For some testing it can be useful to force the Key MIC in group
EAPOL-Key frames to be corrupt. Add an option to allow setting a
probability for corrupting the Key MIC and use it in the WPA code,
increasing the first byte of the MIC by one to corrupt it if desired.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Injecting protected broadcast frames fails because of the unnecessary
null check for sta. In case of broadcast frames sta can be null, so
remove the check.
Reported-by: Janardhan R <janardhanr@posedge.com>
Signed-hostap: Chaitanya T K <chaitanyatk@posedge.com>
In case that NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP is supported,
wiphy_info_handler() is called several times, where
NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION is present only in one
of these calls. Thus capa->max_remain_on_chan is overridden in
all other calls.
Fix it so the default value is set only after all the wiphy info was
received.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
This tool can be used to debug Wi-Fi functionality on Android both
through the Android framework and through direct access to
wpa_supplicant.
Signed-hostap: Jouni Malinen <j@w1.fi>
Each attempt to connect to the same network using WPS would result
in the duplicate configuration getting added. Avoid such redundant
additions by comparing the network configuration with an already
existing one and remove the older network if the new credential
provisioned through WPS is identical.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
nl80211 has obsoleted WEXT as the preferred kernel interface for
controlling wireless drivers. Update wpa_supplicant driver interface
list order so that nl80211 gets used first if both nl80211 and wext
interfaces are included in the build. In addition, update README to
reflect the fact that WEXT is obsolete.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, this was initialized partially, but the interface was
not really started. That could result in eloop_run() returning
immediately and hostapd process getting stopped without any clear
indication of a failure. [Bug 479]
Signed-hostap: Jouni Malinen <j@w1.fi>
"WPS_ER_START ifname=<interace>" can now be used to force a specific
interface to be used for UPnP operations. This is especially useful for
automated test cases where the lo interface can now be used easily to
perform ER operations.
Signed-hostap: Jouni Malinen <j@w1.fi>
There are quite a few places in the current implementation where a nul
terminated string is generated from binary data. Add a helper function
to simplify the code a bit.
Signed-hostap: Jouni Malinen <j@w1.fi>
My APs generate their configuration on their own using a different
number of (vlan-enabled) bss. Currently, all my vlan_file files consist
of a single line: the wildcard line. Configuration file generation would
be easier, if the hostapd configuration file would not depend on those
simple vlan_file files.
This patch removes the need for those one-line files by using the
<device>.<vlan> naming scheme if no vlan_file is given (or that file is
empty). This should not break any existing setup, as using dynamic_vlan
with no vlan configured does not make sense anyway.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
The nfcpy script used to be run in a way that left them running for
multiple operations. This is not desired for some use cases, so provide
options to request only a single operation to be performed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
NFC connection handover messages may be longer than 100 octets, so
increase wpa_cli buffer size to allow longer messages to be reported.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When a specific out-of-band Device Password is enabled, it can be useful
to be able to advertise that in the selected registrar information.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The scan results from old test cases showing different SSID on the AP
can result in false failures, so avoid those by ignoring old scan
results from cfg80211.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
All P2P use cases are required to use the global operating table and
there is no need to need to try to maintain some backwards compatibility
with country code -specific values. Clean up the implementation by
removing the unnecessary country parameter.
Signed-hostap: Jouni Malinen <j@w1.fi>
Reset ft_completed if STA receives deauthentication
between FT reassoc success and the subsequent initial
mobility authentication and association.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit fb8984fd6f added a mechanism to
skip the Listen state when the peer is expected to be waiting for us to
initiate a new GO Negotiation. However, this flag was set when building
the GO Negotiation Response frame with status 1 regardless of whether we
managed to send that frame or peer receive it. This could result in GO
Negotiation failures in cases where the peer did not receive the
response and Listen channels of the devices were different. Fix this by
setting the flag only after TX status indicating success has been
received.
This fixes frequent failures shown for the test_grpform_pbc hwsim test
case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
We should not call getSessionID method if it's not provided. This fixes
a regression from commit 950c563076 where
EAP methods that did not implement getSessionId resulted in NULL pointer
dereference when deriving the key.
Signed-off-by: Shijie Zhang <shijiez@qca.qualcomm.com>
Previously, only explicit indications of authentication failures were
used to disable a network block temporarily. Extend this to use multiple
failed connection attempts as a sign of a possible authentication or
authorization failure to reduce the frequency of connection attempts
with a network that does not seem to allow connection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When Action frame TX is postponed until a pending p2p_scan completes,
there may be additional operations that need to be continued after the
postponed Action frame TX operation completes. Fix this by starting
pending operation (if any) from TX status event for after_scan_tx
frames.
This fixes common errors seen with the test_discovery hwsim test case.
Signed-hostap: Jouni Malinen <j@w1.fi>
The fast-connect optimization to skip a new scan did not update how the
RSN preauthentication callback is used. There is no point in trying to
add preauthentication candidates from cases where scan was skipped, so
skip this call, too, in such cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
All wpa_supplicant_deinit_iface() callers ended up freeing wpa_s
immediately after this call. Move os_free(wpa_s) into the deinit
function to share the same call and make the deinit sequence clearer.
Signed-hostap: Jouni Malinen <j@w1.fi>
Add "EAPLogoff" and "EAPLogon" interface DBus commands which
parallel the "logoff" and "logon" wpa_ctrl commands which terminate
and restart EAP authentication. Slightly enhance the "logon" case
by expiring any running "startWhile" timer.
Signed-hostap: Paul Stewart <pstew@chromium.org>
In order to test clients in scenarios where APs may (randomly)
drop certain management frames, introduce some testing options
into the hostapd configuration that can make it ignore certain
frames. For now, these are probe requests, authentication and
(re)association frames.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
This option can be used only for global parameters that are not going
to be changed from settings.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Iliyan Malchev <malchev@google.com>
Dmitry reported that the kernel could no longer parse the
scheduled scan attributes correctly after my patch to use
nla_nest_start/nla_nest_end. The reason is that the wrong
attribute is closed I accidentally made it close the full
scan config instead of just the SSID match set.
Reported-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Add "get_capability freq" command to print a more verbose list of
channels and frequencies in MHz. The tag "NO_IBSS" is added, if IBSS
mode is not allowed on a channel. This allows userspace programs to get
the frequencies and limitations associated with each channel.
This extends the information already provided in "get_capability
channels" but a new interface is chosen because of backwards
compatibility considerations.
Signed-hostap: Bruno Randolf <br1@einfach.org>
Harmonize EAP status events over control interface to provide same
functionality as existing D-Bus callback.
Signed-hostap: Chris Hessing <chris.hessing@cloudpath.net>
TK was incorrectly truncated in a way that resulted in CCMP (128-bit
key) encryption being used in practice.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
A kernel commit ("mac80211: fix FT roaming") started validating that the
STA entry is marked associated when adding a key. While this is needed
to fix some FT use cases with hardware crypto, it has a side effect of
breaking TDLS key configuration. Work around this by trying to
re-configure the key for the direct link after the STA entry has been
set with all information. In addition, try to tear down the link if
anything goes wrong in key configuration (if both attempts fail) or
enabling the link in the driver.
Signed-hostap: Jouni Malinen <j@w1.fi>
"WPS_NFC_CONFIG_TOKEN <WPS/NDEF> <network id>" can now be used to build
an NFC configuration token from a locally configured network.
Signed-hostap: Jouni Malinen <j@w1.fi>