Commit graph

547 commits

Author SHA1 Message Date
Dmitry Lebed
37547ad63c wpa_supplicant: Increase authentication timeout if CAC is started
Timeout is increased by dfs_cac_ms from channel data, or by max CAC time
(10 minutes) if dfs_cac_ms is not defined. This is needed for some more
complex cases, e.g., when STA is acting as an active slave with DFS
offload enabled and decided to start CAC after receiving CONNECT
command, in such a case the 10 second timeout is too small and
wpa_supplicant need to wait for CAC completion or CAC timeout (up to 10
minutes).

Without such timeout modification wpa_supplicant will be unable to
connect to an AP on DFS channel, since the default authentication
timeout (10 s) is smaller than the minimum CAC time (60 s).

Tested with nl80211 DFS offload implementation.

Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
2018-04-15 22:20:49 +03:00
Dmitry Lebed
2dd5fbbff8 wpa_supplicant: Rename wpas_event_*() to wpas_ap_event_*()
Rename DFS event handling functions, since they are located in ap.c and
refer to AP-mode only. Needed to add some STA-mode DFS event handling.

Signed-off-by: Dmitry Lebed <dlebed@quantenna.com>
2018-04-15 22:07:09 +03:00
Jouni Malinen
852b2f2738 SAE: Only allow SAE AKMP for PMKSA caching attempts
Explicitly check the PMKSA cache entry to have matching SAE AKMP for the
case where determining whether to use PMKSA caching instead of new SAE
authentication. Previously, only the network context was checked, but a
single network configuration profile could be used with both WPA2-PSK
and SAE, so should check the AKMP as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-04-09 19:34:44 +03:00
Beniamino Galvani
77a020a118 wpa_supplicant: Fix auth failure when the MAC is updated externally
When connecting to a WPA-EAP network and the MAC address is changed
just before the association (for example by NetworkManager, which sets
a random MAC during scans), the authentication sometimes fails in the
following way ('####' logs added by me):

wpa_supplicant logs:
 wlan0: WPA: RX message 1 of 4-Way Handshake from 02:00:00:00:01:00 (ver=1)
 RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 RSN: PMKID from Authenticator - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 wlan0: RSN: no matching PMKID found
 EAPOL: Successfully fetched key (len=32)
 WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]
 #### WPA: rsn_pmkid():
 #### WPA: aa              - hexdump(len=6): 02 00 00 00 01 00
 #### WPA: spa             - hexdump(len=6): 66 20 cf ab 8c dc
 #### WPA: PMK             - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
 #### WPA: computed PMKID  - hexdump(len=16): ea 73 67 b1 8e 5f 18 43 58 24 e8 1c 47 23 87 71
 RSN: Replace PMKSA entry for the current AP and any PMKSA cache entry that was based on the old PMK
 nl80211: Delete PMKID for 02:00:00:00:01:00
 wlan0: RSN: PMKSA cache entry free_cb: 02:00:00:00:01:00 reason=1
 RSN: Added PMKSA cache entry for 02:00:00:00:01:00 network_ctx=0x5630bf85a270
 nl80211: Add PMKID for 02:00:00:00:01:00
 wlan0: RSN: PMKID mismatch - authentication server may have derived different MSK?!

hostapd logs:
 WPA: PMK from EAPOL state machine (MSK len=64 PMK len=32)
 WPA: 02:00:00:00:00:00 WPA_PTK entering state PTKSTART
 wlan1: STA 02:00:00:00:00:00 WPA: sending 1/4 msg of 4-Way Handshake
 #### WPA: rsn_pmkid():
 #### WPA: aa              - hexdump(len=6): 02 00 00 00 01 00
 #### WPA: spa             - hexdump(len=6): 02 00 00 00 00 00
 #### WPA: PMK             - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7
 #### WPA: computed PMKID  - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23
 WPA: Send EAPOL(version=1 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=22 keyidx=0 encr=0)

That's because wpa_supplicant computed the PMKID using the wrong (old)
MAC address used during the scan. wpa_supplicant updates own_addr when
the interface goes up, as the MAC can only change while the interface
is down. However, drivers don't report all interface state changes:
for example the nl80211 driver may ignore a down-up cycle if the down
message is processed later, when the interface is already up. In such
cases, wpa_supplicant (and in particular, the EAP state machine) would
continue to use the old MAC.

Add a new driver event that notifies of MAC address changes while the
interface is active.

Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
2018-03-30 12:16:42 +03:00
Jouni Malinen
64624f31cf OWE: Fix CONFIG_OWE=y build without CONFIG_IEEE80211R=y
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-03-26 12:34:36 +03:00
Tamizh chelvam
ec2b5173ce Make STA opmode change event available to upper layers
Add an event callback for EVENT_STATION_OPMODE_CHANGED to allow
user/application to get the notification whenever there is a change in a
station's HT/VHT op mode.

The new events:
STA-OPMODE-MAX-BW-CHANGED <addr> <20(no-HT)|20|40|80|80+80|160>
STA-OPMODE-SMPS-MODE-CHANGED <addr> <automatic|off|dynamic|static>
STA-OPMODE-N_SS-CHANGED <addr> <N_SS>

Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
2018-03-19 20:07:22 +02:00
Avraham Stern
b8e88d357a wpa_supplicant: Handle port authorized event
When the driver indicates that the connection is authorized (i.e., the
4-way handshake was completed by the driver), cancel the EAP
authentication timeout and set the EAP state machine to success state.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2018-02-17 18:45:26 +02:00
Sunil Dutt
5ff39c1380 SAE: Support external authentication offload for driver-SME cases
Extend the SME functionality to support the external authentication.
External authentication may be used by the drivers that do not define
separate commands for authentication and association
(~WPA_DRIVER_FLAGS_SME) but rely on wpa_supplicant's SME for the
authentication.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-02-02 21:17:55 +02:00
Jouni Malinen
c1790a5ff8 OWE: Allow station in transition mode to connect to an open BSS
If the OWE network profile matches an open network which does not
advertise OWE BSS, allow open connection. The new owe_only=1 network
profile parameter can be used to disable this transition mode and
enforce connection only with OWE networks.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-21 11:13:01 +02:00
Jouni Malinen
2cb40e9f40 OWE: Try all supported DH groups automatically on STA
If a specific DH group for OWE is not set with the owe_group parameter,
try all supported DH groups (currently 19, 20, 21) one by one if the AP
keeps rejecting groups with the status code 77.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-12-27 21:06:02 +02:00
Jouni Malinen
dc4d271c6d DPP: Update AES-SIV AD for DPP Authentication frames
The protocol design was updated to protect the six octets in the header
before the attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-18 22:51:30 +03:00
Vidyullatha Kanchanapally
b0a21e228d FILS: Update replay counter from roam info
Update the replay counter after a roam for all cases. This restores the
design back to what it was before commit
01ef320f19 ('FILS: Update ERP next
sequence number with driver offload').

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-17 16:26:44 +03:00
Jouni Malinen
daa4096084 Allow last (Re)Association Request frame to be replayed for testing
The new wpa_supplicant RESEND_ASSOC command can be used to request the
last (Re)Association Request frame to be sent to the AP to test FT
protocol behavior.

This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:47:24 +03:00
Jouni Malinen
16579769ff Add testing functionality for resetting PN/IPN for configured keys
This can be used to test replay protection. The "RESET_PN" command in
wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local
counters to zero for the last configured key. For hostapd, the address
parameter specifies which STA this operation is for or selects GTK
("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK").

This functionality is for testing purposes and included only in builds
with CONFIG_TESTING_OPTIONS=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 17:43:10 +03:00
Jouni Malinen
a0bf1b68c0 Remove all PeerKey functionality
This was originally added to allow the IEEE 802.11 protocol to be
tested, but there are no known fully functional implementations based on
this nor any known deployments of PeerKey functionality. Furthermore,
PeerKey design in the IEEE Std 802.11-2016 standard has already been
marked as obsolete for DLS and it is being considered for complete
removal in REVmd.

This implementation did not really work, so it could not have been used
in practice. For example, key configuration was using incorrect
algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in
mapping to an invalid WPA_ALG_* value for the actual driver operation.
As such, the derived key could not have been successfully set for the
link.

Since there are bugs in this implementation and there does not seem to
be any future for the PeerKey design with DLS (TDLS being the future for
DLS), the best approach is to simply delete all this code to simplify
the EAPOL-Key handling design and to get rid of any potential issues if
these code paths were accidentially reachable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 02:03:47 +03:00
Jouni Malinen
5a78c36194 OWE: PMKSA caching in station mode
This extends OWE support in wpa_supplicant to allow PMKSA caching to be
used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 12:12:54 +03:00
Jouni Malinen
e8b9649012 OWE: Transition mode support on station side
Add support for using the OWE Transition Mode element to determine the
hidden SSID for an OWE BSS that is used in transition mode.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 17:12:35 +03:00
Jouni Malinen
61a56c1480 Add group_mgmt network parameter for PMF cipher selection
The new wpa_supplicant network parameter group_mgmt can be used to
specify which group management ciphers (AES-128-CMAC, BIP-GMAC-128,
BIP-GMAC-256, BIP-CMAC-256) are allowed for the network. If not
specified, the current behavior is maintained (i.e., follow what the AP
advertises). The parameter can list multiple space separate ciphers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-26 17:40:02 +03:00
Avraham Stern
b3c148e9f8 RRM: Send reject/refuse response only to unicast measurement request
IEEE Std 802.11-2016, 11.11.6 specifies that a station that is unable to
make a requested measurement or refuses to make a measurement shall
respond only if the measurement request was received within an
individually addressed radio measurement request frame, but shall not
respond if such a request was received in a group addressed frame.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-07-17 17:43:32 +03:00
Andrei Otcheretianski
bfbc41eace DPP: Fix compilation without openssl
dpp.h file requires openssl in order to compile, which breaks
compilation on systems without it.
Move DPP_OUI_TYPE to ieee802_11_defs.h and don't include dpp.h when
not really needed.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2017-07-07 23:37:45 +03:00
Jouni Malinen
da143f7fb9 FILS: Fix EVENT_ASSOC processing checks for driver-SME
Commit 5538fc9309 ('FILS: Track completion
with FILS shared key authentication offload') added an additional case
for calling wpa_supplicant_event_assoc_auth() from EVENT_ASSOC handling
in case of FILS-completion with driver-based-SME. However, that checked
what placed outside the data != NULL case while data != NULL needs to
apply for this case as well due to wpa_supplicant_event_assoc_auth()
behavior. Move the data != NULL check to apply to both cases to avoid
potentially issues if a driver interface were to return EVENT_ASSOC
without the associate data. (CID 164708)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 23:36:13 +03:00
Jouni Malinen
a0d5c56f8b DPP: Network Introduction protocol for wpa_supplicant
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:59 +03:00
Jouni Malinen
567da5bbd0 DPP: Add new AKM
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
461d39af40 DPP: Configuration exchange
This adds support for DPP Configuration Protocol using GAS. Full
generation and processing of the configuration object is not included in
this commit.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:15 +03:00
Jouni Malinen
30d27b048e DPP: Authentication exchange
Add wpa_supplicant control interface commands for managing DPP
Authentication exchange.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:12:30 +03:00
Vasanthakumar Thiagarajan
aa56e36d66 driver: Make DFS domain information available to core
Current DFS domain information of the driver can be used in ap/dfs
to comply with DFS domain specific requirements like uniform spreading
for ETSI domain.

Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
2017-05-13 20:01:44 +03:00
Vidyullatha Kanchanapally
bbe7969d63 FILS: Update cache identifier on association
This is needed when offloading FILS shared key to the drivers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:59:12 +03:00
Vidyullatha Kanchanapally
f705f41b7f FILS: Update PMKSA cache with FILS shared key offload
Add a new PMKSA cache entry within wpa_supplicant if a driver event from
offloaded FILS shared key authentication indicates a new PMKSA entry was
created.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
01ef320f19 FILS: Update ERP next sequence number with driver offload
This keeps the internal ERP information within wpa_supplicant in sync
with the driver when offloading FILS shared key authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Vidyullatha Kanchanapally
5538fc9309 FILS: Track completion with FILS shared key authentication offload
Update the internal fils_completed state when offloading FILS shared key
authentication to the driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-07 18:46:13 +03:00
Shaul Triebitz
3d5f0e916d wpa_supplicant: Avoid associating to temp disabled SSID in ap_scan=2
In ap_scan=2 mode, wpa_supplicant_assoc_try() did not check whether the
SSID is temporarily disabled before trying to associate and this may
result in an infinite connect/disconnect loop. If the association
succeeds while the SSID is temporarily disabled, wpa_supplicant will
request to deauthenticate and that in turn will cause the SSID to be
temporarily disabled again. Fix that by postponing the association until
the SSID is no longer temporarily disabled.

Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
2017-03-29 15:03:16 +03:00
Jouni Malinen
76e20f4fa7 FILS: Add FILS SK auth PFS support in STA mode
This adds an option to configure wpa_supplicant to use the perfect
forward secrecy option in FILS shared key authentication. A new build
option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A
new runtime network profile parameter fils_dh_group is used to enable
this by specifying which DH group to use. For example, fils_dh_group=19
would use FILS SK PFS with a 256-bit random ECP group.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 23:20:32 +02:00
Jouni Malinen
0a6147991e OWE: Process Diffie-Hellman Parameter element in STA mode
This adds STA side addition of OWE Diffie-Hellman Parameter element into
(Re)Association Request frame and processing it in (Re)Association
Response frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 19:24:11 +02:00
Jouni Malinen
a1ea1b4522 OWE: Define and parse OWE AKM selector
This adds a new RSN AKM "OWE".

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 19:24:11 +02:00
Johannes Berg
15e5ee0b75 wpa_supplicant: events: Don't bounce timeout reason through a buffer
There's no point in making the code use a stack buffer and first copying
the string there, only to copy it again to the output. Make the output
directly use the reason string.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-11 10:52:43 +02:00
Jouni Malinen
869af30728 FILS: Use FILS Cache Identifier to extend PMKSA applicability
This allows PMKSA cache entries for FILS-enabled BSSs to be shared
within an ESS when the BSSs advertise the same FILS Cache Identifier
value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-26 12:05:40 +02:00
Purushottam Kushwaha
3f23260da8 nl80211: Notify reason for connection timeout failure
This adds reason for timeout in event CTRL-EVENT-ASSOC-REJECT whenever
connection failure happens because of timeout. This extends the
"timeout" parameter in the event to include the reason, if available:
timeout=scan, timeout=auth, timeout=assoc.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-20 10:47:08 +02:00
Jouni Malinen
bcf66493cf Fix estimated throughput based skip-roam case
Commit 8d1e693186 ('Use estimated
throughput to avoid signal based roaming decision') added a check for
the current BSS estimated throughput being significantly higher than the
selected BSS estimated throughput. However, this case for skipping a
roam used "return 1" which actually allows the roam. Fix this by
returning 0 in this case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-02-05 21:52:26 +02:00
Andrejs Cainikovs
6a5425fd60 Increase delayed EAPOL RX frame timeout
Increase the EAPOL RX frame timeout from 100 to 200 ms. This fixes lack
of optimization (i.e., first EAPOL frame dropped) in occasional roaming
and authentication cases on EAP networks if the kernel events can be
reordered and delayed a bit longer.

Signed-off-by: Tomoharu Hatano <tomoharu.hatano@sonymobile.com>
2017-01-29 18:41:29 +02:00
Jouni Malinen
34e8bfd7a9 Skip EVENT_ACS_CHANNEL_SELECTED also without CONFIG_AP
CONFIG_ACS alone should not refer to wpa_s->ap_iface to avoid potential
compilation issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 11:57:23 +02:00
Jouni Malinen
0f9b4a0f1d bgscan: Deliver beacon loss event to bgscan modules
This adds a call to the notify_beacon_loss() callback functions when
beacon loss is detected. In addition, a new CTRL-EVENT-BEACON-LOSS event
is made available through the wpa_supplicant control interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-08 12:17:58 +02:00
Avraham Stern
76196ddb2b wpa_supplicant: Add support for Beacon Report Radio Measurement
Beacon Report Radio Measurement is defined in IEEE Std 802.11-2016,
11.11.9.1. Beacon Report is implemented by triggering a scan on the
requested channels with the requested parameters.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-01-03 15:18:30 +02:00
Jouni Malinen
6e374bd44d Ignore scan results from ongoing scan when FLUSH command is issued
This makes wpa_supplicant behavior more consistent with FLUSH command to
clear all state. Previously, it was possible for an ongoing scan to be
aborted when the FLUSH command is issued and the scan results from that
aborted scan would still be processed and that would update the BSS
table which was supposed to cleared by the FLUSH command.

This could result in hwsim test case failures due to unexpected BSS
table entries being present after the FLUSH command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-11 12:45:08 +02:00
Jouni Malinen
e65a87b399 Debug print scan results matching the currently selected network
This provides more details on BSS selection process in the debug log.
Previously, the BSSs that were not either the current or the selected
one were not necessarily printed at all. Now all BSSs that match the
currently selected network are listed with their frequency and signal
strength details.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-11-13 18:22:38 +02:00
Jouni Malinen
8d1e693186 Use estimated throughput to avoid signal based roaming decision
Previously, the estimated throughput was used to enable roaming to a
better AP. However, this information was not used when considering a
roam to an AP that has better signal strength, but smaller estimated
throughput. This could result in allowing roaming from 5 GHz band to 2.4
GHz band in cases where 2.4 GHz band has significantly higher signal
strength, but still a lower throughput estimate.

Make this less likely to happen by increasing/reducing the minimum
required signal strength difference based on the estimated throughputs
of the current and selected AP. In addition, add more details about the
selection process to the debug log to make it easier to determine whaty
happened and why.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-11-13 17:52:32 +02:00
Jouni Malinen
81a10a9442 Do not try to start/join RSN IBSS without CONFIG_IBSS_RSN=y
Previously, a build without IBSS RSN support tried to start/join an IBSS
even if the profile was configured with RSN parameters. This does not
work and resulted in quite confusing debug log. Make this clearer by
explicitly checking for this case and reject the connection attempt with
a clearer debug log entry instead of trying something that is known to
fail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-28 19:33:20 +03:00
Jouni Malinen
706df4291b FILS: Association Response processing (STA)
Decrypt the AES-SIV protected elements and verify Key-Auth. Parse and
configure keys to the driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-26 00:20:04 +03:00
Avraham Stern
e3e2fe3a42 Always propagate scan results to all interfaces
Scan results were not propagated to all interfaces if scan results
started a new operation, in order to prevent concurrent operations. But
this can cause other interfaces to trigger a new scan when scan results
are already available. Instead, always notify other interfaces of the
scan results, but note that new operations are not allowed.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2016-10-15 19:13:30 +03:00
Avraham Stern
14f34a7303 Continue scanning if sched_scan stops unexpectedly
When scheduled scan stops without the interface request (for example,
driver stopped it unexpectedly), start a regular scan to continue
scanning for networks and avoid being left with no scan at all.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-10-02 19:38:57 +03:00
David Spinadel
1ac388633a Remove disconnected APs from BSS table if likely out-of-range
In some cases, after a sudden AP disappearing and reconnection to
another AP in the same ESS, if another scan occurs, wpa_supplicant might
try to roam to the old AP (if it was better ranked than the new one)
because it is still saved in BSS list and the blacklist entry was
cleared in previous reconnect. This attempt is going to fail if the AP
is not present anymore and it'll cause long disconnections.

Remove an AP that is probably out of range from the BSS list to avoid
such disconnections. In particular mac80211-based drivers use the
WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in locally generated
disconnection events for cases where the AP does not reply anymore.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-10-01 11:14:02 +03:00
Arik Nemtsov
ebf59eb549 Restart PNO/sched_scan on channel list update
As the scan channels might need to change when the channel list has been
updated by the kernel. Use the simulated sched_scan timeout
(wpas_scan_restart_sched_scan()) to handle a possible race where an
ongoing sched_scan has stopped asynchronously while trying to restart a
new sched_scan.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2016-09-30 22:45:03 +03:00
vamsi krishna
6ad37d73ca MBO: Add support to ignore association disallowed set by AP
Add a testing mechanism to allow association disallowed set by AP to be
ignored. This can be used to verify AP behavior for disallowing a
specific association.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-25 17:31:26 +03:00
Mikael Kanstrup
02adead53e Add ignore_auth_resp control interface debug parameter
Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc
response loss and EAPOL RX packet loss by ignoring corresponding
incoming events.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-09-23 17:36:55 +03:00
Moshe Benji
14220fe64c Flush the BSS (scan) entries when an interface becomes disabled
When an interface becomes disabled (e.g., when RF-kill becomes blocked)
we should clear the stored scan results to avoid maintaining stale
information.

Fix this by flushing the BSS entries when an interface becomes
disabled.

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
2016-09-22 23:31:19 +03:00
Jouni Malinen
6c33ca9f95 Add group_rekey parameter for IBSS
The new network profile parameter group_rekey can now be used to specify
the group rekeying internal in seconds for IBSS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-13 16:29:01 +03:00
Jouni Malinen
e07adb7faa Fix EAP state machine reset with offloaded roaming and authorization
If the driver indicates a roamed event with already completed
authorization, altAccept = TRUE could have resulted in the EAP state
machine ending up in the FAILURE state from the INITIALIZE state. This
is not correct behavior and similar cases were already addressed for FT
and WPA-PSK. Fix the offloaded roamed+authorized (EAP/PMKSA caching)
case by doing similar changes to EAPOL/EAP state variable updates during
association event handling.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-11 16:05:45 +03:00
Masashi Honma
fac72f93dd mesh: Stop joining to different frequency network
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-07-23 21:57:15 +03:00
Masashi Honma
7035162311 mesh: Join an existing MBSS instead of creating a new one
If scan results show a matching existing MBSS, join it instead of
creating a new MBSS.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-07-23 21:57:11 +03:00
Peng Xu
a6f5b1937a P2P: Allow P2P listen being offloaded to the driver/firmware
This allows P2P Listen to be offloaded to device to enhance power
saving.

To start P2P listen offload, from wpa_cli interface, issue the command:
	p2p_lo_start <freq> <period> <interval> <count>

To stop P2P listen offload, issue the command:
	p2p_lo_stop

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-07-03 22:36:58 +03:00
Jouni Malinen
37fd0be2d3 Add CTRL-EVENT-CHANNEL-SWITCH event to indicate channel changes
This provides information of the channel switch to wpa_supplicant
control interface monitors.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-27 21:10:35 +03:00
Jouni Malinen
9a5160f5fb Report connection timeouts in CTRL-EVENT-ASSOC-REJECT
Add a new "timeout" argument to the event message if the nl80211 message
indicates that the connection failure is not due to an explicit AP
rejection message. This makes it easier for external programs to figure
out why the connection failed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-31 00:11:42 +03:00
Lior David
a26c9c2e71 Fix sending non-Public Action frames over P2P Device interface
The P2P Device interface can only send Public Action frames. Non-Public
Action frames must be sent over a group interface. The previous
implementation sometimes tried to send non-Public Action frames such as
GO Discoverability over the P2P Device interface, however, the source
address of the frame was set to the group interface address so the code
in offchannel.c knew to select the correct interface for the TX.

The check breaks when the P2P Device and group interfaces have the same
MAC address. In this case the frame will be sent over the P2P Device
interface and the send will fail.

Fix this problem in two places:
1. In offchannel, route non-Public Action frames to the GO
   interface when the above conditions are met.
2. When a TX_STATUS event arrives on such routed frame, it will
   arrive on the GO interface but it must be handled by the P2P Device
   interface since it has the relevant state logic.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-05-21 00:17:45 +03:00
Ilan Peer
3b11ad34eb Send CTRL-EVENT-REGDOM-CHANGE event on the parent interface
The NL80211_CMD_WIPHY_REG_CHANGE can be handled by any of the
interfaces that are currently controlled by the wpa_supplicant.
However, some applications expect the REGDOM_CHANGE event to be
sent on the control interface of the initially added interface
(and do not expect the event on any of child interfaces).

To resolve this, when processing NL80211_CMD_WIPHY_REG_CHANGE,
find the highest parent in the chain, and use its control interface
to emit the CTRL-EVENT-REGDOM-CHANGE event.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-05-14 17:19:02 +03:00
Sunil Dutt
03626e9157 Skip connection attempt for non-RSN networks if PMF is set to required
Since ieee80211w=2 is an explicit configuration to wpa_supplicant, the
connection attempt for such non-PMF (non-RSN) capable networks should be
skipped.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-05 21:09:08 +03:00
David Spinadel
4a742011ab wpa_supplicant: Handle LCI request
Handle radio measurement request that contains LCI request. Send
measurement report based on a configurable LCI report element. The LCI
report element is configured over the control interface with

SET lci <hexdump of the element>

and cleared with

SET lci ""

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:29:12 +03:00
Matti Gottlieb
ece4ac5f4e HS 2.0: Add support for configuring frame filters
When a station starts an association to a Hotspot 2.0 network, request
the driver to do the following, based on the BSS capabilities:

1. Enable gratuitous ARP filtering
2. Enable unsolicited Neighbor Advertisement filtering
3. Enable unicast IP packet encrypted with GTK filtering if
   DGAF disabled bit is zero

Clear the filter configuration when the station interface is
disassociated.

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
2016-04-08 15:21:18 +03:00
Lior David
90f14962ec wpa_supplicant: "don't care" value for pbss in ssid structure
Add a new value 2 to the pbss parameter of wpa_ssid structure, which
means "don't care". This value is used in infrastructure mode to request
connection to either AP or PCP, whichever is available in the scan
results. The value is also used in regular WPS (not P2P group formation)
to make WPS work with devices running as either AP or PCP.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-04-08 12:56:34 +03:00
Hu Wang
3560b32ca3 Fix race condition with PNO stop followed immediately by PNO start
Commit dd271857a5 ('Skip normal scan when
PNO is already in progress') fixed issues with normal scans getting
rejected by the driver when PNO scan is already running. The part about
skipping such a scan request is fine, but the part about clearing
wpa_s->pno back to 0 in EVENT_SCHED_SCAN_STOPPED handler is problematic.

If PNO is stopped ("SET pno 0") and then restarted ("SET pno 1")
immediately, it is possible for the EVENT_SCHED_SCAN_STOPPED event from
the stopping part to be received only after the new PNO instance has
been started. This would have resulted in clearing wpa_s->pno and the
driver and wpa_supplicant getting out of sync. This would then prevent
PNO from being stopped with "SET pno 0" (that fails if wpa_s->pno == 0).

Fix this race condition by reverting the wpa_s->pno = 0 addition from
the EVENT_SCHED_SCAN_STOPPED handler.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-06 11:14:34 +03:00
Jouni Malinen
c01120a05f wpa_supplicant: Do not use struct ieee80211_mgmt::u.probe_req
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. Since there are no non-IE fields in the
Probe Request frames, get the location of the variable length IEs simply
by using the pointer to the frame header and the known header length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-02 16:55:02 +03:00
Jouni Malinen
954e10e483 Make it a bit easier to roam from 2.4 GHz to 5 GHz within ESS
The initial connection to an ESS was already explicitly increasing the
likelihood of picking a 5 GHz BSS. While the throughput estimation is
likely to do same for the roaming decision, it might be possible that
that does not cover all cases. Add couple of dB extra preference for 5
GHz in case the roaming decision falls back to comparing signal levels.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 12:12:48 +02:00
Roy Marples
2e997eece5 Add interface matching support with -M, guarded by CONFIG_MATCH_IFACE
The new wpa_supplicant command line argument -M can be used to describe
matching rules with a wildcard interface name (e.g., "wlan*").

This is very useful for systems without udev (Linux) or devd (FreeBSD).

Signed-off-by: Roy Marples <roy@marples.name>
2016-03-22 17:41:37 +02:00
Roy Marples
45e3fc72c6 Find correct driver for interface additions/removals
Interface additions/removals are not guaranteed to be for the driver
listening to the kernel events. As such, send the events to
wpa_supplicant_event_global() which can then pick the correct interface
registered with wpa_supplicant to send the event to.

Signed-off-by: Roy Marples <roy@marples.name>
2016-03-22 17:41:37 +02:00
Daisuke Niwa
192964ddc3 Handle OSEN IE in Assoc Request info if req_ies exists
The 4-way handshake fails with the error "WPA: No wpa_ie set - cannot
generate msg 2/4" while connecting to OSEN network with drivers that
indicate used Association Request frame elements because OSEN IE is not
handled in wpa_supplicant_event_associnfo() if data->assoc_info.req_ies
is not NULL.

Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
2016-03-20 11:17:39 +02:00
Naveen Singh
c7fb678f31 D-Bus: Add association response status code property for failure cases
(Re)Association Response frame with status code other than 0 is now
notified over DBUS as a part of PropertiesChanged signal. This can be
used by application in case AP is denying association with status code
17 (band steering) so that it does not interfere in the BSSID selection
logic of wpa_supplicant.

Signed-off-by: Naveen Singh <nasingh@google.com>
2016-03-06 20:44:51 +02:00
Ilan Peer
1446afc865 wpa_supplicant: Handle EVENT_SCAN_RESULTS when an interface is disabled
An interface can be disabled while it has an ongoing scan request.
In such a case, when the scan results notification is received,
it was being ignored (as the interface is already disabled) so the
scan state was not cleared. This can cause undetermined behavior
for the next scan request.

To handle this, clear the scan state when EVENT_SCAN_RESULTS is
received and the interface is disabled.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-03-03 17:10:26 +02:00
Jouni Malinen
bef5e9a862 Fix scan rescheduling from wpas_stop_pno to check postponed case
Commit 02e122a995 ('Reschedule scan from
wpas_stop_pno if it was postponed') uses wpa_s->scanning as the only
condition for automatically starting a postponed scan request from
EVENT_SCHED_SCAN_STOPPED event handler. However, wpa_s->scanning may be
set for sched_scan and as such, this can result in unexpected extra
scans without there having been any real postponed request.

Make this more accurate by verifying that there really is a pending
request for a scan before speeding up its start.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-03 11:04:38 +02:00
Jouni Malinen
940491ce08 MBO: Mandate use of PMF for WPA2+MBO association (STA)
If WPA2 is used, MBO AP must enable PMF. Refuse to select a BSS that has
MBO and WPA2 enabled without PMF.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-22 19:53:05 +02:00
Avraham Stern
84d1c0fd5a WNM: Add candidate list to BSS transition response
Add the transition candidate list to BSS Transition Management Response
frame. The candidates preference is set using the regular wpa_supplicant
BSS selection logic. If the BSS transition request is rejected and
updated scan results are not available, the list is not added.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
dd5999084e MBO: Parse MBO IE in BSS Transition Management Request frames
Add parsing of MBO IE in BSS Transition Management Request frames. If
the MBO IE includes the association retry delay attribute, do not try to
reconnect to the current BSS until the delay time is over.

If the MBO IE includes the cellular data connection preference attribute
or the transition rejection reason attribute, send a message to upper
layers with the data.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
David Spinadel
cb06cf3456 MBO: Prevent association to APs that explicitly disallow this
Prevent association to MBO APs that have association disallowed
attribute in MBO IE in Beacon or Probe Response frames.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-02-22 19:53:04 +02:00
Lior David
b907491281 wpa_supplicant: Basic support for PBSS/PCP
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.

Add a new "pbss" argument to network block. The argument is used
in the following scenarios:
1. When network has mode=2 (AP), when pbss flag is set will start
as a PCP instead of an AP.
2. When network has mode=0 (station), when pbss flag is set will
connect to PCP instead of AP.

The function wpa_scan_res_match() was modified to match BSS according to
the pbss flag in the network block (wpa_ssid structure). When pbss flag
is set it will match only PCPs, and when it is clear it will match only
APs.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-02-08 22:23:56 +02:00
Tomasz Bursztyka
d99097177a wpa_supplicant: Enable Automatic Channel Selection support for AP mode
Since hostapd supports ACS now, let's enable its support in
wpa_supplicant as well when starting AP mode.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
[u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master]
[u.oelmann@pengutronix.de: adjusted added text in defconfig]
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
2015-12-24 22:24:05 +02:00
Tomasz Bursztyka
96bc508684 Handle survey event properly in wpa_supplicant
Let's reuse hostapd code for such handling. This will be useful to get
ACS support into wpa_supplicant where this one needs to handle the
survey event so it fills in the result ACS subsystem will require.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
[u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master]
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
2015-12-24 21:35:54 +02:00
Ayala Beker
0e6a2cf282 Disconnect before trying to switch to a different network
Previously, when wpa_supplicant received bgscan results with a preferred
network, it connected to that network without disconnecting from the
previous one. This might result in an inconsistent state of upper
layers.

Fix this by disconnecting from the current AP before connecting to the
new one when the network profile changes and there is an existing
connection.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2015-12-18 00:24:52 +02:00
Arik Nemtsov
706e11a485 Avoid network selection from scan during connection
If scan results arrive during the connection process, the network
selection function was called, interrupting the current connection.
While a regular scan is mutually exclusive with connection establishment
via the nature of radio work, there's no such protection for scheduled
scan. Prevent network selection while a connection is in progress.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2015-12-18 00:24:52 +02:00
Jouni Malinen
58059e6c0c FST: Print debug entry on MB IE update based on EVENT_AUTH
This is more consistent with all the other callers of
wpas_fst_update_mbie().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 12:53:24 +02:00
Dedy Lansky
ea7081185e FST: Improve parsing of Multiband IEs
Previously, MB IEs were parsed only from association event. Try to get
MB IEs from other management frames like Probe Response frames. The MB
IEs from the association event may not be up-to-date and in some cases
may actually be missing and updating the information based on other
frames can improve robustness of FST exchanges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-25 17:33:31 +02:00
Jouni Malinen
eb926f1257 Comment out wpas_reenabled_network_time with CONFIG_NO_SCAN_PROCESSING
This removes a compiler warning about unused function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-23 23:33:55 +02:00
Ravi Joshi
f32227ed9e Add QCA vendor attribute and event to indicate subnet change status
This allows offloaded roaming to inform user space of the change in IP
subnet post roaming. The device may have roamed to a network which is in
a different subnet which will result in IP connectivity loss. Indicating
the change in subnet enables the user space to refresh the IP address or
to perform IP subnet validation if unknown status is indicated.

The driver indication is reported with a new event from wpa_supplicant
in the following format:
CTRL-EVENT-SUBNET-STATUS-UPDATE status=<0/1/2>
where
0 = unknown
1 = IP subnet unchanged (can continue to use the old IP address)
2 = IP subnet changed (need to get a new IP address)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-20 11:03:06 +02:00
Sunil Dutt
5e238cc682 WPS: Reconnect for a failed data connection when STA_AUTOCONNECT is 0
If "STA_AUTOCONNECT 0" has been used to disable automatic connection on
disconnection event and the driver indicates a failure for the data
connection after successful WPS handshake, it is possible to hit a case
where wpa_s->disconnected is set to 1 and further attempts to connect
shall stop.

While "STA_AUTOCONNECT 0" is used to disable automatic reconnection
attempts in general, this specific WPS case can benefit from trying
again even with that configuration for a short period of time. Extend
the wpa_supplicant re-enable-networks-after-WPS 10 second timeout to
apply for ignoring disabled STA_AUTOCONNECT immediately after a WPS
provisioning step.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-17 19:50:34 +02:00
Jouni Malinen
03ed0a5239 WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used
The AP is not expected to send out a WNM-Sleep Mode Response frame
without the STA trying to use WNM-Sleep Mode. Drop such unexpected
responses to reduce unnecessary processing of the frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-10 18:40:54 +02:00
Jouni Malinen
fa46426725 RSN: Do not try to connect if PMF disabled and AP requires it
Instead of trying to associate in configuration that is known to result
in the AP rejecting the association, reject the BSS candidate based on
the MFPR=1 RSN capability when STA configuration has PMF disabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 19:37:17 +02:00
Ilan Peer
61f121d925 Handle channel switch notification for other interface types
Channel switch notification was handled only for AP/GO interfaces. As
the notification can be sent on other interface types as well, extend
the handling to handle other interface types.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-03 21:01:49 +03:00
Andrei Otcheretianski
3bafb0d842 P2P: Trigger channel selection correctly during CSA
Do not consider moving GOs to a new channel if one of them is in the
middle of CSA. In addition, call wpas_p2p_update_channel_list() after
EVENT_CH_SWITCH is handled.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 20:22:09 +03:00
Kanchanapally, Vidyullatha
adcd7c4b0b nl80211: Support vendor scan together with normal scan
Allow wpa_supplicant to use vendor scan (if supported by the driver)
together with the normal nl80211 scan and handling external scan events.
Since this results in possibility of concurrent scan operations, some of
the operations related to scan results need to check more carefully when
an event is relevant for a specific interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-01 01:41:46 +03:00
Saurav Babu
0a7b2a02eb D-Bus: Add Signal to notify WPS PBC Overlap event
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2015-09-27 12:52:34 +03:00
Sunil Dutt
ce7d0eb184 Update AP WPA/RSN IE on all associations if driver can select BSS
It is possible for driver-based BSS selection to end up reassociating
back to the current AP. If wpa_supplicant preferred another BSS, it
would have updated the internal knowledge of the AP's WPA/RSN IE when
requesting a new connection. In the special case of existing association
and new association being with the same BSS that is different from the
wpa_supplicant preference, association event processing skipped the
WPA/RSN IE update. This could result in the following 4-way handshake
getting rejected due to incorrectly detected mismatch with AP's RSN/WPA
IE between Beacon/Probe Response frame and EAPOL-Key msg 3/4.

Fix this by updating the AP WPA/RSN IE on all association events when
driver-based BSS selection is used regardless of whether the BSSID
changes. This could also cover a theoretical case of the AP changing its
RSN/WPA IE at the very moment we try to reassociate back to the same
BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-17 17:40:40 +07:00
Jouni Malinen
dcc8bc82e0 Add BSS operating frequency to more debug messages
This makes it easier to analyze debug logs when figuring out channel
related issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 20:40:44 +03:00
Jouni Malinen
dfaf11d648 P2P: Require fresh scan results for persistent group re-invocation
The P2P group is not yet operating when going through invitation
exchange for re-invocation. Previously, an old cached scan result could
be used to skip the scan immediately after the invitation exchange.
While this may result in the fastest possible connection, it does have
some issues with cases where the GO takes some time to start up. It
would also be at least theoretically possible for some of the BSS
parameters to be different, so having a fresh scan result from the new
GO instance may be desired in any case.

Add a mechanism to skip scan results that have been last updated before
a specific point in time and as the first user for this mechanism,
require chan results to be more recent than the invitation message
exchange for the P2P Client role in persistent group re-invocation case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-22 00:22:12 +03:00
Mahesh A Saptasagar
0d0f7ecbb1 Do not stop ongoing PNO sched_scan on association/disconnection
PNO was stopped by the wpa_supplicant during the connection attempts or
while handling disassociation indication. External entities, mainly, the
Android Wi-Fi framework, does not expects PNO to be stopped by other
modules. Hence, do not stop the sched_scan in these scenarios if it is
triggered externally for PNO.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-13 21:10:16 +03:00