Commit graph

3205 commits

Author SHA1 Message Date
Jouni Malinen
41cc50d19e nl80211: Update send_action_cookie on AP-offchannel-TX path
Previously, the send_mlme->send_frame->send_frame_cmd path that could be
used when a GO sends an offchannel Action frame ended up not updating
drv->send_action_cookie. This can result in an issue with not being able
to cancel wait for the response, e.g., in invitation-to-running-group
case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-21 18:24:20 +03:00
Jouni Malinen
dc46fd66c9 P2P: Cancel offchannel TX wait on Invitation Response RX
This fixes issues where a GO used offchannel-TX operation to send an
Invitation Request frame. Wait for the offchannel TX operation needs to
be stopped as soon as the Invitation Response frame has been received.
This addresses some issues where Probe Response frame from the GO
through the monitor interface may end up going out on a wrong channel
(the channel of this offchannel TX operation for invitation).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 21:38:02 +03:00
Jouni Malinen
8d82c2105b P2P: Fix PD retry channel on join-a-group case
Join-a-group needs to force the current operating channel of the target
group as the frequency to use for the PD exchange. When the channel was
selected based on a BSS entry for the GO, this worked only for the first
PD Request frame while the retries reverted to a potentially different
channel based on a P2P peer entry. Fix this by maintaining the forced
channel through the PD retry sequence.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 21:38:02 +03:00
Jouni Malinen
512629aefe P2P: Accept Invitation Response non-success without Channel List
P2P Invitation Response frame is required to include the Channel List
attribute only in Status=Success case. Skip the debug message claiming
that a mandatory attribute was not included in non-Success case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 21:37:52 +03:00
Jouni Malinen
db13605816 EAP-AKA/AKA' peer: Allow external USIM processing to be used
This allows the new external_sim=1 case to be used to perform UMTS
authentication step in EAP-AKA/AKA' peer process. Following control
interface event is used to request the operation:

CTRL-REQ-SIM-<network id>:UMTS-AUTH:<RAND>:<AUTN> needed for SSID <SSID>

Response from external processing is returned with
CTRL-RSP-SIM-<network id> UMTS-AUTH:<IK>:<CK>:<RES>
or
CTRL-RSP-SIM-<network id> UMTS-AUTS:<AUTS>

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 13:12:04 +03:00
Jouni Malinen
569ccf719f EAP-SIM peer: Allow external SIM processing to be used
This allows the new external_sim=1 case to be used to perform GSM
authentication step in EAP-SIM peer process. Following control interface
event is used to request the operation:

CTRL-REQ-SIM-<network id>:GSM-AUTH:<RAND1>:<RAND2>[:<RAND3>] needed
for SSID <SSID>

For example:
<3>CTRL-REQ-SIM-0:GSM-AUTH:5e3496ce7d5863b3b09f97f565513bc3:
73f0f0bc5c47bcbed6f572d07ab74056:447b784f08de80bdc2b1e100fccbb534
needed for SSID test

Response from external processing is returned with
CTRL-RSP-SIM-<network id> GSM-AUTH:<Kc1>:<SRES1>:<Kc2>:<SRES2>
[:<Kc3>:<SRES3>]

For example:
wpa_cli sim 0 GSM-AUTH:d41c76e0079247aa:2709ebfb:43baa77cfc8bcd6c:
0fa98dc1:a8ad1f6e30e

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 13:12:04 +03:00
Jouni Malinen
a5d44ac083 EAP peer: Add framework for external SIM/USIM processing
The new configuration parameter external_sim=<0/1> can now be used to
configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM
authentication for EAP-SIM or UMTS authentication for EAP-AKA). The
requests and responses for such operations are sent over the ctrl_iface
CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing
password query mechanism.

Changes to the EAP methods to use this new mechanism will be added in
separate commits.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 13:12:04 +03:00
Jouni Malinen
e88060e1a7 HTTP server: Allow TCP socket to be reused
This makes it easier to handle cases where the application is restarted
and the previously used local TCP port may not have been fully cleared
in the network stack.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Jouni Malinen
9bc33868bf Add test option for specifying hardcoded BSS Load element
The new bss_load_test parameter can be used to configure hostapd to
advertise a fixed BSS Load element in Beacon and Probe Response frames
for testing purposes. This functionality is disabled in the build by
default and can be enabled with CONFIG_TESTING_OPTIONS=y.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Jouni Malinen
9c7e43a5c6 Define BSS Load element id
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Jouni Malinen
56f5af489c Interworking: Add support for QoS Mapping functionality for the STA
Indicate support for QoS Mapping and configure driver to update the QoS
Map if QoS Map Set elements is received from the AP either in
(Re)Association Response or QoS Map Configure frame.

This commit adds support for receiving the frames with nl80211 drivers,
but the actual QoS Map configuration command is still missing.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Kyeyoon Park
850e1c2579 atheros: Add support for QoS Mapping configuration
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Kyeyoon Park
c551700f1f Interworking: Add support for QoS Mapping functionality for the AP
This allows QoS Map Set element to be added to (Re)Association Response
frames and in QoS Map Configure frame. The QoS Mapping parameters are
also made available for the driver interface.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Jouni Malinen
01f809c7db Add AAA server domain name suffix matching constraint
The new domain_suffix_match (and domain_suffix_match2 for Phase 2
EAP-TLS) can now be used to specify an additional constraint for the
server certificate domain name. If set, one of the dNSName values (or if
no dNSName is present, one of the commonName values) in the certificate
must have a suffix match with the specified value. Suffix match is done
based on full domain name labels, i.e., "example.com" matches
"test.example.com" but not "test-example.com".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 13:34:26 +03:00
Jouni Malinen
be7963b3c2 OpenSSL: Fix code indentation in OCSP processing
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 13:34:22 +03:00
Janusz Dziedzic
899cc14e10 hostapd: Add support for DFS with 160 MHz channel width
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-17 21:06:16 +03:00
Janusz Dziedzic
6de0e0c99e Mark DFS functions static and rename them
These functions are not used from outside dfs.c anymore.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-17 21:05:54 +03:00
Janusz Dziedzic
58b73e3dd9 hostapd: DFS with 40/80 MHz channel width support
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-17 21:05:44 +03:00
Janusz Dziedzic
846de15d7b DFS: Add more parameters to radar events
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-17 21:05:39 +03:00
Janusz Dziedzic
04e8003c6c nl80211: Use struct hostapd_freq_params with start_dfs_cac
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-17 21:05:31 +03:00
Janusz Dziedzic
72c753d7bb hostapd: Split hostapd_set_freq to helper function
This allows the functionality to fill in a struct hostapd_freq_params to
be shared.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-17 21:05:23 +03:00
Janusz Dziedzic
e76da50529 hostapd: Add AP DFS support
Add DFS structures/events handlers, CAC handling, and radar detection.
By default, after radar is detected or the channel became unavailable, a
random channel will be chosen.

This patches are based on the original work by Boris Presman and
Victor Goldenshtein. Most of the DFS code is moved to a new dfs.c/dfs.h
files.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>

Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-17 21:05:15 +03:00
Helmut Schaa
ded22b5390 hostapd: Fix segfault after ACS when flushing STAs
When hostapd receives an auth frame during ACS the transmission of
the according auth response will always fail:

ACS: Automatic channel selection started, this may take a bit
[..]
send_auth_reply: send: Resource temporarily unavailable
[..]

However, a station info entry was created. Once ACS is finished
it will flush all stations even though hapd was not yet fully
initialized. This results in a segfault when trying to access
hapd->radius:

0  0x0042c1c0 in radius_client_flush_auth ()
1  0x00416a94 in ap_free_sta ()
2  0x00416cc0 in hostapd_free_stas ()
3  0x0040bce8 in hostapd_flush_old_stations ()
4  0x0040c790 in hostapd_setup_interface_complete ()
5  0x0046347c in acs_scan_complete ()
6  0x0040f834 in hostapd_wpa_event ()
7  0x0043af08 in send_scan_event.part.46 ()
8  0x00443a64 in send_scan_event ()
9  0x00443c24 in do_process_drv_event ()
10 0x004449e8 in process_global_event ()
11 0x7767d7d0 in ?? ()

Fix this by not presuming anything about the initialization state of
hapd and checking ->radius before accessing.

Signed-off-hostapd: Helmut Schaa <helmut.schaa@googlemail.com>
2013-10-14 20:44:31 +03:00
Dmitry Shmidt
24d110dca3 Replace printf with wpa_printf debug message
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-10-14 20:40:57 +03:00
Swaroop Golti
63ce59dea8 P2P: Increase Invitation Request timeouts
In noisy environment peer may take more time to send Invitation
Response so increase Invitation Response timeout to 500 ms in success
case and also increase Invitation Request action wait time to 500 ms.
This makes the Invitation Request case use the same timeout with GO
Negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-05 18:14:33 -07:00
Sunil Dutt
5bfd7e9168 TDLS: Do not start concurrent TDLS setup
A new TDLS request shall transmit TPK M1 frame with a unique INonce.
Thus a new explicit request would fail an ongoing TDLS negotiation with
the error "TDLS: FTIE SNonce in TPK M3 does not match with FTIE SNonce
used in TPK M1" if the peer happens to receive two M1 frames before an
M3 frame. Check for the ongoing negotiation with the peer and do not
start a new one if we are already in a setup negotiation with the peer.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-30 17:38:41 +03:00
Sunil Dutt
33d85b63b5 TDLS: Use wpa_tdls_disable_peer_link() in TPK M1 processing
This function is used only with external setup, so this can cleaned up
to use simpler design.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-30 17:36:26 +03:00
Sunil Dutt
1a0a2ce39c TDLS: Use wpa_tdls_disable_peer_link() to avoid peer search
There is no need to go through the peer list when we already have a
pointer to the specific peer entry.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-30 17:34:13 +03:00
Sunil Dutt
83d3fdb7c6 TDLS: Use helper function for disable link operation
This is called from number of locations and it is more efficient to use
a new helper function instead of wpa_tdls_disable_link() that would do
peer address search from the list of peers.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-30 17:29:05 +03:00
Sunil Dutt
f130b105ec TDLS: Clean up wpa_tdls_teardown_link() uses
Making this function be used only for external setup case simplifies the
implementation and makes core wpa_supplicant calls in ctrl_iface.c and
events.c consistent.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-30 17:10:18 +03:00
Jouni Malinen
2b5b875f34 EAP-AKA server: Fix AUTS processing
Commit 8a9f58f2cc ("EAP-AKA server: Store
permanent username in session data") broke AUTS processing by skipping
new authentication triplet fetch after having reported AUTS. Fix this by
started new full authentication sequence immediately after reporting
AUTS so that the updated parameters are available for the Challenge
message.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 18:39:14 +03:00
Jouni Malinen
a771c07dfc Add driver status information to control interface
STATUS-DRIVER command can now be used to fetch driver interface status
information. This is mainly for exporting low-level driver interface
information for debug purposes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 17:19:30 +03:00
Jouni Malinen
739faee2a9 nl80211: Add some more debug prints for mgmt frame TX
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 12:10:57 +03:00
Jouni Malinen
f78f278520 nl80211: Fix off-channel Action frame TX from GO with use_monitor
TX frequency gets lost when going through the monitor send MLME option
and this resulted in P2P operations like invitation from a GO failing
when the driver needs monitor socket, but would support offchannel TX.
Fix this by using frame_cmd path instead in case the monitor socket
would have been hit for action frame TX.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 12:08:19 +03:00
Jouni Malinen
af96448488 nl80211: Add more debug prints for send_mlme operations
This makes it easier to debug issues in incorrect channel use in
management frame transmission.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 23:18:33 +03:00
Jouni Malinen
5d4c78fb1f nl80211: Reset nlmode to station on leaving IBSS
Previously, IBSS mode (NL80211_IFTYPE_ADHOC) was left in drv->nlmode
when leaving IBSS. This causes issues for send_mlme() handler for P2P
Probe Response transmission in Listen state. Fix this by clearing nlmode
back to NL80211_IFTYPE_STATION on leaving IBSS so that following P2P
operations can be executed correctly. Previously, this was fixed only
when the next authentication/association attempt in station mode
occured.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 23:14:41 +03:00
Jouni Malinen
0249c12596 Avoid compiler warning with CONFIG_NO_STDOUT_DEBUG=y
There is no need to use the bss variable which is used only within a
wpa_printf() call that can be conditionally removed from the build.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 19:24:17 +03:00
Jouni Malinen
ed1bf011da Allow hostapd config file for dynamically added interface
This extends hostapd global control interface command "ADD" to use a
configuration file instead of requiring configuration to be built using
SET command.

The command format is now following:
ADD <ifname> <control path|config=<path to config>>

For example:

ADD wlan0 /var/run/hostapd
ADD wlan0 config=/tmp/hostapd.conf

When using the configuration file option, ctrl_interface parameter in
the file needs to be set to allow ENABLE command to be issued on the new
interface.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 19:07:29 +03:00
Jouni Malinen
97bacf7cf6 Do not clear hostapd configuration parameters on disable-iface
There was a comment about the the cleanup steps being from
hostapd_cleanup_iface(). However, the operations that cleared some
security parameters do not seem to exist elsewhere and do not make sense
here. Remove them to avoid changing configuration with DISABLE followed
by ENABLE.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 18:35:32 +03:00
Jouni Malinen
66f4dd1550 hostapd: Fix couple of deinit path cases to clear pointers
This fixes some issues where dynamic interface enable/disable cycles
could end up trying to free resources twice and crash the process while
doing so.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 18:14:13 +03:00
Jouni Malinen
f18b7817ec nl80211: Print more debug info on management frame RX information
This can be useful in figuring out how drv->last_mgmt_freq gets set
to debug issues with P2P frames being sent on incorrect channel.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 17:42:00 +03:00
Kyeyoon Park
3ca96df596 atheros: Compile fix for driver code not defining IEEE80211_APPIE_FRAME_WNM
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 14:44:16 +03:00
Jouni Malinen
762c92a444 OpenSSL: Split OCSP peer_cert/peer_issuer debug output into parts
This makes it clearer which certificate was missing.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 14:43:58 +03:00
Kyeyoon Park
913c19c6e5 Fix wpa_config_parse_string() to null terminate printf decoded values
printf_decode() fills in a binary buffer and returns the length of
the written data. This did not use null termination since initial
use cases used the output as a binary value. However, Hotspot 2.0
cred block values are also using this for parsing strings. Those
cases could end up without proper null termination depending on what
os_malloc() ends up getting as the memory buffer. Fix these and make
printf_decode() more convenient by forcing the output buffer to be
null terminated.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 14:43:24 +03:00
Hardik Kantilal Patel
7ae1439a56 P2P: Prefer 20 MHz operating channels on 5 GHz band over 2.4 GHz
When no other user preference is specified, opt to use an operating
channel that allows 5 GHz band to be used rather than 2.4 GHz.
Previously, this was already done in practice for HT40 channels since no
such channel is enabled for P2P on 2.4 GHz. This commit extends this to
apply 5 GHz preference for 20 MHz channels as well.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-16 08:36:39 -07:00
Sunil Dutt
aa78cd338f Drop EAP packet with code 10 before EAPOL state machine processing
H3C WA2620i-AGN AP may send an EAP packet with an undefined EAP code
10 after successful EAP authentication which restarts the EAPOL
state machine. Drop such frames with this unrecognized code without
advancing the EAPOL supplicant or EAP peer state machines to avoid
interoperability issues with the AP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-15 22:42:33 -07:00
Sunil Dutt
1380fcbd9f TDLS: Do not modify RNonce for an TPK M1 frame with same INonce
There is no point in updating the RNonce for every obtained TPK M1 frame
(e.g., retransmission due to timeout) with the same INonce (SNonce in
FTIE). Update RNonce only if a TPK M1 is received with a different
INonce (new TDLS session) to avoid issues with two setup exchanges
getting mixed and exchange failing due to mismatching nonces ("TDLS:
FTIE ANonce in TPK M3 does not match with FTIE ANonce used in TPK M2").

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-15 12:09:40 -07:00
Sunil Dutt
8a658f2bdf TDLS: Disable the created link on a failed TDLS handshake
Clear the peer information and disable the created link on a
failed TDLS setup negotiation. This is needed to avoid leaving
TDLS setup pending and to return to the AP path in case anything
goes wrong during the setup attempt.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-15 11:51:00 -07:00
Jouni Malinen
d047ae6278 WPS: Ignore PBC-to-PIN change from M1 to M2 as a workaround
Some APs may incorrectly change Device Password ID from PBC in M1 to
Default PIN in M2 even when they are ready to continue with PBC. This
behavior used to work with earlier implementation in wpa_supplicant, but
commit b4a17a6ea7 started validating this
as part of a change that is needed to support NFC configuration method.

While this kind of AP behavior is against the WSC specification and
there could be potential use cases for moving from PBC to PIN, e.g., in
case of PBC session overlap, it is justifiable to work around this issue
to avoid interoperability issues with deployed APs. There are no known
implementations of PBC-to-PIN change from M1 to M2, so this should not
reduce available functionality in practice.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-14 12:02:33 -07:00
Jouni Malinen
5bf9a6c859 P2P: Add event messages for possible PSK failures on P2P groups
It is possible for the GO of a persistent group to change the PSK or
remove a client when per-client PSKs are used and this can happen
without the SSID changing (i.e., the group is still valid, but just not
for a specific client). If the client side of such persistent group ends
up trying to use an invalidated persistent group information, the
connection will fail in 4-way handshake. A new WPS provisioning step is
needed to recover from this.

Detect this type of case based on two 4-way handshake failures when
acting as a P2P client in a persistent group. A new
"P2P-PERSISTENT-PSK-FAIL id=<persistent group id>" event is used to
indicate when this happens. This makes it easier for upper layers to
remove the persistent group information with "REMOVE_NETWORK <persistent
group id>" if desired (e.g., based on user confirmation).

In addition to indicating the error cases for persistent groups, all
this type of PSK failures end up in the client removing the group with
the new reason=PSK_FAILURE information in the P2P-GROUP-REMOVED event.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 21:35:10 +03:00
Jouni Malinen
f2c566027e P2P: Add a command for removing a client from all groups
The new control interface command P2P_REMOVE_CLIENT <P2P Device
Address|iface=Address> can now be used to remove the specified client
from all groups (ongoing and persistent) in which the local device is a
GO. This will remove any per-client PSK entries and deauthenticate the
device.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 21:35:10 +03:00
Jouni Malinen
01a57fe420 P2P: Maintain list of per-client PSKs for persistent groups
Record all generated per-client PSKs in the persistent group network
block and configure these for the GO Authenticator whenever re-starting
the persistent group. This completes per-client PSK support for
persistent groups.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 21:35:10 +03:00
Jouni Malinen
759fd76b7f P2P: Select PSK based on Device Address instead of Interface Address
When using per-device PSKs, select the PSK based on the P2P Device
Address of the connecting client if that client is a P2P Device. This
allows the P2P Interface Address to be changed between P2P group
connections which may happen especially when using persistent groups.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 11:30:26 +03:00
Jouni Malinen
94ddef3e72 P2P: Make peer's P2P Device Address available to authenticator
This can be used to implement per-device PSK selection based on the
peer's P2P Device Address instead of P2P Interface Address.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 11:05:19 +03:00
Jouni Malinen
52177fbb70 P2P: Store P2P Device Address in per-device PSK records
This makes the P2P Device Address of the Enrollee available with the PSK
records to allow P2P Device Address instead of P2P Interface Address to
be used for finding the correct PSK.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 10:47:34 +03:00
Jouni Malinen
05766ed8de P2P: Allow per-device PSK to be assigned
"wpa_cli p2p_set per_sta_psk <0/1>" can now be used to disable/enable
use of per-device PSKs in P2P groups. This is disabled by default.
When enabled, a default passphrase is still generated by the GO for
legacy stations, but all P2P and non-P2P devices using WPS will get
a unique PSK.

This gives more protection for the P2P group by preventing clients from
being able to derive the unicast keys used by other clients. This is
also a step towards allowing specific clients to be removed from a group
reliably without having to tear down the full group to do so.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 10:14:29 +03:00
Syed Asifful Dayyan Rafiuddeen
0b5fb86a24 P2P: Stop listen state when listen-only duration is over
Even after listen duration is over, P2P module remained in
P2P_LISTEN_ONLY state, which is blocking station mode scans. Fix this by
stopping P2P listen explicitly to update p2p_state to IDLE when listen
duration expires.

Signed-hostap: Syed Asifful Dayyan <syedd@broadcom.com>
2013-08-31 18:09:15 +03:00
Michal Kazior
50f4f2a066 hostapd: Add Automatic Channel Selection (ACS) support
This adds ACS support to hostapd. Currently only survey-based
algorithm is available.

To use ACS you need to enable CONFIG_ACS=y in .config and use
channel=0 (or channel=acs_survey) in hostapd.conf.

For more details see wiki page [1] or comments in src/ap/acs.c.

[1]: http://wireless.kernel.org/en/users/Documentation/acs

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-08-31 11:51:06 +03:00
Andrejs Cainikovs
fcf20528a0 Fix MNC length for Swisscom SIM cards
Swisscom SIM cards do not include MNC length within EF_AD, and end up
using incorrect MNC length based on the 3-digit default. Hardcode MNC
length of 2 for Switzerland, in the same manner as it was done for
Finland.

Signed-hostap: Andrejs Cainikovs <andrejs.cainikovs@sonymobile.com>
2013-08-31 10:58:23 +03:00
Jouni Malinen
28de68ae56 P2P: Update peer operating channel from GO Negotiation Confirm
If the device that sends the GO Negotiation Confirm becomes the GO, it
may change its operating channel preference between GO Negotiation
Request and Confirm messages based on the channel list received from us.
Previously, the peer operating channel preference was not updated in
such a case and this could result in the initial scans after GO
Negotiation using incorrect operating channel and as such, extra delay
in the connection process. Fix this by updating the operating channel
information from GO Negotiation Confirm in cases where the peer becomes
the GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-26 14:16:31 +03:00
Jouni Malinen
6701fdc37f P2P: Use the first pref_chan entry as operating channel preference
If there are no higher priority preference for the operating channel,
use the first pref_chan entry as the operating channel preference over
the pre-configured channel which is not really a good indication of
preference. This changes the behavior for GO Negotiation Request frame
operating channel preference value in cases where p2p_pref_chan list is
set.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-26 14:10:23 +03:00
Jouni Malinen
99d7c76294 P2P: Add more debug info on operating channel selection
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-26 14:08:03 +03:00
Jouni Malinen
e743db4309 IBSS RSN: Add IBSS-RSN-COMPLETED event message
This new control interface event message is used to indicate when
both 4-way handshakes have been completed with a new IBSS peer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-25 23:09:22 +03:00
Jouni Malinen
4c559019bd P2P: Add state info to global STATUS command
This can be used for debugging purposes to see what the current P2P
module state is.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-25 21:02:12 +03:00
Michal Kazior
0185007c2e hostapd: Add survey dump support
This adds survey dump support for all frequencies
and for specific desired frequencies. This will later
be used by ACS code for spectrum heuristics.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-08-25 18:35:25 +03:00
Michal Kazior
245e026ec8 hostapd: Split up channel checking into helpers
This splits up the channel checking upon initialization into a few
helpers. This should make this a bit easier to follow. This also paves
the way for some initial ACS entry code.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-08-25 18:35:20 +03:00
Rui Paulo
ba873bdf86 wired: Wait for the link to become active before sending packets
Interfaces that take one or two seconds to reconfigure the link after we
set IFF_ALLMULTI or after we bring the interface up were dropping the
initial TX EAPOL packet which caused excessive delays in authentication.
This change applies to FreeBSD/DragonFly only.

Signed-hostap: Rui Paulo <rpaulo@FreeBSD.org>
2013-08-25 11:40:19 +03:00
Ilan Peer
d393de1d27 P2P: Validate the freq in p2p_group_add
Add additional input verification for the frequency parameter in
p2p_group_add (and other P2P operations for that matter). Without this
verification invalid freq could be set and not handled properly.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-08-25 11:28:56 +03:00
David Spinadel
239abaf2ab WPS: Set currently used RF band in RF Bands attribute
According to WSC specification (Ver 2.0.2, section 8.3), RF Bands
attribute should be set to the specific RF band used for the current
message. Add an option to set wanted band in wps_build_rf_bands() and
add a callback to get the current band from wpa_supplicant and hostapd.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
2013-08-25 10:55:53 +03:00
Ilan Peer
bf83eab553 nl80211: Start P2P Device when rfkill is unblocked
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-08-25 10:43:52 +03:00
Ilan Peer
60b13c2017 nl80211: Do not change type to station on P2P interfaces
It is possible that when trying to remove a dynamically added interface,
changing its type to station mode is not possible (since the kernel does
not support so in its interface combinations).

Since P2P interfaces are always dynamically added, avoid changing their
type to station in the deinit_ap() and deinit_p2p_client() nl80211
callbacks, assuming that the interface is about to be removed.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-08-25 10:20:54 +03:00
Jouni Malinen
5bcd5c5a68 FT RRB: Clear pad field to avoid sending out uninitialized data
The pad field in the RRB messages is unused, but it should be
initialized to avoid sending out arbitrary data from stack. This was
also generating number of valgrind complaints about uninitialized memory
accesses in local FT tests.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-25 00:35:10 +03:00
Jouni Malinen
b378c41fbc nl80211: Fix deinit path to unregister nl_mgmt socket
Commit 8e12685c43 replaced call to
nl80211_mgmt_unsubscribe() on the deinit path with a
wpa_driver_nl80211_set_mode() call. This is not enough to unregister the
bss->nl_mgmt read socket in all cases. Fix this by unconditionally
unsubscribing from the nl80211 events after having change mode to
station.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-24 23:45:11 +03:00
Jeffin Mammen
e96872a4f2 WPS: Track peer MAC address from the last operations
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 17:48:59 +03:00
Jeffin Mammen
ae23935e7d WPS: Track PBC status
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 17:48:25 +03:00
Jeffin Mammen
61b6520e16 WPS: Track result of the latest WPS operation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 17:48:20 +03:00
Jeffin Mammen
50396e29da WPS: Add PBC mode activated/disabled events
This makes it easier to track PBC state on the registrar.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 16:52:48 +03:00
Jouni Malinen
961750c1e8 WPS: Share a common function for error strings
This makes it easier to maintain the list of WPS_EI_* error values and
matching strings.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 16:32:34 +03:00
Sunil Dutt
30158a0d80 nl80211: Update the assoc_freq during connect
drv->assoc_freq was not updated during the connect command (neither
during the command's invocation nor after getting the event) unlike with
auth/assoc case where assoc_freq is updated. This resulted in
nl80211_get_link_noise() (and any other function for that matter) using
the improper drv->assoc_freq value with drivers that use the connect
API. Fix this by updating drv->assoc_freq on connect command and when
fetching the frequency from the driver.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 15:41:05 +03:00
Jouni Malinen
83e7bb0e5d nl80211: Add more debug prints for DEL_STATION commands
This makes the debug log clearer on AP mode STA operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 12:03:28 +03:00
Jouni Malinen
d2ba3d6bd9 VLAN: Simplify no-WEP with VLAN check
No need to have a local variable and two #ifndef blocks for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-07 12:24:18 +03:00
Michael Braun
d66dcb0d0b WEP: Remove VLAN support from hostapd
This removes WEP with VLAN support and thus avoids increasing
complexity for tagged VLANs.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-08-07 12:22:38 +03:00
Rui Paulo
646f12ad4c bsd: Add a commit routine
Signed-hostap: Rui Paulo <rpaulo@FreeBSD.org>
2013-08-07 11:03:44 +03:00
Rui Paulo
32dc6a319e bsd: Mark define sta_set_flags() only for hostapd
Signed-hostap: Rui Paulo <rpaulo@FreeBSD.org>
2013-08-07 11:02:55 +03:00
Rui Paulo
70a867c268 bsd: Mark the interface down before opening the routing socket
Signed-hostap: Rui Paulo <rpaulo@FreeBSD.org>
2013-08-07 11:01:12 +03:00
Rui Paulo
89f4690005 bsd: Compute the RSSI level
Signed-hostap: Rui Paulo <rpaulo@FreeBSD.org>
2013-08-07 10:57:51 +03:00
Rui Paulo
5dd82c634c bsd: Set IEEE80211_KEY_NOREPLAY in IBSS/AHDEMO mode
Signed-hostap: Rui Paulo <rpaulo@FreeBSD.org>
2013-08-07 10:57:10 +03:00
Rui Paulo
cb76af8a35 bsd: Skip SIOCSIFFFLAGS ioctl when there is no change.
Don't issue SIOCSIFFLAGS if the interface is already up or already down.

Signed-hostap: Rui Paulo <rpaulo@FreeBSD.org>
2013-08-07 10:54:16 +03:00
Sameer Thalappil
7239ea7f01 nl80211: Add stop AP mode event API
Stop AP command can be used by the driver as an event to indicate that
AP mode has stopped operation. WLAN driver may have encountered errors
that has forced the driver to report this event or concurrent operations
on virtual interfaces may have forced AP operation to be stopped. When
in P2P GO mode, wpa_supplicant uses this event to remove P2P group to
keep in sync with the driver state.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-06 23:28:40 +03:00
Michael Braun
c2db79f237 VLAN: Remove vlan_tail
Everything in hostapd can be implemented efficiently without vlan_tail.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-08-04 21:45:50 +03:00
Sunil Dutt
f7b4ef2208 TDLS: Handle transmission failures of TPK Handshake messages
A transmission failure of the TDLS Setup Request frame (TPK Handshake
M1) results in no further retries and the peer entry being left in state
where all TDLS Setup Request frames from the peer with higher address
would be rejected, thus always resulting in a failure to establish a
TDLS link. Handle the failures in transmission by disabling the link
immediately to ensure the traffic to the peer goes through the AP. This
commit also handles similar transmision failures for TPK Handshake M2
and M3 frames (TDLS Setup Response and Confirm).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-01 10:47:23 +03:00
Jouni Malinen
dc01de8a0e nl80211: Fix TDLS key configuration to not set TX key index
The nl80211 command for setting the TX index does not distinguish TDLS
vs. AP key and as such, the driver would not know what this set TX key
index operation is doing in the TDLS case. This could result in the TX
key index for AP being changed instead if static WEP is used in the AP
connection. Fix the issue by not setting TX key index when configuring a
TDLS key.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-07-31 18:34:16 +03:00
Ilan Peer
932659696e nl80211: Remove unused WPA_DRIVER_FLAGS_MULTI_CHANNEL_CONCURRENT
This is not used anymore after the previous commits that changed the
driver interface to use number of supported concurrent channels instead
of this flag.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Signed-hostap: David Spinadel <david.spinadel@intel.com>
2013-07-21 20:52:09 +03:00
Ilan Peer
4752147d88 nl80211: Report the number of concurrent support channels
Previously, drivers only reported if they support multiple concurrent
channels, but did not report the maximum number of supported channels.
Add this reporting to the driver capabilities and add the implementation
to driver_nl80211.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Signed-hostap: David Spinadel <david.spinadel@intel.com>
2013-07-21 19:49:47 +03:00
Antonio Quartulli
b21990b4bb nl80211: Register for AUTH frames when joining an IBSS network
In order to correctly handle IBSS/RSN, wpa_supplicant has to register
for any incoming Authentication frmae to properly react when those are
received.

Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 15:27:19 +03:00
Nicolas Cavallari
c91f796fb4 nl80211: Support not specifying the frame frequency
If the frequency is not specified the frame is now sent over
the channel used by the current BSS.

This will also log the payload of each sent CMD_FRAME.

Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
[antonio@open-mesh.com: commit message reworded]
Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 15:24:50 +03:00
Mohammed Shafi Shajakhan
ed07764699 nl80211: Remove redundant assignment of ifindex
wpa_driver_nl80211_finish_drv_init() takes care of assigning
the interface index.

Signed-hostap: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
2013-07-21 13:20:27 +03:00
Sujith Manoharan
69dd2967db WDS: Fix WEP usage with nl80211 wds_sta=1
The static WEP keys have to be configured for the new VLAN
interface that is created for a 4addr WDS peer, not doing so
breaks WEP functionality in nl80211/4addr based WDS links.

Signed-hostap: Sujith Manoharan <c_manoha@qca.qualcomm.com>
2013-07-20 17:41:22 +03:00
Michal Kazior
c8ebeda406 wpa_supplicant: Add support for VHT BSS membership selector
This allows wpa_supplicant to associate to an AP that has VHT BSS
membership selector set to indicate VHT support is required for the BSS.

Without the patch it was impossible to connect to, e.g., hostapd-based
AP that has require_vht=1. wpa_supplicant was complaining with:
  hardware does not support required rate 63.0 Mbps

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-07-20 17:28:42 +03:00
Sujith Manoharan
3f9a8137f5 hostapd: Add a config option to control beaconing
In a AP/STA concurrent setup, if the STA interface is continually
scanning, trying to connect to a network, the AP interface
is basically broken since beaconing would be erratic.

This option can be used in a WDS setup where one AP acts as a
Client/AP-Repeater. The Repeater AP interface has to start beaconing
only after the Client interface has established a WDS link with the
"Root AP".

Signed-hostap: Sujith Manoharan <c_manoha@qca.qualcomm.com>
2013-07-20 17:20:43 +03:00
Michal Kazior
182b2e535c Add missing host_to_le32() for big endian hosts
Compiling hostapd with VHT enabled on a big endian machine resulted in
an undefined symbol error. Fix this by defining the missing macro.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-07-20 17:17:32 +03:00
Jithu Jance
3f53c006c7 nl80211: Ignore disconnect event in case of locally generated request
Previously, there could be two disconnection events in core
wpa_supplicant when going through a case of wpa_supplicant-requested
disconnection with a driver that implements SME internally. This could
result in undesired behavior when a disconnection is followed by a new
connection attempt before the extra event has been received (e.g.,
during fast reassoc or WPS provisioning). Avoid such issues by ignoring
locally generated disconnect events after requesting cfg80211 to
disconnect.

This makes the previously used ignore_next_local_disconnect more
consistent by setting the variable within
wpa_driver_nl80211_disconnect() so that both callers get the same
behavior.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2013-07-20 16:06:13 +03:00
Jouni Malinen
eb7ddbf108 WPS: Stop SSDP service before freeing the pending entries
This avoids debug warnings about freeing referenced memory.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-07-11 17:03:50 +03:00
Jouni Malinen
98cbc0a2ab Remove forgotten Xcode defines
Commit 3962b65858 removed the Xcode
project files, but missed the defines in build_config.h. Remove these
since there are no users for them in the current snapshot.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-09 15:20:17 +03:00
Jouni Malinen
fe65847bb1 EAP-EKE: Add server implementation
This adds a new password-based EAP method defined in RFC 6124.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
7e7610d788 EAP-EKE: Add peer implementation
This adds a new password-based EAP method defined in RFC 6124.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
489202ddce EAP-SAKE: Use configured server identity
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
a607b42eeb EAP-PSK: Use configured server identity
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
15b042b854 EAP-MSCHAPv2: Use configured server identity
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
162865bc97 EAP-IKEv2 server: Use configured server identity
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
8f89d828b1 EAP-GPSK server: Use configured server identity
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
67fe933d40 Add server identity configuration for EAP server
The new server_id parameter in hostapd.conf can now be used to specify
which identity is delivered to the EAP peer with EAP methods that
support authenticated server identity.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
d53d2596e4 Fix build with older OpenSSL versions
Check that SSL_clear_options and SSL_CTX_clear_options are defined
before using them to avoid compilation failures with older OpenSSL
versions that did not include these macros.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-06-30 12:55:52 +03:00
Jouni Malinen
54d4ba427c nl80211: Silence a compiler warning with older gcc versions
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-06-30 12:54:47 +03:00
Jouni Malinen
851b0c5581 nl80211: Do not indicate P2P_DEVICE support by default
Since the P2P_DEVICE support indication was added to kernel before
everything was working properly, there may be kernel versions in use
with the new mechanism breaking P2P functionality (especially with
mac80211_hwsim). For now, disable P2P_DEVICE support by default and
allow it to be enabled with driver_param=p2p_device=1 in the
configuration file. This default behavior may be changed in the future
once the kernel issues has been resolved in stable releases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-06-30 10:50:13 +03:00
Arend van Spriel
7940c7902e nl80211: Use wdev id when cancelling wait for frame using P2P_DEVICE
Another function that needs the wdev id when P2P management is done
using the P2P_DEVICE interface.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-30 10:50:13 +03:00
Arend van Spriel
f608081c1d nl80211: Verify P2P GO/client address with all interface addresses
With P2P Device support there will be two interfaces with their
own MAC address. The P2P Interface Address must be unique so verify
it is.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-30 10:50:13 +03:00
Arend van Spriel
5fbcb45daf nl80211: Fix determining phy name for P2P Device
The phy name was determined using /sys/class/net/<ifname> but the P2P
Device is not listed there since it does not have an associated net
device. This patch changes name determination to obtain the name from
the wiphy information provide by nl80211.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-30 10:50:13 +03:00
Arend van Spriel
27ce1d64c4 nl80211: Fix nl80211_get_wiphy_index() for P2P Device
For P2P Device the netlink message should have wdev identifier
instead of the interface index. This fixes a failure which occurred
executing the P2P_GROUP_ADD command.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-30 10:50:13 +03:00
Jouni Malinen
080585c01a Add support for OCSP stapling to validate server certificate
When using OpenSSL with TLS-based EAP methods, wpa_supplicant can now be
configured to use OCSP stapling (TLS certificate status request) with
ocsp=1 network block parameter. ocsp=2 can be used to require valid OCSP
response before connection is allowed to continue.

hostapd as EAP server can be configured to return cached OCSP response
using the new ocsp_stapling_response parameter and an external mechanism
for updating the response data (e.g., "openssl ocsp ..." command).

This allows wpa_supplicant to verify that the server certificate has not
been revoked as part of the EAP-TLS/PEAP/TTLS/FAST handshake before
actual data connection has been established (i.e., when a CRL could not
be fetched even if a distribution point were specified).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-06-30 01:01:15 +03:00
Arend van Spriel
ab7a1addf2 nl80211: Fix P2P group interface creating using P2P Device
When P2P Device is used as P2P management interface the creation of the
P2P group interface fails because MAC address retrieval fails for the
P2P Device interface.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:52:58 +03:00
Arend van Spriel
fa93de4059 nl80211: Use wdev_id in nl80211_create_iface_once()
For P2P an interface may be created for the P2P client/group. The
create request is done on the P2P management interface, which may
be a P2P Device interface. In that case it needs to use the wdev_id.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:51:59 +03:00
Arend van Spriel
fdc554b8ae nl80211: Use wdev id to obtain P2P Device scan results
In order to get a P2P-DEVICE-FOUND event the supplicant needs to
see a peer device during SEARCH and LISTEN phase. The SEARCH
phase does a scan so obtaining the scan results for the P2P Device
interface needs to be supported, i.e., use the wdev_id.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:51:14 +03:00
Arend van Spriel
597b94f5f4 nl80211: Add .get_mac_addr() callback for P2P Device
For P2P Device the MAC address is determined upon .init2(). The
wpa_s for this interface retrieves this address in
wpa_supplicant_update_mac_addr() using the .get_mac_addr() callback.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:50:21 +03:00
Arend van Spriel
8e12685c43 nl80211: Rework setting interface mode
The function setting the interface mode also handles management
frame subscription. Rework it so subscription is done for the
P2P Device interface.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:49:16 +03:00
Arend van Spriel
91724d6faa nl80211: Introduce i802_set_iface_flags()
The driver uses linux_set_iface_flags() in several places. Introduce and
use i802_set_iface_flags() which also works for P2P Device interface.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:48:03 +03:00
Arend van Spriel
eb4582f273 nl80211: Remove P2P Device interface upon .deinit()
The .deinit() closes netlink for P2P Device. Before doing that remove
the P2P Device interface that was created by wpa_supplicant.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:46:34 +03:00
Arend van Spriel
f632e483b1 nl80211: Fix P2P Device interface initialization
Couple of issues upon initializing a P2P Device interface needed
to be solved.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:44:54 +03:00
Arend van Spriel
e472e1b458 nl80211: Handle creation of P2P Device interface
Add specific handler for creating the P2P Device to store the wdev_id as
this type of interface does not have an interface index.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:41:55 +03:00
Johannes Berg
01517c8b30 nl80211: Allow Android P2P functionality
To support Android the kernel may have a "p2p0" netdev for a P2P Device
even though this isn't very useful, but Android requires a netdev. To
support this in the supplicant, if the interface mode is P2P_DEVICE,
re-set it to the same instead of STATION mode.

Note that this is only possible with a kernel that creates a
netdev for the P2P Device wdev.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-06-25 13:38:03 +03:00
David Spinadel
6bae92e0f2 nl80211: Add support for P2P Device in add interface
Don't try to assign ifindex for P2P Device interface.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2013-06-25 13:36:04 +03:00
David Spinadel
d6dcfcdaac nl80211: Add a handler to create_interface
Add an option to pass a handler to nl80211_create_iface() and
nl80211_create_interface_once() that will be called after receiving the
message from the kernel. This handler will add the option to process the
message in different ways for different interfaces.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2013-06-25 13:35:05 +03:00
David Spinadel
d3aaef8034 nl80211: Hold wdev identification for P2P Device
Add wdev_id to i802_bss. wdev_id_set indicates whether this id is
available. Use wdev_id if assigned, instead of ifindex. Use wdev_id for
events that come from the kernel to identify the relevant interface.
This commit does not assign wdev_id value for the BSS yet, i.e., this is
only preparation for the value to be used in a future commit.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2013-06-25 13:33:45 +03:00
Nirav Shah
7aad838c92 nl80211: Identify if nl80211 is capable of P2P Device abstraction
Check the supported interfaces attribute to identify support for
a dedicated P2P Device interface type. If set, update the driver
capabilities flag to notify the supplicant.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2013-06-25 13:29:48 +03:00
David Spinadel
6a71413ef2 nl80211: Rename is_p2p_interface
Rename is_p2p_interface() to is_p2p_net_interface() since it used to
identify network P2P interfaces to disable 802.11b rates on them.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2013-06-25 13:26:17 +03:00
Michael Braun
8393e1a024 nl80211: Print interface name on set_key()
Sometimes an interface name that cannot be resolved is given to the
set_key function, so print the ifname in addition to the ifidx.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 12:25:15 +03:00
Michael Braun
80ebfd9527 VLAN: Avoid access to non-existing interfaces
Currently, hostapd_get_vlan_id_ifname() is used to determine if a given
vlan is valid *and* to actually determine the interface. This leads to
wpa_set_keys() sometimes setting the key on the wildcard interface name,
which does not make sense.

This patch therefore adds hostapd_vlan_id_valid() and makes
hostapd_get_vlan_id_ifname() not return a wildcard interface.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 12:03:02 +03:00
Michael Braun
4345fe963e bridge: Track inter-BSS usage
Currently, struct hostapd_vlan is a per-BSS data structure which
also contains informations about whether to remove the bridge
or clear wlan / tagged-vlan interface from the bridge.

In a multi-interface multi-BSS setup, this can lead to the following
race condition:
 1. wlan0 creates VLAN A, sets DVLAN_CLEAN_BR and DVLAN_CLEAN_VLAN_PORT
 2. wlan1 creates VLAN A, does not set DVLAN_CLEAN_BR and
    DVLAN_CLEAN_VLAN_PORT as already there
 3. wlan0 removes VLAN A, removes tagged-interface from the bridge
    but not the bridge.
    Now wlan1 VLAN A is unusable due to the missing uplink.
 4. wlan1 removes VLAN A, does not cleanup

Solution:
This requires an inter-BSS inter-interface data structure to track the
bridge / bridge port usage within hostapd. This data structure could
also be used to track any other device-has-been-created-by-hostapd
information or when regarding interface freeing.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 12:00:10 +03:00
Michael Braun
459eee923c bridge: Use safe default bridge interface
Currently by default, all BSS share the bridge brvlan%d.
While this is sane when no tagged-interface is given, this
is insane when different tagged interfaces are given, as
it would result in bridging those tagged interfaces.

This patch therefore uses br%s%d with %s=tagged_interface
and %d=VLAN ID as bridge name when a tagged-interface is given.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 11:10:00 +03:00
Michael Braun
2aaeedfa07 bridge: Give bridge name in per-bss configuration
Currently, when different BSS using different tagged vlan
interfaces, they are forced to share the bridge brvlan#,
which is not desirable.

This patch fixes this by making the bridge name configurable.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 11:09:01 +03:00
Andrei Otcheretianski
9578329874 Add AVG_RSSI report in signal_poll
Add AVG_RSSI report to the signal_poll command if it is reported by
the kernel.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-06-22 12:01:05 +03:00
Andrei Otcheretianski
2cc8d8f4e8 Add bandwidth and center freq info to signal_poll
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-06-22 12:00:46 +03:00
David Spinadel
2090a0b42e nl80211: Add prints for kernel events
Add prints for kernel event, including the event ID and event string.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-06-22 11:12:48 +03:00
Sunil Dutt
87436760a2 TDLS: Validate ext_supp_rates in copy_supp_rates
The ext_supp_rates passed to merge_byte_arrays would be invalid if not
advertized by the TDLS peer. Thus, validate the argument to avoid
crashes in such cases.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-20 15:10:15 +03:00
Jouni Malinen
85b4eac364 P2P: Do not reply to 802.11b-only Probe Request frames as GO
If AP mode SME/MLME within wpa_supplicant is used for processing Probe
Request frames in GO mode, drop Probe Request frames that include only
802.11b rates per P2P spec section 2.4.1.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-19 19:16:23 +03:00
Kyeyoon Park
4331263b73 Fix session timeout after ANQP dummy STA entry with SME-in-driver
Upon association, disable the timer that removes the dummy STA. This
timer caused the STA that associates within 5 seconds of doing an ANQP
query to disassociate, thinking it's a dummy STA. Similar call was
already there for the SME/MLME-in-hostapd case in handle_auth(), but the
SME-in-driver case was not previously addressed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-18 17:40:51 +03:00
Jouni Malinen
aa20e1a1fb Remove CONFIG_NO_WPA2 build parameter
There is not much use for enabling WPA without WPA2 nowadays since most
networks have been upgraded to WPA2. Furthermore, the code size savings
from disabling just WPA2 are pretty small, so there is not much
justification for maintaining this build option. Remove it to get rid of
undesired complexity.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-07 20:13:25 +03:00
Jouni Malinen
84ae1d44ca Fix WNM build without WPA2
Commit ae8535b6e1 added a new function
wpa_sm_pmf_enabled() which is called from WNM code without ifdefs.
Define a dummy wrapper for this function to fix build if WPA2 is
disabled.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-07 20:02:50 +03:00
Jouni Malinen
c33d5eb063 Fix build without WPA2 or EAP
Commit 4033935dd9 updated
pmksa_cache_flush() function arguments, but forgot to update the wrapper
function for cases where WPA2 or EAP has been disabled in the build.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-07 20:01:10 +03:00
Vivek Natarajan
8f395284bd P2P: Modify wait time in INVITE state based on Tx status of INV-REQ
In a noisy enviromment, some peers can be slow to respond to the
invitation request frames which may lead to unnecessary state timeout.
Increase this timeout to 350 ms to improve the probabilty of
successfully receiving the invitation response frames.

Signed-hostap: Vivek Natarajan <nataraja@qca.qualcomm.com>
2013-06-03 21:30:34 +03:00
Jouni Malinen
e112764e6d nl80211: Use NL80211_ATTR_PEER_AID to set TDLS peer AID
This is needed for TDLS with VHT to allow partial AID to be set
correctly for the direct link frames. cfg80211 validation rules
prevented NL80211_ATTR_STA_AID from being used for this in set_station
case, so the new attribute is used instead.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-30 10:25:23 +03:00
Jouni Malinen
f8a5fd4243 Synchronize with wireless-testing.git include/uapi/linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-30 10:22:47 +03:00
Jouni Malinen
9b1693a162 WPS: Allow Device Password Id changes between PIN methods
Commit b4a17a6ea7 added support for the
WPS Registrar to change the Device Password based on WSC specification
design. However, this added validation for Registrar behavior which
resulted in preventing a common P2P use case from working. Relax the
validation rules for builds with P2P enabled to allow the Enrollee (P2P
client) accepting M1/M2 changes in Device Password Id between Default
and Registrar-specified PIN.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-28 00:35:47 +03:00
Jouni Malinen
1ba51ec02b nl80211: Add debug print for set_supp_port operation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-27 20:32:54 +03:00
Jouni Malinen
add9b7a46a nl80211: Ignore deauth/disassoc event from old AP
It looks like cfg80211 can deliver a deauth/disassoc event during some
roaming cases while we are already in progress with a new
authentication/association. This happens at least with FT protocol.
Avoid issues with such disconnection event resulting in core
wpa_supplicant stopping the new connection attempt by tracking
auth/assoc BSSID more carefully within driver_nl80211.c and filtering
out events that do not apply for the current AP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-27 20:10:57 +03:00
Jouni Malinen
b54c9ff9ce FT: Fix TKIP group key configuration in FT protocol
The Michael MIC TX and RX keys needs to be swapped in the FT case just
like in all other TKIP key configuration cases. This fixes issues where
TKIP as group cipher resulted in Michael MIC failures being detected for
each received group-addressed frame after FT protocol use.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-24 16:03:54 +03:00
Jouni Malinen
3cb953e4b6 Do not set driver MAC ACL unless driver supports this
This cleans up debug log by not including comments about failed
operations in case the operation is known to fail due to not being
supported by the driver.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-24 13:37:22 +03:00
Vivek Natarajan
3c4ca36330 hostapd: Support MAC address based access control list
Enable MAC address based ACL for the drivers which advertise
this capabilty with NL80211_ATTR_MAC_ACL_MAX. Either of blacklist
or whitelist is supported, though, not simultaneously.

Signed-hostap: Vivek Natarajan <nataraja@qca.qualcomm.com>
2013-05-24 13:26:35 +03:00
Jouni Malinen
ae8535b6e1 WNM: Make ESS Disassoc Imminent event more convenient to use
Define a proper event prefix and include additional information to allow
ESS Dissassociation Imminent event to be used in a wpa_cli action
script.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-23 16:51:03 +03:00
Jouni Malinen
7b53acd395 WNM: Use defines for BSS Trans Mgmt field values
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-23 16:50:39 +03:00
Jouni Malinen
901d1fe1e5 WNM: Remove PMKSA cache entry on ESS disassoc imminent notification
This is needed to avoid allowing the STA to reconnect using a cached
PMKSA. ESS disassoc imminent notification is normally used to indicate
that the STA session will be terminated and as such, requiring full
authentication through the authentication server after this is needed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-23 16:50:06 +03:00
Sean Lin
72728c6fa8 P2P: Relax channel forcing for invitation processing with MCC support
When STA interface is connected and P2P interface gets invited in a
different channel from previous P2P group, the invitiation would fail
because of no common channel found. Fix this by using different logic
when device support multi channel concurrency.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-22 13:29:46 +03:00
Jouni Malinen
4033935dd9 Fix OKC-based PMKSA cache entry clearing
Commit c3fea27274 added a call to clear
all other PMKSA cache entries for the same network if the PMKSA cache
entry of the current AP changed. This was needed to fix OKC cases since
the other APs would likely use the new PMK in the future. However, this
ended up clearing entries in cases where that is not desired and this
resulted in needing additional full EAP authentication with networks
that did not support OKC if wpa_supplicant was configured to try to use
it.

Make PMKSA cache entry flushing more limited so that the other entries
are removed only if they used the old PMK that was replaced for the
current AP and only if that PMK had previously been used successfully
(i.e., opportunistic flag was already cleared back to 0 in
wpa_supplicant_key_neg_complete()). This is still enough to fix the
issue described in that older commit while not causing problems for
standard PMKSA caching operations even if OKC is enabled in
wpa_supplicant configuration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-22 13:24:30 +03:00
Jouni Malinen
1045ec36a3 nl80211: Add couple of additional iftypes to debug prints
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-21 16:51:06 +03:00
Sunil Dutt
2cadc8e1e5 TDLS: Retry TDLS Setup Response more quickly
TDLS responder STA used to retransmit the TDLS Setup Response after 5
seconds if the TDLS Setup Confirm is not received. The initiator would
have enabled the TDLS link and started transmitting the data to the peer
on the TDLS link after transmitting the TDLS Setup Confirm frame. If the
TDLS Setup Confirm frame is not received by the receiver, the
transmissions from the initiator on the direct link would get failed for
the TDLS link not getting enabled on the receiver. This commit reduces
the data delivery failure duration by shortening the retry time of the
TDLS Setup Response frames. The retry limit of the TDLS Response frame
also is increased to ensure that the peer does not miss the frames in
the reduced time period.

Signed-hostap: Sunil Dutt <duttus@codeaurora.org>
2013-05-20 21:30:27 +03:00
Kyeyoon Park
d5b559b641 WNM: Add disassociation timeout processing for ESS_DISASSOC
The hostapd_cli ess_disassoc command now takes three arguments (STA MAC
address, timeout in ms, URL) and the STA is disconnected after the
specified timeout.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-20 11:13:40 +03:00
Jouni Malinen
c4bf83a723 P2P: No duplicate AP-STA-CONNECTED/DISCONNECTED as global event
These events are sent as a special case to both the group interface and
"parent interface" (i.e., the interface that was used for managing P2P
negotiation). The latter is not really correct event, so get rid of it
with the new global control interface design where there is no need to
support legacy upper layer implementations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 19:18:31 +03:00
Jouni Malinen
7793c959e6 Clean up AP-STA-CONNECTED/DISCONNECTED prints
Use shared code to print the parameters so that they do not need to be
generated four times separately.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 19:09:41 +03:00
Jouni Malinen
ed496f131f P2P: Clean up debug prints
Replace direct wpa_msg() calls with p2p_dbg(), p2p_info(), and p2p_err()
calls that use a new debug_print() callback to handle actual debug
printing outside the P2P module.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 18:47:36 +03:00
Jouni Malinen
710ae9ac1f P2P: Move p2p_find stopped event message into p2p_supplicant.c
This removes wpa_ctrl.h dependency from src/p2p/* and makes the P2P
events more consistent, i.e., everything that is aimed for upper layer
processing from the wpa_supplicant control interfaces is generated in
p2p_supplicant.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 16:06:40 +03:00
Jouni Malinen
47bfe49c31 Add wpa_msg_global() for global events
This function can be used instead of wpa_msg() and wpa_msg_ctrl() to
indicate that an event is not specific to a network interface.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 14:19:24 +03:00
Jouni Malinen
d2a9e2c76d Abstract and Android sockets for global ctrl_iface
The wpa_supplicant global control interface parameter can now be used to
explicitly specify an abstract UNIX domain socket (Linux specific
extension) with "@abstract:" prefix and an Android control socket with
"@android:" prefix.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 11:42:09 +03:00
Jouni Malinen
058c8636a7 FT RRB: Fix a memory leak on error path
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 09:49:26 +03:00
Suryadevara Sudheer
c6ccf12d3f P2P: Use preferred channel list during GO creation
This extends support for p2p_pref_Chan configuration parameter for
autonomous GO creation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-17 11:27:02 +03:00
Suryadevara Sudheer
6d956c4064 P2P: Re-select channel in invitation case with peer info
Allow invitation exchange to update operating channel selection after
peer channel list has been received similarly to how GO negotiation was
handled.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-17 11:18:02 +03:00
Vinayak Kamath
65bcd0a92d WNM: Add sending of BSS Transition Management Query
The new control interface command can be used to send a
BSS Transition Management Query frame to the current AP.

Signed-hostap: Vinayak Kamath <vkamat@codeaurora.org>
2013-05-16 17:50:31 +03:00
Vinayak Kamath
e27d20bb68 WNM: Add neighbor report processing for BSS Transition Management
Process the neighbor report received in BSS Management Request frames.

Signed-hostap: Vinayak Kamath <vkamat@codeaurora.org>
2013-05-16 17:48:59 +03:00
Jouni Malinen
0af2db7478 edit: Fix libreadline history clearing with WPA_TRACE
The HIST_ENTRY and its variables are allocated within libreadline, so
they won't have the WPA_TRACE special header and cannot be freed with
os_free(). Use free() to avoid issues during wpa_cli termination if any
of the new commands added to the history are to be removed (e.g.,
set_network could include a password).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-14 16:46:38 +03:00
Jouni Malinen
455299fb40 nl80211: Fix foreign address filtering for MLME frame events
Commit 97279d8d1a started filtering MLME
frame events based on Address 1 (destination) field. This works fine for
frames sent to us, but it did filter out some corner cases where we
actually want to process an event based on a frame sent by us. The main
such case is deauthentication or disassociation triggered by something
external to wpa_supplicant in the system. Fix this by accepting events
for frames where either Address 1 or 2 (transmitter) matches the
interface address.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-13 11:53:21 +03:00
Paul Stewart
7c0e1e2757 tls_openssl: Store TLS context per-connection
Store context for each tls_init() caller, so events are generated for
the correct wpa_s instance. The tls_global variable is retained for
older OpenSSL implementations that may not have app-data for SSL_CTX.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-05-10 00:22:08 +03:00
Simon Wunderlich
b113a171ac DFS: Add ieee80211h hostapd configuration parameter
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 20:14:53 +03:00
Simon Wunderlich
695c70381f nl80211: Add driver_ops for stopping AP beaconing
This can be used to stop AP mode beaconing temporarily, e.g., in
response to a radar detected event.

This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 20:06:33 +03:00
Simon Wunderlich
f90e9c1c8b nl80211: Add driver_ops for starting radar detection
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 20:05:01 +03:00
Simon Wunderlich
fc96522eb9 nl80211: Add channel flags for DFS state information
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 20:02:57 +03:00
Simon Wunderlich
f295d0c86a nl80211: Add driver capability flag for radar detection
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 19:59:47 +03:00
Simon Wunderlich
04be54fa09 nl80211: Add driver events for radar detection
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 19:59:40 +03:00
Simon Wunderlich
a7505b1775 eloop: Allow to run event loop multiple times in a row
DFS implementation requires to run an eventloop while monitoring
the Channel Availability Check (CAC). After that, the "real" event
loop is started, and should not fail doing so.

Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 16:42:14 +03:00
Sunil Dutt
55293aaf4e TDLS: Do not overwrite the reason code in the Tear Down Request
The reason code for the teardown request is overwritten for open
mode. This commit removes the code that does so by reverting parts
of commit 0cb12963b6.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-07 16:27:31 +03:00
Jouni Malinen
03565bc2d6 Synchronize with wireless-testing.git include/uapi/linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-06 15:59:49 +03:00
Jouni Malinen
f11b72c3e9 TDLS: Move AID=1 workaround into driver_nl80211.c
The use of AID=1 for the nl80211 dummy STA case is specific to the
driver (cfg80211), so better move this into the driver wrapper instead
of generic TDLS implementation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-06 15:57:03 +03:00
Sunil Dutt
785336998d TDLS: Pass peer's AID information to kernel
The information of the peer's AID is required for the driver to
construct partial AID in VHT PPDU's. Pass this information to the driver
during add/set station operations (well, as soon as the information is
available, i.e., with set station operation currently).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-06 15:47:44 +03:00
Jouni Malinen
ad0685e901 edit: Fix history processing on running old command
currbuf_valid needs to be cleared when an old command from history is
processed to avoid leaving a bogus entry that makes history_prev() skip
the last entry in history.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-05 13:09:55 +03:00
Jouni Malinen
11e5a49c28 WPS: Do not use void* in arithmetic
This is a C compiler extension and not needed, so replace with standard
compliant way of calculating the pointer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-04 20:19:45 +03:00
Jouni Malinen
048edb1070 Revert "nl80211: Add nla_put_u32() wrapper for Android"
This reverts commit df2f9ec6b2.

The current AOSP snapshot for JB includes nla_put_u32(), so this is not
needed anymore and is also causing linking issues due to duplicated
definition.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-04 20:19:43 +03:00
Johannes Berg
8543ed8a37 WPA: Print pairwise EAPOL-Key flag as a bool
Since "pairwise" is defined as an integer, the current assignment leads
to it having the value 0 or 8, which is a bit strange in debug output:

WPA: Send EAPOL(version=2 secure=1 mic=1 ack=1 install=1 pairwise=8
kde_len=46 keyidx=2 encr=1)

Use !!(...) to normalize it to 0 or 1.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-05-04 11:48:57 +03:00
Johannes Berg
7af092a015 hostapd: Add Key MIC in group EAPOL-Key frames corruption test option
For some testing it can be useful to force the Key MIC in group
EAPOL-Key frames to be corrupt. Add an option to allow setting a
probability for corrupting the Key MIC and use it in the WPA code,
increasing the first byte of the MIC by one to corrupt it if desired.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-05-04 11:45:03 +03:00
Ilan Peer
b691dcb129 nl80211: Fix max_remain_on_chan capability reading
In case that NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP is supported,
wiphy_info_handler() is called several times, where
NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION is present only in one
of these calls. Thus capa->max_remain_on_chan is overridden in
all other calls.

Fix it so the default value is set only after all the wiphy info was
received.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-05-04 11:28:54 +03:00
Jouni Malinen
b57b560034 wpa_supplicant: Default to nl80211 instead of wext
nl80211 has obsoleted WEXT as the preferred kernel interface for
controlling wireless drivers. Update wpa_supplicant driver interface
list order so that nl80211 gets used first if both nl80211 and wext
interfaces are included in the build. In addition, update README to
reflect the fact that WEXT is obsolete.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-29 16:55:44 +03:00
Jouni Malinen
c64686229f WPS ER: Allow UPnP interface to be forced
"WPS_ER_START ifname=<interace>" can now be used to force a specific
interface to be used for UPnP operations. This is especially useful for
automated test cases where the lo interface can now be used easily to
perform ER operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-28 21:56:24 +03:00
Ben Greear
728d97171b Use status code 17 (unable to handle new STA) on max-STA limitation
This is more useful information than the previously used value 1
(unspecified failure).

Signed-hostap: Ben Greear <greearb@candelatech.com>
2013-04-28 16:45:55 +03:00
Jouni Malinen
5e24dc8a4b Add dup_binstr() to help common binary string tasks
There are quite a few places in the current implementation where a nul
terminated string is generated from binary data. Add a helper function
to simplify the code a bit.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 23:44:59 +03:00
Jouni Malinen
2c48211c49 FT RRB: Validate os_malloc() return value before using it
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 23:05:15 +03:00
Michael Braun
7ca902b53e Make vlan_file optional if dynamic_vlan is used
My APs generate their configuration on their own using a different
number of (vlan-enabled) bss. Currently, all my vlan_file files consist
of a single line: the wildcard line. Configuration file generation would
be easier, if the hostapd configuration file would not depend on those
simple vlan_file files.

This patch removes the need for those one-line files by using the
<device>.<vlan> naming scheme if no vlan_file is given (or that file is
empty). This should not break any existing setup, as using dynamic_vlan
with no vlan configured does not make sense anyway.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-04-27 22:53:34 +03:00
Jouni Malinen
bdb112d35f Add bitfield routines
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:16:40 +03:00
Jouni Malinen
fe904963d0 WPS: Fix AP auto configuration on config token generation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-27 22:14:56 +03:00
Jouni Malinen
8f7a6dd7d0 WPS NFC: Allow Device Password ID override for selected registrar
When a specific out-of-band Device Password is enabled, it can be useful
to be able to advertise that in the selected registrar information.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-27 22:14:31 +03:00
Jouni Malinen
aaecb69d87 WPS: Use generic MAC Address attribute builder
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:13:36 +03:00
Jouni Malinen
9ccd916504 P2P: Clean up channel--frequency conversion functions
All P2P use cases are required to use the global operating table and
there is no need to need to try to maintain some backwards compatibility
with country code -specific values. Clean up the implementation by
removing the unnecessary country parameter.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:12:13 +03:00
Jouni Malinen
e864c0aefe Use a common frequency to channel conversion function
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:11:51 +03:00
Deepthi Gowri
02db75b6c2 FT: Reset FT flag upon STA deauthentication
Reset ft_completed if STA receives deauthentication
between FT reassoc success and the subsequent initial
mobility authentication and association.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-26 17:56:24 +03:00
Jouni Malinen
7800d45c71 P2P: Set P2P_DEV_PEER_WAITING_RESPONSE from TX status callback
Commit fb8984fd6f added a mechanism to
skip the Listen state when the peer is expected to be waiting for us to
initiate a new GO Negotiation. However, this flag was set when building
the GO Negotiation Response frame with status 1 regardless of whether we
managed to send that frame or peer receive it. This could result in GO
Negotiation failures in cases where the peer did not receive the
response and Listen channels of the devices were different. Fix this by
setting the flag only after TX status indicating success has been
received.

This fixes frequent failures shown for the test_grpform_pbc hwsim test
case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-26 12:57:52 +03:00
Shijie Zhang
d78d3c6190 EAP peer: Add check before calling getSessionId method
We should not call getSessionID method if it's not provided. This fixes
a regression from commit 950c563076 where
EAP methods that did not implement getSessionId resulted in NULL pointer
dereference when deriving the key.

Signed-off-by: Shijie Zhang <shijiez@qca.qualcomm.com>
2013-04-26 12:30:01 +03:00
Jouni Malinen
97279d8d1a nl80211: Drop frame events that are for foreign address
This avoids duplicate processing of events when multiple BSSes are
configured.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-24 01:02:01 +03:00
Jouni Malinen
cc2ada868e nl80211: Reduce debug on Probe Request frames
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-24 01:01:21 +03:00
Jouni Malinen
63a965c313 P2P: Fix after_scan_tx processing during ongoing operations
When Action frame TX is postponed until a pending p2p_scan completes,
there may be additional operations that need to be continued after the
postponed Action frame TX operation completes. Fix this by starting
pending operation (if any) from TX status event for after_scan_tx
frames.

This fixes common errors seen with the test_discovery hwsim test case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-23 21:15:54 +03:00
Paul Stewart
754632c965 dbus_new: Add EAP logon/logoff
Add "EAPLogoff" and "EAPLogon" interface DBus commands which
parallel the "logoff" and "logon" wpa_ctrl commands which terminate
and restart EAP authentication.  Slightly enhance the "logon" case
by expiring any running "startWhile" timer.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-04-23 17:57:55 +03:00
Johannes Berg
c2aff6b1d1 hostapd: Add some testing options
In order to test clients in scenarios where APs may (randomly)
drop certain management frames, introduce some testing options
into the hostapd configuration that can make it ignore certain
frames. For now, these are probe requests, authentication and
(re)association frames.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-04-23 17:51:28 +03:00
Dmitry Shmidt
e6304cad47 wpa_supplicant: Add option -I for additional config file
This option can be used only for global parameters that are not going
to be changed from settings.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Iliyan Malchev <malchev@google.com>
2013-04-23 17:38:57 +03:00
Johannes Berg
adc96dc2ad nl80211: Fix nla_nest_start conversion
Dmitry reported that the kernel could no longer parse the
scheduled scan attributes correctly after my patch to use
nla_nest_start/nla_nest_end. The reason is that the wrong
attribute is closed I accidentally made it close the full
scan config instead of just the SSID match set.

Reported-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-04-23 17:19:20 +03:00
Chris Hessing
c7a39ba4e1 Provide TLS alerts to CLI/UI over control interface
Harmonize EAP status events over control interface to provide same
functionality as existing D-Bus callback.

Signed-hostap: Chris Hessing <chris.hessing@cloudpath.net>
2013-04-23 16:46:02 +03:00
Jouni Malinen
75fa7d19a4 TDLS: Fix key configuration with current mac80211
A kernel commit ("mac80211: fix FT roaming") started validating that the
STA entry is marked associated when adding a key. While this is needed
to fix some FT use cases with hardware crypto, it has a side effect of
breaking TDLS key configuration. Work around this by trying to
re-configure the key for the direct link after the STA entry has been
set with all information. In addition, try to tear down the link if
anything goes wrong in key configuration (if both attempts fail) or
enabling the link in the driver.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-03 18:39:10 +03:00
Jouni Malinen
88c8bf311e WPS NFC: Allow configuration token to be built from network block
"WPS_NFC_CONFIG_TOKEN <WPS/NDEF> <network id>" can now be used to build
an NFC configuration token from a locally configured network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 21:28:57 +03:00
Jouni Malinen
e205401c72 WPS ER: Allow Enrollee to be specified with MAC address
wps_er_pbc and wps_er_pin can now be used with both the UUID and MAC
Address of the Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 20:52:44 +03:00
Jouni Malinen
59307b3007 WPS ER: Allow AP to be specified with BSSID
This extends the WPS ER commands that previously accepted only UUID as
an identifier for an AP to use either UUID or BSSID for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 20:32:09 +03:00
Jouni Malinen
49e160a58d WPS: Fix use of pre-configured DH keys with multiple operations
wps_build_public_key() takes the dh_ctx into use and another attempt to
use the same DH keys fails with wps->dh_ctx being set to NULL. Avoid
this by using the DH parameters only if dh_ctx is valid. This fixes
cases where a use of local pre-configured DH keys followed by an
operating using peer DH keys would faild due to unexpected attempt to
use local keys again.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 19:30:34 +03:00
Jouni Malinen
5c9d63d46f WPS: Be more careful with pre-configured DH parameters
Make the implementation more robust against error cases with
pre-configured DH parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 19:27:32 +03:00
Jouni Malinen
3db5439a5f Optimize Extended Capabilities element to be of minimal length
Leave out zero octets from the end of the element.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 21:58:17 +03:00
Johannes Berg
8cd6b7bce8 hostapd/wpa_s: Use driver's extended capabilities
Some extended capabilities (I'm currently interested in "Operating Mode
Notification" for VHT) are implemented by the kernel driver and exported
in nl80211. Use these in hostapd/wpa_supplicant.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-31 21:51:44 +03:00
Jouni Malinen
ab547b5857 WPS: Add more helpful debug for invalid WPS_REG command parsing
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 12:34:35 +03:00
Jouni Malinen
a679c0f284 WPS: Allow hostapd process to control independent WPS interfaces
The new wps_independent=1 configuration parameter can be used to remove
interfaces from the shared hostapd process WPS control (i.e., to apply
WPS operations only to a subset of interfaces instead of all).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 12:34:35 +03:00
Jouni Malinen
ccdff94035 WPS AP: Add support for reconfiguration with in-memory config
This allows WPS to update AP configuration in the case no hostapd
configuration file is used (i.e., dynamic configuration through the
control interface).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 12:34:35 +03:00
Johannes Berg
8970bae806 nl80211: Use nla_nest_start/end instead of nla_put_nested
Instead of allocating a new message and then moving that into
the message being built, use nla_nest_start() and put the data
into the message directly.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-30 20:37:44 +02:00
Chaitanya TK
558d69e3ba P2P: Omit P2P Group Info in case of no connected peers
As per P2P specification v1.2: "The P2P Group Info attribute shall be
omitted if there are zero connected P2P Clients."

Do not add the attribute if there are not connected peers.

Signed-hostap: Chaitanya T K <chaitanya.mgit@gmail.com>
2013-03-30 20:08:42 +02:00
Michael Braun
65a32cdbcb AP: Fix infinite loop in WPA state machine when out of random bytes
When the OS is out of random bytes in SM_STATE(WPA_PTK, AUTHENTICATION2)
in ap/wpa_auth.c, hostapd sends the sm to state DISCONNECT without
clearing ReAuthenticationRequest, resulting in an infinite loop.
Clearing sm->ReAuthenticationRequest using gdb fixes the running hostapd
instance for me. Also sm->Disconnect = TRUE should be used instead of
wpa_sta_disconnect() to make sure that the incomplete ANonce does not
get used.

Fix this issue by resetting sm->ReAuthenticationRequest even if the STA
gets disconnected and use sm->Disconnect instead of
wpa_sta_disconnect().

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-03-30 19:53:22 +02:00
Jouni Malinen
a5f61b2b87 Fix OLBC non-HT AP detection to check channel
A non-HT capable AP on any channel could have triggered us to enable
protection regardless of own operating channel if the driver delivered
Beacon frames from other channels. The channel detection in ap_list is
not exactly ideal, but most cases can be handled by checking ap->channel
against the currently configured channel (or secondary channel in case
of HT40).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 18:05:18 +02:00
Jouni Malinen
69554d78f6 ap_list: Remove unused functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 17:06:50 +02:00
Jouni Malinen
08c99cafd2 ap_list: Remove unused iteration list pointers
This iter_next/iter_prev pointers were not really used for anything, so
get rid of the unnecessary complexity in the AP list maintenance.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 17:06:27 +02:00
Jouni Malinen
6b16917f39 ap_list: Remove unused fields
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 16:58:58 +02:00
Jouni Malinen
66f1f751d2 P2P: Fix provision discovery response handling in some cases
Commit 6b56cc2d97 added a possible call to
p2p_reset_pending_pd() prior to checking config_methods match between
our request and peer response. That reset call could clear
dev->req_config_methods and as such, result in unexpected
P2P-PROV-DISC-FAILURE report here even in cases where the peer accepts
the provision discovery. Fix this by using a local copy of the
req_config_methods variable.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 16:10:43 +02:00
Jouni Malinen
187f87f04c hostapd: Allow ctrl_iface group to be specified on command line
The new -G<group> command line argument can now be used to set the group
for the control interfaces to enable cases where hostapd is used without
a configuration file and the controlling program is not running with
root user privileges.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-29 17:09:31 +02:00
Sunil Dutt
9f890c982a TDLS: Support both external and internal setup in disabling link
Enhance TDLS Setup Request processing to support both external and
internal TDLS setup for the case where concurrent TDLS initialization
results in the TDLS Setup Request from the peer getting accepted.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-28 15:05:10 +02:00
Jouni Malinen
864fe3a47c TDLS: Fix TDLS Setup Request processing in existing-peer cases
wpa_tdls_peer_free() ended up getting called after some of the
parameters from the TDLS Setup Request frame were copied into the struct
wpa_tdls_peer information. This could result in continuing with cleared
information in case the new exchange was the one that is used in
concurrent initialization case or if this is to re-negotiated an
existing TDLS link. The driver would not be provided with all the peer
capabilities correctly in such case.

Fix this by moving the existing_peer check to happen before the
information from the TDLS Setup Request frame is copied.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-28 12:38:24 +02:00
Jouni Malinen
1d43e28a59 TDLS: Fix TPK M2 processing in concurrent initiation case
If we accept the peer TPK M1 after having sent our TPK M1, we need to
reject TPK M2 from the peer to avoid going through two TDLS setup
exchanges.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-27 14:29:01 +02:00
Vivek Natarajan
8047f70e03 P2P: Ignore Tx acknowledgment status for Invitation Response
In some cases where the ack for Invitation response is lost,
the device is stuck in invited state but the peer device starts
GO. In line with the implementation of Negotiation Confirm,
assume invitation response was actually received by the peer
even though ack was not reported.

Signed-hostap: Vivek Natarajan <nataraja@qca.qualcomm.com>
2013-03-26 00:28:56 +02:00
Jouni Malinen
b084df8b81 Add vendor_elements into Beacon/Probe Response IE parameters
Commit b52f084cfa introduced a mechanism
for adding arbitrary vendor-specific elements into the Beacon and Probe
Response frames. However, this information was not added to the separate
buffers used for specifying Beacon and Probe Response IEs for drivers
that build the frames internally. Add vendor_elements to these values,
too, to support such drivers in addition to drivers that use the full
Beacon tail/head buffers.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-21 15:41:27 +02:00
Jouni Malinen
b92e08fc72 nl80211: Add debug prints for set_ap parameters
This makes it easier to see how exactly the driver is configured for AP
mode operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-21 15:40:25 +02:00
Johannes Berg
c30a4ab045 nl80211: Fix mode settings with split wiphy dump
When the wiphy information is split, there's no guarantee that the
channels are processed before the bitrates; in fact, with the current
kernel it happens the other way around. Therefore, the mode information
isn't set up correctly and there's no 11g mode.

Fix this by doing the 11b/11g determination as part of the
postprocessing.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-19 02:01:46 +02:00
Jouni Malinen
52728dcd25 P2P: Stop P2P_PD_DURING_FIND wait on PD Response RX
Previously, P2P_PD_DURING_FIND state was scheduled for 200 ms and the
P2P state was not change until that timeout regardless of whether the PD
Response for recieved or not. There is no need to wait for that timeout
if the response is received, so allow the next operation to be performed
immediately after the response has been processed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-18 20:31:47 +02:00
Jouni Malinen
565110cd55 nl80211: Include interface name in more debug prints
This makes it easier to understand how scan operations and events occur
when multiple interfaces is being controlled by a single wpa_supplicant
process.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-18 16:05:24 +02:00
Bruno Randolf
65d52fc103 Add capability flag for IBSS and add get_capability modes
Add a driver capability flag for drivers which support IBSS mode and set
it for nl80211 drivers which have set the NL80211_IFTYPE_ADHOC.

Add a new option "modes" to "get_capability" which will return "AP" and
"IBSS" if the corresponding capability flags are set.

The idea is that this can be used for UIs to find out if the driver
supports IBSS mode.

Signed-hostap: Bruno Randolf <br1@einfach.org>
2013-03-16 12:42:15 +02:00
Felix Fietkau
ba873c1284 hostapd: Fix client reassociation after disconnect due to ACK failure
Clear WLAN_STA_ASSOC_REQ_OK, otherwise no Class 3 frame will be sent to
the disconnected STA in response to data frames.

Signed-hostap: Felix Fietkau <nbd@openwrt.org>
2013-03-16 12:35:49 +02:00
Jouni Malinen
526b3a12f1 libtommath: Avoid a compiler warning on unused variable
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-16 12:03:37 +02:00
Solomon Peachy
de718493b4 libtommath: Condition fast_s_mp_mul_digs() on LTM_FAST
This function uses ~1.7kB of stack, and since there's a slower
alternative, wrap it with LTM_FAST.

Signed-off-by: Solomon Peachy <pizza@shaftnet.org>
2013-03-16 12:01:03 +02:00
Jouni Malinen
dbca75f82a P2P: Remove persistent group peer if it rejects invitation
If a peer replies to persistent group invitation with status code 8
(unknown group), remove the peer from the p2p_client_list if we are the
GO or remove the persistent group if we are the P2P client since it
looks like that the peer has dropped persistent group credentials and
the provisioning step needs to be executed again.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-15 16:43:06 +02:00
Jouni Malinen
6cb27aa85f P2P: Fix shared frequency preference for concurrent operations
Commit 50285f5ca8 changed number of rules
in channel selection and among other things, it broke the design where
the currently used operating channel on a virtual interface that is
shared by the same radio is preferred to avoid costs related to
multi-channel concurrency. Fix this regression by making the P2P module
aware of the shared channel and using that preference as the highest
priority when re-selecting the channel during negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-14 16:26:55 +02:00
Jouni Malinen
62e10e6e3d P2P: Use best-overall channel in p2p_reselect_channel()
Commit 50285f5ca8 ended up forcing channel
re-selection in number of cases where the peer would actually have
accepted our initial preference. Fix the parts related to best channel
information by using best_freq_overall as the highest priority and by
skipping the band changes if the peer supports the channel that we
picked since these were based on the assumption that
p2p_reselect_channel() is called only if the peer could not accept our
initial choice which is not the case anymore.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-14 16:05:47 +02:00
Sunil Dutt
4561526f83 TDLS: Disable link to existing peer with lower address
If the previously started setup is terminated in case both peers
initiate TDLS link at more or less the same time, disable the old link
to allow the dummy station entry to be deleted from cfg80211 so that a
new entry can be added for the setup direction that will be allowed to
proceed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-14 13:48:36 +02:00
Deepthi Gowri
6a1ce39599 FT: Add support for IEEE 802.11r with driver-based SME
Add NL80211_CMD_UPDATE_FT_IES to support update of FT IEs to the
WLAN driver. Add NL80211_CMD_FT_EVENT to send FT event from the
WLAN driver. This will carry the target AP's MAC address along
with the relevant Information Elements. This event is used to
report received FT IEs (MDIE, FTIE, RSN IE, TIE, RICIE).

Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
2013-03-12 20:08:53 +02:00
Jouni Malinen
f46fc73a3f P2P: Add a peer entry based on Association Request frame
It is possible for a P2P client to connect to an operating group without
exchanging any Probe Request/Response frames that would allow the GO to
discover the peer. To make sure there is a P2P peer entry at the GO, try
to add the peer information based on P2P IE in (Re)Association Request
frame.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-12 13:04:33 +02:00
Johannes Berg
e9ee8dc394 wpa_supplicant: Support VHT capability overrides
Add support for VHT capability overrides to allow testing connections
with a subset of the VHT capabilities that are actually supported by
the device. The only thing that isn't currently supported (by mac80211
and this code) is the RX/TX highest rate field.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-10 18:04:39 +02:00
Jouni Malinen
214a77b016 nl80211: Use helper function for phy_info_freqs()
This allows one level of indentation to be removed by using a helper
function to process each frequency.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 16:44:23 +02:00
Jouni Malinen
e62a1d43f9 nl80211: Split phy_info_band() into smaller helper functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 16:35:23 +02:00
Jouni Malinen
3cfcad1bb1 nl80211: Use helper function for phy_info_handler()
This allows one level of indentation to be removed by using a helper
function to process each wiphy band.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 16:17:18 +02:00
Jouni Malinen
5f43910727 nl80211: Split wiphy_info_handler() into smaller helper functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 16:05:55 +02:00
Dennis H Jensen
4324555222 nl80211: Support splitting wiphy information in dumps
This implements support for the new NL80211_ATTR_SPLIT_WIPHY_DUMP in
nl80211 to handle wiphy information that cannot fit in one message.

Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-hostap: Dennis H Jensen <dennis.h.jensen@siemens.com>
2013-03-10 13:22:43 +02:00
Jouni Malinen
3b365d4e9a Synchronize with wireless-testing.git include/uapi/linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 13:06:31 +02:00
Jouni Malinen
bb0122f3e8 SAE: Add forgotten commit element validation step for FFC groups
The peer commit element needs to be validated to pass one of the steps
listed in IEEE 802.11, 11.3.5.4:
scalar-op(r, ELEMENT) = 1 modulo p

Similar step was present for ECC groups, but was missing for FFC groups.
This is needed to avoid dictionary attacks.

Thanks to Michael Roßberg and Sascha Grau for reporting this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 11:45:55 +02:00
Jouni Malinen
0bb229a6e8 SAE: Move commit element validation steps into single location
It is clearer to keep all the validation steps described in IEEE 802.11
11.3.5.4 in a single location instead of splitting this between the
parsing and processing functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 11:26:22 +02:00
Jouni Malinen
5473362458 P2P: Use peer's channel list to limit GO freq on invitation
Peer device includes its list of allowed operating channels in the
Invitation Response frame. When we are becoming the GO, use that list
from the peer to filter out acceptable channels to avoid selecting a
channel that the peer is unable to use.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 20:01:01 +02:00
Jouni Malinen
f5877af01e P2P: Allow P2P client to specify preferred group channel
When re-invoking a persistent group in P2P client role, the new
pref=<MHz> parameter can now be used with the p2p_invite command to
indicate a preferred operating frequency. Unlike the older freq=<MHz>
parameter, this leaves GO an option to select another channel (from our
supported channels) if the GO cannot accept the channel.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 19:40:54 +02:00
Deepthi Gowri
79879f4ae8 P2P: Allow all channels in case of multi channel concurrency
If multi channel concurrency is supported, we have to populate the
p2p_channels with list of channels that we support. Use the same design
that was previously added for GO Negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 18:40:39 +02:00
Johannes Berg
851b73eb28 hostapd: Make VHT IE struct more expressive
The VHT IE struct just has an opaque 8-byte array for the MCS
set, make it more expressive by explicitly naming the pieces.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-01 18:24:57 +02:00
Jouni Malinen
3a2a7c3da6 P2P: Fix regression in GO Negotiation
Commit fb8984fd6f cleared wps_method to
WPS_NOT_READY in p2p_stop_find_for_freq() as an attempt to clear
authorization when a group formation is cancelled. However, this code
path is hit also in cases where the user did not actually cancel
anything (e.g., from p2p_process_go_neg_req()). As such, it is not fine
to clear wps_method here even if it could be proper for some cases. For
now, revert that part to avoid regressions and consider clearing
wps_method on cancel separately.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 11:53:46 +02:00
Jouni Malinen
fb8984fd6f P2P: Skip Listen phase when peer is expected to be waiting
In case we have replied to a peer's GO Negotiation Request frame with a
GO Negotiation Response frame using status code
info-currently-unavailable (1), the peer is likely going to wait for us
to initiate GO Negotiation on its Listen channel. We were previously
using alternativing send-GO-Neg-Req and Listen phase when providing that
response after the user had authorized the connection. However, the
Listen phase here is unnecessary in this case and will make the
connection take longer time to go through. Skip the Listen phase and
make the wait-for-GO-Neg-Resp timeout random between 100 and 200 ms to
avoid getting in sync with the peer. In practice, this will make us
retry GO Negotiation Request frames more frequently and remain on the
peer's Listen channel for most of the time when initiating GO
Negotiation after status=1 response.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-28 22:35:11 +02:00
Jouni Malinen
8e4839cefa P2P: Increase GO Negotiation timeouts
There may be environments in which large number of devices are operating
on the social channels. In such cases, it is possible for the Action
frame TX operation wait for quite long time before being able to get the
frame out. To avoid triggering GO Negotiation failures, increase the
timeouts for GO Neg Req (with TX ACK) and GO Neg Resp (with or without
TX ACK as long as status=0) to 500 ms.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-28 22:15:46 +02:00
Jouni Malinen
316a9e4d30 nl80211: Add debug print for cancel-frame-wait command
This makes it easier to interpret the logs for offloaded TX frame
operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-28 22:09:32 +02:00
Dmitry Shmidt
c667342933 Add WPA_BSS_MASK_DELIM flag to BSS command
This flag will add ==== delimiter between to separate bss results.
Unlike the other BSS command MASK values, this delimiter is not
included by default to avoid issues with existing users of the BSS
command.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-02-28 18:43:05 +02:00
Felix Fietkau
c3e3a5b90c nl80211: Fix WDS STA handling with multiple BSS interfaces
The MAC address of the AP VLAN needs to be the same as the BSS that the
STA belongs to.

Signed-hostap: Felix Fietkau <nbd@openwrt.org>
2013-02-28 16:55:13 +02:00
Jouni Malinen
8cee87ab13 P2P: Only schedule a single p2p_go_neg_start timeout at a time
It is possible for the driver to indicate multiple Probe Request frames
that would be processed in a single loop. If those frames happen to be
from a peer which with we are trying to start GO Negotiation, multiple
timeouts to start GO Negotiation (p2p_go_neg_start) could end up being
scheduled. This would result in confusing burst of multiple GO
Negotiation Request frames being sent once the RX loop finally
concludes. Avoid this by scheduling only a single eloop timeout to
trigger GO Negotiation regardless of how many Probe Request frames from
the peer is received. In addition, make sure this timeout gets canceled
in p2p_deinit().

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-26 18:07:17 +02:00
Jouni Malinen
c03e2113b6 P2P: Do not start new GO Neg on Probe Req when waiting for Confirm
If we have already sent out GO Negotiation Response and are waiting for
the peer to reply with GO Negotiation Confirm, there is no point in
re-starting GO Negotiation based on Probe Request frame from the peer.
Doing that would just result in confusing GO Negotiation exchange with
multiple sessions running at the same time.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-26 18:02:51 +02:00
Jouni Malinen
4284a0b1b0 P2P: Fail GO Negotiation on missing Group ID
The device that is selected as the GO shall incode P2P Group ID
attribute in GO Negotiation Response/Confirm message. Previously we did
not reject a message without that attribute since it was possible to
continue operations even without knowing the SSID. However, this can
potentially result in confusing results since missing P2P Group ID
attribute can be a sign of conflicting GO role determination (both
devices assuming the peer is the GO). To get clearer end result for the
GO Negotiation, reject this as a fatal error. In addition, stop GO
Negotiation if GO Negotiation Confirm indicates non-zero status since
that is also a fatal error.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-26 17:27:17 +02:00
Jouni Malinen
003c45804f P2P: Assign GO tie breaker bit at the same time with dialog token
Commit 624b4d5a64 changed GO Negotiation
to use the same Dialog Token value for all retransmissions of the GO
Negotiation Request within the same session. However, it did leave the
tie breaker bit changing for each frame. While this should not have
caused issues for most cases, it looks like there are possible sequences
where the peer may end up replying to two GO Negotiation Request frames
with different tie breaker values. If in such a case the different GO
Negotiation Response frames are used at each device, GO role
determination may result in conflicting results when same GO intent is
used.

Fix this by assigning the tie breaker value at the same time with the
dialog token (i.e., when processing the p2p_connect command instead of
for each transmitted GO Negotiation Request frame) to avoid issues with
GO selection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-26 16:56:48 +02:00
Sunil Dutt
f8361e3d68 TDLS: Pass peer's VHT Capability information during sta_add
The information of the peer's VHT capability is required for the
driver to establish a TDLS link in VHT mode with a compatible peer.
Pass this information to the driver when the peer station is
getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-25 10:31:50 +02:00
Jouni Malinen
d8ed3a075a WPS: Fix OOB Device Password use in PSK1,PSK1 derivation
WSC specification 2.0 section 7.4 describes OOB password to be expressed
in ASCII format (upper case hexdump) instead of raw binary.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-24 10:57:49 +02:00
Jouni Malinen
8dabf4bb46 GAS server: Fix a regression in GAS server callback
Commit 2d9ffe1e85 broke GAS server
callback for receiving Public Action frames. The incorrect context
pointer was used in the public_action_cb2 case. Fix this to use the
correct context pointer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-16 19:15:05 +02:00
Srinivasan B
bdaf17489a hostapd: Fix Max SP Length derivation from QoS Info
Hostapd provides QoS info of the STA (Service Period & AC mask) to the
kernel during wpa_driver_nl80211_sta_add call. Bit 5 and Bit 6 of QoS
info represents the Max SP length. Fix an issue in the code to fetch the
Max SP by shifting right the QoS info by value WMM_QOSINFO_STA_SP_SHIFT.
(operator ">" is replaced with ">>" operator).

Signed-off-by: Srinivasan <srinivasanb@posedge.com>
2013-02-16 11:15:13 +02:00
Sunil Dutt
122d16f25d nl80211: Configure STA Capabilities and Extended Capabilities
These are needed to allow drivers to implement all TDLS functionality
properly.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 23:45:48 +02:00
Jouni Malinen
542e7c406d Synchronize with wireless-testing.git include/uapi/linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-15 23:45:02 +02:00
Jouni Malinen
042ec551d4 WPS: Use pre-configured NFC password token instead of overriding it
"WPS_NFC_TOKEN <WPS/NDEF>" used to generate a new NFC password token
regardless of whether there was a pre-configured token in the
configuration. Change this to use the pre-configured value, if
available, instead. This allows the same command to be used to write the
password token to an NFC tag more conveniently.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 11:24:29 +02:00
Sunil Dutt
d16531c40c TDLS: Pass peer's Capability and Ext Capability info during sta_add
The contents of the peer's capability and extended capability
information is required for the driver to perform TDLS P-UAPSD and Off
Channel operations. Pass this information to the driver when the peer
station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:02:34 +02:00
Sunil Dutt
ff4178d57c TDLS: Pass peer's HT Capability and QOS information during sta_add
The information of the peer's HT capability and the QOS information is
required for the driver to perform TDLS operations. Pass this
information to the driver when the peer station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:01:50 +02:00
Jouni Malinen
e4dea253b7 nl80211: Add debug prints for STA add/set operations
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:01:19 +02:00
Jouni Malinen
cd8db7c3ba Synchronize with wireless-testing.git include/uapi/linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-14 21:00:56 +02:00
Jouni Malinen
b4a17a6ea7 WPS: Allow Device Password to be changed from M1 to M2
Registrar is allowed to propose another Device Password ID in M2. Make
Enrollee validate Device Password ID in M2 to check if this happened.
This commit adds support for changing from NFC password token to default
PIN for the case where the AP is the Enrollee and has both the NFC
password token and AP PIN enabled at the same time.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 20:41:14 +02:00
Jouni Malinen
38a5ad6728 WPS: Fix wps_reg nfc-pw option
Commit ffdaa05a6b added support for using
NFC password token from an AP. However, it had a bug that prevented the
wpa_supplicant wps_reg command from being used with "nfc-pw" as the PIN
value. Fix string comparison to handle this correctly.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 19:44:54 +02:00
Sunil Dutt
7b44ff2c21 TDLS: Tear down peers when disconnecting from the AP
A TDLS Teardown frame with Reason Code 3 (Deauthenticated because
sending STA is leaving (or has left) IBSS or ESS) shall be transmitted
to all TDLS peer STAs (via the AP or via the direct path) prior to
transmitting a Disassociation frame or a Deauthentication frame to the
AP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-13 01:19:44 +02:00
Jouni Malinen
a5b5e830a0 P2P: Do not use old scan result data for peer discovery
The driver may have cached (e.g., in cfg80211 BSS table) the scan
results for relatively long time. To avoid reporting stale information,
update P2P peers only based on results that have based on frames
received after the last p2p_find operation was started.

This helps especially in detecting when a previously operating GO stops
the group since the BSS entry for that could live for 30 seconds in the
cfg80211 cache. Running p2p_flush followed by p2p_find will now allow
wpa_supplicant to not add a P2P peer entry for that GO if the group had
been terminated just before that p2p_flush command. Previously, that GO
could have been indicated as a newly found device for up to 30 seconds
after it had stopped the group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-12 19:25:18 +02:00
Jouni Malinen
c5f10e804a Use more accurate timestamps for scan results
For various P2P use cases, it is useful to have more accurate timestamp
for the peer information update. This commit improves scan result
handling by using a single timestamp that is taken immediately after
fetching the results from the driver and then using that value to
calculate the time when the driver last updated the BSS entry. In
addition, more debug information is added for P2P peer updates to be
able to clearly see how old information is being used here.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-12 19:14:32 +02:00
Jouni Malinen
8b2b2a70ef P2P: Postpone P2P-DEVICE-FOUND if config_methods not known
If we discover a P2P peer based on a Beacon frame from the GO role, we
do not get information about the supported configuration methods. This
can result in issues if the P2P managing entity above wpa_supplicant is
not prepared to handling config_methods=0x0. To avoid this, postpone
reporting of the P2P-DEVICE-FOUND event when this happens on one of the
social channels. It would be good to be able to this on all channels,
but that could result in issues of never indicating the event for a peer
that is operating a GO on a channel that requires passive scanning.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-12 18:24:56 +02:00
Jouni Malinen
954ee628ee P2P: Do not allow peer update to clear config_methods
It could be possible for the scan results to include two entries for a
peer, one from the Listen state and the second one from the GO role. The
latter could be based on a Beason frame. If that happens and the entry
from GO is processed last, the P2P peer config_methods value could
potentially get cleared since Beacon frames do not include this
information in either WPS or P2P element. Avoid this by allowing the
config_methods value for P2P peers to be updated only if the new value
is non-zero.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-12 18:14:48 +02:00