Commit graph

3262 commits

Author SHA1 Message Date
Jouni Malinen
745ef18478 HS 2.0: Verify assoc_req_ie buffer size for indication elements
While the buffer is expected to be large enough for all the IEs, it is
better to check for this explicitly when adding the HS 2.0 Indication
element. (CID 68601)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
010fc5f507 dbus: Clean up array-array-type property getter
The previously used design was a bit too complex for static analyzers
(e.g., CID 68131, CID 68133) to understand which resulted in false
warnings about uninitialized memory. Avoid this by explicitly
initializing the pointer array to NULL and also skipping any invalid
NULL entry in the helper function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-29 18:20:13 +03:00
Tomasz Bursztyka
ea18024d78 dbus: Add PropertiesChanged signal to Peer object
This signal will be thrown when a Peer joins or leaves a group.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:28:14 +03:00
Tomasz Bursztyka
bf035663c9 dbus: Remove GroupMember object type and use Peer instead
GroupMember is unusable in itself and all the necessary informations are
stored in Peer objects, thus replace the use of GroupMember by Peer.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:19:12 +03:00
Tomasz Bursztyka
17a37d7110 dbus: Add a Groups property to a Peer object on which it belongs
If only the Peer is part of one or more group, this property will tell
those via listing their object paths.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:09:32 +03:00
Tomasz Bursztyka
6f04642fe3 P2P: Add utility functions to get GO/client interface
This will be useful for a peer to know if it is part of a group either
as a client of our local GO or as the peer GO.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:00:55 +03:00
Dmitry Shmidt
1de809e152 eapol_test: Fix -R option to not replace -s option value
Commit e9852462d5 ('eapol_test: Add PC/SC
reader and PIN command line arguments') did not add break to the switch
statement for the new -R command line option.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-06-28 10:51:29 +03:00
Johannes Berg
57a8f8af38 nl80211: Use low-priority scan for OBSS scan
Some drivers may support low-priority scans, if they do then
use that for OBSS scanning.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-06-22 00:47:06 +03:00
Jouni Malinen
1b928f96b6 P2P: Allow passphrase length to be configured
Previously, eight character random passphrase was generated
automatically for P2P GO. The new p2p_passphrase_len parameter can be
used to increase this length to generate a stronger passphrase for cases
where practicality of manual configuration of legacy devices is not a
concern.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-22 00:15:53 +03:00
Jouni Malinen
e9852462d5 eapol_test: Add PC/SC reader and PIN command line arguments
The new command line arguments -R<reader> and -P<PIN> can now be used to
specify which PC/SC reader (prefix match) and PIN are to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-21 22:46:28 +03:00
Jouni Malinen
5a620604f8 Use pcsc_reader configuration in one for scard_init() call
This allows PC/SC reader to be identified with the pcsc_reader
configuration parameter.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-21 22:45:31 +03:00
Jouni Malinen
3302b7c29f Rate limit SA Query procedure initiation on unprotected disconnect
There is no need to trigger new SA Query procedure to check the state of
the connection immediately after having performed such a check. Limit
the impact of burst of unprotected Deauth/Disassoc frames by starting a
new SA Query procedure only once at least 10 seconds has passed from the
previous SA Query that was triggered by reception of an unprotected
disconnection. The first SA Query procedure for each association does
not follow this rule to avoid issues with test cases that expect to see
an SA Query every time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-19 20:56:32 +03:00
Arik Nemtsov
38ddccae8f TDLS: Add ctrl_iface option for flushing all TDLS peers
"TDLS_TEARDOWN *" can now be used to tear down the direct links to all
TDLS peers. This is useful for debugging purposes.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-06-16 23:43:46 +03:00
Arik Nemtsov
947f900fb8 TDLS: Handle unreachable link teardown for external setup
If a link is unreachable, the specification mandates we should send a
teardown packet via the AP with a specific teardown reason. Force this
by first disabling the link and only then sending the teardown packet
for the LOW_ACK event.

Rename the TDLS LOW_ACK event handler to better reflect its purpose.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-06-16 23:34:06 +03:00
Jouni Malinen
fa21e6c35b Fix CONFIG_MODULE_TESTS=y build without CONFIG_P2P=y
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-15 19:35:22 +03:00
Jouni Malinen
bd10d93891 P2P: Clean up by moving ifdef CONFIG_P2P to p2p_suppplicant.h
This removes number of unnecessary #ifdef CONFIG_P2P blocks from generic
code by hiding the conditional build into p2p_supplicant.h with empty
inline functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-15 19:31:53 +03:00
Ilan Peer
e3bd6e9dc0 P2P: Use another interface operating channel as listen channel
Performing a P2P Device flow such as p2p_listen or
p2p_find, can degrade the performance of an active interface
connection, if the listen frequency is different than the
frequency used by that interface.

To reduce the effect of P2P Device flows on other interfaces,
try changing the listen channel of the P2P Device to match the
operating channel of one of the other active interfaces. This change
will be possible only in case that the listen channel is not forced
externally, and will be delayed to a point where the P2P Device
state machine is idle.

The optimization can be configured in the configuration file and
is disabled by default.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:46:11 +03:00
Ilan Peer
28812a8983 P2P: Try using one of the social channels for GO
In case there is no preference for the GO operating channel,
try using one of 1, 6, 11 (randomly), and only if the random
selection is not suitable traverse all the channels 1..11.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:33:52 +03:00
Avraham Stern
0a816e8cbf P2P: Remove duplicated code from get_shared_radio_freqs_data()
Remove the seperation between getting the local interface frequency and
other interfaces frequencies since going over all the radio interfaces
includes the local interface.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2014-06-15 00:21:41 +03:00
Jouni Malinen
504df28a1d Remove unused dump_freq_array()
This function is not used anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-15 00:21:41 +03:00
Ilan Peer
a0c90bb073 P2P: Collect and use extended data on used frequencies
When the number of frequencies supported by the kernel is bigger than
one, and there is a need to pick a frequency for a new flow such as P2P
GO Negotiation or P2P Invitation, the flow should be able to pick the
best frequency among all the frequencies currently used by the device.

In order to prioritize between the currently used frequencies, add
the ability to collect additional data about each used frequency
(if the frequency is used by a station interface or P2P Client)
and when needed select the best frequency, where:

1. Infrastructure interfaces have highest priority
2. P2P Client interfaces have higher priority over AP/GO
   interfaces.

The rational is that the frequency of an AP/GO can change while
that of a station interface cannot.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:21:40 +03:00
Avraham Stern
b278f323ed P2P: Remove unused code from get_shared_radio_freqs_data()
Remove the check for get_radio_name support from
get_shared_radio_freqs_data() since get_radio_name is no longer in use
in this function.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2014-06-15 00:21:40 +03:00
Jouni Malinen
25be28a375 dbus: Check return value more consistently (CID 62841)
Most of these calls are checked to return success and there is no reason
why these wouldn't, so be more consistent. This addresses CID 62841,
CID 62840, CID 62839, CID 62838, CID 62837, CID 62836.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-14 12:32:53 +03:00
Jouni Malinen
f62415df8a Note chmod() failure in debug log even in ignore case (CID 62843)
If this chmod() call fails, the global control interface is allowed to
be used since there was no change to its group. Anyway, it can be
helpful to note the error case in debug log instead of silently ignoring
it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-14 12:32:52 +03:00
Jouni Malinen
49d13df63c P2P: Fix wfd_dev_info parsing for P2P-DEVICE-FOUND (CID 68127)
Commit b125c48fce ('P2P: Add wfd_dev_info=
field for device found event') added Wi-Fi Display device info to the
P2P-DEVICE-FOUND events. However, it did not include proper bounds
checking in wifi_display_subelem_hex() and could accept subelements with
invalid length field values. This could result in buffer read overflow
of up to 64 kB and inclusion of heap memory in the local control
interface event and/or process crash due to invalid memory access. Fix
this by checking the validity of the length field before writing a
hexdump of the data.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 15:25:39 +03:00
Jouni Malinen
1851e17a64 dbus: Clean up P2P group vendor ext getter
The vendor_ext[i] = NULL setting did not make any sense since
num_vendor_ext should have been used to index the vendor_ext array. The
old code did not do any harm since i >= num_vendor_ext and none of the
already set entries could have been cleared. Anyway, better clean this
by making it skip the setting to NULL similarly to what was already done
in the P2P peer vendor ext getter.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:48:21 +03:00
Jouni Malinen
137ff332fd HS 2.0R2: Fix OSEN IE parsing for in cipher setup (CID 68132)
The OSEN code path hardcodes number of struct wpa_ie_data items.
However, it did not clear the full structure and some uninitialized
fields could have been used (e.g., ie.mgmt_group_cipher for a debug
print and ie.capabilities for checking MFPC). Fix this by clearing the
ie data before filling in the hardcoded OSEN values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:36:42 +03:00
Jouni Malinen
2703fb4ad9 WNM: Use cleaner way of generating pointer to a field (CID 68100)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
fb5d417178 P2P: Use cleaner way of generating pointer to a field (CID 68096)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
35c03184df P2P: Use cleaner way of generating pointer to a field (CID 68095)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
e987c70c85 dbus: Add explicit break statements to switch-default
There were couple of missing breaks in switch-default (before/after).
While these did not have any noticeable issues due to falling over to
the next step that just exited from the switch statement, it is cleaner
and more robust to have each case use an explicit break.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
6446420b24 dbus: Initialize temporary entry properly (CID 62877)
The tmpentry variable was not initialized and
_wpa_dbus_dict_entry_get_byte_array() does not set tmpentry.type, so it
would have been possible for the error path to end up trying to free
unexpected type of an entry or not free the memory at all.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
70d9537361 Use clearer way of getting pointer to a frame (CID 62835)
This avoids an incorrect ARRAY_VS_SINGLETON report for a case where a
pointer is taken to the specified field in a frame and not to a single
octet. Bounds checking was already handled separately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:11 +03:00
Jouni Malinen
0e87e798b5 Fix HS20_GET_NAI_HOME_REALM_LIST hex length check (CID 68108)
Due to an incorrect operation (MOD vs. AND), the code that was supposed
to return an error if the hex string has odd length was not really
reporting any failures. Instead of reporting an error, the invalid
control interface command would have been truncated. This is not an
issue in practice, but better fix the implementation anyway.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-12 19:45:27 +03:00
Jouni Malinen
beb9e1171e dbus: Avoid theoretical memory leaks with duplicated dict entries
If a dict would include duplicated items, the parsing code here would
have leaked memory by overwriting old os_strdup() result with the new
one. Fix this by explicitly freeing the previous entry. This addresses
CID 62852, CID 62851, CID 62850, CID 62849, CID 62847, CID 62846.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-12 19:45:06 +03:00
Jouni Malinen
ceb4cd89c9 dbus: Fix a potential double-free in on error path (CID 62880)
It would have been at least theoretically possible to hit the first
error in the loop and end up jumping to error handling which would call
os_free(value) without the value having been cleared after the os_free()
call at the end of the previous loop iteration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-12 19:45:02 +03:00
Jouni Malinen
5519241676 GAS: Limit TX wait time based on driver maximum value
The GAS query TX operation used a fixed wait time of 1000 ms for the
reply. However, it would be possible for the driver to not support this
long remain-on-channel maximum. Limit this wait time based on driver
support, if needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-12 10:56:06 +03:00
Nirav Shah
d3b204694a P2P: Make the default p2p_find delay value configurable
This makes the p2p_find default delay value configurable as
p2p_search_delay parameter through the configuration file (and through
control interface "SET p2p_search_delay <value>" on the P2P management
interface.

This parameter controls the number milliseconds of extra delay that is
added between search iterations when there is a concurrent operation in
progress. This can be used, e.g., p2p_search_delay=100 to make p2p_find
friendlier to concurrent operations by avoiding it from taking 100% of
the radio resources. The default value is the previous default, i.e.,
500 ms. Smaller values can be used to find peers more quickly at the
cost of larger effect to concurrent operations while a larger value
leaves more time for the concurrent operations at the cost of making
device discovery take longer time.

The optional p2p_find delay argument can still be used to override the
search delay for each search operation.

Since the P2P_CONCURRENT_SEARCH_DELAY macro is not used anymore, the
driver specific build parameter for bcmdhd from Android.mk is also
removed. Similar configuration can now be achieved with
p2p_search_delay=0 in the p2p0 interface configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-09 19:43:26 +03:00
Jouni Malinen
a01acc50d5 Check for EVENT_ASSOC data to be present for AP mode operation
wpa_supplicant_event() is required to include the event data for AP mode
events. In theory, a non-AP mode event could be sent here from the
driver wrapper, so reject such event.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 19:15:50 +03:00
Jouni Malinen
0bbaa9b93f Validate driver extended capabilities length against buffer length
Prepare for new extended capabilities bits by checking that the local
buffer is large enough to contain all the bits the driver requests. The
existing buffers are large enough to include anything defined until now,
but it would be possible to add more definitions in the future, so
increase them a bit as well to make this more future proof.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 16:35:30 +03:00
Jouni Malinen
9c6c5589e0 Interworking: Reject EAP configuration with unsupported inner method
Instead of allowing the connection attempt to occur with an unsupported
inner method, check for that explicitly at the time the network block is
added and drop the network if the identified inner method is not
supported.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 16:18:30 +03:00
Jouni Malinen
f2ca0e9770 Check eap_get_name() return against NULL to silence static analyzer
This cannot really be NULL in practice since cred->eap_method would
point to a valid EAP method. Anyway, to avoid false positive from
analyzers, check the pointer explicitly before printing it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 15:42:07 +03:00
Jouni Malinen
fb958ea76e Check current_ssid on unexpected association event
This is mainly to keep static analyzers silent since it does not look
like this code path can be reached in practice due to the way
association events are handled and current_ssid is either set before
resched here or the association is rejected. Anyway, if this could be
reached, the wpa_supplicant_set_wpa_none_key() call would end up
dereferencing a NULL pointer, so add an explicit check to make sure that
does not happen.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 13:32:13 +03:00
Jouni Malinen
6a98f67369 ChangeLog entries for v2.2
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-04 16:08:37 +03:00
Jouni Malinen
d4b951f31b Fix offchannel TX not to retransmit pending frame on callback
If the offchannel TX frame command was offloaded to the driver in
offchannel_send_action(), we must not send another copy of the frame if
a remain-on-channel event happens to be delivered between this TX
command and the matching TX status event. It was possible for the
duplicated frame to cause problems, e.g., with P2P invitation exchange
if the same Invitation Request frame got sent twice and only the first
one getting accepted by the peer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-04 16:07:59 +03:00
Jouni Malinen
df48efc5ab Fix external radio work stopping to not read freed memory
The dynamically allocated struct wpa_external_work contains the name of
the radio work in the type field and this is used in a debug print
within radio_work_done(). Re-order radio_work_done() and os_free() calls
on couple of paths where the memory was freed before that final user of
the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-31 22:58:51 +03:00
Amit Khatri
9a17b36e55 tests: Makefile change avoiding compiler error for module test
wpa_supplicant was giving below error when "CONFIG_MODULE_TESTS=y" and
"CONFIG_P2P=y" are in .config file:
"wpas_module_tests.c:84: undefined reference to `wps_module_tests'"

This error is coming because "CONFIG_WPS=y" is commented out in .config
file but CONFIG_WPS is getting enabled by CONFIG_P2P in Makefile.

Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
2014-05-31 13:36:59 +03:00
Mikael Kanstrup
b77aeae732 Interworking: Re-trigger scan if no connect attempt is done
For one specific case when running with Interworking enabled the
re-initialisation of the scan timer is missing. This makes auto connect
to a configured network fail.

The case is:
- Interworking credentials available, but do not match
- Auto interworking is enabled (auto_interworking=1)
- Interworking auto select is disabled (i.e., this is from
  auto_interworking=1, not from INTERWORKING_SELECT auto)
- No configured (enabled and non blacklisted) networks are present
  in scan results list with full match
- Interworking finds matching networks (it does not do full security
  policy match)

This patch covers the case and re-initialises the scan timer to allow
search for a suitable network to continue.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2014-05-31 13:23:00 +03:00
Jouni Malinen
2d2dd488be tests: Add module tests for src/common
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-28 00:56:13 +03:00
Jouni Malinen
829a1b3296 P2P: Clear p2p_auth_invite after each persistent group invitation
This makes the operations more consistent when going through multiple
persistent group re-invocation sequences in a row. Each invitation needs
to be accepted separately if persistent reconnect is not enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 12:09:25 +03:00
Boris Sorochkin
e403ba859e Parse DMG capabilities when reporting to external interfaces
This adds [DMG] and [PBSS] flags for scan results and BSS table entries
using the IEEE Std 802.11ad-2012 updated definition of the Capability
field.

Signed-off-by: Boris Sorochkin <qca_bsoroc@qca.qualcomm.com>
2014-05-26 23:35:52 +03:00
Jouni Malinen
8860e0f47c tests: Add printf encoding/decoding module tests
This replaces tests/test-printf.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
7bb70909a2 Add DRIVER_EVENT AVOID_FREQUENCIES for testing
This can be used to simulate driver events indicating frequencies to
avoid.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Masashi Honma
f0356ec85c eloop: Add epoll option for better performance
This patch adds epoll option for the eloop implementation. This can be
selected with the CONFIG_ELOOP_EPOLL=y build option.

[merit]
See Table1.

Table1. comparison table
+--------+--------+-----------+------------+-------------+
|        | add fd | remove fd | prepare fd | dispatch fd |
+--------+--------+-----------+------------+-------------+
| select | O(1)   | O(1)      | O(N)       | O(N)        |
+--------+--------+-----------+------------+-------------+
| poll   | O(1)   | O(1)      | O(N)       | O(N)        |
+--------+--------+-----------+------------+-------------+
| epoll  | O(1)   | O(1)      | 0          | O(M)        |
+--------+--------+-----------+------------+-------------+
"add fd" is addition of fd by eloop_sock_table_add_sock().
"remove fd" is removal of fd by eloop_sock_table_remove_sock().
"prepare fd" is preparation of fds before wait in eloop_run().
"dispatch fd" is dispatchment of fds by eloop_sock_table_dispatch().
"N" is all watching fds.
"M" is fds which could be dispatched after waiting.

As shown in Table1, epoll option has better performance on "prepare fd" column.
Because select/poll option requires setting fds before every select()/poll().
But epoll_wait() doesn't need it.

And epoll option has also better performance on "dispatch fd" column.
Because select/poll option needs to check all registered fds to find out
dispatchable fds. But epoll option doesn't require checking all registered fds.
Because epoll_wait() returns dispatchable fd set.

So epoll option is effective for GO/AP functionality.

[demerit]
The epoll option requires additional heap memory. In case of P2P GO, it is
about 8K bytes.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-05-16 18:25:51 +03:00
Tomasz Bursztyka
68d270069f dbus: No need to recompute group object path on GroupStarted signal
The group object is already registered on DBus at that point, thus wpa_s
structure holds its path already.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:20:17 +03:00
Tomasz Bursztyka
f3734e2377 dbus: Provide the P2P Device Address from the relevant structure
Fixes a minor mistake: the p2p_info structure should be used here
instead of the peer_handler_args one.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:19:37 +03:00
Tomasz Bursztyka
e956b830fc dbus: Fix interface DeviceFound signal specification
DeviceFound does not provide any properties, just the peer object path.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:19:10 +03:00
Tomasz Bursztyka
fc591a771c dbus: Declare GONegotiation signals properly
These signals delivers an array of key/value pairs, thus declaring those
as it should.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-05-16 18:18:39 +03:00
Dmitry Shmidt
b19c098e75 Send authentication failure reason in wpas_auth_failed()
"WRONG_KEY"   - possibly wrong psk
"AUTH_FAILED" - authentication failure
"CONN_FAILED" - continiuos connection failure

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-05-16 18:08:39 +03:00
Eduardo Abinader
5516ed32c5 WPS: Deinit before wpas_p2p_disconnect()
When there is a pending WPS negotiation for P2P and signal interrupt is
triggered, invalid read occurs in wpas_wps_terminate_pending() if
wpas_p2p_disconnect() removed the interface. Inverting deinit order
solves the issue.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-05-16 01:03:44 +03:00
Jouni Malinen
e9eb648e0e P2P: Reject P2P_FIND and P2P_LISTEN on disabled interface
This makes the P2P operations behave more consistently with the SCAN
command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 21:34:32 +03:00
Jouni Malinen
c71c241674 P2P: Clear P2P state if active interface is disabled
The radio works for the interface get removed if interface is disabled.
This could have left P2P module in invalid state if the interface got
disabled during a p2p_find or p2p_listen operation. Clear the state in
such a case to avoid blocking following operations due to P2P module
assuming it is still in progress of doing something.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 21:32:54 +03:00
Jouni Malinen
ad12f2f422 Add DRIVER_EVENT ctrl_iface command for testing purposes
This new command can be used to simulate driver events without having to
go through the driver wrapper or kernel code for this. This enables more
testing coverage with hwsim.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 21:09:48 +03:00
Jouni Malinen
3e66f78914 P2P: Make sure GO start does not miss connect_without_scan
It looks like there was a possible sequence for wpa_s->scan_req to be
MANUAL_SCAN_REQ at the moment a GO is to be started. This could result
in the "Request scan (that will be skipped) to start GO" to actually not
skip the scan and end up stuck waiting for something external to trigger
a scan before the GO could be started. Fix this by clearing
wpa_s->scan_req when deciding to start the GO.

This issue could be hit at least by first enabling autoscan and then
issuing P2P_GROUP_ADD. Other sequences that set wpa_s->scan_req to
MANUAL_SCAN_REQ without going through wpa_supplicant_scan() to clear it
immediately could also have similar effect (and there is even a small
window for the wpa_supplicant_scan() call to happen only after the
P2P_GROUP_ADD command is processed, so this could potentially have
happened even with SCAN + P2P_GROUP_ADD).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-15 16:56:49 +03:00
Rashmi Ramanna
28fa4eb2b2 P2P: Fix scan optimization for GO during persistent group invocation
Commit 41d5ce9e0b was intended to scan for
GO on the negotiated channel for few iterations, but it did not work
correctly due to incorrect operator being used. Fix this by requiring
both conditions to be met for the single channel scan.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-13 15:49:06 +03:00
Edhar, Mahesh Kumar
7b42862ac8 P2P: Validate GO operating channel on channel list changes
On receiving CHANNEL_LIST_CHANGED event from driver, verify that local
GO (if any) is operating in valid frequency. If not, we should remove
the group and reform on valid frequency. Indicate this similarly to the
avoid-frequency notification (i.e., a control interface message for
upper layers to react to this for now; potentially CSA later).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-12 19:43:59 +03:00
Alexandru Costache
fb2ac53df1 Remove leftover timeouts on cleanup
Signed-off-by: Alexandru Costache <alexandru.costache.100@gmail.com>
2014-05-12 19:43:59 +03:00
Dmitry Shmidt
1c330a2fdc Add 'dup_network <id_s> <id_d> <name>' command
This command allows to copy network variable from one network to
another, e.g., to clone the psk field without having to extract it from
wpa_supplicant.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-05-12 19:43:56 +03:00
Hannu Mallat
316f92cd33 dbus: Reorder deauthentication and cleanup calls when removing a network
Valgrind indicates reference to already freed memory if function
wpa_config_remove_network() is called prior to calling
wpa_supplicant_deauthenticate(), and this can lead to a crash.
Inverting the call order fixes the problem.

Signed-off-by: Hannu Mallat <hannu.mallat@jollamobile.com>
2014-05-12 18:05:38 +03:00
Jouni Malinen
cfdb32e88f eapol_test: Check EAP-Key-Name
The new command line argument -e can be used to request the server to
send EAP-Key-Name in Access-Accept. If both the local EAP peer
implementation and server provide the EAP Session-Id, compare those
values and indicate in debug log whether a match was seen.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 21:22:37 +03:00
Jouni Malinen
270c9a43e6 Interworking: Allow FT to be used for connection
This extends Interworking network selection to enable FT-EAP as an
optional key_mgmt value to allow FT to be used instead of hardcoding
WPA2-Enterprise without FT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 16:15:20 +03:00
Eduardo Abinader
81ed4991ae Remove duplicated ibss_rsn_deinit() call
No need to call ibss_rsn_deinit() again since it is already being called
by wpa_supplicant_mark_disassoc().

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-05-10 13:48:34 +03:00
Sunil Dutt
0f1034e388 P2P: Refrain from performing extended listen during P2P connection
Do not perform extended listen period operations when either a P2P
connection is in progress. This makes the connection more robust should
an extended listen timer trigger during such an operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
dd10abccc8 MACsec: wpa_supplicant integration
Add MACsec to the wpa_supplicant build system and configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
7baec808ef MACsec: Add driver_ops
This defines new driver_ops to be used with MACsec.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Hu Wang
0836c04b30 MACsec: Allow EAPOL version 3 to be configured
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Jouni Malinen
2cebdee66d Fix MinGW build
No need to use ENOBUFS within core wpa_supplicant, so just replace it
with -1 to work arounds MinGW build issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 18:59:12 +03:00
Eliad Peller
e4fa8b120b wpa_supplicant: Add Wake-on-WLAN configuration support
Add a new wowlan_triggers option to wpa_supplicant.conf. The triggers in
this key will be used to configure the kernel wowlan configuration.

For now, support only simple flags. More complex triggers can be added
later on.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-04-29 18:59:12 +03:00
Dmitry Shmidt
959214b260 Android: Use extended P2P functionality (ANDROID_P2P) for all vendors
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-04-29 18:59:12 +03:00
Sreenath Sharma
fa258a3df6 HS 2.0 R2: Fix writing of domain_suffix_match cred parameter
This was supposed to end with a newline character so that parameters are
aligned in configuration file.

Signed-off-by: Sreenath Sharma <sreenats@broadcom.com>
2014-04-29 17:25:19 +03:00
Jouni Malinen
0bceb8d6f4 Make dl_list_first() and dl_list_last() uses easier for static analyzers
The previous check for dl_list_len() or having an entry from the list is
sufficient, but some static analyzers cannot figure out that
dl_list_first() and dl_list_last() will return non-NULL in this type of
cases. Avoid invalid reports by explicitly checking for NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
ece88f7697 Make last_scan_res update easier for static analyzers
The check based on last_scan_res_used is sufficient for making sure that
last_scan_res is allocated. However, it is a bit too complex for static
analyzers to notice, so add an explicit check to avoid bogus reports.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:10 +03:00
Jouni Malinen
b7a6702fd4 Indicate disconnection event on interface disabled
It is possible for the disconnection event from the driver to not get
delivered when interface is disabled. To maintain consistent ctrl_iface
event behavior, indicate CTRL-EVENT-DISCONNECTED in such a case if we
were in connected state.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-28 16:54:09 +03:00
Jouni Malinen
b89962b4b9 Fix wpa_config_read() with existing config block
If two config files are merged together, the ssid and cred blocks may
not have been processed correctly since the tail pointers were not
updated to the last entry from the first configuration file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-28 16:54:09 +03:00
Ilan Peer
d0df643735 wpa_supplicant: Call frequency conflict handling during auth
Previously, the frequency conflict was handled only during the
association flow. However, some drivers, e.g., mac80211 based
drivers, will fail an authentication request in case that there
are no available channels for use (as they might be used by
other interfaces), and thus the frequency conflict resolution
is never called.

Fix this by calling frequency conflict resolution during
authentication (SME-in-wpa_supplicant) as well.

In addition, get the shared radio frequency from the wpa_s context in
both the SME-in-driver and SME-in-wpa_supplicant cases and not from the
driver.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-04-24 12:15:32 +03:00
Luciano Coelho
0cf24fdaed scan: Reset normal scan counter when a connection succeeds
The normal scan counter is used to trigger a few normal scans before a
scheduled scan is issued. The reason for doing this is that we get
results faster and some drivers support more SSIDs per normal scan
than during sched scan. After 2 normal scans, we start using
sched_scan. But the problem is that when a connection succeeds, we do
not reset this counter, so we will keep using sched scans.

To fix this, now we reset the counter when we switch to WPA_COMPLETED
state.

Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
2014-04-24 12:15:32 +03:00
Greg Hackmann
9176ec066e Android: Disable unused parameter warnings
This avoids large number of undesired compiler warnings since Android
build system is added -Wextra.

Signed-off-by: Greg Hackmann <ghackmann@google.com>
2014-04-24 12:15:32 +03:00
Naresh Jayaram
13f6a07efc Add SIM identifier to the network profile and cred block
This allows the specific SIM to be identified for authentication
purposes in multi-SIM devices. This SIM number represents the index of
the SIM slot. This SIM number shall be used for the authentication using
the respective SIM for the Wi-Fi connection to the corresponding
network.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-24 12:15:32 +03:00
Jouni Malinen
d41cc8ccf6 Allow HT 40 MHz intolerant flag to be set for association
This extends HT overrides to allow HT 40 MHz intolerant flag to be set
with ht40_intolerant=1.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-17 17:11:17 +03:00
Jouni Malinen
f777fd127f Fix writing of provisioning_sp cred parameter
This was supposed to be within quotation marks in the configuration
file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-16 01:41:38 +03:00
Jouni Malinen
a7ca6dac44 Fix P2P redirection of global ctrl_iface SET command
The previous version prevented all use of wpas_global_ctrl_iface_set().
That's not desirable since there may be more global parameters added in
the future. Instead, try to use the global version first and redirect to
P2P interface only if the global version returns an error.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-15 13:27:23 +03:00
Jouni Malinen
d6b818efe5 Remove SAVE_CONFIG redirect from global control interface
The P2P redirection for SAVE_CONFIG issued on the global control
interface was preventing wpas_global_ctrl_iface_save_config() from being
reached. The global version of SAVE_CONFIG was supposed to try to save
configuration files for all interface rather than just the P2P
management interface, so fix this by removing the unneeded and undesired
redirection.

Modify the global SAVE_CONFIG handler to return FAIL if no configuration
files were saved. This makes the behavior match with the per-interface
SAVE_CONFIG.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-15 13:26:48 +03:00
Jouni Malinen
128cc37558 eap_proxy: Use unique Makefile names for Android and non-Android
Rename the eap_proxy_*.mk file to eap_proxy_*.mak for non-Android builds
so that the same eap_proxy implementation can be more easily included in
the same directory for both cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-15 13:02:25 +03:00
Jouni Malinen
e83e15ee77 P2P: Fix interface remove to terminate all P2P groups
Previously, it was possible to remove the main interface and leave
behind dynamic P2P group interfaces. This would eventually result in
references freed memory, so it is not really suitable behavior. Instesd,
remove all the dynamic P2P group interfaces that were created through an
interface that is now removed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-15 00:20:17 +03:00
quiche@chromium.org
e9b32dae1a Propagate scan failures over D-Bus
If we receive a scan request via D-Bus and wpa_supplicant_scan_trigger
fails, return the failure to the caller over D-Bus.

Signed-hostap: mukesh agrawal <quiche@chromium.org>
2014-04-13 23:43:04 +03:00
Jouni Malinen
142817b2f9 Add a wpa_supplicant ctrl_iface event for regdom changes
CTRL-EVENT-REGDOM-CHANGE event provides an external notification of
regulatory domain (and any driver channel list) changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 16:32:38 +03:00
Jouni Malinen
150fd0b2b5 WPS: Split eapol_cb reconnect to a separate code path
Use eloop timeout to run the reconnect command after eapol_cb has
returned. This reduces stack use and can simplify the driver
command/event sequence by allowing the disconnection events from the
provisioning step to be processed before starting the actual data
connection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 11:47:03 +03:00
Jouni Malinen
ded4f944df WPS: Close p2p_group and temporary parameters to all network blocks
If a P2P GO issues multiple credentials for some reason, clone the
p2p_group and temporary parameters to all those based on the initial
network block that gets used for the first credential.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 11:44:57 +03:00
Jouni Malinen
e74dd0e55b Add forgotten ampdu_factor into wpa_supplicant.conf
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:53 +03:00
Jouni Malinen
759ff2f075 Re-enable use of wildcard SSID with passphrase
This used to work, but it looks like the disabled-PSK-network check
ended up rejecting confiurations that configured a wildcard SSID with a
passphrase (instead of PSK).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:53 +03:00
Jouni Malinen
023b466da4 Fix a debug print to have a space between words
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:52 +03:00
Jouni Malinen
0cd860284c Add CTRL-EVENT-SIGNAL-CHANGE for bgscan signal update events
This allows external programs to monitor driver signal change events
through wpa_supplicant when bgscan is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:52 +03:00
Jouni Malinen
bd8838a387 Fix ctrl_iface BLACKLIST return value
Adding a new entry was returning FAIL on success due to incorrect
assumption of wpa_blacklist_add() returning 0 on success (it returns the
positive blacklist count).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:51 +03:00
Andres Morales
f3ff948753 P2P: Add NFC_HANDOVER commands to p2p_redir list
These commands can be executed on the P2P interface thus should be
redirected to it when issued to the global control interface.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-04-11 19:22:00 +03:00
Fionn Cleary
481e66b1f8 Fix reassociate dbus method
- Reassociate was only working when there was already a connect in
  place, which is not how the REASSOCIATE command from the ctrl
  interface works.

Signed-off-by: Fionn Cleary <fionn.cleary@streamunlimited.com>
2014-04-11 19:22:00 +03:00
Daichi Ueura
2150c33337 wpa_cli: Fix wrong comparison in wpa_cli_cmd_interface
Signed-off-by: Daichi Ueura <daichi.ueura@gmail.com>
2014-04-11 19:22:00 +03:00
Sunil Dutt
8235f89f3f P2P: Mark the scan in p2p_in_invitation as p2p_probe
Mark the scan performed by the P2P Client in search of the GO
during the persistant reinvocation as a p2p_probe to avoid
unnecessary use of 802.11b rates.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-10 19:54:36 +03:00
Amarnath Hullur Subramanyam
38ce8e2709 Android: Add qca-vendor.h to be exported
Add qca-vendor.h along with wpa_ctrl.h to be exported to
common staged location.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-10 16:34:23 +03:00
Jouni Malinen
897a5ccee8 WNM: Remove unnecessary present flag
The structures are all allocated, so the pointer can be compared to NULL
to determine whether the subelement was present.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:34:17 +03:00
Jouni Malinen
f6ce70dc0d WNM: Fix neighbor report subelement formats
Number of of subelements were using incorrect format definition.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:32:28 +03:00
Jouni Malinen
e9cb7b9275 WNM: Fix neighbor report subelement parser to not leak memory
If a subelement is unexpectedly included multiple times, the parser must
not re-allocate memory for the entry without first freeing the old
allocation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:20:24 +03:00
Jouni Malinen
1aa6f953bb WNM: Fix neighbor report subelement parser
Only the Neighbor Report element should be included here, so verify that
the element id matches. In addition, verify that each subelement has
valid length before using the data.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:01:55 +03:00
Jouni Malinen
f8b10c1770 Fix CONFIG_AP=y build without CONFIG_P2P=y
Commit ca9bc5b566 used P2P functionality
from ap.c without proper ifdef CONFIG_P2P.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 13:40:58 +03:00
Jouni Malinen
f05cee9714 P2P: Clear p2p_in_invitation on cancel
Commit 41d5ce9e0b added scan optimizations
for P2P invitation cases. However, it left a path where the invitation
state was not cleared and as such, introduced potential issues for
following scans that ended up getting incorrectly optimized for a single
channel regardless of parameters. Fix this by clearing p2p_in_invitation
more carefully, especially on p2p_cancel command.

p2p_cancel is now also run from the FLUSH command to avoid issues with
hwsim test cases (e.g., persistent_group_per_sta_psk followed by
ap_open_tdls resulted in an error due to p2p_in_invitation remaining set
after FLUSH).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 13:40:58 +03:00
Jouni Malinen
ec331d09a2 WNM: Fix deinit path to clean neighbor report count
wnm_deallocate_memory() left wnm_num_neighbor_report set while freeing
the allocated buffer of neighbor reports. If this function was called
twice in a row without having went through new neighbor report parsing,
invalid pointers could have been freed resulted in segfault.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 13:40:45 +03:00
Jouni Malinen
679f2e7c5f WPS NFC: Remove NFC_RX_HANDOVER_SEL
The newer NFC_REPORT_HANDOVER command is more general version that
handles the cases where NFC_RX_HANDOVER_SEL could potentially have been
used. In addition, with the new WPS NFC design, it is important to
receive the handover request message that was used in the handover in
addition to the select message, so the NFC_RX_HANDOVER_SEL command on
its own would not be sufficient for this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-07 00:56:04 +03:00
Jouni Malinen
dc39004318 WPS: Remove unused WEP related functionality
Now that WPS 2.0 support is enabled unconditionally, WEP and Shared auth
type are not allowed. This made some of the older code unused and that
can now be removed to clean up the implementation. There is still one
place where WEP is allowed for testing purposes: wpa_supplicant as
Registrar trying to configure an AP to use WEP. That is now only allowed
in CONFIG_TESTING_OPTIONS=y builds, though.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 12:31:45 +03:00
Jouni Malinen
9ff4de6de4 Move DROP_SA command to be within ifdef CONFIG_TESTING_OPTIONS
This is a test command and has no use in production builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 23:59:31 +03:00
Jouni Malinen
9a147ba18d WNM: Fix regression in Sleep Mode exit key data parsing
Commit dbfb8e82ff changed the Action frame
RX payload pointer design to point to a different field. WNM Sleep Mode
Response handler updated one of the uses to accommodate this change, but
that commit missed another use for key data length. This resulted in GTK
and IGTK being ignored in many cases when waking up from WNM Sleep Mode
with PMF enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 20:42:13 +03:00
Dmitry Shmidt
204c9ac4ee Extend select_network command with freq= to reduce scan time
This allows a subset of channels to be specified for the scan used to
find the network when the SELECT_NETWORK ctrl_iface command is issued.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-04-04 23:07:17 +03:00
Jouni Malinen
75aea3e704 Interworking: Add writing of forgotten cred parameters into config file
req_conn_capab and required_roaming_consortium parameters were not
written into the cred block when requesting wpa_supplicant to write the
configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-04 22:57:15 +03:00
Jouni Malinen
c880ab87ee Interworking: Add GET_CRED ctrl_iface command
"GET_CRED <id> <field>" can now be used to fetch credential parameters
over the control interface. This does not allow passwords etc. private
material to be retrieved ("*" is returned for those if the value is set
regardless of the value). FAIL is returned if the requested parameter
has not been set. For cred parameters that can have multiple values,
newline separated list of values is returned.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-04 20:13:53 +03:00
Jouni Malinen
1619e9d512 Interworking: Add ctrl_iface events on cred block modifications
Following events are now sent to ctrl_iface monitors to indicate if
credential blocks have been added, modified, or removed:

CRED-ADDED <id>
CRED-MODIFIED <id> <field>
CRED-REMOVE <id>

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-04 19:10:47 +03:00
Pawel Kulakowski
39a5800f7c wpa_supplicant: Allow disabling LDPC
Allows user to disable LDPC coding.
This possibility is useful for testing purpose.

Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
2014-04-01 11:20:48 +03:00
Jean Trivelly
72300408d4 Interworking: Read IMSI if not read at supplicant start
It is required to read IMSI from SIM if it has not already been done
when comparing HS 2.0 AP 3GPP information with the local credentials.

Signed-off-by: Jean Trivelly <jean.trivelly@intel.com>
2014-03-31 23:44:59 +03:00
Jean Trivelly
62f736dd04 Interworking: Init scard when a credential requires SIM access
When an ANQP fetch is triggered and ANQP_3GPP_CELLULAR_NETWORK info is
required, initialize scard to be ready when comparing ANQP and
credentials.

Signed-off-by: Jean Trivelly <jean.trivelly@intel.com>
2014-03-31 23:35:08 +03:00
Jean Trivelly
729897a388 Interworking: Fix incorrect compile PCSC flag
CONFIG_PCSC is used instead of PCSC_FUNCS.

Signed-off-by: Jean Trivelly <jean.trivelly@intel.com>
2014-03-31 23:29:37 +03:00
Avraham Stern
ace0fbdb69 P2P: Fix segfault when PBC overlap is detected
If a separate P2P group interface is used, PBC overlap during group
formation causes the group interface to be removed, which ends up with
the interface context becoming invalid. Fix this by scheduling a timeout
to process the PBC overlap and interface removal instead of removing the
interface directly before the connection operation has returned.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2014-03-28 19:31:26 +02:00
Jouni Malinen
cf15b15cc1 Add writing of network block ocsp parameter
This was forgotten from the per-network ocsp parameter addition. The new
parameter needs to be stored to the configuration file similarly to the
other EAP parameters.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-28 16:56:41 +02:00
Ilan Peer
f1c4dbf5cd wpa_supplicant: Remove pending sme-connect radio work
If a new connection is attempted while there is a pending sme-connection
radio work, cancel the pending radio work and continue with the new
connection attempt. This is preferable over rejecting the new work and
continuing with the pending one, as it is possible that the previous
work is no longer valid.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-03-27 16:45:25 +02:00
Eliad Peller
4f560cdee3 wpa_supplicant: Override HT A-MPDU size if VHT A-MPDU was overridden
According to the standard, if the max A-MPDU VHT cap is <= 3, we
have to adjust the max A-MPDU HT cap to the same value. Otherwise
it should be set to 3.

Take care of it when the max VHT A-MPDU value is overridden.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-03-27 16:45:21 +02:00
Ilan Peer
782e2f785e P2P: Do not initiate scan on P2P Device when enabled
Do not start a scan on a P2P Device interface when processing an
interface enabled event.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-03-27 15:25:12 +02:00
Sunil Dutt
96ecea5eb1 Pass TDLS peer capability information in tdls_mgmt
While framing the TDLS Setup Confirmation frame, the driver needs to
know if the TDLS peer is VHT/HT/WMM capable and thus shall construct the
VHT/HT operation / WMM parameter elements accordingly. Supplicant
determines if the TDLS peer is VHT/HT/WMM capable based on the presence
of the respective IEs in the received TDLS Setup Response frame.

The host driver should not need to parse the received TDLS Response
frame and thus, should be able to rely on the supplicant to indicate
the capability of the peer through additional flags while transmitting
the TDLS Setup Confirmation frame through tdls_mgmt operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-27 15:18:48 +02:00
Dmitry Shmidt
cf28c66bcb HS 2.0: Extend ANQP_GET to accept Hotspot 2.0 subtypes
This allows a single ANQP query to be used to fetch both IEEE 802.11
defined ANQP elements and Hotspot 2.0 vendor specific elements.

ANQP_GET <addr> <info id>[,<info id>]...
[,hs20:<subtype>][...,hs20:<subtype>]

For example:
ANQP_GET 00:11:22:33:44:55:66 258,268,hs20:3,hs20:4

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-25 18:33:21 +02:00
Jouni Malinen
163f801ef2 nl80211: Indicate HS 2.0 OSEN AKM in connect/associate command
This allows drivers that build the WPA/RSN IEs internally to use similar
design for building the OSEN IE.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 18:33:21 +02:00
Jouni Malinen
c201f93a9e WPS: Enable WSC 2.0 support unconditionally
There is not much point in building devices with WPS 1.0 only supported
nowadays. As such, there is not sufficient justification for maintaining
extra complexity for the CONFIG_WPS2 build option either. Remove this by
enabling WSC 2.0 support unconditionally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 18:33:21 +02:00
Sunil Dutt Undekari
91364b7f10 P2P: Set a timeout for a persistent reinvoke on a P2P Client
Use P2P group formation timeout to wait for the 4-way handshake to
complete on a persistent reinvocation on a P2P Client.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 15:38:33 +02:00
Rashmi Ramanna
41d5ce9e0b P2P: Optimize scan for GO during persistent group invocation
Scan for GO on the negotiated operating channel for few iterations
before searching on all the supported channels during persistent group
reinvocation. In addition, use the already known SSID of the group in
the scans. These optimizations reduce group formation time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 15:38:33 +02:00
Jouni Malinen
31ded52e70 SME: Add more debug prints for OBSS scans and 20/40 MHz co-ex report
This makes it easier to debug wpa_supplicant behavior when reporting
20/40 MHz co-ex information based on OBSS scans.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-23 23:56:50 +02:00
Jouni Malinen
7f8eb34dee SME: Fix OBSS scan result processing for 20/40 MHz co-ex report
The 40 MHz intolerant bit needs to be checked before skipping the BSS
based on the channel already being in the lost (which could have
happened due to another BSS that does not indicate 40 MHz intolerant).
This fixed the 20/40 MHz co-ex report to indicate 20 MHz request
properly if there are both 40 MHz tolerant and intolerant BSSes on the
same channel.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-23 23:54:50 +02:00
Dmitry Shmidt
d3c9c35f32 Add freq= parameter to 'set pno' command
This allows channels-to-be-scanned to be specified for PNO similarly to
the scan command.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-21 23:56:46 +02:00
Tomasz Bursztyka
b998236543 dbus: Implement P2P Peers info IEs buffer getter
Since it declares providing such property, let's expose it relevantly.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:49:47 +02:00
Tomasz Bursztyka
c6f356f85b dbus: Export the peer's device address as a property
This could be useful in some cases.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:44:09 +02:00
Tomasz Bursztyka
442adfde3d dbus: Declare properly ServiceDiscoveryRequest method
It does return something: the reference of the request, as an integer,
which can be used then with ServiceDiscoveryCancelRequest to get
canceled.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:36:50 +02:00
Tomasz Bursztyka
890374118f dbus: Cancelling a service request always reply by an error
p2p_sd_cancel_request returns -1 in case of error, so does
wpas_p2p_sd_cancel_request.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:36:49 +02:00
Tomasz Bursztyka
13494c4478 dbus: Remove duplicate signal declaration
ServiceDiscoveryExternal is uselessly declared twice.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-03-21 23:36:49 +02:00
Eduardo Abinader
5eae87a7d6 P2P: Fix GO failed interface init
Whenever an ongoing GO Neg has failed, due to interface init, the P2P
Device should cancel timeouts and issue wpas_p2p_group_formation_failed,
so the other peer detects faster group formation has failed.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-03-21 23:26:16 +02:00
Andrei Otcheretianski
c46235aaf0 wpa_supplicant: Fix radio_remove_interface
Remove pending radio works when an interface is removed from a radio.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-03-21 22:21:37 +02:00
Dmitry Shmidt
2ce7e4fd74 Android: Enable CONFIG_EAP_AKA_PRIME option
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-21 22:21:26 +02:00
Prameela Rani Garnepudi
95bf699f76 Add get_radio_name() driver wrapper for wpa_supplicant
Signed-off-by: Prameela Rani Garnepudi <prameela.g@samsung.com>
2014-03-21 22:20:38 +02:00
Guoqiang Liu
d06ecab344 D-Bus: Make p2p_no_group_iface configurable
Some old device need to set p2p_no_group_iface=1 to set up a P2P
connection, so add a D-Bus interface to configure it.

Signed-off-by: Guoqiang Liu <guoqiang.liu@archermind.com>
2014-03-21 22:17:57 +02:00
Jouni Malinen
1120e45232 Allow config blobs to be set through ctrl_iface
"SET blob <name> <hexdump>" can now be used to set a configuration blob
through the wpa_supplicant control interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 23:51:37 +02:00
Jouni Malinen
6829da39e6 Fix external radio_work deinit path
The radio_work type was stored within the dynamically allocated
wpa_radio_work buffer and that buffer ended up getting freed before the
final use of the type string within radio_work_done(). This resulted in
freed memory being used for a debug print. Avoid this by freeing the
wpa_external_work instance after having completed radio_work_done() for
the related work.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:46 +02:00
Jouni Malinen
8dd9f9cdde Allow management group cipher to be configured
This allows hostapd to set a different management group cipher than the
previously hardcoded default BIP (AES-128-CMAC). The new configuration
file parameter group_mgmt_cipher can be set to BIP-GMAC-128,
BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in
IEEE Std 802.11ac-2013.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:45 +02:00
Manish Bansal
67d39cfb32 P2P: Do not create another group interface on NFC Token enable
If a group interface is present and the command was issued on the group
interface, enable the token for that interface instead of creating a new
one.

Signed-off-by: Manish <manish.bansal@broadcom.com>
2014-03-14 21:58:45 +02:00
Paul Stewart
6aa1cd4e06 wpa_supplicant: Apply VHT_OVERRIDES to wpas_start_assoc_cb()
A previous patch "Support VHT capability overrides" missed one
place where HT overrides were being applied and where it would
also be useful to apply VHT overrides.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2014-03-14 21:50:58 +02:00
Dmitry Shmidt
6e9375e4e1 TDLS: Add get_capability tdls command
Command returns info in format: UNSUPPORTED/INTERNAL/EXTERNAL

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-14 21:40:57 +02:00
Jouni Malinen
9a1a538fa5 wpa_supplicant AP: Allow PMF to be enabled with ieee80211w
The ieee80211w parameter was not previously copied to the hostapd BSS
structure from wpa_supplicant configuration, so PMF was practically
disabled. Allow it to be configured through the wpa_supplicant network
configuration block.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 18:22:25 +02:00
Jouni Malinen
daa70bdf68 Fix CONFIG_NO_SCAN_PROCESSING=y build
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 22:39:11 +02:00
Peter Qiu
0f44ec8eba Add a reattach command for fast reassociate-back-to-same-BSS
Add "reattach" command to perform single-channel single-ssid scan
instead of full scan when trying to reconnect to the currently
"connected" network (assuming old scan results are not current enough to
skip the scan completely). This allows the scan result to come back in
much faster time. In ath9k, the scan took around 12 seconds with full
background scan, and only 0.1 second with the single-channel single-ssid
scan. Thus, take much less time for the client to re-establish
connection with the currently "connected" network.

Signed-hostap: Peter Qiu <zqiu@chromium.org>
2014-03-11 19:38:01 +02:00
Ben Greear
5d0d72a3e5 wpa_supplicant: Put upper bound on initial scan time delay
This makes stations associate much faster when using lots of stations.
In addition, this avoids delaying the initial scan continuously for
dynamic interface removal/addition cases.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2014-03-11 19:23:17 +02:00
Alexander Bondar
5e3ddf4d23 PNO: Change sched_scan_stopped event to handle pending PNO properly
When a sched_scan_stopped event is received and there is a pending PNO,
it used regular scheduled scan parameters instead of PNO specific
parameters. Change it by calling wpas_start_pno().

Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-03-11 19:15:48 +02:00
Alexander Bondar
737e7a08b0 PNO: Move and rename pno_start()/pno_stop()
Move pno_start() and pno_stop() to scan.c as a more relevant location
and rename them to wpas_start_pno()/wpas_stop_pno().

Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-03-11 19:12:57 +02:00
Jouni Malinen
09eef142ea Use internal FIPS 186-2 PRF if needed
Previously, EAP-SIM/AKA/AKA' did not work with number of crypto
libraries (GnuTLS, CryptoAPI, NSS) since the required FIPS 186-2 PRF
function was not implemented. This resulted in somewhat confusing error
messages since the placeholder functions were silently returning an
error. Fix this by using the internal implementation of FIP 186-2 PRF
(including internal SHA-1 implementation) with crypto libraries that do
not implement this in case EAP-SIM/AKA/AKA' is included in the build.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-11 16:44:22 +02:00
Jouni Malinen
60b893dfb3 wpa_supplicant: Allow external management frame processing for testing
This enables more convenient protocol testing of AP and P2P
functionality in various error cases and unexpected sequences without
having to implement each test scenario within wpa_supplicant.
ext_mgmt_frame_handle parameter can be set to 1 to move all management
frame processing into an external program through control interface
events (MGMT-RX and MGMT-TX-STATUS) and command (MGMT_TX). This is
similar to the test interface that was added to hostapd previously, but
allows more control on offchannel operations and more direct integration
with the internal P2P module.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-08 20:21:21 +02:00
Ilan Peer
c16a7590cf wpa_supplicant: Add a configuration file for the P2P_DEVICE parameters
Add an option to specify a configuration file that can be used to hold
the P2P_DEVICE configuration parameters. If this option is not used, the
P2P_DEVICE configuration parameters will be read from interface
configuration file.

Note that it is advised to use this option in some cases such as:

If a P2P_DEVICE is supported by the driver, the wpa_supplicant creates a
dedicated P2P Device interface, where the configuration file used for
the main interface is used. As a consequence, if the configuration file
includes network definition etc., the wpa_supplicant will try to perform
station specific flows on the P2P Device interface which will fail.

If a P2P_DEVICE is supported by the driver and update_config is used,
the P2P Device configuration data will override the main interface
configuration data.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2014-03-07 00:11:04 +02:00
Jouni Malinen
8f05577d11 Configure beacon interval for IBSS command
wpa_supplicant already allowed beacon interval to be configured for AP
mode operations, but this was not passed to the driver for IBSS even
though the same parameter can used for that case. Add this for the
nl80211 driver interface to allow beacon interval to be controlled for
IBSS as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-06 23:09:20 +02:00
Moshe Benji
354c903f8e AP/GO interface teardown optimization
This commit adds an option to optimize AP teardown by leaving the
deletion of keys (including group keys) and stations to the driver.

This optimization option should be used if the driver supports stations
and keys removal when stopping an AP.

For example, the optimization option will always be used for cfg80211
drivers since cfg80211 shall always remove stations and keys when
stopping an AP (in order to support cases where the AP is disabled
without the knowledge of wpa_supplicant/hostapd).

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
2014-03-05 23:57:02 +02:00
Eliad Peller
3a94adbf42 P2P: Do not start scan for P2P Device interfaces at driver init
wpa_supplicant started delayed sched scan also on P2P Device interfaces,
resulting in erroneous scans and connection attempts. Skip that on
driver init when the interface is dedicated only for P2P management
purposes.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-03-04 22:34:00 +02:00
David Spinadel
aa10983004 P2P: Do not initialize bgscan on P2P interfaces
As a P2P group has a unique SSID and one security domain, it does
not make sense to enable background scanning for roaming purposes.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2014-03-04 22:32:24 +02:00
Alexander Bondar
54ac5aa271 config: Add bgscan option when saving global configuration
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
2014-03-04 22:27:39 +02:00
David Spinadel
268043d55f bgscan: Do not initialize bgscan if disabled by user
Do not initialize bgscan if the user explicitly set bgscan to an empty
string. Without this patch wpa_supplicant tries to initialize bgscan to
the first option if the string is empty.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2014-03-04 22:26:19 +02:00
Beni Lev
adef89480d nl80211: Add vendor command support
Add a callback to the driver interface that allows vendor specific
commands to be sent. In addition, a control interface command is added
to expose this new interface outside wpa_supplicant:

Vendor command's format:
VENDOR <vendor id> <sub command id> [<hex formatted data>]

The 3rd argument will be converted to binary data and then passed as
argument to the sub command.

This interface is driver independent, but for now, this is only
implemented for the nl80211 driver interface using the cfg80211 vendor
commands.

Signed-off-by: Beni Lev <beni.lev@intel.com>
2014-03-04 22:24:20 +02:00
Jouni Malinen
508e24c20b dbus: Clean up error reporting for TDLS peer address parsing
Passing a pointer to an error reply message is not very robust since
memory allocation could fail even for that error message. Instead, use a
separate error value as the return value from get_peer_hwaddr_helper()
and return a pointer to the error message through a pointer-to-pointer
so that the error case will always be clear.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
a7c37d92d2 dbus: Remove duplicated variable assignment
This gets rid of a static analyzer warning.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
ea3b8c1d2d Do not use a separate variable for tracking first entry in a list
The pos pointer can be compared to the start of the buffer pointer to
determine whether the entry is the first one in the list. This gets rid
of some static analyzer warnings about unused variable writes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
6ed626df40 Remove unused gid_str pointer update
The group name is not used on these paths, so just remove it from the
directory name without updating gid_str to point to the unused group
name.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
67adcd266c WNM: Check wpa_s->current_bss more consistently
The scan result comparison routine would not make much sense without
current BSS level known, so return from the function without going
through the iteration that could have dereferenced the pointer if
wpa_s->current_bss == NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
2af4d87fc3 GAS: Fix additional comeback delay with status code 95
The special case of non-zero status code used in a GAS Comeback Response
frame to indicate that additional delay is needed before the response is
available was not working properly. This case needs to allow the status
code check to be bypassed for the comeback case prior to having received
any response data.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-01 17:06:20 +02:00
Jouni Malinen
07d462c7b7 Interworking: Remove unused password setting for SIM credential
The simulated SIM/USIM case uses a separate milenage cred parameter, so
this cred password parameter was unused for this credential type.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-01 17:06:20 +02:00
Jouni Malinen
3141b82c16 Add OSEN to proto config field writer
This was forgotten from the OSEN addition where it was parsed, but not
written to a network block.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-01 10:49:18 +02:00
Jouni Malinen
06c7b7f0b5 HS 2.0R2: Fix temporary network disabling in Deauth Req case
Commits 7ef6947993 and
533536d82a added this temporarily
disabling case, but those commits were merged in without having been
converted to the new os_reltime design used for ssid->disabled_until.
Consequently, they ended up disabling the network for 44 years or so too
long time (depending on what values the relative timestamp had
accummulated so far). Fix this by using relative timestamps
consistently.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-28 00:29:34 +02:00
Jouni Malinen
b7fb98f072 Interworking: Fix already-connected check to verify network priority
Commit d28f4e44f1 optimized Interworking
network selection in a case where the operation is run while already
connected to the selected network by skipping the reconnection. However,
this did not take into account that a higher priority network may have
shown up in the new scan results.

Fix this by checking whether network selection based on the latest scan
results (the ones from the interworking_select operation) would result
in a network with higher priority being selected. If so, skip the
optimization and force normal network connection (which will select this
newly found higher priority network). This fixes cases where a
non-Hotspot 2.0 network with higher priority (e.g., home network) shows
up while connected to a Hotspot 2.0 network with lower priority.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-27 14:06:23 +02:00
Jouni Malinen
7c373ac267 Interworking: Fix last-network preference to not override priority
Commit 3d910ef497 tried to make
last-network selection behave more consistently with Interworking
network selection preferences. However, it did not take into account
that other network block may have higher priority. In such cases, the
last added network from Interworking network selection should actually
not be selected for the next connection. Fix this by limiting the
last-network preference to work only within a priority class.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-27 13:47:23 +02:00
Jouni Malinen
f54e92433e HS 2.0R2: Fix req_conn_capab example
Protocol field needs to be separated properly from te port number list.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-27 00:43:58 +02:00
Jouni Malinen
a6739e191e HS 2.0R2: Try to scan multiple times for OSU providers
Scan operation is not that reliable, so try couple of times if no
OSU provider matches are found during fetch_osu command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
cf6d08a63f Interworking: Add OCSP parameter to the cred block
This new parameter can be used to configure credentials to mandate use
of OCSP stapling for AAA server authentication.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
6402f2fe40 Interworking: Add more debug info on roaming partner preferences
This can be useful in debugging selection of roaming partner preference.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
74794891c7 Interworking: Add sp_priority cred parameter
This new priority parameter can be used to specify priorities between
credentials provisioned by the same SP. cred->priority is checked first
and if it is same and the provisioning_sp parameter matches, the new
sp_priority is used to order the credentials. It should be noted that
the order of priorities is different (higher 'priority' value indicates
higher priority of the credential, while higher 'sp_priority' indicates
lower priority of the credential).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
751ac99768 Interworking: Use a helper function to compare cred priority
This makes it easier to extend credential priority comparison beyond a
single priority variable.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
aff419f56a Interworking: Remove separate credential priority tracking
There is no need to keep the separate local variable for tracking the
highest selected priority since we track a pointer to the selected
credential with that information.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
533536d82a HS 2.0R2: Disable full ESS for as a workaround for per-BSS issues
For now, disable full ESS since some drivers may not support disabling
per BSS.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
8a77f1be86 HS 2.0R2: Slow down connection attempts on EAP failures
This is needed to limit the number of consecutive authentication
attempts to no more than 10 within a 10-minute interval to avoid
unnecessary load on the authentication server. In addition, use a random
component in the delay to avoid multiple stations hitting the same
timing in case of simultaneous disconnection from the network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
76a55a8e12 HS 2.0R2: Add more debug to network selection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
8b4b9fb384 HS 2.0R2: Fix bandwidth policy BSS selection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
28f2a7c407 HS 2.0R2: Allow excluded network to be selected based on user override
Move excluded SSID filtering step to the end of credential validation
process and return list of BSSes that would otherwise have matching
credentials, but have an excluded SSID. Automatic network selection will
not select such a network, but interworking_connect command can be used
to pick excluded networks.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
33fb8c526c HS 2.0R2: Add support for Policy/RequiredProtoPortTuple
The new credential parameter req_conn_capab can be used to specify
restrictions on roaming networks providing connectivity for a set of
protocols/ports.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
a45b2dc5dc HS 2.0R2: Add support for Policy/MaximumBSSLoadValue
The new credential parameter max_bss_load can be used to specify
restrictions on BSS Load in the home network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
4cad9df15a HS 2.0R2: Add support for Policy/MinBackhaulThreshold
The new credential parameters min_{dl,ul}_bandwidth_{home,roaming} can
be used to specify restrictions on available backhaul bandwidth.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
aa26ba68b4 HS 2.0R2: Add tracking of provisioning SP
The new provisioning_sp cred field can now be used to track which SP
provisioned the credential. This makes it easier to find the matching
PPS MO from the management tree (./Wi-Fi/<provisioning_sp>).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
8e5fdfabf6 HS 2.0R2: Add WFA server-only EAP-TLS peer method
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
df0f01d91f HS 2.0R2: Add OSEN client implementation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
a5d75636f9 HS 2.0R2: Add common OSEN definitions
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
230e373539 HS 2.0R2: Add GAS operation duration statistics into debug
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
b572df8650 HS 2.0R2: Add routine for fetching OSU provider information
The new wpa_cli fetch_osu command can be used to fetch information about
all OSU providers and write that to a text file with the icons in
separate files. cancel_osu_fetch command can be used to stop ongoing OSU
provider list fetch.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
1d2215fc67 HS 2.0R2: Add OSU Providers list ANQP element
wpa_supplicant can now request OSU Providers list with "hs20_anqp_get
<BSSID> 8".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
184e110caf HS 2.0R2: Add Icon Request and Icon binary File ANQP elements
wpa_supplicant can request OSU icon data with "hs20_icon_request <BSSID>
<icon filename>". This transmits an Icon Request ANQP element and
processes the response in Icon Binary File ANQP elements.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
7ef6947993 HS 2.0R2: Add STA support for Deauthentication Request notification
If requested, disable the network based on the HS 2.0 deauthentication
request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
95a3ea9426 HS 2.0R2: Add WNM-Notification Request for Subscription Remediation
Subscription remediation notification WNM-Notification Request is now
shown in the following way in wpa_supplicant control interface:
<3>HS20-SUBSCRIPTION-REMEDIATION http://example.com/foo/

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
f9cd147d6b HS 2.0R2: Update Indication element to Release 2
The HS 2.0 Indication element from wpa_supplicant now includes the
release number field and wpa_supplicant shows the release number of the
AP in STATUS command (hs20=1 replaced with hs20=<release>).

The new update_identifier field in the cred block can now be used to
configure the PPS MO ID so that wpa_supplicant adds it to the Indication
element in Association Request frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
bc00053c9d Interworking: Allow roaming partner configuration
The new roaming_partner parameter within a cred block can be used to
configure priorities for roaming partners.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
2c49d04cdb Do not clear global pmf setting on FLUSH
This parameter was actually used in some testing cases in a way that did
not really work well with the FLUSH command ending up disabling PMF.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
eef7235da1 Only try fast reconnect if network is not disabled
Previously, it would have been possible for the network to be marked
disabled and that marking to be ignored if a recoverable disconnection
reason event were processed. Avoid this by verifying network status
before trying to reconenct back to the same BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 23:52:09 +02:00
Jouni Malinen
3d910ef497 Interworking: Prefer last added network during network selection
Previously, any network block could be used to select the BSS to connect
to when processing scan results after Interworking network selection.
This can result in somewhat unexpected network selection in cases where
credential preferences indicated that a specific network was selected,
but another network ended up getting used for the connection. While the
older networks continue to be valid, add special processing for this
initial post-interworking-connect case to get more consistent network
selection to match with the Interworking network selection result.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 22:37:57 +02:00
Jouni Malinen
da60d9c1ca tests: Add module tests for blacklist to complete coverage
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 20:16:28 +02:00
Jouni Malinen
2a33687ec7 P2P: Remove unnecessary ifdef CONFIG_NO_CONFIG_WRITE
wpa_config_write() is defined as a dummy function even if actual
operation to write the configuration file are commented out from the
build. This cleans up the code a bit and removed a compiler warning on
set-only variable.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 19:31:16 +02:00
Purushottam Kushwaha
050d8b5cc7 Fix documentation for wpa_supplicant_global_ctrl_iface_process()
This fixes a copy-paste error in the function name in
wpa_supplicant_global_ctrl_iface_process() documentation.

Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
2014-02-25 16:53:57 +02:00
Janusz Dziedzic
4db216fcf7 wpa_supplicant: Add support for IPv6 with UDP ctrl_iface
Add IPv6 support when using udp/udp-remote control interface using the
following new build configuration options:

CONFIG_CTRL_IFACE=udp6
CONFIG_CTRL_IFACE=udp6-remote

This is useful for testing, while we don't need to assign IPv4 address
(static or using DHCP) and can just use auto configured IPv6 addresses
(link local, which is based on the MAC address). Also add scope id
support for link local case.

For example,
./wpa_cli
./wpa_cli -i ::1,9877
./wpa_cli -i fe80::203:7fff:fe05:69%wlan0,9877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-02-25 16:43:01 +02:00
Jouni Malinen
f0e30c8410 Do not start another connect work while one is pending
It was possible for the connect or sme-connect radio work to get
re-scheduled while an earlier request was still pending, e.g.,
select_network is issued at the moment a scan radio work is in progress
and the old scan results are recent enough for starting the connection.
This could result in unexpected attempt to re-associate immediately
after completing the first connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-24 15:22:35 +02:00
Jouni Malinen
3cdcb3a4b3 tests: Add module tests for WPS attribute parsing
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-21 13:41:30 +02:00
Jouni Malinen
ea449b5bfe tests: Add a module test integration to hwsim tests
CONFIG_MODULE_TESTS=y build option can now be used to build in module
tests into hostapd and wpa_supplicant binaries. These test cases will be
used to get better testing coverage for various details that are
difficult to test otherwise through the control interface control. A
single control interface command is used to executed these tests within
the hwsim test framework. This commit adds just the new mechanism, but no
module tests are yet integrated into this mechanism.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-21 13:08:08 +02:00
Jouni Malinen
211d7ab3d8 P2P: Add even more debug prints for Probe Request in non-Listen state
It looks like discovery_dev_id test case can still fail and based on the
previously added debug prints, this is happening since the P2P module
believes it is not in Listen state even when a P2P_LISTEN was issued.
p2p_listen_cb() did not get called on remain-on-channel event for some
reason, so lets add more debug to find out why this can happen.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-20 16:59:29 +02:00
Roger Zanoni
848905b12a Avoid undefined references with CONFIG_WPA_TRACE_BFD=y
libdl, libiberty, and libzlib are dependencies for libbfd.

Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
2014-02-20 16:32:26 +02:00
Jithu Jance
f667e031c9 P2P: Address few issues seen with P2P SD
Suppose we have multiple peers and we have peers advertising SD
capability, but no services registered for advertising. In this case,
even if there are multiple broadcast queries set, we might end up
sending only the lastly added broadcast query to the same device (since
SD_INFO won't get set for the first broadcast query). Add support for
multiple wildcard queries to be tracked to enable this type of use
case.

Some times it is seen that before advancing to next device in the list,
the scan results come and update SD_SCHEDULE flag. This will result in
sending the already sent query to the same device without giving chance
to other devices. This issue again is seen with peer devices advertising
SD capability without any services registered.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-02-20 16:32:12 +02:00
Dmitry Shmidt
e9a6f18385 TLS: Add tls_disable_tlsv1_1 and tls_disable_tlsv1_2 phase1 params
These can be used to disable TLSv1.1 and TLSv1.2 as a workaround for AAA
servers that have issues interoperating with newer TLS versions.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-02-20 15:28:57 +02:00
Dmitry Shmidt
ac494fcce4 Android: Use external libnl 2.0 dynamic library
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-02-19 14:10:12 +02:00
Roger Zanoni
b7cac41254 Fix hostapd and wpa_supplicant build with binutils >= 2.24.x
Using binutils >= 2.24.x and setting
CONFIG_WPA_TRACE/CONFIG_WPA_TRACE_BDF causes both builds to fail with
"#error config.h must be included before this header" message.

Since version 2.24.x, the bfd header checks for PACKAGE and
PACKAGE_VERSION macros.

As suggested in http://sourceware.org/bugzilla/show_bug.cgi?id=14243
projects that use bfd and don't use autotools should define a PACKAGE
macro.

Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
2014-02-19 14:10:12 +02:00
Jouni Malinen
94a3df500f P2P: Enable U-APSD support on GO automatically
Since P2P specification mandates P2P GO to support WMM-PS with legacy
STAs, enable this automatically if the driver indicates support for
U-APSD in AP mode. The "P2P_SET go_apsd 0" command can still be used to
disable this if needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-17 13:15:29 +02:00
Andrei Otcheretianski
b3253ebb73 wpa_supplicant: Complete radio works on disable event
While testing rfkill blocking of a scanning interface, it
was seen that the ongoing scan never completes. This happens
since EVENT_SCAN_RESULTS is discarded on a disabled interface.

Fix this and also other possible radio work completion issues
by removing all the radio works (including started) of the
disabled interface.

To be able to remove already started radio works, make their
callbacks be reentrant with deinit flag (when the work
is started), so each radio work should be able to handle
its own termination.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-02-16 00:06:23 +02:00
Jouni Malinen
2dff9e87b9 Remove unused NFC_RX_HANDOVER_REQ
The more generic NFC_REPORT_HANDOVER is now used to report completed NFC
connection handover operations in either role and NFC_RX_HANDOVER_REQ
did not have any implementation within wpa_supplicant.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 11:22:26 +02:00
Jouni Malinen
7ae7a84eef NFC: Workaround nfcpy message debug exception
The current nfcpy version does not support new WSC connection handover
message format and the handover server fails to process the request due
to a debug print. As a temporary workaround, override
HandoverServer::_process_request() with a version that avoids pretty()
print of the handover messages. This can be removed once nfcpy has been
updated to support the new format.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-13 16:37:43 +02:00
Max Stepanov
cbf21c7cb5 P2P: Avoid compiler warning in p2p_supplicant.c
Initialize flag variable explicitly to avoid [-Wmaybeuninitialized]
compiler warning in wpas_p2p_verify_channel().

Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
2014-02-13 15:46:37 +02:00
Eytan Lifshitz
5e6aa04b09 wpa_supplicant: Fix memory leak in wfd_subelems error path
Memory allocated by calling function ieee802_11_vendor_ie_concat()
was not freed on an error path int ctrl_iface BSS command.

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
2014-02-13 15:41:15 +02:00
Jouni Malinen
88853aedf6 Fix CONFIG_WPS_NFC=y build without CONFIG_P2P=y
Some of the control interface operations for P2P were not properly
protected with #ifdef CONFIG_P2P.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-13 15:29:09 +02:00
Dmitry Shmidt
7ac7fd43aa Add bssid/freq hint for driver-based BSS selection
This uses the new nl80211 attributes to allow the connect command to
provide bssid and freq hints to the driver without limiting roaming to
the specific BSS/frequency. This can be used by drivers that perform
internal BSS selection (WPA_DRIVER_FLAGS_BSS_SELECTION) as a candidate
for initial association.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-02-13 15:14:18 +02:00
Jouni Malinen
d6bfaaac69 NFC: Add summary and success file options for nfcpy scripts
These can be used to get updates on NFC operation status and success for
external programs.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-12 16:44:05 +02:00
Jouni Malinen
25cfc6f11e P2P NFC: Add p2p-nfc.py --handover-only option
p2p-nfc.py allowed an NFC Tag to be read and reported to wpa_supplicant
even in cases where it was explicitly asked to initiate negotiated
connection handover and return after completing this operation. The new
command line argument can be used to disable NFC Tag read operations
when a negotiated connection handover is expected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-12 12:45:07 +02:00
Jouni Malinen
7bea076458 P2P NFC: Clean up p2p-nfc.py error handling
If wpa_supplicant reports a failure when trying to generate a handover
request, detect that before trying to decode the response as a hex
string.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-11 19:33:43 +02:00
Mahesh A Saptasagar
062a7c0d67 Fix persistent P2P connection failure in case channel list changes
P2P persistent connection may fail due to 802.11d channel change event
invalidating support of the operating frequency sent in the invitation
request, before receiving the invitation response. If the operating
frequency is invalid at the time the invitation response is processed
and there is no forced frequency provided by user, allow frequency
re-selection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-07 15:44:41 +02:00
Dmitry Shmidt
0547124d47 wpa_supplicant: Add DFS indicator to get_capability freq
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-02-06 16:13:10 +02:00
Jouni Malinen
bab6677a31 Handle Wi-Fi Display commands more carefully if P2P is disabled
If P2P was disabled (e.g., due to driver not supporting it or through
p2p_disabled=1 configuration), setting Wi-Fi Display parameters could
result in segmentation fault when the WFD IE is updated without the P2P
module being initialized. Fix this by skipping the update if P2P module
is not in use. In addition, show Wi-Fi Display as disabled in "GET
wifi_display" and refuse to enable it with "SET wifi_display 1" if P2P
is not enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-06 16:03:42 +02:00
Jouni Malinen
94ff22ea08 Remove dead code from AP setup
wpa_supplicant_create_ap() is only called for AP mode, so there is no
point in trying to address station (infra/IBSS) modes.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-04 13:23:35 +02:00
Jouni Malinen
0b5ff2ae12 WPS: Remove unused Credential AP Channel processing
Commit bd3a373767 added a mechanism to use
AP Channel attribute from within a Credential attribute to optimize
scans. However, this design is not actually used with the WPS NFC use
cases. With configuration token, the AP Channel attribute is in the same
container with the Credential attribute (and that was also handled in
the previous implementation). With connection handover, AP Channel
information is outside the Credential attribute as well.

Simplify implementation by removing the AP Channel within Credential
case. This allows wpas_wps_use_cred() to get the AP Channel from the
container instead of having to find this during credential iteration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-04 13:23:35 +02:00
Jouni Malinen
44f967c729 Update ChangeLog files to match current implementation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-04 13:23:35 +02:00
Prashanth Kumar
1b56d398a7 wpa_supplicant: Fix misplaced os_free
os_free has wfd_dev_info_hex as an argument which is defined within
CONFIG_NO_STDOUT_DEBUG

Signed-hostap: Prashanth Kumar <prashanthkumar.kr@globaledgesoft.com>
2014-02-03 19:35:09 +02:00
Jouni Malinen
d950477913 Fix authentication algorithm negotiation in SME code
Commit 6ac4b15ef8 (wpa_radio work for
connection) caused a regression for cases where multiple auth_alg values
are set in a network block and wpa_supplicant-based SME is supposed to
iterate through them. The connection radio work was not terminated when
receiving authentication failure and this resulted in the following
authentication attempt failing.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-03 19:34:33 +02:00
Eytan Lifshitz
04c366cb1d Fix memory leaks and wrong memory access
1. In wpa_config_process_bgscan() fix memory leak after
   calling wpa_config_parse_string()
2. In hostapd_config_defaults(), on failure to allocate bss->radius,
   conf->bss was not freed.
3. In p2p_deauth_nofif(), memory allocated in p2p_parse_ies() was not
   freed in case of NULL minor_reason_code.
4. In p2p_disassoc_nofif(), memory allocated in p2p_parse_ies() was
   not freed in case of NULL minor_reason_code.
5. In p2p_process_go_neg_conf(), memory allocated was not freed in
   case that the P2P Device interface was not waiting for a
   GO Negotiation Confirm.
6. In wpa_set_pkcs11_engine_and_module_path(), the wrong pointer was
   checked.

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
2014-01-30 14:01:31 +02:00
Eytan Lifshitz
fd67275b85 wpa_supplicant: Fix wrong size memory allocation
Fix memory allocation in wpa_scan_clone_params(), where the
allocation request used the size of a pointer rather than the
size of the structure.

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
2014-01-30 13:59:29 +02:00
Naresh Jayaram
4701f379f0 wpa_cli: Add tdls_external_control to tab completion for SET
This global configuration parameter was added in commit
800d58721c but the tab completion list for
the wpa_cli SET command in interactive mode was not updated.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-30 13:10:29 +02:00
Jouni Malinen
2e98839243 P2P: Disable DNS server from dnsmasq
This avoids issues with multiple instances of dnsmasq running, e.g.,
with one on eth0 and the other one for the P2P group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:14 +02:00
Jouni Malinen
c07f2615a0 P2P NFC: Add script for connection handover with nfcpy
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:14 +02:00
Jouni Malinen
12288d848c WPS NFC: Protect nfcpy pretty print calls against exceptions
nfcpy does not yet support all the new message formats, so some of the
pretty() calls can result in exceptions.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:14 +02:00
Jouni Malinen
c209dd1108 WPS NFC: nfcpy script to use new connection handover design
Fetch a carrier record from wpa_supplicant instead of full handover
request. This makes it easier for external programs to build handover
request messages with multiple alternative carriers.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:14 +02:00
Jouni Malinen
6202500f6f WPS NFC: Logging level configuration to wps-nfc.py and wps-ap-nfc.py
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:13 +02:00
Jouni Malinen
1f1b5b31d7 WPS NFC: Clean up nfcpy script no-wait operations
This allows the scripts to terminate at proper point with --no-wait.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:13 +02:00
Jouni Malinen
79ede5a7e6 WPS NFC: Validate ctrl_iface response before decoding it
If the operation fails for any reason ("FAIL" response), it is cleaner
to return error clearly instead of hitting an exception in the hex
decoder.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:13 +02:00
Jouni Malinen
ab1db08c05 WPS NFC: Use argparse in the nfcpy scripts
This cleans up command line parsing and simplifies the commands.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:13 +02:00
Jouni Malinen
6f8fa6e552 WPS NFC: Update wps-nfc.py and wps-ap-nfc.py to use new nfcpy API
This moves many of the peer discovery operations into the core nfcpy.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:13 +02:00
Jouni Malinen
b56f6c8869 P2P NFC: Add support for freq option in NFC ctrl_iface commands
This can be used to force an operating channel for P2P group formation
triggered by NFC operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
91a65018d8 WPS NFC: Use BSSID and AP Channel from handover select
These optional attributes, if present, can be used to speed up the
initial connection by using a single channel scan.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
91226e0d12 WPS: Add testing option to corrupt public key hash
If CONFIG_WPS_TESTING=y is enabled in build configuration, the new
wps_corrupt_pkhash parameter (similar to wps_testing_dummy_cred) can be
used to request public key hash to be corrupted in all generated OOB
Device Password attributes. This can be used for testing purposes to
validate public key hash validation steps.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
73127764fe WPS NFC: add more debug prints for connection handover report
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
5cd4f66095 WPS NFC: Use AP Channel information from credential container
This allows NFC Configuration Token to indicate the current AP operating
channel, so that a single channel scan can be used to speed up the
initial connection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
5cd4740580 P2P NFC: WPA state machine config with driver-based BSS selection
wpa_s->current_bss was updated too late for the
wpa_supplicant_rsn_supp_set_config() call within
wpa_supplicant_select_config(). Re-order code so that current_bss gets
updated between current_ssid update and this call to set the WPA state
machine configuration, so that the new code that determines whether the
current GO support the new IP address assignment mechanism works.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
8e9f53c367 P2P NFC: Static handover with NFC Tag on client
This adds a new P2P Invitation mechanism to invite a P2P Device with an
NFC Tag to an already operating group when the GO with NFC Device reads
the NFC Tag. The P2P Device with the NFC Tag will then accept invitation
and connect to the group automatically using its OOB Device Password.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
dd87677115 P2P NFC: Enable own NFC Tag on GO Registrar
When "P2P_SET nfc_tag 1" is used to enable the own NFC Tag for P2P, also
enable it for any running GO interface.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
abe44e3ca2 P2P NFC: Add GO info into handover message when in client role
P2P Group ID can optionally be included in the connection handover
messages when acting as a P2P Client in a group. Add this information
and show it in the P2P-NFC-PEER-CLIENT event message.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
23318bea94 P2P NFC: Optimize join-a-group operation based on NFC information
When the NFC connection handover message received from a peer indicates
that the peer is operating as a GO on a specific channel, use that
information to avoid having to go through full scan. In addition, skip
the separate join-a-group scan since we already know the operating
channel, GO P2P Device Address, and SSID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
86e320819c P2P NFC: Copy DH parameters to a separate group interface
The DH public and private key needs to be copied for the separate group
interface if that is used for a P2P group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
d4b4d7fe3c WPS NFC: Update DH keys for ER operations
Since wpa_s->conf->wps_nfc_dh_* parameters can be set in number of code
paths, update the wps_context copy of the DH keys even if no new keys
were generated for the request. This tries to avoid some cases where
public key hash may not have matched the public key used in the ER
operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
59b45d1afe P2P NFC: Add processing of P2P client while NFC handover case
Instead of automatically triggering a connection, provide an indication
of one of the devices being a P2P client to upper layers to allow user
to determine what to do next.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
74df9ecd4a P2P NFC: Do not try to join peer if both devices are already GO
Send a P2P-NFC-BOTH-GO event to upper layers to determine what to
do in case both devices going through NFC connection handover are
already operating as a GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
201b0f5fa6 P2P: Add test option to disable IP address assignment request
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
25ef8529c1 P2P: Add support for IP address assignment in 4-way handshake
This new mechanism allows P2P Client to request an IPv4 address from the
GO as part of the 4-way handshake to avoid use of DHCP exchange after
4-way handshake. If the new mechanism is used, the assigned IP address
is shown in the P2P-GROUP-STARTED event on the client side with
following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP
address is included in the AP-STA-CONNECTED event on the GO side as a
new ip_addr parameter. The IP address is valid for the duration of the
association.

The IP address pool for this new mechanism is configured as global
wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask,
ip_addr_star, ip_addr_end. For example:

ip_addr_go=192.168.42.1
ip_addr_mask=255.255.255.0
ip_addr_start=192.168.42.2
ip_addr_end=192.168.42.100

DHCP mechanism is expected to be enabled at the same time to support P2P
Devices that do not use the new mechanism. The easiest way of managing
the IP addresses is by splitting the IP address range into two parts and
assign a separate range for wpa_supplicant and DHCP server.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:26 +02:00
Jouni Malinen
c4f87a701b P2P NFC: Add NFC tag enabling for static handover
The device with the NFC Tag can be configured to enable NFC to be used
with "P2P_SET nfc_tag 1" and "P2P_LISTEN" commands to allow static
handover to be used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
dd37a93884 P2P NFC: Report handover select from tag for static handover
WPS_NFC_TAG_READ can be used to report static connection handover where
the connection handover select message was read from an NFC tag.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
db6ae69e6b P2P NFC: Report connection handover as trigger for P2P
"NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to
report completed NFC negotiated connection handover in which the P2P
alternative carrier was selected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
9358878055 P2P NFC: Build connection handover messages
"NFC_GET_HANDOVER_{REQ,SEL} NDEF P2P-CR" can now be used to build P2P
alternative carrier record for NFC connection handover request/select
messages.

Static connection handover case can be enabled by configuring the DH
parameters (either with wps_nfc_* configuration parameters or with
WPS_NFC_TOKEN command at run time. The NFC Tag contents can be generated
with "NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG" after having configured
Listen channel (p2p_listen_reg_class/p2p_listen_channel).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
ab9e34426f P2P NFC: Pass OOB Device Password ID to P2P
GO Negotiation needs to know which OOB Device Password ID is assigned
for the peer when NFC is used as the trigger.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
50d1f8901c NFC: Update WPS ER to use the new connection handover design
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
d95079361b WPS NFC: Add support for wpa_supplicant AP/GO mode to use handover
New functionality is needed for this with the update NFC connection
handover design that depends on the AP side using the public key hash
from the handover request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
fa4c2988ae WPS NFC: Process new style handover select
The new WPS connection handover select includes Registrar public key
hash instead of credential. Use the new information to start
abbreviated WPS handshake instead of configuring a new network directly
from the old Credential-from-NFC design.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
41f9ffb635 WPS NFC: Build new style carrier record for connection handover request
It is more useful to be able to build a single NFC carrier record
instead of the full connection handover request message to allow
external components to decide whether to negotiate which alternative
carrier is used. This updates the carrier record contents to the new
design to include Enrollee public key hash and provides this as a
carrier record instead of full message. An external program is expected
to be used to build the full NFC connection handover message with
potentially other alternative carrier records included.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
57630e658b WPS: Preparations for allowing SSID filtering for provisioning step
If the SSID of the WPS AP is known, it should be possible to limit AP
selection based on this when searching for an active WPS AP. This commit
adds a mechanism to specify SSID for this type of uses.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
5f4545573f WPS NFC: Validate peer public key hash on Enrollee
Since the Enrollee can now get the public key hash from the Registrar,
there is need to validate this during the WPS protocol run.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
ea43ad960b P2P: Make group operating channel available
Provide local GO channel to the P2P module so that it can be used in
messages that indicate the current operating channel.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Arif Hussain
253f2e3795 P2P: Apply unsafe frequency rules to available channels
This adds a QCA vendor specific nl80211 event to allow the driver to
indicate a list of frequency ranges that should be avoided due to
interference or possible known co-existance constraints. Such
frequencies are marked as not allowed for P2P use to force groups to be
formed on different channels.

If a P2P GO is operating on a channel that the driver recommended not to
use, a notification about this is sent on the control interface and
upper layer code may decide to tear down the group and optionally
restart it on another channel. As a TODO item, this could also be changed
to use CSA to avoid removing the group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 11:49:05 +02:00
Jouni Malinen
8615bdfac9 Increase global ctrl_iface buffer to same size as per-interface
Since the global ctrl_iface can be used with IFNAME= prefix to send
commands to be processed by per-interface code, it should have the same
(well, close to same since the prefix takes some space) limits on
command length as the per-interface ctrl_iface. Increase the buffer from
256 to 4096 to achieve this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 16:57:15 +02:00
Jouni Malinen
c5a64e2d51 GAS client: Use Protected Dual of Public Action frames with PMF
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Conver Public Action
GAS queries to use Dual of Public Action frame if PMF has been
negotiated with the AP to which the frame is being sent.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 11:50:28 +02:00
Jouni Malinen
5ce00d09c0 GAS server: Add support for Protected Dual of Public Action frames
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Add support for this
different category of Action frames being used for GAS. The payload
after the Category field is identical, so the only change is in using
the Category field based on what was received in the request frames. For
backwards compatibility, do not enforce protected dual to be used on the
AP side, i.e., follow what the station does.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 11:19:55 +02:00
Jouni Malinen
ea6e040c30 Clear more configuration parameters to default on FLUSH
This makes it more convenient for test scripts to change parameters for
a specific test case without having to separately clear them between
each test case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 10:21:49 +02:00
Raja Mani
cf70d2981d wpa_supplicant: Schedule PNO on completion of ongoing sched_scan
When start PNO request comes from control interface, wpa_supplicant
should wait until ongoing sched_scan (triggered by wpa_supplicant)
gets cancelled. Issuing cancel sched_scan and start PNO scan
one after another from pno_start() would lead wpa_supplicant to clear
wps->sched_scanning flag while getting sched_scan stopped event
from driver for cancel sched_scan request. In fact, PNO scan will
be in progress in driver and wpa_s->sched_scanning will not be set
in such cases.

In addition to this change, RSSI threshold limit is passed as part of
start sched_scan request. This was previously set only in pno_start(),
but the same parameter should be available for generic sched_scan calls
as well and this can now be reached through the new PNO start sequence.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-22 19:41:45 +02:00
Max Stepanov
a6cff8bfa8 wpa_supplicant: Fix seg fault in wpas_ctrl_radio_work_flush() in error case
Verify wpa_s->radio pointer before accessing it. If interface addition
fails, this could get called before wpa_s->radio has been set.

The segmentation fault details:

Program received signal SIGSEGV, Segmentation fault.
0x00000000004b9591 in wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
5754		dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,

Call stack:
0  wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
1  wpa_supplicant_deinit_iface (wpa_s=0x77fff0, notify=0, terminate=0) at wpa_supplicant.c:3619
2  wpa_supplicant_add_iface (global=0x75db10, iface=0x7fffffffe270) at wpa_supplicant.c:3691
3  wpas_p2p_add_p2pdev_interface (wpa_s=0x75dd20) at p2p_supplicant.c:3700
4  main (argc=<optimized out>, argv=<optimized out>) at main.c:317

Function:
5750	void wpas_ctrl_radio_work_flush(struct wpa_supplicant *wpa_s)
5751	{
5752		struct wpa_radio_work *work, *tmp;
5753
5754		dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,
5755				      struct wpa_radio_work, list) {
5756			struct wpa_external_work *ework;
5757
5758			if (os_strncmp(work->type, "ext:", 4) != 0)

Root cause:
(gdb) p wpa_s->radio
$1 = (struct wpa_radio *) 0x0

Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
2014-01-22 19:25:22 +02:00
David Spinadel
f62a3c2fce P2P: Clone dtim_period to a new interface
Cloning dtim_period is needed for P2P GO.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
2014-01-22 19:24:41 +02:00
Jouni Malinen
88a0bcab6b Update copyright years in the manpages
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-21 16:33:25 +02:00
Dan Winship
32185f541c Sync manpages and command-line options
Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-01-21 16:31:50 +02:00
Dan Williams
b948e78b46 Add manpage for eapol_test
Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-01-21 16:30:46 +02:00
Dan Williams
36bd29ee5e wpa_supplicant: Fix usage text based on build options
Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-01-21 16:28:31 +02:00
Raja Mani
dd271857a5 Skip normal scan when PNO is already in progress
Scan request failures are observed in wpa_supplicant debug log when
Android framework starts PNO scan in driver via ctrl interface command
'set pno 1' and wpa_supplicant also tries to issue a scan request after
PNO has started in the driver.

Some drivers may reject a normal scan request when PNO is already in
progress. wpa_supplicant should consider PNO status before issuing start
scan request to the driver. Otherwise, wpa_supplicant will get failures
from driver for the scan request and it will end up rescheduling scan
request in periodic interval and get a start scan request failure for
each attempt.

In order to avoid unnecessary scan attempt when PNO scan is already
running, PNO status is checked before issuing scan request to driver.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-21 16:19:49 +02:00
Rashmi Ramanna
a2d6365760 P2P: Extend the listen time based on the active concurrent session
A P2P Device while in the Listen state waiting to respond for the
obtained group negotiation request shall give a fair chance for other
concurrent sessions to use the shared radio by inducing an idle time
between the successive listen states. However, if there are no
concurrent operations, this idle time can be reduced.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-20 22:55:09 +02:00
Dmitry Shmidt
443427e4ed P2P: Add missing direct global ctrl_iface commands for P2P
It should be noted that these commands are not exclusively used for P2P
or in the global context, so use of these commands through the global
control interface for operations that are specific to a single interface
have undefined behavior and that behavior may change in the future. As
such, these are recommend only for operations that are in the global
context (e.g., for P2P management).

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-01-17 11:58:36 +02:00
Jithu Jance
37b4198af4 P2P: Use GO's operating channel to optimize scan during join
Use P2P GO's operating channel information, if known, to do a single
channel scan during the join operation.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2014-01-17 11:57:07 +02:00
Arend van Spriel
a0e9d89203 Use minimal scan delay upon EVENT_INTERFACE_ADDED
This patch resets the static interface_count to zero in case of
wpa_supplicant_driver_init() call for wpa_s which is in
INTERFACE_DISABLED state. This interface_count is used for the delay of
the scan which is now minimal for dynamically added interfaces. This may
collide with a scan for another interface, but the same is true for any
chosen delay in this scenario. Also the state change to DISCONNECTED is
moved to wpa_supplicant_driver_init() so it will move from
INTERFACE_DISABLED to INACTIVE when there are no enabled networks.

Tested-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
2014-01-17 11:50:31 +02:00
Arend van Spriel
5ddd07cb37 Reset normal_scans counter upon entering INTERFACE_DISABLED state
Depending on the implementation, the scheduled scan may not give results
quickly when in DISCONNECTED state. This patch resets
wpa_s::normal_scans upon entering to the INTERFACE_DISABLED state so a
normal scan is assured upon going to DISCONNECTED state after the
interface has been re-enabled. This mainly solves a long reconnect time
observed upon repeated kernel driver reloads, i.e., third reload
resulted in a scheduled scan.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-hostap: Arend van Spriel <arend@broadcom.com>
2014-01-17 11:48:17 +02:00
Sunil Dutt
3ed97271ba TDLS: Pass peer's Supported channel and oper class info during sta_add
The information of the peer's supported channel and operating class
is required for the driver to do TDLS off channel operations with a
compatible peer. Pass this information to the driver when the peer
station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-14 17:24:33 +02:00
Jouni Malinen
c48414af8f P2P: Limit join-a-group scans based on SSID from invitation
If we already know the SSID of the P2P group we are trying to join, use
that SSID to limit scan responses and BSS selection since we do not
really look for any other network in this case. In addition, this can
fix cases where the peer has just changed its SSID (e.g., started a new
group) and there may be multiple BSS entries for the same BSSID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-13 21:39:06 +02:00
Jouni Malinen
78f0c933e0 Flush secondary device types on FLUSH command
This makes it possible to clear previously configured secondary device
types.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 22:27:30 +02:00
Jouni Malinen
2b384109f2 P2P: Allow requested device type to be specified with p2p_find
This allows filtering of P2P peers that reply to the device discovery
Probe Request frames.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 20:01:19 +02:00
Jouni Malinen
d9bb2821e7 Clear configuration blobs on FLUSH command
All te network blocks and credentials were already cleared, but
configurations blobs should also be cleared here, e.g., to get
more consistent behavior test cases using EAP-FAST PACs.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 16:42:15 +02:00
Jouni Malinen
c60ba9f7ab Skip network disabling on expected EAP failure
Some EAP methods can go through a step that is expected to fail and as
such, should not trigger temporary network disabling when processing
EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as
a special case, but similar behavior is needed for EAP-FAST with
unauthenticated provisioning.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 16:42:15 +02:00
Ben Greear
3043b4f455 nl80211: Document how to configure for libnl 2.0 and 3.2
Reported-by: Xose Vazquez Perez <xose.vazquez@gmail.com>

Signed-hostap: Ben Greear <greearb@candelatech.com>
2014-01-07 15:35:14 +02:00
Jouni Malinen
95fb2db242 P2P: Reject group formation on WPS provisioning failure
There is no need to wait for the 15 second group formation timeout to
clear the state if WPS failure is detected during P2P group formation.
Allow the WPS exchange steps (WSC_NACK and EAP-Failure) to be completed
and remove the group to get rid of the extra wait.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
6fc61e180e Fix TX status processing during AP mode shutdown in wpa_supplicant
A TX status event could be received after the AP interface has already
been deinitialized. This needs to check for NULL pointer before trying
to indicate the event to AP functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
b6a9590b34 Interworking: Keep up to two pending GAS_REQUEST responses
Previously, only the last response data was kept in memory. This
increases that to hold up to two last responses to allow some more
parallel operations to be requested. In addition, the response data is
now freed as soon as the external program has fetched it.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
090b8e3d14 Update copyright notices for the new year 2014
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
356d1488c4 Interworking: Add optional freq argument to INTERWORKING_SELECT
This can be used to limit which channels are scanned using the specified
list of frequency ranges in the same format that the SCAN command uses.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
a09ffd5f2f Fix req_scan-deplete-timeout and update eloop API for this
Commit e2f5a9889a was supposed to prevent
new scan request from pushing out the old one. However, it did not
really do that since eloop_deplete_timeout() returned 0 both for the
case where the old timeout existed (and was sooner) and if the old
timeout did not exist. It returned 1 only for the case where an old
timeout did exist and was larger than the new requested value. That case
used to result in wpa_supplicant_req_scan() rescheduling the timeout,
but hew code in eloop_deplete_timeout() did the exact same thing and as
such, did not really change anything apart from the debug log message.

Extend the eloop_deplete_timeout() (and eloop_replenish_timeout() for
that matter since it is very similar) to return three different values
based on whether the timeout existed or not and if yes, whether it was
modified. This allows wpa_supplicant_req_scan() to schedule a new
timeout only in the case there was no old timeout.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
083916c022 P2P: Clear p2p_disabled and p2p_per_sta_psk on FLUSH command
The control interface FLUSH command now includes clearing of
"P2P_SET disabled 1" and "P2P_SET per_sta_psk 1".

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
3f45fc403f P2P: Clear services on FLUSH command
The control interface FLUSH command now includes the step executed by
the P2P_SERVICE_FLUSH command.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
1f965e622a Allow external programs to request wpa_radio work items
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
6428d0a71f Do not start wpa_radio work during externally triggered scan
If an external program triggers a scan, wpa_supplicant does not have a
wpa_radio work item for this operation to protect against other
offchannel operations. This can result in operations failing, so try to
avoid damage by not starting any new wpa_radio work items during a scan
that was started by another process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
6470f471e4 Remove unneeded scan delay on connection-in-progress
This type of protection against concurrent connection and scan
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
4bb232153f Remove unneeded GAS query delay on connection-in-progress
This type of protection against concurrent connection and offchannel GAS
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
6ac4b15ef8 Use wpa_radio work for connection
This protects against conflicting offchannel operations during
connection (authentication, association, EAP exchanges, 4-way
handshake).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
b9e6d7001d Use radio work for GAS requests
Avoid concurrent GAS operations with any other exclusive use of the
radio by using the radio work queuing mechanism. This replaces some of
the earlier constraints on concurrent operations with the more generic
wpa_radio work concept.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
e05e130837 P2P: Use radio work to protect offchannel Action frame exchanges
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
e1d1c8e223 Use radio work for P2P Listen requests
Avoid concurrent P2P Listen operations with any other exclusive use of
the radio by using the radio work queuing mechanism. This removes some
of the earlier workarounds that postponed scans depending on other
operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 09:45:32 +02:00
Jouni Malinen
1b5d4714dd Use radio work for P2P scan requests
Avoid concurrent P2P scan requests with any other exclusive use of the
radio by using the radio work queuing mechanism. This removes some of
the earlier workarounds that postponed scans depending on other
operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:39:25 +02:00
Jouni Malinen
d12a51b5d2 Use radio work for scan requests
Avoid concurrent scan requests by using the radio work queuing
mechanism.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:37:50 +02:00
Jouni Malinen
b1ae396f59 Add framework for exclusive radio operations
The new radio work item concept can be used to request time for an
operation that requires exclusive radio control, e.g., a scan. Once the
radio is available, the registered callback function will be called.
radio_work_done() must be called once the exclusive radio operation has
been completed, so that the radio is freed for other operations. The
special case of deinit=1 is used to free the context data during
interface removal. That does not allow the callback function to start
the radio operation, i.e., it needs to free the allocated resources
and return.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:37:03 +02:00
Jouni Malinen
dd43aaa509 Add helper functions for cloning and freeing scan parameters
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:35:52 +02:00
Jouni Malinen
06f9acce18 Ignore externally triggered scan results with scan_res_handler
wpa_s->scan_res_handler is set only for cases where a scan operation is
requested for a specific purpose. As such, this callback should only be
called when a scan result from a scan that was triggered by
wpa_supplicant is processed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:34:17 +02:00
Jouni Malinen
c9b5559737 Clean up ctrl_iface debug prints for monitor events
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:34:09 +02:00
Jouni Malinen
d31b5ac778 Use cleaner debug print for ctrl_iface commands with private info
Convert this to a text string instead of ASCII hexdump to make the
debug log more convenient to use.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:33:50 +02:00
Jouni Malinen
9595151f3f Remove duplicated RX ctrl_iface hexdump
The newer wpa_dbg() print includes the same information in a more
convenient form, so remove the duplicate RX ctrl_iface hexdump in the
cases where there is no key material in the control interface commands
(the possible-key-material case is still using wpa_hexdump_ascii_key).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:33:18 +02:00
Jouni Malinen
9b850799c1 Fix scan-cache-clearing operation to avoid unnecessary cases
wpa_drv_scan() success case was supposed to clear
wpa_s->clear_driver_scan_cache, not params->only_new_results (which
would do nothing here).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-03 08:55:51 +02:00
Jouni Malinen
2f30cac36f Avoid unnecessary key clearing operations
Track set_key operations per-key index and clear keys on disconnection
only if the key was set (or may have been set which is the case for the
first operation after wpa_supplicant start).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 23:49:38 +02:00
Jouni Malinen
949938aadf Ask driver to report only new scan results if requested
If the BSS table within wpa_supplicant is flushed, request the driver to
flush its own scan result table during the next scan. This can avoid
unexpected old BSS entries showing up after BSS_FLUSH or FLUSH command
in cases where the driver may maintain its internal cache of scan
results (e.g., cfg80211 BSS table persists at least for 15 seconds).

In addition to doing this automatically on BSS_FLUSH/FLUSH, a new SCAN
command argument, only_new=1, can be used to request a manual scan
request to do same. Though, it should be noted that this maintains the
BSS table within wpa_supplicant. BSS_FLUSH followed by SCAN command can
be used to clear all BSS entries from both the driver and
wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 23:03:31 +02:00
Jouni Malinen
101bdc2e8c Remove forgotten notes about already removed driver wrappers
These old driver wrappers have been removed quite some time ago, but
some of the build configuration notes were still describing how they
are configured.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 10:23:30 +02:00
Jouni Malinen
70067530b6 Update EAP-FAST note regarding OpenSSL support
This is now supported in the current OpenSSL version.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 10:13:11 +02:00
Jouni Malinen
5890fa81d8 WPS: Fix clear-from-timeout handling to avoid race condition
The 100 ms timeout to clear WPS state after EAP-Failure has been
received worked otherwise fine, but it opened a race condition on
another WPS operation starting within that wait. If that happens, the
timeout will cancel that new operation unexpectedly. Fix this by
cancelling the timeout from wpas_clear_wps().

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-01 22:00:09 +02:00
Jouni Malinen
c64e3a08a9 P2P: Send received Presence Response information to ctrl_iface monitors
The P2P_PRESENCE_REQ command did not give any easily available
indication of the response received from the GO. Make this more useful
by providing such response (if received) as a ctrl_iface monitor event
(P2P-PRESENCE-RESPONSE).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-01 18:44:44 +02:00
Jouni Malinen
c5838683a8 Mark wpas_wps_er_nfc_handover_sel() static
This is not used outside wps_supplicant.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:37:15 +02:00
Jouni Malinen
0187c41d88 Declare wpa_debug_* variables in src/utils/wpa_debug.h
These were somewhat more hidden to avoid direct use, but there are now
numerous places where these are needed and more justification to make
the extern int declarations available from wpa_debug.h. In addition,
this avoids some warnings from sparse.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:29:52 +02:00
Jouni Malinen
fcc61230d1 Declare wpa_drivers in src/drivers/driver.h
This avoids some warnings from sparse.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:19:37 +02:00
Jouni Malinen
0d79b50ae7 Clear EAPOL Logoff state on FLUSH command
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:03:39 +02:00
Jouni Malinen
4848a38d85 Get rid of duplicated cipher suite and AKM definitions
WPA_CIPHER_* and CIPHER_* are used for the exact same set of cipher
suites with the main difference being that the WPA_CIPHER_* version is
suitable to be used as a bitfield. Similarly, WPA_KEY_MGMT_* and
KEY_MGMT_* have similar design for AKMs. There is no need to maintain
two separate copies of the definitions since the bitfield compatible
version can be used for both needs. Get rid of the CIPHER_* and
KEY_MGMT_* versions to clean up the implementation by getting rid of
unnecessary mapping functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:16:27 +02:00
Jouni Malinen
ef93abded7 WPS: Clean up UUID debug print
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-30 23:35:48 +02:00
Jouni Malinen
03ed332407 Interworking: Allow cred blocks not to be saved to a file
The new cred block parameter 'temporary' can be used to indicate that a
cred block is not to be saved to wpa_supplicant configuration file
(e.g., "SET_CRED 0 temporary 1"). This is similar to the concept of
temporary network blocks and allows cred blocks to be managed outside
the wpa_supplicant config file when other parameters are still saved to
the file written by wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-30 15:43:55 +02:00
Jouni Malinen
04f7ecc686 Reset WPA parameters to default values on FLUSH command
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 19:25:05 +02:00
Jouni Malinen
152cff6ba6 P2P: Remove WPA_DRIVER_FLAGS_P2P_MGMT option
The option of handling upper layer P2P management operations within the
driver/firmware was originally planned to be used with wpa_supplicant,
but this has not really happened and there is no clear sign of this
being needed in the near term either. This functionality has not been
completed and it is certainly not being kept up-to-date or tested. As
such, it is best to remove it for now and if this or something similar
is needed in the future, it can be brought back once a clear need for it
has been demonstrated first.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 18:20:47 +02:00
Jouni Malinen
538d6f4b54 WPS: Use shorter scan interval during pre-provisioning search
Previously, the shorter scan interval was already in use for the
connection following the provisioning step, but same optimization can
also be used for the pre-provisioning scan.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 18:02:05 +02:00
Jouni Malinen
3187fd900d WPS: Replace wpas_wps_in_progress with identical wpas_wps_searching
There is no point in maintaining two different functions that do
practically the same check of WPS state.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 17:59:12 +02:00
Jouni Malinen
dbfb8e82ff Remove unnecessary EVENT_RX_ACTION
This driver event was used separately for some Action frames, but all
the driver wrappers converted to this from information that would have
been enough to indicate an EVENT_RX_MGMT event. In addition, the
received event was then converted back to a full IEEE 802.11 management
frame for processing in most cases. This is unnecessary complexity, so
get rid of the extra path and use EVENT_RX_MGMT for Action frames as
well as other management frame subtypes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 17:18:17 +02:00
Jouni Malinen
8aaafcee9e Make local UUID available through ctrl_iface STATUS command
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
7b02375a41 Clear wps_fragment_size on FLUSH command
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
db76aa64f1 Fix PeerKey 4-way handshake
The earlier changes to buffer EAPOL frames when not associated to avoid
race conditions (especially commit
3ab35a6603 but maybe something even before
that) broke PeerKey 4-way handshake. Fix this by using a separate check
before the race condition workaround to process PeerKey 4-way handshake
EAPOL-Key messages differently.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-28 16:32:54 +02:00
Jouni Malinen
2cd0f6a429 WNM: Add Target BSSID into BSS Transition Management Response
P802.11-REVmc clarifies that the Target BSSID field is always present
hen status code is zero, so match that requirement.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:11:07 +02:00
Jouni Malinen
a8a6a35fd6 WNM: Use nonzero dialog token in BSS Transition Management Query
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:11:07 +02:00
Sudha Daram
3c1060ff8f WNM: Add debug logs to get the RSSI from the scan results
This commit adds few more debug prints to log the RSSI information from
the scanned BSSIDs and the current connected BSSID when comparing
neighbor results during WNM Transition Management Request processing.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 22:26:05 +02:00
Jouni Malinen
c511b321f3 WPS: Remove old duplicate network even if key is different
Previously, WPS credential provisioning removed duplicated network
entries only if they had identicical SSID, security parameters, and the
keys. However, it is possible that the AP has changes its keys and
leaving the old entry behind can result in connectibity issues (e.g.,
with 4-way handshake failing due to use of the old PSK). Fix this by
allowing the old network entry to be removed even if the keys
(passphrase, PSK, WEP keys) are different.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
9d2cb3ec94 Make CONFIG_TESTING_OPTIONS=y enable all testing options
This makes it easier to enable various testing parameters and
functionality in build configuration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
662b40b16b WPS: Reduce scan wait time during WPS processing
Since the AP is expected to be available, there is no need to wait for
the full five second wait between scans during WPS connection. This
speeds up cases where the first scan misses the AP for some reason.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
015af91fea Do not use results from externally requested scan for network selection
It may not always be desirable to trigger reassociation or network
change based on scan results from externally to wpa_supplicant trigger
scan operations. Skip network selection and roaming determination if the
received scan result is known to be triggered by something external to
wpa_supplicant. The control interface SCAN command can be used to
request wpa_supplicant to determine the best network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 20:50:28 +02:00
Jouni Malinen
1cd93ff743 Reschedule own scan request if an externally started one is in progress
This avoids some unnecessary attempts to request the driver to start a
scan while it is still busy with the scan operation that was started by
an external program.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:48:52 +02:00
Jouni Malinen
dc3906cb2d Show timing information about scan requests in debug log
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:48:52 +02:00
Jouni Malinen
d81c73be18 Optional scan id for ctrl_iface SCAN requests
This allows users of wpa_supplicant control interface to figure out when
their specific scan command has been started and completed. For example:

CTRL-EVENT-SCAN-STARTED
> scan freq=2412,2417 passive=1 use_id=1
3
CTRL-EVENT-SCAN-RESULTS
CTRL-EVENT-SCAN-STARTED id=3
CTRL-EVENT-SCAN-RESULTS id=3

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:48:52 +02:00
Jouni Malinen
a5f40eff18 Track whether scan was started by us or an external program
This can be used to improve scan behavior in cases external programs
request scans directly from the driver.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:27:48 +02:00
Jouni Malinen
88c2d48860 Allow passive scan to be requested with SCAN passive=1
This allows external programs to request wpa_supplicant to execute
a passive scan (i.e., do not send any Probe Request frames).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:27:48 +02:00
Jouni Malinen
69278f7328 Remove unused last_scan_full
This parameter was not really used for anything else apart from a debug
message in the same function that set it. In addition, cfg80211 returns
the set of scanned frequencies even for the full scan, so the code that
was setting this conditionally on frequency list not being there was not
really ever entered either.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:27:48 +02:00
Jouni Malinen
1f5d2dd3d7 Interworking: Allow EAP-FAST to be used
This behaves like PEAP as far as Interworking network selection is
concerned.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 16:55:45 +02:00
Jouni Malinen
6ffa1687ee Add GAS-QUERY-START and GAS-QUERY-DONE event messages
External programs can use these new control interface events to better
track progress of GAS operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 16:55:45 +02:00
Jouni Malinen
fee5234284 Allow channel list to be specified for SCAN command
The new freq=<frequency ranges> parameter to the SCAN command can be
used to request a scan to be performed on the specified set of channels
instead of on all channels. For example, "wpa_cli scan
freq=2400-2500,5180" would scan channels 1-14 and 36. Only the channels
that the driver indicates as enabled and that are within the specified
ranges are included in the request.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 16:55:44 +02:00
Jouni Malinen
98eda9c26d Move int_array helpfer functions to utils/common.c
These can be useful outside scan.c, so make them available.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 13:37:06 +02:00
Jouni Malinen
a4cfb48694 Add make lcov-html to generate code coverage report
In addition, update build rules to compile object files in the same
directory as the source code file if CONFIG_CODE_COVERAGE=y is set to
make lcov find the source code files.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 13:37:06 +02:00
Jouni Malinen
4daa011be4 Clean up cipher capability prints
Use an array of ciphers and a loop instead of copy-pasted copies of the
same printing functionality for each cipher.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-25 10:44:06 +02:00
Jouni Malinen
30675c3416 Add definitions for new cipher suites from IEEE Std 802.11ac-2013
This adds initial parts for supporting the new GCMP-256, CCMP-256,
BIP-GMAC-128, BIP-GMAC-256, and BIP-CMAC-256 cipher suites.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 22:21:04 +02:00
Moshe Benji
ab41595f35 wpa_supplicant: Fix crash when terminating all interfaces
In wpa_supplicant_terminate_proc(), while iterating and
terminating interfaces, after an interface is terminated,
we can no longer access its memory as it is no longer valid
and causes a crash.

Fix this by saving the pointer to the next interface before freeing
the current one to avoid accessing an invalid memory location.

Signed-hostap: Moshe Benji <moshe.benji@intel.com>
2013-12-24 08:29:28 +02:00
Johannes Berg
a12d34546a wpa_supplicant: Use monotonic time for last_scan check
This just serves to check if there was a scan within
the last 5 seconds, hence it should use monotonic time.
While at it, also use os_reltime_expired().

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 08:21:18 +02:00
Johannes Berg
51bffab117 WPS: Use monotonic time for AP connection attempt
This is only used for a debug message, but that message prints
the time since the last attempt, so it should use monotonic
time instead of wall clock.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 08:19:47 +02:00
Johannes Berg
6473e5c842 wpa_supplicant: Use relative time for TKIP Michael MIC failures
The MMIC failure code should use monotonic time to check
whether 60 seconds have elapsed or not. For type-safety,
use struct os_reltime for the timestamp variable, and
also convert to using os_reltime_expired().

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 08:18:47 +02:00
Johannes Berg
4e1eae1dff wpa_supplicant: Use monotonic time for temp-disabled networks
Temporarily disabled networks are disabled for a certain
duration, so the code should use monotonic time.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 08:01:59 +02:00
Johannes Berg
151ab808fa P2P: Use monotonic time for GO client waiting
GO activation can fail if the first client doesn't connect
within a certain time, but this should not be dependent on
wall time -- use monotonic time instead.

While at it, use os_reltime_expired().

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 08:00:03 +02:00
Johannes Berg
3326f19355 IBSS RSN: Use monotonic time for reinit detection
The reinit detection skips reinit when the time since the own
authentication frame TX is less than half a second, so it shouldn't
be affected by wall time and use monotonic time instead.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:58:21 +02:00
Johannes Berg
c2be937ce7 wpa_supplicant: Use monotonic time for EAPOL RX workaround
The EAPOL RX workaround checks that the events are less than 100 ms
apart, so only uses relative times and should use monotonic time.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:35:42 +02:00
Johannes Berg
e72a001b0f bgscan: Use monotonic time
The bgscan simple and learn algorithms should run regardless
of wall clock time jumps, so make them use monotonic time.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:34:43 +02:00
Johannes Berg
acb69cec6f wpa_supplicant: Use monotonic time for RX/BSS times
The BSS table, scan timeout, and related functionality should use
monotonic time since they care about relative values (age) only.
Unfortunately, these are all connected, so the patch can't be split
further. Another problem with this is that it changes the driver wrapper
API. Though, it seems only the test driver is using this.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:27:02 +02:00
Johannes Berg
46b8d4c004 wpa_supplicant: Use monotonic time for SA query timeout
The SA query timeout is just a regular timeout (currently
hard-coded to 1000 TU), so use monotonic time for it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:17:25 +02:00
Eliad Peller
3e06180fe0 bgscan_learn: Start scanning from the first freq
bgscan_learn_get_probe_freq() starts from returning the second entry in
the supp_freqs arrays. Change its logic a bit to make it start from the
first entry.

Signed-hostap: Eliad Peller <eliad@wizery.com>
2013-12-24 06:54:34 +02:00
Eyal Shapira
f4c73ae640 bgscan_learn: Fix initial interval
In case the initial signal level of the associated BSS was above the
given threshold, bgscan_learn module would begin using the
short_interval but never switch to the long_interval as there would be
no signal change event. Make the init code poll for the current signal
level and set scan_interval accordingly. This logic exists in
bgscan_simple but was missing in bgscan_learn.

Signed-hostap: Eyal Shapira <eyal@wizery.com>
2013-12-24 06:54:24 +02:00
Eliad Peller
7dab119380 bgscan_learn: Avoid redundant frequencies
Some hw modes (e.g., 11b and 11g) contain the same frequencies,
causing the supp_freqs array to be populated with redundant entries.

Check for the existence of the freq before adding it.

Signed-hostap: Eliad Peller <eliad@wizery.com>
2013-12-24 06:49:26 +02:00
Eliad Peller
3727123269 bgscan: Stop bgscan only on disassociation
Stopping bgscan on any state other than COMPLETED results
in bgscan reset (stop + start) on every rekeying operation.

Signed-hostap: Eliad Peller <eliad@wizery.com>
2013-12-24 06:48:28 +02:00
Jouni Malinen
b2838baf6a Update IBSS documentation to include RSN option
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-23 20:21:17 +02:00
Jouni Malinen
429dd9aff1 Advertise QoS Map support based on driver capability
Do not assume the driver supports QoS Mapping, but instead, advertise
support for this only if CONFIG_INTERWORKING is defined and driver
indicates support for configuring QoS Map.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-23 11:05:20 +02:00
Tomasz Bursztyka
b154a24e83 Fix a never-ending loop with multiple radios in wpa_supplicant
Commit 202dec2a94 introduced a never
ending loop for a case where a single wpa_supplicant process is used
with multiple radios. Fix this by advancing the iface pointer properly
to the next interface in the loop until a NULL pointer is hit.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2013-12-14 21:16:05 -08:00
Janusz Dziedzic
8d1fdde7f0 nl80211/hostapd: Extend channel switch notify handling
Adds support for VHT by parsing bandwidth and center_freq{1,2}.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-12-07 20:50:15 -08:00
Jithu Jance
8567866d75 P2P: Handle frequency conflict in single channel concurrency case
Based on priority, remove the connection with least priority whenever
a frequency conflict is detected.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2013-12-07 18:55:58 -08:00
Dmitry Shmidt
b125c48fce P2P: Add wfd_dev_info= field for device found event
This field allows adds enough information into the P2P-DEVICE-FOUND
events to figure out if the peer supports Wi-Fi Display.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-12-07 17:57:55 -08:00
Naresh Jayaram
f7579502a6 eap_proxy: Extend Android.mk to support additional libraries
Allow addition static and shared libraries to be specified from the
eap_proxy_*.mk file for Android build. In addition use $(LOCAL_PATH) as
a prefix for that Android makefile part.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-07 16:54:24 -08:00
Jouni Malinen
0ad3b9c402 Use wpa_radio data for get_shared_radio_freqs()
This replaces the now unnecessary iteration of get_radio_name() calls.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 21:20:15 +02:00
Jouni Malinen
1b544ffa74 Use wpa_radio data for wpas_wpa_is_in_progress()
This replaces the now unnecessary iteration of get_radio_name() calls.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 21:20:14 +02:00
Jouni Malinen
5b81927d58 Use wpa_radio data for wpas_p2p_search_delay()
This replaces the now unnecessary iteration of get_radio_name() calls.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 21:20:14 +02:00
Jouni Malinen
c67e7e2a23 Use wpa_radio data for channel list updates
This replaces the now unnecessary iteration of get_radio_name() calls.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 21:20:14 +02:00
Jouni Malinen
f88f19b465 Use wpa_radio data for scan result updates
This replaces the now unnecessary iteration of get_radio_name() calls.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 21:20:14 +02:00
Jouni Malinen
202dec2a94 Add shared per-radio structure for wpa_supplicant
struct wpa_radio is used as a shared data structure between all struct
wpa_supplicant instances that share the same physical radio.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 21:20:14 +02:00
Jouni Malinen
73c00fd794 Move wpa_supplicant driver initialization into a helper function
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 19:36:29 +02:00
Jouni Malinen
7feff06567 Add CONFIG_CODE_COVERAGE=y option for gcov
This can be used to measure code coverage from test scripts.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 19:16:12 +02:00
Ilan Peer
6f72577f29 P2P: Handle INTERFACE_DISABLED event on a P2P GO interface
An INTERFACE_DISABLED event received on an interface that is
currently operating a P2P GO means that the group session ended.
In such a case, if the interface was dynamically added remove it, and
if not, remove all the network blocks that are temporary, assuming
that if needed a new session will be started by an external entity.

The use case was triggering rfkill (both SW and HW). This case popped up
as part of a testing cycle, where after a toggle in the rfkill state,
the result was that the interface was not deleted, but on the other hand
the wpa_supplicant did not configure the kernel to re-start the AP
functionality again.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-11-24 12:29:20 +02:00
Loic Poulain
1245503188 Restore scan_req if sta scan is rescheduled in the scan results event
On scan results event if a concurrent P2P scan was triggered previously,
scan results processing is canceled, p2p_find executed, and a new sta
scan is triggered (pending scan). However, this new sta scan does not
restore the scan_req value of the previous scan (whose scan result has
been canceled).

If we are currently connected to an AP and use ap_scan=2, the new
triggered scan will cause an associtation-without-scan in
wpa_supplicant_scan:
(ap_scan == 2 & scan_req != MANUAL_SCAN_REQ)
	=> wpa_supplicant_assoc_try()
causing an association error and a disconnection.

This patch fixes this issue by restoring the previous scan_req value.

Signed-off-by: Loic Poulain <loicx.poulain@intel.com>
2013-11-24 11:47:30 +02:00
Michael Schaller
bdec7ee5c9 D-Bus: Add support to set pkcs11_{engine,module}_path
Add SetPKCS11EngineAndModulePath D-Bus method. Add PKCS11EnginePath
and PKCS11ModulePath D-Bus property getters.

Signed-hostap: Michael Schaller <misch@google.com>
2013-11-23 10:48:27 +02:00
Dmitry Shmidt
a94737ea38 Android: P2P: Remember country locale
This updates P2P modules based on the Android specific
DRIVER COUNTRY command.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-22 20:23:16 +02:00
Jouni Malinen
5e2c3490d5 Android: Add driver_cmd for arbitrary driver commands
This is a mechanism used in Android to extend driver interface in vendor
specific ways. This is included only for the purpose of Android
compatibility. Proper interface commands should be used for any new
functionality.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-22 20:23:08 +02:00
Johannes Berg
594516b4c2 Use monotonic clock for relative time for eloop if available
Relative time shouldn't be calculated based on gettimeofday
because that clock can jump (e.g., when the time is adjusted
by the system administrator.)

On systems where that is available, use CLOCK_BOOTTIME (on
fairly recent Linux systems, this clock takes into account
the time spend suspended) or CLOCK_MONOTONIC (on Linux and
some POSIX systems, this clock is just freely running with
no adjustments.)

Reported-by: Holger Schurig <holgerschurig@gmail.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-11-20 23:52:56 +02:00
Jithu Jance
1cba9bea96 STA: Cancel sched_scan while initiating wps_reassoc
Scan initiated from wps_nfc command context was ketp on
getting rescheduled due to an on-going scheduled scan. So
cancel sched_scan before issuing a reassociation scan.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2013-11-20 22:28:28 +02:00
Jouni Malinen
215a02f359 Add Wi-Fi Direct to the build configuration example
In addition, include Wi-Fi Direct support for Android builds by
default.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-20 20:49:48 +02:00
Rashmi Ramanna
6fc48481e4 P2P: Short scan wait to speed up the group re-invocation
The shorter 250 ms wait for the next scan request can be used also for
the case of persistent group re-invocation instead of just formation of
a new group. This speeds up the process and makes this more robust
especially in cases where the GO is using MCC.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-20 16:35:30 +02:00
Jouni Malinen
93a06fe103 Fix QoS Map Configure frame use
The QoS Map Set element was passed in full to the driver instead of just
the payload of the element. This resulted in the updated QoS Map being
rejected. Validate the element id/len and send only the payload to the
driver.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-20 12:49:27 +02:00
Jouni Malinen
1b665cbf51 P2P: Fix channel preference use for MCC p2p_connect
Only force_freq was used in the wpas_p2p_set_own_freq_preference() call
which allowed the P2P module channel re-selection to ignore the
preference for using a channel we are already using. Fix this by setting
either force_freq or pref_freq as the preference based on which one is
set. This allows p2p_ignore_shared_freq parameter to be used whether to
prefer the shared frequency in this case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-19 12:39:29 +02:00
Jouni Malinen
5624ccfe93 P2P: Optimize default case for own freq preference setting
There is no need to use wpas_p2p_num_unused_channels() here in the
default configuration of p2p_ignore_sahred_freq=0, so re-order the
conditions to skip that operation. This is a bit more efficient and the
debug log is also a bit cleaner in the default case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-19 12:29:25 +02:00
Jouni Malinen
d0f61a4bea P2P: Fix p2p_ignore_shared_freq=1 when inviting a peer
p2p_ignore_shared_freq=1 was supposed to allow a MCC-capable device to
ignore a preference for using the same channel on multiple interfaces.
However, it was not used when inviting a peer to re-invoke a persistent
group. This case needs special handling since the peer's channel list is
not available to perform channel reselection and the operating channel
indicated in the Invitation Request frames ends up getting used as the
operating channel if the transmitted of that frames becomes the GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-19 12:26:16 +02:00
Jouni Malinen
21e491f2f6 P2P: Fix p2p_ignore_shared_freq=1 during invitation processing
p2p_ignore_shared_freq=1 was supposed to allow a MCC-capable device to
ignore a preference for using the same channel on multiple interfaces.
However, it was not used during processing of an Invitation Request. Fix
that case to use channel preference instead of channel forcing if free
channels are available. This allows p2p_ignore_shared_freq=1 case to
ignore the preference.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-19 12:15:45 +02:00
Jouni Malinen
107a89448c P2P: Clean up wpas_p2p_setup_freqs() debug message
It is confusing to talk about current operating channels being
unavailable for P2P when there are no current operating channels. Make
the debug message easier to understand.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-18 18:16:27 +02:00
Jouni Malinen
7d669cf7a1 P2P: Clean up wpas_p2p_init_go_params()
It is clearer if there is only a single loop of the channel list and
shared debug prints. In addition, the note about current operating
channels not being available is quite confusing if there are no
operating group, so make that part of the message conditional.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-18 18:13:15 +02:00
Jouni Malinen
b17d89bd10 P2P: Fix channel selection for MCC case
Commit 0d08efa447 modified
wpas_p2p_setup_freqs() design to use number of MCC channels capability
from the driver. However, it resulted in regression on how the preferred
vs. forced channel selection is done in the case of a MCC device.
force_freq was set unconditionally even though this was supposed to be
done only if no additional channels are available. pref_freq needs to be
used when possible to avoid preventing connection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-18 16:53:44 +02:00
Jithu Jance
f86d282f43 Handle legacy scan interruption of sched_scan/PNO
While starting from PNO start context, the scheduled scan was not
setting the flag wpa_s->scanning. This was resulting in the subsequent
SCAN command to proceed further and send command to nl80211/cfg80211.
The expected behavior of cancelling sched_scan was not happening here.

While sched_scan is in progress and a legacy scan comes on the
cli/socket, the sched_scan is cancelled and normal scan is allowed to
continue. However, sometimes sched_scan cancelled event comes a bit
delayed and we will send out the scan command before the wpa_s->scanning
is cleared. Instead, reschedule the incoming scan req if the
wpa_s->scanning shows that it is still in progress.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2013-11-18 14:35:48 +02:00
Andrei Otcheretianski
334bf36ac5 Add chan_switch to ctrl interface of wpa_supplicant and hostapd
Add chan_switch to the control interface of wpa_supplicant and hostapd,
and also to wpa_cli and hostapd_cli.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-11-17 17:12:58 +02:00
Andrei Otcheretianski
bf281c129f Add AP channel switch mechanism
Build CSA settings and call the driver to perform the switch. Construct
Beacon, Probe Response, and (Re)Association Response frames both for CSA
period and for the new channel. These frames are built based on the
current configuration. Add CSA IE in Beacon and Probe Response frames.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-11-17 17:12:58 +02:00
Andrei Otcheretianski
dcca2219ae wpa_supplicant: Update channel switch driver interface
Add csa_settings struct which holds parameters for CSA. Change driver
interface for switch_channel(), so that it will receive this struct and
not only the new frequency as it was before. This allows wpa_supplicant
to provide all the required parameters (beacons, proberesp, assocresp,
CSA IE) which are required by cfg80211 implementation.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-11-17 16:48:33 +02:00
Jouni Malinen
e1925bde36 eloop: Remove eloop_none.c
This was supposed to be a minimal sample of eloop wrapper, but it is
unclear whether this is of that much use and the file has not been kept
up-to-date. Remove this file to reduce maintenance effort. The other
eloop*.c files can be used as a starting point if something new is
needed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 16:48:20 +02:00
Dmitry Shmidt
f6c2b8c367 Android: Add state message sent after 'status' command
This triggers re-transmission of CTRL-EVENT-STATE-CHANGE and
CTRL-EVENT-CONNECTED events on STATUS command for Android framework
specific processing.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-17 16:47:56 +02:00
Dmitry Shmidt
6b49907665 Android: Add SSID in supplicant change event
In addition, change wpa_s->pending_bssid to wpa_s->bssid for the BSSID
value in the event.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-17 16:47:45 +02:00
Masashi Honma
22cf7d7324 SCARD: Clean up SIM/USIM selection
Commit eb32460029 left an unneeded
sim_type argument to scard_init(). Remove that unnecessary argument to
clean up the implementation.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2013-11-17 16:47:38 +02:00
Paul Stewart
cea97a04f9 dbus_new: Add DBus TDLS methods
Add DBus methods for TDLS operations similar to those available
for the control interface. This includes Discover, Setup, and
Teardown commands. While here, add a method to query the TDLS
link status and add a DBus method for it.

Tested with CONFIG_TDLS enabled, on a TDLS-enabled host and
peer capable of TDLS:

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSStatus string:<peer-mac-address>

    yields: string "peer does not exist"

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSDiscover string:<peer-mac-address>

    yields no error

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSSetup string:<peer-mac-address>

    yields no error

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSStatus string:<peer-mac-address>

    yields: string "connected" after TDLS completes

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSTeardown string:<peer-mac-address>

    yields no error

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSStatus string:<peer-mac-address>

    yields: string "peer not connected"

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-11-17 16:47:32 +02:00
Jithu Jance
cc4952ad63 Request new scan only for the original interface
Request new scan only for the interface for which the original scan
request and results has come. Otherwise while sharing scan results along
with P2P interfaces, the new scan will be requested on P2P interfaces.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2013-11-17 16:47:22 +02:00
Jouni Malinen
fa58da2e6c Remove old mechanism of skipping scan request rescheduling
Since eloop_deplete_timeout() is doing practically same in
wpa_supplicant_req_scan(), revert the old mechanism from commit
7e1488494e to avoid unnecessary work in
this function.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 16:47:13 +02:00
Dmitry Shmidt
e2f5a9889a Deplete scan request if new time is less than remaining
This avoids pushing out previous scheduled scan requests based on new
events.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-17 16:46:58 +02:00
Vinay Krishna Eranna
dcd25d4c3b P2P: Use negotiated channel from invitation for persistent GO
During persistent group re-invocation, GO may end up using a different
channel as the operation channel compared to what was indicated in the
invitation frames. This may break the connection if the peer device ends
up scanning the GO only on the channel from the invitation frame. Fix
this by using the negotiated channel (if available) on the GO as the
operating channel instead of the channel that was provided in the
p2p_invite command to start negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-16 18:05:28 +02:00
Sunil Dutt
800d58721c TDLS: Provide external control to specify the peers for setup
There are use cases requesting the host driver to initiate the TDLS
setup with the peer only when configured by the external applications.
Thus, enable this control by tdls_external_control=1 and pass the
requisite information for the specific TDLS operation to the driver
on the request from such use cases.

This operation mode expects the driver to initiate TDLS link
automatically based on signal strength and traffic to a peer and tear
down links whenever they are not used or suitable due to signal strength
etc. The list of peers with which such operations are to be performed
are provided with the TDLS driver operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-15 03:02:08 +02:00
Dmitry Shmidt
58d6f91d16 Android: Reset MD5OBJS value before += operation
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-09 15:30:46 +02:00
Jouni Malinen
890b3a44cb Android: Sync Android.mk with Makefile
This brings in commit 411f567050 changes
to allow libdl to be linked in after OpenSSL.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-08 13:04:51 +02:00
Dmitry Shmidt
736abfc166 Android: Set proper path to keystore include dir
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 13:04:51 +02:00
Dmitry Shmidt
5e42035ed9 Android: Fix CONFIG_EAP_PROXY option and move it to right place
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 11:47:00 +02:00
Dmitry Shmidt
643fab30a0 Android: Add CONFIG_IEEE80211AC option to makefile
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 11:47:00 +02:00
Dmitry Shmidt
4ba83096e2 Android: Add CONFIG_EAP_UNAUTH_TLS option to makefile
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 11:47:00 +02:00
Ying Wang
53414a7e35 Android: Add liblog
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 11:46:59 +02:00
Kenny Root
1d415f1fcc Android: Switch keystore to binder
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 11:46:53 +02:00
Joe Onorato
4e5a4d3e57 Android: Get rid of LOCAL_MODULE_TAGS := user
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 11:41:05 +02:00
Kenny Root
206d81319e Android: Restore OpenSSL ENGINE support
We now use an OpenSSL ENGINE to support keystore functionality.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 11:40:13 +02:00
Dmitry Shmidt
b7997e01db Android: Remove obsolete WPA_UNICODE_SSID define
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 00:22:32 +02:00
Dmitry Shmidt
60cdfd7e25 Android: Fix compilation without BOARD_WPA_SUPPLICANT_DRIVER
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-07 14:04:30 +02:00
Dmitry Shmidt
e40634e654 Prohibit PNO start during assoc process and in connect state
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-07 14:01:33 +02:00
Dmitry Shmidt
3526ff0fad Android: Add ANDROID_P2P define under BOARD_WLAN_DEVICE
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-07 14:01:28 +02:00
Dmitry Shmidt
d0b2735240 Android: Fix CFLAGS -> L_CFLAGS
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-07 14:01:23 +02:00
Jouni Malinen
9ec876662b P2P: Allow GO P2P Device Address to be used for scan result matching
This is a better way of matching P2P groups based on the unique P2P
Device Address (e.g., from P2P Group ID) and SSID pair instead of using
the not necessarily unique P2P Interface Address.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 13:49:01 +02:00
Jouni Malinen
08b2677974 Interworking: Use SSID from the BSS entry
There is no need to parse the IE buffer again to find the SSID of the
BSS since that information is already stored in struct wpa_bss.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 00:17:48 +02:00
Jouni Malinen
50589751bf Interworking: Reject BSS based on disallow_aps
If a BSS is disallowed temporarily with disallow_aps, the network
connection is going to fail. As such, there is not much point in
allowing Interworking network selection to try to connect with such BSS.
As such, do not consider disallowed networks for automatic network
selection and reject requests to connect to them through
INTERWORKING_CONNECT.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 00:12:30 +02:00
Jouni Malinen
6ede8a7e4d Interworking: Avoid duplicated network blocks
Do not add multiple network blocks for the same network from a single
credential. INTERWORKING_CONNECT used to generate a new network block
for each instance regardless of what network blocks have already been
configured. While this allows the connection to go through, it is not
efficient to leave behind potentially large number of network blocks
with the same contents (or worse, changed contents). Address this by
removing an older network block for the same credential before adding a
new one.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 00:12:30 +02:00
Jouni Malinen
d28f4e44f1 Interworking: Do not reconnect if already connected
If we are already connected to the selected AP with a network block
that was created based on the selected credential, do not force a
reconnection or network block update.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 00:12:30 +02:00
Jouni Malinen
217cf4991d P2P: Add more debug prints for frequency selection
This prints out get_shared_radio_freqs() results and related information
from P2P operations to make debug logs more helpful for figuring out
issues related to multi-channel concurrency.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-05 11:07:51 +02:00
Ilan Peer
4dd3f86834 P2P: Fix bug in GO frequency selection
When trying to choose a frequency that can be used for GO instantiation,
properly check if there are free channels that can be used.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-11-05 10:55:22 +02:00
Ilan Peer
9804873e53 wpa_supplicant: Fix bug in get_shared_radio_freqs
The idx variable was mistakenly set to 0 at the beginning of the
interface iteration. This could result in the operating channel of the
interface calling the function from being removed from the returned
frequency array if other interfaces were operating.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-11-05 10:55:22 +02:00
Haim Dreyfuss
3139270903 bgscan: Add global bgscan configuration
This option can be used to globally configure bgscan parameters
for all the network blocks.

Note that this configuration will not override a network block
specific bgscan settings, but will only be used in case that
the network block does not have a valid bgscan configuration.

Signed-hostap: Haim Dreyfuss <haim.dreyfuss@intel.com>
2013-11-05 10:26:31 +02:00
Naresh Jayaram
efc58df29c eap_proxy: Re-read IMSI from proxy in Interworking functionality
Try to read the IMSI values through the eap_proxy layer for Interworking
functionality again if the value was not available at startup.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-05 10:12:14 +02:00
Jouni Malinen
18ca733248 SAE: Fix group selection
Number of regressions had shown up in wpa_supplicant implementation of
SAE group selection due to different integer array termination (-1 in
hostapd, 0 in wpa_supplicant) being used for SAE groups. The
default_groups list did not seem to use any explicit termination value.
In addition, the sae_group_index was not cleared back to 0 properly
whenever a new SAE session was started.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-02 18:07:49 +02:00
Jouni Malinen
65015b2d8e Replace unnecessary UTF-8 characters with ASCII versions
There is no need for using UTF-8 in these files when perfectly fine
ASCII versions of these characters exist.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-02 16:01:32 +02:00
Jouni Malinen
c092d83e26 P2P: Clear pending group formation data on group removal
It was possible for the wpa_s->show_group_started and wpa_s->go_params
to be left set when a P2P group was removed before group formation had
completed. In case a separate P2P group interface was not used, this
could rsult in all future scans using the hardcoded DIRECT-* SSID and as
such, not find the network they were trying to find. Fix this by
clearing these P2P parameters on group removal.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-01 10:31:55 +02:00
Jouni Malinen
9100b6607b P2P: Debug print reason for specific SSID for scan
It can be useful to see whether the specific P2P SSID was used for scan
based on p2p_in_provisioning or show_group_started when debugging issues
where this case shows up unexpectedly.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-01 10:30:50 +02:00
Jouni Malinen
2aec4f3c0c Allow add-BSS operation to re-use existing netdev
When removing and re-adding the first wlan# netdev to hostapd
dynamically, the netdev is already present and should not be removed and
re-added to maintain its state as not-added-by-hostapd so that it does
not get removed automatically.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-31 22:34:25 +02:00
Vinay Krishna Eranna
731ca6364e Update regulatory change to all virtual interface for the phy
wpas_p2p_setup_channels function uses the per interface information
(wpa_s->hw.modes) for setting up the available channel list for P2P
operation, but if a separate P2P interface is used (e.g., p2p0 on
Android), the wpa_s instance for that interface may not get an updated
channel list. This can result in some operations, like "P2P_SET
disallow_freq", using old channel list information (e.g., world roaming
information with passive-scan/no-ibss flags) which was initialized
during the start-up. This could result in P2P functionality using
conflicting or obsolete channel information.

To resolve this issue, update channel list information on regulatory
change events to all of the virtual interfaces sharing the same phy for
which the event is received.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-29 23:03:23 +02:00
Jouni Malinen
ebd79f07c4 hostapd: Make hostapd_config::bss array of pointers
This makes it more convenient to move BSS configuration entries between
struct hostapd_config instances to clean up per-BSS configuration file
design.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-29 16:58:21 +02:00
Jouni Malinen
7617388ea3 Interworking: Report STATUS:sp_type even if domain is not configured
This allows sp_type={home,roaming,unknown} to be used to determine
network type with SIM-based credentials even if the domain name
parameter is not configured explicitly.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-29 13:57:02 +02:00
Jouni Malinen
c20bc9d464 P2P: Remove compiler warning without CONFIG_IEEE80211N
Commit ca9bc5b566 added wpas_conf_ap_vht()
as a static function with the caller within CONFIG_IEEE80211N, but the
function outside. This resulted in a compiler warning for wpa_supplicant
AP/P2P builds when CONFIG_IEEE80211N=y was not used. Fix that by using
matching conditional block around the function.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-27 20:46:19 +02:00
Eliad Peller
ca9bc5b566 P2P: Add VHT support
Start GO with VHT support if VHT option was requested
and the appropriate channels are available.

Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
2013-10-27 20:08:36 +02:00
Eliad Peller
20ea1ca406 P2P: Add VHT parameter to P2P operations
Add the option to ask for VHT operation similarly to the way ht40 is
configured - either by adding 'vht' param to the relevant p2p_*
commands or by configuring p2p_go_vht=1 in the configuration file.

This patch only adds the configuration option (e.g., via control
interface). The actual handling of the VHT parameter (asking the driver
to use VHT, etc.) will be done by the following patch.

Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
2013-10-27 19:46:17 +02:00
Eliad Peller
f2112b2ac8 wpa_supplicant: Add CONFIG_IEEE80211AC
In order to support P2P GO with 11ac support, add CONFIG_IEEE80211AC
config option support to the Makefile.

Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
2013-10-27 19:32:03 +02:00
Jouni Malinen
4d9fb08d23 WPS: Clear known_wps_freq in addition to after_wps
Both of these variables can result in optimized WPS scans, so better
clear these more consistently to avoid unexpected single-channel scans.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-27 12:56:56 +02:00
Jouni Malinen
d20c340f7e Interworking: Clear known_wps_freq for network selection
This was forgotten from the previous commit which allowed some cases to
trigger single-channel scan incorrectly if an optimized WPS scan had not
yet been completed at the time network selection was started.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-27 12:55:09 +02:00
Jouni Malinen
1bd05d0423 Interworking: Force normal scan for network selection
Make sure special optimized scans (like WPS-single-channel or
sched_scan) do not get used during the network selection scan. This
could have been hit in cases where a previous operation has been stopped
in a state where special scan parameters were going to be used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-27 11:26:58 +02:00
Jouni Malinen
51e9f22809 P2P: Add option to allow additional client channels
The new p2p_add_cli_chan=1 configuration parameter can be used to
request passive-scan channels to be included in P2P channel lists for
cases where the local end may become the P2P client in a group. This
allows more options for the peer to use channels, e.g., if the local
device is not aware of its current location and has marked most channels
to require passive scanning.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-26 17:49:10 +03:00
Jouni Malinen
556b30daca P2P: Add option to remove channels from GO use
The new p2p_no_go_freq frequency range list (comma-separated list of
min-max frequency ranges in MHz) can now be used to configure channels
on which the local device is not allowed to operate as a GO, but on
which that device can be a P2P Client. These channels are left in the
P2P Channel List in GO Negotiation to allow the peer device to select
one of the channels for the cases where the peer becomes the GO. The
local end will remove these channels from consideration if it becomes
the GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-26 17:49:10 +03:00
Jouni Malinen
e7ecab4a3b Use ARRAY_SIZE() macro
Replace the common sizeof(a)/sizeof(a[0]) constructions with a more
readable version.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 17:49:05 +03:00
Jouni Malinen
29179b881e Stop ctrl_iface monitor send loop on reinit failure
There is no point trying to continue sending messages with sendmsg() if
socket reinitialization fails.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 15:55:59 +03:00
Jouni Malinen
a2a535f897 Remove unnecessary wpa_s->conf checks
wpa_s->conf cannot be NULL because wpa_supplicant_init_iface() would not
allow wpa_supplicant_add_iface() to return wpa_s instance in such state.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 15:55:52 +03:00
Jouni Malinen
41c526f357 P2P: Fix snprintf buffer length for group ifname backup
Commit 2e5ba4b6d1 moved this to a function
and updated one of the os_snprintf() calls to use the len parameter, but
forgot the other one.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-24 21:22:30 +03:00
Naresh Jayaram
07041c6f99 eap_proxy: Confirm eap_proxy initialization before reading SIM info
Trying to access the SIM card details without checking if the eap_proxy
layer has been initialized can results in a crash. Address this by
sending the request for the IMSI through eapol_supp_sm.c which can
verify that eap_proxy has been initialized.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-23 20:51:39 +03:00
Po-Lun Lai
47d986e6ff P2P: Check Action frame payload match before accepted TX status
It is possible for there to be two pending off-channel TX frames, e.g.,
when two devices initiate GO Negotiation at more or less the same time.
This could result in the TX status report for the first frame clearing
wpa_s->pending_action_tx that included the newer frame that has not yet
been transmitted (i.e., is waiting to be sent out). Avoid losing that
frame by confirming that the TX status payload matches the pending frame
before clearing the pending frame and reporting the TX status callback.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-23 17:47:40 +03:00
Jouni Malinen
d259249762 Fix ENABLE_NETWORK not to reconnect in disconnected state
DISCONNECT followed by ENABLE_NETWORK ended up starting a scan for a new
connection due to wpa_supplicant_enable_one_network() setting
wpa_s->reassociate = 1. This was done regardless of wpa_s->disconnected
being 1 which should imply that wpa_supplicant should not try to connect
before asked explicitly with REASSOCIATE or RECONNECT.

Fix this by making ENABLE_NETWORK setting of reassociate = 1 and
starting of scans for connection conditional on wpa_s->disconnected ==
0. This will make ENABLE_NETWORK trigger a connection only if
wpa_supplicant is already in a state where it would try to connect if
there are any enabled networks.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-23 12:09:46 +03:00
Jouni Malinen
af8a827b90 Make frequency range list routines more general
This allows the frequency range list implementation to be shared for
other purposes.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-23 00:44:07 +03:00
Dan Williams
538922a628 dbus: Add boolean AllowRoam option to Scan() method options dictionary
To disallow roaming when a scan request's results are read, callers
of the D-Bus Scan() method may add a new "AllowRoam" boolean key
to the scan options dictionary and set that key's value to FALSE.

Signed-hostap: Dan Williams <dcbw@redhat.com>
2013-10-22 16:09:46 +03:00
Pontus Fuchs
c6f5dec9c1 Don't start second scan when changing scan interval
If a scan is currently running and the scan interval is changed, a
second scan will be started before the current has finished. This will
in turn, if no networks are configured, cause wpa_s->state to be
forced to WPA_INACTIVE before the first scan has finished.

Signed-hostap: Pontus Fuchs <pontus.fuchs@gmail.com>
2013-10-22 15:57:21 +03:00
Jouni Malinen
313424d46e GAS: Add support for multiple pending queries for the same destination
Need to use the pointer to the current ongoing query instead of matching
from the pending list based on the destination address so that we get
the correct query instance when processing the TX status report.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-21 14:37:37 +03:00
Jouni Malinen
cbc5484892 GAS: Do not start new scan operation during an ongoing GAS query
These operations can have conflicting offchannel requirements, so wait
with a new scan trigger until a pending GAS query has been completed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-21 13:20:38 +03:00
Kyeyoon Park
c377514337 GAS: Delay GAS query Tx while scanning/connecting
Offchannel operations needed for a GAS query can conflict with ongoing
scan/connection progress, so delay GAS queries if such an operation is
in progress on the current interface or any virtual interface sharing
the same radio.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-21 13:15:45 +03:00
Kyeyoon Park
24c694b465 GAS: Delay GAS query Tx while another query is in progress
It would be possible to issue another GAS query when a previous one is
still in progress and this could result in conflicting offchannel
operations. Prevent that by delaying GAS query initiation until the
previous operation has been completed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-21 13:13:42 +03:00
Jouni Malinen
7255983b59 WPS: Clear after_wps from number of new locations
This makes it less likely to forget WPS single-channel scan optimization
in effect after having completed the WPS operation or in case WPS
operating gets cancelled.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 21:38:02 +03:00
Jouni Malinen
73b54d63fc P2P: Fix Operating Channel in Invitation Request for operating group
When a GO or P2P Client invites a peer device to join an already
operating group, the Operating Channel in Invitation Request needs to be
forced to the current operating channel of the group.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 21:38:02 +03:00
Jouni Malinen
0c92963656 D-Bus: Clean up debug print for P2P invitation result
wpa_printf() does not need '\n' so remove the extra newline. In
addition, drop the priority of this message from MSG_INFO to MSG_DEBUG
since this is in no way exceptional operation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 21:38:02 +03:00
Jouni Malinen
d2858883b0 P2P: Add GO BSS entry details to debug log on join-a-group
This makes it easier to debug issues related to selecting GO information
from the latest updated BSS table entry.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 21:38:01 +03:00
Jouni Malinen
e241b1b4f2 eap_proxy: Fix IMSI fetch for home vs. visited network determination
Use similar mechanism to CONFIG_PCSC=y case to set the IMSI and MNC
length for eap_proxy. This allows automatic 3GPP realm comparison
against the domain list.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 13:12:04 +03:00
Jouni Malinen
a5d44ac083 EAP peer: Add framework for external SIM/USIM processing
The new configuration parameter external_sim=<0/1> can now be used to
configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM
authentication for EAP-SIM or UMTS authentication for EAP-AKA). The
requests and responses for such operations are sent over the ctrl_iface
CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing
password query mechanism.

Changes to the EAP methods to use this new mechanism will be added in
separate commits.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 13:12:04 +03:00