Commit graph

251 commits

Author SHA1 Message Date
Jouni Malinen
0bbaa9b93f Validate driver extended capabilities length against buffer length
Prepare for new extended capabilities bits by checking that the local
buffer is large enough to contain all the bits the driver requests. The
existing buffers are large enough to include anything defined until now,
but it would be possible to add more definitions in the future, so
increase them a bit as well to make this more future proof.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 16:35:30 +03:00
Jouni Malinen
d4b951f31b Fix offchannel TX not to retransmit pending frame on callback
If the offchannel TX frame command was offloaded to the driver in
offchannel_send_action(), we must not send another copy of the frame if
a remain-on-channel event happens to be delivered between this TX
command and the matching TX status event. It was possible for the
duplicated frame to cause problems, e.g., with P2P invitation exchange
if the same Invitation Request frame got sent twice and only the first
one getting accepted by the peer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-04 16:07:59 +03:00
Dmitry Shmidt
b19c098e75 Send authentication failure reason in wpas_auth_failed()
"WRONG_KEY"   - possibly wrong psk
"AUTH_FAILED" - authentication failure
"CONN_FAILED" - continiuos connection failure

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-05-16 18:08:39 +03:00
Hu Wang
dd10abccc8 MACsec: wpa_supplicant integration
Add MACsec to the wpa_supplicant build system and configuration file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Rashmi Ramanna
41d5ce9e0b P2P: Optimize scan for GO during persistent group invocation
Scan for GO on the negotiated operating channel for few iterations
before searching on all the supported channels during persistent group
reinvocation. In addition, use the already known SSID of the group in
the scans. These optimizations reduce group formation time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 15:38:33 +02:00
Dmitry Shmidt
d3c9c35f32 Add freq= parameter to 'set pno' command
This allows channels-to-be-scanned to be specified for PNO similarly to
the scan command.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-21 23:56:46 +02:00
Peter Qiu
0f44ec8eba Add a reattach command for fast reassociate-back-to-same-BSS
Add "reattach" command to perform single-channel single-ssid scan
instead of full scan when trying to reconnect to the currently
"connected" network (assuming old scan results are not current enough to
skip the scan completely). This allows the scan result to come back in
much faster time. In ath9k, the scan took around 12 seconds with full
background scan, and only 0.1 second with the single-channel single-ssid
scan. Thus, take much less time for the client to re-establish
connection with the currently "connected" network.

Signed-hostap: Peter Qiu <zqiu@chromium.org>
2014-03-11 19:38:01 +02:00
Jouni Malinen
60b893dfb3 wpa_supplicant: Allow external management frame processing for testing
This enables more convenient protocol testing of AP and P2P
functionality in various error cases and unexpected sequences without
having to implement each test scenario within wpa_supplicant.
ext_mgmt_frame_handle parameter can be set to 1 to move all management
frame processing into an external program through control interface
events (MGMT-RX and MGMT-TX-STATUS) and command (MGMT_TX). This is
similar to the test interface that was added to hostapd previously, but
allows more control on offchannel operations and more direct integration
with the internal P2P module.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-08 20:21:21 +02:00
Ilan Peer
c16a7590cf wpa_supplicant: Add a configuration file for the P2P_DEVICE parameters
Add an option to specify a configuration file that can be used to hold
the P2P_DEVICE configuration parameters. If this option is not used, the
P2P_DEVICE configuration parameters will be read from interface
configuration file.

Note that it is advised to use this option in some cases such as:

If a P2P_DEVICE is supported by the driver, the wpa_supplicant creates a
dedicated P2P Device interface, where the configuration file used for
the main interface is used. As a consequence, if the configuration file
includes network definition etc., the wpa_supplicant will try to perform
station specific flows on the P2P Device interface which will fail.

If a P2P_DEVICE is supported by the driver and update_config is used,
the P2P Device configuration data will override the main interface
configuration data.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2014-03-07 00:11:04 +02:00
Jouni Malinen
a6739e191e HS 2.0R2: Try to scan multiple times for OSU providers
Scan operation is not that reliable, so try couple of times if no
OSU provider matches are found during fetch_osu command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
230e373539 HS 2.0R2: Add GAS operation duration statistics into debug
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
b572df8650 HS 2.0R2: Add routine for fetching OSU provider information
The new wpa_cli fetch_osu command can be used to fetch information about
all OSU providers and write that to a text file with the icons in
separate files. cancel_osu_fetch command can be used to stop ongoing OSU
provider list fetch.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
3d910ef497 Interworking: Prefer last added network during network selection
Previously, any network block could be used to select the BSS to connect
to when processing scan results after Interworking network selection.
This can result in somewhat unexpected network selection in cases where
credential preferences indicated that a specific network was selected,
but another network ended up getting used for the connection. While the
older networks continue to be valid, add special processing for this
initial post-interworking-connect case to get more consistent network
selection to match with the Interworking network selection result.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 22:37:57 +02:00
Jouni Malinen
f0e30c8410 Do not start another connect work while one is pending
It was possible for the connect or sme-connect radio work to get
re-scheduled while an earlier request was still pending, e.g.,
select_network is issued at the moment a scan radio work is in progress
and the old scan results are recent enough for starting the connection.
This could result in unexpected attempt to re-associate immediately
after completing the first connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-24 15:22:35 +02:00
Andrei Otcheretianski
b3253ebb73 wpa_supplicant: Complete radio works on disable event
While testing rfkill blocking of a scanning interface, it
was seen that the ongoing scan never completes. This happens
since EVENT_SCAN_RESULTS is discarded on a disabled interface.

Fix this and also other possible radio work completion issues
by removing all the radio works (including started) of the
disabled interface.

To be able to remove already started radio works, make their
callbacks be reentrant with deinit flag (when the work
is started), so each radio work should be able to handle
its own termination.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-02-16 00:06:23 +02:00
Jouni Malinen
0b5ff2ae12 WPS: Remove unused Credential AP Channel processing
Commit bd3a373767 added a mechanism to use
AP Channel attribute from within a Credential attribute to optimize
scans. However, this design is not actually used with the WPS NFC use
cases. With configuration token, the AP Channel attribute is in the same
container with the Credential attribute (and that was also handled in
the previous implementation). With connection handover, AP Channel
information is outside the Credential attribute as well.

Simplify implementation by removing the AP Channel within Credential
case. This allows wpas_wps_use_cred() to get the AP Channel from the
container instead of having to find this during credential iteration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-04 13:23:35 +02:00
Jouni Malinen
201b0f5fa6 P2P: Add test option to disable IP address assignment request
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
25ef8529c1 P2P: Add support for IP address assignment in 4-way handshake
This new mechanism allows P2P Client to request an IPv4 address from the
GO as part of the 4-way handshake to avoid use of DHCP exchange after
4-way handshake. If the new mechanism is used, the assigned IP address
is shown in the P2P-GROUP-STARTED event on the client side with
following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP
address is included in the AP-STA-CONNECTED event on the GO side as a
new ip_addr parameter. The IP address is valid for the duration of the
association.

The IP address pool for this new mechanism is configured as global
wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask,
ip_addr_star, ip_addr_end. For example:

ip_addr_go=192.168.42.1
ip_addr_mask=255.255.255.0
ip_addr_start=192.168.42.2
ip_addr_end=192.168.42.100

DHCP mechanism is expected to be enabled at the same time to support P2P
Devices that do not use the new mechanism. The easiest way of managing
the IP addresses is by splitting the IP address range into two parts and
assign a separate range for wpa_supplicant and DHCP server.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:26 +02:00
Jouni Malinen
c4f87a701b P2P NFC: Add NFC tag enabling for static handover
The device with the NFC Tag can be configured to enable NFC to be used
with "P2P_SET nfc_tag 1" and "P2P_LISTEN" commands to allow static
handover to be used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
db6ae69e6b P2P NFC: Report connection handover as trigger for P2P
"NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to
report completed NFC negotiated connection handover in which the P2P
alternative carrier was selected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Arif Hussain
253f2e3795 P2P: Apply unsafe frequency rules to available channels
This adds a QCA vendor specific nl80211 event to allow the driver to
indicate a list of frequency ranges that should be avoided due to
interference or possible known co-existance constraints. Such
frequencies are marked as not allowed for P2P use to force groups to be
formed on different channels.

If a P2P GO is operating on a channel that the driver recommended not to
use, a notification about this is sent on the control interface and
upper layer code may decide to tear down the group and optionally
restart it on another channel. As a TODO item, this could also be changed
to use CSA to avoid removing the group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 11:49:05 +02:00
Raja Mani
cf70d2981d wpa_supplicant: Schedule PNO on completion of ongoing sched_scan
When start PNO request comes from control interface, wpa_supplicant
should wait until ongoing sched_scan (triggered by wpa_supplicant)
gets cancelled. Issuing cancel sched_scan and start PNO scan
one after another from pno_start() would lead wpa_supplicant to clear
wps->sched_scanning flag while getting sched_scan stopped event
from driver for cancel sched_scan request. In fact, PNO scan will
be in progress in driver and wpa_s->sched_scanning will not be set
in such cases.

In addition to this change, RSSI threshold limit is passed as part of
start sched_scan request. This was previously set only in pno_start(),
but the same parameter should be available for generic sched_scan calls
as well and this can now be reached through the new PNO start sequence.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-22 19:41:45 +02:00
Jouni Malinen
c48414af8f P2P: Limit join-a-group scans based on SSID from invitation
If we already know the SSID of the P2P group we are trying to join, use
that SSID to limit scan responses and BSS selection since we do not
really look for any other network in this case. In addition, this can
fix cases where the peer has just changed its SSID (e.g., started a new
group) and there may be multiple BSS entries for the same BSSID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-13 21:39:06 +02:00
Jouni Malinen
c60ba9f7ab Skip network disabling on expected EAP failure
Some EAP methods can go through a step that is expected to fail and as
such, should not trigger temporary network disabling when processing
EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as
a special case, but similar behavior is needed for EAP-FAST with
unauthenticated provisioning.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 16:42:15 +02:00
Jouni Malinen
95fb2db242 P2P: Reject group formation on WPS provisioning failure
There is no need to wait for the 15 second group formation timeout to
clear the state if WPS failure is detected during P2P group formation.
Allow the WPS exchange steps (WSC_NACK and EAP-Failure) to be completed
and remove the group to get rid of the extra wait.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
b6a9590b34 Interworking: Keep up to two pending GAS_REQUEST responses
Previously, only the last response data was kept in memory. This
increases that to hold up to two last responses to allow some more
parallel operations to be requested. In addition, the response data is
now freed as soon as the external program has fetched it.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
1f965e622a Allow external programs to request wpa_radio work items
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
6428d0a71f Do not start wpa_radio work during externally triggered scan
If an external program triggers a scan, wpa_supplicant does not have a
wpa_radio work item for this operation to protect against other
offchannel operations. This can result in operations failing, so try to
avoid damage by not starting any new wpa_radio work items during a scan
that was started by another process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
6470f471e4 Remove unneeded scan delay on connection-in-progress
This type of protection against concurrent connection and scan
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
6ac4b15ef8 Use wpa_radio work for connection
This protects against conflicting offchannel operations during
connection (authentication, association, EAP exchanges, 4-way
handshake).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
e05e130837 P2P: Use radio work to protect offchannel Action frame exchanges
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
e1d1c8e223 Use radio work for P2P Listen requests
Avoid concurrent P2P Listen operations with any other exclusive use of
the radio by using the radio work queuing mechanism. This removes some
of the earlier workarounds that postponed scans depending on other
operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 09:45:32 +02:00
Jouni Malinen
1b5d4714dd Use radio work for P2P scan requests
Avoid concurrent P2P scan requests with any other exclusive use of the
radio by using the radio work queuing mechanism. This removes some of
the earlier workarounds that postponed scans depending on other
operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:39:25 +02:00
Jouni Malinen
d12a51b5d2 Use radio work for scan requests
Avoid concurrent scan requests by using the radio work queuing
mechanism.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:37:50 +02:00
Jouni Malinen
b1ae396f59 Add framework for exclusive radio operations
The new radio work item concept can be used to request time for an
operation that requires exclusive radio control, e.g., a scan. Once the
radio is available, the registered callback function will be called.
radio_work_done() must be called once the exclusive radio operation has
been completed, so that the radio is freed for other operations. The
special case of deinit=1 is used to free the context data during
interface removal. That does not allow the callback function to start
the radio operation, i.e., it needs to free the allocated resources
and return.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:37:03 +02:00
Jouni Malinen
2f30cac36f Avoid unnecessary key clearing operations
Track set_key operations per-key index and clear keys on disconnection
only if the key was set (or may have been set which is the case for the
first operation after wpa_supplicant start).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 23:49:38 +02:00
Jouni Malinen
949938aadf Ask driver to report only new scan results if requested
If the BSS table within wpa_supplicant is flushed, request the driver to
flush its own scan result table during the next scan. This can avoid
unexpected old BSS entries showing up after BSS_FLUSH or FLUSH command
in cases where the driver may maintain its internal cache of scan
results (e.g., cfg80211 BSS table persists at least for 15 seconds).

In addition to doing this automatically on BSS_FLUSH/FLUSH, a new SCAN
command argument, only_new=1, can be used to request a manual scan
request to do same. Though, it should be noted that this maintains the
BSS table within wpa_supplicant. BSS_FLUSH followed by SCAN command can
be used to clear all BSS entries from both the driver and
wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 23:03:31 +02:00
Jouni Malinen
c64e3a08a9 P2P: Send received Presence Response information to ctrl_iface monitors
The P2P_PRESENCE_REQ command did not give any easily available
indication of the response received from the GO. Make this more useful
by providing such response (if received) as a ctrl_iface monitor event
(P2P-PRESENCE-RESPONSE).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-01 18:44:44 +02:00
Jouni Malinen
4848a38d85 Get rid of duplicated cipher suite and AKM definitions
WPA_CIPHER_* and CIPHER_* are used for the exact same set of cipher
suites with the main difference being that the WPA_CIPHER_* version is
suitable to be used as a bitfield. Similarly, WPA_KEY_MGMT_* and
KEY_MGMT_* have similar design for AKMs. There is no need to maintain
two separate copies of the definitions since the bitfield compatible
version can be used for both needs. Get rid of the CIPHER_* and
KEY_MGMT_* versions to clean up the implementation by getting rid of
unnecessary mapping functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:16:27 +02:00
Jouni Malinen
dc3906cb2d Show timing information about scan requests in debug log
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:48:52 +02:00
Jouni Malinen
d81c73be18 Optional scan id for ctrl_iface SCAN requests
This allows users of wpa_supplicant control interface to figure out when
their specific scan command has been started and completed. For example:

CTRL-EVENT-SCAN-STARTED
> scan freq=2412,2417 passive=1 use_id=1
3
CTRL-EVENT-SCAN-RESULTS
CTRL-EVENT-SCAN-STARTED id=3
CTRL-EVENT-SCAN-RESULTS id=3

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:48:52 +02:00
Jouni Malinen
a5f40eff18 Track whether scan was started by us or an external program
This can be used to improve scan behavior in cases external programs
request scans directly from the driver.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:27:48 +02:00
Jouni Malinen
88c2d48860 Allow passive scan to be requested with SCAN passive=1
This allows external programs to request wpa_supplicant to execute
a passive scan (i.e., do not send any Probe Request frames).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:27:48 +02:00
Jouni Malinen
69278f7328 Remove unused last_scan_full
This parameter was not really used for anything else apart from a debug
message in the same function that set it. In addition, cfg80211 returns
the set of scanned frequencies even for the full scan, so the code that
was setting this conditionally on frequency list not being there was not
really ever entered either.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:27:48 +02:00
Jouni Malinen
fee5234284 Allow channel list to be specified for SCAN command
The new freq=<frequency ranges> parameter to the SCAN command can be
used to request a scan to be performed on the specified set of channels
instead of on all channels. For example, "wpa_cli scan
freq=2400-2500,5180" would scan channels 1-14 and 36. Only the channels
that the driver indicates as enabled and that are within the specified
ranges are included in the request.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 16:55:44 +02:00
Johannes Berg
a12d34546a wpa_supplicant: Use monotonic time for last_scan check
This just serves to check if there was a scan within
the last 5 seconds, hence it should use monotonic time.
While at it, also use os_reltime_expired().

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 08:21:18 +02:00
Johannes Berg
51bffab117 WPS: Use monotonic time for AP connection attempt
This is only used for a debug message, but that message prints
the time since the last attempt, so it should use monotonic
time instead of wall clock.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 08:19:47 +02:00
Johannes Berg
6473e5c842 wpa_supplicant: Use relative time for TKIP Michael MIC failures
The MMIC failure code should use monotonic time to check
whether 60 seconds have elapsed or not. For type-safety,
use struct os_reltime for the timestamp variable, and
also convert to using os_reltime_expired().

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 08:18:47 +02:00
Johannes Berg
151ab808fa P2P: Use monotonic time for GO client waiting
GO activation can fail if the first client doesn't connect
within a certain time, but this should not be dependent on
wall time -- use monotonic time instead.

While at it, use os_reltime_expired().

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 08:00:03 +02:00
Johannes Berg
c2be937ce7 wpa_supplicant: Use monotonic time for EAPOL RX workaround
The EAPOL RX workaround checks that the events are less than 100 ms
apart, so only uses relative times and should use monotonic time.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:35:42 +02:00