Both the SA and IEs from the received Probe Request frames must be
included and the Probe Request RX callback functions may assume that
these are not NULL.
When comparing BSS table entries, handle empty concatenated
vendor-specific IE differently from completely missing IE. This
does not change anything for the only currently compared IE that
can be fragmented (WPS IE), but it is better to have the generic
code here ready for any possible new IE that could be used in
with zero-length data.
Better make sure the address value included in the event message gets
cleared in case the GO Device Address is not known for some reason.
Previously, this could potentially have been some random data from
stack should we ever hit the case where wpa_s->current_ssid is not
set (which should not really happen in normal use cases).
It is now possible to configure the the time in seconds that
wpa_supplicant waits before requesting a new scan after failing to find
a suitable network in scan results.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
If WPA/WPA2 was enabled in the configuration, the non-WPA exception
could allow an incorrect AP to be selected from scan results. Do
not use the exception if WPA/WPA2 is enabled in configuration.
Commit c76e5d7f9b moved the
ap_configured_cb() call into a completion callback from AP mode code.
However, this callback can be called before hostap_setup_interface()
returns. In that case, the ap_configured_cb() ended up getting
called before the wpa_supplicant connection information was updated.
Fix this by reordering code to set up everything before calling
hostapd_setup_interface().
This should fix EAPOL reauthentication and rekeying timeout issues
with Intel clients when using WMM (e.g., with IEEE 802.11n). These
stations do not seem to be able to handle EAPOL data frames as
non-QoS Data frames after the initial setup.
This adds STA flags to hapd_send_eapol() driver op to allow
driver_nl80211.c to mark the EAPOL frames as QoS Data frame
when injecting it through the monitor interface.
If the scan interval switches to the short interval soon after a
scan, bgscan_simple should not immediately scan again. However,
it should also make sure that the next scan occurs no later than
the new, short scan interval.
Signed-off-by: Paul Stewart <pstew@google.com>
We gain diminishing returns by the short scan interval. The short
scan interval is used to hunt for a better AP if the RSSI of the
current AP drops. However, if we never roam, and the AP continues
to have low RSSI, at some point we should give up and return to
the slow background scan rate, otherwise we waste a lot of power.
Signed-off-by: Paul Stewart <pstew@google.com>
It is not guaranteed that we will get a CQM signal shortly after setting
up monitoring. In order to establish the correct initial background
scanning rate, poll directly for the signal strength.
Signed-off-by: Paul Stewart
This provides a means for the supplicant to directly request signal
quality metrics from the driver. This is useful, for example for
background scan algorithms that might ask desire this information
out-of-band with CQM events.
Signed-off-by: Paul Stewart <pstew@google.com>
The "debug_strings" private array in dbus_new_handles.c has fallen out
of sync with wpa_debug.h. Add the new "excessive" level to the head of
the list, realigning everything.
Signed-off-by: Paul Stewart <pstew@google.com>
Change the old design of running a single long living RSN IBSS
instance to keep a separate instance for each IBSS connection.
This fixes number of issues in getting keys set properly for
new connections and is in general quite a bit more correct
design.
Replace compile-time BSS cache expiration age and scan count by config
parameters that can be set via wpa_cli and the new D-Bus API. The latter
is done with interface properties BSSExpireAge and BSSExpireCount.
Move the code snippet to switch on bgscan over to wpa_supplicant.c
from event.c, so that it can be activated on wpa_supplicant_set_state().
Also create a centralized place to switch off bgscan. bgscan is now
turned on in COMPLETED, not ASSOCIATED.
This adds a new command to the interface to remove all configured
netblocks. Without this it's necessary to query properties on the
interface and explicitly remove each netblock.
This fixes an issue seen in our wifi testbed, where we frequently
switch the SSID of the AP. wpa_supplicant's BSS list will have, for
example both <bssid, "Check11b"> (from the previous test) and <bssid,
"Check11g"> (from the current test) - note that the bssid is the same for
both. The (old) D-Bus API for fetching scan responses from wpa_supplicant
is fetch-by-bssid, so the caller (flimflam) incorrectly believes we're
associated with <bssid, "Check11b">.
Add an "Interface.FlushBSS" method to the new D-Bus API and a "flush"
method to the old API. Both take an age parameter that is a threshold
(in seconds) for selecting entries to evict. Setting this parameter
to zero flushes all entries from the cache.
This mechanism is useful for a connection manager to clear state at
startup and on resume (where the age parameter may be used to hold
onto recent/valid data).
This provides feature parity with the old-style D-Bus API. Explicit
properties to control global parameters is preferred but until that
happens this allows doing things like setting pkcs11_engine_path and
pkcs11_module_path via D-Bus.
The AP code might, currently only in the case of HT40, defer actual
enabling to after a scan. In this case, the wpa_s AP code gets confused.
Add a callback for it to use and make it use it to finish only when the
setup has actually completed.
With appropriate hacks in place this allows using HT40 in P2P mode.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When wpa_s scans in AP mode, it doesn't propagate the scan event to the
AP code, so that code can get stuck if it uses the callbacks there.
Simply call them where appropriate.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This adds the ability to add WPS vendor extension attributes in P2P
frames, like GO Negotiation and Probe Response frames.
Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of converting back and forth from the string representation,
always use the binary representation internally.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The secondary device type list is an optional attribute in the WSC IE.
Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
There's a bug in the getter for the 'Interfaces' property
of /fi/w1/wpa_supplicant1 (new D-Bus interface) which causes a
'Segmentation Fault' when there are multiple interfaces.
Chooses between EAP and non-EAP authentication modes and
uses the appropriate method to retrieve the name.
Signed-off-by: Paul Stewart <pstew@google.com>
Use a specific return value, WPS-PBC-OVERLAP, to indicate a reason
for rejecting a wps_pbc command in wpa_supplicant AP mode if the
PBC mode cannot be started due to PBC session overlap having been
detected during monitor time.
If the wpa_supplicant configuration file does not specify an UUID,
we need to copy the generated UUID, not the all zeros buffer
reserved for the configured UUID.
Instead of generating a different UUID for each interface, use the
same UUID that was either configured of generated for the first
interface. This avoids potential issues with PBC session overlap
detection should multiple interfaces end up running a PBC scan
at the same time which may happen at least in some P2P use cases.
If there is already a link the requested peer, request start of
renegotiation instead of completely new link. This seems to be needed
to allow some driver to accept the trigger for a new negotiation.
These special test cases can be configured at run time with "wpa_cli
tdls_testing <value>" where <value> is an integer (either as a decimal
or as a hex value with 0x prefix) bitmap of special features with
following bits available at this point:
bit 0 = long frame (add dummy subelement to make FTIE very long)
bit 1 = use alternative RSN IE (different RSN capab value and no extra
replay counters)
bit 2 = send incorrect BSSID in Link Identifier of TDLS Setup Request
(e.g., 1 = long FTIE, 2 = different RSN IE, 3 = both of those)
This is disabled by default and can be enabled for the build by
adding the following line to .config:
CFLAGS += -DCONFIG_TDLS_TESTING
This allows driver wrappers to indicate whether the association was
done using Association Request/Response or with Reassociation
Request/Response frames.
Add a notification function for the result of an invitation.
Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add a notification for received GO negotiation requests.
Signed-off-by: Konguraj(Raj) Kulanthaivel <konguraj.kulanthaivel@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The DBus code will want to have perfect matching of dev_found and the
dev_lost it adds so it doesn't need to keep track internally. Enable
that with a new flag in the core that tracks whether we have already
notified about this -- the existing users can ignore it.
The part where this is always set to 1 if the new device is discovered
by a driver that has P2P in the driver is buggy -- the driver should
feed the P2P peer database and then that should feed the notification
here instead.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This embeds some information about each P2P peer that will be publically
visible in a struct that is shared.
The dev_found notification function is also passed the new struct, which
requires some work for the driver-based P2P management.
Signed-off-by: Konguraj(Raj) Kulanthaivel <konguraj.kulanthaivel@intel.com>
Signed-off-by: Fabien Marotte <fabienx.marotte@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Previous code was assuming that the P2P module is always initialized.
However, that is not the case anymore with drivers that do not support
P2P. Add verification of whether P2P is enabled before trying to execute
P2P commands.
mac80211 authentication or association operation may get stuck for some
reasons, so wpa_supplicant better use an internal timer to recover from
this.
Signed-off-by: Ben Greear <greearb@candelatech.com>
GO may use M2D to notify that PBC overlap was detected if the GO was
configured to allow only a specific P2P Device to connect using PBC.
We need to report the M2D message on the parent interface if a
separate group interface is used. In addition, we can stop the P2P
operation if PBC overlap was indicated similarly to what we are
already doing in th case the overlap is detected locally.
Some of the wpa_supplicant control interface commands, like WPS_PIN,
may not include a newline in the end of the response. This can result
in the response being lost when wpa_cli redraws the screen after an
event message. Add a newline after such responses in interactive mode
to avoid the problem.
When FT protocol run is completed with FT-EAP, the EAPOL state machine
needs to be notified of the completed authentication to make sure it
does not try to start new authentication.
This converts number of debugging messages to use wpa_msg() in order
to allow the interface name to be shown with the messages.
A new function, wpa_dbg(), is introduced to allow
CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is
otherwise identical with wpa_msg(), but it gets compiled out if stdout
debugging is disabled.
This is needed to allows WPS PBC session overlap detection to work
with drivers that process Probe Request frames internally. This
code is is run in hostapd, but the wpa_supplicant AP mode did not
have call to the hostapd_probe_req_rx() function even though it
registered handlers for hostapd Probe Request RX callbacks.
An optional parameter, p2p_dev_addr, can now be given to WPS_PBC
command on P2P GO to indicate that only the P2P device with the
specified P2P Device Address is allowed to connect using PBC. If
any other device tries to use PBC, a session overlap is indicated
and the negotiation is rejected with M2D. The command format for
specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g.,
WPS_PBC p2p_dev_addr=02:03:04:05:06:07
In addition, show the PBC session overlap indication as a WPS failure
event on an AP/GO interface. This particular new case shows up as
"WPS-FAIL msg=4 config_error=12".
This makes log files much more readable if multiple interfaces
are being controlled by the same process. The interface name is
added to stdout/file/syslog entries, but not to the messages
sent to control interface monitors to avoid issues with parsing
in external programs.
Signed-off-by: Ben Greear <greearb@candelatech.com>
When the network was provisioned, we need to get the keys to be able to
reconnect without new provisioning. To be able to publish those keys but
not normally configured ones, add a new attribute to struct wpa_ssid
indicating whether or not keys may be exported.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
