This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. The STA
entry (and PTK) will be removed from the kernel only after the
Deauth/Disassoc has been transmitted (e.g., when the STA wakes up).
A hardcoded two second timeout is used to limit the length of this
window should the driver fail to deliver the frame (e.g., the STA
is out of range and does not wake up). The kernel STA entry is
marked unauthorized during the wait to avoid accepting Data
frames from the STA that we have decided to disconnect.
This behavior is available only with drivers that provide TX status
events for Deauth/Disassoc frames (nl80211 at this point). Other
drivers continue to use the previous behavior where the STA entry
is removed immediately.
Extend the code that waits for the station to send EAPOL-Start before
initiating EAPOL authenticator operations to cover the case where the
station includes WPS IE in (Re)Association Request frame if that IE
does not include support for WPS 2.0. While this should not really
be needed, this may help with some deployed WPS 1.0 stations that do
not support EAPOL operations correctly and may get confused of the
EAP-Request/Identity packets that would show up twice if EAPOL-Start
is transmitted.
If an ER tries to send a message to a STA that is not in the middle
of WPS protocol, do not try to deliver that. This can help with issues
where an ER takes long time to reply to M1 and another Registrar has
already completed negotiation.
It is possible to get a response for a pending EAP callback after the
EAP state machine has already completed its work or has timed out. For
those cases, make sure that the callback function is not delivered since
it could result in NULL pointer dereferences.
The Config Methods attribute in M2 and M2D messages is supposed to
indicate which configuration methods are supported by the Registrar. As
such, it should not depend on whether PBC mode is currently active or
not. That will only affect the Selected Registrar Config Methods and
Device Password ID attributes.
This change is a first step in better supporting different driver
architectures for AP mode operations with nl80211. This commit in
itself does not add new functionality, but it makes it easier to add
new AP mode parameters to address needs of drivers that have more of
the MLME/SME in firmware or kernel.
Split WPA initialization into two parts so that the Beacon frames can be
configured fully before the initial keys (GTK/IGTK) are configured. This
makes it easier for drivers that depend on the AP security mode being
fully set before the keys are configured.
This avoids a request to the driver to first start beaconing before
the WPA/RSN IE has been generated and then immediately changing the
beacon IEs once the WPA/RSN IE is ready.
Such using params->wpa_ie to figure out whether the connection is for
WPA/WPA2 is not correct since that buffer is used also to add WPS IE. In
case of WPS, do not add NL80211_ATTR_WPA_VERSIONS to avoid confusing
drivers.
Various pieces of the P2P code assume that P2P is enabled, so make
the D-Bus code not call the P2P stuff if P2P is disabled. Also
ensures that if P2P is disabled a suitable error is returned to
the D-Bus caller.
Signed-off-by: Dan Williams <dcbw@redhat.com>
The read, write, read-write permissions can be figured out from
getter/setter function pointers, so there is no need for maintaining
that information separately.
If uapsd is explicitly enabled, set conf->bss->wmm_enabled and
conf->bss->wmm_uapsd to enable (and advertise) uapsd.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
These properties are already correctly treated as bytes for the local
device, we need to do same for peers.
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Some compilers complain about fwrite calls if the return value is
not checked, so check the value even if it does not really make
much of a difference in this particular case.
The internal TLS implementation assumes that the certificate chain
is ordered by issuer certificate following the certificate that it
signed. Add the certificates to the chain in suitable order when
loading multiple certificates.
Commit e1d526293b added code for verifying
whether the receive Probe Request frame was indicating support for only
802.11b rates, but it missed the for loop for the extended supported
rates element. Add that to fix the validation code for cases where
non-802.11b rates are in the extended supported rates element.
A number of fixes/improvements here:
1) Remove casting of getter/setter function types which allows
us to change the prototypes in the future and not have hard-to-find
runtime segfaults
2) Instead of having the getters create a fake reply message which
then gets its arguments copied into the real reply message, and is
then disposed, just pass message iters around and have them add
their arguments to the message itself
3) For setters, just pass in the message iter positioned at the
start of the argument list, instead of each setter having to skip
over the standard interface+property name
4) Convert error handling to use DBusError and return the error
back down through the call stacks to the function that will
actually send the error back to the caller, instead of having a
fake DBusMessage of type DBUS_MESSAGE_TYPE_ERROR that then
needs to have the error extracted from it.
But most of all, this fixes various segfaults (like rh #725517
and #678625) which were caused by some functions deep down in the
getter callpaths wanting a source DBusMessage* when the getters were
used for two things: signals (which don't have a source DBusMessage)
and methods (which will have a source DBusMessage that's being
replied to). This duality made the code fragile when handling
errors like invalid IEs over the air.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Fix the previous code that was hardcoding the p2p parameter based
on the driver P2P capability regardless of whether the connection
was really used for P2P or not.
Currently, wpa_driver_nl80211_authenticate() changes the interface type
to station. However, in case of P2P, we need to change the interface
type to P2P_CLI.
Add p2p field to the authentication params, and consider it for choosing
the correct interface type.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Commit 9f51b11395 added support for P2P
interfaces when adding a new interface. However, it didn't handle the
case in which the same interface is being used and its type is being
changed. Add support for this case.
Consequently, when doing "ap_scan_as_station" we now need to save the
actual AP interface type (AP/P2P GO) in order to restore it properly.
For that, change ap_scan_as_station type from int to nl80211_iftype, and
set it to NL80211_IFTYPE_UNSPECIFED when not used.
Signed-off-by: Eliad Peller <eliad@wizery.com>
When driver_nl80211.c has to set the netdev down to change iftype, an
RTM_NEWLINK event is generated. Do not generate
EVENT_INTERFACE_DISABLED event based on that.
This makes sure that the old connection is not maintained if the new
configuration does not allow it anymore. In addition, it is better to
use wpa_supplicant_clear_connection() instead of just clearing
wpa_s->current_ssid here to keep things in sync.
When the BSS table size limit has been reached, drop first the oldest
BSS entries for which there is not a matching network in the
configuration based on SSID (wildcards are ignored). This makes it
less likely to hit connection issues in environments with huge number
of visible APs.
Reassociation Request/Response frame validation need to count all IEs in
the RIC. In addition, TIE is not protected, so it should not be included
in the count.
Signed-off-by: Hong Wu <hong.wu@dspg.com>