the driver wrapper code to be less dependent on whether it is being used within wpa_supplicant AP mode or hostapd.
15 years ago
#include "ap.h"
Use BSS table entry instead of raw scan result for connection
15 years ago
#include "bss.h"
Move wpa_supplicant specific scan code away from src/drivers This fits better in wpa_supplicant/scan.c. Couple of remaining scan_helpers.c functions are currently used in driver wrappers, but they can likely be removed in the future.
15 years ago
#include "scan.h"
GAS: Use off-channel operations for requests This separates off-channel Action frame TX/RX from P2P into a generic implementation that can now be used both for P2P and GAS needs.
13 years ago
#include "offchannel.h"
Interworking: Add optional use of network selection on normal scans auto_interworking=1 configuration parameter can be used to request wpa_supplicant to use Interworking network selection automatically as a part of the normal (non-Interworking) network selection if the scan results do not match with enabled networks. This makes scanning work similarly to the "interworking_select auto" command. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
#include "interworking.h"
mesh: Add mesh mode routines Add routines to (de)initialize mesh interface data structures and join and leave mesh networks. Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
10 years ago
#include "mesh.h"
mesh: Add mesh peering manager The mesh peering manager establishes and maintains links among mesh peers, tracking each peer link via a finite state machine. This implementation supports open mesh peerings. [assorted fixes from Yu Niiro <yu.niiro@gmail.com>] [more fixes from Masashi Honma <masashi.honma@gmail.com>] Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-hostap: Bob Copeland <me@bobcopeland.com>
10 years ago
#include "mesh_mpm.h"
WMM AC: Parse WMM IE on association Initialize WMM AC data structures upon successful association with an AP that publishes WMM support, and deinitialize the data structure when the association is no longer valid. Signed-off-by: Moshe Benji <moshe.benji@intel.com> Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
10 years ago
#include "wmm_ac.h"
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#include "dpp_supplicant.h"
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
OWE: Attempt more scans for OWE transition SSID if expected BSS not seen This commit introduces a threshold for OWE transition BSS selection, which signifies the maximum number of selection attempts (scans) done for finding OWE BSS. This aims to do more scan attempts for OWE BSS and eventually select the open BSS if the selection/scan attempts for OWE BSS exceed the configured threshold. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
#define MAX_OWE_TRANSITION_BSS_SELECT_COUNT 5
Remove compiler warnings with CONFIG_NO_SCAN_PROCESSING Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
#ifndef CONFIG_NO_SCAN_PROCESSING
RSN: Update preauth scan results only based on new scan results The fast-connect optimization to skip a new scan did not update how the RSN preauthentication callback is used. There is no point in trying to add preauthentication candidates from cases where scan was skipped, so skip this call, too, in such cases. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
static int wpas_select_network_from_last_scan(struct wpa_supplicant *wpa_s,
Request new scan only for the original interface Request new scan only for the interface for which the original scan request and results has come. Otherwise while sharing scan results along with P2P interfaces, the new scan will be requested on P2P interfaces. Signed-hostap: Jithu Jance <jithu@broadcom.com>
11 years ago
int new_scan, int own_request);
Remove compiler warnings with CONFIG_NO_SCAN_PROCESSING Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
#endif /* CONFIG_NO_SCAN_PROCESSING */
Make wpas_select_network_from_last_scan() static Addition of wpa_supplicant_fast_associate() made it unnecessary to call wpas_select_network_from_last_scan() directly from other files. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
wpa_supplicant: Avoid associating to temp disabled SSID in ap_scan=2 In ap_scan=2 mode, wpa_supplicant_assoc_try() did not check whether the SSID is temporarily disabled before trying to associate and this may result in an infinite connect/disconnect loop. If the association succeeds while the SSID is temporarily disabled, wpa_supplicant will request to deauthenticate and that in turn will cause the SSID to be temporarily disabled again. Fix that by postponing the association until the SSID is no longer temporarily disabled. Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
7 years ago
int wpas_temp_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
Disable network block temporarily on authentication failures If 4-way handshake fails due to likely PSK failure or if EAP authentication fails, disable the network block temporarily. Use longer duration if multiple consecutive failures are seen. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
{
wpa_supplicant: Use monotonic time for temp-disabled networks Temporarily disabled networks are disabled for a certain duration, so the code should use monotonic time. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
struct os_reltime now;
Disable network block temporarily on authentication failures If 4-way handshake fails due to likely PSK failure or if EAP authentication fails, disable the network block temporarily. Use longer duration if multiple consecutive failures are seen. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
if (ssid == NULL || ssid->disabled_until.sec == 0)
return 0;
wpa_supplicant: Use monotonic time for temp-disabled networks Temporarily disabled networks are disabled for a certain duration, so the code should use monotonic time. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
os_get_reltime(&now);
Disable network block temporarily on authentication failures If 4-way handshake fails due to likely PSK failure or if EAP authentication fails, disable the network block temporarily. Use longer duration if multiple consecutive failures are seen. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
if (ssid->disabled_until.sec > now.sec)
return ssid->disabled_until.sec - now.sec;
wpas_clear_temp_disabled(wpa_s, ssid, 0);
return 0;
}
Comment out wpas_reenabled_network_time with CONFIG_NO_SCAN_PROCESSING This removes a compiler warning about unused function. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
#ifndef CONFIG_NO_SCAN_PROCESSING
Delay AP selection if all networks are temporarily disabled If all networks are temporarily disabled, delay AP selection until at least one network is enabled. Running AP selection when all networks are disabled is useless as wpa_supplicant will not try to connect. In addition, it will result in needless scan iterations that may delay the connection when it is needed. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
9 years ago
/**
* wpas_reenabled_network_time - Time until first network is re-enabled
* @wpa_s: Pointer to wpa_supplicant data
* Returns: If all enabled networks are temporarily disabled, returns the time
* (in sec) until the first network is re-enabled. Otherwise returns 0.
*
* This function is used in case all enabled networks are temporarily disabled,
* in which case it returns the time (in sec) that the first network will be
* re-enabled. The function assumes that at least one network is enabled.
*/
static int wpas_reenabled_network_time(struct wpa_supplicant *wpa_s)
{
struct wpa_ssid *ssid;
int disabled_for, res = 0;
#ifdef CONFIG_INTERWORKING
if (wpa_s->conf->auto_interworking && wpa_s->conf->interworking &&
wpa_s->conf->cred)
return 0;
#endif /* CONFIG_INTERWORKING */
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
if (ssid->disabled)
continue;
disabled_for = wpas_temp_disabled(wpa_s, ssid);
if (!disabled_for)
return 0;
if (!res || disabled_for < res)
res = disabled_for;
}
return res;
}
Comment out wpas_reenabled_network_time with CONFIG_NO_SCAN_PROCESSING This removes a compiler warning about unused function. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
#endif /* CONFIG_NO_SCAN_PROCESSING */
Delay AP selection if all networks are temporarily disabled If all networks are temporarily disabled, delay AP selection until at least one network is enabled. Running AP selection when all networks are disabled is useless as wpa_supplicant will not try to connect. In addition, it will result in needless scan iterations that may delay the connection when it is needed. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
9 years ago
void wpas_network_reenabled(void *eloop_ctx, void *timeout_ctx)
{
struct wpa_supplicant *wpa_s = eloop_ctx;
if (wpa_s->disconnected || wpa_s->wpa_state != WPA_SCANNING)
return;
wpa_dbg(wpa_s, MSG_DEBUG,
"Try to associate due to network getting re-enabled");
if (wpa_supplicant_fast_associate(wpa_s) != 1) {
wpa_supplicant_cancel_sched_scan(wpa_s);
wpa_supplicant_req_scan(wpa_s, 0, 0);
}
}
P2P NFC: WPA state machine config with driver-based BSS selection wpa_s->current_bss was updated too late for the wpa_supplicant_rsn_supp_set_config() call within wpa_supplicant_select_config(). Re-order code so that current_bss gets updated between current_ssid update and this call to set the WPA state machine configuration, so that the new code that determines whether the current GO support the new IP address assignment mechanism works. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
static struct wpa_bss * wpa_supplicant_get_new_bss(
struct wpa_supplicant *wpa_s, const u8 *bssid)
{
struct wpa_bss *bss = NULL;
struct wpa_ssid *ssid = wpa_s->current_ssid;
if (ssid->ssid_len > 0)
bss = wpa_bss_get(wpa_s, bssid, ssid->ssid, ssid->ssid_len);
if (!bss)
bss = wpa_bss_get_bssid(wpa_s, bssid);
return bss;
}
STA: Update scan results for ap_scan=1 skip-selection case also The commit 5cd4740580350371d77618ac037deef90b48d339 has rearranged the update scan results code and hence the IEs were not getting updated properly for ap_scan=1 case. This can result in a 4-way handshake failure in the roaming case (IE mismatch in 3/4 EAPOL). Fix this by updating the scan results even if ap_scan=1 is used and network does not need to get reselected based on association information. Signed-off-by: Jithu Jance <jithu@broadcom.com> Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
static void wpa_supplicant_update_current_bss(struct wpa_supplicant *wpa_s)
{
struct wpa_bss *bss = wpa_supplicant_get_new_bss(wpa_s, wpa_s->bssid);
if (!bss) {
wpa_supplicant_update_scan_results(wpa_s);
/* Get the BSS from the new scan results */
bss = wpa_supplicant_get_new_bss(wpa_s, wpa_s->bssid);
}
if (bss)
wpa_s->current_bss = bss;
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
static int wpa_supplicant_select_config(struct wpa_supplicant *wpa_s)
{
Add wpa_supplicant notification calls This introduces a new mechanism for collecting notification calls into a single place (notify.c). As a result of this, most of the wpa_supplicant code does not need to know about dbus (etc. mechanisms that could use the notifications). Some empty placeholder functions are also added in preparation of new dbus code that needs more event notifications.
15 years ago
struct wpa_ssid *ssid, *old_ssid;
Replace MAX_SSID_LEN with SSID_MAX_LEN This makes source code more consistent. The use within Android driver interface is left as-is to avoid changes in the old PNO interface definition. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
u8 drv_ssid[SSID_MAX_LEN];
nl80211: Allow driver-based roam to change ESS This extends NL80211_CMD_ROAM event processing to allow the driver to roam to another ESS (different SSID) when using offloaded BSS selection. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
size_t drv_ssid_len;
Disable network block temporarily on authentication failures If 4-way handshake fails due to likely PSK failure or if EAP authentication fails, disable the network block temporarily. Use longer duration if multiple consecutive failures are seen. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
int res;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
STA: Update scan results for ap_scan=1 skip-selection case also The commit 5cd4740580350371d77618ac037deef90b48d339 has rearranged the update scan results code and hence the IEs were not getting updated properly for ap_scan=1 case. This can result in a 4-way handshake failure in the roaming case (IE mismatch in 3/4 EAPOL). Fix this by updating the scan results even if ap_scan=1 is used and network does not need to get reselected based on association information. Signed-off-by: Jithu Jance <jithu@broadcom.com> Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
if (wpa_s->conf->ap_scan == 1 && wpa_s->current_ssid) {
wpa_supplicant_update_current_bss(wpa_s);
nl80211: Allow driver-based roam to change ESS This extends NL80211_CMD_ROAM event processing to allow the driver to roam to another ESS (different SSID) when using offloaded BSS selection. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (wpa_s->current_ssid->ssid_len == 0)
return 0; /* current profile still in use */
res = wpa_drv_get_ssid(wpa_s, drv_ssid);
if (res < 0) {
wpa_msg(wpa_s, MSG_INFO,
"Failed to read SSID from driver");
return 0; /* try to use current profile */
}
drv_ssid_len = res;
if (drv_ssid_len == wpa_s->current_ssid->ssid_len &&
os_memcmp(drv_ssid, wpa_s->current_ssid->ssid,
drv_ssid_len) == 0)
return 0; /* current profile still in use */
OWE: Avoid incorrect profile update in transition mode The "unexpected" change of SSID between the current network profile (which uses the SSID from the open BSS in OWE transition mode) and the association with the OWE BSS (which uses a random, hidden SSID) resulted in wpa_supplicant incorrectly determining that this was a driver-initiated BSS selection ("Driver-initiated BSS selection changed the SSID to <the random SSID from OWE BSS>" in debug log). This ended up with updating security parameters based on the network profile inwpa_supplicant_set_suites() instead of using the already discovered information from scan results. In particular, this cleared the RSN supplicant state machine information of AP RSNE and resulted in having to fetch the scan results for the current BSS when processing EAPOL-Key msg 3/4. Fix this by recognizing the special case for OWE transition mode where the SSID for the associated AP does not actually match the SSID in the network profile. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#ifdef CONFIG_OWE
if ((wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
wpa_s->current_bss &&
(wpa_s->current_bss->flags & WPA_BSS_OWE_TRANSITION) &&
drv_ssid_len == wpa_s->current_bss->ssid_len &&
os_memcmp(drv_ssid, wpa_s->current_bss->ssid,
drv_ssid_len) == 0)
return 0; /* current profile still in use */
#endif /* CONFIG_OWE */
nl80211: Allow driver-based roam to change ESS This extends NL80211_CMD_ROAM event processing to allow the driver to roam to another ESS (different SSID) when using offloaded BSS selection. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
wpa_msg(wpa_s, MSG_DEBUG,
"Driver-initiated BSS selection changed the SSID to %s",
wpa_ssid_txt(drv_ssid, drv_ssid_len));
/* continue selecting a new network profile */
STA: Update scan results for ap_scan=1 skip-selection case also The commit 5cd4740580350371d77618ac037deef90b48d339 has rearranged the update scan results code and hence the IEs were not getting updated properly for ap_scan=1 case. This can result in a 4-way handshake failure in the roaming case (IE mismatch in 3/4 EAPOL). Fix this by updating the scan results even if ap_scan=1 is used and network does not need to get reselected based on association information. Signed-off-by: Jithu Jance <jithu@broadcom.com> Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Select network based on association "
"information");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
ssid = wpa_supplicant_get_ssid(wpa_s);
if (ssid == NULL) {
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_msg(wpa_s, MSG_INFO,
"No network configuration found for the current AP");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
return -1;
}
Validate WEP key lengths based on driver capabilities The nl80211 driver interface does not allow 128-bit WEP to be used without a vendor specific cipher suite and no such suite is defined for this purpose. Do not accept WEP key length 16 for nl80211 driver interface forn ow. wext-interface can still try to use these for backwards compatibility. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
if (wpas_network_disabled(wpa_s, ssid)) {
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is disabled");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
return -1;
}
Add disallow_aps parameter to disallow BSSIDs/SSIDs External programs can use this new parameter to prevent wpa_supplicant from connecting to a list of BSSIDs and/or SSIDs. The disallowed BSSes will still be visible in scan results and it is possible to run ANQP operations with them, but BSS selection for connection will skip any BSS that matches an entry in the disallowed list. The new parameter can be set with the control interface SET command using following syntax: SET disallow_aps <disallow_list> disallow_list ::= <ssid_spec> | <bssid_spec> | <disallow_list> | “” SSID_SPEC ::= ssid <SSID_HEX> BSSID_SPEC ::= bssid <BSSID_HEX> For example: wpa_cli set disallow_list "ssid 74657374 bssid 001122334455 ssid 68656c6c6f" wpa_cli set disallow_list (the empty value removes all entries) Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
if (disallowed_bssid(wpa_s, wpa_s->bssid) ||
disallowed_ssid(wpa_s, ssid->ssid, ssid->ssid_len)) {
wpa_dbg(wpa_s, MSG_DEBUG, "Selected BSS is disallowed");
return -1;
}
Disable network block temporarily on authentication failures If 4-way handshake fails due to likely PSK failure or if EAP authentication fails, disable the network block temporarily. Use longer duration if multiple consecutive failures are seen. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
res = wpas_temp_disabled(wpa_s, ssid);
if (res > 0) {
wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is temporarily "
"disabled for %d second(s)", res);
return -1;
}
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Network configuration found for the "
"current AP");
Use wpa_key_mgmt_*() helpers This cleans up the source code and makes it less likely that new AKM addition misses some needed changes in the future. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
u8 wpa_ie[80];
size_t wpa_ie_len = sizeof(wpa_ie);
Add more debug info if wpa_supplicant_set_suites() fails Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
wpa_ie, &wpa_ie_len) < 0)
wpa_dbg(wpa_s, MSG_DEBUG, "Could not set WPA suites");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
} else {
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
}
if (wpa_s->current_ssid && wpa_s->current_ssid != ssid)
eapol_sm_invalidate_cached_session(wpa_s->eapol);
Add wpa_supplicant notification calls This introduces a new mechanism for collecting notification calls into a single place (notify.c). As a result of this, most of the wpa_supplicant code does not need to know about dbus (etc. mechanisms that could use the notifications). Some empty placeholder functions are also added in preparation of new dbus code that needs more event notifications.
15 years ago
old_ssid = wpa_s->current_ssid;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_s->current_ssid = ssid;
P2P NFC: WPA state machine config with driver-based BSS selection wpa_s->current_bss was updated too late for the wpa_supplicant_rsn_supp_set_config() call within wpa_supplicant_select_config(). Re-order code so that current_bss gets updated between current_ssid update and this call to set the WPA state machine configuration, so that the new code that determines whether the current GO support the new IP address assignment mechanism works. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
STA: Update scan results for ap_scan=1 skip-selection case also The commit 5cd4740580350371d77618ac037deef90b48d339 has rearranged the update scan results code and hence the IEs were not getting updated properly for ap_scan=1 case. This can result in a 4-way handshake failure in the roaming case (IE mismatch in 3/4 EAPOL). Fix this by updating the scan results even if ap_scan=1 is used and network does not need to get reselected based on association information. Signed-off-by: Jithu Jance <jithu@broadcom.com> Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
wpa_supplicant_update_current_bss(wpa_s);
P2P NFC: WPA state machine config with driver-based BSS selection wpa_s->current_bss was updated too late for the wpa_supplicant_rsn_supp_set_config() call within wpa_supplicant_select_config(). Re-order code so that current_bss gets updated between current_ssid update and this call to set the WPA state machine configuration, so that the new code that determines whether the current GO support the new IP address assignment mechanism works. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
wpa_supplicant_initiate_eapol(wpa_s);
Add wpa_supplicant notification calls This introduces a new mechanism for collecting notification calls into a single place (notify.c). As a result of this, most of the wpa_supplicant code does not need to know about dbus (etc. mechanisms that could use the notifications). Some empty placeholder functions are also added in preparation of new dbus code that needs more event notifications.
15 years ago
if (old_ssid != wpa_s->current_ssid)
wpas_notify_network_changed(wpa_s);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
return 0;
}
Fix TKIP countermeasures stopping in deinit paths The eloop timeout to stop TKIP countermeasures has to be canceled on deinit path to avoid leaving bogus timeouts behind. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
void wpa_supplicant_stop_countermeasures(void *eloop_ctx, void *sock_ctx)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
{
struct wpa_supplicant *wpa_s = eloop_ctx;
if (wpa_s->countermeasures) {
wpa_s->countermeasures = 0;
wpa_drv_set_countermeasures(wpa_s, 0);
wpa_msg(wpa_s, MSG_INFO, "WPA: TKIP countermeasures stopped");
wpa_supplicant: Cancel sched_scan when stopping countermeasures When stopping the TKIP countermeasures, it would be preferable to connect immediately. However if scheduled scan is in progress, a connection attempt will be done only when scan results are received, so cancel the scheduled scan to allow immediate scan and connection attempt. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
9 years ago
/*
* It is possible that the device is sched scanning, which means
* that a connection attempt will be done only when we receive
* scan results. However, in this case, it would be preferable
* to scan and connect immediately, so cancel the sched_scan and
* issue a regular scan flow.
*/
wpa_supplicant_cancel_sched_scan(wpa_s);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_supplicant_req_scan(wpa_s, 0, 0);
}
}
void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s)
{
Add wpa_supplicant notification calls This introduces a new mechanism for collecting notification calls into a single place (notify.c). As a result of this, most of the wpa_supplicant code does not need to know about dbus (etc. mechanisms that could use the notifications). Some empty placeholder functions are also added in preparation of new dbus code that needs more event notifications.
15 years ago
int bssid_changed;
WNM: Add advertisement of BSS max idle period If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period information to the (Re)Association Response frame from the AP and parse this information on the station. For SME-in-wpa_supplicant case, add a timer to handle periodic transmission of the keep-alive frame. The actual request for the driver to transmit a frame is not yet implemented. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
wnm_bss_keep_alive_deinit(wpa_s);
RSN IBSS: Restart IBSS state machines for each new IBSS Change the old design of running a single long living RSN IBSS instance to keep a separate instance for each IBSS connection. This fixes number of issues in getting keys set properly for new connections and is in general quite a bit more correct design.
13 years ago
#ifdef CONFIG_IBSS_RSN
ibss_rsn_deinit(wpa_s->ibss_rsn);
wpa_s->ibss_rsn = NULL;
#endif /* CONFIG_IBSS_RSN */
wpa_supplicant AP: Disable AP mode on disassoc paths Regardless of how the AP mode is disabled, wpa_supplicant_ap_deinit() must be called. Make sure this happens on all paths by calling the deinit function from wpa_supplicant_mark_disassoc().
13 years ago
#ifdef CONFIG_AP
wpa_supplicant_ap_deinit(wpa_s);
#endif /* CONFIG_AP */
HS 2.0: Add support for configuring frame filters When a station starts an association to a Hotspot 2.0 network, request the driver to do the following, based on the BSS capabilities: 1. Enable gratuitous ARP filtering 2. Enable unsolicited Neighbor Advertisement filtering 3. Enable unicast IP packet encrypted with GTK filtering if DGAF disabled bit is zero Clear the filter configuration when the station interface is disassociated. Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
8 years ago
#ifdef CONFIG_HS20
/* Clear possibly configured frame filters */
wpa_drv_configure_frame_filters(wpa_s, 0);
#endif /* CONFIG_HS20 */
Add Linux rfkill support Add a new wpa_supplicant state: interface disabled. This can be used to allow wpa_supplicant to be running with the network interface even when the driver does not actually allow any radio operations (e.g., due to rfkill). Allow driver_nl80211.c and driver_wext.c to start while rfkill is in blocked state (i.e., when ifconfig up fails) and process rfkill events to block/unblock WLAN.
14 years ago
if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
return;
dbus: Export roam time, roam complete, and session length Add new Interface properties "RoamTime", "RoamComplete", and "SessionLength". "RoamTime" carries the roam time of the most recent roam in milliseconds. "RoamComplete" carries True or False corresponding to the success status of the most recent roam. "SessionLength" carries the number of milliseconds corresponding to how long the connection to the last AP was before a roam or disconnect happened. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
6 years ago
if (os_reltime_initialized(&wpa_s->session_start)) {
os_reltime_age(&wpa_s->session_start, &wpa_s->session_length);
wpa_s->session_start.sec = 0;
wpa_s->session_start.usec = 0;
wpas_notify_session_length(wpa_s);
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
Add wpa_supplicant notification calls This introduces a new mechanism for collecting notification calls into a single place (notify.c). As a result of this, most of the wpa_supplicant code does not need to know about dbus (etc. mechanisms that could use the notifications). Some empty placeholder functions are also added in preparation of new dbus code that needs more event notifications.
15 years ago
bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
os_memset(wpa_s->bssid, 0, ETH_ALEN);
os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
SAE: Clear keys from memory on disassociation There is no need to keep temporary keys in memory beyond the end of the association, so explicitly clear any SAE buffers that can contain keys as soon as such keys are not needed. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
sme_clear_on_disassoc(wpa_s);
Clear current_bss pointer on disassociation/deauthentication This is needed to allow the BSS table entry for the previously used BSS to be removed. Now wpa_bss_in_use() can return 0 for the last BSS that was used as soon as deauthentication/disassociation event has been received.
14 years ago
wpa_s->current_bss = NULL;
P2P: Fix Action frame sending after disconnection assoc_freq needs to be cleared when an interface gets disconnected. This fixes an issue where P2P Action frame transmission may fail because of missing remain-on-channel operation when using the same interface for group operations (or non-P2P connections) and P2P management operations.
14 years ago
wpa_s->assoc_freq = 0;
FT: Clear SME ft_used/ft_ies when disconnecting Previous ft_ies needs to be removed before supplicant starts a new FT initial association and this requires the ft_used state to be cleared here. Signed-off-by: Hong Wu <hong.wu@dspg.com>
13 years ago
Add wpa_supplicant notification calls This introduces a new mechanism for collecting notification calls into a single place (notify.c). As a result of this, most of the wpa_supplicant code does not need to know about dbus (etc. mechanisms that could use the notifications). Some empty placeholder functions are also added in preparation of new dbus code that needs more event notifications.
15 years ago
if (bssid_changed)
wpas_notify_bssid_changed(wpa_s);
EAPOL supp: Convert Boolean to C99 bool Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
eapol_sm_notify_portEnabled(wpa_s->eapol, false);
eapol_sm_notify_portValid(wpa_s->eapol, false);
OWE: Define and parse OWE AKM selector This adds a new RSN AKM "OWE". Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
DPP: Add new AKM This new AKM is used with DPP when using the signed Connector to derive a PMK. Since the KCK, KEK, and MIC lengths are variable within a single AKM, this needs number of additional changes to get the PMK length delivered to places that need to figure out the lengths of the PTK components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
Clear external eapSuccess setting in driver-authorized cases The conditions for the eapol_sm_notify_eap_success(FALSE) calls did not cover the case where eapol_sm_notify_eap_success(TRUE) had been called based on offloaded 4-way handshake and driver notification of authorization in wpa_supplicant_event_port_authorized(). This could result in eapSuccess and altSuccess state machine variables being left TRUE when roaming to another BSS and that results in EAP failure if the following roaming case does not get fully authorized through the driver offload. Fix this by clearing eapSuccess/altSuccess when processing a new association (including roaming) event and also when disconnecting from the network. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
wpa_s->key_mgmt == WPA_KEY_MGMT_DPP || wpa_s->drv_authorized_port)
EAPOL supp: Convert Boolean to C99 bool Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
eapol_sm_notify_eap_success(wpa_s->eapol, false);
Clear external eapSuccess setting in driver-authorized cases The conditions for the eapol_sm_notify_eap_success(FALSE) calls did not cover the case where eapol_sm_notify_eap_success(TRUE) had been called based on offloaded 4-way handshake and driver notification of authorization in wpa_supplicant_event_port_authorized(). This could result in eapSuccess and altSuccess state machine variables being left TRUE when roaming to another BSS and that results in EAP failure if the following roaming case does not get fully authorized through the driver offload. Fix this by clearing eapSuccess/altSuccess when processing a new association (including roaming) event and also when disconnecting from the network. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
wpa_s->drv_authorized_port = 0;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_s->ap_ies_from_associnfo = 0;
Clear current_ssid and key_mgmt when disconnected This makes wpa_supplicant state somewhat cleaner since the information from previously used connection is not maintained after getting disconnected. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
wpa_s->current_ssid = NULL;
Clear EAPOL supplicant configuration info on current_ssid changes There were some code paths that allowed obsolete configuration data pointer to be maintained within EAPOL supplicant in case a network was removed while not connection to it (i.e., wpa_s->current_ssid not pointing to the network that was removed). This could result in use of freed memory, e.g., from eap_sm_notify_ctrl_attached() when a new control interface connected prior to the EAPOL supplicant configuration pointer got updated. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
Clear current_ssid and key_mgmt when disconnected This makes wpa_supplicant state somewhat cleaner since the information from previously used connection is not maintained after getting disconnected. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
wpa_s->key_mgmt = 0;
SME: Add RRM support to association request In case the AP we are associating with advertises support for RRM, advertise our own RRM support in the (Re)Association Request frame. This is done by adding an RRM Capabilities IE. The underlying driver is expected to further add a Power Capabilities IE to the request, and set the Radio Measurement flag in the Capability Info field. At this point the RRM Capabilities IE advertises no measurement support. Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
10 years ago
wpas_rrm_reset(wpa_s);
WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used The AP is not expected to send out a WNM-Sleep Mode Response frame without the STA trying to use WNM-Sleep Mode. Drop such unexpected responses to reduce unnecessary processing of the frame. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
wpa_s->wnmsleep_used = 0;
WNM: Collocated Interference Reporting Add support for negotiating WNM Collocated Interference Reporting. This allows hostapd to request associated STAs to report their collocated interference information and wpa_supplicant to process such request and reporting. The actual values (Collocated Interference Report Elements) are out of scope of hostapd and wpa_supplicant, i.e., external components are expected to generated and process these. For hostapd/AP, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration. STAs are requested to perform reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report Timeout>" control interface command. The received reports are indicated as control interface events "COLOC-INTF-REPORT <addr> <dialog token> <hexdump of report elements>". For wpa_supplicant/STA, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration and setting Collocated Interference Report Elements as a hexdump with "SET coloc_intf_elems <hexdump>" control interface command. The hexdump can contain one or more Collocated Interference Report Elements (each including the information element header). For additional testing purposes, received requests are reported with "COLOC-INTF-REQ <dialog token> <automatic report enabled> <report timeout>" control interface events and unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>". This commit adds support for reporting changes in the collocated interference (Automatic Report Enabled == 1 and partial 3), but not for periodic reports (2 and other part of 3). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
wnm_clear_coloc_intf_reporting(wpa_s);
MBO/OCE: Work around misbehaving MBO/OCE APs that use RSN without PMF The MBO and OCE specification require the station to mandate use of PMF when connecting to an MBO/OCE AP that uses WPA2. The earlier implementation prevented such misbehaving APs from being selected for connection completely. This looks like the safest approach to take, but unfortunately, there are deployed APs that are not compliant with the MBO/OCE requirements and this strict interpretation of the station requirements results in interoperability issues by preventing the association completely. Relax the approach by allowing noncompliant MBO/OCE APs to be selected for RSN connection without PMF to avoid the main impact of this interoperability issue. However, disable MBO/OCE functionality when PMF cannot be negotiated to try to be as compliant as practical with the MBO/OCE tech spec requirements (i.e., stop being an MBO/OCE STA for the duration of such workaround association). Also disable support for BTM in this workaround state since MBO would expect all BTM frames to be protected. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
wpa_s->disable_mbo_oce = 0;
Add testing functionality for resetting PN/IPN for configured keys This can be used to test replay protection. The "RESET_PN" command in wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local counters to zero for the last configured key. For hostapd, the address parameter specifies which STA this operation is for or selects GTK ("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK"). This functionality is for testing purposes and included only in builds with CONFIG_TESTING_OPTIONS=y. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
#ifdef CONFIG_TESTING_OPTIONS
wpa_s->last_tk_alg = WPA_ALG_NONE;
os_memset(wpa_s->last_tk, 0, sizeof(wpa_s->last_tk));
#endif /* CONFIG_TESTING_OPTIONS */
wpa_supplicant: Add ieee80211ac information in STATUS This allows user to get current operating mode of station. Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
6 years ago
wpa_s->ieee80211ac = 0;
wpa_supplicant: Add Multi-AP backhaul STA support Advertise vendor specific Multi-AP IE in (Re)Association Request frames and process Multi-AP IE from (Re)Association Response frames if the user enables Multi-AP fuctionality. If the (Re)Association Response frame does not contain the Multi-AP IE, disassociate. This adds a new configuration parameter 'multi_ap_backhaul_sta' to enable/disable Multi-AP functionality. Enable 4-address mode after association (if the Association Response frame contains the Multi-AP IE). Also enable the bridge in that case. This is necessary because wpa_supplicant only enables the bridge in wpa_drv_if_add(), which only gets called when an interface is added through the control interface, not when it is configured from the command line. Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years ago
if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
wpa_s->enabled_4addr_mode = 0;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
static void wpa_find_assoc_pmkid(struct wpa_supplicant *wpa_s)
{
struct wpa_ie_data ie;
int pmksa_set = -1;
size_t i;
Clear current PMKSA cache selection on association/roam It was possible for the RSN state machine to maintain old PMKSA cache selection (sm->cur_pmksa) when roaming to another BSS based on driver-based roaming indication. This could result in mismatching state and unexpected behavior, e.g., with not generating a Suite B PMKSA cache entry. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
/* Start with assumption of no PMKSA cache entry match */
pmksa_cache_clear_current(wpa_s->wpa);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (wpa_sm_parse_own_wpa_ie(wpa_s->wpa, &ie) < 0 ||
ie.pmkid == NULL)
return;
for (i = 0; i < ie.num_pmkid; i++) {
pmksa_set = pmksa_cache_set_current(wpa_s->wpa,
ie.pmkid + i * PMKID_LEN,
SAE: Only allow SAE AKMP for PMKSA caching attempts Explicitly check the PMKSA cache entry to have matching SAE AKMP for the case where determining whether to use PMKSA caching instead of new SAE authentication. Previously, only the network context was checked, but a single network configuration profile could be used with both WPA2-PSK and SAE, so should check the AKMP as well. Signed-off-by: Jouni Malinen <j@w1.fi>
6 years ago
NULL, NULL, 0, NULL, 0);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (pmksa_set == 0) {
Simplify eapol_sm_notify_pmkid_attempt() Drop the unneeded 'attempt' argument. This was originally used for indicating an aborted PMKID caching attempt, but a fix in 2006 removed the only such user and since that time, only attempt == 1 has been used. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
}
}
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "RSN: PMKID from assoc IE %sfound from "
"PMKSA cache", pmksa_set == 0 ? "" : "not ");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
static void wpa_supplicant_event_pmkid_candidate(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
if (data == NULL) {
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "RSN: No data in PMKID candidate "
"event");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
return;
}
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "RSN: PMKID candidate event - bssid=" MACSTR
" index=%d preauth=%d",
MAC2STR(data->pmkid_candidate.bssid),
data->pmkid_candidate.index,
data->pmkid_candidate.preauth);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
pmksa_candidate_add(wpa_s->wpa, data->pmkid_candidate.bssid,
data->pmkid_candidate.index,
data->pmkid_candidate.preauth);
}
static int wpa_supplicant_dynamic_keys(struct wpa_supplicant *wpa_s)
{
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
return 0;
#ifdef IEEE8021X_EAPOL
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
wpa_s->current_ssid &&
!(wpa_s->current_ssid->eapol_flags &
(EAPOL_FLAG_REQUIRE_KEY_UNICAST |
EAPOL_FLAG_REQUIRE_KEY_BROADCAST))) {
/* IEEE 802.1X, but not using dynamic WEP keys (i.e., either
* plaintext or static WEP keys). */
return 0;
}
#endif /* IEEE8021X_EAPOL */
return 1;
}
/**
* wpa_supplicant_scard_init - Initialize SIM/USIM access with PC/SC
* @wpa_s: pointer to wpa_supplicant data
* @ssid: Configuration data for the network
* Returns: 0 on success, -1 on failure
*
* This function is called when starting authentication with a network that is
* configured to use PC/SC for SIM/USIM access (EAP-SIM or EAP-AKA).
*/
int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid)
{
#ifdef IEEE8021X_EAPOL
Comment out scard initialization code if PCSC_FUNCS is not set
13 years ago
#ifdef PCSC_FUNCS
Fix switching from EAP-SIM to EAP-AKA/AKA' Switching EAP method from EAP-SIM to EAP-AKA fails. wpa_cli commands are below. ------------------ sudo wpa_cli add_network sudo wpa_cli set_network 0 ssid '"eap-sim"' sudo wpa_cli set_network 0 key_mgmt WPA-EAP sudo wpa_cli set_network 0 eap SIM sudo wpa_cli set_network 0 pin '"1234"' sudo wpa_cli set_network 0 pcsc '""' sudo wpa_cli select_network 0 sudo wpa_cli disable_network 0 sudo wpa_cli disconnect sudo wpa_cli remove_network 0 sudo wpa_cli add_network sudo wpa_cli set_network 0 ssid '"eap-sim"' sudo wpa_cli set_network 0 key_mgmt WPA-EAP sudo wpa_cli set_network 0 eap AKA sudo wpa_cli set_network 0 pin '"1234"' sudo wpa_cli set_network 0 pcsc '""' sudo wpa_cli select_network 0 ------------------ Then EAP-AKA connection resulted in fail. wpa_supplicant log is below. ------------------ wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 23 (AKA) selected SCARD: Non-USIM card - cannot do UMTS auth EAP-AKA: UMTS authentication failed (AUTN) wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed ------------------ This occurs because on the first EAP-SIM authentication, the SIM/USIM card in the device was recognized as SIM card even if it is USIM card. So this patch changes it to recognize as USIM card even if EAP-SIM authentication was required. I have tested these switching cases. EAP-SIM -> EAP-AKA EAP-SIM -> EAP-AKA' EAP-AKA -> EAP-SIM EAP-AKA -> EAP-AKA' EAP-AKA' -> EAP-SIM EAP-AKA' -> EAP-AKA Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
11 years ago
int aka = 0, sim = 0;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
Interworking: Init scard when a credential requires SIM access When an ANQP fetch is triggered and ANQP_3GPP_CELLULAR_NETWORK info is required, initialize scard to be ready when comparing ANQP and credentials. Signed-off-by: Jean Trivelly <jean.trivelly@intel.com>
10 years ago
if ((ssid != NULL && ssid->eap.pcsc == NULL) ||
wpa_s->scard != NULL || wpa_s->conf->external_sim)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
return 0;
Interworking: Init scard when a credential requires SIM access When an ANQP fetch is triggered and ANQP_3GPP_CELLULAR_NETWORK info is required, initialize scard to be ready when comparing ANQP and credentials. Signed-off-by: Jean Trivelly <jean.trivelly@intel.com>
10 years ago
if (ssid == NULL || ssid->eap.eap_methods == NULL) {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
sim = 1;
aka = 1;
} else {
struct eap_method_type *eap = ssid->eap.eap_methods;
while (eap->vendor != EAP_VENDOR_IETF ||
eap->method != EAP_TYPE_NONE) {
if (eap->vendor == EAP_VENDOR_IETF) {
if (eap->method == EAP_TYPE_SIM)
sim = 1;
Fix SIM/USIM determination to support EAP-AKA' Both EAP-AKA and EAP-AKA' use USIM. Without this change, use of real USIM card for EAP-AKA' was not allowed to proceed, i.e., only the software simulated USIM operations were supported. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1
12 years ago
else if (eap->method == EAP_TYPE_AKA ||
eap->method == EAP_TYPE_AKA_PRIME)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
aka = 1;
}
eap++;
}
}
if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_SIM) == NULL)
sim = 0;
Fix SIM/USIM determination to support EAP-AKA' Both EAP-AKA and EAP-AKA' use USIM. Without this change, use of real USIM card for EAP-AKA' was not allowed to proceed, i.e., only the software simulated USIM operations were supported. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1
12 years ago
if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_AKA) == NULL &&
eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME) ==
NULL)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
aka = 0;
if (!sim && !aka) {
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to "
"use SIM, but neither EAP-SIM nor EAP-AKA are "
"enabled");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
return 0;
}
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to use SIM "
"(sim=%d aka=%d) - initialize PCSC", sim, aka);
Fix switching from EAP-SIM to EAP-AKA/AKA' Switching EAP method from EAP-SIM to EAP-AKA fails. wpa_cli commands are below. ------------------ sudo wpa_cli add_network sudo wpa_cli set_network 0 ssid '"eap-sim"' sudo wpa_cli set_network 0 key_mgmt WPA-EAP sudo wpa_cli set_network 0 eap SIM sudo wpa_cli set_network 0 pin '"1234"' sudo wpa_cli set_network 0 pcsc '""' sudo wpa_cli select_network 0 sudo wpa_cli disable_network 0 sudo wpa_cli disconnect sudo wpa_cli remove_network 0 sudo wpa_cli add_network sudo wpa_cli set_network 0 ssid '"eap-sim"' sudo wpa_cli set_network 0 key_mgmt WPA-EAP sudo wpa_cli set_network 0 eap AKA sudo wpa_cli set_network 0 pin '"1234"' sudo wpa_cli set_network 0 pcsc '""' sudo wpa_cli select_network 0 ------------------ Then EAP-AKA connection resulted in fail. wpa_supplicant log is below. ------------------ wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 23 (AKA) selected SCARD: Non-USIM card - cannot do UMTS auth EAP-AKA: UMTS authentication failed (AUTN) wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed ------------------ This occurs because on the first EAP-SIM authentication, the SIM/USIM card in the device was recognized as SIM card even if it is USIM card. So this patch changes it to recognize as USIM card even if EAP-SIM authentication was required. I have tested these switching cases. EAP-SIM -> EAP-AKA EAP-SIM -> EAP-AKA' EAP-AKA -> EAP-SIM EAP-AKA -> EAP-AKA' EAP-AKA' -> EAP-SIM EAP-AKA' -> EAP-AKA Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
11 years ago
Use pcsc_reader configuration in one for scard_init() call This allows PC/SC reader to be identified with the pcsc_reader configuration parameter. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (wpa_s->scard == NULL) {
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_msg(wpa_s, MSG_WARNING, "Failed to initialize SIM "
"(pcsc-lite)");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
return -1;
}
wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
Comment out scard initialization code if PCSC_FUNCS is not set
13 years ago
#endif /* PCSC_FUNCS */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
#endif /* IEEE8021X_EAPOL */
return 0;
}
#ifndef CONFIG_NO_SCAN_PROCESSING
Change WEP network selection to reject WPA/WPA2 APs Previously, wpa_supplicant behavior in WEP configuration was to try to mimic a device that is not aware of WPA/WPA2 and as such, it tried to connect to a WPA/WPA2 AP with the assumption that the AP could be providing support for both WEP and WPA/WPA2 stations in the same BSS. Such APs could have been used during transition from WEP to more secure options, but that type of deployment have not been used in large number and are not really of much use anymore taken into account that more or less all new devices support WPA/WPA2. That combined with the preference to deprecate WEP justifies removing this use case and making WEP networking matching more strict by using the knowledge of AP advertising WPA/WPA2 as an indication of WEP not being supported. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#ifdef CONFIG_WEP
Change WEP network selection to reject WPA/WPA2 APs Previously, wpa_supplicant behavior in WEP configuration was to try to mimic a device that is not aware of WPA/WPA2 and as such, it tried to connect to a WPA/WPA2 AP with the assumption that the AP could be providing support for both WEP and WPA/WPA2 stations in the same BSS. Such APs could have been used during transition from WEP to more secure options, but that type of deployment have not been used in large number and are not really of much use anymore taken into account that more or less all new devices support WPA/WPA2. That combined with the preference to deprecate WEP justifies removing this use case and making WEP networking matching more strict by using the knowledge of AP advertising WPA/WPA2 as an indication of WEP not being supported. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
static int has_wep_key(struct wpa_ssid *ssid)
{
int i;
for (i = 0; i < NUM_WEP_KEYS; i++) {
if (ssid->wep_key_len[i])
return 1;
}
return 0;
}
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#endif /* CONFIG_WEP */
Change WEP network selection to reject WPA/WPA2 APs Previously, wpa_supplicant behavior in WEP configuration was to try to mimic a device that is not aware of WPA/WPA2 and as such, it tried to connect to a WPA/WPA2 AP with the assumption that the AP could be providing support for both WEP and WPA/WPA2 stations in the same BSS. Such APs could have been used during transition from WEP to more secure options, but that type of deployment have not been used in large number and are not really of much use anymore taken into account that more or less all new devices support WPA/WPA2. That combined with the preference to deprecate WEP justifies removing this use case and making WEP networking matching more strict by using the knowledge of AP advertising WPA/WPA2 as an indication of WEP not being supported. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
Use BSS entries instead of scan results for BSS selection This allows the BSS selection functions to be called without having the scan result data structure. This can be used to skip extra scans in cases where previous results can be considered fresh. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
static int wpa_supplicant_match_privacy(struct wpa_bss *bss,
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
struct wpa_ssid *ssid)
{
Change WEP network selection to reject WPA/WPA2 APs Previously, wpa_supplicant behavior in WEP configuration was to try to mimic a device that is not aware of WPA/WPA2 and as such, it tried to connect to a WPA/WPA2 AP with the assumption that the AP could be providing support for both WEP and WPA/WPA2 stations in the same BSS. Such APs could have been used during transition from WEP to more secure options, but that type of deployment have not been used in large number and are not really of much use anymore taken into account that more or less all new devices support WPA/WPA2. That combined with the preference to deprecate WEP justifies removing this use case and making WEP networking matching more strict by using the knowledge of AP advertising WPA/WPA2 as an indication of WEP not being supported. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
int privacy = 0;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (ssid->mixed_cell)
return 1;
WPS: support registration with APs in WEP security mode Attached patch fixes the issue when supplicant does not select APs in WEP security mode for WPS registration.
15 years ago
#ifdef CONFIG_WPS
if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
return 1;
#endif /* CONFIG_WPS */
OWE: Allow station in transition mode to connect to an open BSS If the OWE network profile matches an open network which does not advertise OWE BSS, allow open connection. The new owe_only=1 network profile parameter can be used to disable this transition mode and enforce connection only with OWE networks. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
#ifdef CONFIG_OWE
if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) && !ssid->owe_only)
return 1;
#endif /* CONFIG_OWE */
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#ifdef CONFIG_WEP
Change WEP network selection to reject WPA/WPA2 APs Previously, wpa_supplicant behavior in WEP configuration was to try to mimic a device that is not aware of WPA/WPA2 and as such, it tried to connect to a WPA/WPA2 AP with the assumption that the AP could be providing support for both WEP and WPA/WPA2 stations in the same BSS. Such APs could have been used during transition from WEP to more secure options, but that type of deployment have not been used in large number and are not really of much use anymore taken into account that more or less all new devices support WPA/WPA2. That combined with the preference to deprecate WEP justifies removing this use case and making WEP networking matching more strict by using the knowledge of AP advertising WPA/WPA2 as an indication of WEP not being supported. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (has_wep_key(ssid))
privacy = 1;
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#endif /* CONFIG_WEP */
Change WEP network selection to reject WPA/WPA2 APs Previously, wpa_supplicant behavior in WEP configuration was to try to mimic a device that is not aware of WPA/WPA2 and as such, it tried to connect to a WPA/WPA2 AP with the assumption that the AP could be providing support for both WEP and WPA/WPA2 stations in the same BSS. Such APs could have been used during transition from WEP to more secure options, but that type of deployment have not been used in large number and are not really of much use anymore taken into account that more or less all new devices support WPA/WPA2. That combined with the preference to deprecate WEP justifies removing this use case and making WEP networking matching more strict by using the knowledge of AP advertising WPA/WPA2 as an indication of WEP not being supported. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
#ifdef IEEE8021X_EAPOL
if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
ssid->eapol_flags & (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
EAPOL_FLAG_REQUIRE_KEY_BROADCAST))
privacy = 1;
#endif /* IEEE8021X_EAPOL */
Fix AP selection to check privacy mismatch and IBSS with WPA/RSN IE These checks were previously skipped if the scan result included WPA or RSN IE. However, that can result in selecting a network that does not match local configuration in some cases.
13 years ago
if (wpa_key_mgmt_wpa(ssid->key_mgmt))
privacy = 1;
HS 2.0R2: Add OSEN client implementation Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)
privacy = 1;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (bss->caps & IEEE80211_CAP_PRIVACY)
return privacy;
return !privacy;
}
Allow WPS APs for PIN enrollment even without Selected Registrar Some WPS APs do not set Selected Registrar attribute to 1 properly when using an external Registrar. Allow such an AP to be selected for PIN registration after couple of scan runs that do not find APs marked with Selected Registrar = 1. This allows wpa_supplicant to iterate through all APs that advertise WPS support without delaying connection with implementations that set Selected Registrar = 1 properly.
16 years ago
static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid,
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
struct wpa_bss *bss, int debug_print)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
{
struct wpa_ie_data ie;
int proto_match = 0;
const u8 *rsn_ie, *wpa_ie;
WPS: Added support for fragmented WPS IE in Beacon and Probe Response Fragment WPS IE if needed to fit into the IE length limits in hostapd and Reassemble WPS IE data from multiple IEs in wpa_supplicant. In addition, moved WPS code from events.c into wps_supplicant.c to clean up module interfaces.
16 years ago
int ret;
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#ifdef CONFIG_WEP
Allow TSN AP to be selected when configured for WEP Commit d8d940b7469e505aec4d71a02d3f7ebab412eeae introduced a regression that prevented TSN APs from being used with WEP since the AP was rejected if it advertised WPA or RSN IE when we were configured to use WEP. Resolve this by checking whether the AP is advertising a TSN, i.e., whether the AP allows WEP to be used as a group cipher. If so, allow the AP to be selected if we are configured to use static WEP or IEEE 802.1X (non-WPA). It should be noted that this is still somewhat more restricted in AP selection than earlier wpa_supplicant branches (0.7.x or older) that ignore the WPA/RSN IE completely when configured for non-WPA.
14 years ago
int wep_ok;
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#endif /* CONFIG_WEP */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
Allow WPS APs for PIN enrollment even without Selected Registrar Some WPS APs do not set Selected Registrar attribute to 1 properly when using an external Registrar. Allow such an AP to be selected for PIN registration after couple of scan runs that do not find APs marked with Selected Registrar = 1. This allows wpa_supplicant to iterate through all APs that advertise WPS support without delaying connection with implementations that set Selected Registrar = 1 properly.
16 years ago
ret = wpas_wps_ssid_bss_match(wpa_s, ssid, bss);
WPS: Added support for fragmented WPS IE in Beacon and Probe Response Fragment WPS IE if needed to fit into the IE length limits in hostapd and Reassemble WPS IE data from multiple IEs in wpa_supplicant. In addition, moved WPS code from events.c into wps_supplicant.c to clean up module interfaces.
16 years ago
if (ret >= 0)
return ret;
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
16 years ago
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#ifdef CONFIG_WEP
Allow TSN AP to be selected when configured for WEP Commit d8d940b7469e505aec4d71a02d3f7ebab412eeae introduced a regression that prevented TSN APs from being used with WEP since the AP was rejected if it advertised WPA or RSN IE when we were configured to use WEP. Resolve this by checking whether the AP is advertising a TSN, i.e., whether the AP allows WEP to be used as a group cipher. If so, allow the AP to be selected if we are configured to use static WEP or IEEE 802.1X (non-WPA). It should be noted that this is still somewhat more restricted in AP selection than earlier wpa_supplicant branches (0.7.x or older) that ignore the WPA/RSN IE completely when configured for non-WPA.
14 years ago
/* Allow TSN if local configuration accepts WEP use without WPA/WPA2 */
wep_ok = !wpa_key_mgmt_wpa(ssid->key_mgmt) &&
(((ssid->key_mgmt & WPA_KEY_MGMT_NONE) &&
ssid->wep_key_len[ssid->wep_tx_keyidx] > 0) ||
(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA));
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#endif /* CONFIG_WEP */
Allow TSN AP to be selected when configured for WEP Commit d8d940b7469e505aec4d71a02d3f7ebab412eeae introduced a regression that prevented TSN APs from being used with WEP since the AP was rejected if it advertised WPA or RSN IE when we were configured to use WEP. Resolve this by checking whether the AP is advertising a TSN, i.e., whether the AP allows WEP to be used as a group cipher. If so, allow the AP to be selected if we are configured to use static WEP or IEEE 802.1X (non-WPA). It should be noted that this is still somewhat more restricted in AP selection than earlier wpa_supplicant branches (0.7.x or older) that ignore the WPA/RSN IE completely when configured for non-WPA.
14 years ago
Use BSS entries instead of scan results for BSS selection This allows the BSS selection functions to be called without having the scan result data structure. This can be used to skip extra scans in cases where previous results can be considered fresh. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
rsn_ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
HS 2.0: Allow OSEN connection to be used in an RSN BSS This allows a single BSS/SSID to be used for both data connection and OSU. In wpa_supplicant configuration, the current proto=OSEN key_mgmt=OSEN combination is now allowing both the old separate OSEN BSS/IE and the new RSN-OSEN to be used. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
while ((ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)) && rsn_ie) {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
proto_match++;
if (wpa_parse_wpa_ie(rsn_ie, 2 + rsn_ie[1], &ie)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip RSN IE - parse failed");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
}
Fix cipher suite selector default value in RSNE for DMG According to IEEE Std 802.11-2016, 9.4.2.25 when fields of an RSNE are not included, the default values are used. The cipher suite defaults were hardcoded to CCMP in the previous implementation, but the default is actually different for DMG: GCMP (per 9.4.2.25.2). It is not possible to find out from the RSNE if the network is non-DMG or DMG, so callers of wpa_parse_wpa_ie_rsn() need to handle this case based on context, which can be different for each caller. In order to fix this issue, add flags to the wpa_ie_data indicating whether pairwise/group ciphers were included in the RSNE. Callers can check these flags and fill in the appropriate ciphers. The wpa_parse_wpa_ie_rsn() function still initializes the ciphers to CCMP by default so existing callers will not break. This change also fixes some callers which need to handle the DMG network case. Signed-off-by: Lior David <liord@codeaurora.org>
5 years ago
if (!ie.has_pairwise)
ie.pairwise_cipher = wpa_default_rsn_cipher(bss->freq);
if (!ie.has_group)
ie.group_cipher = wpa_default_rsn_cipher(bss->freq);
Allow TSN AP to be selected when configured for WEP Commit d8d940b7469e505aec4d71a02d3f7ebab412eeae introduced a regression that prevented TSN APs from being used with WEP since the AP was rejected if it advertised WPA or RSN IE when we were configured to use WEP. Resolve this by checking whether the AP is advertising a TSN, i.e., whether the AP allows WEP to be used as a group cipher. If so, allow the AP to be selected if we are configured to use static WEP or IEEE 802.1X (non-WPA). It should be noted that this is still somewhat more restricted in AP selection than earlier wpa_supplicant branches (0.7.x or older) that ignore the WPA/RSN IE completely when configured for non-WPA.
14 years ago
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#ifdef CONFIG_WEP
Allow TSN AP to be selected when configured for WEP Commit d8d940b7469e505aec4d71a02d3f7ebab412eeae introduced a regression that prevented TSN APs from being used with WEP since the AP was rejected if it advertised WPA or RSN IE when we were configured to use WEP. Resolve this by checking whether the AP is advertising a TSN, i.e., whether the AP allows WEP to be used as a group cipher. If so, allow the AP to be selected if we are configured to use static WEP or IEEE 802.1X (non-WPA). It should be noted that this is still somewhat more restricted in AP selection than earlier wpa_supplicant branches (0.7.x or older) that ignore the WPA/RSN IE completely when configured for non-WPA.
14 years ago
if (wep_ok &&
(ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)))
{
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" selected based on TSN in RSN IE");
Allow TSN AP to be selected when configured for WEP Commit d8d940b7469e505aec4d71a02d3f7ebab412eeae introduced a regression that prevented TSN APs from being used with WEP since the AP was rejected if it advertised WPA or RSN IE when we were configured to use WEP. Resolve this by checking whether the AP is advertising a TSN, i.e., whether the AP allows WEP to be used as a group cipher. If so, allow the AP to be selected if we are configured to use static WEP or IEEE 802.1X (non-WPA). It should be noted that this is still somewhat more restricted in AP selection than earlier wpa_supplicant branches (0.7.x or older) that ignore the WPA/RSN IE completely when configured for non-WPA.
14 years ago
return 1;
}
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#endif /* CONFIG_WEP */
Allow TSN AP to be selected when configured for WEP Commit d8d940b7469e505aec4d71a02d3f7ebab412eeae introduced a regression that prevented TSN APs from being used with WEP since the AP was rejected if it advertised WPA or RSN IE when we were configured to use WEP. Resolve this by checking whether the AP is advertising a TSN, i.e., whether the AP allows WEP to be used as a group cipher. If so, allow the AP to be selected if we are configured to use static WEP or IEEE 802.1X (non-WPA). It should be noted that this is still somewhat more restricted in AP selection than earlier wpa_supplicant branches (0.7.x or older) that ignore the WPA/RSN IE completely when configured for non-WPA.
14 years ago
HS 2.0: Allow OSEN connection to be used in an RSN BSS This allows a single BSS/SSID to be used for both data connection and OSU. In wpa_supplicant configuration, the current proto=OSEN key_mgmt=OSEN combination is now allowing both the old separate OSEN BSS/IE and the new RSN-OSEN to be used. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
if (!(ie.proto & ssid->proto) &&
!(ssid->proto & WPA_PROTO_OSEN)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip RSN IE - proto mismatch");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
}
if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip RSN IE - PTK cipher mismatch");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
}
if (!(ie.group_cipher & ssid->group_cipher)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip RSN IE - GTK cipher mismatch");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
}
Add group_mgmt network parameter for PMF cipher selection The new wpa_supplicant network parameter group_mgmt can be used to specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128, BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not specified, the current behavior is maintained (i.e., follow what the AP advertises). The parameter can list multiple space separate ciphers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
if (ssid->group_mgmt_cipher &&
!(ie.mgmt_group_cipher & ssid->group_mgmt_cipher)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip RSN IE - group mgmt cipher mismatch");
break;
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (!(ie.key_mgmt & ssid->key_mgmt)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip RSN IE - key mgmt mismatch");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
}
Updated MFP defines based on IEEE 802.11w/D6.0 and use new MFPC/MFPR This adds most of the new frame format and identifier definitions from IEEE 802.11w/D6.0. In addition, the RSN IE capability field values for MFP is replaced with the new two-bit version with MFPC (capable) and MFPR (required) processing.
16 years ago
if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
Ignore pmf=1 default if driver does not support PMF Connection with a PMF enabled AP will fail if we try to negotiate PMF while the local driver does not support this. Since pmf=1 does not require PMF for a successful connection, it can be ignored in such a case to avoid connectivity issues with invalid configuration. This makes it somewhat easier to allow upper layer programs to use pmf=1 default regardless of driver capabilities. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
wpas_get_ssid_pmf(wpa_s, ssid) ==
Allow PMF to be enabled by default Previously, PMF (protected management frames, IEEE 802.11w) could be enabled only with a per-network parameter (ieee80211w). The new global parameter (pmf) can now be used to change the default behavior to be PMF enabled (pmf=1) or required (pmf=2) for network blocks that do not override this with the ieee80211w parameter. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
MGMT_FRAME_PROTECTION_REQUIRED) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip RSN IE - no mgmt frame protection");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
}
RSN: Do not try to connect if PMF disabled and AP requires it Instead of trying to associate in configuration that is known to result in the AP rejecting the association, reject the BSS candidate based on the MFPR=1 RSN capability when STA configuration has PMF disabled. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
if ((ie.capabilities & WPA_CAPABILITY_MFPR) &&
wpas_get_ssid_pmf(wpa_s, ssid) ==
NO_MGMT_FRAME_PROTECTION) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip RSN IE - no mgmt frame protection enabled but AP requires it");
RSN: Do not try to connect if PMF disabled and AP requires it Instead of trying to associate in configuration that is known to result in the AP rejecting the association, reject the BSS candidate based on the MFPR=1 RSN capability when STA configuration has PMF disabled. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
break;
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" selected based on RSN IE");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
return 1;
}
OWE: Allow station in transition mode to connect to an open BSS If the OWE network profile matches an open network which does not advertise OWE BSS, allow open connection. The new owe_only=1 network profile parameter can be used to disable this transition mode and enforce connection only with OWE networks. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
if (wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED &&
(!(ssid->key_mgmt & WPA_KEY_MGMT_OWE) || ssid->owe_only)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - MFP Required but network not MFP Capable");
Skip connection attempt for non-RSN networks if PMF is set to required Since ieee80211w=2 is an explicit configuration to wpa_supplicant, the connection attempt for such non-PMF (non-RSN) capable networks should be skipped. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
return 0;
}
Use BSS entries instead of scan results for BSS selection This allows the BSS selection functions to be called without having the scan result data structure. This can be used to skip extra scans in cases where previous results can be considered fresh. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
wpa_ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
while ((ssid->proto & WPA_PROTO_WPA) && wpa_ie) {
proto_match++;
if (wpa_parse_wpa_ie(wpa_ie, 2 + wpa_ie[1], &ie)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip WPA IE - parse failed");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
}
Allow TSN AP to be selected when configured for WEP Commit d8d940b7469e505aec4d71a02d3f7ebab412eeae introduced a regression that prevented TSN APs from being used with WEP since the AP was rejected if it advertised WPA or RSN IE when we were configured to use WEP. Resolve this by checking whether the AP is advertising a TSN, i.e., whether the AP allows WEP to be used as a group cipher. If so, allow the AP to be selected if we are configured to use static WEP or IEEE 802.1X (non-WPA). It should be noted that this is still somewhat more restricted in AP selection than earlier wpa_supplicant branches (0.7.x or older) that ignore the WPA/RSN IE completely when configured for non-WPA.
14 years ago
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#ifdef CONFIG_WEP
Allow TSN AP to be selected when configured for WEP Commit d8d940b7469e505aec4d71a02d3f7ebab412eeae introduced a regression that prevented TSN APs from being used with WEP since the AP was rejected if it advertised WPA or RSN IE when we were configured to use WEP. Resolve this by checking whether the AP is advertising a TSN, i.e., whether the AP allows WEP to be used as a group cipher. If so, allow the AP to be selected if we are configured to use static WEP or IEEE 802.1X (non-WPA). It should be noted that this is still somewhat more restricted in AP selection than earlier wpa_supplicant branches (0.7.x or older) that ignore the WPA/RSN IE completely when configured for non-WPA.
14 years ago
if (wep_ok &&
(ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)))
{
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" selected based on TSN in WPA IE");
Allow TSN AP to be selected when configured for WEP Commit d8d940b7469e505aec4d71a02d3f7ebab412eeae introduced a regression that prevented TSN APs from being used with WEP since the AP was rejected if it advertised WPA or RSN IE when we were configured to use WEP. Resolve this by checking whether the AP is advertising a TSN, i.e., whether the AP allows WEP to be used as a group cipher. If so, allow the AP to be selected if we are configured to use static WEP or IEEE 802.1X (non-WPA). It should be noted that this is still somewhat more restricted in AP selection than earlier wpa_supplicant branches (0.7.x or older) that ignore the WPA/RSN IE completely when configured for non-WPA.
14 years ago
return 1;
}
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#endif /* CONFIG_WEP */
Allow TSN AP to be selected when configured for WEP Commit d8d940b7469e505aec4d71a02d3f7ebab412eeae introduced a regression that prevented TSN APs from being used with WEP since the AP was rejected if it advertised WPA or RSN IE when we were configured to use WEP. Resolve this by checking whether the AP is advertising a TSN, i.e., whether the AP allows WEP to be used as a group cipher. If so, allow the AP to be selected if we are configured to use static WEP or IEEE 802.1X (non-WPA). It should be noted that this is still somewhat more restricted in AP selection than earlier wpa_supplicant branches (0.7.x or older) that ignore the WPA/RSN IE completely when configured for non-WPA.
14 years ago
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (!(ie.proto & ssid->proto)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip WPA IE - proto mismatch");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
}
if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip WPA IE - PTK cipher mismatch");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
}
if (!(ie.group_cipher & ssid->group_cipher)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip WPA IE - GTK cipher mismatch");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
}
if (!(ie.key_mgmt & ssid->key_mgmt)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip WPA IE - key mgmt mismatch");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
}
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" selected based on WPA IE");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
return 1;
}
Allow non-WPA IEEE 802.1X to be select even if WPA is also enabled If key_mgmt was set to allow both WPA and non-WPA IEEE 802.1X (i.e., to IEEE8021X WPA-EAP), non-WPA IEEE 802.1X was rejected while preparing association parameters. Allow this special case to be handled by selecting non-WPA case if the scan results for the AP do not include either WPA or RSN elements. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && !wpa_ie &&
!rsn_ie) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" allow for non-WPA IEEE 802.1X");
Allow non-WPA IEEE 802.1X to be select even if WPA is also enabled If key_mgmt was set to allow both WPA and non-WPA IEEE 802.1X (i.e., to IEEE8021X WPA-EAP), non-WPA IEEE 802.1X was rejected while preparing association parameters. Allow this special case to be handled by selecting non-WPA case if the scan results for the AP do not include either WPA or RSN elements. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
return 1;
}
OWE: Allow station in transition mode to connect to an open BSS If the OWE network profile matches an open network which does not advertise OWE BSS, allow open connection. The new owe_only=1 network profile parameter can be used to disable this transition mode and enforce connection only with OWE networks. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
#ifdef CONFIG_OWE
if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) && !ssid->owe_only &&
!wpa_ie && !rsn_ie) {
OWE: Attempt more scans for OWE transition SSID if expected BSS not seen This commit introduces a threshold for OWE transition BSS selection, which signifies the maximum number of selection attempts (scans) done for finding OWE BSS. This aims to do more scan attempts for OWE BSS and eventually select the open BSS if the selection/scan attempts for OWE BSS exceed the configured threshold. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
if (wpa_s->owe_transition_select &&
wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE) &&
ssid->owe_transition_bss_select_count + 1 <=
MAX_OWE_TRANSITION_BSS_SELECT_COUNT) {
ssid->owe_transition_bss_select_count++;
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip OWE transition BSS (selection count %d does not exceed %d)",
ssid->owe_transition_bss_select_count,
MAX_OWE_TRANSITION_BSS_SELECT_COUNT);
OWE: Use shorter scan interval during transition mode search Start scans more quickly if an open BSS advertising OWE transition mode is found, but the matching OWE BSS has not yet been seen. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
wpa_s->owe_transition_search = 1;
OWE: Attempt more scans for OWE transition SSID if expected BSS not seen This commit introduces a threshold for OWE transition BSS selection, which signifies the maximum number of selection attempts (scans) done for finding OWE BSS. This aims to do more scan attempts for OWE BSS and eventually select the open BSS if the selection/scan attempts for OWE BSS exceed the configured threshold. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
return 0;
}
OWE: Allow station in transition mode to connect to an open BSS If the OWE network profile matches an open network which does not advertise OWE BSS, allow open connection. The new owe_only=1 network profile parameter can be used to disable this transition mode and enforce connection only with OWE networks. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" allow in OWE transition mode");
return 1;
}
#endif /* CONFIG_OWE */
WPS: Require PBC match with wps_pbc that specifies BSSID The WPS mode was already verified when the AP was configured for WPA/WPA2, but this was not done with AP that was in open mode. Fix this by allowing wpa_supplicant_ssid_bss_match() to be called in non-WPA configuration, too. With this change, wps_pbc BSSID command will wait until the specified target AP is in active PBC mode before trying to connect to it.
14 years ago
if ((ssid->proto & (WPA_PROTO_WPA | WPA_PROTO_RSN)) &&
Fix wpa_supplicant_ssid_bss_match() handler for non-WPA The proto configuration may be left to non-zero when moving from one configuration to another. To avoid misidentifying a network configuration as enabling WPA, check key_mgmt field, too.
14 years ago
wpa_key_mgmt_wpa(ssid->key_mgmt) && proto_match == 0) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - no WPA/RSN proto match");
WPS: Require PBC match with wps_pbc that specifies BSSID The WPS mode was already verified when the AP was configured for WPA/WPA2, but this was not done with AP that was in open mode. Fix this by allowing wpa_supplicant_ssid_bss_match() to be called in non-WPA configuration, too. With this change, wps_pbc BSSID command will wait until the specified target AP is in active PBC mode before trying to connect to it.
14 years ago
return 0;
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
HS 2.0R2: Add OSEN client implementation Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if ((ssid->key_mgmt & WPA_KEY_MGMT_OSEN) &&
wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG, " allow in OSEN");
HS 2.0R2: Add OSEN client implementation Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
return 1;
}
Fix WPA/WPA2 AP rejection on parameter mismatch If WPA/WPA2 was enabled in the configuration, the non-WPA exception could allow an incorrect AP to be selected from scan results. Do not use the exception if WPA/WPA2 is enabled in configuration.
13 years ago
if (!wpa_key_mgmt_wpa(ssid->key_mgmt)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG, " allow in non-WPA/WPA2");
Fix WPA/WPA2 AP rejection on parameter mismatch If WPA/WPA2 was enabled in the configuration, the non-WPA exception could allow an incorrect AP to be selected from scan results. Do not use the exception if WPA/WPA2 is enabled in configuration.
13 years ago
return 1;
}
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" reject due to mismatch with WPA/WPA2");
Fix WPA/WPA2 AP rejection on parameter mismatch If WPA/WPA2 was enabled in the configuration, the non-WPA exception could allow an incorrect AP to be selected from scan results. Do not use the exception if WPA/WPA2 is enabled in configuration.
13 years ago
return 0;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
Add freq_list network configuration parameter This can be used to limit which frequencies are considered when selecting a BSS. This is somewhat similar to scan_freq, but will also affect any scan results regardless of which program triggered the scan.
14 years ago
static int freq_allowed(int *freqs, int freq)
{
int i;
if (freqs == NULL)
return 1;
for (i = 0; freqs[i]; i++)
if (freqs[i] == freq)
return 1;
return 0;
}
SAE H2E: Check H2E-only BSS membership selector only if SAE is enabled This BSS membership selector has impact only for SAE functionality, so ignore it when configured not to use SAE. This allows WPA-PSK connection to and AP that advertises WPA-PSK and SAE while requiring H2E for SAE. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
static int rate_match(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
struct wpa_bss *bss, int debug_print)
wpa_supplicant: Check rate sets before joining BSS IEEE Std 802.11-2007 7.3.2.2 demands that in order to join a BSS all required basic rates have to be supported by the hardware. Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
13 years ago
{
const struct hostapd_hw_modes *mode = NULL, *modes;
const u8 scan_ie[2] = { WLAN_EID_SUPP_RATES, WLAN_EID_EXT_SUPP_RATES };
const u8 *rate_ie;
int i, j, k;
Skip rate set matching if BSS frequency is not known At least with driver_test.c, the BSS table may not include frequency information. In such a case, we need to skip rate set matching during BSS selection to avoid rejecting valid AP. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
if (bss->freq == 0)
return 1; /* Cannot do matching without knowing band */
wpa_supplicant: Check rate sets before joining BSS IEEE Std 802.11-2007 7.3.2.2 demands that in order to join a BSS all required basic rates have to be supported by the hardware. Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
13 years ago
modes = wpa_s->hw.modes;
if (modes == NULL) {
/*
* The driver does not provide any additional information
* about the utilized hardware, so allow the connection attempt
* to continue.
*/
return 1;
}
for (i = 0; i < wpa_s->hw.num_modes; i++) {
for (j = 0; j < modes[i].num_channels; j++) {
int freq = modes[i].channels[j].freq;
if (freq == bss->freq) {
if (mode &&
mode->mode == HOSTAPD_MODE_IEEE80211G)
break; /* do not allow 802.11b replace
* 802.11g */
mode = &modes[i];
break;
}
}
}
if (mode == NULL)
return 0;
for (i = 0; i < (int) sizeof(scan_ie); i++) {
Use BSS entries instead of scan results for BSS selection This allows the BSS selection functions to be called without having the scan result data structure. This can be used to skip extra scans in cases where previous results can be considered fresh. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
rate_ie = wpa_bss_get_ie(bss, scan_ie[i]);
wpa_supplicant: Check rate sets before joining BSS IEEE Std 802.11-2007 7.3.2.2 demands that in order to join a BSS all required basic rates have to be supported by the hardware. Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
13 years ago
if (rate_ie == NULL)
continue;
for (j = 2; j < rate_ie[1] + 2; j++) {
int flagged = !!(rate_ie[j] & 0x80);
int r = (rate_ie[j] & 0x7f) * 5;
/*
* IEEE Std 802.11n-2009 7.3.2.2:
* The new BSS Membership selector value is encoded
* like a legacy basic rate, but it is not a rate and
* only indicates if the BSS members are required to
* support the mandatory features of Clause 20 [HT PHY]
* in order to join the BSS.
*/
if (flagged && ((rate_ie[j] & 0x7f) ==
BSS_MEMBERSHIP_SELECTOR_HT_PHY)) {
if (!ht_supported(mode)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" hardware does not support HT PHY");
wpa_supplicant: Check rate sets before joining BSS IEEE Std 802.11-2007 7.3.2.2 demands that in order to join a BSS all required basic rates have to be supported by the hardware. Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
13 years ago
return 0;
}
continue;
}
wpa_supplicant: Add support for VHT BSS membership selector This allows wpa_supplicant to associate to an AP that has VHT BSS membership selector set to indicate VHT support is required for the BSS. Without the patch it was impossible to connect to, e.g., hostapd-based AP that has require_vht=1. wpa_supplicant was complaining with: hardware does not support required rate 63.0 Mbps Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
11 years ago
/* There's also a VHT selector for 802.11ac */
if (flagged && ((rate_ie[j] & 0x7f) ==
BSS_MEMBERSHIP_SELECTOR_VHT_PHY)) {
if (!vht_supported(mode)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" hardware does not support VHT PHY");
wpa_supplicant: Add support for VHT BSS membership selector This allows wpa_supplicant to associate to an AP that has VHT BSS membership selector set to indicate VHT support is required for the BSS. Without the patch it was impossible to connect to, e.g., hostapd-based AP that has require_vht=1. wpa_supplicant was complaining with: hardware does not support required rate 63.0 Mbps Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
11 years ago
return 0;
}
continue;
}
SAE: Handle BSS membership selector indication for H2E-only in STA mode Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
#ifdef CONFIG_SAE
if (flagged && ((rate_ie[j] & 0x7f) ==
BSS_MEMBERSHIP_SELECTOR_SAE_H2E_ONLY)) {
SAE H2E: Check H2E-only BSS membership selector only if SAE is enabled This BSS membership selector has impact only for SAE functionality, so ignore it when configured not to use SAE. This allows WPA-PSK connection to and AP that advertises WPA-PSK and SAE while requiring H2E for SAE. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
if (wpa_s->conf->sae_pwe == 0 &&
SAE: Use H2E whenever Password Identifier is used IEEE P802.11-REVmd was modified to require H2E to be used whenever Password Identifier is used with SAE. See this document for more details of the approved changes: https://mentor.ieee.org/802.11/dcn/19/11-19-2154-02-000m-sae-anti-clogging-token.docx Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
!ssid->sae_password_id &&
SAE H2E: Check H2E-only BSS membership selector only if SAE is enabled This BSS membership selector has impact only for SAE functionality, so ignore it when configured not to use SAE. This allows WPA-PSK connection to and AP that advertises WPA-PSK and SAE while requiring H2E for SAE. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
wpa_key_mgmt_sae(ssid->key_mgmt)) {
SAE: Handle BSS membership selector indication for H2E-only in STA mode Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" SAE H2E disabled");
SAE: Testing option to ignore H2E requirement mismatch "SET ignore_sae_h2e_only 1" can now be used to configurate wpa_supplicant to a test mode where it ignores AP's H2E-required advertisement and try to connect with hunt-and-pecking loop instead. This is used only for testing AP behavior with unexpected STA behavior. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
#ifdef CONFIG_TESTING_OPTIONS
if (wpa_s->ignore_sae_h2e_only) {
wpa_dbg(wpa_s, MSG_DEBUG,
"TESTING: Ignore SAE H2E requirement mismatch");
continue;
}
#endif /* CONFIG_TESTING_OPTIONS */
SAE: Handle BSS membership selector indication for H2E-only in STA mode Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
return 0;
}
continue;
}
#endif /* CONFIG_SAE */
wpa_supplicant: Check rate sets before joining BSS IEEE Std 802.11-2007 7.3.2.2 demands that in order to join a BSS all required basic rates have to be supported by the hardware. Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
13 years ago
if (!flagged)
continue;
/* check for legacy basic rates */
for (k = 0; k < mode->num_rates; k++) {
if (mode->rates[k] == r)
break;
}
if (k == mode->num_rates) {
/*
* IEEE Std 802.11-2007 7.3.2.2 demands that in
* order to join a BSS all required rates
* have to be supported by the hardware.
*/
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" hardware does not support required rate %d.%d Mbps (freq=%d mode==%d num_rates=%d)",
r / 10, r % 10,
bss->freq, mode->mode, mode->num_rates);
wpa_supplicant: Check rate sets before joining BSS IEEE Std 802.11-2007 7.3.2.2 demands that in order to join a BSS all required basic rates have to be supported by the hardware. Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
13 years ago
return 0;
}
}
}
return 1;
}
Capability matching for 60 GHz band On the DMG (60 GHz) band, capability bits defined differently from non-DMG ones. Adjust capability matching to cover both cases. Also, for non-DMG bands, check ESS bit is set. Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
11 years ago
/*
* Test whether BSS is in an ESS.
* This is done differently in DMG (60 GHz) and non-DMG bands
*/
static int bss_is_ess(struct wpa_bss *bss)
{
if (bss_is_dmg(bss)) {
return (bss->caps & IEEE80211_CAP_DMG_MASK) ==
IEEE80211_CAP_DMG_AP;
}
return ((bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
IEEE80211_CAP_ESS);
}
Add address masks to BSSID lists In many applications it is useful not just to enumerate a group of well known access points, but to use a address/mask notation to match an entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00). This change expands the data structures used by MAC lists to include a mask indicating the significant (non-masked) portions of an address and extends the list parser to recognize mask suffixes. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
9 years ago
static int match_mac_mask(const u8 *addr_a, const u8 *addr_b, const u8 *mask)
{
size_t i;
for (i = 0; i < ETH_ALEN; i++) {
if ((addr_a[i] & mask[i]) != (addr_b[i] & mask[i]))
return 0;
}
return 1;
}
Add network specific BSSID black and white lists This change adds the configuration options "bssid_whitelist" and "bssid_blacklist" used to limit the AP selection of a network to a specified (finite) set or discard certain APs. This can be useful for environments where multiple networks operate using the same SSID and roaming between those is not desired. It is also useful to ignore a faulty or otherwise unwanted AP. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
9 years ago
static int addr_in_list(const u8 *addr, const u8 *list, size_t num)
{
size_t i;
for (i = 0; i < num; i++) {
Add address masks to BSSID lists In many applications it is useful not just to enumerate a group of well known access points, but to use a address/mask notation to match an entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00). This change expands the data structures used by MAC lists to include a mask indicating the significant (non-masked) portions of an address and extends the list parser to recognize mask suffixes. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
9 years ago
const u8 *a = list + i * ETH_ALEN * 2;
const u8 *m = a + ETH_ALEN;
Add network specific BSSID black and white lists This change adds the configuration options "bssid_whitelist" and "bssid_blacklist" used to limit the AP selection of a network to a specified (finite) set or discard certain APs. This can be useful for environments where multiple networks operate using the same SSID and roaming between those is not desired. It is also useful to ignore a faulty or otherwise unwanted AP. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
9 years ago
Add address masks to BSSID lists In many applications it is useful not just to enumerate a group of well known access points, but to use a address/mask notation to match an entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00). This change expands the data structures used by MAC lists to include a mask indicating the significant (non-masked) portions of an address and extends the list parser to recognize mask suffixes. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
9 years ago
if (match_mac_mask(a, addr, m))
Add network specific BSSID black and white lists This change adds the configuration options "bssid_whitelist" and "bssid_blacklist" used to limit the AP selection of a network to a specified (finite) set or discard certain APs. This can be useful for environments where multiple networks operate using the same SSID and roaming between those is not desired. It is also useful to ignore a faulty or otherwise unwanted AP. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
9 years ago
return 1;
}
return 0;
}
OWE: Transition mode support on station side Add support for using the OWE Transition Mode element to determine the hidden SSID for an OWE BSS that is used in transition mode. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
static void owe_trans_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
const u8 **ret_ssid, size_t *ret_ssid_len)
{
#ifdef CONFIG_OWE
const u8 *owe, *pos, *end, *bssid;
u8 ssid_len;
struct wpa_bss *open_bss;
owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
if (!owe || !wpa_bss_get_ie(bss, WLAN_EID_RSN))
return;
pos = owe + 6;
end = owe + 2 + owe[1];
if (end - pos < ETH_ALEN + 1)
return;
bssid = pos;
pos += ETH_ALEN;
ssid_len = *pos++;
if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN)
return;
/* Match the profile SSID against the OWE transition mode SSID on the
* open network. */
wpa_dbg(wpa_s, MSG_DEBUG, "OWE: transition mode BSSID: " MACSTR
" SSID: %s", MAC2STR(bssid), wpa_ssid_txt(pos, ssid_len));
*ret_ssid = pos;
*ret_ssid_len = ssid_len;
OWE: Mark BSS for transition mode based on active OWE network profiles It is possible for the hidden OWE BSS to be found based on SSID-specific scan (e.g., from the special OWE scan mechanism). In that sequence, the previously used learning of OWE BSS was skipped since the SSID was already present in the BSS entry. This could result in not being able to find a matching BSS entry for the OWE BSS in transition mode. Fix this by adding the BSS flag for transition mode based on SSID matching against currently enabled OWE network profiles in addition to the previous mechanism. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
if (!(bss->flags & WPA_BSS_OWE_TRANSITION)) {
struct wpa_ssid *ssid;
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
if (wpas_network_disabled(wpa_s, ssid))
continue;
if (ssid->ssid_len == ssid_len &&
os_memcmp(ssid->ssid, pos, ssid_len) == 0) {
/* OWE BSS in transition mode for a currently
* enabled OWE network. */
wpa_dbg(wpa_s, MSG_DEBUG,
"OWE: transition mode OWE SSID for active OWE profile");
bss->flags |= WPA_BSS_OWE_TRANSITION;
break;
}
}
}
OWE: Transition mode support on station side Add support for using the OWE Transition Mode element to determine the hidden SSID for an OWE BSS that is used in transition mode. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
if (bss->ssid_len > 0)
return;
open_bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
if (!open_bss)
return;
if (ssid_len != open_bss->ssid_len ||
os_memcmp(pos, open_bss->ssid, ssid_len) != 0) {
wpa_dbg(wpa_s, MSG_DEBUG,
"OWE: transition mode SSID mismatch: %s",
wpa_ssid_txt(open_bss->ssid, open_bss->ssid_len));
return;
}
owe = wpa_bss_get_vendor_ie(open_bss, OWE_IE_VENDOR_TYPE);
if (!owe || wpa_bss_get_ie(open_bss, WLAN_EID_RSN)) {
wpa_dbg(wpa_s, MSG_DEBUG,
"OWE: transition mode open BSS unexpected info");
return;
}
pos = owe + 6;
end = owe + 2 + owe[1];
if (end - pos < ETH_ALEN + 1)
return;
if (os_memcmp(pos, bss->bssid, ETH_ALEN) != 0) {
wpa_dbg(wpa_s, MSG_DEBUG,
"OWE: transition mode BSSID mismatch: " MACSTR,
MAC2STR(pos));
return;
}
pos += ETH_ALEN;
ssid_len = *pos++;
if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN)
return;
wpa_dbg(wpa_s, MSG_DEBUG, "OWE: learned transition mode OWE SSID: %s",
wpa_ssid_txt(pos, ssid_len));
os_memcpy(bss->ssid, pos, ssid_len);
bss->ssid_len = ssid_len;
OWE: Avoid incorrect profile update in transition mode The "unexpected" change of SSID between the current network profile (which uses the SSID from the open BSS in OWE transition mode) and the association with the OWE BSS (which uses a random, hidden SSID) resulted in wpa_supplicant incorrectly determining that this was a driver-initiated BSS selection ("Driver-initiated BSS selection changed the SSID to <the random SSID from OWE BSS>" in debug log). This ended up with updating security parameters based on the network profile inwpa_supplicant_set_suites() instead of using the already discovered information from scan results. In particular, this cleared the RSN supplicant state machine information of AP RSNE and resulted in having to fetch the scan results for the current BSS when processing EAPOL-Key msg 3/4. Fix this by recognizing the special case for OWE transition mode where the SSID for the associated AP does not actually match the SSID in the network profile. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
bss->flags |= WPA_BSS_OWE_TRANSITION;
OWE: Transition mode support on station side Add support for using the OWE Transition Mode element to determine the hidden SSID for an OWE BSS that is used in transition mode. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#endif /* CONFIG_OWE */
}
Do not select APs found on disabled channels for connection If a channel list changed event is received after a scan and before selecting a BSS for connection, a BSS found on a now disabled channel may get selected for connection. The connect request issued with the BSS found on a disabled channel is rejected by cfg80211. Filter out the BSSs found on disabled channels and select from the other BSSs found on enabled channels to avoid unnecessary connection attempts that are bound to fail. The channel list information will be updated by the driver in cases like country code update, disabling/enabling specific bands, etc. which can occur between the scan and connection attempt. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
static int disabled_freq(struct wpa_supplicant *wpa_s, int freq)
{
int i, j;
if (!wpa_s->hw.modes || !wpa_s->hw.num_modes)
return 0;
for (j = 0; j < wpa_s->hw.num_modes; j++) {
struct hostapd_hw_modes *mode = &wpa_s->hw.modes[j];
for (i = 0; i < mode->num_channels; i++) {
struct hostapd_channel_data *chan = &mode->channels[i];
if (chan->freq == freq)
return !!(chan->flag & HOSTAPD_CHAN_DISABLED);
}
}
return 1;
}
SAE-PK: Select SAE-PK network over SAE without PK If there is an acceptable BSS with SAE-PK enabled in the same ESS, select that over a BSS that does not enable SAE-PK when the network profile uses automatic SAE-PK selection. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
const u8 *match_ssid, size_t match_ssid_len,
Rename wpa_blacklist to wpa_bssid_ignore This is more accurate name for this functionality of temporarily ignoring BSSIDs. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
struct wpa_bss *bss, int bssid_ignore_count,
SAE-PK: Select SAE-PK network over SAE without PK If there is an acceptable BSS with SAE-PK enabled in the same ESS, select that over a BSS that does not enable SAE-PK when the network profile uses automatic SAE-PK selection. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
bool debug_print);
#ifdef CONFIG_SAE_PK
static bool sae_pk_acceptable_bss_with_pk(struct wpa_supplicant *wpa_s,
struct wpa_bss *orig_bss,
struct wpa_ssid *ssid,
const u8 *match_ssid,
size_t match_ssid_len)
{
struct wpa_bss *bss;
dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
wpa_supplicant: Implement time-based blacklisting wpa_supplicant keeps a blacklist of BSSs in order to prevent repeated associations to problematic APs*. Currently, this blacklist is completely cleared whenever we successfully connect to any AP. This causes problematic behavior when in the presence of both a bad AP and a good AP. The device can repeatedly attempt to roam to the bad AP because it is clearing the blacklist every time it connects to the good AP. This results in the connection constantly ping-ponging between the APs, leaving the user stuck without connection. Instead of clearing the blacklist, implement timeout functionality which allows association attempts to blacklisted APs after some time has passed. Each time a BSS would be added to the blacklist, increase the duration of this timeout exponentially, up to a cap of 1800 seconds. This means that the device will no longer be able to immediately attempt to roam back to a bad AP whenever it successfully connects to any other AP. Other details: The algorithm for building up the blacklist count and timeout duration on a given AP has been designed to be minimally obtrusive. Starting with a fresh blacklist, the device may attempt to connect to a problematic AP no more than 6 times in any ~45 minute period. Once an AP has reached a blacklist count >= 6, the device may attempt to connect to it no more than once every 30 minutes. The goal of these limits is to find an ideal balance between minimizing connection attempts to bad APs while still trying them out occasionally to see if the problems have stopped. The only exception to the above limits is that the blacklist is still completely cleared whenever there are no APs available in a scan. This means that if all nearby APs have been blacklisted, all APs will be completely exonerated regardless of their blacklist counts or how close their blacklist entries are to expiring. When all nearby APs have been blacklisted we know that every nearby AP is in some way problematic. Once we know that every AP is causing problems, it doesn't really make sense to sort them beyond that because the blacklist count and timeout duration don't necessarily reflect the degree to which an AP is problematic (i.e. they can be manipulated by external factors such as the user physically moving around). Instead, its best to restart the blacklist and let the normal roaming algorithm take over to maximize our chance of getting the best possible connection quality. As stated above, the time-based blacklisting algorithm is designed to be minimally obtrusive to user experience, so occasionally restarting the process is not too impactful on the user. *problematic AP: rejects new clients, frequently de-auths clients, very poor connection quality, etc. Signed-off-by: Kevin Lund <kglund@google.com> Signed-off-by: Brian Norris <briannorris@chromium.org>
4 years ago
int count;
SAE-PK: Select SAE-PK network over SAE without PK If there is an acceptable BSS with SAE-PK enabled in the same ESS, select that over a BSS that does not enable SAE-PK when the network profile uses automatic SAE-PK selection. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
const u8 *ie;
if (bss == orig_bss)
continue;
ie = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
Add helper functions for parsing RSNXE capabilities Simplify the implementation by using shared functions for parsing the capabilities instead of using various similar but not exactly identical checks throughout the implementation. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
if (!(ieee802_11_rsnx_capab(ie, WLAN_RSNX_CAPAB_SAE_PK)))
SAE-PK: Select SAE-PK network over SAE without PK If there is an acceptable BSS with SAE-PK enabled in the same ESS, select that over a BSS that does not enable SAE-PK when the network profile uses automatic SAE-PK selection. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
continue;
/* TODO: Could be more thorough in checking what kind of
* signal strength or throughput estimate would be acceptable
* compared to the originally selected BSS. */
if (bss->est_throughput < 2000)
return false;
Rename wpa_blacklist to wpa_bssid_ignore This is more accurate name for this functionality of temporarily ignoring BSSIDs. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
count = wpa_bssid_ignore_is_listed(wpa_s, bss->bssid);
SAE-PK: Select SAE-PK network over SAE without PK If there is an acceptable BSS with SAE-PK enabled in the same ESS, select that over a BSS that does not enable SAE-PK when the network profile uses automatic SAE-PK selection. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
if (wpa_scan_res_ok(wpa_s, ssid, match_ssid, match_ssid_len,
wpa_supplicant: Implement time-based blacklisting wpa_supplicant keeps a blacklist of BSSs in order to prevent repeated associations to problematic APs*. Currently, this blacklist is completely cleared whenever we successfully connect to any AP. This causes problematic behavior when in the presence of both a bad AP and a good AP. The device can repeatedly attempt to roam to the bad AP because it is clearing the blacklist every time it connects to the good AP. This results in the connection constantly ping-ponging between the APs, leaving the user stuck without connection. Instead of clearing the blacklist, implement timeout functionality which allows association attempts to blacklisted APs after some time has passed. Each time a BSS would be added to the blacklist, increase the duration of this timeout exponentially, up to a cap of 1800 seconds. This means that the device will no longer be able to immediately attempt to roam back to a bad AP whenever it successfully connects to any other AP. Other details: The algorithm for building up the blacklist count and timeout duration on a given AP has been designed to be minimally obtrusive. Starting with a fresh blacklist, the device may attempt to connect to a problematic AP no more than 6 times in any ~45 minute period. Once an AP has reached a blacklist count >= 6, the device may attempt to connect to it no more than once every 30 minutes. The goal of these limits is to find an ideal balance between minimizing connection attempts to bad APs while still trying them out occasionally to see if the problems have stopped. The only exception to the above limits is that the blacklist is still completely cleared whenever there are no APs available in a scan. This means that if all nearby APs have been blacklisted, all APs will be completely exonerated regardless of their blacklist counts or how close their blacklist entries are to expiring. When all nearby APs have been blacklisted we know that every nearby AP is in some way problematic. Once we know that every AP is causing problems, it doesn't really make sense to sort them beyond that because the blacklist count and timeout duration don't necessarily reflect the degree to which an AP is problematic (i.e. they can be manipulated by external factors such as the user physically moving around). Instead, its best to restart the blacklist and let the normal roaming algorithm take over to maximize our chance of getting the best possible connection quality. As stated above, the time-based blacklisting algorithm is designed to be minimally obtrusive to user experience, so occasionally restarting the process is not too impactful on the user. *problematic AP: rejects new clients, frequently de-auths clients, very poor connection quality, etc. Signed-off-by: Kevin Lund <kglund@google.com> Signed-off-by: Brian Norris <briannorris@chromium.org>
4 years ago
bss, count, 0))
SAE-PK: Select SAE-PK network over SAE without PK If there is an acceptable BSS with SAE-PK enabled in the same ESS, select that over a BSS that does not enable SAE-PK when the network profile uses automatic SAE-PK selection. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
return true;
}
return false;
}
#endif /* CONFIG_SAE_PK */
Clean up wpa_scan_res_match() Move the BSS-against-SSID matching into a separate helper function to make this overly long function a bit more readable and to allow that helper function to be used for other purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
const u8 *match_ssid, size_t match_ssid_len,
Rename wpa_blacklist to wpa_bssid_ignore This is more accurate name for this functionality of temporarily ignoring BSSIDs. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
struct wpa_bss *bss, int bssid_ignore_count,
Clean up wpa_scan_res_match() Move the BSS-against-SSID matching into a separate helper function to make this overly long function a bit more readable and to allow that helper function to be used for other purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
bool debug_print)
{
int res;
bool wpa, check_ssid, osen, rsn_osen = false;
struct wpa_ie_data data;
#ifdef CONFIG_MBO
const u8 *assoc_disallow;
#endif /* CONFIG_MBO */
#ifdef CONFIG_SAE
u8 rsnxe_capa = 0;
#endif /* CONFIG_SAE */
const u8 *ie;
ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
wpa = ie && ie[1];
ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
wpa |= ie && ie[1];
if (ie && wpa_parse_wpa_ie_rsn(ie, 2 + ie[1], &data) == 0 &&
(data.key_mgmt & WPA_KEY_MGMT_OSEN))
rsn_osen = true;
ie = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
osen = ie != NULL;
#ifdef CONFIG_SAE
ie = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
if (ie && ie[1] >= 1)
rsnxe_capa = ie[2];
#endif /* CONFIG_SAE */
check_ssid = wpa || ssid->ssid_len > 0;
if (wpas_network_disabled(wpa_s, ssid)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG, " skip - disabled");
return false;
}
res = wpas_temp_disabled(wpa_s, ssid);
if (res > 0) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - disabled temporarily for %d second(s)",
res);
return false;
}
#ifdef CONFIG_WPS
Rename wpa_blacklist to wpa_bssid_ignore This is more accurate name for this functionality of temporarily ignoring BSSIDs. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
if ((ssid->key_mgmt & WPA_KEY_MGMT_WPS) && bssid_ignore_count) {
Clean up wpa_scan_res_match() Move the BSS-against-SSID matching into a separate helper function to make this overly long function a bit more readable and to allow that helper function to be used for other purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
Rename wpa_blacklist to wpa_bssid_ignore This is more accurate name for this functionality of temporarily ignoring BSSIDs. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
" skip - BSSID ignored (WPS)");
Clean up wpa_scan_res_match() Move the BSS-against-SSID matching into a separate helper function to make this overly long function a bit more readable and to allow that helper function to be used for other purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
return false;
}
if (wpa && ssid->ssid_len == 0 &&
wpas_wps_ssid_wildcard_ok(wpa_s, ssid, bss))
check_ssid = false;
if (!wpa && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
/* Only allow wildcard SSID match if an AP advertises active
* WPS operation that matches our mode. */
check_ssid = ssid->ssid_len > 0 ||
!wpas_wps_ssid_wildcard_ok(wpa_s, ssid, bss);
}
#endif /* CONFIG_WPS */
if (ssid->bssid_set && ssid->ssid_len == 0 &&
os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) == 0)
check_ssid = false;
if (check_ssid &&
(match_ssid_len != ssid->ssid_len ||
os_memcmp(match_ssid, ssid->ssid, match_ssid_len) != 0)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID mismatch");
return false;
}
if (ssid->bssid_set &&
os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) != 0) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG, " skip - BSSID mismatch");
return false;
}
Rename network profiles parameters for ignoring/accepted BSSIDs Rename the network profile parameters bssid_blacklist and bssid_whitelist to bssid_ignore and bssid_accept to use more specific names for the configuration of which BSSs are ignored/accepted during BSS selection. The old parameter names are maintained as aliases for the new names to avoid breaking compatibility with previously used configurations. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
/* check the list of BSSIDs to ignore */
if (ssid->num_bssid_ignore &&
addr_in_list(bss->bssid, ssid->bssid_ignore,
ssid->num_bssid_ignore)) {
Clean up wpa_scan_res_match() Move the BSS-against-SSID matching into a separate helper function to make this overly long function a bit more readable and to allow that helper function to be used for other purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
Rename network profiles parameters for ignoring/accepted BSSIDs Rename the network profile parameters bssid_blacklist and bssid_whitelist to bssid_ignore and bssid_accept to use more specific names for the configuration of which BSSs are ignored/accepted during BSS selection. The old parameter names are maintained as aliases for the new names to avoid breaking compatibility with previously used configurations. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
" skip - BSSID configured to be ignored");
Clean up wpa_scan_res_match() Move the BSS-against-SSID matching into a separate helper function to make this overly long function a bit more readable and to allow that helper function to be used for other purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
return false;
}
Rename network profiles parameters for ignoring/accepted BSSIDs Rename the network profile parameters bssid_blacklist and bssid_whitelist to bssid_ignore and bssid_accept to use more specific names for the configuration of which BSSs are ignored/accepted during BSS selection. The old parameter names are maintained as aliases for the new names to avoid breaking compatibility with previously used configurations. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
/* if there is a list of accepted BSSIDs, only accept those APs */
if (ssid->num_bssid_accept &&
!addr_in_list(bss->bssid, ssid->bssid_accept,
ssid->num_bssid_accept)) {
Clean up wpa_scan_res_match() Move the BSS-against-SSID matching into a separate helper function to make this overly long function a bit more readable and to allow that helper function to be used for other purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
Rename network profiles parameters for ignoring/accepted BSSIDs Rename the network profile parameters bssid_blacklist and bssid_whitelist to bssid_ignore and bssid_accept to use more specific names for the configuration of which BSSs are ignored/accepted during BSS selection. The old parameter names are maintained as aliases for the new names to avoid breaking compatibility with previously used configurations. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
" skip - BSSID not in list of accepted values");
Clean up wpa_scan_res_match() Move the BSS-against-SSID matching into a separate helper function to make this overly long function a bit more readable and to allow that helper function to be used for other purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
return false;
}
if (!wpa_supplicant_ssid_bss_match(wpa_s, ssid, bss, debug_print))
return false;
if (!osen && !wpa &&
!(ssid->key_mgmt & WPA_KEY_MGMT_NONE) &&
!(ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
!(ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
!(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - non-WPA network not allowed");
return false;
}
#ifdef CONFIG_WEP
if (wpa && !wpa_key_mgmt_wpa(ssid->key_mgmt) && has_wep_key(ssid)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - ignore WPA/WPA2 AP for WEP network block");
return false;
}
#endif /* CONFIG_WEP */
if ((ssid->key_mgmt & WPA_KEY_MGMT_OSEN) && !osen && !rsn_osen) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - non-OSEN network not allowed");
return false;
}
if (!wpa_supplicant_match_privacy(bss, ssid)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG, " skip - privacy mismatch");
return false;
}
if (ssid->mode != WPAS_MODE_MESH && !bss_is_ess(bss) &&
!bss_is_pbss(bss)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - not ESS, PBSS, or MBSS");
return false;
}
if (ssid->pbss != 2 && ssid->pbss != bss_is_pbss(bss)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - PBSS mismatch (ssid %d bss %d)",
ssid->pbss, bss_is_pbss(bss));
return false;
}
if (!freq_allowed(ssid->freq_list, bss->freq)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - frequency not allowed");
return false;
}
#ifdef CONFIG_MESH
if (ssid->mode == WPAS_MODE_MESH && ssid->frequency > 0 &&
ssid->frequency != bss->freq) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - frequency not allowed (mesh)");
return false;
}
#endif /* CONFIG_MESH */
if (!rate_match(wpa_s, ssid, bss, debug_print)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - rate sets do not match");
return false;
}
#ifdef CONFIG_SAE
if ((wpa_s->conf->sae_pwe == 1 || ssid->sae_password_id) &&
wpa_s->conf->sae_pwe != 3 && wpa_key_mgmt_sae(ssid->key_mgmt) &&
!(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - SAE H2E required, but not supported by the AP");
return false;
}
#endif /* CONFIG_SAE */
#ifdef CONFIG_SAE_PK
if (ssid->sae_pk == SAE_PK_MODE_ONLY &&
!(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK))) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - SAE-PK required, but not supported by the AP");
return false;
}
#endif /* CONFIG_SAE_PK */
#ifndef CONFIG_IBSS_RSN
if (ssid->mode == WPAS_MODE_IBSS &&
!(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - IBSS RSN not supported in the build");
return false;
}
#endif /* !CONFIG_IBSS_RSN */
#ifdef CONFIG_P2P
if (ssid->p2p_group &&
!wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) &&
!wpa_bss_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG, " skip - no P2P IE seen");
return false;
}
if (!is_zero_ether_addr(ssid->go_p2p_dev_addr)) {
struct wpabuf *p2p_ie;
u8 dev_addr[ETH_ALEN];
ie = wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE);
if (!ie) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - no P2P element");
return false;
}
p2p_ie = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
if (!p2p_ie) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - could not fetch P2P element");
return false;
}
if (p2p_parse_dev_addr_in_p2p_ie(p2p_ie, dev_addr) < 0 ||
os_memcmp(dev_addr, ssid->go_p2p_dev_addr, ETH_ALEN) != 0) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - no matching GO P2P Device Address in P2P element");
wpabuf_free(p2p_ie);
return false;
}
wpabuf_free(p2p_ie);
}
/*
* TODO: skip the AP if its P2P IE has Group Formation bit set in the
* P2P Group Capability Bitmap and we are not in Group Formation with
* that device.
*/
#endif /* CONFIG_P2P */
if (os_reltime_before(&bss->last_update, &wpa_s->scan_min_time)) {
struct os_reltime diff;
os_reltime_sub(&wpa_s->scan_min_time, &bss->last_update, &diff);
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - scan result not recent enough (%u.%06u seconds too old)",
(unsigned int) diff.sec,
(unsigned int) diff.usec);
return false;
}
#ifdef CONFIG_MBO
#ifdef CONFIG_TESTING_OPTIONS
if (wpa_s->ignore_assoc_disallow)
goto skip_assoc_disallow;
#endif /* CONFIG_TESTING_OPTIONS */
assoc_disallow = wpas_mbo_get_bss_attr(bss, MBO_ATTR_ID_ASSOC_DISALLOW);
if (assoc_disallow && assoc_disallow[1] >= 1) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - MBO association disallowed (reason %u)",
assoc_disallow[2]);
return false;
}
if (wpa_is_bss_tmp_disallowed(wpa_s, bss)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - AP temporarily disallowed");
return false;
}
#ifdef CONFIG_TESTING_OPTIONS
skip_assoc_disallow:
#endif /* CONFIG_TESTING_OPTIONS */
#endif /* CONFIG_MBO */
#ifdef CONFIG_DPP
if ((ssid->key_mgmt & WPA_KEY_MGMT_DPP) &&
!wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, ssid) &&
(!ssid->dpp_connector || !ssid->dpp_netaccesskey ||
!ssid->dpp_csign)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - no PMKSA entry for DPP");
return false;
}
#endif /* CONFIG_DPP */
SAE-PK: Select SAE-PK network over SAE without PK If there is an acceptable BSS with SAE-PK enabled in the same ESS, select that over a BSS that does not enable SAE-PK when the network profile uses automatic SAE-PK selection. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
#ifdef CONFIG_SAE_PK
if (ssid->sae_pk == SAE_PK_MODE_AUTOMATIC &&
wpa_key_mgmt_sae(ssid->key_mgmt) &&
SAE-PK: Check psk param also to look for SAE-PK acceptable BSS SAE-PK password can be set using psk parameter also in case of mixed SAE+PSK networks, so look for acceptable SAE-PK BSS when SAE password not set and psk parameter meets SAE-PK password criteria. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
4 years ago
((ssid->sae_password &&
sae_pk_valid_password(ssid->sae_password)) ||
(!ssid->sae_password && ssid->passphrase &&
sae_pk_valid_password(ssid->passphrase))) &&
SAE-PK: Select SAE-PK network over SAE without PK If there is an acceptable BSS with SAE-PK enabled in the same ESS, select that over a BSS that does not enable SAE-PK when the network profile uses automatic SAE-PK selection. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
!(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK)) &&
sae_pk_acceptable_bss_with_pk(wpa_s, bss, ssid, match_ssid,
match_ssid_len)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - another acceptable BSS with SAE-PK in the same ESS");
return false;
}
#endif /* CONFIG_SAE_PK */
Do not try to connect with zero-length SSID It was possible to find a BSS to local network profile match for a BSS entry that has no known SSID when going through some of the SSID wildcard cases. At leas the OWE transition mode case without BSSID match could result in hitting this. Zero-length SSID (i.e., wildcard SSID) is not valid in (Re)Association Request frame, so such an association will fail. Skip such a BSS to avoid known-to-be-failing association attempts. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
if (bss->ssid_len == 0) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG,
" skip - no SSID known for the BSS");
return false;
}
Clean up wpa_scan_res_match() Move the BSS-against-SSID matching into a separate helper function to make this overly long function a bit more readable and to allow that helper function to be used for other purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
/* Matching configuration found */
return true;
}
WNM: Add candidate list to BSS transition response Add the transition candidate list to BSS Transition Management Response frame. The candidates preference is set using the regular wpa_supplicant BSS selection logic. If the BSS transition request is rejected and updated scan results are not available, the list is not added. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
8 years ago
struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s,
int i, struct wpa_bss *bss,
struct wpa_ssid *group,
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
int only_first_ssid, int debug_print)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
{
Use BSS entries instead of scan results for BSS selection This allows the BSS selection functions to be called without having the scan result data structure. This can be used to skip extra scans in cases where previous results can be considered fresh. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
u8 wpa_ie_len, rsn_ie_len;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
const u8 *ie;
Merge WPA and non-WPA network selection routines This removes quite a bit of duplicated code and allows network block priority configuration to be used to prefer unprotected networks and also allows use on open network with good signal strength even if scan results show a protected network with marginal signal strength that does not allow it to be used.
14 years ago
struct wpa_ssid *ssid;
Clean up wpa_scan_res_match() Move the BSS-against-SSID matching into a separate helper function to make this overly long function a bit more readable and to allow that helper function to be used for other purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
int osen;
OWE: Transition mode support on station side Add support for using the OWE Transition Mode element to determine the hidden SSID for an OWE BSS that is used in transition mode. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
const u8 *match_ssid;
size_t match_ssid_len;
Rename wpa_blacklist to wpa_bssid_ignore This is more accurate name for this functionality of temporarily ignoring BSSIDs. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
int bssid_ignore_count;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
Use BSS entries instead of scan results for BSS selection This allows the BSS selection functions to be called without having the scan result data structure. This can be used to skip extra scans in cases where previous results can be considered fresh. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
Merge WPA and non-WPA network selection routines This removes quite a bit of duplicated code and allows network block priority configuration to be used to prefer unprotected networks and also allows use on open network with good signal strength even if scan results show a protected network with marginal signal strength that does not allow it to be used.
14 years ago
wpa_ie_len = ie ? ie[1] : 0;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
Use BSS entries instead of scan results for BSS selection This allows the BSS selection functions to be called without having the scan result data structure. This can be used to skip extra scans in cases where previous results can be considered fresh. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
Merge WPA and non-WPA network selection routines This removes quite a bit of duplicated code and allows network block priority configuration to be used to prefer unprotected networks and also allows use on open network with good signal strength even if scan results show a protected network with marginal signal strength that does not allow it to be used.
14 years ago
rsn_ie_len = ie ? ie[1] : 0;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
HS 2.0R2: Add OSEN client implementation Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
ie = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
osen = ie != NULL;
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print) {
wpa_dbg(wpa_s, MSG_DEBUG, "%d: " MACSTR
" ssid='%s' wpa_ie_len=%u rsn_ie_len=%u caps=0x%x level=%d freq=%d %s%s%s",
i, MAC2STR(bss->bssid),
wpa_ssid_txt(bss->ssid, bss->ssid_len),
wpa_ie_len, rsn_ie_len, bss->caps, bss->level,
bss->freq,
wpa_bss_get_vendor_ie(bss, WPS_IE_VENDOR_TYPE) ?
" wps" : "",
(wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) ||
wpa_bss_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE))
? " p2p" : "",
osen ? " osen=1" : "");
}
Split wpa_supplicant_select_bss() into three and remove odd debug message This function was getting way too long, so let's split it into WPA and non-WPA cases as separate functions. In addition, remove the confusing "Try to find non-WPA AP" debug message if a WPA-enabled AP is already selected (as reported by Andriy Tkachuk).
16 years ago
Rename wpa_blacklist to wpa_bssid_ignore This is more accurate name for this functionality of temporarily ignoring BSSIDs. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
bssid_ignore_count = wpa_bssid_ignore_is_listed(wpa_s, bss->bssid);
if (bssid_ignore_count) {
Blacklist BSS on first failure if only a single network is enabled The special case of requiring blacklisting count to be 2 or higher is only needed when more than a single network is currently enabled. As such, we should not do that when only a single network is enabled. This make the station more likely to follow network side load balancing attempts where the current AP may disassociate us with an assumption that we would move to another AP.
14 years ago
int limit = 1;
Validate WEP key lengths based on driver capabilities The nl80211 driver interface does not allow 128-bit WEP to be used without a vendor specific cipher suite and no such suite is defined for this purpose. Do not accept WEP key length 16 for nl80211 driver interface forn ow. wext-interface can still try to use these for backwards compatibility. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
if (wpa_supplicant_enabled_networks(wpa_s) == 1) {
Blacklist BSS on first failure if only a single network is enabled The special case of requiring blacklisting count to be 2 or higher is only needed when more than a single network is currently enabled. As such, we should not do that when only a single network is enabled. This make the station more likely to follow network side load balancing attempts where the current AP may disassociate us with an assumption that we would move to another AP.
14 years ago
/*
* When only a single network is enabled, we can
Rename wpa_blacklist to wpa_bssid_ignore This is more accurate name for this functionality of temporarily ignoring BSSIDs. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
* trigger BSSID ignoring on the first failure. This
Blacklist BSS on first failure if only a single network is enabled The special case of requiring blacklisting count to be 2 or higher is only needed when more than a single network is currently enabled. As such, we should not do that when only a single network is enabled. This make the station more likely to follow network side load balancing attempts where the current AP may disassociate us with an assumption that we would move to another AP.
14 years ago
* should not be done with multiple enabled networks to
* avoid getting forced to move into a worse ESS on
* single error if there are no other BSSes of the
* current ESS.
*/
limit = 0;
}
Rename wpa_blacklist to wpa_bssid_ignore This is more accurate name for this functionality of temporarily ignoring BSSIDs. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
if (bssid_ignore_count > limit) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print) {
wpa_dbg(wpa_s, MSG_DEBUG,
Rename wpa_blacklist to wpa_bssid_ignore This is more accurate name for this functionality of temporarily ignoring BSSIDs. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
" skip - BSSID ignored (count=%d limit=%d)",
bssid_ignore_count, limit);
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
}
Return NULL instead of 0 as the pointer on error case
13 years ago
return NULL;
Blacklist BSS on first failure if only a single network is enabled The special case of requiring blacklisting count to be 2 or higher is only needed when more than a single network is currently enabled. As such, we should not do that when only a single network is enabled. This make the station more likely to follow network side load balancing attempts where the current AP may disassociate us with an assumption that we would move to another AP.
14 years ago
}
Merge WPA and non-WPA network selection routines This removes quite a bit of duplicated code and allows network block priority configuration to be used to prefer unprotected networks and also allows use on open network with good signal strength even if scan results show a protected network with marginal signal strength that does not allow it to be used.
14 years ago
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
OWE: Transition mode support on station side Add support for using the OWE Transition Mode element to determine the hidden SSID for an OWE BSS that is used in transition mode. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
match_ssid = bss->ssid;
match_ssid_len = bss->ssid_len;
owe_trans_ssid(wpa_s, bss, &match_ssid, &match_ssid_len);
if (match_ssid_len == 0) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID not known");
Return NULL instead of 0 as the pointer on error case
13 years ago
return NULL;
Merge WPA and non-WPA network selection routines This removes quite a bit of duplicated code and allows network block priority configuration to be used to prefer unprotected networks and also allows use on open network with good signal strength even if scan results show a protected network with marginal signal strength that does not allow it to be used.
14 years ago
}
Skip networks without known SSID when selecting the BSS Previously, APs that were hiding SSID (zero-length SSID IE in Beacon frames) could have been selected when wildcard SSID matching was used. This would result in failed association attempt since the client does not know the correct SSID. This can slow down WPS which is often using wildcard SSID matching. Ignore BSSes without known SSID in the scan results when selecting which BSS to use.
15 years ago
Add disallow_aps parameter to disallow BSSIDs/SSIDs External programs can use this new parameter to prevent wpa_supplicant from connecting to a list of BSSIDs and/or SSIDs. The disallowed BSSes will still be visible in scan results and it is possible to run ANQP operations with them, but BSS selection for connection will skip any BSS that matches an entry in the disallowed list. The new parameter can be set with the control interface SET command using following syntax: SET disallow_aps <disallow_list> disallow_list ::= <ssid_spec> | <bssid_spec> | <disallow_list> | “” SSID_SPEC ::= ssid <SSID_HEX> BSSID_SPEC ::= bssid <BSSID_HEX> For example: wpa_cli set disallow_list "ssid 74657374 bssid 001122334455 ssid 68656c6c6f" wpa_cli set disallow_list (the empty value removes all entries) Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
if (disallowed_bssid(wpa_s, bss->bssid)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG, " skip - BSSID disallowed");
Add disallow_aps parameter to disallow BSSIDs/SSIDs External programs can use this new parameter to prevent wpa_supplicant from connecting to a list of BSSIDs and/or SSIDs. The disallowed BSSes will still be visible in scan results and it is possible to run ANQP operations with them, but BSS selection for connection will skip any BSS that matches an entry in the disallowed list. The new parameter can be set with the control interface SET command using following syntax: SET disallow_aps <disallow_list> disallow_list ::= <ssid_spec> | <bssid_spec> | <disallow_list> | “” SSID_SPEC ::= ssid <SSID_HEX> BSSID_SPEC ::= bssid <BSSID_HEX> For example: wpa_cli set disallow_list "ssid 74657374 bssid 001122334455 ssid 68656c6c6f" wpa_cli set disallow_list (the empty value removes all entries) Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
return NULL;
}
OWE: Transition mode support on station side Add support for using the OWE Transition Mode element to determine the hidden SSID for an OWE BSS that is used in transition mode. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
if (disallowed_ssid(wpa_s, match_ssid, match_ssid_len)) {
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID disallowed");
Add disallow_aps parameter to disallow BSSIDs/SSIDs External programs can use this new parameter to prevent wpa_supplicant from connecting to a list of BSSIDs and/or SSIDs. The disallowed BSSes will still be visible in scan results and it is possible to run ANQP operations with them, but BSS selection for connection will skip any BSS that matches an entry in the disallowed list. The new parameter can be set with the control interface SET command using following syntax: SET disallow_aps <disallow_list> disallow_list ::= <ssid_spec> | <bssid_spec> | <disallow_list> | “” SSID_SPEC ::= ssid <SSID_HEX> BSSID_SPEC ::= bssid <BSSID_HEX> For example: wpa_cli set disallow_list "ssid 74657374 bssid 001122334455 ssid 68656c6c6f" wpa_cli set disallow_list (the empty value removes all entries) Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
return NULL;
}
Do not select APs found on disabled channels for connection If a channel list changed event is received after a scan and before selecting a BSS for connection, a BSS found on a now disabled channel may get selected for connection. The connect request issued with the BSS found on a disabled channel is rejected by cfg80211. Filter out the BSSs found on disabled channels and select from the other BSSs found on enabled channels to avoid unnecessary connection attempts that are bound to fail. The channel list information will be updated by the driver in cases like country code update, disabling/enabling specific bands, etc. which can occur between the scan and connection attempt. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
if (disabled_freq(wpa_s, bss->freq)) {
if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG, " skip - channel disabled");
return NULL;
}
Interworking: Prefer last added network during network selection Previously, any network block could be used to select the BSS to connect to when processing scan results after Interworking network selection. This can result in somewhat unexpected network selection in cases where credential preferences indicated that a specific network was selected, but another network ended up getting used for the connection. While the older networks continue to be valid, add special processing for this initial post-interworking-connect case to get more consistent network selection to match with the Interworking network selection result. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
for (ssid = group; ssid; ssid = only_first_ssid ? NULL : ssid->pnext) {
Clean up wpa_scan_res_match() Move the BSS-against-SSID matching into a separate helper function to make this overly long function a bit more readable and to allow that helper function to be used for other purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
if (wpa_scan_res_ok(wpa_s, ssid, match_ssid, match_ssid_len,
Rename wpa_blacklist to wpa_bssid_ignore This is more accurate name for this functionality of temporarily ignoring BSSIDs. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
bss, bssid_ignore_count, debug_print))
Clean up wpa_scan_res_match() Move the BSS-against-SSID matching into a separate helper function to make this overly long function a bit more readable and to allow that helper function to be used for other purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
return ssid;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
Merge WPA and non-WPA network selection routines This removes quite a bit of duplicated code and allows network block priority configuration to be used to prefer unprotected networks and also allows use on open network with good signal strength even if scan results show a protected network with marginal signal strength that does not allow it to be used.
14 years ago
/* No matching configuration found */
Return NULL instead of 0 as the pointer on error case
13 years ago
return NULL;
Split wpa_supplicant_select_bss() into three and remove odd debug message This function was getting way too long, so let's split it into WPA and non-WPA cases as separate functions. In addition, remove the confusing "Try to find non-WPA AP" debug message if a WPA-enabled AP is already selected (as reported by Andriy Tkachuk).
16 years ago
}
Use BSS table entry instead of raw scan result for connection
15 years ago
static struct wpa_bss *
Do not store raw scan results Use scan results to update the BSS table and to select the BSS for connection, but do not store the results for longer time.
15 years ago
wpa_supplicant_select_bss(struct wpa_supplicant *wpa_s,
struct wpa_ssid *group,
Interworking: Prefer last added network during network selection Previously, any network block could be used to select the BSS to connect to when processing scan results after Interworking network selection. This can result in somewhat unexpected network selection in cases where credential preferences indicated that a specific network was selected, but another network ended up getting used for the connection. While the older networks continue to be valid, add special processing for this initial post-interworking-connect case to get more consistent network selection to match with the Interworking network selection result. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
struct wpa_ssid **selected_ssid,
int only_first_ssid)
Split wpa_supplicant_select_bss() into three and remove odd debug message This function was getting way too long, so let's split it into WPA and non-WPA cases as separate functions. In addition, remove the confusing "Try to find non-WPA AP" debug message if a WPA-enabled AP is already selected (as reported by Andriy Tkachuk).
16 years ago
{
Use BSS entries instead of scan results for BSS selection This allows the BSS selection functions to be called without having the scan result data structure. This can be used to skip extra scans in cases where previous results can be considered fresh. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
unsigned int i;
Split wpa_supplicant_select_bss() into three and remove odd debug message This function was getting way too long, so let's split it into WPA and non-WPA cases as separate functions. In addition, remove the confusing "Try to find non-WPA AP" debug message if a WPA-enabled AP is already selected (as reported by Andriy Tkachuk).
16 years ago
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (wpa_s->current_ssid) {
struct wpa_ssid *ssid;
wpa_dbg(wpa_s, MSG_DEBUG,
"Scan results matching the currently selected network");
for (i = 0; i < wpa_s->last_scan_res_used; i++) {
struct wpa_bss *bss = wpa_s->last_scan_res[i];
ssid = wpa_scan_res_match(wpa_s, i, bss, group,
only_first_ssid, 0);
if (ssid != wpa_s->current_ssid)
continue;
wpa_dbg(wpa_s, MSG_DEBUG, "%u: " MACSTR
" freq=%d level=%d snr=%d est_throughput=%u",
i, MAC2STR(bss->bssid), bss->freq, bss->level,
bss->snr, bss->est_throughput);
}
}
Interworking: Prefer last added network during network selection Previously, any network block could be used to select the BSS to connect to when processing scan results after Interworking network selection. This can result in somewhat unexpected network selection in cases where credential preferences indicated that a specific network was selected, but another network ended up getting used for the connection. While the older networks continue to be valid, add special processing for this initial post-interworking-connect case to get more consistent network selection to match with the Interworking network selection result. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (only_first_ssid)
wpa_dbg(wpa_s, MSG_DEBUG, "Try to find BSS matching pre-selected network id=%d",
group->id);
else
wpa_dbg(wpa_s, MSG_DEBUG, "Selecting BSS from priority group %d",
group->priority);
Split wpa_supplicant_select_bss() into three and remove odd debug message This function was getting way too long, so let's split it into WPA and non-WPA cases as separate functions. In addition, remove the confusing "Try to find non-WPA AP" debug message if a WPA-enabled AP is already selected (as reported by Andriy Tkachuk).
16 years ago
Use BSS entries instead of scan results for BSS selection This allows the BSS selection functions to be called without having the scan result data structure. This can be used to skip extra scans in cases where previous results can be considered fresh. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
for (i = 0; i < wpa_s->last_scan_res_used; i++) {
struct wpa_bss *bss = wpa_s->last_scan_res[i];
OWE: Attempt more scans for OWE transition SSID if expected BSS not seen This commit introduces a threshold for OWE transition BSS selection, which signifies the maximum number of selection attempts (scans) done for finding OWE BSS. This aims to do more scan attempts for OWE BSS and eventually select the open BSS if the selection/scan attempts for OWE BSS exceed the configured threshold. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
wpa_s->owe_transition_select = 1;
Interworking: Prefer last added network during network selection Previously, any network block could be used to select the BSS to connect to when processing scan results after Interworking network selection. This can result in somewhat unexpected network selection in cases where credential preferences indicated that a specific network was selected, but another network ended up getting used for the connection. While the older networks continue to be valid, add special processing for this initial post-interworking-connect case to get more consistent network selection to match with the Interworking network selection result. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
*selected_ssid = wpa_scan_res_match(wpa_s, i, bss, group,
Debug print scan results matching the currently selected network This provides more details on BSS selection process in the debug log. Previously, the BSSs that were not either the current or the selected one were not necessarily printed at all. Now all BSSs that match the currently selected network are listed with their frequency and signal strength details. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
only_first_ssid, 1);
OWE: Attempt more scans for OWE transition SSID if expected BSS not seen This commit introduces a threshold for OWE transition BSS selection, which signifies the maximum number of selection attempts (scans) done for finding OWE BSS. This aims to do more scan attempts for OWE BSS and eventually select the open BSS if the selection/scan attempts for OWE BSS exceed the configured threshold. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
wpa_s->owe_transition_select = 0;
Merge WPA and non-WPA network selection routines This removes quite a bit of duplicated code and allows network block priority configuration to be used to prefer unprotected networks and also allows use on open network with good signal strength even if scan results show a protected network with marginal signal strength that does not allow it to be used.
14 years ago
if (!*selected_ssid)
continue;
Indicated if the selected BSS is the current BSS This makes scan result processing a bit more readable in debug log. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
wpa_dbg(wpa_s, MSG_DEBUG, " selected %sBSS " MACSTR
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
" ssid='%s'",
Indicated if the selected BSS is the current BSS This makes scan result processing a bit more readable in debug log. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
bss == wpa_s->current_bss ? "current ": "",
Use BSS entries instead of scan results for BSS selection This allows the BSS selection functions to be called without having the scan result data structure. This can be used to skip extra scans in cases where previous results can be considered fresh. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
MAC2STR(bss->bssid),
wpa_ssid_txt(bss->ssid, bss->ssid_len));
return bss;
Merge WPA and non-WPA network selection routines This removes quite a bit of duplicated code and allows network block priority configuration to be used to prefer unprotected networks and also allows use on open network with good signal strength even if scan results show a protected network with marginal signal strength that does not allow it to be used.
14 years ago
}
return NULL;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
WPS: Skip rescanning after provisioning if AP was configured If WPS provisioning step is completed with an AP that is in WPS configured state, we can skip a second scan after the provisioning step since the AP is unlikely to change its configuration in such a case. This can speed up WPS connection a bit by removing an unneeded scan. Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
11 years ago
struct wpa_bss * wpa_supplicant_pick_network(struct wpa_supplicant *wpa_s,
struct wpa_ssid **selected_ssid)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
{
Use BSS table entry instead of raw scan result for connection
15 years ago
struct wpa_bss *selected = NULL;
Use size_t instead of int or unsigned int for configuration items While int and unsigned int are not going overflow in practice as 32-bit values, these could at least in theory hit an integer overflow with 16-bit int. Use size_t to avoid such potential issue cases. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
size_t prio;
Interworking: Fix last-network preference to not override priority Commit 3d910ef497b11e149cf41e772670f7a7fe3a1e19 tried to make last-network selection behave more consistently with Interworking network selection preferences. However, it did not take into account that other network block may have higher priority. In such cases, the last added network from Interworking network selection should actually not be selected for the next connection. Fix this by limiting the last-network preference to work only within a priority class. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
struct wpa_ssid *next_ssid = NULL;
Allow PSK/passphrase to be set only when needed The new network profile parameter mem_only_psk=1 can be used to specify that the PSK/passphrase for that network is requested over the control interface (ctrl_iface or D-Bus) similarly to the EAP network parameter requests. The PSK/passphrase can then be configured temporarily in a way that prevents it from getting stored to the configuration file. For example: Event: CTRL-REQ-PSK_PASSPHRASE-0:PSK or passphrase needed for SSID test-wpa2-psk Response: CTRL-RSP-PSK_PASSPHRASE-0:"qwertyuiop" Note: The response value uses the same encoding as the psk network profile parameter, i.e., passphrase is within double quotation marks. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
struct wpa_ssid *ssid;
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
Use BSS entries instead of scan results for BSS selection This allows the BSS selection functions to be called without having the scan result data structure. This can be used to skip extra scans in cases where previous results can be considered fresh. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
if (wpa_s->last_scan_res == NULL ||
wpa_s->last_scan_res_used == 0)
return NULL; /* no scan results from last update */
Interworking: Fix last-network preference to not override priority Commit 3d910ef497b11e149cf41e772670f7a7fe3a1e19 tried to make last-network selection behave more consistently with Interworking network selection preferences. However, it did not take into account that other network block may have higher priority. In such cases, the last added network from Interworking network selection should actually not be selected for the next connection. Fix this by limiting the last-network preference to work only within a priority class. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (wpa_s->next_ssid) {
/* check that next_ssid is still valid */
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
if (ssid == wpa_s->next_ssid)
break;
}
next_ssid = ssid;
wpa_s->next_ssid = NULL;
}
Interworking: Prefer last added network during network selection Previously, any network block could be used to select the BSS to connect to when processing scan results after Interworking network selection. This can result in somewhat unexpected network selection in cases where credential preferences indicated that a specific network was selected, but another network ended up getting used for the connection. While the older networks continue to be valid, add special processing for this initial post-interworking-connect case to get more consistent network selection to match with the Interworking network selection result. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
Interworking: Fix last-network preference to not override priority Commit 3d910ef497b11e149cf41e772670f7a7fe3a1e19 tried to make last-network selection behave more consistently with Interworking network selection preferences. However, it did not take into account that other network block may have higher priority. In such cases, the last added network from Interworking network selection should actually not be selected for the next connection. Fix this by limiting the last-network preference to work only within a priority class. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
while (selected == NULL) {
for (prio = 0; prio < wpa_s->conf->num_prio; prio++) {
if (next_ssid && next_ssid->priority ==
wpa_s->conf->pssid[prio]->priority) {
Interworking: Prefer last added network during network selection Previously, any network block could be used to select the BSS to connect to when processing scan results after Interworking network selection. This can result in somewhat unexpected network selection in cases where credential preferences indicated that a specific network was selected, but another network ended up getting used for the connection. While the older networks continue to be valid, add special processing for this initial post-interworking-connect case to get more consistent network selection to match with the Interworking network selection result. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
selected = wpa_supplicant_select_bss(
Interworking: Fix last-network preference to not override priority Commit 3d910ef497b11e149cf41e772670f7a7fe3a1e19 tried to make last-network selection behave more consistently with Interworking network selection preferences. However, it did not take into account that other network block may have higher priority. In such cases, the last added network from Interworking network selection should actually not be selected for the next connection. Fix this by limiting the last-network preference to work only within a priority class. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_s, next_ssid, selected_ssid, 1);
Interworking: Prefer last added network during network selection Previously, any network block could be used to select the BSS to connect to when processing scan results after Interworking network selection. This can result in somewhat unexpected network selection in cases where credential preferences indicated that a specific network was selected, but another network ended up getting used for the connection. While the older networks continue to be valid, add special processing for this initial post-interworking-connect case to get more consistent network selection to match with the Interworking network selection result. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (selected)
break;
}
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
selected = wpa_supplicant_select_bss(
Use BSS entries instead of scan results for BSS selection This allows the BSS selection functions to be called without having the scan result data structure. This can be used to skip extra scans in cases where previous results can be considered fresh. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
wpa_s, wpa_s->conf->pssid[prio],
Interworking: Prefer last added network during network selection Previously, any network block could be used to select the BSS to connect to when processing scan results after Interworking network selection. This can result in somewhat unexpected network selection in cases where credential preferences indicated that a specific network was selected, but another network ended up getting used for the connection. While the older networks continue to be valid, add special processing for this initial post-interworking-connect case to get more consistent network selection to match with the Interworking network selection result. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
selected_ssid, 0);
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
if (selected)
break;
}
Rename wpa_blacklist to wpa_bssid_ignore This is more accurate name for this functionality of temporarily ignoring BSSIDs. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
if (selected == NULL && wpa_s->bssid_ignore &&
Add BSSID into blacklist and do not clean blacklist during countermeasures If scanning continues during TKIP countermeasures, try to avoid selecting the BSS that triggered the counter measures.
13 years ago
!wpa_s->countermeasures) {
Rename wpa_blacklist to wpa_bssid_ignore This is more accurate name for this functionality of temporarily ignoring BSSIDs. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
wpa_dbg(wpa_s, MSG_DEBUG,
"No APs found - clear BSSID ignore list and try again");
wpa_bssid_ignore_clear(wpa_s);
wpa_s->bssid_ignore_cleared = true;
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
} else if (selected == NULL)
break;
}
Allow PSK/passphrase to be set only when needed The new network profile parameter mem_only_psk=1 can be used to specify that the PSK/passphrase for that network is requested over the control interface (ctrl_iface or D-Bus) similarly to the EAP network parameter requests. The PSK/passphrase can then be configured temporarily in a way that prevents it from getting stored to the configuration file. For example: Event: CTRL-REQ-PSK_PASSPHRASE-0:PSK or passphrase needed for SSID test-wpa2-psk Response: CTRL-RSP-PSK_PASSPHRASE-0:"qwertyuiop" Note: The response value uses the same encoding as the psk network profile parameter, i.e., passphrase is within double quotation marks. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
ssid = *selected_ssid;
if (selected && ssid && ssid->mem_only_psk && !ssid->psk_set &&
!ssid->passphrase && !ssid->ext_psk) {
const char *field_name, *txt = NULL;
wpa_dbg(wpa_s, MSG_DEBUG,
"PSK/passphrase not yet available for the selected network");
wpas_notify_network_request(wpa_s, ssid,
WPA_CTRL_REQ_PSK_PASSPHRASE, NULL);
field_name = wpa_supplicant_ctrl_req_to_string(
WPA_CTRL_REQ_PSK_PASSPHRASE, NULL, &txt);
if (field_name == NULL)
return NULL;
wpas_send_ctrl_req(wpa_s, ssid, field_name, txt);
selected = NULL;
}
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
return selected;
}
static void wpa_supplicant_req_new_scan(struct wpa_supplicant *wpa_s,
Allow sub-second resolution for scan requests This is in preparation to use cases that may benefit from more frequent scanning.
14 years ago
int timeout_sec, int timeout_usec)
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
{
Validate WEP key lengths based on driver capabilities The nl80211 driver interface does not allow 128-bit WEP to be used without a vendor specific cipher suite and no such suite is defined for this purpose. Do not accept WEP key length 16 for nl80211 driver interface forn ow. wext-interface can still try to use these for backwards compatibility. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
if (!wpa_supplicant_enabled_networks(wpa_s)) {
Do not schedule a new scan if no networks are enabled This avoids an extra timeout to move to INACTIVE state.
15 years ago
/*
* No networks are enabled; short-circuit request so
* we don't wait timeout seconds before transitioning
* to INACTIVE state.
*/
P2P: Add more debug prints for GO start routines This makes it easier to debug issues in starting GO mode. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Short-circuit new scan request "
"since there are no enabled networks");
Do not schedule a new scan if no networks are enabled This avoids an extra timeout to move to INACTIVE state.
15 years ago
wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
return;
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
}
P2P: Avoid multi-channel scans when they are not needed If the driver does not support multi-channel concurrency and a virtual interface that shares the same radio with the current interface is operating there may not be need to scan other channels apart from the current operating channel on the other virtual interface. Filter out other channels in case we are trying to find a connection for a station interface when we are not configured to prefer station connection and a concurrent operation is already in process. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
wpa_s->scan_for_connection = 1;
Allow sub-second resolution for scan requests This is in preparation to use cases that may benefit from more frequent scanning.
14 years ago
wpa_supplicant_req_scan(wpa_s, timeout_sec, timeout_usec);
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
}
P2P: Fix wpa_supplicant crash on P2P WPS PBC overlap case Once PBC overlap detected when using dynamic group interfaces, the wpa_s corresponding to P2P group interface is freed. This patch avoids accessing the wpa_s data structure after it is freed. This fixes a possible crash in P2P client role in such a case.
13 years ago
int wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
struct wpa_bss *selected,
struct wpa_ssid *ssid)
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
{
if (wpas_wps_scan_pbc_overlap(wpa_s, selected, ssid)) {
wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OVERLAP
"PBC session overlap");
D-Bus: Add WPS pbc-overlap Event This sends an Event D-Bus signal with name "pbc-overlap" for WPS-EVENT-OVERLAP. Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
9 years ago
wpas_notify_wps_event_pbc_overlap(wpa_s);
P2P: Stop connection attempt on PBC session overlap The overlap condition cannot disappear before group formation timeout hits, so there is no point in continuing in this case and failure can be indicated immediately.
14 years ago
#ifdef CONFIG_P2P
P2P: Fix segfault when PBC overlap is detected If a separate P2P group interface is used, PBC overlap during group formation causes the group interface to be removed, which ends up with the interface context becoming invalid. Fix this by scheduling a timeout to process the PBC overlap and interface removal instead of removing the interface directly before the connection operation has returned. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
10 years ago
if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT ||
wpa_s->p2p_in_provisioning) {
eloop_register_timeout(0, 0, wpas_p2p_pbc_overlap_cb,
wpa_s, NULL);
P2P: Fix wpa_supplicant crash on P2P WPS PBC overlap case Once PBC overlap detected when using dynamic group interfaces, the wpa_s corresponding to P2P group interface is freed. This patch avoids accessing the wpa_s data structure after it is freed. This fixes a possible crash in P2P client role in such a case.
13 years ago
return -1;
P2P: Fix segfault when PBC overlap is detected If a separate P2P group interface is used, PBC overlap during group formation causes the group interface to be removed, which ends up with the interface context becoming invalid. Fix this by scheduling a timeout to process the PBC overlap and interface removal instead of removing the interface directly before the connection operation has returned. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
10 years ago
}
P2P: Stop connection attempt on PBC session overlap The overlap condition cannot disappear before group formation timeout hits, so there is no point in continuing in this case and failure can be indicated immediately.
14 years ago
#endif /* CONFIG_P2P */
Fix wpa_supplicant build without CONFIG_WPS and CONFIG_AP
14 years ago
#ifdef CONFIG_WPS
D-Bus: Add Signal to notify WPS PBC Overlap event Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
9 years ago
wpas_wps_pbc_overlap(wpa_s);
WPS: Cancel WPS operation on PBC session overlap detection Previously, wpa_supplicant remaining in scanning state without trying to connect, but there is no particular need to do that. Instead, cancel WPS operation completely whenever PBC session overlap is detected.
14 years ago
wpas_wps_cancel(wpa_s);
Fix wpa_supplicant build without CONFIG_WPS and CONFIG_AP
14 years ago
#endif /* CONFIG_WPS */
P2P: Fix wpa_supplicant crash on P2P WPS PBC overlap case Once PBC overlap detected when using dynamic group interfaces, the wpa_s corresponding to P2P group interface is freed. This patch avoids accessing the wpa_s data structure after it is freed. This fixes a possible crash in P2P client role in such a case.
13 years ago
return -1;
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
}
Fix already-associated detection with driver-based BSS selection wpa_s->pending_bssid is all zeros during connection attempt when driver-based BSS selection is used. Take this into account when determining whether new scan results should trigger a connection based on wpa_s->current_ssid, i.e., a connection attempt with the selected network instead of selected BSS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wpa_msg(wpa_s, MSG_DEBUG,
"Considering connect request: reassociate: %d selected: "
MACSTR " bssid: " MACSTR " pending: " MACSTR
" wpa_state: %s ssid=%p current_ssid=%p",
wpa_s->reassociate, MAC2STR(selected->bssid),
MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
wpa_supplicant_state_txt(wpa_s->wpa_state),
ssid, wpa_s->current_ssid);
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
/*
* Do not trigger new association unless the BSSID has changed or if
* reassociation is requested. If we are in process of associating with
* the selected BSSID, do not trigger new attempt.
*/
if (wpa_s->reassociate ||
(os_memcmp(selected->bssid, wpa_s->bssid, ETH_ALEN) != 0 &&
SME: Add timers for authentication and asscoiation mac80211 authentication or association operation may get stuck for some reasons, so wpa_supplicant better use an internal timer to recover from this. Signed-off-by: Ben Greear <greearb@candelatech.com>
13 years ago
((wpa_s->wpa_state != WPA_ASSOCIATING &&
wpa_s->wpa_state != WPA_AUTHENTICATING) ||
Fix already-associated detection with driver-based BSS selection wpa_s->pending_bssid is all zeros during connection attempt when driver-based BSS selection is used. Take this into account when determining whether new scan results should trigger a connection based on wpa_s->current_ssid, i.e., a connection attempt with the selected network instead of selected BSS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
(!is_zero_ether_addr(wpa_s->pending_bssid) &&
os_memcmp(selected->bssid, wpa_s->pending_bssid, ETH_ALEN) !=
0) ||
(is_zero_ether_addr(wpa_s->pending_bssid) &&
ssid != wpa_s->current_ssid)))) {
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
if (wpa_supplicant_scard_init(wpa_s, ssid)) {
Allow sub-second resolution for scan requests This is in preparation to use cases that may benefit from more frequent scanning.
14 years ago
wpa_supplicant_req_new_scan(wpa_s, 10, 0);
P2P: Fix wpa_supplicant crash on P2P WPS PBC overlap case Once PBC overlap detected when using dynamic group interfaces, the wpa_s corresponding to P2P group interface is freed. This patch avoids accessing the wpa_s data structure after it is freed. This fixes a possible crash in P2P client role in such a case.
13 years ago
return 0;
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
}
Fix already-associated detection with driver-based BSS selection wpa_s->pending_bssid is all zeros during connection attempt when driver-based BSS selection is used. Take this into account when determining whether new scan results should trigger a connection based on wpa_s->current_ssid, i.e., a connection attempt with the selected network instead of selected BSS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wpa_msg(wpa_s, MSG_DEBUG, "Request association with " MACSTR,
MAC2STR(selected->bssid));
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
wpa_supplicant_associate(wpa_s, selected, ssid);
} else {
Fix already-associated detection with driver-based BSS selection wpa_s->pending_bssid is all zeros during connection attempt when driver-based BSS selection is used. Take this into account when determining whether new scan results should trigger a connection based on wpa_s->current_ssid, i.e., a connection attempt with the selected network instead of selected BSS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Already associated or trying to "
"connect with the selected AP");
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
}
P2P: Fix wpa_supplicant crash on P2P WPS PBC overlap case Once PBC overlap detected when using dynamic group interfaces, the wpa_s corresponding to P2P group interface is freed. This patch avoids accessing the wpa_s data structure after it is freed. This fixes a possible crash in P2P client role in such a case.
13 years ago
return 0;
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
}
Allow IBSS/AP mode networks to be created in ap_scan=1 mode If no BSSes/IBSSes matching the enabled networks are found in the scan results, IBSS/AP mode network (if configured) can be created in ap_scan=1 mode instead of requiring ap_scan=2 mode to be used whenever using IBSS or AP mode.
15 years ago
static struct wpa_ssid *
wpa_supplicant_pick_new_network(struct wpa_supplicant *wpa_s)
{
Use size_t instead of int or unsigned int for configuration items While int and unsigned int are not going overflow in practice as 32-bit values, these could at least in theory hit an integer overflow with 16-bit int. Use size_t to avoid such potential issue cases. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
size_t prio;
Allow IBSS/AP mode networks to be created in ap_scan=1 mode If no BSSes/IBSSes matching the enabled networks are found in the scan results, IBSS/AP mode network (if configured) can be created in ap_scan=1 mode instead of requiring ap_scan=2 mode to be used whenever using IBSS or AP mode.
15 years ago
struct wpa_ssid *ssid;
for (prio = 0; prio < wpa_s->conf->num_prio; prio++) {
for (ssid = wpa_s->conf->pssid[prio]; ssid; ssid = ssid->pnext)
{
Validate WEP key lengths based on driver capabilities The nl80211 driver interface does not allow 128-bit WEP to be used without a vendor specific cipher suite and no such suite is defined for this purpose. Do not accept WEP key length 16 for nl80211 driver interface forn ow. wext-interface can still try to use these for backwards compatibility. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
if (wpas_network_disabled(wpa_s, ssid))
Allow IBSS/AP mode networks to be created in ap_scan=1 mode If no BSSes/IBSSes matching the enabled networks are found in the scan results, IBSS/AP mode network (if configured) can be created in ap_scan=1 mode instead of requiring ap_scan=2 mode to be used whenever using IBSS or AP mode.
15 years ago
continue;
Do not try to start/join RSN IBSS without CONFIG_IBSS_RSN=y Previously, a build without IBSS RSN support tried to start/join an IBSS even if the profile was configured with RSN parameters. This does not work and resulted in quite confusing debug log. Make this clearer by explicitly checking for this case and reject the connection attempt with a clearer debug log entry instead of trying something that is known to fail. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
#ifndef CONFIG_IBSS_RSN
if (ssid->mode == WPAS_MODE_IBSS &&
!(ssid->key_mgmt & (WPA_KEY_MGMT_NONE |
WPA_KEY_MGMT_WPA_NONE))) {
wpa_msg(wpa_s, MSG_INFO,
"IBSS RSN not supported in the build - cannot use the profile for SSID '%s'",
wpa_ssid_txt(ssid->ssid,
ssid->ssid_len));
continue;
}
#endif /* !CONFIG_IBSS_RSN */
wpa_supplicant: Fix type for ssid->mode comparisons The ssid->mode is from type enum wpas_mode and all its constants start with WPAS_MODE_*. Still some of the code sections used the IEEE80211_MODE_* defines instead of WPAS_MODE_*. This should have no impact on the actual code because the constants for INFRA, IBSS, AP and MESH had the same values. Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
5 years ago
if (ssid->mode == WPAS_MODE_IBSS ||
ssid->mode == WPAS_MODE_AP ||
ssid->mode == WPAS_MODE_MESH)
Allow IBSS/AP mode networks to be created in ap_scan=1 mode If no BSSes/IBSSes matching the enabled networks are found in the scan results, IBSS/AP mode network (if configured) can be created in ap_scan=1 mode instead of requiring ap_scan=2 mode to be used whenever using IBSS or AP mode.
15 years ago
return ssid;
}
}
return NULL;
}
Do not store raw scan results Use scan results to update the BSS table and to select the BSS for connection, but do not store the results for longer time.
15 years ago
/* TODO: move the rsn_preauth_scan_result*() to be called from notify.c based
* on BSS added and BSS changed events */
Split scan processing for RSN preauthentication into parts This avoids passing the raw scan results into the RSN code and by doing so, removes the only dependency on src/drivers from the src/rsn_supp code (or from any src subdirectory for that matter).
15 years ago
static void wpa_supplicant_rsn_preauth_scan_results(
Fix regression in RSN pre-authentication candidate list generation Processing of the scan results for RSN pre-authentication candidates was moved to happen before the network was selected. This resulted in all candidates being dropped due to no SSID having been configured. Fix this by moving the processing to happen after the network has been selected. Since the raw scan results are not available at that point, use the BSS table instead of scan results to fetch the information.
13 years ago
struct wpa_supplicant *wpa_s)
Split scan processing for RSN preauthentication into parts This avoids passing the raw scan results into the RSN code and by doing so, removes the only dependency on src/drivers from the src/rsn_supp code (or from any src subdirectory for that matter).
15 years ago
{
Fix regression in RSN pre-authentication candidate list generation Processing of the scan results for RSN pre-authentication candidates was moved to happen before the network was selected. This resulted in all candidates being dropped due to no SSID having been configured. Fix this by moving the processing to happen after the network has been selected. Since the raw scan results are not available at that point, use the BSS table instead of scan results to fetch the information.
13 years ago
struct wpa_bss *bss;
Split scan processing for RSN preauthentication into parts This avoids passing the raw scan results into the RSN code and by doing so, removes the only dependency on src/drivers from the src/rsn_supp code (or from any src subdirectory for that matter).
15 years ago
if (rsn_preauth_scan_results(wpa_s->wpa) < 0)
return;
Fix regression in RSN pre-authentication candidate list generation Processing of the scan results for RSN pre-authentication candidates was moved to happen before the network was selected. This resulted in all candidates being dropped due to no SSID having been configured. Fix this by moving the processing to happen after the network has been selected. Since the raw scan results are not available at that point, use the BSS table instead of scan results to fetch the information.
13 years ago
dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
Split scan processing for RSN preauthentication into parts This avoids passing the raw scan results into the RSN code and by doing so, removes the only dependency on src/drivers from the src/rsn_supp code (or from any src subdirectory for that matter).
15 years ago
const u8 *ssid, *rsn;
Fix regression in RSN pre-authentication candidate list generation Processing of the scan results for RSN pre-authentication candidates was moved to happen before the network was selected. This resulted in all candidates being dropped due to no SSID having been configured. Fix this by moving the processing to happen after the network has been selected. Since the raw scan results are not available at that point, use the BSS table instead of scan results to fetch the information.
13 years ago
ssid = wpa_bss_get_ie(bss, WLAN_EID_SSID);
Split scan processing for RSN preauthentication into parts This avoids passing the raw scan results into the RSN code and by doing so, removes the only dependency on src/drivers from the src/rsn_supp code (or from any src subdirectory for that matter).
15 years ago
if (ssid == NULL)
continue;
Fix regression in RSN pre-authentication candidate list generation Processing of the scan results for RSN pre-authentication candidates was moved to happen before the network was selected. This resulted in all candidates being dropped due to no SSID having been configured. Fix this by moving the processing to happen after the network has been selected. Since the raw scan results are not available at that point, use the BSS table instead of scan results to fetch the information.
13 years ago
rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
Split scan processing for RSN preauthentication into parts This avoids passing the raw scan results into the RSN code and by doing so, removes the only dependency on src/drivers from the src/rsn_supp code (or from any src subdirectory for that matter).
15 years ago
if (rsn == NULL)
continue;
Fix regression in RSN pre-authentication candidate list generation Processing of the scan results for RSN pre-authentication candidates was moved to happen before the network was selected. This resulted in all candidates being dropped due to no SSID having been configured. Fix this by moving the processing to happen after the network has been selected. Since the raw scan results are not available at that point, use the BSS table instead of scan results to fetch the information.
13 years ago
rsn_preauth_scan_result(wpa_s->wpa, bss->bssid, ssid, rsn);
Split scan processing for RSN preauthentication into parts This avoids passing the raw scan results into the RSN code and by doing so, removes the only dependency on src/drivers from the src/rsn_supp code (or from any src subdirectory for that matter).
15 years ago
}
}
Silence compiler warning with CONFIG_NO_ROAMING=y Comment out unused static functions if CONFIG_NO_ROAMING is defined. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
#ifndef CONFIG_NO_ROAMING
Use signal_poll noise information for roaming, if available Using average signal strength from the driver and hardcoded noise floor does not look like an ideal design since there can be significant differences in the driver-reported noise floor values. Furthermore, even though the current noise floor is a snapshot from the driver, it is common for drivers to use a noise floor value from a longer calibration step and that should not prevent the driver provided value from being used. This makes the comparisons of the signal strengths between the current AP (signal_poll) and other APs (scan) more accurate. As an example, test runs in home environment showed 5 dB difference between the driver reported noise floor and the hardcoded value and this could result in significant differences in estimated throughput calculation. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
static int wpas_get_snr_signal_info(u32 frequency, int avg_signal, int noise)
Update throughput estimate for the current BSS based on signal poll We saw that on certain platforms in certain places we keep switching between two APs and eventually get the same RSSI. Debugging showed that we have a very big difference between the two antennas. Ant A can hear AP A very well (-60) but AP B very bad (-80) Ant B can hear AP B very well (-60) but AP A very bad (-80) When the device associates to AP A, it'll learn to use Ant A. If the device uses one single antenna to receive the scan results, it may hear the AP it is currently associated to on the second antenna and get bad results. Because of that, the wpa_supplicant will roam to the other AP and the same scenario will repeat itself: Association to AP A (Ant A reports -60). Scan on Ant A: AP A: -60, AP B: -80 Scan on Ant B: AP A: -80, AP A: -60 ==> ROAM. Association to AP B (Ant B reports -60) Scan on Ant A: AP A: -60, AP B: -80 ==> ROAM Etc... Improve this by querying the signal level of the current AP using drv_signal_poll() instead of relying on the signal level that we get from the scan results. Also update the throughput estimate based on the likely more accurate values for the current association. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
5 years ago
{
Use signal_poll noise information for roaming, if available Using average signal strength from the driver and hardcoded noise floor does not look like an ideal design since there can be significant differences in the driver-reported noise floor values. Furthermore, even though the current noise floor is a snapshot from the driver, it is common for drivers to use a noise floor value from a longer calibration step and that should not prevent the driver provided value from being used. This makes the comparisons of the signal strengths between the current AP (signal_poll) and other APs (scan) more accurate. As an example, test runs in home environment showed 5 dB difference between the driver reported noise floor and the hardcoded value and this could result in significant differences in estimated throughput calculation. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
if (noise == WPA_INVALID_NOISE)
noise = IS_5GHZ(frequency) ? DEFAULT_NOISE_FLOOR_5GHZ :
DEFAULT_NOISE_FLOOR_2GHZ;
wpa_supplicant: Fall back to avg_signal in roaming decision Some drivers (e.g. Marvell WiFi) don't report avg_beacon_signal, but it's still useful to poll for the signal again when a roaming decision needs to be made. Use si.avg_signal when si.avg_beacon_signal is not available. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
5 years ago
return avg_signal - noise;
Update throughput estimate for the current BSS based on signal poll We saw that on certain platforms in certain places we keep switching between two APs and eventually get the same RSSI. Debugging showed that we have a very big difference between the two antennas. Ant A can hear AP A very well (-60) but AP B very bad (-80) Ant B can hear AP B very well (-60) but AP A very bad (-80) When the device associates to AP A, it'll learn to use Ant A. If the device uses one single antenna to receive the scan results, it may hear the AP it is currently associated to on the second antenna and get bad results. Because of that, the wpa_supplicant will roam to the other AP and the same scenario will repeat itself: Association to AP A (Ant A reports -60). Scan on Ant A: AP A: -60, AP B: -80 Scan on Ant B: AP A: -80, AP A: -60 ==> ROAM. Association to AP B (Ant B reports -60) Scan on Ant A: AP A: -60, AP B: -80 ==> ROAM Etc... Improve this by querying the signal level of the current AP using drv_signal_poll() instead of relying on the signal level that we get from the scan results. Also update the throughput estimate based on the likely more accurate values for the current association. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
5 years ago
}
static unsigned int
wpas_get_est_throughput_from_bss_snr(const struct wpa_supplicant *wpa_s,
const struct wpa_bss *bss, int snr)
{
int rate = wpa_bss_get_max_rate(bss);
BSS: Use wrapper function for getting a pointer to the IE buffer This makes it easier to change the internal struct wpa_bss design for storing the variable length IE buffers. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
const u8 *ies = wpa_bss_ie_ptr(bss);
Update throughput estimate for the current BSS based on signal poll We saw that on certain platforms in certain places we keep switching between two APs and eventually get the same RSSI. Debugging showed that we have a very big difference between the two antennas. Ant A can hear AP A very well (-60) but AP B very bad (-80) Ant B can hear AP B very well (-60) but AP A very bad (-80) When the device associates to AP A, it'll learn to use Ant A. If the device uses one single antenna to receive the scan results, it may hear the AP it is currently associated to on the second antenna and get bad results. Because of that, the wpa_supplicant will roam to the other AP and the same scenario will repeat itself: Association to AP A (Ant A reports -60). Scan on Ant A: AP A: -60, AP B: -80 Scan on Ant B: AP A: -80, AP A: -60 ==> ROAM. Association to AP B (Ant B reports -60) Scan on Ant A: AP A: -60, AP B: -80 ==> ROAM Etc... Improve this by querying the signal level of the current AP using drv_signal_poll() instead of relying on the signal level that we get from the scan results. Also update the throughput estimate based on the likely more accurate values for the current association. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
5 years ago
size_t ie_len = bss->ie_len ? bss->ie_len : bss->beacon_ie_len;
Check local supported features for estimating BSS throughputs accurately Add checks for features supported by the specific hardware mode of the local device that has the channel for which the throughput is being estimated instead of assuming the local device supports all optional features. This is more accurate for cases where the local capabilities might differ based on the band. In addition, this is in preparation for extending rate estimates to cover optional VHT and HE features. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
3 years ago
return wpas_get_est_tpt(wpa_s, ies, ie_len, rate, snr, bss->freq);
Update throughput estimate for the current BSS based on signal poll We saw that on certain platforms in certain places we keep switching between two APs and eventually get the same RSSI. Debugging showed that we have a very big difference between the two antennas. Ant A can hear AP A very well (-60) but AP B very bad (-80) Ant B can hear AP B very well (-60) but AP A very bad (-80) When the device associates to AP A, it'll learn to use Ant A. If the device uses one single antenna to receive the scan results, it may hear the AP it is currently associated to on the second antenna and get bad results. Because of that, the wpa_supplicant will roam to the other AP and the same scenario will repeat itself: Association to AP A (Ant A reports -60). Scan on Ant A: AP A: -60, AP B: -80 Scan on Ant B: AP A: -80, AP A: -60 ==> ROAM. Association to AP B (Ant B reports -60) Scan on Ant A: AP A: -60, AP B: -80 ==> ROAM Etc... Improve this by querying the signal level of the current AP using drv_signal_poll() instead of relying on the signal level that we get from the scan results. Also update the throughput estimate based on the likely more accurate values for the current association. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
5 years ago
}
Refactor wpa_supplicant_need_to_roam() Pull all the within-ESS roam code out of wpa_supplicant_need_to_roam() and into its own function, wpa_supplicant_need_to_roam_within_ess(). This way, we avoid interleaving several #ifndef's in the original function and wrap the new function in one big #ifndef. This also modularizes the within-ESS roam code and makes it easier to test. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
4 years ago
int wpa_supplicant_need_to_roam_within_ess(struct wpa_supplicant *wpa_s,
struct wpa_bss *current_bss,
struct wpa_bss *selected)
Try to avoid some unnecessary roaming When multiple APs are present in scan results with similar signal strength, wpa_supplicant may end up bounching between them frequently whenever new scan results are available (e.g., due to periodic scans requested by NetworkManager). This can result in unnecessary roaming and in case of the current cfg80211 version, to frequent network disconnections. Do not request a roam if the current BSS is still present in the scan results and the selected BSS is in the same ESS and has only a slighly stronger signal strength.
15 years ago
{
Use estimated throughput to avoid signal based roaming decision Previously, the estimated throughput was used to enable roaming to a better AP. However, this information was not used when considering a roam to an AP that has better signal strength, but smaller estimated throughput. This could result in allowing roaming from 5 GHz band to 2.4 GHz band in cases where 2.4 GHz band has significantly higher signal strength, but still a lower throughput estimate. Make this less likely to happen by increasing/reducing the minimum required signal strength difference based on the estimated throughputs of the current and selected AP. In addition, add more details about the selection process to the debug log to make it easier to determine whaty happened and why. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
int min_diff, diff;
Make it a bit easier to roam from 2.4 GHz to 5 GHz within ESS The initial connection to an ESS was already explicitly increasing the likelihood of picking a 5 GHz BSS. While the throughput estimation is likely to do same for the roaming decision, it might be possible that that does not cover all cases. Add couple of dB extra preference for 5 GHz in case the roaming decision falls back to comparing signal levels. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
int to_5ghz;
Use local variables for current BSS signal strength in roaming This is a step towards allowing these values to be determined based on signal poll instead of scan results. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
5 years ago
int cur_level;
unsigned int cur_est, sel_est;
Update throughput estimate for the current BSS based on signal poll We saw that on certain platforms in certain places we keep switching between two APs and eventually get the same RSSI. Debugging showed that we have a very big difference between the two antennas. Ant A can hear AP A very well (-60) but AP B very bad (-80) Ant B can hear AP B very well (-60) but AP A very bad (-80) When the device associates to AP A, it'll learn to use Ant A. If the device uses one single antenna to receive the scan results, it may hear the AP it is currently associated to on the second antenna and get bad results. Because of that, the wpa_supplicant will roam to the other AP and the same scenario will repeat itself: Association to AP A (Ant A reports -60). Scan on Ant A: AP A: -60, AP B: -80 Scan on Ant B: AP A: -80, AP A: -60 ==> ROAM. Association to AP B (Ant B reports -60) Scan on Ant A: AP A: -60, AP B: -80 ==> ROAM Etc... Improve this by querying the signal level of the current AP using drv_signal_poll() instead of relying on the signal level that we get from the scan results. Also update the throughput estimate based on the likely more accurate values for the current association. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
5 years ago
struct wpa_signal_info si;
Skip roaming based on signal level difference if current SNR is good If the current SNR with the associated BSS is sufficiently good (better than GREAT_SNR = 25), there is limited benefit from moving to another BSS even if that BSS were to have a higher signal level. As such, skip roaming based on the signal level difference between the selected BSS from scan results and the current BSS for such cases. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
int cur_snr = 0;
Add WPA_EVENT_{DO,SKIP}_ROAM events Add events for within-ESS reassociation. This allows us to monitor roam events, both skipped and allowed, in tests. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
4 years ago
int ret = 0;
Support driver-based BSS selection in ap_scan=1 mode If the driver indicates that it supports BSS selection (including roaming within an ESS) with WPA_DRIVER_FLAGS_BSS_SELECTION, modify ap_scan=1 mode to behave like ap_scan=2 mode for BSS selection. The initial scan is still done to avoid the need for strict configuration of or security parameters (e.g., to figure out whether TKIP or CCMP is being used as the group cipher). However, when requesting the driver to connect, the bssid and freq parameters are not provided to leave the driver in control of selecting which BSS to use and to allow the driver to decide when to roam.
13 years ago
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Considering within-ESS reassociation");
Use estimated throughput to improve roaming selection Previously, within-ESS roaming was skipped if the selected BSS did not have a higher signal strength than the current BSS regardless of AP capabilities. This could result in not moving to a BSS that would provide higher throughput, e.g., due to larger channel bandwidth or higher rates (HT/VHT MCS). Use estimated throughput information from scan result processing to allow within-ESS roaming if the selected BSS is likely to provide better throughput even if the current BSS has larger RSSI. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Current BSS: " MACSTR
Use estimated throughput to avoid signal based roaming decision Previously, the estimated throughput was used to enable roaming to a better AP. However, this information was not used when considering a roam to an AP that has better signal strength, but smaller estimated throughput. This could result in allowing roaming from 5 GHz band to 2.4 GHz band in cases where 2.4 GHz band has significantly higher signal strength, but still a lower throughput estimate. Make this less likely to happen by increasing/reducing the minimum required signal strength difference based on the estimated throughputs of the current and selected AP. In addition, add more details about the selection process to the debug log to make it easier to determine whaty happened and why. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
" freq=%d level=%d snr=%d est_throughput=%u",
MAC2STR(current_bss->bssid),
current_bss->freq, current_bss->level,
Use estimated throughput to improve roaming selection Previously, within-ESS roaming was skipped if the selected BSS did not have a higher signal strength than the current BSS regardless of AP capabilities. This could result in not moving to a BSS that would provide higher throughput, e.g., due to larger channel bandwidth or higher rates (HT/VHT MCS). Use estimated throughput information from scan result processing to allow within-ESS roaming if the selected BSS is likely to provide better throughput even if the current BSS has larger RSSI. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
current_bss->snr, current_bss->est_throughput);
wpa_dbg(wpa_s, MSG_DEBUG, "Selected BSS: " MACSTR
Use estimated throughput to avoid signal based roaming decision Previously, the estimated throughput was used to enable roaming to a better AP. However, this information was not used when considering a roam to an AP that has better signal strength, but smaller estimated throughput. This could result in allowing roaming from 5 GHz band to 2.4 GHz band in cases where 2.4 GHz band has significantly higher signal strength, but still a lower throughput estimate. Make this less likely to happen by increasing/reducing the minimum required signal strength difference based on the estimated throughputs of the current and selected AP. In addition, add more details about the selection process to the debug log to make it easier to determine whaty happened and why. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
" freq=%d level=%d snr=%d est_throughput=%u",
MAC2STR(selected->bssid), selected->freq, selected->level,
Use estimated throughput to improve roaming selection Previously, within-ESS roaming was skipped if the selected BSS did not have a higher signal strength than the current BSS regardless of AP capabilities. This could result in not moving to a BSS that would provide higher throughput, e.g., due to larger channel bandwidth or higher rates (HT/VHT MCS). Use estimated throughput information from scan result processing to allow within-ESS roaming if the selected BSS is likely to provide better throughput even if the current BSS has larger RSSI. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
selected->snr, selected->est_throughput);
Try to avoid some unnecessary roaming When multiple APs are present in scan results with similar signal strength, wpa_supplicant may end up bounching between them frequently whenever new scan results are available (e.g., due to periodic scans requested by NetworkManager). This can result in unnecessary roaming and in case of the current cfg80211 version, to frequent network disconnections. Do not request a roam if the current BSS is still present in the scan results and the selected BSS is in the same ESS and has only a slighly stronger signal strength.
15 years ago
Allow roam based on preferred BSSID regardless of signal strength
14 years ago
if (wpa_s->current_ssid->bssid_set &&
os_memcmp(selected->bssid, wpa_s->current_ssid->bssid, ETH_ALEN) ==
0) {
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Allow reassociation - selected BSS "
"has preferred BSSID");
Allow roam based on preferred BSSID regardless of signal strength
14 years ago
return 1;
}
Use local variables for current BSS signal strength in roaming This is a step towards allowing these values to be determined based on signal poll instead of scan results. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
5 years ago
cur_level = current_bss->level;
cur_est = current_bss->est_throughput;
Use sel_est consistently with cur_sel in wpa_supplicant_need_to_roam() This makes the code a bit easier to read. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
sel_est = selected->est_throughput;
Use local variables for current BSS signal strength in roaming This is a step towards allowing these values to be determined based on signal poll instead of scan results. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
5 years ago
Update throughput estimate for the current BSS based on signal poll We saw that on certain platforms in certain places we keep switching between two APs and eventually get the same RSSI. Debugging showed that we have a very big difference between the two antennas. Ant A can hear AP A very well (-60) but AP B very bad (-80) Ant B can hear AP B very well (-60) but AP A very bad (-80) When the device associates to AP A, it'll learn to use Ant A. If the device uses one single antenna to receive the scan results, it may hear the AP it is currently associated to on the second antenna and get bad results. Because of that, the wpa_supplicant will roam to the other AP and the same scenario will repeat itself: Association to AP A (Ant A reports -60). Scan on Ant A: AP A: -60, AP B: -80 Scan on Ant B: AP A: -80, AP A: -60 ==> ROAM. Association to AP B (Ant B reports -60) Scan on Ant A: AP A: -60, AP B: -80 ==> ROAM Etc... Improve this by querying the signal level of the current AP using drv_signal_poll() instead of relying on the signal level that we get from the scan results. Also update the throughput estimate based on the likely more accurate values for the current association. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
5 years ago
/*
* Try to poll the signal from the driver since this will allow to get
* more accurate values. In some cases, there can be big differences
* between the RSSI of the Probe Response frames of the AP we are
* associated with and the Beacon frames we hear from the same AP after
* association. This can happen, e.g., when there are two antennas that
* hear the AP very differently. If the driver chooses to hear the
* Probe Response frames during the scan on the "bad" antenna because
* it wants to save power, but knows to choose the other antenna after
* association, we will hear our AP with a low RSSI as part of the
* scan even when we can hear it decently on the other antenna. To cope
* with this, ask the driver to teach us how it hears the AP. Also, the
* scan results may be a bit old, since we can very quickly get fresh
* information about our currently associated AP.
*/
if (wpa_drv_signal_poll(wpa_s, &si) == 0 &&
wpa_supplicant: Fall back to avg_signal in roaming decision Some drivers (e.g. Marvell WiFi) don't report avg_beacon_signal, but it's still useful to poll for the signal again when a roaming decision needs to be made. Use si.avg_signal when si.avg_beacon_signal is not available. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
5 years ago
(si.avg_beacon_signal || si.avg_signal)) {
cur_level = si.avg_beacon_signal ? si.avg_beacon_signal :
si.avg_signal;
Skip roaming based on signal level difference if current SNR is good If the current SNR with the associated BSS is sufficiently good (better than GREAT_SNR = 25), there is limited benefit from moving to another BSS even if that BSS were to have a higher signal level. As such, skip roaming based on the signal level difference between the selected BSS from scan results and the current BSS for such cases. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
cur_snr = wpas_get_snr_signal_info(si.frequency, cur_level,
si.current_noise);
Update throughput estimate for the current BSS based on signal poll We saw that on certain platforms in certain places we keep switching between two APs and eventually get the same RSSI. Debugging showed that we have a very big difference between the two antennas. Ant A can hear AP A very well (-60) but AP B very bad (-80) Ant B can hear AP B very well (-60) but AP A very bad (-80) When the device associates to AP A, it'll learn to use Ant A. If the device uses one single antenna to receive the scan results, it may hear the AP it is currently associated to on the second antenna and get bad results. Because of that, the wpa_supplicant will roam to the other AP and the same scenario will repeat itself: Association to AP A (Ant A reports -60). Scan on Ant A: AP A: -60, AP B: -80 Scan on Ant B: AP A: -80, AP A: -60 ==> ROAM. Association to AP B (Ant B reports -60) Scan on Ant A: AP A: -60, AP B: -80 ==> ROAM Etc... Improve this by querying the signal level of the current AP using drv_signal_poll() instead of relying on the signal level that we get from the scan results. Also update the throughput estimate based on the likely more accurate values for the current association. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
5 years ago
cur_est = wpas_get_est_throughput_from_bss_snr(wpa_s,
current_bss,
Skip roaming based on signal level difference if current SNR is good If the current SNR with the associated BSS is sufficiently good (better than GREAT_SNR = 25), there is limited benefit from moving to another BSS even if that BSS were to have a higher signal level. As such, skip roaming based on the signal level difference between the selected BSS from scan results and the current BSS for such cases. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
cur_snr);
Update throughput estimate for the current BSS based on signal poll We saw that on certain platforms in certain places we keep switching between two APs and eventually get the same RSSI. Debugging showed that we have a very big difference between the two antennas. Ant A can hear AP A very well (-60) but AP B very bad (-80) Ant B can hear AP B very well (-60) but AP A very bad (-80) When the device associates to AP A, it'll learn to use Ant A. If the device uses one single antenna to receive the scan results, it may hear the AP it is currently associated to on the second antenna and get bad results. Because of that, the wpa_supplicant will roam to the other AP and the same scenario will repeat itself: Association to AP A (Ant A reports -60). Scan on Ant A: AP A: -60, AP B: -80 Scan on Ant B: AP A: -80, AP A: -60 ==> ROAM. Association to AP B (Ant B reports -60) Scan on Ant A: AP A: -60, AP B: -80 ==> ROAM Etc... Improve this by querying the signal level of the current AP using drv_signal_poll() instead of relying on the signal level that we get from the scan results. Also update the throughput estimate based on the likely more accurate values for the current association. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
5 years ago
wpa_dbg(wpa_s, MSG_DEBUG,
"Using signal poll values for the current BSS: level=%d snr=%d est_throughput=%u",
Skip roaming based on signal level difference if current SNR is good If the current SNR with the associated BSS is sufficiently good (better than GREAT_SNR = 25), there is limited benefit from moving to another BSS even if that BSS were to have a higher signal level. As such, skip roaming based on the signal level difference between the selected BSS from scan results and the current BSS for such cases. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
cur_level, cur_snr, cur_est);
Update throughput estimate for the current BSS based on signal poll We saw that on certain platforms in certain places we keep switching between two APs and eventually get the same RSSI. Debugging showed that we have a very big difference between the two antennas. Ant A can hear AP A very well (-60) but AP B very bad (-80) Ant B can hear AP B very well (-60) but AP A very bad (-80) When the device associates to AP A, it'll learn to use Ant A. If the device uses one single antenna to receive the scan results, it may hear the AP it is currently associated to on the second antenna and get bad results. Because of that, the wpa_supplicant will roam to the other AP and the same scenario will repeat itself: Association to AP A (Ant A reports -60). Scan on Ant A: AP A: -60, AP B: -80 Scan on Ant B: AP A: -80, AP A: -60 ==> ROAM. Association to AP B (Ant B reports -60) Scan on Ant A: AP A: -60, AP B: -80 ==> ROAM Etc... Improve this by querying the signal level of the current AP using drv_signal_poll() instead of relying on the signal level that we get from the scan results. Also update the throughput estimate based on the likely more accurate values for the current association. Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
5 years ago
}
Use sel_est consistently with cur_sel in wpa_supplicant_need_to_roam() This makes the code a bit easier to read. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
if (sel_est > cur_est + 5000) {
Use estimated throughput to improve roaming selection Previously, within-ESS roaming was skipped if the selected BSS did not have a higher signal strength than the current BSS regardless of AP capabilities. This could result in not moving to a BSS that would provide higher throughput, e.g., due to larger channel bandwidth or higher rates (HT/VHT MCS). Use estimated throughput information from scan result processing to allow within-ESS roaming if the selected BSS is likely to provide better throughput even if the current BSS has larger RSSI. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
wpa_dbg(wpa_s, MSG_DEBUG,
"Allow reassociation - selected BSS has better estimated throughput");
return 1;
}
Make it a bit easier to roam from 2.4 GHz to 5 GHz within ESS The initial connection to an ESS was already explicitly increasing the likelihood of picking a 5 GHz BSS. While the throughput estimation is likely to do same for the roaming decision, it might be possible that that does not cover all cases. Add couple of dB extra preference for 5 GHz in case the roaming decision falls back to comparing signal levels. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
to_5ghz = selected->freq > 4000 && current_bss->freq < 4000;
Allow roam to lower signal level if throughput benefit is significant Do not prevent roam to a different BSS based only on the signal level with the current BSS being higher than with the selected BSS. If the estimated throughput is significantly higher (> 20%), allow roaming if the following conditions are met. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
if (cur_level < 0 && cur_level > selected->level + to_5ghz * 2 &&
Use sel_est consistently with cur_sel in wpa_supplicant_need_to_roam() This makes the code a bit easier to read. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
sel_est < cur_est * 1.2) {
Verify that the selected BSS has a better signal level before roaming This prevents situations like the following where we roam to a lesser quality BSS just because the signal level delta is over our threshold. wlan0: Considering within-ESS reassociation wlan0: Current BSS: 00:24:6c:74:0a:40 level=-51 wlan0: Selected BSS: 00:24:6c:74:0a:e0 level=-64 wlan0: Request association: reassociate: 0 selected: 00:24:6c:74:0a:e0 bssid: 00:24:6c:74:0a:40 pending: 00:00:00:00:00:00 wpa_state: COMPLETED Signed-hostap: Robert Shade <robert.shade@gmail.com>
12 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Skip roam - Current BSS has better "
"signal level");
return 0;
}
Use sel_est consistently with cur_sel in wpa_supplicant_need_to_roam() This makes the code a bit easier to read. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
if (cur_est > sel_est + 5000) {
Use estimated throughput to avoid signal based roaming decision Previously, the estimated throughput was used to enable roaming to a better AP. However, this information was not used when considering a roam to an AP that has better signal strength, but smaller estimated throughput. This could result in allowing roaming from 5 GHz band to 2.4 GHz band in cases where 2.4 GHz band has significantly higher signal strength, but still a lower throughput estimate. Make this less likely to happen by increasing/reducing the minimum required signal strength difference based on the estimated throughputs of the current and selected AP. In addition, add more details about the selection process to the debug log to make it easier to determine whaty happened and why. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
wpa_dbg(wpa_s, MSG_DEBUG,
"Skip roam - Current BSS has better estimated throughput");
Fix estimated throughput based skip-roam case Commit 8d1e693186336f85bf5d86bd094b5c9bd6f8fd02 ('Use estimated throughput to avoid signal based roaming decision') added a check for the current BSS estimated throughput being significantly higher than the selected BSS estimated throughput. However, this case for skipping a roam used "return 1" which actually allows the roam. Fix this by returning 0 in this case. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
return 0;
Use estimated throughput to avoid signal based roaming decision Previously, the estimated throughput was used to enable roaming to a better AP. However, this information was not used when considering a roam to an AP that has better signal strength, but smaller estimated throughput. This could result in allowing roaming from 5 GHz band to 2.4 GHz band in cases where 2.4 GHz band has significantly higher signal strength, but still a lower throughput estimate. Make this less likely to happen by increasing/reducing the minimum required signal strength difference based on the estimated throughputs of the current and selected AP. In addition, add more details about the selection process to the debug log to make it easier to determine whaty happened and why. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
}
Skip roaming based on signal level difference if current SNR is good If the current SNR with the associated BSS is sufficiently good (better than GREAT_SNR = 25), there is limited benefit from moving to another BSS even if that BSS were to have a higher signal level. As such, skip roaming based on the signal level difference between the selected BSS from scan results and the current BSS for such cases. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
if (cur_snr > GREAT_SNR) {
wpa_dbg(wpa_s, MSG_DEBUG,
"Skip roam - Current BSS has good SNR (%u > %u)",
cur_snr, GREAT_SNR);
return 0;
}
Make min_diff determination from cur_level more readable This handles both the dBm and unspecified unit cases. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
if (cur_level < -85) /* ..-86 dBm */
min_diff = 1;
else if (cur_level < -80) /* -85..-81 dBm */
min_diff = 2;
else if (cur_level < -75) /* -80..-76 dBm */
min_diff = 3;
else if (cur_level < -70) /* -75..-71 dBm */
min_diff = 4;
else if (cur_level < 0) /* -70..-1 dBm */
min_diff = 5;
else /* unspecified units (not in dBm) */
min_diff = 2;
Improve roaming logic Currently, wpa_supplicant may roam too aggressively; the need_to_roam() function will return early with a roaming decision if the difference in signal level or throughput between the current and selected APs is "sufficiently large." In particular, if the selected AP's estimated throughput is more than 5k greater than the current AP's estimated throughput, wpa_supplicant will decide to roam. Otherwise, if the selected AP's signal level is less than the current AP's signal level, or the selected AP's estimated throughput is at least 5k less than the current AP's estimated throughput, wpa_supplicant will skip the roam. These decisions are based only on one factor and can lead to poor roaming choices (e.g., a roam should not happen if the selected AP's estimated throughput meets the threshold but the current signal and throughput are already good, whereas a roam should happen if the signal is slightly worse but the estimated throughput is significantly better). This change standardizes the roaming heuristic for signal strength difference requirements and will hopefully improve user experience. The change can be summarized as follows: based on the current signal level, a certain roaming difficulty is assigned. Based on the selected AP's estimated throughput relative to the current AP's estimated throughput, the difficulty is adjusted up or down. If the difference in signal level meets the threshold, a roam happens. The hard-coded values were selected purely based on the previous version of this function. They may eventually need to be fine-tuned for optimal performance. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
6 years ago
if (cur_est > sel_est * 1.5)
min_diff += 10;
else if (cur_est > sel_est * 1.2)
min_diff += 5;
else if (cur_est > sel_est * 1.1)
min_diff += 2;
else if (cur_est > sel_est)
min_diff++;
else if (sel_est > cur_est * 1.5)
min_diff -= 10;
else if (sel_est > cur_est * 1.2)
min_diff -= 5;
else if (sel_est > cur_est * 1.1)
min_diff -= 2;
else if (sel_est > cur_est)
min_diff--;
if (to_5ghz)
min_diff -= 2;
Fix signal_poll based roaming skip Fix a rebasing issue in the signal difference calculation. The older patch was not updated to use the new cur_level local variable to get the possibly updated signal level for the current BSS. Fixes: a2c1bebd4301 ("Improve roaming logic") Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
diff = selected->level - cur_level;
Use estimated throughput to avoid signal based roaming decision Previously, the estimated throughput was used to enable roaming to a better AP. However, this information was not used when considering a roam to an AP that has better signal strength, but smaller estimated throughput. This could result in allowing roaming from 5 GHz band to 2.4 GHz band in cases where 2.4 GHz band has significantly higher signal strength, but still a lower throughput estimate. Make this less likely to happen by increasing/reducing the minimum required signal strength difference based on the estimated throughputs of the current and selected AP. In addition, add more details about the selection process to the debug log to make it easier to determine whaty happened and why. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
if (diff < min_diff) {
wpa_dbg(wpa_s, MSG_DEBUG,
"Skip roam - too small difference in signal level (%d < %d)",
diff, min_diff);
Add WPA_EVENT_{DO,SKIP}_ROAM events Add events for within-ESS reassociation. This allows us to monitor roam events, both skipped and allowed, in tests. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
4 years ago
ret = 0;
} else {
wpa_dbg(wpa_s, MSG_DEBUG,
"Allow reassociation due to difference in signal level (%d >= %d)",
diff, min_diff);
ret = 1;
}
wpa_msg_ctrl(wpa_s, MSG_INFO, "%scur_bssid=" MACSTR
" cur_freq=%d cur_level=%d cur_est=%d sel_bssid=" MACSTR
" sel_freq=%d sel_level=%d sel_est=%d",
ret ? WPA_EVENT_DO_ROAM : WPA_EVENT_SKIP_ROAM,
MAC2STR(current_bss->bssid),
current_bss->freq, cur_level, cur_est,
MAC2STR(selected->bssid),
selected->freq, selected->level, sel_est);
return ret;
Refactor wpa_supplicant_need_to_roam() Pull all the within-ESS roam code out of wpa_supplicant_need_to_roam() and into its own function, wpa_supplicant_need_to_roam_within_ess(). This way, we avoid interleaving several #ifndef's in the original function and wrap the new function in one big #ifndef. This also modularizes the within-ESS roam code and makes it easier to test. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
4 years ago
}
#endif /* CONFIG_NO_ROAMING */
static int wpa_supplicant_need_to_roam(struct wpa_supplicant *wpa_s,
struct wpa_bss *selected,
struct wpa_ssid *ssid)
{
struct wpa_bss *current_bss = NULL;
if (wpa_s->reassociate)
return 1; /* explicit request to reassociate */
if (wpa_s->wpa_state < WPA_ASSOCIATED)
return 1; /* we are not associated; continue */
if (wpa_s->current_ssid == NULL)
return 1; /* unknown current SSID */
if (wpa_s->current_ssid != ssid)
return 1; /* different network block */
if (wpas_driver_bss_selection(wpa_s))
return 0; /* Driver-based roaming */
if (wpa_s->current_ssid->ssid)
current_bss = wpa_bss_get(wpa_s, wpa_s->bssid,
wpa_s->current_ssid->ssid,
wpa_s->current_ssid->ssid_len);
if (!current_bss)
current_bss = wpa_bss_get_bssid(wpa_s, wpa_s->bssid);
if (!current_bss)
return 1; /* current BSS not seen in scan results */
if (current_bss == selected)
return 0;
if (selected->last_update_idx > current_bss->last_update_idx)
return 1; /* current BSS not seen in the last scan */
#ifndef CONFIG_NO_ROAMING
return wpa_supplicant_need_to_roam_within_ess(wpa_s, current_bss,
selected);
Add CONFIG_NO_ROAMING option This can be used to disable wpa_supplicant controlled roaming. It should be noted that the WPA_DRIVER_FLAGS_BSS_SELECTION capability is the preferred way for this and CONFIG_NO_ROAMING should be obsoleted once drivers support the new NL80211_ATTR_ROAM_SUPPORT capability advertisement. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years ago
#else /* CONFIG_NO_ROAMING */
return 0;
#endif /* CONFIG_NO_ROAMING */
Try to avoid some unnecessary roaming When multiple APs are present in scan results with similar signal strength, wpa_supplicant may end up bounching between them frequently whenever new scan results are available (e.g., due to periodic scans requested by NetworkManager). This can result in unnecessary roaming and in case of the current cfg80211 version, to frequent network disconnections. Do not request a roam if the current BSS is still present in the scan results and the selected BSS is in the same ESS and has only a slighly stronger signal strength.
15 years ago
}
Update WPA/RSN IE properly for driver based BSS selection This patch fixes an issue with roaming for drivers that set WPA_DRIVER_FLAGS_BSS_SELECTION (currently ath6kl). On moving to an AP with a different BSSID, an EVENT_ASSOC is received and the subsequent 4-way handshake may fail because of a mismatch between the RSN IE in message 3/4 and in Beacon/Probe Response. This happens only when the APs use different RSN IE contents and ap_scan is set to 1, since wpa_supplicant fails to update its cached IEs. Initial association may fail, too, in case of multiple APs with the same SSID, since BSSID selection is done by the driver and again a mismatch could be seen. Fix these two issues by clearing and updating the cached IEs on receiving an Association event from the driver. Also, retrieve the scan results when the new BSS information is not present locally. Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
12 years ago
Always propagate scan results to all interfaces Scan results were not propagated to all interfaces if scan results started a new operation, in order to prevent concurrent operations. But this can cause other interfaces to trigger a new scan when scan results are already available. Instead, always notify other interfaces of the scan results, but note that new operations are not allowed. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
8 years ago
/*
* Return a negative value if no scan results could be fetched or if scan
* results should not be shared with other virtual interfaces.
* Return 0 if scan results were fetched and may be shared with other
* interfaces.
* Return 1 if scan results may be shared with other virtual interfaces but may
* not trigger any operations.
* Return 2 if the interface was removed and cannot be used.
*/
Do not propagate bad scan results to siblings sharing the radio This decreases useless work and re-scans by siblings when a device gets a scan failure. Signed-off-by: Ben Greear <greearb@candelatech.com>
13 years ago
static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
Use special scan result processing steps only on requesting interface Scan result events are shared between all virtual interfaces sharing the same radio. However, some of the steps are not really appropriate on virtual interfaces that did not issue the scan request. Fix this by making these steps conditional on the scan results being processed on the interface that requested them. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
union wpa_event_data *data,
Always propagate scan results to all interfaces Scan results were not propagated to all interfaces if scan results started a new operation, in order to prevent concurrent operations. But this can cause other interfaces to trigger a new scan when scan results are already available. Instead, always notify other interfaces of the scan results, but note that new operations are not allowed. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
8 years ago
int own_request, int update_only)
Split wpa_supplicant_event_scan_results() into helper functions
15 years ago
{
Use radio work for scan requests Avoid concurrent scan requests by using the radio work queuing mechanism. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
struct wpa_scan_results *scan_res = NULL;
int ret = 0;
Ignore scan results in wpa_supplicant AP mode This is needed to avoid trying to reassociate based on new scan results when using wpa_supplicant to control AP mode. This could happen if something external triggered the driver to run a scan.
14 years ago
int ap = 0;
Move variable declaration into the beginning of function The variables used within the #ifndef block here needs to be defined in the beginning of the function to avoid issues with some compilers. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
#ifndef CONFIG_NO_RANDOM_POOL
size_t i, num;
#endif /* CONFIG_NO_RANDOM_POOL */
Ignore scan results in wpa_supplicant AP mode This is needed to avoid trying to reassociate based on new scan results when using wpa_supplicant to control AP mode. This could happen if something external triggered the driver to run a scan.
14 years ago
#ifdef CONFIG_AP
if (wpa_s->ap_iface)
ap = 1;
#endif /* CONFIG_AP */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
dbus: add 'scanning' property When the supplicant is connected and performs a scan, it doesn't enter WPA_SCANNING state for various reasons. However, external programs still need to know that the supplicant is scanning since they may not wish to perform certain operations during a scan (as those operations will likely fail or yield incorrect results). Add a 'scanning' property and signal to the supplicant dbus interface to allow clients to synchronize better with the supplicant when it scans. Signed-off-by: Dan Williams <dcbw@redhat.com>
15 years ago
wpa_supplicant_notify_scanning(wpa_s, 0);
Do not store raw scan results Use scan results to update the BSS table and to select the BSS for connection, but do not store the results for longer time.
15 years ago
scan_res = wpa_supplicant_get_scan_results(wpa_s,
data ? &data->scan_info :
NULL, 1);
if (scan_res == NULL) {
Add 'SCAN TYPE=ONLY' functionality Usual manual scan request may cause reassociation due to several reasons. New command is intended to perform pure scan without taking any automatic action based on the results. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
11 years ago
if (wpa_s->conf->ap_scan == 2 || ap ||
wpa_s->scan_res_handler == scan_only_handler)
Do not propagate bad scan results to siblings sharing the radio This decreases useless work and re-scans by siblings when a device gets a scan failure. Signed-off-by: Ben Greear <greearb@candelatech.com>
13 years ago
return -1;
Use special scan result processing steps only on requesting interface Scan result events are shared between all virtual interfaces sharing the same radio. However, some of the steps are not really appropriate on virtual interfaces that did not issue the scan request. Fix this by making these steps conditional on the scan results being processed on the interface that requested them. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (!own_request)
return -1;
nl80211: Support vendor scan together with normal scan Allow wpa_supplicant to use vendor scan (if supported by the driver) together with the normal nl80211 scan and handling external scan events. Since this results in possibility of concurrent scan operations, some of the operations related to scan results need to check more carefully when an event is relevant for a specific interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (data && data->scan_info.external_scan)
return -1;
P2P: Recover p2p_find operation in case of failure to fetch scan results Add a handler to notify failures to fetch the scan results and provide an option to override default behavior of requesting a new scan in one second in such an error condition. Use this new handler mechanism to continue the p2p_find operation (by invoking p2p_scan_res_handled) for an interim scenario where the p2p_scan attempt fails to get the scan results from the driver which can happen, e.g., if there are parallel updates to the cfg80211 scan results. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
3 years ago
if (wpa_s->scan_res_fail_handler) {
void (*handler)(struct wpa_supplicant *wpa_s);
handler = wpa_s->scan_res_fail_handler;
wpa_s->scan_res_fail_handler = NULL;
handler(wpa_s);
} else {
wpa_dbg(wpa_s, MSG_DEBUG,
"Failed to get scan results - try scanning again");
wpa_supplicant_req_new_scan(wpa_s, 1, 0);
}
Use radio work for scan requests Avoid concurrent scan requests by using the radio work queuing mechanism. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
ret = -1;
goto scan_work_done;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
Maintain internal entropy pool for augmenting random number generation By default, make hostapd and wpa_supplicant maintain an internal entropy pool that is fed with following information: hostapd: - Probe Request frames (timing, RSSI) - Association events (timing) - SNonce from Supplicants wpa_supplicant: - Scan results (timing, signal/noise) - Association events (timing) The internal pool is used to augment the random numbers generated with the OS mechanism (os_get_random()). While the internal implementation is not expected to be very strong due to limited amount of generic (non-platform specific) information to feed the pool, this may strengthen key derivation on some devices that are not configured to provide strong random numbers through os_get_random() (e.g., /dev/urandom on Linux/BSD). This new mechanism is not supposed to replace proper OS provided random number generation mechanism. The OS mechanism needs to be initialized properly (e.g., hw random number generator, maintaining entropy pool over reboots, etc.) for any of the security assumptions to hold. If the os_get_random() is known to provide strong ramdom data (e.g., on Linux/BSD, the board in question is known to have reliable source of random data from /dev/urandom), the internal hostapd random pool can be disabled. This will save some in binary size and CPU use. However, this should only be considered for builds that are known to be used on devices that meet the requirements described above. The internal pool is disabled by adding CONFIG_NO_RANDOM_POOL=y to the .config file.
14 years ago
#ifndef CONFIG_NO_RANDOM_POOL
num = scan_res->num;
if (num > 10)
num = 10;
for (i = 0; i < num; i++) {
u8 buf[5];
struct wpa_scan_res *res = scan_res->res[i];
buf[0] = res->bssid[5];
buf[1] = res->qual & 0xff;
buf[2] = res->noise & 0xff;
buf[3] = res->level & 0xff;
buf[4] = res->tsf & 0xff;
random_add_randomness(buf, sizeof(buf));
}
#endif /* CONFIG_NO_RANDOM_POOL */
Always propagate scan results to all interfaces Scan results were not propagated to all interfaces if scan results started a new operation, in order to prevent concurrent operations. But this can cause other interfaces to trigger a new scan when scan results are already available. Instead, always notify other interfaces of the scan results, but note that new operations are not allowed. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
8 years ago
if (update_only) {
ret = 1;
goto scan_work_done;
}
Ignore externally triggered scan results with scan_res_handler wpa_s->scan_res_handler is set only for cases where a scan operation is requested for a specific purpose. As such, this callback should only be called when a scan result from a scan that was triggered by wpa_supplicant is processed. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
if (own_request && wpa_s->scan_res_handler &&
nl80211: Support vendor scan together with normal scan Allow wpa_supplicant to use vendor scan (if supported by the driver) together with the normal nl80211 scan and handling external scan events. Since this results in possibility of concurrent scan operations, some of the operations related to scan results need to check more carefully when an event is relevant for a specific interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
!(data && data->scan_info.external_scan)) {
Allow setting scan_res_handler from the callback function Some new code I'm working on will need the scan_res_handler assigned all the time in certain circumstances, so the easiest way is to reset it within the handler. This is currently prevented by the way the code in the event handler works -- change that to permit such usage. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
14 years ago
void (*scan_res_handler)(struct wpa_supplicant *wpa_s,
struct wpa_scan_results *scan_res);
scan_res_handler = wpa_s->scan_res_handler;
Add option for overriding scan result handler for a single scan
14 years ago
wpa_s->scan_res_handler = NULL;
Allow setting scan_res_handler from the callback function Some new code I'm working on will need the scan_res_handler assigned all the time in certain circumstances, so the easiest way is to reset it within the handler. This is currently prevented by the way the code in the event handler works -- change that to permit such usage. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
14 years ago
scan_res_handler(wpa_s, scan_res);
Always propagate scan results to all interfaces Scan results were not propagated to all interfaces if scan results started a new operation, in order to prevent concurrent operations. But this can cause other interfaces to trigger a new scan when scan results are already available. Instead, always notify other interfaces of the scan results, but note that new operations are not allowed. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
8 years ago
ret = 1;
Use radio work for scan requests Avoid concurrent scan requests by using the radio work queuing mechanism. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
goto scan_work_done;
Add option for overriding scan result handler for a single scan
14 years ago
}
Track whether scan was started by us or an external program This can be used to improve scan behavior in cases external programs request scans directly from the driver. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "New scan results available (own=%u ext=%u)",
nl80211: Support vendor scan together with normal scan Allow wpa_supplicant to use vendor scan (if supported by the driver) together with the normal nl80211 scan and handling external scan events. Since this results in possibility of concurrent scan operations, some of the operations related to scan results need to check more carefully when an event is relevant for a specific interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
wpa_s->own_scan_running,
data ? data->scan_info.external_scan : 0);
Optional scan id for ctrl_iface SCAN requests This allows users of wpa_supplicant control interface to figure out when their specific scan command has been started and completed. For example: CTRL-EVENT-SCAN-STARTED > scan freq=2412,2417 passive=1 use_id=1 3 CTRL-EVENT-SCAN-RESULTS CTRL-EVENT-SCAN-STARTED id=3 CTRL-EVENT-SCAN-RESULTS id=3 Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
nl80211: Support vendor scan together with normal scan Allow wpa_supplicant to use vendor scan (if supported by the driver) together with the normal nl80211 scan and handling external scan events. Since this results in possibility of concurrent scan operations, some of the operations related to scan results need to check more carefully when an event is relevant for a specific interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
wpa_s->manual_scan_use_id && wpa_s->own_scan_running &&
own_request && !(data && data->scan_info.external_scan)) {
Optional scan id for ctrl_iface SCAN requests This allows users of wpa_supplicant control interface to figure out when their specific scan command has been started and completed. For example: CTRL-EVENT-SCAN-STARTED > scan freq=2412,2417 passive=1 use_id=1 3 CTRL-EVENT-SCAN-RESULTS CTRL-EVENT-SCAN-STARTED id=3 CTRL-EVENT-SCAN-RESULTS id=3 Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u",
wpa_s->manual_scan_id);
wpa_s->manual_scan_use_id = 0;
} else {
wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
}
Remove get-first-scan-results-before-request optimization This has already been disabled in most use cases and can result in problems with some drivers, so better just remove it completely.
14 years ago
wpas_notify_scan_results(wpa_s);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
Add wpa_supplicant notification calls This introduces a new mechanism for collecting notification calls into a single place (notify.c). As a result of this, most of the wpa_supplicant code does not need to know about dbus (etc. mechanisms that could use the notifications). Some empty placeholder functions are also added in preparation of new dbus code that needs more event notifications.
15 years ago
wpas_notify_scan_done(wpa_s, 1);
Indicate scan completion in active AP mode even when ignoring results This is needed to avoid leaving external components (through control interface or D-Bus) timing out while waiting for the scan completion events. This was already taken care of for the scan-only case ("TYPE=only"), but the scan-and-allow-roaming case did not report the scan completion event when operating in AP mode. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
if (ap) {
wpa_dbg(wpa_s, MSG_DEBUG, "Ignore scan results in AP mode");
#ifdef CONFIG_AP
if (wpa_s->ap_iface->scan_cb)
wpa_s->ap_iface->scan_cb(wpa_s->ap_iface);
#endif /* CONFIG_AP */
goto scan_work_done;
}
nl80211: Support vendor scan together with normal scan Allow wpa_supplicant to use vendor scan (if supported by the driver) together with the normal nl80211 scan and handling external scan events. Since this results in possibility of concurrent scan operations, some of the operations related to scan results need to check more carefully when an event is relevant for a specific interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (data && data->scan_info.external_scan) {
Do not use results from externally requested scan for network selection It may not always be desirable to trigger reassociation or network change based on scan results from externally to wpa_supplicant trigger scan operations. Skip network selection and roaming determination if the received scan result is known to be triggered by something external to wpa_supplicant. The control interface SCAN command can be used to request wpa_supplicant to determine the best network. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Do not use results from externally requested scan operation for network selection");
wpa_scan_results_free(scan_res);
return 0;
}
WNM: Use recent scan results on BSS transition request If the last scans are recent (for now, less than ten seconds old), use them instead of triggering a new scan when a BSS Transition Management Request frame is received. As a fallback, allow a new scan to be triggered if no matches were found. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
if (wnm_scan_process(wpa_s, 1) > 0)
WNM: Move transition candidate list processing to normal scan This makes it easier to optimize transition request processing. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
goto scan_work_done;
STA OBSS: Add check for overlapping BSSs In the previous implementation connected STA performs OBSS scan according to requests from its 20/40 MHz AP. However STA checks only 40 MHz intolerance subfield from HT Capabilities element in scan results. Meanwhile, as per IEEE Std 802.11-2016, 11.16.12, STA should check overlapping BSSs as well. Note that all the required code to check overlapping BSSs did already exist for AP mode since AP does those checks properly before operating as 20/40 MHz BSS in the 2.4 GHz band. Use that existing code by replace existing 40 MHz intolerance check in sme_proc_obss_scan() with the new shared helper function check_bss_coex_40mhz(). Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
5 years ago
if (sme_proc_obss_scan(wpa_s, scan_res) > 0)
Use radio work for scan requests Avoid concurrent scan requests by using the radio work queuing mechanism. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
goto scan_work_done;
Add handling of OBSS scan requests and 20/40 BSS coex reports Add support for HT STA to report 40 MHz intolerance to the associated AP. A HT station generates a report (20/40 BSS coexistence) of channel list if it finds a non-HT capable AP or a HT AP which prohibits 40 MHz transmission (i.e., 40 MHz intolerant bit is set in HT capabilities IE) from the scan results. Parse the OBSS scan parameter from Beacon or Probe Response frames and schedule periodic scan to generate 20/40 coexistence channel report if requested to do so. This patch decodes Scan Interval alone from the OBSS Scan Parameters element and triggers scan on timeout. Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com> Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
UBSan: Fix RRM beacon processing attempt without scan_info Some driver interfaces (e.g., wext) might not include the data->scan_info information and data could be NULL here. Do not try to call the RRM handler in this case since that would dereference the NULL pointer when determining where scan_info is located and could potentially result in trying to read from unexpected location if RRM is enabled with a driver interface that does not support it. events.c:1907:59: runtime error: member access within null pointer of type 'union wpa_event_data' Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
if (own_request && data &&
wpa_supplicant: Add support for Beacon Report Radio Measurement Beacon Report Radio Measurement is defined in IEEE Std 802.11-2016, 11.11.9.1. Beacon Report is implemented by triggering a scan on the requested channels with the requested parameters. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
7 years ago
wpas_beacon_rep_scan_process(wpa_s, scan_res, &data->scan_info) > 0)
goto scan_work_done;
Use radio work for scan requests Avoid concurrent scan requests by using the radio work queuing mechanism. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
if ((wpa_s->conf->ap_scan == 2 && !wpas_wps_searching(wpa_s)))
goto scan_work_done;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
Use radio work for scan requests Avoid concurrent scan requests by using the radio work queuing mechanism. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
if (autoscan_notify_scan(wpa_s, scan_res))
goto scan_work_done;
Add automatic scanning support Like bgscan, autoscan is an optional module based feature to automate scanning but while disconnected or inactive. Instead of requesting directly a scan, it only sets the scan_interval and the sched_scan_interval. So, if the driver supports sched_scan, autoscan will be able to tweak its interval. Otherwise, the tweaked scan_interval will be used. If scan parameters needs to be tweaked, an autoscan_params pointer in wpa_s will provide those. So req_scan / req_sched_scan will not set the scan parameters as they usually do, but instead will use this pointer. Modules will not have to request a scan directly, like bgscan does. Instead, it will need to return the interval it wants after each notification. Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
12 years ago
Getting back to DISCONNECTED afer SCANNING After transitioning from DISCONNECTED to SCANNING, we never go back to DISCONNECTED even though scanning is done or failed. We're thus stuck in SCANNING while scanning is actually done.
15 years ago
if (wpa_s->disconnected) {
wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
Use radio work for scan requests Avoid concurrent scan requests by using the radio work queuing mechanism. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
goto scan_work_done;
Getting back to DISCONNECTED afer SCANNING After transitioning from DISCONNECTED to SCANNING, we never go back to DISCONNECTED even though scanning is done or failed. We're thus stuck in SCANNING while scanning is actually done.
15 years ago
}
Support driver-based BSS selection in ap_scan=1 mode If the driver indicates that it supports BSS selection (including roaming within an ESS) with WPA_DRIVER_FLAGS_BSS_SELECTION, modify ap_scan=1 mode to behave like ap_scan=2 mode for BSS selection. The initial scan is still done to avoid the need for strict configuration of or security parameters (e.g., to figure out whether TKIP or CCMP is being used as the group cipher). However, when requesting the driver to connect, the bssid and freq parameters are not provided to leave the driver in control of selecting which BSS to use and to allow the driver to decide when to roam.
13 years ago
if (!wpas_driver_bss_selection(wpa_s) &&
Use radio work for scan requests Avoid concurrent scan requests by using the radio work queuing mechanism. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
bgscan_notify_scan(wpa_s, scan_res) == 1)
goto scan_work_done;
Do not store raw scan results Use scan results to update the BSS table and to select the BSS for connection, but do not store the results for longer time.
15 years ago
WPS: Maintain more AP state during WPS PIN iteration Maintain state of WPS APs during iteration to find the correct AP for WPS PIN operation when no specific BSSID is specified. This information can be used for optimizing the order in which the APs are tried. This commit is only adding the collection of the information and more detailed debug information to make debug logs more helpful in figuring out how the AP selection order could be improved. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
wpas_wps_update_ap_info(wpa_s, scan_res);
Avoid network selection from scan during connection If scan results arrive during the connection process, the network selection function was called, interrupting the current connection. While a regular scan is mutually exclusive with connection establishment via the nature of radio work, there's no such protection for scheduled scan. Prevent network selection while a connection is in progress. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
9 years ago
if (wpa_s->wpa_state >= WPA_AUTHENTICATING &&
wpa_s->wpa_state < WPA_COMPLETED)
goto scan_work_done;
Use BSS table instead of scan results in need-to-roam determination The same information is available in the BSS table, so we can reduce the need for using the raw scan results in wpa_supplicant_need_to_roam(). Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
wpa_scan_results_free(scan_res);
nl80211: Support vendor scan together with normal scan Allow wpa_supplicant to use vendor scan (if supported by the driver) together with the normal nl80211 scan and handling external scan events. Since this results in possibility of concurrent scan operations, some of the operations related to scan results need to check more carefully when an event is relevant for a specific interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (own_request && wpa_s->scan_work) {
Use radio work for scan requests Avoid concurrent scan requests by using the radio work queuing mechanism. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
struct wpa_radio_work *work = wpa_s->scan_work;
wpa_s->scan_work = NULL;
radio_work_done(work);
}
DPP2: Connection status result (Enrollee) Add support for reporting connection status after provisioning if the Configurator requests this. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
os_free(wpa_s->last_scan_freqs);
wpa_s->last_scan_freqs = NULL;
wpa_s->num_last_scan_freqs = 0;
if (own_request && data &&
data->scan_info.freqs && data->scan_info.num_freqs) {
wpa_s->last_scan_freqs = os_malloc(sizeof(int) *
data->scan_info.num_freqs);
if (wpa_s->last_scan_freqs) {
os_memcpy(wpa_s->last_scan_freqs,
data->scan_info.freqs,
sizeof(int) * data->scan_info.num_freqs);
wpa_s->num_last_scan_freqs = data->scan_info.num_freqs;
}
}
Request new scan only for the original interface Request new scan only for the interface for which the original scan request and results has come. Otherwise while sharing scan results along with P2P interfaces, the new scan will be requested on P2P interfaces. Signed-hostap: Jithu Jance <jithu@broadcom.com>
11 years ago
return wpas_select_network_from_last_scan(wpa_s, 1, own_request);
Use radio work for scan requests Avoid concurrent scan requests by using the radio work queuing mechanism. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
scan_work_done:
wpa_scan_results_free(scan_res);
nl80211: Support vendor scan together with normal scan Allow wpa_supplicant to use vendor scan (if supported by the driver) together with the normal nl80211 scan and handling external scan events. Since this results in possibility of concurrent scan operations, some of the operations related to scan results need to check more carefully when an event is relevant for a specific interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (own_request && wpa_s->scan_work) {
Use radio work for scan requests Avoid concurrent scan requests by using the radio work queuing mechanism. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
struct wpa_radio_work *work = wpa_s->scan_work;
wpa_s->scan_work = NULL;
radio_work_done(work);
}
return ret;
Interworking: Skip extra scan after network auto-select If the scan results from before ANQP fetch are fresh (less than five seconds old), do not run a new scan when selecting the BSS after having used Interworking network selection. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
}
RSN: Update preauth scan results only based on new scan results The fast-connect optimization to skip a new scan did not update how the RSN preauthentication callback is used. There is no point in trying to add preauthentication candidates from cases where scan was skipped, so skip this call, too, in such cases. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
static int wpas_select_network_from_last_scan(struct wpa_supplicant *wpa_s,
Request new scan only for the original interface Request new scan only for the interface for which the original scan request and results has come. Otherwise while sharing scan results along with P2P interfaces, the new scan will be requested on P2P interfaces. Signed-hostap: Jithu Jance <jithu@broadcom.com>
11 years ago
int new_scan, int own_request)
Interworking: Skip extra scan after network auto-select If the scan results from before ANQP fetch are fresh (less than five seconds old), do not run a new scan when selecting the BSS after having used Interworking network selection. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
{
struct wpa_bss *selected;
struct wpa_ssid *ssid = NULL;
Delay AP selection if all networks are temporarily disabled If all networks are temporarily disabled, delay AP selection until at least one network is enabled. Running AP selection when all networks are disabled is useless as wpa_supplicant will not try to connect. In addition, it will result in needless scan iterations that may delay the connection when it is needed. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
9 years ago
int time_to_reenable = wpas_reenabled_network_time(wpa_s);
if (time_to_reenable > 0) {
wpa_dbg(wpa_s, MSG_DEBUG,
"Postpone network selection by %d seconds since all networks are disabled",
time_to_reenable);
eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
eloop_register_timeout(time_to_reenable, 0,
wpas_network_reenabled, wpa_s, NULL);
return 0;
}
Interworking: Skip extra scan after network auto-select If the scan results from before ANQP fetch are fresh (less than five seconds old), do not run a new scan when selecting the BSS after having used Interworking network selection. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
P2P: Do not allow scan or normal association on cfg80211 P2P Device The dedicated P2P management instance (wpas->p2p_mgmt == 1) using cfg80211 P2P Device cannot be used for non-P2P uses or connection (there is no netdev). Reject or ignore such operations to avoid unexpected operations if enabled network blocks are configured in the wpa_supplicant instance used to control this interface. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
if (wpa_s->p2p_mgmt)
return 0; /* no normal connection on p2p_mgmt interface */
OWE: Use shorter scan interval during transition mode search Start scans more quickly if an open BSS advertising OWE transition mode is found, but the matching OWE BSS has not yet been seen. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
wpa_s->owe_transition_search = 0;
Use BSS entries instead of scan results for BSS selection This allows the BSS selection functions to be called without having the scan result data structure. This can be used to skip extra scans in cases where previous results can be considered fresh. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
selected = wpa_supplicant_pick_network(wpa_s, &ssid);
mesh: Join an existing MBSS instead of creating a new one If scan results show a matching existing MBSS, join it instead of creating a new MBSS. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
8 years ago
#ifdef CONFIG_MESH
if (wpa_s->ifmsh) {
wpa_msg(wpa_s, MSG_INFO,
"Avoiding join because we already joined a mesh group");
return 0;
}
#endif /* CONFIG_MESH */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (selected) {
Try to avoid some unnecessary roaming When multiple APs are present in scan results with similar signal strength, wpa_supplicant may end up bounching between them frequently whenever new scan results are available (e.g., due to periodic scans requested by NetworkManager). This can result in unnecessary roaming and in case of the current cfg80211 version, to frequent network disconnections. Do not request a roam if the current BSS is still present in the scan results and the selected BSS is in the same ESS and has only a slighly stronger signal strength.
15 years ago
int skip;
Use BSS table instead of scan results in need-to-roam determination The same information is available in the BSS table, so we can reduce the need for using the raw scan results in wpa_supplicant_need_to_roam(). Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
skip = !wpa_supplicant_need_to_roam(wpa_s, selected, ssid);
Process RSN pre-authentication candidates when skipping roam wpa_supplicant_rsn_preauth_scan_results() needs to be called to update RSN pre-authentication candidates. This cannot be done before the wpa_supplicant_connect() call on the first association, but when trying to figure out whether to roam, it is fine to do so for the case when roaming is skipped. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
if (skip) {
RSN: Update preauth scan results only based on new scan results The fast-connect optimization to skip a new scan did not update how the RSN preauthentication callback is used. There is no point in trying to add preauthentication candidates from cases where scan was skipped, so skip this call, too, in such cases. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
if (new_scan)
wpa_supplicant_rsn_preauth_scan_results(wpa_s);
Do not propagate bad scan results to siblings sharing the radio This decreases useless work and re-scans by siblings when a device gets a scan failure. Signed-off-by: Ben Greear <greearb@candelatech.com>
13 years ago
return 0;
Process RSN pre-authentication candidates when skipping roam wpa_supplicant_rsn_preauth_scan_results() needs to be called to update RSN pre-authentication candidates. This cannot be done before the wpa_supplicant_connect() call on the first association, but when trying to figure out whether to roam, it is fine to do so for the case when roaming is skipped. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
}
P2P: Fix wpa_supplicant crash on P2P WPS PBC overlap case Once PBC overlap detected when using dynamic group interfaces, the wpa_s corresponding to P2P group interface is freed. This patch avoids accessing the wpa_s data structure after it is freed. This fixes a possible crash in P2P client role in such a case.
13 years ago
DPP2: Connection status result (Enrollee) Add support for reporting connection status after provisioning if the Configurator requests this. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
wpa_s->suitable_network++;
Disconnect before trying to switch to a different network Previously, when wpa_supplicant received bgscan results with a preferred network, it connected to that network without disconnecting from the previous one. This might result in an inconsistent state of upper layers. Fix this by disconnecting from the current AP before connecting to the new one when the network profile changes and there is an existing connection. Signed-off-by: Ayala Beker <ayala.beker@intel.com>
9 years ago
if (ssid != wpa_s->current_ssid &&
wpa_s->wpa_state >= WPA_AUTHENTICATING) {
wpa_s->own_disconnect_req = 1;
wpa_supplicant_deauthenticate(
wpa_s, WLAN_REASON_DEAUTH_LEAVING);
}
P2P: Fix wpa_supplicant crash on P2P WPS PBC overlap case Once PBC overlap detected when using dynamic group interfaces, the wpa_s corresponding to P2P group interface is freed. This patch avoids accessing the wpa_s data structure after it is freed. This fixes a possible crash in P2P client role in such a case.
13 years ago
if (wpa_supplicant_connect(wpa_s, selected, ssid) < 0) {
wpa_dbg(wpa_s, MSG_DEBUG, "Connect failed");
return -1;
}
RSN: Update preauth scan results only based on new scan results The fast-connect optimization to skip a new scan did not update how the RSN preauthentication callback is used. There is no point in trying to add preauthentication candidates from cases where scan was skipped, so skip this call, too, in such cases. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
if (new_scan)
wpa_supplicant_rsn_preauth_scan_results(wpa_s);
Do not inform other virtual interfaces of scan results in all cases If a connection operation is started on an interface based on scan results, other virtual interfaces should not be information about the results to avoid potential concurrent operations during the association steps. Since the sibling notification of scan results received was added as an optimization, skipping it for this type of cases is the simplest way of avoiding unnecessary concurrent operations. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
/*
Always propagate scan results to all interfaces Scan results were not propagated to all interfaces if scan results started a new operation, in order to prevent concurrent operations. But this can cause other interfaces to trigger a new scan when scan results are already available. Instead, always notify other interfaces of the scan results, but note that new operations are not allowed. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
8 years ago
* Do not allow other virtual radios to trigger operations based
* on these scan results since we do not want them to start
* other associations at the same time.
Do not inform other virtual interfaces of scan results in all cases If a connection operation is started on an interface based on scan results, other virtual interfaces should not be information about the results to avoid potential concurrent operations during the association steps. Since the sibling notification of scan results received was added as an optimization, skipping it for this type of cases is the simplest way of avoiding unnecessary concurrent operations. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
*/
return 1;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
} else {
DPP2: Connection status result (Enrollee) Add support for reporting connection status after provisioning if the Configurator requests this. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
wpa_s->no_suitable_network++;
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "No suitable network found");
Allow IBSS/AP mode networks to be created in ap_scan=1 mode If no BSSes/IBSSes matching the enabled networks are found in the scan results, IBSS/AP mode network (if configured) can be created in ap_scan=1 mode instead of requiring ap_scan=2 mode to be used whenever using IBSS or AP mode.
15 years ago
ssid = wpa_supplicant_pick_new_network(wpa_s);
if (ssid) {
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Setup a new network");
Allow IBSS/AP mode networks to be created in ap_scan=1 mode If no BSSes/IBSSes matching the enabled networks are found in the scan results, IBSS/AP mode network (if configured) can be created in ap_scan=1 mode instead of requiring ap_scan=2 mode to be used whenever using IBSS or AP mode.
15 years ago
wpa_supplicant_associate(wpa_s, NULL, ssid);
RSN: Update preauth scan results only based on new scan results The fast-connect optimization to skip a new scan did not update how the RSN preauthentication callback is used. There is no point in trying to add preauthentication candidates from cases where scan was skipped, so skip this call, too, in such cases. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
if (new_scan)
wpa_supplicant_rsn_preauth_scan_results(wpa_s);
Request new scan only for the original interface Request new scan only for the interface for which the original scan request and results has come. Otherwise while sharing scan results along with P2P interfaces, the new scan will be requested on P2P interfaces. Signed-hostap: Jithu Jance <jithu@broadcom.com>
11 years ago
} else if (own_request) {
/*
* No SSID found. If SCAN results are as a result of
* own scan request and not due to a scan request on
* another shared interface, try another scan.
*/
Make scan interval configurable It is now possible to configure the the time in seconds that wpa_supplicant waits before requesting a new scan after failing to find a suitable network in scan results. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
13 years ago
int timeout_sec = wpa_s->scan_interval;
Allow sub-second resolution for scan requests This is in preparation to use cases that may benefit from more frequent scanning.
14 years ago
int timeout_usec = 0;
P2P: Optimize scan timeouts for group formation
14 years ago
#ifdef CONFIG_P2P
P2P: Fix P2P_CONNECT-auto fallback to GO Neg with group interface If a separate P2P group interface was used, P2P_CONNECT-auto fallback to GO Negotiation could result in use of freed memory and segmentation fault. This happened in cases where the peer GO was found in some old scans, but not in the first scan triggered by the P2P_CONNECT-auto command ("P2P: Peer was found running GO in older scan -> try to join the group" shows up in the debug log). In addition, the GO would still need to reply to PD Request to allow this code path to be triggered. When five scans for the GO were completed in this sequence, the P2P group interface was removed as part of falling back to GO Negotiation. However, that ended up dereferencing the freed wpa_s instance at the end of scan event processing. Fix this by reordering code a bit and breaking out from EVENT_SCAN_RESULTS processing if the interface could have been removed. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
int res;
res = wpas_p2p_scan_no_go_seen(wpa_s);
if (res == 2)
return 2;
if (res == 1)
P2P: Allow older scan results to improve p2p_connect-auto robustness Previusly the peer was assumed to not be operating a GO if the BSS entry for it was not updated in the single scan run started by p2p_connect-auto. This is not very robust since a scan may miss the peer if either a Probe Request or Probe Response frame is lost. Improve robustness by assuming the peer is still operating the GO and starting the join operation. If the GO is not found during PD-for-join or the single-channel scans during the join, fall back to GO Negotiation. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
return 0;
P2P: Short scan wait to speed up the group re-invocation The shorter 250 ms wait for the next scan request can be used also for the case of persistent group re-invocation instead of just formation of a new group. This speeds up the process and makes this more robust especially in cases where the GO is using MCC. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (wpa_s->p2p_in_provisioning ||
P2P: Optimize scan for GO during persistent group invocation Scan for GO on the negotiated operating channel for few iterations before searching on all the supported channels during persistent group reinvocation. In addition, use the already known SSID of the group in the scans. These optimizations reduce group formation time. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_s->show_group_started ||
wpa_s->p2p_in_invitation) {
P2P: Optimize scan timeouts for group formation
14 years ago
/*
* Use shorter wait during P2P Provisioning
P2P: Short scan wait to speed up the group re-invocation The shorter 250 ms wait for the next scan request can be used also for the case of persistent group re-invocation instead of just formation of a new group. This speeds up the process and makes this more robust especially in cases where the GO is using MCC. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
* state and during P2P join-a-group operation
* to speed up group formation.
P2P: Optimize scan timeouts for group formation
14 years ago
*/
timeout_sec = 0;
timeout_usec = 250000;
Use sched_scan in driver init This patch uses sched_scan, if available, when the driver is initialized. It also adds a couple of cancel operations where appropriate. Signed-off-by: Luciano Coelho <coelho@ti.com>
13 years ago
wpa_supplicant_req_new_scan(wpa_s, timeout_sec,
timeout_usec);
return 0;
P2P: Optimize scan timeouts for group formation
14 years ago
}
#endif /* CONFIG_P2P */
Interworking: Add optional use of network selection on normal scans auto_interworking=1 configuration parameter can be used to request wpa_supplicant to use Interworking network selection automatically as a part of the normal (non-Interworking) network selection if the scan results do not match with enabled networks. This makes scanning work similarly to the "interworking_select auto" command. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
#ifdef CONFIG_INTERWORKING
if (wpa_s->conf->auto_interworking &&
wpa_s->conf->interworking &&
wpa_s->conf->cred) {
wpa_dbg(wpa_s, MSG_DEBUG, "Interworking: "
"start ANQP fetch since no matching "
"networks found");
wpa_s->network_select = 1;
wpa_s->auto_network_select = 1;
interworking_start_fetch_anqp(wpa_s);
Do not inform other virtual interfaces of scan results in all cases If a connection operation is started on an interface based on scan results, other virtual interfaces should not be information about the results to avoid potential concurrent operations during the association steps. Since the sibling notification of scan results received was added as an optimization, skipping it for this type of cases is the simplest way of avoiding unnecessary concurrent operations. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
return 1;
Interworking: Add optional use of network selection on normal scans auto_interworking=1 configuration parameter can be used to request wpa_supplicant to use Interworking network selection automatically as a part of the normal (non-Interworking) network selection if the scan results do not match with enabled networks. This makes scanning work similarly to the "interworking_select auto" command. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
}
#endif /* CONFIG_INTERWORKING */
WPS: Reduce scan wait time during WPS processing Since the AP is expected to be available, there is no need to wait for the full five second wait between scans during WPS connection. This speeds up cases where the first scan misses the AP for some reason. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
#ifdef CONFIG_WPS
WPS: Use shorter scan interval during pre-provisioning search Previously, the shorter scan interval was already in use for the connection following the provisioning step, but same optimization can also be used for the pre-provisioning scan. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
if (wpa_s->after_wps > 0 || wpas_wps_searching(wpa_s)) {
WPS: Reduce scan wait time during WPS processing Since the AP is expected to be available, there is no need to wait for the full five second wait between scans during WPS connection. This speeds up cases where the first scan misses the AP for some reason. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Use shorter wait during WPS processing");
timeout_sec = 0;
timeout_usec = 500000;
wpa_supplicant_req_new_scan(wpa_s, timeout_sec,
timeout_usec);
return 0;
}
#endif /* CONFIG_WPS */
OWE: Use shorter scan interval during transition mode search Start scans more quickly if an open BSS advertising OWE transition mode is found, but the matching OWE BSS has not yet been seen. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
#ifdef CONFIG_OWE
if (wpa_s->owe_transition_search) {
wpa_dbg(wpa_s, MSG_DEBUG,
"OWE: Use shorter wait during transition mode search");
timeout_sec = 0;
timeout_usec = 500000;
wpa_supplicant_req_new_scan(wpa_s, timeout_sec,
timeout_usec);
return 0;
}
#endif /* CONFIG_OWE */
Use sched_scan in driver init This patch uses sched_scan, if available, when the driver is initialized. It also adds a couple of cancel operations where appropriate. Signed-off-by: Luciano Coelho <coelho@ti.com>
13 years ago
if (wpa_supplicant_req_sched_scan(wpa_s))
wpa_supplicant_req_new_scan(wpa_s, timeout_sec,
timeout_usec);
Send CTRL-EVENT-NETWORK-NOT-FOUND if no suitable network was found This provides more information to upper layer programs on what happens with connection attempts in cases where the enabled networks are not found in scan results. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
9 years ago
wpa_msg_ctrl(wpa_s, MSG_INFO,
WPA_EVENT_NETWORK_NOT_FOUND);
Allow sub-second resolution for scan requests This is in preparation to use cases that may benefit from more frequent scanning.
14 years ago
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
Do not propagate bad scan results to siblings sharing the radio This decreases useless work and re-scans by siblings when a device gets a scan failure. Signed-off-by: Ben Greear <greearb@candelatech.com>
13 years ago
return 0;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
Enable sharing of scan result events among virtual interfaces When controlling multiple virtual interfaces on the same physical radio, share the scan results events with sibling interfaces. This decreases the time it takes to connect many virtual interfaces. This is currently only supported on Linux with cfg80211-based drivers when using nl80211 or wext driver interface. Signed-off-by: Ben Greear <greearb@candelatech.com>
14 years ago
P2P: Fix P2P_CONNECT-auto fallback to GO Neg with group interface If a separate P2P group interface was used, P2P_CONNECT-auto fallback to GO Negotiation could result in use of freed memory and segmentation fault. This happened in cases where the peer GO was found in some old scans, but not in the first scan triggered by the P2P_CONNECT-auto command ("P2P: Peer was found running GO in older scan -> try to join the group" shows up in the debug log). In addition, the GO would still need to reply to PD Request to allow this code path to be triggered. When five scans for the GO were completed in this sequence, the P2P group interface was removed as part of falling back to GO Negotiation. However, that ended up dereferencing the freed wpa_s instance at the end of scan event processing. Fix this by reordering code a bit and breaking out from EVENT_SCAN_RESULTS processing if the interface could have been removed. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
static int wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
Enable sharing of scan result events among virtual interfaces When controlling multiple virtual interfaces on the same physical radio, share the scan results events with sibling interfaces. This decreases the time it takes to connect many virtual interfaces. This is currently only supported on Linux with cfg80211-based drivers when using nl80211 or wext driver interface. Signed-off-by: Ben Greear <greearb@candelatech.com>
14 years ago
{
struct wpa_supplicant *ifs;
P2P: Fix P2P_CONNECT-auto fallback to GO Neg with group interface If a separate P2P group interface was used, P2P_CONNECT-auto fallback to GO Negotiation could result in use of freed memory and segmentation fault. This happened in cases where the peer GO was found in some old scans, but not in the first scan triggered by the P2P_CONNECT-auto command ("P2P: Peer was found running GO in older scan -> try to join the group" shows up in the debug log). In addition, the GO would still need to reply to PD Request to allow this code path to be triggered. When five scans for the GO were completed in this sequence, the P2P group interface was removed as part of falling back to GO Negotiation. However, that ended up dereferencing the freed wpa_s instance at the end of scan event processing. Fix this by reordering code a bit and breaking out from EVENT_SCAN_RESULTS processing if the interface could have been removed. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
int res;
Enable sharing of scan result events among virtual interfaces When controlling multiple virtual interfaces on the same physical radio, share the scan results events with sibling interfaces. This decreases the time it takes to connect many virtual interfaces. This is currently only supported on Linux with cfg80211-based drivers when using nl80211 or wext driver interface. Signed-off-by: Ben Greear <greearb@candelatech.com>
14 years ago
Always propagate scan results to all interfaces Scan results were not propagated to all interfaces if scan results started a new operation, in order to prevent concurrent operations. But this can cause other interfaces to trigger a new scan when scan results are already available. Instead, always notify other interfaces of the scan results, but note that new operations are not allowed. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
8 years ago
res = _wpa_supplicant_event_scan_results(wpa_s, data, 1, 0);
P2P: Fix P2P_CONNECT-auto fallback to GO Neg with group interface If a separate P2P group interface was used, P2P_CONNECT-auto fallback to GO Negotiation could result in use of freed memory and segmentation fault. This happened in cases where the peer GO was found in some old scans, but not in the first scan triggered by the P2P_CONNECT-auto command ("P2P: Peer was found running GO in older scan -> try to join the group" shows up in the debug log). In addition, the GO would still need to reply to PD Request to allow this code path to be triggered. When five scans for the GO were completed in this sequence, the P2P group interface was removed as part of falling back to GO Negotiation. However, that ended up dereferencing the freed wpa_s instance at the end of scan event processing. Fix this by reordering code a bit and breaking out from EVENT_SCAN_RESULTS processing if the interface could have been removed. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
if (res == 2) {
/*
* Interface may have been removed, so must not dereference
* wpa_s after this.
*/
return 1;
}
Always propagate scan results to all interfaces Scan results were not propagated to all interfaces if scan results started a new operation, in order to prevent concurrent operations. But this can cause other interfaces to trigger a new scan when scan results are already available. Instead, always notify other interfaces of the scan results, but note that new operations are not allowed. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
8 years ago
if (res < 0) {
Do not propagate bad scan results to siblings sharing the radio This decreases useless work and re-scans by siblings when a device gets a scan failure. Signed-off-by: Ben Greear <greearb@candelatech.com>
13 years ago
/*
* If no scan results could be fetched, then no need to
* notify those interfaces that did not actually request
Do not inform other virtual interfaces of scan results in all cases If a connection operation is started on an interface based on scan results, other virtual interfaces should not be information about the results to avoid potential concurrent operations during the association steps. Since the sibling notification of scan results received was added as an optimization, skipping it for this type of cases is the simplest way of avoiding unnecessary concurrent operations. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
* this scan. Similarly, if scan results started a new operation on this
* interface, do not notify other interfaces to avoid concurrent
* operations during a connection attempt.
Do not propagate bad scan results to siblings sharing the radio This decreases useless work and re-scans by siblings when a device gets a scan failure. Signed-off-by: Ben Greear <greearb@candelatech.com>
13 years ago
*/
P2P: Fix P2P_CONNECT-auto fallback to GO Neg with group interface If a separate P2P group interface was used, P2P_CONNECT-auto fallback to GO Negotiation could result in use of freed memory and segmentation fault. This happened in cases where the peer GO was found in some old scans, but not in the first scan triggered by the P2P_CONNECT-auto command ("P2P: Peer was found running GO in older scan -> try to join the group" shows up in the debug log). In addition, the GO would still need to reply to PD Request to allow this code path to be triggered. When five scans for the GO were completed in this sequence, the P2P group interface was removed as part of falling back to GO Negotiation. However, that ended up dereferencing the freed wpa_s instance at the end of scan event processing. Fix this by reordering code a bit and breaking out from EVENT_SCAN_RESULTS processing if the interface could have been removed. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
return 0;
Do not propagate bad scan results to siblings sharing the radio This decreases useless work and re-scans by siblings when a device gets a scan failure. Signed-off-by: Ben Greear <greearb@candelatech.com>
13 years ago
}
Enable sharing of scan result events among virtual interfaces When controlling multiple virtual interfaces on the same physical radio, share the scan results events with sibling interfaces. This decreases the time it takes to connect many virtual interfaces. This is currently only supported on Linux with cfg80211-based drivers when using nl80211 or wext driver interface. Signed-off-by: Ben Greear <greearb@candelatech.com>
14 years ago
/*
Use wpa_radio data for scan result updates This replaces the now unnecessary iteration of get_radio_name() calls. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
* Check other interfaces to see if they share the same radio. If
Enable sharing of scan result events among virtual interfaces When controlling multiple virtual interfaces on the same physical radio, share the scan results events with sibling interfaces. This decreases the time it takes to connect many virtual interfaces. This is currently only supported on Linux with cfg80211-based drivers when using nl80211 or wext driver interface. Signed-off-by: Ben Greear <greearb@candelatech.com>
14 years ago
* so, they get updated with this same scan info.
*/
Use wpa_radio data for scan result updates This replaces the now unnecessary iteration of get_radio_name() calls. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
radio_list) {
if (ifs != wpa_s) {
Enable sharing of scan result events among virtual interfaces When controlling multiple virtual interfaces on the same physical radio, share the scan results events with sibling interfaces. This decreases the time it takes to connect many virtual interfaces. This is currently only supported on Linux with cfg80211-based drivers when using nl80211 or wext driver interface. Signed-off-by: Ben Greear <greearb@candelatech.com>
14 years ago
wpa_printf(MSG_DEBUG, "%s: Updating scan results from "
"sibling", ifs->ifname);
Always propagate scan results to all interfaces Scan results were not propagated to all interfaces if scan results started a new operation, in order to prevent concurrent operations. But this can cause other interfaces to trigger a new scan when scan results are already available. Instead, always notify other interfaces of the scan results, but note that new operations are not allowed. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
8 years ago
res = _wpa_supplicant_event_scan_results(ifs, data, 0,
res > 0);
if (res < 0)
return 0;
Enable sharing of scan result events among virtual interfaces When controlling multiple virtual interfaces on the same physical radio, share the scan results events with sibling interfaces. This decreases the time it takes to connect many virtual interfaces. This is currently only supported on Linux with cfg80211-based drivers when using nl80211 or wext driver interface. Signed-off-by: Ben Greear <greearb@candelatech.com>
14 years ago
}
}
P2P: Fix P2P_CONNECT-auto fallback to GO Neg with group interface If a separate P2P group interface was used, P2P_CONNECT-auto fallback to GO Negotiation could result in use of freed memory and segmentation fault. This happened in cases where the peer GO was found in some old scans, but not in the first scan triggered by the P2P_CONNECT-auto command ("P2P: Peer was found running GO in older scan -> try to join the group" shows up in the debug log). In addition, the GO would still need to reply to PD Request to allow this code path to be triggered. When five scans for the GO were completed in this sequence, the P2P group interface was removed as part of falling back to GO Negotiation. However, that ended up dereferencing the freed wpa_s instance at the end of scan event processing. Fix this by reordering code a bit and breaking out from EVENT_SCAN_RESULTS processing if the interface could have been removed. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
return 0;
Enable sharing of scan result events among virtual interfaces When controlling multiple virtual interfaces on the same physical radio, share the scan results events with sibling interfaces. This decreases the time it takes to connect many virtual interfaces. This is currently only supported on Linux with cfg80211-based drivers when using nl80211 or wext driver interface. Signed-off-by: Ben Greear <greearb@candelatech.com>
14 years ago
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
#endif /* CONFIG_NO_SCAN_PROCESSING */
wpa_supplicant: Implement fast-associate on SelectNetwork If scan results are available when we perform a SelectNetwork, use them to make an associate decision. This can save an entire scan interval-worth of time in situations where something external to wpa_supplicant (like a connection manager) has just previously requested a scan before calling SelectNetwork. Signed-hostap: Paul Stewart <pstew@chromium.org>
11 years ago
int wpa_supplicant_fast_associate(struct wpa_supplicant *wpa_s)
{
#ifdef CONFIG_NO_SCAN_PROCESSING
return -1;
#else /* CONFIG_NO_SCAN_PROCESSING */
wpa_supplicant: Use monotonic time for last_scan check This just serves to check if there was a scan within the last 5 seconds, hence it should use monotonic time. While at it, also use os_reltime_expired(). Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
struct os_reltime now;
wpa_supplicant: Implement fast-associate on SelectNetwork If scan results are available when we perform a SelectNetwork, use them to make an associate decision. This can save an entire scan interval-worth of time in situations where something external to wpa_supplicant (like a connection manager) has just previously requested a scan before calling SelectNetwork. Signed-hostap: Paul Stewart <pstew@chromium.org>
11 years ago
Ignore scan results from ongoing scan when FLUSH command is issued This makes wpa_supplicant behavior more consistent with FLUSH command to clear all state. Previously, it was possible for an ongoing scan to be aborted when the FLUSH command is issued and the scan results from that aborted scan would still be processed and that would update the BSS table which was supposed to cleared by the FLUSH command. This could result in hwsim test case failures due to unexpected BSS table entries being present after the FLUSH command. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
wpa_s->ignore_post_flush_scan_res = 0;
Do not check unsigned size is less than zero The variables here are unsigned and as such, cannot have a negative value. Use == 0 instead of <= 0 to make this cleaner. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
if (wpa_s->last_scan_res_used == 0)
wpa_supplicant: Implement fast-associate on SelectNetwork If scan results are available when we perform a SelectNetwork, use them to make an associate decision. This can save an entire scan interval-worth of time in situations where something external to wpa_supplicant (like a connection manager) has just previously requested a scan before calling SelectNetwork. Signed-hostap: Paul Stewart <pstew@chromium.org>
11 years ago
return -1;
wpa_supplicant: Use monotonic time for last_scan check This just serves to check if there was a scan within the last 5 seconds, hence it should use monotonic time. While at it, also use os_reltime_expired(). Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
os_get_reltime(&now);
Maintain BSS entries for 5 seconds after interface is disabled This is targeting the case of MAC address change for an association which may require the interface to be set down for a short moment. Previously, this ended up flushing the BSS table that wpa_supplicant maintained and that resulted in having to scan again if the MAC address was changed between the previous scan and the connection attempt. This is unnecessary extra latency, so maintain the BSS entries for 5 seconds (i.e., the same time that the old scan results are consider valid for a new connection attempt) after an interface goes down. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
if (os_reltime_expired(&now, &wpa_s->last_scan,
wpa_supplicant: Configurable fast-associate timer threshold For Android the default value of 5 seconds is usually too short for scan results from last scan initiated from settings app to be considered for fast-associate. Make the fast-associate timer value configurable so that a suitable value can be set based on a systems regular scan interval. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
4 years ago
wpa_s->conf->scan_res_valid_for_connect)) {
wpa_supplicant: Implement fast-associate on SelectNetwork If scan results are available when we perform a SelectNetwork, use them to make an associate decision. This can save an entire scan interval-worth of time in situations where something external to wpa_supplicant (like a connection manager) has just previously requested a scan before calling SelectNetwork. Signed-hostap: Paul Stewart <pstew@chromium.org>
11 years ago
wpa_printf(MSG_DEBUG, "Fast associate: Old scan results");
return -1;
}
Request new scan only for the original interface Request new scan only for the interface for which the original scan request and results has come. Otherwise while sharing scan results along with P2P interfaces, the new scan will be requested on P2P interfaces. Signed-hostap: Jithu Jance <jithu@broadcom.com>
11 years ago
return wpas_select_network_from_last_scan(wpa_s, 0, 1);
wpa_supplicant: Implement fast-associate on SelectNetwork If scan results are available when we perform a SelectNetwork, use them to make an associate decision. This can save an entire scan interval-worth of time in situations where something external to wpa_supplicant (like a connection manager) has just previously requested a scan before calling SelectNetwork. Signed-hostap: Paul Stewart <pstew@chromium.org>
11 years ago
#endif /* CONFIG_NO_SCAN_PROCESSING */
}
WNM: Add advertisement of BSS max idle period If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period information to the (Re)Association Response frame from the AP and parse this information on the station. For SME-in-wpa_supplicant case, add a timer to handle periodic transmission of the keep-alive frame. The actual request for the driver to transmit a frame is not yet implemented. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#ifdef CONFIG_WNM
static void wnm_bss_keep_alive(void *eloop_ctx, void *sock_ctx)
{
struct wpa_supplicant *wpa_s = eloop_ctx;
if (wpa_s->wpa_state < WPA_ASSOCIATED)
return;
WNM: Add option to disable keep-alive frames for testing purposes "wpa_cli set no_keep_alive 1/0" can now be used to disable/enable keep alive frames to enable testing. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
if (!wpa_s->no_keep_alive) {
wpa_printf(MSG_DEBUG, "WNM: Send keep-alive to AP " MACSTR,
MAC2STR(wpa_s->bssid));
/* TODO: could skip this if normal data traffic has been sent */
/* TODO: Consider using some more appropriate data frame for
* this */
if (wpa_s->l2)
l2_packet_send(wpa_s->l2, wpa_s->bssid, 0x0800,
(u8 *) "", 0);
}
WNM: Add advertisement of BSS max idle period If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period information to the (Re)Association Response frame from the AP and parse this information on the station. For SME-in-wpa_supplicant case, add a timer to handle periodic transmission of the keep-alive frame. The actual request for the driver to transmit a frame is not yet implemented. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
WNM: Fix build without CONFIG_SME=y Commit b6668734ab8ac235f129d1cd0aff4c4e1c922b41 missed #ifdef CONFIG_SME protection around wpa_s->sme access. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#ifdef CONFIG_SME
WNM: Add advertisement of BSS max idle period If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period information to the (Re)Association Response frame from the AP and parse this information on the station. For SME-in-wpa_supplicant case, add a timer to handle periodic transmission of the keep-alive frame. The actual request for the driver to transmit a frame is not yet implemented. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
if (wpa_s->sme.bss_max_idle_period) {
unsigned int msec;
msec = wpa_s->sme.bss_max_idle_period * 1024; /* times 1000 */
if (msec > 100)
msec -= 100;
eloop_register_timeout(msec / 1000, msec % 1000 * 1000,
wnm_bss_keep_alive, wpa_s, NULL);
}
WNM: Fix build without CONFIG_SME=y Commit b6668734ab8ac235f129d1cd0aff4c4e1c922b41 missed #ifdef CONFIG_SME protection around wpa_s->sme access. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#endif /* CONFIG_SME */
WNM: Add advertisement of BSS max idle period If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period information to the (Re)Association Response frame from the AP and parse this information on the station. For SME-in-wpa_supplicant case, add a timer to handle periodic transmission of the keep-alive frame. The actual request for the driver to transmit a frame is not yet implemented. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
}
static void wnm_process_assoc_resp(struct wpa_supplicant *wpa_s,
const u8 *ies, size_t ies_len)
{
struct ieee802_11_elems elems;
if (ies == NULL)
return;
if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed)
return;
#ifdef CONFIG_SME
if (elems.bss_max_idle_period) {
unsigned int msec;
wpa_s->sme.bss_max_idle_period =
WPA_GET_LE16(elems.bss_max_idle_period);
wpa_printf(MSG_DEBUG, "WNM: BSS Max Idle Period: %u (* 1000 "
"TU)%s", wpa_s->sme.bss_max_idle_period,
(elems.bss_max_idle_period[2] & 0x01) ?
" (protected keep-live required)" : "");
if (wpa_s->sme.bss_max_idle_period == 0)
wpa_s->sme.bss_max_idle_period = 1;
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) {
eloop_cancel_timeout(wnm_bss_keep_alive, wpa_s, NULL);
/* msec times 1000 */
msec = wpa_s->sme.bss_max_idle_period * 1024;
if (msec > 100)
msec -= 100;
eloop_register_timeout(msec / 1000, msec % 1000 * 1000,
wnm_bss_keep_alive, wpa_s,
NULL);
}
}
#endif /* CONFIG_SME */
}
#endif /* CONFIG_WNM */
void wnm_bss_keep_alive_deinit(struct wpa_supplicant *wpa_s)
{
#ifdef CONFIG_WNM
eloop_cancel_timeout(wnm_bss_keep_alive, wpa_s, NULL);
#endif /* CONFIG_WNM */
}
Interworking: Add support for QoS Mapping functionality for the STA Indicate support for QoS Mapping and configure driver to update the QoS Map if QoS Map Set elements is received from the AP either in (Re)Association Response or QoS Map Configure frame. This commit adds support for receiving the frames with nl80211 drivers, but the actual QoS Map configuration command is still missing. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
#ifdef CONFIG_INTERWORKING
static int wpas_qos_map_set(struct wpa_supplicant *wpa_s, const u8 *qos_map,
size_t len)
{
int res;
wpa_hexdump(MSG_DEBUG, "Interworking: QoS Map Set", qos_map, len);
res = wpa_drv_set_qos_map(wpa_s, qos_map, len);
if (res) {
wpa_printf(MSG_DEBUG, "Interworking: Failed to configure QoS Map Set to the driver");
}
return res;
}
static void interworking_process_assoc_resp(struct wpa_supplicant *wpa_s,
const u8 *ies, size_t ies_len)
{
struct ieee802_11_elems elems;
if (ies == NULL)
return;
if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed)
return;
if (elems.qos_map_set) {
wpas_qos_map_set(wpa_s, elems.qos_map_set,
elems.qos_map_set_len);
}
}
#endif /* CONFIG_INTERWORKING */
wpa_supplicant: Add Multi-AP backhaul STA support Advertise vendor specific Multi-AP IE in (Re)Association Request frames and process Multi-AP IE from (Re)Association Response frames if the user enables Multi-AP fuctionality. If the (Re)Association Response frame does not contain the Multi-AP IE, disassociate. This adds a new configuration parameter 'multi_ap_backhaul_sta' to enable/disable Multi-AP functionality. Enable 4-address mode after association (if the Association Response frame contains the Multi-AP IE). Also enable the bridge in that case. This is necessary because wpa_supplicant only enables the bridge in wpa_drv_if_add(), which only gets called when an interface is added through the control interface, not when it is configured from the command line. Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years ago
static void multi_ap_process_assoc_resp(struct wpa_supplicant *wpa_s,
const u8 *ies, size_t ies_len)
{
struct ieee802_11_elems elems;
const u8 *map_sub_elem, *pos;
size_t len;
Multi-AP: Set 4-address mode after network selection Split multi_ap_process_assoc_resp() to set 4-address mode after network selection. Previously, wpa_s->current_ssid might have been NULL in some cases and that would have resulted in 4-address mode not getting enabled properly. Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
4 years ago
wpa_s->multi_ap_ie = 0;
wpa_supplicant: Add Multi-AP backhaul STA support Advertise vendor specific Multi-AP IE in (Re)Association Request frames and process Multi-AP IE from (Re)Association Response frames if the user enables Multi-AP fuctionality. If the (Re)Association Response frame does not contain the Multi-AP IE, disassociate. This adds a new configuration parameter 'multi_ap_backhaul_sta' to enable/disable Multi-AP functionality. Enable 4-address mode after association (if the Association Response frame contains the Multi-AP IE). Also enable the bridge in that case. This is necessary because wpa_supplicant only enables the bridge in wpa_drv_if_add(), which only gets called when an interface is added through the control interface, not when it is configured from the command line. Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years ago
Multi-AP: Set 4-address mode after network selection Split multi_ap_process_assoc_resp() to set 4-address mode after network selection. Previously, wpa_s->current_ssid might have been NULL in some cases and that would have resulted in 4-address mode not getting enabled properly. Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
4 years ago
if (!ies ||
ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed ||
!elems.multi_ap || elems.multi_ap_len < 7)
return;
wpa_supplicant: Add Multi-AP backhaul STA support Advertise vendor specific Multi-AP IE in (Re)Association Request frames and process Multi-AP IE from (Re)Association Response frames if the user enables Multi-AP fuctionality. If the (Re)Association Response frame does not contain the Multi-AP IE, disassociate. This adds a new configuration parameter 'multi_ap_backhaul_sta' to enable/disable Multi-AP functionality. Enable 4-address mode after association (if the Association Response frame contains the Multi-AP IE). Also enable the bridge in that case. This is necessary because wpa_supplicant only enables the bridge in wpa_drv_if_add(), which only gets called when an interface is added through the control interface, not when it is configured from the command line. Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years ago
pos = elems.multi_ap + 4;
len = elems.multi_ap_len - 4;
map_sub_elem = get_ie(pos, len, MULTI_AP_SUB_ELEM_TYPE);
Multi-AP: Set 4-address mode after network selection Split multi_ap_process_assoc_resp() to set 4-address mode after network selection. Previously, wpa_s->current_ssid might have been NULL in some cases and that would have resulted in 4-address mode not getting enabled properly. Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
4 years ago
if (!map_sub_elem || map_sub_elem[1] < 1)
return;
wpa_s->multi_ap_backhaul = !!(map_sub_elem[2] & MULTI_AP_BACKHAUL_BSS);
wpa_s->multi_ap_fronthaul = !!(map_sub_elem[2] &
MULTI_AP_FRONTHAUL_BSS);
wpa_s->multi_ap_ie = 1;
}
static void multi_ap_set_4addr_mode(struct wpa_supplicant *wpa_s)
{
if (!wpa_s->current_ssid ||
!wpa_s->current_ssid->multi_ap_backhaul_sta)
return;
if (!wpa_s->multi_ap_ie) {
wpa_printf(MSG_INFO,
"AP does not include valid Multi-AP element");
wpa_supplicant: Add Multi-AP backhaul STA support Advertise vendor specific Multi-AP IE in (Re)Association Request frames and process Multi-AP IE from (Re)Association Response frames if the user enables Multi-AP fuctionality. If the (Re)Association Response frame does not contain the Multi-AP IE, disassociate. This adds a new configuration parameter 'multi_ap_backhaul_sta' to enable/disable Multi-AP functionality. Enable 4-address mode after association (if the Association Response frame contains the Multi-AP IE). Also enable the bridge in that case. This is necessary because wpa_supplicant only enables the bridge in wpa_drv_if_add(), which only gets called when an interface is added through the control interface, not when it is configured from the command line. Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years ago
goto fail;
}
Multi-AP: Set 4-address mode after network selection Split multi_ap_process_assoc_resp() to set 4-address mode after network selection. Previously, wpa_s->current_ssid might have been NULL in some cases and that would have resulted in 4-address mode not getting enabled properly. Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
4 years ago
if (!wpa_s->multi_ap_backhaul) {
if (wpa_s->multi_ap_fronthaul &&
wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPS The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the backhaul STA needs to add a Multi-AP IE to the WFA vendor extension element in the WSC M1 message that indicates it supports the Multi-AP backhaul STA role. The Registrar (if it support Multi-AP onboarding) will respond to that with a WSC M8 message that also contains the Multi-AP IE, and that contains the credentials for the backhaul SSID (which may be different from the SSID on which WPS is performed). Introduce a new parameter to wpas_wps_start_pbc() and allow it to be set via control interface's new multi_ap=1 parameter of WPS_PBC call. multi_ap_backhaul_sta is set to 1 in the automatically created SSID. Thus, if the AP does not support Multi-AP, association will fail and WPS will be terminated. Only wps_pbc is supported. This commit adds the multi_ap argument only to the control socket interface, not to the D-Bus interface. Since WPS associates with the fronthaul BSS instead of the backhaul BSS, we should not drop association if the AP announces fronthaul-only BSS. Still, we should only do that in the specific case of WPS. Therefore, add a check to multi_ap_process_assoc_resp() to allow association with a fronthaul-only BSS if and only if key_mgmt contains WPS. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Daniel Golle <daniel@makrotopia.org> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
5 years ago
wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
wpa_printf(MSG_INFO,
"WPS active, accepting fronthaul-only BSS");
/* Don't set 4addr mode in this case, so just return */
return;
}
wpa_supplicant: Add Multi-AP backhaul STA support Advertise vendor specific Multi-AP IE in (Re)Association Request frames and process Multi-AP IE from (Re)Association Response frames if the user enables Multi-AP fuctionality. If the (Re)Association Response frame does not contain the Multi-AP IE, disassociate. This adds a new configuration parameter 'multi_ap_backhaul_sta' to enable/disable Multi-AP functionality. Enable 4-address mode after association (if the Association Response frame contains the Multi-AP IE). Also enable the bridge in that case. This is necessary because wpa_supplicant only enables the bridge in wpa_drv_if_add(), which only gets called when an interface is added through the control interface, not when it is configured from the command line. Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years ago
wpa_printf(MSG_INFO, "AP doesn't support backhaul BSS");
goto fail;
}
if (wpa_drv_set_4addr_mode(wpa_s, 1) < 0) {
wpa_printf(MSG_ERROR, "Failed to set 4addr mode");
goto fail;
}
wpa_s->enabled_4addr_mode = 1;
return;
fail:
wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
}
FST: Improve parsing of Multiband IEs Previously, MB IEs were parsed only from association event. Try to get MB IEs from other management frames like Probe Response frames. The MB IEs from the association event may not be up-to-date and in some cases may actually be missing and updating the information based on other frames can improve robustness of FST exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
#ifdef CONFIG_FST
static int wpas_fst_update_mbie(struct wpa_supplicant *wpa_s,
const u8 *ie, size_t ie_len)
{
struct mb_ies_info mb_ies;
if (!ie || !ie_len || !wpa_s->fst)
return -ENOENT;
os_memset(&mb_ies, 0, sizeof(mb_ies));
while (ie_len >= 2 && mb_ies.nof_ies < MAX_NOF_MB_IES_SUPPORTED) {
size_t len;
len = 2 + ie[1];
if (len > ie_len) {
wpa_hexdump(MSG_DEBUG, "FST: Truncated IE found",
ie, ie_len);
break;
}
if (ie[0] == WLAN_EID_MULTI_BAND) {
wpa_printf(MSG_DEBUG, "MB IE of %u bytes found",
(unsigned int) len);
mb_ies.ies[mb_ies.nof_ies].ie = ie + 2;
mb_ies.ies[mb_ies.nof_ies].ie_len = len - 2;
mb_ies.nof_ies++;
}
ie_len -= len;
ie += len;
}
if (mb_ies.nof_ies > 0) {
wpabuf_free(wpa_s->received_mb_ies);
wpa_s->received_mb_ies = mb_ies_by_info(&mb_ies);
return 0;
}
return -ENOENT;
}
#endif /* CONFIG_FST */
Update ciphers to address GTK renewal failures while roaming After roaming from WPA2-AP (group=CCMP) to WPA-AP (group=TKIP) using driver-based SME and roaming trigger, GTK renewal failures are observed for the currently associated WPA-AP because of group cipher mismatch, resulting in deauthentication with the AP. Update the group cipher and pairwise cipher values in wpa_sm from association event received from the driver in case of SME offload to the driver to address GTK renewal failures (and similar issues) that could happen when the driver/firmware roams between APs with different security profiles. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
3 years ago
static int wpa_supplicant_use_own_rsne_params(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
int sel;
const u8 *p;
int l, len;
bool found = false;
struct wpa_ie_data ie;
struct wpa_ssid *ssid = wpa_s->current_ssid;
if (!ssid)
return 0;
p = data->assoc_info.req_ies;
l = data->assoc_info.req_ies_len;
while (p && l >= 2) {
len = p[1] + 2;
if (len > l) {
wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info",
p, l);
break;
}
if (((p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
(os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0)) ||
(p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 4 &&
(os_memcmp(&p[2], "\x50\x6F\x9A\x12", 4) == 0)) ||
(p[0] == WLAN_EID_RSN && p[1] >= 2))) {
found = true;
break;
}
l -= len;
p += len;
}
if (!found || wpa_parse_wpa_ie(p, len, &ie) < 0)
return 0;
wpa_hexdump(MSG_DEBUG,
"WPA: Update cipher suite selection based on IEs in driver-generated WPA/RSNE in AssocReq",
p, l);
sel = ie.group_cipher;
if (ssid->group_cipher)
sel &= ssid->group_cipher;
wpa_dbg(wpa_s, MSG_DEBUG,
"WPA: AP group cipher 0x%x network group cipher 0x%x; available group cipher 0x%x",
ie.group_cipher, ssid->group_cipher, sel);
if (ie.group_cipher && !sel) {
wpa_supplicant_deauthenticate(
wpa_s, WLAN_REASON_GROUP_CIPHER_NOT_VALID);
return -1;
}
wpa_s->group_cipher = ie.group_cipher;
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
wpa_cipher_txt(wpa_s->group_cipher));
sel = ie.pairwise_cipher;
if (ssid->pairwise_cipher)
sel &= ssid->pairwise_cipher;
wpa_dbg(wpa_s, MSG_DEBUG,
"WPA: AP pairwise cipher 0x%x network pairwise cipher 0x%x; available pairwise cipher 0x%x",
ie.pairwise_cipher, ssid->pairwise_cipher, sel);
if (ie.pairwise_cipher && !sel) {
wpa_supplicant_deauthenticate(
wpa_s, WLAN_REASON_PAIRWISE_CIPHER_NOT_VALID);
return -1;
}
wpa_s->pairwise_cipher = ie.pairwise_cipher;
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
wpa_s->pairwise_cipher);
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
wpa_cipher_txt(wpa_s->pairwise_cipher));
wpas_set_mgmt_group_cipher(wpa_s, ssid, &ie);
return 0;
}
FT: Deauthenticate in case of Reassoc Response validation error If validation of the Reassociation Response frame fails during FT Protocol, do not allow association to be completed; instead, force deauthentication.
14 years ago
static int wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
{
SAE: Add RSNXE in Association Request and EAPOL-Key msg 2/4 Add the new RSNXE into (Re)Association Request frames and EAPOL-Key msg 2/4 when using SAE with hash-to-element mechanism enabled. This allows the AP to verify that there was no downgrade attack when both PWE derivation mechanisms are enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
int l, len, found = 0, found_x = 0, wpa_found, rsn_found;
Add SME support (separate authentication and association) This can be used, e.g., with mac80211-based Linux drivers with nl80211. This allows over-the-air FT protocol to be used (IEEE 802.11r). Since the nl80211 interface needed for this is very recent (added today into wireless-testing.git), driver_nl80211.c has backwards compatibility code that uses WEXT for association if the kernel does not support the new commands. This compatibility code can be disabled by defining NO_WEXT_COMPAT. That code will also be removed at some point to clean up driver_nl80211.c.
15 years ago
const u8 *p;
FT: Add support for IEEE 802.11r with driver-based SME Add NL80211_CMD_UPDATE_FT_IES to support update of FT IEs to the WLAN driver. Add NL80211_CMD_FT_EVENT to send FT event from the WLAN driver. This will carry the target AP's MAC address along with the relevant Information Elements. This event is used to report received FT IEs (MDIE, FTIE, RSN IE, TIE, RICIE). Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
11 years ago
u8 bssid[ETH_ALEN];
MSCS: Parse result of MSCS setup in (Re)Association Response frames Add support to parse the (Re)Association Response frames to check if the AP has accepted/declined the MSCS request in response to the corresponding (Re)Association Request frame. AP indicates the result by setting it in the optional MSCS Status subelement of MSCS Descriptor element in (Re)Association Response frame. This MSCS Status subelement is defined in the process of being added into P802.11-REVmd/D4.0 (11-20-0516-17-000m-cr-mscs-and-cid4158). Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
4 years ago
bool bssid_known;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Association info event");
MSCS: Parse result of MSCS setup in (Re)Association Response frames Add support to parse the (Re)Association Response frames to check if the AP has accepted/declined the MSCS request in response to the corresponding (Re)Association Request frame. AP indicates the result by setting it in the optional MSCS Status subelement of MSCS Descriptor element in (Re)Association Response frame. This MSCS Status subelement is defined in the process of being added into P802.11-REVmd/D4.0 (11-20-0516-17-000m-cr-mscs-and-cid4158). Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
4 years ago
bssid_known = wpa_drv_get_bssid(wpa_s, bssid) == 0;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (data->assoc_info.req_ies)
wpa_hexdump(MSG_DEBUG, "req_ies", data->assoc_info.req_ies,
data->assoc_info.req_ies_len);
TDLS: Do not allow setup to be started if AP prohibits TDLS
13 years ago
if (data->assoc_info.resp_ies) {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_hexdump(MSG_DEBUG, "resp_ies", data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len);
TDLS: Do not allow setup to be started if AP prohibits TDLS
13 years ago
#ifdef CONFIG_TDLS
wpa_tdls_assoc_resp_ies(wpa_s->wpa, data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len);
#endif /* CONFIG_TDLS */
WNM: Add advertisement of BSS max idle period If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period information to the (Re)Association Response frame from the AP and parse this information on the station. For SME-in-wpa_supplicant case, add a timer to handle periodic transmission of the keep-alive frame. The actual request for the driver to transmit a frame is not yet implemented. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#ifdef CONFIG_WNM
wnm_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len);
#endif /* CONFIG_WNM */
Interworking: Add support for QoS Mapping functionality for the STA Indicate support for QoS Mapping and configure driver to update the QoS Map if QoS Map Set elements is received from the AP either in (Re)Association Response or QoS Map Configure frame. This commit adds support for receiving the frames with nl80211 drivers, but the actual QoS Map configuration command is still missing. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
#ifdef CONFIG_INTERWORKING
interworking_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len);
#endif /* CONFIG_INTERWORKING */
wpa_supplicant: Add ieee80211ac information in STATUS This allows user to get current operating mode of station. Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
6 years ago
if (wpa_s->hw_capab == CAPAB_VHT &&
get_ie(data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len, WLAN_EID_VHT_CAP))
wpa_s->ieee80211ac = 1;
wpa_supplicant: Add Multi-AP backhaul STA support Advertise vendor specific Multi-AP IE in (Re)Association Request frames and process Multi-AP IE from (Re)Association Response frames if the user enables Multi-AP fuctionality. If the (Re)Association Response frame does not contain the Multi-AP IE, disassociate. This adds a new configuration parameter 'multi_ap_backhaul_sta' to enable/disable Multi-AP functionality. Enable 4-address mode after association (if the Association Response frame contains the Multi-AP IE). Also enable the bridge in that case. This is necessary because wpa_supplicant only enables the bridge in wpa_drv_if_add(), which only gets called when an interface is added through the control interface, not when it is configured from the command line. Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
6 years ago
multi_ap_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len);
TDLS: Do not allow setup to be started if AP prohibits TDLS
13 years ago
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (data->assoc_info.beacon_ies)
wpa_hexdump(MSG_DEBUG, "beacon_ies",
data->assoc_info.beacon_ies,
data->assoc_info.beacon_ies_len);
Add an option for driver wrappers to report operational frequency
15 years ago
if (data->assoc_info.freq)
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "freq=%u MHz",
data->assoc_info.freq);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
Indicate wifi_generation in wpa_supplicant STATUS output This adds a wifi_generation=4/5/6 line to the STATUS output if the driver reports (Re)Association Request frame and (Re)Association Response frame information elements in the association or connection event. Only the generations 4 (HT = 802.11n), 5 (VHT = 802.11ac), and 6 (HE = 802.11ax) are reported. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
wpa_s->connection_set = 0;
if (data->assoc_info.req_ies && data->assoc_info.resp_ies) {
struct ieee802_11_elems req_elems, resp_elems;
if (ieee802_11_parse_elems(data->assoc_info.req_ies,
data->assoc_info.req_ies_len,
&req_elems, 0) != ParseFailed &&
ieee802_11_parse_elems(data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len,
&resp_elems, 0) != ParseFailed) {
wpa_s->connection_set = 1;
wpa_s->connection_ht = req_elems.ht_capabilities &&
resp_elems.ht_capabilities;
Add check to consider band in enabling connection_vht flag connection_vht flag was set to true when both Association Request and Response frame IEs have VHT capability. Thus all devices that have support for the vendor specific partial VHT support in the 2.4 GHz band were also being reported as VHT capable. However, IEEE Std 802.11ac-2013 defines VHT STA to operate in frequency bands below 6 GHz excluding the 2.4 GHz band. Do not set connection_vht when the operating band is 2.4 GHz. This avoids reporting wifi_generation 5 on the 2.4 GHz band and reserves the generation value 5 for full VHT as defined in the IEEE 802.11 standard. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
4 years ago
/* Do not include subset of VHT on 2.4 GHz vendor
* extension in consideration for reporting VHT
* association. */
Indicate wifi_generation in wpa_supplicant STATUS output This adds a wifi_generation=4/5/6 line to the STATUS output if the driver reports (Re)Association Request frame and (Re)Association Response frame information elements in the association or connection event. Only the generations 4 (HT = 802.11n), 5 (VHT = 802.11ac), and 6 (HE = 802.11ax) are reported. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
wpa_s->connection_vht = req_elems.vht_capabilities &&
Add check to consider band in enabling connection_vht flag connection_vht flag was set to true when both Association Request and Response frame IEs have VHT capability. Thus all devices that have support for the vendor specific partial VHT support in the 2.4 GHz band were also being reported as VHT capable. However, IEEE Std 802.11ac-2013 defines VHT STA to operate in frequency bands below 6 GHz excluding the 2.4 GHz band. Do not set connection_vht when the operating band is 2.4 GHz. This avoids reporting wifi_generation 5 on the 2.4 GHz band and reserves the generation value 5 for full VHT as defined in the IEEE 802.11 standard. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
4 years ago
resp_elems.vht_capabilities &&
(!data->assoc_info.freq ||
wpas_freq_to_band(data->assoc_info.freq) !=
BAND_2_4_GHZ);
Indicate wifi_generation in wpa_supplicant STATUS output This adds a wifi_generation=4/5/6 line to the STATUS output if the driver reports (Re)Association Request frame and (Re)Association Response frame information elements in the association or connection event. Only the generations 4 (HT = 802.11n), 5 (VHT = 802.11ac), and 6 (HE = 802.11ax) are reported. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
wpa_s->connection_he = req_elems.he_capabilities &&
resp_elems.he_capabilities;
}
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
p = data->assoc_info.req_ies;
l = data->assoc_info.req_ies_len;
/* Go through the IEs and make a copy of the WPA/RSN IE, if present. */
while (p && l >= 2) {
len = p[1] + 2;
if (len > l) {
wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info",
p, l);
break;
}
SAE: Add RSNXE in Association Request and EAPOL-Key msg 2/4 Add the new RSNXE into (Re)Association Request frames and EAPOL-Key msg 2/4 when using SAE with hash-to-element mechanism enabled. This allows the AP to verify that there was no downgrade attack when both PWE derivation mechanisms are enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
if (!found &&
((p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
(os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0)) ||
(p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 4 &&
(os_memcmp(&p[2], "\x50\x6F\x9A\x12", 4) == 0)) ||
(p[0] == WLAN_EID_RSN && p[1] >= 2))) {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, p, len))
break;
found = 1;
wpa_find_assoc_pmkid(wpa_s);
SAE: Add RSNXE in Association Request and EAPOL-Key msg 2/4 Add the new RSNXE into (Re)Association Request frames and EAPOL-Key msg 2/4 when using SAE with hash-to-element mechanism enabled. This allows the AP to verify that there was no downgrade attack when both PWE derivation mechanisms are enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
}
if (!found_x && p[0] == WLAN_EID_RSNX) {
if (wpa_sm_set_assoc_rsnxe(wpa_s->wpa, p, len))
break;
found_x = 1;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
l -= len;
p += len;
}
if (!found && data->assoc_info.req_ies)
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
SAE: Add RSNXE in Association Request and EAPOL-Key msg 2/4 Add the new RSNXE into (Re)Association Request frames and EAPOL-Key msg 2/4 when using SAE with hash-to-element mechanism enabled. This allows the AP to verify that there was no downgrade attack when both PWE derivation mechanisms are enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
if (!found_x && data->assoc_info.req_ies)
wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
FILS: Association Response processing (STA) Decrypt the AES-SIV protected elements and verify Key-Auth. Parse and configure keys to the driver. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
#ifdef CONFIG_FILS
#ifdef CONFIG_SME
FILS: Add FILS SK auth PFS support in STA mode This adds an option to configure wpa_supplicant to use the perfect forward secrecy option in FILS shared key authentication. A new build option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A new runtime network profile parameter fils_dh_group is used to enable this by specifying which DH group to use. For example, fils_dh_group=19 would use FILS SK PFS with a 256-bit random ECP group. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
if ((wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS ||
wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS_SK_PFS) &&
FILS: Association Response processing (STA) Decrypt the AES-SIV protected elements and verify Key-Auth. Parse and configure keys to the driver. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
(!data->assoc_info.resp_frame ||
fils_process_assoc_resp(wpa_s->wpa,
data->assoc_info.resp_frame,
data->assoc_info.resp_frame_len) < 0)) {
wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED);
return -1;
}
#endif /* CONFIG_SME */
FILS: Track completion with FILS shared key authentication offload Update the internal fils_completed state when offloading FILS shared key authentication to the driver. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
/* Additional processing for FILS when SME is in driver */
if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS &&
!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME))
wpa_sm_set_reset_fils_completed(wpa_s->wpa, 1);
FILS: Association Response processing (STA) Decrypt the AES-SIV protected elements and verify Key-Auth. Parse and configure keys to the driver. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
#endif /* CONFIG_FILS */
OWE: Process Diffie-Hellman Parameter element in STA mode This adds STA side addition of OWE Diffie-Hellman Parameter element into (Re)Association Request frame and processing it in (Re)Association Response frame. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
#ifdef CONFIG_OWE
if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE &&
MSCS: Parse result of MSCS setup in (Re)Association Response frames Add support to parse the (Re)Association Response frames to check if the AP has accepted/declined the MSCS request in response to the corresponding (Re)Association Request frame. AP indicates the result by setting it in the optional MSCS Status subelement of MSCS Descriptor element in (Re)Association Response frame. This MSCS Status subelement is defined in the process of being added into P802.11-REVmd/D4.0 (11-20-0516-17-000m-cr-mscs-and-cid4158). Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
4 years ago
(!bssid_known ||
OWE: PMKSA caching in station mode This extends OWE support in wpa_supplicant to allow PMKSA caching to be used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
owe_process_assoc_resp(wpa_s->wpa, bssid,
data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len) < 0)) {
OWE: Process Diffie-Hellman Parameter element in STA mode This adds STA side addition of OWE Diffie-Hellman Parameter element into (Re)Association Request frame and processing it in (Re)Association Response frame. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED);
return -1;
}
#endif /* CONFIG_OWE */
DPP2: PFS for PTK derivation Use Diffie-Hellman key exchange to derivate additional material for PMK-to-PTK derivation to get PFS. The Diffie-Hellman Parameter element (defined in OWE RFC 8110) is used in association frames to exchange the DH public keys. For backwards compatibility, ignore missing request/response DH parameter and fall back to no PFS in such cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
#ifdef CONFIG_DPP2
wpa_sm_set_dpp_z(wpa_s->wpa, NULL);
DPP: Allow version number to be overridden for testing purposes "SET dpp_version_override <ver>" can now be used to request wpa_supplicant and hostapd to support a subset of DPP versions. In practice, the only valid case for now is to fall back from DPP version 2 support to version 1 in builds that include CONFIG_DPP2=y. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
if (DPP_VERSION > 1 && wpa_s->key_mgmt == WPA_KEY_MGMT_DPP &&
wpa_s->dpp_pfs) {
DPP2: PFS for PTK derivation Use Diffie-Hellman key exchange to derivate additional material for PMK-to-PTK derivation to get PFS. The Diffie-Hellman Parameter element (defined in OWE RFC 8110) is used in association frames to exchange the DH public keys. For backwards compatibility, ignore missing request/response DH parameter and fall back to no PFS in such cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
struct ieee802_11_elems elems;
if (ieee802_11_parse_elems(data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len,
&elems, 0) == ParseFailed ||
!elems.owe_dh)
goto no_pfs;
if (dpp_pfs_process(wpa_s->dpp_pfs, elems.owe_dh,
elems.owe_dh_len) < 0) {
wpa_supplicant_deauthenticate(wpa_s,
WLAN_REASON_UNSPECIFIED);
return -1;
}
wpa_sm_set_dpp_z(wpa_s->wpa, wpa_s->dpp_pfs->secret);
}
no_pfs:
#endif /* CONFIG_DPP2 */
Add SME support (separate authentication and association) This can be used, e.g., with mac80211-based Linux drivers with nl80211. This allows over-the-air FT protocol to be used (IEEE 802.11r). Since the nl80211 interface needed for this is very recent (added today into wireless-testing.git), driver_nl80211.c has backwards compatibility code that uses WEXT for association if the kernel does not support the new commands. This compatibility code can be disabled by defining NO_WEXT_COMPAT. That code will also be removed at some point to clean up driver_nl80211.c.
15 years ago
#ifdef CONFIG_IEEE80211R
FT: Process reassoc resp FT IEs when using wpa_supplicant SME
14 years ago
#ifdef CONFIG_SME
if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FT) {
MSCS: Parse result of MSCS setup in (Re)Association Response frames Add support to parse the (Re)Association Response frames to check if the AP has accepted/declined the MSCS request in response to the corresponding (Re)Association Request frame. AP indicates the result by setting it in the optional MSCS Status subelement of MSCS Descriptor element in (Re)Association Response frame. This MSCS Status subelement is defined in the process of being added into P802.11-REVmd/D4.0 (11-20-0516-17-000m-cr-mscs-and-cid4158). Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
4 years ago
if (!bssid_known ||
FT: Process reassoc resp FT IEs when using wpa_supplicant SME
14 years ago
wpa_ft_validate_reassoc_resp(wpa_s->wpa,
data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len,
bssid) < 0) {
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "FT: Validation of "
"Reassociation Response failed");
FT: Deauthenticate in case of Reassoc Response validation error If validation of the Reassociation Response frame fails during FT Protocol, do not allow association to be completed; instead, force deauthentication.
14 years ago
wpa_supplicant_deauthenticate(
wpa_s, WLAN_REASON_INVALID_IE);
return -1;
FT: Process reassoc resp FT IEs when using wpa_supplicant SME
14 years ago
}
}
Add SME support (separate authentication and association) This can be used, e.g., with mac80211-based Linux drivers with nl80211. This allows over-the-air FT protocol to be used (IEEE 802.11r). Since the nl80211 interface needed for this is very recent (added today into wireless-testing.git), driver_nl80211.c has backwards compatibility code that uses WEXT for association if the kernel does not support the new commands. This compatibility code can be disabled by defining NO_WEXT_COMPAT. That code will also be removed at some point to clean up driver_nl80211.c.
15 years ago
p = data->assoc_info.resp_ies;
l = data->assoc_info.resp_ies_len;
WPS 2.0: Validate WPS attributes in management frames and WSC messages If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and reject the frames if any of the mandatory attributes is missing or if an included attribute uses an invalid value. In addition, verify that all mandatory attributes are included and have valid values in the WSC messages.
14 years ago
#ifdef CONFIG_WPS_STRICT
WPS: Use strict validation of (Re)AssocResp only if IEs are known
13 years ago
if (p && wpa_s->current_ssid &&
WPS 2.0: Validate WPS attributes in management frames and WSC messages If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and reject the frames if any of the mandatory attributes is missing or if an included attribute uses an invalid value. In addition, verify that all mandatory attributes are included and have valid values in the WSC messages.
14 years ago
wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_WPS) {
struct wpabuf *wps;
wps = ieee802_11_vendor_ie_concat(p, l, WPS_IE_VENDOR_TYPE);
if (wps == NULL) {
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_msg(wpa_s, MSG_INFO, "WPS-STRICT: AP did not "
"include WPS IE in (Re)Association Response");
WPS 2.0: Validate WPS attributes in management frames and WSC messages If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and reject the frames if any of the mandatory attributes is missing or if an included attribute uses an invalid value. In addition, verify that all mandatory attributes are included and have valid values in the WSC messages.
14 years ago
return -1;
}
if (wps_validate_assoc_resp(wps) < 0) {
wpabuf_free(wps);
wpa_supplicant_deauthenticate(
wpa_s, WLAN_REASON_INVALID_IE);
return -1;
}
wpabuf_free(wps);
}
#endif /* CONFIG_WPS_STRICT */
FT: Clean up wpa_sm_set_ft_params() by using common parse Instead of parsing the IEs in the callers, use the already existing parser in wpa_ft.c to handle MDIE and FTIE from initial MD association response. In addition, this provides more complete access to association response IEs to FT code which will be needed to fix FT 4-way handshake message 2/4.
14 years ago
/* Go through the IEs and make a copy of the MDIE, if present. */
Add SME support (separate authentication and association) This can be used, e.g., with mac80211-based Linux drivers with nl80211. This allows over-the-air FT protocol to be used (IEEE 802.11r). Since the nl80211 interface needed for this is very recent (added today into wireless-testing.git), driver_nl80211.c has backwards compatibility code that uses WEXT for association if the kernel does not support the new commands. This compatibility code can be disabled by defining NO_WEXT_COMPAT. That code will also be removed at some point to clean up driver_nl80211.c.
15 years ago
while (p && l >= 2) {
len = p[1] + 2;
if (len > l) {
wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info",
p, l);
break;
}
FT: Clean up wpa_sm_set_ft_params() by using common parse Instead of parsing the IEs in the callers, use the already existing parser in wpa_ft.c to handle MDIE and FTIE from initial MD association response. In addition, this provides more complete access to association response IEs to FT code which will be needed to fix FT 4-way handshake message 2/4.
14 years ago
if (p[0] == WLAN_EID_MOBILITY_DOMAIN &&
p[1] >= MOBILITY_DOMAIN_ID_LEN) {
wpa_s->sme.ft_used = 1;
os_memcpy(wpa_s->sme.mobility_domain, p + 2,
MOBILITY_DOMAIN_ID_LEN);
break;
}
Add SME support (separate authentication and association) This can be used, e.g., with mac80211-based Linux drivers with nl80211. This allows over-the-air FT protocol to be used (IEEE 802.11r). Since the nl80211 interface needed for this is very recent (added today into wireless-testing.git), driver_nl80211.c has backwards compatibility code that uses WEXT for association if the kernel does not support the new commands. This compatibility code can be disabled by defining NO_WEXT_COMPAT. That code will also be removed at some point to clean up driver_nl80211.c.
15 years ago
l -= len;
p += len;
}
FT: Clean up wpa_sm_set_ft_params() by using common parse Instead of parsing the IEs in the callers, use the already existing parser in wpa_ft.c to handle MDIE and FTIE from initial MD association response. In addition, this provides more complete access to association response IEs to FT code which will be needed to fix FT 4-way handshake message 2/4.
14 years ago
#endif /* CONFIG_SME */
Add SME support (separate authentication and association) This can be used, e.g., with mac80211-based Linux drivers with nl80211. This allows over-the-air FT protocol to be used (IEEE 802.11r). Since the nl80211 interface needed for this is very recent (added today into wireless-testing.git), driver_nl80211.c has backwards compatibility code that uses WEXT for association if the kernel does not support the new commands. This compatibility code can be disabled by defining NO_WEXT_COMPAT. That code will also be removed at some point to clean up driver_nl80211.c.
15 years ago
FT: Add support for IEEE 802.11r with driver-based SME Add NL80211_CMD_UPDATE_FT_IES to support update of FT IEs to the WLAN driver. Add NL80211_CMD_FT_EVENT to send FT event from the WLAN driver. This will carry the target AP's MAC address along with the relevant Information Elements. This event is used to report received FT IEs (MDIE, FTIE, RSN IE, TIE, RICIE). Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
11 years ago
/* Process FT when SME is in the driver */
if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
wpa_ft_is_completed(wpa_s->wpa)) {
MSCS: Parse result of MSCS setup in (Re)Association Response frames Add support to parse the (Re)Association Response frames to check if the AP has accepted/declined the MSCS request in response to the corresponding (Re)Association Request frame. AP indicates the result by setting it in the optional MSCS Status subelement of MSCS Descriptor element in (Re)Association Response frame. This MSCS Status subelement is defined in the process of being added into P802.11-REVmd/D4.0 (11-20-0516-17-000m-cr-mscs-and-cid4158). Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
4 years ago
if (!bssid_known ||
FT: Add support for IEEE 802.11r with driver-based SME Add NL80211_CMD_UPDATE_FT_IES to support update of FT IEs to the WLAN driver. Add NL80211_CMD_FT_EVENT to send FT event from the WLAN driver. This will carry the target AP's MAC address along with the relevant Information Elements. This event is used to report received FT IEs (MDIE, FTIE, RSN IE, TIE, RICIE). Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
11 years ago
wpa_ft_validate_reassoc_resp(wpa_s->wpa,
data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len,
bssid) < 0) {
wpa_dbg(wpa_s, MSG_DEBUG, "FT: Validation of "
"Reassociation Response failed");
wpa_supplicant_deauthenticate(
wpa_s, WLAN_REASON_INVALID_IE);
return -1;
}
wpa_dbg(wpa_s, MSG_DEBUG, "FT: Reassociation Response done");
}
FT: Clean up wpa_sm_set_ft_params() by using common parse Instead of parsing the IEs in the callers, use the already existing parser in wpa_ft.c to handle MDIE and FTIE from initial MD association response. In addition, this provides more complete access to association response IEs to FT code which will be needed to fix FT 4-way handshake message 2/4.
14 years ago
wpa_sm_set_ft_params(wpa_s->wpa, data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len);
Add SME support (separate authentication and association) This can be used, e.g., with mac80211-based Linux drivers with nl80211. This allows over-the-air FT protocol to be used (IEEE 802.11r). Since the nl80211 interface needed for this is very recent (added today into wireless-testing.git), driver_nl80211.c has backwards compatibility code that uses WEXT for association if the kernel does not support the new commands. This compatibility code can be disabled by defining NO_WEXT_COMPAT. That code will also be removed at some point to clean up driver_nl80211.c.
15 years ago
#endif /* CONFIG_IEEE80211R */
MSCS: Parse result of MSCS setup in (Re)Association Response frames Add support to parse the (Re)Association Response frames to check if the AP has accepted/declined the MSCS request in response to the corresponding (Re)Association Request frame. AP indicates the result by setting it in the optional MSCS Status subelement of MSCS Descriptor element in (Re)Association Response frame. This MSCS Status subelement is defined in the process of being added into P802.11-REVmd/D4.0 (11-20-0516-17-000m-cr-mscs-and-cid4158). Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
4 years ago
if (bssid_known)
wpas_handle_assoc_resp_mscs(wpa_s, bssid,
data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
/* WPA/RSN IE from Beacon/ProbeResp */
p = data->assoc_info.beacon_ies;
l = data->assoc_info.beacon_ies_len;
/* Go through the IEs and make a copy of the WPA/RSN IEs, if present.
*/
wpa_found = rsn_found = 0;
while (p && l >= 2) {
len = p[1] + 2;
if (len > l) {
wpa_hexdump(MSG_DEBUG, "Truncated IE in beacon_ies",
p, l);
break;
}
if (!wpa_found &&
p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0) {
wpa_found = 1;
wpa_sm_set_ap_wpa_ie(wpa_s->wpa, p, len);
}
if (!rsn_found &&
p[0] == WLAN_EID_RSN && p[1] >= 2) {
rsn_found = 1;
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, p, len);
}
RSN: Verify RSNXE match between Beacon/ProbeResp and EAPOL-Key msg 3/4 If the AP advertises RSN Extension element, it has to be advertised consistently in the unprotected (Beacon and Probe Response) and protected (EAPOL-Key msg 3/4) frames. Verify that this is the case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
if (p[0] == WLAN_EID_RSNX && p[1] >= 1)
wpa_sm_set_ap_rsnxe(wpa_s->wpa, p, len);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
l -= len;
p += len;
}
if (!wpa_found && data->assoc_info.beacon_ies)
wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
RSN: Verify RSNXE match between Beacon/ProbeResp and EAPOL-Key msg 3/4 If the AP advertises RSN Extension element, it has to be advertised consistently in the unprotected (Beacon and Probe Response) and protected (EAPOL-Key msg 3/4) frames. Verify that this is the case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
if (!rsn_found && data->assoc_info.beacon_ies) {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
RSN: Verify RSNXE match between Beacon/ProbeResp and EAPOL-Key msg 3/4 If the AP advertises RSN Extension element, it has to be advertised consistently in the unprotected (Beacon and Probe Response) and protected (EAPOL-Key msg 3/4) frames. Verify that this is the case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
wpa_sm_set_ap_rsnxe(wpa_s->wpa, NULL, 0);
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (wpa_found || rsn_found)
wpa_s->ap_ies_from_associnfo = 1;
Add an option for driver wrappers to report operational frequency
15 years ago
Update BSS table entry if roaming event indicates frequency change This is needed to make sure the frequency in the BSS table entry remains up-to-date if the AP changes its operating frequency.
13 years ago
if (wpa_s->assoc_freq && data->assoc_info.freq &&
wpa_s->assoc_freq != data->assoc_info.freq) {
wpa_printf(MSG_DEBUG, "Operating frequency changed from "
"%u to %u MHz",
wpa_s->assoc_freq, data->assoc_info.freq);
wpa_supplicant_update_scan_results(wpa_s);
}
Add an option for driver wrappers to report operational frequency
15 years ago
wpa_s->assoc_freq = data->assoc_info.freq;
FT: Deauthenticate in case of Reassoc Response validation error If validation of the Reassociation Response frame fails during FT Protocol, do not allow association to be completed; instead, force deauthentication.
14 years ago
DSCP: Parse WFA Capabilities element in (Re)Association Response frame Add support to parse WFA Capabilities element from the (Re)Association Response frame. Also register a timeout for the station to wait before sending a new DSCP query if requested by AP. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
3 years ago
wpas_handle_assoc_resp_qos_mgmt(wpa_s, data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len);
FT: Deauthenticate in case of Reassoc Response validation error If validation of the Reassociation Response frame fails during FT Protocol, do not allow association to be completed; instead, force deauthentication.
14 years ago
return 0;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
Fix CONFIG_NO_SCAN_PROCESSING=y build This fixes a build regression from commit cd2f4ddfb91c330c778d7464a393c5f26f07d432 by moving wpa_supplicant_assoc_update_ie() outside the no-scan-processing ifdef block. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
static int wpa_supplicant_assoc_update_ie(struct wpa_supplicant *wpa_s)
{
RSN: Verify RSNXE match between Beacon/ProbeResp and EAPOL-Key msg 3/4 If the AP advertises RSN Extension element, it has to be advertised consistently in the unprotected (Beacon and Probe Response) and protected (EAPOL-Key msg 3/4) frames. Verify that this is the case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
const u8 *bss_wpa = NULL, *bss_rsn = NULL, *bss_rsnx = NULL;
Fix CONFIG_NO_SCAN_PROCESSING=y build This fixes a build regression from commit cd2f4ddfb91c330c778d7464a393c5f26f07d432 by moving wpa_supplicant_assoc_update_ie() outside the no-scan-processing ifdef block. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
if (!wpa_s->current_bss || !wpa_s->current_ssid)
return -1;
if (!wpa_key_mgmt_wpa_any(wpa_s->current_ssid->key_mgmt))
return 0;
bss_wpa = wpa_bss_get_vendor_ie(wpa_s->current_bss,
WPA_IE_VENDOR_TYPE);
bss_rsn = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_RSN);
RSN: Verify RSNXE match between Beacon/ProbeResp and EAPOL-Key msg 3/4 If the AP advertises RSN Extension element, it has to be advertised consistently in the unprotected (Beacon and Probe Response) and protected (EAPOL-Key msg 3/4) frames. Verify that this is the case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
bss_rsnx = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_RSNX);
Fix CONFIG_NO_SCAN_PROCESSING=y build This fixes a build regression from commit cd2f4ddfb91c330c778d7464a393c5f26f07d432 by moving wpa_supplicant_assoc_update_ie() outside the no-scan-processing ifdef block. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
bss_wpa ? 2 + bss_wpa[1] : 0) ||
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
RSN: Verify RSNXE match between Beacon/ProbeResp and EAPOL-Key msg 3/4 If the AP advertises RSN Extension element, it has to be advertised consistently in the unprotected (Beacon and Probe Response) and protected (EAPOL-Key msg 3/4) frames. Verify that this is the case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
bss_rsn ? 2 + bss_rsn[1] : 0) ||
wpa_sm_set_ap_rsnxe(wpa_s->wpa, bss_rsnx,
bss_rsnx ? 2 + bss_rsnx[1] : 0))
Fix CONFIG_NO_SCAN_PROCESSING=y build This fixes a build regression from commit cd2f4ddfb91c330c778d7464a393c5f26f07d432 by moving wpa_supplicant_assoc_update_ie() outside the no-scan-processing ifdef block. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
return -1;
return 0;
}
FST: Improve parsing of Multiband IEs Previously, MB IEs were parsed only from association event. Try to get MB IEs from other management frames like Probe Response frames. The MB IEs from the association event may not be up-to-date and in some cases may actually be missing and updating the information based on other frames can improve robustness of FST exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
static void wpas_fst_update_mb_assoc(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
#ifdef CONFIG_FST
struct assoc_info *ai = data ? &data->assoc_info : NULL;
struct wpa_bss *bss = wpa_s->current_bss;
const u8 *ieprb, *iebcn;
wpabuf_free(wpa_s->received_mb_ies);
wpa_s->received_mb_ies = NULL;
if (ai &&
!wpas_fst_update_mbie(wpa_s, ai->resp_ies, ai->resp_ies_len)) {
wpa_printf(MSG_DEBUG,
"FST: MB IEs updated from Association Response frame");
return;
}
if (ai &&
!wpas_fst_update_mbie(wpa_s, ai->beacon_ies, ai->beacon_ies_len)) {
wpa_printf(MSG_DEBUG,
"FST: MB IEs updated from association event Beacon IEs");
return;
}
if (!bss)
return;
BSS: Use wrapper function for getting a pointer to the IE buffer This makes it easier to change the internal struct wpa_bss design for storing the variable length IE buffers. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
ieprb = wpa_bss_ie_ptr(bss);
FST: Improve parsing of Multiband IEs Previously, MB IEs were parsed only from association event. Try to get MB IEs from other management frames like Probe Response frames. The MB IEs from the association event may not be up-to-date and in some cases may actually be missing and updating the information based on other frames can improve robustness of FST exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
iebcn = ieprb + bss->ie_len;
if (!wpas_fst_update_mbie(wpa_s, ieprb, bss->ie_len))
wpa_printf(MSG_DEBUG, "FST: MB IEs updated from bss IE");
else if (!wpas_fst_update_mbie(wpa_s, iebcn, bss->beacon_ie_len))
wpa_printf(MSG_DEBUG, "FST: MB IEs updated from bss beacon IE");
#endif /* CONFIG_FST */
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
u8 bssid[ETH_ALEN];
Fix EAP state machine reset with offloaded roaming and authorization If the driver indicates a roamed event with already completed authorization, altAccept = TRUE could have resulted in the EAP state machine ending up in the FAILURE state from the INITIALIZE state. This is not correct behavior and similar cases were already addressed for FT and WPA-PSK. Fix the offloaded roamed+authorized (EAP/PMKSA caching) case by doing similar changes to EAPOL/EAP state variable updates during association event handling. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
int ft_completed, already_authorized;
Update AP WPA/RSN IE on all associations if driver can select BSS It is possible for driver-based BSS selection to end up reassociating back to the current AP. If wpa_supplicant preferred another BSS, it would have updated the internal knowledge of the AP's WPA/RSN IE when requesting a new connection. In the special case of existing association and new association being with the same BSS that is different from the wpa_supplicant preference, association event processing skipped the WPA/RSN IE update. This could result in the following 4-way handshake getting rejected due to incorrectly detected mismatch with AP's RSN/WPA IE between Beacon/Probe Response frame and EAPOL-Key msg 3/4. Fix this by updating the AP WPA/RSN IE on all association events when driver-based BSS selection is used regardless of whether the BSSID changes. This could also cover a theoretical case of the AP changing its RSN/WPA IE at the very moment we try to reassociate back to the same BSS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
int new_bss = 0;
MBO/OCE: Update disable_mbo_oce flag after association After roaming to an AP, update disable_mbo_oce flag based on the current BSS capabilities. This flag is used to check whether STA should support MBO/OCE features and process BTM request received from the current connected AP. When a STA roams from a WPA2 MBO/OCE AP with PMF enabled to a misbehaving WPA2 MBO/OCE AP without PMF, or if the driver chooses a BSS in which PMF is not enabled for the initial connection, BTM requests from such APs should not be processed by STA. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
#if defined(CONFIG_FILS) || defined(CONFIG_MBO)
struct wpa_bss *bss;
#endif /* CONFIG_FILS || CONFIG_MBO */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
Use generic driver event notification for AP mode assoc/disassoc
15 years ago
#ifdef CONFIG_AP
if (wpa_s->ap_iface) {
Check for EVENT_ASSOC data to be present for AP mode operation wpa_supplicant_event() is required to include the event data for AP mode events. In theory, a non-AP mode event could be sent here from the driver wrapper, so reject such event. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
if (!data)
return;
Use generic driver event notification for AP mode assoc/disassoc
15 years ago
hostapd_notif_assoc(wpa_s->ap_iface->bss[0],
data->assoc_info.addr,
data->assoc_info.req_ies,
Indicate assoc vs. reassoc in association event This allows driver wrappers to indicate whether the association was done using Association Request/Response or with Reassociation Request/Response frames.
14 years ago
data->assoc_info.req_ies_len,
data->assoc_info.reassoc);
Use generic driver event notification for AP mode assoc/disassoc
15 years ago
return;
}
#endif /* CONFIG_AP */
Delay AP selection if all networks are temporarily disabled If all networks are temporarily disabled, delay AP selection until at least one network is enabled. Running AP selection when all networks are disabled is useless as wpa_supplicant will not try to connect. In addition, it will result in needless scan iterations that may delay the connection when it is needed. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
9 years ago
eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
STA: Allow PTK rekeying without Ext KeyID to be disabled as a workaround Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken implementations and should be avoided when using or interacting with one. The effects can be triggered by either end of the connection and range from hardly noticeable disconnects over long connection freezes up to leaking clear text MPDUs. To allow affected users to mitigate the issues, add a new configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with fast reconnects. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
4 years ago
wpa_s->own_reconnect_req = 0;
Delay AP selection if all networks are temporarily disabled If all networks are temporarily disabled, delay AP selection until at least one network is enabled. Running AP selection when all networks are disabled is useless as wpa_supplicant will not try to connect. In addition, it will result in needless scan iterations that may delay the connection when it is needed. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
9 years ago
Use generic driver event notification for AP mode assoc/disassoc
15 years ago
ft_completed = wpa_ft_is_completed(wpa_s->wpa);
FT: Deauthenticate in case of Reassoc Response validation error If validation of the Reassociation Response frame fails during FT Protocol, do not allow association to be completed; instead, force deauthentication.
14 years ago
if (data && wpa_supplicant_event_associnfo(wpa_s, data) < 0)
return;
FILS: Association Response processing (STA) Decrypt the AES-SIV protected elements and verify Key-Auth. Parse and configure keys to the driver. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
/*
* FILS authentication can share the same mechanism to mark the
* connection fully authenticated, so set ft_completed also based on
* FILS result.
*/
if (!ft_completed)
ft_completed = wpa_fils_is_completed(wpa_s->wpa);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
Do not proceed with association if get_bssid() returns failure This is the normal flow for association: wpa_supplicant <--(EVENT_ASSOC event )-- device driver wpa_supplicant --( get_bssid() )--> device driver wpa_supplicant <--( return BSSID )-- device driver However, a device driver could return EINVAL for get_bssid() because it recognizes it has already been disconnected. When the wpa_supplicant received EINVAL, the bssid field could be used uninitialized in the following flow: wpa_supplicant <--(EVENT_ASSOC event )-- device driver device driver (receive deauth) wpa_supplicant --( get_bssid() )--> device driver wpa_supplicant <--( return EINVAL )-- device driver Prevent this by requiring the get_bssid() call to succeed when processing association events.
12 years ago
if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
wpa_dbg(wpa_s, MSG_ERROR, "Failed to get BSSID");
Use deauthentication instead of disassociation if not associated cfg80211/mac80211 may reject disassociation command if association has not yet been formed. Use deauthentication in cases where it is possible that we are associating at the moment the command is issued. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
wpa_supplicant_deauthenticate(
Do not proceed with association if get_bssid() returns failure This is the normal flow for association: wpa_supplicant <--(EVENT_ASSOC event )-- device driver wpa_supplicant --( get_bssid() )--> device driver wpa_supplicant <--( return BSSID )-- device driver However, a device driver could return EINVAL for get_bssid() because it recognizes it has already been disconnected. When the wpa_supplicant received EINVAL, the bssid field could be used uninitialized in the following flow: wpa_supplicant <--(EVENT_ASSOC event )-- device driver device driver (receive deauth) wpa_supplicant --( get_bssid() )--> device driver wpa_supplicant <--( return EINVAL )-- device driver Prevent this by requiring the get_bssid() call to succeed when processing association events.
12 years ago
wpa_s, WLAN_REASON_DEAUTH_LEAVING);
return;
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATED);
Do not proceed with association if get_bssid() returns failure This is the normal flow for association: wpa_supplicant <--(EVENT_ASSOC event )-- device driver wpa_supplicant --( get_bssid() )--> device driver wpa_supplicant <--( return BSSID )-- device driver However, a device driver could return EINVAL for get_bssid() because it recognizes it has already been disconnected. When the wpa_supplicant received EINVAL, the bssid field could be used uninitialized in the following flow: wpa_supplicant <--(EVENT_ASSOC event )-- device driver device driver (receive deauth) wpa_supplicant --( get_bssid() )--> device driver wpa_supplicant <--( return EINVAL )-- device driver Prevent this by requiring the get_bssid() call to succeed when processing association events.
12 years ago
if (os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0) {
dbus: Export roam time, roam complete, and session length Add new Interface properties "RoamTime", "RoamComplete", and "SessionLength". "RoamTime" carries the roam time of the most recent roam in milliseconds. "RoamComplete" carries True or False corresponding to the success status of the most recent roam. "SessionLength" carries the number of milliseconds corresponding to how long the connection to the last AP was before a roam or disconnect happened. Signed-off-by: Matthew Wang <matthewmwang@chromium.org>
6 years ago
if (os_reltime_initialized(&wpa_s->session_start)) {
os_reltime_age(&wpa_s->session_start,
&wpa_s->session_length);
wpa_s->session_start.sec = 0;
wpa_s->session_start.usec = 0;
wpas_notify_session_length(wpa_s);
} else {
wpas_notify_auth_changed(wpa_s);
os_get_reltime(&wpa_s->session_start);
}
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Associated to a new BSS: BSSID="
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
MACSTR, MAC2STR(bssid));
Update AP WPA/RSN IE on all associations if driver can select BSS It is possible for driver-based BSS selection to end up reassociating back to the current AP. If wpa_supplicant preferred another BSS, it would have updated the internal knowledge of the AP's WPA/RSN IE when requesting a new connection. In the special case of existing association and new association being with the same BSS that is different from the wpa_supplicant preference, association event processing skipped the WPA/RSN IE update. This could result in the following 4-way handshake getting rejected due to incorrectly detected mismatch with AP's RSN/WPA IE between Beacon/Probe Response frame and EAPOL-Key msg 3/4. Fix this by updating the AP WPA/RSN IE on all association events when driver-based BSS selection is used regardless of whether the BSSID changes. This could also cover a theoretical case of the AP changing its RSN/WPA IE at the very moment we try to reassociate back to the same BSS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
new_bss = 1;
Maintain internal entropy pool for augmenting random number generation By default, make hostapd and wpa_supplicant maintain an internal entropy pool that is fed with following information: hostapd: - Probe Request frames (timing, RSSI) - Association events (timing) - SNonce from Supplicants wpa_supplicant: - Scan results (timing, signal/noise) - Association events (timing) The internal pool is used to augment the random numbers generated with the OS mechanism (os_get_random()). While the internal implementation is not expected to be very strong due to limited amount of generic (non-platform specific) information to feed the pool, this may strengthen key derivation on some devices that are not configured to provide strong random numbers through os_get_random() (e.g., /dev/urandom on Linux/BSD). This new mechanism is not supposed to replace proper OS provided random number generation mechanism. The OS mechanism needs to be initialized properly (e.g., hw random number generator, maintaining entropy pool over reboots, etc.) for any of the security assumptions to hold. If the os_get_random() is known to provide strong ramdom data (e.g., on Linux/BSD, the board in question is known to have reliable source of random data from /dev/urandom), the internal hostapd random pool can be disabled. This will save some in binary size and CPU use. However, this should only be considered for builds that are known to be used on devices that meet the requirements described above. The internal pool is disabled by adding CONFIG_NO_RANDOM_POOL=y to the .config file.
14 years ago
random_add_randomness(bssid, ETH_ALEN);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
os_memcpy(wpa_s->bssid, bssid, ETH_ALEN);
os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
Remove unnecessary bssid_changed check The os_memcmp of bssid and wpa_s->bssid cannot return 0 in this code path since identical os_memcmp was already done above. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
wpas_notify_bssid_changed(wpa_s);
Add wpa_supplicant notification calls This introduces a new mechanism for collecting notification calls into a single place (notify.c). As a result of this, most of the wpa_supplicant code does not need to know about dbus (etc. mechanisms that could use the notifications). Some empty placeholder functions are also added in preparation of new dbus code that needs more event notifications.
15 years ago
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (wpa_supplicant_dynamic_keys(wpa_s) && !ft_completed) {
wpa_clear_keys(wpa_s, bssid);
}
if (wpa_supplicant_select_config(wpa_s) < 0) {
Use deauthentication instead of disassociation if not associated cfg80211/mac80211 may reject disassociation command if association has not yet been formed. Use deauthentication in cases where it is possible that we are associating at the moment the command is issued. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
wpa_supplicant_deauthenticate(
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_s, WLAN_REASON_DEAUTH_LEAVING);
return;
}
Update AP WPA/RSN IE on all associations if driver can select BSS It is possible for driver-based BSS selection to end up reassociating back to the current AP. If wpa_supplicant preferred another BSS, it would have updated the internal knowledge of the AP's WPA/RSN IE when requesting a new connection. In the special case of existing association and new association being with the same BSS that is different from the wpa_supplicant preference, association event processing skipped the WPA/RSN IE update. This could result in the following 4-way handshake getting rejected due to incorrectly detected mismatch with AP's RSN/WPA IE between Beacon/Probe Response frame and EAPOL-Key msg 3/4. Fix this by updating the AP WPA/RSN IE on all association events when driver-based BSS selection is used regardless of whether the BSSID changes. This could also cover a theoretical case of the AP changing its RSN/WPA IE at the very moment we try to reassociate back to the same BSS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
}
Update WPA/RSN IE properly for driver based BSS selection This patch fixes an issue with roaming for drivers that set WPA_DRIVER_FLAGS_BSS_SELECTION (currently ath6kl). On moving to an AP with a different BSSID, an EVENT_ASSOC is received and the subsequent 4-way handshake may fail because of a mismatch between the RSN IE in message 3/4 and in Beacon/Probe Response. This happens only when the APs use different RSN IE contents and ap_scan is set to 1, since wpa_supplicant fails to update its cached IEs. Initial association may fail, too, in case of multiple APs with the same SSID, since BSSID selection is done by the driver and again a mismatch could be seen. Fix these two issues by clearing and updating the cached IEs on receiving an Association event from the driver. Also, retrieve the scan results when the new BSS information is not present locally. Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>
12 years ago
Update ciphers to address GTK renewal failures while roaming After roaming from WPA2-AP (group=CCMP) to WPA-AP (group=TKIP) using driver-based SME and roaming trigger, GTK renewal failures are observed for the currently associated WPA-AP because of group cipher mismatch, resulting in deauthentication with the AP. Update the group cipher and pairwise cipher values in wpa_sm from association event received from the driver in case of SME offload to the driver to address GTK renewal failures (and similar issues) that could happen when the driver/firmware roams between APs with different security profiles. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
3 years ago
if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
data && wpa_supplicant_use_own_rsne_params(wpa_s, data) < 0)
return;
Multi-AP: Set 4-address mode after network selection Split multi_ap_process_assoc_resp() to set 4-address mode after network selection. Previously, wpa_s->current_ssid might have been NULL in some cases and that would have resulted in 4-address mode not getting enabled properly. Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
4 years ago
multi_ap_set_4addr_mode(wpa_s);
Update AP WPA/RSN IE on all associations if driver can select BSS It is possible for driver-based BSS selection to end up reassociating back to the current AP. If wpa_supplicant preferred another BSS, it would have updated the internal knowledge of the AP's WPA/RSN IE when requesting a new connection. In the special case of existing association and new association being with the same BSS that is different from the wpa_supplicant preference, association event processing skipped the WPA/RSN IE update. This could result in the following 4-way handshake getting rejected due to incorrectly detected mismatch with AP's RSN/WPA IE between Beacon/Probe Response frame and EAPOL-Key msg 3/4. Fix this by updating the AP WPA/RSN IE on all association events when driver-based BSS selection is used regardless of whether the BSSID changes. This could also cover a theoretical case of the AP changing its RSN/WPA IE at the very moment we try to reassociate back to the same BSS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (wpa_s->conf->ap_scan == 1 &&
wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION) {
if (wpa_supplicant_assoc_update_ie(wpa_s) < 0 && new_bss)
wpa_msg(wpa_s, MSG_WARNING,
"WPA/RSN IEs not updated");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
FST: Improve parsing of Multiband IEs Previously, MB IEs were parsed only from association event. Try to get MB IEs from other management frames like Probe Response frames. The MB IEs from the association event may not be up-to-date and in some cases may actually be missing and updating the information based on other frames can improve robustness of FST exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
wpas_fst_update_mb_assoc(wpa_s, data);
nl80211/SME: Use reassociation when roaming within the ESS
15 years ago
#ifdef CONFIG_SME
os_memcpy(wpa_s->sme.prev_bssid, bssid, ETH_ALEN);
wpa_s->sme.prev_bssid_set = 1;
Rate limit SA Query procedure initiation on unprotected disconnect There is no need to trigger new SA Query procedure to check the state of the connection immediately after having performed such a check. Limit the impact of burst of unprotected Deauth/Disassoc frames by starting a new SA Query procedure only once at least 10 seconds has passed from the previous SA Query that was triggered by reception of an unprotected disconnection. The first SA Query procedure for each association does not follow this rule to avoid issues with test cases that expect to see an SA Query every time. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_s->sme.last_unprot_disconnect.sec = 0;
nl80211/SME: Use reassociation when roaming within the ESS
15 years ago
#endif /* CONFIG_SME */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_msg(wpa_s, MSG_INFO, "Associated with " MACSTR, MAC2STR(bssid));
if (wpa_s->current_ssid) {
/* When using scanning (ap_scan=1), SIM PC/SC interface can be
* initialized before association, but for other modes,
* initialize PC/SC here, if the current configuration needs
* smartcard or SIM/USIM. */
wpa_supplicant_scard_init(wpa_s, wpa_s->current_ssid);
}
wpa_sm_notify_assoc(wpa_s->wpa, bssid);
Verify that l2_packet is initialized before notification call It is possible that l2_packet is not used with wpa_supplicant in some cases, so better make sure we do not end up notifying l2_packet code about authentications unless it was actually initialized in the first place.
14 years ago
if (wpa_s->l2)
l2_packet_notify_auth_start(wpa_s->l2);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
Fix EAP state machine reset with offloaded roaming and authorization If the driver indicates a roamed event with already completed authorization, altAccept = TRUE could have resulted in the EAP state machine ending up in the FAILURE state from the INITIALIZE state. This is not correct behavior and similar cases were already addressed for FT and WPA-PSK. Fix the offloaded roamed+authorized (EAP/PMKSA caching) case by doing similar changes to EAPOL/EAP state variable updates during association event handling. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
already_authorized = data && data->assoc_info.authorized;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
/*
EAPOL supp: Convert Boolean to C99 bool Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
* Set portEnabled first to false in order to get EAP state machine out
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
* of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE
* state machine may transit to AUTHENTICATING state based on obsolete
* eapSuccess and then trigger BE_AUTH to SUCCESS and PAE to
* AUTHENTICATED without ever giving chance to EAP state machine to
* reset the state.
*/
Fix EAP state machine reset with offloaded roaming and authorization If the driver indicates a roamed event with already completed authorization, altAccept = TRUE could have resulted in the EAP state machine ending up in the FAILURE state from the INITIALIZE state. This is not correct behavior and similar cases were already addressed for FT and WPA-PSK. Fix the offloaded roamed+authorized (EAP/PMKSA caching) case by doing similar changes to EAPOL/EAP state variable updates during association event handling. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
if (!ft_completed && !already_authorized) {
EAPOL supp: Convert Boolean to C99 bool Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
eapol_sm_notify_portEnabled(wpa_s->eapol, false);
eapol_sm_notify_portValid(wpa_s->eapol, false);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
OWE: Define and parse OWE AKM selector This adds a new RSN AKM "OWE". Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
DPP: Add new AKM This new AKM is used with DPP when using the signed Connector to derive a PMK. Since the KCK, KEK, and MIC lengths are variable within a single AKM, this needs number of additional changes to get the PMK length delivered to places that need to figure out the lengths of the PTK components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
wpa_s->key_mgmt == WPA_KEY_MGMT_DPP ||
OWE: Define and parse OWE AKM selector This adds a new RSN AKM "OWE". Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
wpa_s->key_mgmt == WPA_KEY_MGMT_OWE || ft_completed ||
Clear external eapSuccess setting in driver-authorized cases The conditions for the eapol_sm_notify_eap_success(FALSE) calls did not cover the case where eapol_sm_notify_eap_success(TRUE) had been called based on offloaded 4-way handshake and driver notification of authorization in wpa_supplicant_event_port_authorized(). This could result in eapSuccess and altSuccess state machine variables being left TRUE when roaming to another BSS and that results in EAP failure if the following roaming case does not get fully authorized through the driver offload. Fix this by clearing eapSuccess/altSuccess when processing a new association (including roaming) event and also when disconnecting from the network. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
already_authorized || wpa_s->drv_authorized_port)
EAPOL supp: Convert Boolean to C99 bool Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
eapol_sm_notify_eap_success(wpa_s->eapol, false);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
/* 802.1X::portControl = Auto */
EAPOL supp: Convert Boolean to C99 bool Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
eapol_sm_notify_portEnabled(wpa_s->eapol, true);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_s->eapol_received = 0;
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
IBSS RSN: Wait for connection event and do not use auth timeout Wait for connection (IBSS join completed) event before marking state completed. In addition, do not use the station mode authentication timeout since that can trigger full disconnection from IBSS when there is a timeout with just one of the peers.
15 years ago
wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE ||
(wpa_s->current_ssid &&
wpa_supplicant: Fix type for ssid->mode comparisons The ssid->mode is from type enum wpas_mode and all its constants start with WPAS_MODE_*. Still some of the code sections used the IEEE80211_MODE_* defines instead of WPAS_MODE_*. This should have no impact on the actual code because the constants for INFRA, IBSS, AP and MESH had the same values. Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
5 years ago
wpa_s->current_ssid->mode == WPAS_MODE_IBSS)) {
Check current_ssid on unexpected association event This is mainly to keep static analyzers silent since it does not look like this code path can be reached in practice due to the way association events are handled and current_ssid is either set before resched here or the association is rejected. Anyway, if this could be reached, the wpa_supplicant_set_wpa_none_key() call would end up dereferencing a NULL pointer, so add an explicit check to make sure that does not happen. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
if (wpa_s->current_ssid &&
wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE &&
Try to set WPA-None key after IBSS-joined event cfg80211 rejects the set_key operations before the IBSS network has been fully formed, so add one more attempt to set the key for WPA-None at IBSS joined driver event. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
(wpa_s->drv_flags &
WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE)) {
/*
* Set the key after having received joined-IBSS event
* from the driver.
*/
wpa_supplicant_set_wpa_none_key(wpa_s,
wpa_s->current_ssid);
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_supplicant_cancel_auth_timeout(wpa_s);
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
} else if (!ft_completed) {
/* Timeout for receiving the first EAPOL packet */
wpa_supplicant_req_auth_timeout(wpa_s, 10, 0);
}
wpa_supplicant_cancel_scan(wpa_s);
Fix FILS ERP association event with 4-way HS offload drivers When FILS authentication is used with ERP, no EAPOL frames are expected after association. However, for drivers that set the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X capability flag, the EAP state machine was not configured correctly and was waiting for EAPOL frames, which leads to disconnection. Fix this by reordering the if branches to set the EAPOL/EAP state machines to success when FILS authentication was already completed. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
5 years ago
if (ft_completed) {
/*
* FT protocol completed - make sure EAPOL state machine ends
* up in authenticated.
*/
wpa_supplicant_cancel_auth_timeout(wpa_s);
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
EAPOL supp: Convert Boolean to C99 bool Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
eapol_sm_notify_portValid(wpa_s->eapol, true);
eapol_sm_notify_eap_success(wpa_s->eapol, true);
Fix FILS ERP association event with 4-way HS offload drivers When FILS authentication is used with ERP, no EAPOL frames are expected after association. However, for drivers that set the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X capability flag, the EAP state machine was not configured correctly and was waiting for EAPOL frames, which leads to disconnection. Fix this by reordering the if branches to set the EAPOL/EAP state machines to success when FILS authentication was already completed. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
5 years ago
} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
/*
* We are done; the driver will take care of RSN 4-way
* handshake.
*/
wpa_supplicant_cancel_auth_timeout(wpa_s);
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
EAPOL supp: Convert Boolean to C99 bool Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
eapol_sm_notify_portValid(wpa_s->eapol, true);
eapol_sm_notify_eap_success(wpa_s->eapol, true);
drivers: Add separate driver flags for 802.1X and PSK 4-way HS offloads Allow drivers to indicate support for offloading 4-way handshake for either IEEE 802.1X (WPA2-Enterprise; EAP) and/or WPA/WPA2-PSK (WPA2-Personal) by splitting the WPA_DRIVER_FLAGS_4WAY_HANDSHAKE flag into two separate flags. Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
5 years ago
} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
Set portValid=TRUE on association for driver-based 4-way handshake This was previously done for WPA/WPA2-Personal as part of association processing when the driver is implementing 4-way handshake. The portValid needs to be done for WPA/WPA2-Enterprise to get the proper EAPOL authentication completed callback to configure PMK to the driver.
13 years ago
wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
/*
* The driver will take care of RSN 4-way handshake, so we need
* to allow EAPOL supplicant to complete its work without
* waiting for WPA supplicant.
*/
EAPOL supp: Convert Boolean to C99 bool Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
eapol_sm_notify_portValid(wpa_s->eapol, true);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
Delay processing of EAPOL frames when not associated If an EAPOL frame is received while wpa_supplicant thinks the driver is not associated, queue the frame for processing at the moment when the association event is received. This is a workaround to a race condition in receiving data frames and management events from the kernel. The pending EAPOL frame will not be processed unless an association event is received within 100 msec for the same BSSID.
15 years ago
Extend EAPOL frames processing workaround for roaming cases Commit 1ff733383f3d5c73233ef452a738765667021609 added a mechanism to work around issues due to association events and EAPOL RX events being getting reordered. However, this applied only for the case where wpa_supplicant is not in associated state. The same issue can happen in roaming case with drivers that perform BSS selection internally (or in firmware). Handle that case similarly by delaying received EAPOL frame processing if the source address of the EAPOL frame does not match the current BSSID. Since wired IEEE 802.1X do not have BSSID, make this additional workaround conditional on BSSID match having been observed during the previous association. This fixes issues where the initial EAPOL frame after reassociation was either dropped (e.g., due to replay counter not increasing) or replied to with incorrect destination address (the BSSID of the old AP). This can result in significantly more robust roaming behavior with drivers that do not use wpa_supplicant for BSS selection. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
wpa_s->last_eapol_matches_bssid = 0;
SAE H2E: Fix RSNXE override in EAPOL-Key msg 2/4 for testing purposes The previous implementation missed the case where EAPOL-Key frame may be reported as having been received before the association event is processed. This would have resulted in not using the RSNXE override for EAPOL-Key msg 2/4 when the pending EAPOL-Key frame gets processed immediately after processing the association event. Fix this by moving the override case to be handled before that. Fixes: 132565539784 ("SAE H2E: RSNXE override for testing purposes") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
#ifdef CONFIG_TESTING_OPTIONS
Allow RSNE in EAPOL-Key msg 2/4 to be overridden for testing purposes The new wpa_supplicant control interface parameter rsne_override_eapol can be used similarly to the earlier rsnxe_override_eapol to override the RSNE value added into EAPOL-Key msg 2/4. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
if (wpa_s->rsne_override_eapol) {
wpa_printf(MSG_DEBUG,
"TESTING: RSNE EAPOL-Key msg 2/4 override");
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa,
wpabuf_head(wpa_s->rsne_override_eapol),
wpabuf_len(wpa_s->rsne_override_eapol));
}
SAE H2E: Fix RSNXE override in EAPOL-Key msg 2/4 for testing purposes The previous implementation missed the case where EAPOL-Key frame may be reported as having been received before the association event is processed. This would have resulted in not using the RSNXE override for EAPOL-Key msg 2/4 when the pending EAPOL-Key frame gets processed immediately after processing the association event. Fix this by moving the override case to be handled before that. Fixes: 132565539784 ("SAE H2E: RSNXE override for testing purposes") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
if (wpa_s->rsnxe_override_eapol) {
wpa_printf(MSG_DEBUG,
"TESTING: RSNXE EAPOL-Key msg 2/4 override");
wpa_sm_set_assoc_rsnxe(wpa_s->wpa,
wpabuf_head(wpa_s->rsnxe_override_eapol),
wpabuf_len(wpa_s->rsnxe_override_eapol));
}
#endif /* CONFIG_TESTING_OPTIONS */
Delay processing of EAPOL frames when not associated If an EAPOL frame is received while wpa_supplicant thinks the driver is not associated, queue the frame for processing at the moment when the association event is received. This is a workaround to a race condition in receiving data frames and management events from the kernel. The pending EAPOL frame will not be processed unless an association event is received within 100 msec for the same BSSID.
15 years ago
if (wpa_s->pending_eapol_rx) {
wpa_supplicant: Use monotonic time for EAPOL RX workaround The EAPOL RX workaround checks that the events are less than 100 ms apart, so only uses relative times and should use monotonic time. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
struct os_reltime now, age;
os_get_reltime(&now);
os_reltime_sub(&now, &wpa_s->pending_eapol_rx_time, &age);
Increase delayed EAPOL RX frame timeout Increase the EAPOL RX frame timeout from 100 to 200 ms. This fixes lack of optimization (i.e., first EAPOL frame dropped) in occasional roaming and authentication cases on EAP networks if the kernel events can be reordered and delayed a bit longer. Signed-off-by: Tomoharu Hatano <tomoharu.hatano@sonymobile.com>
7 years ago
if (age.sec == 0 && age.usec < 200000 &&
Delay processing of EAPOL frames when not associated If an EAPOL frame is received while wpa_supplicant thinks the driver is not associated, queue the frame for processing at the moment when the association event is received. This is a workaround to a race condition in receiving data frames and management events from the kernel. The pending EAPOL frame will not be processed unless an association event is received within 100 msec for the same BSSID.
15 years ago
os_memcmp(wpa_s->pending_eapol_rx_src, bssid, ETH_ALEN) ==
0) {
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Process pending EAPOL "
"frame that was received just before "
"association notification");
Delay processing of EAPOL frames when not associated If an EAPOL frame is received while wpa_supplicant thinks the driver is not associated, queue the frame for processing at the moment when the association event is received. This is a workaround to a race condition in receiving data frames and management events from the kernel. The pending EAPOL frame will not be processed unless an association event is received within 100 msec for the same BSSID.
15 years ago
wpa_supplicant_rx_eapol(
wpa_s, wpa_s->pending_eapol_rx_src,
wpabuf_head(wpa_s->pending_eapol_rx),
wpabuf_len(wpa_s->pending_eapol_rx));
}
wpabuf_free(wpa_s->pending_eapol_rx);
wpa_s->pending_eapol_rx = NULL;
}
Add preliminary background scan and roaming module design This allows background scanning and roaming decisions to be contained in a single place based on a defined set of notification events which will hopefully make it easier to experiment with roaming improvements. In addition, this allows multiple intra-ESS roaming policies to be used (each network configuration block can configure its own bgscan module). The beacon loss and signal strength notifications are implemented for the bgscan API, but the actual events are not yet available from the driver. The included sample bgscan module ("simple") is an example of what can be done with the new bgscan mechanism. It requests periodic background scans when the device remains associated with an ESS and has couple of notes on what a more advanced bgscan module could do to optimize background scanning and roaming. The periodic scans will cause the scan result handler to pick a better AP if one becomes available. This bgscan module can be taken into use by adding bgscan="simple" (or bgscan="simple:<bgscan interval in seconds>") into the network configuration block.
15 years ago
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#ifdef CONFIG_WEP
driver_nl80211: Fix MLME key settings for static WEP Current wpa_supplicant has a bug with WEP keys, it adds a zero-length sequence counter field to netlink which the kernel doesn't accept. Additionally, the kernel API slightly changed to accept keys only when connected, so we need to send it the keys after that. For that to work with shared key authentication, we also include the default WEP TX key in the authentication command. To upload the keys properly _after_ associating, add a new flag WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE indicating that the driver needs the keys at that point and not earlier.
15 years ago
if ((wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
Use cached driver capabilities instead of new fetch for each operation There is no need to repeat the driver capability fetch for each operation since we already cache driver flags in wpa_s->drv_flags. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wpa_s->current_ssid &&
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE)) {
driver_nl80211: Fix MLME key settings for static WEP Current wpa_supplicant has a bug with WEP keys, it adds a zero-length sequence counter field to netlink which the kernel doesn't accept. Additionally, the kernel API slightly changed to accept keys only when connected, so we need to send it the keys after that. For that to work with shared key authentication, we also include the default WEP TX key in the authentication command. To upload the keys properly _after_ associating, add a new flag WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE indicating that the driver needs the keys at that point and not earlier.
15 years ago
/* Set static WEP keys again */
wpa_set_wep_keys(wpa_s, wpa_s->current_ssid);
}
Make WEP functionality an optional build parameter WEP should not be used for anything anymore. As a step towards removing it completely, move all WEP related functionality to be within CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y is explicitly set in build configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
#endif /* CONFIG_WEP */
IBSS RSN: Delay setting of the initial TX GTK The driver may get confused if we set the initial TX GTK before having fully configured and connected to an IBSS, so better delay this operation until the connection (join/start IBSS) has been completed.
14 years ago
#ifdef CONFIG_IBSS_RSN
if (wpa_s->current_ssid &&
wpa_s->current_ssid->mode == WPAS_MODE_IBSS &&
wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
RSN IBSS: Restart IBSS state machines for each new IBSS Change the old design of running a single long living RSN IBSS instance to keep a separate instance for each IBSS connection. This fixes number of issues in getting keys set properly for new connections and is in general quite a bit more correct design.
13 years ago
wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE &&
wpa_s->ibss_rsn == NULL) {
Add group_rekey parameter for IBSS The new network profile parameter group_rekey can now be used to specify the group rekeying internal in seconds for IBSS. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
wpa_s->ibss_rsn = ibss_rsn_init(wpa_s, wpa_s->current_ssid);
RSN IBSS: Restart IBSS state machines for each new IBSS Change the old design of running a single long living RSN IBSS instance to keep a separate instance for each IBSS connection. This fixes number of issues in getting keys set properly for new connections and is in general quite a bit more correct design.
13 years ago
if (!wpa_s->ibss_rsn) {
wpa_msg(wpa_s, MSG_INFO, "Failed to init IBSS RSN");
wpa_supplicant_deauthenticate(
wpa_s, WLAN_REASON_DEAUTH_LEAVING);
return;
}
ibss_rsn_set_psk(wpa_s->ibss_rsn, wpa_s->current_ssid->psk);
}
IBSS RSN: Delay setting of the initial TX GTK The driver may get confused if we set the initial TX GTK before having fully configured and connected to an IBSS, so better delay this operation until the connection (join/start IBSS) has been completed.
14 years ago
#endif /* CONFIG_IBSS_RSN */
WPS: Maintain more AP state during WPS PIN iteration Maintain state of WPS APs during iteration to find the correct AP for WPS PIN operation when no specific BSSID is specified. This information can be used for optimizing the order in which the APs are tried. This commit is only adding the collection of the information and more detailed debug information to make debug logs more helpful in figuring out how the AP selection order could be improved. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
wpas_wps_notify_assoc(wpa_s, bssid);
WMM AC: Parse WMM IE on association Initialize WMM AC data structures upon successful association with an AP that publishes WMM support, and deinitialize the data structure when the association is no longer valid. Signed-off-by: Moshe Benji <moshe.benji@intel.com> Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
10 years ago
if (data) {
wmm_ac_notify_assoc(wpa_s, data->assoc_info.resp_ies,
data->assoc_info.resp_ies_len,
&data->assoc_info.wmm_params);
WMM AC: Reconfigure tspecs on reassociation to the same BSS The specification requires the tspecs to be kept upon reassociation to the same BSS. Save the last tspecs before such reassociation, and reconfigure on the association notification. Note that the current flow is not transparent to the user (it is notified about deauth/reassoc and tspec removal/addition). Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
10 years ago
if (wpa_s->reassoc_same_bss)
wmm_ac_restore_tspecs(wpa_s);
WMM AC: Parse WMM IE on association Initialize WMM AC data structures upon successful association with an AP that publishes WMM support, and deinitialize the data structure when the association is no longer valid. Signed-off-by: Moshe Benji <moshe.benji@intel.com> Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
10 years ago
}
FILS: Update cache identifier on association This is needed when offloading FILS shared key to the drivers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
MBO/OCE: Update disable_mbo_oce flag after association After roaming to an AP, update disable_mbo_oce flag based on the current BSS capabilities. This flag is used to check whether STA should support MBO/OCE features and process BTM request received from the current connected AP. When a STA roams from a WPA2 MBO/OCE AP with PMF enabled to a misbehaving WPA2 MBO/OCE AP without PMF, or if the driver chooses a BSS in which PMF is not enabled for the initial connection, BTM requests from such APs should not be processed by STA. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
#if defined(CONFIG_FILS) || defined(CONFIG_MBO)
bss = wpa_bss_get_bssid(wpa_s, bssid);
#endif /* CONFIG_FILS || CONFIG_MBO */
FILS: Update cache identifier on association This is needed when offloading FILS shared key to the drivers. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#ifdef CONFIG_FILS
if (wpa_key_mgmt_fils(wpa_s->key_mgmt)) {
const u8 *fils_cache_id = wpa_bss_get_fils_cache_id(bss);
if (fils_cache_id)
wpa_sm_set_fils_cache_id(wpa_s->wpa, fils_cache_id);
}
#endif /* CONFIG_FILS */
MBO/OCE: Update disable_mbo_oce flag after association After roaming to an AP, update disable_mbo_oce flag based on the current BSS capabilities. This flag is used to check whether STA should support MBO/OCE features and process BTM request received from the current connected AP. When a STA roams from a WPA2 MBO/OCE AP with PMF enabled to a misbehaving WPA2 MBO/OCE AP without PMF, or if the driver chooses a BSS in which PMF is not enabled for the initial connection, BTM requests from such APs should not be processed by STA. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
#ifdef CONFIG_MBO
wpas_mbo_check_pmf(wpa_s, bss, wpa_s->current_ssid);
#endif /* CONFIG_MBO */
DPP2: Allow station to require or not allow PFS The new wpa_supplicant network profile parameter dpp_pfs can be used to specify how PFS is applied to associations. The default behavior (dpp_pfs=0) remains same as it was previously, i.e., try to use PFS if the AP supports it. PFS use can now be required (dpp_pfs=1) or disabled (dpp_pfs=2). This is also working around an interoperability issue of DPP R2 STA with certain hostapd builds that included both OWE and DPP functionality. That issue was introduced by commit 09368515d130 ("OWE: Process Diffie-Hellman Parameter element in AP mode") and removed by commit 16a4e931f03e ("OWE: Allow Diffie-Hellman Parameter element to be included with DPP"). hostapd builds between those two commits would reject DPP association attempt with PFS. The new wpa_supplicant default (dpp_pfs=0) behavior is to automatically try to connect again with PFS disabled if that happens. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
#ifdef CONFIG_DPP2
wpa_s->dpp_pfs_fallback = 0;
#endif /* CONFIG_DPP2 */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
Try to reconnect to the same BSS on recoverable disconnection If the AP disconnects us with a reason code that indicates that it has dropped the association, but could allow us to connect again, try to reconnect to the same BSS without going through the full scan. This can save quite a bit of time in some common use cases, e.g., when inactivity timeout is used on the AP (and especially, when waking up from suspend which has likely triggered some timeout on the AP). Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
static int disconnect_reason_recoverable(u16 reason_code)
{
return reason_code == WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY ||
reason_code == WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA ||
reason_code == WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA;
}
Add BSSID and reason code (if available) to disconnect event This adds more details into the CTRL-EVENT-DISCONNECTED event to make it easier to figure out which network was disconnected in some race conditions and to what could have been the reason for disconnection. The reason code is currently only available with the nl80211 driver wrapper.
14 years ago
static void wpa_supplicant_event_disassoc(struct wpa_supplicant *wpa_s,
Do not trigger fast reconnection on locally generated deauth/disassoc The deauthentication and disassociation events from nl80211 were being processed identically regardless of whether the frame was generated by the local STA or the AP. This resulted in fast reconnection mechanism getting triggered even in the case where the disconnection was detected locally (e.g., due to beacon loss) while this was supposed to happen only in the case where the AP is sending an explicit Deauthentication or Disassociation frame with a specific reason code. Fix this by adding a new deauth/disassoc event variable to indicate whether the event was generated locally. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
u16 reason_code,
int locally_generated)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
{
const u8 *bssid;
Fix disconnection event processing Commit 0d30cc240fa36905b034dc9676f9d8da0ac18e56 forced wpa_s->current_ssid and wpa_s->key_mgmt to be cleared in wpa_supplicant_mark_disassoc() which gets called from wpa_supplicant_event_disassoc(). This broke IEEE 802.1X authentication failure processing and P2P deauthentication notification (group termination). Fix this by splitting wpa_supplicant_event_disassoc() into two parts and make wpas_p2p_deauth_notif() indicate whether the interface was removed. If so, the last part of disassocition event processing is skipped. Since the wpa_supplicant_mark_disassoc() call is in the second part, the above mentioned issues are resolved. In addition, this cleans up the P2P group interface removal case by not trying to use fast reconnection mechanism just before the interface gets removed. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
/*
* At least Host AP driver and a Prism3 card seemed to be
* generating streams of disconnected events when configuring
* IBSS for WPA-None. Ignore them for now.
*/
return;
}
bssid = wpa_s->bssid;
if (is_zero_ether_addr(bssid))
bssid = wpa_s->pending_bssid;
if (!is_zero_ether_addr(bssid) ||
wpa_s->wpa_state >= WPA_AUTHENTICATING) {
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid=" MACSTR
" reason=%d%s",
MAC2STR(bssid), reason_code,
locally_generated ? " locally_generated=1" : "");
}
}
Filter out unlikely "pre-shared key may be incorrect" messages Add a function to filter out known cases of disconnection during 4-way handshake that are caused by something else than mismatch in PSK. This commit adds the case where the local end determines a mismatch in WPA/RSN element between Beacon/Probe Response frames and EAPOL-Key msg 3/4. This can avoid some potentially confusing "WPA: 4-Way Handshake failed - pre-shared key may be incorrect" ctrl_iface messages. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
static int could_be_psk_mismatch(struct wpa_supplicant *wpa_s, u16 reason_code,
int locally_generated)
{
if (wpa_s->wpa_state != WPA_4WAY_HANDSHAKE ||
wpa_supplicant: Do not try to detect PSK mismatch during PTK rekeying When a PTK rekey fails it can't be caused by a PSK mismatch. Report a possible PSK mismatch only during the initial 4-way handshake to avoid incorrect reports. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
4 years ago
!wpa_s->new_connection ||
Do not indicate possible PSK failure when using SAE wpa_key_mgmt_wpa_psk() includes SAE AKMs. However, with SAE, there is no way of reaching 4-way handshake without the password having already been verified as part of SAE authentication. As such, a failure to complete 4-way handshake with SAE cannot indicate that the used password was incorrect. Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
wpa_key_mgmt_sae(wpa_s->key_mgmt))
wpa_supplicant: Do not try to detect PSK mismatch during PTK rekeying When a PTK rekey fails it can't be caused by a PSK mismatch. Report a possible PSK mismatch only during the initial 4-way handshake to avoid incorrect reports. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
4 years ago
return 0; /* Not in initial 4-way handshake with PSK */
Filter out unlikely "pre-shared key may be incorrect" messages Add a function to filter out known cases of disconnection during 4-way handshake that are caused by something else than mismatch in PSK. This commit adds the case where the local end determines a mismatch in WPA/RSN element between Beacon/Probe Response frames and EAPOL-Key msg 3/4. This can avoid some potentially confusing "WPA: 4-Way Handshake failed - pre-shared key may be incorrect" ctrl_iface messages. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
/*
* It looks like connection was lost while trying to go through PSK
* 4-way handshake. Filter out known disconnection cases that are caused
* by something else than PSK mismatch to avoid confusing reports.
*/
if (locally_generated) {
if (reason_code == WLAN_REASON_IE_IN_4WAY_DIFFERS)
return 0;
}
return 1;
}
Fix disconnection event processing Commit 0d30cc240fa36905b034dc9676f9d8da0ac18e56 forced wpa_s->current_ssid and wpa_s->key_mgmt to be cleared in wpa_supplicant_mark_disassoc() which gets called from wpa_supplicant_event_disassoc(). This broke IEEE 802.1X authentication failure processing and P2P deauthentication notification (group termination). Fix this by splitting wpa_supplicant_event_disassoc() into two parts and make wpas_p2p_deauth_notif() indicate whether the interface was removed. If so, the last part of disassocition event processing is skipped. Since the wpa_supplicant_mark_disassoc() call is in the second part, the above mentioned issues are resolved. In addition, this cleans up the P2P group interface removal case by not trying to use fast reconnection mechanism just before the interface gets removed. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
static void wpa_supplicant_event_disassoc_finish(struct wpa_supplicant *wpa_s,
u16 reason_code,
int locally_generated)
{
const u8 *bssid;
nl80211: Work around mac80211 limitation on (re)auth when authenticated mac80211 does not currently allow (re)authentication when we are already authenticated. In order to work around this, force deauthentication if nl80211 authentication command fails with EALREADY. Unfortunately, the workaround code in driver_nl80211.c alone is not enough since the following disconnection event would clear wpa_supplicant authentication state. To handle this, add some code to restore authentication state when using userspace SME. This workaround will hopefully become unnecessary in some point should mac80211 start accepting new authentication requests even when in authenticated state.
15 years ago
int authenticating;
u8 prev_pending_bssid[ETH_ALEN];
Try to reconnect to the same BSS on recoverable disconnection If the AP disconnects us with a reason code that indicates that it has dropped the association, but could allow us to connect again, try to reconnect to the same BSS without going through the full scan. This can save quite a bit of time in some common use cases, e.g., when inactivity timeout is used on the AP (and especially, when waking up from suspend which has likely triggered some timeout on the AP). Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
struct wpa_bss *fast_reconnect = NULL;
struct wpa_ssid *fast_reconnect_ssid = NULL;
SME: Fix disconnec-while-authenticating Commit 0d30cc240fa36905b034dc9676f9d8da0ac18e56 forced wpa_s->current_ssid to be cleared in wpa_supplicant_mark_disassoc() which gets called from wpa_supplicant_event_disassoc(). This broke SME disassoc-while-authenticating workaround for cfg80211. Fix this by restoring wpa_s->current_ssid in case SME authentication is in progress. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
struct wpa_ssid *last_ssid;
Remove disconnected APs from BSS table if likely out-of-range In some cases, after a sudden AP disappearing and reconnection to another AP in the same ESS, if another scan occurs, wpa_supplicant might try to roam to the old AP (if it was better ranked than the new one) because it is still saved in BSS list and the blacklist entry was cleared in previous reconnect. This attempt is going to fail if the AP is not present anymore and it'll cause long disconnections. Remove an AP that is probably out of range from the BSS list to avoid such disconnections. In particular mac80211-based drivers use the WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in locally generated disconnection events for cases where the AP does not reply anymore. Signed-off-by: David Spinadel <david.spinadel@intel.com>
8 years ago
struct wpa_bss *curr = NULL;
nl80211: Work around mac80211 limitation on (re)auth when authenticated mac80211 does not currently allow (re)authentication when we are already authenticated. In order to work around this, force deauthentication if nl80211 authentication command fails with EALREADY. Unfortunately, the workaround code in driver_nl80211.c alone is not enough since the following disconnection event would clear wpa_supplicant authentication state. To handle this, add some code to restore authentication state when using userspace SME. This workaround will hopefully become unnecessary in some point should mac80211 start accepting new authentication requests even when in authenticated state.
15 years ago
authenticating = wpa_s->wpa_state == WPA_AUTHENTICATING;
os_memcpy(prev_pending_bssid, wpa_s->pending_bssid, ETH_ALEN);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
/*
* At least Host AP driver and a Prism3 card seemed to be
* generating streams of disconnected events when configuring
* IBSS for WPA-None. Ignore them for now.
*/
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Disconnect event - ignore in "
"IBSS/WPA-None mode");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
return;
}
Remove disconnected APs from BSS table if likely out-of-range In some cases, after a sudden AP disappearing and reconnection to another AP in the same ESS, if another scan occurs, wpa_supplicant might try to roam to the old AP (if it was better ranked than the new one) because it is still saved in BSS list and the blacklist entry was cleared in previous reconnect. This attempt is going to fail if the AP is not present anymore and it'll cause long disconnections. Remove an AP that is probably out of range from the BSS list to avoid such disconnections. In particular mac80211-based drivers use the WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in locally generated disconnection events for cases where the AP does not reply anymore. Signed-off-by: David Spinadel <david.spinadel@intel.com>
8 years ago
if (!wpa_s->disconnected && wpa_s->wpa_state >= WPA_AUTHENTICATING &&
reason_code == WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY &&
locally_generated)
/*
* Remove the inactive AP (which is probably out of range) from
* the BSS list after marking disassociation. In particular
* mac80211-based drivers use the
* WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in
* locally generated disconnection events for cases where the
* AP does not reply anymore.
*/
curr = wpa_s->current_bss;
Filter out unlikely "pre-shared key may be incorrect" messages Add a function to filter out known cases of disconnection during 4-way handshake that are caused by something else than mismatch in PSK. This commit adds the case where the local end determines a mismatch in WPA/RSN element between Beacon/Probe Response frames and EAPOL-Key msg 3/4. This can avoid some potentially confusing "WPA: 4-Way Handshake failed - pre-shared key may be incorrect" ctrl_iface messages. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
if (could_be_psk_mismatch(wpa_s, reason_code, locally_generated)) {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_msg(wpa_s, MSG_INFO, "WPA: 4-Way Handshake failed - "
"pre-shared key may be incorrect");
P2P: Add event messages for possible PSK failures on P2P groups It is possible for the GO of a persistent group to change the PSK or remove a client when per-client PSKs are used and this can happen without the SSID changing (i.e., the group is still valid, but just not for a specific client). If the client side of such persistent group ends up trying to use an invalidated persistent group information, the connection will fail in 4-way handshake. A new WPS provisioning step is needed to recover from this. Detect this type of case based on two 4-way handshake failures when acting as a P2P client in a persistent group. A new "P2P-PERSISTENT-PSK-FAIL id=<persistent group id>" event is used to indicate when this happens. This makes it easier for upper layers to remove the persistent group information with "REMOVE_NETWORK <persistent group id>" if desired (e.g., based on user confirmation). In addition to indicating the error cases for persistent groups, all this type of PSK failures end up in the client removing the group with the new reason=PSK_FAILURE information in the P2P-GROUP-REMOVED event. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
if (wpas_p2p_4way_hs_failed(wpa_s) > 0)
return; /* P2P group removed */
Send authentication failure reason in wpas_auth_failed() "WRONG_KEY" - possibly wrong psk "AUTH_FAILED" - authentication failure "CONN_FAILED" - continiuos connection failure Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
10 years ago
wpas_auth_failed(wpa_s, "WRONG_KEY");
DPP2: Connection status result (Enrollee) Add support for reporting connection status after provisioning if the Configurator requests this. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
#ifdef CONFIG_DPP2
wpas_dpp_send_conn_status_result(wpa_s,
DPP_STATUS_AUTH_FAILURE);
#endif /* CONFIG_DPP2 */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
Do not try auto connect mechanism in disconnected state This cleans up debug log by not requesting the auto connect on dissassociation event if we are already in disconnected state and would not try to connect anyway. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (!wpa_s->disconnected &&
(!wpa_s->auto_reconnect_disabled ||
WPS: Fix WPS-in-search check when STA_AUTOCONNECT is disabled If "STA_AUTOCONNECT 0" has been used to disable automatic connection on disconnection event and the driver indicates multiple disconnection events for the disconnection from the current AP when WPS is started, it could have been possible to hit a case where wpa_s->disconnected was set to 1 during WPS processing and the following scan result processing would stop the operation. wpa_s->key_mgmt == WPA_KEY_MGMT_WPS check was trying to avoid to skip autoconnect when WPS was in use, but that does not seem to work anymore. Fix this by checking through wpas_wps_searching() as well to avoid setting wpa_s->disconnect = 1 when there is an ongoing WPS operation. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
wpa_s->key_mgmt == WPA_KEY_MGMT_WPS ||
WPS: Reconnect for a failed data connection when STA_AUTOCONNECT is 0 If "STA_AUTOCONNECT 0" has been used to disable automatic connection on disconnection event and the driver indicates a failure for the data connection after successful WPS handshake, it is possible to hit a case where wpa_s->disconnected is set to 1 and further attempts to connect shall stop. While "STA_AUTOCONNECT 0" is used to disable automatic reconnection attempts in general, this specific WPS case can benefit from trying again even with that configuration for a short period of time. Extend the wpa_supplicant re-enable-networks-after-WPS 10 second timeout to apply for ignoring disabled STA_AUTOCONNECT immediately after a WPS provisioning step. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
wpas_wps_searching(wpa_s) ||
wpas_wps_reenable_networks_pending(wpa_s))) {
Try to reconnect to the same BSS on recoverable disconnection If the AP disconnects us with a reason code that indicates that it has dropped the association, but could allow us to connect again, try to reconnect to the same BSS without going through the full scan. This can save quite a bit of time in some common use cases, e.g., when inactivity timeout is used on the AP (and especially, when waking up from suspend which has likely triggered some timeout on the AP). Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Auto connect enabled: try to "
WPS: Fix WPS-in-search check when STA_AUTOCONNECT is disabled If "STA_AUTOCONNECT 0" has been used to disable automatic connection on disconnection event and the driver indicates multiple disconnection events for the disconnection from the current AP when WPS is started, it could have been possible to hit a case where wpa_s->disconnected was set to 1 during WPS processing and the following scan result processing would stop the operation. wpa_s->key_mgmt == WPA_KEY_MGMT_WPS check was trying to avoid to skip autoconnect when WPS was in use, but that does not seem to work anymore. Fix this by checking through wpas_wps_searching() as well to avoid setting wpa_s->disconnect = 1 when there is an ongoing WPS operation. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
"reconnect (wps=%d/%d wpa_state=%d)",
Make reconnect-on-disassoc debug prints somewhat more helpful Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
wpa_s->key_mgmt == WPA_KEY_MGMT_WPS,
WPS: Fix WPS-in-search check when STA_AUTOCONNECT is disabled If "STA_AUTOCONNECT 0" has been used to disable automatic connection on disconnection event and the driver indicates multiple disconnection events for the disconnection from the current AP when WPS is started, it could have been possible to hit a case where wpa_s->disconnected was set to 1 during WPS processing and the following scan result processing would stop the operation. wpa_s->key_mgmt == WPA_KEY_MGMT_WPS check was trying to avoid to skip autoconnect when WPS was in use, but that does not seem to work anymore. Fix this by checking through wpas_wps_searching() as well to avoid setting wpa_s->disconnect = 1 when there is an ongoing WPS operation. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
wpas_wps_searching(wpa_s),
Make reconnect-on-disassoc debug prints somewhat more helpful Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
wpa_s->wpa_state);
Try to reconnect to the same BSS on recoverable disconnection If the AP disconnects us with a reason code that indicates that it has dropped the association, but could allow us to connect again, try to reconnect to the same BSS without going through the full scan. This can save quite a bit of time in some common use cases, e.g., when inactivity timeout is used on the AP (and especially, when waking up from suspend which has likely triggered some timeout on the AP). Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
if (wpa_s->wpa_state == WPA_COMPLETED &&
wpa_s->current_ssid &&
wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
STA: Allow PTK rekeying without Ext KeyID to be disabled as a workaround Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken implementations and should be avoided when using or interacting with one. The effects can be triggered by either end of the connection and range from hardly noticeable disconnects over long connection freezes up to leaking clear text MPDUs. To allow affected users to mitigate the issues, add a new configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with fast reconnects. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
4 years ago
(wpa_s->own_reconnect_req ||
(!locally_generated &&
disconnect_reason_recoverable(reason_code)))) {
Try to reconnect to the same BSS on recoverable disconnection If the AP disconnects us with a reason code that indicates that it has dropped the association, but could allow us to connect again, try to reconnect to the same BSS without going through the full scan. This can save quite a bit of time in some common use cases, e.g., when inactivity timeout is used on the AP (and especially, when waking up from suspend which has likely triggered some timeout on the AP). Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
/*
* It looks like the AP has dropped association with
STA: Allow PTK rekeying without Ext KeyID to be disabled as a workaround Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken implementations and should be avoided when using or interacting with one. The effects can be triggered by either end of the connection and range from hardly noticeable disconnects over long connection freezes up to leaking clear text MPDUs. To allow affected users to mitigate the issues, add a new configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with fast reconnects. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
4 years ago
* us, but could allow us to get back in. This is also
* triggered for cases where local reconnection request
* is used to force reassociation with the same BSS.
* Try to reconnect to the same BSS without a full scan
* to save time for some common cases.
Try to reconnect to the same BSS on recoverable disconnection If the AP disconnects us with a reason code that indicates that it has dropped the association, but could allow us to connect again, try to reconnect to the same BSS without going through the full scan. This can save quite a bit of time in some common use cases, e.g., when inactivity timeout is used on the AP (and especially, when waking up from suspend which has likely triggered some timeout on the AP). Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
*/
fast_reconnect = wpa_s->current_bss;
fast_reconnect_ssid = wpa_s->current_ssid;
STA: Allow PTK rekeying without Ext KeyID to be disabled as a workaround Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken implementations and should be avoided when using or interacting with one. The effects can be triggered by either end of the connection and range from hardly noticeable disconnects over long connection freezes up to leaking clear text MPDUs. To allow affected users to mitigate the issues, add a new configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with fast reconnects. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
4 years ago
} else if (wpa_s->wpa_state >= WPA_ASSOCIATING) {
Add option for disabling automatic reconnection on disconnection ctrl_interface STA_AUTOCONNECT command can now be used to disable automatic reconnection on receiving disconnection event. The default behavior is for wpa_supplicant to try to reconnect automatically, i.e., to maintain previous behavior.
14 years ago
wpa_supplicant_req_scan(wpa_s, 0, 100000);
STA: Allow PTK rekeying without Ext KeyID to be disabled as a workaround Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken implementations and should be avoided when using or interacting with one. The effects can be triggered by either end of the connection and range from hardly noticeable disconnects over long connection freezes up to leaking clear text MPDUs. To allow affected users to mitigate the issues, add a new configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with fast reconnects. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
4 years ago
} else {
Make reconnect-on-disassoc debug prints somewhat more helpful Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Do not request new "
"immediate scan");
STA: Allow PTK rekeying without Ext KeyID to be disabled as a workaround Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken implementations and should be avoided when using or interacting with one. The effects can be triggered by either end of the connection and range from hardly noticeable disconnects over long connection freezes up to leaking clear text MPDUs. To allow affected users to mitigate the issues, add a new configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with fast reconnects. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
4 years ago
}
Add option for disabling automatic reconnection on disconnection ctrl_interface STA_AUTOCONNECT command can now be used to disable automatic reconnection on receiving disconnection event. The default behavior is for wpa_supplicant to try to reconnect automatically, i.e., to maintain previous behavior.
14 years ago
} else {
Try to reconnect to the same BSS on recoverable disconnection If the AP disconnects us with a reason code that indicates that it has dropped the association, but could allow us to connect again, try to reconnect to the same BSS without going through the full scan. This can save quite a bit of time in some common use cases, e.g., when inactivity timeout is used on the AP (and especially, when waking up from suspend which has likely triggered some timeout on the AP). Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Auto connect disabled: do not "
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
"try to re-connect");
Add option for disabling automatic reconnection on disconnection ctrl_interface STA_AUTOCONNECT command can now be used to disable automatic reconnection on receiving disconnection event. The default behavior is for wpa_supplicant to try to reconnect automatically, i.e., to maintain previous behavior.
14 years ago
wpa_s->reassociate = 0;
wpa_s->disconnected = 1;
Do not stop ongoing PNO sched_scan on association/disconnection PNO was stopped by the wpa_supplicant during the connection attempts or while handling disassociation indication. External entities, mainly, the Android Wi-Fi framework, does not expects PNO to be stopped by other modules. Hence, do not stop the sched_scan in these scenarios if it is triggered externally for PNO. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (!wpa_s->pno)
wpa_supplicant_cancel_sched_scan(wpa_s);
Add option for disabling automatic reconnection on disconnection ctrl_interface STA_AUTOCONNECT command can now be used to disable automatic reconnection on receiving disconnection event. The default behavior is for wpa_supplicant to try to reconnect automatically, i.e., to maintain previous behavior.
14 years ago
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
bssid = wpa_s->bssid;
Introduced new helper function is_zero_ether_addr() Use this inline function to replace os_memcmp(addr, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0.
16 years ago
if (is_zero_ether_addr(bssid))
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
bssid = wpa_s->pending_bssid;
Call wpas_connection_failed() only if actually trying to connect A disconnection event from the driver may end up getting delivered at a time when wpa_supplicant is not even trying to connect (e.g., during a scan that was already started after WPS provisioning step). In such a case, there is not much point calling wpas_connection_failed() and skipping this avoids confusing attempts of re-starting scanning while the previous scan is still in progress. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
wpas_connection_failed(wpa_s, bssid);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_sm_notify_disassoc(wpa_s->wpa);
WPA: Add PTKSA cache to wpa_supplicant for PASN PASN requires to store the PTK derived during PASN authentication so it can later be used for secure LTF etc. This is also true for a PTK derived during regular connection. Add an instance of a PTKSA cache for each wpa_supplicant interface when PASN is enabled in build configuration. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
3 years ago
ptksa_cache_flush(wpa_s->ptksa, wpa_s->bssid, WPA_CIPHER_NONE);
Export disconnect reason code to dbus In the properties changed signal, added a new property "DisconnectReason", which carries the IEEE 802.11 reason code of the most recent disassociation or deauthentication event. The reason code is negative if it is locally generated. The property is sent to the DBUS immediately so as to prevent it from being coalesced with other disconnect events. Signed-off-by: Gary Morain <gmorain@chromium.org>
12 years ago
if (locally_generated)
wpa_s->disconnect_reason = -reason_code;
else
wpa_s->disconnect_reason = reason_code;
wpas_notify_disconnect_reason(wpa_s);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (wpa_supplicant_dynamic_keys(wpa_s)) {
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Disconnect event - remove keys");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_clear_keys(wpa_s, wpa_s->bssid);
}
SME: Fix disconnec-while-authenticating Commit 0d30cc240fa36905b034dc9676f9d8da0ac18e56 forced wpa_s->current_ssid to be cleared in wpa_supplicant_mark_disassoc() which gets called from wpa_supplicant_event_disassoc(). This broke SME disassoc-while-authenticating workaround for cfg80211. Fix this by restoring wpa_s->current_ssid in case SME authentication is in progress. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
last_ssid = wpa_s->current_ssid;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_supplicant_mark_disassoc(wpa_s);
SME: Add timers for authentication and asscoiation mac80211 authentication or association operation may get stuck for some reasons, so wpa_supplicant better use an internal timer to recover from this. Signed-off-by: Ben Greear <greearb@candelatech.com>
13 years ago
Remove disconnected APs from BSS table if likely out-of-range In some cases, after a sudden AP disappearing and reconnection to another AP in the same ESS, if another scan occurs, wpa_supplicant might try to roam to the old AP (if it was better ranked than the new one) because it is still saved in BSS list and the blacklist entry was cleared in previous reconnect. This attempt is going to fail if the AP is not present anymore and it'll cause long disconnections. Remove an AP that is probably out of range from the BSS list to avoid such disconnections. In particular mac80211-based drivers use the WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in locally generated disconnection events for cases where the AP does not reply anymore. Signed-off-by: David Spinadel <david.spinadel@intel.com>
8 years ago
if (curr)
wpa_bss_remove(wpa_s, curr, "Connection to AP lost");
SME: Fix disconnec-while-authenticating Commit 0d30cc240fa36905b034dc9676f9d8da0ac18e56 forced wpa_s->current_ssid to be cleared in wpa_supplicant_mark_disassoc() which gets called from wpa_supplicant_event_disassoc(). This broke SME disassoc-while-authenticating workaround for cfg80211. Fix this by restoring wpa_s->current_ssid in case SME authentication is in progress. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
if (authenticating && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)) {
SME: Add timers for authentication and asscoiation mac80211 authentication or association operation may get stuck for some reasons, so wpa_supplicant better use an internal timer to recover from this. Signed-off-by: Ben Greear <greearb@candelatech.com>
13 years ago
sme_disassoc_while_authenticating(wpa_s, prev_pending_bssid);
SME: Fix disconnec-while-authenticating Commit 0d30cc240fa36905b034dc9676f9d8da0ac18e56 forced wpa_s->current_ssid to be cleared in wpa_supplicant_mark_disassoc() which gets called from wpa_supplicant_event_disassoc(). This broke SME disassoc-while-authenticating workaround for cfg80211. Fix this by restoring wpa_s->current_ssid in case SME authentication is in progress. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
wpa_s->current_ssid = last_ssid;
}
Try to reconnect to the same BSS on recoverable disconnection If the AP disconnects us with a reason code that indicates that it has dropped the association, but could allow us to connect again, try to reconnect to the same BSS without going through the full scan. This can save quite a bit of time in some common use cases, e.g., when inactivity timeout is used on the AP (and especially, when waking up from suspend which has likely triggered some timeout on the AP). Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
Only try fast reconnect if network is not disabled Previously, it would have been possible for the network to be marked disabled and that marking to be ignored if a recoverable disconnection reason event were processed. Avoid this by verifying network status before trying to reconenct back to the same BSS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (fast_reconnect &&
!wpas_network_disabled(wpa_s, fast_reconnect_ssid) &&
!disallowed_bssid(wpa_s, fast_reconnect->bssid) &&
!disallowed_ssid(wpa_s, fast_reconnect->ssid,
fast_reconnect->ssid_len) &&
MBO: Parse MBO IE in BSS Transition Management Request frames Add parsing of MBO IE in BSS Transition Management Request frames. If the MBO IE includes the association retry delay attribute, do not try to reconnect to the current BSS until the delay time is over. If the MBO IE includes the cellular data connection preference attribute or the transition rejection reason attribute, send a message to upper layers with the data. Signed-off-by: David Spinadel <david.spinadel@intel.com> Signed-off-by: Avraham Stern <avraham.stern@intel.com>
8 years ago
!wpas_temp_disabled(wpa_s, fast_reconnect_ssid) &&
OCE: Add RSSI based association rejection support (STA) An AP might refuse to connect a STA if it has a low RSSI. In such case, the AP informs the STA with the desired RSSI delta and a retry timeout. Any subsequent association attempt with that AP (BSS) should be avoided, unless the RSSI level improved by the desired delta or the timeout has expired. Defined in Wi-Fi Alliance Optimized Connectivity Experience technical specification v1.0, section 3.14 (RSSI-based association rejection information). Signed-off-by: Beni Lev <beni.lev@intel.com>
7 years ago
!wpa_is_bss_tmp_disallowed(wpa_s, fast_reconnect)) {
Fix compiler warning with CONFIG_NO_SCAN_PROCESSING=y Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
#ifndef CONFIG_NO_SCAN_PROCESSING
Try to reconnect to the same BSS on recoverable disconnection If the AP disconnects us with a reason code that indicates that it has dropped the association, but could allow us to connect again, try to reconnect to the same BSS without going through the full scan. This can save quite a bit of time in some common use cases, e.g., when inactivity timeout is used on the AP (and especially, when waking up from suspend which has likely triggered some timeout on the AP). Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Try to reconnect to the same BSS");
if (wpa_supplicant_connect(wpa_s, fast_reconnect,
fast_reconnect_ssid) < 0) {
/* Recover through full scan */
wpa_supplicant_req_scan(wpa_s, 0, 100000);
}
Fix compiler warning with CONFIG_NO_SCAN_PROCESSING=y Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
#endif /* CONFIG_NO_SCAN_PROCESSING */
Only try fast reconnect if network is not disabled Previously, it would have been possible for the network to be marked disabled and that marking to be ignored if a recoverable disconnection reason event were processed. Avoid this by verifying network status before trying to reconenct back to the same BSS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
} else if (fast_reconnect) {
/*
* Could not reconnect to the same BSS due to network being
* disabled. Use a new scan to match the alternative behavior
* above, i.e., to continue automatic reconnection attempt in a
* way that enforces disabled network rules.
*/
wpa_supplicant_req_scan(wpa_s, 0, 100000);
Try to reconnect to the same BSS on recoverable disconnection If the AP disconnects us with a reason code that indicates that it has dropped the association, but could allow us to connect again, try to reconnect to the same BSS without going through the full scan. This can save quite a bit of time in some common use cases, e.g., when inactivity timeout is used on the AP (and especially, when waking up from suspend which has likely triggered some timeout on the AP). Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
Added an optional mitigation mechanism for certain attacks against TKIP by delaying Michael MIC error reports by a random amount of time between 0 and 60 seconds if multiple Michael MIC failures are detected with the same PTK (i.e., the Authenticator does not rekey PTK on first failure report). This is disabled by default and can be enabled with a build option CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config. This may help in making a chopchop attack take much longer time by forcing the attacker to wait 60 seconds before knowing whether a modified frame resulted in a MIC failure.
16 years ago
#ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
Fix TKIP countermeasures stopping in deinit paths The eloop timeout to stop TKIP countermeasures has to be canceled on deinit path to avoid leaving bogus timeouts behind. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
void wpa_supplicant_delayed_mic_error_report(void *eloop_ctx, void *sock_ctx)
Added an optional mitigation mechanism for certain attacks against TKIP by delaying Michael MIC error reports by a random amount of time between 0 and 60 seconds if multiple Michael MIC failures are detected with the same PTK (i.e., the Authenticator does not rekey PTK on first failure report). This is disabled by default and can be enabled with a build option CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config. This may help in making a chopchop attack take much longer time by forcing the attacker to wait 60 seconds before knowing whether a modified frame resulted in a MIC failure.
16 years ago
{
struct wpa_supplicant *wpa_s = eloop_ctx;
if (!wpa_s->pending_mic_error_report)
return;
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Sending pending MIC error report");
Added an optional mitigation mechanism for certain attacks against TKIP by delaying Michael MIC error reports by a random amount of time between 0 and 60 seconds if multiple Michael MIC failures are detected with the same PTK (i.e., the Authenticator does not rekey PTK on first failure report). This is disabled by default and can be enabled with a build option CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config. This may help in making a chopchop attack take much longer time by forcing the attacker to wait 60 seconds before knowing whether a modified frame resulted in a MIC failure.
16 years ago
wpa_sm_key_request(wpa_s->wpa, 1, wpa_s->pending_mic_error_pairwise);
wpa_s->pending_mic_error_report = 0;
}
#endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
static void
wpa_supplicant_event_michael_mic_failure(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
int pairwise;
wpa_supplicant: Use relative time for TKIP Michael MIC failures The MMIC failure code should use monotonic time to check whether 60 seconds have elapsed or not. For type-safety, use struct os_reltime for the timestamp variable, and also convert to using os_reltime_expired(). Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
struct os_reltime t;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_msg(wpa_s, MSG_WARNING, "Michael MIC failure detected");
pairwise = (data && data->michael_mic_failure.unicast);
wpa_supplicant: Use relative time for TKIP Michael MIC failures The MMIC failure code should use monotonic time to check whether 60 seconds have elapsed or not. For type-safety, use struct os_reltime for the timestamp variable, and also convert to using os_reltime_expired(). Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
os_get_reltime(&t);
if ((wpa_s->last_michael_mic_error.sec &&
!os_reltime_expired(&t, &wpa_s->last_michael_mic_error, 60)) ||
Added an optional mitigation mechanism for certain attacks against TKIP by delaying Michael MIC error reports by a random amount of time between 0 and 60 seconds if multiple Michael MIC failures are detected with the same PTK (i.e., the Authenticator does not rekey PTK on first failure report). This is disabled by default and can be enabled with a build option CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config. This may help in making a chopchop attack take much longer time by forcing the attacker to wait 60 seconds before knowing whether a modified frame resulted in a MIC failure.
16 years ago
wpa_s->pending_mic_error_report) {
if (wpa_s->pending_mic_error_report) {
/*
* Send the pending MIC error report immediately since
* we are going to start countermeasures and AP better
* do the same.
*/
wpa_sm_key_request(wpa_s->wpa, 1,
wpa_s->pending_mic_error_pairwise);
}
/* Send the new MIC error report immediately since we are going
* to start countermeasures and AP better do the same.
*/
wpa_sm_key_request(wpa_s->wpa, 1, pairwise);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
/* initialize countermeasures */
wpa_s->countermeasures = 1;
Add BSSID into blacklist and do not clean blacklist during countermeasures If scanning continues during TKIP countermeasures, try to avoid selecting the BSS that triggered the counter measures.
13 years ago
Rename wpa_blacklist to wpa_bssid_ignore This is more accurate name for this functionality of temporarily ignoring BSSIDs. Signed-off-by: Jouni Malinen <j@w1.fi>
3 years ago
wpa_bssid_ignore_add(wpa_s, wpa_s->bssid);
Add BSSID into blacklist and do not clean blacklist during countermeasures If scanning continues during TKIP countermeasures, try to avoid selecting the BSS that triggered the counter measures.
13 years ago
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_msg(wpa_s, MSG_WARNING, "TKIP countermeasures started");
/*
* Need to wait for completion of request frame. We do not get
* any callback for the message completion, so just wait a
* short while and hope for the best. */
os_sleep(0, 10000);
wpa_drv_set_countermeasures(wpa_s, 1);
wpa_supplicant_deauthenticate(wpa_s,
WLAN_REASON_MICHAEL_MIC_FAILURE);
eloop_cancel_timeout(wpa_supplicant_stop_countermeasures,
wpa_s, NULL);
eloop_register_timeout(60, 0,
wpa_supplicant_stop_countermeasures,
wpa_s, NULL);
/* TODO: mark the AP rejected for 60 second. STA is
* allowed to associate with another AP.. */
Added an optional mitigation mechanism for certain attacks against TKIP by delaying Michael MIC error reports by a random amount of time between 0 and 60 seconds if multiple Michael MIC failures are detected with the same PTK (i.e., the Authenticator does not rekey PTK on first failure report). This is disabled by default and can be enabled with a build option CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config. This may help in making a chopchop attack take much longer time by forcing the attacker to wait 60 seconds before knowing whether a modified frame resulted in a MIC failure.
16 years ago
} else {
#ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
if (wpa_s->mic_errors_seen) {
/*
* Reduce the effectiveness of Michael MIC error
* reports as a means for attacking against TKIP if
* more than one MIC failure is noticed with the same
* PTK. We delay the transmission of the reports by a
* random time between 0 and 60 seconds in order to
* force the attacker wait 60 seconds before getting
* the information on whether a frame resulted in a MIC
* failure.
*/
u8 rval[4];
int sec;
if (os_get_random(rval, sizeof(rval)) < 0)
sec = os_random() % 60;
else
sec = WPA_GET_BE32(rval) % 60;
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Delay MIC error "
"report %d seconds", sec);
Added an optional mitigation mechanism for certain attacks against TKIP by delaying Michael MIC error reports by a random amount of time between 0 and 60 seconds if multiple Michael MIC failures are detected with the same PTK (i.e., the Authenticator does not rekey PTK on first failure report). This is disabled by default and can be enabled with a build option CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config. This may help in making a chopchop attack take much longer time by forcing the attacker to wait 60 seconds before knowing whether a modified frame resulted in a MIC failure.
16 years ago
wpa_s->pending_mic_error_report = 1;
wpa_s->pending_mic_error_pairwise = pairwise;
eloop_cancel_timeout(
wpa_supplicant_delayed_mic_error_report,
wpa_s, NULL);
eloop_register_timeout(
sec, os_random() % 1000000,
wpa_supplicant_delayed_mic_error_report,
wpa_s, NULL);
} else {
wpa_sm_key_request(wpa_s->wpa, 1, pairwise);
}
#else /* CONFIG_DELAYED_MIC_ERROR_REPORT */
wpa_sm_key_request(wpa_s->wpa, 1, pairwise);
#endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
wpa_supplicant: Use relative time for TKIP Michael MIC failures The MMIC failure code should use monotonic time to check whether 60 seconds have elapsed or not. For type-safety, use struct os_reltime for the timestamp variable, and also convert to using os_reltime_expired(). Signed-hostap: Johannes Berg <johannes.berg@intel.com>
11 years ago
wpa_s->last_michael_mic_error = t;
Added an optional mitigation mechanism for certain attacks against TKIP by delaying Michael MIC error reports by a random amount of time between 0 and 60 seconds if multiple Michael MIC failures are detected with the same PTK (i.e., the Authenticator does not rekey PTK on first failure report). This is disabled by default and can be enabled with a build option CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config. This may help in making a chopchop attack take much longer time by forcing the attacker to wait 60 seconds before knowing whether a modified frame resulted in a MIC failure.
16 years ago
wpa_s->mic_errors_seen++;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
Add build option CONFIG_TERMINATE_ONLASTIF This makes wpa_supplicant terminate automatically if the configured interface(s) disappear.
15 years ago
#ifdef CONFIG_TERMINATE_ONLASTIF
static int any_interfaces(struct wpa_supplicant *head)
{
struct wpa_supplicant *wpa_s;
for (wpa_s = head; wpa_s != NULL; wpa_s = wpa_s->next)
if (!wpa_s->interface_removed)
return 1;
return 0;
}
#endif /* CONFIG_TERMINATE_ONLASTIF */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
static void
wpa_supplicant_event_interface_status(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
if (os_strcmp(wpa_s->ifname, data->interface_status.ifname) != 0)
return;
switch (data->interface_status.ievent) {
case EVENT_INTERFACE_ADDED:
if (!wpa_s->interface_removed)
break;
wpa_s->interface_removed = 0;
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Configured interface was added");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
if (wpa_supplicant_driver_init(wpa_s) < 0) {
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_msg(wpa_s, MSG_INFO, "Failed to initialize the "
"driver after interface was added");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
}
P2P: Handle P2P Device dedicated interface parent removal In case of a network interface removal, check if the interface was also the parent interface of the P2P Device dedicated interface. If this is the case, then stop the P2P Device functionality, and remove the P2P Device dedicated interface. In case that the interface is added again and P2P Device functionality can be enabled again, add a new P2P Device dedicated interface and allow further P2P Device functionality. In case that the P2P Device dedicated interface is re-created, the original P2P Device configuration file is needed, so store it in the global params (instead in the wpa_interface configuration). Signed-off-by: Ilan Peer <ilan.peer@intel.com>
9 years ago
#ifdef CONFIG_P2P
if (!wpa_s->global->p2p &&
!wpa_s->global->p2p_disabled &&
!wpa_s->conf->p2p_disabled &&
(wpa_s->drv_flags &
WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
wpas_p2p_add_p2pdev_interface(
wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
wpa_printf(MSG_INFO,
"P2P: Failed to enable P2P Device interface");
/* Try to continue without. P2P will be disabled. */
}
#endif /* CONFIG_P2P */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
case EVENT_INTERFACE_REMOVED:
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Configured interface was removed");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_s->interface_removed = 1;
wpa_supplicant_mark_disassoc(wpa_s);
Use WPA_INTERFACE_DISABLED with interface removed events This makes WPA_INTERFACE_DISABLED more consistent in indicating that wpa_supplicant cannot currently control the interface regardless of whether the interface is disabled or completely removed. Signed-hostap: Jouni Malinen <j@w1.fi> intended-for: hostap-1
12 years ago
wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
l2_packet_deinit(wpa_s->l2);
wpa_s->l2 = NULL;
P2P: Handle P2P Device dedicated interface parent removal In case of a network interface removal, check if the interface was also the parent interface of the P2P Device dedicated interface. If this is the case, then stop the P2P Device functionality, and remove the P2P Device dedicated interface. In case that the interface is added again and P2P Device functionality can be enabled again, add a new P2P Device dedicated interface and allow further P2P Device functionality. In case that the P2P Device dedicated interface is re-created, the original P2P Device configuration file is needed, so store it in the global params (instead in the wpa_interface configuration). Signed-off-by: Ilan Peer <ilan.peer@intel.com>
9 years ago
#ifdef CONFIG_P2P
if (wpa_s->global->p2p &&
wpa_s->global->p2p_init_wpa_s->parent == wpa_s &&
(wpa_s->drv_flags &
WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) {
wpa_dbg(wpa_s, MSG_DEBUG,
"Removing P2P Device interface");
wpa_supplicant_remove_iface(
wpa_s->global, wpa_s->global->p2p_init_wpa_s,
0);
wpa_s->global->p2p_init_wpa_s = NULL;
}
#endif /* CONFIG_P2P */
Add interface matching support with -M, guarded by CONFIG_MATCH_IFACE The new wpa_supplicant command line argument -M can be used to describe matching rules with a wildcard interface name (e.g., "wlan*"). This is very useful for systems without udev (Linux) or devd (FreeBSD). Signed-off-by: Roy Marples <roy@marples.name>
8 years ago
#ifdef CONFIG_MATCH_IFACE
if (wpa_s->matched) {
wpa_supplicant_remove_iface(wpa_s->global, wpa_s, 0);
break;
}
#endif /* CONFIG_MATCH_IFACE */
Add build option CONFIG_TERMINATE_ONLASTIF This makes wpa_supplicant terminate automatically if the configured interface(s) disappear.
15 years ago
#ifdef CONFIG_TERMINATE_ONLASTIF
/* check if last interface */
if (!any_interfaces(wpa_s->global->ifaces))
eloop_terminate();
#endif /* CONFIG_TERMINATE_ONLASTIF */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
}
}
TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010)
14 years ago
#ifdef CONFIG_TDLS
static void wpa_supplicant_event_tdls(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
if (data == NULL)
return;
switch (data->tdls.oper) {
case TDLS_REQUEST_SETUP:
TDLS: Remove link, if any, on an implicit set up request If an implicit TDLS set up request is obtained on an existing link or an to be established link, the previous link was not removed. This commit disables the existing link on a new set up request. Also, wpa_tdls_reneg() function was invoking wpa_tdls_start() on an already existing peer for the case of internal setup, which is incorrect. Thus the invocation of wpa_tdls_start() is removed in wpa_tdls_reneg() and also this function is renamed to wps_tdls_remove() as it does not renegotiation rather shall remove the link (if any) for the case of external setup. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
wpa_tdls_remove(wpa_s->wpa, data->tdls.peer);
if (wpa_tdls_is_external_setup(wpa_s->wpa))
wpa_tdls_start(wpa_s->wpa, data->tdls.peer);
else
wpa_drv_tdls_oper(wpa_s, TDLS_SETUP, data->tdls.peer);
TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010)
14 years ago
break;
case TDLS_REQUEST_TEARDOWN:
TDLS: Clean up wpa_tdls_teardown_link() uses Making this function be used only for external setup case simplifies the implementation and makes core wpa_supplicant calls in ctrl_iface.c and events.c consistent. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (wpa_tdls_is_external_setup(wpa_s->wpa))
wpa_tdls_teardown_link(wpa_s->wpa, data->tdls.peer,
data->tdls.reason_code);
else
wpa_drv_tdls_oper(wpa_s, TDLS_TEARDOWN,
data->tdls.peer);
TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010)
14 years ago
break;
TDLS: Allow driver to request TDLS Discovery Request initiation This extends the TDLS operation request mechanism to allow TDLS Discovery Request to be initiated by the driver similarly to the existing Setup and Teardown requests. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
case TDLS_REQUEST_DISCOVER:
wpa_tdls_send_discovery_request(wpa_s->wpa,
data->tdls.peer);
break;
TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010)
14 years ago
}
}
#endif /* CONFIG_TDLS */
WNM: Use CONFIG_WNM more consistently Replace CONFIG_IEEE80211V with CONFIG_WNM to get more consistent build options for WNM-Sleep Mode operations. Previously it was possible to define CONFIG_IEEE80211V without CONFIG_WNM which would break the build. In addition, IEEE 802.11v has been merged into IEEE Std 802.11-2012 and WNM is a better term to use for this new functionality anyway. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#ifdef CONFIG_WNM
WNM: Add WNM-Sleep Mode for station mode Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
static void wpa_supplicant_event_wnm(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
if (data == NULL)
return;
switch (data->wnm.oper) {
case WNM_OPER_SLEEP:
wpa_printf(MSG_DEBUG, "Start sending WNM-Sleep Request "
"(action=%d, intval=%d)",
data->wnm.sleep_action, data->wnm.sleep_intval);
ieee802_11_send_wnmsleep_req(wpa_s, data->wnm.sleep_action,
WNM: Add option for passing TFS request from external programs The optional tfs_req=<hex dump> parameter can be added for the wnm_sleep command to specify the TFS request element to use in the WNM-Sleep Mode Request frame. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
data->wnm.sleep_intval, NULL);
WNM: Add WNM-Sleep Mode for station mode Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
break;
}
}
WNM: Use CONFIG_WNM more consistently Replace CONFIG_IEEE80211V with CONFIG_WNM to get more consistent build options for WNM-Sleep Mode operations. Previously it was possible to define CONFIG_IEEE80211V without CONFIG_WNM which would break the build. In addition, IEEE 802.11v has been merged into IEEE Std 802.11-2012 and WNM is a better term to use for this new functionality anyway. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#endif /* CONFIG_WNM */
WNM: Add WNM-Sleep Mode for station mode Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
#ifdef CONFIG_IEEE80211R
static void
wpa_supplicant_event_ft_response(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
if (data == NULL)
return;
if (wpa_ft_process_response(wpa_s->wpa, data->ft_ies.ies,
data->ft_ies.ies_len,
data->ft_ies.ft_action,
FT: Add RIC Request generation and validation (but not processing) This adds first part of FT resource request as part of Reassocition Request frame (i.e., FT Protocol, not FT Resource Request Protocol). wpa_supplicant can generate a test resource request when driver_test.c is used with internal MLME code and hostapd can verify the FTIE MIC properly with the included RIC Request. The actual RIC Request IEs are not processed yet and hostapd does not yet reply with RIC Response (nor would wpa_supplicant be able to validate the FTIE MIC for a frame with RIC Response).
15 years ago
data->ft_ies.target_ap,
data->ft_ies.ric_ies,
data->ft_ies.ric_ies_len) < 0) {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
/* TODO: prevent MLME/driver from trying to associate? */
}
}
#endif /* CONFIG_IEEE80211R */
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
16 years ago
#ifdef CONFIG_IBSS_RSN
static void wpa_supplicant_event_ibss_rsn_start(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
IBSS RSN: Do not start 4-way handshake unless RSN is enabled
14 years ago
struct wpa_ssid *ssid;
IBSS RSN: Do not start if not yet connected to IBSS This is used to avoid starting IBSS RSN processing with a peer before the IBSS connection itself has been completed.
13 years ago
if (wpa_s->wpa_state < WPA_ASSOCIATED)
return;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
16 years ago
if (data == NULL)
return;
IBSS RSN: Do not start 4-way handshake unless RSN is enabled
14 years ago
ssid = wpa_s->current_ssid;
if (ssid == NULL)
return;
if (ssid->mode != WPAS_MODE_IBSS || !wpa_key_mgmt_wpa(ssid->key_mgmt))
return;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
16 years ago
ibss_rsn_start(wpa_s->ibss_rsn, data->ibss_rsn_start.peer);
}
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
11 years ago
static void wpa_supplicant_event_ibss_auth(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
struct wpa_ssid *ssid = wpa_s->current_ssid;
if (ssid == NULL)
return;
/* check if the ssid is correctly configured as IBSS/RSN */
if (ssid->mode != WPAS_MODE_IBSS || !wpa_key_mgmt_wpa(ssid->key_mgmt))
return;
ibss_rsn_handle_auth(wpa_s->ibss_rsn, data->rx_mgmt.frame,
data->rx_mgmt.frame_len);
}
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
16 years ago
#endif /* CONFIG_IBSS_RSN */
FT: Add preliminary processing of FT Action Response from EVENT_RX_ACTION Previously, this was only done with userspace MLME (i.e., driver_test.c); now, driver_nl80211.c can deliver the FT Action Response (FT-over-DS) for processing. The reassociation after successful FT Action frame exchange is not yet implemented.
14 years ago
#ifdef CONFIG_IEEE80211R
static void ft_rx_action(struct wpa_supplicant *wpa_s, const u8 *data,
size_t len)
{
const u8 *sta_addr, *target_ap_addr;
u16 status;
wpa_hexdump(MSG_MSGDUMP, "FT: RX Action", data, len);
if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME))
return; /* only SME case supported for now */
if (len < 1 + 2 * ETH_ALEN + 2)
return;
if (data[0] != 2)
return; /* Only FT Action Response is supported for now */
sta_addr = data + 1;
target_ap_addr = data + 1 + ETH_ALEN;
status = WPA_GET_LE16(data + 1 + 2 * ETH_ALEN);
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "FT: Received FT Action Response: STA "
MACSTR " TargetAP " MACSTR " status %u",
MAC2STR(sta_addr), MAC2STR(target_ap_addr), status);
FT: Add preliminary processing of FT Action Response from EVENT_RX_ACTION Previously, this was only done with userspace MLME (i.e., driver_test.c); now, driver_nl80211.c can deliver the FT Action Response (FT-over-DS) for processing. The reassociation after successful FT Action frame exchange is not yet implemented.
14 years ago
if (os_memcmp(sta_addr, wpa_s->own_addr, ETH_ALEN) != 0) {
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "FT: Foreign STA Address " MACSTR
" in FT Action Response", MAC2STR(sta_addr));
FT: Add preliminary processing of FT Action Response from EVENT_RX_ACTION Previously, this was only done with userspace MLME (i.e., driver_test.c); now, driver_nl80211.c can deliver the FT Action Response (FT-over-DS) for processing. The reassociation after successful FT Action frame exchange is not yet implemented.
14 years ago
return;
}
if (status) {
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "FT: FT Action Response indicates "
"failure (status code %d)", status);
FT: Add preliminary processing of FT Action Response from EVENT_RX_ACTION Previously, this was only done with userspace MLME (i.e., driver_test.c); now, driver_nl80211.c can deliver the FT Action Response (FT-over-DS) for processing. The reassociation after successful FT Action frame exchange is not yet implemented.
14 years ago
/* TODO: report error to FT code(?) */
return;
}
if (wpa_ft_process_response(wpa_s->wpa, data + 1 + 2 * ETH_ALEN + 2,
len - (1 + 2 * ETH_ALEN + 2), 1,
target_ap_addr, NULL, 0) < 0)
return;
FT: Update SME frequency info before sme_associate() call This is needed to allow FT-over-DS to request correct channel for the reassociation with the target AP.
14 years ago
#ifdef CONFIG_SME
{
struct wpa_bss *bss;
bss = wpa_bss_get_bssid(wpa_s, target_ap_addr);
if (bss)
wpa_s->sme.freq = bss->freq;
FT: Process reassoc resp FT IEs when using wpa_supplicant SME
14 years ago
wpa_s->sme.auth_alg = WPA_AUTH_ALG_FT;
FT: Update SME frequency info before sme_associate() call This is needed to allow FT-over-DS to request correct channel for the reassociation with the target AP.
14 years ago
sme_associate(wpa_s, WPAS_MODE_INFRA, target_ap_addr,
WLAN_AUTH_FT);
}
#endif /* CONFIG_SME */
FT: Add preliminary processing of FT Action Response from EVENT_RX_ACTION Previously, this was only done with userspace MLME (i.e., driver_test.c); now, driver_nl80211.c can deliver the FT Action Response (FT-over-DS) for processing. The reassociation after successful FT Action frame exchange is not yet implemented.
14 years ago
}
#endif /* CONFIG_IEEE80211R */
Use SA Query procedure to recovery from AP/STA state mismatch If a station received unprotected Deauthentication or Disassociation frame with reason code 6 or 7 from the current AP, there may be a mismatch in association state between the AP and STA. Verify whether this is the case by using SA Query procedure. If not response is received from the AP, deauthenticate. This implementation is only for user space SME with driver_nl80211.c.
14 years ago
static void wpa_supplicant_event_unprot_deauth(struct wpa_supplicant *wpa_s,
struct unprot_deauth *e)
{
wpa_printf(MSG_DEBUG, "Unprotected Deauthentication frame "
"dropped: " MACSTR " -> " MACSTR
" (reason code %u)",
MAC2STR(e->sa), MAC2STR(e->da), e->reason_code);
sme_event_unprot_disconnect(wpa_s, e->sa, e->da, e->reason_code);
}
static void wpa_supplicant_event_unprot_disassoc(struct wpa_supplicant *wpa_s,
struct unprot_disassoc *e)
{
wpa_printf(MSG_DEBUG, "Unprotected Disassociation frame "
"dropped: " MACSTR " -> " MACSTR
" (reason code %u)",
MAC2STR(e->sa), MAC2STR(e->da), e->reason_code);
sme_event_unprot_disconnect(wpa_s, e->sa, e->da, e->reason_code);
}
Clean up wpa_supplicant_event() with deauth/disassoc helper functions wpa_supplicant_event() has grown overly large, so it is useful to split it into smaller pieces. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
static void wpas_event_disconnect(struct wpa_supplicant *wpa_s, const u8 *addr,
u16 reason_code, int locally_generated,
const u8 *ie, size_t ie_len, int deauth)
{
#ifdef CONFIG_AP
if (wpa_s->ap_iface && addr) {
hostapd_notif_disassoc(wpa_s->ap_iface->bss[0], addr);
return;
}
if (wpa_s->ap_iface) {
wpa_dbg(wpa_s, MSG_DEBUG, "Ignore deauth event in AP mode");
return;
}
#endif /* CONFIG_AP */
Do not add blacklist entries based on normal disconnect request cases There are number of cases where wpa_supplicant requests the current connection to be disconnected before starting a new operation. Such cases do not really indicate that there was an error in connecting or a disconnection initiated by the AP, so do not add a temporary blacklist entry in such sequences. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
if (!locally_generated)
wpa_s->own_disconnect_req = 0;
Clean up wpa_supplicant_event() with deauth/disassoc helper functions wpa_supplicant_event() has grown overly large, so it is useful to split it into smaller pieces. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
wpa_supplicant_event_disassoc(wpa_s, reason_code, locally_generated);
Skip network disabling on expected EAP failure Some EAP methods can go through a step that is expected to fail and as such, should not trigger temporary network disabling when processing EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as a special case, but similar behavior is needed for EAP-FAST with unauthenticated provisioning. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
if (((reason_code == WLAN_REASON_IEEE_802_1X_AUTH_FAILED ||
((wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
(wpa_s->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) &&
eapol_sm_failed(wpa_s->eapol))) &&
!wpa_s->eap_expected_failure))
Send authentication failure reason in wpas_auth_failed() "WRONG_KEY" - possibly wrong psk "AUTH_FAILED" - authentication failure "CONN_FAILED" - continiuos connection failure Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
10 years ago
wpas_auth_failed(wpa_s, "AUTH_FAILED");
Clean up wpa_supplicant_event() with deauth/disassoc helper functions wpa_supplicant_event() has grown overly large, so it is useful to split it into smaller pieces. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
#ifdef CONFIG_P2P
P2P: Immediate group removal in GC in case of deauthentication Right now in case of deauthentication from GO, immediate group removal will happen in GC only if the deauthentication packet has a valid IE. However, the IE in deauthentication packet is mandated only for managed P2P group. So in normal P2P group the group removal is delayed and will happen later only in group idle timeout. This fixes a regression from commit d7df0fa727a2a79d7b22df6c68961220349ab2e3 that changed the previous check for data->deauth_info != NULL to data->deauth_info->ie != NULL. Signed-hostap: Sreenath Sharma <sreenats@broadcom.com>
11 years ago
if (deauth && reason_code > 0) {
Clean up wpa_supplicant_event() with deauth/disassoc helper functions wpa_supplicant_event() has grown overly large, so it is useful to split it into smaller pieces. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
if (wpas_p2p_deauth_notif(wpa_s, addr, reason_code, ie, ie_len,
locally_generated) > 0) {
/*
* The interface was removed, so cannot continue
* processing any additional operations after this.
*/
return;
}
}
#endif /* CONFIG_P2P */
wpa_supplicant_event_disassoc_finish(wpa_s, reason_code,
locally_generated);
}
static void wpas_event_disassoc(struct wpa_supplicant *wpa_s,
struct disassoc_info *info)
{
u16 reason_code = 0;
int locally_generated = 0;
const u8 *addr = NULL;
const u8 *ie = NULL;
size_t ie_len = 0;
wpa_dbg(wpa_s, MSG_DEBUG, "Disassociation notification");
if (info) {
addr = info->addr;
ie = info->ie;
ie_len = info->ie_len;
reason_code = info->reason_code;
locally_generated = info->locally_generated;
Add 802.11 reason code strings into wpa_supplicant messages Logs involving IEEE 802.11 Reason Codes output the Reason Code value, but do not provide any explanation of what the value means. This change provides a terse explanation of each Reason Code using the latter part of the reason code #define names. Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
5 years ago
wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u (%s)%s", reason_code,
reason2str(reason_code),
locally_generated ? " locally_generated=1" : "");
Clean up wpa_supplicant_event() with deauth/disassoc helper functions wpa_supplicant_event() has grown overly large, so it is useful to split it into smaller pieces. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
if (addr)
wpa_dbg(wpa_s, MSG_DEBUG, " * address " MACSTR,
MAC2STR(addr));
wpa_hexdump(MSG_DEBUG, "Disassociation frame IE(s)",
ie, ie_len);
}
#ifdef CONFIG_AP
if (wpa_s->ap_iface && info && info->addr) {
hostapd_notif_disassoc(wpa_s->ap_iface->bss[0], info->addr);
return;
}
if (wpa_s->ap_iface) {
wpa_dbg(wpa_s, MSG_DEBUG, "Ignore disassoc event in AP mode");
return;
}
#endif /* CONFIG_AP */
#ifdef CONFIG_P2P
if (info) {
wpas_p2p_disassoc_notif(
wpa_s, info->addr, reason_code, info->ie, info->ie_len,
locally_generated);
}
#endif /* CONFIG_P2P */
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
sme_event_disassoc(wpa_s, info);
wpas_event_disconnect(wpa_s, addr, reason_code, locally_generated,
ie, ie_len, 0);
}
static void wpas_event_deauth(struct wpa_supplicant *wpa_s,
struct deauth_info *info)
{
u16 reason_code = 0;
int locally_generated = 0;
const u8 *addr = NULL;
const u8 *ie = NULL;
size_t ie_len = 0;
wpa_dbg(wpa_s, MSG_DEBUG, "Deauthentication notification");
if (info) {
addr = info->addr;
ie = info->ie;
ie_len = info->ie_len;
reason_code = info->reason_code;
locally_generated = info->locally_generated;
Add 802.11 reason code strings into wpa_supplicant messages Logs involving IEEE 802.11 Reason Codes output the Reason Code value, but do not provide any explanation of what the value means. This change provides a terse explanation of each Reason Code using the latter part of the reason code #define names. Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
5 years ago
wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u (%s)%s",
reason_code, reason2str(reason_code),
locally_generated ? " locally_generated=1" : "");
Clean up wpa_supplicant_event() with deauth/disassoc helper functions wpa_supplicant_event() has grown overly large, so it is useful to split it into smaller pieces. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
if (addr) {
wpa_dbg(wpa_s, MSG_DEBUG, " * address " MACSTR,
MAC2STR(addr));
}
wpa_hexdump(MSG_DEBUG, "Deauthentication frame IE(s)",
ie, ie_len);
}
wpa_reset_ft_completed(wpa_s->wpa);
wpas_event_disconnect(wpa_s, addr, reason_code,
locally_generated, ie, ie_len, 1);
}
Add a wpa_supplicant ctrl_iface event for regdom changes CTRL-EVENT-REGDOM-CHANGE event provides an external notification of regulatory domain (and any driver channel list) changes. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
static const char * reg_init_str(enum reg_change_initiator init)
{
switch (init) {
case REGDOM_SET_BY_CORE:
return "CORE";
case REGDOM_SET_BY_USER:
return "USER";
case REGDOM_SET_BY_DRIVER:
return "DRIVER";
case REGDOM_SET_BY_COUNTRY_IE:
return "COUNTRY_IE";
case REGDOM_BEACON_HINT:
return "BEACON_HINT";
}
return "?";
}
static const char * reg_type_str(enum reg_type type)
{
switch (type) {
case REGDOM_TYPE_UNKNOWN:
return "UNKNOWN";
case REGDOM_TYPE_COUNTRY:
return "COUNTRY";
case REGDOM_TYPE_WORLD:
return "WORLD";
case REGDOM_TYPE_CUSTOM_WORLD:
return "CUSTOM_WORLD";
case REGDOM_TYPE_INTERSECTION:
return "INTERSECTION";
}
return "?";
}
Update wpa_supplicant channel list on FLUSH Try to make sure the driver channel list state is synchronized with wpa_supplicant whenever explicitly clearing state (e.g., between hwsim test cases). Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
void wpa_supplicant_update_channel_list(struct wpa_supplicant *wpa_s,
struct channel_list_changed *info)
Update regulatory change to all virtual interface for the phy wpas_p2p_setup_channels function uses the per interface information (wpa_s->hw.modes) for setting up the available channel list for P2P operation, but if a separate P2P interface is used (e.g., p2p0 on Android), the wpa_s instance for that interface may not get an updated channel list. This can result in some operations, like "P2P_SET disallow_freq", using old channel list information (e.g., world roaming information with passive-scan/no-ibss flags) which was initialized during the start-up. This could result in P2P functionality using conflicting or obsolete channel information. To resolve this issue, update channel list information on regulatory change events to all of the virtual interfaces sharing the same phy for which the event is received. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
{
struct wpa_supplicant *ifs;
driver: Make DFS domain information available to core Current DFS domain information of the driver can be used in ap/dfs to comply with DFS domain specific requirements like uniform spreading for ETSI domain. Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
7 years ago
u8 dfs_domain;
Update regulatory change to all virtual interface for the phy wpas_p2p_setup_channels function uses the per interface information (wpa_s->hw.modes) for setting up the available channel list for P2P operation, but if a separate P2P interface is used (e.g., p2p0 on Android), the wpa_s instance for that interface may not get an updated channel list. This can result in some operations, like "P2P_SET disallow_freq", using old channel list information (e.g., world roaming information with passive-scan/no-ibss flags) which was initialized during the start-up. This could result in P2P functionality using conflicting or obsolete channel information. To resolve this issue, update channel list information on regulatory change events to all of the virtual interfaces sharing the same phy for which the event is received. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
Send CTRL-EVENT-REGDOM-CHANGE event on the parent interface The NL80211_CMD_WIPHY_REG_CHANGE can be handled by any of the interfaces that are currently controlled by the wpa_supplicant. However, some applications expect the REGDOM_CHANGE event to be sent on the control interface of the initially added interface (and do not expect the event on any of child interfaces). To resolve this, when processing NL80211_CMD_WIPHY_REG_CHANGE, find the highest parent in the chain, and use its control interface to emit the CTRL-EVENT-REGDOM-CHANGE event. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
8 years ago
/*
* To allow backwards compatibility with higher level layers that
* assumed the REGDOM_CHANGE event is sent over the initially added
* interface. Find the highest parent of this interface and use it to
* send the event.
*/
for (ifs = wpa_s; ifs->parent && ifs != ifs->parent; ifs = ifs->parent)
;
Update wpa_supplicant channel list on FLUSH Try to make sure the driver channel list state is synchronized with wpa_supplicant whenever explicitly clearing state (e.g., between hwsim test cases). Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago
if (info) {
wpa_msg(ifs, MSG_INFO,
WPA_EVENT_REGDOM_CHANGE "init=%s type=%s%s%s",
reg_init_str(info->initiator), reg_type_str(info->type),
info->alpha2[0] ? " alpha2=" : "",
info->alpha2[0] ? info->alpha2 : "");
}
Add a wpa_supplicant ctrl_iface event for regdom changes CTRL-EVENT-REGDOM-CHANGE event provides an external notification of regulatory domain (and any driver channel list) changes. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
Update regulatory change to all virtual interface for the phy wpas_p2p_setup_channels function uses the per interface information (wpa_s->hw.modes) for setting up the available channel list for P2P operation, but if a separate P2P interface is used (e.g., p2p0 on Android), the wpa_s instance for that interface may not get an updated channel list. This can result in some operations, like "P2P_SET disallow_freq", using old channel list information (e.g., world roaming information with passive-scan/no-ibss flags) which was initialized during the start-up. This could result in P2P functionality using conflicting or obsolete channel information. To resolve this issue, update channel list information on regulatory change events to all of the virtual interfaces sharing the same phy for which the event is received. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
if (wpa_s->drv_priv == NULL)
return; /* Ignore event during drv initialization */
Use wpa_radio data for channel list updates This replaces the now unnecessary iteration of get_radio_name() calls. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
radio_list) {
Refactor channel list update event in wpa_supplicant Update hardware features for all interfaces inside the loop, don't treat the calling wpa_s instance specially. Perform the P2P channel list updates after the hardware features are updated. This will prevent P2P from relying on stale information. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
9 years ago
wpa_printf(MSG_DEBUG, "%s: Updating hw mode",
ifs->ifname);
free_hw_features(ifs);
ifs->hw.modes = wpa_drv_get_hw_feature_data(
driver: Make DFS domain information available to core Current DFS domain information of the driver can be used in ap/dfs to comply with DFS domain specific requirements like uniform spreading for ETSI domain. Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
7 years ago
ifs, &ifs->hw.num_modes, &ifs->hw.flags, &dfs_domain);
Restart sched_scan on channel list change The channel list can be changed as a result of arriving beacon hints during normal scan or as a result of local Reg-Domain change. Some passive channels can become active and needs to be reconfigured accordingly for the scheduled scan. This fixes the connection to hidden SSIDs on 5 GHz band during default Reg-Domain 00 (world roaming). Signed-off-by: Victor Goldenshtein <victorg@ti.com> Signed-off-by: Eliad Peller <eliad@wizery.com>
9 years ago
Restart PNO/sched_scan on channel list update As the scan channels might need to change when the channel list has been updated by the kernel. Use the simulated sched_scan timeout (wpas_scan_restart_sched_scan()) to handle a possible race where an ongoing sched_scan has stopped asynchronously while trying to restart a new sched_scan. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
8 years ago
/* Restart PNO/sched_scan with updated channel list */
if (ifs->pno) {
wpas_stop_pno(ifs);
wpas_start_pno(ifs);
} else if (ifs->sched_scanning && !ifs->pno_sched_pending) {
wpa_dbg(ifs, MSG_DEBUG,
"Channel list changed - restart sched_scan");
wpas_scan_restart_sched_scan(ifs);
}
Restart sched_scan on channel list change The channel list can be changed as a result of arriving beacon hints during normal scan or as a result of local Reg-Domain change. Some passive channels can become active and needs to be reconfigured accordingly for the scheduled scan. This fixes the connection to hidden SSIDs on 5 GHz band during default Reg-Domain 00 (world roaming). Signed-off-by: Victor Goldenshtein <victorg@ti.com> Signed-off-by: Eliad Peller <eliad@wizery.com>
9 years ago
}
Refactor channel list update event in wpa_supplicant Update hardware features for all interfaces inside the loop, don't treat the calling wpa_s instance specially. Perform the P2P channel list updates after the hardware features are updated. This will prevent P2P from relying on stale information. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
9 years ago
P2P: Do not perform P2P GO CS in some cases A P2P GO channel switch should not be triggered in all cases that require channel list update. Specifically, a P2P GO CS should not be triggered in case that the P2P GO state changed or in case that that the P2P GO has just completed a CS. To fix this, add reason code to wpas_p2p_channel_list_update() and trigger CS flow only for the relevant cases. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
9 years ago
wpas_p2p_update_channel_list(wpa_s, WPAS_P2P_CHANNEL_UPDATE_DRIVER);
Update regulatory change to all virtual interface for the phy wpas_p2p_setup_channels function uses the per interface information (wpa_s->hw.modes) for setting up the available channel list for P2P operation, but if a separate P2P interface is used (e.g., p2p0 on Android), the wpa_s instance for that interface may not get an updated channel list. This can result in some operations, like "P2P_SET disallow_freq", using old channel list information (e.g., world roaming information with passive-scan/no-ibss flags) which was initialized during the start-up. This could result in P2P functionality using conflicting or obsolete channel information. To resolve this issue, update channel list information on regulatory change events to all of the virtual interfaces sharing the same phy for which the event is received. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
11 years ago
}
Remove unnecessary EVENT_RX_ACTION This driver event was used separately for some Action frames, but all the driver wrappers converted to this from information that would have been enough to indicate an EVENT_RX_MGMT event. In addition, the received event was then converted back to a full IEEE 802.11 management frame for processing in most cases. This is unnecessary complexity, so get rid of the extra path and use EVENT_RX_MGMT for Action frames as well as other management frame subtypes. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
static void wpas_event_rx_mgmt_action(struct wpa_supplicant *wpa_s,
wpa_supplicant: Handle link measurement requests Send link measurement response when a request is received. Advertise only RCPI, computing it from the RSSI of the request. The TX power field is left to be filled by the driver. All other fields are not published. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
10 years ago
const u8 *frame, size_t len, int freq,
int rssi)
Remove unnecessary EVENT_RX_ACTION This driver event was used separately for some Action frames, but all the driver wrappers converted to this from information that would have been enough to indicate an EVENT_RX_MGMT event. In addition, the received event was then converted back to a full IEEE 802.11 management frame for processing in most cases. This is unnecessary complexity, so get rid of the extra path and use EVENT_RX_MGMT for Action frames as well as other management frame subtypes. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
{
Use clearer way of getting pointer to a frame (CID 62835) This avoids an incorrect ARRAY_VS_SINGLETON report for a case where a pointer is taken to the specified field in a frame and not to a single octet. Bounds checking was already handled separately. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
const struct ieee80211_mgmt *mgmt;
Remove unnecessary EVENT_RX_ACTION This driver event was used separately for some Action frames, but all the driver wrappers converted to this from information that would have been enough to indicate an EVENT_RX_MGMT event. In addition, the received event was then converted back to a full IEEE 802.11 management frame for processing in most cases. This is unnecessary complexity, so get rid of the extra path and use EVENT_RX_MGMT for Action frames as well as other management frame subtypes. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
const u8 *payload;
size_t plen;
u8 category;
if (len < IEEE80211_HDRLEN + 2)
return;
Use clearer way of getting pointer to a frame (CID 62835) This avoids an incorrect ARRAY_VS_SINGLETON report for a case where a pointer is taken to the specified field in a frame and not to a single octet. Bounds checking was already handled separately. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
mgmt = (const struct ieee80211_mgmt *) frame;
payload = frame + IEEE80211_HDRLEN;
Remove unnecessary EVENT_RX_ACTION This driver event was used separately for some Action frames, but all the driver wrappers converted to this from information that would have been enough to indicate an EVENT_RX_MGMT event. In addition, the received event was then converted back to a full IEEE 802.11 management frame for processing in most cases. This is unnecessary complexity, so get rid of the extra path and use EVENT_RX_MGMT for Action frames as well as other management frame subtypes. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
category = *payload++;
Use clearer way of getting pointer to a frame (CID 62835) This avoids an incorrect ARRAY_VS_SINGLETON report for a case where a pointer is taken to the specified field in a frame and not to a single octet. Bounds checking was already handled separately. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
plen = len - IEEE80211_HDRLEN - 1;
Remove unnecessary EVENT_RX_ACTION This driver event was used separately for some Action frames, but all the driver wrappers converted to this from information that would have been enough to indicate an EVENT_RX_MGMT event. In addition, the received event was then converted back to a full IEEE 802.11 management frame for processing in most cases. This is unnecessary complexity, so get rid of the extra path and use EVENT_RX_MGMT for Action frames as well as other management frame subtypes. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Received Action frame: SA=" MACSTR
" Category=%u DataLen=%d freq=%d MHz",
MAC2STR(mgmt->sa), category, (int) plen, freq);
WMM AC: Handle TSPEC action frames Add the TSPEC to the driver on successful TSPEC ADDTS response. Delete the TSPEC when receiving DELTS action. Signed-off-by: Moshe Benji <moshe.benji@intel.com> Signed-off-by: Eliad Peller <eliad@wizery.com>
10 years ago
if (category == WLAN_ACTION_WMM) {
wmm_ac_rx_action(wpa_s, mgmt->da, mgmt->sa, payload, plen);
return;
}
Remove unnecessary EVENT_RX_ACTION This driver event was used separately for some Action frames, but all the driver wrappers converted to this from information that would have been enough to indicate an EVENT_RX_MGMT event. In addition, the received event was then converted back to a full IEEE 802.11 management frame for processing in most cases. This is unnecessary complexity, so get rid of the extra path and use EVENT_RX_MGMT for Action frames as well as other management frame subtypes. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
#ifdef CONFIG_IEEE80211R
if (category == WLAN_ACTION_FT) {
ft_rx_action(wpa_s, payload, plen);
return;
}
#endif /* CONFIG_IEEE80211R */
#ifdef CONFIG_SME
if (category == WLAN_ACTION_SA_QUERY) {
Ignore group-addressed SA Query frames These frames are used for verifying that a specific SA and protected link is in functional state between two devices. The IEEE 802.11 standard defines only a case that uses individual MAC address as the destination. While there is no explicit rule on the receiver to ignore other cases, it seems safer to make sure group-addressed frames do not end up resulting in undesired behavior. As such, drop such frames instead of interpreting them as valid SA Query Request/Response. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
3 years ago
sme_sa_query_rx(wpa_s, mgmt->da, mgmt->sa, payload, plen);
Remove unnecessary EVENT_RX_ACTION This driver event was used separately for some Action frames, but all the driver wrappers converted to this from information that would have been enough to indicate an EVENT_RX_MGMT event. In addition, the received event was then converted back to a full IEEE 802.11 management frame for processing in most cases. This is unnecessary complexity, so get rid of the extra path and use EVENT_RX_MGMT for Action frames as well as other management frame subtypes. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
return;
}
#endif /* CONFIG_SME */
#ifdef CONFIG_WNM
if (mgmt->u.action.category == WLAN_ACTION_WNM) {
ieee802_11_rx_wnm_action(wpa_s, mgmt, len);
return;
}
#endif /* CONFIG_WNM */
#ifdef CONFIG_GAS
GAS client: Use Protected Dual of Public Action frames with PMF When GAS is used with PMF negotiated, Protected Dual of Public Action frames are expected to be used instead of Public Action frames, i.e., the GAS/ANQP frames are expected to be encrypted. Conver Public Action GAS queries to use Dual of Public Action frame if PMF has been negotiated with the AP to which the frame is being sent. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if ((mgmt->u.action.category == WLAN_ACTION_PUBLIC ||
mgmt->u.action.category == WLAN_ACTION_PROTECTED_DUAL) &&
Remove unnecessary EVENT_RX_ACTION This driver event was used separately for some Action frames, but all the driver wrappers converted to this from information that would have been enough to indicate an EVENT_RX_MGMT event. In addition, the received event was then converted back to a full IEEE 802.11 management frame for processing in most cases. This is unnecessary complexity, so get rid of the extra path and use EVENT_RX_MGMT for Action frames as well as other management frame subtypes. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
gas_query_rx(wpa_s->gas, mgmt->da, mgmt->sa, mgmt->bssid,
GAS client: Use Protected Dual of Public Action frames with PMF When GAS is used with PMF negotiated, Protected Dual of Public Action frames are expected to be used instead of Public Action frames, i.e., the GAS/ANQP frames are expected to be encrypted. Conver Public Action GAS queries to use Dual of Public Action frame if PMF has been negotiated with the AP to which the frame is being sent. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
mgmt->u.action.category,
Remove unnecessary EVENT_RX_ACTION This driver event was used separately for some Action frames, but all the driver wrappers converted to this from information that would have been enough to indicate an EVENT_RX_MGMT event. In addition, the received event was then converted back to a full IEEE 802.11 management frame for processing in most cases. This is unnecessary complexity, so get rid of the extra path and use EVENT_RX_MGMT for Action frames as well as other management frame subtypes. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
payload, plen, freq) == 0)
return;
#endif /* CONFIG_GAS */
DPP: Configuration exchange This adds support for DPP Configuration Protocol using GAS. Full generation and processing of the configuration object is not included in this commit. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#ifdef CONFIG_GAS_SERVER
if ((mgmt->u.action.category == WLAN_ACTION_PUBLIC ||
mgmt->u.action.category == WLAN_ACTION_PROTECTED_DUAL) &&
gas_server_rx(wpa_s->gas_server, mgmt->da, mgmt->sa, mgmt->bssid,
mgmt->u.action.category,
payload, plen, freq) == 0)
return;
#endif /* CONFIG_GAS_SERVER */
Remove unnecessary EVENT_RX_ACTION This driver event was used separately for some Action frames, but all the driver wrappers converted to this from information that would have been enough to indicate an EVENT_RX_MGMT event. In addition, the received event was then converted back to a full IEEE 802.11 management frame for processing in most cases. This is unnecessary complexity, so get rid of the extra path and use EVENT_RX_MGMT for Action frames as well as other management frame subtypes. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
#ifdef CONFIG_TDLS
if (category == WLAN_ACTION_PUBLIC && plen >= 4 &&
payload[0] == WLAN_TDLS_DISCOVERY_RESPONSE) {
wpa_dbg(wpa_s, MSG_DEBUG,
"TDLS: Received Discovery Response from " MACSTR,
MAC2STR(mgmt->sa));
return;
}
#endif /* CONFIG_TDLS */
#ifdef CONFIG_INTERWORKING
if (category == WLAN_ACTION_QOS && plen >= 1 &&
payload[0] == QOS_QOS_MAP_CONFIG) {
const u8 *pos = payload + 1;
size_t qlen = plen - 1;
wpa_dbg(wpa_s, MSG_DEBUG, "Interworking: Received QoS Map Configure frame from "
MACSTR, MAC2STR(mgmt->sa));
if (os_memcmp(mgmt->sa, wpa_s->bssid, ETH_ALEN) == 0 &&
qlen > 2 && pos[0] == WLAN_EID_QOS_MAP_SET &&
pos[1] <= qlen - 2 && pos[1] >= 16)
wpas_qos_map_set(wpa_s, pos + 2, pos[1]);
return;
}
#endif /* CONFIG_INTERWORKING */
wpa_supplicant: Handle LCI request Handle radio measurement request that contains LCI request. Send measurement report based on a configurable LCI report element. The LCI report element is configured over the control interface with SET lci <hexdump of the element> and cleared with SET lci "" Signed-off-by: David Spinadel <david.spinadel@intel.com>
8 years ago
if (category == WLAN_ACTION_RADIO_MEASUREMENT &&
payload[0] == WLAN_RRM_RADIO_MEASUREMENT_REQUEST) {
wpas_rrm_handle_radio_measurement_request(wpa_s, mgmt->sa,
RRM: Send reject/refuse response only to unicast measurement request IEEE Std 802.11-2016, 11.11.6 specifies that a station that is unable to make a requested measurement or refuses to make a measurement shall respond only if the measurement request was received within an individually addressed radio measurement request frame, but shall not respond if such a request was received in a group addressed frame. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
7 years ago
mgmt->da,
wpa_supplicant: Handle LCI request Handle radio measurement request that contains LCI request. Send measurement report based on a configurable LCI report element. The LCI report element is configured over the control interface with SET lci <hexdump of the element> and cleared with SET lci "" Signed-off-by: David Spinadel <david.spinadel@intel.com>
8 years ago
payload + 1,
plen - 1);
return;
}
wpa_supplicant: Add support for Neighbor Report Add the ability to send a Neighbor Report Request (part of RRM). Requester is then notified once the report arrives. Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
10 years ago
if (category == WLAN_ACTION_RADIO_MEASUREMENT &&
payload[0] == WLAN_RRM_NEIGHBOR_REPORT_RESPONSE) {
wpas_rrm_process_neighbor_rep(wpa_s, payload + 1, plen - 1);
return;
}
wpa_supplicant: Handle link measurement requests Send link measurement response when a request is received. Advertise only RCPI, computing it from the RSSI of the request. The TX power field is left to be filled by the driver. All other fields are not published. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
10 years ago
if (category == WLAN_ACTION_RADIO_MEASUREMENT &&
payload[0] == WLAN_RRM_LINK_MEASUREMENT_REQUEST) {
wpas_rrm_handle_link_measurement_request(wpa_s, mgmt->sa,
payload + 1, plen - 1,
rssi);
return;
}
FST: Send FST Action frame for processing (wpa_supplicant) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
#ifdef CONFIG_FST
if (mgmt->u.action.category == WLAN_ACTION_FST && wpa_s->fst) {
fst_rx_action(wpa_s->fst, mgmt, len);
return;
}
#endif /* CONFIG_FST */
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#ifdef CONFIG_DPP
if (category == WLAN_ACTION_PUBLIC && plen >= 5 &&
payload[0] == WLAN_PA_VENDOR_SPECIFIC &&
WPA_GET_BE24(&payload[1]) == OUI_WFA &&
payload[4] == DPP_OUI_TYPE) {
DPP: Update AES-SIV AD for DPP Authentication frames The protocol design was updated to protect the six octets in the header before the attributes. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
payload++;
plen--;
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
wpas_dpp_rx_action(wpa_s, mgmt->sa, payload, plen, freq);
return;
}
#endif /* CONFIG_DPP */
MSCS: Add support to process MSCS Response frames Add support to receive and process MSCS Response frames from the AP and indicate the status to upper layers. Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
4 years ago
if (category == WLAN_ACTION_ROBUST_AV_STREAMING &&
SCS: Processing of SCS Response frames Add support to receive and process SCS Response frames from the AP and indicate the status to upper layers. Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
3 years ago
payload[0] == ROBUST_AV_SCS_RESP) {
wpas_handle_robust_av_scs_recv_action(wpa_s, mgmt->sa,
payload + 1, plen - 1);
return;
}
if (category == WLAN_ACTION_ROBUST_AV_STREAMING &&
MSCS: Add support to process MSCS Response frames Add support to receive and process MSCS Response frames from the AP and indicate the status to upper layers. Signed-off-by: Vinita S. Maloo <vmaloo@codeaurora.org>
4 years ago
payload[0] == ROBUST_AV_MSCS_RESP) {
wpas_handle_robust_av_recv_action(wpa_s, mgmt->sa,
payload + 1, plen - 1);
return;
}
DSCP: Parsing and processing of DSCP Policy Request frames Add support to parse received DSCP Policy Request frames and send the request details as control interface events. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
3 years ago
if (category == WLAN_ACTION_VENDOR_SPECIFIC_PROTECTED && plen > 4 &&
WPA_GET_BE32(payload) == QM_ACTION_VENDOR_TYPE) {
wpas_handle_qos_mgmt_recv_action(wpa_s, mgmt->sa,
payload + 4, plen - 4);
return;
}
Remove unnecessary EVENT_RX_ACTION This driver event was used separately for some Action frames, but all the driver wrappers converted to this from information that would have been enough to indicate an EVENT_RX_MGMT event. In addition, the received event was then converted back to a full IEEE 802.11 management frame for processing in most cases. This is unnecessary complexity, so get rid of the extra path and use EVENT_RX_MGMT for Action frames as well as other management frame subtypes. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
wpas_p2p_rx_action(wpa_s, mgmt->da, mgmt->sa, mgmt->bssid,
category, payload, plen, freq);
mesh: Add mesh peering manager The mesh peering manager establishes and maintains links among mesh peers, tracking each peer link via a finite state machine. This implementation supports open mesh peerings. [assorted fixes from Yu Niiro <yu.niiro@gmail.com>] [more fixes from Masashi Honma <masashi.honma@gmail.com>] Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-hostap: Bob Copeland <me@bobcopeland.com>
10 years ago
if (wpa_s->ifmsh)
mesh_mpm_action_rx(wpa_s, mgmt, len);
Remove unnecessary EVENT_RX_ACTION This driver event was used separately for some Action frames, but all the driver wrappers converted to this from information that would have been enough to indicate an EVENT_RX_MGMT event. In addition, the received event was then converted back to a full IEEE 802.11 management frame for processing in most cases. This is unnecessary complexity, so get rid of the extra path and use EVENT_RX_MGMT for Action frames as well as other management frame subtypes. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
}
P2P: Apply unsafe frequency rules to available channels This adds a QCA vendor specific nl80211 event to allow the driver to indicate a list of frequency ranges that should be avoided due to interference or possible known co-existance constraints. Such frequencies are marked as not allowed for P2P use to force groups to be formed on different channels. If a P2P GO is operating on a channel that the driver recommended not to use, a notification about this is sent on the control interface and upper layer code may decide to tear down the group and optionally restart it on another channel. As a TODO item, this could also be changed to use CSA to avoid removing the group. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
static void wpa_supplicant_notify_avoid_freq(struct wpa_supplicant *wpa_s,
union wpa_event_data *event)
{
struct wpa_freq_range_list *list;
char *str = NULL;
list = &event->freq_range;
if (list->num)
str = freq_range_list_str(list);
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_AVOID_FREQ "ranges=%s",
str ? str : "");
#ifdef CONFIG_P2P
if (freq_range_list_parse(&wpa_s->global->p2p_go_avoid_freq, str)) {
wpa_dbg(wpa_s, MSG_ERROR, "%s: Failed to parse freq range",
__func__);
} else {
wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Update channel list based on frequency avoid event");
P2P: Remove GO handling in avoid frequency event Remove the code that considers removing GOs from their current channel due to frequency interference, as this is already handled as part of the P2P channels update. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
9 years ago
/*
* The update channel flow will also take care of moving a GO
* from the unsafe frequency if needed.
*/
P2P: Do not perform P2P GO CS in some cases A P2P GO channel switch should not be triggered in all cases that require channel list update. Specifically, a P2P GO CS should not be triggered in case that the P2P GO state changed or in case that that the P2P GO has just completed a CS. To fix this, add reason code to wpas_p2p_channel_list_update() and trigger CS flow only for the relevant cases. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
9 years ago
wpas_p2p_update_channel_list(wpa_s,
WPAS_P2P_CHANNEL_UPDATE_AVOID);
P2P: Apply unsafe frequency rules to available channels This adds a QCA vendor specific nl80211 event to allow the driver to indicate a list of frequency ranges that should be avoided due to interference or possible known co-existance constraints. Such frequencies are marked as not allowed for P2P use to force groups to be formed on different channels. If a P2P GO is operating on a channel that the driver recommended not to use, a notification about this is sent on the control interface and upper layer code may decide to tear down the group and optionally restart it on another channel. As a TODO item, this could also be changed to use CSA to avoid removing the group. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
#endif /* CONFIG_P2P */
os_free(str);
}
wpa_supplicant: Handle port authorized event When the driver indicates that the connection is authorized (i.e., the 4-way handshake was completed by the driver), cancel the EAP authentication timeout and set the EAP state machine to success state. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
6 years ago
static void wpa_supplicant_event_port_authorized(struct wpa_supplicant *wpa_s)
Add support for offloading key management operations to the driver This commit introduces a QCA vendor command and event to provide an option to use extended versions of the nl80211 connect/roam operations in a way that allows drivers to offload key management operations to the driver/firmware. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
{
if (wpa_s->wpa_state == WPA_ASSOCIATED) {
wpa_supplicant_cancel_auth_timeout(wpa_s);
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
EAPOL supp: Convert Boolean to C99 bool Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
eapol_sm_notify_portValid(wpa_s->eapol, true);
eapol_sm_notify_eap_success(wpa_s->eapol, true);
Clear external eapSuccess setting in driver-authorized cases The conditions for the eapol_sm_notify_eap_success(FALSE) calls did not cover the case where eapol_sm_notify_eap_success(TRUE) had been called based on offloaded 4-way handshake and driver notification of authorization in wpa_supplicant_event_port_authorized(). This could result in eapSuccess and altSuccess state machine variables being left TRUE when roaming to another BSS and that results in EAP failure if the following roaming case does not get fully authorized through the driver offload. Fix this by clearing eapSuccess/altSuccess when processing a new association (including roaming) event and also when disconnecting from the network. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
wpa_s->drv_authorized_port = 1;
Add support for offloading key management operations to the driver This commit introduces a QCA vendor command and event to provide an option to use extended versions of the nl80211 connect/roam operations in a way that allows drivers to offload key management operations to the driver/firmware. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
wpa_supplicant: Handle port authorized event When the driver indicates that the connection is authorized (i.e., the 4-way handshake was completed by the driver), cancel the EAP authentication timeout and set the EAP state machine to success state. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
6 years ago
}
wpa_supplicant: Increase authentication timeout if CAC is started Timeout is increased by dfs_cac_ms from channel data, or by max CAC time (10 minutes) if dfs_cac_ms is not defined. This is needed for some more complex cases, e.g., when STA is acting as an active slave with DFS offload enabled and decided to start CAC after receiving CONNECT command, in such a case the 10 second timeout is too small and wpa_supplicant need to wait for CAC completion or CAC timeout (up to 10 minutes). Without such timeout modification wpa_supplicant will be unable to connect to an AP on DFS channel, since the default authentication timeout (10 s) is smaller than the minimum CAC time (60 s). Tested with nl80211 DFS offload implementation. Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
6 years ago
static unsigned int wpas_event_cac_ms(const struct wpa_supplicant *wpa_s,
int freq)
{
size_t i;
int j;
for (i = 0; i < wpa_s->hw.num_modes; i++) {
const struct hostapd_hw_modes *mode = &wpa_s->hw.modes[i];
for (j = 0; j < mode->num_channels; j++) {
const struct hostapd_channel_data *chan;
chan = &mode->channels[j];
if (chan->freq == freq)
return chan->dfs_cac_ms;
}
}
return 0;
}
static void wpas_event_dfs_cac_started(struct wpa_supplicant *wpa_s,
struct dfs_event *radar)
{
#if defined(NEED_AP_MLME) && defined(CONFIG_AP)
mesh: Consider mesh interface on DFS event handler Once mesh starts supporting DFS channels, it has to handle DFS related events from drivers, hence add mesh interface to the check list. Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
6 years ago
if (wpa_s->ap_iface || wpa_s->ifmsh) {
wpa_supplicant: Increase authentication timeout if CAC is started Timeout is increased by dfs_cac_ms from channel data, or by max CAC time (10 minutes) if dfs_cac_ms is not defined. This is needed for some more complex cases, e.g., when STA is acting as an active slave with DFS offload enabled and decided to start CAC after receiving CONNECT command, in such a case the 10 second timeout is too small and wpa_supplicant need to wait for CAC completion or CAC timeout (up to 10 minutes). Without such timeout modification wpa_supplicant will be unable to connect to an AP on DFS channel, since the default authentication timeout (10 s) is smaller than the minimum CAC time (60 s). Tested with nl80211 DFS offload implementation. Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
6 years ago
wpas_ap_event_dfs_cac_started(wpa_s, radar);
} else
#endif /* NEED_AP_MLME && CONFIG_AP */
{
unsigned int cac_time = wpas_event_cac_ms(wpa_s, radar->freq);
cac_time /= 1000; /* convert from ms to sec */
if (!cac_time)
cac_time = 10 * 60; /* max timeout: 10 minutes */
/* Restart auth timeout: CAC time added to initial timeout */
wpas_auth_timeout_restart(wpa_s, cac_time);
}
}
static void wpas_event_dfs_cac_finished(struct wpa_supplicant *wpa_s,
struct dfs_event *radar)
{
#if defined(NEED_AP_MLME) && defined(CONFIG_AP)
mesh: Consider mesh interface on DFS event handler Once mesh starts supporting DFS channels, it has to handle DFS related events from drivers, hence add mesh interface to the check list. Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
6 years ago
if (wpa_s->ap_iface || wpa_s->ifmsh) {
wpa_supplicant: Increase authentication timeout if CAC is started Timeout is increased by dfs_cac_ms from channel data, or by max CAC time (10 minutes) if dfs_cac_ms is not defined. This is needed for some more complex cases, e.g., when STA is acting as an active slave with DFS offload enabled and decided to start CAC after receiving CONNECT command, in such a case the 10 second timeout is too small and wpa_supplicant need to wait for CAC completion or CAC timeout (up to 10 minutes). Without such timeout modification wpa_supplicant will be unable to connect to an AP on DFS channel, since the default authentication timeout (10 s) is smaller than the minimum CAC time (60 s). Tested with nl80211 DFS offload implementation. Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
6 years ago
wpas_ap_event_dfs_cac_finished(wpa_s, radar);
} else
#endif /* NEED_AP_MLME && CONFIG_AP */
{
/* Restart auth timeout with original value after CAC is
* finished */
wpas_auth_timeout_restart(wpa_s, 0);
}
}
static void wpas_event_dfs_cac_aborted(struct wpa_supplicant *wpa_s,
struct dfs_event *radar)
{
#if defined(NEED_AP_MLME) && defined(CONFIG_AP)
mesh: Consider mesh interface on DFS event handler Once mesh starts supporting DFS channels, it has to handle DFS related events from drivers, hence add mesh interface to the check list. Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
6 years ago
if (wpa_s->ap_iface || wpa_s->ifmsh) {
wpa_supplicant: Increase authentication timeout if CAC is started Timeout is increased by dfs_cac_ms from channel data, or by max CAC time (10 minutes) if dfs_cac_ms is not defined. This is needed for some more complex cases, e.g., when STA is acting as an active slave with DFS offload enabled and decided to start CAC after receiving CONNECT command, in such a case the 10 second timeout is too small and wpa_supplicant need to wait for CAC completion or CAC timeout (up to 10 minutes). Without such timeout modification wpa_supplicant will be unable to connect to an AP on DFS channel, since the default authentication timeout (10 s) is smaller than the minimum CAC time (60 s). Tested with nl80211 DFS offload implementation. Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
6 years ago
wpas_ap_event_dfs_cac_aborted(wpa_s, radar);
} else
#endif /* NEED_AP_MLME && CONFIG_AP */
{
/* Restart auth timeout with original value after CAC is
* aborted */
wpas_auth_timeout_restart(wpa_s, 0);
}
}
wpa_supplicant: Handle port authorized event When the driver indicates that the connection is authorized (i.e., the 4-way handshake was completed by the driver), cancel the EAP authentication timeout and set the EAP state machine to success state. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
6 years ago
static void wpa_supplicant_event_assoc_auth(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
wpa_dbg(wpa_s, MSG_DEBUG,
"Connection authorized by device, previous state %d",
wpa_s->wpa_state);
wpa_supplicant_event_port_authorized(wpa_s);
Set last_eapol_matches_bssid=1 on a roam+auth indication from driver Commit 3ab35a660364 ("Extend EAPOL frames processing workaround for roaming cases") added a work around to address the issue of EAPOL frame reception after reassociation replied to with an incorrect destination address (the BSSID of the old AP). This is due to association events and EAPOL RX events being reordered for the roaming cases with drivers that perform BSS selection internally. This mechanism relies on the fact that the driver always forwards the EAPOL handshake to wpa_supplicant after the roaming (sets last_eapol_matches_bssid during the EAPOL processing and resets on the assoc/reassoc indication). The above approach does not address the case where the driver does the EAPOL handshake on the roam, indicating the authorized status to wpa_supplicant but also forwards the EAPOL handshake to wpa_supplicant for few other roam attempts. This is because the flag last_eapol_matches_bssid is not set with the roam+authorized event from the driver. Thus, the next reorder of roam and EAPOL RX events would miss this workaround. Address this by setting last_eapol_matches_bssid=1 on a roam+authorized event from the driver. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
3 years ago
wpa_s->last_eapol_matches_bssid = 1;
FILS: Update replay counter from roam info Update the replay counter after a roam for all cases. This restores the design back to what it was before commit 01ef320f192daa074c7055a44a03b6b5b811d6bd ('FILS: Update ERP next sequence number with driver offload'). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
wpa_sm_set_rx_replay_ctr(wpa_s->wpa, data->assoc_info.key_replay_ctr);
Add support for offloading key management operations to the driver This commit introduces a QCA vendor command and event to provide an option to use extended versions of the nl80211 connect/roam operations in a way that allows drivers to offload key management operations to the driver/firmware. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_sm_set_ptk_kck_kek(wpa_s->wpa, data->assoc_info.ptk_kck,
Preparations for variable length KCK and KEK This modifies struct wpa_ptk to allow the length of KCK and KEK to be stored. This is needed to allow longer keys to be used, e.g., with Suite B 192-bit level. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
data->assoc_info.ptk_kck_len,
data->assoc_info.ptk_kek,
data->assoc_info.ptk_kek_len);
FILS: Update ERP next sequence number with driver offload This keeps the internal ERP information within wpa_supplicant in sync with the driver when offloading FILS shared key authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#ifdef CONFIG_FILS
if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) {
FILS: Update PMKSA cache with FILS shared key offload Add a new PMKSA cache entry within wpa_supplicant if a driver event from offloaded FILS shared key authentication indicates a new PMKSA entry was created. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, wpa_s->bssid);
const u8 *fils_cache_id = wpa_bss_get_fils_cache_id(bss);
FILS: Update ERP next sequence number with driver offload This keeps the internal ERP information within wpa_supplicant in sync with the driver when offloading FILS shared key authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
/* Update ERP next sequence number */
eapol_sm_update_erp_next_seq_num(
wpa_s->eapol, data->assoc_info.fils_erp_next_seq_num);
FILS: Update PMKSA cache with FILS shared key offload Add a new PMKSA cache entry within wpa_supplicant if a driver event from offloaded FILS shared key authentication indicates a new PMKSA entry was created. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
if (data->assoc_info.fils_pmk && data->assoc_info.fils_pmkid) {
/* Add the new PMK and PMKID to the PMKSA cache */
wpa_sm_pmksa_cache_add(wpa_s->wpa,
data->assoc_info.fils_pmk,
data->assoc_info.fils_pmk_len,
data->assoc_info.fils_pmkid,
wpa_s->bssid, fils_cache_id);
} else if (data->assoc_info.fils_pmkid) {
/* Update the current PMKSA used for this connection */
pmksa_cache_set_current(wpa_s->wpa,
data->assoc_info.fils_pmkid,
SAE: Only allow SAE AKMP for PMKSA caching attempts Explicitly check the PMKSA cache entry to have matching SAE AKMP for the case where determining whether to use PMKSA caching instead of new SAE authentication. Previously, only the network context was checked, but a single network configuration profile could be used with both WPA2-PSK and SAE, so should check the AKMP as well. Signed-off-by: Jouni Malinen <j@w1.fi>
6 years ago
NULL, NULL, 0, NULL, 0);
FILS: Update PMKSA cache with FILS shared key offload Add a new PMKSA cache entry within wpa_supplicant if a driver event from offloaded FILS shared key authentication indicates a new PMKSA entry was created. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
}
FILS: Update ERP next sequence number with driver offload This keeps the internal ERP information within wpa_supplicant in sync with the driver when offloading FILS shared key authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
}
#endif /* CONFIG_FILS */
Add support for offloading key management operations to the driver This commit introduces a QCA vendor command and event to provide an option to use extended versions of the nl80211 connect/roam operations in a way that allows drivers to offload key management operations to the driver/firmware. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Add connect fail reason code from the driver to assoc reject event Add support to report a vendor specific connect fail reason code fetched from the driver to users by adding the reason code to the event CTRL-EVENT-ASSOC-REJECT. Fetch the connect fail reason code when the driver sends a failure connection result and append the reason code, if available, to assoc reject event. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
static const char * connect_fail_reason(enum sta_connect_fail_reason_codes code)
{
switch (code) {
case STA_CONNECT_FAIL_REASON_UNSPECIFIED:
return "";
case STA_CONNECT_FAIL_REASON_NO_BSS_FOUND:
return "no_bss_found";
case STA_CONNECT_FAIL_REASON_AUTH_TX_FAIL:
return "auth_tx_fail";
case STA_CONNECT_FAIL_REASON_AUTH_NO_ACK_RECEIVED:
return "auth_no_ack_received";
case STA_CONNECT_FAIL_REASON_AUTH_NO_RESP_RECEIVED:
return "auth_no_resp_received";
case STA_CONNECT_FAIL_REASON_ASSOC_REQ_TX_FAIL:
return "assoc_req_tx_fail";
case STA_CONNECT_FAIL_REASON_ASSOC_NO_ACK_RECEIVED:
return "assoc_no_ack_received";
case STA_CONNECT_FAIL_REASON_ASSOC_NO_RESP_RECEIVED:
return "assoc_no_resp_received";
default:
return "unknown_reason";
}
}
Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a function This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
static void wpas_event_assoc_reject(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
const u8 *bssid = data->assoc_reject.bssid;
OCE: Use RSSI of actual BSS which rejected association If an AP rejects association due to low RSSI, then RSSI of the BSS from which association reject is received shall be used for calculating RSSI threshold at which STA can try connecting back to that BSS later. In case of SME offload, the current_bss might not have been set before receiving association completion, so fetch the BSS entry based on the BSSID provided in the driver event. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
#ifdef CONFIG_MBO
struct wpa_bss *reject_bss;
#endif /* CONFIG_MBO */
Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a function This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
if (!bssid || is_zero_ether_addr(bssid))
bssid = wpa_s->pending_bssid;
OCE: Use RSSI of actual BSS which rejected association If an AP rejects association due to low RSSI, then RSSI of the BSS from which association reject is received shall be used for calculating RSSI threshold at which STA can try connecting back to that BSS later. In case of SME offload, the current_bss might not have been set before receiving association completion, so fetch the BSS entry based on the BSSID provided in the driver event. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
#ifdef CONFIG_MBO
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
reject_bss = wpa_s->current_bss;
else
reject_bss = wpa_bss_get_bssid(wpa_s, bssid);
#endif /* CONFIG_MBO */
Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a function This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
if (data->assoc_reject.bssid)
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_ASSOC_REJECT
Add connect fail reason code from the driver to assoc reject event Add support to report a vendor specific connect fail reason code fetched from the driver to users by adding the reason code to the event CTRL-EVENT-ASSOC-REJECT. Fetch the connect fail reason code when the driver sends a failure connection result and append the reason code, if available, to assoc reject event. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
"bssid=" MACSTR " status_code=%u%s%s%s%s%s",
Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a function This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
MAC2STR(data->assoc_reject.bssid),
data->assoc_reject.status_code,
data->assoc_reject.timed_out ? " timeout" : "",
data->assoc_reject.timeout_reason ? "=" : "",
data->assoc_reject.timeout_reason ?
Add connect fail reason code from the driver to assoc reject event Add support to report a vendor specific connect fail reason code fetched from the driver to users by adding the reason code to the event CTRL-EVENT-ASSOC-REJECT. Fetch the connect fail reason code when the driver sends a failure connection result and append the reason code, if available, to assoc reject event. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
data->assoc_reject.timeout_reason : "",
data->assoc_reject.reason_code !=
STA_CONNECT_FAIL_REASON_UNSPECIFIED ?
" qca_driver_reason=" : "",
connect_fail_reason(data->assoc_reject.reason_code));
Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a function This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
else
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_ASSOC_REJECT
Add connect fail reason code from the driver to assoc reject event Add support to report a vendor specific connect fail reason code fetched from the driver to users by adding the reason code to the event CTRL-EVENT-ASSOC-REJECT. Fetch the connect fail reason code when the driver sends a failure connection result and append the reason code, if available, to assoc reject event. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
"status_code=%u%s%s%s%s%s",
Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a function This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
data->assoc_reject.status_code,
data->assoc_reject.timed_out ? " timeout" : "",
data->assoc_reject.timeout_reason ? "=" : "",
data->assoc_reject.timeout_reason ?
Add connect fail reason code from the driver to assoc reject event Add support to report a vendor specific connect fail reason code fetched from the driver to users by adding the reason code to the event CTRL-EVENT-ASSOC-REJECT. Fetch the connect fail reason code when the driver sends a failure connection result and append the reason code, if available, to assoc reject event. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
data->assoc_reject.timeout_reason : "",
data->assoc_reject.reason_code !=
STA_CONNECT_FAIL_REASON_UNSPECIFIED ?
" qca_driver_reason=" : "",
connect_fail_reason(data->assoc_reject.reason_code));
Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a function This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
wpa_s->assoc_status_code = data->assoc_reject.status_code;
wpas_notify_assoc_status_code(wpa_s);
#ifdef CONFIG_OWE
if (data->assoc_reject.status_code ==
WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
wpa_s->key_mgmt == WPA_KEY_MGMT_OWE &&
wpa_s->current_ssid &&
wpa_s->current_ssid->owe_group == 0 &&
wpa_s->last_owe_group != 21) {
struct wpa_ssid *ssid = wpa_s->current_ssid;
struct wpa_bss *bss = wpa_s->current_bss;
if (!bss) {
bss = wpa_supplicant_get_new_bss(wpa_s, bssid);
OWE: Mark connection failed in the unlikely no-bss-entry case If no BSS entry can be found when processing association rejected event from the driver for the special OWE case of unsupported finite-cyclic-group, process the event as a connection failure instead of just skipping the the OWE retry with another DH group. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
if (!bss) {
wpas_connection_failed(wpa_s, bssid);
wpa_supplicant_mark_disassoc(wpa_s);
Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a function This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
return;
OWE: Mark connection failed in the unlikely no-bss-entry case If no BSS entry can be found when processing association rejected event from the driver for the special OWE case of unsupported finite-cyclic-group, process the event as a connection failure instead of just skipping the the OWE retry with another DH group. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
}
Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a function This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
}
wpa_printf(MSG_DEBUG, "OWE: Try next supported DH group");
wpas_connect_work_done(wpa_s);
wpa_supplicant_mark_disassoc(wpa_s);
wpa_supplicant_connect(wpa_s, bss, ssid);
return;
}
#endif /* CONFIG_OWE */
DPP2: Allow station to require or not allow PFS The new wpa_supplicant network profile parameter dpp_pfs can be used to specify how PFS is applied to associations. The default behavior (dpp_pfs=0) remains same as it was previously, i.e., try to use PFS if the AP supports it. PFS use can now be required (dpp_pfs=1) or disabled (dpp_pfs=2). This is also working around an interoperability issue of DPP R2 STA with certain hostapd builds that included both OWE and DPP functionality. That issue was introduced by commit 09368515d130 ("OWE: Process Diffie-Hellman Parameter element in AP mode") and removed by commit 16a4e931f03e ("OWE: Allow Diffie-Hellman Parameter element to be included with DPP"). hostapd builds between those two commits would reject DPP association attempt with PFS. The new wpa_supplicant default (dpp_pfs=0) behavior is to automatically try to connect again with PFS disabled if that happens. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
#ifdef CONFIG_DPP2
/* Try to follow AP's PFS policy. WLAN_STATUS_ASSOC_DENIED_UNSPEC is
* the status code defined in the DPP R2 tech spec.
* WLAN_STATUS_AKMP_NOT_VALID is addressed in the same manner as an
* interoperability workaround with older hostapd implementation. */
DPP: Allow version number to be overridden for testing purposes "SET dpp_version_override <ver>" can now be used to request wpa_supplicant and hostapd to support a subset of DPP versions. In practice, the only valid case for now is to fall back from DPP version 2 support to version 1 in builds that include CONFIG_DPP2=y. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
if (DPP_VERSION > 1 && wpa_s->current_ssid &&
DPP2: Use the PFS fallback if multiple key_mgmt values are enabled Previously this fallback from PFS enabled to disabled (and back to enabled) was used only if the local network profile used key_mgmt=DPP, i.e., did not enable another other AKM. That leaves out some valid cases since the local network profile could actually enable both DPP and SAE. Extend this check to accept cases DPP AKM is enabled and it was selected for the connection even if there other enabled AKMs. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
(wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP ||
((wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_DPP) &&
wpa_s->key_mgmt == WPA_KEY_MGMT_DPP)) &&
DPP2: Allow station to require or not allow PFS The new wpa_supplicant network profile parameter dpp_pfs can be used to specify how PFS is applied to associations. The default behavior (dpp_pfs=0) remains same as it was previously, i.e., try to use PFS if the AP supports it. PFS use can now be required (dpp_pfs=1) or disabled (dpp_pfs=2). This is also working around an interoperability issue of DPP R2 STA with certain hostapd builds that included both OWE and DPP functionality. That issue was introduced by commit 09368515d130 ("OWE: Process Diffie-Hellman Parameter element in AP mode") and removed by commit 16a4e931f03e ("OWE: Allow Diffie-Hellman Parameter element to be included with DPP"). hostapd builds between those two commits would reject DPP association attempt with PFS. The new wpa_supplicant default (dpp_pfs=0) behavior is to automatically try to connect again with PFS disabled if that happens. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
wpa_s->current_ssid->dpp_pfs == 0 &&
(data->assoc_reject.status_code ==
WLAN_STATUS_ASSOC_DENIED_UNSPEC ||
data->assoc_reject.status_code == WLAN_STATUS_AKMP_NOT_VALID)) {
struct wpa_ssid *ssid = wpa_s->current_ssid;
struct wpa_bss *bss = wpa_s->current_bss;
wpa_s->current_ssid->dpp_pfs_fallback ^= 1;
if (!bss)
bss = wpa_supplicant_get_new_bss(wpa_s, bssid);
if (!bss || wpa_s->dpp_pfs_fallback) {
wpa_printf(MSG_DEBUG,
"DPP: Updated PFS policy for next try");
wpas_connection_failed(wpa_s, bssid);
wpa_supplicant_mark_disassoc(wpa_s);
return;
}
wpa_printf(MSG_DEBUG, "DPP: Try again with updated PFS policy");
wpa_s->dpp_pfs_fallback = 1;
wpas_connect_work_done(wpa_s);
wpa_supplicant_mark_disassoc(wpa_s);
wpa_supplicant_connect(wpa_s, bss, ssid);
return;
}
#endif /* CONFIG_DPP2 */
OCE: Add RSSI based association rejection support (STA) An AP might refuse to connect a STA if it has a low RSSI. In such case, the AP informs the STA with the desired RSSI delta and a retry timeout. Any subsequent association attempt with that AP (BSS) should be avoided, unless the RSSI level improved by the desired delta or the timeout has expired. Defined in Wi-Fi Alliance Optimized Connectivity Experience technical specification v1.0, section 3.14 (RSSI-based association rejection information). Signed-off-by: Beni Lev <beni.lev@intel.com>
7 years ago
#ifdef CONFIG_MBO
if (data->assoc_reject.status_code ==
WLAN_STATUS_DENIED_POOR_CHANNEL_CONDITIONS &&
OCE: Use RSSI of actual BSS which rejected association If an AP rejects association due to low RSSI, then RSSI of the BSS from which association reject is received shall be used for calculating RSSI threshold at which STA can try connecting back to that BSS later. In case of SME offload, the current_bss might not have been set before receiving association completion, so fetch the BSS entry based on the BSSID provided in the driver event. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
reject_bss && data->assoc_reject.resp_ies) {
OCE: Add RSSI based association rejection support (STA) An AP might refuse to connect a STA if it has a low RSSI. In such case, the AP informs the STA with the desired RSSI delta and a retry timeout. Any subsequent association attempt with that AP (BSS) should be avoided, unless the RSSI level improved by the desired delta or the timeout has expired. Defined in Wi-Fi Alliance Optimized Connectivity Experience technical specification v1.0, section 3.14 (RSSI-based association rejection information). Signed-off-by: Beni Lev <beni.lev@intel.com>
7 years ago
const u8 *rssi_rej;
rssi_rej = mbo_get_attr_from_ies(
data->assoc_reject.resp_ies,
data->assoc_reject.resp_ies_len,
OCE_ATTR_ID_RSSI_BASED_ASSOC_REJECT);
if (rssi_rej && rssi_rej[1] == 2) {
wpa_printf(MSG_DEBUG,
"OCE: RSSI-based association rejection from "
MACSTR " (Delta RSSI: %u, Retry Delay: %u)",
OCE: Use RSSI of actual BSS which rejected association If an AP rejects association due to low RSSI, then RSSI of the BSS from which association reject is received shall be used for calculating RSSI threshold at which STA can try connecting back to that BSS later. In case of SME offload, the current_bss might not have been set before receiving association completion, so fetch the BSS entry based on the BSSID provided in the driver event. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
MAC2STR(reject_bss->bssid),
OCE: Add RSSI based association rejection support (STA) An AP might refuse to connect a STA if it has a low RSSI. In such case, the AP informs the STA with the desired RSSI delta and a retry timeout. Any subsequent association attempt with that AP (BSS) should be avoided, unless the RSSI level improved by the desired delta or the timeout has expired. Defined in Wi-Fi Alliance Optimized Connectivity Experience technical specification v1.0, section 3.14 (RSSI-based association rejection information). Signed-off-by: Beni Lev <beni.lev@intel.com>
7 years ago
rssi_rej[2], rssi_rej[3]);
wpa_bss_tmp_disallow(wpa_s,
OCE: Use RSSI of actual BSS which rejected association If an AP rejects association due to low RSSI, then RSSI of the BSS from which association reject is received shall be used for calculating RSSI threshold at which STA can try connecting back to that BSS later. In case of SME offload, the current_bss might not have been set before receiving association completion, so fetch the BSS entry based on the BSSID provided in the driver event. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
reject_bss->bssid,
OCE: Add RSSI based association rejection support (STA) An AP might refuse to connect a STA if it has a low RSSI. In such case, the AP informs the STA with the desired RSSI delta and a retry timeout. Any subsequent association attempt with that AP (BSS) should be avoided, unless the RSSI level improved by the desired delta or the timeout has expired. Defined in Wi-Fi Alliance Optimized Connectivity Experience technical specification v1.0, section 3.14 (RSSI-based association rejection information). Signed-off-by: Beni Lev <beni.lev@intel.com>
7 years ago
rssi_rej[3],
OCE: Use RSSI of actual BSS which rejected association If an AP rejects association due to low RSSI, then RSSI of the BSS from which association reject is received shall be used for calculating RSSI threshold at which STA can try connecting back to that BSS later. In case of SME offload, the current_bss might not have been set before receiving association completion, so fetch the BSS entry based on the BSSID provided in the driver event. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
rssi_rej[2] + reject_bss->level);
OCE: Add RSSI based association rejection support (STA) An AP might refuse to connect a STA if it has a low RSSI. In such case, the AP informs the STA with the desired RSSI delta and a retry timeout. Any subsequent association attempt with that AP (BSS) should be avoided, unless the RSSI level improved by the desired delta or the timeout has expired. Defined in Wi-Fi Alliance Optimized Connectivity Experience technical specification v1.0, section 3.14 (RSSI-based association rejection information). Signed-off-by: Beni Lev <beni.lev@intel.com>
7 years ago
}
}
#endif /* CONFIG_MBO */
Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a function This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) {
sme_event_assoc_reject(wpa_s, data);
return;
}
/* Driver-based SME cases */
#ifdef CONFIG_SAE
if (wpa_s->current_ssid &&
wpa_key_mgmt_sae(wpa_s->current_ssid->key_mgmt) &&
!data->assoc_reject.timed_out) {
wpa_dbg(wpa_s, MSG_DEBUG, "SAE: Drop PMKSA cache entry");
wpa_sm_aborted_cached(wpa_s->wpa);
wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
}
#endif /* CONFIG_SAE */
DPP: Flush PMKSA if an assoc reject without timeout is received Flush the PMKSA upon receiving assoc reject event without timeout in the event data, to avoid trying the subsequent connections with the old PMKID. Do not flush PMKSA if assoc reject is received with timeout as it is generated internally from the driver without reaching the AP. This extends commit d109aa6cacf2c3f643de0c758a30b0daf936a67a ("SAE: Flush PMKSA if an assoc reject without timeout is received") to handle also the DPP AKM. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
#ifdef CONFIG_DPP
if (wpa_s->current_ssid &&
wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP &&
!data->assoc_reject.timed_out) {
wpa_dbg(wpa_s, MSG_DEBUG, "DPP: Drop PMKSA cache entry");
wpa_sm_aborted_cached(wpa_s->wpa);
wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
}
#endif /* CONFIG_DPP */
Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a function This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
#ifdef CONFIG_FILS
/* Update ERP next sequence number */
FILS: Fix FILS connect failures after ERP key invalidation If the RADIUS authentication server dropped the cached ERP keys for any reason, FILS authentication attempts with ERP fails and the previous wpa_supplicant implementation ended up trying to use the same keys for all consecutive attempts as well. This did not allow recovery from state mismatch between the ERP server and peer using full EAP authentication. Address this by trying to use full (non-FILS) authentication when trying to connect to an AP using the same ERP realm with FILS-enabled network profile if the previous authentication attempt had failed. This allows new ERP keys to be established and FILS authentication to be used again for the consecutive connections. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) {
FILS: Flush PMKSA entries on FILS connection failure wpa_supplicant generates both a PMKSA cache entry and ERP keys upon successful FILS connection and uses FILS authentication algorithm for subsequent connections when either ERP keys or a PMKSA cache entry is available. In some cases, like AP/RADIUS server restart, both ERP keys and PMKSA becomes invalid. But currently when an AP rejects an association, wpa_supplicant marks only ERP keys as failed but not clearing PMKSA. Since PMKSA is not cleared, consecutive connection attempts are still happening with FILS authentication algorithm and connection attempts are failing with the same association rejection again instead of trying to recover from the state mismatch by deriving a new ERP key hierarchy. Clear PMKSA entries as well on association rejection from an AP to allow the following connection attempt to go with open authentication to re-establish a valid ERP key hierarchy. Also, since clearing PMKSA entries on unprotected (Re)Association Response frames could allow DoS attack (reduce usability of PMKSA caching), clear PMKSA entries only when ERP keys exists. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
3 years ago
fils_pmksa_cache_flush(wpa_s);
Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a function This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
eapol_sm_update_erp_next_seq_num(
wpa_s->eapol,
data->assoc_reject.fils_erp_next_seq_num);
FILS: Fix FILS connect failures after ERP key invalidation If the RADIUS authentication server dropped the cached ERP keys for any reason, FILS authentication attempts with ERP fails and the previous wpa_supplicant implementation ended up trying to use the same keys for all consecutive attempts as well. This did not allow recovery from state mismatch between the ERP server and peer using full EAP authentication. Address this by trying to use full (non-FILS) authentication when trying to connect to an AP using the same ERP realm with FILS-enabled network profile if the previous authentication attempt had failed. This allows new ERP keys to be established and FILS authentication to be used again for the consecutive connections. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
fils_connection_failure(wpa_s);
}
Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a function This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
#endif /* CONFIG_FILS */
wpas_connection_failed(wpa_s, bssid);
wpa_supplicant_mark_disassoc(wpa_s);
}
Beacon frame protection event for incorrect protection Define a driver interface event for Beacon frame protection failures. Report such events over the control interface and send a WNM-Notification Request frame to the AP as well. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
static void wpas_event_unprot_beacon(struct wpa_supplicant *wpa_s,
struct unprot_beacon *data)
{
struct wpabuf *buf;
int res;
if (!data || wpa_s->wpa_state != WPA_COMPLETED ||
os_memcmp(data->sa, wpa_s->bssid, ETH_ALEN) != 0)
return;
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_UNPROT_BEACON MACSTR,
MAC2STR(data->sa));
buf = wpabuf_alloc(4);
if (!buf)
return;
wpabuf_put_u8(buf, WLAN_ACTION_WNM);
wpabuf_put_u8(buf, WNM_NOTIFICATION_REQ);
wpabuf_put_u8(buf, 1); /* Dialog Token */
wpabuf_put_u8(buf, WNM_NOTIF_TYPE_BEACON_PROTECTION_FAILURE);
res = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
wpa_s->own_addr, wpa_s->bssid,
wpabuf_head(buf), wpabuf_len(buf), 0);
if (res < 0)
wpa_printf(MSG_DEBUG,
"Failed to send WNM-Notification Request frame");
wpabuf_free(buf);
}
Remove unnecessary wpa_event_type typedef
15 years ago
void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
union wpa_event_data *data)
{
struct wpa_supplicant *wpa_s = ctx;
Reschedule scan from wpas_stop_pno if it was postponed This reschedules the postponed scan request (if such a request is pending) from EVENT_SCHED_SCAN_STOPPED event handler to speed up scanning after PNO/sched_scan stop has been requested. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
9 years ago
int resched;
Maintain BSS entries for 5 seconds after interface is disabled This is targeting the case of MAC address change for an association which may require the interface to be set down for a short moment. Previously, this ended up flushing the BSS table that wpa_supplicant maintained and that resulted in having to scan again if the MAC address was changed between the previous scan and the connection attempt. This is unnecessary extra latency, so maintain the BSS entries for 5 seconds (i.e., the same time that the old scan results are consider valid for a new connection attempt) after an interface goes down. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
struct os_reltime age, clear_at;
Fix indentation level This gets rid of smatch warnings about inconsistent indenting. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
#ifndef CONFIG_NO_STDOUT_DEBUG
int level = MSG_DEBUG;
#endif /* CONFIG_NO_STDOUT_DEBUG */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
Add Linux rfkill support Add a new wpa_supplicant state: interface disabled. This can be used to allow wpa_supplicant to be running with the network interface even when the driver does not actually allow any radio operations (e.g., due to rfkill). Allow driver_nl80211.c and driver_wext.c to start while rfkill is in blocked state (i.e., when ifconfig up fails) and process rfkill events to block/unblock WLAN.
14 years ago
if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED &&
event != EVENT_INTERFACE_ENABLED &&
Process EVENT_SCHED_SCAN_STOPPED partially if interface is disabled The internal sched_scanning state needs to be cleared on this event even if the events happen to get ordered in a way that the interface gets disabled just prior to EVENT_SCHED_SCAN_STOPPED event. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
event != EVENT_INTERFACE_STATUS &&
wpa_supplicant: Handle EVENT_SCAN_RESULTS when an interface is disabled An interface can be disabled while it has an ongoing scan request. In such a case, when the scan results notification is received, it was being ignored (as the interface is already disabled) so the scan state was not cleared. This can cause undetermined behavior for the next scan request. To handle this, clear the scan state when EVENT_SCAN_RESULTS is received and the interface is disabled. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
8 years ago
event != EVENT_SCAN_RESULTS &&
Process EVENT_SCHED_SCAN_STOPPED partially if interface is disabled The internal sched_scanning state needs to be cleared on this event even if the events happen to get ordered in a way that the interface gets disabled just prior to EVENT_SCHED_SCAN_STOPPED event. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
event != EVENT_SCHED_SCAN_STOPPED) {
Print human readable driver event names This makes it easier to understand the event related logs. Signed-hostap: Ben Greear <greearb@candelatech.com>
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG,
"Ignore event %s (%d) while interface is disabled",
event_to_string(event), event);
Add Linux rfkill support Add a new wpa_supplicant state: interface disabled. This can be used to allow wpa_supplicant to be running with the network interface even when the driver does not actually allow any radio operations (e.g., due to rfkill). Allow driver_nl80211.c and driver_wext.c to start while rfkill is in blocked state (i.e., when ifconfig up fails) and process rfkill events to block/unblock WLAN.
14 years ago
return;
}
Lower RX_MGMT driver event debug level for Beacon frames This event can be very frequent in AP mode when Beacon frames from neighboring BSSes are delivered to user space. Drop the debug message priority from DEBUG to EXCESSIVE for Beacon frames. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
#ifndef CONFIG_NO_STDOUT_DEBUG
Remove unnecessary EVENT_RX_MGMT data validation Make wpa_supplicant_event() more consistent by not checking data in either location handling EVENT_RX_MGMT events. This event is required to specify the data so this pointer cannot be NULL. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
if (event == EVENT_RX_MGMT && data->rx_mgmt.frame_len >= 24) {
Lower RX_MGMT driver event debug level for Beacon frames This event can be very frequent in AP mode when Beacon frames from neighboring BSSes are delivered to user space. Drop the debug message priority from DEBUG to EXCESSIVE for Beacon frames. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
const struct ieee80211_hdr *hdr;
u16 fc;
hdr = (const struct ieee80211_hdr *) data->rx_mgmt.frame;
fc = le_to_host16(hdr->frame_control);
if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON)
level = MSG_EXCESSIVE;
}
wpa_dbg(wpa_s, level, "Event %s (%d) received",
Print human readable driver event names This makes it easier to understand the event related logs. Signed-hostap: Ben Greear <greearb@candelatech.com>
13 years ago
event_to_string(event), event);
Lower RX_MGMT driver event debug level for Beacon frames This event can be very frequent in AP mode when Beacon frames from neighboring BSSes are delivered to user space. Drop the debug message priority from DEBUG to EXCESSIVE for Beacon frames. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
#endif /* CONFIG_NO_STDOUT_DEBUG */
Add some more debug for driver events
14 years ago
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
switch (event) {
Add SME support (separate authentication and association) This can be used, e.g., with mac80211-based Linux drivers with nl80211. This allows over-the-air FT protocol to be used (IEEE 802.11r). Since the nl80211 interface needed for this is very recent (added today into wireless-testing.git), driver_nl80211.c has backwards compatibility code that uses WEXT for association if the kernel does not support the new commands. This compatibility code can be disabled by defining NO_WEXT_COMPAT. That code will also be removed at some point to clean up driver_nl80211.c.
15 years ago
case EVENT_AUTH:
FST: Improve parsing of Multiband IEs Previously, MB IEs were parsed only from association event. Try to get MB IEs from other management frames like Probe Response frames. The MB IEs from the association event may not be up-to-date and in some cases may actually be missing and updating the information based on other frames can improve robustness of FST exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
#ifdef CONFIG_FST
FST: Print debug entry on MB IE update based on EVENT_AUTH This is more consistent with all the other callers of wpas_fst_update_mbie(). Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
if (!wpas_fst_update_mbie(wpa_s, data->auth.ies,
data->auth.ies_len))
wpa_printf(MSG_DEBUG,
"FST: MB IEs updated from auth IE");
FST: Improve parsing of Multiband IEs Previously, MB IEs were parsed only from association event. Try to get MB IEs from other management frames like Probe Response frames. The MB IEs from the association event may not be up-to-date and in some cases may actually be missing and updating the information based on other frames can improve robustness of FST exchanges. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
#endif /* CONFIG_FST */
Add SME support (separate authentication and association) This can be used, e.g., with mac80211-based Linux drivers with nl80211. This allows over-the-air FT protocol to be used (IEEE 802.11r). Since the nl80211 interface needed for this is very recent (added today into wireless-testing.git), driver_nl80211.c has backwards compatibility code that uses WEXT for association if the kernel does not support the new commands. This compatibility code can be disabled by defining NO_WEXT_COMPAT. That code will also be removed at some point to clean up driver_nl80211.c.
15 years ago
sme_event_auth(wpa_s, data);
dbus: Expose authentication status to D-Bus wpa_supplicant currently logs CTRL-EVENT-AUTH-FAILED errors when authentication fails, but doesn't expose any property to the D-Bus interface related to this. This change adds the "AuthStatusCode" property to the interface, which contains the IEEE 802.11 status code of the last authentication. Signed-off-by: Alex Khouderchah <akhouderchah@chromium.org>
6 years ago
wpa_s->auth_status_code = data->auth.status_code;
wpas_notify_auth_status_code(wpa_s);
Add SME support (separate authentication and association) This can be used, e.g., with mac80211-based Linux drivers with nl80211. This allows over-the-air FT protocol to be used (IEEE 802.11r). Since the nl80211 interface needed for this is very recent (added today into wireless-testing.git), driver_nl80211.c has backwards compatibility code that uses WEXT for association if the kernel does not support the new commands. This compatibility code can be disabled by defining NO_WEXT_COMPAT. That code will also be removed at some point to clean up driver_nl80211.c.
15 years ago
break;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
case EVENT_ASSOC:
Add ignore_auth_resp control interface debug parameter Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc response loss and EAPOL RX packet loss by ignoring corresponding incoming events. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
8 years ago
#ifdef CONFIG_TESTING_OPTIONS
if (wpa_s->ignore_auth_resp) {
wpa_printf(MSG_INFO,
"EVENT_ASSOC - ignore_auth_resp active!");
break;
}
Allow last (Re)Association Request frame to be replayed for testing The new wpa_supplicant RESEND_ASSOC command can be used to request the last (Re)Association Request frame to be sent to the AP to test FT protocol behavior. This functionality is for testing purposes and included only in builds with CONFIG_TESTING_OPTIONS=y. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
if (wpa_s->testing_resend_assoc) {
wpa_printf(MSG_INFO,
"EVENT_DEAUTH - testing_resend_assoc");
break;
}
Add ignore_auth_resp control interface debug parameter Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc response loss and EAPOL RX packet loss by ignoring corresponding incoming events. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
8 years ago
#endif /* CONFIG_TESTING_OPTIONS */
Drop unexpected connection event while disconnected If there is a disconnect command from wpa_supplicant immediately after the driver sends a connection event to userspace but before that event is received and processed by wpa_supplicant, wpa_supplicant processes the disconnect command and a self-generated disconnected event first followed by the connected event received from the driver. As a result wpa_supplicant moves to the WPA_COMPLETED state. Whereas the driver processes the disconnect command received from wpa_supplicant after it sends the connected event and moves to the disconnected state. Due to this race between the disconnect command from wpa_supplicant and the connected event from the driver, wpa_supplicant is moving to the connected state though the driver is moving to the disconnected state which results in abnormal functionality. Ignore the connection event coming from the driver when wpa_supplicant is not trying to connect after a disconnect command is issued but before the next connect command is issued to fix the above mentioned race condition. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
if (wpa_s->disconnected) {
wpa_printf(MSG_INFO,
"Ignore unexpected EVENT_ASSOC in disconnected state");
break;
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
wpa_supplicant_event_assoc(wpa_s, data);
OWE: Try another group only on association rejection with status 77 Do not change the OWE group if association is rejected for any other reason than WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED to avoid unnecessary latency in cases where the APs reject association, e.g., for load balancing reasons. Signed-off-by: Ashok Kumar <aponnaia@codeaurora.org>
6 years ago
wpa_s->assoc_status_code = WLAN_STATUS_SUCCESS;
FILS: Fix EVENT_ASSOC processing checks for driver-SME Commit 5538fc930988bfc12935579b2b9930d18ffd1be8 ('FILS: Track completion with FILS shared key authentication offload') added an additional case for calling wpa_supplicant_event_assoc_auth() from EVENT_ASSOC handling in case of FILS-completion with driver-based-SME. However, that checked what placed outside the data != NULL case while data != NULL needs to apply for this case as well due to wpa_supplicant_event_assoc_auth() behavior. Move the data != NULL check to apply to both cases to avoid potentially issues if a driver interface were to return EVENT_ASSOC without the associate data. (CID 164708) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
if (data &&
(data->assoc_info.authorized ||
(!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
wpa_fils_is_completed(wpa_s->wpa))))
Add support for offloading key management operations to the driver This commit introduces a QCA vendor command and event to provide an option to use extended versions of the nl80211 connect/roam operations in a way that allows drivers to offload key management operations to the driver/firmware. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
wpa_supplicant_event_assoc_auth(wpa_s, data);
Add QCA vendor attribute and event to indicate subnet change status This allows offloaded roaming to inform user space of the change in IP subnet post roaming. The device may have roamed to a network which is in a different subnet which will result in IP connectivity loss. Indicating the change in subnet enables the user space to refresh the IP address or to perform IP subnet validation if unknown status is indicated. The driver indication is reported with a new event from wpa_supplicant in the following format: CTRL-EVENT-SUBNET-STATUS-UPDATE status=<0/1/2> where 0 = unknown 1 = IP subnet unchanged (can continue to use the old IP address) 2 = IP subnet changed (need to get a new IP address) Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (data) {
wpa_msg(wpa_s, MSG_INFO,
WPA_EVENT_SUBNET_STATUS_UPDATE "status=%u",
data->assoc_info.subnet_status);
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
case EVENT_DISASSOC:
Clean up wpa_supplicant_event() with deauth/disassoc helper functions wpa_supplicant_event() has grown overly large, so it is useful to split it into smaller pieces. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
wpas_event_disassoc(wpa_s,
data ? &data->disassoc_info : NULL);
break;
SME: Deauthenticate to clear state after disassociation events cfg80211/mac80211 can get into somewhat confused state if the AP only disassociates us and leaves us in authenticated state. For now, force the state to be cleared with deauthentication to avoid confusing errors if we try to associate with the AP again. This gets rid of 30 second delay (scan timeout) in cases where only a disassociation frame is received from the AP.
15 years ago
case EVENT_DEAUTH:
Add ignore_auth_resp control interface debug parameter Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc response loss and EAPOL RX packet loss by ignoring corresponding incoming events. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
8 years ago
#ifdef CONFIG_TESTING_OPTIONS
if (wpa_s->ignore_auth_resp) {
wpa_printf(MSG_INFO,
"EVENT_DEAUTH - ignore_auth_resp active!");
break;
}
Allow last (Re)Association Request frame to be replayed for testing The new wpa_supplicant RESEND_ASSOC command can be used to request the last (Re)Association Request frame to be sent to the AP to test FT protocol behavior. This functionality is for testing purposes and included only in builds with CONFIG_TESTING_OPTIONS=y. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
if (wpa_s->testing_resend_assoc) {
wpa_printf(MSG_INFO,
"EVENT_DEAUTH - testing_resend_assoc");
break;
}
Add ignore_auth_resp control interface debug parameter Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc response loss and EAPOL RX packet loss by ignoring corresponding incoming events. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
8 years ago
#endif /* CONFIG_TESTING_OPTIONS */
Clean up wpa_supplicant_event() with deauth/disassoc helper functions wpa_supplicant_event() has grown overly large, so it is useful to split it into smaller pieces. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
wpas_event_deauth(wpa_s,
data ? &data->deauth_info : NULL);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
case EVENT_MICHAEL_MIC_FAILURE:
wpa_supplicant_event_michael_mic_failure(wpa_s, data);
break;
#ifndef CONFIG_NO_SCAN_PROCESSING
Track whether scan was started by us or an external program This can be used to improve scan behavior in cases external programs request scans directly from the driver. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
case EVENT_SCAN_STARTED:
nl80211: Support vendor scan together with normal scan Allow wpa_supplicant to use vendor scan (if supported by the driver) together with the normal nl80211 scan and handling external scan events. Since this results in possibility of concurrent scan operations, some of the operations related to scan results need to check more carefully when an event is relevant for a specific interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (wpa_s->own_scan_requested ||
(data && !data->scan_info.external_scan)) {
Show timing information about scan requests in debug log Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
struct os_reltime diff;
nl80211: Support vendor scan together with normal scan Allow wpa_supplicant to use vendor scan (if supported by the driver) together with the normal nl80211 scan and handling external scan events. Since this results in possibility of concurrent scan operations, some of the operations related to scan results need to check more carefully when an event is relevant for a specific interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
os_get_reltime(&wpa_s->scan_start_time);
Show timing information about scan requests in debug log Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
os_reltime_sub(&wpa_s->scan_start_time,
&wpa_s->scan_trigger_time, &diff);
wpa_dbg(wpa_s, MSG_DEBUG, "Own scan request started a scan in %ld.%06ld seconds",
diff.sec, diff.usec);
Track whether scan was started by us or an external program This can be used to improve scan behavior in cases external programs request scans directly from the driver. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
wpa_s->own_scan_requested = 0;
wpa_s->own_scan_running = 1;
Optional scan id for ctrl_iface SCAN requests This allows users of wpa_supplicant control interface to figure out when their specific scan command has been started and completed. For example: CTRL-EVENT-SCAN-STARTED > scan freq=2412,2417 passive=1 use_id=1 3 CTRL-EVENT-SCAN-RESULTS CTRL-EVENT-SCAN-STARTED id=3 CTRL-EVENT-SCAN-RESULTS id=3 Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
wpa_s->manual_scan_use_id) {
Remove WPA_EVENT_SCAN_STARTED message from MSG_INFO log Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
10 years ago
wpa_msg_ctrl(wpa_s, MSG_INFO,
WPA_EVENT_SCAN_STARTED "id=%u",
wpa_s->manual_scan_id);
Optional scan id for ctrl_iface SCAN requests This allows users of wpa_supplicant control interface to figure out when their specific scan command has been started and completed. For example: CTRL-EVENT-SCAN-STARTED > scan freq=2412,2417 passive=1 use_id=1 3 CTRL-EVENT-SCAN-RESULTS CTRL-EVENT-SCAN-STARTED id=3 CTRL-EVENT-SCAN-RESULTS id=3 Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
} else {
Remove WPA_EVENT_SCAN_STARTED message from MSG_INFO log Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
10 years ago
wpa_msg_ctrl(wpa_s, MSG_INFO,
WPA_EVENT_SCAN_STARTED);
Optional scan id for ctrl_iface SCAN requests This allows users of wpa_supplicant control interface to figure out when their specific scan command has been started and completed. For example: CTRL-EVENT-SCAN-STARTED > scan freq=2412,2417 passive=1 use_id=1 3 CTRL-EVENT-SCAN-RESULTS CTRL-EVENT-SCAN-STARTED id=3 CTRL-EVENT-SCAN-RESULTS id=3 Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
}
Track whether scan was started by us or an external program This can be used to improve scan behavior in cases external programs request scans directly from the driver. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
} else {
wpa_dbg(wpa_s, MSG_DEBUG, "External program started a scan");
Reset external_scan_running on interface deletion Currently, the external_scan_running flag is not reset when an interface is removed. Thus, if a connection attempt is made on another iface, it will fail due to wpa_supplicant incorrectly assuming the radio is still busy due to the ongoing scan. To fix this, convert external_scan_running to a pointer to the interface that started the scan. If this interface is removed, also reset the pointer to NULL so that other operations may continue on this radio. Test: 1. Start scan on wlan0 2. Remove wlan0 3. Can connect to a network on wlan1 Signed-off-by: David Su <dysu@google.com>
3 years ago
wpa_s->radio->external_scan_req_interface = wpa_s;
Remove WPA_EVENT_SCAN_STARTED message from MSG_INFO log Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
10 years ago
wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_STARTED);
Track whether scan was started by us or an external program This can be used to improve scan behavior in cases external programs request scans directly from the driver. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
}
break;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
case EVENT_SCAN_RESULTS:
wpa_supplicant: Handle EVENT_SCAN_RESULTS when an interface is disabled An interface can be disabled while it has an ongoing scan request. In such a case, when the scan results notification is received, it was being ignored (as the interface is already disabled) so the scan state was not cleared. This can cause undetermined behavior for the next scan request. To handle this, clear the scan state when EVENT_SCAN_RESULTS is received and the interface is disabled. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
8 years ago
if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
wpa_s->scan_res_handler = NULL;
wpa_s->own_scan_running = 0;
Reset external_scan_running on interface deletion Currently, the external_scan_running flag is not reset when an interface is removed. Thus, if a connection attempt is made on another iface, it will fail due to wpa_supplicant incorrectly assuming the radio is still busy due to the ongoing scan. To fix this, convert external_scan_running to a pointer to the interface that started the scan. If this interface is removed, also reset the pointer to NULL so that other operations may continue on this radio. Test: 1. Start scan on wlan0 2. Remove wlan0 3. Can connect to a network on wlan1 Signed-off-by: David Su <dysu@google.com>
3 years ago
wpa_s->radio->external_scan_req_interface = NULL;
wpa_supplicant: Handle EVENT_SCAN_RESULTS when an interface is disabled An interface can be disabled while it has an ongoing scan request. In such a case, when the scan results notification is received, it was being ignored (as the interface is already disabled) so the scan state was not cleared. This can cause undetermined behavior for the next scan request. To handle this, clear the scan state when EVENT_SCAN_RESULTS is received and the interface is disabled. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
8 years ago
wpa_s->last_scan_req = NORMAL_SCAN_REQ;
break;
}
nl80211: Support vendor scan together with normal scan Allow wpa_supplicant to use vendor scan (if supported by the driver) together with the normal nl80211 scan and handling external scan events. Since this results in possibility of concurrent scan operations, some of the operations related to scan results need to check more carefully when an event is relevant for a specific interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (!(data && data->scan_info.external_scan) &&
os_reltime_initialized(&wpa_s->scan_start_time)) {
Show timing information about scan requests in debug log Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
struct os_reltime now, diff;
os_get_reltime(&now);
os_reltime_sub(&now, &wpa_s->scan_start_time, &diff);
wpa_s->scan_start_time.sec = 0;
wpa_s->scan_start_time.usec = 0;
wpa_dbg(wpa_s, MSG_DEBUG, "Scan completed in %ld.%06ld seconds",
diff.sec, diff.usec);
}
P2P: Fix P2P_CONNECT-auto fallback to GO Neg with group interface If a separate P2P group interface was used, P2P_CONNECT-auto fallback to GO Negotiation could result in use of freed memory and segmentation fault. This happened in cases where the peer GO was found in some old scans, but not in the first scan triggered by the P2P_CONNECT-auto command ("P2P: Peer was found running GO in older scan -> try to join the group" shows up in the debug log). In addition, the GO would still need to reply to PD Request to allow this code path to be triggered. When five scans for the GO were completed in this sequence, the P2P group interface was removed as part of falling back to GO Negotiation. However, that ended up dereferencing the freed wpa_s instance at the end of scan event processing. Fix this by reordering code a bit and breaking out from EVENT_SCAN_RESULTS processing if the interface could have been removed. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
if (wpa_supplicant_event_scan_results(wpa_s, data))
break; /* interface may have been removed */
nl80211: Support vendor scan together with normal scan Allow wpa_supplicant to use vendor scan (if supported by the driver) together with the normal nl80211 scan and handling external scan events. Since this results in possibility of concurrent scan operations, some of the operations related to scan results need to check more carefully when an event is relevant for a specific interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
if (!(data && data->scan_info.external_scan))
wpa_s->own_scan_running = 0;
if (data && data->scan_info.nl_scan_event)
Reset external_scan_running on interface deletion Currently, the external_scan_running flag is not reset when an interface is removed. Thus, if a connection attempt is made on another iface, it will fail due to wpa_supplicant incorrectly assuming the radio is still busy due to the ongoing scan. To fix this, convert external_scan_running to a pointer to the interface that started the scan. If this interface is removed, also reset the pointer to NULL so that other operations may continue on this radio. Test: 1. Start scan on wlan0 2. Remove wlan0 3. Can connect to a network on wlan1 Signed-off-by: David Su <dysu@google.com>
3 years ago
wpa_s->radio->external_scan_req_interface = NULL;
Do not start wpa_radio work during externally triggered scan If an external program triggers a scan, wpa_supplicant does not have a wpa_radio work item for this operation to protect against other offchannel operations. This can result in operations failing, so try to avoid damage by not starting any new wpa_radio work items during a scan that was started by another process. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
radio_work_check_next(wpa_s);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
#endif /* CONFIG_NO_SCAN_PROCESSING */
case EVENT_ASSOCINFO:
wpa_supplicant_event_associnfo(wpa_s, data);
break;
case EVENT_INTERFACE_STATUS:
wpa_supplicant_event_interface_status(wpa_s, data);
break;
case EVENT_PMKID_CANDIDATE:
wpa_supplicant_event_pmkid_candidate(wpa_s, data);
break;
TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010)
14 years ago
#ifdef CONFIG_TDLS
case EVENT_TDLS:
wpa_supplicant_event_tdls(wpa_s, data);
break;
#endif /* CONFIG_TDLS */
WNM: Use CONFIG_WNM more consistently Replace CONFIG_IEEE80211V with CONFIG_WNM to get more consistent build options for WNM-Sleep Mode operations. Previously it was possible to define CONFIG_IEEE80211V without CONFIG_WNM which would break the build. In addition, IEEE 802.11v has been merged into IEEE Std 802.11-2012 and WNM is a better term to use for this new functionality anyway. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#ifdef CONFIG_WNM
WNM: Add WNM-Sleep Mode for station mode Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
12 years ago
case EVENT_WNM:
wpa_supplicant_event_wnm(wpa_s, data);
break;
WNM: Use CONFIG_WNM more consistently Replace CONFIG_IEEE80211V with CONFIG_WNM to get more consistent build options for WNM-Sleep Mode operations. Previously it was possible to define CONFIG_IEEE80211V without CONFIG_WNM which would break the build. In addition, IEEE 802.11v has been merged into IEEE Std 802.11-2012 and WNM is a better term to use for this new functionality anyway. Signed-hostap: Jouni Malinen <j@w1.fi>
12 years ago
#endif /* CONFIG_WNM */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
#ifdef CONFIG_IEEE80211R
case EVENT_FT_RESPONSE:
wpa_supplicant_event_ft_response(wpa_s, data);
break;
#endif /* CONFIG_IEEE80211R */
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
16 years ago
#ifdef CONFIG_IBSS_RSN
case EVENT_IBSS_RSN_START:
wpa_supplicant_event_ibss_rsn_start(wpa_s, data);
break;
#endif /* CONFIG_IBSS_RSN */
SME: Add processing for rejected associations
15 years ago
case EVENT_ASSOC_REJECT:
Move wpa_supplicant_event() EVENT_ASSOC_REJECT handling into a function This cleans up the implementation a bit by making this functionality easier to understand. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
wpas_event_assoc_reject(wpa_s, data);
SME: Add processing for rejected associations
15 years ago
break;
Add handling of SME auth/assoc timeout events This allows wpa_supplicant to start searching for other APs (or re-try) if the MLME times out.
15 years ago
case EVENT_AUTH_TIMED_OUT:
Ignore auth/assoc timeout events in mesh configuration It was possible for auth/assoc timeout/failure event from the driver to result in unexpected processing during mesh group setup if that operation was started before the previously started driver operation to association/connect had completed. Since those events cannot happen in mesh cases, ignore them to avoid issues due to this corner case. For example, monitor_iface_unknown_sta followed by wpas_mesh_secure test case resulted in failure without this change. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
/* It is possible to get this event from earlier connection */
if (wpa_s->current_ssid &&
wpa_s->current_ssid->mode == WPAS_MODE_MESH) {
wpa_dbg(wpa_s, MSG_DEBUG,
"Ignore AUTH_TIMED_OUT in mesh configuration");
break;
}
Add ctrl_interface event for association rejected
14 years ago
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
sme_event_auth_timed_out(wpa_s, data);
Add handling of SME auth/assoc timeout events This allows wpa_supplicant to start searching for other APs (or re-try) if the MLME times out.
15 years ago
break;
case EVENT_ASSOC_TIMED_OUT:
Ignore auth/assoc timeout events in mesh configuration It was possible for auth/assoc timeout/failure event from the driver to result in unexpected processing during mesh group setup if that operation was started before the previously started driver operation to association/connect had completed. Since those events cannot happen in mesh cases, ignore them to avoid issues due to this corner case. For example, monitor_iface_unknown_sta followed by wpas_mesh_secure test case resulted in failure without this change. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
/* It is possible to get this event from earlier connection */
if (wpa_s->current_ssid &&
wpa_s->current_ssid->mode == WPAS_MODE_MESH) {
wpa_dbg(wpa_s, MSG_DEBUG,
"Ignore ASSOC_TIMED_OUT in mesh configuration");
break;
}
Add ctrl_interface event for association rejected
14 years ago
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
sme_event_assoc_timed_out(wpa_s, data);
Add handling of SME auth/assoc timeout events This allows wpa_supplicant to start searching for other APs (or re-try) if the MLME times out.
15 years ago
break;
Use generic driver events for TX status and RX reporting Replace driver wrapper calls to hostapd_tx_status(), hostapd_rx_from_unknown_sta(), hostapd_mgmt_rx(), and hostapd_mgmt_tx_cb() with new generic driver events EVENT_TX_STATUS, EVENT_RX_FROM_UNKNOWN, and EVENT_RX_MGMT. This cleans up lot of the driver wrapper code to be less dependent on whether it is being used within wpa_supplicant AP mode or hostapd.
15 years ago
case EVENT_TX_STATUS:
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "EVENT_TX_STATUS dst=" MACSTR
" type=%d stype=%d",
MAC2STR(data->tx_status.dst),
data->tx_status.type, data->tx_status.stype);
PASN: Add support for PASN processing to wpa_supplicant Add PASN implementation to wpa_supplicant 1. Add functions to initialize and clear PASN data. 2. Add functions to construct PASN Authentication frames. 3. Add function to process PASN Authentication frame. 4. Add function to handle PASN frame TX status. 5. Implement the station side flow processing for PASN. The implementation is missing support for wrapped data and PMKSA establishment for base AKMs, and only supports PASN authentication or base AKM with PMKSA caching. The missing parts will be added in later patches. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
3 years ago
#ifdef CONFIG_PASN
if (data->tx_status.type == WLAN_FC_TYPE_MGMT &&
data->tx_status.stype == WLAN_FC_STYPE_AUTH &&
wpas_pasn_auth_tx_status(wpa_s, data->tx_status.data,
data->tx_status.data_len,
data->tx_status.ack) == 0)
break;
#endif /* CONFIG_PASN */
GAS: Use off-channel operations for requests This separates off-channel Action frame TX/RX from P2P into a generic implementation that can now be used both for P2P and GAS needs.
13 years ago
#ifdef CONFIG_AP
P2P: Map driver events to P2P event notifications
14 years ago
if (wpa_s->ap_iface == NULL) {
GAS: Use off-channel operations for requests This separates off-channel Action frame TX/RX from P2P into a generic implementation that can now be used both for P2P and GAS needs.
13 years ago
#ifdef CONFIG_OFFCHANNEL
P2P: Map driver events to P2P event notifications
14 years ago
if (data->tx_status.type == WLAN_FC_TYPE_MGMT &&
data->tx_status.stype == WLAN_FC_STYPE_ACTION)
GAS: Use off-channel operations for requests This separates off-channel Action frame TX/RX from P2P into a generic implementation that can now be used both for P2P and GAS needs.
13 years ago
offchannel_send_action_tx_status(
P2P: Map driver events to P2P event notifications
14 years ago
wpa_s, data->tx_status.dst,
data->tx_status.data,
data->tx_status.data_len,
P2P: Skip GO Neg Conf ack failure workaround of send failures The workaround to ignore no ctrl::ack received for GO Negotiation Confirmation frame was only supposed to be used when the frame was actually transmitted and just the ack was not received. However, due to the way the driver failure on transmitting the frame were reported, this ended up getting applied for all failures in sending the GO Negotiation Confirmation frame. Improve this by providing a mechanism to indicate whether send_action operations fail locally before the frame was actually transmitted or because of not receiving ack frame after having transmitted the frame.
14 years ago
data->tx_status.ack ?
GAS: Use off-channel operations for requests This separates off-channel Action frame TX/RX from P2P into a generic implementation that can now be used both for P2P and GAS needs.
13 years ago
OFFCHANNEL_SEND_ACTION_SUCCESS :
OFFCHANNEL_SEND_ACTION_NO_ACK);
#endif /* CONFIG_OFFCHANNEL */
P2P: Map driver events to P2P event notifications
14 years ago
break;
}
GAS: Use off-channel operations for requests This separates off-channel Action frame TX/RX from P2P into a generic implementation that can now be used both for P2P and GAS needs.
13 years ago
#endif /* CONFIG_AP */
#ifdef CONFIG_OFFCHANNEL
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "EVENT_TX_STATUS pending_dst="
Fix sending non-Public Action frames over P2P Device interface The P2P Device interface can only send Public Action frames. Non-Public Action frames must be sent over a group interface. The previous implementation sometimes tried to send non-Public Action frames such as GO Discoverability over the P2P Device interface, however, the source address of the frame was set to the group interface address so the code in offchannel.c knew to select the correct interface for the TX. The check breaks when the P2P Device and group interfaces have the same MAC address. In this case the frame will be sent over the P2P Device interface and the send will fail. Fix this problem in two places: 1. In offchannel, route non-Public Action frames to the GO interface when the above conditions are met. 2. When a TX_STATUS event arrives on such routed frame, it will arrive on the GO interface but it must be handled by the P2P Device interface since it has the relevant state logic. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
8 years ago
MACSTR, MAC2STR(wpa_s->p2pdev->pending_action_dst));
P2P: Map driver events to P2P event notifications
14 years ago
/*
* Catch TX status events for Action frames we sent via group
Fix sending non-Public Action frames over P2P Device interface The P2P Device interface can only send Public Action frames. Non-Public Action frames must be sent over a group interface. The previous implementation sometimes tried to send non-Public Action frames such as GO Discoverability over the P2P Device interface, however, the source address of the frame was set to the group interface address so the code in offchannel.c knew to select the correct interface for the TX. The check breaks when the P2P Device and group interfaces have the same MAC address. In this case the frame will be sent over the P2P Device interface and the send will fail. Fix this problem in two places: 1. In offchannel, route non-Public Action frames to the GO interface when the above conditions are met. 2. When a TX_STATUS event arrives on such routed frame, it will arrive on the GO interface but it must be handled by the P2P Device interface since it has the relevant state logic. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
8 years ago
* interface in GO mode, or via standalone AP interface.
* Note, wpa_s->p2pdev will be the same as wpa_s->parent,
* except when the primary interface is used as a GO interface
* (for drivers which do not have group interface concurrency)
P2P: Map driver events to P2P event notifications
14 years ago
*/
if (data->tx_status.type == WLAN_FC_TYPE_MGMT &&
data->tx_status.stype == WLAN_FC_STYPE_ACTION &&
Fix sending non-Public Action frames over P2P Device interface The P2P Device interface can only send Public Action frames. Non-Public Action frames must be sent over a group interface. The previous implementation sometimes tried to send non-Public Action frames such as GO Discoverability over the P2P Device interface, however, the source address of the frame was set to the group interface address so the code in offchannel.c knew to select the correct interface for the TX. The check breaks when the P2P Device and group interfaces have the same MAC address. In this case the frame will be sent over the P2P Device interface and the send will fail. Fix this problem in two places: 1. In offchannel, route non-Public Action frames to the GO interface when the above conditions are met. 2. When a TX_STATUS event arrives on such routed frame, it will arrive on the GO interface but it must be handled by the P2P Device interface since it has the relevant state logic. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
8 years ago
os_memcmp(wpa_s->p2pdev->pending_action_dst,
P2P: Map driver events to P2P event notifications
14 years ago
data->tx_status.dst, ETH_ALEN) == 0) {
GAS: Use off-channel operations for requests This separates off-channel Action frame TX/RX from P2P into a generic implementation that can now be used both for P2P and GAS needs.
13 years ago
offchannel_send_action_tx_status(
Fix sending non-Public Action frames over P2P Device interface The P2P Device interface can only send Public Action frames. Non-Public Action frames must be sent over a group interface. The previous implementation sometimes tried to send non-Public Action frames such as GO Discoverability over the P2P Device interface, however, the source address of the frame was set to the group interface address so the code in offchannel.c knew to select the correct interface for the TX. The check breaks when the P2P Device and group interfaces have the same MAC address. In this case the frame will be sent over the P2P Device interface and the send will fail. Fix this problem in two places: 1. In offchannel, route non-Public Action frames to the GO interface when the above conditions are met. 2. When a TX_STATUS event arrives on such routed frame, it will arrive on the GO interface but it must be handled by the P2P Device interface since it has the relevant state logic. Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
8 years ago
wpa_s->p2pdev, data->tx_status.dst,
P2P: Map driver events to P2P event notifications
14 years ago
data->tx_status.data,
data->tx_status.data_len,
P2P: Fix RX ack status on Action frames sent via interface in GO mode The wpa_supplicant_event() EVENT_TX_STATUS ack field needs to be converted to use wpas_send_action_tx_status() enum p2p_send_action_result in this case, too, to avoid getting incorrect TX status for P2P processing.
14 years ago
data->tx_status.ack ?
GAS: Use off-channel operations for requests This separates off-channel Action frame TX/RX from P2P into a generic implementation that can now be used both for P2P and GAS needs.
13 years ago
OFFCHANNEL_SEND_ACTION_SUCCESS :
OFFCHANNEL_SEND_ACTION_NO_ACK);
Use generic driver events for TX status and RX reporting Replace driver wrapper calls to hostapd_tx_status(), hostapd_rx_from_unknown_sta(), hostapd_mgmt_rx(), and hostapd_mgmt_tx_cb() with new generic driver events EVENT_TX_STATUS, EVENT_RX_FROM_UNKNOWN, and EVENT_RX_MGMT. This cleans up lot of the driver wrapper code to be less dependent on whether it is being used within wpa_supplicant AP mode or hostapd.
15 years ago
break;
P2P: Map driver events to P2P event notifications
14 years ago
}
GAS: Use off-channel operations for requests This separates off-channel Action frame TX/RX from P2P into a generic implementation that can now be used both for P2P and GAS needs.
13 years ago
#endif /* CONFIG_OFFCHANNEL */
#ifdef CONFIG_AP
Use generic driver events for TX status and RX reporting Replace driver wrapper calls to hostapd_tx_status(), hostapd_rx_from_unknown_sta(), hostapd_mgmt_rx(), and hostapd_mgmt_tx_cb() with new generic driver events EVENT_TX_STATUS, EVENT_RX_FROM_UNKNOWN, and EVENT_RX_MGMT. This cleans up lot of the driver wrapper code to be less dependent on whether it is being used within wpa_supplicant AP mode or hostapd.
15 years ago
switch (data->tx_status.type) {
case WLAN_FC_TYPE_MGMT:
ap_mgmt_tx_cb(wpa_s, data->tx_status.data,
data->tx_status.data_len,
data->tx_status.stype,
data->tx_status.ack);
break;
case WLAN_FC_TYPE_DATA:
ap_tx_status(wpa_s, data->tx_status.dst,
data->tx_status.data,
data->tx_status.data_len,
data->tx_status.ack);
break;
}
GAS: Use off-channel operations for requests This separates off-channel Action frame TX/RX from P2P into a generic implementation that can now be used both for P2P and GAS needs.
13 years ago
#endif /* CONFIG_AP */
Use generic driver events for TX status and RX reporting Replace driver wrapper calls to hostapd_tx_status(), hostapd_rx_from_unknown_sta(), hostapd_mgmt_rx(), and hostapd_mgmt_tx_cb() with new generic driver events EVENT_TX_STATUS, EVENT_RX_FROM_UNKNOWN, and EVENT_RX_MGMT. This cleans up lot of the driver wrapper code to be less dependent on whether it is being used within wpa_supplicant AP mode or hostapd.
15 years ago
break;
GAS: Use off-channel operations for requests This separates off-channel Action frame TX/RX from P2P into a generic implementation that can now be used both for P2P and GAS needs.
13 years ago
#ifdef CONFIG_AP
AP: Add explicit EAPOL TX status event The new event can be used when EAPOL TX status can't be reported as a complete 802.11 frame but is instead reported as just the EAPOL data as originally passed to hapd_send_eapol(). Signed-hostap: Johannes Berg <johannes.berg@intel.com>
13 years ago
case EVENT_EAPOL_TX_STATUS:
ap_eapol_tx_status(wpa_s, data->eapol_tx_status.dst,
data->eapol_tx_status.data,
data->eapol_tx_status.data_len,
data->eapol_tx_status.ack);
break;
AP: Do station poll in driver wrapper This offloads the station polling to driver wrappers, which may offload it again to the driver. The hostap driver wrapper uses "real" data frames while nl80211 uses null data frames. Also add a specific event to indicate that a poll was successful for future use with the nl80211 driver.
13 years ago
case EVENT_DRIVER_CLIENT_POLL_OK:
ap_client_poll_ok(wpa_s, data->client_poll.addr);
break;
Use generic driver events for TX status and RX reporting Replace driver wrapper calls to hostapd_tx_status(), hostapd_rx_from_unknown_sta(), hostapd_mgmt_rx(), and hostapd_mgmt_tx_cb() with new generic driver events EVENT_TX_STATUS, EVENT_RX_FROM_UNKNOWN, and EVENT_RX_MGMT. This cleans up lot of the driver wrapper code to be less dependent on whether it is being used within wpa_supplicant AP mode or hostapd.
15 years ago
case EVENT_RX_FROM_UNKNOWN:
if (wpa_s->ap_iface == NULL)
break;
AP: Pass only bssid/addr/wds to EVENT_RX_FROM_UNKNOWN
13 years ago
ap_rx_from_unknown_sta(wpa_s, data->rx_from_unknown.addr,
data->rx_from_unknown.wds);
Use generic driver events for TX status and RX reporting Replace driver wrapper calls to hostapd_tx_status(), hostapd_rx_from_unknown_sta(), hostapd_mgmt_rx(), and hostapd_mgmt_tx_cb() with new generic driver events EVENT_TX_STATUS, EVENT_RX_FROM_UNKNOWN, and EVENT_RX_MGMT. This cleans up lot of the driver wrapper code to be less dependent on whether it is being used within wpa_supplicant AP mode or hostapd.
15 years ago
break;
wpa_supplicant: Make channel switch event available for non-AP builds This allows user to get channel switch indication in station mode even if wpa_supplicant is built without CONFIG_AP=y. Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
6 years ago
#endif /* CONFIG_AP */
Make channel switch started event available over control interface This makes it easier to upper layer components to manage operating channels in cases where the same radio is shared for both station and AP mode virtual interfaces. Signed-off-by: Omer Dagan <omer.dagan@tandemg.com>
5 years ago
case EVENT_CH_SWITCH_STARTED:
nl80211: Handle CH_SWITCH event Some drivers may independently decide to switch channels. Handle this by updating the hostapd and wpa_supplicant AP and GO configuration. Signed-hostap: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
12 years ago
case EVENT_CH_SWITCH:
Handle channel switch notification for other interface types Channel switch notification was handled only for AP/GO interfaces. As the notification can be sent on other interface types as well, extend the handling to handle other interface types. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
9 years ago
if (!data || !wpa_s->current_ssid)
nl80211: Handle CH_SWITCH event Some drivers may independently decide to switch channels. Handle this by updating the hostapd and wpa_supplicant AP and GO configuration. Signed-hostap: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
12 years ago
break;
Make channel switch started event available over control interface This makes it easier to upper layer components to manage operating channels in cases where the same radio is shared for both station and AP mode virtual interfaces. Signed-off-by: Omer Dagan <omer.dagan@tandemg.com>
5 years ago
wpa_msg(wpa_s, MSG_INFO,
"%sfreq=%d ht_enabled=%d ch_offset=%d ch_width=%s cf1=%d cf2=%d",
event == EVENT_CH_SWITCH ? WPA_EVENT_CHANNEL_SWITCH :
WPA_EVENT_CHANNEL_SWITCH_STARTED,
Add CTRL-EVENT-CHANNEL-SWITCH event to indicate channel changes This provides information of the channel switch to wpa_supplicant control interface monitors. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
data->ch_switch.freq,
data->ch_switch.ht_enabled,
data->ch_switch.ch_offset,
channel_width_to_string(data->ch_switch.ch_width),
data->ch_switch.cf1,
data->ch_switch.cf2);
Make channel switch started event available over control interface This makes it easier to upper layer components to manage operating channels in cases where the same radio is shared for both station and AP mode virtual interfaces. Signed-off-by: Omer Dagan <omer.dagan@tandemg.com>
5 years ago
if (event == EVENT_CH_SWITCH_STARTED)
break;
Add CTRL-EVENT-CHANNEL-SWITCH event to indicate channel changes This provides information of the channel switch to wpa_supplicant control interface monitors. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
Handle channel switch notification for other interface types Channel switch notification was handled only for AP/GO interfaces. As the notification can be sent on other interface types as well, extend the handling to handle other interface types. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
9 years ago
wpa_s->assoc_freq = data->ch_switch.freq;
wpa_s->current_ssid->frequency = data->ch_switch.freq;
wpa_supplicant: Notify freq change on CH_SWITCH wpa_supplicant does not send a D-Bus notification of the BSS frequency change when a CSA happens. Sending a PropertyChanged signal with the updated frequency will notify the network manager quickly, instead of waiting for the next scan results. Signed-off-by: Arowa Suliman <arowa@chromium.org> Reviewed-by: Brian Norris <briannorris@chromium.org>
4 years ago
if (wpa_s->current_bss &&
wpa_s->current_bss->freq != data->ch_switch.freq) {
wpa_s->current_bss->freq = data->ch_switch.freq;
notify_bss_changes(wpa_s, WPA_BSS_FREQ_CHANGED_FLAG,
wpa_s->current_bss);
}
Handle channel switch notification for other interface types Channel switch notification was handled only for AP/GO interfaces. As the notification can be sent on other interface types as well, extend the handling to handle other interface types. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
9 years ago
STA OBSS: Update secondary channel info after CSA Field wpa_s->sme.ht_sec_chan keeps secondary channel for the 40 MHz band. This field is used to prepare a list of channels for the STA OBSS scan. Initially, the secondary channel is set to HT_SEC_CHAN_UNKNOWN. Later on, in function wpa_obss_scan_freq_list() it is obtained from the current BSS HT operation IE. However, the secondary channel information is not updated after channel switch, which may lead to an incorrect list of channels prepared for the STA OBSS scan. Update ht_sec_chan according to the channel switch event data to fix this. Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
4 years ago
#ifdef CONFIG_SME
switch (data->ch_switch.ch_offset) {
case 1:
wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_ABOVE;
break;
case -1:
wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_BELOW;
break;
default:
wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_UNKNOWN;
break;
}
#endif /* CONFIG_SME */
wpa_supplicant: Make channel switch event available for non-AP builds This allows user to get channel switch indication in station mode even if wpa_supplicant is built without CONFIG_AP=y. Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
6 years ago
#ifdef CONFIG_AP
Handle channel switch notification for other interface types Channel switch notification was handled only for AP/GO interfaces. As the notification can be sent on other interface types as well, extend the handling to handle other interface types. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
9 years ago
if (wpa_s->current_ssid->mode == WPAS_MODE_AP ||
wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO ||
mesh: Consider mesh interface on DFS event handler Once mesh starts supporting DFS channels, it has to handle DFS related events from drivers, hence add mesh interface to the check list. Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
6 years ago
wpa_s->current_ssid->mode == WPAS_MODE_MESH ||
Handle channel switch notification for other interface types Channel switch notification was handled only for AP/GO interfaces. As the notification can be sent on other interface types as well, extend the handling to handle other interface types. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
9 years ago
wpa_s->current_ssid->mode ==
WPAS_MODE_P2P_GROUP_FORMATION) {
wpas_ap_ch_switch(wpa_s, data->ch_switch.freq,
data->ch_switch.ht_enabled,
data->ch_switch.ch_offset,
data->ch_switch.ch_width,
data->ch_switch.cf1,
Make channel switch started event available over control interface This makes it easier to upper layer components to manage operating channels in cases where the same radio is shared for both station and AP mode virtual interfaces. Signed-off-by: Omer Dagan <omer.dagan@tandemg.com>
5 years ago
data->ch_switch.cf2,
1);
Handle channel switch notification for other interface types Channel switch notification was handled only for AP/GO interfaces. As the notification can be sent on other interface types as well, extend the handling to handle other interface types. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
9 years ago
}
wpa_supplicant: Make channel switch event available for non-AP builds This allows user to get channel switch indication in station mode even if wpa_supplicant is built without CONFIG_AP=y. Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
6 years ago
#endif /* CONFIG_AP */
P2P: Trigger channel selection correctly during CSA Do not consider moving GOs to a new channel if one of them is in the middle of CSA. In addition, call wpas_p2p_update_channel_list() after EVENT_CH_SWITCH is handled. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
9 years ago
SME: Process channel switch event in SME only when supplicant's SME is used Do not process channel switch event in wpa_supplicant's SME when SME is offloaded to the driver/firmware to avoid SA Query initiation from both wpa_supplicant and the driver/firmware for the OCV case. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
sme_event_ch_switch(wpa_s);
P2P: Trigger channel selection correctly during CSA Do not consider moving GOs to a new channel if one of them is in the middle of CSA. In addition, call wpas_p2p_update_channel_list() after EVENT_CH_SWITCH is handled. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
9 years ago
wpas_p2p_update_channel_list(wpa_s, WPAS_P2P_CHANNEL_UPDATE_CS);
WNM: Collocated Interference Reporting Add support for negotiating WNM Collocated Interference Reporting. This allows hostapd to request associated STAs to report their collocated interference information and wpa_supplicant to process such request and reporting. The actual values (Collocated Interference Report Elements) are out of scope of hostapd and wpa_supplicant, i.e., external components are expected to generated and process these. For hostapd/AP, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration. STAs are requested to perform reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report Timeout>" control interface command. The received reports are indicated as control interface events "COLOC-INTF-REPORT <addr> <dialog token> <hexdump of report elements>". For wpa_supplicant/STA, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration and setting Collocated Interference Report Elements as a hexdump with "SET coloc_intf_elems <hexdump>" control interface command. The hexdump can contain one or more Collocated Interference Report Elements (each including the information element header). For additional testing purposes, received requests are reported with "COLOC-INTF-REQ <dialog token> <automatic report enabled> <report timeout>" control interface events and unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>". This commit adds support for reporting changes in the collocated interference (Automatic Report Enabled == 1 and partial 3), but not for periodic reports (2 and other part of 3). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
wnm_clear_coloc_intf_reporting(wpa_s);
nl80211: Handle CH_SWITCH event Some drivers may independently decide to switch channels. Handle this by updating the hostapd and wpa_supplicant AP and GO configuration. Signed-hostap: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
12 years ago
break;
wpa_supplicant: Make channel switch event available for non-AP builds This allows user to get channel switch indication in station mode even if wpa_supplicant is built without CONFIG_AP=y. Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
6 years ago
#ifdef CONFIG_AP
DFS: wpa_supplicant event processing Add radar event processing logic for AP/P2P GO. The DFS processing functions from hostapd are now used for these wpa_supplicant cases as well for both offloaded and non-offloaded DFS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
#ifdef NEED_AP_MLME
case EVENT_DFS_RADAR_DETECTED:
if (data)
wpa_supplicant: Rename wpas_event_*() to wpas_ap_event_*() Rename DFS event handling functions, since they are located in ap.c and refer to AP-mode only. Needed to add some STA-mode DFS event handling. Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
6 years ago
wpas_ap_event_dfs_radar_detected(wpa_s,
&data->dfs_event);
DFS: wpa_supplicant event processing Add radar event processing logic for AP/P2P GO. The DFS processing functions from hostapd are now used for these wpa_supplicant cases as well for both offloaded and non-offloaded DFS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
break;
wpa_supplicant: Increase authentication timeout if CAC is started Timeout is increased by dfs_cac_ms from channel data, or by max CAC time (10 minutes) if dfs_cac_ms is not defined. This is needed for some more complex cases, e.g., when STA is acting as an active slave with DFS offload enabled and decided to start CAC after receiving CONNECT command, in such a case the 10 second timeout is too small and wpa_supplicant need to wait for CAC completion or CAC timeout (up to 10 minutes). Without such timeout modification wpa_supplicant will be unable to connect to an AP on DFS channel, since the default authentication timeout (10 s) is smaller than the minimum CAC time (60 s). Tested with nl80211 DFS offload implementation. Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
6 years ago
case EVENT_DFS_NOP_FINISHED:
if (data)
wpas_ap_event_dfs_cac_nop_finished(wpa_s,
&data->dfs_event);
break;
#endif /* NEED_AP_MLME */
#endif /* CONFIG_AP */
DFS: wpa_supplicant event processing Add radar event processing logic for AP/P2P GO. The DFS processing functions from hostapd are now used for these wpa_supplicant cases as well for both offloaded and non-offloaded DFS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
case EVENT_DFS_CAC_STARTED:
if (data)
wpa_supplicant: Increase authentication timeout if CAC is started Timeout is increased by dfs_cac_ms from channel data, or by max CAC time (10 minutes) if dfs_cac_ms is not defined. This is needed for some more complex cases, e.g., when STA is acting as an active slave with DFS offload enabled and decided to start CAC after receiving CONNECT command, in such a case the 10 second timeout is too small and wpa_supplicant need to wait for CAC completion or CAC timeout (up to 10 minutes). Without such timeout modification wpa_supplicant will be unable to connect to an AP on DFS channel, since the default authentication timeout (10 s) is smaller than the minimum CAC time (60 s). Tested with nl80211 DFS offload implementation. Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
6 years ago
wpas_event_dfs_cac_started(wpa_s, &data->dfs_event);
DFS: wpa_supplicant event processing Add radar event processing logic for AP/P2P GO. The DFS processing functions from hostapd are now used for these wpa_supplicant cases as well for both offloaded and non-offloaded DFS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
break;
case EVENT_DFS_CAC_FINISHED:
if (data)
wpa_supplicant: Increase authentication timeout if CAC is started Timeout is increased by dfs_cac_ms from channel data, or by max CAC time (10 minutes) if dfs_cac_ms is not defined. This is needed for some more complex cases, e.g., when STA is acting as an active slave with DFS offload enabled and decided to start CAC after receiving CONNECT command, in such a case the 10 second timeout is too small and wpa_supplicant need to wait for CAC completion or CAC timeout (up to 10 minutes). Without such timeout modification wpa_supplicant will be unable to connect to an AP on DFS channel, since the default authentication timeout (10 s) is smaller than the minimum CAC time (60 s). Tested with nl80211 DFS offload implementation. Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
6 years ago
wpas_event_dfs_cac_finished(wpa_s, &data->dfs_event);
DFS: wpa_supplicant event processing Add radar event processing logic for AP/P2P GO. The DFS processing functions from hostapd are now used for these wpa_supplicant cases as well for both offloaded and non-offloaded DFS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
break;
case EVENT_DFS_CAC_ABORTED:
if (data)
wpa_supplicant: Increase authentication timeout if CAC is started Timeout is increased by dfs_cac_ms from channel data, or by max CAC time (10 minutes) if dfs_cac_ms is not defined. This is needed for some more complex cases, e.g., when STA is acting as an active slave with DFS offload enabled and decided to start CAC after receiving CONNECT command, in such a case the 10 second timeout is too small and wpa_supplicant need to wait for CAC completion or CAC timeout (up to 10 minutes). Without such timeout modification wpa_supplicant will be unable to connect to an AP on DFS channel, since the default authentication timeout (10 s) is smaller than the minimum CAC time (60 s). Tested with nl80211 DFS offload implementation. Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
6 years ago
wpas_event_dfs_cac_aborted(wpa_s, &data->dfs_event);
DFS: wpa_supplicant event processing Add radar event processing logic for AP/P2P GO. The DFS processing functions from hostapd are now used for these wpa_supplicant cases as well for both offloaded and non-offloaded DFS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
9 years ago
break;
DBus: Add ability to report probe requests Some applications require knowing about probe requests to identify devices. This can be the case in AP mode to see the devices before they connect, or even in P2P mode when operating as a P2P device to identify non-P2P peers (P2P peers are identified via PeerFound signals). As there are typically a lot of probe requests, require that an interested application subscribes to this signal so the bus isn't always flooded with these notifications. The notifications in DBus are then unicast only to that application. A small test script is also included. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
12 years ago
case EVENT_RX_MGMT: {
u16 fc, stype;
const struct ieee80211_mgmt *mgmt;
wpa_supplicant: Allow external management frame processing for testing This enables more convenient protocol testing of AP and P2P functionality in various error cases and unexpected sequences without having to implement each test scenario within wpa_supplicant. ext_mgmt_frame_handle parameter can be set to 1 to move all management frame processing into an external program through control interface events (MGMT-RX and MGMT-TX-STATUS) and command (MGMT_TX). This is similar to the test interface that was added to hostapd previously, but allows more control on offchannel operations and more direct integration with the internal P2P module. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
#ifdef CONFIG_TESTING_OPTIONS
if (wpa_s->ext_mgmt_frame_handling) {
struct rx_mgmt *rx = &data->rx_mgmt;
size_t hex_len = 2 * rx->frame_len + 1;
char *hex = os_malloc(hex_len);
if (hex) {
wpa_snprintf_hex(hex, hex_len,
rx->frame, rx->frame_len);
wpa_msg(wpa_s, MSG_INFO, "MGMT-RX freq=%d datarate=%u ssi_signal=%d %s",
rx->freq, rx->datarate, rx->ssi_signal,
hex);
os_free(hex);
}
break;
}
#endif /* CONFIG_TESTING_OPTIONS */
DBus: Add ability to report probe requests Some applications require knowing about probe requests to identify devices. This can be the case in AP mode to see the devices before they connect, or even in P2P mode when operating as a P2P device to identify non-P2P peers (P2P peers are identified via PeerFound signals). As there are typically a lot of probe requests, require that an interested application subscribes to this signal so the bus isn't always flooded with these notifications. The notifications in DBus are then unicast only to that application. A small test script is also included. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
12 years ago
mgmt = (const struct ieee80211_mgmt *)
data->rx_mgmt.frame;
fc = le_to_host16(mgmt->frame_control);
stype = WLAN_FC_GET_STYPE(fc);
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
11 years ago
#ifdef CONFIG_AP
P2P: Map driver events to P2P event notifications
14 years ago
if (wpa_s->ap_iface == NULL) {
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
11 years ago
#endif /* CONFIG_AP */
P2P: Map driver events to P2P event notifications
14 years ago
#ifdef CONFIG_P2P
if (stype == WLAN_FC_STYPE_PROBE_REQ &&
wpa_supplicant: Do not use struct ieee80211_mgmt::u.probe_req This struct in the union is empty, but the design of using a zero-length u8 array here is not fully compatible with C++ and can result in undesired compiler warnings. Since there are no non-IE fields in the Probe Request frames, get the location of the variable length IEs simply by using the pointer to the frame header and the known header length. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
data->rx_mgmt.frame_len > IEEE80211_HDRLEN) {
P2P: Map driver events to P2P event notifications
14 years ago
const u8 *src = mgmt->sa;
wpa_supplicant: Do not use struct ieee80211_mgmt::u.probe_req This struct in the union is empty, but the design of using a zero-length u8 array here is not fully compatible with C++ and can result in undesired compiler warnings. Since there are no non-IE fields in the Probe Request frames, get the location of the variable length IEs simply by using the pointer to the frame header and the known header length. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
const u8 *ie;
size_t ie_len;
ie = data->rx_mgmt.frame + IEEE80211_HDRLEN;
ie_len = data->rx_mgmt.frame_len -
IEEE80211_HDRLEN;
Pass signal strength through, fix units The signal strength is currently never used as the only driver reporting it is nl80211 which uses IEEE80211_RADIOTAP_DB_ANTSIGNAL which is never populated by the kernel. The kernel will (soon) populate IEEE80211_RADIOTAP_DBM_ANTSIGNAL instead though, so use that. Also, since it was never really populated, we can redefine the signal field to be in dBm units only. My next patch will also require knowing the signal strength of probe requests throughout the code (where available), so add it to the necessary APIs. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
12 years ago
wpas_p2p_probe_req_rx(
wpa_s, src, mgmt->da,
mgmt->bssid, ie, ie_len,
P2P: Add rx_freq parameter to Probe Request frame handler In some cases, Probe Request frames can be received by a peer not only on a listen channel. In this case an additional rx_freq parameter explitly contains a Probe Request frame RX frequency. In case rx_freq is set to 0, a Probe Request frame RX channel is assumed to be our own listen channel (p2p->cfg->channel). Signed-off-by: Max Stepanov <Max.Stepanov@intel.com> Reviewed-by: Ilan Peer <ilan.peer@intel.com>
9 years ago
data->rx_mgmt.freq,
Pass signal strength through, fix units The signal strength is currently never used as the only driver reporting it is nl80211 which uses IEEE80211_RADIOTAP_DB_ANTSIGNAL which is never populated by the kernel. The kernel will (soon) populate IEEE80211_RADIOTAP_DBM_ANTSIGNAL instead though, so use that. Also, since it was never really populated, we can redefine the signal field to be in dBm units only. My next patch will also require knowing the signal strength of probe requests throughout the code (where available), so add it to the necessary APIs. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
12 years ago
data->rx_mgmt.ssi_signal);
P2P: Map driver events to P2P event notifications
14 years ago
break;
}
#endif /* CONFIG_P2P */
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
11 years ago
#ifdef CONFIG_IBSS_RSN
mesh: Add mesh peering manager The mesh peering manager establishes and maintains links among mesh peers, tracking each peer link via a finite state machine. This implementation supports open mesh peerings. [assorted fixes from Yu Niiro <yu.niiro@gmail.com>] [more fixes from Masashi Honma <masashi.honma@gmail.com>] Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-hostap: Bob Copeland <me@bobcopeland.com>
10 years ago
if (wpa_s->current_ssid &&
wpa_s->current_ssid->mode == WPAS_MODE_IBSS &&
stype == WLAN_FC_STYPE_AUTH &&
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
11 years ago
data->rx_mgmt.frame_len >= 30) {
wpa_supplicant_event_ibss_auth(wpa_s, data);
break;
}
#endif /* CONFIG_IBSS_RSN */
Remove unnecessary EVENT_RX_ACTION This driver event was used separately for some Action frames, but all the driver wrappers converted to this from information that would have been enough to indicate an EVENT_RX_MGMT event. In addition, the received event was then converted back to a full IEEE 802.11 management frame for processing in most cases. This is unnecessary complexity, so get rid of the extra path and use EVENT_RX_MGMT for Action frames as well as other management frame subtypes. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
if (stype == WLAN_FC_STYPE_ACTION) {
wpas_event_rx_mgmt_action(
Use clearer way of getting pointer to a frame (CID 62835) This avoids an incorrect ARRAY_VS_SINGLETON report for a case where a pointer is taken to the specified field in a frame and not to a single octet. Bounds checking was already handled separately. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
wpa_s, data->rx_mgmt.frame,
data->rx_mgmt.frame_len,
wpa_supplicant: Handle link measurement requests Send link measurement response when a request is received. Advertise only RCPI, computing it from the RSSI of the request. The TX power field is left to be filled by the driver. All other fields are not published. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
10 years ago
data->rx_mgmt.freq,
data->rx_mgmt.ssi_signal);
Remove unnecessary EVENT_RX_ACTION This driver event was used separately for some Action frames, but all the driver wrappers converted to this from information that would have been enough to indicate an EVENT_RX_MGMT event. In addition, the received event was then converted back to a full IEEE 802.11 management frame for processing in most cases. This is unnecessary complexity, so get rid of the extra path and use EVENT_RX_MGMT for Action frames as well as other management frame subtypes. Signed-hostap: Jouni Malinen <j@w1.fi>
11 years ago
break;
}
mesh: Add mesh peering manager The mesh peering manager establishes and maintains links among mesh peers, tracking each peer link via a finite state machine. This implementation supports open mesh peerings. [assorted fixes from Yu Niiro <yu.niiro@gmail.com>] [more fixes from Masashi Honma <masashi.honma@gmail.com>] Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-hostap: Bob Copeland <me@bobcopeland.com>
10 years ago
if (wpa_s->ifmsh) {
mesh_mpm_mgmt_rx(wpa_s, &data->rx_mgmt);
break;
}
PASN: Add support for PASN processing to wpa_supplicant Add PASN implementation to wpa_supplicant 1. Add functions to initialize and clear PASN data. 2. Add functions to construct PASN Authentication frames. 3. Add function to process PASN Authentication frame. 4. Add function to handle PASN frame TX status. 5. Implement the station side flow processing for PASN. The implementation is missing support for wrapped data and PMKSA establishment for base AKMs, and only supports PASN authentication or base AKM with PMKSA caching. The missing parts will be added in later patches. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
3 years ago
#ifdef CONFIG_PASN
if (stype == WLAN_FC_STYPE_AUTH &&
wpas_pasn_auth_rx(wpa_s, mgmt,
data->rx_mgmt.frame_len) != -2)
break;
#endif /* CONFIG_PASN */
mesh: Add mesh peering manager The mesh peering manager establishes and maintains links among mesh peers, tracking each peer link via a finite state machine. This implementation supports open mesh peerings. [assorted fixes from Yu Niiro <yu.niiro@gmail.com>] [more fixes from Masashi Honma <masashi.honma@gmail.com>] Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-hostap: Bob Copeland <me@bobcopeland.com>
10 years ago
SAE: Support external authentication offload for driver-SME cases Extend the SME functionality to support the external authentication. External authentication may be used by the drivers that do not define separate commands for authentication and association (~WPA_DRIVER_FLAGS_SME) but rely on wpa_supplicant's SME for the authentication. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
#ifdef CONFIG_SAE
if (stype == WLAN_FC_STYPE_AUTH &&
!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) {
sme_external_auth_mgmt_rx(
wpa_s, data->rx_mgmt.frame,
data->rx_mgmt.frame_len);
break;
}
#endif /* CONFIG_SAE */
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "AP: ignore received "
"management frame in non-AP mode");
Use generic driver events for TX status and RX reporting Replace driver wrapper calls to hostapd_tx_status(), hostapd_rx_from_unknown_sta(), hostapd_mgmt_rx(), and hostapd_mgmt_tx_cb() with new generic driver events EVENT_TX_STATUS, EVENT_RX_FROM_UNKNOWN, and EVENT_RX_MGMT. This cleans up lot of the driver wrapper code to be less dependent on whether it is being used within wpa_supplicant AP mode or hostapd.
15 years ago
break;
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
11 years ago
#ifdef CONFIG_AP
P2P: Map driver events to P2P event notifications
14 years ago
}
DBus: Add ability to report probe requests Some applications require knowing about probe requests to identify devices. This can be the case in AP mode to see the devices before they connect, or even in P2P mode when operating as a P2P device to identify non-P2P peers (P2P peers are identified via PeerFound signals). As there are typically a lot of probe requests, require that an interested application subscribes to this signal so the bus isn't always flooded with these notifications. The notifications in DBus are then unicast only to that application. A small test script is also included. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
12 years ago
if (stype == WLAN_FC_STYPE_PROBE_REQ &&
wpa_supplicant: Do not use struct ieee80211_mgmt::u.probe_req This struct in the union is empty, but the design of using a zero-length u8 array here is not fully compatible with C++ and can result in undesired compiler warnings. Since there are no non-IE fields in the Probe Request frames, get the location of the variable length IEs simply by using the pointer to the frame header and the known header length. Signed-off-by: Jouni Malinen <j@w1.fi>
8 years ago
data->rx_mgmt.frame_len > IEEE80211_HDRLEN) {
const u8 *ie;
size_t ie_len;
ie = data->rx_mgmt.frame + IEEE80211_HDRLEN;
ie_len = data->rx_mgmt.frame_len - IEEE80211_HDRLEN;
DBus: Add ability to report probe requests Some applications require knowing about probe requests to identify devices. This can be the case in AP mode to see the devices before they connect, or even in P2P mode when operating as a P2P device to identify non-P2P peers (P2P peers are identified via PeerFound signals). As there are typically a lot of probe requests, require that an interested application subscribes to this signal so the bus isn't always flooded with these notifications. The notifications in DBus are then unicast only to that application. A small test script is also included. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
12 years ago
wpas_notify_preq(wpa_s, mgmt->sa, mgmt->da,
mgmt->bssid, ie, ie_len,
data->rx_mgmt.ssi_signal);
}
Move struct hostapd_frame_info definition away from driver API This is internal data structure for hostapd/AP functionality and does not need to be defined in driver.h.
15 years ago
ap_mgmt_rx(wpa_s, &data->rx_mgmt);
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
11 years ago
#endif /* CONFIG_AP */
Use generic driver events for TX status and RX reporting Replace driver wrapper calls to hostapd_tx_status(), hostapd_rx_from_unknown_sta(), hostapd_mgmt_rx(), and hostapd_mgmt_tx_cb() with new generic driver events EVENT_TX_STATUS, EVENT_RX_FROM_UNKNOWN, and EVENT_RX_MGMT. This cleans up lot of the driver wrapper code to be less dependent on whether it is being used within wpa_supplicant AP mode or hostapd.
15 years ago
break;
DBus: Add ability to report probe requests Some applications require knowing about probe requests to identify devices. This can be the case in AP mode to see the devices before they connect, or even in P2P mode when operating as a P2P device to identify non-P2P peers (P2P peers are identified via PeerFound signals). As there are typically a lot of probe requests, require that an interested application subscribes to this signal so the bus isn't always flooded with these notifications. The notifications in DBus are then unicast only to that application. A small test script is also included. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
12 years ago
}
wpa_s AP: Deliver EVENT_RX_PROBE_REQ events to AP processing This is needed to allows WPS PBC session overlap detection to work with drivers that process Probe Request frames internally. This code is is run in hostapd, but the wpa_supplicant AP mode did not have call to the hostapd_probe_req_rx() function even though it registered handlers for hostapd Probe Request RX callbacks.
13 years ago
case EVENT_RX_PROBE_REQ:
Add sanity checks to EVENT_RX_PROBE_REQ event data Both the SA and IEs from the received Probe Request frames must be included and the Probe Request RX callback functions may assume that these are not NULL.
13 years ago
if (data->rx_probe_req.sa == NULL ||
data->rx_probe_req.ie == NULL)
break;
wpa_s AP: Deliver EVENT_RX_PROBE_REQ events to AP processing This is needed to allows WPS PBC session overlap detection to work with drivers that process Probe Request frames internally. This code is is run in hostapd, but the wpa_supplicant AP mode did not have call to the hostapd_probe_req_rx() function even though it registered handlers for hostapd Probe Request RX callbacks.
13 years ago
#ifdef CONFIG_AP
if (wpa_s->ap_iface) {
hostapd_probe_req_rx(wpa_s->ap_iface->bss[0],
data->rx_probe_req.sa,
P2P: Filter Probe Request frames based on DA and BSSID in Listen state Only accept Probe Request frames that have a Wildcard BSSID and a destination address that matches with our P2P Device Address or is the broadcast address per P2P specification 3.1.2.1.1.
13 years ago
data->rx_probe_req.da,
data->rx_probe_req.bssid,
wpa_s AP: Deliver EVENT_RX_PROBE_REQ events to AP processing This is needed to allows WPS PBC session overlap detection to work with drivers that process Probe Request frames internally. This code is is run in hostapd, but the wpa_supplicant AP mode did not have call to the hostapd_probe_req_rx() function even though it registered handlers for hostapd Probe Request RX callbacks.
13 years ago
data->rx_probe_req.ie,
Pass signal strength through, fix units The signal strength is currently never used as the only driver reporting it is nl80211 which uses IEEE80211_RADIOTAP_DB_ANTSIGNAL which is never populated by the kernel. The kernel will (soon) populate IEEE80211_RADIOTAP_DBM_ANTSIGNAL instead though, so use that. Also, since it was never really populated, we can redefine the signal field to be in dBm units only. My next patch will also require knowing the signal strength of probe requests throughout the code (where available), so add it to the necessary APIs. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
12 years ago
data->rx_probe_req.ie_len,
data->rx_probe_req.ssi_signal);
wpa_s AP: Deliver EVENT_RX_PROBE_REQ events to AP processing This is needed to allows WPS PBC session overlap detection to work with drivers that process Probe Request frames internally. This code is is run in hostapd, but the wpa_supplicant AP mode did not have call to the hostapd_probe_req_rx() function even though it registered handlers for hostapd Probe Request RX callbacks.
13 years ago
break;
}
#endif /* CONFIG_AP */
wpas_p2p_probe_req_rx(wpa_s, data->rx_probe_req.sa,
P2P: Filter Probe Request frames based on DA and BSSID in Listen state Only accept Probe Request frames that have a Wildcard BSSID and a destination address that matches with our P2P Device Address or is the broadcast address per P2P specification 3.1.2.1.1.
13 years ago
data->rx_probe_req.da,
data->rx_probe_req.bssid,
wpa_s AP: Deliver EVENT_RX_PROBE_REQ events to AP processing This is needed to allows WPS PBC session overlap detection to work with drivers that process Probe Request frames internally. This code is is run in hostapd, but the wpa_supplicant AP mode did not have call to the hostapd_probe_req_rx() function even though it registered handlers for hostapd Probe Request RX callbacks.
13 years ago
data->rx_probe_req.ie,
Pass signal strength through, fix units The signal strength is currently never used as the only driver reporting it is nl80211 which uses IEEE80211_RADIOTAP_DB_ANTSIGNAL which is never populated by the kernel. The kernel will (soon) populate IEEE80211_RADIOTAP_DBM_ANTSIGNAL instead though, so use that. Also, since it was never really populated, we can redefine the signal field to be in dBm units only. My next patch will also require knowing the signal strength of probe requests throughout the code (where available), so add it to the necessary APIs. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
12 years ago
data->rx_probe_req.ie_len,
P2P: Add rx_freq parameter to Probe Request frame handler In some cases, Probe Request frames can be received by a peer not only on a listen channel. In this case an additional rx_freq parameter explitly contains a Probe Request frame RX frequency. In case rx_freq is set to 0, a Probe Request frame RX channel is assumed to be our own listen channel (p2p->cfg->channel). Signed-off-by: Max Stepanov <Max.Stepanov@intel.com> Reviewed-by: Ilan Peer <ilan.peer@intel.com>
9 years ago
0,
Pass signal strength through, fix units The signal strength is currently never used as the only driver reporting it is nl80211 which uses IEEE80211_RADIOTAP_DB_ANTSIGNAL which is never populated by the kernel. The kernel will (soon) populate IEEE80211_RADIOTAP_DBM_ANTSIGNAL instead though, so use that. Also, since it was never really populated, we can redefine the signal field to be in dBm units only. My next patch will also require knowing the signal strength of probe requests throughout the code (where available), so add it to the necessary APIs. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
12 years ago
data->rx_probe_req.ssi_signal);
FT: Add preliminary processing of FT Action Response from EVENT_RX_ACTION Previously, this was only done with userspace MLME (i.e., driver_test.c); now, driver_nl80211.c can deliver the FT Action Response (FT-over-DS) for processing. The reassociation after successful FT Action frame exchange is not yet implemented.
14 years ago
break;
P2P: Map driver events to P2P event notifications
14 years ago
case EVENT_REMAIN_ON_CHANNEL:
GAS: Use off-channel operations for requests This separates off-channel Action frame TX/RX from P2P into a generic implementation that can now be used both for P2P and GAS needs.
13 years ago
#ifdef CONFIG_OFFCHANNEL
offchannel_remain_on_channel_cb(
wpa_s, data->remain_on_channel.freq,
data->remain_on_channel.duration);
#endif /* CONFIG_OFFCHANNEL */
P2P: Map driver events to P2P event notifications
14 years ago
wpas_p2p_remain_on_channel_cb(
wpa_s, data->remain_on_channel.freq,
data->remain_on_channel.duration);
DPP: Track ending time for remain-on-channel operations This may be needed to optimize use of offchannel TX operations with wait-for-response when near the end of a pending remain-on-channel operation. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
#ifdef CONFIG_DPP
wpas_dpp_remain_on_channel_cb(
wpa_s, data->remain_on_channel.freq,
data->remain_on_channel.duration);
#endif /* CONFIG_DPP */
P2P: Map driver events to P2P event notifications
14 years ago
break;
case EVENT_CANCEL_REMAIN_ON_CHANNEL:
GAS: Use off-channel operations for requests This separates off-channel Action frame TX/RX from P2P into a generic implementation that can now be used both for P2P and GAS needs.
13 years ago
#ifdef CONFIG_OFFCHANNEL
offchannel_cancel_remain_on_channel_cb(
wpa_s, data->remain_on_channel.freq);
#endif /* CONFIG_OFFCHANNEL */
P2P: Map driver events to P2P event notifications
14 years ago
wpas_p2p_cancel_remain_on_channel_cb(
wpa_s, data->remain_on_channel.freq);
DPP: Authentication exchange Add wpa_supplicant control interface commands for managing DPP Authentication exchange. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
7 years ago
#ifdef CONFIG_DPP
wpas_dpp_cancel_remain_on_channel_cb(
wpa_s, data->remain_on_channel.freq);
#endif /* CONFIG_DPP */
P2P: Map driver events to P2P event notifications
14 years ago
break;
Use driver event, EVENT_EAPOL_RX, for EAPOL frame indication
15 years ago
case EVENT_EAPOL_RX:
wpa_supplicant_rx_eapol(wpa_s, data->eapol_rx.src,
data->eapol_rx.data,
data->eapol_rx.data_len);
break;
bgscan: Add signal strength change events This allows bgscan modules to use more information to decide on when to perform background scans. bgscan_simple can now change between short and long background scan intervals based on signal strength and in addition, it can trigger immediate scans when the signal strength is detected to be dropping. bgscan_simple takes following parameters now: short interval:signal strength threshold:long interval For example: bgscan="simple:30:-45:300"
14 years ago
case EVENT_SIGNAL_CHANGE:
Add CTRL-EVENT-SIGNAL-CHANGE for bgscan signal update events This allows external programs to monitor driver signal change events through wpa_supplicant when bgscan is used. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SIGNAL_CHANGE
"above=%d signal=%d noise=%d txrate=%d",
data->signal_change.above_threshold,
data->signal_change.current_signal,
data->signal_change.current_noise,
data->signal_change.current_txrate);
Update current BSS level when signal change event occurs When an EVENT_SIGNAL_CHANGE occurs the bgscan is informed about this change but the new RSSI value is not stored. In consequence, when roaming candidates are evaluated, the RSSI value of the current BSS used to compare is an old one obtained during the last scan rather than the new one given by the signal change event. This leads sometimes to bad decision when selecting a new BSS for roaming. This patch solves the issue by updating the current BSS level when receiving a signal change event in order to have a very up-to-date current signal value when choosing an new BSS. Signed-off-by: Matthieu Mauger <matthieux.mauger@intel.com>
9 years ago
wpa_bss_update_level(wpa_s->current_bss,
data->signal_change.current_signal);
bgscan: Add signal strength change events This allows bgscan modules to use more information to decide on when to perform background scans. bgscan_simple can now change between short and long background scan intervals based on signal strength and in addition, it can trigger immediate scans when the signal strength is detected to be dropping. bgscan_simple takes following parameters now: short interval:signal strength threshold:long interval For example: bgscan="simple:30:-45:300"
14 years ago
bgscan_notify_signal_change(
Add current signal strength into signal quality change events
14 years ago
wpa_s, data->signal_change.above_threshold,
bgscan: Add new channel condition parameters to signal change events bgscan modules can potentially get a richer feel for the channel condition and make better choices about scan/no-scan and roam/no-roam.
14 years ago
data->signal_change.current_signal,
data->signal_change.current_noise,
data->signal_change.current_txrate);
bgscan: Add signal strength change events This allows bgscan modules to use more information to decide on when to perform background scans. bgscan_simple can now change between short and long background scan intervals based on signal strength and in addition, it can trigger immediate scans when the signal strength is detected to be dropping. bgscan_simple takes following parameters now: short interval:signal strength threshold:long interval For example: bgscan="simple:30:-45:300"
14 years ago
break;
wpa_supplicant: Fix auth failure when the MAC is updated externally When connecting to a WPA-EAP network and the MAC address is changed just before the association (for example by NetworkManager, which sets a random MAC during scans), the authentication sometimes fails in the following way ('####' logs added by me): wpa_supplicant logs: wlan0: WPA: RX message 1 of 4-Way Handshake from 02:00:00:00:01:00 (ver=1) RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23 WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23 RSN: PMKID from Authenticator - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23 wlan0: RSN: no matching PMKID found EAPOL: Successfully fetched key (len=32) WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED] #### WPA: rsn_pmkid(): #### WPA: aa - hexdump(len=6): 02 00 00 00 01 00 #### WPA: spa - hexdump(len=6): 66 20 cf ab 8c dc #### WPA: PMK - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7 #### WPA: computed PMKID - hexdump(len=16): ea 73 67 b1 8e 5f 18 43 58 24 e8 1c 47 23 87 71 RSN: Replace PMKSA entry for the current AP and any PMKSA cache entry that was based on the old PMK nl80211: Delete PMKID for 02:00:00:00:01:00 wlan0: RSN: PMKSA cache entry free_cb: 02:00:00:00:01:00 reason=1 RSN: Added PMKSA cache entry for 02:00:00:00:01:00 network_ctx=0x5630bf85a270 nl80211: Add PMKID for 02:00:00:00:01:00 wlan0: RSN: PMKID mismatch - authentication server may have derived different MSK?! hostapd logs: WPA: PMK from EAPOL state machine (MSK len=64 PMK len=32) WPA: 02:00:00:00:00:00 WPA_PTK entering state PTKSTART wlan1: STA 02:00:00:00:00:00 WPA: sending 1/4 msg of 4-Way Handshake #### WPA: rsn_pmkid(): #### WPA: aa - hexdump(len=6): 02 00 00 00 01 00 #### WPA: spa - hexdump(len=6): 02 00 00 00 00 00 #### WPA: PMK - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7 #### WPA: computed PMKID - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23 WPA: Send EAPOL(version=1 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=22 keyidx=0 encr=0) That's because wpa_supplicant computed the PMKID using the wrong (old) MAC address used during the scan. wpa_supplicant updates own_addr when the interface goes up, as the MAC can only change while the interface is down. However, drivers don't report all interface state changes: for example the nl80211 driver may ignore a down-up cycle if the down message is processed later, when the interface is already up. In such cases, wpa_supplicant (and in particular, the EAP state machine) would continue to use the old MAC. Add a new driver event that notifies of MAC address changes while the interface is active. Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
6 years ago
case EVENT_INTERFACE_MAC_CHANGED:
wpa_supplicant_update_mac_addr(wpa_s);
break;
Add Linux rfkill support Add a new wpa_supplicant state: interface disabled. This can be used to allow wpa_supplicant to be running with the network interface even when the driver does not actually allow any radio operations (e.g., due to rfkill). Allow driver_nl80211.c and driver_wext.c to start while rfkill is in blocked state (i.e., when ifconfig up fails) and process rfkill events to block/unblock WLAN.
14 years ago
case EVENT_INTERFACE_ENABLED:
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Interface was enabled");
Add Linux rfkill support Add a new wpa_supplicant state: interface disabled. This can be used to allow wpa_supplicant to be running with the network interface even when the driver does not actually allow any radio operations (e.g., due to rfkill). Allow driver_nl80211.c and driver_wext.c to start while rfkill is in blocked state (i.e., when ifconfig up fails) and process rfkill events to block/unblock WLAN.
14 years ago
if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
Maintain BSS entries for 5 seconds after interface is disabled This is targeting the case of MAC address change for an association which may require the interface to be set down for a short moment. Previously, this ended up flushing the BSS table that wpa_supplicant maintained and that resulted in having to scan again if the MAC address was changed between the previous scan and the connection attempt. This is unnecessary extra latency, so maintain the BSS entries for 5 seconds (i.e., the same time that the old scan results are consider valid for a new connection attempt) after an interface goes down. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
eloop_cancel_timeout(wpas_clear_disabled_interface,
wpa_s, NULL);
Update internal MAC address on EVENT_INTERFACE_ENABLED events This allows the MAC address of the interface to be changed when the interface is set down even if the interface does not get completed removed and re-added. Signed-hostap: Jouni Malinen <j@w1.fi>
13 years ago
wpa_supplicant_update_mac_addr(wpa_s);
Set the default scan IEs on interface restart Previously, these default scan IEs were set only when parameter values changed and during the interface initialization, which can get lost in the driver on an interface restart. Hence, also set these IEs on an interface restart notification even when there has been no change in the values since the last update to the driver. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago
wpa_supplicant_set_default_scan_ies(wpa_s);
P2P: Do not initiate scan on P2P Device when enabled Do not start a scan on a P2P Device interface when processing an interface enabled event. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
10 years ago
if (wpa_s->p2p_mgmt) {
wpa_supplicant_set_state(wpa_s,
WPA_DISCONNECTED);
break;
}
Fix wpa_supplicant build without CONFIG_WPS and CONFIG_AP
14 years ago
#ifdef CONFIG_AP
Fix AP mode in wpa_supplicant with interface events Needs to not trigger a scan here when the AP mode setup sets interface down/up.
14 years ago
if (!wpa_s->ap_iface) {
wpa_supplicant_set_state(wpa_s,
WPA_DISCONNECTED);
Handle interface disabled/enabled more consistently It was possible for the interface not to be marked in INTERFACE_DISABLED state in case the event was processed for P2P GO because the wpa_s instance could have been removed in case of a separate group interface. Change the state first to avoid leaving different state for the case where separate group interface is not used. Mark scan to be a normal scan on INTERFACE_ENABLED so that scanning rules (e.g., skip scan if no networks enabled) get used consistently. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
wpa_s->scan_req = NORMAL_SCAN_REQ;
Fix AP mode in wpa_supplicant with interface events Needs to not trigger a scan here when the AP mode setup sets interface down/up.
14 years ago
wpa_supplicant_req_scan(wpa_s, 0, 0);
} else
wpa_supplicant_set_state(wpa_s,
WPA_COMPLETED);
Fix wpa_supplicant build without CONFIG_WPS and CONFIG_AP
14 years ago
#else /* CONFIG_AP */
wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
wpa_supplicant_req_scan(wpa_s, 0, 0);
#endif /* CONFIG_AP */
Add Linux rfkill support Add a new wpa_supplicant state: interface disabled. This can be used to allow wpa_supplicant to be running with the network interface even when the driver does not actually allow any radio operations (e.g., due to rfkill). Allow driver_nl80211.c and driver_wext.c to start while rfkill is in blocked state (i.e., when ifconfig up fails) and process rfkill events to block/unblock WLAN.
14 years ago
}
break;
case EVENT_INTERFACE_DISABLED:
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Interface was disabled");
P2P: Handle INTERFACE_DISABLED event on a P2P GO interface An INTERFACE_DISABLED event received on an interface that is currently operating a P2P GO means that the group session ended. In such a case, if the interface was dynamically added remove it, and if not, remove all the network blocks that are temporary, assuming that if needed a new session will be started by an external entity. The use case was triggering rfkill (both SW and HW). This case popped up as part of a testing cycle, where after a toggle in the rfkill state, the result was that the interface was not deleted, but on the other hand the wpa_supplicant did not configure the kernel to re-start the AP functionality again. Signed-hostap: Ilan Peer <ilan.peer@intel.com>
11 years ago
#ifdef CONFIG_P2P
if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_GO ||
(wpa_s->current_ssid && wpa_s->current_ssid->p2p_group &&
wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO)) {
Handle interface disabled/enabled more consistently It was possible for the interface not to be marked in INTERFACE_DISABLED state in case the event was processed for P2P GO because the wpa_s instance could have been removed in case of a separate group interface. Change the state first to avoid leaving different state for the case where separate group interface is not used. Mark scan to be a normal scan on INTERFACE_ENABLED so that scanning rules (e.g., skip scan if no networks enabled) get used consistently. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
/*
* Mark interface disabled if this happens to end up not
* being removed as a separate P2P group interface.
*/
wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED);
P2P: Handle INTERFACE_DISABLED event on a P2P GO interface An INTERFACE_DISABLED event received on an interface that is currently operating a P2P GO means that the group session ended. In such a case, if the interface was dynamically added remove it, and if not, remove all the network blocks that are temporary, assuming that if needed a new session will be started by an external entity. The use case was triggering rfkill (both SW and HW). This case popped up as part of a testing cycle, where after a toggle in the rfkill state, the result was that the interface was not deleted, but on the other hand the wpa_supplicant did not configure the kernel to re-start the AP functionality again. Signed-hostap: Ilan Peer <ilan.peer@intel.com>
11 years ago
/*
* The interface was externally disabled. Remove
* it assuming an external entity will start a
* new session if needed.
*/
P2P: Indicate reason=UNAVAILABLE for group netdev going down There is a race condition between receiving an AP stopped event and netdev down event. These resulted in different group removal reasons on a GO device (UNAVAILABLE for stop AP event coming first and REQUESTED for netdev event first). Make this more consistent by reporting UNAVAILABLE for both possible cases. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
if (wpa_s->current_ssid &&
wpa_s->current_ssid->p2p_group)
wpas_p2p_interface_unavailable(wpa_s);
else
wpas_p2p_disconnect(wpa_s);
Handle interface disabled/enabled more consistently It was possible for the interface not to be marked in INTERFACE_DISABLED state in case the event was processed for P2P GO because the wpa_s instance could have been removed in case of a separate group interface. Change the state first to avoid leaving different state for the case where separate group interface is not used. Mark scan to be a normal scan on INTERFACE_ENABLED so that scanning rules (e.g., skip scan if no networks enabled) get used consistently. Signed-off-by: Jouni Malinen <j@w1.fi>
9 years ago
/*
* wpa_s instance may have been freed, so must not use
* it here anymore.
*/
P2P: Handle INTERFACE_DISABLED event on a P2P GO interface An INTERFACE_DISABLED event received on an interface that is currently operating a P2P GO means that the group session ended. In such a case, if the interface was dynamically added remove it, and if not, remove all the network blocks that are temporary, assuming that if needed a new session will be started by an external entity. The use case was triggering rfkill (both SW and HW). This case popped up as part of a testing cycle, where after a toggle in the rfkill state, the result was that the interface was not deleted, but on the other hand the wpa_supplicant did not configure the kernel to re-start the AP functionality again. Signed-hostap: Ilan Peer <ilan.peer@intel.com>
11 years ago
break;
}
P2P: Clear P2P state if active interface is disabled The radio works for the interface get removed if interface is disabled. This could have left P2P module in invalid state if the interface got disabled during a p2p_find or p2p_listen operation. Clear the state in such a case to avoid blocking following operations due to P2P module assuming it is still in progress of doing something. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
if (wpa_s->p2p_scan_work && wpa_s->global->p2p &&
p2p_in_progress(wpa_s->global->p2p) > 1) {
/* This radio work will be cancelled, so clear P2P
* state as well.
*/
p2p_stop_find(wpa_s->global->p2p);
}
P2P: Handle INTERFACE_DISABLED event on a P2P GO interface An INTERFACE_DISABLED event received on an interface that is currently operating a P2P GO means that the group session ended. In such a case, if the interface was dynamically added remove it, and if not, remove all the network blocks that are temporary, assuming that if needed a new session will be started by an external entity. The use case was triggering rfkill (both SW and HW). This case popped up as part of a testing cycle, where after a toggle in the rfkill state, the result was that the interface was not deleted, but on the other hand the wpa_supplicant did not configure the kernel to re-start the AP functionality again. Signed-hostap: Ilan Peer <ilan.peer@intel.com>
11 years ago
#endif /* CONFIG_P2P */
Indicate disconnection event on interface disabled It is possible for the disconnection event from the driver to not get delivered when interface is disabled. To maintain consistent ctrl_iface event behavior, indicate CTRL-EVENT-DISCONNECTED in such a case if we were in connected state. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
/*
* Indicate disconnection to keep ctrl_iface events
* consistent.
*/
wpa_supplicant_event_disassoc(
wpa_s, WLAN_REASON_DEAUTH_LEAVING, 1);
}
Add Linux rfkill support Add a new wpa_supplicant state: interface disabled. This can be used to allow wpa_supplicant to be running with the network interface even when the driver does not actually allow any radio operations (e.g., due to rfkill). Allow driver_nl80211.c and driver_wext.c to start while rfkill is in blocked state (i.e., when ifconfig up fails) and process rfkill events to block/unblock WLAN.
14 years ago
wpa_supplicant_mark_disassoc(wpa_s);
Maintain BSS entries for 5 seconds after interface is disabled This is targeting the case of MAC address change for an association which may require the interface to be set down for a short moment. Previously, this ended up flushing the BSS table that wpa_supplicant maintained and that resulted in having to scan again if the MAC address was changed between the previous scan and the connection attempt. This is unnecessary extra latency, so maintain the BSS entries for 5 seconds (i.e., the same time that the old scan results are consider valid for a new connection attempt) after an interface goes down. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
os_reltime_age(&wpa_s->last_scan, &age);
wpa_supplicant: Configurable fast-associate timer threshold For Android the default value of 5 seconds is usually too short for scan results from last scan initiated from settings app to be considered for fast-associate. Make the fast-associate timer value configurable so that a suitable value can be set based on a systems regular scan interval. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
4 years ago
if (age.sec >= wpa_s->conf->scan_res_valid_for_connect) {
clear_at.sec = wpa_s->conf->scan_res_valid_for_connect;
Maintain BSS entries for 5 seconds after interface is disabled This is targeting the case of MAC address change for an association which may require the interface to be set down for a short moment. Previously, this ended up flushing the BSS table that wpa_supplicant maintained and that resulted in having to scan again if the MAC address was changed between the previous scan and the connection attempt. This is unnecessary extra latency, so maintain the BSS entries for 5 seconds (i.e., the same time that the old scan results are consider valid for a new connection attempt) after an interface goes down. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
clear_at.usec = 0;
} else {
struct os_reltime tmp;
wpa_supplicant: Configurable fast-associate timer threshold For Android the default value of 5 seconds is usually too short for scan results from last scan initiated from settings app to be considered for fast-associate. Make the fast-associate timer value configurable so that a suitable value can be set based on a systems regular scan interval. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sony.com>
4 years ago
tmp.sec = wpa_s->conf->scan_res_valid_for_connect;
Maintain BSS entries for 5 seconds after interface is disabled This is targeting the case of MAC address change for an association which may require the interface to be set down for a short moment. Previously, this ended up flushing the BSS table that wpa_supplicant maintained and that resulted in having to scan again if the MAC address was changed between the previous scan and the connection attempt. This is unnecessary extra latency, so maintain the BSS entries for 5 seconds (i.e., the same time that the old scan results are consider valid for a new connection attempt) after an interface goes down. Signed-off-by: Jouni Malinen <j@w1.fi>
4 years ago
tmp.usec = 0;
os_reltime_sub(&tmp, &age, &clear_at);
}
eloop_register_timeout(clear_at.sec, clear_at.usec,
wpas_clear_disabled_interface,
wpa_s, NULL);
wpa_supplicant: Complete radio works on disable event While testing rfkill blocking of a scanning interface, it was seen that the ongoing scan never completes. This happens since EVENT_SCAN_RESULTS is discarded on a disabled interface. Fix this and also other possible radio work completion issues by removing all the radio works (including started) of the disabled interface. To be able to remove already started radio works, make their callbacks be reentrant with deinit flag (when the work is started), so each radio work should be able to handle its own termination. Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
10 years ago
radio_remove_works(wpa_s, NULL, 0);
Add Linux rfkill support Add a new wpa_supplicant state: interface disabled. This can be used to allow wpa_supplicant to be running with the network interface even when the driver does not actually allow any radio operations (e.g., due to rfkill). Allow driver_nl80211.c and driver_wext.c to start while rfkill is in blocked state (i.e., when ifconfig up fails) and process rfkill events to block/unblock WLAN.
14 years ago
wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED);
break;
P2P: Add mechanism for updating P2P channel list based on driver events This allows P2P channel list to be updated whenever the driver changes its list of allowed channels, e.g., based on country code from scan results.
14 years ago
case EVENT_CHANNEL_LIST_CHANGED:
Add a wpa_supplicant ctrl_iface event for regdom changes CTRL-EVENT-REGDOM-CHANGE event provides an external notification of regulatory domain (and any driver channel list) changes. Signed-off-by: Jouni Malinen <j@w1.fi>
10 years ago
wpa_supplicant_update_channel_list(
wpa_s, &data->channel_list_changed);
P2P: Remove P2P group on driver resource becoming unavailable Add a new driver event, EVENT_INTERFACE_UNAVAILABLE, for indicating that the driver is not able to continue operating the virtual interface in its current mode anymore, e.g., due to operating channel for GO interface forced to a DFS channel by another virtual interface. When this happens for a P2P group interface, the P2P group will be terminated and P2P-GROUP-REMOVED event shows the reason for this as follows: P2P-GROUP-REMOVED wlan0 GO reason=UNAVAILABLE
14 years ago
break;
case EVENT_INTERFACE_UNAVAILABLE:
wpas_p2p_interface_unavailable(wpa_s);
P2P: Add support for automatic channel selection at GO The driver wrapper may now indicate the preferred channel (e.g., based on scan results) on both 2.4 GHz and 5 GHz bands (and an overall best frequency). When setting up a GO, this preference information is used to select the operating channel if configuration does not include hardcoded channel. Similarly, this information can be used during GO Negotiation to indicate preference for a specific channel based on current channel conditions. p2p_group_add command can now use special values (freq=2 and freq=5) to indicate that the GO is to be started on the specified band.
14 years ago
break;
case EVENT_BEST_CHANNEL:
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_dbg(wpa_s, MSG_DEBUG, "Best channel event received "
"(%d %d %d)",
data->best_chan.freq_24, data->best_chan.freq_5,
data->best_chan.freq_overall);
P2P: Add support for automatic channel selection at GO The driver wrapper may now indicate the preferred channel (e.g., based on scan results) on both 2.4 GHz and 5 GHz bands (and an overall best frequency). When setting up a GO, this preference information is used to select the operating channel if configuration does not include hardcoded channel. Similarly, this information can be used during GO Negotiation to indicate preference for a specific channel based on current channel conditions. p2p_group_add command can now use special values (freq=2 and freq=5) to indicate that the GO is to be started on the specified band.
14 years ago
wpa_s->best_24_freq = data->best_chan.freq_24;
wpa_s->best_5_freq = data->best_chan.freq_5;
wpa_s->best_overall_freq = data->best_chan.freq_overall;
wpas_p2p_update_best_channels(wpa_s, data->best_chan.freq_24,
data->best_chan.freq_5,
data->best_chan.freq_overall);
P2P: Add mechanism for updating P2P channel list based on driver events This allows P2P channel list to be updated whenever the driver changes its list of allowed channels, e.g., based on country code from scan results.
14 years ago
break;
Use SA Query procedure to recovery from AP/STA state mismatch If a station received unprotected Deauthentication or Disassociation frame with reason code 6 or 7 from the current AP, there may be a mismatch in association state between the AP and STA. Verify whether this is the case by using SA Query procedure. If not response is received from the AP, deauthenticate. This implementation is only for user space SME with driver_nl80211.c.
14 years ago
case EVENT_UNPROT_DEAUTH:
wpa_supplicant_event_unprot_deauth(wpa_s,
&data->unprot_deauth);
break;
case EVENT_UNPROT_DISASSOC:
wpa_supplicant_event_unprot_disassoc(wpa_s,
&data->unprot_disassoc);
break;
Allow AP mode to disconnect STAs based on low ACK condition The nl80211 driver can report low ACK condition (in fact it reports complete loss right now only). Use that, along with a config option, to disconnect stations when the data connection is not working properly, e.g., due to the STA having went outside the range of the AP. This is disabled by default and can be enabled with disassoc_low_ack=1 in hostapd or wpa_supplicant configuration file. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
14 years ago
case EVENT_STATION_LOW_ACK:
#ifdef CONFIG_AP
if (wpa_s->ap_iface && data)
hostapd_event_sta_low_ack(wpa_s->ap_iface->bss[0],
data->low_ack.addr);
#endif /* CONFIG_AP */
TDLS: Implement low-ack event for lost TDLS peers Disable the direct connection when a TDLS peer stops responding to packets, as indicated by the "LOW ACK" event coming from a driver. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu>
13 years ago
#ifdef CONFIG_TDLS
if (data)
TDLS: Handle unreachable link teardown for external setup If a link is unreachable, the specification mandates we should send a teardown packet via the AP with a specific teardown reason. Force this by first disabling the link and only then sending the teardown packet for the LOW_ACK event. Rename the TDLS LOW_ACK event handler to better reflect its purpose. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
10 years ago
wpa_tdls_disable_unreachable_link(wpa_s->wpa,
data->low_ack.addr);
TDLS: Implement low-ack event for lost TDLS peers Disable the direct connection when a TDLS peer stops responding to packets, as indicated by the "LOW ACK" event coming from a driver. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu>
13 years ago
#endif /* CONFIG_TDLS */
Allow AP mode to disconnect STAs based on low ACK condition The nl80211 driver can report low ACK condition (in fact it reports complete loss right now only). Use that, along with a config option, to disconnect stations when the data connection is not working properly, e.g., due to the STA having went outside the range of the AP. This is disabled by default and can be enabled with disassoc_low_ack=1 in hostapd or wpa_supplicant configuration file. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
14 years ago
break;
IBSS RSN: Clear IBSS RSN peers based on peer lost events
13 years ago
case EVENT_IBSS_PEER_LOST:
#ifdef CONFIG_IBSS_RSN
ibss_rsn_stop(wpa_s->ibss_rsn, data->ibss_peer_lost.peer);
#endif /* CONFIG_IBSS_RSN */
break;
nl80211: Support GTK rekey offload Add support to wpa_supplicant for device-based GTK rekeying. In order to support that, pass the KEK, KCK, and replay counter to the driver, and handle rekey events that update the latter. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
13 years ago
case EVENT_DRIVER_GTK_REKEY:
if (os_memcmp(data->driver_gtk_rekey.bssid,
wpa_s->bssid, ETH_ALEN))
break;
if (!wpa_s->wpa)
break;
wpa_sm_update_replay_ctr(wpa_s->wpa,
data->driver_gtk_rekey.replay_ctr);
break;
Add scheduled scan driver operations In new Linux kernel versions (>=3.0), nl80211 adds scheduled scan capability. In order to use this feature to its full extent, we need to support it in the wpa_supplicant core, so that it can also be used by other drivers. This commit adds initial scheduled scan support operations and events. Signed-off-by: Luciano Coelho <coelho@ti.com>
13 years ago
case EVENT_SCHED_SCAN_STOPPED:
wpa_s->sched_scanning = 0;
Fix scan rescheduling from wpas_stop_pno to check postponed case Commit 02e122a995dea947a2ad2c0d85190d709f9128b7 ('Reschedule scan from wpas_stop_pno if it was postponed') uses wpa_s->scanning as the only condition for automatically starting a postponed scan request from EVENT_SCHED_SCAN_STOPPED event handler. However, wpa_s->scanning may be set for sched_scan and as such, this can result in unexpected extra scans without there having been any real postponed request. Make this more accurate by verifying that there really is a pending request for a scan before speeding up its start. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
resched = wpa_s->scanning && wpas_scan_scheduled(wpa_s);
Add scheduled scan driver operations In new Linux kernel versions (>=3.0), nl80211 adds scheduled scan capability. In order to use this feature to its full extent, we need to support it in the wpa_supplicant core, so that it can also be used by other drivers. This commit adds initial scheduled scan support operations and events. Signed-off-by: Luciano Coelho <coelho@ti.com>
13 years ago
wpa_supplicant_notify_scanning(wpa_s, 0);
Process EVENT_SCHED_SCAN_STOPPED partially if interface is disabled The internal sched_scanning state needs to be cleared on this event even if the events happen to get ordered in a way that the interface gets disabled just prior to EVENT_SCHED_SCAN_STOPPED event. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
13 years ago
if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
break;
Continue scanning if sched_scan stops unexpectedly When scheduled scan stops without the interface request (for example, driver stopped it unexpectedly), start a regular scan to continue scanning for networks and avoid being left with no scan at all. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
8 years ago
/*
* If the driver stopped scanning without being requested to,
* request a new scan to continue scanning for networks.
*/
if (!wpa_s->sched_scan_stop_req &&
wpa_s->wpa_state == WPA_SCANNING) {
wpa_dbg(wpa_s, MSG_DEBUG,
"Restart scanning after unexpected sched_scan stop event");
wpa_supplicant_req_scan(wpa_s, 1, 0);
break;
}
wpa_s->sched_scan_stop_req = 0;
Add scheduled scan driver operations In new Linux kernel versions (>=3.0), nl80211 adds scheduled scan capability. In order to use this feature to its full extent, we need to support it in the wpa_supplicant core, so that it can also be used by other drivers. This commit adds initial scheduled scan support operations and events. Signed-off-by: Luciano Coelho <coelho@ti.com>
13 years ago
/*
wpa_supplicant: Schedule PNO on completion of ongoing sched_scan When start PNO request comes from control interface, wpa_supplicant should wait until ongoing sched_scan (triggered by wpa_supplicant) gets cancelled. Issuing cancel sched_scan and start PNO scan one after another from pno_start() would lead wpa_supplicant to clear wps->sched_scanning flag while getting sched_scan stopped event from driver for cancel sched_scan request. In fact, PNO scan will be in progress in driver and wpa_s->sched_scanning will not be set in such cases. In addition to this change, RSSI threshold limit is passed as part of start sched_scan request. This was previously set only in pno_start(), but the same parameter should be available for generic sched_scan calls as well and this can now be reached through the new PNO start sequence. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
* Start a new sched scan to continue searching for more SSIDs
* either if timed out or PNO schedule scan is pending.
Add scheduled scan driver operations In new Linux kernel versions (>=3.0), nl80211 adds scheduled scan capability. In order to use this feature to its full extent, we need to support it in the wpa_supplicant core, so that it can also be used by other drivers. This commit adds initial scheduled scan support operations and events. Signed-off-by: Luciano Coelho <coelho@ti.com>
13 years ago
*/
PNO: Change sched_scan_stopped event to handle pending PNO properly When a sched_scan_stopped event is received and there is a pending PNO, it used regular scheduled scan parameters instead of PNO specific parameters. Change it by calling wpas_start_pno(). Signed-off-by: Alexander Bondar <alexander.bondar@intel.com> Signed-off-by: Ilan Peer <ilan.peer@intel.com>
10 years ago
if (wpa_s->sched_scan_timed_out) {
wpa_supplicant_req_sched_scan(wpa_s);
} else if (wpa_s->pno_sched_pending) {
wpa_s->pno_sched_pending = 0;
wpas_start_pno(wpa_s);
Reschedule scan from wpas_stop_pno if it was postponed This reschedules the postponed scan request (if such a request is pending) from EVENT_SCHED_SCAN_STOPPED event handler to speed up scanning after PNO/sched_scan stop has been requested. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
9 years ago
} else if (resched) {
wpa_supplicant_req_scan(wpa_s, 0, 0);
wpa_supplicant: Schedule PNO on completion of ongoing sched_scan When start PNO request comes from control interface, wpa_supplicant should wait until ongoing sched_scan (triggered by wpa_supplicant) gets cancelled. Issuing cancel sched_scan and start PNO scan one after another from pno_start() would lead wpa_supplicant to clear wps->sched_scanning flag while getting sched_scan stopped event from driver for cancel sched_scan request. In fact, PNO scan will be in progress in driver and wpa_s->sched_scanning will not be set in such cases. In addition to this change, RSSI threshold limit is passed as part of start sched_scan request. This was previously set only in pno_start(), but the same parameter should be available for generic sched_scan calls as well and this can now be reached through the new PNO start sequence. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
}
Add scheduled scan driver operations In new Linux kernel versions (>=3.0), nl80211 adds scheduled scan capability. In order to use this feature to its full extent, we need to support it in the wpa_supplicant core, so that it can also be used by other drivers. This commit adds initial scheduled scan support operations and events. Signed-off-by: Luciano Coelho <coelho@ti.com>
13 years ago
break;
Allow drivers to indicate WPS push button in station mode EVENT_WPS_BUTTON_PUSHED wpa_supplicant_event can now be used in station mode driver_*.c to indicate that a push button has been pushed. This will activate WPS PBC mode.
13 years ago
case EVENT_WPS_BUTTON_PUSHED:
#ifdef CONFIG_WPS
wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPS The Wi-Fi Alliance Multi-AP Specification v1.0 allows onboarding of a backhaul STA through WPS. To enable this, the backhaul STA needs to add a Multi-AP IE to the WFA vendor extension element in the WSC M1 message that indicates it supports the Multi-AP backhaul STA role. The Registrar (if it support Multi-AP onboarding) will respond to that with a WSC M8 message that also contains the Multi-AP IE, and that contains the credentials for the backhaul SSID (which may be different from the SSID on which WPS is performed). Introduce a new parameter to wpas_wps_start_pbc() and allow it to be set via control interface's new multi_ap=1 parameter of WPS_PBC call. multi_ap_backhaul_sta is set to 1 in the automatically created SSID. Thus, if the AP does not support Multi-AP, association will fail and WPS will be terminated. Only wps_pbc is supported. This commit adds the multi_ap argument only to the control socket interface, not to the D-Bus interface. Since WPS associates with the fronthaul BSS instead of the backhaul BSS, we should not drop association if the AP announces fronthaul-only BSS. Still, we should only do that in the specific case of WPS. Therefore, add a check to multi_ap_process_assoc_resp() to allow association with a fronthaul-only BSS if and only if key_mgmt contains WPS. Signed-off-by: Davina Lu <ylu@quantenna.com> Signed-off-by: Igor Mitsyanko <igor.mitsyanko.os@quantenna.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Daniel Golle <daniel@makrotopia.org> Cc: Marianna Carrera <marianna.carrera.so@quantenna.com>
5 years ago
wpas_wps_start_pbc(wpa_s, NULL, 0, 0);
Allow drivers to indicate WPS push button in station mode EVENT_WPS_BUTTON_PUSHED wpa_supplicant_event can now be used in station mode driver_*.c to indicate that a push button has been pushed. This will activate WPS PBC mode.
13 years ago
#endif /* CONFIG_WPS */
break;
P2P: Apply unsafe frequency rules to available channels This adds a QCA vendor specific nl80211 event to allow the driver to indicate a list of frequency ranges that should be avoided due to interference or possible known co-existance constraints. Such frequencies are marked as not allowed for P2P use to force groups to be formed on different channels. If a P2P GO is operating on a channel that the driver recommended not to use, a notification about this is sent on the control interface and upper layer code may decide to tear down the group and optionally restart it on another channel. As a TODO item, this could also be changed to use CSA to avoid removing the group. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
10 years ago
case EVENT_AVOID_FREQUENCIES:
wpa_supplicant_notify_avoid_freq(wpa_s, data);
break;
nl80211: Add ctrl_iface message for AP mode connection rejection When AP mode operation reject the client, nl80211 layer advertises the connect failed event with the reason for failures (for example, max client reached, etc.) using NL80211_CMD_CONN_FAILED. This patch adds some debug messages whenever such an event is received from the nl80211 layer and also the same event is posted to the upper layer via wpa_msg(). Signed-off-by: Raja Mani <rmani@qca.qualcomm.com>
11 years ago
case EVENT_CONNECT_FAILED_REASON:
#ifdef CONFIG_AP
if (!wpa_s->ap_iface || !data)
break;
hostapd_event_connect_failed_reason(
wpa_s->ap_iface->bss[0],
data->connect_failed_reason.addr,
data->connect_failed_reason.code);
#endif /* CONFIG_AP */
break;
mesh: Add mesh mode routines Add routines to (de)initialize mesh interface data structures and join and leave mesh networks. Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
10 years ago
case EVENT_NEW_PEER_CANDIDATE:
mesh: Fix segmentation fault by repeating MESH_GROUP_ADD/REMOVE Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
10 years ago
#ifdef CONFIG_MESH
if (!wpa_s->ifmsh || !data)
break;
mesh: Add mesh mode routines Add routines to (de)initialize mesh interface data structures and join and leave mesh networks. Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
10 years ago
wpa_mesh_notify_peer(wpa_s, data->mesh_peer.peer,
data->mesh_peer.ies,
data->mesh_peer.ie_len);
mesh: Fix segmentation fault by repeating MESH_GROUP_ADD/REMOVE Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com> Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
10 years ago
#endif /* CONFIG_MESH */
mesh: Add mesh mode routines Add routines to (de)initialize mesh interface data structures and join and leave mesh networks. Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
10 years ago
break;
Handle survey event properly in wpa_supplicant Let's reuse hostapd code for such handling. This will be useful to get ACS support into wpa_supplicant where this one needs to handle the survey event so it fills in the result ACS subsystem will require. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> [u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master] Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
9 years ago
case EVENT_SURVEY:
#ifdef CONFIG_AP
if (!wpa_s->ap_iface)
break;
hostapd_event_get_survey(wpa_s->ap_iface,
&data->survey_results);
#endif /* CONFIG_AP */
break;
wpa_supplicant: Enable Automatic Channel Selection support for AP mode Since hostapd supports ACS now, let's enable its support in wpa_supplicant as well when starting AP mode. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> [u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master] [u.oelmann@pengutronix.de: adjusted added text in defconfig] Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
9 years ago
case EVENT_ACS_CHANNEL_SELECTED:
Skip EVENT_ACS_CHANNEL_SELECTED also without CONFIG_AP CONFIG_ACS alone should not refer to wpa_s->ap_iface to avoid potential compilation issues. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
#ifdef CONFIG_AP
wpa_supplicant: Enable Automatic Channel Selection support for AP mode Since hostapd supports ACS now, let's enable its support in wpa_supplicant as well when starting AP mode. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> [u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master] [u.oelmann@pengutronix.de: adjusted added text in defconfig] Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
9 years ago
#ifdef CONFIG_ACS
if (!wpa_s->ap_iface)
break;
hostapd_acs_channel_selected(wpa_s->ap_iface->bss[0],
&data->acs_selected_channels);
#endif /* CONFIG_ACS */
Skip EVENT_ACS_CHANNEL_SELECTED also without CONFIG_AP CONFIG_ACS alone should not refer to wpa_s->ap_iface to avoid potential compilation issues. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
#endif /* CONFIG_AP */
wpa_supplicant: Enable Automatic Channel Selection support for AP mode Since hostapd supports ACS now, let's enable its support in wpa_supplicant as well when starting AP mode. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> [u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master] [u.oelmann@pengutronix.de: adjusted added text in defconfig] Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
9 years ago
break;
P2P: Allow P2P listen being offloaded to the driver/firmware This allows P2P Listen to be offloaded to device to enhance power saving. To start P2P listen offload, from wpa_cli interface, issue the command: p2p_lo_start <freq> <period> <interval> <count> To stop P2P listen offload, issue the command: p2p_lo_stop Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
8 years ago
case EVENT_P2P_LO_STOP:
#ifdef CONFIG_P2P
wpa_s->p2p_lo_started = 0;
wpa_msg(wpa_s, MSG_INFO, P2P_EVENT_LISTEN_OFFLOAD_STOP
P2P_LISTEN_OFFLOAD_STOP_REASON "reason=%d",
data->p2p_lo_stop.reason_code);
#endif /* CONFIG_P2P */
break;
bgscan: Deliver beacon loss event to bgscan modules This adds a call to the notify_beacon_loss() callback functions when beacon loss is detected. In addition, a new CTRL-EVENT-BEACON-LOSS event is made available through the wpa_supplicant control interface. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago
case EVENT_BEACON_LOSS:
if (!wpa_s->current_bss || !wpa_s->current_ssid)
break;
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_BEACON_LOSS);
bgscan_notify_beacon_loss(wpa_s);
break;
SAE: Support external authentication offload for driver-SME cases Extend the SME functionality to support the external authentication. External authentication may be used by the drivers that do not define separate commands for authentication and association (~WPA_DRIVER_FLAGS_SME) but rely on wpa_supplicant's SME for the authentication. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
6 years ago
case EVENT_EXTERNAL_AUTH:
#ifdef CONFIG_SAE
if (!wpa_s->current_ssid) {
wpa_printf(MSG_DEBUG, "SAE: current_ssid is NULL");
break;
}
sme_external_auth_trigger(wpa_s, data);
#endif /* CONFIG_SAE */
break;
wpa_supplicant: Handle port authorized event When the driver indicates that the connection is authorized (i.e., the 4-way handshake was completed by the driver), cancel the EAP authentication timeout and set the EAP state machine to success state. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
6 years ago
case EVENT_PORT_AUTHORIZED:
wpa_supplicant_event_port_authorized(wpa_s);
break;
Make STA opmode change event available to upper layers Add an event callback for EVENT_STATION_OPMODE_CHANGED to allow user/application to get the notification whenever there is a change in a station's HT/VHT op mode. The new events: STA-OPMODE-MAX-BW-CHANGED <addr> <20(no-HT)|20|40|80|80+80|160> STA-OPMODE-SMPS-MODE-CHANGED <addr> <automatic|off|dynamic|static> STA-OPMODE-N_SS-CHANGED <addr> <N_SS> Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
6 years ago
case EVENT_STATION_OPMODE_CHANGED:
#ifdef CONFIG_AP
if (!wpa_s->ap_iface || !data)
break;
hostapd_event_sta_opmode_changed(wpa_s->ap_iface->bss[0],
data->sta_opmode.addr,
data->sta_opmode.smps_mode,
data->sta_opmode.chan_width,
data->sta_opmode.rx_nss);
#endif /* CONFIG_AP */
break;
Beacon frame protection event for incorrect protection Define a driver interface event for Beacon frame protection failures. Report such events over the control interface and send a WNM-Notification Request frame to the AP as well. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
4 years ago
case EVENT_UNPROT_BEACON:
wpas_event_unprot_beacon(wpa_s, &data->unprot_beacon);
break;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
default:
Use wpa_msg() instead of wpa_printf() This converts number of debugging messages to use wpa_msg() in order to allow the interface name to be shown with the messages. A new function, wpa_dbg(), is introduced to allow CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is otherwise identical with wpa_msg(), but it gets compiled out if stdout debugging is disabled.
13 years ago
wpa_msg(wpa_s, MSG_INFO, "Unknown event %d", event);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
16 years ago
break;
}
}
Find correct driver for interface additions/removals Interface additions/removals are not guaranteed to be for the driver listening to the kernel events. As such, send the events to wpa_supplicant_event_global() which can then pick the correct interface registered with wpa_supplicant to send the event to. Signed-off-by: Roy Marples <roy@marples.name>
8 years ago
void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
union wpa_event_data *data)
{
struct wpa_supplicant *wpa_s;
if (event != EVENT_INTERFACE_STATUS)
return;
wpa_s = wpa_supplicant_get_iface(ctx, data->interface_status.ifname);
if (wpa_s && wpa_s->driver->get_ifindex) {
unsigned int ifindex;
ifindex = wpa_s->driver->get_ifindex(wpa_s->drv_priv);
if (ifindex != data->interface_status.ifindex) {
wpa_dbg(wpa_s, MSG_DEBUG,
"interface status ifindex %d mismatch (%d)",
ifindex, data->interface_status.ifindex);
return;
}
}
Add interface matching support with -M, guarded by CONFIG_MATCH_IFACE The new wpa_supplicant command line argument -M can be used to describe matching rules with a wildcard interface name (e.g., "wlan*"). This is very useful for systems without udev (Linux) or devd (FreeBSD). Signed-off-by: Roy Marples <roy@marples.name>
8 years ago
#ifdef CONFIG_MATCH_IFACE
else if (data->interface_status.ievent == EVENT_INTERFACE_ADDED) {
struct wpa_interface *wpa_i;
wpa_i = wpa_supplicant_match_iface(
ctx, data->interface_status.ifname);
if (!wpa_i)
return;
wpa_s = wpa_supplicant_add_iface(ctx, wpa_i, NULL);
os_free(wpa_i);
}
#endif /* CONFIG_MATCH_IFACE */
Find correct driver for interface additions/removals Interface additions/removals are not guaranteed to be for the driver listening to the kernel events. As such, send the events to wpa_supplicant_event_global() which can then pick the correct interface registered with wpa_supplicant to send the event to. Signed-off-by: Roy Marples <roy@marples.name>
8 years ago
if (wpa_s)
wpa_supplicant_event(wpa_s, event, data);
}