Commit graph

3320 commits

Author SHA1 Message Date
Daisuke Niwa
fa9f381f20 P2P: Allow a specific channel to be specified in P2P_FIND
The optional freq=<MHz> can now be used with the P2P_FIND command to
specify a single channel to scan during the first round of P2P search.
For example, this can be used to replace the full initial scan with a
single channel scan of a known operation channel.

Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
2015-02-28 21:52:56 +02:00
Daichi Ueura
eb78a8d5e3 P2P: Restore P2P_SCAN_SPECIFIC
This reverts commit 3df2f4fe99 ('P2P:
Remove unused P2P_SCAN_SPECIFIC') with a modification to fit the current
code base.

Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
2015-02-28 21:41:38 +02:00
Janusz Dziedzic
c3dabf5a00 Fix merge issue with IBSS VHT support
Commit 563ee1832b ('IBSS: Add support for
VHT80 configuration') got merged in incorrectly with one i/j swap
missed.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-02-28 16:48:22 +02:00
Jouni Malinen
8b2b718da9 Fix minor issue in HT40 max rate determination
Commit a1b790eb9d ('Select AP based on
estimated maximum throughput') had a copy-paste bug than ended up
leaving one of the max_ht40_rate() cases unreachable. (CID 106087)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 16:40:58 +02:00
Jouni Malinen
0d2030ee20 Use estimated throughput to improve roaming selection
Previously, within-ESS roaming was skipped if the selected BSS did not
have a higher signal strength than the current BSS regardless of AP
capabilities. This could result in not moving to a BSS that would
provide higher throughput, e.g., due to larger channel bandwidth or
higher rates (HT/VHT MCS).

Use estimated throughput information from scan result processing to
allow within-ESS roaming if the selected BSS is likely to provide better
throughput even if the current BSS has larger RSSI.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 11:45:45 +02:00
Jouni Malinen
1d747e2a98 Add snr and est_throughput to the BSS entries
These values were previously used only for sorting the scan results, but
it may be useful to provide access to the used values through the BSS
entries.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 11:09:54 +02:00
Jouni Malinen
a1b790eb9d Select AP based on estimated maximum throughput
This modifies the BSS selection routines to calculate SNR and estimated
throughput for each scan result and then use the estimated throughput as
a criteria for sorting the results. This extends the earlier design by
taking into account higher throughput rates if both the AP and local
device supports HT20, HT40, or VHT80. In addition, the maximum rate is
restricted based on SNR.

In practice, this gives significantly higher probability of selecting
HT/VHT APs when there are multiple BSSes in the same ESS and SNR is not
low enough to prevent higher MCS use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 11:09:54 +02:00
Jouni Malinen
ab647ffea7 Add wpa_supplicant Makefile target libwpa_ctrl.a
"make -C wpa_supplicant libwpa_ctrl.a" can now be used to build a static
library that can be linked with external programs using wpa_ctrl.h. This
makes it easier to create a separate library package that does not
depend in any other hostap.git file other than src/common/wpa_ctrl.h and
the libwpa_ctrl.a built with this new make target.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-21 17:48:10 +02:00
Matthieu Mauger
71d77adb6d Update current BSS level when signal change event occurs
When an EVENT_SIGNAL_CHANGE occurs the bgscan is informed about this
change but the new RSSI value is not stored. In consequence, when
roaming candidates are evaluated, the RSSI value of the current BSS used
to compare is an old one obtained during the last scan rather than the
new one given by the signal change event. This leads sometimes to bad
decision when selecting a new BSS for roaming.

This patch solves the issue by updating the current BSS level when
receiving a signal change event in order to have a very up-to-date
current signal value when choosing an new BSS.

Signed-off-by: Matthieu Mauger <matthieux.mauger@intel.com>
2015-02-21 16:07:53 +02:00
Ilan Peer
f1609f119a wpa_supplicant: Cancel sched_scan when stopping countermeasures
When stopping the TKIP countermeasures, it would be preferable to
connect immediately. However if scheduled scan is in progress,
a connection attempt will be done only when scan results are received,
so cancel the scheduled scan to allow immediate scan and connection
attempt.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-02-21 16:07:53 +02:00
Eliad Peller
0b8bcaa50f P2P: Allow configuring CTWindow when working as GO
Read p2p_go_ctwindow (0-127 TUs) from the config file, and pass it to
the driver on GO start.

Use p2p_go_ctwindow=0 (no CTWindow) by default.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-02-21 16:07:53 +02:00
ASHUTOSH NARAYAN
5ce6ac11ab Inteworking: Add support to update the ANQP Capability List into the BSS
In addition, add support for returning the capability list through
the BSS control interface command.

Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
2015-02-21 16:07:53 +02:00
ASHUTOSH NARAYAN
185ada4770 HS 2.0: Add support to update the HS20 Capability List into the BSS
In addition, add support for returning the capability list through the
BSS control interface command.

Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
2015-02-21 16:07:53 +02:00
Arkadiusz (Arkq) Bokowy
7fe7a3a51f wpa_gui: Debug enhancement
Instead of calling a dummy printf function use preprocessor to determine
if debugging mode is enabled. Also use native Qt debug function.

Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
2015-02-21 16:07:53 +02:00
Jouni Malinen
2b892d442a Add forgotten network profile parameters to config file writing
Number of network profile parameters were not written to the
configuration file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-21 16:07:53 +02:00
Janusz Dziedzic
563ee1832b IBSS: Add support for VHT80 configuration
Configure VHT80 based on driver capabilities.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-02-21 16:07:53 +02:00
Janusz Dziedzic
98479dc95e IBSS: Update operating frequency if joining an existing IBSS
If a matching IBSS is found in scan results, change requested frequency
to match and disable OBSS scan.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-02-21 16:07:53 +02:00
Janusz Dziedzic
4d9e6fba2a IBSS: Add fixed_freq network parameter
Add fixed_freq=<0/1> network block parameter and pass it to the driver
when starting or joining an IBSS. If this flag is set, IBSS should not
try to look for other IBSS networks to merge with on different channels.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-02-21 16:07:53 +02:00
Dmitry Shmidt
6f5e1b0bf6 Use priority list instead of global for PNO
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-02-21 16:07:52 +02:00
Rajiv Ranjan
f92446fb7d P2PS: Add P2PS interface info
This adds documentation on P2PS related interface commands and events.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-21 11:28:20 +02:00
Jouni Malinen
59b416c733 Add optional reassoc-to-same-BSS optimization
The new reassoc_same_bss_optim=1 configuration parameter can now be used
to request wpa_supplicant to bypass the unnecessary Authentication frame
exchange when reassociating back to the same BSS with which the device
is already associated. This functionality is disabled by default since
it may cause undesired interoperability issues with some APs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-19 16:35:39 +02:00
Jouni Malinen
c4da67deef Fix passive_scan config parameter writing
Commit c35e35ed81 ('Add passive_scan
configuration parameter') used incorrect parameter name when writing the
passive_scan parameter into a configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-19 16:22:47 +02:00
Ola Olsson
10263dc2a4 Add control interface commands for fetching wpa_config values
The new "DUMP" and "SET <variable>" control interface commands can be
used to fetch global wpa_supplicant configuration parameters.

Signed-off-by: Ola Olsson <ola.olsson@sonymobile.com>
2015-02-08 22:49:58 +02:00
Jouni Malinen
f91a512f1f Add INTERWORKING_ADD_NETWORK command
This can be used to provide more control to upper layers on network
blocks generated as part of Interworking network selection.
INTERWORKING_ADD_NETWORK behaves otherwise identically to
INTERWORKING_CONNECT, but it does not request a new connection after
having added the network block and it returns the network id of the
added network.

INTERWORKING_ADD_NETWORK followed by REASSOCIATE would behave more or
less identically to INTERWORKING_CONNECT, but this allows the created
network profile to be modified, if desired, and/or stored externally.
SELECT_NETWORK can also be used with the network id returned from
INTERWORKING_ADD_NETWORK to enforce that specific network profile to be
used for the next connection (though, it should be noted that this
behavior may not meet all Hotspot 2.0 requirements if there were other
enabled networks that could have higher priority).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 22:49:58 +02:00
Jouni Malinen
5b74e086e6 P2P: Document P2P_CONNECT-auto
Commit b31be3a0fd ('P2P: Add automatic GO
Negotiation vs. join-a-group selection') added this P2P_CONNECT 'auto'
parameter, but did not update any documentation on it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 13:35:50 +02:00
Jouni Malinen
99650cadc9 Add STOP_AP control interface command
This is mainly for testing purposes to allow beaconing to be stopped
without clearing AP state in hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 13:35:49 +02:00
Jouni Malinen
6b00512164 P2P: Add event messages for P2P_CONNECT-fallback-to-GO-Neg
This makes it easier for upper layer programs to follow progress of
P2P_CONNECT-auto operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 13:35:48 +02:00
Jouni Malinen
b0e669beeb P2P: Fix P2P_CONNECT-auto fallback to GO Neg with group interface
If a separate P2P group interface was used, P2P_CONNECT-auto fallback to
GO Negotiation could result in use of freed memory and segmentation
fault. This happened in cases where the peer GO was found in some old
scans, but not in the first scan triggered by the P2P_CONNECT-auto
command ("P2P: Peer was found running GO in older scan -> try to join
the group" shows up in the debug log). In addition, the GO would still
need to reply to PD Request to allow this code path to be triggered.

When five scans for the GO were completed in this sequence, the P2P
group interface was removed as part of falling back to GO Negotiation.
However, that ended up dereferencing the freed wpa_s instance at the end
of scan event processing. Fix this by reordering code a bit and breaking
out from EVENT_SCAN_RESULTS processing if the interface could have been
removed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 13:35:14 +02:00
Masashi Honma
bf51f4f82b mesh: Fix remaining BLOCKED state after SAE auth failure
When SAE authentication fails, wpa_supplicant retries four times. If all
the retries result in failure, SAE state machine enters BLOCKED state.
Once it enters this state, wpa_supplicant doesn't retry connection. This
commit allow connection retries even if the state machine entered
BLOCKED state.

There could be an opinion "Is this patch needed? User could know the SAE
state machine is in the BLOCKED mode by MESH-SAE-AUTH-BLOCKED event.
Then user can retry connection. By user action, SAE state machine can
change the state from BLOCKED to another.". Yes, this is a true at the
joining mesh STA. However, a STA that is already a member of existing
mesh BSS should not retry connection because if the joining mesh STA
used wrong password, all the existing STA should do something from UI to
retry connection.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-02-08 12:43:24 +02:00
Masashi Honma
79ddb2062e mesh: Add a monitor event on SAE authentication getting blocked
Send MESH-SAE-AUTH-BLOCKED event if SAE authentication is blocked. The
BLOCK state will finish when a new peer notification event is sent for
the same MAC address.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-02-07 22:33:23 +02:00
Masashi Honma
dd2cbafc89 mesh: Add a monitor event for SAE authentication failure
SAE authentication fails likely with wrong password. This commit adds a
notification of the failure to the upper application (UI) so that the
application can notify suspection of a wrong password to the user. The
control interface monitor even for this is "MESH-SAE-AUTH-FAILURE
addr=<peer>".

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-02-07 22:23:34 +02:00
Jouni Malinen
11e2ddbcd7 mesh: Remove duplicated no_auto_peer update
Commit 07cb45ccb2 ('mesh: Add no_auto_peer
config option') added a new struct wpa_ssid argument and added an
unnecessary parsing and setting of the value in
wpa_supplicant_ctrl_iface_update_network(). This is not needed since
wpa_config_set() takes care of parsing the parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-07 16:19:53 +02:00
Jouni Malinen
1e529832a8 D-Bus: Fix network block type change
It is possible for a network profile to change its type from P2P
persistent group to a normal network and back. The D-Bus interface uses
different types of objects for those, so the object needs to
re-registered in case of type change. This fixes issues in leaving
behind an incorrect type of object and leaking memory when freeing such
a network block that has had its disabled parameter changed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-07 16:19:08 +02:00
Vinit Deshpande
663ae2f417 Don't write to wpa_supplicant.conf directly
There is a chance that wpa_supplicant may get killed during
the time it is writing config file. If this happens, user
information like SSIDs and passwords can be lost forever.

This change works around that by writing config to a
temporary file and then renaming the file to the correct name.

Signed-off-by: Vinit Deshpande <vinitd@google.com>
2015-02-07 15:37:13 +02:00
Janusz Dziedzic
d9a9bc04b4 IBSS: Do not enable HT with WEP or TKIP
We should not enable HT if WEP or TKIP is configured.
Without the patch and WEP configuration we will get message:
Association request to the driver failed

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-02-06 21:43:35 +02:00
Jouni Malinen
abe96d0605 P2P: Clean up Listen channel optimization debug prints
Do not claim to change the Listen channel in a debug message when
previously configured channel prevents this. In addition, fix a typo in
another related debug print.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 16:13:35 +02:00
Krishna Vamsi
93eca6155b P2PS: Do not remove pending interface on p2p_stop_find
The pending interface created during provision discovery should
not be removed on stopping p2p_find. This pending interface has
to be used after completing GO negotiation. Earlier the pending
interface is created just before GO negotiation so there was no
problem.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
87d5ef5a41 P2PS: Add commands to control interface redir list
This is needed to allow P2PS related new control interface commands to
be redirected for proper context processing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
306aaf49f8 P2PS: Start WPS registrar upon GO formation
If P2PS config method is used for provisioning, upon forming a new GO,
start WPS registrar for the provisioned peer automatically.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
ab8ee776b9 P2PS: Provision Discovery fail event
This extends P2P-PROV-DISC-FAILURE with adv_id and deferred_session_resp
in P2PS cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
1300cc8e8f P2PS: PD Request processing and PD Response building
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
5fefce2747 P2PS: Callback to send P2PS provisioning events
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
9a58e521ac P2PS: Callback to create pending group after sending PD Response
This introduces a P2P module callback function that will be used to
create the pending P2PS group after sending PD Response and receiving
ACK status for it.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
895d94def9 P2PS: Callback to remove stale persistent groups
When the peer device is trying to form a new group despite having
old persistent group with same roles, remove the stale persistent
group.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
f309c18e50 P2PS: ASP provisioning commands to control interface
This adds new wpa_supplicant control interface commands
P2P_ASP_PROVISION and P2P_ASP_PROVISION_RESP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
6d9085145c P2PS: Process P2PS provisioning commands
This extends wpas_p2p_prov_disc() implementation to accept P2PS
parameters. None of the callers are yet using this functionality; the
following commit introduces a user.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
369678ad14 P2PS: Add P2PS attributes into PD Request if requested
This adds a data structure for storing P2PS PD information and code to
add the related attributes into PD Request. The actual operation to
trigger this behavior will be added in a separate commit.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
d4b43b5886 P2PS: Add support to send ASP-RESP events
Send P2P-SERV-ASP-RESP events upon receiving GAS responses with
ASP services.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:06 +02:00
Krishna Vamsi
6df08d0341 P2PS: Logic to parse GAS requests for ASP services
Add support to parse received GAS requests for ASP services and
prepare GAS responses accordingly.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:06 +02:00
Krishna Vamsi
5a4102ce0e P2PS: Add support to send ASP service requests
This extends the P2P_SERV_DISC_REQ control interface command with a new
"asp" service type. This takes service id, service string, and optional
service info as arguments.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:06 +02:00
Brian Gix
095b3c4069 P2PS: Add Application Service Info to device found events
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:06 +02:00
Krishna Vamsi
ae9d45f329 P2PS: Extend add/del services logic to support ASP
In addition, add a new P2P_SERVICE_REP command that can be used to
replace existing ASP advertisements.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:06 +02:00
Brian Gix
4f88fc0464 P2PS: WPS changes needed for P2PS default PIN
This provides additional WPS definitions and rules for negotiating use
of P2PS default PIN configuration method.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-02 16:55:45 +02:00
Brian Gix
5177509657 P2PS: Add option to specify seek strings into P2P_FIND
P2PS seek strings can now be specified in the P2P_FIND control interface
command with one or more optional "seek=<str>" parameters.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-02 16:55:43 +02:00
Jouni Malinen
66eaf8a2c2 Fix driver-offloaded offchannel TX done processing
It was possible for a Action frame sequence completion to stop an
ongoing offchannel remain-on-channel operation unexpectedly in cases
where TX operation was offloaded to the driver and such an operation
happened to occur during a previously started remain-on-channel (e.g.,
for P2P listen state).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-02 14:09:18 +02:00
Jouni Malinen
f2dc06e2bd P2P: Ignore remain-on-channel callback event if not waiting for one
It was possible for the previously requested remain-on-channel for P2P
listen state to get canceled before having received driver event
indicating start of that remain-on-channel operation. In such a case,
the event was able to trigger P2P module to start processing listen
timeout even though there was not supposed to be a following listen
operation anymore. Skip the driver event if we are not waiting for a new
listen state.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-02 14:09:18 +02:00
Mukesh Agrawal
f0d0a5d23b Improve BSS selection with default noise floor values
When noise floor measurements are not available, compute SNR
using default values for the noise floor. This helps steer us
towards 5 GHz BSSes in high signal strength environments.

In more detail...

Existing code prefers a 5 GHz BSS when the 5 GHz BSS's signal
strength is "close" to that of the 2.4 GHz BSS, or when both SNRs
are large. However, the mwifiex driver does not provide noise
floor measurements, so we can't compute SNRs.

Because mwifiex doesn't provide NF measurements, the "large SNR"
code wasn't effective. By using default values for the noise floor,
we can again compute SNRs, and decide that the SNR is high enough
that we shouldn't worry about the exact difference in SNR.

The default noise floor values (one for 2.4 GHz, and one for 5 GHz)
were chosen by measurement in a noisy environment, so they should be
conservative.

Note that while this patch is motivated by mwifiex, it affects
ath9k as well. Although ath9k provides noise floor measurements
in general, it will sometimes fail to provide a measurement for
one or more specific channels.

As a result of this patch, we'll always compare BSSes based on SNR
(either measured or estimated), rather than sometimes comparing
based on signal strength. ("Always" assumes that the
WPA_SCAN_LEVEL_DBM flag is set. It is for mwifiex and ath9k.)

While there:
- fix a whitespace issue (spaces -> tab)
- clean up existing comments
- update dump_scan_res to indicate whether the noise floor is
  measured, or default

Signed-hostap: mukesh agrawal <quiche@chromium.org>
2015-02-01 22:01:18 +02:00
Jouni Malinen
7f7bfba919 Add an option allow canned EAP-Success for wired IEEE 802.1X
For wired IEEE 802.1X authentication, phase1="allow_canned_success=1"
can now be used to configure a mode that allows EAP-Success (and
EAP-Failure) without going through authentication step. Some switches
use such sequence when forcing the port to be authorized/unauthorized or
as a fallback option if the authentication server is unreachable. By
default, wpa_supplicant discards such frames to protect against
potential attacks by rogue devices, but this option can be used to
disable that protection for cases where the server/authenticator does
not need to be authenticated.

When enabled, this mode allows EAP-Success/EAP-Failure as an immediate
response to EAPOL-Start (or even without EAPOL-Start) and EAP-Success is
also allowed immediately after EAP-Identity exchange (fallback case for
authenticator not being able to connect to authentication server).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-01 19:22:54 +02:00
Jouni Malinen
49fcc32e91 EAP-MSCHAPv2 peer: Add option to disable password retry query
wpa_supplicant used to request user to re-enter username/password if the
server indicated that EAP-MSCHAPv2 (e.g., in PEAP Phase 2)
authentication failed (E=691), but retry is allowed (R=1). This is a
reasonable default behavior, but there may be cases where it is more
convenient to close the authentication session immediately rather than
wait for user to do something.

Add a new "mschapv2_retry=0" option to the phase2 field to allow the
retry behavior to be disabled. This will make wpa_supplicant abort
authentication attempt on E=691 regardless of whether the server allows
retry.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-01 17:45:19 +02:00
Ben Greear
99805a0ea1 Interworking: Convert wpa_printf() to wpa_msg()
Also adds a few messages that helped me track down why things
were not working as expected.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2015-02-01 01:32:25 +02:00
Roger Zanoni
b42f539ed2 Add a variable to handle extra CFLAGS values
Some packages don't install its headers in the default directory
(e.g.: In Arch Linux libiberty and libn13 includes are installed)
in their own subdirectory under /usr/include) and the build fails
trying to find the headers.

This patch will allow passing extra CFLAGS values without discarding
the assignments made in the Makefile. The CFLAGS values in the Makefile
are ignored, if defined directly in the make command line.

Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
2015-02-01 00:26:17 +02:00
Jouni Malinen
e6dd8196e5 Work around Linux packet socket regression
Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596 ('bridge:
respect RFC2863 operational state') from 2012 introduced a regression
for using wpa_supplicant with EAPOL frames and a station interface in a
bridge. Since it does not look like this regression is going to get
fixed any time soon (it is already two years from that commit and over
1.5 from a discussion pointing out the regression), add a workaround in
wpa_supplicant to avoid this issue.

The wpa_supplicant workaround uses a secondary packet socket to capture
all frames (ETH_P_ALL) from the netdev that is in a bridge. This is
needed to avoid the kernel regression. However, this comes at the price
of more CPU load. Some of this is avoided with use of Linux socket
filter, but still, this is less efficient than a packet socket bound to
the specific EAPOL ethertype. The workaround gets disabled
automatically, if the main packet socket interface on the bridge
interface turns out to be working for RX (e.g., due to an old kernel
version being used or a new kernel version having a fix for the
regression). In addition, this workaround is only taken into use for the
special case of running wpa_supplicant with an interface in a bridge.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-31 17:21:58 +02:00
Bob Copeland
745d93695b mesh: Create new station entry on popen frames
Currently, there is a race in open mesh networks where mesh STA A
receives a beacon from B and sends a peering open frame to initiate
peering. STA B, having not yet received a beacon from A and thus
created the corresponding station entry, will ignore all such open
frames. If the beacon interval is sufficiently long then peering
will not succeed as a result.

In fact B can simply create the station entry when the popen is
received, as is done in Linux's in-kernel MPM, avoiding the issue.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
2015-01-28 13:09:31 +02:00
Bob Copeland
41bff862d9 mesh: Always free the station if peering failed
Previously, we would only free the station entry if a peering close
frame was received (freeing the station entry causes the kernel to
start sending peer candidate events again when suitable beacons are
received, triggering peering or authentication to restart).

The end result is the same in any case regardless of close reason:
if we leave holding state then peering has started again, so go
ahead and remove the station in all cases.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
2015-01-28 13:09:31 +02:00
Masashi Honma
871ff0b746 mesh: Sync plink state with kernel
The plink_state exists both wpa_supplicant and kernel. Synchronize them
with wpa_mesh_set_plink_state().

Signed-off-by: Kenzoh Nishikawa <Kenzoh.Nishikawa@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
ba4226130e Simplify eapol_sm_notify_pmkid_attempt()
Drop the unneeded 'attempt' argument. This was originally used for
indicating an aborted PMKID caching attempt, but a fix in 2006 removed
the only such user and since that time, only attempt == 1 has been used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-28 13:09:31 +02:00
Jouni Malinen
993a865407 Add eap_session_id to wpa_supplicant STATUS output
This makes the current EAP Session-Id available for external programs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
f19c907822 OpenSSL: Implement aes_wrap() and aes_unwrap()
This replaces the implementation in aes-wrap.c and aes-unwrap.c with
OpenSSL AES_wrap_key() and AES_unwrap_key() functions when building
hostapd or wpa_supplicant with OpenSSL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
983c6a606b OpenSSL: Replace internal HMAC-MD5 implementation
Use OpenSSL HMAC_* functions to implement HMAC-MD5 instead of depending
on the src/crypto/md5.c implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-28 13:09:31 +02:00
Jouni Malinen
3f56a2b746 Ignore pmf=1 default if driver does not support PMF
Connection with a PMF enabled AP will fail if we try to negotiate PMF
while the local driver does not support this. Since pmf=1 does not
require PMF for a successful connection, it can be ignored in such a
case to avoid connectivity issues with invalid configuration. This makes
it somewhat easier to allow upper layer programs to use pmf=1 default
regardless of driver capabilities.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 12:38:52 +02:00
Jouni Malinen
937403b581 Update copyright notices for the new year 2015
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:43:55 +02:00
Jouni Malinen
399e61353a Add Suite B AKMs to key_mgmt capability list
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:43:55 +02:00
Jouni Malinen
5e3b5197cc Add Suite B 192-bit AKM
WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into
use as the key management method.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:43:52 +02:00
Jouni Malinen
97ae35a848 Add HMAC-SHA384
For now, this is only implemented with OpenSSL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:26:51 +02:00
Jouni Malinen
98cd3d1c3b Preparations for variable length KCK and KEK
This modifies struct wpa_ptk to allow the length of KCK and KEK to be
stored. This is needed to allow longer keys to be used, e.g., with
Suite B 192-bit level.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:26:49 +02:00
Jouni Malinen
b5f045deee Show supported group_mgmt capabilities
This extends GET_CAPABILITY command to allow the supported group
management frame cipher suites to be listed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-24 19:37:42 +02:00
Ben Greear
893e152e64 Interworking: More debug messages
And convert some wpa_printf to wpa_msg.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2015-01-24 19:37:42 +02:00
Ben Greear
f45bae5b81 Interworking: Add logging to track nai_realm_find_eap failures
There are lots of reasons we can fail to match an EAP credential, so add
logging to help determine why it is happening in various cases.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2015-01-24 19:37:42 +02:00
Jouni Malinen
5a5aab7f40 Interworking: Remove unnecessary NULL check
nai_realm_find_eap() is called only in cases where the cred pointer is
not NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-24 19:37:42 +02:00
Adrian Nowicki
ad905e4a79 wpa_gui: Sort frequency and signal numerically in the scan results dialog
Signal strength was sorted lexically rather than numerically, which
put "-100 dBm" before "-50 dBm" if sorted in descending order.
This change fixes that. It also treats frequency in the same
manner, preparing it for the IEEE 802.11ah.

Signed-off-by: Adrian Nowicki <adinowicki@gmail.com>
2015-01-23 01:24:25 +02:00
Jouni Malinen
c35e35ed81 Add passive_scan configuration parameter
This new wpa_supplicant configuration parameter can be used to force
passive scanning to be used for most scanning cases at the cost of
increased latency and less reliably scans. This may be of use for both
testing purposes and somewhat increased privacy due to no Probe Request
frames with fixed MAC address being sent out.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-22 20:50:01 +02:00
ASHUTOSH NARAYAN
fb09ed3389 Interworking: Notify the ANQP parsing status
The ANQP verification/parsing is done only after the GAS_DONE indication
is sent over the control interface. This means that in case the ANQP
parsing fails there is no indication to the upper layers. Add an
ANQP-QUERY-DONE event that reports the status of the ANQP parsing.

Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
2015-01-20 02:26:21 +02:00
ASHUTOSH NARAYAN
d10b01d299 HS20: Provide appropriate permission to the OSU related files
The icon files and the osu-providers.txt that are generated may not have
proper permission for external programs to access. Set the access
permissions to the same as the permissions for osu_dir.

Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
2015-01-20 02:26:16 +02:00
Ilan Peer
dd09e424c2 Fix memory leak in wpa_supplicant global bgscan configuration
Global bgscan configuration parameter was not freed when config was
freed.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-20 02:10:05 +02:00
Eytan Lifshitz
30f459c098 wpa_cli: Fix NULL dereference on printf string argument
In wpa_cli_cmd_interface(), try_connection(), and main(), ctrl_ifname
may be NULL and could be dereferenced depending on the printf()
implementation.

Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
2015-01-20 02:08:58 +02:00
Ilan Peer
b72b2ad39e P2P: Stop p2p_listen/find on wpas_p2p_invite
Stop any ongoing P2P listen/find flow before starting invitation flow.
This was partially handled in p2p_invite() that called p2p_find(), but
this did not cleanly handle cases such as long_listen.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-20 01:57:59 +02:00
Ilan Peer
7e608d1def P2P: Use the correct wpa_s interface to handle P2P state flush
A control interface call to flush the current state used the
current wpa_s to clear the P2P state even though it might not
be the interface controlling the P2P state.

Fix it by using the correct interface to flush the P2P state.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-01-20 01:57:59 +02:00
Eyal Shapira
fd83335f29 AP: Enable HT Tx STBC for AP/GO if supported by driver
Publish support for Tx STBC in the HT capabilities of a GO and AP
controlled by wpa_supplicant in case the hardware supports it.

Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
2015-01-20 01:57:59 +02:00
Ben Rosenfeld
d90bfa97f4 Move external_scan_running to wpa_radio
external_scan_running should be common to all interfaces that share a
radio. This fixes a case where external_scan_running was set on a single
interface, but did not block scan on other interfaces.

Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
2015-01-20 01:57:59 +02:00
Ben
0c5f01fdf2 Clear reattach flag in fast associate flow
Clear the reattach flags, in case a connection request did not trigger a
scan. This needs to be done to avoid leaving the reattach flag set for
the next scan operation which may not have anything to do with the
specific request that could have been optimized using the single-channel
single-SSID scan.

Signed-off-by: Ben <ben.rosenfeld@intel.com>
2015-01-20 01:57:59 +02:00
David Spinadel
8ad8bc5c36 NFC: Redirect NFC commands on global control interface
Redirect NFC commands from global control interface to P2P device
interface.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2015-01-20 01:57:59 +02:00
David Spinadel
57ae1f5be9 P2P: Fix P2P invitation with NFC
Use interface's own NFC configuration instead of parent's one
to support a P2P device dedicated interface.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2015-01-20 00:51:36 +02:00
Matti Gottlieb
07565ab0f9 WNM: Fix the length of WNM_BSS_QUERY control interface command
The length should be 14 and not 10.
The current situation causes failure during parsing of the command.

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
2015-01-20 00:47:41 +02:00
Jouni Malinen
2d9c99e37b Retry scan-for-connect if driver trigger fails
This restores some of the pre-radio work behavior for scanning by
retrying scan trigger if the driver rejects it (most likely returning
EBUSY in case of nl80211-drivers). Retry is indicated in the
CTRL-EVENT-SCAN-FAILED event with "retry=1".

For manual scans (e.g., triggered through "SCAN" control interface
command), no additional retries are performed. In other words, if upper
layers want to retry, they can do so based on the CTRL-EVENT-SCAN-FAILED
event.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-19 20:25:20 +02:00
Jouni Malinen
911942ee64 Add a test framework for various wpa_supplicant failure cases
For CONFIG_TESTING_OPTIONS=y builds, add a new test parameter than can
be used to trigger various error cases within wpa_supplicant operations
to make it easier to test error path processing. "SET test_failure
<val>" is used to set which operation fails. For now, 0 = no failures
and 1 = scan trigger fails with EBUSY. More operations can be added in
the future to extend coverage.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-19 19:34:00 +02:00
Janusz Dziedzic
95ff306988 nl80211: Allow HT/VHT to be disabled for IBSS
Allow HT/VHT overrides to be used for IBSS.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-01-19 02:35:43 +02:00
Masashi Honma
5a2a6de6a5 mesh: Make inactivity timer configurable
Current mesh code uses ap_max_inactivity as inactivity timer. This patch
makes it configurable.

There is another mesh inactivity timer in mac80211. The timer works even
if user_mpm=1. So this patch sets the max value to the timer for
workaround.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-01-19 02:35:43 +02:00
Jouni Malinen
0efcad2c30 Print in debug log whether attached monitor is for global interface
It is easier to debug issues related to the wpa_supplicant control
interfaces being left behind in attached state when the debug log file
can be used to determine whether a specific monitor socket was a global
or per-interface one.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-18 16:23:43 +02:00
Jouni Malinen
8266e6c6b4 HS 2.0: Try to use same BSS entry for storing GAS results
Commit 17b8995cf5 ('Interworking: Try to
use same BSS entry for storing GAS results') added a mechanism to try to
pair GAS request and response to a single BSS entry to cover cases where
multiple BSS entries may exists for the same BSSID. However, that commit
did not cover the Hotspot 2.0 ANQP elements. Extend this mechanism to
all ANQP elements. This can help in cases where information in the
Hotspot 2.0 specific ANQP elements got lost if a hidden SSID or some
other reason of duplicated BSS entries was present while doing ANQP
fetches.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 17:47:32 +02:00
Jouni Malinen
6c69991382 Make wpa_supplicant FLUSH command more likely to clear all BSS entries
Move the wpa_bss_flush() call to the end of the function to allow any
pending user of a BSS entry to be cleared before removing the unused
entries. There were number of cases where BSS entries could have been
left in the list and this resulted in some hwsim test failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-17 15:39:48 +02:00