Timeout is increased by dfs_cac_ms from channel data, or by max CAC time
(10 minutes) if dfs_cac_ms is not defined. This is needed for some more
complex cases, e.g., when STA is acting as an active slave with DFS
offload enabled and decided to start CAC after receiving CONNECT
command, in such a case the 10 second timeout is too small and
wpa_supplicant need to wait for CAC completion or CAC timeout (up to 10
minutes).
Without such timeout modification wpa_supplicant will be unable to
connect to an AP on DFS channel, since the default authentication
timeout (10 s) is smaller than the minimum CAC time (60 s).
Tested with nl80211 DFS offload implementation.
Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
Rename DFS event handling functions, since they are located in ap.c and
refer to AP-mode only. Needed to add some STA-mode DFS event handling.
Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
Explicitly check the PMKSA cache entry to have matching SAE AKMP for the
case where determining whether to use PMKSA caching instead of new SAE
authentication. Previously, only the network context was checked, but a
single network configuration profile could be used with both WPA2-PSK
and SAE, so should check the AKMP as well.
Signed-off-by: Jouni Malinen <j@w1.fi>
When connecting to a WPA-EAP network and the MAC address is changed
just before the association (for example by NetworkManager, which sets
a random MAC during scans), the authentication sometimes fails in the
following way ('####' logs added by me):
wpa_supplicant logs:
wlan0: WPA: RX message 1 of 4-Way Handshake from 02:00:00:00:01:00 (ver=1)
RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
RSN: PMKID from Authenticator - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
wlan0: RSN: no matching PMKID found
EAPOL: Successfully fetched key (len=32)
WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]
#### WPA: rsn_pmkid():
#### WPA: aa - hexdump(len=6): 02 00 00 00 01 00
#### WPA: spa - hexdump(len=6): 66 20 cf ab 8c dc
#### WPA: PMK - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
#### WPA: computed PMKID - hexdump(len=16): ea 73 67 b1 8e 5f 18 43 58 24 e8 1c 47 23 87 71
RSN: Replace PMKSA entry for the current AP and any PMKSA cache entry that was based on the old PMK
nl80211: Delete PMKID for 02:00:00:00:01:00
wlan0: RSN: PMKSA cache entry free_cb: 02:00:00:00:01:00 reason=1
RSN: Added PMKSA cache entry for 02:00:00:00:01:00 network_ctx=0x5630bf85a270
nl80211: Add PMKID for 02:00:00:00:01:00
wlan0: RSN: PMKID mismatch - authentication server may have derived different MSK?!
hostapd logs:
WPA: PMK from EAPOL state machine (MSK len=64 PMK len=32)
WPA: 02:00:00:00:00:00 WPA_PTK entering state PTKSTART
wlan1: STA 02:00:00:00:00:00 WPA: sending 1/4 msg of 4-Way Handshake
#### WPA: rsn_pmkid():
#### WPA: aa - hexdump(len=6): 02 00 00 00 01 00
#### WPA: spa - hexdump(len=6): 02 00 00 00 00 00
#### WPA: PMK - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
#### WPA: computed PMKID - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
WPA: Send EAPOL(version=1 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=22 keyidx=0 encr=0)
That's because wpa_supplicant computed the PMKID using the wrong (old)
MAC address used during the scan. wpa_supplicant updates own_addr when
the interface goes up, as the MAC can only change while the interface
is down. However, drivers don't report all interface state changes:
for example the nl80211 driver may ignore a down-up cycle if the down
message is processed later, when the interface is already up. In such
cases, wpa_supplicant (and in particular, the EAP state machine) would
continue to use the old MAC.
Add a new driver event that notifies of MAC address changes while the
interface is active.
Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Add an event callback for EVENT_STATION_OPMODE_CHANGED to allow
user/application to get the notification whenever there is a change in a
station's HT/VHT op mode.
The new events:
STA-OPMODE-MAX-BW-CHANGED <addr> <20(no-HT)|20|40|80|80+80|160>
STA-OPMODE-SMPS-MODE-CHANGED <addr> <automatic|off|dynamic|static>
STA-OPMODE-N_SS-CHANGED <addr> <N_SS>
Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
When the driver indicates that the connection is authorized (i.e., the
4-way handshake was completed by the driver), cancel the EAP
authentication timeout and set the EAP state machine to success state.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Extend the SME functionality to support the external authentication.
External authentication may be used by the drivers that do not define
separate commands for authentication and association
(~WPA_DRIVER_FLAGS_SME) but rely on wpa_supplicant's SME for the
authentication.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If the OWE network profile matches an open network which does not
advertise OWE BSS, allow open connection. The new owe_only=1 network
profile parameter can be used to disable this transition mode and
enforce connection only with OWE networks.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If a specific DH group for OWE is not set with the owe_group parameter,
try all supported DH groups (currently 19, 20, 21) one by one if the AP
keeps rejecting groups with the status code 77.
Signed-off-by: Jouni Malinen <j@w1.fi>
Update the replay counter after a roam for all cases. This restores the
design back to what it was before commit
01ef320f19 ('FILS: Update ERP next
sequence number with driver offload').
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant RESEND_ASSOC command can be used to request the
last (Re)Association Request frame to be sent to the AP to test FT
protocol behavior.
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
This can be used to test replay protection. The "RESET_PN" command in
wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local
counters to zero for the last configured key. For hostapd, the address
parameter specifies which STA this operation is for or selects GTK
("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK").
This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.
Signed-off-by: Jouni Malinen <j@w1.fi>
This was originally added to allow the IEEE 802.11 protocol to be
tested, but there are no known fully functional implementations based on
this nor any known deployments of PeerKey functionality. Furthermore,
PeerKey design in the IEEE Std 802.11-2016 standard has already been
marked as obsolete for DLS and it is being considered for complete
removal in REVmd.
This implementation did not really work, so it could not have been used
in practice. For example, key configuration was using incorrect
algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in
mapping to an invalid WPA_ALG_* value for the actual driver operation.
As such, the derived key could not have been successfully set for the
link.
Since there are bugs in this implementation and there does not seem to
be any future for the PeerKey design with DLS (TDLS being the future for
DLS), the best approach is to simply delete all this code to simplify
the EAPOL-Key handling design and to get rid of any potential issues if
these code paths were accidentially reachable.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add support for using the OWE Transition Mode element to determine the
hidden SSID for an OWE BSS that is used in transition mode.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_supplicant network parameter group_mgmt can be used to
specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128,
BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not
specified, the current behavior is maintained (i.e., follow what the AP
advertises). The parameter can list multiple space separate ciphers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
IEEE Std 802.11-2016, 11.11.6 specifies that a station that is unable to
make a requested measurement or refuses to make a measurement shall
respond only if the measurement request was received within an
individually addressed radio measurement request frame, but shall not
respond if such a request was received in a group addressed frame.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
dpp.h file requires openssl in order to compile, which breaks
compilation on systems without it.
Move DPP_OUI_TYPE to ieee802_11_defs.h and don't include dpp.h when
not really needed.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Commit 5538fc9309 ('FILS: Track completion
with FILS shared key authentication offload') added an additional case
for calling wpa_supplicant_event_assoc_auth() from EVENT_ASSOC handling
in case of FILS-completion with driver-based-SME. However, that checked
what placed outside the data != NULL case while data != NULL needs to
apply for this case as well due to wpa_supplicant_event_assoc_auth()
behavior. Move the data != NULL check to apply to both cases to avoid
potentially issues if a driver interface were to return EVENT_ASSOC
without the associate data. (CID 164708)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds support for DPP Configuration Protocol using GAS. Full
generation and processing of the configuration object is not included in
this commit.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Current DFS domain information of the driver can be used in ap/dfs
to comply with DFS domain specific requirements like uniform spreading
for ETSI domain.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
Add a new PMKSA cache entry within wpa_supplicant if a driver event from
offloaded FILS shared key authentication indicates a new PMKSA entry was
created.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This keeps the internal ERP information within wpa_supplicant in sync
with the driver when offloading FILS shared key authentication.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Update the internal fils_completed state when offloading FILS shared key
authentication to the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In ap_scan=2 mode, wpa_supplicant_assoc_try() did not check whether the
SSID is temporarily disabled before trying to associate and this may
result in an infinite connect/disconnect loop. If the association
succeeds while the SSID is temporarily disabled, wpa_supplicant will
request to deauthenticate and that in turn will cause the SSID to be
temporarily disabled again. Fix that by postponing the association until
the SSID is no longer temporarily disabled.
Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
This adds an option to configure wpa_supplicant to use the perfect
forward secrecy option in FILS shared key authentication. A new build
option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A
new runtime network profile parameter fils_dh_group is used to enable
this by specifying which DH group to use. For example, fils_dh_group=19
would use FILS SK PFS with a 256-bit random ECP group.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds STA side addition of OWE Diffie-Hellman Parameter element into
(Re)Association Request frame and processing it in (Re)Association
Response frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
There's no point in making the code use a stack buffer and first copying
the string there, only to copy it again to the output. Make the output
directly use the reason string.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This allows PMKSA cache entries for FILS-enabled BSSs to be shared
within an ESS when the BSSs advertise the same FILS Cache Identifier
value.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds reason for timeout in event CTRL-EVENT-ASSOC-REJECT whenever
connection failure happens because of timeout. This extends the
"timeout" parameter in the event to include the reason, if available:
timeout=scan, timeout=auth, timeout=assoc.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 8d1e693186 ('Use estimated
throughput to avoid signal based roaming decision') added a check for
the current BSS estimated throughput being significantly higher than the
selected BSS estimated throughput. However, this case for skipping a
roam used "return 1" which actually allows the roam. Fix this by
returning 0 in this case.
Signed-off-by: Jouni Malinen <j@w1.fi>
Increase the EAPOL RX frame timeout from 100 to 200 ms. This fixes lack
of optimization (i.e., first EAPOL frame dropped) in occasional roaming
and authentication cases on EAP networks if the kernel events can be
reordered and delayed a bit longer.
Signed-off-by: Tomoharu Hatano <tomoharu.hatano@sonymobile.com>
This adds a call to the notify_beacon_loss() callback functions when
beacon loss is detected. In addition, a new CTRL-EVENT-BEACON-LOSS event
is made available through the wpa_supplicant control interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
Beacon Report Radio Measurement is defined in IEEE Std 802.11-2016,
11.11.9.1. Beacon Report is implemented by triggering a scan on the
requested channels with the requested parameters.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This makes wpa_supplicant behavior more consistent with FLUSH command to
clear all state. Previously, it was possible for an ongoing scan to be
aborted when the FLUSH command is issued and the scan results from that
aborted scan would still be processed and that would update the BSS
table which was supposed to cleared by the FLUSH command.
This could result in hwsim test case failures due to unexpected BSS
table entries being present after the FLUSH command.
Signed-off-by: Jouni Malinen <j@w1.fi>
This provides more details on BSS selection process in the debug log.
Previously, the BSSs that were not either the current or the selected
one were not necessarily printed at all. Now all BSSs that match the
currently selected network are listed with their frequency and signal
strength details.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, the estimated throughput was used to enable roaming to a
better AP. However, this information was not used when considering a
roam to an AP that has better signal strength, but smaller estimated
throughput. This could result in allowing roaming from 5 GHz band to 2.4
GHz band in cases where 2.4 GHz band has significantly higher signal
strength, but still a lower throughput estimate.
Make this less likely to happen by increasing/reducing the minimum
required signal strength difference based on the estimated throughputs
of the current and selected AP. In addition, add more details about the
selection process to the debug log to make it easier to determine whaty
happened and why.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, a build without IBSS RSN support tried to start/join an IBSS
even if the profile was configured with RSN parameters. This does not
work and resulted in quite confusing debug log. Make this clearer by
explicitly checking for this case and reject the connection attempt with
a clearer debug log entry instead of trying something that is known to
fail.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Decrypt the AES-SIV protected elements and verify Key-Auth. Parse and
configure keys to the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Scan results were not propagated to all interfaces if scan results
started a new operation, in order to prevent concurrent operations. But
this can cause other interfaces to trigger a new scan when scan results
are already available. Instead, always notify other interfaces of the
scan results, but note that new operations are not allowed.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When scheduled scan stops without the interface request (for example,
driver stopped it unexpectedly), start a regular scan to continue
scanning for networks and avoid being left with no scan at all.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
In some cases, after a sudden AP disappearing and reconnection to
another AP in the same ESS, if another scan occurs, wpa_supplicant might
try to roam to the old AP (if it was better ranked than the new one)
because it is still saved in BSS list and the blacklist entry was
cleared in previous reconnect. This attempt is going to fail if the AP
is not present anymore and it'll cause long disconnections.
Remove an AP that is probably out of range from the BSS list to avoid
such disconnections. In particular mac80211-based drivers use the
WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in locally generated
disconnection events for cases where the AP does not reply anymore.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
As the scan channels might need to change when the channel list has been
updated by the kernel. Use the simulated sched_scan timeout
(wpas_scan_restart_sched_scan()) to handle a possible race where an
ongoing sched_scan has stopped asynchronously while trying to restart a
new sched_scan.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Add a testing mechanism to allow association disallowed set by AP to be
ignored. This can be used to verify AP behavior for disallowing a
specific association.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc
response loss and EAPOL RX packet loss by ignoring corresponding
incoming events.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
When an interface becomes disabled (e.g., when RF-kill becomes blocked)
we should clear the stored scan results to avoid maintaining stale
information.
Fix this by flushing the BSS entries when an interface becomes
disabled.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
The new network profile parameter group_rekey can now be used to specify
the group rekeying internal in seconds for IBSS.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the driver indicates a roamed event with already completed
authorization, altAccept = TRUE could have resulted in the EAP state
machine ending up in the FAILURE state from the INITIALIZE state. This
is not correct behavior and similar cases were already addressed for FT
and WPA-PSK. Fix the offloaded roamed+authorized (EAP/PMKSA caching)
case by doing similar changes to EAPOL/EAP state variable updates during
association event handling.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows P2P Listen to be offloaded to device to enhance power
saving.
To start P2P listen offload, from wpa_cli interface, issue the command:
p2p_lo_start <freq> <period> <interval> <count>
To stop P2P listen offload, issue the command:
p2p_lo_stop
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a new "timeout" argument to the event message if the nl80211 message
indicates that the connection failure is not due to an explicit AP
rejection message. This makes it easier for external programs to figure
out why the connection failed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The P2P Device interface can only send Public Action frames. Non-Public
Action frames must be sent over a group interface. The previous
implementation sometimes tried to send non-Public Action frames such as
GO Discoverability over the P2P Device interface, however, the source
address of the frame was set to the group interface address so the code
in offchannel.c knew to select the correct interface for the TX.
The check breaks when the P2P Device and group interfaces have the same
MAC address. In this case the frame will be sent over the P2P Device
interface and the send will fail.
Fix this problem in two places:
1. In offchannel, route non-Public Action frames to the GO
interface when the above conditions are met.
2. When a TX_STATUS event arrives on such routed frame, it will
arrive on the GO interface but it must be handled by the P2P Device
interface since it has the relevant state logic.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
The NL80211_CMD_WIPHY_REG_CHANGE can be handled by any of the
interfaces that are currently controlled by the wpa_supplicant.
However, some applications expect the REGDOM_CHANGE event to be
sent on the control interface of the initially added interface
(and do not expect the event on any of child interfaces).
To resolve this, when processing NL80211_CMD_WIPHY_REG_CHANGE,
find the highest parent in the chain, and use its control interface
to emit the CTRL-EVENT-REGDOM-CHANGE event.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Since ieee80211w=2 is an explicit configuration to wpa_supplicant, the
connection attempt for such non-PMF (non-RSN) capable networks should be
skipped.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Handle radio measurement request that contains LCI request. Send
measurement report based on a configurable LCI report element. The LCI
report element is configured over the control interface with
SET lci <hexdump of the element>
and cleared with
SET lci ""
Signed-off-by: David Spinadel <david.spinadel@intel.com>
When a station starts an association to a Hotspot 2.0 network, request
the driver to do the following, based on the BSS capabilities:
1. Enable gratuitous ARP filtering
2. Enable unsolicited Neighbor Advertisement filtering
3. Enable unicast IP packet encrypted with GTK filtering if
DGAF disabled bit is zero
Clear the filter configuration when the station interface is
disassociated.
Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
Add a new value 2 to the pbss parameter of wpa_ssid structure, which
means "don't care". This value is used in infrastructure mode to request
connection to either AP or PCP, whichever is available in the scan
results. The value is also used in regular WPS (not P2P group formation)
to make WPS work with devices running as either AP or PCP.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Commit dd271857a5 ('Skip normal scan when
PNO is already in progress') fixed issues with normal scans getting
rejected by the driver when PNO scan is already running. The part about
skipping such a scan request is fine, but the part about clearing
wpa_s->pno back to 0 in EVENT_SCHED_SCAN_STOPPED handler is problematic.
If PNO is stopped ("SET pno 0") and then restarted ("SET pno 1")
immediately, it is possible for the EVENT_SCHED_SCAN_STOPPED event from
the stopping part to be received only after the new PNO instance has
been started. This would have resulted in clearing wpa_s->pno and the
driver and wpa_supplicant getting out of sync. This would then prevent
PNO from being stopped with "SET pno 0" (that fails if wpa_s->pno == 0).
Fix this race condition by reverting the wpa_s->pno = 0 addition from
the EVENT_SCHED_SCAN_STOPPED handler.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. Since there are no non-IE fields in the
Probe Request frames, get the location of the variable length IEs simply
by using the pointer to the frame header and the known header length.
Signed-off-by: Jouni Malinen <j@w1.fi>
The initial connection to an ESS was already explicitly increasing the
likelihood of picking a 5 GHz BSS. While the throughput estimation is
likely to do same for the roaming decision, it might be possible that
that does not cover all cases. Add couple of dB extra preference for 5
GHz in case the roaming decision falls back to comparing signal levels.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new wpa_supplicant command line argument -M can be used to describe
matching rules with a wildcard interface name (e.g., "wlan*").
This is very useful for systems without udev (Linux) or devd (FreeBSD).
Signed-off-by: Roy Marples <roy@marples.name>
Interface additions/removals are not guaranteed to be for the driver
listening to the kernel events. As such, send the events to
wpa_supplicant_event_global() which can then pick the correct interface
registered with wpa_supplicant to send the event to.
Signed-off-by: Roy Marples <roy@marples.name>
The 4-way handshake fails with the error "WPA: No wpa_ie set - cannot
generate msg 2/4" while connecting to OSEN network with drivers that
indicate used Association Request frame elements because OSEN IE is not
handled in wpa_supplicant_event_associnfo() if data->assoc_info.req_ies
is not NULL.
Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
(Re)Association Response frame with status code other than 0 is now
notified over DBUS as a part of PropertiesChanged signal. This can be
used by application in case AP is denying association with status code
17 (band steering) so that it does not interfere in the BSSID selection
logic of wpa_supplicant.
Signed-off-by: Naveen Singh <nasingh@google.com>
An interface can be disabled while it has an ongoing scan request.
In such a case, when the scan results notification is received,
it was being ignored (as the interface is already disabled) so the
scan state was not cleared. This can cause undetermined behavior
for the next scan request.
To handle this, clear the scan state when EVENT_SCAN_RESULTS is
received and the interface is disabled.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Commit 02e122a995 ('Reschedule scan from
wpas_stop_pno if it was postponed') uses wpa_s->scanning as the only
condition for automatically starting a postponed scan request from
EVENT_SCHED_SCAN_STOPPED event handler. However, wpa_s->scanning may be
set for sched_scan and as such, this can result in unexpected extra
scans without there having been any real postponed request.
Make this more accurate by verifying that there really is a pending
request for a scan before speeding up its start.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If WPA2 is used, MBO AP must enable PMF. Refuse to select a BSS that has
MBO and WPA2 enabled without PMF.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add the transition candidate list to BSS Transition Management Response
frame. The candidates preference is set using the regular wpa_supplicant
BSS selection logic. If the BSS transition request is rejected and
updated scan results are not available, the list is not added.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add parsing of MBO IE in BSS Transition Management Request frames. If
the MBO IE includes the association retry delay attribute, do not try to
reconnect to the current BSS until the delay time is over.
If the MBO IE includes the cellular data connection preference attribute
or the transition rejection reason attribute, send a message to upper
layers with the data.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Prevent association to MBO APs that have association disallowed
attribute in MBO IE in Beacon or Probe Response frames.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.
Add a new "pbss" argument to network block. The argument is used
in the following scenarios:
1. When network has mode=2 (AP), when pbss flag is set will start
as a PCP instead of an AP.
2. When network has mode=0 (station), when pbss flag is set will
connect to PCP instead of AP.
The function wpa_scan_res_match() was modified to match BSS according to
the pbss flag in the network block (wpa_ssid structure). When pbss flag
is set it will match only PCPs, and when it is clear it will match only
APs.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Since hostapd supports ACS now, let's enable its support in
wpa_supplicant as well when starting AP mode.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
[u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master]
[u.oelmann@pengutronix.de: adjusted added text in defconfig]
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Let's reuse hostapd code for such handling. This will be useful to get
ACS support into wpa_supplicant where this one needs to handle the
survey event so it fills in the result ACS subsystem will require.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
[u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master]
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Previously, when wpa_supplicant received bgscan results with a preferred
network, it connected to that network without disconnecting from the
previous one. This might result in an inconsistent state of upper
layers.
Fix this by disconnecting from the current AP before connecting to the
new one when the network profile changes and there is an existing
connection.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
If scan results arrive during the connection process, the network
selection function was called, interrupting the current connection.
While a regular scan is mutually exclusive with connection establishment
via the nature of radio work, there's no such protection for scheduled
scan. Prevent network selection while a connection is in progress.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Previously, MB IEs were parsed only from association event. Try to get
MB IEs from other management frames like Probe Response frames. The MB
IEs from the association event may not be up-to-date and in some cases
may actually be missing and updating the information based on other
frames can improve robustness of FST exchanges.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows offloaded roaming to inform user space of the change in IP
subnet post roaming. The device may have roamed to a network which is in
a different subnet which will result in IP connectivity loss. Indicating
the change in subnet enables the user space to refresh the IP address or
to perform IP subnet validation if unknown status is indicated.
The driver indication is reported with a new event from wpa_supplicant
in the following format:
CTRL-EVENT-SUBNET-STATUS-UPDATE status=<0/1/2>
where
0 = unknown
1 = IP subnet unchanged (can continue to use the old IP address)
2 = IP subnet changed (need to get a new IP address)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If "STA_AUTOCONNECT 0" has been used to disable automatic connection on
disconnection event and the driver indicates a failure for the data
connection after successful WPS handshake, it is possible to hit a case
where wpa_s->disconnected is set to 1 and further attempts to connect
shall stop.
While "STA_AUTOCONNECT 0" is used to disable automatic reconnection
attempts in general, this specific WPS case can benefit from trying
again even with that configuration for a short period of time. Extend
the wpa_supplicant re-enable-networks-after-WPS 10 second timeout to
apply for ignoring disabled STA_AUTOCONNECT immediately after a WPS
provisioning step.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The AP is not expected to send out a WNM-Sleep Mode Response frame
without the STA trying to use WNM-Sleep Mode. Drop such unexpected
responses to reduce unnecessary processing of the frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
Instead of trying to associate in configuration that is known to result
in the AP rejecting the association, reject the BSS candidate based on
the MFPR=1 RSN capability when STA configuration has PMF disabled.
Signed-off-by: Jouni Malinen <j@w1.fi>
Channel switch notification was handled only for AP/GO interfaces. As
the notification can be sent on other interface types as well, extend
the handling to handle other interface types.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Do not consider moving GOs to a new channel if one of them is in the
middle of CSA. In addition, call wpas_p2p_update_channel_list() after
EVENT_CH_SWITCH is handled.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Allow wpa_supplicant to use vendor scan (if supported by the driver)
together with the normal nl80211 scan and handling external scan events.
Since this results in possibility of concurrent scan operations, some of
the operations related to scan results need to check more carefully when
an event is relevant for a specific interface.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible for driver-based BSS selection to end up reassociating
back to the current AP. If wpa_supplicant preferred another BSS, it
would have updated the internal knowledge of the AP's WPA/RSN IE when
requesting a new connection. In the special case of existing association
and new association being with the same BSS that is different from the
wpa_supplicant preference, association event processing skipped the
WPA/RSN IE update. This could result in the following 4-way handshake
getting rejected due to incorrectly detected mismatch with AP's RSN/WPA
IE between Beacon/Probe Response frame and EAPOL-Key msg 3/4.
Fix this by updating the AP WPA/RSN IE on all association events when
driver-based BSS selection is used regardless of whether the BSSID
changes. This could also cover a theoretical case of the AP changing its
RSN/WPA IE at the very moment we try to reassociate back to the same
BSS.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The P2P group is not yet operating when going through invitation
exchange for re-invocation. Previously, an old cached scan result could
be used to skip the scan immediately after the invitation exchange.
While this may result in the fastest possible connection, it does have
some issues with cases where the GO takes some time to start up. It
would also be at least theoretically possible for some of the BSS
parameters to be different, so having a fresh scan result from the new
GO instance may be desired in any case.
Add a mechanism to skip scan results that have been last updated before
a specific point in time and as the first user for this mechanism,
require chan results to be more recent than the invitation message
exchange for the P2P Client role in persistent group re-invocation case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
PNO was stopped by the wpa_supplicant during the connection attempts or
while handling disassociation indication. External entities, mainly, the
Android Wi-Fi framework, does not expects PNO to be stopped by other
modules. Hence, do not stop the sched_scan in these scenarios if it is
triggered externally for PNO.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>