This makes the initial OBSS scans in AP mode before starting 40 MHz BSS
more robust. In addition, HT20 can be used as a backup option if none of
the scans succeed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If a 2.4 GHz band AP receives a 20/40 Coexistence management frame from
a connected station with 20/40 BSS Intolerant Channel Report element
containing the channel list in which any legacy AP are detected or AP
with 40 MHz intolerant bit set in HT Cap IE is detected in the affected
range of the BSS, the BSS will be moved from 40 to 20 MHz channel width.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Extend the minimal HT 20/40 co-ex support to include dynamic changes
during the lifetime of the BSS. If any STA connects to a 2.4 GHz AP with
40 MHz intolerant bit set then the AP will switch to 20 MHz operating
mode.
If for a period of time specified by OBSS delay factor and OBSS scan
interval AP does not have any information about 40 MHz intolerant STAs,
the BSS is switched from HT20 to HT40 mode.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This provides information to allow the driver to be configured for
updated channel parameters, e.g., when dynamically changing HT20/HT40
bandwidth.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
With hidden SSID (ignore_broadcast_ssid), an IOS device trying to
connect to the AP will send a probe request with ANT == 2. If
interworking support is just compiled (not enabled), we will drop the
probe request since default ANT is 0.
Check that interworking is enabled before filtering based on ANT or
HESSID to match the behavior of code without CONFIG_INTERWORKING.
Signed-off-by: Maxime Bizon <mbizon@freebox.fr>
Sometimes function hostapd_is_dfs_required() returns -1 which indicates
that it was not possible to check if DFS was required. This happens for
channels from the 2.4 GHz band where DFS checking should not happen.
This can be fixed by returning DFS-not-required for mode different from
IEEE80211A and when DFS support is not available (ieee80211h not set).
Signed-off-by: Marek Puzyniak <marek.puzyniak@tieto.com>
This makes the definitions match the terminology used in IEEE Std
802.11-2012 and makes it easier to understand how the HT Operation
element subfields are used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This was used to fill in the "PSMP support" subfield that was defined
during P802.11n development. However, this subfield was marked reserved
in the published IEEE Std 802.11n-2009 and it is not supported by
current drivers that use hostapd for SME either. As such, there is not
much point in maintaining this field as ht_capab parameter within
hostapd either.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Now that WPS 2.0 support is enabled unconditionally, WEP and Shared auth
type are not allowed. This made some of the older code unused and that
can now be removed to clean up the implementation. There is still one
place where WEP is allowed for testing purposes: wpa_supplicant as
Registrar trying to configure an AP to use WEP. That is now only allowed
in CONFIG_TESTING_OPTIONS=y builds, though.
Signed-off-by: Jouni Malinen <j@w1.fi>
"user" MACACL "password" style lines in the eap_user file can now be
used to configured user entries for RADIUS-based MAC ACL.
Signed-off-by: Jouni Malinen <j@w1.fi>
p2p_dev_addr was not NULL, so the all zeros case was printed as well.
Clean this up by printing p2p_dev_addr in debug prints only if it is a
real P2P Device Address.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add support of vendor command to hostapd ctrl_iface.
Vendor command's format:
VENDOR <vendor id> <sub command id> [<hex formatted data>]
The 3rd argument will be converted to binary data and then passed as
argument to the sub command.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
When primary and secondary channel were switched and config was
reloaded, secondary channel was incorrectly overwritten.
Proceed as for other settings that should not be changed and don't
allow to overwrite.
Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
There is not much point in building devices with WPS 1.0 only supported
nowadays. As such, there is not sufficient justification for maintaining
extra complexity for the CONFIG_WPS2 build option either. Remove this by
enabling WSC 2.0 support unconditionally.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Especially when multiple BSSes are used with ACS, number of the error
paths were not cleaning up driver initialization properly. This could
result in using freed memory and crashing the process if ACS failed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the PMK-R1 needs to be pulled for the R0KH, the previous
implementation ended up rejecting the over-the-air authentication and
over-the-DS action frame unnecessarily while waiting for the RRB
response. Improve this by postponing the Authentication/Action frame
response until the pull response is received.
Signed-off-by: Jouni Malinen <j@w1.fi>
The main WPS code rejects WEP parameters, so this code is not used and
can be commented out from WPS 2.0 builds. This is similar to the earlier
commit that commented out in-memory update.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the driver supports full offloading of DFS operations, do not disable
a channel marked for radar detection. The driver will handle the needed
operations for such channels.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The main WPS code rejects WEP parameters, so this code is not used and
can be commented out from WPS 2.0 builds.
Signed-off-by: Jouni Malinen <j@w1.fi>
There was possibility that the current channel in Beacon information
element was incorrectly set. This problem was easily observed when
primary and secondary channel were switched and then some of hostapd
settings (for example password) were changed using WPS External
Registrar. This caused hostapd_reload_config() function overwrite the
current channel information from config file.
This patch prevents this situation and does not allow to overwrite
channel and some other settings when config is reloaded.
Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
It was possible for hapd->wps_beacon_ie and hapd->wps_probe_resp_ie to
be set if WPS initialization in hostapd failed after having set these
parameters (e.g., during UPnP configuration). In addition, many of the
other WPS configuration parameters that were allocated during the first
part of the initialization were not properly freed on error paths.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These were previous set to 3.0 and 1.5 ms which ended up using values 93
and 46 in 36 usec inits. However, the default values for these are
actually defined as 3.008 ms and 1.504 ms (94/47) and those values are
also listed in the hostapd.conf example.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The center segment0 calculation for VHT20 ACS was incorrect. This caused
ACS to fail with: "Could not set channel for kernel driver".
Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
Secondary channel was compared incorrectly (-4/4 vs. actual channel
number) which broke matching neighboring 40 MHz BSSes and only the
no-beacons-on-secondary-channel rule was applied in practice. Once
sec_chan was fixed, this triggered another issue in this function where
both rules to switch pri/sec channels could end up getting applied in a
way that effectively canceled the switch.
Signed-off-by: Jouni Malinen <j@w1.fi>
previous_ap and last_assoc_req were not really used for anything
meaninful, so get rid of them to reduce the size of per-STA memory
allocation.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for the control interface and some of the BSS setup to
be left partially initialized in failure cases while the BSS structures
were still freed. Fix this by properly cleaning up anything that may
have passed initialization successfully before freeing memory.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows hostapd to set a different management group cipher than the
previously hardcoded default BIP (AES-128-CMAC). The new configuration
file parameter group_mgmt_cipher can be set to BIP-GMAC-128,
BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in
IEEE Std 802.11ac-2013.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
For some client OBSS implementations that are performed in
firmware, all OBSS parameters need to be set to valid values.
Do this, as well as supplying the "20/40 Coex Mgmt Support"
flag in the extended capabilities IE.
Signed-hostap: Paul Stewart <pstew@chromium.org>
The 802.11ac amendment specifies that that the center segment 0 field
is reserved, so it should be zero. Hostapd previously required it to
be set, which is likely a good idea for interoperability, but allow it
to be unset. However, don't allow it to be set to a random value, only
allow zero and the correct channel.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Some of the remote ANQP server concepts were introduces into gas_serv.c,
but these were not completed. Remote the unused implementation for now.
It can be added back if support for remote ANQP server is added at some
point.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
hostapd DEAUTHENTICATE and DISASSOCIATE control interface commands
accepted both a test=<0/1> and reason=<val> parameters, but these were
not supported in the same command as a combination. Move the code around
a bit to allow that as well since it can be helpful for automated test
scripts.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, some of the last initialization steps could fail without
clearly marking the interface disabled. For example, configuring the
channel to the driver could fail, but hostapd would not clearly identify
as the interface not being in functional state apart from not moving it
to the ENABLED state. Send an AP-DISABLED event and mark interface state
DISABLED if such a setup operation fails.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
At least in nl80211, broadcast management frames like Probe Request
frames, may be processed multiple times per BSS if multi-BSS is active
and NL80211_CMD_FRAME event is used to deliver them. In the case of
Probe Request frames, hostapd will create multiple redundant Probe
Response frames which are problematic when many BSS are on one channel.
This problem is caused by driver_nl80211 generating an event for
wpa_supplicant_event() for each BSS, and hostapd_mgmt_rx() calls
ieee802_11_mgmt() for each BSS, too.
Fix this by processing broadcast events only for the BSS the driver
intended to. The behavior is not changed for drivers not setting a BSS.
Signed-hostap: Simon Wunderlich <simon@open-mesh.com>
If channels are "available", change to "usable" DFS channels as a
fallback, too. This requires CAC, but it is still better to do that
instead of stopping service completely.
Signed-hostap: Simon Wunderlich <sw@simonwunderlich.de>
If DFS channels are marked as "available", an AP can switch to them
immediately without performing CAC. Therefore, the channel selection
function should consider these channels even though these are radar
channels.
Signed-hostap: Simon Wunderlich <sw@simonwunderlich.de>
Different channels allow different transmission power, at least in ETSI
countries. Also, ETSI requires a "channel plan" for DFS operation, and
channels should be randomly choosen from these channels.
Add a channel list configuration option for users to add channels
hostapd may pick from.
Signed-hostap: Simon Wunderlich <sw@simonwunderlich.de>
Incorrect PTK length was used in PMK-to-PTK derivation and the Michael
MIC TX/RX key swapping code was incorrectly executed for these ciphers
on supplicant side.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If eap_user_file is configured to point to an SQLite database, RADIUS
server code can use that database for log information.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, this was enabled only at msgdump verbosity level, but any
level that is more verbose than it should also be included.
Signed-off-by: Jouni Malinen <j@w1.fi>
This reverts commit 4345fe963e. That
introduced number of memory leaks and since the rest of the VLAN changes
did not yet go in, it is easier to revert this for now and bring back
the changes after fixes if there is sufficient interest for them in the
future.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends the design already available for Access-Request packets to
the RADIUS server and Access-Accept messages. Each user entry can be
configured to add arbitrary RADIUS attributes.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Request the driver to send a Deauthentication frame before doing
any other disconnection steps on the session timeout path. This is
needed when PMF is negotiated for the association since the driver
will need to find the STA entry and the PTK for it to be able to
protect the robust Deauthentication frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In case of Automatic Channel Selection (ACS) failure, we do not have a
real fallback path. Interface still remains in ACS state. To reflect we
did not succeed with ACS, simply disable the interface and indicate this
to user/upper layer entity so that a suitable recovery or error
notification can be performed.
Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
handle_assoc_cb() got this addition, but the check in
hostapd_new_assoc_sta() was not modified to be aware of the OSEN special
case for EAPOL state machines to be used for marking a STA authorized.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This was done in handle_assoc_cb() in ieee802_11.c for drivers that use
hostapd SME/MLME. However, drivers that include SME/MLME implementation
do not use that function and the STA flag needs to be set when
processing the association notification. This is needed to get the STA
entry into showing the proper authorized state and to get the
AP-STA-CONNECTED/DISCONNECTED events on the control interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
As per IEEE Std 802.11ac-2013, 'Maximum A-MPDU Length Exponent' field
value is in the range of 0 to 7. Previous implementation assumed EXP0 to
be the maximum length (bits 23, 24 and 25 set) what is incorrect.
This patch adds options to set it up within the 0 to 7 range.
Signed-off-by: Bartosz Markowski <bartosz.markowski@tieto.com>
