Android 4.4 uses "BSS" command instead of "SCAN_RESULT" command.
So this patch add the mesh scan result for BSS command.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
STAs that have different BSSBasicRateSet cannot connect to each other
as per IEEE 802.11s-2011 9.6.0c1:
"A mesh STA shall not establish a mesh peering with a mesh STA using a
different BSSBasicRateSet."
Make BSSBasicRateSet configurable to improve interoperability with other
stations.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Parse MESH_GROUP_ADD/REMOVE commands on ctrl interface and call
wpa_supplicant routines. These commands are used to start or
join and leave a mesh network.
The mesh id is given in the configuration file, therefore there is
no need to scan before joining a mesh network. We reuse the
connect_without_scan construct used by P2P for that same purpose.
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Javier Lopez <jlopex@gmail.com>
mesh_ht_mode default value is CHAN_UNDEFINED.
So previous code set 11N capability even though 11N is not used.
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Add a new option "mesh_ht_mode" that specifies the HT mode for the
mesh, with this option on, mesh beacons, actions frames, and probe
responses with include the appropriate HT information elements.
[original implementation by Chun-Yeow Yeoh <yeohchunyeow@gmail.com>]
[some fixes by Masashi Honma <masashi.honma@gmail.com>]
Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Add timer to do SAE re-authentication with number of tries defined
by MESH_AUTH_RETRY and timeout defined by MESH_AUTH_TIMEOUT.
Ignoring the sending of reply message on "SAE confirm before commit"
to avoid "ping-pong" issues with other mesh nodes. This is obvious when
number of mesh nodes in MBSS reaching 6.
Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Add state transition logic to the SAE frame handling in order to more
fully implement the state machine from the IEEE 802.11 standard. Special
cases are needed for infrastructure BSS case to avoid unexpected
Authentication frame sequence by postponing transmission of the second
Authentication frame untile the STA sends its Confirm.
[original patch by: Thomas Pedersen <thomas@noack.us>]
Signed-off-by: Bob Copeland <me@bobcopeland.com>
New kernels in wiphy_suspend() will call cfg80211_leave_all() that will
eventually end up in cfg80211_stop_ap() unless wowlan_triggers were set.
For now, use the parameters from the station mode as-is. It may be
desirable to extend (or constraint) this in the future for specific AP
mode needs.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This adds support for AKM 00-0F-AC:11 to specify the integrity and
key-wrap algorithms for EAPOL-Key frames using the new design where
descriptor version is set to 0 and algorithms are determined based on
AKM.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new AKM uses a different mechanism of deriving the PMKID based on
KCK instead of PMK. hostapd was already doing this after the KCK had
been derived, but wpa_supplicant functionality needs to be moved from
processing of EAPOL-Key frame 1/4 to 3/4 to have the KCK available.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The
functionality itself is not yet complete, i.e., this commit only
includes parts to negotiate the new AKM.
Signed-off-by: Jouni Malinen <j@w1.fi>
This parameter was used in some of the NFC test cases to make scanning
more robust in case of changing AP configuration. However, the parameter
was not cleared anywhere, so it could have been left in use for other
test cases as well. To get more consistent behavior, clear the value
back to its default between test cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use SSLv23_method() to enable TLS version negotiation for any version
equal to or newer than 1.0. If the old behavior is needed as a
workaround for some broken authentication servers, it can be configured
with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1".
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed since the SCAN command with radio work returns before the
actual driver operation to trigger a scan has been executed and as such,
cannot return result of that operation.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
It looks like some APs are incorrectly selecting descriptor version 3
(AES-128-CMAC) for EAPOL-Key frames when version 2 (HMAC-SHA1) was
expected to be used. This is likely triggered by an attempt to negotiate
PMF with SHA1-based AKM.
Since AES-128-CMAC is considered stronger than HMAC-SHA1, allow the
incorrect, but stronger, option to be used in these cases to avoid
interoperability issues with deployed APs.
This issue shows up with "WPA: CCMP is used, but EAPOL-Key descriptor
version (3) is not 2" in debug log. With the new workaround, this issue
is ignored and "WPA: Interoperability workaround: allow incorrect
(should have been HMAC-SHA1), but stronger (is AES-128-CMAC), descriptor
version to be used" is written to the log.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Some flag already using a bit larger than 32, so extend the hostapd
drv_flags type similarly to the earlier wpa_supplicant change to get the
full flag content.
Signed-off-by: Yanbo Li <yanbol@qti.qualcomm.com>
This was used in driver_test.c, but that driver wrapper has been removed
and there are no remaining or expected users for EVENT_MLME_RX.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was used in hostapd driver_test.c, but that driver wrapper has been
removed and there are no remaining or expected users for
EVENT_FT_RRB_RX.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was currently breaking parallel-run.*, as it was passing
--split num/num parameters (intended for rnu-tests.py)
to vm-run.sh which broke the --codecov and --timewrap options.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Update the code coverage documentation to also specify the
source base directory for the code coverage generation.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add an option --build to run-all.sh to build before starting to run all
the tests. In addition, add an option --codecov to extract the code
coverage data at the end of the run.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Number of documentation and configuration files had references to the
madwifi driver interface that was removed in the previous commit. Remove
these references as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
The MadWifi project is not active anymore and the last release happened
in early 2008. As such, there is no remaining justification for
maintaining the madwifi-specific driver interface for hostapd either.
Signed-off-by: Jouni Malinen <j@w1.fi>
This helps window managers treat the window properly. Mostly tiling WMs
are affected by this. All other windows inherit this option from QDialog
already.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
This verifies that station mode interface SCAN command gets executed if
P2P Device instance is running p2p_find.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If p2p_stop_find is issued after the p2p_scan request is triggered to
the host driver, the obtained scan results are also considered to update
the P2P peer entries. This is not always desired behavior, i.e., it can
be clearer if no P2P-DEVICE-FOUND events are generated based of that
final pending scan.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
With the radio work interface in place, station interface SCAN command
was not scheduled (i.e., it got continously delayed with "Delay station
mode scan while P2P operation is in progress") when a p2p_find was
operational. Fix this be delaying station mode scan only when a P2P
operation is in progress, but not in search state.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
With the radio work interface, the actual request to start p2p_scan
operation is scheduled from a radio work and hence the initial return
value cannot provide the real result of the driver operation to trigger
a scan. Introduce a new notification API to indicate the scan trigger
status based on which the p2p_scan_running instance can be set using the
real return value from the driver operation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
macsec_validate variable was set incorrectly to FALSE(0) or TRUE(1)
instead of the enum validate_frames values (Disabled(0), Checked(1),
Strict(2). This ended up policy == SHOULD_SECURE to be mapped to
macsec_validate == Checked instead of Strict. This could have resulted
in unintended SecY forwarding of invalid packets rather than dropping
them.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This function is always called with the peer argument equal to
p2p->go_neg_peer, so there is no need for that argument to be there. In
addition, p2p->go_neg_peer is not NULL in cases where there is an
ongoing GO Negotiation, so the function can be simplified to just check
once whether the peer pointer is set and if not, skip all processing.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
grpform_cred_ready_timeout2 is similar to the grpform_cred_ready_timeout
test case with the difference being in initiating a P2P_FIND operation
during the wait.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>