Previously, drivers only reported if they support multiple concurrent
channels, but did not report the maximum number of supported channels.
Add this reporting to the driver capabilities and add the implementation
to driver_nl80211.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Signed-hostap: David Spinadel <david.spinadel@intel.com>
To better support the IBSS/RSN mechanism, wpa_supplicant has to be able
to detect a possible peer reboot and in this case it should start a new
EAPOL handshake.
To perform such reboot detection wpa_supplicant has to perform an Open
Authentication by sending an Authentication frame and then replying to
it. IF an Authentication frame is received when the key have already
been exchanged, wpa_supplicant understands that the peer has rebooted
and can reset its state machine.
Whenever a new peer is added to the IBSS wpa_supplicant will start the
Open Authentication and only after having accomplished it will start the
key exchange. If the driver does not support Authentication frame
exchange initiated from user space, this step is skipped to maintain
previous behavior (just go through EAPOL-Key frame processing).
The Open Authentication was partly supported by the Linux kernel but now
wpa_supplicant can register for Authentication frames, handle it in
userspace and so avoid any possible race condition.
Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
In order to correctly handle IBSS/RSN, wpa_supplicant has to register
for any incoming Authentication frmae to properly react when those are
received.
Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
If the frequency is not specified the frame is now sent over
the channel used by the current BSS.
This will also log the payload of each sent CMD_FRAME.
Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
[antonio@open-mesh.com: commit message reworded]
Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
Commit 1aef400bf0 implemented IBSS RSN
disconnect() call using sta_deauth() in a way that resulted in NULL
pointer dereference in driver_nl80211.c if SME was in user space. Fix
this by passing the own MAC address in the sta_deauth call.
Signed-hostap: Jouni Malinen <j@w1.fi>
When the device indicates to take care of TDLS operations the TDLS
setup is done calling wpas_drv_tdls_oper(). This patch does a similar
thing for the teardown. This fixes failure of teardown:
"TDLS: Could not find peer <mac> for link Teardown"
Signed-hostap: Arend van Spriel <arend@broadcom.com>
Because a delayed scheduled scan will access the members of struct
wpa_supplicant which is freed and this can result in a crash,
wpa_supplicant needs to cancel delayed scheduled scan during cleanups.
Signed-hostap: Chengyi Zhao <chengyix.zhao@gmail.com>
The static WEP keys have to be configured for the new VLAN
interface that is created for a 4addr WDS peer, not doing so
breaks WEP functionality in nl80211/4addr based WDS links.
Signed-hostap: Sujith Manoharan <c_manoha@qca.qualcomm.com>
This allows wpa_supplicant to associate to an AP that has VHT BSS
membership selector set to indicate VHT support is required for the BSS.
Without the patch it was impossible to connect to, e.g., hostapd-based
AP that has require_vht=1. wpa_supplicant was complaining with:
hardware does not support required rate 63.0 Mbps
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
In a AP/STA concurrent setup, if the STA interface is continually
scanning, trying to connect to a network, the AP interface
is basically broken since beaconing would be erratic.
This option can be used in a WDS setup where one AP acts as a
Client/AP-Repeater. The Repeater AP interface has to start beaconing
only after the Client interface has established a WDS link with the
"Root AP".
Signed-hostap: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Compiling hostapd with VHT enabled on a big endian machine resulted in
an undefined symbol error. Fix this by defining the missing macro.
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
Previously, there could be two disconnection events in core
wpa_supplicant when going through a case of wpa_supplicant-requested
disconnection with a driver that implements SME internally. This could
result in undesired behavior when a disconnection is followed by a new
connection attempt before the extra event has been received (e.g.,
during fast reassoc or WPS provisioning). Avoid such issues by ignoring
locally generated disconnect events after requesting cfg80211 to
disconnect.
This makes the previously used ignore_next_local_disconnect more
consistent by setting the variable within
wpa_driver_nl80211_disconnect() so that both callers get the same
behavior.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
There is no need to wait for the 15 second group formation timeout
before indicating P2P group formation failure if GO mode cannot be
started successfully for some reason.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like some of the global control interface cases ended up
blocking in sendmsg() when trying to send an event. Since this can block
all wpa_supplicant processing for multiple seconds, this is very
undesirable. Avoid this by requesting sendmsg() to return an error
rather than waiting for the message to be sent.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 3962b65858 removed the Xcode
project files, but missed the defines in build_config.h. Remove these
since there are no users for them in the current snapshot.
Signed-hostap: Jouni Malinen <j@w1.fi>
3GPP TS 24.232 Annex A.3 allows network operator to advertise only two
digits of MNC even if MNC has three digits. Allow such matches in
network selection. In addition, allow three digit matches of MNC even if
MNC length was assumed to be two to avoid missing networks if MNC length
cannot be determined reliably. Remove the '-' separator from simulated
SIM/USIM cases to allow the new matching rules to work.
Fix the PLMN List information element parsing loop to use the length of
the PLMN List instead of the length of the full 3GPP Cellular Info to
avoid unexpected matches should a new element ever be added by 3GPP.
Finally, add more debug prints from PLMN matching to make the logs
easier to understand.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpas_clear_wps() was just clearing the current wpa_s->current_ssid
pointer when removing a WPS network block which with the device was
associated. This could leave the association up even though the network
block had already been removed. Prevent this by explicitly disconnecting
from the network instead of such clearing current_ssid.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new server_id parameter in hostapd.conf can now be used to specify
which identity is delivered to the EAP peer with EAP methods that
support authenticated server identity.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows more consistent interface to be used regardless of which
P2P driver design is used (especially for P2P management operations
over netdev vs. dedicated P2P_DEVICE).
Signed-hostap: Jouni Malinen <j@w1.fi>
Adding a new wpa_supplicant control interface for the dedicated
P2P_DEVICE would be quite confusing for programs that manage P2P
operations. Remove this control interface and require the global control
interface to be used since it will provide consistent interface for both
the new dedicated P2P_DEVICE (non-netdev) and old style P2P management
through a netdev.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit c68f6200a7 made these calls
conditional on !p2p_mgmt, but forced p2p_mgmt=1 for cases where the
driver does not use the dedicated P2P Device. Fix this by making the
!p2p_mgmt condition apply only if the driver does indicate use of a
dedicated P2P Device.
Signed-hostap: Jouni Malinen <j@w1.fi>
Check that SSL_clear_options and SSL_CTX_clear_options are defined
before using them to avoid compilation failures with older OpenSSL
versions that did not include these macros.
Signed-hostap: Jouni Malinen <j@w1.fi>
The interface name for the P2P group interface is derived from the
P2P management interface. When the P2P management interface is a
P2P Device interface, i.e., p2p-dev-wlanX, the name for the group
interface is abbreviated to p2p-X (X being group index). When the
P2P management interface starts with p2p-dev- use its postfix
instead. So P2P management interface p2p-dev-wlan3 results in group
interface name p2p-wlan3-0.
Signed-hostap: Arend van Spriel <arend@broadcom.com>
If the capability flag of the driver indicates a dedicated P2P Device is
supported, a P2P Device interface is created.
Create the P2P Device in main interface creation loop when the added
interface flags support and P2P supplicant is not yet initialized
avoiding recursion of add_interface.
Do not register l2_packet for P2P Device interface (both for EAPOL and
for TDLS).
Signed-hostap: Arend van Spriel <arend@broadcom.com>
Since the P2P_DEVICE support indication was added to kernel before
everything was working properly, there may be kernel versions in use
with the new mechanism breaking P2P functionality (especially with
mac80211_hwsim). For now, disable P2P_DEVICE support by default and
allow it to be enabled with driver_param=p2p_device=1 in the
configuration file. This default behavior may be changed in the future
once the kernel issues has been resolved in stable releases.
Signed-hostap: Jouni Malinen <j@w1.fi>
Setting p2p_no_group_iface means 'use P2P management interface as P2P
connection interface' because it attempts to change the interface type.
The P2P_DEVICE is a dedicated interface and can not be changed. As such
ignore the configuration option.
Signed-hostap: Arend van Spriel <arend@broadcom.com>
Another function that needs the wdev id when P2P management is done
using the P2P_DEVICE interface.
Signed-hostap: Arend van Spriel <arend@broadcom.com>
With P2P Device support there will be two interfaces with their
own MAC address. The P2P Interface Address must be unique so verify
it is.
Signed-hostap: Arend van Spriel <arend@broadcom.com>
The phy name was determined using /sys/class/net/<ifname> but the P2P
Device is not listed there since it does not have an associated net
device. This patch changes name determination to obtain the name from
the wiphy information provide by nl80211.
Signed-hostap: Arend van Spriel <arend@broadcom.com>
For P2P Device the netlink message should have wdev identifier
instead of the interface index. This fixes a failure which occurred
executing the P2P_GROUP_ADD command.
Signed-hostap: Arend van Spriel <arend@broadcom.com>
When using OpenSSL with TLS-based EAP methods, wpa_supplicant can now be
configured to use OCSP stapling (TLS certificate status request) with
ocsp=1 network block parameter. ocsp=2 can be used to require valid OCSP
response before connection is allowed to continue.
hostapd as EAP server can be configured to return cached OCSP response
using the new ocsp_stapling_response parameter and an external mechanism
for updating the response data (e.g., "openssl ocsp ..." command).
This allows wpa_supplicant to verify that the server certificate has not
been revoked as part of the EAP-TLS/PEAP/TTLS/FAST handshake before
actual data connection has been established (i.e., when a CRL could not
be fetched even if a distribution point were specified).
Signed-hostap: Jouni Malinen <j@w1.fi>
In wpa_supplicant_deinit(), the function wpas_p2p_deinit_global()
was called. Remove it as it will be called from wpas_deinit_iface()
upon removal of the P2P management interface.
Signed-hostap: Arend van Spriel <arend@broadcom.com>
When P2P Device is used as P2P management interface the creation of the
P2P group interface fails because MAC address retrieval fails for the
P2P Device interface.
Signed-hostap: Arend van Spriel <arend@broadcom.com>
For P2P an interface may be created for the P2P client/group. The
create request is done on the P2P management interface, which may
be a P2P Device interface. In that case it needs to use the wdev_id.
Signed-hostap: Arend van Spriel <arend@broadcom.com>