If P2P support is included in wpa_supplicant build (CONFIG_P2P=y), but
P2P functionality is explicitly disabled (e.g., "P2P_SET disabled 1"),
couple of AP management frame processing steps did not check against
hapd->p2p_group being NULL and could end up dereferencing a NULL pointer
if a Probe Request frame or (Re)Association Request frame was received
with a P2P IE in it. Fix this by skipping these steps if hapd->p2p_group
is NULL.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it somewhat easier for the station to be able to receive and
process the encrypted WNM-Notification frames that the AP previously
sentt immediately after receiving EAPOL-Key msg 4/4. While the station
is supposed to have the TK configured for receive before sending out
EAPOL-Key msg 4/4, not many actual implementations do that. As such,
there is a race condition in being able to configure the key at the
station and the AP sending out the first encrypted frame after EAPOL-Key
4/4. The extra 100 ms time here makes it more likely for the station to
have managed to configure the key in time.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
IEEE Std 802.11-2012 13.3.1 states that the AID should be generated on
the local node for each peer. Previously, we were using the peer link ID
(generated by the peer) which may not be unique among all peers. Correct
this by reusing the AP AID generation code.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Add new GO frequency move policy. The P2P_GO_FREQ_MOVE_SCM_ECSA prefers
SCM if all the clients advertise eCSA support and the candidate
frequency is one of the group common frequencies.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Previously, station's VHT information elements were copied and passed
regardless of the AP's VHT configuration. As a result, AP with VHT
disabled in configuration could have ended up transmitting packets in
VHT rates though AP is not advertising VHT support. Fix this by copying
the station's VHT capabilities only when AP supports VHT (both hardware
and configuration).
Signed-off-by: Ashok Raj Nagarajan <arnagara@qti.qualcomm.com>
This extends the previous tracking design to add a station entry based
on other management frames than Probe Request frames. For example, this
covers a case where the station is using passive scanning.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new no_auth_if_seen_on=<ifname> parameter can now be used to
configure hostapd to reject authentication from a station that was seen
on another radio.
This can be used with enabled track_sta_max_num configuration on another
interface controlled by the same hostapd process to reject
authentication attempts from a station that has been detected to be
capable of operating on another band, e.g., to try to reduce likelihood
of the station selecting a 2.4 GHz BSS when the AP operates both a 2.4
GHz and 5 GHz BSS concurrently.
Note: Enabling this can cause connectivity issues and increase latency for
connecting with the AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
The mesh SAE auth often fails with master branch. By bisect I found
commit eb5fee0bf5 ('SAE: Add side-channel
protection to PWE derivation with ECC') causes this issue. This does not
mean the commit has a bug. This is just a CPU resource issue.
After the commit, sae_derive_pwe_ecc() spends 101(msec) on my PC (Intel
Atom N270 1.6GHz). But dot11RSNASAERetransPeriod is 40(msec). So
auth_sae_retransmit_timer() is always called and it can causes
continuous frame exchanges. Before the commit, it was 23(msec).
On the IEEE 802.11 spec, the default value of dot11RSNASAERetransPeriod
is defined as 40(msec). But it looks short because generally mesh
functionality will be used on low spec devices. Indeed Raspberry Pi B+
(ARM ARM1176JZF-S 700MHz) requires 287(msec) for new
sae_derive_pwe_ecc().
So this patch makes the default to 1000(msec) and makes it configurable.
This issue does not occur on infrastructure SAE because the
dot11RSNASAERetransPeriod is not used on it.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The new CONFIG_NO_RC4=y build option can be used to remove all internal
hostapd and wpa_supplicant uses of RC4. It should be noted that external
uses (e.g., within a TLS library) do not get disabled when doing this.
This removes capability of supporting WPA/TKIP, dynamic WEP keys with
IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password
changes.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds the FST IEs received from the FST module into Beacon, Probe
Response, and (Re)Association Response frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This check explicitly for reflection attack and stops authentication
immediately if that is detected instead of continuing to the following
4-way handshake that would fail due to the attacker not knowing the key
from the SAE exchange.
Signed-off-by: Jouni Malinen <j@w1.fi>
In theory, the previous version could have resulted in reading one byte
beyond the end of the management frame RX buffer if the local driver
were to deliver a truncated Public Action frame for processing. In
practice, this did not seem to happen with mac80211-based drivers and
even if it were, the extra octet would be an uninitialized value in a
buffer rather than read beyond the end of the buffer.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, mesh state machine transmits updated Commit Message when
receiving a Confirm Message in Committed state. According to the
standard, it should (re)send the latest Commit Message previously sent.
IEEE Std 802.11-2012, 11.3.8.6.4 Protocol instance behavior - Committed
state:
"Upon receipt of a Con event, ... If Sync is not greater than
dot11RSNASAESync, the protocol instance shall increment Sync, transmit
the last Commit Message sent to the peer, and set the t0
(retransmission) timer."
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the element is of fixed length.
Signed-off-by: Jouni Malinen <j@w1.fi>
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the element is of fixed length.
Signed-off-by: Jouni Malinen <j@w1.fi>
The multi-SSID design that used a single beaconing BSSID with multiple
SSIDs was never completed in this repository, so there is no need to
maintain the per-STA ssid/ssid_probe pointers that could only point to
&hapd->conf->ssid. Save some memory and reduce code complexity by
removing this unused partial capability.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Currently, vlan_remove_dynamic() is only called when the station VLAN ID
is changed (ap_sta_bind_vlan), but not when the station is freed. So
dynamic VLAN interfaces are not removed actually except within 1x
reauthentification VLAN ID change, although most of the code is already
there.
This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta().
It cannot just use sta->vlan_id for this, as this might have been
changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth
fetches from RADIUS cache for WPA-PSK), thus reference counting might
not have been updated. Additionally, reference counting might get wrong
due to old_vlanid = 0 being passed unconditionally, thus increasing the
reference counter multiple times.
So tracking the currently assigned (i.e., dynamic_vlan counter
increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore,
the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and
setting the VLAN for the sta in driver happens unconditionally.
Additionally, vlan->dynamic_vlan is only incremented when it actually
is a dynamic VLAN.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
This allows vendor specific information element to be used to advertise
support for VHT on 2.4 GHz band. In practice, this is used to enable use
of 256 QAM rates (VHT-MCS 8 and 9) on 2.4 GHz band.
This functionality is disabled by default, but can be enabled with
vendor_vht=1 parameter in hostapd.conf if the driver advertises support
for VHT on either 2.4 or 5 GHz bands.
Signed-off-by: Yanbo Li <yanbol@qti.qualcomm.com>
Add the t0 retransmission timer as specified by IEEE Std 802.11-2012,
11.3.8.4. This makes SAE much more likely to succeed in the case of lost
frames.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
When performing SAE authentication in mesh, one station may
initiate authentication by sending a COMMIT as soon as a peer
candidate is discovered. Previously we did this in mesh_rsn.c,
but this left some of the state initialization in a different
part of the code from the rest of the state machine, and we may
need to add other initializations here in the future, so move
that to a more central function.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
There is a possible race condition between receiving the
NEW_PEER_CANDIDATE event and the Authentication frame from the peer.
Previously, if the Authentication frame RX event was indicated first,
that frame got dropped silently. Now, this frame is still dropped, but a
copy of it is stored and the frame gets processed on the following
NEW_PEER_CANDIDATE event if that is received for the same peer within
two seconds.
Signed-off-by: Jouni Malinen <j@w1.fi>
While other authentication algorithms mark Status Code as being Reserved
in the case of the transaction number 1, SAE does not. Check that the
Status Code indicates success before creating SAE state. In addition,
fix the mesh anti-clogging token request parsing on big endian CPUs.
Transaction number 2 (confirm) can also have non-zero Status Code to
report an error. Those should be processed, but not replied to with yet
another error message. This could happen in mesh case. Avoid a loop of
error messages by dropping the non-success case without additional
response.
In addition, don't reply to unknown transaction numbers if the status
code is non-zero. This avoids a loop of error messages if an invalid
frame where to be injected (or unlikely corruption were to occur).
Signed-off-by: Jouni Malinen <j@w1.fi>
The new hostapd.conf radio_measurements parameter can now be used to
configure a test build to advertise support for radio measurements with
neighbor report enabled. There is no real functionality that would
actually process the request, i.e., this only for the purpose of minimal
STA side testing for now.
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit inserts Finite Cyclic Group to Anti-Clogging Token request
frame because IEEE Std 802.11-2012, Table 8-29 says "Finite Cyclic Group
is present if Status is zero or 76".
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The mesh anti-clogging functionality is implemented partially. This
patch fixes to parse anti-clogging request frame and use anti-clogging
token.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This commit establishes the infrastructure, and handles the Neighbor
Solicitation and Neighbor Advertisement frames. This will be extended
in the future to handle other frames.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
This allows adding/deleting an IPv6 neighbor entry to/from the bridge,
to which the BSS belongs. This commit adds the needed functionality in
driver_nl80211.c for the Linux bridge implementation. In theory, this
could be shared with multiple Linux driver interfaces, but for now, only
the main nl80211 interface is supported.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
It is possible that a station device might miss an ACK for an
authentication, association, or action frame, and thus retransmit the
same frame although the frame is already being processed in the stack.
While the duplicated frame should really be dropped in the kernel or
firmware code where duplicate detection is implemented for data frames,
it is possible that pre-association cases are not fully addressed (which
is the case at least with mac80211 today) and the frame may be delivered
to upper layer stack.
In such a case, the local AP will process the retransmitted frame although
it has already handled the request, which might cause the station to get
confused and as a result disconnect from the AP, blacklist it, etc.
To avoid such a case, save the sequence control of the last processed
management frame and in case of retransmissions drop them.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add state transition logic to the SAE frame handling in order to more
fully implement the state machine from the IEEE 802.11 standard. Special
cases are needed for infrastructure BSS case to avoid unexpected
Authentication frame sequence by postponing transmission of the second
Authentication frame untile the STA sends its Confirm.
[original patch by: Thomas Pedersen <thomas@noack.us>]
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
This makes hostapd create PMKSA cache entries from SAE authentication
and allow PMKSA caching to be used with the SAE AKM.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.
Signed-off-by: Jouni Malinen <j@w1.fi>
sta == NULL check is already done above based on category !=
WLAN_ACTION_PUBLIC, but that seems to be too complex for some static
analyzers, so avoid invalid reports by explicitly checking for this
again in the WLAN_ACTION_FT case.
Signed-off-by: Jouni Malinen <j@w1.fi>
clang scan-build does not seem to like the 'd' suffix on floating
constants and ends up reporting analyzer failures. Since this suffix
does not seem to be needed, get rid of it to clear such warnings.
Signed-off-by: Jouni Malinen <j@w1.fi>
If a 2.4 GHz band AP receives a 20/40 Coexistence management frame from
a connected station with 20/40 BSS Intolerant Channel Report element
containing the channel list in which any legacy AP are detected or AP
with 40 MHz intolerant bit set in HT Cap IE is detected in the affected
range of the BSS, the BSS will be moved from 40 to 20 MHz channel width.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
previous_ap and last_assoc_req were not really used for anything
meaninful, so get rid of them to reduce the size of per-STA memory
allocation.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add configuration of Spectrum Management subfield in the Capability
Information of Beacon, Probe Response, and Association Response frames.
Spectrum Management bit is set when directly requested by new
configuration option spectrum_mgmt_required=1 or when AP is running on
DFS channels. In the future, also TPC shall require this bit to be set.
Signed-hostap: Srinivasan <srinivasanb@posedge.com>
Signed-hostap: Chaitanya T K <chaitanyatk@posedge.com>
Signed-hostap: Marek Puzyniak <marek.puzyniak@tieto.com>
Confirm-before-commit validation step allowed execution to continue on
error case. This could result in segfault in sae_check_confirm() if the
temporary SAE data was not available (as it would not be, e.g., in case
of an extra SAE confirm message being received after successful
exchange). Fix this by stopping SAE processing immediately after
detecting unexpected state for confirm message. In addition, make the
public sae.c functions verify sae->tmp before dereferencing it to make
this type of bugs less likely to result in critical issues.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Add support for this
different category of Action frames being used for GAS. The payload
after the Category field is identical, so the only change is in using
the Category field based on what was received in the request frames. For
backwards compatibility, do not enforce protected dual to be used on the
AP side, i.e., follow what the station does.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Due to misplaced parenthesis, unprotected not-Robust Action frames
(e.g., Public Action frames) were dropped in handle_assoc() when such
frames were received during an association that had negotiated use of
PMF. This is not correct since only unprotected Robust Action frames
were supposed to be handled in this way.
This would have broken any Public Action frame use during PMF
association, but such frames were not really supposed to be used
currently (ANQP as the only possible use case should really use
protected dual option in such case).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This driver event was used separately for some Action frames, but all
the driver wrappers converted to this from information that would have
been enough to indicate an EVENT_RX_MGMT event. In addition, the
received event was then converted back to a full IEEE 802.11 management
frame for processing in most cases. This is unnecessary complexity, so
get rid of the extra path and use EVENT_RX_MGMT for Action frames as
well as other management frame subtypes.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 88b32a99d3 added support for using
some Action frame processing in hostapd for drivers that handle most of
SME/MLME internally (it added FT, this has since be extended for SA
Query and WNM). However, this was added in a way that ended up getting
both the hostapd_rx_action() and hostapd_action_rx() called for Action
frames. This could result in an attempt to process FT, SA Query, and WNM
Action frames twice.
There is need for more significant cleanup in Action frame processing in
hostapd depending on the driver type, but as a simple step to avoid
issues, skip the hostapd_action_rx() call if hostapd_rx_action()
processed the frame.
Signed-hostap: Jouni Malinen <j@w1.fi>
It was already possible to configure hostapd and wpa_supplicant to use
FT-SAE for the key management, but number of places were missing proper
AKM checks to allow FT to be used with the new AKM.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is not really needed for anything and the standard does not require
such validation step to be made for Authentication frame transmission.
Signed-hostap: Jouni Malinen <j@w1.fi>
This can be useful for displaying the current STA state and also for
determining whether some operations are likely to fail or need
additional delay.
Signed-hostap: Jouni Malinen <j@w1.fi>
This enables more convenient protocol testing of station side
functionality in various error cases and unexpected sequences without
having to implement each test scenario within hostapd.
ext_mgmt_frame_handle parameter can be set to 1 to move all management
frame processing into an external program through control interface
events (MGMT-RX and MGMT-TX-STATUS) and command (MGMT_TX).
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows use of structs (and not only pointers) defined in drivers.h.
Remove also some not needed forward declarations and redundant includes.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Just the usual, with a new function os_reltime_initialized()
thrown in that checks whether time has ever been retrieved
(time can't be completely zero).
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
This allows QoS Map Set element to be added to (Re)Association Response
frames and in QoS Map Configure frame. The QoS Mapping parameters are
also made available for the driver interface.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This can be used to implement per-device PSK selection based on the
peer's P2P Device Address instead of P2P Interface Address.
Signed-hostap: Jouni Malinen <j@w1.fi>
The static WEP keys have to be configured for the new VLAN
interface that is created for a 4addr WDS peer, not doing so
breaks WEP functionality in nl80211/4addr based WDS links.
Signed-hostap: Sujith Manoharan <c_manoha@qca.qualcomm.com>
Currently, hostapd_get_vlan_id_ifname() is used to determine if a given
vlan is valid *and* to actually determine the interface. This leads to
wpa_set_keys() sometimes setting the key on the wildcard interface name,
which does not make sense.
This patch therefore adds hostapd_vlan_id_valid() and makes
hostapd_get_vlan_id_ifname() not return a wildcard interface.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
In order to test clients in scenarios where APs may (randomly)
drop certain management frames, introduce some testing options
into the hostapd configuration that can make it ignore certain
frames. For now, these are probe requests, authentication and
(re)association frames.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Commit 2d9ffe1e85 broke GAS server
callback for receiving Public Action frames. The incorrect context
pointer was used in the public_action_cb2 case. Fix this to use the
correct context pointer.
Signed-hostap: Jouni Malinen <j@w1.fi>
GAS server used the same public_action_cb mechanism as P2P to process
Action frames. This ended up overriding P2P processing of Action frames
while running an AP/GO interface with a build that enables Interworking
(e.g., for Hotspot 2.0) and a driver that uses hostapd for AP mode
SME/MLME. Fix this by adding a separate callback registration for the
GAS server. This should really be cleaned up by supporting arbitrary
number of callback handlers, but for now, this addresses the regression
with a minimal change.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Most of the variables are not needed anymore once the SAE instance
has entered Accepted state. Free these to save memory.
Signed-hostap: Jouni Malinen <j@w1.fi>
hostapd.conf sae_groups parameter can now be used to limit the set of
groups that the AP allows for SAE. Similarly, sae_groups parameter is
wpa_supplicant.conf can be used to set the preferred order of groups. By
default, all implemented groups are enabled.
Signed-hostap: Jouni Malinen <j@w1.fi>
hostapd can now be configured to use anti-clogging mechanism based on
the new sae_anti_clogging_threshold parameter (which is
dot11RSNASAEAntiCloggingThreshold in the standard). The token is
generated using a temporary key and the peer station's MAC address.
wpa_supplicant will re-try SAE authentication with the token included if
commit message is rejected with a token request.
Signed-hostap: Jouni Malinen <j@w1.fi>
The enum values for struct sae_data::state now match the protocol
instance states as defined in IEEE Std 802.11-2012, 11.3.8.2.2
Signed-hostap: Jouni Malinen <j@w1.fi>
This adds support for multiple PSKs per station when using a RADIUS
authentication server to fetch the PSKs during MAC address
authentication step. This can be useful if multiple users share a
device but each user has his or her own private passphrase.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
This allows the AP to figure out whether a station is a HS 2.0 STA
during the association and access any information that the STA may have
included in this element.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This replaces the previously used bogus test data in SAE messages with
the first real field. The actual SAE authentication mechanism is still
missing and the Scaler, Element, and Confirm fields are not included.
Signed-hostap: Jouni Malinen <j@w1.fi>
This introduces new AKM for SAE and FT-SAE and adds the initial parts
for going through the SAE Authentication frame exchange. The actual SAE
algorithm and new fields in Authentication frames are not yet included
in this commit and will be added separately. This version is able to
complete a dummy authentication with the correct authentication
algorithm and transaction values to allow cfg80211/mac80211 drivers to
be tested (all the missing parts can be handled with
hostapd/wpa_supplicant changes).
Signed-hostap: Jouni Malinen <j@w1.fi>
As long as WLAN_STA_ASSOC_REQ_OK is set in sta->flags, Class 3 frames do
not trigger a disassoc/deauth. If it is still set even after the assoc
response tx has already failed, it may take somewhat longer for clients
to realize that the connection wasn't fully established.
Signed-hostap: Felix Fietkau <nbd@openwrt.org>
The commit b5fd8b1833
"VHT: Do not allow use of TKIP with VHT" introduced
an off-by-one regression: a WPA/RSN 11n AP would no
longer accept stations to connect, instead it would
produce a bogus error message:
... Station tried to use TKIP with HT association.
Signed-hostapd: Christian Lamparter <chunkeey@googlemail.com>
If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period
information to the (Re)Association Response frame from the AP and parse
this information on the station. For SME-in-wpa_supplicant case, add a
timer to handle periodic transmission of the keep-alive frame. The
actual request for the driver to transmit a frame is not yet
implemented.
Signed-hostap: Jouni Malinen <j@w1.fi>
The signal strength is currently never used as the only driver reporting
it is nl80211 which uses IEEE80211_RADIOTAP_DB_ANTSIGNAL which is never
populated by the kernel. The kernel will (soon) populate
IEEE80211_RADIOTAP_DBM_ANTSIGNAL instead though, so use that.
Also, since it was never really populated, we can redefine the signal
field to be in dBm units only.
My next patch will also require knowing the signal strength of probe
requests throughout the code (where available), so add it to the
necessary APIs.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Commit d9a38716cc did this for
hostapd_eapol_tx_status() but missed the older hostapd_tx_status()
path. Address that case, too.
The TX status event may be received after a station has been
disassociated in cases where the disassociation is following a
transmission of a Data frame. Ignore such events if the STA is not
associated at the moment the event is being processed. This avoids
confusing debug entries and rescheduling of the EAPOL TX timeouts for
STAs that are still in the STA table, but are not really in active EAPOL
session.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
The TX status event may be received after a stations has been
disassociated in cases where the disassociation is following a
transmission of a Data frame. Ignore such events if the STA is not
associated at the moment the event is being processed. This avoids
confusing debug entries and rescheduling of the EAPOL TX timeouts for
STAs that are still in the STA table, but are not really in active EAPOL
session.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
Return 1/0 instead 0/-1 to indicate valid/invalid element so that
the if statement makes more sense with !wmm_valid().
Signed-hostap: Jouni Malinen <j@w1.fi>
This updates a previous patch did more or less the same thing by
providing the qosinfo as a single variable to the driver wrappers.
Signed-hostap: Jason Young <jason.young@dspg.com>
Add uapsd_queues and max_sp fields to sta_info struct,
and pass them to the sta_add callback.
These values are determined by the WMM IE in the (Re)Association Request.
Signed-off-by: Eliad Peller <eliad@wizery.com>
This allows per-device PSK to be configured for WPA-Personal using a
RADIUS authentication server. This uses RADIUS-based MAC address ACL
(macaddr_acl=2), i.e., Access-Request uses the MAC address of the
station as the User-Name and User-Password. The WPA passphrase is
returned in Tunnel-Password attribute in Access-Accept. This
functionality can be enabled with the new hostapd.conf parameter,
wpa_psk_radius.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
P2P invitation responses are transmitted with the BSSID set to the peer
address. Pass these action frames up to allow the GO to receive the
Invitation Response (and avoid sending the Invitation Request multiple
times).
Signed-off-by: Arik Nemtsov <arik@wizery.com>
This cleans up the source code and makes it less likely that new AKM
addition misses some needed changes in the future.
Signed-hostap: Jouni Malinen <j@w1.fi>
If the station is indicating use of WPS, WSC IE should be added into the
(Re)Association Response frame. This is clear for the case when WSC IE
was included in the (Re)Association Request frame. However, even the
WLAN_STA_MAYBE_WPS case may actually indicate use of WPS. Assume that to
be the case when WPA/WPA2 is enabled (i.e., when the STA does not
include WPA/RSN/WSC IE while AP has WPA/RSN enabled).
Signed-hostap: Jouni Malinen <j@w1.fi>
In some situations it might be benefical to send a unicast frame without
the need for getting it ACKed (probe responses for example). In order to
achieve this add a new noack parameter to the drivers send_mlme callback
that can be used to advise the driver to not wait for an ACK for this
frame.
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
The new event can be used when EAPOL TX status can't be reported as a
complete 802.11 frame but is instead reported as just the EAPOL data as
originally passed to hapd_send_eapol().
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Instead of trying to remember to add wpa_msg() calls for every possible
path where a STA becomes authorized or unauthorized, use
ap_sta_set_authorized() to send these events more consistently.
Signed-hostap: Jouni Malinen <j@w1.fi>
wpa_msg() has to use hapd->msg_ctx instead of hapd as the context
pointer to work properly in wpa_supplicant AP mode.
Signed-hostap: Jouni Malinen <j@w1.fi>
This offloads the station polling to driver wrappers, which may offload
it again to the driver. The hostap driver wrapper uses "real" data
frames while nl80211 uses null data frames.
Also add a specific event to indicate that a poll was successful for
future use with the nl80211 driver.
This is the first step in allowing SA Query mechanism in hostapd to be
used with drivers that implement authentication and association MLME/SME
(i.e., do not use ieee802_11.c).
Data path for stations that get successfully associated to the
hostapd but fail to get added in the driver/firmware, will not
work. In such cases, hostapd should deauth and disconnect such
stations. In such scenario, hostapd should disconnect the STAs.
Sample output with following patch
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: authenticated
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: associated (aid 1)
wlan0: AP-STA-CONNECTED 0c:74:c2:9a:4c:59
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: Could not add STA to kernel driver
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: deauthenticated due to local deauth request
Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. The STA
entry (and PTK) will be removed from the kernel only after the
Deauth/Disassoc has been transmitted (e.g., when the STA wakes up).
A hardcoded two second timeout is used to limit the length of this
window should the driver fail to deliver the frame (e.g., the STA
is out of range and does not wake up). The kernel STA entry is
marked unauthorized during the wait to avoid accepting Data
frames from the STA that we have decided to disconnect.
This behavior is available only with drivers that provide TX status
events for Deauth/Disassoc frames (nl80211 at this point). Other
drivers continue to use the previous behavior where the STA entry
is removed immediately.
Extend the code that waits for the station to send EAPOL-Start before
initiating EAPOL authenticator operations to cover the case where the
station includes WPS IE in (Re)Association Request frame if that IE
does not include support for WPS 2.0. While this should not really
be needed, this may help with some deployed WPS 1.0 stations that do
not support EAPOL operations correctly and may get confused of the
EAP-Request/Identity packets that would show up twice if EAPOL-Start
is transmitted.
When adding a new station, set the STA flags as part of the sta_add()
command. This ensures the flags are up to date when the station is added
by lower level drivers.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
It may take some time for the TX status to be delivered for a
(Re)Association Response frame and if any Data frames are received
during that time, they may end up getting dropped as Class 3 frames in
not-associated state. This results in a Disassociation frame being sent
to the station and it assuming that the association has been lost.
Work around the issue by remembering that the (Re)Association Request
has already been accepted and skip the Deauth/Disassoc sending because
of the possible Class 3 frames before the TX status callback is
received.
Add MAC addresses for stations and use wpa_msg instead of printf
methods to make it easier to grep logs and find messages for the
station in question.
Signed-off-by: Ben Greear <greearb@candelatech.com>
In multi BSS setups it wasn't possible to set up an HT BSS in
conjunction with a WEP/TKIP BSS. HT needed to be turned off entirely
to allow WEP/TKIP BSSes to be used.
In order to allow HT BSSes to coexist with non-HT WEP/TKIP BSSes add a
new BSS conf attribute "disable_11n" which disables HT capabilities on a
single BSS by suppressing HT IEs in the beacon and probe response
frames. Furthermore, mark all STAs associated to a WEP/TKIP BSS as
non-HT STAs. The disable_11n parameter is used internally; no new entry
is parsed from hostapd.conf.
This allows a non-HT WEP/TKIP BSS to coexist with a HT BSS without
having to disable HT mode entirely. Nevertheless, all STAs associated to
the WEP/TKIP BSS will only be served as if they were non-HT STAs.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
To enable making state change notifications on the WLAN_STA_AUTHORIZED
flag, introduce ap_sta_set_authorized(), and to reduce use of the flag
itself also add a wrapper for testing the flag: ap_sta_is_authorized().
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
tdls_prohibit=1 and tdls_prohibit_chan_switch=1 and now be used to
disable use of TDLS or TDLS channel switching in the BSS using
extended cabilities IE as defined in IEEE 802.11z.
Make sure that received management frames are long enough before
processing them. This avoids a potential segmentation fault if a
driver delivers an invalid frame all the way to hostapd.
The frame needs to be sent from an individual (non-group) address,
so drop invalid frames before sending Deauth/Disassoc frames to
not associated STAs.
This is not needed anymore and just makes things more difficult
to understand, so move the remaining function pointers to direct
function calls and get rid of the struct hostapd_driver_ops.
Commit bf65bc638f started the path to
add this new abstraction for driver operations in AP mode to allow
wpa_supplicant to control AP mode operations. At that point, the
extra abstraction was needed, but it is not needed anymore since
hostapd and wpa_supplicant share the same struct wpa_driver_ops.
Start removing the unneeded abstraction by converting
send_mgmt_frame() to an inline function, hostapd_drv_send_mlme().
This is similar to the design that is used in wpa_supplicant and
that was used in hostapd in the past (hostapd_send_mgmt_frame()
inline function).
The P2P group component is now tracking of associated stations
in the group and the Group Limit bit in the Group Capabilities
is updated based on whether there is room for new clients in
the group.
This can happen, e.g., when a P2P client connects to a P2P group
using the infrastructure WLAN interface instead of P2P group
interface. In that case, the P2P client may behave as if the GO
would be a P2P Manager WLAN AP.
If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and
reject the frames if any of the mandatory attributes is missing or if an
included attribute uses an invalid value. In addition, verify that all
mandatory attributes are included and have valid values in the WSC
messages.
Some frequent debug prints are of limited use and make debug output
difficult to read. Make them use a new debug level so that -dd
provides more readable output (-ddd can now be used to enable
the excessive debug prints).
If the associating station indicates that it is intents to use WPS
by including WPS IE in (Re)Association Request frame, include WPS IE
in (Re)Association Response frame.
Vendor-specific IEs are supposed to be in the end of the frame, so move
WMM into the end of Beacon, Probe Response, and (Re)Association Response
frames. In addition, move HT IEs to be later in (Re)Association
Response to match the correct order.
hostapd_eid_wpa() adds multiple IEs and the end result may not always be
correct. If WPA is enabled, WPA IE (vendor-specific) gets added in the
middle of the frame and not in the end. This would require a larger
change to spliut the IEs from WPA module into separate locations when
constructing Beacon and Probe Response frames. This is not yet addressed.
The WPS IE was overriding the WPA/RSN IE in driver based MLME case
(hostapd_notif_assoc), but the MLME code here was not using WPS IE
correctly, i.e., it allowed the WPA/RSN IE override the operation.
Doxygen and some build tools may get a bit confused about same file
name being used in different directories. Clean this up a bit by
renaming some of the duplicated file names in src/ap.
This code can be shared by both hostapd and wpa_supplicant and this
is an initial step in getting the generic code moved to be under the
src directories. Couple of generic files still remain under the
hostapd directory due to direct dependencies to files there. Once the
dependencies have been removed, they will also be moved to the src/ap
directory to allow wpa_supplicant to be built without requiring anything
from the hostapd directory.
