Some APs may send RSC octets in EAPOL-Key message 3 of 4-Way Handshake
or in EAPOL-Key message 1 of Group Key Handshake in the opposite byte
order (or by some other corrupted way). Thus, after a successful
EAPOL-Key exchange the TSC values of received multicast packets, such as
DHCP, don't match the RSC one and as a result these packets are dropped
on replay attack TSC verification. An example of such AP is Sapido
RB-1732.
Work around this by setting RSC octets to 0 on GTK installation if the
AP RSC value is identified as a potentially having the byte order issue.
This may open a short window during which older (but valid)
group-addressed frames could be replayed. However, the local receive
counter will be updated on the first received group-addressed frame and
the workaround is enabled only if the common invalid cases are detected,
so this workaround is acceptable as not decreasing security
significantly. The wpa_rsc_relaxation global configuration property
allows the GTK RSC workaround to be disabled if it's not needed.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
The SCAN TYPE=ONLY results do not trigger a connection operation
automatically. As such, there was no explicit operation that would
change wpa_state after such a scan-only operation and WPA_SCANNING state
could have been left in effect until the next operation is triggered by
an external command. This is not desirable, so restore the wpa_state
that was in use when the scan was started in case WPA_SCANNING state is
still set when the scan operation completes.
This was triggered by the following mac80211_hwsim test sequence:
dbus_wps_oom scan_trigger_failure
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, wnm_deallocate_memory() was called only if we decided to
move to another BSS at the completion of an accepted BSS Transition
Management Request. This resulted in the candidate information being
left in effect for the following scan operation if we were already
associated with the preferred candidate. This could result in unexpected
behavior in the following connection attempt.
Fix this by clearing the candidate information even if we do not need to
roam to another BSS.
This was triggered with mac80211_hwsim test cases in this sequence:
wnm_bss_tm ap_track_sta_force_2ghz
Signed-off-by: Jouni Malinen <j@w1.fi>
libwpa_test1 and libwpa_test2 targets can now be used to check
libwpa_client linking for static and shared library cases respectively.
Signed-off-by: Jouni Malinen <j@w1.fi>
Building libwpa_client requires src/utils/common.c for bin_clear_free()
else loading the library fails with:
Error relocating /usr/lib/libwpa_client.so: bin_clear_free: symbol not found
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
All interface globals are now exposed as D-Bus properties of type
string, and parsed via the normal interface global parsing functions.
Signed-off-by: Dan Williams <dcbw@redhat.com>
hmac_sha256_kdf() got pulled in only if CONFIG_ERP=y is set. Fix
test_sha256() by making the test case conditional on the function being
present.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is useful for logrotate to be able to rotate the file even if the
control interface is not enabled (e.g., when using DBus).
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Linux packet socket workaround(*) has an impact in performance when the
workaround socket needs to be kept open to receive EAPOL frames. While
this is normally avoided with a kernel that has the issue addressed by
closing the workaround packet socket when detecting a frame through the
main socket, it is possible for that mechanism to not be sufficient,
e.g., when an open network connection (no EAPOL frames) is used.
Add a build option (CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y) to disable the
workaround. This build option is disabled by default and can be enabled
explicitly on distributions which have an older kernel or a fix for the
kernel regression.
Also remove the unused variable num_rx.
(*) Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596
('bridge: respect RFC2863 operational state') from 2012 introduced a
regression for using wpa_supplicant with EAPOL frames and a station
interface in a bridge.
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
Instead of trying to associate in configuration that is known to result
in the AP rejecting the association, reject the BSS candidate based on
the MFPR=1 RSN capability when STA configuration has PMF disabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
This element is required to have at least four octets of actual payload.
This was not previously verified before use and the extra buffer data
after the IE might have been used instead if a received WNM-Sleep Mode
Response frame was invalid.
Signed-off-by: Jouni Malinen <j@w1.fi>
This moves the type cast needed for the current driver interface to
ieee802_11_set_tfs_ie() to allow the WNM-Sleep parsing routines to use
const pointers.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.
Signed-off-by: Jouni Malinen <j@w1.fi>
If hostapd or wpa_supplicant is built from a git repository, add a
VERSION_STR postfix from the current git branch state. This is from "git
describe --dirty=+". VERSION_STR will thus look something like
"2.6-devel-hostap_2_5-132-g4363c0d+" for development builds from a
modified repository.
This behavior is enabled automatically if a build within git repository
is detected (based on ../.git existing). This can be disabled with
CONFIG_NO_GITVER=y in wpa_supplicant/.config and hostapd/.config.
Signed-off-by: Jouni Malinen <j@w1.fi>
Vendor specific IEs added to frame type P2P_ASSOC_RESP are saved in
the interface context, but as they are added as part of the P2P IEs,
they need to be saved in the global P2P context.
Fix this by directing vendor specific IEs added to P2P_ASSOC_RESP
frame type to the P2P context.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This makes it easier to analyze debug logs for issues related to
multiple pending Action TX frames.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Do not expire scan results entries based on scan results from a scan
that was aborted. The aborted scan did not scan all the requested
channels or SSIDs, so the fact that a BSS is missing from the scan
results does not mean it is not available.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
CTWindow was set for all AP interfaces if the driver supports it and
this parameter is set in wpa_supplicant configuration. This results in
failing to start an AP that is not a P2P GO as this setting is rejected
by the driver.
Fix that by setting the CTWindow only for P2P GO interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add a global D-Bus handler ExpectDisconnect for setting
wpa_s->own_disconnect_req flag. This flag will prevent wpa_supplicant
from adding blacklists and requesting incomplete scan upon the incoming
disconnection. This is mainly meant for a case where suspend/resume is
used and some external component knows about that and can provide the
information to wpa_supplicant before the disconnection happens.
Signed-off-by: Ningyuan Wang <nywang@google.com>
It was possible for wpa_s->own_disconnect_req to be left set to 1 from a
disconnection attempt from a prior connection. This could then prevent
proper connection failure processing with the new connection in
wpas_connection_failed(). This was triggered by the following hwsim test
case sequence: wpas_mesh_secure sae_no_ffc_by_default. In this sequence,
the SAE failure due to unsupported group did not result in proper
wpas_connection_failed() processing and retry.
Fix this by clearing wpa_s->own_disconnect_req in
wpa_supplicant_associate() before starting a new connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When one peer doesn't include a persistent group info in PD Request
the other peer shouldn't report a persistent group usage with this
peer even if such a persistent group exists locally. This condition
could be violated in the previous implementation.
In case a local persistent group exists and the
wpas_p2ps_prov_complete() function is called with persist_ssid parameter
set to NULL, wpa_supplicant reported P2PS-PROV-DONE with persist=<idx>
instead of conncap=<role> parameter.
This happened because the wpas_p2p_get_persistent() function was called
without verification whether the persist_ssid was set to NULL. In this
case the wpas_p2p_get_persistent() returns the first existing persistent
group matching the P2P Device Address without verifying the group's
SSID. After that the group ID is used as persist=<idx> parameter of
P2PS-PROV-DONE event.
Fix the issue by adding persist_ssid and persist_ssid_size verification
as a condition for the wpas_p2p_get_persistent() call.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
On successful P2P PD, report the chosen frequency in case the local
device is going to be the P2P GO, so in can later be used to instantiate
the new P2P GO, etc.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add operating channel selection and channel list processing similar to
that done when building GO Negotiation Request, i.e., consider the
currently used channels, configured channels, etc.
P2PS introduces a flow where a responder needs to provide channel data
without being previously aware of the current constraints, i.e., the
channels currently in use by other interfaces. To handle this, extend
the get_group_capability() callback to also handle channel selection
aspects of group capabilities.
In case there is an active P2P GO that is going to be used for the P2PS
PD, force its current operating frequency in the PD attributes.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Change the connection capability handling so that in case there are no
active roles, the peer has an active GO, and the advertisement supports
operation as a client, the returned connection capability is set to
client.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The code was iterating all the interfaces, and for each interface
iterated all the network blocks to count active P2P GO and P2P Client
interfaces.
Change the code to reuse wpas_p2p_get_go_group() to get a P2P GO
interface and add wpas_p2p_get_cli_group() and use it to find a
P2P Client interface, and use these objects when evaluating the
group capability.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Re-factor wpas_p2p_get_go_group() to:
1. Skip the dedicated P2P Device management interface if it is used.
2. Instead of iterating all the interface configured networks,
only access the current_ssid pointer to check if the current
interface is acting as a persistent P2P GO.
To avoid code duplication, also re-factor wpas_p2p_group_go_ssid()
to call wpas_p2p_get_go_group().
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This allows wpa_supplicant to expose internally unknown ANQP-elements in
the BSS command. For example, "ANQP_GET <BSSID> 265" can be used to
fetch the AP Geospatial Location ANQP-element and if the AP has this
information, the "BSS <BSSID>" command will include the response as
"anqp[265]=<hexdump>".
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The switch to BoringSSL broke keystore-backed keys because
wpa_supplicant was using the dynamic ENGINE loading to load
the keystore module.
The ENGINE-like functionality in BoringSSL is much simpler
and this change should enable it.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
IEEE Std 802.11-2012 13.3.1 states that the AID should be generated on
the local node for each peer. Previously, we were using the peer link ID
(generated by the peer) which may not be unique among all peers. Correct
this by reusing the AP AID generation code.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
dl_list_del() must be called before freeing the list entries. Neither of
these cases caused problems because the full list data structure was
freed, but still, it is better to do this properly.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some operations like a new scan result processing can result in large
number of wpa_supplicant control interface messages being generated.
Especially with multiple control interface monitors, this could result
in hitting the output queue length maximum and event messages getting
dropped. In worst case, that could even result in hitting ten
consecutive sendto() errors which could result in an attached monitor
socket getting detached.
Avoid this type of issues by throttling monitor event transmission based
on the output queue length. If more than half of the maximum send buffer
is used, postpone sending of following event messages until the pending
output queue has dropped below the limit.
Signed-off-by: Jouni Malinen <j@w1.fi>
The CSA channel and operating class values need to be set for all types
of channel switch (i.e., either if it's triggered by the control
interfaces or due to the GO-follows-STA flow). To do so, move the code
that sets them from the GO-follows-STA flow to the more generic
hostapd_fill_csa_settings() function.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Some management frames contain CSA counters which should be updated by
kernel. Change driver op send_mlme() allowing to send a frame,
specifying an array of offsets to the CSA counters which should be
updated. For example, CSA offsets parameters should be specified when
sending Probe Response frames during CSA period.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Channel switch notification was handled only for AP/GO interfaces. As
the notification can be sent on other interface types as well, extend
the handling to handle other interface types.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add new GO frequency move policy. The P2P_GO_FREQ_MOVE_SCM_ECSA prefers
SCM if all the clients advertise eCSA support and the candidate
frequency is one of the group common frequencies.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Do not consider moving GOs to a new channel if one of them is in the
middle of CSA. In addition, call wpas_p2p_update_channel_list() after
EVENT_CH_SWITCH is handled.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
wpas_p2p_move_go_csa() uses wpas_p2p_init_p2p_params() to select the
frequency to move to. However, it is possible that all the channels are
already used, so the selection of a new frequency would fail, although
the frequency used by the P2P GO should not be considered as used if it
is the only one using it.
To overcome this, allow the frequency selection to continue even if all
the frequencies are in use, but the frequency used by the P2P GO is not
used by any station interface.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Use channel switch mechanism to move a P2P GO to a new channel,
when required. In order to be able to reconfigure the GO channel,
split wpa_supplicant_conf_ap() function, so the frequency
configuration part can be reused to find additional CSA settings.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The readline library depends on ncurses, so it should be set before
ncurses on the linker command line to be able to be statically linked
successfully.
Signed-off-by: David du Colombier <0intro@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
This allows the binary sizes to be reduced if no support for nl80211
vendor extensions are needed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit contains the necessary changes to parallelize
distinct radio work operations which are different in type and
the band used, only when the underlying driver is capable of
supporting such simultaneous offchannel operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Allow wpa_supplicant to use vendor scan (if supported by the driver)
together with the normal nl80211 scan and handling external scan events.
Since this results in possibility of concurrent scan operations, some of
the operations related to scan results need to check more carefully when
an event is relevant for a specific interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is equivalent to the P2P_EVENT_INVITATION_RECEIVED signal on the
control interface. It can be used to sent the Invitation Received signal
to applications written using D-Bus.
Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
Fix a bug in wpas_ap_ch_switch() function, which didn't pass VHT
frequencies correctly to hostapd_event_ch_switch().
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Fix an iteration bug in get_shared_radio_freqs_data when building
freqs_data array. Only the last used-by flag was maintained instead of
making this a bitfield of all found uses.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This corrects the type of dev_passwd_id in GONegotiationRequest event.
This field is packed as DBUS_TYPE_UINT16 but in
wpas_dbus_interface_signals it was "i" which is DBUS_TYPE_INT32.
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Android platform assigns the same socket id if the socket identifier in
conf->ctrl_interface and global->params.ctrl_interface (parameter for
android_get_control_socket) point to the same Android specific control
socket. This ends up having two eloop socket handlers registered for the
same file descriptor and thus, two attempt to receive and process each
command. This can result in unexpected failure, e.g., the prefix IFNAME=
for any command is valid for global socket handler, but results in
UNKNOWN COMMAND response from the per-interface ctrl socket handler).
Since it might be possible to end up with this type of invalid
configuration in OTA upgrade, compare the socket identifiers and do not
open the ctrl socket on the respective interface if both point to same.
This allows the Wi-Fi framework to use the global control interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This was already the case for most command sequences, but it was
possible for wpa_s->reassociate to be set to 1 when CTRL-RSP-* commands
were used to set identity, password, or passphrase for EAP
authentication. In such cases, ENABLE_NETWORK issued after the
connection was completed could result in a new connection attempt
(likely reconnection back to the same BSS).
Fix this by checking whether an actual connection is already present
even if wpa_s->reassociate is set when processing the ENABLE_NETWORK
command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible for driver-based BSS selection to end up reassociating
back to the current AP. If wpa_supplicant preferred another BSS, it
would have updated the internal knowledge of the AP's WPA/RSN IE when
requesting a new connection. In the special case of existing association
and new association being with the same BSS that is different from the
wpa_supplicant preference, association event processing skipped the
WPA/RSN IE update. This could result in the following 4-way handshake
getting rejected due to incorrectly detected mismatch with AP's RSN/WPA
IE between Beacon/Probe Response frame and EAPOL-Key msg 3/4.
Fix this by updating the AP WPA/RSN IE on all association events when
driver-based BSS selection is used regardless of whether the BSSID
changes. This could also cover a theoretical case of the AP changing its
RSN/WPA IE at the very moment we try to reassociate back to the same
BSS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These prints were at DEBUG level (-d), but they can be very frequent, so
drop them to MSGDUMP (-dd). This allows the prints to be suppressed in
common debugging cases while still leaving them easily enablable to
debug control interface issues without having to enable excessive
debugging.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commands like BSS and GET_NETWORK are used in some cases very frequently
and those can increase the amount of debug information from
wpa_supplicant without significant benefit. These were logged at the
DEBUG level (-d). Move logging of such read-only commands (i.e., no new
wpa_supplicant operation is started based on it) to EXCESSIVE level
(-ddd) which was already used for the PING command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When wpa_init() in __mesh_rsn_auth_init() failed, empty rsn->auth caused
segmentation fault due to NULL pointer dereference when wpa_deinit() was
called. Fix this by checking the pointer before executing deinit steps.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The RSN IE is required by IEEE Std 802.11-2012 on SAE use case:
Table 8-262 Mesh Peering Open frame Action field format
Table 8-263 Mesh Peering Confirm frame Action field format
Add the RSN IE to these frames.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Double the buffer length from 2048 to 4096 to match the length used
currently in wpa_supplicant. This allows wpa_gui to retrieve information
for more networks than previously.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows control interface monitors to get more detailed information
in cases where wpa_supplicant-based SME receives an Authentication frame
with non-zero status code.
Signed-off-by: Jouni Malinen <j@w1.fi>
For now, there is no support for passing extended_capa pointers through
the driver_privsep.c interface from wpa_priv. Avoid leaving bogus
pointers by explicitly clearing these on both wpa_priv and
wpa_supplicant sides.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add more details into configuration comments and a runtime info message
if ap_scan=2 is used with the nl80211 driver interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds a new helper function wpa_ctrl_open2() that can be used
instead of wpa_ctrl_open() to override the default client socket
directory. Add optional -s<directory path> argument to hostapd_cli and
wpa_cli to allow the client socket directory to be specified.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, the BSS command returned an error if the WSC IE(s) in scan
results could not be parsed. This may be not ideal for all cases, to
instead of rejecting the command completely, return all other
information apart from the WPS information in such a case.
Signed-off-by: Jouni Malinen <j@w1.fi>
scan_freq and freq_list are not parsed correctly by
wpa_config_parse_int_array() if quoted.
Patch for dbus_old_handlers.c, the same change as done by Robert Shade
<robert.shade@gmail.com> for dbus_new_handlers.c in commit
99276998fa ('dbus: Do not quote scan_freq
and freq_list').
Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
While the EAPOL-Key MIC derivation was already changed from SHA256 to
SHA384 for the Suite B 192-bit AKM, KDF had not been updated similarly.
Fix this by using HMAC-SHA384 instead of HMAC-SHA256 when deriving PTK
from PMK when using the Suite B 192-bit AKM.
Signed-off-by: Jouni Malinen <j@w1.fi>
Config file is written to a temp file and then it is renamed to the
original config file. However, it is possible that the rename operation
will be commited to storage while file data will be still in cache
causing original config file to be empty or partially written in case of
a system reboot without a clean shutdown. Make this less likely to occur
by forcing the data to be written to the storage device before renaming
the file.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This allows a BSS entry to be expired if the AP has changed its SSID
while maintaining the same BSSID and we are associated with the BSS.
Previously, the same BSSID was enough to mark all BSS entries from the
BSSID as in use regardless of the SSID and as such, they could remain in
the wpa_supplicant BSS table indefinitely as long as the association
remaining.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The P2P group is not yet operating when going through GO Negotiation
exchange. Previously, an old cached scan result could be used to skip
the scan immediately after the GO Negotiation. While this is quite
unlikely to happen in practice, we can easily force a scan here now with
the generic scan_min_time mechanism. Do that to avoid any corner cases
that a previous instance of the group could have if found in cached scan
results.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The P2P group is not yet operating when going through invitation
exchange for re-invocation. Previously, an old cached scan result could
be used to skip the scan immediately after the invitation exchange.
While this may result in the fastest possible connection, it does have
some issues with cases where the GO takes some time to start up. It
would also be at least theoretically possible for some of the BSS
parameters to be different, so having a fresh scan result from the new
GO instance may be desired in any case.
Add a mechanism to skip scan results that have been last updated before
a specific point in time and as the first user for this mechanism,
require chan results to be more recent than the invitation message
exchange for the P2P Client role in persistent group re-invocation case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This new script can be used as an example of load testing for RADIUS
authentication servers. It can control multiple eapol_test processes
over the control interface to run EAP-TLS authentication. As an example,
the following commands would run eight instances of eapol_test
concurrently:
for i in 0 1 2 3 4 5 6 7; do
./eapol_test -T /tmp/eapol_test -i $i > eapol_test.log$i &
done
time ./eapol_test.py --ctrl /tmp/eapol_test --num 8 --iter 100
0: PASS 100
1: PASS 100
2: PASS 100
3: PASS 100
4: PASS 100
5: PASS 100
6: PASS 100
7: PASS 100
real 0m0.339s
time ./eapol_test.py --ctrl /tmp/eapol_test --num 8 --iter 100 --no-fast-reauth
0: PASS 100
1: PASS 100
2: PASS 100
3: PASS 100
4: PASS 100
5: PASS 100
6: PASS 100
7: PASS 100
real 0m1.876s
Signed-off-by: Jouni Malinen <j@w1.fi>
The -T<ctrl_iface> command line argument can now be used to start
eapol_test in mode where the configuration file is not needed and the
authentication operations are started through the control interface.
Network profile is also managed through the control interface in this
case. This can be used to provide more control for scripted RADIUS
authentication server testing.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new -i<ifname> command line argument can be used to specify the name
of the interface to use. This is mainly to allow unique control
interface names to be defined without having to use multiple
directories.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like BoringSSL has removed the AES_wrap_key(), AES_unwrap_key()
API. This broke wpa_supplicant/hostapd build since those functions from
OpenSSL were used to replace the internal AES key wrap implementation.
Add a new build configuration option
(CONFIG_OPENSSL_INTERNAL_AES_WRAP=y) to allow the internal
implementation to be used with CONFIG_OPENSSL=y build to allow build
against the latest BoringSSL version.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_s->scan_req needs to be set in these cases to get correct scanning
behavior. This is mainly needed for starting of AP mode operation
immediately in ap_scan=2 case.
This fixes an issue that was found with mac80211_hwsim test cases in the
following sequence: dbus_autoscan dbus_ap_scan_2_ap_mode_scan
Signed-off-by: Jouni Malinen <j@w1.fi>
If P2PS PD concludes to use default P2PS method wpas_p2p_scan_res_join()
ignores this value and tries to perform a redundant legacy PD.
Fix this by considering WPS_P2PS method too.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Ordering the units before network.target causes them to be stopped
after network.target on shutdown. This ensures that any network
filesystems will be unmounted before wpa_supplicant is killed.
Adding Wants=network.target ensures that network.target will be included
in the active dependency graph. This is typical of units which are
involved in networking setup functions.
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
This makes it easier to track the output queue state on a control
interface socket and determine what could be causing issues with running
out of space in the buffer.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
PNO was stopped by the wpa_supplicant during the connection attempts or
while handling disassociation indication. External entities, mainly, the
Android Wi-Fi framework, does not expects PNO to be stopped by other
modules. Hence, do not stop the sched_scan in these scenarios if it is
triggered externally for PNO.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant_assoc_try() would result in the currently operating AP to
get stopped if wpa_supplicant_scan() ends up getting triggered without
MANUAL_SCAN_REQ while operating an AP. With ap_scan=2, this could
resulted in unintentional stopping of AP mode operations, so check
explicitly for that case and skip the wpa_supplicant_assoc_try() call if
needed to avoid this.
Signed-off-by: Jouni Malinen <j@w1.fi>
The D-Bus Scan() handler was setting wpa_s->scan_req = MANUAL_SCAN_REQ
on the code path that used wpa_supplicant_req_scan(). However, it did
not do anything similar for the cases where
wpa_supplicant_trigger_scan() is called directly. This could result in
unexpected wpa_s->last_scan_req value and incorrect behavior especially
when using ap_scan=2 and running a scan while operating in AP mode. Fix
this by explicitly setting wpa_s->last_scan_req = MANUAL_SCAN_REQ when
using wpa_supplicant_trigger_scan() from the Scan() handler.
Signed-off-by: Jouni Malinen <j@w1.fi>
When using P2P invitation to re-invoke a persistent P2P group without
specifying the operating channel, query the driver for the preferred
frequency list, and use it to select the operating channel of the group.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
With the radio work design, it is possible for a network entry to get
disabled (e.g., DISABLE_NETWORK <id>) during the time the connect or
sme-connect radio work waits to start. Previously, only the validity of
the BSS entry and BSSID/SSID was verified when starting the actual
connection step. Add call to wpas_network_disabled() to those checks to
catch the case where the network profile is disabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When starting an autonomous GO without specifying the operating channel,
query the driver for the preferred frequency list, and use it to select
the operating channel of the GO (if supported).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When P2PS PD with default P2PS method is done, the peer that becomes GO
should authorize the client. However, P2PS specification doesn't require
the client to include its intended interface address in PD
Request/Response. As a result, the P2P Client's interface address may not
be known and any address may need to be authorized.
Previously, client's P2P Device Address was used for authorization,
which is not correct when a dedicated interface is used for P2P Client.
This is not resulting in a connection failure, however it causes a
significant delay (until WPS_PIN_TIME_IGNORE_SEL_REG elapses). Fix this
by authorizing the intended interface address, if known; or any address,
if not known.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Use NULL to indicate if the address is not available instead of fixed
00:00:00:00:00:00. wpas_p2ps_prov_complete() already had code for
converting NULL to that all zeros address for event messages.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Change P2PS P2P-PROV-SHOW-PIN/P2P-PROV-ENTER-PIN event notifications
on PD Request/Response handling to meet required P2PS behavior.
The new implemented scheme:
1. For a legacy P2P provision discovery the event behavior remains
without changes
2. P2PS PD, advertiser method: DISPLAY, autoaccept: TRUE:
Advertiser: SHOW-PIN on PD request replied with a status SUCCESS
Seeker: ENTER-PIN on PD response received with a status SUCCESS
3. P2PS PD, advertiser method: DISPLAY, autoaccept: FALSE:
Advertiser: SHOW-PIN on PD request replied with a status
INFO_CURRENTLY_UNAVAILABLE
Seeker: ENTER-PIN on Follow-on PD request with a status
SUCCESS_DEFERRED
4. P2PS PD, advertiser method: KEYPAD, autoaccept: TRUE/FALSE:
Advertiser: ENTER-PIN on PD request replied with a status
INFO_CURRENTLY_UNAVAILABLE
Seeker: SHOW-PIN on PD response received with a status
INFO_CURRENTLY_UNAVAILABLE
This change in behavior breaks the existing test cases
p2ps_connect_keypad_method_nonautoaccept and
p2ps_connect_display_method_nonautoaccept. Those will be fixed in a
followup commit.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
P2P_FLUSH command did not cleanly clear the p2p_go_avoid_freq data
structure, and left it in an inconsistent state, where the range field
was NULL but the num field was not 0. This would have resulted in an
invalid memory access in freq_range_list_includes().
Fix this.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
A P2P GO channel switch should not be triggered in all cases that
require channel list update. Specifically, a P2P GO CS should not
be triggered in case that the P2P GO state changed or in case that
that the P2P GO has just completed a CS.
To fix this, add reason code to wpas_p2p_channel_list_update() and
trigger CS flow only for the relevant cases.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
A newly created GO might move to another channel before the client was
able to connect to it. This creates a situation where the client
searches the GO on the channel agreed upon during GO Negotiation or
invitation signaling, while the GO is on another channel. This in turn
might lead to delayed connection or connection failure and group
removal.
Fix this by disallowing a GO CS as long as there is some activity that
should delay the switch. If a GO move is not allowed, set a timeout to
re-attempt the move.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Re-factor the code, so channel optimizations would be also triggered
upon the following changes: channel updates from the kernel,
disallow_freq interface, etc.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Update hardware features for all interfaces inside the loop, don't treat
the calling wpa_s instance specially. Perform the P2P channel list
updates after the hardware features are updated. This will prevent P2P
from relying on stale information.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Not all paths in wpas_p2p_init_go_params() verified that the candidate
frequency can be used for GO purposes. Fix this, and in addition
re-factor the code to put better emphasis on the frequency selection
priorities.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Remove the code that considers removing GOs from their current
channel due to frequency interference, as this is already handled
as part of the P2P channels update.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
A P2P GO interface that was instantiated after a GO Negotiation or
Invitation holds the intersection of frequencies between the GO and the
client. In case the GO is going to move to another frequency, allow it
to move only to a frequency that is also supported by the client.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Add a function to compute the group common frequencies, and
use it to update the group_common_frequencies as part of the
channel switch flows.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Upon any change in the currently used channels evaluate if a GO should
move to a different operating frequency, where the possible scenarios:
1. The frequency that the GO is currently using is no longer valid,
due to regulatory reasons, and thus the GO must be moved to some
other frequency.
2. Due to Multi Concurrent Channel (MCC) policy considerations, it would
be preferable, based on configuration settings, to prefer Same
Channel Mode (SCM) over concurrent operation in multiple channels.
The supported policies:
- prefer SCM: prefer moving the GO to a frequency used by some other
interface.
- prefer SCM if Peer supports: prefer moving the GO to a frequency
used by some other station interface iff the other station
interface is using a frequency that is common between the local and
the peer device (based on the GO Negotiation/Invitation signaling).
- Stay on the current frequency.
Currently, the GO transition to another frequency is handled by a
complete tear down and re-setup of the GO. Still need to add CSA flow to
the considerations.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This makes it possible to use these helper functions from hostapd as
well as the current use in wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This buffer is owned by the FST module, so mark it const in the
set_ies() callback to make it clearer which component is responsible for
modifying and freeing this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
NO_EVENTS parameter was added to STATUS command by commit
a6ab82d7b4 ('Android: Add NO_EVENTS
parameter to status command'). This patch adds handling of the new
parameter in wpa_cli so that "status no_events" can be used to specify
this parameter.
Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
Currently wpa_cli connects to global control interface if -i/-p
parameters are not specified. wpa_cli on global control interface
is not useful since the prefix like "IFNAME=wlan0 " needs to be
added to some commands like "IFNAME=wlan0 scan". And, specifying
-i/-p parameters every time is annoying. To improve efficiency of
debugging, this patch enables to make wpa_cli work without extra
parameters.
If you still want to connect to global control interface,
the following command can be used instead:
$ wpa_cli -g@android:wpa_wlan0 (or -gwlan0)
Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
The mesh SAE auth often fails with master branch. By bisect I found
commit eb5fee0bf5 ('SAE: Add side-channel
protection to PWE derivation with ECC') causes this issue. This does not
mean the commit has a bug. This is just a CPU resource issue.
After the commit, sae_derive_pwe_ecc() spends 101(msec) on my PC (Intel
Atom N270 1.6GHz). But dot11RSNASAERetransPeriod is 40(msec). So
auth_sae_retransmit_timer() is always called and it can causes
continuous frame exchanges. Before the commit, it was 23(msec).
On the IEEE 802.11 spec, the default value of dot11RSNASAERetransPeriod
is defined as 40(msec). But it looks short because generally mesh
functionality will be used on low spec devices. Indeed Raspberry Pi B+
(ARM ARM1176JZF-S 700MHz) requires 287(msec) for new
sae_derive_pwe_ecc().
So this patch makes the default to 1000(msec) and makes it configurable.
This issue does not occur on infrastructure SAE because the
dot11RSNASAERetransPeriod is not used on it.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Otherwise P2P remains in provisioning state and continues to skip
extended listening forever.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Allow proper update for listen_reg_class and listen_channel with
changed_parameters [CFG_CHANGED_P2P_LISTEN_CHANNEL] configuration for
command received through ctrl_interface. Without this, "set
p2p_listen_channel" and "set p2p_listen_reg_class" do not update the
listen channel. The D-Bus version was already setting these flags.
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
This variable is needed to figure out whether a wpa_supplicant interface
is for a P2P group that is (or was) connected to a specific GO. The
previous implementation was able to find such a case only when there was
an association with the GO. However, this may be needed even if there is
a temporary disconnection from the GO. Keep the GO device address
information over such temporary disconnections and only remove it on
group termination. This fixes an issue with D-Bus Peer PropertiesChanged
signals for the Groups property in case a P2P group gets removed due to
group idle timeout instead of explicit group termination command (local
request) or GO notification.
Signed-off-by: Jouni Malinen <j@w1.fi>
The P2P configuration file is wrongly set as STA configuration file,
even though a separate configuration file is mentioned with '-m' option.
Add initialization and deallocation of global.params->conf_p2p_dev to
fix this.
Signed-off-by: Gautam <gautams@broadcom.com>
The new CONFIG_NO_RC4=y build option can be used to remove all internal
hostapd and wpa_supplicant uses of RC4. It should be noted that external
uses (e.g., within a TLS library) do not get disabled when doing this.
This removes capability of supporting WPA/TKIP, dynamic WEP keys with
IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password
changes.
Signed-off-by: Jouni Malinen <j@w1.fi>
FIPS builds do not include support for MD4/MD5, so disable
EAP-TTLS/CHAP, MSCHAP, and MSCHAPV2 when CONFIG_FIPS=y is used.
Signed-off-by: Jouni Malinen <j@w1.fi>
The OpenSSL internal AES_wrap_key() and AES_unwrap_key() functions are
unfortunately not available in FIPS mode. Trying to use them results in
"aes_misc.c(83): OpenSSL internal error, assertion failed: Low level API
call to cipher AES forbidden in FIPS mode!" and process termination.
Work around this by reverting commit
f19c907822 ('OpenSSL: Implement aes_wrap()
and aes_unwrap()') changes for CONFIG_FIPS=y case. In practice, this
ends up using the internal AES key wrap/unwrap implementation through
the OpenSSL EVP API which is available in FIPS mode. When CONFIG_FIPS=y
is not used, the OpenSSL AES_wrap_key()/AES_unwrap_key() API continues
to be used to minimize code size.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds a callback function that can be used from the P2P module to
request the current preferred list of operating channels from the
driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the driver supports the preferred frequency list extension, use this
information from the driver when no explicitly configured preference
list (p2p_pref_chan) is present for P2P operating channel selection.
This commit adds this for GO Negotiation and Invitation use cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 983422088f ('nl80211: Add means to
query preferred channels') return success if no driver wrapper callback
was provided for fetching the preferred channel list. That is
problematic since the *num argument is not updated and uninitialized
freq_list could end up getting used with arbitrary frequency values. Fix
this by returning error in case the values were not available due to
driver wrapper not implementing the function. This matches the style
used in the driver_nl80211.c implementation for the case where the
driver does not support such fetch operation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Extend the QCA vendor specific nl80211 interface to query the preferred
frequency list from driver and add a new wpa_cli command to query this
information.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Upon GO Negotiation completion, if the remote peer becomes GO, send a
hint event over QCA vendor specific interface to inform the driver of
the likely operating channel of the P2P GO.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add vendor command to pass SET setband command to the driver and read
the updated channel list from driver when this notification succeeds.
This allows the driver to update its internal channel lists based on
setband configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed when enabling TLSv1.2 support for EAP-FAST since the
SSL_export_keying_material() call does not support the needed parameters
for TLS PRF and the external-to-OpenSSL PRF needs to be used instead.
Signed-off-by: Jouni Malinen <j@w1.fi>
Report the feature capability on P2PS-PROV-START and P2PS-PROV-DONE
ctrl-iface events. A feature capability value is specified as
'feature_cap=<hex>' event parameter, where <val> is a hexadecimal
string of feature capability bytes in a PD Response frame.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add a parameter allowing to specify a value of Coordination
Protocol Transport to P2PS_PROVISION and P2PS_PROVISION_RESP commands.
Extend the p2ps_provision structure to contain cpt_priority and
cpt_mask properties and initialize them on a P2PS PD request command.
The format of the parameter:
cpt=<cpt>[:cpt]
where <cpt> is CPT name e.g. UDP or MAC. The CPT names are listed
according to their preferences to be used for a specific P2PS session.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Add Coordination Transport Protocol parameter to P2P_SERVICE_ADD
asp command.
Extend p2ps_advertisement structure to contain CPT priorities
and a supported CPT bitmask.
The format of the new parameter:
cpt=<cpt>[:<cpt>]
where <cpt> is a name of the Coordination Protocol Transport.
This implementation supports two CPT names: UDP and MAC.
The order of specified CPTs defines their priorities where
the first one has the highest priority.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Do not allow wpa_s->fst to be replaced when processing FST-ATTACH
command for an interface that has already been attached.
Signed-off-by: Jouni Malinen <j@w1.fi>
Try to exit more quickly by avoiding execution of the action script for
any pending events if the process is requested to be killed. This may
help in avoiding hitting the two second SIGALRM workaround in eloop in
case some of the action scripts block for long period of time.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This header file is needed to get struct fst_iface_cfg and struct
fst_wpa_obj defined. While it does currently get pulled in through
ap/hostapd.h and ap/ap_config.h, a more explicit inclusion may be a
cleaner option for future.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This new mechanism can be used to combine multiple periodic AP
(including P2P GO) task into a single eloop timeout to minimize number
of wakeups for the process. hostapd gets its own periodic caller and
wpa_supplicant uses the previously added timer to trigger these calls.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, one timeout per process (by default every 30 seconds) was
used P2P peer expiration and another per-interface timeout (every 10
seconds) was used to expire BSS entries. Merge these to a single
per-process timeout that triggers every 10 seconds to minimize number of
process wakeups due to periodic operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The caller is not expected to free or modify the value since this is
returning a reference to a buffer maintained by the upper layer.
Signed-off-by: Jouni Malinen <j@w1.fi>
This command allows network variables to be copied from one network to
another when the networks belong to different radios. This is similar to
the per-interface DUP_NETWORK command. On the global control interface,
the command syntax is as follows:
DUP_NETWORK <src ifname> <dst ifname> <src network id> <dst network id> <variable name>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit implements hostapd global control interface notifications
infrastructure. hostapd global control interface clients issue
ATTACH/DETACH commands to register and deregister with hostapd
correspondingly - the same way as for any other hostapd/wpa_supplicant
control interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new phase1 config parameter value tls_disable_tlsv1_0=1 can now be
used to disable use of TLSv1.0 for a network configuration. This can be
used to force a newer TLS version to be used. For example,
phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1" would indicate that
only TLS v1.2 is accepted.
Signed-off-by: Jouni Malinen <j@w1.fi>
A typo in wpa_scan_result_compar() caused wrong scan results sorting
(and wrong roaming decision). This fixes a copy-paste regression
introduced by commit a1b790eb9d ('Select
AP based on estimated maximum throughput').
Signed-off-by: Maital Hahn <maitalm@ti.com>
If a device may be an explicit GO, it adds the GO details in the PD
Request. First, we try to reuse an active GO. If it is not present, we
try to reuse a non-active persistent group. In the latter case, if a
dedicated P2P interface is needed, the intended address should be that
of the pending interface. However, the wpas_get_go_info() provided the
ssid->bssid address, which is the address of the P2P device. This might
result in an incorrect intended interface attribute in the PD Request in
case a separate group interface is used.
Fix this by setting group_iface variable to true only if a dedicated
interface should be used and set the attribute accordingly.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Validate the PD Response frame contents more thoroughly when it is used
for P2PS.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
When persistent group is used and the peer is GO in this group,
intended interface attribute should be added to PD request/response.
Not doing so violates the spec.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
If after P2PS PD the device should become a GO it sends P2PS-PROV-DONE
event which contains the GO interface name. If the GO isn't running yet
the device may use pending interface name. However, when the GO is
started, pending interface name will be removed.
Fix the GO interface name in P2PS-PROV-DONE event by copying the
interface name instead of saving the pointer.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Call wpas_p2p_create_iface() instead of just checking p2p_no_group_iface
config value. Not doing so, resulted in an incorrect behavior when the
driver sets WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE flag.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
The IPv4 header after the Ethernet header is not 32-bit aligned and the
previous version ended up accessing 32-bit members at misaligned
addresses.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 38279bdb35 ('D-Bus: Coding style
cleanup') handled the dbus_new_handlers.c change properly, but misplaced
the second 'const' in dbus_old_handlers.c in a way that resulted in
duplicated const rather than marking the actual value const.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new TEST_FAIL and GET_FAIL control interface commands can be used
similarly to the earlier TEST_ALLOC_FAIL/GET_ALLOC_FAIL design. The new
version is more generic framework allowing any function to be annotated
for failure testing with the TEST_FAIL() macro. This mechanism is only
available in builds with CONFIG_WPA_TRACE_BFD=y and
CONFIG_TESTING_OPTIONS=y. For other builds, the TEST_FAIL() macro is
defined to return 0 to allow the compiler to remove the test code from
normal production builds.
As the first test site, allow os_get_random() to be marked for failing
based on call backtrace.
Signed-off-by: Jouni Malinen <j@w1.fi>
Do not allow 40 MHz co-ex PRI/SEC switch to force us to change our PRI
channel if we have an existing connection on the selected PRI channel
since doing multi-channel concurrency is likely to cause more harm than
using different PRI/SEC selection in environment with multiple BSSes on
these two channels with mixed 20 MHz or PRI channel selection.
Signed-off-by: Jouni Malinen <j@w1.fi>
In p2p_find command line processing a loop searching for multiple
'seek=' parameters modifies cmd buffer adding '\0' terminators.
The 'freq=' parameter is handled after that and can be
lost if a 'freq=' follows 'seek=' in a command line.
Fix it by moving a handling of 'freq=' parameter to be processed
before 'seek=' handling loop.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
This provides more information to upper layer programs on what happens
with connection attempts in cases where the enabled networks are not
found in scan results.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
If BOARD_HOSTAPD_PRIVATE_LIB is not used on an Android build, we will
need to replace both the p2p functions *and* wpa_driver_nl80211_driver_cmd
in order to successfully link. Let's make the name more generic so it is
more obvious what it is used for.
Suggested-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Kevin Cernekee <cernekee@google.com>
This check explicitly for reflection attack and stops authentication
immediately if that is detected instead of continuing to the following
4-way handshake that would fail due to the attacker not knowing the key
from the SAE exchange.
Signed-off-by: Jouni Malinen <j@w1.fi>
The variables here are unsigned and as such, cannot have a negative
value. Use == 0 instead of <= 0 to make this cleaner.
Signed-off-by: Jouni Malinen <j@w1.fi>
This gets rid of a static analyzer warning. The actual value for
WpaGuiApp::w will be set after the constructor has returned, so this
value was not really used uninitialized.
Signed-off-by: Jouni Malinen <j@w1.fi>
These configuration parameters did not use matching printf format string
parameters (signed vs. unsigned). While these configuratin values are,
in practice, small unsigned integers, the implementation should use
matching types to write these.
Signed-off-by: Jouni Malinen <j@w1.fi>
The sae_groups parameter is zero terminated array, not -1 terminated, so
must check the value against <= 0 to break out from the loop.
Signed-off-by: Jouni Malinen <j@w1.fi>
As far as IEEE 802.11 standard is concerned, WEP is deprecated, but at
least in theory, allowed as a group cipher. This option is unlikely to
be deployed anywhere and to clean up the implementation, we might as
well remove all support for this combination.
Signed-off-by: Jouni Malinen <j@w1.fi>
Call the FT processing function directly instead of going through
wpa_supplicant_event() to process FT Authentication frame in SME case.
This allows parsing error to be used to trigger immediate failure for
the connection instead of trying to proceed to reassociation step that
cannot succeed.
Signed-off-by: Jouni Malinen <j@w1.fi>
In case of a network interface removal, check if the interface
was also the parent interface of the P2P Device dedicated interface.
If this is the case, then stop the P2P Device functionality, and
remove the P2P Device dedicated interface.
In case that the interface is added again and P2P Device
functionality can be enabled again, add a new P2P Device dedicated
interface and allow further P2P Device functionality.
In case that the P2P Device dedicated interface is re-created, the
original P2P Device configuration file is needed, so store it in
the global params (instead in the wpa_interface configuration).
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
p2p_ctrl_group_add() takes care of various configuration options (such
as ht/vht) before calling wpas_p2p_group_add(), so use it (just like
when P2P_GROUP_ADD is called with additional params).
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Parse each parameter individually and combine all the function calls.
This will allow further patch to call it with no parameters (currently
this might result in failure).
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
wpas_p2p_get_ht40_mode() used blacklist approach (bw != BW20) to find
the relevant op_class, but didn't take into account other non-BW40
cases, like BW80, that had been added to the bw enum after the initial
implementation. Fix this by looking for the specific BW40 bw cases.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
This is equivalent to the P2P_REMOVE_CLIENT command on control
interface. This can be used to remove the specified client [as object
path or string format interface address] from all groups (operating and
persistent) from the local GO.
Argument(s): peer[object path] OR iface[string format MAC address]
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Jijo Jacob <jijo.jacob@samsung.com>
PBC overlap detection searches for another BSS with active PBC in the
BSS table. However, when a separate P2P interface is used, scan results
without P2P IE are not saved in the BSS table, so non-P2P BSS's with
active PBC will not be detected.
Fix this by iterating only the WPS AP array instead of the BSS table.
This is also more efficient since only WPS APs may have active PBC. This
also fixes hwsim test "grpform_pbc_overlap" when a dedicated P2P Device
is used.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Previously the wpa_s->parent interface was used, which is not
necessarily the P2P Device management interface.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Only the first seek=<service name> parameter was accepted from the
P2P_FIND command. Fix this to go through all seek parameters to
construct the list of service hash values to seek.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 4be9f27595 ('wpa_cli: Use eloop
during connection attempts in interactive mode') did not take into
account the needs for signal processing in action mode. eloop_run() was
not called in this case and the internal select() loop would block eloop
processing anyway and prevent clean shutdown. Fix this by using eloop
for action mode operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The control interface commands may include passwords or other private
key material, so clear it explicitly from memory as soon as the
temporary buffer is not needed anymore.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for a P2P group formation failure to result in a
concurrent station mode operation getting disconnected in the specific
error case where group interface addition fails after a successful GO
Negotiation. Fix this by skipping the wpas_p2p_group_delete() call in
this specific case since the group interface does not exists anymore at
the point wpas_group_formation_completed() gets called.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If the RX frequency of the Probe Request frame is known, specify it when
sending the Probe Response frame. This is needed when the Probe Request
frame is received on another virtual interface, for example, when a GO
or P2PS client are discoverable on the group operating channel.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
Change send_mlme() API to allow sending management frames on a specific
channel, overriding the internal driver decision.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
1. Add global p2p_cli_probe property to enable/disable Probe Request
frame RX reporting for connected P2P Clients. The property can be set to
0 - disable or 1 - enable. The default value is 0.
2. Enable Probe Request frame RX reporting for P2P Client on
WPA_COMPLETED state if p2p_cli_probe property is set to 1. Disable it
when an interface state is changing to any other state.
3. Don't cancel Probe Request frame RX reporting on wpa_stop_listen for
a connected P2P Client handling Probe Request frames.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
In some cases, Probe Request frames can be received by a peer not only
on a listen channel. In this case an additional rx_freq parameter
explitly contains a Probe Request frame RX frequency. In case rx_freq is
set to 0, a Probe Request frame RX channel is assumed to be our own
listen channel (p2p->cfg->channel).
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
It is possible for P2P_CONNECT-join command to be issued on a GO's P2P
Interface Address before the P2P peer entry is available to map this
into the GO's P2P Device Address. This could result in the join
operation failing to continue after receiving PD Response due to the
address mismatch (source address = P2P Device Address while only the P2P
Interface Address is known). Fix this by updating the pending join P2P
Device Address based on the BSS entry, if needed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This has same behavior as the ctrl_iface RECONNECT command.
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Add operating class 125 (channels 149..169) to the list of P2P supported
channels. This allows the 5 GHz channels 161 and 169 to be used for P2P
GO when those channels are allowed for AP mode in the current regulatory
domain.
Signed-off-by: Amr BEN ABDESSALEM <amrx.ben.abdessalem@intel.com>
Remove all gas-query radio works before calling gas_query_deinit()
as gas_query_deinit() flow frees the query context, which might
be later be accessed from the radio work callback (and result
with unexpected behavior, e.g., segmentation fault).
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
ssid->p2p_persistent_group was left to its old value when changing a
network profile to/from P2P persistent group type (disabled=2). This
could result in unexpected behavior when using an incomplete persistent
group profile. This was mainly visible through D-Bus network profile
handling where a persistent group would not be unregistered insome
cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Instead of an int variable with magic values 0, 1, 2, use an enum that
gives clearer meaning to the values now that the original boolean type
global argument is not really a boolean anymore.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This fixes some issues where a disconnection event may get ignored if an
earlier operation to remove or disable a network resulted in an attempt
to disconnect event though no connection was in place.
wpa_s->current_ssid != NULL alone is not sufficient to determine that
there will be a driver event notifying completion of such disconnection
request. Set own_disconnect_req to 1 only if wpa_s->wpa_state is also
indicating that there is a connection or an attempt to complete one.
This showed up in a failure, e.g., when running the hwsim test case
scan_int followed by ap_vlan_wpa2_psk_radius_required where the latter
ended up not processing a connection failure event and getting stuck not
trying to run a new scan and connection attempt.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds support for Qt5 while still preserving support for building
with Qt4. The same source code builds with both Qt versions now. The
functionality should be identical.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Add GO Intent information of connecting device in GO Negotiation Request
event which will help applications to decide its own GO intent value in
advance and can avoid failure cases when both devices use GO Intent 15
depending on application requirement.
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Support a request to scan specific SSIDs given by user with the SCAN
command. The SSID list can be suffixed to the scan command as follows.
For example, if SSIDs "ABC" and "abc123" need to be specifically
scanned, the command should be "SCAN ssid 414243 ssid 616263313233". The
value of the SSID is passed in hexadecimal representation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit adds a configurable parameter (wps_priority) to specify the
priority for the networks derived through WPS connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Allow the Manufacturer information for a found P2P peer device to be
fetched through the D-Bus interface similarly to p2p_peer <mac address>
on ctrl interface.
Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
Signed-off-by: Ashutosh Kaushik <k.ashutosh@samsung.com>
Avoid memory leak due to previous allocation for ssid->ssid. It does not
look like this is hit in normal cases, but at might be possible for the
SSID to get set if the peer is present in previous scan results and WPS
code ends up copying the SSID from there.
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Add support to compile libwpa_client.so. This can be used by external
programs to interact with the wpa_supplicant control interface. Also
rename the static version of this library to libwpa_client.a to be
consistent with the name used previous in Android builds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
A new Invitation Request might be received on a just started persistent
group if the previous Invitation Response sent isn't received at the
peer (GO of the persistent group). When the peer sends an Invitation
Request again, treat it as start of group formation and restart the
group formation timer at this point of time.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In the case of driver-based BSS selection, a bssid_hint in the connect
request might not result in to the selection of the same BSS. Thus,
postpone the updation of the wpa_s->current_bss till the association
event is received unless the BSSID is forced. This fixes issues where
wpa_s->current_bss may end up being updated to point to the BSS that
wpa_supplicant provided as a hint for a roaming case, but then not
restored if the driver decides to "return" to the current BSS instead.
This could result in some operations (e.g., WNM BSS TM response) not
working properly due to incorrect BSS being identified in
wpa_s->current_bss.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
D-Bus used the p2p_dev member in struct wpa_supplicant to track the
interface used for P2P Device operations. However, this is not needed as
the interface used for P2P Device operations is stored in struct
wpa_global->p2p_init_wpa_s.
Replace all the redirections to wpa_s->p2p_dev with redirections to
wpa_s->global->p2p_init_wpa_s and removed this member as it is no
longer needed.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This command is for a specific P2P group, not for the P2P Device
instance and as such, wpa_s pointer must not be replaced with the
interface that is used for P2P Device management.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The function used wpa_s->parent->conf to iterate the P2P networks and
update the configuration file. However, wpa_s->parent is not
necessarily the interface used to manage the P2P Device operations.
Fix this by accessing the configuration file of the interface
initialized to manage the P2P Device operations.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The function used wpa_s->parent->conf to iterate the P2P networks and
update the configuration file. However, wpa_s->parent is not
necessarily the interface used to manage the P2P Device operations.
Fix this by accessing the configuration file of the interface initialized
to managed the P2P Device operations.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
wpas_p2p_set_own_freq_preference() accessed wpa_s->parent->conf to test
if p2p_ignore_shared_freq is set, but wpa_s->parent is not necessarily
the interface used to manage the P2P Device operations.
Fix this by accessing the configuration file of the interface
initialized to manage the P2P Device operations.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
As wpas_p2p_remove_client() is not necessarily called from the interface
used to manage the P2P Device operations, when removing a client, use
the P2P management interface to iterate over the saved networks and
remove the relevant entries form the P2P GO network blocks.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Commit 1c2aa04c96 ('P2P: Do not add P2P
IEs on P2P disabled interface') removed the P2P IEs from association on
non-P2P interface. However, an AP functioning as a P2P manager needs the
cross connection capability of the station (P2P Device). This needs to
be done to meet the P2P specification requirements even if the station
interface has p2p_disabled=1 in case P2P in general is enabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 5add410162 ('WPS: Use shorter
authentication timeout during no-SelReg iteration') broke the build with
WPS disabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
While being associated, if an ANQP request is received for a different
AP that doesn't exist in the BSS list, the ANQP request will be sent on
the frequency of the AP that we are currently associated to.
In such a case, it is possible that the ANQP request would be sent on
a channel different than that of the requested AP, potentially delaying
other requests/activities.
Avoid sending the ANQP request to an AP that is not in the BSS list.
Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
Fix memory leak introduced in commit
32a097fdd2 ("wpa_cli: Keep track of
available networks") by tracking networks only when in interactive mode.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Add the TDLS_LINK_STATUS command to the control interface. This command
shows what is the status of our current TDLS connection with the given
peer. Also, add the TDLS_LINK_STATUS command to wpa_cli.
Signed-off-by: Oren Givon <oren.givon@intel.com>
Sanity check added to avoid segmentation fault which occurs, when
issuing ibss_rsn ctrl iface cmd and IBSS was not initialized previously
via IBSS network selection.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Commit c2762e410f ('P2P: Update D-Bus
network object semantics during group formation') added this helper
function to determine whether a network block is used for storing a
persistent group information. However, it implemented this in a way that
matches both persistent group storage and an operating persist group
instance. This does not seem to match the expected behavior for the
D-Bus objects, so fix this to match only the persistent group storage
case to avoid registering/unregistered incorrect D-Bus objects for
groups.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit bb3df9a569 ('notify: Do not raise
any signal from a P2P management interface') was supposed to only change
D-Bus behavior, but it ended up disabling non-D-Bus functionality as
well for some sequences where the P2P Device interface is used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 21efc940f6 ('wpa_supplicant: Do not
register a P2P management interface on DBus') hides the special P2P
management interface from D-Bus. However, it did not take into account
the possibility of wpa_s->dbus_path and wpa_s->dbus_new_path being NULL
in such cases on number of code paths within the D-Bus handlers. This
could result in invalid arguments (NULL path) being provided to D-Bus
functions (mainly, dbus_message_iter_append_basic) and NULL pointer
dereference when iterating over all interfaces. Either of these could
make wpa_supplicant process terminate.
Fix this by explicitly checking that the interface-specific D-Bus path
has been registered before using it anywhere with D-Bus handlers. In
addition, find the correct wpa_s instance to fix P2P operations through
D-Bus when the P2P Device interface is used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Handling of WPS RF band for 60 GHz was missing. Add it in all relevant
places and also map "AES" as the cipher to GCMP instead of CCMP when
operating on the 60 GHz band.
Signed-off-by: Hamad Kadmany <qca_hkadmany@qca.qualcomm.com>
Commit 5add410162 ('WPS: Use shorter
authentication timeout during no-SelReg iteration') added a new
condition on reducing the authentication timeout for the WPS AP
iteration process. However, due it ended up copy-pasting an incorrect
condition for this. This was supposed to apply for PIN-based config
method advertisement, not PBC.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, it was possible for the set_key() handler to be used with
WPA_ALG_PMK even if the driver did not indicate support for key
management offload. While this is not really supposed to result in any
difference, it makes the debug logs somewhat confusing. Avoid that by
using driver capability flag for key management offload as an additional
condition for setting the PMK.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
interworking_credentials_available_3gpp() would have left excluded2
uninitialized without INTERWORKING_3GPP in the build. This could result
in a static analyzer warning within
interworking_credentials_available_helper() about use of uninitialized
variable. Get rid of that warning by explicitly initializing excluded2
even though this does not really result in any difference in behavior
since the excluded2 value would be used only if the non-NULL is returned
and that could not have been the case here without INTERWORKING_3GPP.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for an nl80211-based driver to be determined to support
P2P even when the radio supports only the 5 GHz band. This resulted in
P2P initialization failing due to not being able to pick a social
channel and wpa_supplicant not starting. Fix this by not enabling P2P,
but still allowing wpa_supplicant initialization to complete.
Signed-off-by: Jouni Malinen <j@w1.fi>
Signal strength meter uses non-standard icons (not included in the
freedesktop icon specification), which might not be available in all
icon sets on the market. What's more, according to the latest Ubuntu
practices, in the status-like places one should use symbolic icons.
Unfortunately not all icon sets provide them.
In order to overcome this inconsistency, we are going to try to load
more than one icon from the current theme in the fallback-like
fashion.
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
By analysing objdump output some read only structures were found in
.data section. To help compiler further optimize code declare these
as const.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
When iterating through WPS APs that do not advertise Selected Registrar
TRUE, limit the authentication timeout to 10 seconds instead of the full
70 second value used with IEEE 802.1X/EAP/WPS in general. This helps
speed up AP iteration for cases where a selected AP misbehaves and does
not reply to EAP exchanges. This should not really be needed, but there
seems to be deployed APs that do not implement WPS correctly and with
such APs in the radio range, this extra timeout can speed up the
iteration to allow the correct AP to be found before the WPS operation
times out.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, wpa_supplicant was using number of scan iterations
(WPS_PIN_SCAN_IGNORE_SEL_REG = 3) to give some time for finding a WPS AP
with Selected Registrar TRUE before starting to iterate through all WPS
APs. While this works fine in most cases, some drivers may return the
initial three scan results so quickly that the total amount of time is
only couple of seconds in case none of the APs are initially advertising
Selected Registrar TRUE. To give some more time for APs (WPS Registrars)
to become ready, add an additional constraint on the iteration based on
time (WPS_PIN_TIME_IGNORE_SEL_REG = 5 seconds).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Do not add the dedicated P2P Device interface in case P2P is disabled in
the configuration file or globally.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
I needed this option to disable P2P on a buggy system.
Document this so someone else finds it quicker next time.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the element is of fixed length.
Signed-off-by: Jouni Malinen <j@w1.fi>
Should there not be enough room in the output buffer, the
bss_basic_rate_set line would not be printed. This error case was
handled otherwise, but the temporary memory allocation for building the
information was not freed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes source code more consistent. The use within Android driver
interface is left as-is to avoid changes in the old PNO interface
definition.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The dbus interface documentation says the following about the
WPS property of the fi.w1.wpa_supplicant1.BSS interface:
==
WPS information of the BSS. Empty dictionary indicates no WPS support.
Dictionary entries are:
Type s "pbc", "pin", ""
==
However the implementation returns "type" => "" for BSSes
that do not support WPS.
Fix the implementation to match the documentation.
Return empty dictionary if there is no WPS support.
And "type" => "" if WPS is supported, but is not in progress
right now.
Signed-off-by: Floris Bos <bos@je-eigen-domein.nl>
This fixes a regression caused by commit
efa232f915 ('Add support for virtual
interface creation/deletion') for the case where an empty extra argument
is included.
Signed-off-by: Ben Greear <greearb@candelatech.com>
It has been noticed that the band steering/load balancing of some
multi-AP networks will lead to an ever-growing list of blacklisted
BSSIDs. This eventually leads to a connection drop when the connection
is pushed to a distant AP.
Fix this issue by clearing the blacklist upon successful connect.
Signed-off-by: Jason Abele <jason@aether.com>
This reschedules the postponed scan request (if such a request is
pending) from EVENT_SCHED_SCAN_STOPPED event handler to speed up
scanning after PNO/sched_scan stop has been requested.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
When starting a P2P client to re-join a persistent group
(P2P_GROUP_ADD persistent=<id>), it is possible that the P2P GO was
already found in previous scans. Try to get the P2P GO operating
frequency from the scan results list so wpa_supplicant will initially
scan only the P2P GO known operating frequency.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Commit e9af53ad39 introduced new
CONFIG_NO_ROAMING configuration parameter but unfortunately it was added
only to Android.mk. Enabling this parameter didn't have any effect when
Makefile was used to build wpa_supplicant. This commit fixes that problem
and cleans "unused variable" compiler warning.
Signed-off-by: Lauri Hintsala <lauri.hintsala@silabs.com>
This replaces the internal CBC mode implementation in
aes_128_cbc_encrypt() and aes_128_cbc_decrypt() with the OpenSSL
implementation for CONFIG_TLS=openssl builds.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new network profile parameter mem_only_psk=1 can be used to specify
that the PSK/passphrase for that network is requested over the control
interface (ctrl_iface or D-Bus) similarly to the EAP network parameter
requests. The PSK/passphrase can then be configured temporarily in a way
that prevents it from getting stored to the configuration file.
For example:
Event:
CTRL-REQ-PSK_PASSPHRASE-0:PSK or passphrase needed for SSID test-wpa2-psk
Response:
CTRL-RSP-PSK_PASSPHRASE-0:"qwertyuiop"
Note: The response value uses the same encoding as the psk network
profile parameter, i.e., passphrase is within double quotation marks.
Signed-off-by: Jouni Malinen <j@w1.fi>
White space is a valid SSID character so completion routine for
networks should only use tab as word separator.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Add command completion routines for remove_network, select_network,
disable_network, and enable_network commands.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Add command completion routine for get_network and set_network that
guide user with both network id and network parameters.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
To be able to reuse the add/del word utility functions for lines containing
tabs allow both space and tab as word separators.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Extend interface_add and interface_remove commands via an optional
argument to allow wpa_supplicant to create/delete a new virtual
interface.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
wpa_cli already implements a command history file for easy accessing
commands previously used. Enable the functionality on Android, too.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Old code defaulted to WEP for an AP advertising OSEN. Show as OSEN
instead. Re-use most of the RSN parsing logic since all but the header
is the same.
Example output:
[root@ath9k-f lanforge]# ./local/bin/wpa_cli -i sta0 scan_results
bssid / frequency / signal level / flags / ssid
00:0e:8e:6f:40:49 2462 -23 [OSEN-OSEN-CCMP][ESS] ben-138
Signed-off-by: Ben Greear <greearb@candelatech.com>
System tray icon can be set to 5 different pictographs according to the
connection status. One for disconnected state (not associated with the
network, or not connected with the wpa_supplicant service), and four for
connected status (showing the signal strength on the receiver).
By default this functionality is disabled. The reason for this, is the
fact, that the underlaying approach of this functionality is poll based,
which might be considered as a non-efficient one. Update interval has to
be set explicitly by the user with '-m<seconds>' command line argument.
Status icon names are based on various Gnome icon packs (e.g., Faba).
When icon can not be found, default one is shown (wpa_gui logo).
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
This extends NL80211_CMD_ROAM event processing to allow the driver to
roam to another ESS (different SSID) when using offloaded BSS selection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
wpas_add_interworking_elements() does not need to do this since the
caller is already checking whether Interworking is enabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
Always add the Extended Capabilities element to Probe Request frames (in
case it is not all zeros) to publish support for driver advertised
capabilities and wpa_supplicant specific capabilities.
This also fixes the case where Extended Capabilities element was added
for Interworking cases, but did not use the driver advertised ones and
did not handle other capabilities supported by wpa_supplicant.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
If all networks are temporarily disabled, delay AP selection until at
least one network is enabled. Running AP selection when all networks are
disabled is useless as wpa_supplicant will not try to connect. In
addition, it will result in needless scan iterations that may delay the
connection when it is needed.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
When disconnecting from a BSS, the next scan is optimized to scan only
the channels used by the connected ESS. But when disconnecting because a
new network was selected, this optimization is wrong because
wpa_supplicant is now trying to connect to another ESS. Fix this by not
optimizing the scan frequencies in case the selected network has
changed.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Extend p2p_service_del asp command to support 'all' parameter to delete
all ASP service advertisements.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Delete all ASP serice advertisement on wpas_p2p_service_flush similarly
to Bonjour and UPnP services.
Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
The channel list can be changed as a result of arriving beacon hints
during normal scan or as a result of local Reg-Domain change. Some
passive channels can become active and needs to be reconfigured
accordingly for the scheduled scan.
This fixes the connection to hidden SSIDs on 5 GHz band during default
Reg-Domain 00 (world roaming).
Signed-off-by: Victor Goldenshtein <victorg@ti.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Reject external scan request while either ANQP fetch or Interworking
select is in progress. Not doing so could lead to a situation in which
Interworking automatic network selection does not get triggered because
of a new scan result event forcing the ANQP fetch cycle to be disrupted
and restarted all over again. Interworking automatic network selection
is only triggered when AQNP fetch cycle, that is, ANQP exchange with
every Interworking capable BSS in the current BSS list, is completed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
SChannel/CryptoAPI as a TLS/crypto library alternative was never
completed. Critical functionality is missing and there are bugs in this
implementation. Since there are no known plans of completing this
support, it is better to remove this code.
Signed-off-by: Jouni Malinen <j@w1.fi>
In the commit 77b244d577a7cb5c928478627af6687a0733193d9 ('wpa_gui: Quiet
mode - disable tray icon messages') a new parameter has been introduced,
but it was not documented. This commit fixes this omission.
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
Some config parameters were missing in the "set" command completion
routine. Add missing parameters and while at it put the parameters
under compiler switches so only valid ones are shown.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
Add support to retrieve IPv4 config variables with the "get" control
interface command. This allows the ip_addr_* parameters for P2P+NFC
IP address assignment to be fetched from the GO.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
wpa_supplicant/p2p_supplicant.c has reached almost 10000 lines in length
and was getting a bit inconvenient to edit, so start splitting it into
separate files.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes the AP mode more consistent with other modes by providing a
matching pair of CTRL-EVENT-CONNECTED and CTRL-EVENT-DISCONNECTED event
messages.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like "hardware does not support required rate 1.0 Mbps" has
started showing up in some hwsim test cases as a reason for failure.
This should not really occur with mac80211_hwsim, so add more details to
the debug print to make it easier to figure out what exactly happened.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends the TDLS operation request mechanism to allow TDLS
Discovery Request to be initiated by the driver similarly to the
existing Setup and Teardown requests.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible to leave the driver in mesh point state if upper layer
mesh initialization failed in wpa_supplicant_mesh_init(). With nl80211,
this results in the vif being left in mesh point mode instead of
restoring it to station mode. That seems to break normal functionality,
e.g., for Public Action frame TX/RX. Fix this by restoring station mode
on mesh failure path.
This error could be triggered, e.g., with the following hwsim test case
sequence: wpas_mesh_secure_sae_missing_password
nfc_p2p_static_handover_tagdev_go_forced_freq
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add radar event processing logic for AP/P2P GO. The DFS processing
functions from hostapd are now used for these wpa_supplicant cases as
well for both offloaded and non-offloaded DFS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add P2P changes to allow bringing up P2P autonomous GO on a DFS channel
if DFS functionality is offloaded to the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, it was possible for wpa_state to be left at SCANNING if
INTERWORKING_SELECT command failed to find any match. Now the state is
set to DISCONNECTED if the operation terminates because of no matching
networks.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When there is no channel preference mentioned by user, auto GO
can be started on any of the 5 GHz channels supported for P2P.
Consider operating classes 115 and 124 which do not require DFS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 3f9ebc439c ('P2P: Allow AP/GO
interface to be started while P2P-in-progress') moved the
wpa_s->connect_without_scan and wpa_s->last_scan_req checks to an
earlier place within the wpa_supplicant_scan() function without
adjusting wpa_s->last_scan_req. This variable was set between the old
and new location, so the new location needs to use wpa_s->scan_req.
This fixes an issue where AP/GO operations were not properly started in
some operation sequence. Instead, a station mode scan was executed. This
issue could be triggered, e.g., by running the no_go_freq test case
followed by autogo_random_channel.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit introduces a callback to notify any configuration updates
from the eap_proxy layer. This is used to trigger re-reading of IMSI and
MNC length.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Static analyzers may warn about dereference before NULL check in
wpas_network_disabled() due to the new code added to check
wpa_s->p2p_mgmt. wpa_s cannot be NULL here, so remove the unneeded check
for it later in the function. (CID 106124)
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_supplicant_deinit_iface() ends up removing all P2P groups if the
removed interface is the parent interface. This is correct behavior in
general, but this resulted in issues in the new group interface
initialization error path since wpa_s->parent was not assigned before
hitting this check. Fix this by assigning wpa_s->parent as part of
wpa_supplicant_add_iface().
Signed-off-by: Jouni Malinen <j@w1.fi>
There are number of cases where wpa_supplicant requests the current
connection to be disconnected before starting a new operation. Such
cases do not really indicate that there was an error in connecting or a
disconnection initiated by the AP, so do not add a temporary blacklist
entry in such sequences.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for the P2P_CONNECT control interface command to be
issued on an incorrect interface. While the upper layer component should
really use global control interface for this, make this work by
redirecting the command to the correct context if needed.
Signed-off-by: Jouni Malinen <j@w1.fi>
The dedicated P2P management instance (wpas->p2p_mgmt == 1) using
cfg80211 P2P Device cannot be used for non-P2P uses or connection (there
is no netdev). Reject or ignore such operations to avoid unexpected
operations if enabled network blocks are configured in the
wpa_supplicant instance used to control this interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
The optional freq=<MHz> can now be used with the P2P_FIND command to
specify a single channel to scan during the first round of P2P search.
For example, this can be used to replace the full initial scan with a
single channel scan of a known operation channel.
Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
This reverts commit 3df2f4fe99 ('P2P:
Remove unused P2P_SCAN_SPECIFIC') with a modification to fit the current
code base.
Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
Commit 563ee1832b ('IBSS: Add support for
VHT80 configuration') got merged in incorrectly with one i/j swap
missed.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Commit a1b790eb9d ('Select AP based on
estimated maximum throughput') had a copy-paste bug than ended up
leaving one of the max_ht40_rate() cases unreachable. (CID 106087)
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, within-ESS roaming was skipped if the selected BSS did not
have a higher signal strength than the current BSS regardless of AP
capabilities. This could result in not moving to a BSS that would
provide higher throughput, e.g., due to larger channel bandwidth or
higher rates (HT/VHT MCS).
Use estimated throughput information from scan result processing to
allow within-ESS roaming if the selected BSS is likely to provide better
throughput even if the current BSS has larger RSSI.
Signed-off-by: Jouni Malinen <j@w1.fi>
These values were previously used only for sorting the scan results, but
it may be useful to provide access to the used values through the BSS
entries.
Signed-off-by: Jouni Malinen <j@w1.fi>
This modifies the BSS selection routines to calculate SNR and estimated
throughput for each scan result and then use the estimated throughput as
a criteria for sorting the results. This extends the earlier design by
taking into account higher throughput rates if both the AP and local
device supports HT20, HT40, or VHT80. In addition, the maximum rate is
restricted based on SNR.
In practice, this gives significantly higher probability of selecting
HT/VHT APs when there are multiple BSSes in the same ESS and SNR is not
low enough to prevent higher MCS use.
Signed-off-by: Jouni Malinen <j@w1.fi>
"make -C wpa_supplicant libwpa_ctrl.a" can now be used to build a static
library that can be linked with external programs using wpa_ctrl.h. This
makes it easier to create a separate library package that does not
depend in any other hostap.git file other than src/common/wpa_ctrl.h and
the libwpa_ctrl.a built with this new make target.
Signed-off-by: Jouni Malinen <j@w1.fi>
When an EVENT_SIGNAL_CHANGE occurs the bgscan is informed about this
change but the new RSSI value is not stored. In consequence, when
roaming candidates are evaluated, the RSSI value of the current BSS used
to compare is an old one obtained during the last scan rather than the
new one given by the signal change event. This leads sometimes to bad
decision when selecting a new BSS for roaming.
This patch solves the issue by updating the current BSS level when
receiving a signal change event in order to have a very up-to-date
current signal value when choosing an new BSS.
Signed-off-by: Matthieu Mauger <matthieux.mauger@intel.com>
When stopping the TKIP countermeasures, it would be preferable to
connect immediately. However if scheduled scan is in progress,
a connection attempt will be done only when scan results are received,
so cancel the scheduled scan to allow immediate scan and connection
attempt.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Read p2p_go_ctwindow (0-127 TUs) from the config file, and pass it to
the driver on GO start.
Use p2p_go_ctwindow=0 (no CTWindow) by default.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
In addition, add support for returning the capability list through
the BSS control interface command.
Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
In addition, add support for returning the capability list through the
BSS control interface command.
Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
Instead of calling a dummy printf function use preprocessor to determine
if debugging mode is enabled. Also use native Qt debug function.
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
If a matching IBSS is found in scan results, change requested frequency
to match and disable OBSS scan.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Add fixed_freq=<0/1> network block parameter and pass it to the driver
when starting or joining an IBSS. If this flag is set, IBSS should not
try to look for other IBSS networks to merge with on different channels.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
The new reassoc_same_bss_optim=1 configuration parameter can now be used
to request wpa_supplicant to bypass the unnecessary Authentication frame
exchange when reassociating back to the same BSS with which the device
is already associated. This functionality is disabled by default since
it may cause undesired interoperability issues with some APs.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit c35e35ed81 ('Add passive_scan
configuration parameter') used incorrect parameter name when writing the
passive_scan parameter into a configuration file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new "DUMP" and "SET <variable>" control interface commands can be
used to fetch global wpa_supplicant configuration parameters.
Signed-off-by: Ola Olsson <ola.olsson@sonymobile.com>
This can be used to provide more control to upper layers on network
blocks generated as part of Interworking network selection.
INTERWORKING_ADD_NETWORK behaves otherwise identically to
INTERWORKING_CONNECT, but it does not request a new connection after
having added the network block and it returns the network id of the
added network.
INTERWORKING_ADD_NETWORK followed by REASSOCIATE would behave more or
less identically to INTERWORKING_CONNECT, but this allows the created
network profile to be modified, if desired, and/or stored externally.
SELECT_NETWORK can also be used with the network id returned from
INTERWORKING_ADD_NETWORK to enforce that specific network profile to be
used for the next connection (though, it should be noted that this
behavior may not meet all Hotspot 2.0 requirements if there were other
enabled networks that could have higher priority).
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit b31be3a0fd ('P2P: Add automatic GO
Negotiation vs. join-a-group selection') added this P2P_CONNECT 'auto'
parameter, but did not update any documentation on it.
Signed-off-by: Jouni Malinen <j@w1.fi>
If a separate P2P group interface was used, P2P_CONNECT-auto fallback to
GO Negotiation could result in use of freed memory and segmentation
fault. This happened in cases where the peer GO was found in some old
scans, but not in the first scan triggered by the P2P_CONNECT-auto
command ("P2P: Peer was found running GO in older scan -> try to join
the group" shows up in the debug log). In addition, the GO would still
need to reply to PD Request to allow this code path to be triggered.
When five scans for the GO were completed in this sequence, the P2P
group interface was removed as part of falling back to GO Negotiation.
However, that ended up dereferencing the freed wpa_s instance at the end
of scan event processing. Fix this by reordering code a bit and breaking
out from EVENT_SCAN_RESULTS processing if the interface could have been
removed.
Signed-off-by: Jouni Malinen <j@w1.fi>
When SAE authentication fails, wpa_supplicant retries four times. If all
the retries result in failure, SAE state machine enters BLOCKED state.
Once it enters this state, wpa_supplicant doesn't retry connection. This
commit allow connection retries even if the state machine entered
BLOCKED state.
There could be an opinion "Is this patch needed? User could know the SAE
state machine is in the BLOCKED mode by MESH-SAE-AUTH-BLOCKED event.
Then user can retry connection. By user action, SAE state machine can
change the state from BLOCKED to another.". Yes, this is a true at the
joining mesh STA. However, a STA that is already a member of existing
mesh BSS should not retry connection because if the joining mesh STA
used wrong password, all the existing STA should do something from UI to
retry connection.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Send MESH-SAE-AUTH-BLOCKED event if SAE authentication is blocked. The
BLOCK state will finish when a new peer notification event is sent for
the same MAC address.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
SAE authentication fails likely with wrong password. This commit adds a
notification of the failure to the upper application (UI) so that the
application can notify suspection of a wrong password to the user. The
control interface monitor even for this is "MESH-SAE-AUTH-FAILURE
addr=<peer>".
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Commit 07cb45ccb2 ('mesh: Add no_auto_peer
config option') added a new struct wpa_ssid argument and added an
unnecessary parsing and setting of the value in
wpa_supplicant_ctrl_iface_update_network(). This is not needed since
wpa_config_set() takes care of parsing the parameters.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for a network profile to change its type from P2P
persistent group to a normal network and back. The D-Bus interface uses
different types of objects for those, so the object needs to
re-registered in case of type change. This fixes issues in leaving
behind an incorrect type of object and leaking memory when freeing such
a network block that has had its disabled parameter changed.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is a chance that wpa_supplicant may get killed during
the time it is writing config file. If this happens, user
information like SSIDs and passwords can be lost forever.
This change works around that by writing config to a
temporary file and then renaming the file to the correct name.
Signed-off-by: Vinit Deshpande <vinitd@google.com>
We should not enable HT if WEP or TKIP is configured.
Without the patch and WEP configuration we will get message:
Association request to the driver failed
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Do not claim to change the Listen channel in a debug message when
previously configured channel prevents this. In addition, fix a typo in
another related debug print.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The pending interface created during provision discovery should
not be removed on stopping p2p_find. This pending interface has
to be used after completing GO negotiation. Earlier the pending
interface is created just before GO negotiation so there was no
problem.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to allow P2PS related new control interface commands to
be redirected for proper context processing.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If P2PS config method is used for provisioning, upon forming a new GO,
start WPS registrar for the provisioned peer automatically.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This introduces a P2P module callback function that will be used to
create the pending P2PS group after sending PD Response and receiving
ACK status for it.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When the peer device is trying to form a new group despite having
old persistent group with same roles, remove the stale persistent
group.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds new wpa_supplicant control interface commands
P2P_ASP_PROVISION and P2P_ASP_PROVISION_RESP.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends wpas_p2p_prov_disc() implementation to accept P2PS
parameters. None of the callers are yet using this functionality; the
following commit introduces a user.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds a data structure for storing P2PS PD information and code to
add the related attributes into PD Request. The actual operation to
trigger this behavior will be added in a separate commit.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add support to parse received GAS requests for ASP services and
prepare GAS responses accordingly.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends the P2P_SERV_DISC_REQ control interface command with a new
"asp" service type. This takes service id, service string, and optional
service info as arguments.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In addition, add a new P2P_SERVICE_REP command that can be used to
replace existing ASP advertisements.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This provides additional WPS definitions and rules for negotiating use
of P2PS default PIN configuration method.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
P2PS seek strings can now be specified in the P2P_FIND control interface
command with one or more optional "seek=<str>" parameters.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for a Action frame sequence completion to stop an
ongoing offchannel remain-on-channel operation unexpectedly in cases
where TX operation was offloaded to the driver and such an operation
happened to occur during a previously started remain-on-channel (e.g.,
for P2P listen state).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the previously requested remain-on-channel for P2P
listen state to get canceled before having received driver event
indicating start of that remain-on-channel operation. In such a case,
the event was able to trigger P2P module to start processing listen
timeout even though there was not supposed to be a following listen
operation anymore. Skip the driver event if we are not waiting for a new
listen state.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
When noise floor measurements are not available, compute SNR
using default values for the noise floor. This helps steer us
towards 5 GHz BSSes in high signal strength environments.
In more detail...
Existing code prefers a 5 GHz BSS when the 5 GHz BSS's signal
strength is "close" to that of the 2.4 GHz BSS, or when both SNRs
are large. However, the mwifiex driver does not provide noise
floor measurements, so we can't compute SNRs.
Because mwifiex doesn't provide NF measurements, the "large SNR"
code wasn't effective. By using default values for the noise floor,
we can again compute SNRs, and decide that the SNR is high enough
that we shouldn't worry about the exact difference in SNR.
The default noise floor values (one for 2.4 GHz, and one for 5 GHz)
were chosen by measurement in a noisy environment, so they should be
conservative.
Note that while this patch is motivated by mwifiex, it affects
ath9k as well. Although ath9k provides noise floor measurements
in general, it will sometimes fail to provide a measurement for
one or more specific channels.
As a result of this patch, we'll always compare BSSes based on SNR
(either measured or estimated), rather than sometimes comparing
based on signal strength. ("Always" assumes that the
WPA_SCAN_LEVEL_DBM flag is set. It is for mwifiex and ath9k.)
While there:
- fix a whitespace issue (spaces -> tab)
- clean up existing comments
- update dump_scan_res to indicate whether the noise floor is
measured, or default
Signed-hostap: mukesh agrawal <quiche@chromium.org>
For wired IEEE 802.1X authentication, phase1="allow_canned_success=1"
can now be used to configure a mode that allows EAP-Success (and
EAP-Failure) without going through authentication step. Some switches
use such sequence when forcing the port to be authorized/unauthorized or
as a fallback option if the authentication server is unreachable. By
default, wpa_supplicant discards such frames to protect against
potential attacks by rogue devices, but this option can be used to
disable that protection for cases where the server/authenticator does
not need to be authenticated.
When enabled, this mode allows EAP-Success/EAP-Failure as an immediate
response to EAPOL-Start (or even without EAPOL-Start) and EAP-Success is
also allowed immediately after EAP-Identity exchange (fallback case for
authenticator not being able to connect to authentication server).
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_supplicant used to request user to re-enter username/password if the
server indicated that EAP-MSCHAPv2 (e.g., in PEAP Phase 2)
authentication failed (E=691), but retry is allowed (R=1). This is a
reasonable default behavior, but there may be cases where it is more
convenient to close the authentication session immediately rather than
wait for user to do something.
Add a new "mschapv2_retry=0" option to the phase2 field to allow the
retry behavior to be disabled. This will make wpa_supplicant abort
authentication attempt on E=691 regardless of whether the server allows
retry.
Signed-off-by: Jouni Malinen <j@w1.fi>
Some packages don't install its headers in the default directory
(e.g.: In Arch Linux libiberty and libn13 includes are installed)
in their own subdirectory under /usr/include) and the build fails
trying to find the headers.
This patch will allow passing extra CFLAGS values without discarding
the assignments made in the Makefile. The CFLAGS values in the Makefile
are ignored, if defined directly in the make command line.
Signed-off-by: Roger Zanoni <roger.zanoni@openbossa.org>
Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596 ('bridge:
respect RFC2863 operational state') from 2012 introduced a regression
for using wpa_supplicant with EAPOL frames and a station interface in a
bridge. Since it does not look like this regression is going to get
fixed any time soon (it is already two years from that commit and over
1.5 from a discussion pointing out the regression), add a workaround in
wpa_supplicant to avoid this issue.
The wpa_supplicant workaround uses a secondary packet socket to capture
all frames (ETH_P_ALL) from the netdev that is in a bridge. This is
needed to avoid the kernel regression. However, this comes at the price
of more CPU load. Some of this is avoided with use of Linux socket
filter, but still, this is less efficient than a packet socket bound to
the specific EAPOL ethertype. The workaround gets disabled
automatically, if the main packet socket interface on the bridge
interface turns out to be working for RX (e.g., due to an old kernel
version being used or a new kernel version having a fix for the
regression). In addition, this workaround is only taken into use for the
special case of running wpa_supplicant with an interface in a bridge.
Signed-off-by: Jouni Malinen <j@w1.fi>
Currently, there is a race in open mesh networks where mesh STA A
receives a beacon from B and sends a peering open frame to initiate
peering. STA B, having not yet received a beacon from A and thus
created the corresponding station entry, will ignore all such open
frames. If the beacon interval is sufficiently long then peering
will not succeed as a result.
In fact B can simply create the station entry when the popen is
received, as is done in Linux's in-kernel MPM, avoiding the issue.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Previously, we would only free the station entry if a peering close
frame was received (freeing the station entry causes the kernel to
start sending peer candidate events again when suitable beacons are
received, triggering peering or authentication to restart).
The end result is the same in any case regardless of close reason:
if we leave holding state then peering has started again, so go
ahead and remove the station in all cases.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
The plink_state exists both wpa_supplicant and kernel. Synchronize them
with wpa_mesh_set_plink_state().
Signed-off-by: Kenzoh Nishikawa <Kenzoh.Nishikawa@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Drop the unneeded 'attempt' argument. This was originally used for
indicating an aborted PMKID caching attempt, but a fix in 2006 removed
the only such user and since that time, only attempt == 1 has been used.
Signed-off-by: Jouni Malinen <j@w1.fi>
This replaces the implementation in aes-wrap.c and aes-unwrap.c with
OpenSSL AES_wrap_key() and AES_unwrap_key() functions when building
hostapd or wpa_supplicant with OpenSSL.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use OpenSSL HMAC_* functions to implement HMAC-MD5 instead of depending
on the src/crypto/md5.c implementation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Connection with a PMF enabled AP will fail if we try to negotiate PMF
while the local driver does not support this. Since pmf=1 does not
require PMF for a successful connection, it can be ignored in such a
case to avoid connectivity issues with invalid configuration. This makes
it somewhat easier to allow upper layer programs to use pmf=1 default
regardless of driver capabilities.
Signed-off-by: Jouni Malinen <j@w1.fi>
This modifies struct wpa_ptk to allow the length of KCK and KEK to be
stored. This is needed to allow longer keys to be used, e.g., with
Suite B 192-bit level.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends GET_CAPABILITY command to allow the supported group
management frame cipher suites to be listed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There are lots of reasons we can fail to match an EAP credential, so add
logging to help determine why it is happening in various cases.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signal strength was sorted lexically rather than numerically, which
put "-100 dBm" before "-50 dBm" if sorted in descending order.
This change fixes that. It also treats frequency in the same
manner, preparing it for the IEEE 802.11ah.
Signed-off-by: Adrian Nowicki <adinowicki@gmail.com>
This new wpa_supplicant configuration parameter can be used to force
passive scanning to be used for most scanning cases at the cost of
increased latency and less reliably scans. This may be of use for both
testing purposes and somewhat increased privacy due to no Probe Request
frames with fixed MAC address being sent out.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The ANQP verification/parsing is done only after the GAS_DONE indication
is sent over the control interface. This means that in case the ANQP
parsing fails there is no indication to the upper layers. Add an
ANQP-QUERY-DONE event that reports the status of the ANQP parsing.
Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
The icon files and the osu-providers.txt that are generated may not have
proper permission for external programs to access. Set the access
permissions to the same as the permissions for osu_dir.
Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
In wpa_cli_cmd_interface(), try_connection(), and main(), ctrl_ifname
may be NULL and could be dereferenced depending on the printf()
implementation.
Signed-off-by: Eytan Lifshitz <eytan.lifshitz@intel.com>
Stop any ongoing P2P listen/find flow before starting invitation flow.
This was partially handled in p2p_invite() that called p2p_find(), but
this did not cleanly handle cases such as long_listen.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
A control interface call to flush the current state used the
current wpa_s to clear the P2P state even though it might not
be the interface controlling the P2P state.
Fix it by using the correct interface to flush the P2P state.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Publish support for Tx STBC in the HT capabilities of a GO and AP
controlled by wpa_supplicant in case the hardware supports it.
Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com>
external_scan_running should be common to all interfaces that share a
radio. This fixes a case where external_scan_running was set on a single
interface, but did not block scan on other interfaces.
Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
Clear the reattach flags, in case a connection request did not trigger a
scan. This needs to be done to avoid leaving the reattach flag set for
the next scan operation which may not have anything to do with the
specific request that could have been optimized using the single-channel
single-SSID scan.
Signed-off-by: Ben <ben.rosenfeld@intel.com>
Use interface's own NFC configuration instead of parent's one
to support a P2P device dedicated interface.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
The length should be 14 and not 10.
The current situation causes failure during parsing of the command.
Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
This restores some of the pre-radio work behavior for scanning by
retrying scan trigger if the driver rejects it (most likely returning
EBUSY in case of nl80211-drivers). Retry is indicated in the
CTRL-EVENT-SCAN-FAILED event with "retry=1".
For manual scans (e.g., triggered through "SCAN" control interface
command), no additional retries are performed. In other words, if upper
layers want to retry, they can do so based on the CTRL-EVENT-SCAN-FAILED
event.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
For CONFIG_TESTING_OPTIONS=y builds, add a new test parameter than can
be used to trigger various error cases within wpa_supplicant operations
to make it easier to test error path processing. "SET test_failure
<val>" is used to set which operation fails. For now, 0 = no failures
and 1 = scan trigger fails with EBUSY. More operations can be added in
the future to extend coverage.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Current mesh code uses ap_max_inactivity as inactivity timer. This patch
makes it configurable.
There is another mesh inactivity timer in mac80211. The timer works even
if user_mpm=1. So this patch sets the max value to the timer for
workaround.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
It is easier to debug issues related to the wpa_supplicant control
interfaces being left behind in attached state when the debug log file
can be used to determine whether a specific monitor socket was a global
or per-interface one.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 17b8995cf5 ('Interworking: Try to
use same BSS entry for storing GAS results') added a mechanism to try to
pair GAS request and response to a single BSS entry to cover cases where
multiple BSS entries may exists for the same BSSID. However, that commit
did not cover the Hotspot 2.0 ANQP elements. Extend this mechanism to
all ANQP elements. This can help in cases where information in the
Hotspot 2.0 specific ANQP elements got lost if a hidden SSID or some
other reason of duplicated BSS entries was present while doing ANQP
fetches.
Signed-off-by: Jouni Malinen <j@w1.fi>
Move the wpa_bss_flush() call to the end of the function to allow any
pending user of a BSS entry to be cleared before removing the unused
entries. There were number of cases where BSS entries could have been
left in the list and this resulted in some hwsim test failures.
Signed-off-by: Jouni Malinen <j@w1.fi>
This can be helpful in figuring out why the driver was requested to
flush its scan results prior to starting a new scan.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for interworking_find_network_match() to find a possible
BSS match in a case where more thorough checks in
wpa_supplicant_select_bss() reject network. This itself is fine, in
general, but when combined with wpa_supplicant_fast_associate()
optimization and auto_interworking=1, this resulted in a busy loop of up
to five seconds and a possible stack overflow due to recursion in that
loop.
Fix this by limiting the Interworking wpa_supplicant_fast_associate()
call to be used only once per scan iteration, so that new scan
operations can be completed before going through the scan results again.
Signed-off-by: Jouni Malinen <j@w1.fi>
Reduce maximum stack use by starting next ANQP fetch operation from an
eloop callback rather than calling interworking_next_anqp_fetch()
directly from interworking_start_fetch_anqp(). This avoids issues that
could potentially make the process run out of stack if long loops of
ANQP operations are executed in cases where automatic Interworking
network selection is used and scan results do not have a full match for
a network.
Signed-off-by: Jouni Malinen <j@w1.fi>
For Interworking connection to work, the SSID of the selected BSS needs
to be known to be able to associate with the AP. It was possible for the
scan results to include two BSS entries matching the BSSID when an
earlier scan with that AP has shown a hidden SSID configuration (e.g.,
when running hwsim test cases, but at least in theory, this could happen
with real use cases as well). When that happened, the incorrect BSS
entry may not have included RSN configuration and as such, it would get
rejected for Interworking connection.
Fix this by confirming that the selected BSS entry has a real SSID. If
not, try to find another BSS entry matching the same BSSID and use that,
if found with an SSID.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is similar with domain_suffix_match, but required a full match of
the domain name rather than allowing suffix match (subdomains) or
wildcard certificates.
Signed-off-by: Jouni Malinen <j@w1.fi>
A new "CTRL-EVENT-EAP-PEER-ALT depth=<i> <alt name>" event is now used
to provide information about server certificate chain alternative
subject names for upper layers, e.g., to make it easier to configure
constraints on the server certificate. For example:
CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:server.example.com
Currently, this includes DNS, EMAIL, and URI components from the
certificates. Similar information is priovided to D-Bus Certification
signal in the new altsubject argument which is a string array of these
items.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes D-Bus network profile Set(Properties) clear cached EAP data
similarly to how SET_NETWORK does for control interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier for upper layer applications to get information
regarding the server certificate without having to use a special
certificate probing connection. This provides both the SHA256 hash of
the certificate (to be used with ca_cert="hash://server/sha256/<hash>",
if desired) and the full DER encoded X.509 certificate so that upper
layer applications can parse and display the certificate easily or
extract fields from it for purposes like configuring an altsubject_match
or domain_suffix_match.
The old behavior can be configured by adding cert_in_cb=0 to
wpa_supplicant configuration file.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new VENDOR_ELEM value 13 can now be used to add a vendor element
into all (Re)Association Request frames, not just for P2P use cases like
the previous item was for.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier for upper layer programs to figure out whether the
wpa_supplicant and and the driver supports mesh.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier for upper layer programs to figure out whether the
wpa_supplicant and and the driver supports SAE.
Signed-off-by: Jouni Malinen <j@w1.fi>
This new wpa_supplicant and hostapd control interface command can be
used to determine which TLS library is used in the build and what is the
version of that library.
Signed-off-by: Jouni Malinen <j@w1.fi>
At least MinGW did not have ENOTCONN, EOPNOTSUPP, ECANCELED, so define
these to allow the build to go through.
wpas_rrm_send_neighbor_rep_request() is not really used on Windows, so
the exact error code values do not make any difference here.
Signed-off-by: Jouni Malinen <j@w1.fi>
NSS as a TLS/crypto library alternative was never completed and this
barely functional code does not even build with the current NSS version.
Taken into account that there has not been much interest in working on
this crypto wrapper over the years, it is better to just remove this
code rather than try to get it into somewhat more functional state.
Signed-off-by: Jouni Malinen <j@w1.fi>
These were already covered in both README-HS20 for credentials and in
header files for developers' documentation, but the copy in
wpa_supplicant.conf did not include all the details. In addition, add a
clearer note pointing at subject_match not being suitable for suffix
matching domain names; domain_suffix_match must be used for that.
Signed-off-by: Jouni Malinen <j@w1.fi>
In many applications it is useful not just to enumerate a group of well
known access points, but to use a address/mask notation to match an
entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00).
This change expands the data structures used by MAC lists to include a
mask indicating the significant (non-masked) portions of an address and
extends the list parser to recognize mask suffixes.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
This change adds the configuration options "bssid_whitelist" and
"bssid_blacklist" used to limit the AP selection of a network to a
specified (finite) set or discard certain APs.
This can be useful for environments where multiple networks operate
using the same SSID and roaming between those is not desired. It is also
useful to ignore a faulty or otherwise unwanted AP.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
This change generalizes the code used for parsing the configuration
option 'p2p_client_list' and makes it suitable to use it in other
contexts.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
There should not be a mesh-specific mechanism for setting up channel
parameters since that will just result in duplicated code. IBSS, mesh,
and AP mode can use the same data structures and parameters for setting
up such parameters.
Signed-off-by: Jouni Malinen <j@w1.fi>
Automatically enable HT20, HT40+, HT40-, or VHT, based on driver
capabilities. This obsoletes the mesh_ht_mode network block parameter
that was previously used to configure HT parameters.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add WPA_DRIVER_FLAGS_HT_IBSS driver feature flag. Some drivers could not
set this feature and next could fail when we will enable HT support for
IBSS with error message: nl80211: Join IBSS failed: ret=-22 (Invalid
argument).
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
When performing SAE authentication in mesh, one station may
initiate authentication by sending a COMMIT as soon as a peer
candidate is discovered. Previously we did this in mesh_rsn.c,
but this left some of the state initialization in a different
part of the code from the rest of the state machine, and we may
need to add other initializations here in the future, so move
that to a more central function.
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Try to be a bit more consistent by using NoMemory instead of InvalidArgs
if os_strdup() fails in the CreateInterface handler.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for the interface not to be marked in INTERFACE_DISABLED
state in case the event was processed for P2P GO because the wpa_s
instance could have been removed in case of a separate group interface.
Change the state first to avoid leaving different state for the case
where separate group interface is not used.
Mark scan to be a normal scan on INTERFACE_ENABLED so that scanning
rules (e.g., skip scan if no networks enabled) get used consistently.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is a race condition between receiving an AP stopped event and
netdev down event. These resulted in different group removal reasons on
a GO device (UNAVAILABLE for stop AP event coming first and REQUESTED
for netdev event first). Make this more consistent by reporting
UNAVAILABLE for both possible cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new control interface command TEST_ALLOC_FAIL and GET_ALLOC_FAIL can
now be used to trigger memory allocation failures for testing purposes.
TEST_ALLOC_FAIL sets a failure conditions with
<count>:func[;func][;func]... string and GET_ALLOC_FAIL returns the
current state using the same format. Whenever an allocation is made with
a matching backtrace of calling functions, the count is decremented by
one and once zero is reached, the allocation is forced to fail.
Function names can be prefixed with either '=' or '?' to get different
matching behavior. '=' requires this specific function to be the next
one in the backtrace (i.e., do not skip any other functions in the list
which is the default behavior). '?' allows the function to be optionally
present in the backtrace.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for this function to get called even if D-Bus
registration had failed, so the path can be NULL here.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for this function to be called even if D-Bus interface
registration has failed. Avoid a D-Bus assert in such a case.
Signed-off-by: Jouni Malinen <j@w1.fi>
entry->strarray_value was left to point to freed memory in case
os_realloc_array() failed. This resulted in the following
wpa_dbus_dict_entry_clear() trying to free an already freed memory area.
In addition, the separately allocated strings in the array would have
been leaked in such a case. Furthermore, wpa_dbus_dict_entry_clear() was
not prepared for the possibility of the initial os_calloc() call failing
and entry->strarray_value being NULL without array_len being cleared to
zero. That would have resulted in reading uninitialized memory and NULL
pointer dereference.
Signed-off-by: Jouni Malinen <j@w1.fi>
entry->bytearray_value was left to point to freed memory in case
os_realloc_array() failed. This resulted in the following
wpa_dbus_dict_entry_clear() trying to free an already freed memory area.
Signed-off-by: Jouni Malinen <j@w1.fi>
add_interface() did not check for os_strdup() return value and could end
up dereferencing a NULL pointer if memory allocation failed.
Signed-off-by: Jouni Malinen <j@w1.fi>
The error reply needs to be sent out as a response. The "out" label was
in incorrect place to allow that to happen; instead, it ended up leaking
memory for the generated reply message.
Signed-off-by: Jouni Malinen <j@w1.fi>
If setSmartcardModules() fails to allocate memory with os_strdup(), the
allocated items in the dict entry were not freed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This moves the AES-SIV test case from tests/test-aes.c to be part of
wpa_supplicant module testing framework with a new
src/crypto/crypto_module_tests.c component. In addition, the second test
vector from RFC 5297 is also included for additional coverage.
Signed-off-by: Jouni Malinen <j@w1.fi>
1. Supported MAC address randomization for scan.
2. Supported MAC address randomization for scheduled scan.
2. Supported MAC address randomization for pno.
4. Add functions to set and clear the MAC address randomization
state variables.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
For the start operation, this includes appropriate parameters for
specifying channel and peer information. The cancel operation includes
peer information.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
The supplicant code does not try to control the actual channel of the
radio at any point. It simply passes the target peer and channel
parameters to the driver. It's the driver's responsibility to
periodically initiate TDLS channel-switch operations when TDLS
channel-switching is enabled.
Allow enable/disable operations to be invoked via the control interface.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
The specification requires the tspecs to be kept upon reassociation to
the same BSS. Save the last tspecs before such reassociation, and
reconfigure on the association notification.
Note that the current flow is not transparent to the user
(it is notified about deauth/reassoc and tspec removal/addition).
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Some APs add their custom (vendor-specific) IEs to the Association
Response frame. Fail WMM AC initialization only if Association Response
frame IE parsing actually failed, i.e., ignore all unknown IEs.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
In case of roaming, we don't get disassoc notification, but
still want to remove the existing tspecs.
Move the wmm_ac_notify_disassoc() call to the state change
function, which get called also on roaming.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Previously, role="enrollee" was required to be used to allow the AP mode
WPS operation to be started. This is incorrect since the AP/GO will
operate in Registrar role. Fix this by ignoring the role parameter when
AP (including P2P GO) mode is enabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
Start of station-mode WPS PBC/PIN/Registrar/NFC operation would result
in the AP mode getting disabled. This can be particularly confusing for
the P2P GO case where the group would need to be stopped cleanly. As
such, it is better to reject these invalid operations rather than trying
to handle all corner cases needed to allow this to work robustly.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to limit this property based on the role of the device
in the group, so return the passphrase if it is available. It will be
available in GO role and it may be available in P2P Client role based on
whether the peer GO provided it during the WPS provisioning step.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was returning a byte array of the pointer to the PSK, not the
actual PSK, due to incorrect use of
wpas_dbus_simple_array_property_getter(). In addition, there is no need
to limit this property based on the role of the device in the group, so
return the PSK if it is available (which it will be for both GO and P2P
Client roles).
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to have separate wpa_printf() and different error
message strings for the unlikely out-of-error messages. Use a helper
function, wpas_dbus_error_no_memory(), to get consistent behavior with a
one-line call.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 6aeeb6fa21 ('dbus: clean up new
D-Bus interface getters and setters') redesigned the property
getter/setter calls in a way that made the
wpas_dbus_error_unknown_error() note about message being NULL in some
cases obsolete. All the remaining callers are from method handler
functions that must have a valid message. Remove the obsolete notes and
unnecessary messsage == NULL check.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to have multiple separate return statements for error
cases in a sequence of operations. In addition, there is not much point
in "converting" boolean return values with "if (!res) return FALSE;
return TRUE;" style constructions.
Signed-off-by: Jouni Malinen <j@w1.fi>
net_id_str can be NULL and that must be checked for to avoid NULL
pointer dereference if an invalid persistent_group_object path is used
with these methods.
Signed-off-by: Jouni Malinen <j@w1.fi>
None of the new D-Bus interface cases use the bssid_part in
decompose_object_path (while the old interface ones do). As such, this
is dead code and can be removed. In addition, the P2P addition here was
pretty ugly extension. Replace these with a cleaner way of passing the
separating string (e.g., "Networks") from the caller and returning the
requested item.
In addition, there is no need to allocate the returned item separately,
so use a single allocation and a pointer to that allocated memory. This
will make it easier for callers to have to free only a single
allocation. This is also fixing a memory leak in P2P invitation
persistent group case where the caller had missed the need to free the
returned values.
Signed-off-by: Jouni Malinen <j@w1.fi>
This helper function does not modify peer_path, so mark it const. In
addition, there is no point in callers to check separately whether
peer_path is NULL since that is taken care of by this helper function.
Signed-off-by: Jouni Malinen <j@w1.fi>
This cannot be NULL when an interface is in use. There is not much point
in couple of functions checking this while large number of other places
do not.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds the message signature to the new D-Bus interface message
handler and similar prints to the old interface messages handlers.
Signed-off-by: Jouni Malinen <j@w1.fi>
eloop_is_timeout_registered() was called with incorrect context argument
which meant that the pending timeout would have never been found.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_supplicant_deauthenticate() call needs to happen before
wpa_config_remove_network(). Freed memory could be dereferenced if
removeNetwork method was issued on the currently connected network.
Signed-off-by: Jouni Malinen <j@w1.fi>
It looks like both gcc and clang optimize the (entry.type != foo ||
entry.array_type != bar) in a way that ends up evaluating the second
condition even when the first one results in 0. While this is not really
what the C language requirements on short-circuit evaluation require,
the compiler likely assumes this can have no side effects and with both
type and array_type being comparable in a single 64-bit operation, this
can clearly be a bit more efficient. While the code behaves same in both
cases, valgrind does warn about use of uninitialized memory when the
second condition is evaluated (entry.array_type is not initialized if
entry.type != DBUS_TYPE_ARRAY).
To keep valgrind logs cleaner, initialize entry.array_type to
DBUS_TYPE_INVALID so that these compiler optimizations do not result in
reading uninitialized memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
The logic in wpas_dbus_signal_p2p_provision_discovery() seemed to imply
that there could be a case where _signal would be used uninitized. While
that is not the case since either (request || !status) or (!request &&
status) would always be true, some compilers do not seem to be clever
enough to figure that out to avoid the warning. Make this easier for
such compilers by removing the (!request && status) condition since it
is identical to !(request || !status).
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 911e97e400 ('DBus: Refactor array
adding, add binary arrays') introduced WPAS_DBUS_TYPE_BINARRAY as an
internal fake type for array_type. However, it selected this value to be
(DBUS_NUMBER_OF_TYPES + 100) = 116 = 't'. This happens to conflict with
DBUS_TYPE_UINT64 ((int) 't'). While none of the existing array_type use
cases supported UINT64, it is much clearer if WPAS_DBUS_TYPE_BINARRAY
has a value that does not match any existing DBUS_TYPE_* value. Replace
this with '@' (64).
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to allow Set(P2PDeviceConfig) to clear the
VendorExtension array (i.e., to remove all configured vendor
extensions). Previously, such an attempt was met with a D-Bus assert and
rejection of the operation.
Signed-off-by: Jouni Malinen <j@w1.fi>
The wps_vendor_ext array can be set using D-Bus Set(P2PDeviceConfig)
with the VendorExtension key in the dictionary. However, there was no
code for freeing the allocated memory when the interface is removed.
Signed-off-by: Jouni Malinen <j@w1.fi>
The ServiceDiscoveryRequest signal uses int32 for encoding dialog_token
for some reason (even though this is a u8 field).
ServiceDiscoveryResponse is supposed to accept the values from the
signal as-is, so extend that to accept int32 in addition to the
previously used uint32.
Signed-off-by: Jouni Malinen <j@w1.fi>
The earlier implementation seemed to require a strange extra
encapsulation with a dictionary for setting the WPSVendorExtensions
property while this was defined to have aay signature and the get
operation did indeed return and array of array of bytes without that
dictionary. Fix this to accept aay format for the setter as well. Keep
support for the old dictionary encapsulation format for backwards
compatibility.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible to add WPS vendor extensions through the D-Bus
WPSVendorExtensions setter, but these extensions were not freed when the
P2P GO was stopped or when replacing previously configured extensions.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to keep temporary keys in memory beyond the end of the
association, so explicitly clear any SAE buffers that can contain keys
as soon as such keys are not needed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, the main PSK entry was cleared explicitly, but psk_list
could include PSKs for some P2P use cases, so clear it as well when
freeing config_ssid instances.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to leave this temporary key in stack memory after
having been configured to the WPA state machine.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to leave the PSK from temporary Credential structure
that was built in stack after that Credential has been passed to the WPS
module.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is more of a theoretical case since this part is done only during
setup and the structure is not allocated in practice. Anyway,
maintaining more consistent use of bin_clear_free() for structures that
may contain keys is useful.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was already verified to be non-NULL above and there is no point in
having an extra check after the pointer has already been dereferenced.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpas_dbus_decompose_object_path() may leave the network part NULL on
unexpected path. This resulted in NULL pointer dereference when
processing an invalid removeNetwork or selectNetwork call. Fix this by
explicitly verifying that the network part was included in the object
path.
Signed-off-by: Jouni Malinen <j@w1.fi>
The "Invalid blob name" string was not shown since the zero-length name
was used regardless of first verifying that it should not be allowed.
Signed-off-by: Jouni Malinen <j@w1.fi>
External WPS Registrar operation requires the BSSID to be specified, so
the old D-Bus interface better apply that requirement as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for the persistent group object to be added and removed
by non-D-Bus triggers (e.g., ctrl_iface commands). The add part was
already handled, but removal was not. That resulted in memory leaks when
a P2P persistent group was removed without using an explicit D-Bus
command for this even if the object was added without D-Bus involvement.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpas_dbus_simple_property_getter() cannot be used with NULL
DBUS_TYPE_STRING, so replace that with an empty string to handle the
case of no config_methods parameter in the configuration.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for the peer to be a non-P2P device and as such, for
p2p_dev_addr to be NULL. This resulted in NULL pointer dereference if
D-Bus interface was enabled for the interface when a legacy STA joined a
group.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for old scan state to remain from a previous test case
when an operation like WNM neighbor scan or another-BSS-in-ESS was
started, but stopped at the end of a test case. This could result in
failures, e.g., when running wnm_bss_tm_req followed by scan_setband.
Signed-off-by: Jouni Malinen <j@w1.fi>
This converts most of the remaining perror() and printf() calls from
hostapd and wpa_supplicant to use wpa_printf().
Signed-off-by: Jouni Malinen <j@w1.fi>
struct wpa_driver_associate_params moved to using struct
hostapd_freq_params instead of just frequency. Need to update wpa_priv
to do same.
Signed-off-by: Jouni Malinen <j@w1.fi>
Even if the UUID would have a mismatch, e.g., due to no UUID known for
the target in a new WPS PBC instance, do not indicate PBC session
overlap if the BSSID is same in the two entries. This should not really
happen in normal use cases, but can happen at least in some test
scenarios where the same BSSID is used in consecutive test cases and the
old BSS entry remains in cfg80211 cache.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is a possible race condition between receiving the
NEW_PEER_CANDIDATE event and the Authentication frame from the peer.
Previously, if the Authentication frame RX event was indicated first,
that frame got dropped silently. Now, this frame is still dropped, but a
copy of it is stored and the frame gets processed on the following
NEW_PEER_CANDIDATE event if that is received for the same peer within
two seconds.
Signed-off-by: Jouni Malinen <j@w1.fi>
Include only the potentially affected channel range in OBSS scans to
reduce the amount of offchannel time needed for scanning when requested
by the AP.
Signed-off-by: Jouni Malinen <j@w1.fi>
ap_ft_sae test case managed to hit a somewhat unclear error case which
resulted in "WPA: Failed to select WPA/RSN" print and not enough
information to figure out what exactly had went wrong.
Signed-off-by: Jouni Malinen <j@w1.fi>
Maximum number of peer links is maximum number of connecting mesh peers
at the same time. This value is 0..255 based on the
dot11MeshNumberOfPeerings range.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Unexpected trailing zero causes following error.
wpa_supplicant.sgml:472:53:E: character data is not allowed here
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This helps hwsim test cases by avoiding undesired state from previously
executed test cases affecting following tests.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit faf9a8585d added mechanism for
selecting 2.4 or 5 GHz band for scan operation. However, no mechanism
for setting the setband value was added at that time. This commit adds a
new SET ctrl_iface parameter to allow the setband functionality to be
used. "SET setband <AUTO/5G/2G>" can be used to select all bands, 5 GHz
band only, or 2.4 GHz band only.
Signed-off-by: Jouni Malinen <j@w1.fi>
Android framework maintains a state to process the scan results after
the scan is issued. If wpa_supplicant issues the scan during the
initialization, the one issued by the framework may fail (with EBUSY) if
the host driver is already processing the scan. Thus, the scan results
returned for the first scan triggered by wpa_supplicant are not
processed for getting displayed resulting in delay for the display of
the first scan results after the Wi-Fi subsystem initialization. Thus,
trigger the scan only based on the framework request on Android.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
FAIL-BUSY was already returned for the case where a scan had been
started, but with the radio work design, it would have been possible to
schedule multiple scan requests if a non-scan radio work was in
progress. Multiple back-to-back scans are not usually very helpful, so
reject this type of cases where the SCAN command would be used to build
such a sequence.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
On receiving the cancel remain on channel event, the pending_tx
is scheduled immediately and returned. This was preventing
the wpas_p2p_listen_start function from execution thereby resulting
in termination of the long listen operation.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
The manual scan operations with the SCAN command are supposed to have
independent set of scan frequencies, so do not allow scan_freq
parameters to override scanned frequencies for scans that were triggered
with a SCAN command.
Signed-off-by: Jouni Malinen <j@w1.fi>
The mesh gate is used to bridge (or route) between mesh network and
another network. For example, mesh gate acts as router between mesh
network and IEEE 802.11 BSS network.
This command makes a virtual mesh interface to be used for mesh gate.
This command expects to be used like this.
wpa_cli -i wlan0 MESH_INTERFACE_ADD ifname=mesh0
wpa_cli -i mesh0 add_network
wpa_cli -i mesh0 set_network 0 ssid '"commell_2X_mmm"'
wpa_cli -i mesh0 set_network 0 mode 5
wpa_cli -i mesh0 set_network 0 frequency 2412
wpa_cli -i mesh0 set_network 0 key_mgmt SAE
wpa_cli -i mesh0 set_network 0 psk '"01234567"'
wpa_cli -i mesh0 mesh_group_add 0
wpa_cli -i wlan0 mesh_group_remove mesh0
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Since mesh functionality uses struct hostapd_data to maintain peer
state, the existing STA* control interface commands can be used to
display information about the peers.
Signed-off-by: Jouni Malinen <j@w1.fi>
Option '-p' of 'read' command may be unsupported in some POSIX-complete
shells. So replace 'read -p' with 'echo -n'/'read' pair.
Signed-off-by: Oleksandr Chumachenko <ledest@gmail.com>
If tray icon messages are perceived as disturbing, one can pass `-q`
parameter on the command line to disable them permanently.
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
Show associated network SSID in the tool tip message of the
application's tray icon. When network is not associated, then simple
"(not-associated)" message is shown.
Signed-off-by: Arkadiusz Bokowy <arkadiusz.bokowy@gmail.com>
Instead of just stopping connection process and network discovery,
report SAE failures to build Authentication frames (e.g., due to missing
password) as a connection failure to get the normal retry mechanism into
use.
Signed-off-by: Jouni Malinen <j@w1.fi>
Both the wpa_s->pending_action_src and src argument to
wpas_get_tx_interface() were used somewhat randomly. Make this more
consistent since these values are pointing to the same address and the
implementation is easier to understand when it is obvious that there is
only one address being used.
Signed-off-by: Jouni Malinen <j@w1.fi>
This function could not fail and it can be replaced with a single
line variable update that takes less code than the function call.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_bss_flush*() cannot fail and as such, there is no need for
wpa_supplicant_ctrl_iface_bss_flush() to return a value either.
Signed-off-by: Jouni Malinen <j@w1.fi>
This function cannot return negative value, so no need to check for
that. If there is not enough room in the buffer or if something
unexpected happens, 0 is returned.
Signed-off-by: Jouni Malinen <j@w1.fi>
Update the scan parameters in wpa_s only in case the scan command is
going to be executed. In other words, do not change the parameters for
an ongoing scan (the SCAN command is rejected with FAIL-BUSY) or if any
of the parameters is invalid.
Signed-off-by: Jouni Malinen <j@w1.fi>
The send_eapol() callback was used by driver_test.c, but with that
removed, there is no remaining users of the alternative EAPOL frame
transmitting mechanism in wpa_supplicant, i.e., all remaining driver
interfaces use l2_packet instead. Remove the send_eapol() to get rid of
unused code.
Signed-off-by: Jouni Malinen <j@w1.fi>
The space following the BSSID was not skipped properly if the following
parameter started with the "hs20:" prefix. For other cases, atoi() ended
up ignoring the space, but it is cleaner to skip it anyway for all
cases.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, any P2P capable interface was skipped in cross connection
uplink consideration. However, this ends up skipping more or less all
nl80211-based driver cases now since they mark the main interface P2P
capable. Relax this rule to allow the parent interface to be used as the
non-P2P station interface for cross connection purposes.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to get into more consistent state after the FLUSH
command. DISCONNECT followed by FLUSH could result in
wpa_s->disconnected being left to 1 and this resulted in a test failure,
e.g., when running wpas_ctrl_dup_network followed by
wpas_ctrl_enable_disable_network where the latter was expecting
ENABLE_NETWORK on a disabled network to connect automatically and that
does not happen if wpa_s->disconnected == 1.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
While these are using practically large enoungh buffer sizes, it is
better to be more consistent with checking os_snprintf() return value.
Signed-off-by: Jouni Malinen <j@w1.fi>
This converts os_snprintf() result validation cases to use
os_snprintf_error() for cases that were note covered by spatch and
semantic patches.
Signed-off-by: Jouni Malinen <j@w1.fi>
This converts os_snprintf() result validation cases to use
os_snprintf_error() in cases where success condition was used to execute
a step. These changes were done automatically with spatch using the
following semantic patch:
@@
expression E1,E2,E3;
statement S1;
@@
E1 = os_snprintf(E2, E3, ...);
- if (\( E1 >= 0 \| E1 > 0 \) && \( (size_t) E1 < E3 \| E1 < (int) E3 \| E1 < E3 \))
+ if (!os_snprintf_error(E3, E1))
S1
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds verification of os_snprintf() result against the maximum
buffer length. These changes were done automatically with spatch
using the following semantic patch:
@@
expression E1,E2,E3;
statement S1;
@@
E1 = os_snprintf(E2, E3, ...);
- if (\( E1 < 0 \| E1 <= 0 \))
+ if (os_snprintf_error(E3, E1))
(
S1
|
{ ... }
)
Signed-off-by: Jouni Malinen <j@w1.fi>
This pointer cannot be NULL sicne it is called only from this file and
with a valid pointer to the received command.
Signed-off-by: Jouni Malinen <j@w1.fi>
'num * 5 > end - pos' handles bounds checking a bit more efficiently,
but apparently that is not clear enough for all static analyzers.
Replace with 'num > left / 5' to avoid false reports. (CID 68117)
Signed-off-by: Jouni Malinen <j@w1.fi>
This reduced number of unnecessarily duplicated driver interface
callback functions for sending Action frames by using the more generic
send_action() instead of FT specific send_ft_action().
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends the previously used WFD_SUBELEM_SET/GET <subelem id> design
to allow special "all" value to be used as an id to indicate that all
WFD subelements are to be set/get. This uses similar interface as was
previously added over D-Bus.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There is no point in flooding the log with WARNING or ERROR level
messages if WMM-AC related Action frames are ignored in cases where they
were not expected. In addition, WARNING/ERROR should not really be used
in cases an invalid frame is dropped especially if this is not related
to a security setup since external devices could otherwise generate log
entries.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous version was somewhat too complex for some static analyzers.
Use local variables for the extracted length fields and explicitly
compare these against the remaining buffer length. (CID 68121)
Signed-off-by: Jouni Malinen <j@w1.fi>
Derive rRK and rIK on EAP peer if ERP is enabled. The new wpa_supplicant
network configuration parameter erp=1 can now be used to configure the
EAP peer to derive EMSK, rRK, and rIK at the successful completion of an
EAP authentication method. This functionality is not included in the
default build and can be enabled with CONFIG_ERP=y.
If EAP authenticator indicates support for re-authentication protocol,
initiate this with EAP-Initiate/Re-auth and complete protocol when
receiving EAP-Finish/Re-auth.
Signed-off-by: Jouni Malinen <j@w1.fi>
This change creates 'LIST_NETWORK LAST_ID=x' form to allow
retrieval of all networks saved in the system. Without this form,
only first few (whatever fills in first 4096 bytes) can be
retrieved.
Signed-off-by: Vinit Deshpande <vinitd@google.com>
wpa_bss_in_use() used to determine that a BSS with BSSID of
00:00:00:00:00:00 is in use in almost every case since either
wpa_s->bssid or wpa_s->pending_bssid was likely to be cleared. This
could result in a corner case of a BSS entry remaining in the BSS table
indefinitely if one was added there with a (likely bogus) address of
00:00:00:00:00:00. Fix this by ignore wpa_s->bssid and
wpa_s->pending_bssid if the BSSID in the BSS table entry is
00:00:00:00:00:00.
In theory, that address is a valid BSSID, but it is unlikely to be used
in any production AP, so the potential expiration of a BSS entry with
that address during a connection attempt would not be a concern
(especially when a new scan would be enough to recover from that).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Externally triggered scan could result in a new radio work item getting
started even when external radio work was in progress. Delay such start
until the external work is completed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the current network profile to be deleted when
merging duplicated WPS credentials. However, this did not clear
wpa_s->current_ssid and it was possible for something else to end up
dereferencing that pointer to now freed memory. This could be hit, e.g.,
with ap_wps_mixed_cred. Fix this by clearing current_ssid also in this
code path similarly to other cases of network block getting removed.
Signed-off-by: Jouni Malinen <j@w1.fi>
The mesh group addition was designed to use wpa_s->connect_without_scan
to skip a scan. That path was skipped if wpa_supplicant_fast_associate()
allowed previous scan results to be used. This could result in undesired
double-initialization attempt for the mesh interface. Avoid this by not
using wpa_supplicant_fast_associate() when wpa_s->connect_without_scan
is set.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible that these location ended up getting called before mesh
startup operations had been completed and that could result in
dereferencing NULL pointers. Address those error cases by verifying that
the needed parameters are available before using them.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for auth/assoc timeout/failure event from the driver to
result in unexpected processing during mesh group setup if that
operation was started before the previously started driver operation to
association/connect had completed. Since those events cannot happen in
mesh cases, ignore them to avoid issues due to this corner case.
For example, monitor_iface_unknown_sta followed by wpas_mesh_secure test
case resulted in failure without this change.
Signed-off-by: Jouni Malinen <j@w1.fi>
An earlier check of the action_field value above the switch statement
already took care of all other possible cases, but that was apparently
too difficult for the compiler to notice. Bring back the default case to
avoid incorrect warnings about the event variable being maybe
uninitialized.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new wpa_supplicant control interface command can be used in
automated testing to verify how AP processes Data frames with arbitrary
contents. This is enabled only in builds with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need for this state to maintained when the wpa_supplicant
FLUSH ctrl_iface command is used to request flushing of all state.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for wmm_ac_deinit() not getting called when an interface
was removed in a sequence where disassociation was not reported and
wmm_ac_notify_disassoc() did not get called. This resulted in leaking
whatever memory was allocated for WMM AC parameters. Fix that by calling
wmm_ac_notify_disassoc() from wpa_supplicant_cleanup().
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to fix some sequencies where a real scan in ap_scan=2
case would be issued even when the connection case would expect direct
connection without a scan.
This fixed an issue shown in hwsim test case autoscan_exponential
followed by ibss_open_fixed_bssid.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is needed to allow proper Action frame transmission to work without
having to claim these to be offchannel operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
On Android, the control socket being used may be the socket that is
created when wpa_supplicant is started as a /init.*.rc service. Such a
socket is maintained as a key-value pair in Android's environment.
Closing this control socket would leave wpa_supplicant in a bad state.
When wpa_supplicant re-opens the ctrl_iface socket, it will query the
Android's environment, and will be returned with the same socket
descriptor that has already been closed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit inserts Finite Cyclic Group to Anti-Clogging Token request
frame because IEEE Std 802.11-2012, Table 8-29 says "Finite Cyclic Group
is present if Status is zero or 76".
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The country code from the current AP needs to be used in
ieee80211_chan_to_freq() to support cases where non-global operating
class table is used.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous version was valid, but apparently too complex for some
static analyzers. Use a local variable for uri_len and explicitly
compare it against the remaining buffer length. (CID 68121)
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous version was fine, but too much for some static analyzers to
understand as proper bounds checking. (CID 68122)
Signed-off-by: Jouni Malinen <j@w1.fi>
The upper bound for the element length was already verified, but that
was not apparently noticed by a static analyzer (CID 68128).
Signed-off-by: Jouni Malinen <j@w1.fi>
Send link measurement response when a request is received. Advertise
only RCPI, computing it from the RSSI of the request. The TX power field
is left to be filled by the driver. All other fields are not published.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Allow supplying an SSID for the SSID IE. If not supplied, no SSID IE is
sent, and the request implies the current SSID.
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
Add NEIGHBOR_REP_REQUEST command to the wpa_supplicant ctrl_iface.
This command triggers the sending of a Neighbor Report Request to the
associated AP.
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
Add the ability to send a Neighbor Report Request (part of
RRM). Requester is then notified once the report arrives.
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
In case the AP we are associating with advertises support for RRM,
advertise our own RRM support in the (Re)Association Request frame. This
is done by adding an RRM Capabilities IE. The underlying driver is
expected to further add a Power Capabilities IE to the request, and set
the Radio Measurement flag in the Capability Info field. At this point
the RRM Capabilities IE advertises no measurement support.
Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
If the last scans are recent (for now, less than ten seconds old), use
them instead of triggering a new scan when a BSS Transition Management
Request frame is received. As a fallback, allow a new scan to be
triggered if no matches were found.
Signed-off-by: Jouni Malinen <j@w1.fi>
When the list of preferred transition candidates is received, use the
identified channels to optimize the following scan so that no time is
wasted on other channels.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previously cached candidate list needs to be free properly through a
call to wnm_deallocate_memory() to ensure all subelements gets freed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows an AP to steer us to another BSS within the ESS even if that
results in reduced signal strength as long as the signal strength with
the target BSS is expected to provide some connectivity.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to use a separately allocated data structures for this.
A bitfield indicating which information is present and variables within
struct neighbor_report are simpler to use and more efficient.
Signed-off-by: Jouni Malinen <j@w1.fi>
Switch the stop and sending DelTS to avoid sending data packets
for the session after the DelTS, which is otherwise possible.
This also helps the mac80211 implementation as it requires stopping the
traffic flow before sending the DelTS as it may modify the AC parameters
for the affected queue, and that may in turn affect management frames.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This wmm_ac_status command will show the current status for WMM AC.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
wmm_ac_addts command will add (or update) a traffic stream and
wmm_ac_delts command will delete an existing traffic stream.
Each of the above commands will call its corresponding
ctrl_iface command.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Add the TSPEC to the driver on successful TSPEC ADDTS response. Delete
the TSPEC when receiving DELTS action.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Add basic implementation for ADDTS and DELTS sending
functions.
wpas_wmm_ac_addts() will send ADDTS request public action,
containing TSPEC (traffic stream specification) with
the given params.
wpas_wmm_ac_delts() will look for the saved tspec with
the given tid, and send DELTS public action for it.
(Handling of ADDTS response and actually configuring the admission
control params will be added in following patches.)
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Add add_tx_ts() and del_tx_ts() ops to notify the driver about
TSPEC add / delete.
Additionally, add wmm_ac_supported flag to indicate
whether the driver supports WMM AC.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliad@wizery.com>
Initialize WMM AC data structures upon successful association
with an AP that publishes WMM support, and deinitialize the data
structure when the association is no longer valid.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
This patch makes four MIB variables for plink configurable and sets the
correct default values based on IEEE Std 802.11s-2011.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Android 4.4 uses "BSS" command instead of "SCAN_RESULT" command.
So this patch add the mesh scan result for BSS command.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
STAs that have different BSSBasicRateSet cannot connect to each other
as per IEEE 802.11s-2011 9.6.0c1:
"A mesh STA shall not establish a mesh peering with a mesh STA using a
different BSSBasicRateSet."
Make BSSBasicRateSet configurable to improve interoperability with other
stations.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Parse MESH_GROUP_ADD/REMOVE commands on ctrl interface and call
wpa_supplicant routines. These commands are used to start or
join and leave a mesh network.
The mesh id is given in the configuration file, therefore there is
no need to scan before joining a mesh network. We reuse the
connect_without_scan construct used by P2P for that same purpose.
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Javier Lopez <jlopex@gmail.com>
mesh_ht_mode default value is CHAN_UNDEFINED.
So previous code set 11N capability even though 11N is not used.
Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Add a new option "mesh_ht_mode" that specifies the HT mode for the
mesh, with this option on, mesh beacons, actions frames, and probe
responses with include the appropriate HT information elements.
[original implementation by Chun-Yeow Yeoh <yeohchunyeow@gmail.com>]
[some fixes by Masashi Honma <masashi.honma@gmail.com>]
Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Add timer to do SAE re-authentication with number of tries defined
by MESH_AUTH_RETRY and timeout defined by MESH_AUTH_TIMEOUT.
Ignoring the sending of reply message on "SAE confirm before commit"
to avoid "ping-pong" issues with other mesh nodes. This is obvious when
number of mesh nodes in MBSS reaching 6.
Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
New kernels in wiphy_suspend() will call cfg80211_leave_all() that will
eventually end up in cfg80211_stop_ap() unless wowlan_triggers were set.
For now, use the parameters from the station mode as-is. It may be
desirable to extend (or constraint) this in the future for specific AP
mode needs.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
The new AKM uses a different mechanism of deriving the PMKID based on
KCK instead of PMK. hostapd was already doing this after the KCK had
been derived, but wpa_supplicant functionality needs to be moved from
processing of EAPOL-Key frame 1/4 to 3/4 to have the KCK available.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The
functionality itself is not yet complete, i.e., this commit only
includes parts to negotiate the new AKM.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed since the SCAN command with radio work returns before the
actual driver operation to trigger a scan has been executed and as such,
cannot return result of that operation.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Number of documentation and configuration files had references to the
madwifi driver interface that was removed in the previous commit. Remove
these references as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
This helps window managers treat the window properly. Mostly tiling WMs
are affected by this. All other windows inherit this option from QDialog
already.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
If p2p_stop_find is issued after the p2p_scan request is triggered to
the host driver, the obtained scan results are also considered to update
the P2P peer entries. This is not always desired behavior, i.e., it can
be clearer if no P2P-DEVICE-FOUND events are generated based of that
final pending scan.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
With the radio work interface in place, station interface SCAN command
was not scheduled (i.e., it got continously delayed with "Delay station
mode scan while P2P operation is in progress") when a p2p_find was
operational. Fix this be delaying station mode scan only when a P2P
operation is in progress, but not in search state.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
With the radio work interface, the actual request to start p2p_scan
operation is scheduled from a radio work and hence the initial return
value cannot provide the real result of the driver operation to trigger
a scan. Introduce a new notification API to indicate the scan trigger
status based on which the p2p_scan_running instance can be set using the
real return value from the driver operation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In theory, wpas_p2p_disconnect_safely() could have dereferenced the
wpa_s == NULL argument, but in practice, it won't due to the
calling_wpa_s == wpa_s check and wpas_p2p_disconnect() accepting NULL.
Anyway, it is cleaner to add an explicit check for this. (CID 74492)
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for scan result processing or BSS entry removal to occur
while there is a pending connect or sme-connect radio work with a
previously selected BSS entry. The BSS pointer was previously verified
to be valid, i.e., still point to a BSS entry, at the time the actual
connection operation is started. However, that BSS entry could have
changed to point to another BSS if the old BSS entry was either removed
or reallocated and a new BSS entry was added at the same location in
memory. This could result in the connection attempt failing to configure
parameters properly due to different BSS information (e.g., different
BSSID).
Fix this by updated the pending connect radio work data on BSS entry
updates similarly to how the last_scan_res array was updated. If the
selected BSS entry is removed, this will still result in a failed
connection, but reallocated BSS entry is now followed properly and used
when the connection work starts.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit fixes couple of connection failure paths where
wpas_connect_work_done() was not called, thus enabling the radio work
interface to proceed with the other queued actions.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 22628eca34 ('Support driver-based
BSS selection in ap_scan=1 mode') ended up disabling the special
ap_scan=2 WPS case where ap_scan=1 like scan followed by association is
used to find the WPS AP using wildcard SSID. Fix this by allowing
association request even with wpas_driver_bss_selection() when searching
for a WPS AP.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In case of a P2P management device being present, it will be up to that
interface to handle P2P requests.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Such interface is not registered on DBus, thus there is no need to raise
any signal from it.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
DBus client should always request the proper netdev interface. This will
be necessary to get a consistent behavior whatever driver is in use:
iwlwifi (which requires a P2P mgmt dev), ath9/10k (which does not),
etc...
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
This will be useful to hand-off P2P commands from the parent interface
to its dedicated P2P device if that one is present, in DBus interface.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Save the group common frequencies when starting a GO due to
an invitation signaling requesting to re-invoke a persistent GO.
To do so, move the code that handles the translation of p2p_channels to
frequency list into a public function so it can be re-used both when GO
Negotiation is done and invitation signaling is done.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Once a P2P GO interface is configured, save the group common
frequencies, as this can be useful later for channel selection
considerations during channel switch, etc.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Use the 'no_ir' notation instead of the 'passive scan' and
'no_ibss' notations to match the earlier change in nl80211.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The extra_roc_dur parameter can now be used in CONFIG_TESTING_OPTIONS=y
builds to simulate driver behavior where the ROC duration gets increased
without user space request.
Signed-off-by: Jouni Malinen <j@w1.fi>
When GC receives invitation response and tries to re-establish
connection to a persistent group channels from passive list should
be allowed. A missing check for operation mode triggered reselection
of operating channel from active channels only to happen and thus fail
the connect attempt.
Add a check for operation mode and if GC instead use negotiated
frequency (i.e. GO operating channel from invitation response).
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
When mesh is configured in, include the wildcard mesh id so that mesh
networks are returned.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Abele <jason.abele@gmail.com>
Add no_auto_peer parameter, which controls wheter a station will
automatically initiate peering to another mesh peer that comes into
range.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
Modify network mode to support mode number 5 when CONFIG_MESH is
enabled.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
The mesh peering manager establishes and maintains links among
mesh peers, tracking each peer link via a finite state machine.
This implementation supports open mesh peerings.
[assorted fixes from Yu Niiro <yu.niiro@gmail.com>]
[more fixes from Masashi Honma <masashi.honma@gmail.com>]
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-hostap: Bob Copeland <me@bobcopeland.com>
Add user_mpm config parameter, when this is set to 1 (the default) the
peer link management is done on userspace, otherwise the peer management
will be done by the kernel.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
Add routines to (de)initialize mesh interface data structures and
join and leave mesh networks.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
These key management options were missing from the previous set of
parsed information in scan results.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Abele <jason.abele@gmail.com>
Add smps_modes field, and let the driver fill it with its supported SMPS
modes (static/dynamic). This will let us start an AP with specific SMPS
mode (e.g., dynamic) that will allow it to reduce its power usage.
Signed-off-by: Eliad Peller <eliad@wizery.com>
This commit introduces a QCA vendor command and event to provide an
option to use extended versions of the nl80211 connect/roam operations
in a way that allows drivers to offload key management operations to the
driver/firmware.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 1595eb93ae ('P2P: Add support for
60 GHz social channel') had an unintended change to how P2P search scans
2.4 GHz social channels. Use of p2p_supported_freq() to filter the list
of social channels ended up using the disallow_freq setting to remove
social channels from the P2P search scans. This is not desired since
peers need to be found on any of the social channels even if those
channels have been disabled from P2P operating channel use. Restore the
previous behavior by included all the 2.4 GHz social channels in P2P
search scans if the driver indicated support for the 2.4 GHz band.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new "bss_load_update_period" parameter can be used to configure
hostapd to advertise its BSS Load element in Beacon and Probe Response
frames. This parameter is in the units of BUs (Beacon Units).
When enabled, the STA Count and the Channel Utilization value will be
updated periodically in the BSS Load element. The AAC is set to 0 sinze
explicit admission control is not supported. Channel Utilization is
calculated based on the channel survey information from the driver and
as such, requires a driver that supports providing that information for
the current operating channel.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
This moves the addition of P2P Device interface into
wpa_supplicant_add_iface() so that this operation can be done
dynamically when adding an interface to an already running
wpa_supplicant process.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is needed to allow dynamic removal of an interface that adds the
P2P Device interface without leaving behind the management interface
with invalid wpa_s->parent pointer.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is now possible to run hwsim_test like data connectivity test through
wpa_supplicant/hostapd control interface if CONFIG_TESTING_OPTIONS=y is
used for the build. Test functionality is enabled/disabled at runtime
with "DATA_TEST_CONFIG <1/0>". The "DATA_TEST_TX <dst> <src> <tos>"
command can be used to request a test frame to be transmitted.
"DATA-TEST-RX <dst> <src>" event is generated when the test frame is
received.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was forgotten when the key_mgmt parser for SAE and FT-SAE was
added.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Thomas Pedersen <thomas@noack.us>
Create init_mesh, mesh_join, and mesh_leave actions to kernel.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Convert the driver flags variable to u64 since there was no room for
more flags.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Javier Cardona <javier@cozybit.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
Add an implementation of Synthetic Initialization Vector (SIV)
Authenticated Encryption Using the Advanced Encryption Standard (AES).
This mode of AES is used to protect peering frames when using
the authenticated mesh peering exchange.
Signed-off-by: Javier Lopez <jlopex@gmail.com>
Signed-off-by: Jason Mobarak <x@jason.mobarak.name>
Signed-off-by: Bob Copeland <me@bobcopeland.com>
It was possible to issue the P2P_GROUP_REMOVE command through the
per-interface control interface. This resulted in freed memory getting
accessed when trying to send the control interface response to the
operation that ended up deleting the group interface. Fix this by
postponing the removal operation until the caller has returned.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes wpa_supplicant SME create PMKSA cache entries from SAE
authentication and try to use PMKSA caching if an entry is found for the
AP. If the AP rejects the attempt, fall back to SAE authentication is
used.
Signed-off-by: Jouni Malinen <j@w1.fi>
Increase EAPOL startWhen to 2 for the case where the AP/GO has
advertised it supports WPS 2.0. This is done to make it less likely for
the EAPOL-Start frame to be sent out since that is only required for WPS
1.0. Not sending it can remove one unnecessary round trip from the EAP
exchange when the AP is going to start with EAP-Request/Identity
immediately based on the Association Request frame.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 152cff6ba6 ('P2P: Remove
WPA_DRIVER_FLAGS_P2P_MGMT option') removed the only non-zero return from
wpas_p2p_stop_find_oper(), but did not remove the useless return value
or the return check in wpas_p2p_stop_find(). Clean these up by removing
unreachable code and useless return value.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
This is needed for number of items and it was possible to make a build
configuration that did not include ieee802_11_common.c while still
trying to use functions from there. While it would be possible to add
NEED_80211_COMMON=y to all the cases where this file is needed, the
extra complexity from this is not really justifiable anymore, so include
the file unconditionally.
Signed-off-by: Jouni Malinen <j@w1.fi>
The MACsec addition placed one of the calls outside the #ifdef
IEEE802X_EAPOL block while the variable needed for this was defined only
within the block.
Signed-off-by: Jouni Malinen <j@w1.fi>
This information can be used to determine whether the event is generated
for a new peer that was added or due to an update in the information for
an existing peer.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled for TLS-based EAP methods when
OpenSSL is used as the TLS library. This parameter can be used both as a
global parameter to set the default for all network blocks and as a
network block parameter to override the default for each network
profile.
Signed-off-by: Jouni Malinen <j@w1.fi>
Mark the variable as unsigned and make the length check use "len > end -
pos" version to makes this easier to understand for static analyzers
(CID 74155).
Signed-off-by: Jouni Malinen <j@w1.fi>
len + pos > end comparison here did verify that the length field had a
valid value, but that did not seem to enough to avoid TAINTED_SCALAR
warning. Re-order that validation step to be equivalent "len > end -
pos" to remove these false positives (CID 68116).
Signed-off-by: Jouni Malinen <j@w1.fi>
The driver_test.c driver wrapper (-Dtest in wpa_supplicant and
driver=test in hostapd) was previously used for testing without real
Wi-Fi hardware. mac80211_hwsim-based tests have practically replaced all
these needs and there has been no improvements or use for driver_test.c
in a long while. Because of this, there has not really been any effort
to maintain this older test tool and no justification to change this
either. Remove the obsoleted test mechanism to clean up the repository.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, wpas_set_wowlan_triggers() could have been called in
uninitialized wpa_driver_capa data if the driver interface did not
support reporting of capabilities. While this would not really happen
with a driver wrapper that implements set_wowlan() and as such, would
not cause any difference in practice, it is better to clean this up to
make the code path easier to understand for static analyzers.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new ext_eapol_frame_io parameter can be used to configure hostapd
and wpa_supplicant to use control interface for receiving and
transmitting EAPOL frames. This makes it easier to implement automated
test cases for protocol testing. This functionality is included only in
CONFIG_TESTING_OPTIONS=y builds.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
A P2P Client may be able to connect to the GO even if the WPS
provisioning step has not terminated cleanly (e.g., P2P Client does not
send WSC_Done). Such group formation attempt missed the event
notification about started group on the GO and also did not set the
internal state corresponding to the successful group formation.
This commit addresses the missing part by completing GO side group
formation on a successful first data connection if WPS does not complete
cleanly. Also, this commit reorders the STA authorization indications to
ensure that the group formation success notification is given prior to
the first STA connection to handle such scenarios.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, this variable did not necessarily get cleared between group
formations and could result in some of the workaround operations from
not being executed after the first group formation when using the same
interface for all P2P groups. Fix this by clearing the variable whenever
starting the GO to make sure it is used consistently for each group
formation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for local deauthentication request to leave sme-connect
radio work running even when there was no ongoing effort to complete the
connection anymore. Clean this up by marking sme-connect radio work
item, if any, done when clearing connection state after such
disconnection during connection.
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible for group formation timeout to be the trigger for
detecting the second PSK/4-way handshake failure. If that happened, the
special reason=PSK_FAILURE was not used in the P2P-GROUP-REMOVED event
even though P2P-PERSISTENT-PSK-FAIL did get reported. Fix this special
case by replacing the reason code with PSK_FAILURE if the PSK failure
timeout gets registed as part of the disconnection processing in the
formation timeout handler.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use os_exec() to run the action script operations to avoid undesired
command line processing for control interface event strings. Previously,
it could have been possible for some of the event strings to include
unsanitized data which is not suitable for system() use. (CVE-2014-3686)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 86bd36f0d5 ("Add generic
mechanism for adding vendor elements into frames") has a minor bug
where it miscalculates the length of memory to move using
os_memmove. If multiple vendor elements are specified then this can
lead to out of bounds memory accesses.
This patch fixes this by calculating the correct length of remaining
data to shift down in the information element.
Signed-off-by: Toby Gray <toby.gray@realvnc.com>
Use hostapd_freq_params instead of simple frequency parameter for driver
commands. This is preparation for IBSS configuration to allow use of
HT/VHT in IBSS.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Previously, the case of non-netdev P2P management device ended up
pulling in both the main interface (e.g., wlan0) and P2P Device
interface (from command line -m argument) as configuration. Similarly,
the main interface ended up included both configuration files. This is
not really helpful for various use cases, e.g., when permanent P2P group
information is stored in the P2P Devince interface, but it gets
duplicated in the main station interface configuration.
Clean this up by changing the -m<file> argument to replace, not
concatenate, configuration information. In other words, the main station
interface will not read this configuration and the P2P Device interface
(non-netdev) does not read parameters from the station interface
configuration file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Relying on qos qosinfo is not enough, as it can be 0 for WMM enabled
peers that don't support U-APSD. Further, some peers don't even contain
this IE (Google Nexus 5), but do contain the WMM IE during setup.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Some drivers need to know the initiator of a TDLS connection in order
to generate a correct TDLS mgmt packet. It is used to determine
the link identifier IE. Pass this information to the driver.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
mac_addr=2 and preassoc_mac_addr=2 parameters can now be used to
configure random MAC address to be generated by maintaining the OUI part
of the permanent MAC address (but with locally administered bit set to
1). Other than that, these values result in similar behavior with
mac_addr=1 and preassoc_mac_addr=1, respectively.
Signed-off-by: Jouni Malinen <j@w1.fi>
Support 60 GHz band in P2P module by selecting random social channel
from all supported social channels in 2.4 GHz and 60 GHz bands.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This permits to set or unset the WiFi Display subelements from DBus, by
providing the full WFD specific IE frame.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
If "STA_AUTOCONNECT 0" has been used to disable automatic connection on
disconnection event and the driver indicates multiple disconnection
events for the disconnection from the current AP when WPS is started, it
could have been possible to hit a case where wpa_s->disconnected was set
to 1 during WPS processing and the following scan result processing
would stop the operation.
wpa_s->key_mgmt == WPA_KEY_MGMT_WPS check was trying to avoid to skip
autoconnect when WPS was in use, but that does not seem to work anymore.
Fix this by checking through wpas_wps_searching() as well to avoid
setting wpa_s->disconnect = 1 when there is an ongoing WPS operation.
Signed-off-by: Jouni Malinen <j@w1.fi>
This check is already being done on wpas_p2p_deinit_iface.
Of course, it is assumed wpa_s is not deinit when reaches
that point as a matter of fact.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
As P2P service are not necessarily attached to a iface, when
added, proceed with same approach on p2p global deinit. Such
approach solves memory leaks ocurring upon wpa_supplicant
termination, when p2p services were registered previously.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
This adds experimental support for wpa_supplicant to assign random local
MAC addresses for both pre-association cases (scan, GAS/ANQP) and for
connections. MAC address policy for each part can be controlled
separately and the connection part can be set per network block.
This requires support from the driver to allow local MAC address to be
changed if random address policy is enabled. It should also be noted
that number of drivers would not support concurrent operations (e.g.,
P2P and station association) with random addresses in use for one or
both.
This functionality can be controlled with the global configuration
parameters mac_addr and preassoc_mac_addr which set the default MAC
address policies for connections and pre-association operations (scan
and GAS/ANQP while not connected). The global rand_addr_lifetime
parameter can be used to set the lifetime of a random MAC address in
seconds (default: 60 seconds). This is used to avoid unnecessarily
frequent MAC address changes since those are likely to result in driver
clearing most of its state. It should be noted that the random MAC
address does not expire during an ESS connection, i.e., this lifetime is
only for the case where the device is disconnected.
The mac_addr parameter can also be set in the network blocks to define
different behavior per network. For example, the global mac_addr=1 and
preassoc_mac_addr=1 settings and mac_addr=0 in a home network profile
would result in behavior where all scanning is performed using a random
MAC address while connections to new networks (e.g.,
Interworking/Hotspot 2.0) would use random address and connections to
the home network would use the permanent MAC address.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends "wpa_cli -a<action script>" functionality to work with the
global wpa_supplicant control interface. The IFNAME=<ifname> prefix is
removed from the event messages and converted to the control interface
name when present. Previously, action scripts could only be used with
the per-interface control interfaces.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Number of other buffers were already increased to this size, but the
buffer used for receiving unsolicited event messages from wpa_supplicant
(e.g., for wpa_cli action scripts) was still at the older 256 byte size.
This could result in some events getting truncated. Avoid this by using
the same 4096 byte buffer size here as in the other places receiving
messages from wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The ifname_prefix string could change during line editing and the
periodic PING command running in the background ended up getting the
latest snapshot of the command line due to the pointer being left to
point to the edit buffer. This resulted in unexpected prefix strings
getting used with the periodic PING command. Fix this by temporarily
clearing the ifname_prefix whenever running such a periodic PING.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The commit 5cd4740580 has rearranged the
update scan results code and hence the IEs were not getting updated
properly for ap_scan=1 case. This can result in a 4-way handshake
failure in the roaming case (IE mismatch in 3/4 EAPOL). Fix this by
updating the scan results even if ap_scan=1 is used and network does not
need to get reselected based on association information.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Jouni Malinen <j@w1.fi>
It also allows to use the STATUS command with default behavior,
say for debug, i.e., don't generate a "fake" CONNECTION and
SUPPLICANT_STATE_CHANGE events with the new STATUS-NO_EVENTS case.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
In theory, this call could fail, so check the return value before using
the received data. These specific cases would not really care much about
the failures, but this keeps the code more consistent and keeps static
analyzer warnings more useful. (CID 72678, CID 72679, CID 72680,
CID 72683, CID 72689, CID 72698, CID 72703)
Signed-off-by: Jouni Malinen <j@w1.fi>
The network block bssid parameter can be used to force a specific BSS to
be used for a connection. It is also possible to modify this parameter
during an association. Previously, that did not result in any
notification to the driver which was somewhat problematic with drivers
that take care of BSS selection. Add a new mechanism to allow
wpa_supplicant to provide a driver update if the bssid parameter change
for the current connection modifies roaming policy (roaming
allowed/disallowed within ESS).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
An interoperability issue with a deployed AP has been identified where
the connection fails due to that AP failing to operate correctly if
PMKID is included in the Association Request frame. To work around this,
allow EAPOL-Start packet to be transmitted on startWhen reaching 0 even
when trying to use PMKSA caching. In practice, this allows fallback to
full EAP authentication if the AP/Authenticator takes more than 1-2
seconds to initiate 4-way handshake for PMKSA caching or full EAP
authentication if there was no PMKSA cache match.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, the shorter startWhen value was used based on build
parameters (i.e., if WPS was enabled). This is not really ideal and the
knowledge of WPS use can be provided to the EAPOL state machine to allow
this (and similar WPS workarounds) to be done only when the association
is for the purpose of WPS.
Reduce the default startWhen value from 3 to 2 seconds for non-WPS case
since WPS builds have likely received most testing for the past years
with the 1 second value and there is no strong justification for forcing
the longer 3 second wait should a frame be lost or something else
require the EAPOL-Start to initiate operation after a connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Currently to signal PropertiesChanged upon group client
removal (group property), wpa_supplicant dbus uses wpa_s
members like go_dev_addr and current_ssid, for instance.
Thus, deferring p2p client deauth to after dbus notify,
but keeping the same order as before, solves the issue,
as wpa_s is not yet completely deinitialized.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
"Age" is the age in seconds since the BSS was last seen, and is
emitted as a PropertyChanged signal whenever the BSS is updated
from a scan result. It also returns the correct age when queried
directly.
This property can be used to resolve issues where, if no other
properties of the BSS changed from scan results (for example,
if the BSS always had 100% signal) no D-Bus signals would be
emitted to indicate that the BSS had just been seen in the scan.
Signed-hostap: Dan Williams <dcbw@redhat.com>
While building Association Request frame IEs we should consider adding
P2P IEs only on interface where P2P functionality is enabled. Consider
per interface p2p_disabled parameter before adding P2P IEs to complete
the checks for this.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Some deployed APs send two credentials when in mixed-WPA/WPA2
configuration; one for the WPA-Personal/TKIP and the other for
WPA2-Personal/CCMP. Previously, this would result in two network blocks
getting added for the single AP. This can be somewhat confusing and
unnecessary, so merge such credentials into a single one that allows
both WPA and WPA2 to be used.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, the P2P Interface Address of the peer gets updated in the
peer table every time based on the scan results.
For example, in a two port concurrency scenario, where the peer device
has two interfaces with unique P2P Interface Addresses and with same P2P
Device Address, based on the Probe Response/Beacon frames from these two
interfaces, their peer table gets updated, but each of these updates
happens in the peer table only based on the P2P Device Address. So, the
same peer's P2P Interface address is updated every time and hence, at
any instant, only one P2P Device Address to P2P Interface Address
mapping entry exist in the peer table for the peer which has two
interfaces.
When we try to join a group operated by the peer, lookup happens in the
peer table and when an interface entry is not available, the pending
interface address gets overwritten with the P2P Device Address and hence
the P2P connection can fail. Since the BSS table is the one that is
up-to-date, this fix will ensure that the interface overwriting will
happen only when there is no BSS entry for the pending P2P Interface
Address as well.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Global freq_list scan filtar was taken into account only by
req_scan and not by req_sched_scan. We want to allow the user
to limit the channels that wpa_supplicant will scan in req_sched_scan
requests as well.
Signed-off-by: Bojan Prtvar <bojan.prtvar@rt-rk.com>
Before fixing this issue, calling wpas_dbus_getter_p2p_device_config
was causing early termination of dbus connection, due to writing
values to an already closed dict.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
In order to find a GO interface, there has to be a
comparison among two SSIDs, instead of a wpa_ssid and
a ssid.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
First for better concistancy but also to tell about the group_object
that is getting removed, thus the client will know about it and will be
able to act accordingly.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
When p2p_cancel is invoked while the GO Negotiation Action TX was
pending, the p2p_send_action_work was not getting cleared.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
The parameter wowlan_triggers is a global string and is not recognised
if it is embraced with double-quotes.
Signed-off-by: Philippe Nunes <philippe.nunes@linux.intel.com>
The PAME-BI bit in the Advertisement Protocol element is reserved for
non-AP STA, so this function will never set that bit to one and as such,
there is not much point in maintaining the placeholder dead code for
this either. (CID 68107)
Signed-off-by: Jouni Malinen <j@w1.fi>
The PSK/passphrase are needed for the control interface events since the
upper layer UI component is required by the specification to be able to
make this available for manual configuration. However, this is not
needed in the INFO verbosity level debug entry, so split the event
generation into two parts.
Signed-off-by: Jouni Malinen <j@w1.fi>
This makes it easier to change the event message message for indication
when P2P group has stated and removes some duplicated code.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows external programs to use vendor specific information from
P2P peers without wpa_supplicant having to be able to parse and
understand all such vendor specific elements.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds following new control interface commands to allow arbitrary
vendor elements to be added into number of frames:
VENDOR_ELEM_ADD <frame id> <hexdump of elem(s)>
VENDOR_ELEM_GET <frame id>
VENDOR_ELEM_REMOVE <frame id> <hexdump of elem(s)>
VENDOR_ELEM_REMOVE <frame id> *
The following frames are supported in this commit (additional frames can
be added in the future):
0 = Probe Request frame in P2P device discovery
1 = Probe Response frame from P2P Device role
2 = Probe Response frame from P2P GO
3 = Beacon frame from P2P GO
4 = PD Req
5 = PD Resp
6 = GO Neg Req
7 = GO Neg Resp
8 = GO Neg Conf
9 = Invitation Request
10 = Invitation Response
11 = P2P Association Request
12 = P2P Association Response
One or more vendor element can be added/removed with the commands. The
hexdump of the element(s) needs to contain the full element (id, len,
payload) and the buffer needs to pass IE parsing requirements to be
accepted.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, offloaded scanning (PNO) on Android was including SSIDs from
all enabled networks regardless of the scan_ssid parameter which
resulted in different behavior for the offloaded case when comparing to
wpa_supplicant initiated scans.
Use the sched_scan match filter to allow broadcast SSID to be used for
scan_ssid=1 networks also with PNO to avoid running active scans for
SSIDs that have not been explicitly marked as requiring an SSID-specific
scan. This reduces exposure of configured network names on the device
when running offloaded scans while the host device is in sleep.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This would not really be needed since these functions check the pointer
above. However, this seems to be too difficult for some static analyzer,
so add the extra check to avoid false reports.
Signed-off-by: Jouni Malinen <j@w1.fi>
This can be used to configure a Hotspot 2.0 Release 2 network externally
for a case where wpa_supplicant-based Interworking network selection is
not used and the update_identifier cannot be copied directly from a
cred.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Incorrect field was used to determine the init=<value> in the regulatory
domain changed control interface event.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new "scan_id=<comma separated list of network ids>" parameter can
now be used to specify a list of network ids that have scan_ssid=1 to
indicate active scanning of the SSID. This adds the listed SSIDs to the
scan command to allow manual scan requests to perform active scans for
hidden SSIDs. For example, "SCAN scan_id=1,7,11" would run a scan with
the SSID fetched from the configured network blocks 1, 7, and 11
(assuming those are set with scan_ssid=1). The SSIDs will be included
even from network blocks that are currently disabled.
The maximum number of SSIDs added to the request is limited by the
driver support. If more than supported values are specified, the command
will fail (returns "FAIL").
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Use an explicit memset call to clear any wpa_supplicant configuration
parameter that contains private information like keys or identity. This
brings in an additional layer of protection by reducing the length of
time this type of private data is kept in memory.
Signed-off-by: Jouni Malinen <j@w1.fi>
build_root_nai() will not be extended to write something after the
domain, so there is no need to update the pos pointer after the final
os_snprintf() call in the function. Remove this to make a static
analyzer happier.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is not really necessary check, but it keeps a static analyzer
happier by avoiding dead increment. Doing it this way rather than
removing the increment is less likely to cause problems when new entries
are added here in the future (the "dead" increment would be very much
needed in those cases).
Signed-off-by: Jouni Malinen <j@w1.fi>
The pointer to the current position is enough to figure out whether the
proto string is the first one in the buffer. Removing the separate
tracking variable cleans up a static analyzer warning on dead
assignment.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds an explicit limit for the maximum Wi-Fi Display subelement
length for ASCII hexdump. This would not really be needed since the
buffer is already limited by maximum frame length. Anyway, since this
can make static analyzers happier and the subelement used with this
function is short, we may as well include an explicit check.
Signed-off-by: Jouni Malinen <j@w1.fi>
While the buffer is expected to be large enough for all the IEs, it is
better to check for this explicitly when adding the HS 2.0 Indication
element. (CID 68601)
Signed-off-by: Jouni Malinen <j@w1.fi>
The previously used design was a bit too complex for static analyzers
(e.g., CID 68131, CID 68133) to understand which resulted in false
warnings about uninitialized memory. Avoid this by explicitly
initializing the pointer array to NULL and also skipping any invalid
NULL entry in the helper function.
Signed-off-by: Jouni Malinen <j@w1.fi>
GroupMember is unusable in itself and all the necessary informations are
stored in Peer objects, thus replace the use of GroupMember by Peer.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
If only the Peer is part of one or more group, this property will tell
those via listing their object paths.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
This will be useful for a peer to know if it is part of a group either
as a client of our local GO or as the peer GO.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Commit e9852462d5 ('eapol_test: Add PC/SC
reader and PIN command line arguments') did not add break to the switch
statement for the new -R command line option.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Previously, eight character random passphrase was generated
automatically for P2P GO. The new p2p_passphrase_len parameter can be
used to increase this length to generate a stronger passphrase for cases
where practicality of manual configuration of legacy devices is not a
concern.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new command line arguments -R<reader> and -P<PIN> can now be used to
specify which PC/SC reader (prefix match) and PIN are to be used.
Signed-off-by: Jouni Malinen <j@w1.fi>
There is no need to trigger new SA Query procedure to check the state of
the connection immediately after having performed such a check. Limit
the impact of burst of unprotected Deauth/Disassoc frames by starting a
new SA Query procedure only once at least 10 seconds has passed from the
previous SA Query that was triggered by reception of an unprotected
disconnection. The first SA Query procedure for each association does
not follow this rule to avoid issues with test cases that expect to see
an SA Query every time.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
"TDLS_TEARDOWN *" can now be used to tear down the direct links to all
TDLS peers. This is useful for debugging purposes.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
If a link is unreachable, the specification mandates we should send a
teardown packet via the AP with a specific teardown reason. Force this
by first disabling the link and only then sending the teardown packet
for the LOW_ACK event.
Rename the TDLS LOW_ACK event handler to better reflect its purpose.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
This removes number of unnecessary #ifdef CONFIG_P2P blocks from generic
code by hiding the conditional build into p2p_supplicant.h with empty
inline functions.
Signed-off-by: Jouni Malinen <j@w1.fi>
Performing a P2P Device flow such as p2p_listen or
p2p_find, can degrade the performance of an active interface
connection, if the listen frequency is different than the
frequency used by that interface.
To reduce the effect of P2P Device flows on other interfaces,
try changing the listen channel of the P2P Device to match the
operating channel of one of the other active interfaces. This change
will be possible only in case that the listen channel is not forced
externally, and will be delayed to a point where the P2P Device
state machine is idle.
The optimization can be configured in the configuration file and
is disabled by default.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
In case there is no preference for the GO operating channel,
try using one of 1, 6, 11 (randomly), and only if the random
selection is not suitable traverse all the channels 1..11.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Remove the seperation between getting the local interface frequency and
other interfaces frequencies since going over all the radio interfaces
includes the local interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
When the number of frequencies supported by the kernel is bigger than
one, and there is a need to pick a frequency for a new flow such as P2P
GO Negotiation or P2P Invitation, the flow should be able to pick the
best frequency among all the frequencies currently used by the device.
In order to prioritize between the currently used frequencies, add
the ability to collect additional data about each used frequency
(if the frequency is used by a station interface or P2P Client)
and when needed select the best frequency, where:
1. Infrastructure interfaces have highest priority
2. P2P Client interfaces have higher priority over AP/GO
interfaces.
The rational is that the frequency of an AP/GO can change while
that of a station interface cannot.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Remove the check for get_radio_name support from
get_shared_radio_freqs_data() since get_radio_name is no longer in use
in this function.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Most of these calls are checked to return success and there is no reason
why these wouldn't, so be more consistent. This addresses CID 62841,
CID 62840, CID 62839, CID 62838, CID 62837, CID 62836.
Signed-off-by: Jouni Malinen <j@w1.fi>
If this chmod() call fails, the global control interface is allowed to
be used since there was no change to its group. Anyway, it can be
helpful to note the error case in debug log instead of silently ignoring
it.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit b125c48fce ('P2P: Add wfd_dev_info=
field for device found event') added Wi-Fi Display device info to the
P2P-DEVICE-FOUND events. However, it did not include proper bounds
checking in wifi_display_subelem_hex() and could accept subelements with
invalid length field values. This could result in buffer read overflow
of up to 64 kB and inclusion of heap memory in the local control
interface event and/or process crash due to invalid memory access. Fix
this by checking the validity of the length field before writing a
hexdump of the data.
Signed-off-by: Jouni Malinen <j@w1.fi>
The vendor_ext[i] = NULL setting did not make any sense since
num_vendor_ext should have been used to index the vendor_ext array. The
old code did not do any harm since i >= num_vendor_ext and none of the
already set entries could have been cleared. Anyway, better clean this
by making it skip the setting to NULL similarly to what was already done
in the P2P peer vendor ext getter.
Signed-off-by: Jouni Malinen <j@w1.fi>
The OSEN code path hardcodes number of struct wpa_ie_data items.
However, it did not clear the full structure and some uninitialized
fields could have been used (e.g., ie.mgmt_group_cipher for a debug
print and ie.capabilities for checking MFPC). Fix this by clearing the
ie data before filling in the hardcoded OSEN values.
Signed-off-by: Jouni Malinen <j@w1.fi>
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.
Signed-off-by: Jouni Malinen <j@w1.fi>
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.
Signed-off-by: Jouni Malinen <j@w1.fi>
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.
Signed-off-by: Jouni Malinen <j@w1.fi>
There were couple of missing breaks in switch-default (before/after).
While these did not have any noticeable issues due to falling over to
the next step that just exited from the switch statement, it is cleaner
and more robust to have each case use an explicit break.
Signed-off-by: Jouni Malinen <j@w1.fi>
The tmpentry variable was not initialized and
_wpa_dbus_dict_entry_get_byte_array() does not set tmpentry.type, so it
would have been possible for the error path to end up trying to free
unexpected type of an entry or not free the memory at all.
Signed-off-by: Jouni Malinen <j@w1.fi>
This avoids an incorrect ARRAY_VS_SINGLETON report for a case where a
pointer is taken to the specified field in a frame and not to a single
octet. Bounds checking was already handled separately.
Signed-off-by: Jouni Malinen <j@w1.fi>
Due to an incorrect operation (MOD vs. AND), the code that was supposed
to return an error if the hex string has odd length was not really
reporting any failures. Instead of reporting an error, the invalid
control interface command would have been truncated. This is not an
issue in practice, but better fix the implementation anyway.
Signed-off-by: Jouni Malinen <j@w1.fi>
If a dict would include duplicated items, the parsing code here would
have leaked memory by overwriting old os_strdup() result with the new
one. Fix this by explicitly freeing the previous entry. This addresses
CID 62852, CID 62851, CID 62850, CID 62849, CID 62847, CID 62846.
Signed-off-by: Jouni Malinen <j@w1.fi>
It would have been at least theoretically possible to hit the first
error in the loop and end up jumping to error handling which would call
os_free(value) without the value having been cleared after the os_free()
call at the end of the previous loop iteration.
Signed-off-by: Jouni Malinen <j@w1.fi>
The GAS query TX operation used a fixed wait time of 1000 ms for the
reply. However, it would be possible for the driver to not support this
long remain-on-channel maximum. Limit this wait time based on driver
support, if needed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes the p2p_find default delay value configurable as
p2p_search_delay parameter through the configuration file (and through
control interface "SET p2p_search_delay <value>" on the P2P management
interface.
This parameter controls the number milliseconds of extra delay that is
added between search iterations when there is a concurrent operation in
progress. This can be used, e.g., p2p_search_delay=100 to make p2p_find
friendlier to concurrent operations by avoiding it from taking 100% of
the radio resources. The default value is the previous default, i.e.,
500 ms. Smaller values can be used to find peers more quickly at the
cost of larger effect to concurrent operations while a larger value
leaves more time for the concurrent operations at the cost of making
device discovery take longer time.
The optional p2p_find delay argument can still be used to override the
search delay for each search operation.
Since the P2P_CONCURRENT_SEARCH_DELAY macro is not used anymore, the
driver specific build parameter for bcmdhd from Android.mk is also
removed. Similar configuration can now be achieved with
p2p_search_delay=0 in the p2p0 interface configuration file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant_event() is required to include the event data for AP mode
events. In theory, a non-AP mode event could be sent here from the
driver wrapper, so reject such event.
Signed-off-by: Jouni Malinen <j@w1.fi>
Prepare for new extended capabilities bits by checking that the local
buffer is large enough to contain all the bits the driver requests. The
existing buffers are large enough to include anything defined until now,
but it would be possible to add more definitions in the future, so
increase them a bit as well to make this more future proof.
Signed-off-by: Jouni Malinen <j@w1.fi>
Instead of allowing the connection attempt to occur with an unsupported
inner method, check for that explicitly at the time the network block is
added and drop the network if the identified inner method is not
supported.
Signed-off-by: Jouni Malinen <j@w1.fi>
This cannot really be NULL in practice since cred->eap_method would
point to a valid EAP method. Anyway, to avoid false positive from
analyzers, check the pointer explicitly before printing it.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is mainly to keep static analyzers silent since it does not look
like this code path can be reached in practice due to the way
association events are handled and current_ssid is either set before
resched here or the association is rejected. Anyway, if this could be
reached, the wpa_supplicant_set_wpa_none_key() call would end up
dereferencing a NULL pointer, so add an explicit check to make sure that
does not happen.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the offchannel TX frame command was offloaded to the driver in
offchannel_send_action(), we must not send another copy of the frame if
a remain-on-channel event happens to be delivered between this TX
command and the matching TX status event. It was possible for the
duplicated frame to cause problems, e.g., with P2P invitation exchange
if the same Invitation Request frame got sent twice and only the first
one getting accepted by the peer.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The dynamically allocated struct wpa_external_work contains the name of
the radio work in the type field and this is used in a debug print
within radio_work_done(). Re-order radio_work_done() and os_free() calls
on couple of paths where the memory was freed before that final user of
the buffer.
Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_supplicant was giving below error when "CONFIG_MODULE_TESTS=y" and
"CONFIG_P2P=y" are in .config file:
"wpas_module_tests.c:84: undefined reference to `wps_module_tests'"
This error is coming because "CONFIG_WPS=y" is commented out in .config
file but CONFIG_WPS is getting enabled by CONFIG_P2P in Makefile.
Signed-off-by: Amit Khatri <amit.khatri@samsung.com>
For one specific case when running with Interworking enabled the
re-initialisation of the scan timer is missing. This makes auto connect
to a configured network fail.
The case is:
- Interworking credentials available, but do not match
- Auto interworking is enabled (auto_interworking=1)
- Interworking auto select is disabled (i.e., this is from
auto_interworking=1, not from INTERWORKING_SELECT auto)
- No configured (enabled and non blacklisted) networks are present
in scan results list with full match
- Interworking finds matching networks (it does not do full security
policy match)
This patch covers the case and re-initialises the scan timer to allow
search for a suitable network to continue.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
This makes the operations more consistent when going through multiple
persistent group re-invocation sequences in a row. Each invitation needs
to be accepted separately if persistent reconnect is not enabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds [DMG] and [PBSS] flags for scan results and BSS table entries
using the IEEE Std 802.11ad-2012 updated definition of the Capability
field.
Signed-off-by: Boris Sorochkin <qca_bsoroc@qca.qualcomm.com>
This patch adds epoll option for the eloop implementation. This can be
selected with the CONFIG_ELOOP_EPOLL=y build option.
[merit]
See Table1.
Table1. comparison table
+--------+--------+-----------+------------+-------------+
| | add fd | remove fd | prepare fd | dispatch fd |
+--------+--------+-----------+------------+-------------+
| select | O(1) | O(1) | O(N) | O(N) |
+--------+--------+-----------+------------+-------------+
| poll | O(1) | O(1) | O(N) | O(N) |
+--------+--------+-----------+------------+-------------+
| epoll | O(1) | O(1) | 0 | O(M) |
+--------+--------+-----------+------------+-------------+
"add fd" is addition of fd by eloop_sock_table_add_sock().
"remove fd" is removal of fd by eloop_sock_table_remove_sock().
"prepare fd" is preparation of fds before wait in eloop_run().
"dispatch fd" is dispatchment of fds by eloop_sock_table_dispatch().
"N" is all watching fds.
"M" is fds which could be dispatched after waiting.
As shown in Table1, epoll option has better performance on "prepare fd" column.
Because select/poll option requires setting fds before every select()/poll().
But epoll_wait() doesn't need it.
And epoll option has also better performance on "dispatch fd" column.
Because select/poll option needs to check all registered fds to find out
dispatchable fds. But epoll option doesn't require checking all registered fds.
Because epoll_wait() returns dispatchable fd set.
So epoll option is effective for GO/AP functionality.
[demerit]
The epoll option requires additional heap memory. In case of P2P GO, it is
about 8K bytes.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
The group object is already registered on DBus at that point, thus wpa_s
structure holds its path already.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Fixes a minor mistake: the p2p_info structure should be used here
instead of the peer_handler_args one.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
These signals delivers an array of key/value pairs, thus declaring those
as it should.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
When there is a pending WPS negotiation for P2P and signal interrupt is
triggered, invalid read occurs in wpas_wps_terminate_pending() if
wpas_p2p_disconnect() removed the interface. Inverting deinit order
solves the issue.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
The radio works for the interface get removed if interface is disabled.
This could have left P2P module in invalid state if the interface got
disabled during a p2p_find or p2p_listen operation. Clear the state in
such a case to avoid blocking following operations due to P2P module
assuming it is still in progress of doing something.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This new command can be used to simulate driver events without having to
go through the driver wrapper or kernel code for this. This enables more
testing coverage with hwsim.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It looks like there was a possible sequence for wpa_s->scan_req to be
MANUAL_SCAN_REQ at the moment a GO is to be started. This could result
in the "Request scan (that will be skipped) to start GO" to actually not
skip the scan and end up stuck waiting for something external to trigger
a scan before the GO could be started. Fix this by clearing
wpa_s->scan_req when deciding to start the GO.
This issue could be hit at least by first enabling autoscan and then
issuing P2P_GROUP_ADD. Other sequences that set wpa_s->scan_req to
MANUAL_SCAN_REQ without going through wpa_supplicant_scan() to clear it
immediately could also have similar effect (and there is even a small
window for the wpa_supplicant_scan() call to happen only after the
P2P_GROUP_ADD command is processed, so this could potentially have
happened even with SCAN + P2P_GROUP_ADD).
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 41d5ce9e0b was intended to scan for
GO on the negotiated channel for few iterations, but it did not work
correctly due to incorrect operator being used. Fix this by requiring
both conditions to be met for the single channel scan.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
On receiving CHANNEL_LIST_CHANGED event from driver, verify that local
GO (if any) is operating in valid frequency. If not, we should remove
the group and reform on valid frequency. Indicate this similarly to the
avoid-frequency notification (i.e., a control interface message for
upper layers to react to this for now; potentially CSA later).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This command allows to copy network variable from one network to
another, e.g., to clone the psk field without having to extract it from
wpa_supplicant.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Valgrind indicates reference to already freed memory if function
wpa_config_remove_network() is called prior to calling
wpa_supplicant_deauthenticate(), and this can lead to a crash.
Inverting the call order fixes the problem.
Signed-off-by: Hannu Mallat <hannu.mallat@jollamobile.com>
The new command line argument -e can be used to request the server to
send EAP-Key-Name in Access-Accept. If both the local EAP peer
implementation and server provide the EAP Session-Id, compare those
values and indicate in debug log whether a match was seen.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends Interworking network selection to enable FT-EAP as an
optional key_mgmt value to allow FT to be used instead of hardcoding
WPA2-Enterprise without FT.
Signed-off-by: Jouni Malinen <j@w1.fi>
No need to call ibss_rsn_deinit() again since it is already being called
by wpa_supplicant_mark_disassoc().
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Do not perform extended listen period operations when either a P2P
connection is in progress. This makes the connection more robust should
an extended listen timer trigger during such an operation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
No need to use ENOBUFS within core wpa_supplicant, so just replace it
with -1 to work arounds MinGW build issues.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a new wowlan_triggers option to wpa_supplicant.conf. The triggers in
this key will be used to configure the kernel wowlan configuration.
For now, support only simple flags. More complex triggers can be added
later on.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
This was supposed to end with a newline character so that parameters are
aligned in configuration file.
Signed-off-by: Sreenath Sharma <sreenats@broadcom.com>
The previous check for dl_list_len() or having an entry from the list is
sufficient, but some static analyzers cannot figure out that
dl_list_first() and dl_list_last() will return non-NULL in this type of
cases. Avoid invalid reports by explicitly checking for NULL.
Signed-off-by: Jouni Malinen <j@w1.fi>
The check based on last_scan_res_used is sufficient for making sure that
last_scan_res is allocated. However, it is a bit too complex for static
analyzers to notice, so add an explicit check to avoid bogus reports.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible for the disconnection event from the driver to not get
delivered when interface is disabled. To maintain consistent ctrl_iface
event behavior, indicate CTRL-EVENT-DISCONNECTED in such a case if we
were in connected state.
Signed-off-by: Jouni Malinen <j@w1.fi>
If two config files are merged together, the ssid and cred blocks may
not have been processed correctly since the tail pointers were not
updated to the last entry from the first configuration file.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, the frequency conflict was handled only during the
association flow. However, some drivers, e.g., mac80211 based
drivers, will fail an authentication request in case that there
are no available channels for use (as they might be used by
other interfaces), and thus the frequency conflict resolution
is never called.
Fix this by calling frequency conflict resolution during
authentication (SME-in-wpa_supplicant) as well.
In addition, get the shared radio frequency from the wpa_s context in
both the SME-in-driver and SME-in-wpa_supplicant cases and not from the
driver.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The normal scan counter is used to trigger a few normal scans before a
scheduled scan is issued. The reason for doing this is that we get
results faster and some drivers support more SSIDs per normal scan
than during sched scan. After 2 normal scans, we start using
sched_scan. But the problem is that when a connection succeeds, we do
not reset this counter, so we will keep using sched scans.
To fix this, now we reset the counter when we switch to WPA_COMPLETED
state.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
This avoids large number of undesired compiler warnings since Android
build system is added -Wextra.
Signed-off-by: Greg Hackmann <ghackmann@google.com>
This allows the specific SIM to be identified for authentication
purposes in multi-SIM devices. This SIM number represents the index of
the SIM slot. This SIM number shall be used for the authentication using
the respective SIM for the Wi-Fi connection to the corresponding
network.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The previous version prevented all use of wpas_global_ctrl_iface_set().
That's not desirable since there may be more global parameters added in
the future. Instead, try to use the global version first and redirect to
P2P interface only if the global version returns an error.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The P2P redirection for SAVE_CONFIG issued on the global control
interface was preventing wpas_global_ctrl_iface_save_config() from being
reached. The global version of SAVE_CONFIG was supposed to try to save
configuration files for all interface rather than just the P2P
management interface, so fix this by removing the unneeded and undesired
redirection.
Modify the global SAVE_CONFIG handler to return FAIL if no configuration
files were saved. This makes the behavior match with the per-interface
SAVE_CONFIG.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Rename the eap_proxy_*.mk file to eap_proxy_*.mak for non-Android builds
so that the same eap_proxy implementation can be more easily included in
the same directory for both cases.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, it was possible to remove the main interface and leave
behind dynamic P2P group interfaces. This would eventually result in
references freed memory, so it is not really suitable behavior. Instesd,
remove all the dynamic P2P group interfaces that were created through an
interface that is now removed.
Signed-off-by: Jouni Malinen <j@w1.fi>
If we receive a scan request via D-Bus and wpa_supplicant_scan_trigger
fails, return the failure to the caller over D-Bus.
Signed-hostap: mukesh agrawal <quiche@chromium.org>
Use eloop timeout to run the reconnect command after eapol_cb has
returned. This reduces stack use and can simplify the driver
command/event sequence by allowing the disconnection events from the
provisioning step to be processed before starting the actual data
connection.
Signed-off-by: Jouni Malinen <j@w1.fi>
If a P2P GO issues multiple credentials for some reason, clone the
p2p_group and temporary parameters to all those based on the initial
network block that gets used for the first credential.
Signed-off-by: Jouni Malinen <j@w1.fi>
This used to work, but it looks like the disabled-PSK-network check
ended up rejecting confiurations that configured a wildcard SSID with a
passphrase (instead of PSK).
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows external programs to monitor driver signal change events
through wpa_supplicant when bgscan is used.
Signed-off-by: Jouni Malinen <j@w1.fi>
Adding a new entry was returning FAIL on success due to incorrect
assumption of wpa_blacklist_add() returning 0 on success (it returns the
positive blacklist count).
Signed-off-by: Jouni Malinen <j@w1.fi>
These commands can be executed on the P2P interface thus should be
redirected to it when issued to the global control interface.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
- Reassociate was only working when there was already a connect in
place, which is not how the REASSOCIATE command from the ctrl
interface works.
Signed-off-by: Fionn Cleary <fionn.cleary@streamunlimited.com>
Mark the scan performed by the P2P Client in search of the GO
during the persistant reinvocation as a p2p_probe to avoid
unnecessary use of 802.11b rates.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The structures are all allocated, so the pointer can be compared to NULL
to determine whether the subelement was present.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>