The OpenSSL internal AES_wrap_key() and AES_unwrap_key() functions are
unfortunately not available in FIPS mode. Trying to use them results in
"aes_misc.c(83): OpenSSL internal error, assertion failed: Low level API
call to cipher AES forbidden in FIPS mode!" and process termination.
Work around this by reverting commit
f19c907822 ('OpenSSL: Implement aes_wrap()
and aes_unwrap()') changes for CONFIG_FIPS=y case. In practice, this
ends up using the internal AES key wrap/unwrap implementation through
the OpenSSL EVP API which is available in FIPS mode. When CONFIG_FIPS=y
is not used, the OpenSSL AES_wrap_key()/AES_unwrap_key() API continues
to be used to minimize code size.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds a callback function that can be used from the P2P module to
request the current preferred list of operating channels from the
driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the driver supports the preferred frequency list extension, use this
information from the driver when no explicitly configured preference
list (p2p_pref_chan) is present for P2P operating channel selection.
This commit adds this for GO Negotiation and Invitation use cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 983422088f ('nl80211: Add means to
query preferred channels') return success if no driver wrapper callback
was provided for fetching the preferred channel list. That is
problematic since the *num argument is not updated and uninitialized
freq_list could end up getting used with arbitrary frequency values. Fix
this by returning error in case the values were not available due to
driver wrapper not implementing the function. This matches the style
used in the driver_nl80211.c implementation for the case where the
driver does not support such fetch operation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Extend the QCA vendor specific nl80211 interface to query the preferred
frequency list from driver and add a new wpa_cli command to query this
information.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Upon GO Negotiation completion, if the remote peer becomes GO, send a
hint event over QCA vendor specific interface to inform the driver of
the likely operating channel of the P2P GO.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add vendor command to pass SET setband command to the driver and read
the updated channel list from driver when this notification succeeds.
This allows the driver to update its internal channel lists based on
setband configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed when enabling TLSv1.2 support for EAP-FAST since the
SSL_export_keying_material() call does not support the needed parameters
for TLS PRF and the external-to-OpenSSL PRF needs to be used instead.
Signed-off-by: Jouni Malinen <j@w1.fi>
Report the feature capability on P2PS-PROV-START and P2PS-PROV-DONE
ctrl-iface events. A feature capability value is specified as
'feature_cap=<hex>' event parameter, where <val> is a hexadecimal
string of feature capability bytes in a PD Response frame.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add a parameter allowing to specify a value of Coordination
Protocol Transport to P2PS_PROVISION and P2PS_PROVISION_RESP commands.
Extend the p2ps_provision structure to contain cpt_priority and
cpt_mask properties and initialize them on a P2PS PD request command.
The format of the parameter:
cpt=<cpt>[:cpt]
where <cpt> is CPT name e.g. UDP or MAC. The CPT names are listed
according to their preferences to be used for a specific P2PS session.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add Coordination Transport Protocol parameter to P2P_SERVICE_ADD
asp command.
Extend p2ps_advertisement structure to contain CPT priorities
and a supported CPT bitmask.
The format of the new parameter:
cpt=<cpt>[:<cpt>]
where <cpt> is a name of the Coordination Protocol Transport.
This implementation supports two CPT names: UDP and MAC.
The order of specified CPTs defines their priorities where
the first one has the highest priority.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Do not allow wpa_s->fst to be replaced when processing FST-ATTACH
command for an interface that has already been attached.
Signed-off-by: Jouni Malinen <j@w1.fi>
Try to exit more quickly by avoiding execution of the action script for
any pending events if the process is requested to be killed. This may
help in avoiding hitting the two second SIGALRM workaround in eloop in
case some of the action scripts block for long period of time.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This header file is needed to get struct fst_iface_cfg and struct
fst_wpa_obj defined. While it does currently get pulled in through
ap/hostapd.h and ap/ap_config.h, a more explicit inclusion may be a
cleaner option for future.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This new mechanism can be used to combine multiple periodic AP
(including P2P GO) task into a single eloop timeout to minimize number
of wakeups for the process. hostapd gets its own periodic caller and
wpa_supplicant uses the previously added timer to trigger these calls.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, one timeout per process (by default every 30 seconds) was
used P2P peer expiration and another per-interface timeout (every 10
seconds) was used to expire BSS entries. Merge these to a single
per-process timeout that triggers every 10 seconds to minimize number of
process wakeups due to periodic operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The caller is not expected to free or modify the value since this is
returning a reference to a buffer maintained by the upper layer.
Signed-off-by: Jouni Malinen <j@w1.fi>
This command allows network variables to be copied from one network to
another when the networks belong to different radios. This is similar to
the per-interface DUP_NETWORK command. On the global control interface,
the command syntax is as follows:
DUP_NETWORK <src ifname> <dst ifname> <src network id> <dst network id> <variable name>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit implements hostapd global control interface notifications
infrastructure. hostapd global control interface clients issue
ATTACH/DETACH commands to register and deregister with hostapd
correspondingly - the same way as for any other hostapd/wpa_supplicant
control interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new phase1 config parameter value tls_disable_tlsv1_0=1 can now be
used to disable use of TLSv1.0 for a network configuration. This can be
used to force a newer TLS version to be used. For example,
phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1" would indicate that
only TLS v1.2 is accepted.
Signed-off-by: Jouni Malinen <j@w1.fi>
A typo in wpa_scan_result_compar() caused wrong scan results sorting
(and wrong roaming decision). This fixes a copy-paste regression
introduced by commit a1b790eb9d ('Select
AP based on estimated maximum throughput').
Signed-off-by: Maital Hahn <maitalm@ti.com>
If a device may be an explicit GO, it adds the GO details in the PD
Request. First, we try to reuse an active GO. If it is not present, we
try to reuse a non-active persistent group. In the latter case, if a
dedicated P2P interface is needed, the intended address should be that
of the pending interface. However, the wpas_get_go_info() provided the
ssid->bssid address, which is the address of the P2P device. This might
result in an incorrect intended interface attribute in the PD Request in
case a separate group interface is used.
Fix this by setting group_iface variable to true only if a dedicated
interface should be used and set the attribute accordingly.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Validate the PD Response frame contents more thoroughly when it is used
for P2PS.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
When persistent group is used and the peer is GO in this group,
intended interface attribute should be added to PD request/response.
Not doing so violates the spec.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
If after P2PS PD the device should become a GO it sends P2PS-PROV-DONE
event which contains the GO interface name. If the GO isn't running yet
the device may use pending interface name. However, when the GO is
started, pending interface name will be removed.
Fix the GO interface name in P2PS-PROV-DONE event by copying the
interface name instead of saving the pointer.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Call wpas_p2p_create_iface() instead of just checking p2p_no_group_iface
config value. Not doing so, resulted in an incorrect behavior when the
driver sets WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE flag.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
The IPv4 header after the Ethernet header is not 32-bit aligned and the
previous version ended up accessing 32-bit members at misaligned
addresses.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 38279bdb35 ('D-Bus: Coding style
cleanup') handled the dbus_new_handlers.c change properly, but misplaced
the second 'const' in dbus_old_handlers.c in a way that resulted in
duplicated const rather than marking the actual value const.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new TEST_FAIL and GET_FAIL control interface commands can be used
similarly to the earlier TEST_ALLOC_FAIL/GET_ALLOC_FAIL design. The new
version is more generic framework allowing any function to be annotated
for failure testing with the TEST_FAIL() macro. This mechanism is only
available in builds with CONFIG_WPA_TRACE_BFD=y and
CONFIG_TESTING_OPTIONS=y. For other builds, the TEST_FAIL() macro is
defined to return 0 to allow the compiler to remove the test code from
normal production builds.
As the first test site, allow os_get_random() to be marked for failing
based on call backtrace.
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not allow 40 MHz co-ex PRI/SEC switch to force us to change our PRI
channel if we have an existing connection on the selected PRI channel
since doing multi-channel concurrency is likely to cause more harm than
using different PRI/SEC selection in environment with multiple BSSes on
these two channels with mixed 20 MHz or PRI channel selection.
Signed-off-by: Jouni Malinen <j@w1.fi>
In p2p_find command line processing a loop searching for multiple
'seek=' parameters modifies cmd buffer adding '\0' terminators.
The 'freq=' parameter is handled after that and can be
lost if a 'freq=' follows 'seek=' in a command line.
Fix it by moving a handling of 'freq=' parameter to be processed
before 'seek=' handling loop.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
This provides more information to upper layer programs on what happens
with connection attempts in cases where the enabled networks are not
found in scan results.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
If BOARD_HOSTAPD_PRIVATE_LIB is not used on an Android build, we will
need to replace both the p2p functions *and* wpa_driver_nl80211_driver_cmd
in order to successfully link. Let's make the name more generic so it is
more obvious what it is used for.
Suggested-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Kevin Cernekee <cernekee@google.com>
This check explicitly for reflection attack and stops authentication
immediately if that is detected instead of continuing to the following
4-way handshake that would fail due to the attacker not knowing the key
from the SAE exchange.
Signed-off-by: Jouni Malinen <j@w1.fi>
The variables here are unsigned and as such, cannot have a negative
value. Use == 0 instead of <= 0 to make this cleaner.
Signed-off-by: Jouni Malinen <j@w1.fi>
This gets rid of a static analyzer warning. The actual value for
WpaGuiApp::w will be set after the constructor has returned, so this
value was not really used uninitialized.
Signed-off-by: Jouni Malinen <j@w1.fi>
These configuration parameters did not use matching printf format string
parameters (signed vs. unsigned). While these configuratin values are,
in practice, small unsigned integers, the implementation should use
matching types to write these.
Signed-off-by: Jouni Malinen <j@w1.fi>
The sae_groups parameter is zero terminated array, not -1 terminated, so
must check the value against <= 0 to break out from the loop.
Signed-off-by: Jouni Malinen <j@w1.fi>
As far as IEEE 802.11 standard is concerned, WEP is deprecated, but at
least in theory, allowed as a group cipher. This option is unlikely to
be deployed anywhere and to clean up the implementation, we might as
well remove all support for this combination.
Signed-off-by: Jouni Malinen <j@w1.fi>
Call the FT processing function directly instead of going through
wpa_supplicant_event() to process FT Authentication frame in SME case.
This allows parsing error to be used to trigger immediate failure for
the connection instead of trying to proceed to reassociation step that
cannot succeed.
Signed-off-by: Jouni Malinen <j@w1.fi>
In case of a network interface removal, check if the interface
was also the parent interface of the P2P Device dedicated interface.
If this is the case, then stop the P2P Device functionality, and
remove the P2P Device dedicated interface.
In case that the interface is added again and P2P Device
functionality can be enabled again, add a new P2P Device dedicated
interface and allow further P2P Device functionality.
In case that the P2P Device dedicated interface is re-created, the
original P2P Device configuration file is needed, so store it in
the global params (instead in the wpa_interface configuration).
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
p2p_ctrl_group_add() takes care of various configuration options (such
as ht/vht) before calling wpas_p2p_group_add(), so use it (just like
when P2P_GROUP_ADD is called with additional params).
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Parse each parameter individually and combine all the function calls.
This will allow further patch to call it with no parameters (currently
this might result in failure).
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
wpas_p2p_get_ht40_mode() used blacklist approach (bw != BW20) to find
the relevant op_class, but didn't take into account other non-BW40
cases, like BW80, that had been added to the bw enum after the initial
implementation. Fix this by looking for the specific BW40 bw cases.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
This is equivalent to the P2P_REMOVE_CLIENT command on control
interface. This can be used to remove the specified client [as object
path or string format interface address] from all groups (operating and
persistent) from the local GO.
Argument(s): peer[object path] OR iface[string format MAC address]
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Jijo Jacob <jijo.jacob@samsung.com>
PBC overlap detection searches for another BSS with active PBC in the
BSS table. However, when a separate P2P interface is used, scan results
without P2P IE are not saved in the BSS table, so non-P2P BSS's with
active PBC will not be detected.
Fix this by iterating only the WPS AP array instead of the BSS table.
This is also more efficient since only WPS APs may have active PBC. This
also fixes hwsim test "grpform_pbc_overlap" when a dedicated P2P Device
is used.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Previously the wpa_s->parent interface was used, which is not
necessarily the P2P Device management interface.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Only the first seek=<service name> parameter was accepted from the
P2P_FIND command. Fix this to go through all seek parameters to
construct the list of service hash values to seek.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 4be9f27595 ('wpa_cli: Use eloop
during connection attempts in interactive mode') did not take into
account the needs for signal processing in action mode. eloop_run() was
not called in this case and the internal select() loop would block eloop
processing anyway and prevent clean shutdown. Fix this by using eloop
for action mode operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The control interface commands may include passwords or other private
key material, so clear it explicitly from memory as soon as the
temporary buffer is not needed anymore.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for a P2P group formation failure to result in a
concurrent station mode operation getting disconnected in the specific
error case where group interface addition fails after a successful GO
Negotiation. Fix this by skipping the wpas_p2p_group_delete() call in
this specific case since the group interface does not exists anymore at
the point wpas_group_formation_completed() gets called.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the RX frequency of the Probe Request frame is known, specify it when
sending the Probe Response frame. This is needed when the Probe Request
frame is received on another virtual interface, for example, when a GO
or P2PS client are discoverable on the group operating channel.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Change send_mlme() API to allow sending management frames on a specific
channel, overriding the internal driver decision.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
1. Add global p2p_cli_probe property to enable/disable Probe Request
frame RX reporting for connected P2P Clients. The property can be set to
0 - disable or 1 - enable. The default value is 0.
2. Enable Probe Request frame RX reporting for P2P Client on
WPA_COMPLETED state if p2p_cli_probe property is set to 1. Disable it
when an interface state is changing to any other state.
3. Don't cancel Probe Request frame RX reporting on wpa_stop_listen for
a connected P2P Client handling Probe Request frames.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
In some cases, Probe Request frames can be received by a peer not only
on a listen channel. In this case an additional rx_freq parameter
explitly contains a Probe Request frame RX frequency. In case rx_freq is
set to 0, a Probe Request frame RX channel is assumed to be our own
listen channel (p2p->cfg->channel).
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
It is possible for P2P_CONNECT-join command to be issued on a GO's P2P
Interface Address before the P2P peer entry is available to map this
into the GO's P2P Device Address. This could result in the join
operation failing to continue after receiving PD Response due to the
address mismatch (source address = P2P Device Address while only the P2P
Interface Address is known). Fix this by updating the pending join P2P
Device Address based on the BSS entry, if needed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This has same behavior as the ctrl_iface RECONNECT command.
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Add operating class 125 (channels 149..169) to the list of P2P supported
channels. This allows the 5 GHz channels 161 and 169 to be used for P2P
GO when those channels are allowed for AP mode in the current regulatory
domain.
Signed-off-by: Amr BEN ABDESSALEM <amrx.ben.abdessalem@intel.com>
Remove all gas-query radio works before calling gas_query_deinit()
as gas_query_deinit() flow frees the query context, which might
be later be accessed from the radio work callback (and result
with unexpected behavior, e.g., segmentation fault).
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
ssid->p2p_persistent_group was left to its old value when changing a
network profile to/from P2P persistent group type (disabled=2). This
could result in unexpected behavior when using an incomplete persistent
group profile. This was mainly visible through D-Bus network profile
handling where a persistent group would not be unregistered insome
cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Instead of an int variable with magic values 0, 1, 2, use an enum that
gives clearer meaning to the values now that the original boolean type
global argument is not really a boolean anymore.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This fixes some issues where a disconnection event may get ignored if an
earlier operation to remove or disable a network resulted in an attempt
to disconnect event though no connection was in place.
wpa_s->current_ssid != NULL alone is not sufficient to determine that
there will be a driver event notifying completion of such disconnection
request. Set own_disconnect_req to 1 only if wpa_s->wpa_state is also
indicating that there is a connection or an attempt to complete one.
This showed up in a failure, e.g., when running the hwsim test case
scan_int followed by ap_vlan_wpa2_psk_radius_required where the latter
ended up not processing a connection failure event and getting stuck not
trying to run a new scan and connection attempt.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds support for Qt5 while still preserving support for building
with Qt4. The same source code builds with both Qt versions now. The
functionality should be identical.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Add GO Intent information of connecting device in GO Negotiation Request
event which will help applications to decide its own GO intent value in
advance and can avoid failure cases when both devices use GO Intent 15
depending on application requirement.
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Support a request to scan specific SSIDs given by user with the SCAN
command. The SSID list can be suffixed to the scan command as follows.
For example, if SSIDs "ABC" and "abc123" need to be specifically
scanned, the command should be "SCAN ssid 414243 ssid 616263313233". The
value of the SSID is passed in hexadecimal representation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit adds a configurable parameter (wps_priority) to specify the
priority for the networks derived through WPS connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Allow the Manufacturer information for a found P2P peer device to be
fetched through the D-Bus interface similarly to p2p_peer <mac address>
on ctrl interface.
Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
Signed-off-by: Ashutosh Kaushik <k.ashutosh@samsung.com>
Avoid memory leak due to previous allocation for ssid->ssid. It does not
look like this is hit in normal cases, but at might be possible for the
SSID to get set if the peer is present in previous scan results and WPS
code ends up copying the SSID from there.
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Add support to compile libwpa_client.so. This can be used by external
programs to interact with the wpa_supplicant control interface. Also
rename the static version of this library to libwpa_client.a to be
consistent with the name used previous in Android builds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
A new Invitation Request might be received on a just started persistent
group if the previous Invitation Response sent isn't received at the
peer (GO of the persistent group). When the peer sends an Invitation
Request again, treat it as start of group formation and restart the
group formation timer at this point of time.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In the case of driver-based BSS selection, a bssid_hint in the connect
request might not result in to the selection of the same BSS. Thus,
postpone the updation of the wpa_s->current_bss till the association
event is received unless the BSSID is forced. This fixes issues where
wpa_s->current_bss may end up being updated to point to the BSS that
wpa_supplicant provided as a hint for a roaming case, but then not
restored if the driver decides to "return" to the current BSS instead.
This could result in some operations (e.g., WNM BSS TM response) not
working properly due to incorrect BSS being identified in
wpa_s->current_bss.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
D-Bus used the p2p_dev member in struct wpa_supplicant to track the
interface used for P2P Device operations. However, this is not needed as
the interface used for P2P Device operations is stored in struct
wpa_global->p2p_init_wpa_s.
Replace all the redirections to wpa_s->p2p_dev with redirections to
wpa_s->global->p2p_init_wpa_s and removed this member as it is no
longer needed.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This command is for a specific P2P group, not for the P2P Device
instance and as such, wpa_s pointer must not be replaced with the
interface that is used for P2P Device management.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The function used wpa_s->parent->conf to iterate the P2P networks and
update the configuration file. However, wpa_s->parent is not
necessarily the interface used to manage the P2P Device operations.
Fix this by accessing the configuration file of the interface
initialized to manage the P2P Device operations.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The function used wpa_s->parent->conf to iterate the P2P networks and
update the configuration file. However, wpa_s->parent is not
necessarily the interface used to manage the P2P Device operations.
Fix this by accessing the configuration file of the interface initialized
to managed the P2P Device operations.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
wpas_p2p_set_own_freq_preference() accessed wpa_s->parent->conf to test
if p2p_ignore_shared_freq is set, but wpa_s->parent is not necessarily
the interface used to manage the P2P Device operations.
Fix this by accessing the configuration file of the interface
initialized to manage the P2P Device operations.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
As wpas_p2p_remove_client() is not necessarily called from the interface
used to manage the P2P Device operations, when removing a client, use
the P2P management interface to iterate over the saved networks and
remove the relevant entries form the P2P GO network blocks.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Commit 1c2aa04c96 ('P2P: Do not add P2P
IEs on P2P disabled interface') removed the P2P IEs from association on
non-P2P interface. However, an AP functioning as a P2P manager needs the
cross connection capability of the station (P2P Device). This needs to
be done to meet the P2P specification requirements even if the station
interface has p2p_disabled=1 in case P2P in general is enabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 5add410162 ('WPS: Use shorter
authentication timeout during no-SelReg iteration') broke the build with
WPS disabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
While being associated, if an ANQP request is received for a different
AP that doesn't exist in the BSS list, the ANQP request will be sent on
the frequency of the AP that we are currently associated to.
In such a case, it is possible that the ANQP request would be sent on
a channel different than that of the requested AP, potentially delaying
other requests/activities.
Avoid sending the ANQP request to an AP that is not in the BSS list.
Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
Fix memory leak introduced in commit
32a097fdd2 ("wpa_cli: Keep track of
available networks") by tracking networks only when in interactive mode.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add the TDLS_LINK_STATUS command to the control interface. This command
shows what is the status of our current TDLS connection with the given
peer. Also, add the TDLS_LINK_STATUS command to wpa_cli.
Signed-off-by: Oren Givon <oren.givon@intel.com>
Sanity check added to avoid segmentation fault which occurs, when
issuing ibss_rsn ctrl iface cmd and IBSS was not initialized previously
via IBSS network selection.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Commit c2762e410f ('P2P: Update D-Bus
network object semantics during group formation') added this helper
function to determine whether a network block is used for storing a
persistent group information. However, it implemented this in a way that
matches both persistent group storage and an operating persist group
instance. This does not seem to match the expected behavior for the
D-Bus objects, so fix this to match only the persistent group storage
case to avoid registering/unregistered incorrect D-Bus objects for
groups.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit bb3df9a569 ('notify: Do not raise
any signal from a P2P management interface') was supposed to only change
D-Bus behavior, but it ended up disabling non-D-Bus functionality as
well for some sequences where the P2P Device interface is used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 21efc940f6 ('wpa_supplicant: Do not
register a P2P management interface on DBus') hides the special P2P
management interface from D-Bus. However, it did not take into account
the possibility of wpa_s->dbus_path and wpa_s->dbus_new_path being NULL
in such cases on number of code paths within the D-Bus handlers. This
could result in invalid arguments (NULL path) being provided to D-Bus
functions (mainly, dbus_message_iter_append_basic) and NULL pointer
dereference when iterating over all interfaces. Either of these could
make wpa_supplicant process terminate.
Fix this by explicitly checking that the interface-specific D-Bus path
has been registered before using it anywhere with D-Bus handlers. In
addition, find the correct wpa_s instance to fix P2P operations through
D-Bus when the P2P Device interface is used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Handling of WPS RF band for 60 GHz was missing. Add it in all relevant
places and also map "AES" as the cipher to GCMP instead of CCMP when
operating on the 60 GHz band.
Signed-off-by: Hamad Kadmany <qca_hkadmany@qca.qualcomm.com>
Commit 5add410162 ('WPS: Use shorter
authentication timeout during no-SelReg iteration') added a new
condition on reducing the authentication timeout for the WPS AP
iteration process. However, due it ended up copy-pasting an incorrect
condition for this. This was supposed to apply for PIN-based config
method advertisement, not PBC.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, it was possible for the set_key() handler to be used with
WPA_ALG_PMK even if the driver did not indicate support for key
management offload. While this is not really supposed to result in any
difference, it makes the debug logs somewhat confusing. Avoid that by
using driver capability flag for key management offload as an additional
condition for setting the PMK.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
interworking_credentials_available_3gpp() would have left excluded2
uninitialized without INTERWORKING_3GPP in the build. This could result
in a static analyzer warning within
interworking_credentials_available_helper() about use of uninitialized
variable. Get rid of that warning by explicitly initializing excluded2
even though this does not really result in any difference in behavior
since the excluded2 value would be used only if the non-NULL is returned
and that could not have been the case here without INTERWORKING_3GPP.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for an nl80211-based driver to be determined to support
P2P even when the radio supports only the 5 GHz band. This resulted in
P2P initialization failing due to not being able to pick a social
channel and wpa_supplicant not starting. Fix this by not enabling P2P,
but still allowing wpa_supplicant initialization to complete.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signal strength meter uses non-standard icons (not included in the
freedesktop icon specification), which might not be available in all
icon sets on the market. What's more, according to the latest Ubuntu
practices, in the status-like places one should use symbolic icons.
Unfortunately not all icon sets provide them.
In order to overcome this inconsistency, we are going to try to load
more than one icon from the current theme in the fallback-like
fashion.
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
By analysing objdump output some read only structures were found in
.data section. To help compiler further optimize code declare these
as const.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
When iterating through WPS APs that do not advertise Selected Registrar
TRUE, limit the authentication timeout to 10 seconds instead of the full
70 second value used with IEEE 802.1X/EAP/WPS in general. This helps
speed up AP iteration for cases where a selected AP misbehaves and does
not reply to EAP exchanges. This should not really be needed, but there
seems to be deployed APs that do not implement WPS correctly and with
such APs in the radio range, this extra timeout can speed up the
iteration to allow the correct AP to be found before the WPS operation
times out.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, wpa_supplicant was using number of scan iterations
(WPS_PIN_SCAN_IGNORE_SEL_REG = 3) to give some time for finding a WPS AP
with Selected Registrar TRUE before starting to iterate through all WPS
APs. While this works fine in most cases, some drivers may return the
initial three scan results so quickly that the total amount of time is
only couple of seconds in case none of the APs are initially advertising
Selected Registrar TRUE. To give some more time for APs (WPS Registrars)
to become ready, add an additional constraint on the iteration based on
time (WPS_PIN_TIME_IGNORE_SEL_REG = 5 seconds).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Do not add the dedicated P2P Device interface in case P2P is disabled in
the configuration file or globally.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
I needed this option to disable P2P on a buggy system.
Document this so someone else finds it quicker next time.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the element is of fixed length.
Signed-off-by: Jouni Malinen <j@w1.fi>
Should there not be enough room in the output buffer, the
bss_basic_rate_set line would not be printed. This error case was
handled otherwise, but the temporary memory allocation for building the
information was not freed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes source code more consistent. The use within Android driver
interface is left as-is to avoid changes in the old PNO interface
definition.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The dbus interface documentation says the following about the
WPS property of the fi.w1.wpa_supplicant1.BSS interface:
==
WPS information of the BSS. Empty dictionary indicates no WPS support.
Dictionary entries are:
Type s "pbc", "pin", ""
==
However the implementation returns "type" => "" for BSSes
that do not support WPS.
Fix the implementation to match the documentation.
Return empty dictionary if there is no WPS support.
And "type" => "" if WPS is supported, but is not in progress
right now.
Signed-off-by: Floris Bos <bos@je-eigen-domein.nl>
This fixes a regression caused by commit
efa232f915 ('Add support for virtual
interface creation/deletion') for the case where an empty extra argument
is included.
Signed-off-by: Ben Greear <greearb@candelatech.com>
It has been noticed that the band steering/load balancing of some
multi-AP networks will lead to an ever-growing list of blacklisted
BSSIDs. This eventually leads to a connection drop when the connection
is pushed to a distant AP.
Fix this issue by clearing the blacklist upon successful connect.
Signed-off-by: Jason Abele <jason@aether.com>
This reschedules the postponed scan request (if such a request is
pending) from EVENT_SCHED_SCAN_STOPPED event handler to speed up
scanning after PNO/sched_scan stop has been requested.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
When starting a P2P client to re-join a persistent group
(P2P_GROUP_ADD persistent=<id>), it is possible that the P2P GO was
already found in previous scans. Try to get the P2P GO operating
frequency from the scan results list so wpa_supplicant will initially
scan only the P2P GO known operating frequency.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Commit e9af53ad39 introduced new
CONFIG_NO_ROAMING configuration parameter but unfortunately it was added
only to Android.mk. Enabling this parameter didn't have any effect when
Makefile was used to build wpa_supplicant. This commit fixes that problem
and cleans "unused variable" compiler warning.
Signed-off-by: Lauri Hintsala <lauri.hintsala@silabs.com>
This replaces the internal CBC mode implementation in
aes_128_cbc_encrypt() and aes_128_cbc_decrypt() with the OpenSSL
implementation for CONFIG_TLS=openssl builds.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new network profile parameter mem_only_psk=1 can be used to specify
that the PSK/passphrase for that network is requested over the control
interface (ctrl_iface or D-Bus) similarly to the EAP network parameter
requests. The PSK/passphrase can then be configured temporarily in a way
that prevents it from getting stored to the configuration file.
For example:
Event:
CTRL-REQ-PSK_PASSPHRASE-0:PSK or passphrase needed for SSID test-wpa2-psk
Response:
CTRL-RSP-PSK_PASSPHRASE-0:"qwertyuiop"
Note: The response value uses the same encoding as the psk network
profile parameter, i.e., passphrase is within double quotation marks.
Signed-off-by: Jouni Malinen <j@w1.fi>
White space is a valid SSID character so completion routine for
networks should only use tab as word separator.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Add command completion routines for remove_network, select_network,
disable_network, and enable_network commands.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Add command completion routine for get_network and set_network that
guide user with both network id and network parameters.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
To be able to reuse the add/del word utility functions for lines containing
tabs allow both space and tab as word separators.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Extend interface_add and interface_remove commands via an optional
argument to allow wpa_supplicant to create/delete a new virtual
interface.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
wpa_cli already implements a command history file for easy accessing
commands previously used. Enable the functionality on Android, too.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Old code defaulted to WEP for an AP advertising OSEN. Show as OSEN
instead. Re-use most of the RSN parsing logic since all but the header
is the same.
Example output:
[root@ath9k-f lanforge]# ./local/bin/wpa_cli -i sta0 scan_results
bssid / frequency / signal level / flags / ssid
00:0e:8e:6f:40:49 2462 -23 [OSEN-OSEN-CCMP][ESS] ben-138
Signed-off-by: Ben Greear <greearb@candelatech.com>
System tray icon can be set to 5 different pictographs according to the
connection status. One for disconnected state (not associated with the
network, or not connected with the wpa_supplicant service), and four for
connected status (showing the signal strength on the receiver).
By default this functionality is disabled. The reason for this, is the
fact, that the underlaying approach of this functionality is poll based,
which might be considered as a non-efficient one. Update interval has to
be set explicitly by the user with '-m<seconds>' command line argument.
Status icon names are based on various Gnome icon packs (e.g., Faba).
When icon can not be found, default one is shown (wpa_gui logo).
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
This extends NL80211_CMD_ROAM event processing to allow the driver to
roam to another ESS (different SSID) when using offloaded BSS selection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
wpas_add_interworking_elements() does not need to do this since the
caller is already checking whether Interworking is enabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
Always add the Extended Capabilities element to Probe Request frames (in
case it is not all zeros) to publish support for driver advertised
capabilities and wpa_supplicant specific capabilities.
This also fixes the case where Extended Capabilities element was added
for Interworking cases, but did not use the driver advertised ones and
did not handle other capabilities supported by wpa_supplicant.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
If all networks are temporarily disabled, delay AP selection until at
least one network is enabled. Running AP selection when all networks are
disabled is useless as wpa_supplicant will not try to connect. In
addition, it will result in needless scan iterations that may delay the
connection when it is needed.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
When disconnecting from a BSS, the next scan is optimized to scan only
the channels used by the connected ESS. But when disconnecting because a
new network was selected, this optimization is wrong because
wpa_supplicant is now trying to connect to another ESS. Fix this by not
optimizing the scan frequencies in case the selected network has
changed.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Extend p2p_service_del asp command to support 'all' parameter to delete
all ASP service advertisements.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Delete all ASP serice advertisement on wpas_p2p_service_flush similarly
to Bonjour and UPnP services.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
The channel list can be changed as a result of arriving beacon hints
during normal scan or as a result of local Reg-Domain change. Some
passive channels can become active and needs to be reconfigured
accordingly for the scheduled scan.
This fixes the connection to hidden SSIDs on 5 GHz band during default
Reg-Domain 00 (world roaming).
Signed-off-by: Victor Goldenshtein <victorg@ti.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Reject external scan request while either ANQP fetch or Interworking
select is in progress. Not doing so could lead to a situation in which
Interworking automatic network selection does not get triggered because
of a new scan result event forcing the ANQP fetch cycle to be disrupted
and restarted all over again. Interworking automatic network selection
is only triggered when AQNP fetch cycle, that is, ANQP exchange with
every Interworking capable BSS in the current BSS list, is completed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
SChannel/CryptoAPI as a TLS/crypto library alternative was never
completed. Critical functionality is missing and there are bugs in this
implementation. Since there are no known plans of completing this
support, it is better to remove this code.
Signed-off-by: Jouni Malinen <j@w1.fi>
In the commit 77b244d577a7cb5c928478627af6687a0733193d9 ('wpa_gui: Quiet
mode - disable tray icon messages') a new parameter has been introduced,
but it was not documented. This commit fixes this omission.
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
Some config parameters were missing in the "set" command completion
routine. Add missing parameters and while at it put the parameters
under compiler switches so only valid ones are shown.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Add support to retrieve IPv4 config variables with the "get" control
interface command. This allows the ip_addr_* parameters for P2P+NFC
IP address assignment to be fetched from the GO.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
wpa_supplicant/p2p_supplicant.c has reached almost 10000 lines in length
and was getting a bit inconvenient to edit, so start splitting it into
separate files.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the AP mode more consistent with other modes by providing a
matching pair of CTRL-EVENT-CONNECTED and CTRL-EVENT-DISCONNECTED event
messages.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like "hardware does not support required rate 1.0 Mbps" has
started showing up in some hwsim test cases as a reason for failure.
This should not really occur with mac80211_hwsim, so add more details to
the debug print to make it easier to figure out what exactly happened.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends the TDLS operation request mechanism to allow TDLS
Discovery Request to be initiated by the driver similarly to the
existing Setup and Teardown requests.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible to leave the driver in mesh point state if upper layer
mesh initialization failed in wpa_supplicant_mesh_init(). With nl80211,
this results in the vif being left in mesh point mode instead of
restoring it to station mode. That seems to break normal functionality,
e.g., for Public Action frame TX/RX. Fix this by restoring station mode
on mesh failure path.
This error could be triggered, e.g., with the following hwsim test case
sequence: wpas_mesh_secure_sae_missing_password
nfc_p2p_static_handover_tagdev_go_forced_freq
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add radar event processing logic for AP/P2P GO. The DFS processing
functions from hostapd are now used for these wpa_supplicant cases as
well for both offloaded and non-offloaded DFS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add P2P changes to allow bringing up P2P autonomous GO on a DFS channel
if DFS functionality is offloaded to the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, it was possible for wpa_state to be left at SCANNING if
INTERWORKING_SELECT command failed to find any match. Now the state is
set to DISCONNECTED if the operation terminates because of no matching
networks.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When there is no channel preference mentioned by user, auto GO
can be started on any of the 5 GHz channels supported for P2P.
Consider operating classes 115 and 124 which do not require DFS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 3f9ebc439c ('P2P: Allow AP/GO
interface to be started while P2P-in-progress') moved the
wpa_s->connect_without_scan and wpa_s->last_scan_req checks to an
earlier place within the wpa_supplicant_scan() function without
adjusting wpa_s->last_scan_req. This variable was set between the old
and new location, so the new location needs to use wpa_s->scan_req.
This fixes an issue where AP/GO operations were not properly started in
some operation sequence. Instead, a station mode scan was executed. This
issue could be triggered, e.g., by running the no_go_freq test case
followed by autogo_random_channel.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit introduces a callback to notify any configuration updates
from the eap_proxy layer. This is used to trigger re-reading of IMSI and
MNC length.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Static analyzers may warn about dereference before NULL check in
wpas_network_disabled() due to the new code added to check
wpa_s->p2p_mgmt. wpa_s cannot be NULL here, so remove the unneeded check
for it later in the function. (CID 106124)
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_supplicant_deinit_iface() ends up removing all P2P groups if the
removed interface is the parent interface. This is correct behavior in
general, but this resulted in issues in the new group interface
initialization error path since wpa_s->parent was not assigned before
hitting this check. Fix this by assigning wpa_s->parent as part of
wpa_supplicant_add_iface().
Signed-off-by: Jouni Malinen <j@w1.fi>
There are number of cases where wpa_supplicant requests the current
connection to be disconnected before starting a new operation. Such
cases do not really indicate that there was an error in connecting or a
disconnection initiated by the AP, so do not add a temporary blacklist
entry in such sequences.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for the P2P_CONNECT control interface command to be
issued on an incorrect interface. While the upper layer component should
really use global control interface for this, make this work by
redirecting the command to the correct context if needed.
Signed-off-by: Jouni Malinen <j@w1.fi>
The dedicated P2P management instance (wpas->p2p_mgmt == 1) using
cfg80211 P2P Device cannot be used for non-P2P uses or connection (there
is no netdev). Reject or ignore such operations to avoid unexpected
operations if enabled network blocks are configured in the
wpa_supplicant instance used to control this interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
The optional freq=<MHz> can now be used with the P2P_FIND command to
specify a single channel to scan during the first round of P2P search.
For example, this can be used to replace the full initial scan with a
single channel scan of a known operation channel.
Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
This reverts commit 3df2f4fe99 ('P2P:
Remove unused P2P_SCAN_SPECIFIC') with a modification to fit the current
code base.
Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
Commit 563ee1832b ('IBSS: Add support for
VHT80 configuration') got merged in incorrectly with one i/j swap
missed.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Commit a1b790eb9d ('Select AP based on
estimated maximum throughput') had a copy-paste bug than ended up
leaving one of the max_ht40_rate() cases unreachable. (CID 106087)
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, within-ESS roaming was skipped if the selected BSS did not
have a higher signal strength than the current BSS regardless of AP
capabilities. This could result in not moving to a BSS that would
provide higher throughput, e.g., due to larger channel bandwidth or
higher rates (HT/VHT MCS).
Use estimated throughput information from scan result processing to
allow within-ESS roaming if the selected BSS is likely to provide better
throughput even if the current BSS has larger RSSI.
Signed-off-by: Jouni Malinen <j@w1.fi>
These values were previously used only for sorting the scan results, but
it may be useful to provide access to the used values through the BSS
entries.
Signed-off-by: Jouni Malinen <j@w1.fi>
This modifies the BSS selection routines to calculate SNR and estimated
throughput for each scan result and then use the estimated throughput as
a criteria for sorting the results. This extends the earlier design by
taking into account higher throughput rates if both the AP and local
device supports HT20, HT40, or VHT80. In addition, the maximum rate is
restricted based on SNR.
In practice, this gives significantly higher probability of selecting
HT/VHT APs when there are multiple BSSes in the same ESS and SNR is not
low enough to prevent higher MCS use.
Signed-off-by: Jouni Malinen <j@w1.fi>
"make -C wpa_supplicant libwpa_ctrl.a" can now be used to build a static
library that can be linked with external programs using wpa_ctrl.h. This
makes it easier to create a separate library package that does not
depend in any other hostap.git file other than src/common/wpa_ctrl.h and
the libwpa_ctrl.a built with this new make target.
Signed-off-by: Jouni Malinen <j@w1.fi>
When an EVENT_SIGNAL_CHANGE occurs the bgscan is informed about this
change but the new RSSI value is not stored. In consequence, when
roaming candidates are evaluated, the RSSI value of the current BSS used
to compare is an old one obtained during the last scan rather than the
new one given by the signal change event. This leads sometimes to bad
decision when selecting a new BSS for roaming.
This patch solves the issue by updating the current BSS level when
receiving a signal change event in order to have a very up-to-date
current signal value when choosing an new BSS.
Signed-off-by: Matthieu Mauger <matthieux.mauger@intel.com>
When stopping the TKIP countermeasures, it would be preferable to
connect immediately. However if scheduled scan is in progress,
a connection attempt will be done only when scan results are received,
so cancel the scheduled scan to allow immediate scan and connection
attempt.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Read p2p_go_ctwindow (0-127 TUs) from the config file, and pass it to
the driver on GO start.
Use p2p_go_ctwindow=0 (no CTWindow) by default.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
In addition, add support for returning the capability list through
the BSS control interface command.
Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
In addition, add support for returning the capability list through the
BSS control interface command.
Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
Instead of calling a dummy printf function use preprocessor to determine
if debugging mode is enabled. Also use native Qt debug function.
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
If a matching IBSS is found in scan results, change requested frequency
to match and disable OBSS scan.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Add fixed_freq=<0/1> network block parameter and pass it to the driver
when starting or joining an IBSS. If this flag is set, IBSS should not
try to look for other IBSS networks to merge with on different channels.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
The new reassoc_same_bss_optim=1 configuration parameter can now be used
to request wpa_supplicant to bypass the unnecessary Authentication frame
exchange when reassociating back to the same BSS with which the device
is already associated. This functionality is disabled by default since
it may cause undesired interoperability issues with some APs.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit c35e35ed81 ('Add passive_scan
configuration parameter') used incorrect parameter name when writing the
passive_scan parameter into a configuration file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new "DUMP" and "SET <variable>" control interface commands can be
used to fetch global wpa_supplicant configuration parameters.
Signed-off-by: Ola Olsson <ola.olsson@sonymobile.com>
This can be used to provide more control to upper layers on network
blocks generated as part of Interworking network selection.
INTERWORKING_ADD_NETWORK behaves otherwise identically to
INTERWORKING_CONNECT, but it does not request a new connection after
having added the network block and it returns the network id of the
added network.
INTERWORKING_ADD_NETWORK followed by REASSOCIATE would behave more or
less identically to INTERWORKING_CONNECT, but this allows the created
network profile to be modified, if desired, and/or stored externally.
SELECT_NETWORK can also be used with the network id returned from
INTERWORKING_ADD_NETWORK to enforce that specific network profile to be
used for the next connection (though, it should be noted that this
behavior may not meet all Hotspot 2.0 requirements if there were other
enabled networks that could have higher priority).
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit b31be3a0fd ('P2P: Add automatic GO
Negotiation vs. join-a-group selection') added this P2P_CONNECT 'auto'
parameter, but did not update any documentation on it.
Signed-off-by: Jouni Malinen <j@w1.fi>
If a separate P2P group interface was used, P2P_CONNECT-auto fallback to
GO Negotiation could result in use of freed memory and segmentation
fault. This happened in cases where the peer GO was found in some old
scans, but not in the first scan triggered by the P2P_CONNECT-auto
command ("P2P: Peer was found running GO in older scan -> try to join
the group" shows up in the debug log). In addition, the GO would still
need to reply to PD Request to allow this code path to be triggered.
When five scans for the GO were completed in this sequence, the P2P
group interface was removed as part of falling back to GO Negotiation.
However, that ended up dereferencing the freed wpa_s instance at the end
of scan event processing. Fix this by reordering code a bit and breaking
out from EVENT_SCAN_RESULTS processing if the interface could have been
removed.
Signed-off-by: Jouni Malinen <j@w1.fi>
When SAE authentication fails, wpa_supplicant retries four times. If all
the retries result in failure, SAE state machine enters BLOCKED state.
Once it enters this state, wpa_supplicant doesn't retry connection. This
commit allow connection retries even if the state machine entered
BLOCKED state.
There could be an opinion "Is this patch needed? User could know the SAE
state machine is in the BLOCKED mode by MESH-SAE-AUTH-BLOCKED event.
Then user can retry connection. By user action, SAE state machine can
change the state from BLOCKED to another.". Yes, this is a true at the
joining mesh STA. However, a STA that is already a member of existing
mesh BSS should not retry connection because if the joining mesh STA
used wrong password, all the existing STA should do something from UI to
retry connection.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Send MESH-SAE-AUTH-BLOCKED event if SAE authentication is blocked. The
BLOCK state will finish when a new peer notification event is sent for
the same MAC address.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
SAE authentication fails likely with wrong password. This commit adds a
notification of the failure to the upper application (UI) so that the
application can notify suspection of a wrong password to the user. The
control interface monitor even for this is "MESH-SAE-AUTH-FAILURE
addr=<peer>".
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Commit 07cb45ccb2 ('mesh: Add no_auto_peer
config option') added a new struct wpa_ssid argument and added an
unnecessary parsing and setting of the value in
wpa_supplicant_ctrl_iface_update_network(). This is not needed since
wpa_config_set() takes care of parsing the parameters.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for a network profile to change its type from P2P
persistent group to a normal network and back. The D-Bus interface uses
different types of objects for those, so the object needs to
re-registered in case of type change. This fixes issues in leaving
behind an incorrect type of object and leaking memory when freeing such
a network block that has had its disabled parameter changed.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is a chance that wpa_supplicant may get killed during
the time it is writing config file. If this happens, user
information like SSIDs and passwords can be lost forever.
This change works around that by writing config to a
temporary file and then renaming the file to the correct name.
Signed-off-by: Vinit Deshpande <vinitd@google.com>
We should not enable HT if WEP or TKIP is configured.
Without the patch and WEP configuration we will get message:
Association request to the driver failed
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Do not claim to change the Listen channel in a debug message when
previously configured channel prevents this. In addition, fix a typo in
another related debug print.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The pending interface created during provision discovery should
not be removed on stopping p2p_find. This pending interface has
to be used after completing GO negotiation. Earlier the pending
interface is created just before GO negotiation so there was no
problem.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to allow P2PS related new control interface commands to
be redirected for proper context processing.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If P2PS config method is used for provisioning, upon forming a new GO,
start WPS registrar for the provisioned peer automatically.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This introduces a P2P module callback function that will be used to
create the pending P2PS group after sending PD Response and receiving
ACK status for it.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When the peer device is trying to form a new group despite having
old persistent group with same roles, remove the stale persistent
group.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds new wpa_supplicant control interface commands
P2P_ASP_PROVISION and P2P_ASP_PROVISION_RESP.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends wpas_p2p_prov_disc() implementation to accept P2PS
parameters. None of the callers are yet using this functionality; the
following commit introduces a user.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds a data structure for storing P2PS PD information and code to
add the related attributes into PD Request. The actual operation to
trigger this behavior will be added in a separate commit.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add support to parse received GAS requests for ASP services and
prepare GAS responses accordingly.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends the P2P_SERV_DISC_REQ control interface command with a new
"asp" service type. This takes service id, service string, and optional
service info as arguments.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In addition, add a new P2P_SERVICE_REP command that can be used to
replace existing ASP advertisements.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This provides additional WPS definitions and rules for negotiating use
of P2PS default PIN configuration method.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
P2PS seek strings can now be specified in the P2P_FIND control interface
command with one or more optional "seek=<str>" parameters.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for a Action frame sequence completion to stop an
ongoing offchannel remain-on-channel operation unexpectedly in cases
where TX operation was offloaded to the driver and such an operation
happened to occur during a previously started remain-on-channel (e.g.,
for P2P listen state).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the previously requested remain-on-channel for P2P
listen state to get canceled before having received driver event
indicating start of that remain-on-channel operation. In such a case,
the event was able to trigger P2P module to start processing listen
timeout even though there was not supposed to be a following listen
operation anymore. Skip the driver event if we are not waiting for a new
listen state.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When noise floor measurements are not available, compute SNR
using default values for the noise floor. This helps steer us
towards 5 GHz BSSes in high signal strength environments.
In more detail...
Existing code prefers a 5 GHz BSS when the 5 GHz BSS's signal
strength is "close" to that of the 2.4 GHz BSS, or when both SNRs
are large. However, the mwifiex driver does not provide noise
floor measurements, so we can't compute SNRs.
Because mwifiex doesn't provide NF measurements, the "large SNR"
code wasn't effective. By using default values for the noise floor,
we can again compute SNRs, and decide that the SNR is high enough
that we shouldn't worry about the exact difference in SNR.
The default noise floor values (one for 2.4 GHz, and one for 5 GHz)
were chosen by measurement in a noisy environment, so they should be
conservative.
Note that while this patch is motivated by mwifiex, it affects
ath9k as well. Although ath9k provides noise floor measurements
in general, it will sometimes fail to provide a measurement for
one or more specific channels.
As a result of this patch, we'll always compare BSSes based on SNR
(either measured or estimated), rather than sometimes comparing
based on signal strength. ("Always" assumes that the
WPA_SCAN_LEVEL_DBM flag is set. It is for mwifiex and ath9k.)
While there:
- fix a whitespace issue (spaces -> tab)
- clean up existing comments
- update dump_scan_res to indicate whether the noise floor is
measured, or default
Signed-hostap: mukesh agrawal <quiche@chromium.org>
For wired IEEE 802.1X authentication, phase1="allow_canned_success=1"
can now be used to configure a mode that allows EAP-Success (and
EAP-Failure) without going through authentication step. Some switches
use such sequence when forcing the port to be authorized/unauthorized or
as a fallback option if the authentication server is unreachable. By
default, wpa_supplicant discards such frames to protect against
potential attacks by rogue devices, but this option can be used to
disable that protection for cases where the server/authenticator does
not need to be authenticated.
When enabled, this mode allows EAP-Success/EAP-Failure as an immediate
response to EAPOL-Start (or even without EAPOL-Start) and EAP-Success is
also allowed immediately after EAP-Identity exchange (fallback case for
authenticator not being able to connect to authentication server).
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_supplicant used to request user to re-enter username/password if the
server indicated that EAP-MSCHAPv2 (e.g., in PEAP Phase 2)
authentication failed (E=691), but retry is allowed (R=1). This is a
reasonable default behavior, but there may be cases where it is more
convenient to close the authentication session immediately rather than
wait for user to do something.
Add a new "mschapv2_retry=0" option to the phase2 field to allow the
retry behavior to be disabled. This will make wpa_supplicant abort
authentication attempt on E=691 regardless of whether the server allows
retry.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some packages don't install its headers in the default directory
(e.g.: In Arch Linux libiberty and libn13 includes are installed)
in their own subdirectory under /usr/include) and the build fails
trying to find the headers.
This patch will allow passing extra CFLAGS values without discarding
the assignments made in the Makefile. The CFLAGS values in the Makefile
are ignored, if defined directly in the make command line.
Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596 ('bridge:
respect RFC2863 operational state') from 2012 introduced a regression
for using wpa_supplicant with EAPOL frames and a station interface in a
bridge. Since it does not look like this regression is going to get
fixed any time soon (it is already two years from that commit and over
1.5 from a discussion pointing out the regression), add a workaround in
wpa_supplicant to avoid this issue.
The wpa_supplicant workaround uses a secondary packet socket to capture
all frames (ETH_P_ALL) from the netdev that is in a bridge. This is
needed to avoid the kernel regression. However, this comes at the price
of more CPU load. Some of this is avoided with use of Linux socket
filter, but still, this is less efficient than a packet socket bound to
the specific EAPOL ethertype. The workaround gets disabled
automatically, if the main packet socket interface on the bridge
interface turns out to be working for RX (e.g., due to an old kernel
version being used or a new kernel version having a fix for the
regression). In addition, this workaround is only taken into use for the
special case of running wpa_supplicant with an interface in a bridge.
Signed-off-by: Jouni Malinen <j@w1.fi>
Currently, there is a race in open mesh networks where mesh STA A
receives a beacon from B and sends a peering open frame to initiate
peering. STA B, having not yet received a beacon from A and thus
created the corresponding station entry, will ignore all such open
frames. If the beacon interval is sufficiently long then peering
will not succeed as a result.
In fact B can simply create the station entry when the popen is
received, as is done in Linux's in-kernel MPM, avoiding the issue.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Previously, we would only free the station entry if a peering close
frame was received (freeing the station entry causes the kernel to
start sending peer candidate events again when suitable beacons are
received, triggering peering or authentication to restart).
The end result is the same in any case regardless of close reason:
if we leave holding state then peering has started again, so go
ahead and remove the station in all cases.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
The plink_state exists both wpa_supplicant and kernel. Synchronize them
with wpa_mesh_set_plink_state().
Signed-off-by: Kenzoh Nishikawa <Kenzoh.Nishikawa@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Drop the unneeded 'attempt' argument. This was originally used for
indicating an aborted PMKID caching attempt, but a fix in 2006 removed
the only such user and since that time, only attempt == 1 has been used.
Signed-off-by: Jouni Malinen <j@w1.fi>
This replaces the implementation in aes-wrap.c and aes-unwrap.c with
OpenSSL AES_wrap_key() and AES_unwrap_key() functions when building
hostapd or wpa_supplicant with OpenSSL.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use OpenSSL HMAC_* functions to implement HMAC-MD5 instead of depending
on the src/crypto/md5.c implementation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Connection with a PMF enabled AP will fail if we try to negotiate PMF
while the local driver does not support this. Since pmf=1 does not
require PMF for a successful connection, it can be ignored in such a
case to avoid connectivity issues with invalid configuration. This makes
it somewhat easier to allow upper layer programs to use pmf=1 default
regardless of driver capabilities.
Signed-off-by: Jouni Malinen <j@w1.fi>
This modifies struct wpa_ptk to allow the length of KCK and KEK to be
stored. This is needed to allow longer keys to be used, e.g., with
Suite B 192-bit level.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends GET_CAPABILITY command to allow the supported group
management frame cipher suites to be listed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There are lots of reasons we can fail to match an EAP credential, so add
logging to help determine why it is happening in various cases.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signal strength was sorted lexically rather than numerically, which
put "-100 dBm" before "-50 dBm" if sorted in descending order.
This change fixes that. It also treats frequency in the same
manner, preparing it for the IEEE 802.11ah.
Signed-off-by: Adrian Nowicki <adinowicki@gmail.com>
This new wpa_supplicant configuration parameter can be used to force
passive scanning to be used for most scanning cases at the cost of
increased latency and less reliably scans. This may be of use for both
testing purposes and somewhat increased privacy due to no Probe Request
frames with fixed MAC address being sent out.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The ANQP verification/parsing is done only after the GAS_DONE indication
is sent over the control interface. This means that in case the ANQP
parsing fails there is no indication to the upper layers. Add an
ANQP-QUERY-DONE event that reports the status of the ANQP parsing.
Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
The icon files and the osu-providers.txt that are generated may not have
proper permission for external programs to access. Set the access
permissions to the same as the permissions for osu_dir.
Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
In wpa_cli_cmd_interface(), try_connection(), and main(), ctrl_ifname
may be NULL and could be dereferenced depending on the printf()
implementation.
Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
Stop any ongoing P2P listen/find flow before starting invitation flow.
This was partially handled in p2p_invite() that called p2p_find(), but
this did not cleanly handle cases such as long_listen.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
A control interface call to flush the current state used the
current wpa_s to clear the P2P state even though it might not
be the interface controlling the P2P state.
Fix it by using the correct interface to flush the P2P state.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Publish support for Tx STBC in the HT capabilities of a GO and AP
controlled by wpa_supplicant in case the hardware supports it.
Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
external_scan_running should be common to all interfaces that share a
radio. This fixes a case where external_scan_running was set on a single
interface, but did not block scan on other interfaces.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Clear the reattach flags, in case a connection request did not trigger a
scan. This needs to be done to avoid leaving the reattach flag set for
the next scan operation which may not have anything to do with the
specific request that could have been optimized using the single-channel
single-SSID scan.
Signed-off-by: Ben <ben.rosenfeld@intel.com>
Use interface's own NFC configuration instead of parent's one
to support a P2P device dedicated interface.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
The length should be 14 and not 10.
The current situation causes failure during parsing of the command.
Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
This restores some of the pre-radio work behavior for scanning by
retrying scan trigger if the driver rejects it (most likely returning
EBUSY in case of nl80211-drivers). Retry is indicated in the
CTRL-EVENT-SCAN-FAILED event with "retry=1".
For manual scans (e.g., triggered through "SCAN" control interface
command), no additional retries are performed. In other words, if upper
layers want to retry, they can do so based on the CTRL-EVENT-SCAN-FAILED
event.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
For CONFIG_TESTING_OPTIONS=y builds, add a new test parameter than can
be used to trigger various error cases within wpa_supplicant operations
to make it easier to test error path processing. "SET test_failure
<val>" is used to set which operation fails. For now, 0 = no failures
and 1 = scan trigger fails with EBUSY. More operations can be added in
the future to extend coverage.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Current mesh code uses ap_max_inactivity as inactivity timer. This patch
makes it configurable.
There is another mesh inactivity timer in mac80211. The timer works even
if user_mpm=1. So this patch sets the max value to the timer for
workaround.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
It is easier to debug issues related to the wpa_supplicant control
interfaces being left behind in attached state when the debug log file
can be used to determine whether a specific monitor socket was a global
or per-interface one.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 17b8995cf5 ('Interworking: Try to
use same BSS entry for storing GAS results') added a mechanism to try to
pair GAS request and response to a single BSS entry to cover cases where
multiple BSS entries may exists for the same BSSID. However, that commit
did not cover the Hotspot 2.0 ANQP elements. Extend this mechanism to
all ANQP elements. This can help in cases where information in the
Hotspot 2.0 specific ANQP elements got lost if a hidden SSID or some
other reason of duplicated BSS entries was present while doing ANQP
fetches.
Signed-off-by: Jouni Malinen <j@w1.fi>
Move the wpa_bss_flush() call to the end of the function to allow any
pending user of a BSS entry to be cleared before removing the unused
entries. There were number of cases where BSS entries could have been
left in the list and this resulted in some hwsim test failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
This can be helpful in figuring out why the driver was requested to
flush its scan results prior to starting a new scan.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for interworking_find_network_match() to find a possible
BSS match in a case where more thorough checks in
wpa_supplicant_select_bss() reject network. This itself is fine, in
general, but when combined with wpa_supplicant_fast_associate()
optimization and auto_interworking=1, this resulted in a busy loop of up
to five seconds and a possible stack overflow due to recursion in that
loop.
Fix this by limiting the Interworking wpa_supplicant_fast_associate()
call to be used only once per scan iteration, so that new scan
operations can be completed before going through the scan results again.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reduce maximum stack use by starting next ANQP fetch operation from an
eloop callback rather than calling interworking_next_anqp_fetch()
directly from interworking_start_fetch_anqp(). This avoids issues that
could potentially make the process run out of stack if long loops of
ANQP operations are executed in cases where automatic Interworking
network selection is used and scan results do not have a full match for
a network.
Signed-off-by: Jouni Malinen <j@w1.fi>
For Interworking connection to work, the SSID of the selected BSS needs
to be known to be able to associate with the AP. It was possible for the
scan results to include two BSS entries matching the BSSID when an
earlier scan with that AP has shown a hidden SSID configuration (e.g.,
when running hwsim test cases, but at least in theory, this could happen
with real use cases as well). When that happened, the incorrect BSS
entry may not have included RSN configuration and as such, it would get
rejected for Interworking connection.
Fix this by confirming that the selected BSS entry has a real SSID. If
not, try to find another BSS entry matching the same BSSID and use that,
if found with an SSID.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is similar with domain_suffix_match, but required a full match of
the domain name rather than allowing suffix match (subdomains) or
wildcard certificates.
Signed-off-by: Jouni Malinen <j@w1.fi>
A new "CTRL-EVENT-EAP-PEER-ALT depth=<i> <alt name>" event is now used
to provide information about server certificate chain alternative
subject names for upper layers, e.g., to make it easier to configure
constraints on the server certificate. For example:
CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:server.example.com
Currently, this includes DNS, EMAIL, and URI components from the
certificates. Similar information is priovided to D-Bus Certification
signal in the new altsubject argument which is a string array of these
items.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes D-Bus network profile Set(Properties) clear cached EAP data
similarly to how SET_NETWORK does for control interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier for upper layer applications to get information
regarding the server certificate without having to use a special
certificate probing connection. This provides both the SHA256 hash of
the certificate (to be used with ca_cert="hash://server/sha256/<hash>",
if desired) and the full DER encoded X.509 certificate so that upper
layer applications can parse and display the certificate easily or
extract fields from it for purposes like configuring an altsubject_match
or domain_suffix_match.
The old behavior can be configured by adding cert_in_cb=0 to
wpa_supplicant configuration file.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new VENDOR_ELEM value 13 can now be used to add a vendor element
into all (Re)Association Request frames, not just for P2P use cases like
the previous item was for.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier for upper layer programs to figure out whether the
wpa_supplicant and and the driver supports mesh.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier for upper layer programs to figure out whether the
wpa_supplicant and and the driver supports SAE.
Signed-off-by: Jouni Malinen <j@w1.fi>
This new wpa_supplicant and hostapd control interface command can be
used to determine which TLS library is used in the build and what is the
version of that library.
Signed-off-by: Jouni Malinen <j@w1.fi>
At least MinGW did not have ENOTCONN, EOPNOTSUPP, ECANCELED, so define
these to allow the build to go through.
wpas_rrm_send_neighbor_rep_request() is not really used on Windows, so
the exact error code values do not make any difference here.
Signed-off-by: Jouni Malinen <j@w1.fi>
NSS as a TLS/crypto library alternative was never completed and this
barely functional code does not even build with the current NSS version.
Taken into account that there has not been much interest in working on
this crypto wrapper over the years, it is better to just remove this
code rather than try to get it into somewhat more functional state.
Signed-off-by: Jouni Malinen <j@w1.fi>
These were already covered in both README-HS20 for credentials and in
header files for developers' documentation, but the copy in
wpa_supplicant.conf did not include all the details. In addition, add a
clearer note pointing at subject_match not being suitable for suffix
matching domain names; domain_suffix_match must be used for that.
Signed-off-by: Jouni Malinen <j@w1.fi>
In many applications it is useful not just to enumerate a group of well
known access points, but to use a address/mask notation to match an
entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00).
This change expands the data structures used by MAC lists to include a
mask indicating the significant (non-masked) portions of an address and
extends the list parser to recognize mask suffixes.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
This change adds the configuration options "bssid_whitelist" and
"bssid_blacklist" used to limit the AP selection of a network to a
specified (finite) set or discard certain APs.
This can be useful for environments where multiple networks operate
using the same SSID and roaming between those is not desired. It is also
useful to ignore a faulty or otherwise unwanted AP.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
This change generalizes the code used for parsing the configuration
option 'p2p_client_list' and makes it suitable to use it in other
contexts.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
There should not be a mesh-specific mechanism for setting up channel
parameters since that will just result in duplicated code. IBSS, mesh,
and AP mode can use the same data structures and parameters for setting
up such parameters.
Signed-off-by: Jouni Malinen <j@w1.fi>
Automatically enable HT20, HT40+, HT40-, or VHT, based on driver
capabilities. This obsoletes the mesh_ht_mode network block parameter
that was previously used to configure HT parameters.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add WPA_DRIVER_FLAGS_HT_IBSS driver feature flag. Some drivers could not
set this feature and next could fail when we will enable HT support for
IBSS with error message: nl80211: Join IBSS failed: ret=-22 (Invalid
argument).
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
When performing SAE authentication in mesh, one station may
initiate authentication by sending a COMMIT as soon as a peer
candidate is discovered. Previously we did this in mesh_rsn.c,
but this left some of the state initialization in a different
part of the code from the rest of the state machine, and we may
need to add other initializations here in the future, so move
that to a more central function.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Try to be a bit more consistent by using NoMemory instead of InvalidArgs
if os_strdup() fails in the CreateInterface handler.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for the interface not to be marked in INTERFACE_DISABLED
state in case the event was processed for P2P GO because the wpa_s
instance could have been removed in case of a separate group interface.
Change the state first to avoid leaving different state for the case
where separate group interface is not used.
Mark scan to be a normal scan on INTERFACE_ENABLED so that scanning
rules (e.g., skip scan if no networks enabled) get used consistently.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is a race condition between receiving an AP stopped event and
netdev down event. These resulted in different group removal reasons on
a GO device (UNAVAILABLE for stop AP event coming first and REQUESTED
for netdev event first). Make this more consistent by reporting
UNAVAILABLE for both possible cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new control interface command TEST_ALLOC_FAIL and GET_ALLOC_FAIL can
now be used to trigger memory allocation failures for testing purposes.
TEST_ALLOC_FAIL sets a failure conditions with
<count>:func[;func][;func]... string and GET_ALLOC_FAIL returns the
current state using the same format. Whenever an allocation is made with
a matching backtrace of calling functions, the count is decremented by
one and once zero is reached, the allocation is forced to fail.
Function names can be prefixed with either '=' or '?' to get different
matching behavior. '=' requires this specific function to be the next
one in the backtrace (i.e., do not skip any other functions in the list
which is the default behavior). '?' allows the function to be optionally
present in the backtrace.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for this function to get called even if D-Bus
registration had failed, so the path can be NULL here.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for this function to be called even if D-Bus interface
registration has failed. Avoid a D-Bus assert in such a case.
Signed-off-by: Jouni Malinen <j@w1.fi>
entry->strarray_value was left to point to freed memory in case
os_realloc_array() failed. This resulted in the following
wpa_dbus_dict_entry_clear() trying to free an already freed memory area.
In addition, the separately allocated strings in the array would have
been leaked in such a case. Furthermore, wpa_dbus_dict_entry_clear() was
not prepared for the possibility of the initial os_calloc() call failing
and entry->strarray_value being NULL without array_len being cleared to
zero. That would have resulted in reading uninitialized memory and NULL
pointer dereference.
Signed-off-by: Jouni Malinen <j@w1.fi>
entry->bytearray_value was left to point to freed memory in case
os_realloc_array() failed. This resulted in the following
wpa_dbus_dict_entry_clear() trying to free an already freed memory area.
Signed-off-by: Jouni Malinen <j@w1.fi>
add_interface() did not check for os_strdup() return value and could end
up dereferencing a NULL pointer if memory allocation failed.
Signed-off-by: Jouni Malinen <j@w1.fi>
The error reply needs to be sent out as a response. The "out" label was
in incorrect place to allow that to happen; instead, it ended up leaking
memory for the generated reply message.
Signed-off-by: Jouni Malinen <j@w1.fi>
If setSmartcardModules() fails to allocate memory with os_strdup(), the
allocated items in the dict entry were not freed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This moves the AES-SIV test case from tests/test-aes.c to be part of
wpa_supplicant module testing framework with a new
src/crypto/crypto_module_tests.c component. In addition, the second test
vector from RFC 5297 is also included for additional coverage.
Signed-off-by: Jouni Malinen <j@w1.fi>
1. Supported MAC address randomization for scan.
2. Supported MAC address randomization for scheduled scan.
2. Supported MAC address randomization for pno.
4. Add functions to set and clear the MAC address randomization
state variables.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
For the start operation, this includes appropriate parameters for
specifying channel and peer information. The cancel operation includes
peer information.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
The supplicant code does not try to control the actual channel of the
radio at any point. It simply passes the target peer and channel
parameters to the driver. It's the driver's responsibility to
periodically initiate TDLS channel-switch operations when TDLS
channel-switching is enabled.
Allow enable/disable operations to be invoked via the control interface.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
The specification requires the tspecs to be kept upon reassociation to
the same BSS. Save the last tspecs before such reassociation, and
reconfigure on the association notification.
Note that the current flow is not transparent to the user
(it is notified about deauth/reassoc and tspec removal/addition).
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Some APs add their custom (vendor-specific) IEs to the Association
Response frame. Fail WMM AC initialization only if Association Response
frame IE parsing actually failed, i.e., ignore all unknown IEs.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
In case of roaming, we don't get disassoc notification, but
still want to remove the existing tspecs.
Move the wmm_ac_notify_disassoc() call to the state change
function, which get called also on roaming.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Previously, role="enrollee" was required to be used to allow the AP mode
WPS operation to be started. This is incorrect since the AP/GO will
operate in Registrar role. Fix this by ignoring the role parameter when
AP (including P2P GO) mode is enabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
Start of station-mode WPS PBC/PIN/Registrar/NFC operation would result
in the AP mode getting disabled. This can be particularly confusing for
the P2P GO case where the group would need to be stopped cleanly. As
such, it is better to reject these invalid operations rather than trying
to handle all corner cases needed to allow this to work robustly.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to limit this property based on the role of the device
in the group, so return the passphrase if it is available. It will be
available in GO role and it may be available in P2P Client role based on
whether the peer GO provided it during the WPS provisioning step.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was returning a byte array of the pointer to the PSK, not the
actual PSK, due to incorrect use of
wpas_dbus_simple_array_property_getter(). In addition, there is no need
to limit this property based on the role of the device in the group, so
return the PSK if it is available (which it will be for both GO and P2P
Client roles).
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to have separate wpa_printf() and different error
message strings for the unlikely out-of-error messages. Use a helper
function, wpas_dbus_error_no_memory(), to get consistent behavior with a
one-line call.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 6aeeb6fa21 ('dbus: clean up new
D-Bus interface getters and setters') redesigned the property
getter/setter calls in a way that made the
wpas_dbus_error_unknown_error() note about message being NULL in some
cases obsolete. All the remaining callers are from method handler
functions that must have a valid message. Remove the obsolete notes and
unnecessary messsage == NULL check.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to have multiple separate return statements for error
cases in a sequence of operations. In addition, there is not much point
in "converting" boolean return values with "if (!res) return FALSE;
return TRUE;" style constructions.
Signed-off-by: Jouni Malinen <j@w1.fi>
net_id_str can be NULL and that must be checked for to avoid NULL
pointer dereference if an invalid persistent_group_object path is used
with these methods.
Signed-off-by: Jouni Malinen <j@w1.fi>
None of the new D-Bus interface cases use the bssid_part in
decompose_object_path (while the old interface ones do). As such, this
is dead code and can be removed. In addition, the P2P addition here was
pretty ugly extension. Replace these with a cleaner way of passing the
separating string (e.g., "Networks") from the caller and returning the
requested item.
In addition, there is no need to allocate the returned item separately,
so use a single allocation and a pointer to that allocated memory. This
will make it easier for callers to have to free only a single
allocation. This is also fixing a memory leak in P2P invitation
persistent group case where the caller had missed the need to free the
returned values.
Signed-off-by: Jouni Malinen <j@w1.fi>
This helper function does not modify peer_path, so mark it const. In
addition, there is no point in callers to check separately whether
peer_path is NULL since that is taken care of by this helper function.
Signed-off-by: Jouni Malinen <j@w1.fi>
This cannot be NULL when an interface is in use. There is not much point
in couple of functions checking this while large number of other places
do not.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds the message signature to the new D-Bus interface message
handler and similar prints to the old interface messages handlers.
Signed-off-by: Jouni Malinen <j@w1.fi>
eloop_is_timeout_registered() was called with incorrect context argument
which meant that the pending timeout would have never been found.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_supplicant_deauthenticate() call needs to happen before
wpa_config_remove_network(). Freed memory could be dereferenced if
removeNetwork method was issued on the currently connected network.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like both gcc and clang optimize the (entry.type != foo ||
entry.array_type != bar) in a way that ends up evaluating the second
condition even when the first one results in 0. While this is not really
what the C language requirements on short-circuit evaluation require,
the compiler likely assumes this can have no side effects and with both
type and array_type being comparable in a single 64-bit operation, this
can clearly be a bit more efficient. While the code behaves same in both
cases, valgrind does warn about use of uninitialized memory when the
second condition is evaluated (entry.array_type is not initialized if
entry.type != DBUS_TYPE_ARRAY).
To keep valgrind logs cleaner, initialize entry.array_type to
DBUS_TYPE_INVALID so that these compiler optimizations do not result in
reading uninitialized memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
The logic in wpas_dbus_signal_p2p_provision_discovery() seemed to imply
that there could be a case where _signal would be used uninitized. While
that is not the case since either (request || !status) or (!request &&
status) would always be true, some compilers do not seem to be clever
enough to figure that out to avoid the warning. Make this easier for
such compilers by removing the (!request && status) condition since it
is identical to !(request || !status).
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 911e97e400 ('DBus: Refactor array
adding, add binary arrays') introduced WPAS_DBUS_TYPE_BINARRAY as an
internal fake type for array_type. However, it selected this value to be
(DBUS_NUMBER_OF_TYPES + 100) = 116 = 't'. This happens to conflict with
DBUS_TYPE_UINT64 ((int) 't'). While none of the existing array_type use
cases supported UINT64, it is much clearer if WPAS_DBUS_TYPE_BINARRAY
has a value that does not match any existing DBUS_TYPE_* value. Replace
this with '@' (64).
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to allow Set(P2PDeviceConfig) to clear the
VendorExtension array (i.e., to remove all configured vendor
extensions). Previously, such an attempt was met with a D-Bus assert and
rejection of the operation.
Signed-off-by: Jouni Malinen <j@w1.fi>
The wps_vendor_ext array can be set using D-Bus Set(P2PDeviceConfig)
with the VendorExtension key in the dictionary. However, there was no
code for freeing the allocated memory when the interface is removed.
Signed-off-by: Jouni Malinen <j@w1.fi>
The ServiceDiscoveryRequest signal uses int32 for encoding dialog_token
for some reason (even though this is a u8 field).
ServiceDiscoveryResponse is supposed to accept the values from the
signal as-is, so extend that to accept int32 in addition to the
previously used uint32.
Signed-off-by: Jouni Malinen <j@w1.fi>
The earlier implementation seemed to require a strange extra
encapsulation with a dictionary for setting the WPSVendorExtensions
property while this was defined to have aay signature and the get
operation did indeed return and array of array of bytes without that
dictionary. Fix this to accept aay format for the setter as well. Keep
support for the old dictionary encapsulation format for backwards
compatibility.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible to add WPS vendor extensions through the D-Bus
WPSVendorExtensions setter, but these extensions were not freed when the
P2P GO was stopped or when replacing previously configured extensions.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to keep temporary keys in memory beyond the end of the
association, so explicitly clear any SAE buffers that can contain keys
as soon as such keys are not needed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, the main PSK entry was cleared explicitly, but psk_list
could include PSKs for some P2P use cases, so clear it as well when
freeing config_ssid instances.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to leave this temporary key in stack memory after
having been configured to the WPA state machine.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to leave the PSK from temporary Credential structure
that was built in stack after that Credential has been passed to the WPS
module.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is more of a theoretical case since this part is done only during
setup and the structure is not allocated in practice. Anyway,
maintaining more consistent use of bin_clear_free() for structures that
may contain keys is useful.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was already verified to be non-NULL above and there is no point in
having an extra check after the pointer has already been dereferenced.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpas_dbus_decompose_object_path() may leave the network part NULL on
unexpected path. This resulted in NULL pointer dereference when
processing an invalid removeNetwork or selectNetwork call. Fix this by
explicitly verifying that the network part was included in the object
path.
Signed-off-by: Jouni Malinen <j@w1.fi>
The "Invalid blob name" string was not shown since the zero-length name
was used regardless of first verifying that it should not be allowed.
Signed-off-by: Jouni Malinen <j@w1.fi>
External WPS Registrar operation requires the BSSID to be specified, so
the old D-Bus interface better apply that requirement as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for the persistent group object to be added and removed
by non-D-Bus triggers (e.g., ctrl_iface commands). The add part was
already handled, but removal was not. That resulted in memory leaks when
a P2P persistent group was removed without using an explicit D-Bus
command for this even if the object was added without D-Bus involvement.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpas_dbus_simple_property_getter() cannot be used with NULL
DBUS_TYPE_STRING, so replace that with an empty string to handle the
case of no config_methods parameter in the configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for the peer to be a non-P2P device and as such, for
p2p_dev_addr to be NULL. This resulted in NULL pointer dereference if
D-Bus interface was enabled for the interface when a legacy STA joined a
group.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for old scan state to remain from a previous test case
when an operation like WNM neighbor scan or another-BSS-in-ESS was
started, but stopped at the end of a test case. This could result in
failures, e.g., when running wnm_bss_tm_req followed by scan_setband.
Signed-off-by: Jouni Malinen <j@w1.fi>
This converts most of the remaining perror() and printf() calls from
hostapd and wpa_supplicant to use wpa_printf().
Signed-off-by: Jouni Malinen <j@w1.fi>
struct wpa_driver_associate_params moved to using struct
hostapd_freq_params instead of just frequency. Need to update wpa_priv
to do same.
Signed-off-by: Jouni Malinen <j@w1.fi>
Even if the UUID would have a mismatch, e.g., due to no UUID known for
the target in a new WPS PBC instance, do not indicate PBC session
overlap if the BSSID is same in the two entries. This should not really
happen in normal use cases, but can happen at least in some test
scenarios where the same BSSID is used in consecutive test cases and the
old BSS entry remains in cfg80211 cache.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is a possible race condition between receiving the
NEW_PEER_CANDIDATE event and the Authentication frame from the peer.
Previously, if the Authentication frame RX event was indicated first,
that frame got dropped silently. Now, this frame is still dropped, but a
copy of it is stored and the frame gets processed on the following
NEW_PEER_CANDIDATE event if that is received for the same peer within
two seconds.
Signed-off-by: Jouni Malinen <j@w1.fi>
Include only the potentially affected channel range in OBSS scans to
reduce the amount of offchannel time needed for scanning when requested
by the AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
ap_ft_sae test case managed to hit a somewhat unclear error case which
resulted in "WPA: Failed to select WPA/RSN" print and not enough
information to figure out what exactly had went wrong.
Signed-off-by: Jouni Malinen <j@w1.fi>
Maximum number of peer links is maximum number of connecting mesh peers
at the same time. This value is 0..255 based on the
dot11MeshNumberOfPeerings range.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Unexpected trailing zero causes following error.
wpa_supplicant.sgml:472:53:E: character data is not allowed here
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This helps hwsim test cases by avoiding undesired state from previously
executed test cases affecting following tests.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit faf9a8585d added mechanism for
selecting 2.4 or 5 GHz band for scan operation. However, no mechanism
for setting the setband value was added at that time. This commit adds a
new SET ctrl_iface parameter to allow the setband functionality to be
used. "SET setband <AUTO/5G/2G>" can be used to select all bands, 5 GHz
band only, or 2.4 GHz band only.
Signed-off-by: Jouni Malinen <j@w1.fi>
Android framework maintains a state to process the scan results after
the scan is issued. If wpa_supplicant issues the scan during the
initialization, the one issued by the framework may fail (with EBUSY) if
the host driver is already processing the scan. Thus, the scan results
returned for the first scan triggered by wpa_supplicant are not
processed for getting displayed resulting in delay for the display of
the first scan results after the Wi-Fi subsystem initialization. Thus,
trigger the scan only based on the framework request on Android.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
FAIL-BUSY was already returned for the case where a scan had been
started, but with the radio work design, it would have been possible to
schedule multiple scan requests if a non-scan radio work was in
progress. Multiple back-to-back scans are not usually very helpful, so
reject this type of cases where the SCAN command would be used to build
such a sequence.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
On receiving the cancel remain on channel event, the pending_tx
is scheduled immediately and returned. This was preventing
the wpas_p2p_listen_start function from execution thereby resulting
in termination of the long listen operation.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
The manual scan operations with the SCAN command are supposed to have
independent set of scan frequencies, so do not allow scan_freq
parameters to override scanned frequencies for scans that were triggered
with a SCAN command.
Signed-off-by: Jouni Malinen <j@w1.fi>
The mesh gate is used to bridge (or route) between mesh network and
another network. For example, mesh gate acts as router between mesh
network and IEEE 802.11 BSS network.
This command makes a virtual mesh interface to be used for mesh gate.
This command expects to be used like this.
wpa_cli -i wlan0 MESH_INTERFACE_ADD ifname=mesh0
wpa_cli -i mesh0 add_network
wpa_cli -i mesh0 set_network 0 ssid '"commell_2X_mmm"'
wpa_cli -i mesh0 set_network 0 mode 5
wpa_cli -i mesh0 set_network 0 frequency 2412
wpa_cli -i mesh0 set_network 0 key_mgmt SAE
wpa_cli -i mesh0 set_network 0 psk '"01234567"'
wpa_cli -i mesh0 mesh_group_add 0
wpa_cli -i wlan0 mesh_group_remove mesh0
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Since mesh functionality uses struct hostapd_data to maintain peer
state, the existing STA* control interface commands can be used to
display information about the peers.
Signed-off-by: Jouni Malinen <j@w1.fi>
Option '-p' of 'read' command may be unsupported in some POSIX-complete
shells. So replace 'read -p' with 'echo -n'/'read' pair.
Signed-off-by: Oleksandr Chumachenko <ledest@gmail.com>
If tray icon messages are perceived as disturbing, one can pass `-q`
parameter on the command line to disable them permanently.
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
Show associated network SSID in the tool tip message of the
application's tray icon. When network is not associated, then simple
"(not-associated)" message is shown.
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
Instead of just stopping connection process and network discovery,
report SAE failures to build Authentication frames (e.g., due to missing
password) as a connection failure to get the normal retry mechanism into
use.
Signed-off-by: Jouni Malinen <j@w1.fi>
Both the wpa_s->pending_action_src and src argument to
wpas_get_tx_interface() were used somewhat randomly. Make this more
consistent since these values are pointing to the same address and the
implementation is easier to understand when it is obvious that there is
only one address being used.
Signed-off-by: Jouni Malinen <j@w1.fi>
This function could not fail and it can be replaced with a single
line variable update that takes less code than the function call.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_bss_flush*() cannot fail and as such, there is no need for
wpa_supplicant_ctrl_iface_bss_flush() to return a value either.
Signed-off-by: Jouni Malinen <j@w1.fi>
This function cannot return negative value, so no need to check for
that. If there is not enough room in the buffer or if something
unexpected happens, 0 is returned.
Signed-off-by: Jouni Malinen <j@w1.fi>
Update the scan parameters in wpa_s only in case the scan command is
going to be executed. In other words, do not change the parameters for
an ongoing scan (the SCAN command is rejected with FAIL-BUSY) or if any
of the parameters is invalid.
Signed-off-by: Jouni Malinen <j@w1.fi>
The send_eapol() callback was used by driver_test.c, but with that
removed, there is no remaining users of the alternative EAPOL frame
transmitting mechanism in wpa_supplicant, i.e., all remaining driver
interfaces use l2_packet instead. Remove the send_eapol() to get rid of
unused code.
Signed-off-by: Jouni Malinen <j@w1.fi>
The space following the BSSID was not skipped properly if the following
parameter started with the "hs20:" prefix. For other cases, atoi() ended
up ignoring the space, but it is cleaner to skip it anyway for all
cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, any P2P capable interface was skipped in cross connection
uplink consideration. However, this ends up skipping more or less all
nl80211-based driver cases now since they mark the main interface P2P
capable. Relax this rule to allow the parent interface to be used as the
non-P2P station interface for cross connection purposes.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to get into more consistent state after the FLUSH
command. DISCONNECT followed by FLUSH could result in
wpa_s->disconnected being left to 1 and this resulted in a test failure,
e.g., when running wpas_ctrl_dup_network followed by
wpas_ctrl_enable_disable_network where the latter was expecting
ENABLE_NETWORK on a disabled network to connect automatically and that
does not happen if wpa_s->disconnected == 1.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
While these are using practically large enoungh buffer sizes, it is
better to be more consistent with checking os_snprintf() return value.
Signed-off-by: Jouni Malinen <j@w1.fi>
This converts os_snprintf() result validation cases to use
os_snprintf_error() for cases that were note covered by spatch and
semantic patches.
Signed-off-by: Jouni Malinen <j@w1.fi>
This converts os_snprintf() result validation cases to use
os_snprintf_error() in cases where success condition was used to execute
a step. These changes were done automatically with spatch using the
following semantic patch:
@@
expression E1,E2,E3;
statement S1;
@@
E1 = os_snprintf(E2, E3, ...);
- if (\( E1 >= 0 \| E1 > 0 \) && \( (size_t) E1 < E3 \| E1 < (int) E3 \| E1 < E3 \))
+ if (!os_snprintf_error(E3, E1))
S1
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds verification of os_snprintf() result against the maximum
buffer length. These changes were done automatically with spatch
using the following semantic patch:
@@
expression E1,E2,E3;
statement S1;
@@
E1 = os_snprintf(E2, E3, ...);
- if (\( E1 < 0 \| E1 <= 0 \))
+ if (os_snprintf_error(E3, E1))
(
S1
|
{ ... }
)
Signed-off-by: Jouni Malinen <j@w1.fi>
This pointer cannot be NULL sicne it is called only from this file and
with a valid pointer to the received command.
Signed-off-by: Jouni Malinen <j@w1.fi>
'num * 5 > end - pos' handles bounds checking a bit more efficiently,
but apparently that is not clear enough for all static analyzers.
Replace with 'num > left / 5' to avoid false reports. (CID 68117)
Signed-off-by: Jouni Malinen <j@w1.fi>
This reduced number of unnecessarily duplicated driver interface
callback functions for sending Action frames by using the more generic
send_action() instead of FT specific send_ft_action().
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends the previously used WFD_SUBELEM_SET/GET <subelem id> design
to allow special "all" value to be used as an id to indicate that all
WFD subelements are to be set/get. This uses similar interface as was
previously added over D-Bus.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There is no point in flooding the log with WARNING or ERROR level
messages if WMM-AC related Action frames are ignored in cases where they
were not expected. In addition, WARNING/ERROR should not really be used
in cases an invalid frame is dropped especially if this is not related
to a security setup since external devices could otherwise generate log
entries.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous version was somewhat too complex for some static analyzers.
Use local variables for the extracted length fields and explicitly
compare these against the remaining buffer length. (CID 68121)
Signed-off-by: Jouni Malinen <j@w1.fi>
Derive rRK and rIK on EAP peer if ERP is enabled. The new wpa_supplicant
network configuration parameter erp=1 can now be used to configure the
EAP peer to derive EMSK, rRK, and rIK at the successful completion of an
EAP authentication method. This functionality is not included in the
default build and can be enabled with CONFIG_ERP=y.
If EAP authenticator indicates support for re-authentication protocol,
initiate this with EAP-Initiate/Re-auth and complete protocol when
receiving EAP-Finish/Re-auth.
Signed-off-by: Jouni Malinen <j@w1.fi>
This change creates 'LIST_NETWORK LAST_ID=x' form to allow
retrieval of all networks saved in the system. Without this form,
only first few (whatever fills in first 4096 bytes) can be
retrieved.
Signed-off-by: Vinit Deshpande <vinitd@google.com>
wpa_bss_in_use() used to determine that a BSS with BSSID of
00:00:00:00:00:00 is in use in almost every case since either
wpa_s->bssid or wpa_s->pending_bssid was likely to be cleared. This
could result in a corner case of a BSS entry remaining in the BSS table
indefinitely if one was added there with a (likely bogus) address of
00:00:00:00:00:00. Fix this by ignore wpa_s->bssid and
wpa_s->pending_bssid if the BSSID in the BSS table entry is
00:00:00:00:00:00.
In theory, that address is a valid BSSID, but it is unlikely to be used
in any production AP, so the potential expiration of a BSS entry with
that address during a connection attempt would not be a concern
(especially when a new scan would be enough to recover from that).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Externally triggered scan could result in a new radio work item getting
started even when external radio work was in progress. Delay such start
until the external work is completed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the current network profile to be deleted when
merging duplicated WPS credentials. However, this did not clear
wpa_s->current_ssid and it was possible for something else to end up
dereferencing that pointer to now freed memory. This could be hit, e.g.,
with ap_wps_mixed_cred. Fix this by clearing current_ssid also in this
code path similarly to other cases of network block getting removed.
Signed-off-by: Jouni Malinen <j@w1.fi>
The mesh group addition was designed to use wpa_s->connect_without_scan
to skip a scan. That path was skipped if wpa_supplicant_fast_associate()
allowed previous scan results to be used. This could result in undesired
double-initialization attempt for the mesh interface. Avoid this by not
using wpa_supplicant_fast_associate() when wpa_s->connect_without_scan
is set.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible that these location ended up getting called before mesh
startup operations had been completed and that could result in
dereferencing NULL pointers. Address those error cases by verifying that
the needed parameters are available before using them.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for auth/assoc timeout/failure event from the driver to
result in unexpected processing during mesh group setup if that
operation was started before the previously started driver operation to
association/connect had completed. Since those events cannot happen in
mesh cases, ignore them to avoid issues due to this corner case.
For example, monitor_iface_unknown_sta followed by wpas_mesh_secure test
case resulted in failure without this change.
Signed-off-by: Jouni Malinen <j@w1.fi>
An earlier check of the action_field value above the switch statement
already took care of all other possible cases, but that was apparently
too difficult for the compiler to notice. Bring back the default case to
avoid incorrect warnings about the event variable being maybe
uninitialized.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new wpa_supplicant control interface command can be used in
automated testing to verify how AP processes Data frames with arbitrary
contents. This is enabled only in builds with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need for this state to maintained when the wpa_supplicant
FLUSH ctrl_iface command is used to request flushing of all state.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for wmm_ac_deinit() not getting called when an interface
was removed in a sequence where disassociation was not reported and
wmm_ac_notify_disassoc() did not get called. This resulted in leaking
whatever memory was allocated for WMM AC parameters. Fix that by calling
wmm_ac_notify_disassoc() from wpa_supplicant_cleanup().
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to fix some sequencies where a real scan in ap_scan=2
case would be issued even when the connection case would expect direct
connection without a scan.
This fixed an issue shown in hwsim test case autoscan_exponential
followed by ibss_open_fixed_bssid.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to allow proper Action frame transmission to work without
having to claim these to be offchannel operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
On Android, the control socket being used may be the socket that is
created when wpa_supplicant is started as a /init.*.rc service. Such a
socket is maintained as a key-value pair in Android's environment.
Closing this control socket would leave wpa_supplicant in a bad state.
When wpa_supplicant re-opens the ctrl_iface socket, it will query the
Android's environment, and will be returned with the same socket
descriptor that has already been closed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit inserts Finite Cyclic Group to Anti-Clogging Token request
frame because IEEE Std 802.11-2012, Table 8-29 says "Finite Cyclic Group
is present if Status is zero or 76".
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The country code from the current AP needs to be used in
ieee80211_chan_to_freq() to support cases where non-global operating
class table is used.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous version was valid, but apparently too complex for some
static analyzers. Use a local variable for uri_len and explicitly
compare it against the remaining buffer length. (CID 68121)
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous version was fine, but too much for some static analyzers to
understand as proper bounds checking. (CID 68122)
Signed-off-by: Jouni Malinen <j@w1.fi>
The upper bound for the element length was already verified, but that
was not apparently noticed by a static analyzer (CID 68128).
Signed-off-by: Jouni Malinen <j@w1.fi>
Send link measurement response when a request is received. Advertise
only RCPI, computing it from the RSSI of the request. The TX power field
is left to be filled by the driver. All other fields are not published.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Allow supplying an SSID for the SSID IE. If not supplied, no SSID IE is
sent, and the request implies the current SSID.
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
Add NEIGHBOR_REP_REQUEST command to the wpa_supplicant ctrl_iface.
This command triggers the sending of a Neighbor Report Request to the
associated AP.
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
Add the ability to send a Neighbor Report Request (part of
RRM). Requester is then notified once the report arrives.
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
In case the AP we are associating with advertises support for RRM,
advertise our own RRM support in the (Re)Association Request frame. This
is done by adding an RRM Capabilities IE. The underlying driver is
expected to further add a Power Capabilities IE to the request, and set
the Radio Measurement flag in the Capability Info field. At this point
the RRM Capabilities IE advertises no measurement support.
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
If the last scans are recent (for now, less than ten seconds old), use
them instead of triggering a new scan when a BSS Transition Management
Request frame is received. As a fallback, allow a new scan to be
triggered if no matches were found.
Signed-off-by: Jouni Malinen <j@w1.fi>
When the list of preferred transition candidates is received, use the
identified channels to optimize the following scan so that no time is
wasted on other channels.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previously cached candidate list needs to be free properly through a
call to wnm_deallocate_memory() to ensure all subelements gets freed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows an AP to steer us to another BSS within the ESS even if that
results in reduced signal strength as long as the signal strength with
the target BSS is expected to provide some connectivity.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to use a separately allocated data structures for this.
A bitfield indicating which information is present and variables within
struct neighbor_report are simpler to use and more efficient.
Signed-off-by: Jouni Malinen <j@w1.fi>
Switch the stop and sending DelTS to avoid sending data packets
for the session after the DelTS, which is otherwise possible.
This also helps the mac80211 implementation as it requires stopping the
traffic flow before sending the DelTS as it may modify the AC parameters
for the affected queue, and that may in turn affect management frames.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>