Commit graph

2730 commits

Author SHA1 Message Date
Jouni Malinen
b7fb98f072 Interworking: Fix already-connected check to verify network priority
Commit d28f4e44f1 optimized Interworking
network selection in a case where the operation is run while already
connected to the selected network by skipping the reconnection. However,
this did not take into account that a higher priority network may have
shown up in the new scan results.

Fix this by checking whether network selection based on the latest scan
results (the ones from the interworking_select operation) would result
in a network with higher priority being selected. If so, skip the
optimization and force normal network connection (which will select this
newly found higher priority network). This fixes cases where a
non-Hotspot 2.0 network with higher priority (e.g., home network) shows
up while connected to a Hotspot 2.0 network with lower priority.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-27 14:06:23 +02:00
Jouni Malinen
7c373ac267 Interworking: Fix last-network preference to not override priority
Commit 3d910ef497 tried to make
last-network selection behave more consistently with Interworking
network selection preferences. However, it did not take into account
that other network block may have higher priority. In such cases, the
last added network from Interworking network selection should actually
not be selected for the next connection. Fix this by limiting the
last-network preference to work only within a priority class.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-27 13:47:23 +02:00
Jouni Malinen
f54e92433e HS 2.0R2: Fix req_conn_capab example
Protocol field needs to be separated properly from te port number list.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-27 00:43:58 +02:00
Jouni Malinen
a6739e191e HS 2.0R2: Try to scan multiple times for OSU providers
Scan operation is not that reliable, so try couple of times if no
OSU provider matches are found during fetch_osu command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
cf6d08a63f Interworking: Add OCSP parameter to the cred block
This new parameter can be used to configure credentials to mandate use
of OCSP stapling for AAA server authentication.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
6402f2fe40 Interworking: Add more debug info on roaming partner preferences
This can be useful in debugging selection of roaming partner preference.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
74794891c7 Interworking: Add sp_priority cred parameter
This new priority parameter can be used to specify priorities between
credentials provisioned by the same SP. cred->priority is checked first
and if it is same and the provisioning_sp parameter matches, the new
sp_priority is used to order the credentials. It should be noted that
the order of priorities is different (higher 'priority' value indicates
higher priority of the credential, while higher 'sp_priority' indicates
lower priority of the credential).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
751ac99768 Interworking: Use a helper function to compare cred priority
This makes it easier to extend credential priority comparison beyond a
single priority variable.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
aff419f56a Interworking: Remove separate credential priority tracking
There is no need to keep the separate local variable for tracking the
highest selected priority since we track a pointer to the selected
credential with that information.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
533536d82a HS 2.0R2: Disable full ESS for as a workaround for per-BSS issues
For now, disable full ESS since some drivers may not support disabling
per BSS.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
8a77f1be86 HS 2.0R2: Slow down connection attempts on EAP failures
This is needed to limit the number of consecutive authentication
attempts to no more than 10 within a 10-minute interval to avoid
unnecessary load on the authentication server. In addition, use a random
component in the delay to avoid multiple stations hitting the same
timing in case of simultaneous disconnection from the network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
76a55a8e12 HS 2.0R2: Add more debug to network selection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
8b4b9fb384 HS 2.0R2: Fix bandwidth policy BSS selection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
28f2a7c407 HS 2.0R2: Allow excluded network to be selected based on user override
Move excluded SSID filtering step to the end of credential validation
process and return list of BSSes that would otherwise have matching
credentials, but have an excluded SSID. Automatic network selection will
not select such a network, but interworking_connect command can be used
to pick excluded networks.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
33fb8c526c HS 2.0R2: Add support for Policy/RequiredProtoPortTuple
The new credential parameter req_conn_capab can be used to specify
restrictions on roaming networks providing connectivity for a set of
protocols/ports.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
a45b2dc5dc HS 2.0R2: Add support for Policy/MaximumBSSLoadValue
The new credential parameter max_bss_load can be used to specify
restrictions on BSS Load in the home network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
4cad9df15a HS 2.0R2: Add support for Policy/MinBackhaulThreshold
The new credential parameters min_{dl,ul}_bandwidth_{home,roaming} can
be used to specify restrictions on available backhaul bandwidth.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
aa26ba68b4 HS 2.0R2: Add tracking of provisioning SP
The new provisioning_sp cred field can now be used to track which SP
provisioned the credential. This makes it easier to find the matching
PPS MO from the management tree (./Wi-Fi/<provisioning_sp>).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
8e5fdfabf6 HS 2.0R2: Add WFA server-only EAP-TLS peer method
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
df0f01d91f HS 2.0R2: Add OSEN client implementation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
a5d75636f9 HS 2.0R2: Add common OSEN definitions
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
230e373539 HS 2.0R2: Add GAS operation duration statistics into debug
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
b572df8650 HS 2.0R2: Add routine for fetching OSU provider information
The new wpa_cli fetch_osu command can be used to fetch information about
all OSU providers and write that to a text file with the icons in
separate files. cancel_osu_fetch command can be used to stop ongoing OSU
provider list fetch.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
1d2215fc67 HS 2.0R2: Add OSU Providers list ANQP element
wpa_supplicant can now request OSU Providers list with "hs20_anqp_get
<BSSID> 8".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
184e110caf HS 2.0R2: Add Icon Request and Icon binary File ANQP elements
wpa_supplicant can request OSU icon data with "hs20_icon_request <BSSID>
<icon filename>". This transmits an Icon Request ANQP element and
processes the response in Icon Binary File ANQP elements.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
7ef6947993 HS 2.0R2: Add STA support for Deauthentication Request notification
If requested, disable the network based on the HS 2.0 deauthentication
request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
95a3ea9426 HS 2.0R2: Add WNM-Notification Request for Subscription Remediation
Subscription remediation notification WNM-Notification Request is now
shown in the following way in wpa_supplicant control interface:
<3>HS20-SUBSCRIPTION-REMEDIATION http://example.com/foo/

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
f9cd147d6b HS 2.0R2: Update Indication element to Release 2
The HS 2.0 Indication element from wpa_supplicant now includes the
release number field and wpa_supplicant shows the release number of the
AP in STATUS command (hs20=1 replaced with hs20=<release>).

The new update_identifier field in the cred block can now be used to
configure the PPS MO ID so that wpa_supplicant adds it to the Indication
element in Association Request frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
bc00053c9d Interworking: Allow roaming partner configuration
The new roaming_partner parameter within a cred block can be used to
configure priorities for roaming partners.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
2c49d04cdb Do not clear global pmf setting on FLUSH
This parameter was actually used in some testing cases in a way that did
not really work well with the FLUSH command ending up disabling PMF.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
eef7235da1 Only try fast reconnect if network is not disabled
Previously, it would have been possible for the network to be marked
disabled and that marking to be ignored if a recoverable disconnection
reason event were processed. Avoid this by verifying network status
before trying to reconenct back to the same BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 23:52:09 +02:00
Jouni Malinen
3d910ef497 Interworking: Prefer last added network during network selection
Previously, any network block could be used to select the BSS to connect
to when processing scan results after Interworking network selection.
This can result in somewhat unexpected network selection in cases where
credential preferences indicated that a specific network was selected,
but another network ended up getting used for the connection. While the
older networks continue to be valid, add special processing for this
initial post-interworking-connect case to get more consistent network
selection to match with the Interworking network selection result.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 22:37:57 +02:00
Jouni Malinen
da60d9c1ca tests: Add module tests for blacklist to complete coverage
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 20:16:28 +02:00
Jouni Malinen
2a33687ec7 P2P: Remove unnecessary ifdef CONFIG_NO_CONFIG_WRITE
wpa_config_write() is defined as a dummy function even if actual
operation to write the configuration file are commented out from the
build. This cleans up the code a bit and removed a compiler warning on
set-only variable.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 19:31:16 +02:00
Purushottam Kushwaha
050d8b5cc7 Fix documentation for wpa_supplicant_global_ctrl_iface_process()
This fixes a copy-paste error in the function name in
wpa_supplicant_global_ctrl_iface_process() documentation.

Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
2014-02-25 16:53:57 +02:00
Janusz Dziedzic
4db216fcf7 wpa_supplicant: Add support for IPv6 with UDP ctrl_iface
Add IPv6 support when using udp/udp-remote control interface using the
following new build configuration options:

CONFIG_CTRL_IFACE=udp6
CONFIG_CTRL_IFACE=udp6-remote

This is useful for testing, while we don't need to assign IPv4 address
(static or using DHCP) and can just use auto configured IPv6 addresses
(link local, which is based on the MAC address). Also add scope id
support for link local case.

For example,
./wpa_cli
./wpa_cli -i ::1,9877
./wpa_cli -i fe80::203:7fff:fe05:69%wlan0,9877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-02-25 16:43:01 +02:00
Jouni Malinen
f0e30c8410 Do not start another connect work while one is pending
It was possible for the connect or sme-connect radio work to get
re-scheduled while an earlier request was still pending, e.g.,
select_network is issued at the moment a scan radio work is in progress
and the old scan results are recent enough for starting the connection.
This could result in unexpected attempt to re-associate immediately
after completing the first connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-24 15:22:35 +02:00
Jouni Malinen
3cdcb3a4b3 tests: Add module tests for WPS attribute parsing
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-21 13:41:30 +02:00
Jouni Malinen
ea449b5bfe tests: Add a module test integration to hwsim tests
CONFIG_MODULE_TESTS=y build option can now be used to build in module
tests into hostapd and wpa_supplicant binaries. These test cases will be
used to get better testing coverage for various details that are
difficult to test otherwise through the control interface control. A
single control interface command is used to executed these tests within
the hwsim test framework. This commit adds just the new mechanism, but no
module tests are yet integrated into this mechanism.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-21 13:08:08 +02:00
Jouni Malinen
211d7ab3d8 P2P: Add even more debug prints for Probe Request in non-Listen state
It looks like discovery_dev_id test case can still fail and based on the
previously added debug prints, this is happening since the P2P module
believes it is not in Listen state even when a P2P_LISTEN was issued.
p2p_listen_cb() did not get called on remain-on-channel event for some
reason, so lets add more debug to find out why this can happen.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-20 16:59:29 +02:00
Roger Zanoni
848905b12a Avoid undefined references with CONFIG_WPA_TRACE_BFD=y
libdl, libiberty, and libzlib are dependencies for libbfd.

Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
2014-02-20 16:32:26 +02:00
Jithu Jance
f667e031c9 P2P: Address few issues seen with P2P SD
Suppose we have multiple peers and we have peers advertising SD
capability, but no services registered for advertising. In this case,
even if there are multiple broadcast queries set, we might end up
sending only the lastly added broadcast query to the same device (since
SD_INFO won't get set for the first broadcast query). Add support for
multiple wildcard queries to be tracked to enable this type of use
case.

Some times it is seen that before advancing to next device in the list,
the scan results come and update SD_SCHEDULE flag. This will result in
sending the already sent query to the same device without giving chance
to other devices. This issue again is seen with peer devices advertising
SD capability without any services registered.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-02-20 16:32:12 +02:00
Dmitry Shmidt
e9a6f18385 TLS: Add tls_disable_tlsv1_1 and tls_disable_tlsv1_2 phase1 params
These can be used to disable TLSv1.1 and TLSv1.2 as a workaround for AAA
servers that have issues interoperating with newer TLS versions.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-02-20 15:28:57 +02:00
Dmitry Shmidt
ac494fcce4 Android: Use external libnl 2.0 dynamic library
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-02-19 14:10:12 +02:00
Roger Zanoni
b7cac41254 Fix hostapd and wpa_supplicant build with binutils >= 2.24.x
Using binutils >= 2.24.x and setting
CONFIG_WPA_TRACE/CONFIG_WPA_TRACE_BDF causes both builds to fail with
"#error config.h must be included before this header" message.

Since version 2.24.x, the bfd header checks for PACKAGE and
PACKAGE_VERSION macros.

As suggested in http://sourceware.org/bugzilla/show_bug.cgi?id=14243
projects that use bfd and don't use autotools should define a PACKAGE
macro.

Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
2014-02-19 14:10:12 +02:00
Jouni Malinen
94a3df500f P2P: Enable U-APSD support on GO automatically
Since P2P specification mandates P2P GO to support WMM-PS with legacy
STAs, enable this automatically if the driver indicates support for
U-APSD in AP mode. The "P2P_SET go_apsd 0" command can still be used to
disable this if needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-17 13:15:29 +02:00
Andrei Otcheretianski
b3253ebb73 wpa_supplicant: Complete radio works on disable event
While testing rfkill blocking of a scanning interface, it
was seen that the ongoing scan never completes. This happens
since EVENT_SCAN_RESULTS is discarded on a disabled interface.

Fix this and also other possible radio work completion issues
by removing all the radio works (including started) of the
disabled interface.

To be able to remove already started radio works, make their
callbacks be reentrant with deinit flag (when the work
is started), so each radio work should be able to handle
its own termination.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-02-16 00:06:23 +02:00
Jouni Malinen
2dff9e87b9 Remove unused NFC_RX_HANDOVER_REQ
The more generic NFC_REPORT_HANDOVER is now used to report completed NFC
connection handover operations in either role and NFC_RX_HANDOVER_REQ
did not have any implementation within wpa_supplicant.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 11:22:26 +02:00
Jouni Malinen
7ae7a84eef NFC: Workaround nfcpy message debug exception
The current nfcpy version does not support new WSC connection handover
message format and the handover server fails to process the request due
to a debug print. As a temporary workaround, override
HandoverServer::_process_request() with a version that avoids pretty()
print of the handover messages. This can be removed once nfcpy has been
updated to support the new format.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-13 16:37:43 +02:00
Max Stepanov
cbf21c7cb5 P2P: Avoid compiler warning in p2p_supplicant.c
Initialize flag variable explicitly to avoid [-Wmaybeuninitialized]
compiler warning in wpas_p2p_verify_channel().

Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
2014-02-13 15:46:37 +02:00
Eytan Lifshitz
5e6aa04b09 wpa_supplicant: Fix memory leak in wfd_subelems error path
Memory allocated by calling function ieee802_11_vendor_ie_concat()
was not freed on an error path int ctrl_iface BSS command.

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
2014-02-13 15:41:15 +02:00
Jouni Malinen
88853aedf6 Fix CONFIG_WPS_NFC=y build without CONFIG_P2P=y
Some of the control interface operations for P2P were not properly
protected with #ifdef CONFIG_P2P.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-13 15:29:09 +02:00
Dmitry Shmidt
7ac7fd43aa Add bssid/freq hint for driver-based BSS selection
This uses the new nl80211 attributes to allow the connect command to
provide bssid and freq hints to the driver without limiting roaming to
the specific BSS/frequency. This can be used by drivers that perform
internal BSS selection (WPA_DRIVER_FLAGS_BSS_SELECTION) as a candidate
for initial association.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-02-13 15:14:18 +02:00
Jouni Malinen
d6bfaaac69 NFC: Add summary and success file options for nfcpy scripts
These can be used to get updates on NFC operation status and success for
external programs.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-12 16:44:05 +02:00
Jouni Malinen
25cfc6f11e P2P NFC: Add p2p-nfc.py --handover-only option
p2p-nfc.py allowed an NFC Tag to be read and reported to wpa_supplicant
even in cases where it was explicitly asked to initiate negotiated
connection handover and return after completing this operation. The new
command line argument can be used to disable NFC Tag read operations
when a negotiated connection handover is expected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-12 12:45:07 +02:00
Jouni Malinen
7bea076458 P2P NFC: Clean up p2p-nfc.py error handling
If wpa_supplicant reports a failure when trying to generate a handover
request, detect that before trying to decode the response as a hex
string.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-11 19:33:43 +02:00
Mahesh A Saptasagar
062a7c0d67 Fix persistent P2P connection failure in case channel list changes
P2P persistent connection may fail due to 802.11d channel change event
invalidating support of the operating frequency sent in the invitation
request, before receiving the invitation response. If the operating
frequency is invalid at the time the invitation response is processed
and there is no forced frequency provided by user, allow frequency
re-selection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-07 15:44:41 +02:00
Dmitry Shmidt
0547124d47 wpa_supplicant: Add DFS indicator to get_capability freq
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-02-06 16:13:10 +02:00
Jouni Malinen
bab6677a31 Handle Wi-Fi Display commands more carefully if P2P is disabled
If P2P was disabled (e.g., due to driver not supporting it or through
p2p_disabled=1 configuration), setting Wi-Fi Display parameters could
result in segmentation fault when the WFD IE is updated without the P2P
module being initialized. Fix this by skipping the update if P2P module
is not in use. In addition, show Wi-Fi Display as disabled in "GET
wifi_display" and refuse to enable it with "SET wifi_display 1" if P2P
is not enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-06 16:03:42 +02:00
Jouni Malinen
94ff22ea08 Remove dead code from AP setup
wpa_supplicant_create_ap() is only called for AP mode, so there is no
point in trying to address station (infra/IBSS) modes.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-04 13:23:35 +02:00
Jouni Malinen
0b5ff2ae12 WPS: Remove unused Credential AP Channel processing
Commit bd3a373767 added a mechanism to use
AP Channel attribute from within a Credential attribute to optimize
scans. However, this design is not actually used with the WPS NFC use
cases. With configuration token, the AP Channel attribute is in the same
container with the Credential attribute (and that was also handled in
the previous implementation). With connection handover, AP Channel
information is outside the Credential attribute as well.

Simplify implementation by removing the AP Channel within Credential
case. This allows wpas_wps_use_cred() to get the AP Channel from the
container instead of having to find this during credential iteration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-04 13:23:35 +02:00
Jouni Malinen
44f967c729 Update ChangeLog files to match current implementation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-04 13:23:35 +02:00
Prashanth Kumar
1b56d398a7 wpa_supplicant: Fix misplaced os_free
os_free has wfd_dev_info_hex as an argument which is defined within
CONFIG_NO_STDOUT_DEBUG

Signed-hostap: Prashanth Kumar <prashanthkumar.kr@globaledgesoft.com>
2014-02-03 19:35:09 +02:00
Jouni Malinen
d950477913 Fix authentication algorithm negotiation in SME code
Commit 6ac4b15ef8 (wpa_radio work for
connection) caused a regression for cases where multiple auth_alg values
are set in a network block and wpa_supplicant-based SME is supposed to
iterate through them. The connection radio work was not terminated when
receiving authentication failure and this resulted in the following
authentication attempt failing.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-03 19:34:33 +02:00
Eytan Lifshitz
04c366cb1d Fix memory leaks and wrong memory access
1. In wpa_config_process_bgscan() fix memory leak after
   calling wpa_config_parse_string()
2. In hostapd_config_defaults(), on failure to allocate bss->radius,
   conf->bss was not freed.
3. In p2p_deauth_nofif(), memory allocated in p2p_parse_ies() was not
   freed in case of NULL minor_reason_code.
4. In p2p_disassoc_nofif(), memory allocated in p2p_parse_ies() was
   not freed in case of NULL minor_reason_code.
5. In p2p_process_go_neg_conf(), memory allocated was not freed in
   case that the P2P Device interface was not waiting for a
   GO Negotiation Confirm.
6. In wpa_set_pkcs11_engine_and_module_path(), the wrong pointer was
   checked.

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
2014-01-30 14:01:31 +02:00
Eytan Lifshitz
fd67275b85 wpa_supplicant: Fix wrong size memory allocation
Fix memory allocation in wpa_scan_clone_params(), where the
allocation request used the size of a pointer rather than the
size of the structure.

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
2014-01-30 13:59:29 +02:00
Naresh Jayaram
4701f379f0 wpa_cli: Add tdls_external_control to tab completion for SET
This global configuration parameter was added in commit
800d58721c but the tab completion list for
the wpa_cli SET command in interactive mode was not updated.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-30 13:10:29 +02:00
Jouni Malinen
2e98839243 P2P: Disable DNS server from dnsmasq
This avoids issues with multiple instances of dnsmasq running, e.g.,
with one on eth0 and the other one for the P2P group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:14 +02:00
Jouni Malinen
c07f2615a0 P2P NFC: Add script for connection handover with nfcpy
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:14 +02:00
Jouni Malinen
12288d848c WPS NFC: Protect nfcpy pretty print calls against exceptions
nfcpy does not yet support all the new message formats, so some of the
pretty() calls can result in exceptions.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:14 +02:00
Jouni Malinen
c209dd1108 WPS NFC: nfcpy script to use new connection handover design
Fetch a carrier record from wpa_supplicant instead of full handover
request. This makes it easier for external programs to build handover
request messages with multiple alternative carriers.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:14 +02:00
Jouni Malinen
6202500f6f WPS NFC: Logging level configuration to wps-nfc.py and wps-ap-nfc.py
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:13 +02:00
Jouni Malinen
1f1b5b31d7 WPS NFC: Clean up nfcpy script no-wait operations
This allows the scripts to terminate at proper point with --no-wait.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:13 +02:00
Jouni Malinen
79ede5a7e6 WPS NFC: Validate ctrl_iface response before decoding it
If the operation fails for any reason ("FAIL" response), it is cleaner
to return error clearly instead of hitting an exception in the hex
decoder.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:13 +02:00
Jouni Malinen
ab1db08c05 WPS NFC: Use argparse in the nfcpy scripts
This cleans up command line parsing and simplifies the commands.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:13 +02:00
Jouni Malinen
6f8fa6e552 WPS NFC: Update wps-nfc.py and wps-ap-nfc.py to use new nfcpy API
This moves many of the peer discovery operations into the core nfcpy.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:13 +02:00
Jouni Malinen
b56f6c8869 P2P NFC: Add support for freq option in NFC ctrl_iface commands
This can be used to force an operating channel for P2P group formation
triggered by NFC operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
91a65018d8 WPS NFC: Use BSSID and AP Channel from handover select
These optional attributes, if present, can be used to speed up the
initial connection by using a single channel scan.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
91226e0d12 WPS: Add testing option to corrupt public key hash
If CONFIG_WPS_TESTING=y is enabled in build configuration, the new
wps_corrupt_pkhash parameter (similar to wps_testing_dummy_cred) can be
used to request public key hash to be corrupted in all generated OOB
Device Password attributes. This can be used for testing purposes to
validate public key hash validation steps.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
73127764fe WPS NFC: add more debug prints for connection handover report
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
5cd4f66095 WPS NFC: Use AP Channel information from credential container
This allows NFC Configuration Token to indicate the current AP operating
channel, so that a single channel scan can be used to speed up the
initial connection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
5cd4740580 P2P NFC: WPA state machine config with driver-based BSS selection
wpa_s->current_bss was updated too late for the
wpa_supplicant_rsn_supp_set_config() call within
wpa_supplicant_select_config(). Re-order code so that current_bss gets
updated between current_ssid update and this call to set the WPA state
machine configuration, so that the new code that determines whether the
current GO support the new IP address assignment mechanism works.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
8e9f53c367 P2P NFC: Static handover with NFC Tag on client
This adds a new P2P Invitation mechanism to invite a P2P Device with an
NFC Tag to an already operating group when the GO with NFC Device reads
the NFC Tag. The P2P Device with the NFC Tag will then accept invitation
and connect to the group automatically using its OOB Device Password.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
dd87677115 P2P NFC: Enable own NFC Tag on GO Registrar
When "P2P_SET nfc_tag 1" is used to enable the own NFC Tag for P2P, also
enable it for any running GO interface.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
abe44e3ca2 P2P NFC: Add GO info into handover message when in client role
P2P Group ID can optionally be included in the connection handover
messages when acting as a P2P Client in a group. Add this information
and show it in the P2P-NFC-PEER-CLIENT event message.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
23318bea94 P2P NFC: Optimize join-a-group operation based on NFC information
When the NFC connection handover message received from a peer indicates
that the peer is operating as a GO on a specific channel, use that
information to avoid having to go through full scan. In addition, skip
the separate join-a-group scan since we already know the operating
channel, GO P2P Device Address, and SSID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
86e320819c P2P NFC: Copy DH parameters to a separate group interface
The DH public and private key needs to be copied for the separate group
interface if that is used for a P2P group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
d4b4d7fe3c WPS NFC: Update DH keys for ER operations
Since wpa_s->conf->wps_nfc_dh_* parameters can be set in number of code
paths, update the wps_context copy of the DH keys even if no new keys
were generated for the request. This tries to avoid some cases where
public key hash may not have matched the public key used in the ER
operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
59b45d1afe P2P NFC: Add processing of P2P client while NFC handover case
Instead of automatically triggering a connection, provide an indication
of one of the devices being a P2P client to upper layers to allow user
to determine what to do next.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
74df9ecd4a P2P NFC: Do not try to join peer if both devices are already GO
Send a P2P-NFC-BOTH-GO event to upper layers to determine what to
do in case both devices going through NFC connection handover are
already operating as a GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
201b0f5fa6 P2P: Add test option to disable IP address assignment request
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
25ef8529c1 P2P: Add support for IP address assignment in 4-way handshake
This new mechanism allows P2P Client to request an IPv4 address from the
GO as part of the 4-way handshake to avoid use of DHCP exchange after
4-way handshake. If the new mechanism is used, the assigned IP address
is shown in the P2P-GROUP-STARTED event on the client side with
following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP
address is included in the AP-STA-CONNECTED event on the GO side as a
new ip_addr parameter. The IP address is valid for the duration of the
association.

The IP address pool for this new mechanism is configured as global
wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask,
ip_addr_star, ip_addr_end. For example:

ip_addr_go=192.168.42.1
ip_addr_mask=255.255.255.0
ip_addr_start=192.168.42.2
ip_addr_end=192.168.42.100

DHCP mechanism is expected to be enabled at the same time to support P2P
Devices that do not use the new mechanism. The easiest way of managing
the IP addresses is by splitting the IP address range into two parts and
assign a separate range for wpa_supplicant and DHCP server.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:26 +02:00
Jouni Malinen
c4f87a701b P2P NFC: Add NFC tag enabling for static handover
The device with the NFC Tag can be configured to enable NFC to be used
with "P2P_SET nfc_tag 1" and "P2P_LISTEN" commands to allow static
handover to be used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
dd37a93884 P2P NFC: Report handover select from tag for static handover
WPS_NFC_TAG_READ can be used to report static connection handover where
the connection handover select message was read from an NFC tag.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
db6ae69e6b P2P NFC: Report connection handover as trigger for P2P
"NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to
report completed NFC negotiated connection handover in which the P2P
alternative carrier was selected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
9358878055 P2P NFC: Build connection handover messages
"NFC_GET_HANDOVER_{REQ,SEL} NDEF P2P-CR" can now be used to build P2P
alternative carrier record for NFC connection handover request/select
messages.

Static connection handover case can be enabled by configuring the DH
parameters (either with wps_nfc_* configuration parameters or with
WPS_NFC_TOKEN command at run time. The NFC Tag contents can be generated
with "NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG" after having configured
Listen channel (p2p_listen_reg_class/p2p_listen_channel).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
ab9e34426f P2P NFC: Pass OOB Device Password ID to P2P
GO Negotiation needs to know which OOB Device Password ID is assigned
for the peer when NFC is used as the trigger.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
50d1f8901c NFC: Update WPS ER to use the new connection handover design
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
d95079361b WPS NFC: Add support for wpa_supplicant AP/GO mode to use handover
New functionality is needed for this with the update NFC connection
handover design that depends on the AP side using the public key hash
from the handover request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
fa4c2988ae WPS NFC: Process new style handover select
The new WPS connection handover select includes Registrar public key
hash instead of credential. Use the new information to start
abbreviated WPS handshake instead of configuring a new network directly
from the old Credential-from-NFC design.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
41f9ffb635 WPS NFC: Build new style carrier record for connection handover request
It is more useful to be able to build a single NFC carrier record
instead of the full connection handover request message to allow
external components to decide whether to negotiate which alternative
carrier is used. This updates the carrier record contents to the new
design to include Enrollee public key hash and provides this as a
carrier record instead of full message. An external program is expected
to be used to build the full NFC connection handover message with
potentially other alternative carrier records included.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
57630e658b WPS: Preparations for allowing SSID filtering for provisioning step
If the SSID of the WPS AP is known, it should be possible to limit AP
selection based on this when searching for an active WPS AP. This commit
adds a mechanism to specify SSID for this type of uses.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
5f4545573f WPS NFC: Validate peer public key hash on Enrollee
Since the Enrollee can now get the public key hash from the Registrar,
there is need to validate this during the WPS protocol run.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
ea43ad960b P2P: Make group operating channel available
Provide local GO channel to the P2P module so that it can be used in
messages that indicate the current operating channel.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Arif Hussain
253f2e3795 P2P: Apply unsafe frequency rules to available channels
This adds a QCA vendor specific nl80211 event to allow the driver to
indicate a list of frequency ranges that should be avoided due to
interference or possible known co-existance constraints. Such
frequencies are marked as not allowed for P2P use to force groups to be
formed on different channels.

If a P2P GO is operating on a channel that the driver recommended not to
use, a notification about this is sent on the control interface and
upper layer code may decide to tear down the group and optionally
restart it on another channel. As a TODO item, this could also be changed
to use CSA to avoid removing the group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 11:49:05 +02:00
Jouni Malinen
8615bdfac9 Increase global ctrl_iface buffer to same size as per-interface
Since the global ctrl_iface can be used with IFNAME= prefix to send
commands to be processed by per-interface code, it should have the same
(well, close to same since the prefix takes some space) limits on
command length as the per-interface ctrl_iface. Increase the buffer from
256 to 4096 to achieve this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 16:57:15 +02:00
Jouni Malinen
c5a64e2d51 GAS client: Use Protected Dual of Public Action frames with PMF
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Conver Public Action
GAS queries to use Dual of Public Action frame if PMF has been
negotiated with the AP to which the frame is being sent.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 11:50:28 +02:00
Jouni Malinen
5ce00d09c0 GAS server: Add support for Protected Dual of Public Action frames
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Add support for this
different category of Action frames being used for GAS. The payload
after the Category field is identical, so the only change is in using
the Category field based on what was received in the request frames. For
backwards compatibility, do not enforce protected dual to be used on the
AP side, i.e., follow what the station does.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 11:19:55 +02:00
Jouni Malinen
ea6e040c30 Clear more configuration parameters to default on FLUSH
This makes it more convenient for test scripts to change parameters for
a specific test case without having to separately clear them between
each test case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 10:21:49 +02:00
Raja Mani
cf70d2981d wpa_supplicant: Schedule PNO on completion of ongoing sched_scan
When start PNO request comes from control interface, wpa_supplicant
should wait until ongoing sched_scan (triggered by wpa_supplicant)
gets cancelled. Issuing cancel sched_scan and start PNO scan
one after another from pno_start() would lead wpa_supplicant to clear
wps->sched_scanning flag while getting sched_scan stopped event
from driver for cancel sched_scan request. In fact, PNO scan will
be in progress in driver and wpa_s->sched_scanning will not be set
in such cases.

In addition to this change, RSSI threshold limit is passed as part of
start sched_scan request. This was previously set only in pno_start(),
but the same parameter should be available for generic sched_scan calls
as well and this can now be reached through the new PNO start sequence.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-22 19:41:45 +02:00
Max Stepanov
a6cff8bfa8 wpa_supplicant: Fix seg fault in wpas_ctrl_radio_work_flush() in error case
Verify wpa_s->radio pointer before accessing it. If interface addition
fails, this could get called before wpa_s->radio has been set.

The segmentation fault details:

Program received signal SIGSEGV, Segmentation fault.
0x00000000004b9591 in wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
5754		dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,

Call stack:
0  wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
1  wpa_supplicant_deinit_iface (wpa_s=0x77fff0, notify=0, terminate=0) at wpa_supplicant.c:3619
2  wpa_supplicant_add_iface (global=0x75db10, iface=0x7fffffffe270) at wpa_supplicant.c:3691
3  wpas_p2p_add_p2pdev_interface (wpa_s=0x75dd20) at p2p_supplicant.c:3700
4  main (argc=<optimized out>, argv=<optimized out>) at main.c:317

Function:
5750	void wpas_ctrl_radio_work_flush(struct wpa_supplicant *wpa_s)
5751	{
5752		struct wpa_radio_work *work, *tmp;
5753
5754		dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,
5755				      struct wpa_radio_work, list) {
5756			struct wpa_external_work *ework;
5757
5758			if (os_strncmp(work->type, "ext:", 4) != 0)

Root cause:
(gdb) p wpa_s->radio
$1 = (struct wpa_radio *) 0x0

Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
2014-01-22 19:25:22 +02:00
David Spinadel
f62a3c2fce P2P: Clone dtim_period to a new interface
Cloning dtim_period is needed for P2P GO.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
2014-01-22 19:24:41 +02:00
Jouni Malinen
88a0bcab6b Update copyright years in the manpages
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-21 16:33:25 +02:00
Dan Winship
32185f541c Sync manpages and command-line options
Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-01-21 16:31:50 +02:00
Dan Williams
b948e78b46 Add manpage for eapol_test
Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-01-21 16:30:46 +02:00
Dan Williams
36bd29ee5e wpa_supplicant: Fix usage text based on build options
Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-01-21 16:28:31 +02:00
Raja Mani
dd271857a5 Skip normal scan when PNO is already in progress
Scan request failures are observed in wpa_supplicant debug log when
Android framework starts PNO scan in driver via ctrl interface command
'set pno 1' and wpa_supplicant also tries to issue a scan request after
PNO has started in the driver.

Some drivers may reject a normal scan request when PNO is already in
progress. wpa_supplicant should consider PNO status before issuing start
scan request to the driver. Otherwise, wpa_supplicant will get failures
from driver for the scan request and it will end up rescheduling scan
request in periodic interval and get a start scan request failure for
each attempt.

In order to avoid unnecessary scan attempt when PNO scan is already
running, PNO status is checked before issuing scan request to driver.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-21 16:19:49 +02:00
Rashmi Ramanna
a2d6365760 P2P: Extend the listen time based on the active concurrent session
A P2P Device while in the Listen state waiting to respond for the
obtained group negotiation request shall give a fair chance for other
concurrent sessions to use the shared radio by inducing an idle time
between the successive listen states. However, if there are no
concurrent operations, this idle time can be reduced.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-20 22:55:09 +02:00
Dmitry Shmidt
443427e4ed P2P: Add missing direct global ctrl_iface commands for P2P
It should be noted that these commands are not exclusively used for P2P
or in the global context, so use of these commands through the global
control interface for operations that are specific to a single interface
have undefined behavior and that behavior may change in the future. As
such, these are recommend only for operations that are in the global
context (e.g., for P2P management).

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-01-17 11:58:36 +02:00
Jithu Jance
37b4198af4 P2P: Use GO's operating channel to optimize scan during join
Use P2P GO's operating channel information, if known, to do a single
channel scan during the join operation.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2014-01-17 11:57:07 +02:00
Arend van Spriel
a0e9d89203 Use minimal scan delay upon EVENT_INTERFACE_ADDED
This patch resets the static interface_count to zero in case of
wpa_supplicant_driver_init() call for wpa_s which is in
INTERFACE_DISABLED state. This interface_count is used for the delay of
the scan which is now minimal for dynamically added interfaces. This may
collide with a scan for another interface, but the same is true for any
chosen delay in this scenario. Also the state change to DISCONNECTED is
moved to wpa_supplicant_driver_init() so it will move from
INTERFACE_DISABLED to INACTIVE when there are no enabled networks.

Tested-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
2014-01-17 11:50:31 +02:00
Arend van Spriel
5ddd07cb37 Reset normal_scans counter upon entering INTERFACE_DISABLED state
Depending on the implementation, the scheduled scan may not give results
quickly when in DISCONNECTED state. This patch resets
wpa_s::normal_scans upon entering to the INTERFACE_DISABLED state so a
normal scan is assured upon going to DISCONNECTED state after the
interface has been re-enabled. This mainly solves a long reconnect time
observed upon repeated kernel driver reloads, i.e., third reload
resulted in a scheduled scan.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-hostap: Arend van Spriel <arend@broadcom.com>
2014-01-17 11:48:17 +02:00
Sunil Dutt
3ed97271ba TDLS: Pass peer's Supported channel and oper class info during sta_add
The information of the peer's supported channel and operating class
is required for the driver to do TDLS off channel operations with a
compatible peer. Pass this information to the driver when the peer
station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-14 17:24:33 +02:00
Jouni Malinen
c48414af8f P2P: Limit join-a-group scans based on SSID from invitation
If we already know the SSID of the P2P group we are trying to join, use
that SSID to limit scan responses and BSS selection since we do not
really look for any other network in this case. In addition, this can
fix cases where the peer has just changed its SSID (e.g., started a new
group) and there may be multiple BSS entries for the same BSSID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-13 21:39:06 +02:00
Jouni Malinen
78f0c933e0 Flush secondary device types on FLUSH command
This makes it possible to clear previously configured secondary device
types.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 22:27:30 +02:00
Jouni Malinen
2b384109f2 P2P: Allow requested device type to be specified with p2p_find
This allows filtering of P2P peers that reply to the device discovery
Probe Request frames.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 20:01:19 +02:00
Jouni Malinen
d9bb2821e7 Clear configuration blobs on FLUSH command
All te network blocks and credentials were already cleared, but
configurations blobs should also be cleared here, e.g., to get
more consistent behavior test cases using EAP-FAST PACs.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 16:42:15 +02:00
Jouni Malinen
c60ba9f7ab Skip network disabling on expected EAP failure
Some EAP methods can go through a step that is expected to fail and as
such, should not trigger temporary network disabling when processing
EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as
a special case, but similar behavior is needed for EAP-FAST with
unauthenticated provisioning.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 16:42:15 +02:00
Ben Greear
3043b4f455 nl80211: Document how to configure for libnl 2.0 and 3.2
Reported-by: Xose Vazquez Perez <xose.vazquez@gmail.com>

Signed-hostap: Ben Greear <greearb@candelatech.com>
2014-01-07 15:35:14 +02:00
Jouni Malinen
95fb2db242 P2P: Reject group formation on WPS provisioning failure
There is no need to wait for the 15 second group formation timeout to
clear the state if WPS failure is detected during P2P group formation.
Allow the WPS exchange steps (WSC_NACK and EAP-Failure) to be completed
and remove the group to get rid of the extra wait.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
6fc61e180e Fix TX status processing during AP mode shutdown in wpa_supplicant
A TX status event could be received after the AP interface has already
been deinitialized. This needs to check for NULL pointer before trying
to indicate the event to AP functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
b6a9590b34 Interworking: Keep up to two pending GAS_REQUEST responses
Previously, only the last response data was kept in memory. This
increases that to hold up to two last responses to allow some more
parallel operations to be requested. In addition, the response data is
now freed as soon as the external program has fetched it.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
090b8e3d14 Update copyright notices for the new year 2014
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
356d1488c4 Interworking: Add optional freq argument to INTERWORKING_SELECT
This can be used to limit which channels are scanned using the specified
list of frequency ranges in the same format that the SCAN command uses.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
a09ffd5f2f Fix req_scan-deplete-timeout and update eloop API for this
Commit e2f5a9889a was supposed to prevent
new scan request from pushing out the old one. However, it did not
really do that since eloop_deplete_timeout() returned 0 both for the
case where the old timeout existed (and was sooner) and if the old
timeout did not exist. It returned 1 only for the case where an old
timeout did exist and was larger than the new requested value. That case
used to result in wpa_supplicant_req_scan() rescheduling the timeout,
but hew code in eloop_deplete_timeout() did the exact same thing and as
such, did not really change anything apart from the debug log message.

Extend the eloop_deplete_timeout() (and eloop_replenish_timeout() for
that matter since it is very similar) to return three different values
based on whether the timeout existed or not and if yes, whether it was
modified. This allows wpa_supplicant_req_scan() to schedule a new
timeout only in the case there was no old timeout.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
083916c022 P2P: Clear p2p_disabled and p2p_per_sta_psk on FLUSH command
The control interface FLUSH command now includes clearing of
"P2P_SET disabled 1" and "P2P_SET per_sta_psk 1".

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
3f45fc403f P2P: Clear services on FLUSH command
The control interface FLUSH command now includes the step executed by
the P2P_SERVICE_FLUSH command.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
1f965e622a Allow external programs to request wpa_radio work items
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
6428d0a71f Do not start wpa_radio work during externally triggered scan
If an external program triggers a scan, wpa_supplicant does not have a
wpa_radio work item for this operation to protect against other
offchannel operations. This can result in operations failing, so try to
avoid damage by not starting any new wpa_radio work items during a scan
that was started by another process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
6470f471e4 Remove unneeded scan delay on connection-in-progress
This type of protection against concurrent connection and scan
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
4bb232153f Remove unneeded GAS query delay on connection-in-progress
This type of protection against concurrent connection and offchannel GAS
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
6ac4b15ef8 Use wpa_radio work for connection
This protects against conflicting offchannel operations during
connection (authentication, association, EAP exchanges, 4-way
handshake).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
b9e6d7001d Use radio work for GAS requests
Avoid concurrent GAS operations with any other exclusive use of the
radio by using the radio work queuing mechanism. This replaces some of
the earlier constraints on concurrent operations with the more generic
wpa_radio work concept.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
e05e130837 P2P: Use radio work to protect offchannel Action frame exchanges
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
e1d1c8e223 Use radio work for P2P Listen requests
Avoid concurrent P2P Listen operations with any other exclusive use of
the radio by using the radio work queuing mechanism. This removes some
of the earlier workarounds that postponed scans depending on other
operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 09:45:32 +02:00
Jouni Malinen
1b5d4714dd Use radio work for P2P scan requests
Avoid concurrent P2P scan requests with any other exclusive use of the
radio by using the radio work queuing mechanism. This removes some of
the earlier workarounds that postponed scans depending on other
operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:39:25 +02:00
Jouni Malinen
d12a51b5d2 Use radio work for scan requests
Avoid concurrent scan requests by using the radio work queuing
mechanism.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:37:50 +02:00
Jouni Malinen
b1ae396f59 Add framework for exclusive radio operations
The new radio work item concept can be used to request time for an
operation that requires exclusive radio control, e.g., a scan. Once the
radio is available, the registered callback function will be called.
radio_work_done() must be called once the exclusive radio operation has
been completed, so that the radio is freed for other operations. The
special case of deinit=1 is used to free the context data during
interface removal. That does not allow the callback function to start
the radio operation, i.e., it needs to free the allocated resources
and return.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:37:03 +02:00
Jouni Malinen
dd43aaa509 Add helper functions for cloning and freeing scan parameters
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:35:52 +02:00
Jouni Malinen
06f9acce18 Ignore externally triggered scan results with scan_res_handler
wpa_s->scan_res_handler is set only for cases where a scan operation is
requested for a specific purpose. As such, this callback should only be
called when a scan result from a scan that was triggered by
wpa_supplicant is processed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:34:17 +02:00