Commit graph

188 commits

Author SHA1 Message Date
Jouni Malinen
d445a5cd8e Add BSSID filter for testing purposes
wpa_supplicant can now be configured to filter out scan results based
on a BSSID filter. Space-separated set of allowed BSSIDs can be set
with wpa_cli set bssid_filter command. Filtering mechanism can be
disabled by setting this variable to an empty list. When set, only
the BSSes that have a matching entry in this list will be accepted
from scan results.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-16 16:30:13 +02:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
331f89ff5b Select the BSD license terms as the only license alternative
Simplify licensing terms for hostap.git by selecting the BSD license
alternative for any future distribution. This drops the GPL v2
alternative from distribution terms and from contribution requirements.

The BSD license alternative that has been used in hostap.git (the one
with advertisement clause removed) is compatible with GPL and as such
the software in hostap.git can still be used with GPL projects. In
addition, any new contribution to hostap.git is expected to be licensed
under the BSD terms that allow the changes to be merged into older
hostap repositories that still include the GPL v2 alternative.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:31 +02:00
Dan Williams
0f4668ceac Try fallback drivers if global init for preferred drivers fails
Driver global init was considered a hard failure. Thus if, for example,
you used the Broadcom STA driver and didn't have nl80211 or cfg80211
loaded into the kernel, and specified a driver value of "nl80211,wext",
the nl80211 driver's global init would fail with the following message:

nl80211: 'nl80211' generic netlink not found
Failed to initialize driver 'nl80211'

but since global init was a hard failure, creating the supplicant
interface would fail and the WEXT driver would not be tried.
Give other drivers a chance instead.

Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
2012-02-04 20:09:51 +02:00
Jouni Malinen
96efeeb66b Use PMKSA cache entries with only a single network context
When looking for PMKSA cache entries to use with a new association, only
accept entries created with the same network block that was used to
create the cache entry.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-04 12:32:35 +02:00
Jouni Malinen
d93dfbd588 Delay scan request on select_network if disconnecting
The disconnection command results in disassociation and deauthentication
events which were previously processed during the scan in case of
select_network command being used while associated with another network.
While this works in most cases, it can result in confusing event
messages in ctrl_iface and debug log. Avoid this by using a short delay
between the disconnection and scan request to allow the disconnection
events to be processed prior to starting the new scan.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-02-04 12:28:16 +02:00
Ben Greear
80e8a5eef1 Support HT capability overrides
This allows HT capabilities overrides on kernels that
support these features.

MCS Rates can be disabled to force to slower speeds when using HT.
Rates cannot be forced higher.

HT can be disabled, forcing an 802.11a/b/g/n station to act like
an 802.11a/b/g station.

HT40 can be disabled.

MAX A-MSDU can be disabled.
A-MPDU Factor and A-MPDU Density can be modified.

Please note that these are suggestions to the kernel. Only mac80211
drivers will work at all. The A-MPDU Factor can only be decreased and
the A-MPDU Density can only be increased currently.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-01-29 21:01:31 +02:00
Jouni Malinen
499e7286b0 Remove duplicated TERMINATING event
Now that CTRL-EVENT-TERMINATING even is sent at the end of interface
removal in case wpa_supplicant process is going to terminate, there
is no need for this duplicated event in the signal handler.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-29 20:23:07 +02:00
Dmitry Shmidt
f08115165b Move ctrl_iface deinit into the end of interface deinit
This allows TERMINATING ctrl_iface event to be sent at the end of the
deinit sequence to avoid race conditions with new operations that this
event may trigger while wpa_supplicant would still be running through
the deinitialization path.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-01-29 20:21:07 +02:00
Dmitry Shmidt
2523ff6ea4 Deinit driver before notifying interface has been removed
This avoids issues with some external program starting to use the
interface based on the interface removal event before wpa_supplicant
has completed deinitialization of the driver interface.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-01-29 20:18:48 +02:00
Dmitry Shmidt
df509539d4 Let wpa_supplicant_deinit_iface() know that process is terminating
This will be needed to be able to move ctrl_iface TERMINATING event to
the end of interface removal.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-01-29 20:15:48 +02:00
Eyal Shapira
b3aa456b3e Interleave wildcard and specific SSID scans when max_ssids=1
For drivers limited to scan a single SSID at a time, this prevents
waiting too long for a wildcard scan in case there are several
scan_ssid networks in the configuration.

Signed-hostap: Eyal Shapira <eyal@wizery.com>
2012-01-29 17:39:08 +02:00
Nicolas Cavallari
9e2af29f9b Support fixing the BSSID in IBSS mode
When the "bssid=" option is set for an IBSS network and ap_scan = 2,
ask the driver to fix this BSSID, if possible.

Previously, any "bssid=" option were ignored in IBSS mode when ap_scan=2.

Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
2012-01-28 11:33:47 +02:00
Jouni Malinen
57d38ddf6b Update copyright notices to include year 2012
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-01 18:59:16 +02:00
Jouni Malinen
5fd9fb2772 Remove possible authentication timeout on connection failure
The authentication timeout could be triggered after the connection has
already been known to have failed. The event at that point can be
confusing, so better cancel the timeout when processing connection
failure.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-31 13:25:37 +02:00
Arik Nemtsov
4f73d88afa Maintain internal copy of Probe Response offload capabilities
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-12-10 21:11:32 +02:00
Jouni Malinen
bfba8deb8b Update internal MAC address on EVENT_INTERFACE_ENABLED events
This allows the MAC address of the interface to be changed when the
interface is set down even if the interface does not get completed
removed and re-added.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-03 13:20:40 +02:00
Johan Hedlund
f98eb880eb Update RSN supplicant MAC address on driver reinitialization
I have a test case where I remove and insert another network adapter
between two connections to AP. The interface get the same interface name
but switches macadresses between the connections. When running WPA2 I
got a failure in EAPOL negotiation and found out that the reason for
this was that the supplicant did not update the MAC address in the
correct place.
2011-12-03 13:02:57 +02:00
Jouni Malinen
0bf927a03e Use wpa_key_mgmt_*() helpers
This cleans up the source code and makes it less likely that new AKM
addition misses some needed changes in the future.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-24 22:47:46 +02:00
Jouni Malinen
39e7d718f6 ndis: Work around lack of C99 designated initializers in MSVC
Use a driver_ndis.c specific initialization function to fill in the
wpa_driver_ops information to make it easier to modify struct
wpa_driver_ops in the future. Being able to build driver_ndis.c
with MSVC was the only reason for having to maintain the same order
of function pointers in struct wpa_driver_ops and for having to
update driver_ndis.c for all changes in that structure.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 18:45:21 +02:00
Jouni Malinen
01a1749156 Fix TKIP countermeasures stopping in deinit paths
The eloop timeout to stop TKIP countermeasures has to be canceled
on deinit path to avoid leaving bogus timeouts behind.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-10-30 12:53:20 +02:00
Arik Nemtsov
c58ab8f249 TDLS: Get TDLS related capabilities from driver
Put glue code in place to propagate TDLS related driver capabilities to
the TDLS state machine.

If the driver doesn't support capabilities, assume TDLS is supported
internally.

When TDLS is explicitly not supported, disable all user facing TDLS
operations.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:15:15 +03:00
Christian Lamparter
6bf731e8ce wpa_supplicant: Unify hardware feature data
The hardware feature data is required in several different places
throughout the code. Previously, the data was acquired and freed on
demand, but with this patch wpa_supplicant will keep a single copy
around at runtime for everyone to use.

Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
2011-10-23 17:21:50 +03:00
Jouni Malinen
7756114f6a Postpone global_init() call until first driver instance is initialized
This avoids allocating global driver state for driver wrappers that
are built in but not used. This can save some resources and avoids
failures with driver_nl80211.c that is now initializing netlink
connections for nl80211 in global_init().
2011-10-23 13:20:52 +03:00
Jouni Malinen
17fbb751e1 Remove user space client MLME
This code was used only with driver_test.c to allow MLME operations
in hostapd to be tested without having to use a real radio. There
are no plans on extending this to any other use than testing and
mac80211_hwsim has now obsoled the need for this type of testing.
As such, we can drop this code from wpa_supplicant to clean up the
implementation of unnecessary complexity.
2011-10-22 22:45:38 +03:00
Dmitry Shmidt
48f8e03622 Prevent ap_scan change during association
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-10-21 19:00:18 +03:00
Jouni Malinen
92cbcf9128 Add Extended Capability element to AssocReq for Interworking
If Interworking is enabled, add Extended Capability element to
(Re)Association Request frames to indicate support for Interworking.
2011-10-16 23:55:34 +03:00
Luciano Coelho
6a90053cdf Add delayed scheduled scan request
When initializing, the scheduled scan code was being called before
everything is ready. With normal scans, the first scan round is
delayed, so the initialization is finished by the time it really
starts.

Add a function that can be used to request a delayed scheduled scan.
The scan will only start after the specified time has elapsed. Call
this function instead of starting the scheduled scan directly during
driver initialization.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:14 +03:00
Luciano Coelho
b59e6f267b Add filter support to scheduled scans
Pass SSIDs to be matched in scheduled scan results. Only the SSIDs
that are included in the match lists will be reported by the driver,
so the filtering can be offloaded to the hardware and the power
consumption can be reduced.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:14 +03:00
Luciano Coelho
a4cba8f1e2 Use sched_scan in driver init
This patch uses sched_scan, if available, when the driver is
initialized. It also adds a couple of cancel operations where
appropriate.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Luciano Coelho
cbdf3507e9 Add scheduled scan driver operations
In new Linux kernel versions (>=3.0), nl80211 adds scheduled scan
capability. In order to use this feature to its full extent, we need
to support it in the wpa_supplicant core, so that it can also be used
by other drivers.

This commit adds initial scheduled scan support operations and events.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Jithu Jance
2a6f78fbbe Do not re-associate on SELECT_NETWORK to current network
Signed-off-by: Jithu Jance <jithu@broadcom.com>
2011-10-02 13:12:43 +03:00
Zhi Chen
7d232e23e2 Allow wildcard SSID to be used with WPA-PSK if bssid is set
This allows the AP to be selected based on the BSSID when WPA-PSK
is used with a passphrase. The PSK will be derived from the passphrase
after the SSID has been learned from scan results.
2011-09-30 22:05:44 +03:00
Jouni Malinen
24f6497c34 GAS: Use off-channel operations for requests
This separates off-channel Action frame TX/RX from P2P into a generic
implementation that can now be used both for P2P and GAS needs.
2011-09-29 22:19:51 +03:00
Jouni Malinen
04ea7b7947 GAS: Add a generic GAS query module
This implements GAS request mechanism that is aimed at being used to
replace use case specific GAS/ANQP implementations in the future.
Compared to the earlier implementation in P2P SD, this implementation
includes support for multiple concurrent requests and more thorough
validation of frames against the pending query data.

GAS header processing, including comeback and reassembly, are handled
within gas_query.c and the users of this module will only need to
provide the Query Request and process the (possibly reassembled)
Query Response.
2011-09-29 22:19:15 +03:00
Jouni Malinen
0096c42740 Do not enable bgscan when driver takes care of BSS selection
There is no need to request periodic bgscans when the driver claims
to have capability for roaming within ESS. Ignoring the bgscan
configuration allows the same configuration file to be used both
with drivers the handle roaming and with drivers that don't.
2011-09-26 15:17:01 +03:00
Jouni Malinen
22628eca34 Support driver-based BSS selection in ap_scan=1 mode
If the driver indicates that it supports BSS selection (including
roaming within an ESS) with WPA_DRIVER_FLAGS_BSS_SELECTION, modify
ap_scan=1 mode to behave like ap_scan=2 mode for BSS selection.

The initial scan is still done to avoid the need for strict
configuration of or security parameters (e.g., to figure out whether
TKIP or CCMP is being used as the group cipher). However, when
requesting the driver to connect, the bssid and freq parameters are
not provided to leave the driver in control of selecting which BSS
to use and to allow the driver to decide when to roam.
2011-09-26 14:57:23 +03:00
Edward Lu
cf546f1a03 Make sure wpa_proto gets cleared for WPS and non-WPA connections
This is needed to fix the wpa_proto association parameter for drivers
that select AP based on security parameters internally.
2011-09-08 17:51:08 +03:00
Jouni Malinen
d8a790b922 Flush PMKSA cache entries and invalidate EAP state on network changes
If a network configuration block is removed or modified, flush
all PMKSA cache entries that were created using that network
configuration. Similarly, invalidate EAP state (fast re-auth).

The special case for OKC on wpa_supplicant reconfiguration
(network_ctx pointer change) is now addressed as part of the
PMKSA cache flushing, so it does not need a separate mechanism
for clearing the network_ctx values in the PMKSA cache.
2011-09-07 17:46:00 +03:00
Jouni Malinen
64fa840a97 nl80211: Fix WPA_VERSIONS attribute for Connect command
The previous code was trying to figure out which WPA version is
used based on the extra IEs requested for Association Request. That
did not work properly in cases where non-WPA networks are used with
some extra IEs. Fix this by using more robust mechanism for passing
the WPA versions from core wpa_supplicant to the driver_ops
associate().
2011-09-02 20:40:23 +03:00
Jouni Malinen
ffad885837 P2P: Set p2p auth/assoc parameter based on connection type
Fix the previous code that was hardcoding the p2p parameter based
on the driver P2P capability regardless of whether the connection
was really used for P2P or not.
2011-07-17 20:52:49 +03:00
Jouni Malinen
7b7ce8aa13 Deauthenticate on reconfiguration
This makes sure that the old connection is not maintained if the new
configuration does not allow it anymore. In addition, it is better to
use wpa_supplicant_clear_connection() instead of just clearing
wpa_s->current_ssid here to keep things in sync.
2011-07-16 16:57:11 +03:00
Jouni Malinen
7dcdcfd68d P2P: Start GO without extra scan step
There are some corner cases, where the wpa_supplicant_req_scan() call
may end up scheduling a scan even if we are about to start a GO. Avoid
this by explicitly marking the GO network to be selected for the next
connection.
2011-06-21 11:47:03 +03:00
Jouni Malinen
38e24575c1 random: Add support for maintaining internal entropy store over restarts
This can be used to avoid rejection of first two 4-way handshakes every
time hostapd (or wpa_supplicant in AP/IBSS mode) is restarted. A new
command line parameter, -e, can now be used to specify an entropy file
that will be used to maintain the needed state.
2011-05-31 20:07:11 +03:00
Jouni Malinen
849b5dc78b Update driver country info on 'SET country <value>' 2011-04-15 17:00:01 +03:00
Jouni Malinen
95cb2d88e9 TDLS: Verify that scan results for BSS are available before using them 2011-04-14 19:50:26 +03:00
Dmitry Shmidt
67b9bd089b Make scan interval configurable
It is now possible to configure the the time in seconds that
wpa_supplicant waits before requesting a new scan after failing to find
a suitable network in scan results.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-04-11 23:14:38 +03:00
Paul Stewart
14dc00115e dbus: Add "excessive" to debug_strings
The "debug_strings" private array in dbus_new_handles.c has fallen out
of sync with wpa_debug.h. Add the new "excessive" level to the head of
the list, realigning everything.

Signed-off-by: Paul Stewart <pstew@google.com>
2011-03-31 17:38:08 +03:00
Jouni Malinen
78177a000e RSN IBSS: Restart IBSS state machines for each new IBSS
Change the old design of running a single long living RSN IBSS
instance to keep a separate instance for each IBSS connection.
This fixes number of issues in getting keys set properly for
new connections and is in general quite a bit more correct
design.
2011-03-23 21:15:46 +02:00
Jouni Malinen
d47fa330b8 random: Read /dev/random in the background with eloop read socket
This makes it more likely to be able to fetch the 20 octet seed from
/dev/random in cases where other programs may also be competing for
this.
2011-03-22 23:15:00 +02:00