There were some code paths that allowed obsolete configuration data
pointer to be maintained within EAPOL supplicant in case a network was
removed while not connection to it (i.e., wpa_s->current_ssid not
pointing to the network that was removed). This could result in use of
freed memory, e.g., from eap_sm_notify_ctrl_attached() when a new
control interface connected prior to the EAPOL supplicant configuration
pointer got updated.
Signed-hostap: Jouni Malinen <j@w1.fi>
In AP mode the frequency was initialized only after trying to set up the
AP which caused failure. Move AP frequency initialization to the right
place. This allows an AP mode network block without the frequency
parameter to be used with the default channel 11 being selected in that
case.
Signed-hostap: Avraham Stern <avraham.stern@intel.com>
When 'p2p_group_remove *' is called while the station interface
is connected, the flow also disconnects the station interface.
Fix this by skipping non-P2P interfaces in the iteration.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
According to WSC specification (Ver 2.0.2, section 8.3), RF Bands
attribute should be set to the specific RF band used for the current
message. Add an option to set wanted band in wps_build_rf_bands() and
add a callback to get the current band from wpa_supplicant and hostapd.
Signed-hostap: David Spinadel <david.spinadel@intel.com>
Reduce the wait time for the monitor control interfaces to get
messages on wpa_supplicant de-init etc., as this significantly delays
the shutdown of the wpa_supplicant.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
In case a control interface socket is detached because of sendmsg()
failing for the socket, function call to detach the socket uses a
pointer to the socket information in the structure to be freed. Reorder
code to print socket info before freeing the data to avoid use of freed
memory in case debug prints are enabled.
Signed-hostap: Jouni Malinen <j@w1.fi>
This keeps wpa_supplicant from hanging forever if the other end of the
socket dies. This is similar to the earlier commit
4fdc8def88 to make the global control
interface befave in the same way.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, wpa_supplicant behavior in WEP configuration was to try to
mimic a device that is not aware of WPA/WPA2 and as such, it tried to
connect to a WPA/WPA2 AP with the assumption that the AP could be
providing support for both WEP and WPA/WPA2 stations in the same BSS.
Such APs could have been used during transition from WEP to more secure
options, but that type of deployment have not been used in large number
and are not really of much use anymore taken into account that more or
less all new devices support WPA/WPA2. That combined with the preference
to deprecate WEP justifies removing this use case and making WEP
networking matching more strict by using the knowledge of AP advertising
WPA/WPA2 as an indication of WEP not being supported.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit c7a67a7719 forced disconnection
when wpas_clear_wps() is called. Call this function from a registered
timeout when processing a failure event in order to allow the WPS
handshake to be completed with WSC_NACK and EAP-Failure.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This reverts commit ce970851af.
It turned out that this breaks lots of use cases where p2p_find is
issued while already in p2p_listen state. As such, we cannot reject
p2p_find this easily without checking for more specific cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
Though p2p_find is not expected during ongoing P2P connection, it is
possible that any third party application issues a p2p_find resulting in
connection failure. Address this by rejecting any p2p_find command while
connection is in progress.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
cfg80211 does not allow the zero duration of remain-on-channel. Instead,
use 20 ms as default waiting time when remain-on-channel is used to
schedule offchannel transmission that does not expect a response.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
4-way handshake may fail under extremely noisy environment and if this
happens during P2P group formation, the 10 second extra delay added in
wpas_auth_failed() can result in running over the 15 second timeout.
Avoid this by skipping the delay mechanism in wpas_auth_failed() for the
P2P group formation case. The P2P formation timeout will take care of
stopping the attempts if the failure condition does not get resolved.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Change the P2P flows to use the number of concurrent channels
supported by the device and the number of currently used channels
for the P2P flows.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Signed-hostap: David Spinadel <david.spinadel@intel.com>
Some driver interfaces may not support the get_radio_name() design and
get_shared_radio_freqs() needs to be aware of such possibility when
determining shared radio frequencies.
Signed-hostap: Jouni Malinen <j@w1.fi>
There are devices that can operate several channels concurrently.
Change shared_vif_oper_freq() to get_shared_radio_freqs() that can
return an array of frequencies currently used by all the virtual
interfaces that share the same radio.
In addition, move it to wpa_supplicant.c, so it can be used by other
modules.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Signed-hostap: David Spinadel <david.spinadel@intel.com>
Previously, drivers only reported if they support multiple concurrent
channels, but did not report the maximum number of supported channels.
Add this reporting to the driver capabilities and add the implementation
to driver_nl80211.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Signed-hostap: David Spinadel <david.spinadel@intel.com>
To better support the IBSS/RSN mechanism, wpa_supplicant has to be able
to detect a possible peer reboot and in this case it should start a new
EAPOL handshake.
To perform such reboot detection wpa_supplicant has to perform an Open
Authentication by sending an Authentication frame and then replying to
it. IF an Authentication frame is received when the key have already
been exchanged, wpa_supplicant understands that the peer has rebooted
and can reset its state machine.
Whenever a new peer is added to the IBSS wpa_supplicant will start the
Open Authentication and only after having accomplished it will start the
key exchange. If the driver does not support Authentication frame
exchange initiated from user space, this step is skipped to maintain
previous behavior (just go through EAPOL-Key frame processing).
The Open Authentication was partly supported by the Linux kernel but now
wpa_supplicant can register for Authentication frames, handle it in
userspace and so avoid any possible race condition.
Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
Commit 1aef400bf0 implemented IBSS RSN
disconnect() call using sta_deauth() in a way that resulted in NULL
pointer dereference in driver_nl80211.c if SME was in user space. Fix
this by passing the own MAC address in the sta_deauth call.
Signed-hostap: Jouni Malinen <j@w1.fi>
When the device indicates to take care of TDLS operations the TDLS
setup is done calling wpas_drv_tdls_oper(). This patch does a similar
thing for the teardown. This fixes failure of teardown:
"TDLS: Could not find peer <mac> for link Teardown"
Signed-hostap: Arend van Spriel <arend@broadcom.com>
Because a delayed scheduled scan will access the members of struct
wpa_supplicant which is freed and this can result in a crash,
wpa_supplicant needs to cancel delayed scheduled scan during cleanups.
Signed-hostap: Chengyi Zhao <chengyix.zhao@gmail.com>
This allows wpa_supplicant to associate to an AP that has VHT BSS
membership selector set to indicate VHT support is required for the BSS.
Without the patch it was impossible to connect to, e.g., hostapd-based
AP that has require_vht=1. wpa_supplicant was complaining with:
hardware does not support required rate 63.0 Mbps
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
There is no need to wait for the 15 second group formation timeout
before indicating P2P group formation failure if GO mode cannot be
started successfully for some reason.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like some of the global control interface cases ended up
blocking in sendmsg() when trying to send an event. Since this can block
all wpa_supplicant processing for multiple seconds, this is very
undesirable. Avoid this by requesting sendmsg() to return an error
rather than waiting for the message to be sent.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
3GPP TS 24.232 Annex A.3 allows network operator to advertise only two
digits of MNC even if MNC has three digits. Allow such matches in
network selection. In addition, allow three digit matches of MNC even if
MNC length was assumed to be two to avoid missing networks if MNC length
cannot be determined reliably. Remove the '-' separator from simulated
SIM/USIM cases to allow the new matching rules to work.
Fix the PLMN List information element parsing loop to use the length of
the PLMN List instead of the length of the full 3GPP Cellular Info to
avoid unexpected matches should a new element ever be added by 3GPP.
Finally, add more debug prints from PLMN matching to make the logs
easier to understand.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpas_clear_wps() was just clearing the current wpa_s->current_ssid
pointer when removing a WPS network block which with the device was
associated. This could leave the association up even though the network
block had already been removed. Prevent this by explicitly disconnecting
from the network instead of such clearing current_ssid.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Adding a new wpa_supplicant control interface for the dedicated
P2P_DEVICE would be quite confusing for programs that manage P2P
operations. Remove this control interface and require the global control
interface to be used since it will provide consistent interface for both
the new dedicated P2P_DEVICE (non-netdev) and old style P2P management
through a netdev.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit c68f6200a7 made these calls
conditional on !p2p_mgmt, but forced p2p_mgmt=1 for cases where the
driver does not use the dedicated P2P Device. Fix this by making the
!p2p_mgmt condition apply only if the driver does indicate use of a
dedicated P2P Device.
Signed-hostap: Jouni Malinen <j@w1.fi>
The interface name for the P2P group interface is derived from the
P2P management interface. When the P2P management interface is a
P2P Device interface, i.e., p2p-dev-wlanX, the name for the group
interface is abbreviated to p2p-X (X being group index). When the
P2P management interface starts with p2p-dev- use its postfix
instead. So P2P management interface p2p-dev-wlan3 results in group
interface name p2p-wlan3-0.
Signed-hostap: Arend van Spriel <arend@broadcom.com>
If the capability flag of the driver indicates a dedicated P2P Device is
supported, a P2P Device interface is created.
Create the P2P Device in main interface creation loop when the added
interface flags support and P2P supplicant is not yet initialized
avoiding recursion of add_interface.
Do not register l2_packet for P2P Device interface (both for EAPOL and
for TDLS).
Signed-hostap: Arend van Spriel <arend@broadcom.com>
Setting p2p_no_group_iface means 'use P2P management interface as P2P
connection interface' because it attempts to change the interface type.
The P2P_DEVICE is a dedicated interface and can not be changed. As such
ignore the configuration option.
Signed-hostap: Arend van Spriel <arend@broadcom.com>
When using OpenSSL with TLS-based EAP methods, wpa_supplicant can now be
configured to use OCSP stapling (TLS certificate status request) with
ocsp=1 network block parameter. ocsp=2 can be used to require valid OCSP
response before connection is allowed to continue.
hostapd as EAP server can be configured to return cached OCSP response
using the new ocsp_stapling_response parameter and an external mechanism
for updating the response data (e.g., "openssl ocsp ..." command).
This allows wpa_supplicant to verify that the server certificate has not
been revoked as part of the EAP-TLS/PEAP/TTLS/FAST handshake before
actual data connection has been established (i.e., when a CRL could not
be fetched even if a distribution point were specified).
Signed-hostap: Jouni Malinen <j@w1.fi>
In wpa_supplicant_deinit(), the function wpas_p2p_deinit_global()
was called. Remove it as it will be called from wpas_deinit_iface()
upon removal of the P2P management interface.
Signed-hostap: Arend van Spriel <arend@broadcom.com>
Add "StaAuthorized" and "StaDeauthorized" D-Bus interface in AP mode.
After enabling the AP mode of wpa_supplicant, the other process need to
get the MAC address and authorization status of every station, so
wpa_supplicant emits signal when the station is authorized or
deauthorized.
Signed-hostap: Chengyi Zhao <chengyix.zhao@gmail.com>
Add AVG_RSSI report to the signal_poll command if it is reported by
the kernel.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
11b rates removal have had impact on SoftAP functionality in
wpa_supplicant. This patch verifies that only in case of P2P group
operation 11b rates will be eliminated. Refer also to commit
4c2c302893.
Signed-hostap: Alexander Bondar <alexander.bondar@intel.com>
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
There is not much use for enabling WPA without WPA2 nowadays since most
networks have been upgraded to WPA2. Furthermore, the code size savings
from disabling just WPA2 are pretty small, so there is not much
justification for maintaining this build option. Remove it to get rid of
undesired complexity.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If the driver wrapper supports best operation channel indication, the
p2p_group_add command can now use special values (freq=2 and freq=5) to
indicate that the re-invoked persistent GO is to be started on the
specified band.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to get wpa_supplicant into clean state during testing if
a test case triggers countermeasures.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Enable tab completion for the cases where ifname= prefix is used in
interactive mode by skipping over that prefix before running through the
per-command completion routines. The ifname= prefix itself is also
covered by adding the possible interface names to the command list.
Signed-hostap: Jouni Malinen <j@w1.fi>
Strip out the IFNAME=<ifname> prefix from commands before parsing them
through the normal processing and then add the prefix back to the
beginning of the actual control interface command to make per-interface
commands work through the global control interface without having to use
the 'raw' command.
Signed-hostap: Jouni Malinen <j@w1.fi>
Define a proper event prefix and include additional information to allow
ESS Dissassociation Imminent event to be used in a wpa_cli action
script.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This makes ENABLE_NETWORK behave similarily to SELECT_NETWORK by
allowing a scan to be skipped if recent scan results are available.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_s->pending_bssid is all zeros during connection attempt when
driver-based BSS selection is used. Take this into account when
determining whether new scan results should trigger a connection based
on wpa_s->current_ssid, i.e., a connection attempt with the selected
network instead of selected BSS.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When STA interface is connected and P2P interface gets invited in a
different channel from previous P2P group, the invitiation would fail
because of no common channel found. Fix this by using different logic
when device support multi channel concurrency.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The five second timeout for GAS queries is excessive and can result in
long waits in cases where APs are either misconfigured or frames are
lost.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This makes the design more robust against unexpected duplicates since
each new GAS exchange gets a different dialog token compared to the
previous one.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like it may be possible for an older GAS response to get retransmitted
even after the first copy has been processed. While this should not really come
up all the way to wpa_supplicant due to sequence number being same (i.e.,
duplicate detection should from the frame), some cases have been observed where
this did cause issues. Drop such a frame silently without dropping the ongoing
GAS session to allow a frame with the next frag_id to be processed after this.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This can be useful for some test cases, so allow wpa_supplicant to be
built with special test functionality to expose the current (last
configured) GTK. This is disabled by default and can be enabled by
adding following line into .config:
CFLAGS += -DCONFIG_TESTING_GET_GTK
The GTK can then be fetched with "wpa_cli get gtk".
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The P2P management operations like P2P_FIND and P2P_CONNECT are not
really specific to any network interface. These are P2P Device level
operations that are in more global device context. Allow those to be
sent through the global control interface without IFNAME parameter.
For now, these commands are directed within wpa_supplicant to the
network interface that initialized the global P2P context. This may
change in the future if a special context is added for P2P operations.
Anyway, such changes can now be done internally within wpa_supplicant
without affecting this global control interface design from external
view point.
Signed-hostap: Jouni Malinen <j@w1.fi>
These events are sent as a special case to both the group interface and
"parent interface" (i.e., the interface that was used for managing P2P
negotiation). The latter is not really correct event, so get rid of it
with the new global control interface design where there is no need to
support legacy upper layer implementations.
Signed-hostap: Jouni Malinen <j@w1.fi>
This removes the "IFNAME=<ifname> " prefix from P2P events that are
received through the global control interface since these events are not
really specific to any network interface, but the full device.
Signed-hostap: Jouni Malinen <j@w1.fi>
Replace direct wpa_msg() calls with p2p_dbg(), p2p_info(), and p2p_err()
calls that use a new debug_print() callback to handle actual debug
printing outside the P2P module.
Signed-hostap: Jouni Malinen <j@w1.fi>
This removes wpa_ctrl.h dependency from src/p2p/* and makes the P2P
events more consistent, i.e., everything that is aimed for upper layer
processing from the wpa_supplicant control interfaces is generated in
p2p_supplicant.c.
Signed-hostap: Jouni Malinen <j@w1.fi>
This function can be used instead of wpa_msg() and wpa_msg_ctrl() to
indicate that an event is not specific to a network interface.
Signed-hostap: Jouni Malinen <j@w1.fi>
The ATTACH/DETACH mechanism to request event messages from
wpa_supplicant can now be used through the global control interface,
too. This results in events from all interfaces being delivered through
a single monitor socket. "IFNAME=<ifname> " prefix is used on events
that are specific to an interface.
Signed-hostap: Jouni Malinen <j@w1.fi>
This can be used to implement filtering of channels for scan and based
on that, for connection, purposes.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This updates hostapd to build using the new keystore header file
location and adds a note that the old frameworks/base/cmds/keystore can
be removed at some point in the future when old Android releases do not
need to be supported.
Signed-hostap: Jouni Malinen <j@w1.fi>
The wpa_supplicant global control interface parameter can now be used to
explicitly specify an abstract UNIX domain socket (Linux specific
extension) with "@abstract:" prefix and an Android control socket with
"@android:" prefix.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is mostly a corner case at this point, but if wpa_cli was started
with global control interface connection (-g) and interactive mode,
per-interface control interface was tried to be opened with the
previously opened global ctrl_iface connection gettign leaked.
Signed-hostap: Jouni Malinen <j@w1.fi>
The optional -G<group> command line argument can be used to specify the
group that can access the global control interface.
Signed-hostap: Jouni Malinen <j@w1.fi>
"IFNAME=<ifname> " prefix can now be used on the wpa_supplicant global
control interface to direct a command to a specific interface instead of
having to use an interface specific control interface for this. This
allows a single socket to be used for controlling multiple virtual
interfaces.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 21d996f775 added p2p_pref_chan as a
configuration file parameter, but included only the case of dynamically
setting this at runtime through the control interface SET command.
Complete this functionality by taking this value into use directly from
the configuration file, too.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
By default, dbus_connection_dispatch() will call _exit() if the bus
connection has been closed. This caused wpa_supplicant to terminate
without properly cleaning up after itself.
To ensure that we terminate cleanly when the messagebus terminates,
override the exit_on_disconnect behavior and install a filter to handle
libdbus's "Disconnected" signal.
[Bug 474]
Signed-hostap: Daniel Gnoutcheff <daniel@gnoutcheff.name>
The new control interface command can be used to send a
BSS Transition Management Query frame to the current AP.
Signed-hostap: Vinayak Kamath <vkamat@codeaurora.org>
The WPS provisioning case does not result in successful connection by
design and as such, this can result in networks getting temporarily
disabled. Avoid this by clearing the failure counts on WPS success.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Instead of just adding the new network, prefer the network learnt from a
configuration token during the first connection attempt. This makes the
WPS NFC case behave similarly to the in-band provisioning cases if there
are more preferred networks in the scan results.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up debug log by not trying to process the disconnection
event as a failure that could result in blacklist addition and auto
connect attempt. These are pointless operations since the interface is
going to removed immediately after this.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up debug log by not requesting the auto connect on
dissassociation event if we are already in disconnected state and would
not try to connect anyway.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
There is no point in marking a BSS temporarily blacklisted based on a
connection failure or disconnection case if that happens as a result of
a local request to disconnect. The blacklist entry could result on
unexpected BSS getting selected on the next connection attempt. In
addition, the code to try to find another BSS within the ESS could
result in scanning a single channel on the next attempt. Fix these
issues by handling the connection failure events only if we are not in
disconnected state (i.e., would try to reconnect after this
automatically).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Scanning can delay concurrent operations considerably, so it is better
to avoid that while trying to connect on any of the virtual interfaces
that share the same radio.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If a VIF is already associated, then only scan on the associated
frequency if user requests such. This is a big help when using
lots of virtual stations.
Signed-hostap: Ben Greear <greearb@candelatech.com>
Signed-off-by: Ben Greear <greearb@candelatech.com>
In the systemd interface templated the alias entry was specified
with wlan0 hard coded. Changing it to %i in this patch. [Bug 477]
Reported-by: zg <ml@mail.tsaitgaist.info>
Signed-hostap: Arend van Spriel <arend@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
cfg80211 rejects the set_key operations before the IBSS network has been
fully formed, so add one more attempt to set the key for WPA-None at
IBSS joined driver event.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need to repeat the driver capability fetch for each
operation since we already cache driver flags in wpa_s->drv_flags.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new sched_scan_interval parameter can be used to set the default
sched_scan interval, e.g., for power saving purposes.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The use of AID=1 for the nl80211 dummy STA case is specific to the
driver (cfg80211), so better move this into the driver wrapper instead
of generic TDLS implementation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The information of the peer's AID is required for the driver to
construct partial AID in VHT PPDU's. Pass this information to the driver
during add/set station operations (well, as soon as the information is
available, i.e., with set station operation currently).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The Hotspot 2.0 specification seems to mandate this element to be
included in all (Re)Association Request frames if the station is Hotspot
2.0 capable. However, that results in conflicts with other requirements
like no TKIP use when this element is present. The design is really
supposed to include the indication element only for Hotspot 2.0
associations regardless of what the current specification implies.
Remove the HS 2.0 Indication element from (Re)Association Request frame
whenever the connection is not for Hotspot 2.0 purposes.
Signed-hostap: Jouni Malinen <j@w1.fi>
This makes tab completion work better in cases where wpa_cli is started
after wpa_supplicant has already discovered BSSes.
Signed-hostap: Jouni Malinen <j@w1.fi>
