On scan results event if a concurrent P2P scan was triggered previously,
scan results processing is canceled, p2p_find executed, and a new sta
scan is triggered (pending scan). However, this new sta scan does not
restore the scan_req value of the previous scan (whose scan result has
been canceled).
If we are currently connected to an AP and use ap_scan=2, the new
triggered scan will cause an associtation-without-scan in
wpa_supplicant_scan:
(ap_scan == 2 & scan_req != MANUAL_SCAN_REQ)
=> wpa_supplicant_assoc_try()
causing an association error and a disconnection.
This patch fixes this issue by restoring the previous scan_req value.
Signed-off-by: Loic Poulain <loicx.poulain@intel.com>
The shorter 250 ms wait for the next scan request can be used also for
the case of persistent group re-invocation instead of just formation of
a new group. This speeds up the process and makes this more robust
especially in cases where the GO is using MCC.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The QoS Map Set element was passed in full to the driver instead of just
the payload of the element. This resulted in the updated QoS Map being
rejected. Validate the element id/len and send only the payload to the
driver.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit eb32460029 left an unneeded
sim_type argument to scard_init(). Remove that unnecessary argument to
clean up the implementation.
Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
Request new scan only for the interface for which the original scan
request and results has come. Otherwise while sharing scan results along
with P2P interfaces, the new scan will be requested on P2P interfaces.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
This is a better way of matching P2P groups based on the unique P2P
Device Address (e.g., from P2P Group ID) and SSID pair instead of using
the not necessarily unique P2P Interface Address.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpas_p2p_setup_channels function uses the per interface information
(wpa_s->hw.modes) for setting up the available channel list for P2P
operation, but if a separate P2P interface is used (e.g., p2p0 on
Android), the wpa_s instance for that interface may not get an updated
channel list. This can result in some operations, like "P2P_SET
disallow_freq", using old channel list information (e.g., world roaming
information with passive-scan/no-ibss flags) which was initialized
during the start-up. This could result in P2P functionality using
conflicting or obsolete channel information.
To resolve this issue, update channel list information on regulatory
change events to all of the virtual interfaces sharing the same phy for
which the event is received.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new configuration parameter external_sim=<0/1> can now be used to
configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM
authentication for EAP-SIM or UMTS authentication for EAP-AKA). The
requests and responses for such operations are sent over the ctrl_iface
CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing
password query mechanism.
Changes to the EAP methods to use this new mechanism will be added in
separate commits.
Signed-hostap: Jouni Malinen <j@w1.fi>
Indicate support for QoS Mapping and configure driver to update the QoS
Map if QoS Map Set elements is received from the AP either in
(Re)Association Response or QoS Map Configure frame.
This commit adds support for receiving the frames with nl80211 drivers,
but the actual QoS Map configuration command is still missing.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
P2P-GROUP-STARTED event depends on having enough information about the
group available. To avoid incomplete information from being delivered to
upper layers, do not accept scan results without P2P IE (e.g., from a
non-P2P scan) for P2P client association process. This can be of use for
some join-a-group cases where non-P2P scans have generated the BSS entry
for the GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Making this function be used only for external setup case simplifies the
implementation and makes core wpa_supplicant calls in ctrl_iface.c and
events.c consistent.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible for the GO of a persistent group to change the PSK or
remove a client when per-client PSKs are used and this can happen
without the SSID changing (i.e., the group is still valid, but just not
for a specific client). If the client side of such persistent group ends
up trying to use an invalidated persistent group information, the
connection will fail in 4-way handshake. A new WPS provisioning step is
needed to recover from this.
Detect this type of case based on two 4-way handshake failures when
acting as a P2P client in a persistent group. A new
"P2P-PERSISTENT-PSK-FAIL id=<persistent group id>" event is used to
indicate when this happens. This makes it easier for upper layers to
remove the persistent group information with "REMOVE_NETWORK <persistent
group id>" if desired (e.g., based on user confirmation).
In addition to indicating the error cases for persistent groups, all
this type of PSK failures end up in the client removing the group with
the new reason=PSK_FAILURE information in the P2P-GROUP-REMOVED event.
Signed-hostap: Jouni Malinen <j@w1.fi>
Right now in case of deauthentication from GO, immediate group removal will
happen in GC only if the deauthentication packet has a valid IE. However,
the IE in deauthentication packet is mandated only for managed P2P group.
So in normal P2P group the group removal is delayed and will happen later
only in group idle timeout.
This fixes a regression from commit
d7df0fa727 that changed the previous check
for data->deauth_info != NULL to data->deauth_info->ie != NULL.
Signed-hostap: Sreenath Sharma <sreenats@broadcom.com>
There were some code paths that allowed obsolete configuration data
pointer to be maintained within EAPOL supplicant in case a network was
removed while not connection to it (i.e., wpa_s->current_ssid not
pointing to the network that was removed). This could result in use of
freed memory, e.g., from eap_sm_notify_ctrl_attached() when a new
control interface connected prior to the EAPOL supplicant configuration
pointer got updated.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, wpa_supplicant behavior in WEP configuration was to try to
mimic a device that is not aware of WPA/WPA2 and as such, it tried to
connect to a WPA/WPA2 AP with the assumption that the AP could be
providing support for both WEP and WPA/WPA2 stations in the same BSS.
Such APs could have been used during transition from WEP to more secure
options, but that type of deployment have not been used in large number
and are not really of much use anymore taken into account that more or
less all new devices support WPA/WPA2. That combined with the preference
to deprecate WEP justifies removing this use case and making WEP
networking matching more strict by using the knowledge of AP advertising
WPA/WPA2 as an indication of WEP not being supported.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
To better support the IBSS/RSN mechanism, wpa_supplicant has to be able
to detect a possible peer reboot and in this case it should start a new
EAPOL handshake.
To perform such reboot detection wpa_supplicant has to perform an Open
Authentication by sending an Authentication frame and then replying to
it. IF an Authentication frame is received when the key have already
been exchanged, wpa_supplicant understands that the peer has rebooted
and can reset its state machine.
Whenever a new peer is added to the IBSS wpa_supplicant will start the
Open Authentication and only after having accomplished it will start the
key exchange. If the driver does not support Authentication frame
exchange initiated from user space, this step is skipped to maintain
previous behavior (just go through EAPOL-Key frame processing).
The Open Authentication was partly supported by the Linux kernel but now
wpa_supplicant can register for Authentication frames, handle it in
userspace and so avoid any possible race condition.
Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
This allows wpa_supplicant to associate to an AP that has VHT BSS
membership selector set to indicate VHT support is required for the BSS.
Without the patch it was impossible to connect to, e.g., hostapd-based
AP that has require_vht=1. wpa_supplicant was complaining with:
hardware does not support required rate 63.0 Mbps
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
wpa_s->pending_bssid is all zeros during connection attempt when
driver-based BSS selection is used. Take this into account when
determining whether new scan results should trigger a connection based
on wpa_s->current_ssid, i.e., a connection attempt with the selected
network instead of selected BSS.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up debug log by not requesting the auto connect on
dissassociation event if we are already in disconnected state and would
not try to connect anyway.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
cfg80211 rejects the set_key operations before the IBSS network has been
fully formed, so add one more attempt to set the key for WPA-None at
IBSS joined driver event.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need to repeat the driver capability fetch for each
operation since we already cache driver flags in wpa_s->drv_flags.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Reset ft_completed if STA receives deauthentication
between FT reassoc success and the subsequent initial
mobility authentication and association.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The fast-connect optimization to skip a new scan did not update how the
RSN preauthentication callback is used. There is no point in trying to
add preauthentication candidates from cases where scan was skipped, so
skip this call, too, in such cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
If WPS provisioning step is completed with an AP that is in WPS
configured state, we can skip a second scan after the provisioning step
since the AP is unlikely to change its configuration in such a case.
This can speed up WPS connection a bit by removing an unneeded scan.
Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
Scan result events are shared between all virtual interfaces sharing the
same radio. However, some of the steps are not really appropriate on
virtual interfaces that did not issue the scan request. Fix this by
making these steps conditional on the scan results being processed on
the interface that requested them.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Make the implementation more consistent and cleaner by using a single
function for addressing all the cases where completion of a station mode
scan operation allows a P2P operation (search) to be re-started.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 6a1ce39599 moved the bssid
variable declaration to be outside CONFIG_IEEE80211R block and
triggered a compiler warning about unused variable.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add NL80211_CMD_UPDATE_FT_IES to support update of FT IEs to the
WLAN driver. Add NL80211_CMD_FT_EVENT to send FT event from the
WLAN driver. This will carry the target AP's MAC address along
with the relevant Information Elements. This event is used to
report received FT IEs (MDIE, FTIE, RSN IE, TIE, RICIE).
Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
Usual manual scan request may cause reassociation due to several
reasons. New command is intended to perform pure scan without taking any
automatic action based on the results.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
On the DMG (60 GHz) band, capability bits defined differently from
non-DMG ones. Adjust capability matching to cover both cases.
Also, for non-DMG bands, check ESS bit is set.
Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
When AP mode operation reject the client, nl80211 layer advertises the
connect failed event with the reason for failures (for example, max
client reached, etc.) using NL80211_CMD_CONN_FAILED.
This patch adds some debug messages whenever such an event is received
from the nl80211 layer and also the same event is posted to the upper
layer via wpa_msg().
Signed-off-by: Raja Mani <rmani@qca.qualcomm.com>
If an implicit TDLS set up request is obtained on an existing link or an
to be established link, the previous link was not removed. This commit
disables the existing link on a new set up request. Also,
wpa_tdls_reneg() function was invoking wpa_tdls_start() on an already
existing peer for the case of internal setup, which is incorrect. Thus
the invocation of wpa_tdls_start() is removed in wpa_tdls_reneg() and
also this function is renamed to wps_tdls_remove() as it does not
renegotiation rather shall remove the link (if any) for the case of
external setup.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Addition of wpa_supplicant_fast_associate() made it unnecessary to call
wpas_select_network_from_last_scan() directly from other files.
Signed-hostap: Jouni Malinen <j@w1.fi>
If scan results are available when we perform a SelectNetwork, use
them to make an associate decision. This can save an entire scan
interval-worth of time in situations where something external to
wpa_supplicant (like a connection manager) has just previously
requested a scan before calling SelectNetwork.
Signed-hostap: Paul Stewart <pstew@chromium.org>
The link was not disabled for the case of implicit trigger from the
driver unlike in the case of explicit trigger fromc ctrl_iface. Make the
tear down sequences match in these cases by adding the TDLS_DISABLE_LINK
tdls_oper to the driver when processing the TDLS_REQUEST_TEARDOWN event.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The WNM-Sleep Mode handler took over WNM Action frame processing without
addressing the previously implemented WNM handler. Fix this by moving
the BSs Transition Management processing into wnm_sta.c to share a
single handler function for WNM Action frames.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 1ff733383f added a mechanism to
work around issues due to association events and EAPOL RX events being
getting reordered. However, this applied only for the case where
wpa_supplicant is not in associated state. The same issue can happen in
roaming case with drivers that perform BSS selection internally (or in
firmware). Handle that case similarly by delaying received EAPOL frame
processing if the source address of the EAPOL frame does not match the
current BSSID.
Since wired IEEE 802.1X do not have BSSID, make this additional
workaround conditional on BSSID match having been observed during the
previous association.
This fixes issues where the initial EAPOL frame after reassociation was
either dropped (e.g., due to replay counter not increasing) or replied
to with incorrect destination address (the BSSID of the old AP). This
can result in significantly more robust roaming behavior with drivers
that do not use wpa_supplicant for BSS selection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Replace CONFIG_IEEE80211V with CONFIG_WNM to get more consistent build
options for WNM-Sleep Mode operations. Previously it was possible to
define CONFIG_IEEE80211V without CONFIG_WNM which would break the build.
In addition, IEEE 802.11v has been merged into IEEE Std 802.11-2012 and
WNM is a better term to use for this new functionality anyway.
Signed-hostap: Jouni Malinen <j@w1.fi>
The optional tfs_req=<hex dump> parameter can be added for the wnm_sleep
command to specify the TFS request element to use in the WNM-Sleep Mode
Request frame.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If the driver does not support multi-channel concurrency and a virtual
interface that shares the same radio with the current interface is
operating there may not be need to scan other channels apart from the
current operating channel on the other virtual interface. Filter out
other channels in case we are trying to find a connection for a station
interface when we are not configured to prefer station connection and a
concurrent operation is already in process.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, PMF (protected management frames, IEEE 802.11w) could be
enabled only with a per-network parameter (ieee80211w). The new global
parameter (pmf) can now be used to change the default behavior to be PMF
enabled (pmf=1) or required (pmf=2) for network blocks that do not
override this with the ieee80211w parameter.
Signed-hostap: Jouni Malinen <j@w1.fi>
This prevents situations like the following where we roam to a
lesser quality BSS just because the signal level delta is over our
threshold.
wlan0: Considering within-ESS reassociation
wlan0: Current BSS: 00:24:6c:74:0a:40 level=-51
wlan0: Selected BSS: 00:24:6c:74:0a:e0 level=-64
wlan0: Request association: reassociate: 0 selected: 00:24:6c:74:0a:e0
bssid: 00:24:6c:74:0a:40 pending: 00:00:00:00:00:00 wpa_state: COMPLETED
Signed-hostap: Robert Shade <robert.shade@gmail.com>
cfg80211/mac80211 may reject disassociation command if association has
not yet been formed. Use deauthentication in cases where it is possible
that we are associating at the moment the command is issued.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>