Commit b36935be1a ('nl80211: Fix EAPOL
frames not being delivered') and commit
147848ec4d ('nl80211: Do not add all
virtual interfaces to drv->if_indices') were not fully in sync and it
was possible for some non-hostapd use cases to end up adding undesired
ifindexes into the list of interfaces from which events and EAPOL frames
are processed on the parent interface. This could result, e.g., in P2P
Device management interface on getting unexpected events, including
RTM_NEWLINK event that could end up getting interpreted as an
indication of the interface being down and unavailable.
Make both add_ifidx() calls use the same criteria for adding interfaces
to the local list. This is not really a complete solution, but it is
good enough for now to fix the most visible side effects of this issue.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
"TDLS_TEARDOWN *" can now be used to tear down the direct links to all
TDLS peers. This is useful for debugging purposes.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
The driver might not be able to add the TDLS STA. Fail if this happens.
Also fix the error path to always reset the TDLS peer data.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
If a link is unreachable, the specification mandates we should send a
teardown packet via the AP with a specific teardown reason. Force this
by first disabling the link and only then sending the teardown packet
for the LOW_ACK event.
Rename the TDLS LOW_ACK event handler to better reflect its purpose.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
It was possible for this test case to fail due to PBC overlap that was
detected based on previous test case having used PBC. Make that false
positive less likely to happen by explicitly clearing the scan cache on
dev[1].
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Earlier commit related to MAC address based access control list
offloaded to the driver was not sending ACL configuration to the driver
if the MAC address list was empty. Remove this check as empty access
control list is a valid use case and sending ACL parameters should not
be dependent on whether the list is empty.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This removes number of unnecessary #ifdef CONFIG_P2P blocks from generic
code by hiding the conditional build into p2p_supplicant.h with empty
inline functions.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify that when all configured preferred channels are disallowed,
the GO is instantiated on a random channel.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Performing a P2P Device flow such as p2p_listen or
p2p_find, can degrade the performance of an active interface
connection, if the listen frequency is different than the
frequency used by that interface.
To reduce the effect of P2P Device flows on other interfaces,
try changing the listen channel of the P2P Device to match the
operating channel of one of the other active interfaces. This change
will be possible only in case that the listen channel is not forced
externally, and will be delayed to a point where the P2P Device
state machine is idle.
The optimization can be configured in the configuration file and
is disabled by default.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
In case there is no preference for the GO operating channel,
try using one of 1, 6, 11 (randomly), and only if the random
selection is not suitable traverse all the channels 1..11.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
In p2p_get_pref_freq, if the channels argument is NULL, select a
preferred channel that is also one of the P2P Device configured
channels.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Remove the seperation between getting the local interface frequency and
other interfaces frequencies since going over all the radio interfaces
includes the local interface.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
When the number of frequencies supported by the kernel is bigger than
one, and there is a need to pick a frequency for a new flow such as P2P
GO Negotiation or P2P Invitation, the flow should be able to pick the
best frequency among all the frequencies currently used by the device.
In order to prioritize between the currently used frequencies, add
the ability to collect additional data about each used frequency
(if the frequency is used by a station interface or P2P Client)
and when needed select the best frequency, where:
1. Infrastructure interfaces have highest priority
2. P2P Client interfaces have higher priority over AP/GO
interfaces.
The rational is that the frequency of an AP/GO can change while
that of a station interface cannot.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Remove the check for get_radio_name support from
get_shared_radio_freqs_data() since get_radio_name is no longer in use
in this function.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that a standalone GO selects a random channel from the social
channels in case no other preference is set.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that when trying to form a P2P group but each peer forces a
different frequency, the group formation fails.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that when setting frequency as no_go_freq and setting up
autonomous GO, the GO is instantiated on a different frequency, but
when forming a P2P group and becoming a client this frequency can be
used.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that when setting up autonomous GO with configured preferred
channel and a station interface is connected on a channel that is
disallowed for P2P, the GO is instantiated on the preferred channel.
Requires MCC.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that when setting up an autonomous GO with configured preferred
channel and a station interface is on another channel, the GO is
instantiated on the same channel as the station interface and not on the
configured preferred channel.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that when a station interface is on one frequency, and GO
negotiation is started in which both sides force a different frequency,
the P2P group is formed on the forced frequency (both as GO and client).
Requires MCC.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
After station interface is connected on a specific channel, create
autonomous GO with forced different channel.
Requires MCC.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Verify that when P2P group is formed and a station interface is
connected on a channel that is disallowed for P2P, the group is formed
on a different channel than the BSS (both as GO and client).
Requires MCC.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that when setting up an autonomous GO and station interface is
connected on a channel that is disallowed for P2P uses, the GO is
instantiated on a different channel than the station mode connection.
Requires MCC.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Verify that when station interface is connected and GO negotiation is
initiated, the P2P group is formed on the same channel as the station
connection.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This test verifies that if a GO is instantiated after a connection of a
station interface, the chosen operating channel is that of the station
interface.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Add an option to run-all.sh and start.sh to get as an argument the
number of concurrent channels that mac80211_hwsim will be loaded with.
To start mac80211_hwsim with more than one channel, the following
parameter should be added to command line: channels=<num_channels>
The default is one channel (no concurrent channels).
The driver should be loaded with multi channel support in order to run
some tests.
Signed-off-by: Haim Dreyfuss <haim.dreyfuss@intel.com>
Use a single location in wpa_sm_rx_eapol() for preparing the pointer to
the Key Data field and to its validated length instead of fetching that
information in number of processing functions separately.
Signed-off-by: Jouni Malinen <j@w1.fi>
Re-order wpa_sm_rx_eapol() to first go through all EAPOL (802.1X) header
validation steps using the original message buffer and re-allocate and
copy the frame only if this is a valid EAPOL frame that contains an
EAPOL-Key. This makes the implementation easier to understand and saves
unnecessary memory allocations and copying should other types of EAPOL
frames get here.
Signed-off-by: Jouni Malinen <j@w1.fi>
These error messages had an incorrect frame name (likely copy-pasted
from the commit message handler) and couple of typos.
Signed-off-by: Jouni Malinen <j@w1.fi>
Most of these calls are checked to return success and there is no reason
why these wouldn't, so be more consistent. This addresses CID 62841,
CID 62840, CID 62839, CID 62838, CID 62837, CID 62836.
Signed-off-by: Jouni Malinen <j@w1.fi>
If this chmod() call fails, the global control interface is allowed to
be used since there was no change to its group. Anyway, it can be
helpful to note the error case in debug log instead of silently ignoring
it.
Signed-off-by: Jouni Malinen <j@w1.fi>
While this call cannot really fail, check the return value to be more
consistent with all the other wps_build_wfa_ext() calls.
Signed-off-by: Jouni Malinen <j@w1.fi>
While the hash functions would be very unlikely to fail in practice,
they do have option of returning an error. Check that return value more
consistently.
Signed-off-by: Jouni Malinen <j@w1.fi>
The additional eight octet field was removed from keydatalen without
proper validation of the Key Data Length field. It would have been
possible for an invalid EAPOL-Key frame to be processed in a way that
ends up reading beyond the buffer. In theory, this could have also
resulted in writing beyond the EAPOL-Key frame buffer, but that is
unlikely to be feasible due to the AES key wrap validation step on
arbitrary memory contents.
Signed-off-by: Jouni Malinen <j@w1.fi>
Since there is a limit on the EAP exchange due to maximum number of
roundtrips, there is no point in allowing excessively large buffers to
be allocated based on what the peer device claims the total message to
be. Instead, reject the message if it would not be possible to receive
it in full anyway.
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit b125c48fce ('P2P: Add wfd_dev_info=
field for device found event') added Wi-Fi Display device info to the
P2P-DEVICE-FOUND events. However, it did not include proper bounds
checking in wifi_display_subelem_hex() and could accept subelements with
invalid length field values. This could result in buffer read overflow
of up to 64 kB and inclusion of heap memory in the local control
interface event and/or process crash due to invalid memory access. Fix
this by checking the validity of the length field before writing a
hexdump of the data.
Signed-off-by: Jouni Malinen <j@w1.fi>
The vendor_ext[i] = NULL setting did not make any sense since
num_vendor_ext should have been used to index the vendor_ext array. The
old code did not do any harm since i >= num_vendor_ext and none of the
already set entries could have been cleared. Anyway, better clean this
by making it skip the setting to NULL similarly to what was already done
in the P2P peer vendor ext getter.
Signed-off-by: Jouni Malinen <j@w1.fi>
The OSEN code path hardcodes number of struct wpa_ie_data items.
However, it did not clear the full structure and some uninitialized
fields could have been used (e.g., ie.mgmt_group_cipher for a debug
print and ie.capabilities for checking MFPC). Fix this by clearing the
ie data before filling in the hardcoded OSEN values.
Signed-off-by: Jouni Malinen <j@w1.fi>
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.
Signed-off-by: Jouni Malinen <j@w1.fi>
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.
Signed-off-by: Jouni Malinen <j@w1.fi>
There seemed to be an off-by-one error in the validation of GAS request
frames. If a Public Action frame without the Action code field would
have reached this function, the length could have been passed as
(size_t) -1 which would likely have resulted in a crash due to reading
beyond the buffer. However, it looks like such frame would not be
delivered to hostapd at least with mac80211-based drivers. Anyway, this
function better be more careful with length validation should some other
driver end up reporting invalid Action frames.
In addition, the Action code field is in a fixed location, so the
IEEE80211_HDRLEN can be used here to clean up bounds checking to avoid
false reports from static analyzer.
Signed-off-by: Jouni Malinen <j@w1.fi>