Track set_key operations per-key index and clear keys on disconnection
only if the key was set (or may have been set which is the case for the
first operation after wpa_supplicant start).
Signed-hostap: Jouni Malinen <j@w1.fi>
If the BSS table within wpa_supplicant is flushed, request the driver to
flush its own scan result table during the next scan. This can avoid
unexpected old BSS entries showing up after BSS_FLUSH or FLUSH command
in cases where the driver may maintain its internal cache of scan
results (e.g., cfg80211 BSS table persists at least for 15 seconds).
In addition to doing this automatically on BSS_FLUSH/FLUSH, a new SCAN
command argument, only_new=1, can be used to request a manual scan
request to do same. Though, it should be noted that this maintains the
BSS table within wpa_supplicant. BSS_FLUSH followed by SCAN command can
be used to clear all BSS entries from both the driver and
wpa_supplicant.
Signed-hostap: Jouni Malinen <j@w1.fi>
These old driver wrappers have been removed quite some time ago, but
some of the build configuration notes were still describing how they
are configured.
Signed-hostap: Jouni Malinen <j@w1.fi>
The 100 ms timeout to clear WPS state after EAP-Failure has been
received worked otherwise fine, but it opened a race condition on
another WPS operation starting within that wait. If that happens, the
timeout will cancel that new operation unexpectedly. Fix this by
cancelling the timeout from wpas_clear_wps().
Signed-hostap: Jouni Malinen <j@w1.fi>
The P2P_PRESENCE_REQ command did not give any easily available
indication of the response received from the GO. Make this more useful
by providing such response (if received) as a ctrl_iface monitor event
(P2P-PRESENCE-RESPONSE).
Signed-hostap: Jouni Malinen <j@w1.fi>
These were somewhat more hidden to avoid direct use, but there are now
numerous places where these are needed and more justification to make
the extern int declarations available from wpa_debug.h. In addition,
this avoids some warnings from sparse.
Signed-hostap: Jouni Malinen <j@w1.fi>
WPA_CIPHER_* and CIPHER_* are used for the exact same set of cipher
suites with the main difference being that the WPA_CIPHER_* version is
suitable to be used as a bitfield. Similarly, WPA_KEY_MGMT_* and
KEY_MGMT_* have similar design for AKMs. There is no need to maintain
two separate copies of the definitions since the bitfield compatible
version can be used for both needs. Get rid of the CIPHER_* and
KEY_MGMT_* versions to clean up the implementation by getting rid of
unnecessary mapping functions.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new cred block parameter 'temporary' can be used to indicate that a
cred block is not to be saved to wpa_supplicant configuration file
(e.g., "SET_CRED 0 temporary 1"). This is similar to the concept of
temporary network blocks and allows cred blocks to be managed outside
the wpa_supplicant config file when other parameters are still saved to
the file written by wpa_supplicant.
Signed-hostap: Jouni Malinen <j@w1.fi>
The option of handling upper layer P2P management operations within the
driver/firmware was originally planned to be used with wpa_supplicant,
but this has not really happened and there is no clear sign of this
being needed in the near term either. This functionality has not been
completed and it is certainly not being kept up-to-date or tested. As
such, it is best to remove it for now and if this or something similar
is needed in the future, it can be brought back once a clear need for it
has been demonstrated first.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, the shorter scan interval was already in use for the
connection following the provisioning step, but same optimization can
also be used for the pre-provisioning scan.
Signed-hostap: Jouni Malinen <j@w1.fi>
This driver event was used separately for some Action frames, but all
the driver wrappers converted to this from information that would have
been enough to indicate an EVENT_RX_MGMT event. In addition, the
received event was then converted back to a full IEEE 802.11 management
frame for processing in most cases. This is unnecessary complexity, so
get rid of the extra path and use EVENT_RX_MGMT for Action frames as
well as other management frame subtypes.
Signed-hostap: Jouni Malinen <j@w1.fi>
The earlier changes to buffer EAPOL frames when not associated to avoid
race conditions (especially commit
3ab35a6603 but maybe something even before
that) broke PeerKey 4-way handshake. Fix this by using a separate check
before the race condition workaround to process PeerKey 4-way handshake
EAPOL-Key messages differently.
Signed-hostap: Jouni Malinen <j@w1.fi>
P802.11-REVmc clarifies that the Target BSSID field is always present
hen status code is zero, so match that requirement.
Signed-hostap: Jouni Malinen <j@w1.fi>
This commit adds few more debug prints to log the RSSI information from
the scanned BSSIDs and the current connected BSSID when comparing
neighbor results during WNM Transition Management Request processing.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, WPS credential provisioning removed duplicated network
entries only if they had identicical SSID, security parameters, and the
keys. However, it is possible that the AP has changes its keys and
leaving the old entry behind can result in connectibity issues (e.g.,
with 4-way handshake failing due to use of the old PSK). Fix this by
allowing the old network entry to be removed even if the keys
(passphrase, PSK, WEP keys) are different.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to enable various testing parameters and
functionality in build configuration.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Since the AP is expected to be available, there is no need to wait for
the full five second wait between scans during WPS connection. This
speeds up cases where the first scan misses the AP for some reason.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It may not always be desirable to trigger reassociation or network
change based on scan results from externally to wpa_supplicant trigger
scan operations. Skip network selection and roaming determination if the
received scan result is known to be triggered by something external to
wpa_supplicant. The control interface SCAN command can be used to
request wpa_supplicant to determine the best network.
Signed-hostap: Jouni Malinen <j@w1.fi>
This avoids some unnecessary attempts to request the driver to start a
scan while it is still busy with the scan operation that was started by
an external program.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows users of wpa_supplicant control interface to figure out when
their specific scan command has been started and completed. For example:
CTRL-EVENT-SCAN-STARTED
> scan freq=2412,2417 passive=1 use_id=1
3
CTRL-EVENT-SCAN-RESULTS
CTRL-EVENT-SCAN-STARTED id=3
CTRL-EVENT-SCAN-RESULTS id=3
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows external programs to request wpa_supplicant to execute
a passive scan (i.e., do not send any Probe Request frames).
Signed-hostap: Jouni Malinen <j@w1.fi>
This parameter was not really used for anything else apart from a debug
message in the same function that set it. In addition, cfg80211 returns
the set of scanned frequencies even for the full scan, so the code that
was setting this conditionally on frequency list not being there was not
really ever entered either.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new freq=<frequency ranges> parameter to the SCAN command can be
used to request a scan to be performed on the specified set of channels
instead of on all channels. For example, "wpa_cli scan
freq=2400-2500,5180" would scan channels 1-14 and 36. Only the channels
that the driver indicates as enabled and that are within the specified
ranges are included in the request.
Signed-hostap: Jouni Malinen <j@w1.fi>
In addition, update build rules to compile object files in the same
directory as the source code file if CONFIG_CODE_COVERAGE=y is set to
make lcov find the source code files.
Signed-hostap: Jouni Malinen <j@w1.fi>
Use an array of ciphers and a loop instead of copy-pasted copies of the
same printing functionality for each cipher.
Signed-hostap: Jouni Malinen <j@w1.fi>
This adds initial parts for supporting the new GCMP-256, CCMP-256,
BIP-GMAC-128, BIP-GMAC-256, and BIP-CMAC-256 cipher suites.
Signed-hostap: Jouni Malinen <j@w1.fi>
In wpa_supplicant_terminate_proc(), while iterating and
terminating interfaces, after an interface is terminated,
we can no longer access its memory as it is no longer valid
and causes a crash.
Fix this by saving the pointer to the next interface before freeing
the current one to avoid accessing an invalid memory location.
Signed-hostap: Moshe Benji <moshe.benji@intel.com>
This just serves to check if there was a scan within
the last 5 seconds, hence it should use monotonic time.
While at it, also use os_reltime_expired().
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
This is only used for a debug message, but that message prints
the time since the last attempt, so it should use monotonic
time instead of wall clock.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The MMIC failure code should use monotonic time to check
whether 60 seconds have elapsed or not. For type-safety,
use struct os_reltime for the timestamp variable, and
also convert to using os_reltime_expired().
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Temporarily disabled networks are disabled for a certain
duration, so the code should use monotonic time.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
GO activation can fail if the first client doesn't connect
within a certain time, but this should not be dependent on
wall time -- use monotonic time instead.
While at it, use os_reltime_expired().
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The reinit detection skips reinit when the time since the own
authentication frame TX is less than half a second, so it shouldn't
be affected by wall time and use monotonic time instead.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The EAPOL RX workaround checks that the events are less than 100 ms
apart, so only uses relative times and should use monotonic time.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The bgscan simple and learn algorithms should run regardless
of wall clock time jumps, so make them use monotonic time.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The BSS table, scan timeout, and related functionality should use
monotonic time since they care about relative values (age) only.
Unfortunately, these are all connected, so the patch can't be split
further. Another problem with this is that it changes the driver wrapper
API. Though, it seems only the test driver is using this.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The SA query timeout is just a regular timeout (currently
hard-coded to 1000 TU), so use monotonic time for it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
bgscan_learn_get_probe_freq() starts from returning the second entry in
the supp_freqs arrays. Change its logic a bit to make it start from the
first entry.
Signed-hostap: Eliad Peller <eliad@wizery.com>
In case the initial signal level of the associated BSS was above the
given threshold, bgscan_learn module would begin using the
short_interval but never switch to the long_interval as there would be
no signal change event. Make the init code poll for the current signal
level and set scan_interval accordingly. This logic exists in
bgscan_simple but was missing in bgscan_learn.
Signed-hostap: Eyal Shapira <eyal@wizery.com>
Some hw modes (e.g., 11b and 11g) contain the same frequencies,
causing the supp_freqs array to be populated with redundant entries.
Check for the existence of the freq before adding it.
Signed-hostap: Eliad Peller <eliad@wizery.com>
Stopping bgscan on any state other than COMPLETED results
in bgscan reset (stop + start) on every rekeying operation.
Signed-hostap: Eliad Peller <eliad@wizery.com>
Do not assume the driver supports QoS Mapping, but instead, advertise
support for this only if CONFIG_INTERWORKING is defined and driver
indicates support for configuring QoS Map.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 202dec2a94 introduced a never
ending loop for a case where a single wpa_supplicant process is used
with multiple radios. Fix this by advancing the iface pointer properly
to the next interface in the loop until a NULL pointer is hit.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Adds support for VHT by parsing bandwidth and center_freq{1,2}.
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Based on priority, remove the connection with least priority whenever
a frequency conflict is detected.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
This field allows adds enough information into the P2P-DEVICE-FOUND
events to figure out if the peer supports Wi-Fi Display.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Allow addition static and shared libraries to be specified from the
eap_proxy_*.mk file for Android build. In addition use $(LOCAL_PATH) as
a prefix for that Android makefile part.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
struct wpa_radio is used as a shared data structure between all struct
wpa_supplicant instances that share the same physical radio.
Signed-hostap: Jouni Malinen <j@w1.fi>
An INTERFACE_DISABLED event received on an interface that is
currently operating a P2P GO means that the group session ended.
In such a case, if the interface was dynamically added remove it, and
if not, remove all the network blocks that are temporary, assuming
that if needed a new session will be started by an external entity.
The use case was triggering rfkill (both SW and HW). This case popped up
as part of a testing cycle, where after a toggle in the rfkill state,
the result was that the interface was not deleted, but on the other hand
the wpa_supplicant did not configure the kernel to re-start the AP
functionality again.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
On scan results event if a concurrent P2P scan was triggered previously,
scan results processing is canceled, p2p_find executed, and a new sta
scan is triggered (pending scan). However, this new sta scan does not
restore the scan_req value of the previous scan (whose scan result has
been canceled).
If we are currently connected to an AP and use ap_scan=2, the new
triggered scan will cause an associtation-without-scan in
wpa_supplicant_scan:
(ap_scan == 2 & scan_req != MANUAL_SCAN_REQ)
=> wpa_supplicant_assoc_try()
causing an association error and a disconnection.
This patch fixes this issue by restoring the previous scan_req value.
Signed-off-by: Loic Poulain <loicx.poulain@intel.com>
This is a mechanism used in Android to extend driver interface in vendor
specific ways. This is included only for the purpose of Android
compatibility. Proper interface commands should be used for any new
functionality.
Signed-hostap: Jouni Malinen <j@w1.fi>
Relative time shouldn't be calculated based on gettimeofday
because that clock can jump (e.g., when the time is adjusted
by the system administrator.)
On systems where that is available, use CLOCK_BOOTTIME (on
fairly recent Linux systems, this clock takes into account
the time spend suspended) or CLOCK_MONOTONIC (on Linux and
some POSIX systems, this clock is just freely running with
no adjustments.)
Reported-by: Holger Schurig <holgerschurig@gmail.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Scan initiated from wps_nfc command context was ketp on
getting rescheduled due to an on-going scheduled scan. So
cancel sched_scan before issuing a reassociation scan.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
The shorter 250 ms wait for the next scan request can be used also for
the case of persistent group re-invocation instead of just formation of
a new group. This speeds up the process and makes this more robust
especially in cases where the GO is using MCC.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The QoS Map Set element was passed in full to the driver instead of just
the payload of the element. This resulted in the updated QoS Map being
rejected. Validate the element id/len and send only the payload to the
driver.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Only force_freq was used in the wpas_p2p_set_own_freq_preference() call
which allowed the P2P module channel re-selection to ignore the
preference for using a channel we are already using. Fix this by setting
either force_freq or pref_freq as the preference based on which one is
set. This allows p2p_ignore_shared_freq parameter to be used whether to
prefer the shared frequency in this case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need to use wpas_p2p_num_unused_channels() here in the
default configuration of p2p_ignore_sahred_freq=0, so re-order the
conditions to skip that operation. This is a bit more efficient and the
debug log is also a bit cleaner in the default case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
p2p_ignore_shared_freq=1 was supposed to allow a MCC-capable device to
ignore a preference for using the same channel on multiple interfaces.
However, it was not used when inviting a peer to re-invoke a persistent
group. This case needs special handling since the peer's channel list is
not available to perform channel reselection and the operating channel
indicated in the Invitation Request frames ends up getting used as the
operating channel if the transmitted of that frames becomes the GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
p2p_ignore_shared_freq=1 was supposed to allow a MCC-capable device to
ignore a preference for using the same channel on multiple interfaces.
However, it was not used during processing of an Invitation Request. Fix
that case to use channel preference instead of channel forcing if free
channels are available. This allows p2p_ignore_shared_freq=1 case to
ignore the preference.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It is confusing to talk about current operating channels being
unavailable for P2P when there are no current operating channels. Make
the debug message easier to understand.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It is clearer if there is only a single loop of the channel list and
shared debug prints. In addition, the note about current operating
channels not being available is quite confusing if there are no
operating group, so make that part of the message conditional.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 0d08efa447 modified
wpas_p2p_setup_freqs() design to use number of MCC channels capability
from the driver. However, it resulted in regression on how the preferred
vs. forced channel selection is done in the case of a MCC device.
force_freq was set unconditionally even though this was supposed to be
done only if no additional channels are available. pref_freq needs to be
used when possible to avoid preventing connection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
While starting from PNO start context, the scheduled scan was not
setting the flag wpa_s->scanning. This was resulting in the subsequent
SCAN command to proceed further and send command to nl80211/cfg80211.
The expected behavior of cancelling sched_scan was not happening here.
While sched_scan is in progress and a legacy scan comes on the
cli/socket, the sched_scan is cancelled and normal scan is allowed to
continue. However, sometimes sched_scan cancelled event comes a bit
delayed and we will send out the scan command before the wpa_s->scanning
is cleared. Instead, reschedule the incoming scan req if the
wpa_s->scanning shows that it is still in progress.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Add chan_switch to the control interface of wpa_supplicant and hostapd,
and also to wpa_cli and hostapd_cli.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Build CSA settings and call the driver to perform the switch. Construct
Beacon, Probe Response, and (Re)Association Response frames both for CSA
period and for the new channel. These frames are built based on the
current configuration. Add CSA IE in Beacon and Probe Response frames.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add csa_settings struct which holds parameters for CSA. Change driver
interface for switch_channel(), so that it will receive this struct and
not only the new frequency as it was before. This allows wpa_supplicant
to provide all the required parameters (beacons, proberesp, assocresp,
CSA IE) which are required by cfg80211 implementation.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This was supposed to be a minimal sample of eloop wrapper, but it is
unclear whether this is of that much use and the file has not been kept
up-to-date. Remove this file to reduce maintenance effort. The other
eloop*.c files can be used as a starting point if something new is
needed.
Signed-hostap: Jouni Malinen <j@w1.fi>
This triggers re-transmission of CTRL-EVENT-STATE-CHANGE and
CTRL-EVENT-CONNECTED events on STATUS command for Android framework
specific processing.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Commit eb32460029 left an unneeded
sim_type argument to scard_init(). Remove that unnecessary argument to
clean up the implementation.
Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
Add DBus methods for TDLS operations similar to those available
for the control interface. This includes Discover, Setup, and
Teardown commands. While here, add a method to query the TDLS
link status and add a DBus method for it.
Tested with CONFIG_TDLS enabled, on a TDLS-enabled host and
peer capable of TDLS:
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
/fi/w1/wpa_supplicant1/Interfaces/0 \
fi.w1.wpa_supplicant1.Interface.TDLSStatus string:<peer-mac-address>
yields: string "peer does not exist"
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
/fi/w1/wpa_supplicant1/Interfaces/0 \
fi.w1.wpa_supplicant1.Interface.TDLSDiscover string:<peer-mac-address>
yields no error
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
/fi/w1/wpa_supplicant1/Interfaces/0 \
fi.w1.wpa_supplicant1.Interface.TDLSSetup string:<peer-mac-address>
yields no error
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
/fi/w1/wpa_supplicant1/Interfaces/0 \
fi.w1.wpa_supplicant1.Interface.TDLSStatus string:<peer-mac-address>
yields: string "connected" after TDLS completes
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
/fi/w1/wpa_supplicant1/Interfaces/0 \
fi.w1.wpa_supplicant1.Interface.TDLSTeardown string:<peer-mac-address>
yields no error
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
/fi/w1/wpa_supplicant1/Interfaces/0 \
fi.w1.wpa_supplicant1.Interface.TDLSStatus string:<peer-mac-address>
yields: string "peer not connected"
Signed-hostap: Paul Stewart <pstew@chromium.org>
Request new scan only for the interface for which the original scan
request and results has come. Otherwise while sharing scan results along
with P2P interfaces, the new scan will be requested on P2P interfaces.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Since eloop_deplete_timeout() is doing practically same in
wpa_supplicant_req_scan(), revert the old mechanism from commit
7e1488494e to avoid unnecessary work in
this function.
Signed-hostap: Jouni Malinen <j@w1.fi>
