This was mostly identical code that had been copied for the new D-Bus
API implementation and as such, should really have been shared from
the beginning. In addition, the copied code ended up generating
interesting stack traces since the actual D-Bus connection was being
shared even though the pointer to it was stored in two distinct
data structures. The old D-Bus code ended up dispatching some
D-Bus callbacks which ended up running the new D-Bus code.
Since the private context pointers were mostly identical, everything
seemed to more or less work, but this design was just making things
more complex and potentially very easy to break.
This allows the BSS list to be iterated in order of increasing id
to avoid problems with new scans reordering entries. The order on the
wpa_s->bss list changes with most recently updated entries being moved
to the tail of the list while wpa_s->bss_id list maintains its order
with new entries being added to the tail and old entries being removed
when they expire.
Collect information from scan results into a BSS table that will not
expire information as quickly as scan results where every new scan,
no matter for how limited set of channels/SSIDs, clears all old
information.
For now, this is only used for D-Bus BSS added/removed notifications,
but this will likely be extended to be used internally instead of the
scan results to better support partial scans.
Instead of forcefully deinitializing ER immediately, give it some
time to complete unsubscription and call eloop_terminate() only once
ER code has completed its work.
In addition to the bitrate, the only other variable in this structure
is used internally in hostapd. Move this structure into hostapd.h and
make the driver API use simpler data structure (array of bitrates).
This patch implements the new DBus API. Both, the new and the
previous API may work concurrently and may be turned on or off
separately in .config file.
Some features of the new API are:
- more wpa_supplicant's events are signaled with DBus signals,
- introspection data (requires libxml2 and may be disabled),
- CurrentBSS and CurrentNetwork properties,
- PropertyChanged signal for most of properties,
- Relatively easy to extend.
.config options for the new API are: CONFIG_CTRL_IFACE_DBUS_NEW=y and
CONFIG_CTRL_IFACE_DBUS_INTRO=y for introspection.
This commit misses couple of parts from the full implementation
(these are still under review):
- fetching all configuration parameters for learning WPS information
- scan result BSS add/remove notification (register_bss() and
unregister_bss() notification callbacks)
This is the first step in adding support for using wpa_supplicant as a
WPS External Registrar to manage APs over UPnP. Only the device
discovery part is implemented in this commit.
New wpa_supplicant command line options -o<driver> and -O<ctrl> can
now be used to override the parameters received in add interface
command from dbus or global ctrl_interface. This can be used, e.g.,
to enable control interface when using NetworkManager (add
-O/var/run/wpa_supplicant into the Exec parameter in
/usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service).
Similarly, this can be used to use another driver wrapper with
NetworkManager (e.g., -onl80211 to replace WEXT with nl80211).
Current wpa_supplicant has a bug with WEP keys, it adds a zero-length
sequence counter field to netlink which the kernel doesn't accept.
Additionally, the kernel API slightly changed to accept keys only when
connected, so we need to send it the keys after that. For that to work
with shared key authentication, we also include the default WEP TX key
in the authentication command.
To upload the keys properly _after_ associating, add a new flag
WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE indicating that the driver
needs the keys at that point and not earlier.
This allows background scanning and roaming decisions to be contained in
a single place based on a defined set of notification events which will
hopefully make it easier to experiment with roaming improvements. In
addition, this allows multiple intra-ESS roaming policies to be used
(each network configuration block can configure its own bgscan module).
The beacon loss and signal strength notifications are implemented for
the bgscan API, but the actual events are not yet available from the
driver.
The included sample bgscan module ("simple") is an example of what can
be done with the new bgscan mechanism. It requests periodic background
scans when the device remains associated with an ESS and has couple of
notes on what a more advanced bgscan module could do to optimize
background scanning and roaming. The periodic scans will cause the scan
result handler to pick a better AP if one becomes available. This bgscan
module can be taken into use by adding bgscan="simple" (or
bgscan="simple:<bgscan interval in seconds>") into the network
configuration block.
Instead of implementing these separately in various control
interface handlers, use shared functions. These add some of the
previously missing notification calls, too, for the affected areas.
If an EAPOL frame is received while wpa_supplicant thinks the driver is
not associated, queue the frame for processing at the moment when the
association event is received. This is a workaround to a race condition
in receiving data frames and management events from the kernel.
The pending EAPOL frame will not be processed unless an association
event is received within 100 msec for the same BSSID.
When the supplicant is connected and performs a scan, it doesn't enter
WPA_SCANNING state for various reasons. However, external programs
still need to know that the supplicant is scanning since they may not
wish to perform certain operations during a scan (as those operations
will likely fail or yield incorrect results). Add a 'scanning' property
and signal to the supplicant dbus interface to allow clients to
synchronize better with the supplicant when it scans.
Signed-off-by: Dan Williams <dcbw@redhat.com>
wpa_supplicant can now initialize hostapd data structures when mode=2 is
used to set up an AP. The hostapd configuration is not yet set based on
wpa_supplicant network configuration block. In addition, the glue code
for hostapd driver_ops needs number of functions that will be needed for
AP functionality.
This can be used, e.g., with mac80211-based Linux drivers with
nl80211. This allows over-the-air FT protocol to be used (IEEE
802.11r).
Since the nl80211 interface needed for this is very recent (added
today into wireless-testing.git), driver_nl80211.c has backwards
compatibility code that uses WEXT for association if the kernel does
not support the new commands. This compatibility code can be
disabled by defining NO_WEXT_COMPAT. That code will also be removed
at some point to clean up driver_nl80211.c.
Do not use just the driver name for this since driver_ndis.c supports
both wired and wireless NDIS drivers and needs to indicate the driver
type after initialization.
This can be used to provide support for scanning multiple SSIDs at a
time to optimize scan_ssid=1 operations. In addition, Probe Request IEs
will be available to scan2() (e.g., for WPS PBC scanning).
The driver wrappers can now inform wpa_supplicant how many SSIDs can
be used in a single scan request (i.e., send multiple Probe Requests
per channel). This value is not yet used, but it can eventually be used
to allow a new scan command to specify multiple SSIDs to speed up
scan_ssid=1 operations. In addition, a warning could be printed if
scan_ssid=1 is used with a driver that does not support it
(max_scan_ssids=0).
Some WPS APs do not set Selected Registrar attribute to 1 properly when
using an external Registrar. Allow such an AP to be selected for PIN
registration after couple of scan runs that do not find APs marked with
Selected Registrar = 1. This allows wpa_supplicant to iterate through
all APs that advertise WPS support without delaying connection with
implementations that set Selected Registrar = 1 properly.
This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used
to enable RSN support for IBSS. This links in RSN Authenticator code
from hostapd and adds code for managing per-peer information for IBSS. A
new wpa_cli command or driver event can be used to request RSN
authentication with an IBSS peer. New RSN Authenticator and Supplicant
will be allocated for each peer.
The basic state machine setup code is included in this commit, but the
state machines are not properly started yet. In addition, some of the
callback functions are not yet complete.
Driver wrappers can now register global_init() and global_deinit()
driver_ops handlers to get a global data structure that can be shared
for all interfaces. This allows driver wrappers to initialize some
functionality (e.g., interface monitoring) before any interfaces have
been initialized.
This adds support for setting of a regulatory domain to wpa_supplicant
drivers. It also adds regulatory domain setting for the nl80211 driver.
We expect an ISO / IEC 3166 alpha2 in the wpa configuration file as a
global.
The wps_context data is now managed at wpa_supplicant, not EAP-WSC. This
makes wpa_supplicant design for WPS match with hostapd one and also
makes it easier configure whatever parameters and callbacks are needed
for WPS.
delaying Michael MIC error reports by a random amount of time between 0 and
60 seconds if multiple Michael MIC failures are detected with the same PTK
(i.e., the Authenticator does not rekey PTK on first failure report). This
is disabled by default and can be enabled with a build option
CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config.
This may help in making a chopchop attack take much longer time by forcing
the attacker to wait 60 seconds before knowing whether a modified frame
resulted in a MIC failure.
A bug just got reported as a result of this for mac80211 drivers.
https://bugzilla.redhat.com/show_bug.cgi?id=459399
The basic problem is that since taking the device down clears the keys
from the driver on many mac80211-based cards, and since the mode gets
set _after_ the keys have been set in the driver, the keys get cleared
on a mode switch and the resulting association is wrong. The report is
about ad-hoc mode specifically, but this could happen when switching
from adhoc back to managed mode.