Try to make sure the driver channel list state is synchronized with
wpa_supplicant whenever explicitly clearing state (e.g., between hwsim
test cases).
Signed-off-by: Jouni Malinen <j@w1.fi>
Indicate whether the driver advertises support for Multi-BSS STA
functionality with "GET_CAPABILITY multibss" (returns "MULTIBSS-STA" if
supported).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Advertise vendor specific Multi-AP IE in (Re)Association Request frames
and process Multi-AP IE from (Re)Association Response frames if the user
enables Multi-AP fuctionality. If the (Re)Association Response frame
does not contain the Multi-AP IE, disassociate.
This adds a new configuration parameter 'multi_ap_backhaul_sta' to
enable/disable Multi-AP functionality.
Enable 4-address mode after association (if the Association Response
frame contains the Multi-AP IE). Also enable the bridge in that case.
This is necessary because wpa_supplicant only enables the bridge in
wpa_drv_if_add(), which only gets called when an interface is added
through the control interface, not when it is configured from the
command line.
Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Add support for negotiating WNM Collocated Interference Reporting. This
allows hostapd to request associated STAs to report their collocated
interference information and wpa_supplicant to process such request and
reporting. The actual values (Collocated Interference Report Elements)
are out of scope of hostapd and wpa_supplicant, i.e., external
components are expected to generated and process these.
For hostapd/AP, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration. STAs are requested to perform
reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report
Timeout>" control interface command. The received reports are indicated
as control interface events "COLOC-INTF-REPORT <addr> <dialog token>
<hexdump of report elements>".
For wpa_supplicant/STA, this mechanism is enabled by setting
coloc_intf_reporting=1 in configuration and setting Collocated
Interference Report Elements as a hexdump with "SET coloc_intf_elems
<hexdump>" control interface command. The hexdump can contain one or
more Collocated Interference Report Elements (each including the
information element header). For additional testing purposes, received
requests are reported with "COLOC-INTF-REQ <dialog token> <automatic
report enabled> <report timeout>" control interface events and
unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>".
This commit adds support for reporting changes in the collocated
interference (Automatic Report Enabled == 1 and partial 3), but not for
periodic reports (2 and other part of 3).
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Start scans more quickly if an open BSS advertising OWE transition mode
is found, but the matching OWE BSS has not yet been seen.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit introduces a threshold for OWE transition BSS selection,
which signifies the maximum number of selection attempts (scans) done
for finding OWE BSS.
This aims to do more scan attempts for OWE BSS and eventually select the
open BSS if the selection/scan attempts for OWE BSS exceed the
configured threshold.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If the RADIUS authentication server dropped the cached ERP keys for any
reason, FILS authentication attempts with ERP fails and the previous
wpa_supplicant implementation ended up trying to use the same keys for
all consecutive attempts as well. This did not allow recovery from state
mismatch between the ERP server and peer using full EAP authentication.
Address this by trying to use full (non-FILS) authentication when trying
to connect to an AP using the same ERP realm with FILS-enabled network
profile if the previous authentication attempt had failed. This allows
new ERP keys to be established and FILS authentication to be used again
for the consecutive connections.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Timeout is increased by dfs_cac_ms from channel data, or by max CAC time
(10 minutes) if dfs_cac_ms is not defined. This is needed for some more
complex cases, e.g., when STA is acting as an active slave with DFS
offload enabled and decided to start CAC after receiving CONNECT
command, in such a case the 10 second timeout is too small and
wpa_supplicant need to wait for CAC completion or CAC timeout (up to 10
minutes).
Without such timeout modification wpa_supplicant will be unable to
connect to an AP on DFS channel, since the default authentication
timeout (10 s) is smaller than the minimum CAC time (60 s).
Tested with nl80211 DFS offload implementation.
Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
If any of the interfaces supports FILS (and similarly for FILS-SK-PFS),
include the "fils" (and "fils_sk_pfs") capability in D-Bus information.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
If a DPP_STOP_LISTEN call happens to be received when there is a pending
gas-query radio work that has not yet been started, it was possible for
gas_query_stop() to go through gas_query_done() processing with
gas->work == NULL and that ended up with the pending GAS query getting
freed without removing the pending radio work that hold a reference to
the now freed memory. Fix this by removing the pending non-started radio
work for the GAS query in this specific corner case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend the SME functionality to support the external authentication.
External authentication may be used by the drivers that do not define
separate commands for authentication and association
(~WPA_DRIVER_FLAGS_SME) but rely on wpa_supplicant's SME for the
authentication.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If a specific DH group for OWE is not set with the owe_group parameter,
try all supported DH groups (currently 19, 20, 21) one by one if the AP
keeps rejecting groups with the status code 77.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new disable_fils parameter can be used to disable FILS functionality
in the driver. This is currently removing the FILS Capability bit in
Extended Capabilities and providing a callback to the driver wrappers.
driver_nl80211.c implements this using a QCA vendor specific command for
now.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previous implementation did not handle number of sequences correctly.
Make sure the iteration continues in both unicast and broadcast cases
until the five attempts have been made. In addition, improve timing by
checking 10 second time from the beginning of each iteration round and
not the last channel on which the Auth Req frame has been transmitted.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends wpa_supplicant DPP implementation to retransmit DPP
Authentication Response frame every 10 seconds up to 5 times if the peer
does not reply with DPP Authentication Confirm frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends wpa_supplicant to iterate over all available channels from
the intersection of what the peer indicates and the local device
supports when initiating DPP Authentication. In addition, retry DPP
Authentication Request frame up to five times if no response is
received.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit introduces the ACS functionality for the autonomous GO. The
optional parameter <freq> in p2p_group_add is enhanced to carry a value
"acs" with the intention to select the channels among any supported
band. freq = 2 / 5 carry the need to select the channels only in the
respective bands 2.4 / 5 GHz. This functionality is on top of the host
driver's capability to offload ACS, which is advertized through
WPA_DRIVER_FLAGS_ACS_OFFLOAD.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant RESEND_ASSOC command can be used to request the
last (Re)Association Request frame to be sent to the AP to test FT
protocol behavior.
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
This can be used to test replay protection. The "RESET_PN" command in
wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local
counters to zero for the last configured key. For hostapd, the address
parameter specifies which STA this operation is for or selects GTK
("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK").
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new "SET sae_commit_override <hexdump>" control interface command
can be used to force wpa_supplicant to override SAE commit message
fields for testing purposes. This is included only in
CONFIG_TESTING_OPTIONS=y builds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When failing to trigger scan for beacon report (e.g., when the
requested duration is not supported by the driver), send a
Radio Measurement response with the mode set to refused and don't
retry the scan.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
IEEE Std 802.11-2016, 11.11.6 specifies that a station that is unable to
make a requested measurement or refuses to make a measurement shall
respond only if the measurement request was received within an
individually addressed radio measurement request frame, but shall not
respond if such a request was received in a group addressed frame.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This allows wpa_supplicant to be configured to act as the configurator
in the case where a peer device initiates DPP Authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This implements genric PKEX functionality in src/common/dpp.c and glue
code to use this in wpa_supplicant (i.e, hostapd DPP implementation does
not yet support PKEX).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Set temporary disallowed BSSID list to the driver so that the driver
doesn't try to connect to any of the blacklisted BSSIDs during
driver-based roaming operation. This commit includes support only for
the nl80211 driver interface using a QCA vendor command for this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds support for DPP Configuration Protocol using GAS. Full
generation and processing of the configuration object is not included in
this commit.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add wpa_supplicant control interface commands for parsing the bootstrap
info URI from a QR Code (get peer public key) and to generate a new
bootstrap info with private key for local use. The optional
key=<hexdump> argument to the DPP_BOOTSTRAP_GEN command can be used to
specify the bootstrapping private key in OpenSSL ECPrivateKey DER
encoding format. This results in the local bootstrapping information
entry being created with the specified key instead of generating a new
random one.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There could be multiple pending TX operations and if the earlier ones
have used wait_time, but the last one did not, the driver call for
canceling pending wait was not done. This could result in the driver
getting stuck waiting for the previously scheduled wait time and not
being able to do new operations until that. Fix this by canceling the
wait if any of the past offchannel_send_action() calls since the last
offchannel_send_action_done() used non-zero wait_time.
This was showing up as issues in certain DPP Public Action frame
sequences when the same offchannel operation is used with multiple
frames and the last frame in the sequence does not need wait_time.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Update the internal fils_completed state when offloading FILS shared key
authentication to the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In ap_scan=2 mode, wpa_supplicant_assoc_try() did not check whether the
SSID is temporarily disabled before trying to associate and this may
result in an infinite connect/disconnect loop. If the association
succeeds while the SSID is temporarily disabled, wpa_supplicant will
request to deauthenticate and that in turn will cause the SSID to be
temporarily disabled again. Fix that by postponing the association until
the SSID is no longer temporarily disabled.
Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
This extends the GAS/ANQP parser in wpa_supplicant to process MBO
ANQP-elements and indicate received Cellular Data Connection Preference
values over the control interface.
When a valid MBO ANQP-element is received, the following control
interface message is sent:
RX-MBO-ANQP <BSSID> cell_conn_pref=<value>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
MBO techspec v0.0_r27 changed the MBO ANQP-element format. The MBO
element in ANQP query should now include an MBO Query List element that
contains a list of MBO elements to query.
Add API to add the MBO Query List to an ANQP query.
Format:
ANQP_GET <addr> <info_id>[,<info_id>]...[,mbo:<subtype>...]
Example for querying neighbor report with MBO cellular data
connection preference:
ANQP_GET <bssid> 272,mbo:2
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add support for rejecting a BSS transition request using MBO reject
reason codes. A candidate is selected or rejected based on whether it is
found acceptable by both wpa_supplicant and the driver. Also accept any
candidate meeting a certain threshold if disassoc imminent is set in BTM
Request frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This functionality was originally added in commit
204c9ac4ee ('Extend select_network command
with freq= to reduce scan time') re-using wpa_s->manual_scan_freqs and
MANUAL_SCAN_REQ. That got broken when commit
35d403096e ('Set NORMAL_SCAN_REQ on
SELECT_NETWORK/ENABLE_NETWORK') started overriding wpa_s->scan_req for
SELECT_NETWORK.
Fix this by adding a new scan frequency list specifically for
SELECT_NETWORK so that this does not need to depend on any specific
wpa_s->scan_req value.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new "SET ric_ies <hexdump>" control interface command can now be
used to request wpa_supplicant to add the specified RIC elements into
Reassociation Request frame when using FT protocol. This is mainly for
testing purposes.
Signed-off-by: Jouni Malinen <j@w1.fi>
This can be used to override driver get_pref_freq_list() operation for
more convenient testing of preferred frequency list functionality.
Override string format:
<if_type1>:<freq1>,<freq2>,... <if_type2>:...
if_type: 0=STATION, 2=AP, 3=P2P_GO, 4=P2P_CLIENT, 8=TDLS, 9=IBSS
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add support to set sched scan relative RSSI parameters so that the
drivers can report BSSs after relative comparision with the current
connected BSS. This feature is applicable only when in connected mode.
The below commands can be used to configure relative RSSI parameters
SET relative_rssi <disable|rssi_value>
disable - to disable the feature
rssi_value - amount of relative RSSI in dB
SET relative_band_adjust <band:adjust_value>
band - "2G" or "5G" for 2.4 GHz or 5 GHz respectively
adjust_value - amount of RSSI to be adjusted in dB
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant control interface commands FILS_HLP_REQ_FLUSH and
FILS_HLP_REQ_ADD can now be used to request FILS HLP requests to be
added to the (Re)Association Request frame whenever FILS authentication
is used.
FILS_HLP_REQ_ADD parameters use the following format:
<destination MAC address> <hexdump of payload starting from ethertype>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These commnds are mesh version of PMKSA_GET/ADD commands. So the usage
and security risk is similar to them. Refer to
commit 3459381dd2 ('External persistent
storage for PMKSA cache entries') also.
The MESH_PMKSA_GET command requires peer MAC address or "any" as an
argument and outputs appropriate stored PMKSA cache. And the
MESH_PMKSA_ADD command receives an output of MESH_PMKSA_GET and re-store
the PMKSA cache into wpa_supplicant. By using re-stored PMKSA cache,
wpa_supplicant can skip commit message creation which can use
significant CPU resources.
The output of the MESH_PMKSA_GET command uses the following format:
<BSSID> <PMKID> <PMK> <expiration in seconds>
The example of MESH_PMKSA_ADD command is this.
MESH_PMKSA_ADD 02:00:00:00:03:00 231dc1c9fa2eed0354ea49e8ff2cc2dc cb0f6c9cab358a8146488566ca155421ab4f3ea4a6de2120050c149b797018fe 42930
MESH_PMKSA_ADD 02:00:00:00:04:00 d7e595916611640d3e4e8eac02909c3c eb414a33c74831275f25c2357b3c12e3d8bd2f2aab6cf781d6ade706be71321a 43180
This functionality is disabled by default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The requested behavior can be approximated for most use cases even if
the driver does not support reporting exact TSF values for frames.
Enable this capability for all drivers to make beacon report processing
more useful for a common use case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Beacon Report Radio Measurement is defined in IEEE Std 802.11-2016,
11.11.9.1. Beacon Report is implemented by triggering a scan on the
requested channels with the requested parameters.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Extend verify_channel() to return whether IR is allowed on the channel
or not, and make it a global function so it can be used in other files,
too. This makes this function useful for checking not only if a channel
is supported but also if it is allowed for active and passive scan.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
The length of a Measurement Report frame should be limited by the
maximum allowed MMPDU size (IEEE Std 802.11-2016, 9.6.2.3). Enforce this
size limit, and in case the report elements are longer than the allowed
size, split them between several MPDUs.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Supported Operating Classes element and its use is define in the IEEE
802.11 standard and can be sent even when MBO is disabled in the build.
As such, move this functionality out from the CONFIG_MBO=y only mbo.c.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes wpa_supplicant behavior more consistent with FLUSH command to
clear all state. Previously, it was possible for an ongoing scan to be
aborted when the FLUSH command is issued and the scan results from that
aborted scan would still be processed and that would update the BSS
table which was supposed to cleared by the FLUSH command.
This could result in hwsim test case failures due to unexpected BSS
table entries being present after the FLUSH command.
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit enhances the existing implementation of abort scan to also
abort concurrent active vendor scans. This is achieved by passing the
the scan_cookie to the driver interface with the intention to abort
the specific scan request. This scan_cookie is returned from the driver
interface when the scan request is scheduled.
This scan_cookie is 0 if the scan is triggered through the upstream
cfg80211 interface. Thus, the scan_cookie is used to determine whether
to abort the cfg80211 or vendor scan request.
Also, the previous implementation of relying on scan_work/p2p_scan_work
for the active work to trigger the abort scan is enhanced to check for
the started state of either of these work operations. This should also
help to abort the concurrent active scan/p2p-scan operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This provides more details on BSS selection process in the debug log.
Previously, the BSSs that were not either the current or the selected
one were not necessarily printed at all. Now all BSSs that match the
currently selected network are listed with their frequency and signal
strength details.
Signed-off-by: Jouni Malinen <j@w1.fi>
When scheduled scan stops without the interface request (for example,
driver stopped it unexpectedly), start a regular scan to continue
scanning for networks and avoid being left with no scan at all.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This extends ANQP_GET command to support querying MBO cellular
preference also. The cellular preference can be requested along with
neigbor report by appending mbo:1 to the command arguments.
For example:
ANQP_GET <bssid> 272,mbo:1
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The reason detail field in non_pref_chan attribute was removed from MBO
draft v0.0_r25, so the STA should not include this field to be compliant
with the latest draft.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
For testing purposes, it is useful to have an option to be able to
reject BTM Request sent by AP in order to verify the AP behavior upon
BTM Request rejection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a testing mechanism to allow association disallowed set by AP to be
ignored. This can be used to verify AP behavior for disallowing a
specific association.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc
response loss and EAPOL RX packet loss by ignoring corresponding
incoming events.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
All the 3 control interfaces: socket based, dbus & binder needs to
perform the same sequence of steps for network add/remove. So, move
these to a common utility method in |wpa_supplicant.c| instead of
duplicating the code everywhere.
Signed-off-by: Roshan Pius <rpius@google.com>
Move out the disconnect command handling from |ctrl_iface.c| to
|wpa_supplicant.c| so that it can be reused across the different
control interfaces (socket, dbus & binder).
Signed-off-by: Roshan Pius <rpius@google.com>
This allows P2P Listen to be offloaded to device to enhance power
saving.
To start P2P listen offload, from wpa_cli interface, issue the command:
p2p_lo_start <freq> <period> <interval> <count>
To stop P2P listen offload, issue the command:
p2p_lo_stop
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Handle radio measurement request that contains LCI request. Send
measurement report based on a configurable LCI report element. The LCI
report element is configured over the control interface with
SET lci <hexdump of the element>
and cleared with
SET lci ""
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Add an option to request LCI and Location Civic Measurement in Neighbor
Report Request frame, as described in IEEE P802.11-REVmc/D5.0, 9.6.7.6.
Note: This changes the encoding format of the NEIGHBOR_REP_REQUEST
ssid=<val> parameter. This used to be parsed as raw SSID data which is
problematic for accepting additional parameters. The new encoding allows
either a string within double-quotation marks or a hexdump of the raw
SSID.
Thew new format:
NEIGHBOR_REP_REQUEST [ssid=<SSID>] [lci] [civic]
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Add a function that parses SSID in text or hex format. In case of the
text format, the SSID is enclosed in double quotes. In case of the hex
format, the SSID must include only hex digits and not be enclosed in
double quotes. The input string may include other arguments after the
SSID.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
This commit implements the methods defined in Supplicant service:
1. CreateInterface
2. RemoveInterface
3. GetInterface
The binder service returns the corresponding iface binder object
references which can be used by clients to control a specific
interface.
Signed-off-by: Roshan Pius <rpius@google.com>
Create the skeletal binder interface for wpa_supplicant. The interface
hierarchy is based off the existing dbus
interface(https://w1.fi/wpa_supplicant/devel/dbus.html).
Since we use libbinder, the binder interface codebase needs to be
written in C++ and can only be compiled on Android platform for now.
The aidl files define binder RPC interfaces. The Android build system
generates the corresponding C++ interface classes which needs to be
implemented by the server process.
The clients can obtain a reference to the binder service (root object)
using:
android::String16 service_name("fi.w1.wpa_supplicant");
android::sp<android::IBinder> binder =
android::defaultServiceManager()->getService(service_name);
Once a reference to the root object is retrieved, the clients can
obtain references to other RPC objects using that root object methods.
Signed-off-by: Roshan Pius <rpius@google.com>
This allows the SME-in-the-driver case to get similar information about
reassociation that was already available for the SME-in-wpa_supplicant
case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant command line argument -M can be used to describe
matching rules with a wildcard interface name (e.g., "wlan*").
This is very useful for systems without udev (Linux) or devd (FreeBSD).
Signed-off-by: Roy Marples <roy@marples.name>
Previously, BLOCKED state duration slightly increased up to 3600. Though
the BLOCKED state could be canceled by ap_handle_timer(). Because the
timer timeouts in ap_max_inactivity(default=300sec) and remove STA
objects (the object retains BLOCKED state).
This patch re-designs my commit bf51f4f82b
('mesh: Fix remaining BLOCKED state after SAE auth failure') to replace
mesh_auth_block_duration by ap_max_inactivity and remove incremental
duration.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
(Re)Association Response frame with status code other than 0 is now
notified over DBUS as a part of PropertiesChanged signal. This can be
used by application in case AP is denying association with status code
17 (band steering) so that it does not interfere in the BSSID selection
logic of wpa_supplicant.
Signed-off-by: Naveen Singh <nasingh@google.com>
Expose the functions wpas_get_bands() and wpas_freq_to_band() and the
enum wpa_radio_work_band, since they will be needed outside
wpa_supplicant.c.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
In many places in the code there was a reference to wpa_s->parent to get
from group interface to p2p_dev interface. These places can break if
P2P_DEVICE interface would need to be used with the primary interface as
the group interface, since the parent of the primary interface points to
itself and not the p2p_dev interface.
Fix this by adding a separate "p2pdev" pointer to wpa_supplicant,
it will be the same as parent pointer in most cases but whenever
the primary interface is used as a group interface, change it to
point to the correct p2p_dev interface.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
If the BSS Transition Management Request frame includes only a single
candidate and we need to scan for the BSS to get up-to-date information,
use a scan for the known BSSID instead of wildcard BSSID. In addition,
set the SSID in the scan if it is known based on old scan results in the
BSS table. This removes unnecessary Probe Response frames when we are
interested in results from only a single BSS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add the transition candidate list to BSS Transition Management Response
frame. The candidates preference is set using the regular wpa_supplicant
BSS selection logic. If the BSS transition request is rejected and
updated scan results are not available, the list is not added.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
When rejecting a BSS Transition Management Request frame, add MBO IE to
the BSS Transition Management Response frame to specify the transition
rejection reason.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add parsing of MBO IE in BSS Transition Management Request frames. If
the MBO IE includes the association retry delay attribute, do not try to
reconnect to the current BSS until the delay time is over.
If the MBO IE includes the cellular data connection preference attribute
or the transition rejection reason attribute, send a message to upper
layers with the data.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Prevent association to MBO APs that have association disallowed
attribute in MBO IE in Beacon or Probe Response frames.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Add cellular capability attribute to MBO IE and add MBO IE with cellular
capabilities to Probe Request frames. By default, cellular capability
value is set to Not Cellular capable (3).
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Send a WNM-Notification Request frame with Non-preferred Channel Report
subelement if the non-preferred channels list changes during an
association.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
This adds a new command based Hotspot 2.0 icon retrieval option.
In short, here is the new command sequence:
1. REQ_HS20_ICON <bssid> <file-name>
2. event: RX-HS20-ICON <bssid> <file-name> <size>
3. GET_HS20_ICON <bssid> <file-name> <offset> <size>
(if needed, repeat with larger offset values until full icon is
fetched)
5. DEL_HS20_ICON <bssid> <file-name>
REQ_HS20_ICON is a new command that is analogous to HS20_ICON_REQUEST
with the slight difference that an entry to store the icon in memory is
prepared. The RX-HS20-ICON event has been augmented with BSSID,
file-name and size, and GET_HS20_ICON is used to retrieve a chunk of up
to <size> bytes of icon data at offset <offset>. Each chunk is returned
as a base64 encoded fragment, preceded by "HS20-ICON-DATA", BSSID, and
file-name as well as the starting offset of the data.
If there is no entry prepared for the icon when the ANQP result comes
back, hs20_process_icon_binary_file falls back to legacy behavior.
Finally the DEL_HS20_ICON command deletes (all) icons associated with
BSSID and file-name (there could be several if retries are used and they
have different dialog tokens).
Signed-off-by: Jan Nordqvist <jannq@google.com>
The new methods are
1. VendorElemAdd "i" "ay" i=integer ay=array of bytes
2. VendorElemGet "i" i=integer (output array of bytes)
3. VendorElemRem "i" "ay" i=integer ay=array of bytes
These provide functionality similar to the control interface commands
VENDOR_ELEM_ADD, VENDOR_ELEM_GET, and VENDOR_ELEM_REMOVE.
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Dilshad Ahmad <dilshad.a@samsung.com>
[VendorElemGet to return array of bytes instead of string; cleanup]
Signed-off-by: Jouni Malinen <j@w1.fi>
Add the option to configure scheduled scan plans in the config file.
Each scan plan specifies the interval between scans and the number
of scan iterations. The last plan will run infinitely and thus
specifies only the interval between scan iterations.
usage:
sched_scan_plans=<interval:iterations> <interval2:iterations2> ... <interval>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
The new max_oper_chwidth and freq2 arguments to P2P_CONNECT, P2P_INVITE,
and P2P_GROUP_ADD control interface commands can be used to request
larger VHT operating channel bandwidth to be used than the previously
used maximum 80 MHz.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Mesh Points themselves have capability to support VHT as long as
hardware supports it. However, supporting VHT in mesh mode was disabled
because no one had clearly tested and confirmed its functionality. Since
VHT80 has now been verified to work with ath10k QCA988X driver and
mac80211_hwsim, enable VHT support in mesh mode.
Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
The AP is not expected to send out a WNM-Sleep Mode Response frame
without the STA trying to use WNM-Sleep Mode. Drop such unexpected
responses to reduce unnecessary processing of the frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
On successful P2P PD, report the chosen frequency in case the local
device is going to be the P2P GO, so in can later be used to instantiate
the new P2P GO, etc.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This commit contains the necessary changes to parallelize
distinct radio work operations which are different in type and
the band used, only when the underlying driver is capable of
supporting such simultaneous offchannel operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The P2P group is not yet operating when going through invitation
exchange for re-invocation. Previously, an old cached scan result could
be used to skip the scan immediately after the invitation exchange.
While this may result in the fastest possible connection, it does have
some issues with cases where the GO takes some time to start up. It
would also be at least theoretically possible for some of the BSS
parameters to be different, so having a fresh scan result from the new
GO instance may be desired in any case.
Add a mechanism to skip scan results that have been last updated before
a specific point in time and as the first user for this mechanism,
require chan results to be more recent than the invitation message
exchange for the P2P Client role in persistent group re-invocation case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When P2PS PD with default P2PS method is done, the peer that becomes GO
should authorize the client. However, P2PS specification doesn't require
the client to include its intended interface address in PD
Request/Response. As a result, the P2P Client's interface address may not
be known and any address may need to be authorized.
Previously, client's P2P Device Address was used for authorization,
which is not correct when a dedicated interface is used for P2P Client.
This is not resulting in a connection failure, however it causes a
significant delay (until WPS_PIN_TIME_IGNORE_SEL_REG elapses). Fix this
by authorizing the intended interface address, if known; or any address,
if not known.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This buffer is owned by the FST module, so mark it const in the
set_ies() callback to make it clearer which component is responsible for
modifying and freeing this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
