There is no need to wait for the 15 second group formation timeout to
clear the state if WPS failure is detected during P2P group formation.
Allow the WPS exchange steps (WSC_NACK and EAP-Failure) to be completed
and remove the group to get rid of the extra wait.
Signed-hostap: Jouni Malinen <j@w1.fi>
A TX status event could be received after the AP interface has already
been deinitialized. This needs to check for NULL pointer before trying
to indicate the event to AP functions.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, only the last response data was kept in memory. This
increases that to hold up to two last responses to allow some more
parallel operations to be requested. In addition, the response data is
now freed as soon as the external program has fetched it.
Signed-hostap: Jouni Malinen <j@w1.fi>
This can be used to limit which channels are scanned using the specified
list of frequency ranges in the same format that the SCAN command uses.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit e2f5a9889a was supposed to prevent
new scan request from pushing out the old one. However, it did not
really do that since eloop_deplete_timeout() returned 0 both for the
case where the old timeout existed (and was sooner) and if the old
timeout did not exist. It returned 1 only for the case where an old
timeout did exist and was larger than the new requested value. That case
used to result in wpa_supplicant_req_scan() rescheduling the timeout,
but hew code in eloop_deplete_timeout() did the exact same thing and as
such, did not really change anything apart from the debug log message.
Extend the eloop_deplete_timeout() (and eloop_replenish_timeout() for
that matter since it is very similar) to return three different values
based on whether the timeout existed or not and if yes, whether it was
modified. This allows wpa_supplicant_req_scan() to schedule a new
timeout only in the case there was no old timeout.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
If an external program triggers a scan, wpa_supplicant does not have a
wpa_radio work item for this operation to protect against other
offchannel operations. This can result in operations failing, so try to
avoid damage by not starting any new wpa_radio work items during a scan
that was started by another process.
Signed-hostap: Jouni Malinen <j@w1.fi>
This type of protection against concurrent connection and scan
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.
Signed-hostap: Jouni Malinen <j@w1.fi>
This type of protection against concurrent connection and offchannel GAS
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.
Signed-hostap: Jouni Malinen <j@w1.fi>
Avoid concurrent GAS operations with any other exclusive use of the
radio by using the radio work queuing mechanism. This replaces some of
the earlier constraints on concurrent operations with the more generic
wpa_radio work concept.
Signed-hostap: Jouni Malinen <j@w1.fi>
Avoid concurrent P2P Listen operations with any other exclusive use of
the radio by using the radio work queuing mechanism. This removes some
of the earlier workarounds that postponed scans depending on other
operations.
Signed-hostap: Jouni Malinen <j@w1.fi>
Avoid concurrent P2P scan requests with any other exclusive use of the
radio by using the radio work queuing mechanism. This removes some of
the earlier workarounds that postponed scans depending on other
operations.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new radio work item concept can be used to request time for an
operation that requires exclusive radio control, e.g., a scan. Once the
radio is available, the registered callback function will be called.
radio_work_done() must be called once the exclusive radio operation has
been completed, so that the radio is freed for other operations. The
special case of deinit=1 is used to free the context data during
interface removal. That does not allow the callback function to start
the radio operation, i.e., it needs to free the allocated resources
and return.
Signed-hostap: Jouni Malinen <j@w1.fi>
wpa_s->scan_res_handler is set only for cases where a scan operation is
requested for a specific purpose. As such, this callback should only be
called when a scan result from a scan that was triggered by
wpa_supplicant is processed.
Signed-hostap: Jouni Malinen <j@w1.fi>
The newer wpa_dbg() print includes the same information in a more
convenient form, so remove the duplicate RX ctrl_iface hexdump in the
cases where there is no key material in the control interface commands
(the possible-key-material case is still using wpa_hexdump_ascii_key).
Signed-hostap: Jouni Malinen <j@w1.fi>
wpa_drv_scan() success case was supposed to clear
wpa_s->clear_driver_scan_cache, not params->only_new_results (which
would do nothing here).
Signed-hostap: Jouni Malinen <j@w1.fi>
Track set_key operations per-key index and clear keys on disconnection
only if the key was set (or may have been set which is the case for the
first operation after wpa_supplicant start).
Signed-hostap: Jouni Malinen <j@w1.fi>
If the BSS table within wpa_supplicant is flushed, request the driver to
flush its own scan result table during the next scan. This can avoid
unexpected old BSS entries showing up after BSS_FLUSH or FLUSH command
in cases where the driver may maintain its internal cache of scan
results (e.g., cfg80211 BSS table persists at least for 15 seconds).
In addition to doing this automatically on BSS_FLUSH/FLUSH, a new SCAN
command argument, only_new=1, can be used to request a manual scan
request to do same. Though, it should be noted that this maintains the
BSS table within wpa_supplicant. BSS_FLUSH followed by SCAN command can
be used to clear all BSS entries from both the driver and
wpa_supplicant.
Signed-hostap: Jouni Malinen <j@w1.fi>
These old driver wrappers have been removed quite some time ago, but
some of the build configuration notes were still describing how they
are configured.
Signed-hostap: Jouni Malinen <j@w1.fi>
The 100 ms timeout to clear WPS state after EAP-Failure has been
received worked otherwise fine, but it opened a race condition on
another WPS operation starting within that wait. If that happens, the
timeout will cancel that new operation unexpectedly. Fix this by
cancelling the timeout from wpas_clear_wps().
Signed-hostap: Jouni Malinen <j@w1.fi>
The P2P_PRESENCE_REQ command did not give any easily available
indication of the response received from the GO. Make this more useful
by providing such response (if received) as a ctrl_iface monitor event
(P2P-PRESENCE-RESPONSE).
Signed-hostap: Jouni Malinen <j@w1.fi>
These were somewhat more hidden to avoid direct use, but there are now
numerous places where these are needed and more justification to make
the extern int declarations available from wpa_debug.h. In addition,
this avoids some warnings from sparse.
Signed-hostap: Jouni Malinen <j@w1.fi>
WPA_CIPHER_* and CIPHER_* are used for the exact same set of cipher
suites with the main difference being that the WPA_CIPHER_* version is
suitable to be used as a bitfield. Similarly, WPA_KEY_MGMT_* and
KEY_MGMT_* have similar design for AKMs. There is no need to maintain
two separate copies of the definitions since the bitfield compatible
version can be used for both needs. Get rid of the CIPHER_* and
KEY_MGMT_* versions to clean up the implementation by getting rid of
unnecessary mapping functions.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new cred block parameter 'temporary' can be used to indicate that a
cred block is not to be saved to wpa_supplicant configuration file
(e.g., "SET_CRED 0 temporary 1"). This is similar to the concept of
temporary network blocks and allows cred blocks to be managed outside
the wpa_supplicant config file when other parameters are still saved to
the file written by wpa_supplicant.
Signed-hostap: Jouni Malinen <j@w1.fi>
The option of handling upper layer P2P management operations within the
driver/firmware was originally planned to be used with wpa_supplicant,
but this has not really happened and there is no clear sign of this
being needed in the near term either. This functionality has not been
completed and it is certainly not being kept up-to-date or tested. As
such, it is best to remove it for now and if this or something similar
is needed in the future, it can be brought back once a clear need for it
has been demonstrated first.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, the shorter scan interval was already in use for the
connection following the provisioning step, but same optimization can
also be used for the pre-provisioning scan.
Signed-hostap: Jouni Malinen <j@w1.fi>
This driver event was used separately for some Action frames, but all
the driver wrappers converted to this from information that would have
been enough to indicate an EVENT_RX_MGMT event. In addition, the
received event was then converted back to a full IEEE 802.11 management
frame for processing in most cases. This is unnecessary complexity, so
get rid of the extra path and use EVENT_RX_MGMT for Action frames as
well as other management frame subtypes.
Signed-hostap: Jouni Malinen <j@w1.fi>
The earlier changes to buffer EAPOL frames when not associated to avoid
race conditions (especially commit
3ab35a6603 but maybe something even before
that) broke PeerKey 4-way handshake. Fix this by using a separate check
before the race condition workaround to process PeerKey 4-way handshake
EAPOL-Key messages differently.
Signed-hostap: Jouni Malinen <j@w1.fi>
P802.11-REVmc clarifies that the Target BSSID field is always present
hen status code is zero, so match that requirement.
Signed-hostap: Jouni Malinen <j@w1.fi>
This commit adds few more debug prints to log the RSSI information from
the scanned BSSIDs and the current connected BSSID when comparing
neighbor results during WNM Transition Management Request processing.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, WPS credential provisioning removed duplicated network
entries only if they had identicical SSID, security parameters, and the
keys. However, it is possible that the AP has changes its keys and
leaving the old entry behind can result in connectibity issues (e.g.,
with 4-way handshake failing due to use of the old PSK). Fix this by
allowing the old network entry to be removed even if the keys
(passphrase, PSK, WEP keys) are different.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to enable various testing parameters and
functionality in build configuration.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Since the AP is expected to be available, there is no need to wait for
the full five second wait between scans during WPS connection. This
speeds up cases where the first scan misses the AP for some reason.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It may not always be desirable to trigger reassociation or network
change based on scan results from externally to wpa_supplicant trigger
scan operations. Skip network selection and roaming determination if the
received scan result is known to be triggered by something external to
wpa_supplicant. The control interface SCAN command can be used to
request wpa_supplicant to determine the best network.
Signed-hostap: Jouni Malinen <j@w1.fi>
This avoids some unnecessary attempts to request the driver to start a
scan while it is still busy with the scan operation that was started by
an external program.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows users of wpa_supplicant control interface to figure out when
their specific scan command has been started and completed. For example:
CTRL-EVENT-SCAN-STARTED
> scan freq=2412,2417 passive=1 use_id=1
3
CTRL-EVENT-SCAN-RESULTS
CTRL-EVENT-SCAN-STARTED id=3
CTRL-EVENT-SCAN-RESULTS id=3
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows external programs to request wpa_supplicant to execute
a passive scan (i.e., do not send any Probe Request frames).
Signed-hostap: Jouni Malinen <j@w1.fi>
This parameter was not really used for anything else apart from a debug
message in the same function that set it. In addition, cfg80211 returns
the set of scanned frequencies even for the full scan, so the code that
was setting this conditionally on frequency list not being there was not
really ever entered either.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new freq=<frequency ranges> parameter to the SCAN command can be
used to request a scan to be performed on the specified set of channels
instead of on all channels. For example, "wpa_cli scan
freq=2400-2500,5180" would scan channels 1-14 and 36. Only the channels
that the driver indicates as enabled and that are within the specified
ranges are included in the request.
Signed-hostap: Jouni Malinen <j@w1.fi>
In addition, update build rules to compile object files in the same
directory as the source code file if CONFIG_CODE_COVERAGE=y is set to
make lcov find the source code files.
Signed-hostap: Jouni Malinen <j@w1.fi>
Use an array of ciphers and a loop instead of copy-pasted copies of the
same printing functionality for each cipher.
Signed-hostap: Jouni Malinen <j@w1.fi>
This adds initial parts for supporting the new GCMP-256, CCMP-256,
BIP-GMAC-128, BIP-GMAC-256, and BIP-CMAC-256 cipher suites.
Signed-hostap: Jouni Malinen <j@w1.fi>
In wpa_supplicant_terminate_proc(), while iterating and
terminating interfaces, after an interface is terminated,
we can no longer access its memory as it is no longer valid
and causes a crash.
Fix this by saving the pointer to the next interface before freeing
the current one to avoid accessing an invalid memory location.
Signed-hostap: Moshe Benji <moshe.benji@intel.com>
This just serves to check if there was a scan within
the last 5 seconds, hence it should use monotonic time.
While at it, also use os_reltime_expired().
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
This is only used for a debug message, but that message prints
the time since the last attempt, so it should use monotonic
time instead of wall clock.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The MMIC failure code should use monotonic time to check
whether 60 seconds have elapsed or not. For type-safety,
use struct os_reltime for the timestamp variable, and
also convert to using os_reltime_expired().
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Temporarily disabled networks are disabled for a certain
duration, so the code should use monotonic time.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
GO activation can fail if the first client doesn't connect
within a certain time, but this should not be dependent on
wall time -- use monotonic time instead.
While at it, use os_reltime_expired().
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The reinit detection skips reinit when the time since the own
authentication frame TX is less than half a second, so it shouldn't
be affected by wall time and use monotonic time instead.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The EAPOL RX workaround checks that the events are less than 100 ms
apart, so only uses relative times and should use monotonic time.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The bgscan simple and learn algorithms should run regardless
of wall clock time jumps, so make them use monotonic time.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The BSS table, scan timeout, and related functionality should use
monotonic time since they care about relative values (age) only.
Unfortunately, these are all connected, so the patch can't be split
further. Another problem with this is that it changes the driver wrapper
API. Though, it seems only the test driver is using this.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The SA query timeout is just a regular timeout (currently
hard-coded to 1000 TU), so use monotonic time for it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
bgscan_learn_get_probe_freq() starts from returning the second entry in
the supp_freqs arrays. Change its logic a bit to make it start from the
first entry.
Signed-hostap: Eliad Peller <eliad@wizery.com>
In case the initial signal level of the associated BSS was above the
given threshold, bgscan_learn module would begin using the
short_interval but never switch to the long_interval as there would be
no signal change event. Make the init code poll for the current signal
level and set scan_interval accordingly. This logic exists in
bgscan_simple but was missing in bgscan_learn.
Signed-hostap: Eyal Shapira <eyal@wizery.com>
Some hw modes (e.g., 11b and 11g) contain the same frequencies,
causing the supp_freqs array to be populated with redundant entries.
Check for the existence of the freq before adding it.
Signed-hostap: Eliad Peller <eliad@wizery.com>
Stopping bgscan on any state other than COMPLETED results
in bgscan reset (stop + start) on every rekeying operation.
Signed-hostap: Eliad Peller <eliad@wizery.com>
Do not assume the driver supports QoS Mapping, but instead, advertise
support for this only if CONFIG_INTERWORKING is defined and driver
indicates support for configuring QoS Map.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 202dec2a94 introduced a never
ending loop for a case where a single wpa_supplicant process is used
with multiple radios. Fix this by advancing the iface pointer properly
to the next interface in the loop until a NULL pointer is hit.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Adds support for VHT by parsing bandwidth and center_freq{1,2}.
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Based on priority, remove the connection with least priority whenever
a frequency conflict is detected.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
This field allows adds enough information into the P2P-DEVICE-FOUND
events to figure out if the peer supports Wi-Fi Display.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Allow addition static and shared libraries to be specified from the
eap_proxy_*.mk file for Android build. In addition use $(LOCAL_PATH) as
a prefix for that Android makefile part.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
struct wpa_radio is used as a shared data structure between all struct
wpa_supplicant instances that share the same physical radio.
Signed-hostap: Jouni Malinen <j@w1.fi>
An INTERFACE_DISABLED event received on an interface that is
currently operating a P2P GO means that the group session ended.
In such a case, if the interface was dynamically added remove it, and
if not, remove all the network blocks that are temporary, assuming
that if needed a new session will be started by an external entity.
The use case was triggering rfkill (both SW and HW). This case popped up
as part of a testing cycle, where after a toggle in the rfkill state,
the result was that the interface was not deleted, but on the other hand
the wpa_supplicant did not configure the kernel to re-start the AP
functionality again.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
On scan results event if a concurrent P2P scan was triggered previously,
scan results processing is canceled, p2p_find executed, and a new sta
scan is triggered (pending scan). However, this new sta scan does not
restore the scan_req value of the previous scan (whose scan result has
been canceled).
If we are currently connected to an AP and use ap_scan=2, the new
triggered scan will cause an associtation-without-scan in
wpa_supplicant_scan:
(ap_scan == 2 & scan_req != MANUAL_SCAN_REQ)
=> wpa_supplicant_assoc_try()
causing an association error and a disconnection.
This patch fixes this issue by restoring the previous scan_req value.
Signed-off-by: Loic Poulain <loicx.poulain@intel.com>
This is a mechanism used in Android to extend driver interface in vendor
specific ways. This is included only for the purpose of Android
compatibility. Proper interface commands should be used for any new
functionality.
Signed-hostap: Jouni Malinen <j@w1.fi>
Relative time shouldn't be calculated based on gettimeofday
because that clock can jump (e.g., when the time is adjusted
by the system administrator.)
On systems where that is available, use CLOCK_BOOTTIME (on
fairly recent Linux systems, this clock takes into account
the time spend suspended) or CLOCK_MONOTONIC (on Linux and
some POSIX systems, this clock is just freely running with
no adjustments.)
Reported-by: Holger Schurig <holgerschurig@gmail.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Scan initiated from wps_nfc command context was ketp on
getting rescheduled due to an on-going scheduled scan. So
cancel sched_scan before issuing a reassociation scan.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
The shorter 250 ms wait for the next scan request can be used also for
the case of persistent group re-invocation instead of just formation of
a new group. This speeds up the process and makes this more robust
especially in cases where the GO is using MCC.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The QoS Map Set element was passed in full to the driver instead of just
the payload of the element. This resulted in the updated QoS Map being
rejected. Validate the element id/len and send only the payload to the
driver.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Only force_freq was used in the wpas_p2p_set_own_freq_preference() call
which allowed the P2P module channel re-selection to ignore the
preference for using a channel we are already using. Fix this by setting
either force_freq or pref_freq as the preference based on which one is
set. This allows p2p_ignore_shared_freq parameter to be used whether to
prefer the shared frequency in this case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need to use wpas_p2p_num_unused_channels() here in the
default configuration of p2p_ignore_sahred_freq=0, so re-order the
conditions to skip that operation. This is a bit more efficient and the
debug log is also a bit cleaner in the default case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
p2p_ignore_shared_freq=1 was supposed to allow a MCC-capable device to
ignore a preference for using the same channel on multiple interfaces.
However, it was not used when inviting a peer to re-invoke a persistent
group. This case needs special handling since the peer's channel list is
not available to perform channel reselection and the operating channel
indicated in the Invitation Request frames ends up getting used as the
operating channel if the transmitted of that frames becomes the GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
p2p_ignore_shared_freq=1 was supposed to allow a MCC-capable device to
ignore a preference for using the same channel on multiple interfaces.
However, it was not used during processing of an Invitation Request. Fix
that case to use channel preference instead of channel forcing if free
channels are available. This allows p2p_ignore_shared_freq=1 case to
ignore the preference.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It is confusing to talk about current operating channels being
unavailable for P2P when there are no current operating channels. Make
the debug message easier to understand.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It is clearer if there is only a single loop of the channel list and
shared debug prints. In addition, the note about current operating
channels not being available is quite confusing if there are no
operating group, so make that part of the message conditional.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 0d08efa447 modified
wpas_p2p_setup_freqs() design to use number of MCC channels capability
from the driver. However, it resulted in regression on how the preferred
vs. forced channel selection is done in the case of a MCC device.
force_freq was set unconditionally even though this was supposed to be
done only if no additional channels are available. pref_freq needs to be
used when possible to avoid preventing connection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
While starting from PNO start context, the scheduled scan was not
setting the flag wpa_s->scanning. This was resulting in the subsequent
SCAN command to proceed further and send command to nl80211/cfg80211.
The expected behavior of cancelling sched_scan was not happening here.
While sched_scan is in progress and a legacy scan comes on the
cli/socket, the sched_scan is cancelled and normal scan is allowed to
continue. However, sometimes sched_scan cancelled event comes a bit
delayed and we will send out the scan command before the wpa_s->scanning
is cleared. Instead, reschedule the incoming scan req if the
wpa_s->scanning shows that it is still in progress.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Add chan_switch to the control interface of wpa_supplicant and hostapd,
and also to wpa_cli and hostapd_cli.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Build CSA settings and call the driver to perform the switch. Construct
Beacon, Probe Response, and (Re)Association Response frames both for CSA
period and for the new channel. These frames are built based on the
current configuration. Add CSA IE in Beacon and Probe Response frames.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add csa_settings struct which holds parameters for CSA. Change driver
interface for switch_channel(), so that it will receive this struct and
not only the new frequency as it was before. This allows wpa_supplicant
to provide all the required parameters (beacons, proberesp, assocresp,
CSA IE) which are required by cfg80211 implementation.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This was supposed to be a minimal sample of eloop wrapper, but it is
unclear whether this is of that much use and the file has not been kept
up-to-date. Remove this file to reduce maintenance effort. The other
eloop*.c files can be used as a starting point if something new is
needed.
Signed-hostap: Jouni Malinen <j@w1.fi>
This triggers re-transmission of CTRL-EVENT-STATE-CHANGE and
CTRL-EVENT-CONNECTED events on STATUS command for Android framework
specific processing.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Commit eb32460029 left an unneeded
sim_type argument to scard_init(). Remove that unnecessary argument to
clean up the implementation.
Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
Add DBus methods for TDLS operations similar to those available
for the control interface. This includes Discover, Setup, and
Teardown commands. While here, add a method to query the TDLS
link status and add a DBus method for it.
Tested with CONFIG_TDLS enabled, on a TDLS-enabled host and
peer capable of TDLS:
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
/fi/w1/wpa_supplicant1/Interfaces/0 \
fi.w1.wpa_supplicant1.Interface.TDLSStatus string:<peer-mac-address>
yields: string "peer does not exist"
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
/fi/w1/wpa_supplicant1/Interfaces/0 \
fi.w1.wpa_supplicant1.Interface.TDLSDiscover string:<peer-mac-address>
yields no error
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
/fi/w1/wpa_supplicant1/Interfaces/0 \
fi.w1.wpa_supplicant1.Interface.TDLSSetup string:<peer-mac-address>
yields no error
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
/fi/w1/wpa_supplicant1/Interfaces/0 \
fi.w1.wpa_supplicant1.Interface.TDLSStatus string:<peer-mac-address>
yields: string "connected" after TDLS completes
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
/fi/w1/wpa_supplicant1/Interfaces/0 \
fi.w1.wpa_supplicant1.Interface.TDLSTeardown string:<peer-mac-address>
yields no error
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
/fi/w1/wpa_supplicant1/Interfaces/0 \
fi.w1.wpa_supplicant1.Interface.TDLSStatus string:<peer-mac-address>
yields: string "peer not connected"
Signed-hostap: Paul Stewart <pstew@chromium.org>
Request new scan only for the interface for which the original scan
request and results has come. Otherwise while sharing scan results along
with P2P interfaces, the new scan will be requested on P2P interfaces.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Since eloop_deplete_timeout() is doing practically same in
wpa_supplicant_req_scan(), revert the old mechanism from commit
7e1488494e to avoid unnecessary work in
this function.
Signed-hostap: Jouni Malinen <j@w1.fi>
During persistent group re-invocation, GO may end up using a different
channel as the operation channel compared to what was indicated in the
invitation frames. This may break the connection if the peer device ends
up scanning the GO only on the channel from the invitation frame. Fix
this by using the negotiated channel (if available) on the GO as the
operating channel instead of the channel that was provided in the
p2p_invite command to start negotiation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
There are use cases requesting the host driver to initiate the TDLS
setup with the peer only when configured by the external applications.
Thus, enable this control by tdls_external_control=1 and pass the
requisite information for the specific TDLS operation to the driver
on the request from such use cases.
This operation mode expects the driver to initiate TDLS link
automatically based on signal strength and traffic to a peer and tear
down links whenever they are not used or suitable due to signal strength
etc. The list of peers with which such operations are to be performed
are provided with the TDLS driver operations.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This is a better way of matching P2P groups based on the unique P2P
Device Address (e.g., from P2P Group ID) and SSID pair instead of using
the not necessarily unique P2P Interface Address.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need to parse the IE buffer again to find the SSID of the
BSS since that information is already stored in struct wpa_bss.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If a BSS is disallowed temporarily with disallow_aps, the network
connection is going to fail. As such, there is not much point in
allowing Interworking network selection to try to connect with such BSS.
As such, do not consider disallowed networks for automatic network
selection and reject requests to connect to them through
INTERWORKING_CONNECT.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Do not add multiple network blocks for the same network from a single
credential. INTERWORKING_CONNECT used to generate a new network block
for each instance regardless of what network blocks have already been
configured. While this allows the connection to go through, it is not
efficient to leave behind potentially large number of network blocks
with the same contents (or worse, changed contents). Address this by
removing an older network block for the same credential before adding a
new one.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If we are already connected to the selected AP with a network block
that was created based on the selected credential, do not force a
reconnection or network block update.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This prints out get_shared_radio_freqs() results and related information
from P2P operations to make debug logs more helpful for figuring out
issues related to multi-channel concurrency.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When trying to choose a frequency that can be used for GO instantiation,
properly check if there are free channels that can be used.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
The idx variable was mistakenly set to 0 at the beginning of the
interface iteration. This could result in the operating channel of the
interface calling the function from being removed from the returned
frequency array if other interfaces were operating.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
This option can be used to globally configure bgscan parameters
for all the network blocks.
Note that this configuration will not override a network block
specific bgscan settings, but will only be used in case that
the network block does not have a valid bgscan configuration.
Signed-hostap: Haim Dreyfuss <haim.dreyfuss@intel.com>
Try to read the IMSI values through the eap_proxy layer for Interworking
functionality again if the value was not available at startup.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Number of regressions had shown up in wpa_supplicant implementation of
SAE group selection due to different integer array termination (-1 in
hostapd, 0 in wpa_supplicant) being used for SAE groups. The
default_groups list did not seem to use any explicit termination value.
In addition, the sae_group_index was not cleared back to 0 properly
whenever a new SAE session was started.
Signed-hostap: Jouni Malinen <j@w1.fi>
It was possible for the wpa_s->show_group_started and wpa_s->go_params
to be left set when a P2P group was removed before group formation had
completed. In case a separate P2P group interface was not used, this
could rsult in all future scans using the hardcoded DIRECT-* SSID and as
such, not find the network they were trying to find. Fix this by
clearing these P2P parameters on group removal.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It can be useful to see whether the specific P2P SSID was used for scan
based on p2p_in_provisioning or show_group_started when debugging issues
where this case shows up unexpectedly.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When removing and re-adding the first wlan# netdev to hostapd
dynamically, the netdev is already present and should not be removed and
re-added to maintain its state as not-added-by-hostapd so that it does
not get removed automatically.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpas_p2p_setup_channels function uses the per interface information
(wpa_s->hw.modes) for setting up the available channel list for P2P
operation, but if a separate P2P interface is used (e.g., p2p0 on
Android), the wpa_s instance for that interface may not get an updated
channel list. This can result in some operations, like "P2P_SET
disallow_freq", using old channel list information (e.g., world roaming
information with passive-scan/no-ibss flags) which was initialized
during the start-up. This could result in P2P functionality using
conflicting or obsolete channel information.
To resolve this issue, update channel list information on regulatory
change events to all of the virtual interfaces sharing the same phy for
which the event is received.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it more convenient to move BSS configuration entries between
struct hostapd_config instances to clean up per-BSS configuration file
design.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This allows sp_type={home,roaming,unknown} to be used to determine
network type with SIM-based credentials even if the domain name
parameter is not configured explicitly.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit ca9bc5b566 added wpas_conf_ap_vht()
as a static function with the caller within CONFIG_IEEE80211N, but the
function outside. This resulted in a compiler warning for wpa_supplicant
AP/P2P builds when CONFIG_IEEE80211N=y was not used. Fix that by using
matching conditional block around the function.
Signed-hostap: Jouni Malinen <j@w1.fi>
Start GO with VHT support if VHT option was requested
and the appropriate channels are available.
Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
Add the option to ask for VHT operation similarly to the way ht40 is
configured - either by adding 'vht' param to the relevant p2p_*
commands or by configuring p2p_go_vht=1 in the configuration file.
This patch only adds the configuration option (e.g., via control
interface). The actual handling of the VHT parameter (asking the driver
to use VHT, etc.) will be done by the following patch.
Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
In order to support P2P GO with 11ac support, add CONFIG_IEEE80211AC
config option support to the Makefile.
Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
Both of these variables can result in optimized WPS scans, so better
clear these more consistently to avoid unexpected single-channel scans.
Signed-hostap: Jouni Malinen <j@w1.fi>
This was forgotten from the previous commit which allowed some cases to
trigger single-channel scan incorrectly if an optimized WPS scan had not
yet been completed at the time network selection was started.
Signed-hostap: Jouni Malinen <j@w1.fi>
Make sure special optimized scans (like WPS-single-channel or
sched_scan) do not get used during the network selection scan. This
could have been hit in cases where a previous operation has been stopped
in a state where special scan parameters were going to be used.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new p2p_add_cli_chan=1 configuration parameter can be used to
request passive-scan channels to be included in P2P channel lists for
cases where the local end may become the P2P client in a group. This
allows more options for the peer to use channels, e.g., if the local
device is not aware of its current location and has marked most channels
to require passive scanning.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new p2p_no_go_freq frequency range list (comma-separated list of
min-max frequency ranges in MHz) can now be used to configure channels
on which the local device is not allowed to operate as a GO, but on
which that device can be a P2P Client. These channels are left in the
P2P Channel List in GO Negotiation to allow the peer device to select
one of the channels for the cases where the peer becomes the GO. The
local end will remove these channels from consideration if it becomes
the GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_s->conf cannot be NULL because wpa_supplicant_init_iface() would not
allow wpa_supplicant_add_iface() to return wpa_s instance in such state.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 2e5ba4b6d1 moved this to a function
and updated one of the os_snprintf() calls to use the len parameter, but
forgot the other one.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Trying to access the SIM card details without checking if the eap_proxy
layer has been initialized can results in a crash. Address this by
sending the request for the IMSI through eapol_supp_sm.c which can
verify that eap_proxy has been initialized.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible for there to be two pending off-channel TX frames, e.g.,
when two devices initiate GO Negotiation at more or less the same time.
This could result in the TX status report for the first frame clearing
wpa_s->pending_action_tx that included the newer frame that has not yet
been transmitted (i.e., is waiting to be sent out). Avoid losing that
frame by confirming that the TX status payload matches the pending frame
before clearing the pending frame and reporting the TX status callback.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
DISCONNECT followed by ENABLE_NETWORK ended up starting a scan for a new
connection due to wpa_supplicant_enable_one_network() setting
wpa_s->reassociate = 1. This was done regardless of wpa_s->disconnected
being 1 which should imply that wpa_supplicant should not try to connect
before asked explicitly with REASSOCIATE or RECONNECT.
Fix this by making ENABLE_NETWORK setting of reassociate = 1 and
starting of scans for connection conditional on wpa_s->disconnected ==
0. This will make ENABLE_NETWORK trigger a connection only if
wpa_supplicant is already in a state where it would try to connect if
there are any enabled networks.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
To disallow roaming when a scan request's results are read, callers
of the D-Bus Scan() method may add a new "AllowRoam" boolean key
to the scan options dictionary and set that key's value to FALSE.
Signed-hostap: Dan Williams <dcbw@redhat.com>
If a scan is currently running and the scan interval is changed, a
second scan will be started before the current has finished. This will
in turn, if no networks are configured, cause wpa_s->state to be
forced to WPA_INACTIVE before the first scan has finished.
Signed-hostap: Pontus Fuchs <pontus.fuchs@gmail.com>
Need to use the pointer to the current ongoing query instead of matching
from the pending list based on the destination address so that we get
the correct query instance when processing the TX status report.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
These operations can have conflicting offchannel requirements, so wait
with a new scan trigger until a pending GAS query has been completed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Offchannel operations needed for a GAS query can conflict with ongoing
scan/connection progress, so delay GAS queries if such an operation is
in progress on the current interface or any virtual interface sharing
the same radio.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It would be possible to issue another GAS query when a previous one is
still in progress and this could result in conflicting offchannel
operations. Prevent that by delaying GAS query initiation until the
previous operation has been completed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it less likely to forget WPS single-channel scan optimization
in effect after having completed the WPS operation or in case WPS
operating gets cancelled.
Signed-hostap: Jouni Malinen <j@w1.fi>
When a GO or P2P Client invites a peer device to join an already
operating group, the Operating Channel in Invitation Request needs to be
forced to the current operating channel of the group.
Signed-hostap: Jouni Malinen <j@w1.fi>
wpa_printf() does not need '\n' so remove the extra newline. In
addition, drop the priority of this message from MSG_INFO to MSG_DEBUG
since this is in no way exceptional operation.
Signed-hostap: Jouni Malinen <j@w1.fi>
This makes it easier to debug issues related to selecting GO information
from the latest updated BSS table entry.
Signed-hostap: Jouni Malinen <j@w1.fi>
Use similar mechanism to CONFIG_PCSC=y case to set the IMSI and MNC
length for eap_proxy. This allows automatic 3GPP realm comparison
against the domain list.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new configuration parameter external_sim=<0/1> can now be used to
configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM
authentication for EAP-SIM or UMTS authentication for EAP-AKA). The
requests and responses for such operations are sent over the ctrl_iface
CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing
password query mechanism.
Changes to the EAP methods to use this new mechanism will be added in
separate commits.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is needed to avoid issues with control interface commands that
could request BSS list during an eapol_test run. wpa_cli tries to update
its internal BSS list and that could trigger eapol_test crashes without
this.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is what the original implementation did years ago, but the move to
using separate control interface backends re-ordered the implementation
to process EAPOL notification first. Use a registered timeout to allow
the ctrl_iface response to be sent out first to get somewhat faster
response time and to avoid pending operations that could result in
ctrl_iface response and unsolicited event messages from getting mixed
up.
Signed-hostap: Jouni Malinen <j@w1.fi>
The eap_param_needed callback was forgotten from eapol_test and this
prevented external EAP request processing through ctrl_iface from being
tested.
Signed-hostap: Jouni Malinen <j@w1.fi>
wpa_s->global is now dereferenced in number of places and at least one
of them hits in eapol_test cases. Fix issues with this by setting the
global pointer to empty data.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows credentials to be limited from being used to connect to a
network unless the AP advertises a matching roaming consortium OI.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This allow GAS operations to be fine-tuned based what happens with GAS
query TX. Failed queries are timed out immediately and acknowledged
queries are given some more time to account for possible TX queue
latencies.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Indicate support for QoS Mapping and configure driver to update the QoS
Map if QoS Map Set elements is received from the AP either in
(Re)Association Response or QoS Map Configure frame.
This commit adds support for receiving the frames with nl80211 drivers,
but the actual QoS Map configuration command is still missing.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This allow domain_suffix_match to be specified for a cred block and then
get this copied for the network blocks generated from this credential as
part of Interworking network selection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Credentials can now be configured with more than one FQDN ('domain'
field in the cred block) to perform Domain Name List matching against
multiple home domains.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new domain_suffix_match (and domain_suffix_match2 for Phase 2
EAP-TLS) can now be used to specify an additional constraint for the
server certificate domain name. If set, one of the dNSName values (or if
no dNSName is present, one of the commonName values) in the certificate
must have a suffix match with the specified value. Suffix match is done
based on full domain name labels, i.e., "example.com" matches
"test.example.com" but not "test-example.com".
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add DFS structures/events handlers, CAC handling, and radar detection.
By default, after radar is detected or the channel became unavailable, a
random channel will be chosen.
This patches are based on the original work by Boris Presman and
Victor Goldenshtein. Most of the DFS code is moved to a new dfs.c/dfs.h
files.
Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
wpa_config_write_key_mgmt has a buffer size of 50. This is not enough
to fit the longest case. I used a network with "WPA-PSK WPA-EAP
WPA-NONE" and CONFIG_IEEE80211R=y + CONFIG_IEEE80211W=y to produce
a string longer than 50 chars. Increase the buffer size to 100 to
prevent truncated output.
Truncated output is not the only problem. If the buffer end is
reached when adding certain key mgmt types the function does not
return immediately. This leaves pos > end. When a second os_sprintf
is called the calculation of end - pos yields a large positive
number for buffer size. End result is a write beyond the buffer end.
Fix this by bailing out if buffer end is reached.
Signed-hostap: Pontus Fuchs <pontus.fuchs@gmail.com>
Cancel scheduled scan (if any) before attempting to scan for the newly
received configuration/credential in WPS NFC Config token case.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
P2P-GROUP-STARTED event depends on having enough information about the
group available. To avoid incomplete information from being delivered to
upper layers, do not accept scan results without P2P IE (e.g., from a
non-P2P scan) for P2P client association process. This can be of use for
some join-a-group cases where non-P2P scans have generated the BSS entry
for the GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
P2P IE may be available from a Beacon frame from a GO even if we have
not yet received a Probe Response frame with P2P IE from that GO. Since
all the needed information for determining the GO's P2P Device Address
and group capabilities are available, use that information instead of
displaying incomplete group information.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This fixes some P2P-join-a-group cases where GO may have been discovered
based on passive scan or non-P2P scan. P2P IEs may have been received
from a Beacon frame in such a case and that information can be used to
create a P2P peer entry, e.g., to allow provision discovery exchange to
be completed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible that a P2P GO has been discovered through a non-P2P scan
that did not return P2P IE in Probe Response frames. To cover those
cases, check also Beacon frame (if received) for P2P IE.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This could happen when non-P2P station interface runs a scan without P2P
IE in the Probe Request frame. P2P GO would reply to that with a Probe
Response that does not include P2P IE. Do not update the IEs in this BSS
entry to avoid such loss of information that may be needed for P2P
operations to determine group information.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If a group was removed before the wait for the first client had timed
out and the client had not yet connected, p2p_go_wait_client could have
been left set and with that, scan operations could be unnecessarily
delayed. This fixes some undesired delays from commit
c1c0b35fea.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 41f853235f extends group formation
timeout for the first data connection to complete and resets
p2p_go_group_formation_completed flag due to which p2p_in_provisioning
and p2p_group_formation flags are not cleared when
wpas_group_formation_completed() is called. This can result in both
station scan and p2p_find failures in the case where separate P2P group
interface is not used and the client does not complete 4-way handshake.
Fix this by clearing p2p_group_formation and p2p_in_provisioning when
such a P2P group is deleted.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add Extended Capabilities element to association request only if the AP
included this element in Beacon/Probe Response frames. This is a
workaround to address interoperability issues with some older APs that
do not seem to be able to handle Extended Capabilities element in
(Re)Association Request frames.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Update the p2p_go_wait_client timestamp in p2p_go_configured() to
address the case where the group is set up without the provisioning
step.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Making this function be used only for external setup case simplifies the
implementation and makes core wpa_supplicant calls in ctrl_iface.c and
events.c consistent.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Linux capabilities cap_net_admin and cap_net_raw can be used to replace
need for running wpa_supplicant as a root process.
Signed-hostap: Jouni Malinen <j@w1.fi>
STATUS-DRIVER command can now be used to fetch driver interface status
information. This is mainly for exporting low-level driver interface
information for debug purposes.
Signed-hostap: Jouni Malinen <j@w1.fi>
no_ctrl_interface parsing was declared within ifdef CONFIG_CTRL_IFACE
block, so the parser function needs to be marked similarly.
Signed-hostap: Jouni Malinen <j@w1.fi>
This can be used to override previously set ctrl_interface value in a
way that clears the variable to NULL instead of empty string. The only
real use case for this is to disable per-interface ctrl_interface from
the additional control file (-I<file>) in case ctrl_interface was set in
the main configuration file. It should be noted that zero-length
ctrl_interface parameter can be used to initiate some control interface
backends, so simpler designs were not available for this.
The format of the new parameter is not exactly cleanest due to
configuration file parsing assumptions. For example:
ctrl_interface=....
no_ctrl_interface=
would end up with ctrl_interface=NULL.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When the BSS table is being updated based on new scan results, a BSS
entry could end up getting added into last_scan_res list multiple times
if the scan results from the driver includes duplicated values. This
should not happen with driver_nl80211.c since it filter outs duplicates,
but in theory, other driver wrappers could indicate such scan results.
Anyway, it is safer to make sure this cannot happen by explicitly
verifying the last_scan_res list before adding an updated BSS entry
there. A duplicated entry in the list could potentially result in freed
memory being used if there is large enough number of BSSes in the scan
results to cause removal of old BSS entries.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If there are large number of BSSes in the scan results, BSS table update
could have added a BSS entry to the last_scan_res in a case where that
BSS entry got just deleted. This would happen only if there are more
than bss_max_count (by default 200) BSSes and if at least bss_max_count
of those BSSes are known (match a configured network). In such a case,
wpa_bss_add() could end up allocating a new BSS entry and return a
pointer to that entry even if it was the one that ended up getting freed
to keep the BSS table length within the limit. This could result in
freed memory being used and the process crashing (likely with segfault)
when trying to access information from that BSS entry.
Fix the issue by removing the oldest BSS entry before linking the new
entry to the table. This makes sure the newly added entry will never get
picked up as the one to be deleted immediately.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, GO considered the group to be fully re-invoked after
starting beaconing on successful invitation exchange. This would leave
the group running until idle timeout (which may not be enabled) or
explicit removal if the client fails to connect for any reason. Since
the client is expected to connect immediately after the invitation
exchange that ends with status=0 (i.e., either client initiated the
exchange or it responded with success), extend group formation timeout
to cover that period until the first successfully completed data
connection. This allows the GO to remove the group automatically if the
client devices does not connect within
P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE (15) seconds.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, GO considered the group to be fully formed at the completed
of WPS provisioning step. This would leave the group running until idle
timeout (which may not be enabled) or explicit removal if the client
fails to connect for any reason. Since the client is expected to connect
immediately after the WPS provisioning step, extend group formation
timeout to cover that period until the first successfully completed data
connection. This allows the GO to remove the group automatically if the
client devices does not connect within P2P_MAX_INITIAL_CONN_WAIT_GO (10)
seconds.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Killing the wpa_supplicant process or using TERMINATE ctrl_iface command
resulted in the process existing without cleaning up possibly added
dynamic P2P group interfaces. Clean this up by stopping each P2P group
before stopping eloop.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, wpa_msg_register_cb() was called only from successful
completion of per-interface control interface initialization. This would
leave the callback unregistered in case only the global control
interface is used which would result in not delivering control interface
events on the global interface. Fix this by registering the callback
handler also from successful initialization of the global control
interface.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If wpa_supplicant ctrl_iface clients are misbehaving and refusing to
read replies or event messages from wpa_supplicant, the single socket
used in wpa_supplicant to send messages can reach the maximum send
buffer limit. When that happens, no more responses to any client can be
sent. Work around this by closed and reopening the socket in case such a
failure state is detected. This is obviously not desirable since it
breaks existing connected sockets, but is needed to avoid leaving
wpa_supplicant completely unable to respond to any client. Cleaner fix
for this may require more considerable changes in the ctrl_iface design
to move to connection oriented design to allow each client to be handled
separately and unreachability to be detected more reliably.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Prepare reply buffer first for all cases and then use a single sendto()
call instead of three calls depending on reply type. This allows simpler
error handling for control interface send operations.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The interval for the PNO scan did not use the configured sched_scan
interval. This commit addresses the same by using the configured value
or the default of 10 seconds if configuration parameter is not used.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It was possiblle for the group formation timeout to be left running even
after the P2P Client connected to the group if the WPS provisioning step
was not completed cleanly (e.g., due to WSC_Done not getting received
from the client). There is no need to remove the group in such case due
to the initial group formation timeout, so work around this by removing
that timeout on data connection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
There was already a CFG_CHANGED_P2P_OPER_CHANNEL handler function, but
this flag was not set when the p2p_oper_reg_class or p2p_oper_channel
parameters were changed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant crashes if driver configuration for AP mode interface
configuration fails after group negotiation. This is because of a
regression from commit 1075b29571 that
ends up freeing the wpa_s instance from within
wpa_supplicant_create_ap() without the caller knowing.
Fix this by using an eloop timeout to free remove the P2P group so that
wpa_supplicant_create_ap() and especially wpa_supplicant_associate()
callers do not need to know about interface getting possibly removed. In
addition, move the P2P specific code into p2p_supplicant.c where it
really belongs. This allows the already existing group formation timeout
to be used by reducing the timeout to zero.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Avoid potential issues with removing a P2P group on PSK failure directly
from the wpa_supplicant_event() call since the caller (in driver_*.c)
may not be prepared for the interface disappearing at that point in
time.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible for the GO of a persistent group to change the PSK or
remove a client when per-client PSKs are used and this can happen
without the SSID changing (i.e., the group is still valid, but just not
for a specific client). If the client side of such persistent group ends
up trying to use an invalidated persistent group information, the
connection will fail in 4-way handshake. A new WPS provisioning step is
needed to recover from this.
Detect this type of case based on two 4-way handshake failures when
acting as a P2P client in a persistent group. A new
"P2P-PERSISTENT-PSK-FAIL id=<persistent group id>" event is used to
indicate when this happens. This makes it easier for upper layers to
remove the persistent group information with "REMOVE_NETWORK <persistent
group id>" if desired (e.g., based on user confirmation).
In addition to indicating the error cases for persistent groups, all
this type of PSK failures end up in the client removing the group with
the new reason=PSK_FAILURE information in the P2P-GROUP-REMOVED event.
Signed-hostap: Jouni Malinen <j@w1.fi>
If a client joins a P2P group multiple times, replace the previous
per-client PSK entry instead of adding a new entry each time.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new control interface command P2P_REMOVE_CLIENT <P2P Device
Address|iface=Address> can now be used to remove the specified client
from all groups (ongoing and persistent) in which the local device is a
GO. This will remove any per-client PSK entries and deauthenticate the
device.
Signed-hostap: Jouni Malinen <j@w1.fi>
Record all generated per-client PSKs in the persistent group network
block and configure these for the GO Authenticator whenever re-starting
the persistent group. This completes per-client PSK support for
persistent groups.
Signed-hostap: Jouni Malinen <j@w1.fi>
When using per-device PSKs, select the PSK based on the P2P Device
Address of the connecting client if that client is a P2P Device. This
allows the P2P Interface Address to be changed between P2P group
connections which may happen especially when using persistent groups.
Signed-hostap: Jouni Malinen <j@w1.fi>
This can be used to implement per-device PSK selection based on the
peer's P2P Device Address instead of P2P Interface Address.
Signed-hostap: Jouni Malinen <j@w1.fi>
This makes the P2P Device Address of the Enrollee available with the PSK
records to allow P2P Device Address instead of P2P Interface Address to
be used for finding the correct PSK.
Signed-hostap: Jouni Malinen <j@w1.fi>
"wpa_cli p2p_set per_sta_psk <0/1>" can now be used to disable/enable
use of per-device PSKs in P2P groups. This is disabled by default.
When enabled, a default passphrase is still generated by the GO for
legacy stations, but all P2P and non-P2P devices using WPS will get
a unique PSK.
This gives more protection for the P2P group by preventing clients from
being able to derive the unicast keys used by other clients. This is
also a step towards allowing specific clients to be removed from a group
reliably without having to tear down the full group to do so.
Signed-hostap: Jouni Malinen <j@w1.fi>
Even after listen duration is over, P2P module remained in
P2P_LISTEN_ONLY state, which is blocking station mode scans. Fix this by
stopping P2P listen explicitly to update p2p_state to IDLE when listen
duration expires.
Signed-hostap: Syed Asifful Dayyan <syedd@broadcom.com>
wpa_cli filters out extra DISCONNECTED events from action scripts. This
ended up filtering out the first real DISCONNECT event in case wpa_cli
was started when wpa_supplicant was in connected state. Change wpa_cli
to allow the first disconnection event to be reported to the action
script in such case.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, network added event was skipping during group formation.
However, this did not necessarily catch all cases of temporary P2P
network blocks. Check ssid->p2p_group to make this behavior more
consistent by avoiding all P2P groups.
Signed-hostap: Jouni Malinen <j@w1.fi>
By default, P2P is initialized for all driver interfaces and this makes
P2P getting initialized for non-P2P station interface if the supplicant
is started first on this interface. If an interface is dedicated for
non-P2P station mode, it is now possible to disable P2P initialization
by adding 'p2p_disabled=1' in the configuration file of non-P2P station
interface, irrespective of the order in which supplicant is started.
Signed-hostap: Sreenath Sharma <sreenats@broadcom.com>
Right now in case of deauthentication from GO, immediate group removal will
happen in GC only if the deauthentication packet has a valid IE. However,
the IE in deauthentication packet is mandated only for managed P2P group.
So in normal P2P group the group removal is delayed and will happen later
only in group idle timeout.
This fixes a regression from commit
d7df0fa727 that changed the previous check
for data->deauth_info != NULL to data->deauth_info->ie != NULL.
Signed-hostap: Sreenath Sharma <sreenats@broadcom.com>
It is possible for the peer device not to support Authentication frame
exchange even though this would be required functionality in the
standard. Furthermore, either Authentication frame may be lost. To
recover from cases where Authentication frame sequence 2 is not
received, start EAPOL Authenticator from one second timeout.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, concurrent station mode scans were postponed during an
ongoing P2P group formation up to the point of completed WPS
provisioning step. This would allow a scan to be started before the P2P
client has completed association for the data connection if a scan
request were timed to hit the window between the provisioning step and
the following association. Avoid this by extending P2P-in-progress state
to continue until the first data connection has been completed as part
of group formation. Use a ten second timeout for this to avoid leaving
scans disabled indefinitely if the client fails to connect completely.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible for the driver to report EAPOL frame RX before
Authentication frame RX even if the frames arrived in the opposite
order. This can result in issues in cases where both IBSS peers initiate
Authentication frame exchange at about the same time and one of the
EAPOL sessions is started before processing Authentication frame seq=1
RX. Work around this by not re-initializing EAPOL state on
Authentication (SEQ=1) RX if own Authentication frame was transmitted
within last 500 ms.
Signed-hostap: Jouni Malinen <j@w1.fi>
This provides status information about the negotiated group to
wpa_supplicant control interface monitors during group formation in a
form that is easier to use than having to fetch the information
separately.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This replaces number of perror() calls with wpa_printf() to get the
error messages embedded within rest of the debug messages in the same
stream instead of pushing these to stderr which may get directed to
another location.
Signed-hostap: Jouni Malinen <j@w1.fi>
This new control interface event message is used to indicate when
both 4-way handshakes have been completed with a new IBSS peer.
Signed-hostap: Jouni Malinen <j@w1.fi>
This provides global status information that is applicable to all
interfaces (e.g., P2P state). In addition, ifname/address pairs are
listed to get information of all the interfaces that are currently
managed through this wpa_supplicant instance.
Signed-hostap: Jouni Malinen <j@w1.fi>
This iterates through all interfaces and saves configuration file
updates for each interface that allows it (update_config=1).
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows global parameters to be set through the global control
interface without having to use IFNAME prefix. For now, this covers
only the wifi_display parameter.
Signed-hostap: Jouni Malinen <j@w1.fi>
There were some code paths that allowed obsolete configuration data
pointer to be maintained within EAPOL supplicant in case a network was
removed while not connection to it (i.e., wpa_s->current_ssid not
pointing to the network that was removed). This could result in use of
freed memory, e.g., from eap_sm_notify_ctrl_attached() when a new
control interface connected prior to the EAPOL supplicant configuration
pointer got updated.
Signed-hostap: Jouni Malinen <j@w1.fi>
In AP mode the frequency was initialized only after trying to set up the
AP which caused failure. Move AP frequency initialization to the right
place. This allows an AP mode network block without the frequency
parameter to be used with the default channel 11 being selected in that
case.
Signed-hostap: Avraham Stern <avraham.stern@intel.com>
When 'p2p_group_remove *' is called while the station interface
is connected, the flow also disconnects the station interface.
Fix this by skipping non-P2P interfaces in the iteration.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
According to WSC specification (Ver 2.0.2, section 8.3), RF Bands
attribute should be set to the specific RF band used for the current
message. Add an option to set wanted band in wps_build_rf_bands() and
add a callback to get the current band from wpa_supplicant and hostapd.
Signed-hostap: David Spinadel <david.spinadel@intel.com>
Reduce the wait time for the monitor control interfaces to get
messages on wpa_supplicant de-init etc., as this significantly delays
the shutdown of the wpa_supplicant.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
In case a control interface socket is detached because of sendmsg()
failing for the socket, function call to detach the socket uses a
pointer to the socket information in the structure to be freed. Reorder
code to print socket info before freeing the data to avoid use of freed
memory in case debug prints are enabled.
Signed-hostap: Jouni Malinen <j@w1.fi>
This keeps wpa_supplicant from hanging forever if the other end of the
socket dies. This is similar to the earlier commit
4fdc8def88 to make the global control
interface befave in the same way.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, wpa_supplicant behavior in WEP configuration was to try to
mimic a device that is not aware of WPA/WPA2 and as such, it tried to
connect to a WPA/WPA2 AP with the assumption that the AP could be
providing support for both WEP and WPA/WPA2 stations in the same BSS.
Such APs could have been used during transition from WEP to more secure
options, but that type of deployment have not been used in large number
and are not really of much use anymore taken into account that more or
less all new devices support WPA/WPA2. That combined with the preference
to deprecate WEP justifies removing this use case and making WEP
networking matching more strict by using the knowledge of AP advertising
WPA/WPA2 as an indication of WEP not being supported.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit c7a67a7719 forced disconnection
when wpas_clear_wps() is called. Call this function from a registered
timeout when processing a failure event in order to allow the WPS
handshake to be completed with WSC_NACK and EAP-Failure.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This reverts commit ce970851af.
It turned out that this breaks lots of use cases where p2p_find is
issued while already in p2p_listen state. As such, we cannot reject
p2p_find this easily without checking for more specific cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
Though p2p_find is not expected during ongoing P2P connection, it is
possible that any third party application issues a p2p_find resulting in
connection failure. Address this by rejecting any p2p_find command while
connection is in progress.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
cfg80211 does not allow the zero duration of remain-on-channel. Instead,
use 20 ms as default waiting time when remain-on-channel is used to
schedule offchannel transmission that does not expect a response.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
4-way handshake may fail under extremely noisy environment and if this
happens during P2P group formation, the 10 second extra delay added in
wpas_auth_failed() can result in running over the 15 second timeout.
Avoid this by skipping the delay mechanism in wpas_auth_failed() for the
P2P group formation case. The P2P formation timeout will take care of
stopping the attempts if the failure condition does not get resolved.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Change the P2P flows to use the number of concurrent channels
supported by the device and the number of currently used channels
for the P2P flows.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Signed-hostap: David Spinadel <david.spinadel@intel.com>
Some driver interfaces may not support the get_radio_name() design and
get_shared_radio_freqs() needs to be aware of such possibility when
determining shared radio frequencies.
Signed-hostap: Jouni Malinen <j@w1.fi>
There are devices that can operate several channels concurrently.
Change shared_vif_oper_freq() to get_shared_radio_freqs() that can
return an array of frequencies currently used by all the virtual
interfaces that share the same radio.
In addition, move it to wpa_supplicant.c, so it can be used by other
modules.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Signed-hostap: David Spinadel <david.spinadel@intel.com>
Previously, drivers only reported if they support multiple concurrent
channels, but did not report the maximum number of supported channels.
Add this reporting to the driver capabilities and add the implementation
to driver_nl80211.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Signed-hostap: David Spinadel <david.spinadel@intel.com>
To better support the IBSS/RSN mechanism, wpa_supplicant has to be able
to detect a possible peer reboot and in this case it should start a new
EAPOL handshake.
To perform such reboot detection wpa_supplicant has to perform an Open
Authentication by sending an Authentication frame and then replying to
it. IF an Authentication frame is received when the key have already
been exchanged, wpa_supplicant understands that the peer has rebooted
and can reset its state machine.
Whenever a new peer is added to the IBSS wpa_supplicant will start the
Open Authentication and only after having accomplished it will start the
key exchange. If the driver does not support Authentication frame
exchange initiated from user space, this step is skipped to maintain
previous behavior (just go through EAPOL-Key frame processing).
The Open Authentication was partly supported by the Linux kernel but now
wpa_supplicant can register for Authentication frames, handle it in
userspace and so avoid any possible race condition.
Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
Commit 1aef400bf0 implemented IBSS RSN
disconnect() call using sta_deauth() in a way that resulted in NULL
pointer dereference in driver_nl80211.c if SME was in user space. Fix
this by passing the own MAC address in the sta_deauth call.
Signed-hostap: Jouni Malinen <j@w1.fi>
When the device indicates to take care of TDLS operations the TDLS
setup is done calling wpas_drv_tdls_oper(). This patch does a similar
thing for the teardown. This fixes failure of teardown:
"TDLS: Could not find peer <mac> for link Teardown"
Signed-hostap: Arend van Spriel <arend@broadcom.com>
Because a delayed scheduled scan will access the members of struct
wpa_supplicant which is freed and this can result in a crash,
wpa_supplicant needs to cancel delayed scheduled scan during cleanups.
Signed-hostap: Chengyi Zhao <chengyix.zhao@gmail.com>
This allows wpa_supplicant to associate to an AP that has VHT BSS
membership selector set to indicate VHT support is required for the BSS.
Without the patch it was impossible to connect to, e.g., hostapd-based
AP that has require_vht=1. wpa_supplicant was complaining with:
hardware does not support required rate 63.0 Mbps
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
There is no need to wait for the 15 second group formation timeout
before indicating P2P group formation failure if GO mode cannot be
started successfully for some reason.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like some of the global control interface cases ended up
blocking in sendmsg() when trying to send an event. Since this can block
all wpa_supplicant processing for multiple seconds, this is very
undesirable. Avoid this by requesting sendmsg() to return an error
rather than waiting for the message to be sent.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
3GPP TS 24.232 Annex A.3 allows network operator to advertise only two
digits of MNC even if MNC has three digits. Allow such matches in
network selection. In addition, allow three digit matches of MNC even if
MNC length was assumed to be two to avoid missing networks if MNC length
cannot be determined reliably. Remove the '-' separator from simulated
SIM/USIM cases to allow the new matching rules to work.
Fix the PLMN List information element parsing loop to use the length of
the PLMN List instead of the length of the full 3GPP Cellular Info to
avoid unexpected matches should a new element ever be added by 3GPP.
Finally, add more debug prints from PLMN matching to make the logs
easier to understand.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpas_clear_wps() was just clearing the current wpa_s->current_ssid
pointer when removing a WPS network block which with the device was
associated. This could leave the association up even though the network
block had already been removed. Prevent this by explicitly disconnecting
from the network instead of such clearing current_ssid.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Adding a new wpa_supplicant control interface for the dedicated
P2P_DEVICE would be quite confusing for programs that manage P2P
operations. Remove this control interface and require the global control
interface to be used since it will provide consistent interface for both
the new dedicated P2P_DEVICE (non-netdev) and old style P2P management
through a netdev.
Signed-hostap: Jouni Malinen <j@w1.fi>