The OSEN code path hardcodes number of struct wpa_ie_data items.
However, it did not clear the full structure and some uninitialized
fields could have been used (e.g., ie.mgmt_group_cipher for a debug
print and ie.capabilities for checking MFPC). Fix this by clearing the
ie data before filling in the hardcoded OSEN values.
Signed-off-by: Jouni Malinen <j@w1.fi>
Prepare for new extended capabilities bits by checking that the local
buffer is large enough to contain all the bits the driver requests. The
existing buffers are large enough to include anything defined until now,
but it would be possible to add more definitions in the future, so
increase them a bit as well to make this more future proof.
Signed-off-by: Jouni Malinen <j@w1.fi>
When there is a pending WPS negotiation for P2P and signal interrupt is
triggered, invalid read occurs in wpas_wps_terminate_pending() if
wpas_p2p_disconnect() removed the interface. Inverting deinit order
solves the issue.
Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
Add a new wowlan_triggers option to wpa_supplicant.conf. The triggers in
this key will be used to configure the kernel wowlan configuration.
For now, support only simple flags. More complex triggers can be added
later on.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Previously, the frequency conflict was handled only during the
association flow. However, some drivers, e.g., mac80211 based
drivers, will fail an authentication request in case that there
are no available channels for use (as they might be used by
other interfaces), and thus the frequency conflict resolution
is never called.
Fix this by calling frequency conflict resolution during
authentication (SME-in-wpa_supplicant) as well.
In addition, get the shared radio frequency from the wpa_s context in
both the SME-in-driver and SME-in-wpa_supplicant cases and not from the
driver.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The normal scan counter is used to trigger a few normal scans before a
scheduled scan is issued. The reason for doing this is that we get
results faster and some drivers support more SSIDs per normal scan
than during sched scan. After 2 normal scans, we start using
sched_scan. But the problem is that when a connection succeeds, we do
not reset this counter, so we will keep using sched scans.
To fix this, now we reset the counter when we switch to WPA_COMPLETED
state.
Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
Previously, it was possible to remove the main interface and leave
behind dynamic P2P group interfaces. This would eventually result in
references freed memory, so it is not really suitable behavior. Instesd,
remove all the dynamic P2P group interfaces that were created through an
interface that is now removed.
Signed-off-by: Jouni Malinen <j@w1.fi>
This used to work, but it looks like the disabled-PSK-network check
ended up rejecting confiurations that configured a wildcard SSID with a
passphrase (instead of PSK).
Signed-off-by: Jouni Malinen <j@w1.fi>
According to the standard, if the max A-MPDU VHT cap is <= 3, we
have to adjust the max A-MPDU HT cap to the same value. Otherwise
it should be set to 3.
Take care of it when the max VHT A-MPDU value is overridden.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
This allows hostapd to set a different management group cipher than the
previously hardcoded default BIP (AES-128-CMAC). The new configuration
file parameter group_mgmt_cipher can be set to BIP-GMAC-128,
BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in
IEEE Std 802.11ac-2013.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
A previous patch "Support VHT capability overrides" missed one
place where HT overrides were being applied and where it would
also be useful to apply VHT overrides.
Signed-hostap: Paul Stewart <pstew@chromium.org>
This makes stations associate much faster when using lots of stations.
In addition, this avoids delaying the initial scan continuously for
dynamic interface removal/addition cases.
Signed-hostap: Ben Greear <greearb@candelatech.com>
Add an option to specify a configuration file that can be used to hold
the P2P_DEVICE configuration parameters. If this option is not used, the
P2P_DEVICE configuration parameters will be read from interface
configuration file.
Note that it is advised to use this option in some cases such as:
If a P2P_DEVICE is supported by the driver, the wpa_supplicant creates a
dedicated P2P Device interface, where the configuration file used for
the main interface is used. As a consequence, if the configuration file
includes network definition etc., the wpa_supplicant will try to perform
station specific flows on the P2P Device interface which will fail.
If a P2P_DEVICE is supported by the driver and update_config is used,
the P2P Device configuration data will override the main interface
configuration data.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
wpa_supplicant already allowed beacon interval to be configured for AP
mode operations, but this was not passed to the driver for IBSS even
though the same parameter can used for that case. Add this for the
nl80211 driver interface to allow beacon interval to be controlled for
IBSS as well.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant started delayed sched scan also on P2P Device interfaces,
resulting in erroneous scans and connection attempts. Skip that on
driver init when the interface is dedicated only for P2P management
purposes.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
As a P2P group has a unique SSID and one security domain, it does
not make sense to enable background scanning for roaming purposes.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Do not initialize bgscan if the user explicitly set bgscan to an empty
string. Without this patch wpa_supplicant tries to initialize bgscan to
the first option if the string is empty.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
This is needed to limit the number of consecutive authentication
attempts to no more than 10 within a 10-minute interval to avoid
unnecessary load on the authentication server. In addition, use a random
component in the delay to avoid multiple stations hitting the same
timing in case of simultaneous disconnection from the network.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_cli fetch_osu command can be used to fetch information about
all OSU providers and write that to a text file with the icons in
separate files. cancel_osu_fetch command can be used to stop ongoing OSU
provider list fetch.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Subscription remediation notification WNM-Notification Request is now
shown in the following way in wpa_supplicant control interface:
<3>HS20-SUBSCRIPTION-REMEDIATION http://example.com/foo/
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The HS 2.0 Indication element from wpa_supplicant now includes the
release number field and wpa_supplicant shows the release number of the
AP in STATUS command (hs20=1 replaced with hs20=<release>).
The new update_identifier field in the cred block can now be used to
configure the PPS MO ID so that wpa_supplicant adds it to the Indication
element in Association Request frames.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It was possible for the connect or sme-connect radio work to get
re-scheduled while an earlier request was still pending, e.g.,
select_network is issued at the moment a scan radio work is in progress
and the old scan results are recent enough for starting the connection.
This could result in unexpected attempt to re-associate immediately
after completing the first connection.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
While testing rfkill blocking of a scanning interface, it
was seen that the ongoing scan never completes. This happens
since EVENT_SCAN_RESULTS is discarded on a disabled interface.
Fix this and also other possible radio work completion issues
by removing all the radio works (including started) of the
disabled interface.
To be able to remove already started radio works, make their
callbacks be reentrant with deinit flag (when the work
is started), so each radio work should be able to handle
its own termination.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This uses the new nl80211 attributes to allow the connect command to
provide bssid and freq hints to the driver without limiting roaming to
the specific BSS/frequency. This can be used by drivers that perform
internal BSS selection (WPA_DRIVER_FLAGS_BSS_SELECTION) as a candidate
for initial association.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
1. In wpa_config_process_bgscan() fix memory leak after
calling wpa_config_parse_string()
2. In hostapd_config_defaults(), on failure to allocate bss->radius,
conf->bss was not freed.
3. In p2p_deauth_nofif(), memory allocated in p2p_parse_ies() was not
freed in case of NULL minor_reason_code.
4. In p2p_disassoc_nofif(), memory allocated in p2p_parse_ies() was
not freed in case of NULL minor_reason_code.
5. In p2p_process_go_neg_conf(), memory allocated was not freed in
case that the P2P Device interface was not waiting for a
GO Negotiation Confirm.
6. In wpa_set_pkcs11_engine_and_module_path(), the wrong pointer was
checked.
Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
This new mechanism allows P2P Client to request an IPv4 address from the
GO as part of the 4-way handshake to avoid use of DHCP exchange after
4-way handshake. If the new mechanism is used, the assigned IP address
is shown in the P2P-GROUP-STARTED event on the client side with
following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP
address is included in the AP-STA-CONNECTED event on the GO side as a
new ip_addr parameter. The IP address is valid for the duration of the
association.
The IP address pool for this new mechanism is configured as global
wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask,
ip_addr_star, ip_addr_end. For example:
ip_addr_go=192.168.42.1
ip_addr_mask=255.255.255.0
ip_addr_start=192.168.42.2
ip_addr_end=192.168.42.100
DHCP mechanism is expected to be enabled at the same time to support P2P
Devices that do not use the new mechanism. The easiest way of managing
the IP addresses is by splitting the IP address range into two parts and
assign a separate range for wpa_supplicant and DHCP server.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This adds a QCA vendor specific nl80211 event to allow the driver to
indicate a list of frequency ranges that should be avoided due to
interference or possible known co-existance constraints. Such
frequencies are marked as not allowed for P2P use to force groups to be
formed on different channels.
If a P2P GO is operating on a channel that the driver recommended not to
use, a notification about this is sent on the control interface and
upper layer code may decide to tear down the group and optionally
restart it on another channel. As a TODO item, this could also be changed
to use CSA to avoid removing the group.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This patch resets the static interface_count to zero in case of
wpa_supplicant_driver_init() call for wpa_s which is in
INTERFACE_DISABLED state. This interface_count is used for the delay of
the scan which is now minimal for dynamically added interfaces. This may
collide with a scan for another interface, but the same is true for any
chosen delay in this scenario. Also the state change to DISCONNECTED is
moved to wpa_supplicant_driver_init() so it will move from
INTERFACE_DISABLED to INACTIVE when there are no enabled networks.
Tested-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
Depending on the implementation, the scheduled scan may not give results
quickly when in DISCONNECTED state. This patch resets
wpa_s::normal_scans upon entering to the INTERFACE_DISABLED state so a
normal scan is assured upon going to DISCONNECTED state after the
interface has been re-enabled. This mainly solves a long reconnect time
observed upon repeated kernel driver reloads, i.e., third reload
resulted in a scheduled scan.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-hostap: Arend van Spriel <arend@broadcom.com>
Some EAP methods can go through a step that is expected to fail and as
such, should not trigger temporary network disabling when processing
EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as
a special case, but similar behavior is needed for EAP-FAST with
unauthenticated provisioning.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, only the last response data was kept in memory. This
increases that to hold up to two last responses to allow some more
parallel operations to be requested. In addition, the response data is
now freed as soon as the external program has fetched it.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
If an external program triggers a scan, wpa_supplicant does not have a
wpa_radio work item for this operation to protect against other
offchannel operations. This can result in operations failing, so try to
avoid damage by not starting any new wpa_radio work items during a scan
that was started by another process.
Signed-hostap: Jouni Malinen <j@w1.fi>
This type of protection against concurrent connection and scan
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.
Signed-hostap: Jouni Malinen <j@w1.fi>
Avoid concurrent P2P scan requests with any other exclusive use of the
radio by using the radio work queuing mechanism. This removes some of
the earlier workarounds that postponed scans depending on other
operations.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new radio work item concept can be used to request time for an
operation that requires exclusive radio control, e.g., a scan. Once the
radio is available, the registered callback function will be called.
radio_work_done() must be called once the exclusive radio operation has
been completed, so that the radio is freed for other operations. The
special case of deinit=1 is used to free the context data during
interface removal. That does not allow the callback function to start
the radio operation, i.e., it needs to free the allocated resources
and return.
Signed-hostap: Jouni Malinen <j@w1.fi>
Track set_key operations per-key index and clear keys on disconnection
only if the key was set (or may have been set which is the case for the
first operation after wpa_supplicant start).
Signed-hostap: Jouni Malinen <j@w1.fi>
These were somewhat more hidden to avoid direct use, but there are now
numerous places where these are needed and more justification to make
the extern int declarations available from wpa_debug.h. In addition,
this avoids some warnings from sparse.
Signed-hostap: Jouni Malinen <j@w1.fi>
WPA_CIPHER_* and CIPHER_* are used for the exact same set of cipher
suites with the main difference being that the WPA_CIPHER_* version is
suitable to be used as a bitfield. Similarly, WPA_KEY_MGMT_* and
KEY_MGMT_* have similar design for AKMs. There is no need to maintain
two separate copies of the definitions since the bitfield compatible
version can be used for both needs. Get rid of the CIPHER_* and
KEY_MGMT_* versions to clean up the implementation by getting rid of
unnecessary mapping functions.
Signed-hostap: Jouni Malinen <j@w1.fi>
The earlier changes to buffer EAPOL frames when not associated to avoid
race conditions (especially commit
3ab35a6603 but maybe something even before
that) broke PeerKey 4-way handshake. Fix this by using a separate check
before the race condition workaround to process PeerKey 4-way handshake
EAPOL-Key messages differently.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new freq=<frequency ranges> parameter to the SCAN command can be
used to request a scan to be performed on the specified set of channels
instead of on all channels. For example, "wpa_cli scan
freq=2400-2500,5180" would scan channels 1-14 and 36. Only the channels
that the driver indicates as enabled and that are within the specified
ranges are included in the request.
Signed-hostap: Jouni Malinen <j@w1.fi>
In wpa_supplicant_terminate_proc(), while iterating and
terminating interfaces, after an interface is terminated,
we can no longer access its memory as it is no longer valid
and causes a crash.
Fix this by saving the pointer to the next interface before freeing
the current one to avoid accessing an invalid memory location.
Signed-hostap: Moshe Benji <moshe.benji@intel.com>
Temporarily disabled networks are disabled for a certain
duration, so the code should use monotonic time.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The EAPOL RX workaround checks that the events are less than 100 ms
apart, so only uses relative times and should use monotonic time.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Stopping bgscan on any state other than COMPLETED results
in bgscan reset (stop + start) on every rekeying operation.
Signed-hostap: Eliad Peller <eliad@wizery.com>
Do not assume the driver supports QoS Mapping, but instead, advertise
support for this only if CONFIG_INTERWORKING is defined and driver
indicates support for configuring QoS Map.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 202dec2a94 introduced a never
ending loop for a case where a single wpa_supplicant process is used
with multiple radios. Fix this by advancing the iface pointer properly
to the next interface in the loop until a NULL pointer is hit.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Based on priority, remove the connection with least priority whenever
a frequency conflict is detected.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
struct wpa_radio is used as a shared data structure between all struct
wpa_supplicant instances that share the same physical radio.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit eb32460029 left an unneeded
sim_type argument to scard_init(). Remove that unnecessary argument to
clean up the implementation.
Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
This prints out get_shared_radio_freqs() results and related information
from P2P operations to make debug logs more helpful for figuring out
issues related to multi-channel concurrency.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The idx variable was mistakenly set to 0 at the beginning of the
interface iteration. This could result in the operating channel of the
interface calling the function from being removed from the returned
frequency array if other interfaces were operating.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
This option can be used to globally configure bgscan parameters
for all the network blocks.
Note that this configuration will not override a network block
specific bgscan settings, but will only be used in case that
the network block does not have a valid bgscan configuration.
Signed-hostap: Haim Dreyfuss <haim.dreyfuss@intel.com>
Both of these variables can result in optimized WPS scans, so better
clear these more consistently to avoid unexpected single-channel scans.
Signed-hostap: Jouni Malinen <j@w1.fi>
wpa_s->conf cannot be NULL because wpa_supplicant_init_iface() would not
allow wpa_supplicant_add_iface() to return wpa_s instance in such state.
Signed-hostap: Jouni Malinen <j@w1.fi>
Trying to access the SIM card details without checking if the eap_proxy
layer has been initialized can results in a crash. Address this by
sending the request for the IMSI through eapol_supp_sm.c which can
verify that eap_proxy has been initialized.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
DISCONNECT followed by ENABLE_NETWORK ended up starting a scan for a new
connection due to wpa_supplicant_enable_one_network() setting
wpa_s->reassociate = 1. This was done regardless of wpa_s->disconnected
being 1 which should imply that wpa_supplicant should not try to connect
before asked explicitly with REASSOCIATE or RECONNECT.
Fix this by making ENABLE_NETWORK setting of reassociate = 1 and
starting of scans for connection conditional on wpa_s->disconnected ==
0. This will make ENABLE_NETWORK trigger a connection only if
wpa_supplicant is already in a state where it would try to connect if
there are any enabled networks.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Offchannel operations needed for a GAS query can conflict with ongoing
scan/connection progress, so delay GAS queries if such an operation is
in progress on the current interface or any virtual interface sharing
the same radio.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new configuration parameter external_sim=<0/1> can now be used to
configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM
authentication for EAP-SIM or UMTS authentication for EAP-AKA). The
requests and responses for such operations are sent over the ctrl_iface
CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing
password query mechanism.
Changes to the EAP methods to use this new mechanism will be added in
separate commits.
Signed-hostap: Jouni Malinen <j@w1.fi>
Indicate support for QoS Mapping and configure driver to update the QoS
Map if QoS Map Set elements is received from the AP either in
(Re)Association Response or QoS Map Configure frame.
This commit adds support for receiving the frames with nl80211 drivers,
but the actual QoS Map configuration command is still missing.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add Extended Capabilities element to association request only if the AP
included this element in Beacon/Probe Response frames. This is a
workaround to address interoperability issues with some older APs that
do not seem to be able to handle Extended Capabilities element in
(Re)Association Request frames.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Killing the wpa_supplicant process or using TERMINATE ctrl_iface command
resulted in the process existing without cleaning up possibly added
dynamic P2P group interfaces. Clean this up by stopping each P2P group
before stopping eloop.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant crashes if driver configuration for AP mode interface
configuration fails after group negotiation. This is because of a
regression from commit 1075b29571 that
ends up freeing the wpa_s instance from within
wpa_supplicant_create_ap() without the caller knowing.
Fix this by using an eloop timeout to free remove the P2P group so that
wpa_supplicant_create_ap() and especially wpa_supplicant_associate()
callers do not need to know about interface getting possibly removed. In
addition, move the P2P specific code into p2p_supplicant.c where it
really belongs. This allows the already existing group formation timeout
to be used by reducing the timeout to zero.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Record all generated per-client PSKs in the persistent group network
block and configure these for the GO Authenticator whenever re-starting
the persistent group. This completes per-client PSK support for
persistent groups.
Signed-hostap: Jouni Malinen <j@w1.fi>
There were some code paths that allowed obsolete configuration data
pointer to be maintained within EAPOL supplicant in case a network was
removed while not connection to it (i.e., wpa_s->current_ssid not
pointing to the network that was removed). This could result in use of
freed memory, e.g., from eap_sm_notify_ctrl_attached() when a new
control interface connected prior to the EAPOL supplicant configuration
pointer got updated.
Signed-hostap: Jouni Malinen <j@w1.fi>
4-way handshake may fail under extremely noisy environment and if this
happens during P2P group formation, the 10 second extra delay added in
wpas_auth_failed() can result in running over the 15 second timeout.
Avoid this by skipping the delay mechanism in wpas_auth_failed() for the
P2P group formation case. The P2P formation timeout will take care of
stopping the attempts if the failure condition does not get resolved.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Some driver interfaces may not support the get_radio_name() design and
get_shared_radio_freqs() needs to be aware of such possibility when
determining shared radio frequencies.
Signed-hostap: Jouni Malinen <j@w1.fi>
There are devices that can operate several channels concurrently.
Change shared_vif_oper_freq() to get_shared_radio_freqs() that can
return an array of frequencies currently used by all the virtual
interfaces that share the same radio.
In addition, move it to wpa_supplicant.c, so it can be used by other
modules.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Signed-hostap: David Spinadel <david.spinadel@intel.com>
Previously, drivers only reported if they support multiple concurrent
channels, but did not report the maximum number of supported channels.
Add this reporting to the driver capabilities and add the implementation
to driver_nl80211.
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Signed-hostap: David Spinadel <david.spinadel@intel.com>
Because a delayed scheduled scan will access the members of struct
wpa_supplicant which is freed and this can result in a crash,
wpa_supplicant needs to cancel delayed scheduled scan during cleanups.
Signed-hostap: Chengyi Zhao <chengyix.zhao@gmail.com>
Adding a new wpa_supplicant control interface for the dedicated
P2P_DEVICE would be quite confusing for programs that manage P2P
operations. Remove this control interface and require the global control
interface to be used since it will provide consistent interface for both
the new dedicated P2P_DEVICE (non-netdev) and old style P2P management
through a netdev.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit c68f6200a7 made these calls
conditional on !p2p_mgmt, but forced p2p_mgmt=1 for cases where the
driver does not use the dedicated P2P Device. Fix this by making the
!p2p_mgmt condition apply only if the driver does indicate use of a
dedicated P2P Device.
Signed-hostap: Jouni Malinen <j@w1.fi>
If the capability flag of the driver indicates a dedicated P2P Device is
supported, a P2P Device interface is created.
Create the P2P Device in main interface creation loop when the added
interface flags support and P2P supplicant is not yet initialized
avoiding recursion of add_interface.
Do not register l2_packet for P2P Device interface (both for EAPOL and
for TDLS).
Signed-hostap: Arend van Spriel <arend@broadcom.com>
In wpa_supplicant_deinit(), the function wpas_p2p_deinit_global()
was called. Remove it as it will be called from wpas_deinit_iface()
upon removal of the P2P management interface.
Signed-hostap: Arend van Spriel <arend@broadcom.com>
This makes ENABLE_NETWORK behave similarily to SELECT_NETWORK by
allowing a scan to be skipped if recent scan results are available.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The optional -G<group> command line argument can be used to specify the
group that can access the global control interface.
Signed-hostap: Jouni Malinen <j@w1.fi>
This cleans up debug log by not trying to process the disconnection
event as a failure that could result in blacklist addition and auto
connect attempt. These are pointless operations since the interface is
going to removed immediately after this.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
There is no point in marking a BSS temporarily blacklisted based on a
connection failure or disconnection case if that happens as a result of
a local request to disconnect. The blacklist entry could result on
unexpected BSS getting selected on the next connection attempt. In
addition, the code to try to find another BSS within the ESS could
result in scanning a single channel on the next attempt. Fix these
issues by handling the connection failure events only if we are not in
disconnected state (i.e., would try to reconnect after this
automatically).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Scanning can delay concurrent operations considerably, so it is better
to avoid that while trying to connect on any of the virtual interfaces
that share the same radio.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
cfg80211 rejects the set_key operations before the IBSS network has been
fully formed, so add one more attempt to set the key for WPA-None at
IBSS joined driver event.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
There is no need to repeat the driver capability fetch for each
operation since we already cache driver flags in wpa_s->drv_flags.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The Hotspot 2.0 specification seems to mandate this element to be
included in all (Re)Association Request frames if the station is Hotspot
2.0 capable. However, that results in conflicts with other requirements
like no TKIP use when this element is present. The design is really
supposed to include the indication element only for Hotspot 2.0
associations regardless of what the current specification implies.
Remove the HS 2.0 Indication element from (Re)Association Request frame
whenever the connection is not for Hotspot 2.0 purposes.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, only explicit indications of authentication failures were
used to disable a network block temporarily. Extend this to use multiple
failed connection attempts as a sign of a possible authentication or
authorization failure to reduce the frequency of connection attempts
with a network that does not seem to allow connection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
All wpa_supplicant_deinit_iface() callers ended up freeing wpa_s
immediately after this call. Move os_free(wpa_s) into the deinit
function to share the same call and make the deinit sequence clearer.
Signed-hostap: Jouni Malinen <j@w1.fi>
This option can be used only for global parameters that are not going
to be changed from settings.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Iliyan Malchev <malchev@google.com>
Some extended capabilities (I'm currently interested in "Operating Mode
Notification" for VHT) are implemented by the kernel driver and exported
in nl80211. Use these in hostapd/wpa_supplicant.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Make the implementation more consistent and cleaner by using a single
function for addressing all the cases where completion of a station mode
scan operation allows a P2P operation (search) to be re-started.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This fixes the lookup of a usable PMKSA entry in the cache. Using
wpa_s->current_ssid often returns nothing when a usable PMKSA exists in
the cache since wpa_s->current_ssid does not necessarily point to the
correct network entry at this point in time (prior to association).
Signed-hostap: Partha Narasimhan <parthan@gmail.com>
If a peer replies to persistent group invitation with status code 8
(unknown group), remove the peer from the p2p_client_list if we are the
GO or remove the persistent group if we are the P2P client since it
looks like that the peer has dropped persistent group credentials and
the provisioning step needs to be executed again.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add support for VHT capability overrides to allow testing connections
with a subset of the VHT capabilities that are actually supported by
the device. The only thing that isn't currently supported (by mac80211
and this code) is the RX/TX highest rate field.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Stop sched scan, if running, after any disabling or removing of
a network, and request a new scan if needed.
Signed-hostap: David Spinadel <david.spinadel@intel.com>
Move enabling a network to a separate function. Try to reconnect if not
associated to an AP. Abort scheduled scan in any case of a new scan.
Signed-hostap: David Spinadel <david.spinadel@intel.com>
This patch uses existing scan results for fast connection on REASSOCIATE
and RECONNECT commands.
Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
A TDLS Teardown frame with Reason Code 3 (Deauthenticated because
sending STA is leaving (or has left) IBSS or ESS) shall be transmitted
to all TDLS peer STAs (via the AP or via the direct path) prior to
transmitting a Disassociation frame or a Deauthentication frame to the
AP.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If scan results are available when we perform a SelectNetwork, use
them to make an associate decision. This can save an entire scan
interval-worth of time in situations where something external to
wpa_supplicant (like a connection manager) has just previously
requested a scan before calling SelectNetwork.
Signed-hostap: Paul Stewart <pstew@chromium.org>
When the scan interval is changed the new interval is effective
after the old interval timer fires off one last time. This can cause
an unacceptable long delay when updating the interval.
Change this behaviour to use MIN(left of old interval, new interval)
for the scan interval following the interval change.
Signed-hostap: Pontus Fuchs <pontus.fuchs@gmail.com>
This was used to select between "(auth)" and "(reauth)" in
CTRL-EVENT-CONNECTED events. However, the variable was not cleared
anywhere else apart from the AP deinit case. As such, it did not really
provide correct information and is not really of much use even with
proper clearing added. As such, it is cleaner to just get rid of this
altogether.
Signed-hostap: Jouni Malinen <j@w1.fi>
Add some more functionality for BSS Transition Management:
- advertise support for BSS Transition Management in extended
capabilities element
- add hostapd.conf parameter bss_transition=1 for enabling support
for BSS Transition Management
- add "hostapd_cli disassoc_imminent <STA> <num TBTTs>" for sending
disassociation imminent notifications for testing purposes
- wpa_supplicant: trigger a new scan to find another BSS if the
current AP indicates disassociation imminent (TODO: the old AP needs
to be marked to use lower priority to avoid re-selecting it)
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 1ff733383f added a mechanism to
work around issues due to association events and EAPOL RX events being
getting reordered. However, this applied only for the case where
wpa_supplicant is not in associated state. The same issue can happen in
roaming case with drivers that perform BSS selection internally (or in
firmware). Handle that case similarly by delaying received EAPOL frame
processing if the source address of the EAPOL frame does not match the
current BSSID.
Since wired IEEE 802.1X do not have BSSID, make this additional
workaround conditional on BSSID match having been observed during the
previous association.
This fixes issues where the initial EAPOL frame after reassociation was
either dropped (e.g., due to replay counter not increasing) or replied
to with incorrect destination address (the BSSID of the old AP). This
can result in significantly more robust roaming behavior with drivers
that do not use wpa_supplicant for BSS selection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Requires Linux kernel patch to make the SGI-20 properly disabled. SGI-40
will already work since Linux 3.4 or so.
Signed-hostap: Ben Greear <greearb@candelatech.com>
Signed-off-by: Ben Greear <greearb@candelatech.com>
Both the ctrl_iface and D-Bus interface use similar functionality to
request a new connection. Combine these to a single function to avoid
need to maintain duplicated implementation.
Signed-hostap: Jouni Malinen <j@w1.fi>
wpas_connection_failed() uses the blacklist count to figure out a
suitable time to wait for the next scan. This mechanism did not work
properly in cases where the temporary blacklist gets cleared due to no
other BSSes being available. Address this by maintaining an additional
count of blacklisting values over wpa_blacklist_clear() calls. In
addition, add one more step in the count to timeout mapping to go to 10
second interval if more than four failures are seen.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, PMF (protected management frames, IEEE 802.11w) could be
enabled only with a per-network parameter (ieee80211w). The new global
parameter (pmf) can now be used to change the default behavior to be PMF
enabled (pmf=1) or required (pmf=2) for network blocks that do not
override this with the ieee80211w parameter.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, OKC (opportunistic key caching, a.k.a. proactive key
caching) could be enabled only with a per-network parameter
(proactive_key_caching). The new global parameter (okc) can now be used
to change the default behavior to be OKC enabled (okc=1) for network
blocks that do not override this with the proactive_key_caching
parameter.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This function is now unused after the last couple of commits that
removed the last uses, so remove this to keep code simpler since all
places that disassociate, can use deauthentication instead.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
cfg80211/mac80211 may reject disassociation command if association has
not yet been formed. Use deauthentication in cases where it is possible
that we are associating at the moment the command is issued.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant_{disassociate,deauthenticate}() need to inform the driver
about decision to disconnect even if this happens during the time when
the driver is still trying to complete association. During that time,
wpa_s->bssid is not set, so the code in these functions needs to figure
out the correct BSSID based on that field or wpa_s->pending_bssid. In
addition, it is possible that the BSSID is not even known at
wpa_supplicant at this point in time when using drivers that perform BSS
selection internally. In those cases, the disconnect command needs to be
sent to the driver without the BSSID.
This fixes issues where the driver (or cfg80211 in particular) may be
left in mismatching state with wpa_supplicant when disconnection (e.g.,
due to a ctrl_iface command) happens between connection request and
association event.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This introduces new AKM for SAE and FT-SAE and adds the initial parts
for going through the SAE Authentication frame exchange. The actual SAE
algorithm and new fields in Authentication frames are not yet included
in this commit and will be added separately. This version is able to
complete a dummy authentication with the correct authentication
algorithm and transaction values to allow cfg80211/mac80211 drivers to
be tested (all the missing parts can be handled with
hostapd/wpa_supplicant changes).
Signed-hostap: Jouni Malinen <j@w1.fi>
External programs can use this new parameter to prevent wpa_supplicant
from connecting to a list of BSSIDs and/or SSIDs. The disallowed BSSes
will still be visible in scan results and it is possible to run ANQP
operations with them, but BSS selection for connection will skip any
BSS that matches an entry in the disallowed list.
The new parameter can be set with the control interface SET command
using following syntax:
SET disallow_aps <disallow_list>
disallow_list ::= <ssid_spec> | <bssid_spec> | <disallow_list> | “”
SSID_SPEC ::= ssid <SSID_HEX>
BSSID_SPEC ::= bssid <BSSID_HEX>
For example:
wpa_cli set disallow_list "ssid 74657374 bssid 001122334455 ssid 68656c6c6f"
wpa_cli set disallow_list
(the empty value removes all entries)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If the AP creation failed (missing freq= or driver error) the supplicant
would previously stay in SCANNING state forever. Instead, it should
handle the error a bit better and drop back to DISCONNECTED so clients
know something went wrong.
Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
Since we have a global P2P module, the flag to trigger scan completion
events to it needs to be in similar context. The previous design
maintained this separately for each virtual interface and if P2P module
did not run its scan operation on the virtual interface that completed
the scan, P2P module would not be allowed to restart operations
properly.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows last results to be used even after they have been freed
since the information is copied to the BSS entries anyway and this new
array provides the order in which scan results were processed.
Signed-hostap: Jouni Malinen <j@w1.fi>
This commit adds control interface commands and internal storage of
Wi-Fi Display related configuration. In addition, WFD IE is now added
to various P2P frames, Probe Request/Response, and (Re)Association
Request/Response frames. WFD subelements from peers are stored in the
P2P peer table.
Following control interface commands are now available:
SET wifi_display <0/1>
GET wifi_display
WFD_SUBELEM_SET <subelem> [hexdump of length+body]
WFD_SUBELEM_GET <subelem>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This allows both hostapd and wpa_supplicant to be used to derive and
configure keys for GCMP. This is quite similar to CCMP key
configuration, but a different cipher suite and somewhat different rules
are used in cipher selection. It should be noted that GCMP is not
included in default parameters at least for now, so explicit
pairwise/group configuration is needed to enable it. This may change in
the future to allow GCMP to be selected automatically in cases where
CCMP could have been used.
This commit does not included changes to WPS or P2P to allow GCMP to be
used.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new gas_request and gas_response_get commands can be used to request
arbitary GAS queries to be performed. These can be used with ANQP or
with other (including vendor specific) advertisement protocols.
gas_request <BSSID> <AdvProtoID> [Query]
gas_response_get <addr> <dialog token> [offset,length]
For example, ANQP query for Capability list in interactive wpa_cli
session:
> gas_request 02:00:00:00:01:00 00 000102000101
<3>GAS-RESPONSE-INFO addr=02:00:00:00:01:00 dialog_token=0
status_code=0 resp_len=32
> gas_response_get 02:00:00:00:01:00 00
01011c00010102010501070108010c01dddd0c00506f9a110200020304050607
> gas_response_get 02:00:00:00:01:00 00 0,10
01011c00010102010501
> gas_response_get 02:00:00:00:01:00 00 10,10
070108010c01dddd0c00
> gas_response_get 02:00:00:00:01:00 00 20,10
506f9a11020002030405
> gas_response_get 02:00:00:00:01:00 00 30,2
0607
It should be noted that the maximum length of the response buffer is
currently 4096 bytes which allows about 2000 bytes of the response data
to be fetched with a single gas_response_get command. If the response is
longer, it can be fetched in pieces as shown in the example above.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This makes wpa_supplicant state somewhat cleaner since the information
from previously used connection is not maintained after getting
disconnected.
Signed-hostap: Jouni Malinen <j@w1.fi>
If 4-way handshake fails due to likely PSK failure or if EAP
authentication fails, disable the network block temporarily. Use longer
duration if multiple consecutive failures are seen.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 99fcd40409 added a call to update
search delay after failed authentication attempt. This change was
supposed to be only in p2p_supplicant.c for the successful case. The
extra call does not really do anything, but it's good to remove it to
avoid any confusion in the future.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, all station mode scan operations were either skipped or
delayed while any P2P operation was in progress. To make concurrent
operations easier to use, reduce this limitation by allowing a scan
operation to be completed in the middle of a p2p_find. In addition,
allow station mode association to be completed. When the station mode
operation is run to its completion (scan results not acted on,
connection to an AP completed, connection failed), resume the p2p_find
operation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If bgscan is enabled, then bgscan is initiated after the connection,
with no bss scan result information. Since a scan was performed prior to
the connection, the information exists and can be used to initialize the
bgscan's cache.
Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
If key_mgmt was set to allow both WPA and non-WPA IEEE 802.1X (i.e., to
IEEE8021X WPA-EAP), non-WPA IEEE 802.1X was rejected while preparing
association parameters. Allow this special case to be handled by
selecting non-WPA case if the scan results for the AP do not include
either WPA or RSN elements.
Signed-hostap: Jouni Malinen <j@w1.fi>