CFLAGS += -DCONFIG_VALGRIND can now be used to enable support for
Valgrind client requests to help in removing some non-issues from
Valgrind reports. This is mainly aimed at allowing unknown ioctl
results to be marked as defined data.
If the os_time_t variable used for the expiration time (seconds)
overflows when the registered timeout value is being added,
assume that the event would happen after an infinite time, i.e.,
would not really happen in practice. This fixes issues with
long key timeouts getting converted to immediate expiration due
to the overflow.
os_snprintf() can be a preprocessor macro and according to
C99 (6.10.3 clause 11) the results of having preprocessor directives
inside the macro arguments is undefined.
Build options can now be used to replace the location of client
sockets for UNIX domain socket control interface:
CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/tmp\"
CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_PREFIX=\"wpa_ctrl_\"
The buffer size for routing socket is fixed to 2048.
This patch fix it to obtain the size from OS.
This patch worked on x86 platform with NetBSD 5.0.2.
There is no need to keep this in hostap.git with wpa_supplicant
and hostapd. The CVS version from 0.5.x branch is identical and
it can be used instead.
This allows keystore:// prefix to be used with client_cert and
private_key configuration parameters.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Add a notification function for the result of an invitation.
Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add a notification for received GO negotiation requests.
Signed-off-by: Konguraj(Raj) Kulanthaivel <konguraj.kulanthaivel@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This will only retrieve information about peers that have been fully
discovered, not peers that are only half-discovered based on their Probe
Request frames.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The DBus code will want to have perfect matching of dev_found and the
dev_lost it adds so it doesn't need to keep track internally. Enable
that with a new flag in the core that tracks whether we have already
notified about this -- the existing users can ignore it.
The part where this is always set to 1 if the new device is discovered
by a driver that has P2P in the driver is buggy -- the driver should
feed the P2P peer database and then that should feed the notification
here instead.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This embeds some information about each P2P peer that will be publically
visible in a struct that is shared.
The dev_found notification function is also passed the new struct, which
requires some work for the driver-based P2P management.
Signed-off-by: Konguraj(Raj) Kulanthaivel <konguraj.kulanthaivel@intel.com>
Signed-off-by: Fabien Marotte <fabienx.marotte@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When using multiple vifs and dynamic vlan tagging is enabled on any
interface, the created AP VLAN interfaces get the BSSID of the first
AP mode interface instead of the BSSID of the corresponding AP mode
interface.
Example:
wlan0 - xx:xx:xx:xx:x0
wlan1 - xx:xx:xx:xx:x1
Assume a STA connects to the AP interface wlan1 and gets a dynamic
VLAN tag 100 assigned by the RADIUS server. Hostapd will create an AP
VLAN interface wlan1.100 but doesn't set an address for this interface
which results in wlan1.100 getting the same address as wlan0:
wlan1.100 - xx:xx:xx:xx:x0
As a result the STA that was moved to wlan1.100 isn't able to finish its
4-way handshake since mac80211 won't pass its frames to wlan1.100 due to
the different address.
To fix this issue make use of the address of the AP interface when
creating an AP VLAN interface.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Previous code was assuming that the P2P module is always initialized.
However, that is not the case anymore with drivers that do not support
P2P. Add verification of whether P2P is enabled before trying to execute
P2P commands.
Add MAC addresses for stations and use wpa_msg instead of printf
methods to make it easier to grep logs and find messages for the
station in question.
Signed-off-by: Ben Greear <greearb@candelatech.com>
mac80211 authentication or association operation may get stuck for some
reasons, so wpa_supplicant better use an internal timer to recover from
this.
Signed-off-by: Ben Greear <greearb@candelatech.com>
If parsing of the certificate or private key succeeds using any of
the tried encoding types, clear the OpenSSL error queue without
showing the pending errors in debug log since they do not really
provide any useful output and can be confusing.
GO may use M2D to notify that PBC overlap was detected if the GO was
configured to allow only a specific P2P Device to connect using PBC.
We need to report the M2D message on the parent interface if a
separate group interface is used. In addition, we can stop the P2P
operation if PBC overlap was indicated similarly to what we are
already doing in th case the overlap is detected locally.
Some of the wpa_supplicant control interface commands, like WPS_PIN,
may not include a newline in the end of the response. This can result
in the response being lost when wpa_cli redraws the screen after an
event message. Add a newline after such responses in interactive mode
to avoid the problem.
This patch fixes a problem I had when I tried to connect
an embedded system [wpa_supplicant, CONFIG_TLS=internal]
to my TLS secured network.
TLSv1: Send CertificateVerify
TLSv1: CertificateVerify hash - hexdump(len=36): ha .. ha
PKCS #1: pkcs1_generate_encryption_block - Invalid buffer lengths \
(modlen=512 outlen=454 inlen=36)
It turned out that a fixed 1000 byte message buffer was just
a little bit too small for the 4096 bit RSA certificates
I'm using.
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
In multi BSS setups it wasn't possible to set up an HT BSS in
conjunction with a WEP/TKIP BSS. HT needed to be turned off entirely
to allow WEP/TKIP BSSes to be used.
In order to allow HT BSSes to coexist with non-HT WEP/TKIP BSSes add a
new BSS conf attribute "disable_11n" which disables HT capabilities on a
single BSS by suppressing HT IEs in the beacon and probe response
frames. Furthermore, mark all STAs associated to a WEP/TKIP BSS as
non-HT STAs. The disable_11n parameter is used internally; no new entry
is parsed from hostapd.conf.
This allows a non-HT WEP/TKIP BSS to coexist with a HT BSS without
having to disable HT mode entirely. Nevertheless, all STAs associated to
the WEP/TKIP BSS will only be served as if they were non-HT STAs.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
When FT protocol run is completed with FT-EAP, the EAPOL state machine
needs to be notified of the completed authentication to make sure it
does not try to start new authentication.
Use l2_packet with Ethernet header included so that the source
address for RRB packets can be forced to be the local BSSID. This
fixes problems where unexpected bridge interface address may end
up getting used and the recipient of the frame dropping it as
unknown R0KH/R1KH.
This is needed to keep kernel and hostapd in sync. In addition,
the obsolete entry in hostapd prevented use of Deauthentication
or Disassociation frame with reason code 6/7 mechanism to indicate
to the STA that there is no association if the STA missed the
broadcast Deauthentication frame for any reason.