Commit graph

294 commits

Author SHA1 Message Date
Jouni Malinen
edbd2a191e Move cipher suite selection into common helper functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 16:58:54 +02:00
Jouni Malinen
e056f93e60 Update copyright notices to include year 2013
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
1cfc678723 Remove reassociated_connection variable
This was used to select between "(auth)" and "(reauth)" in
CTRL-EVENT-CONNECTED events. However, the variable was not cleared
anywhere else apart from the AP deinit case. As such, it did not really
provide correct information and is not really of much use even with
proper clearing added. As such, it is cleaner to just get rid of this
altogether.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-25 19:51:04 +02:00
Jouni Malinen
2049a875bc WNM: Additional BSS Transition Management capability
Add some more functionality for BSS Transition Management:
- advertise support for BSS Transition Management in extended
  capabilities element
- add hostapd.conf parameter bss_transition=1 for enabling support
  for BSS Transition Management
- add "hostapd_cli disassoc_imminent <STA> <num TBTTs>" for sending
  disassociation imminent notifications for testing purposes
- wpa_supplicant: trigger a new scan to find another BSS if the
  current AP indicates disassociation imminent (TODO: the old AP needs
  to be marked to use lower priority to avoid re-selecting it)

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 20:27:30 +02:00
Jouni Malinen
03e47c9c3a Share a single function for building extended capabilities element
This makes it easier to update extended capabilities for all uses
within wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 19:17:15 +02:00
Jouni Malinen
3ab35a6603 Extend EAPOL frames processing workaround for roaming cases
Commit 1ff733383f added a mechanism to
work around issues due to association events and EAPOL RX events being
getting reordered. However, this applied only for the case where
wpa_supplicant is not in associated state. The same issue can happen in
roaming case with drivers that perform BSS selection internally (or in
firmware). Handle that case similarly by delaying received EAPOL frame
processing if the source address of the EAPOL frame does not match the
current BSSID.

Since wired IEEE 802.1X do not have BSSID, make this additional
workaround conditional on BSSID match having been observed during the
previous association.

This fixes issues where the initial EAPOL frame after reassociation was
either dropped (e.g., due to replay counter not increasing) or replied
to with incorrect destination address (the BSSID of the old AP). This
can result in significantly more robust roaming behavior with drivers
that do not use wpa_supplicant for BSS selection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-21 21:35:35 +02:00
Ben Greear
a90497f85f wpa_supplicant: Allow user to disable short guard interval (SGI)
Requires Linux kernel patch to make the SGI-20 properly disabled. SGI-40
will already work since Linux 3.4 or so.

Signed-hostap: Ben Greear <greearb@candelatech.com>
Signed-off-by: Ben Greear <greearb@candelatech.com>
2012-12-18 14:45:09 +02:00
Jouni Malinen
e6955ba9f9 WNM: Add WNM-Sleep Mode into Extended Capabilities element
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:45:59 +02:00
Jouni Malinen
9796a86c23 Use a shared function for requesting a new connection
Both the ctrl_iface and D-Bus interface use similar functionality to
request a new connection. Combine these to a single function to avoid
need to maintain duplicated implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 16:30:30 +02:00
Jouni Malinen
f1a5263389 Maintain maximum blacklist count over list clear operations
wpas_connection_failed() uses the blacklist count to figure out a
suitable time to wait for the next scan. This mechanism did not work
properly in cases where the temporary blacklist gets cleared due to no
other BSSes being available. Address this by maintaining an additional
count of blacklisting values over wpa_blacklist_clear() calls. In
addition, add one more step in the count to timeout mapping to go to 10
second interval if more than four failures are seen.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 16:20:44 +02:00
Jouni Malinen
4115303bbe Document wpa_s->scan_req
Use an enum with documented values to make it easier to understand how
wpa_s->scan_req is used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 15:55:32 +02:00
Jouni Malinen
62d4980331 Allow PMF to be enabled by default
Previously, PMF (protected management frames, IEEE 802.11w) could be
enabled only with a per-network parameter (ieee80211w). The new global
parameter (pmf) can now be used to change the default behavior to be PMF
enabled (pmf=1) or required (pmf=2) for network blocks that do not
override this with the ieee80211w parameter.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-24 22:21:29 +02:00
Jouni Malinen
6e2020210a Allow OKC to be enabled by default
Previously, OKC (opportunistic key caching, a.k.a. proactive key
caching) could be enabled only with a per-network parameter
(proactive_key_caching). The new global parameter (okc) can now be used
to change the default behavior to be OKC enabled (okc=1) for network
blocks that do not override this with the proactive_key_caching
parameter.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-12 20:07:53 +02:00
Jouni Malinen
1e8a6e7553 Remove unused wpa_supplicant_disassociate()
This function is now unused after the last couple of commits that
removed the last uses, so remove this to keep code simpler since all
places that disassociate, can use deauthentication instead.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 17:05:37 +02:00
Jouni Malinen
07783eaaa0 Use deauthentication instead of disassociation if not associated
cfg80211/mac80211 may reject disassociation command if association has
not yet been formed. Use deauthentication in cases where it is possible
that we are associating at the moment the command is issued.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 16:58:00 +02:00
Jouni Malinen
42d235477f Use wpa_drv_{disassociate,deauthenticate} while waiting for connection
wpa_supplicant_{disassociate,deauthenticate}() need to inform the driver
about decision to disconnect even if this happens during the time when
the driver is still trying to complete association. During that time,
wpa_s->bssid is not set, so the code in these functions needs to figure
out the correct BSSID based on that field or wpa_s->pending_bssid. In
addition, it is possible that the BSSID is not even known at
wpa_supplicant at this point in time when using drivers that perform BSS
selection internally. In those cases, the disconnect command needs to be
sent to the driver without the BSSID.

This fixes issues where the driver (or cfg80211 in particular) may be
left in mismatching state with wpa_supplicant when disconnection (e.g.,
due to a ctrl_iface command) happens between connection request and
association event.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 16:57:57 +02:00
Jouni Malinen
c10347f246 Add initial parts for SAE
This introduces new AKM for SAE and FT-SAE and adds the initial parts
for going through the SAE Authentication frame exchange. The actual SAE
algorithm and new fields in Authentication frames are not yet included
in this commit and will be added separately. This version is able to
complete a dummy authentication with the correct authentication
algorithm and transaction values to allow cfg80211/mac80211 drivers to
be tested (all the missing parts can be handled with
hostapd/wpa_supplicant changes).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:51:07 +03:00
Jouni Malinen
6407f4132f Add disallow_aps parameter to disallow BSSIDs/SSIDs
External programs can use this new parameter to prevent wpa_supplicant
from connecting to a list of BSSIDs and/or SSIDs. The disallowed BSSes
will still be visible in scan results and it is possible to run ANQP
operations with them, but BSS selection for connection will skip any
BSS that matches an entry in the disallowed list.

The new parameter can be set with the control interface SET command
using following syntax:

SET disallow_aps <disallow_list>
disallow_list ::= <ssid_spec> | <bssid_spec> | <disallow_list> | “”
SSID_SPEC ::= ssid <SSID_HEX>
BSSID_SPEC ::= bssid <BSSID_HEX>

For example:
wpa_cli set disallow_list "ssid 74657374 bssid 001122334455 ssid 68656c6c6f"
wpa_cli set disallow_list
(the empty value removes all entries)

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-27 17:36:59 +03:00
Dan Williams
8c981d179b wpa_supplicant: Set state to DISCONNECTED on AP creation errors
If the AP creation failed (missing freq= or driver error) the supplicant
would previously stay in SCANNING state forever. Instead, it should
handle the error a bit better and drop back to DISCONNECTED so clients
know something went wrong.

Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
2012-09-23 13:55:58 +03:00
Jouni Malinen
e665ca9a8d P2P: Move p2p_cb_on_scan_complete to global context
Since we have a global P2P module, the flag to trigger scan completion
events to it needs to be in similar context. The previous design
maintained this separately for each virtual interface and if P2P module
did not run its scan operation on the virtual interface that completed
the scan, P2P module would not be allowed to restart operations
properly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-13 17:58:22 -07:00
Jouni Malinen
a297201df1 Maintain list of BSS entries in last scan result order
This allows last results to be used even after they have been freed
since the information is copied to the BSS entries anyway and this new
array provides the order in which scan results were processed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 19:53:15 +03:00
Jouni Malinen
9675ce354a WFD: Add Wi-Fi Display support
This commit adds control interface commands and internal storage of
Wi-Fi Display related configuration. In addition, WFD IE is now added
to various P2P frames, Probe Request/Response, and (Re)Association
Request/Response frames. WFD subelements from peers are stored in the
P2P peer table.

Following control interface commands are now available:
SET wifi_display <0/1>
GET wifi_display
WFD_SUBELEM_SET <subelem> [hexdump of length+body]
WFD_SUBELEM_GET <subelem>

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
eb7719ff22 Add support for using GCMP cipher from IEEE 802.11ad
This allows both hostapd and wpa_supplicant to be used to derive and
configure keys for GCMP. This is quite similar to CCMP key
configuration, but a different cipher suite and somewhat different rules
are used in cipher selection. It should be noted that GCMP is not
included in default parameters at least for now, so explicit
pairwise/group configuration is needed to enable it. This may change in
the future to allow GCMP to be selected automatically in cases where
CCMP could have been used.

This commit does not included changes to WPS or P2P to allow GCMP to be
used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 11:52:15 +03:00
Jouni Malinen
b1f122964e Add generic GAS request mechanism
The new gas_request and gas_response_get commands can be used to request
arbitary GAS queries to be performed. These can be used with ANQP or
with other (including vendor specific) advertisement protocols.

gas_request <BSSID> <AdvProtoID> [Query]
gas_response_get <addr> <dialog token> [offset,length]

For example, ANQP query for Capability list in interactive wpa_cli
session:

> gas_request 02:00:00:00:01:00 00 000102000101
<3>GAS-RESPONSE-INFO addr=02:00:00:00:01:00 dialog_token=0
status_code=0 resp_len=32
> gas_response_get 02:00:00:00:01:00 00
01011c00010102010501070108010c01dddd0c00506f9a110200020304050607
> gas_response_get 02:00:00:00:01:00 00 0,10
01011c00010102010501
> gas_response_get 02:00:00:00:01:00 00 10,10
070108010c01dddd0c00
> gas_response_get 02:00:00:00:01:00 00 20,10
506f9a11020002030405
> gas_response_get 02:00:00:00:01:00 00 30,2
0607

It should be noted that the maximum length of the response buffer is
currently 4096 bytes which allows about 2000 bytes of the response data
to be fetched with a single gas_response_get command. If the response is
longer, it can be fetched in pieces as shown in the example above.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-27 18:13:10 +03:00
Jouni Malinen
0d30cc240f Clear current_ssid and key_mgmt when disconnected
This makes wpa_supplicant state somewhat cleaner since the information
from previously used connection is not maintained after getting
disconnected.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:08 +03:00
Jouni Malinen
00e5e3d509 Disable network block temporarily on authentication failures
If 4-way handshake fails due to likely PSK failure or if EAP
authentication fails, disable the network block temporarily. Use longer
duration if multiple consecutive failures are seen.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:07 +03:00
Jouni Malinen
cc8c7b8840 P2P: Remove unnecessary call in resuming p2p_find
Commit 99fcd40409 added a call to update
search delay after failed authentication attempt. This change was
supposed to be only in p2p_supplicant.c for the successful case. The
extra call does not really do anything, but it's good to remove it to
avoid any confusion in the future.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-23 20:28:04 +03:00
Jouni Malinen
99fcd40409 P2P: Allow scan operations during p2p_find
Previously, all station mode scan operations were either skipped or
delayed while any P2P operation was in progress. To make concurrent
operations easier to use, reduce this limitation by allowing a scan
operation to be completed in the middle of a p2p_find. In addition,
allow station mode association to be completed. When the station mode
operation is run to its completion (scan results not acted on,
connection to an AP completed, connection failed), resume the p2p_find
operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-23 19:42:53 +03:00
Yoni Divinsky
6409b7a715 Supply the connection scan results to bgscan after init
If bgscan is enabled, then bgscan is initiated after the connection,
with no bss scan result information. Since a scan was performed prior to
the connection, the information exists and can be used to initialize the
bgscan's cache.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-08-17 20:53:44 +03:00
Jouni Malinen
a3f7e5186b Allow non-WPA IEEE 802.1X to be select even if WPA is also enabled
If key_mgmt was set to allow both WPA and non-WPA IEEE 802.1X (i.e., to
IEEE8021X WPA-EAP), non-WPA IEEE 802.1X was rejected while preparing
association parameters. Allow this special case to be handled by
selecting non-WPA case if the scan results for the AP do not include
either WPA or RSN elements.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-15 19:34:04 +03:00
Jouni Malinen
986de33d5c Convert remaining SSID routines from char* to u8*
This makes it more explicit that the SSID is not a null terminated
C string.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 16:07:25 +03:00
Jouni Malinen
9173b16fd1 EXT PW: Add support for psk parameter from external storage
This allows wpa_supplicant configuration file to be created without
the PSK/passphrase value included in the file when a backend for
external password storage is available.

Following example can be used for developer testing:

ext_password_backend=test:psk1=12345678
network={
    ssid="test-psk"
    key_mgmt=WPA-PSK
    psk=ext:psk1
}

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-03 22:15:42 +03:00
Jouni Malinen
306ae22556 EXT PW: Add framework for supporting external password storage
This new mechanism can be used to make wpa_supplicant using external
storage (e.g., key store in the operating system) for passwords,
passphrases, and PSKs. This commit is only adding the framework part
needed to support this, i.e., no actual configuration parameter can
yet use this new mechanism. In addition, only a simple test backend
is added to allow developer testing of the functionality.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-03 22:15:42 +03:00
Jouni Malinen
2518aad3e8 Move PSK/passphrase configuration check into use time from parsing
Instead of rejecting network blocks without PSK/passphrase at the time
the configuration file is read, allow such configuration to be loaded
and only behave as if the network block with missing PSK/passphrase is
disabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-03 22:15:42 +03:00
Jouni Malinen
c3d1223848 Reinitialize autoscan on explicit reassocciate/reconnect command
This clears the exponential scan interval back to the base value
when a reconnection is requested explicitly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 20:05:51 +03:00
Jouni Malinen
992189991c Start autoscan for first connection attempt
Use wpa_supplicant_set_state() to initialize state to DISCONNECT so that
autoscan gets initialized properly. This needs a change in
autoscan_init() to avoid extra scan request that would postpone the
first scan request when an interface is added.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:52:46 +03:00
Tomasz Bursztyka
7c865c6853 Add automatic scanning support
Like bgscan, autoscan is an optional module based feature to automate
scanning but while disconnected or inactive.

Instead of requesting directly a scan, it only sets the scan_interval
and the sched_scan_interval. So, if the driver supports sched_scan,
autoscan will be able to tweak its interval. Otherwise, the tweaked
scan_interval will be used. If scan parameters needs to be tweaked, an
autoscan_params pointer in wpa_s will provide those. So req_scan /
req_sched_scan will not set the scan parameters as they usually do, but
instead will use this pointer.

Modules will not have to request a scan directly, like bgscan does.
Instead, it will need to return the interval it wants after each
notification.

Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 18:55:41 +03:00
Jouni Malinen
c1c023429b Set state to DISCONNECTED on auth/assoc failures
Some of the authentication/association failure paths left wpa_state to
its previous value. This can result in unexpected behavior when
wpa_supplicant tries to find an AP to connect to since the uncleared
state can result the in the selected BSS being ignored if it is same as
the previously used BSS. This could happen, e.g., when wpa_supplicant
SME was used and the AP rejected authentication. Fix this by explicitly
setting state to DISCONNECTED on auth/assoc failures that did not yet do
this.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-25 14:23:25 +03:00
Jithu Jance
b9cfc09a81 P2P: Add preference setting for concurrent use cases
Add an additional parameter to prioritize either sta or p2p connection
to resolve conflicts arising during single channel concurrency.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2012-06-10 20:53:09 +03:00
Jouni Malinen
b6668734ab WNM: Add advertisement of BSS max idle period
If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period
information to the (Re)Association Response frame from the AP and parse
this information on the station. For SME-in-wpa_supplicant case, add a
timer to handle periodic transmission of the keep-alive frame. The
actual request for the driver to transmit a frame is not yet
implemented.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-27 17:35:00 -07:00
Jouni Malinen
f15854d1e1 Fix BSSID enforcement with driver-based BSS selection
Previously, wpa_supplicant did not specify BSSID to any connection
request if the driver indicated that it will take care of BSS selection.
This is fine for most use cases, but can result to issues if the network
block has an explicit bssid parameter to select which BSS is to be used.
Fix this by setting BSSID and channel when the network block includes the
bssid parameter even if the driver indicates support for BSS selection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-05-11 15:27:46 +03:00
Jouni Malinen
349493bd0c Validate WEP key lengths based on driver capabilities
The nl80211 driver interface does not allow 128-bit WEP to be used
without a vendor specific cipher suite and no such suite is defined for
this purpose. Do not accept WEP key length 16 for nl80211 driver
interface forn ow. wext-interface can still try to use these for
backwards compatibility.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-10 14:34:46 +03:00
Jouni Malinen
ab28911dbf P2P: Deinitialize global P2P context on P2P mgmt interface removal
The P2P implementation assumes that the first wpa_s interface instance
is used to manage P2P operations and the P2P module maintains a pointer
to this interface in msg_ctx. This can result in issues (e.g., use of
freed memory) when the management interface is removed. Fix this by
deinitializing global P2P data if the interface that created it is
removed. This will disable P2P until the next interface is added.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-10 10:49:22 +03:00
Jouni Malinen
cb4183249f HS 2.0: Add HS 2.0 Indication element into (Re)Association Request
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:30:04 +03:00
Jouni Malinen
fea7c3a055 Ignore network blocks that have invalid WEP key length
Do not try to associate with a network that has an invalid or incomplete
configuration because the association or at least data connection would
fail anyway. This commits adds a common function for checking whether a
network block is disabled to make it easier to check network blocks
without having to reject them during configuration file parsing (which
would prevent wpa_supplicant from starting). The only additional check
added in this commit is to verify the WEP key length. Similar checks for
other parameters can be added in future commits.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-07 13:39:33 +03:00
Rajkumar Manoharan
c3701c66a5 Add handling of OBSS scan requests and 20/40 BSS coex reports
Add support for HT STA to report 40 MHz intolerance to the associated AP.
A HT station generates a report (20/40 BSS coexistence) of channel list
if it finds a non-HT capable AP or a HT AP which prohibits 40 MHz
transmission (i.e., 40 MHz intolerant bit is set in HT capabilities IE)
from the scan results.

Parse the OBSS scan parameter from Beacon or Probe Response frames and
schedule periodic scan to generate 20/40 coexistence channel report if
requested to do so. This patch decodes Scan Interval alone from the OBSS
Scan Parameters element and triggers scan on timeout.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 15:55:38 +03:00
Jouni Malinen
d211881474 Fix D-Bus build without ctrl_iface
Commit 7de5688d68 started using
wpa_supplicant_ctrl_iface_ctrl_rsp_handle() from the D-Bus code, but
left this function in ctrl_iface.c that is included conditionally. Fix
this by moving the common function into wpa_supplicant.c so that it can
be included for builds that include only either ctrl_iface or D-Bus.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-04-27 21:21:31 +03:00
Mukesh Agrawal
c6e86b63d2 Create DBus getter/setter for ScanInterval
Enable control of wpa_s->scan_interval via D-Bus. This parameter
controls the delay between successive scans for a suitable AP.

Also, update dbus.doxygen with ScanInterval, and some other
parameters that were undocumented.

Signed-hostap: Mukesh Agrawal <quiche@chromium.org>
2012-04-01 18:05:22 +03:00
Johannes Berg
4f68895e92 debug: Add option to log to Linux tracing
Add the option (-T) to wpa_supplicant to log all debug messages into the
kernel tracing, allowing to aggregate kernel debugging with
wpa_supplicant debugging and recording all with trace-cmd.

Since tracing has relatively low overhead and can be filtered
afterwards, record all messages regardless of log level. However, it
will honor the -K option and not record key material by default.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-03-31 13:55:33 +03:00
Bala Shanmugam
1f6c0ab872 Allow background scan period to be configured
A network block specific background scan period can now be configured
for drivers that implement internal background scan mechanism for
roaming and BSS selection.

Signed-hostap: Bala Shanmugam <bkamatch@qca.qualcomm.com>
2012-03-30 15:20:35 +03:00
Jouni Malinen
25f839c6d9 Filter station mode EAPOL RX on bridge interface based on destination
If multiple station mode radios are bridged together on the same device,
it is possible for wpa_supplicant to receive EAPOL frames from the
bridge interface and then process them separately for each interface.
This can results in problems since multiple instances of supplicant side
could end up trying to process a single 4-way handshake. Avoid this
problem by filtering bridge interface EAPOL RX based on the desctination
MAC address. It should be noted that this works only when unicast
addresses are used (e.g., with WLAN) and not with the IEEE 802.1X EAPOL
group address (e.g., most wired networks).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-03-05 15:22:42 +02:00
Jouni Malinen
6979582ca6 Fix processing of channel list update events
Commit 6bf731e8ce broke handling of
EVENT_CHANNEL_LIST_CHANGED by introducing a cached copy of the driver
channel list that does not get updated even if driver changes its list.
Fix this by synchronizing the cacched wpa_s->hw.modes information
whenever EVENT_CHANNEL_LIST_CHANGED is processed. This fixes P2P channel
list updates based on regulatory domain hints that may trigger driver to
change its supported channel list.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-03-01 17:59:39 +02:00
Jouni Malinen
ef48ff940b Fix CTRL-EVENT-DISCONNECTED event for locally generated disconnection
When wpa_supplicant disconnects, e.g., due to authentication timeout,
we need to go through the EVENT_DISASSOC/DEAUTH processing similarly
to the driver triggered cases to get correct events delivered to the
ctrl_iface. Fix this by calling wpa_supplicant_event() in these cases
and by filtering out the confusing CTRL-EVENT-DISCONNECTED event with
all zeros BSSID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-03-01 15:42:35 +02:00
Jouni Malinen
f64adcd71e Allow PC/SC reader to be selected and initialized at start
New global configuration parameters pcsc_reader and pcsc_pin can now be
used to initialize PC/SC reader context at start of wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-26 13:09:30 +02:00
Jouni Malinen
6f3bc72be0 P2P: Allow channels to be removed from P2P use
A list of disallowed frequencies for P2P channel list can now be
configured with P2P_SET disallow_freq. The frequencies (or frequency
pairs) are comma separated. For example:
wpa_cli p2p_set disallow_freq 2462,5000-6000

The allowed P2P channel list is constructed by removing explicitly
disallowed channels from the channel list received from the driver.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-17 22:57:13 +02:00
Jouni Malinen
b8a8d6774b P2P: Do not include P2P IE in association request to non-P2P AP
This was previously fixed for most cases in commit
ffad885837, but the check here for
drivers that implement SME/MLME was missed in that commit.

This removes the P2P IE from (Re)Association Request frame with
drivers that do not use wpa_supplicant SME implementation and are
P2P cabable when associating with a non-P2P AP (i.e., not a GO or
P2P WLAN manager AP).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-02-17 11:34:56 +02:00
Jouni Malinen
d445a5cd8e Add BSSID filter for testing purposes
wpa_supplicant can now be configured to filter out scan results based
on a BSSID filter. Space-separated set of allowed BSSIDs can be set
with wpa_cli set bssid_filter command. Filtering mechanism can be
disabled by setting this variable to an empty list. When set, only
the BSSes that have a matching entry in this list will be accepted
from scan results.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 16:30:13 +02:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
331f89ff5b Select the BSD license terms as the only license alternative
Simplify licensing terms for hostap.git by selecting the BSD license
alternative for any future distribution. This drops the GPL v2
alternative from distribution terms and from contribution requirements.

The BSD license alternative that has been used in hostap.git (the one
with advertisement clause removed) is compatible with GPL and as such
the software in hostap.git can still be used with GPL projects. In
addition, any new contribution to hostap.git is expected to be licensed
under the BSD terms that allow the changes to be merged into older
hostap repositories that still include the GPL v2 alternative.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:31 +02:00
Dan Williams
0f4668ceac Try fallback drivers if global init for preferred drivers fails
Driver global init was considered a hard failure. Thus if, for example,
you used the Broadcom STA driver and didn't have nl80211 or cfg80211
loaded into the kernel, and specified a driver value of "nl80211,wext",
the nl80211 driver's global init would fail with the following message:

nl80211: 'nl80211' generic netlink not found
Failed to initialize driver 'nl80211'

but since global init was a hard failure, creating the supplicant
interface would fail and the WEXT driver would not be tried.
Give other drivers a chance instead.

Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
2012-02-04 20:09:51 +02:00
Jouni Malinen
96efeeb66b Use PMKSA cache entries with only a single network context
When looking for PMKSA cache entries to use with a new association, only
accept entries created with the same network block that was used to
create the cache entry.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-04 12:32:35 +02:00
Jouni Malinen
d93dfbd588 Delay scan request on select_network if disconnecting
The disconnection command results in disassociation and deauthentication
events which were previously processed during the scan in case of
select_network command being used while associated with another network.
While this works in most cases, it can result in confusing event
messages in ctrl_iface and debug log. Avoid this by using a short delay
between the disconnection and scan request to allow the disconnection
events to be processed prior to starting the new scan.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-02-04 12:28:16 +02:00
Ben Greear
80e8a5eef1 Support HT capability overrides
This allows HT capabilities overrides on kernels that
support these features.

MCS Rates can be disabled to force to slower speeds when using HT.
Rates cannot be forced higher.

HT can be disabled, forcing an 802.11a/b/g/n station to act like
an 802.11a/b/g station.

HT40 can be disabled.

MAX A-MSDU can be disabled.
A-MPDU Factor and A-MPDU Density can be modified.

Please note that these are suggestions to the kernel. Only mac80211
drivers will work at all. The A-MPDU Factor can only be decreased and
the A-MPDU Density can only be increased currently.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-01-29 21:01:31 +02:00
Jouni Malinen
499e7286b0 Remove duplicated TERMINATING event
Now that CTRL-EVENT-TERMINATING even is sent at the end of interface
removal in case wpa_supplicant process is going to terminate, there
is no need for this duplicated event in the signal handler.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-29 20:23:07 +02:00
Dmitry Shmidt
f08115165b Move ctrl_iface deinit into the end of interface deinit
This allows TERMINATING ctrl_iface event to be sent at the end of the
deinit sequence to avoid race conditions with new operations that this
event may trigger while wpa_supplicant would still be running through
the deinitialization path.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-01-29 20:21:07 +02:00
Dmitry Shmidt
2523ff6ea4 Deinit driver before notifying interface has been removed
This avoids issues with some external program starting to use the
interface based on the interface removal event before wpa_supplicant
has completed deinitialization of the driver interface.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-01-29 20:18:48 +02:00
Dmitry Shmidt
df509539d4 Let wpa_supplicant_deinit_iface() know that process is terminating
This will be needed to be able to move ctrl_iface TERMINATING event to
the end of interface removal.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-01-29 20:15:48 +02:00
Eyal Shapira
b3aa456b3e Interleave wildcard and specific SSID scans when max_ssids=1
For drivers limited to scan a single SSID at a time, this prevents
waiting too long for a wildcard scan in case there are several
scan_ssid networks in the configuration.

Signed-hostap: Eyal Shapira <eyal@wizery.com>
2012-01-29 17:39:08 +02:00
Nicolas Cavallari
9e2af29f9b Support fixing the BSSID in IBSS mode
When the "bssid=" option is set for an IBSS network and ap_scan = 2,
ask the driver to fix this BSSID, if possible.

Previously, any "bssid=" option were ignored in IBSS mode when ap_scan=2.

Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
2012-01-28 11:33:47 +02:00
Jouni Malinen
57d38ddf6b Update copyright notices to include year 2012
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-01 18:59:16 +02:00
Jouni Malinen
5fd9fb2772 Remove possible authentication timeout on connection failure
The authentication timeout could be triggered after the connection has
already been known to have failed. The event at that point can be
confusing, so better cancel the timeout when processing connection
failure.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-31 13:25:37 +02:00
Arik Nemtsov
4f73d88afa Maintain internal copy of Probe Response offload capabilities
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-12-10 21:11:32 +02:00
Jouni Malinen
bfba8deb8b Update internal MAC address on EVENT_INTERFACE_ENABLED events
This allows the MAC address of the interface to be changed when the
interface is set down even if the interface does not get completed
removed and re-added.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 13:20:40 +02:00
Johan Hedlund
f98eb880eb Update RSN supplicant MAC address on driver reinitialization
I have a test case where I remove and insert another network adapter
between two connections to AP. The interface get the same interface name
but switches macadresses between the connections. When running WPA2 I
got a failure in EAPOL negotiation and found out that the reason for
this was that the supplicant did not update the MAC address in the
correct place.
2011-12-03 13:02:57 +02:00
Jouni Malinen
0bf927a03e Use wpa_key_mgmt_*() helpers
This cleans up the source code and makes it less likely that new AKM
addition misses some needed changes in the future.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-24 22:47:46 +02:00
Jouni Malinen
39e7d718f6 ndis: Work around lack of C99 designated initializers in MSVC
Use a driver_ndis.c specific initialization function to fill in the
wpa_driver_ops information to make it easier to modify struct
wpa_driver_ops in the future. Being able to build driver_ndis.c
with MSVC was the only reason for having to maintain the same order
of function pointers in struct wpa_driver_ops and for having to
update driver_ndis.c for all changes in that structure.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 18:45:21 +02:00
Jouni Malinen
01a1749156 Fix TKIP countermeasures stopping in deinit paths
The eloop timeout to stop TKIP countermeasures has to be canceled
on deinit path to avoid leaving bogus timeouts behind.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-10-30 12:53:20 +02:00
Arik Nemtsov
c58ab8f249 TDLS: Get TDLS related capabilities from driver
Put glue code in place to propagate TDLS related driver capabilities to
the TDLS state machine.

If the driver doesn't support capabilities, assume TDLS is supported
internally.

When TDLS is explicitly not supported, disable all user facing TDLS
operations.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:15:15 +03:00
Christian Lamparter
6bf731e8ce wpa_supplicant: Unify hardware feature data
The hardware feature data is required in several different places
throughout the code. Previously, the data was acquired and freed on
demand, but with this patch wpa_supplicant will keep a single copy
around at runtime for everyone to use.

Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
2011-10-23 17:21:50 +03:00
Jouni Malinen
7756114f6a Postpone global_init() call until first driver instance is initialized
This avoids allocating global driver state for driver wrappers that
are built in but not used. This can save some resources and avoids
failures with driver_nl80211.c that is now initializing netlink
connections for nl80211 in global_init().
2011-10-23 13:20:52 +03:00
Jouni Malinen
17fbb751e1 Remove user space client MLME
This code was used only with driver_test.c to allow MLME operations
in hostapd to be tested without having to use a real radio. There
are no plans on extending this to any other use than testing and
mac80211_hwsim has now obsoled the need for this type of testing.
As such, we can drop this code from wpa_supplicant to clean up the
implementation of unnecessary complexity.
2011-10-22 22:45:38 +03:00
Dmitry Shmidt
48f8e03622 Prevent ap_scan change during association
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-10-21 19:00:18 +03:00
Jouni Malinen
92cbcf9128 Add Extended Capability element to AssocReq for Interworking
If Interworking is enabled, add Extended Capability element to
(Re)Association Request frames to indicate support for Interworking.
2011-10-16 23:55:34 +03:00
Luciano Coelho
6a90053cdf Add delayed scheduled scan request
When initializing, the scheduled scan code was being called before
everything is ready. With normal scans, the first scan round is
delayed, so the initialization is finished by the time it really
starts.

Add a function that can be used to request a delayed scheduled scan.
The scan will only start after the specified time has elapsed. Call
this function instead of starting the scheduled scan directly during
driver initialization.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:14 +03:00
Luciano Coelho
b59e6f267b Add filter support to scheduled scans
Pass SSIDs to be matched in scheduled scan results. Only the SSIDs
that are included in the match lists will be reported by the driver,
so the filtering can be offloaded to the hardware and the power
consumption can be reduced.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:14 +03:00
Luciano Coelho
a4cba8f1e2 Use sched_scan in driver init
This patch uses sched_scan, if available, when the driver is
initialized. It also adds a couple of cancel operations where
appropriate.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Luciano Coelho
cbdf3507e9 Add scheduled scan driver operations
In new Linux kernel versions (>=3.0), nl80211 adds scheduled scan
capability. In order to use this feature to its full extent, we need
to support it in the wpa_supplicant core, so that it can also be used
by other drivers.

This commit adds initial scheduled scan support operations and events.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Jithu Jance
2a6f78fbbe Do not re-associate on SELECT_NETWORK to current network
Signed-off-by: Jithu Jance <jithu@broadcom.com>
2011-10-02 13:12:43 +03:00
Zhi Chen
7d232e23e2 Allow wildcard SSID to be used with WPA-PSK if bssid is set
This allows the AP to be selected based on the BSSID when WPA-PSK
is used with a passphrase. The PSK will be derived from the passphrase
after the SSID has been learned from scan results.
2011-09-30 22:05:44 +03:00
Jouni Malinen
24f6497c34 GAS: Use off-channel operations for requests
This separates off-channel Action frame TX/RX from P2P into a generic
implementation that can now be used both for P2P and GAS needs.
2011-09-29 22:19:51 +03:00
Jouni Malinen
04ea7b7947 GAS: Add a generic GAS query module
This implements GAS request mechanism that is aimed at being used to
replace use case specific GAS/ANQP implementations in the future.
Compared to the earlier implementation in P2P SD, this implementation
includes support for multiple concurrent requests and more thorough
validation of frames against the pending query data.

GAS header processing, including comeback and reassembly, are handled
within gas_query.c and the users of this module will only need to
provide the Query Request and process the (possibly reassembled)
Query Response.
2011-09-29 22:19:15 +03:00
Jouni Malinen
0096c42740 Do not enable bgscan when driver takes care of BSS selection
There is no need to request periodic bgscans when the driver claims
to have capability for roaming within ESS. Ignoring the bgscan
configuration allows the same configuration file to be used both
with drivers the handle roaming and with drivers that don't.
2011-09-26 15:17:01 +03:00
Jouni Malinen
22628eca34 Support driver-based BSS selection in ap_scan=1 mode
If the driver indicates that it supports BSS selection (including
roaming within an ESS) with WPA_DRIVER_FLAGS_BSS_SELECTION, modify
ap_scan=1 mode to behave like ap_scan=2 mode for BSS selection.

The initial scan is still done to avoid the need for strict
configuration of or security parameters (e.g., to figure out whether
TKIP or CCMP is being used as the group cipher). However, when
requesting the driver to connect, the bssid and freq parameters are
not provided to leave the driver in control of selecting which BSS
to use and to allow the driver to decide when to roam.
2011-09-26 14:57:23 +03:00
Edward Lu
cf546f1a03 Make sure wpa_proto gets cleared for WPS and non-WPA connections
This is needed to fix the wpa_proto association parameter for drivers
that select AP based on security parameters internally.
2011-09-08 17:51:08 +03:00
Jouni Malinen
d8a790b922 Flush PMKSA cache entries and invalidate EAP state on network changes
If a network configuration block is removed or modified, flush
all PMKSA cache entries that were created using that network
configuration. Similarly, invalidate EAP state (fast re-auth).

The special case for OKC on wpa_supplicant reconfiguration
(network_ctx pointer change) is now addressed as part of the
PMKSA cache flushing, so it does not need a separate mechanism
for clearing the network_ctx values in the PMKSA cache.
2011-09-07 17:46:00 +03:00
Jouni Malinen
64fa840a97 nl80211: Fix WPA_VERSIONS attribute for Connect command
The previous code was trying to figure out which WPA version is
used based on the extra IEs requested for Association Request. That
did not work properly in cases where non-WPA networks are used with
some extra IEs. Fix this by using more robust mechanism for passing
the WPA versions from core wpa_supplicant to the driver_ops
associate().
2011-09-02 20:40:23 +03:00
Jouni Malinen
ffad885837 P2P: Set p2p auth/assoc parameter based on connection type
Fix the previous code that was hardcoding the p2p parameter based
on the driver P2P capability regardless of whether the connection
was really used for P2P or not.
2011-07-17 20:52:49 +03:00
Jouni Malinen
7b7ce8aa13 Deauthenticate on reconfiguration
This makes sure that the old connection is not maintained if the new
configuration does not allow it anymore. In addition, it is better to
use wpa_supplicant_clear_connection() instead of just clearing
wpa_s->current_ssid here to keep things in sync.
2011-07-16 16:57:11 +03:00
Jouni Malinen
7dcdcfd68d P2P: Start GO without extra scan step
There are some corner cases, where the wpa_supplicant_req_scan() call
may end up scheduling a scan even if we are about to start a GO. Avoid
this by explicitly marking the GO network to be selected for the next
connection.
2011-06-21 11:47:03 +03:00
Jouni Malinen
38e24575c1 random: Add support for maintaining internal entropy store over restarts
This can be used to avoid rejection of first two 4-way handshakes every
time hostapd (or wpa_supplicant in AP/IBSS mode) is restarted. A new
command line parameter, -e, can now be used to specify an entropy file
that will be used to maintain the needed state.
2011-05-31 20:07:11 +03:00