Commit graph

3828 commits

Author SHA1 Message Date
Jouni Malinen
23d71a0286 Set wpa_psk_set in wpa_supplicant AP mode is PSK is available
While this is unlikely to make any practical difference, it is better to
keep consistent with hostapd configuration parser.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-14 19:43:30 +03:00
Jouni Malinen
6641954321 Fix AP mode key_mgmt configuration in wpa_supplicant default case
If the network profile key_mgmt parameter was not set, wpa_supplicant
defaulted to enabling both WPA-PSK and WPA-EAP. This is not correct for
AP mode operations, so remove WPA-EAP in such a case to fix WPA-PSK
without explicit key_mgmt parameter.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-14 19:43:30 +03:00
Jouni Malinen
ad6cee3fa0 P2P: Do not enable P2P group processing for non-P2P AP mode
wpa_supplicant was starting P2P group processing for all AP mode
interfaces in CONFIG_P2P=y builds. This is unnecessary and such
operations should be enabled only for actual GO interfaces.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-14 19:43:30 +03:00
Ilan Peer
3b11ad34eb Send CTRL-EVENT-REGDOM-CHANGE event on the parent interface
The NL80211_CMD_WIPHY_REG_CHANGE can be handled by any of the
interfaces that are currently controlled by the wpa_supplicant.
However, some applications expect the REGDOM_CHANGE event to be
sent on the control interface of the initially added interface
(and do not expect the event on any of child interfaces).

To resolve this, when processing NL80211_CMD_WIPHY_REG_CHANGE,
find the highest parent in the chain, and use its control interface
to emit the CTRL-EVENT-REGDOM-CHANGE event.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-05-14 17:19:02 +03:00
Jouni Malinen
4de70e2330 Add MGMT_RX_PROCESS test command for wpa_supplicant
This makes it easier to write hwsim test cases to verify management
frame processing sequences with dropped or modified frames. When
ext_mgmt_frame_handling is used, this new command can be used to request
wpa_supplicant to process a received a management frame, e.g., based on
information reported in the MGMT-RX events.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-13 20:54:51 +03:00
Peter Oh
f42c3ceb94 mesh: Calculate MTK before sending it to MAC in case Open is dropped
IEEE Std 802.11-2012 13.5.6.3 State transitions require an action
sending SETKEYS primitive to MAC when OPN_ACPT event occurs in CNF_RCVD
state in case of AMPE is used, but since MTK calculation is missed in
this condition, all zero valued key are passed to MAC and cause unicast
packet decryption error. This could happen if the first transmission of
plink Open frame is dropped and Confirm frame is processed first
followed by retransmitted Open frame.

Fix this by calculating the MTK also in this sequence of unexpected
messages.

Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
2016-05-13 20:54:51 +03:00
Peter Oh
baa1213649 mesh: Add missing action to cancel timer
IEEE Std 802.11-2012 Table 13-2, MPM finite state machine requires to
clear retryTimer when CNF_ACPT event occurs in OPN_SNT state which is
missing, so add it to comply with the standard.

This was found while debugging an MTK issue and this commit fixes a
potential issue that mesh sends invalid event (PLINK_OPEN) which will
lead another invalid timer register such as MeshConfirm Timer. This
behaviour might lead to undefined mesh state.

Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
2016-05-13 19:57:15 +03:00
Saurav Babu
e8a1b6b8e9 D-Bus: Check driver capability for IBSS in Modes property of Capabilities
Instead of hardcoding "ad-hoc" in the array of supported capabilities,
add this only if the driver indicates support for IBSS.

Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2016-05-13 18:53:04 +03:00
Johannes Berg
3dd0e9e4e4 wpa_supplicant: Fix CONFIG_AP build without CTRL_IFACE
wpas_ap_pmksa_cache_list() and wpas_ap_pmksa_cache_flush() should be
under the #ifdef since they're only called for the control iface and
use functionality that otherwise isn't available.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2016-05-13 18:31:01 +03:00
Sunil Dutt
03626e9157 Skip connection attempt for non-RSN networks if PMF is set to required
Since ieee80211w=2 is an explicit configuration to wpa_supplicant, the
connection attempt for such non-PMF (non-RSN) capable networks should be
skipped.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-05 21:09:08 +03:00
Jouni Malinen
22950049e4 Ignore pmf=1/2 parameter for non-RSN networks
PMF is available only with RSN and pmf=2 could have prevented open
network connections. Change the global wpa_supplicant pmf parameter to
be interpreted as applying only to RSN cases to allow it to be used with
open networks.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-05 21:09:08 +03:00
Jouni Malinen
2a3f56502b Reject SET commands with newline characters in the string values
Many of the global configuration parameters are written as strings
without filtering and if there is an embedded newline character in the
value, unexpected configuration file data might be written.

This fixes an issue where wpa_supplicant could have updated the
configuration file global parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the value of a parameter before passing it to
wpa_supplicant.

This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Jouni Malinen
b166cd84a7 Reject SET_CRED commands with newline characters in the string values
Most of the cred block parameters are written as strings without
filtering and if there is an embedded newline character in the value,
unexpected configuration file data might be written.

This fixes an issue where wpa_supplicant could have updated the
configuration file cred parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the credential value before passing it to
wpa_supplicant.

This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Paul Stewart
0fe5a23424 Remove newlines from wpa_supplicant config network output
Spurious newlines output while writing the config file can corrupt the
wpa_supplicant configuration. Avoid writing these for the network block
parameters. This is a generic filter that cover cases that may not have
been explicitly addressed with a more specific commit to avoid control
characters in the psk parameter.

Signed-off-by: Paul Stewart <pstew@google.com>
2016-05-02 11:08:25 +03:00
Jouni Malinen
73e4abb24a Reject psk parameter set with invalid passphrase character
WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a passphrase configuration attempt if that passphrase
includes an invalid passphrase.

This fixes an issue where wpa_supplicant could have updated the
configuration file psk parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the passphrase value before passing it to
wpa_supplicant.

This could allow such an untrusted user to inject up to 63 characters of
almost arbitrary data into the configuration file. Such configuration
file could result in wpa_supplicant trying to load a library (e.g.,
opensc_engine_path, pkcs11_engine_path, pkcs11_module_path,
load_dynamic_eap) from user controlled location when starting again.
This would allow code from that library to be executed under the
wpa_supplicant process privileges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Dmitry Shmidt
df5bde83da Android: Remove EAP-FAST option
Current BoringSSL version is not suitable for EAP-FAST.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2016-04-28 20:43:43 +03:00
Andrei Otcheretianski
9b377be037 P2P: Copy config from p2pdev when not using dedicated group interface
When the P2P Device interface is used and an existing interface is used
for P2P GO/Client, the P2P Device configuration was not cloned to the
configuration of the existing interface. Thus, configuration parameters
such as idle_group_time, etc., were not propagated to the P2P GO/Client
interface.

Handle this by copying all configuration parameters of the P2P device
interface to the reused interface, with the following exceptions:

1. Copy the NFC key data only if it was not set in the configuration
   file.
2. The WPS string fields are set only if they were not previously set
   in the configuration of the destination interface (based on the
   assumption that these fields should be identical among all
   interfaces).

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2016-04-25 00:10:49 +03:00
Andrei Otcheretianski
3c88d26941 P2P: Fix wpas_p2p_nfc_auth_join()
Use the p2pdev pointer instead of the parent pointer to comply with the
flows when a dedicated P2P Device interface is used and
p2p_no_group_iface == 1 (in which case the parent of the reused
interface isn't necessary the same as p2pdev).

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2016-04-25 00:10:10 +03:00
Kanchanapally, Vidyullatha
2f195639ec WNM: Fetch scan results before checking transition candidates
On receiving a WNM BSS Transition Management Request frame with a
candidate list, fetch the latest scan results from the kernel to see if
there are any recent scan results for the candidates and initiate a
connection if found. This helps to avoid triggering a new scan in cases
where a scan initiated by something else (e.g., an internal beacon
measurement report functionality in a driver) has processed Beacon or
Probe Response frames without wpa_supplicant having received a
notification of such an update yet.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-23 17:12:16 +03:00
Marcin Niestroj
9e5a5de55a systemd: Update service files according to D-Bus interface version
systemd service files were supplied with old D-Bus bus name. After
service activation systemd was waiting for appearance of specified bus
name to consider it started successfully. However, if wpa_supplicant was
compiled only with the new D-Bus interface name, systemd didn't notice
configured (old) D-Bus bus name appearance. In the end, service was
considered malfunctioning and it was deactivated.

Update systemd service BusName property according to supported D-Bus
interface version.

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
2016-04-19 00:55:17 +03:00
Purushottam Kushwaha
57b38882e5 P2P: Add P2P_GROUP_MEMBER command to fetch client interface address
This allows local GO to fetch the P2P Interface Address of a P2P Client
in the group based on the P2P Device Address for the client. This
command should be sent only on a group interface (the same peer may be
in multiple concurrent groups).

Usage:
P2P_GROUP_MEMBER <P2P Device Address>

Output:
<P2P Interface Address>

Signed-off-by: Purushottam Kushwaha <pkushwah@qti.qualcomm.com>
2016-04-19 00:41:16 +03:00
Lior David
0ee8925098 P2P: Trigger event when invitation is accepted
Trigger an event when wpa_supplicant accepts an invitation to re-invoke
a persistent group. Previously wpa_supplicant entered group formation
without triggering any specific events and it could confuse clients,
especially when operating with a driver that does not support
concurrency between P2P and infrastructure connection.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-04-18 16:57:05 +03:00
Ilan Peer
cf667c66ac RRM: Modify the processing of a received neighbor report
Parse a received neighbor report and report for each neighbor report the
data received for it:

RRM-NEIGHBOR-REP-RECEIVED bssid=<BSSID> info=0x<hex> op_class=<class> chan=<chan> [lci=hex] [civic=hex]

Note that this modifies the previous format that originally reported
only the length of the received frame.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-04-17 17:45:14 +03:00
Beni Lev
00ed0aa2dd SME: Add support for global RRM flag
Add RRM to SME authentication/association if the global RRM flag is set.

Signed-off-by: Beni Lev <beni.lev@intel.com>
2016-04-17 12:43:57 +03:00
David Spinadel
4a742011ab wpa_supplicant: Handle LCI request
Handle radio measurement request that contains LCI request. Send
measurement report based on a configurable LCI report element. The LCI
report element is configured over the control interface with

SET lci <hexdump of the element>

and cleared with

SET lci ""

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:29:12 +03:00
David Spinadel
2572df34b2 hostapd: Handle Neighbor Report Request frame
Process Neighbor Report Request frame and send Neighbor Report Response
frame based on the configured neighbor report data.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:29:07 +03:00
David Spinadel
9b4b226426 hostapd: Add a database of neighboring APs
Add a configurable neighbor database that includes the content of
Nighbor Report element, LCI and Location Civic subelements and SSID.

All parameters for a neighbor must be updated at once; Neighbor Report
element and SSID are mandatory, LCI and civic are optional. The age of
LCI is set to the time of neighbor update.

The control interface API is:
SET_NEIGHBOR <BSSID> <ssid=SSID> <nr=data> [lci=<data>] [civic=<data>]

To delete a neighbor use:
REMOVE_NEIGHBOR <BSSID> <SSID>

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:40 +03:00
Jouni Malinen
6a4f0ed788 Fix spelling of "neighbor" in a function name
The missing letter 'h' made it more difficult to find this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-16 21:05:39 +03:00
David Spinadel
d41a5352fe wpa_supplicant: Add LCI and civic request to Neighbor Report Request
Add an option to request LCI and Location Civic Measurement in Neighbor
Report Request frame, as described in IEEE P802.11-REVmc/D5.0, 9.6.7.6.

Note: This changes the encoding format of the NEIGHBOR_REP_REQUEST
ssid=<val> parameter. This used to be parsed as raw SSID data which is
problematic for accepting additional parameters. The new encoding allows
either a string within double-quotation marks or a hexdump of the raw
SSID.

Thew new format:
NEIGHBOR_REP_REQUEST [ssid=<SSID>] [lci] [civic]

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:39 +03:00
David Spinadel
624b8a061f utils: Add ssid_parse() function
Add a function that parses SSID in text or hex format. In case of the
text format, the SSID is enclosed in double quotes. In case of the hex
format, the SSID must include only hex digits and not be enclosed in
double quotes. The input string may include other arguments after the
SSID.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:37 +03:00
David Spinadel
9d955f751e utils: Rename hostapd_parse_bin to wpabuf_parse_bin and move it
Make the function available as part of the wpabuf API.
Use this renamed function where possible.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-09 11:23:36 +03:00
Jouni Malinen
61c101186a Extend VENDOR_ELEM parameters to cover non-P2P Probe Request frame
The new VENDOR_ELEM value 14 can now be used to add a vendor element
into Probe Request frames used by non-P2P active scans.

For example:
VENDOR_ELEM_ADD 14 dd05001122330a
and to clear that:
VENDOR_ELEM_REMOVE 14 *

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-09 00:30:49 +03:00
Matti Gottlieb
ece4ac5f4e HS 2.0: Add support for configuring frame filters
When a station starts an association to a Hotspot 2.0 network, request
the driver to do the following, based on the BSS capabilities:

1. Enable gratuitous ARP filtering
2. Enable unsolicited Neighbor Advertisement filtering
3. Enable unicast IP packet encrypted with GTK filtering if
   DGAF disabled bit is zero

Clear the filter configuration when the station interface is
disassociated.

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
2016-04-08 15:21:18 +03:00
Matti Gottlieb
e42adb9a75 driver: Add a packet filtering function declaration
Add a new function declaration that will allow wpa_supplicant to request
the driver to configure data frame filters for specific cases.

Add definitions that will allow frame filtering for stations as
required by Hotspot 2.0:

1. Gratuitous ARP
2. Unsolicited NA
3. Unicast IP packets encrypted with GTK

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
2016-04-08 13:13:55 +03:00
Lior David
90f14962ec wpa_supplicant: "don't care" value for pbss in ssid structure
Add a new value 2 to the pbss parameter of wpa_ssid structure, which
means "don't care". This value is used in infrastructure mode to request
connection to either AP or PCP, whichever is available in the scan
results. The value is also used in regular WPS (not P2P group formation)
to make WPS work with devices running as either AP or PCP.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-04-08 12:56:34 +03:00
Jouni Malinen
0f34665774 Mark wpa_supplicant_{start,stop}_sched_scan() static
With the only callers in wpas_{start,stop}_pno() moved into scan.c,
there is no need to call these helper functions from outside scan.c
anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-07 11:45:01 +03:00
Hu Wang
3560b32ca3 Fix race condition with PNO stop followed immediately by PNO start
Commit dd271857a5 ('Skip normal scan when
PNO is already in progress') fixed issues with normal scans getting
rejected by the driver when PNO scan is already running. The part about
skipping such a scan request is fine, but the part about clearing
wpa_s->pno back to 0 in EVENT_SCHED_SCAN_STOPPED handler is problematic.

If PNO is stopped ("SET pno 0") and then restarted ("SET pno 1")
immediately, it is possible for the EVENT_SCHED_SCAN_STOPPED event from
the stopping part to be received only after the new PNO instance has
been started. This would have resulted in clearing wpa_s->pno and the
driver and wpa_supplicant getting out of sync. This would then prevent
PNO from being stopped with "SET pno 0" (that fails if wpa_s->pno == 0).

Fix this race condition by reverting the wpa_s->pno = 0 addition from
the EVENT_SCHED_SCAN_STOPPED handler.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-06 11:14:34 +03:00
Dmitry Shmidt
f89c32e63f Android: Fix max number of sched scan SSIDs based on driver capability
This adds use of the driver capability (instead of hardcoded
WPAS_MAX_SCAN_SSIDS) in wpas_start_pno() similarly to what was already
done in wpa_supplicant_req_sched_scan().

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2016-04-02 17:35:28 +03:00
Roshan Pius
f1a5a34d8e binder: Implement interface add/remove methods
This commit implements the methods defined in Supplicant service:
1. CreateInterface
2. RemoveInterface
3. GetInterface

The binder service returns the corresponding iface binder object
references which can be used by clients to control a specific
interface.

Signed-off-by: Roshan Pius <rpius@google.com>
2016-04-02 17:35:28 +03:00
Roshan Pius
7b4bbb9f94 binder: Add binder skeletal code for Android
Create the skeletal binder interface for wpa_supplicant. The interface
hierarchy is based off the existing dbus
interface(https://w1.fi/wpa_supplicant/devel/dbus.html).

Since we use libbinder, the binder interface codebase needs to be
written in C++ and can only be compiled on Android platform for now.

The aidl files define binder RPC interfaces. The Android build system
generates the corresponding C++ interface classes which needs to be
implemented by the server process.

The clients can obtain a reference to the binder service (root object)
using:
android::String16 service_name("fi.w1.wpa_supplicant");
android::sp<android::IBinder> binder =
  android::defaultServiceManager()->getService(service_name);

Once a reference to the root object is retrieved, the clients can
obtain references to other RPC objects using that root object methods.

Signed-off-by: Roshan Pius <rpius@google.com>
2016-04-02 17:35:26 +03:00
Jouni Malinen
c01120a05f wpa_supplicant: Do not use struct ieee80211_mgmt::u.probe_req
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. Since there are no non-IE fields in the
Probe Request frames, get the location of the variable length IEs simply
by using the pointer to the frame header and the known header length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-02 16:55:02 +03:00
Bala Krishna Bhamidipati
5cd317d381 Do not clear PMKSA entry or EAP session cache if config does not change
This avoids unnecessary flushing of the PMKSA cache entry and EAP
session data when processing SET_NETWORK commands that set a network
profile parameter to the same value that the parameter already has.

Introduce a new wpa_config_set() and wpa_config_set_quoted() return
value (==1) signifying that the new value being set for the
corresponding field equals to the already configured one so that the
caller can determine that nothing changed in the profile.

For now, this does not cover all the network profile parameters, but
number of the most commonly used parameters are included to cover the
Android use cases where the framework may have issued SET_NETWORK
commands that would have unnecessarily prevented use of PMKSA caching or
EAP fast reauthentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-31 17:18:51 +03:00
Jouni Malinen
a6fbff2049 Fix CONFIG_CTRL_IFACE=udp6/udp6-remote builds
wpa_supplicant_global_ctrl_iface_receive() did not handle the from
address properly for the IPv6 case. This was broken by commit
d60886cdaf ('wpa_supplicant: Add monitor
support for global UDP ctrl_iface').

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-28 00:16:52 +03:00
Jouni Malinen
31afdd2274 Use TIOCOUTQ instead of SIOCOUTQ to avoid need for linux/sockios.h
All that the kernel header was doing here is defining SIOCOUTQ to be
TIOCOUTQ. Instead of pulling in the header, we might as well use
TIOCOUTQ directly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:40:35 +02:00
Lior David
f347429cf1 P2P: Fix persistent group for 60 GHz networks
Fix two problems with storage of 60 GHz P2P persistent groups:
1. pbss flag was not stored in the network block.
2. When recreating the persistent group from storage,
in addition to the missing pbss flag, the pairwise_cipher and
group_cipher were initialized to CCMP which does not work
in 60 GHz since the default in 60 GHz should be GCMP.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-25 18:40:56 +02:00
Jouni Malinen
954e10e483 Make it a bit easier to roam from 2.4 GHz to 5 GHz within ESS
The initial connection to an ESS was already explicitly increasing the
likelihood of picking a 5 GHz BSS. While the throughput estimation is
likely to do same for the roaming decision, it might be possible that
that does not cover all cases. Add couple of dB extra preference for 5
GHz in case the roaming decision falls back to comparing signal levels.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 12:12:48 +02:00
Jouni Malinen
585141bb30 Fix a typo in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 12:12:48 +02:00
Jouni Malinen
6a5ee810a3 Include previous BSSID in connection request to indicate reassociation
This allows the SME-in-the-driver case to get similar information about
reassociation that was already available for the SME-in-wpa_supplicant
case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-24 22:35:10 +02:00
Jouni Malinen
cbc3d6fe65 WNM: Verify BSS TM target match against the current network profile
Reject a BSS transition management candidate if it does not match the
current network profile, e.g., due to incompatible security parameters.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-24 12:11:55 +02:00
Roy Marples
2e997eece5 Add interface matching support with -M, guarded by CONFIG_MATCH_IFACE
The new wpa_supplicant command line argument -M can be used to describe
matching rules with a wildcard interface name (e.g., "wlan*").

This is very useful for systems without udev (Linux) or devd (FreeBSD).

Signed-off-by: Roy Marples <roy@marples.name>
2016-03-22 17:41:37 +02:00