The os_snprintf() call here cannot really fail in practice, but since
its result was stored into the local variable and not checked, static
analyzers could warn about the unused assignment. Clean this up by
checking the return value.
Signed-off-by: Jouni Malinen <j@w1.fi>
1. Add tests for hostapd neighbor database and neighbor report and
request. Remove the partial neighbor report request test from
test_wpas_ctrl.py since they are now covered more completely in
test_rrm.py.
2. Add LCI request test.
3. Add FTM range request signaling test. This covers only the control
interface commands and measurement request/response exchange for now.
Full end-to-end functionality requires support of station reporting
RRM capability.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Parse a received neighbor report and report for each neighbor report the
data received for it:
RRM-NEIGHBOR-REP-RECEIVED bssid=<BSSID> info=0x<hex> op_class=<class> chan=<chan> [lci=hex] [civic=hex]
Note that this modifies the previous format that originally reported
only the length of the received frame.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Set the global RRM flag if global RRM is supported by the device. Also,
allow RRM in (Re)Association Request frame if the global RRM flag is
set.
Signed-off-by: Beni Lev <beni.lev@intel.com>
This flag indicates that RRM can be used in (Re)Association Request
frames, without supporting quiet period.
Signed-off-by: Beni Lev <beni.lev@intel.com>
Register to receive Radio Measurement Request frames since LCI request
is supported by wpa_supplicant.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Handle radio measurement request that contains LCI request. Send
measurement report based on a configurable LCI report element. The LCI
report element is configured over the control interface with
SET lci <hexdump of the element>
and cleared with
SET lci ""
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Add FTM range request via RRM. The AP sends Radio measurement request
with FTM range request as a request for the receiving STA to send FTM
requests to the given list of APs. The neighbor report part of the
request is taken from the neighbor database.
The control interface command is:
REQ_RANGE <dst addr> <rand_int> <min_ap> <responder> [<responder>..]
dst addr: MAC address of an associated STA
rand_int: Randomization Interval (0..65535) in TUs
min_ap: Minimum AP Count (1..15); minimum number of requested FTM ranges
between the associated STA and the listed APs
responder: List of BSSIDs for neighboring APs for which a measurement
is requested
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Add a hostapd control interface command REQ_LCI to request LCI from an
associated station using radio measurement.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Save RM enabled capability element of an associating station if radio
measurement is supported in its capability field.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Process Neighbor Report Request frame and send Neighbor Report Response
frame based on the configured neighbor report data.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Add a configurable neighbor database that includes the content of
Nighbor Report element, LCI and Location Civic subelements and SSID.
All parameters for a neighbor must be updated at once; Neighbor Report
element and SSID are mandatory, LCI and civic are optional. The age of
LCI is set to the time of neighbor update.
The control interface API is:
SET_NEIGHBOR <BSSID> <ssid=SSID> <nr=data> [lci=<data>] [civic=<data>]
To delete a neighbor use:
REMOVE_NEIGHBOR <BSSID> <SSID>
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Extend the radio_measurements parameter to save all the supported
RRM capabilities as it's used in RM enabled capabilities element.
Make this parameter not directly configurable via config file (though,
keep the radio_measurements parameter for some time for backwards
compatibility). Instead, add a configuration option to enable neighbor
report via radio measurements. Other features can be added later as
well.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Use quotation marks to match the new SSID encoding format in the
NEIGHBOR_REP_REQUEST command. In this specific test case, the exact SSID
value did not make any difference for behavior. The previous version
ended up getting decoded as a hexstring after the NEIGHBOR_REP_REQUEST
format change. The new version goes back to the ASCII string version of
"abcdef".
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Add an option to request LCI and Location Civic Measurement in Neighbor
Report Request frame, as described in IEEE P802.11-REVmc/D5.0, 9.6.7.6.
Note: This changes the encoding format of the NEIGHBOR_REP_REQUEST
ssid=<val> parameter. This used to be parsed as raw SSID data which is
problematic for accepting additional parameters. The new encoding allows
either a string within double-quotation marks or a hexdump of the raw
SSID.
Thew new format:
NEIGHBOR_REP_REQUEST [ssid=<SSID>] [lci] [civic]
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Add a function that parses SSID in text or hex format. In case of the
text format, the SSID is enclosed in double quotes. In case of the hex
format, the SSID must include only hex digits and not be enclosed in
double quotes. The input string may include other arguments after the
SSID.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Make the function available as part of the wpabuf API.
Use this renamed function where possible.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
The hostapd "POLL_STA <addr>" control interface command can be used to
check whether an associated station ACKs a QoS Data frame. The received
ACK for such a frame is reported as an event message ("AP-STA-POLL-OK
<addr>").
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The optional tx=0 parameter can be added to the hostapd
DEAUTHENTICATE/DISASSOCIATE command to request disconnection without
transmitting the Deauthentication/Disassociation frame to the STA.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows external programs to fetch the driver inactivity value for a
specific STA ("STA <addr>" hostapd control interface command).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new VENDOR_ELEM value 14 can now be used to add a vendor element
into Probe Request frames used by non-P2P active scans.
For example:
VENDOR_ELEM_ADD 14 dd05001122330a
and to clear that:
VENDOR_ELEM_REMOVE 14 *
Signed-off-by: Jouni Malinen <j@w1.fi>
Modify the test cases to tests the Hotspot 2.0 filtering functionality
in wpa_supplicant, instead of testing only the kernel interface.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Implement configure_data_frame_filters() callback by using
the net-sysfs interfaces (if these are available).
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
When a station starts an association to a Hotspot 2.0 network, request
the driver to do the following, based on the BSS capabilities:
1. Enable gratuitous ARP filtering
2. Enable unsolicited Neighbor Advertisement filtering
3. Enable unicast IP packet encrypted with GTK filtering if
DGAF disabled bit is zero
Clear the filter configuration when the station interface is
disassociated.
Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
Add a new function declaration that will allow wpa_supplicant to request
the driver to configure data frame filters for specific cases.
Add definitions that will allow frame filtering for stations as
required by Hotspot 2.0:
1. Gratuitous ARP
2. Unsolicited NA
3. Unicast IP packets encrypted with GTK
Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
If a legacy client with no P2P PS support is trying to connect to
a P2P GO, the driver should know that, and change its PS behavior
accordingly.
Add a parameter to hostapd_sta_add_params() indicating if P2P PS is
supported by the station and pass this parameter to kernel with nl80211
driver when the station is added/set.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
Add a new value 2 to the pbss parameter of wpa_ssid structure, which
means "don't care". This value is used in infrastructure mode to request
connection to either AP or PCP, whichever is available in the scan
results. The value is also used in regular WPS (not P2P group formation)
to make WPS work with devices running as either AP or PCP.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Fix a possible memory leak in decode_tunnel_passwords() if an invalid
passphrase is received from the RADIUS server.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
The new persistent_group_peer_dropped3 test case is similar to
persistent_group_peer_dropped with the difference being in the
responding device (the one from which the persistent group information
is dropped) is not issued a separate P2P_LISTEN command and instead, a
single P2P_FIND is used through the exchange to verify that this
operation does not get stopped unexpectedly. This is a regression test
case to verify that P2P_PENDING_INVITATION_RESPONSE case ends up calling
p2p_check_after_scan_tx_continuation() in non-success case. It should be
noted that this is dependent on timing: Action frame TX request needs to
occur during the P2P_FIND Search phase (scan). As such, not every
execution of this test case will hit the previous issue sequence, but
that should be hit every now and then.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This was previously handled for the case where the non-success
Invitation Response frame was sent out during the Listen phase. However,
in the case the Action frame TX ended up getting scheduled when the
Search phase scan had already started (e.g., due to the driver reporting
Invitation Request RX late enough for the Listen-to-Search transition
having already started), the postponed Action frame TX status processing
did not cover the specific case of non-success Invitation Response. This
could result in the p2p_find operation getting stopped (stuck in SEARCH
state) unexpectedly.
Fix this by calling p2p_check_after_scan_tx_continuation() from
Invitation Response TX callback handler if the invitation was rejected.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
With the only callers in wpas_{start,stop}_pno() moved into scan.c,
there is no need to call these helper functions from outside scan.c
anymore.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit dd271857a5 ('Skip normal scan when
PNO is already in progress') fixed issues with normal scans getting
rejected by the driver when PNO scan is already running. The part about
skipping such a scan request is fine, but the part about clearing
wpa_s->pno back to 0 in EVENT_SCHED_SCAN_STOPPED handler is problematic.
If PNO is stopped ("SET pno 0") and then restarted ("SET pno 1")
immediately, it is possible for the EVENT_SCHED_SCAN_STOPPED event from
the stopping part to be received only after the new PNO instance has
been started. This would have resulted in clearing wpa_s->pno and the
driver and wpa_supplicant getting out of sync. This would then prevent
PNO from being stopped with "SET pno 0" (that fails if wpa_s->pno == 0).
Fix this race condition by reverting the wpa_s->pno = 0 addition from
the EVENT_SCHED_SCAN_STOPPED handler.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The Secure bit in the Key Information field of EAPOL-Key frames is
supposed to be set to 1 when there is a security association. This was
done for other frames, but not for the EAPOL-Key Request frame where
supplicant is requesting a new PTK to be derived (either due to Michael
MIC failure report Error=1 or for other reasons with Error=0). In
practice, EAPOL-Key Request frame is only sent when there is a PTK in
place, so all such frames should have Secure=1.
Signed-off-by: Jouni Malinen <j@w1.fi>