Beacon Report Radio Measurement is defined in IEEE Std 802.11-2016,
11.11.9.1. Beacon Report is implemented by triggering a scan on the
requested channels with the requested parameters.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This makes wpa_supplicant behavior more consistent with FLUSH command to
clear all state. Previously, it was possible for an ongoing scan to be
aborted when the FLUSH command is issued and the scan results from that
aborted scan would still be processed and that would update the BSS
table which was supposed to cleared by the FLUSH command.
This could result in hwsim test case failures due to unexpected BSS
table entries being present after the FLUSH command.
Signed-off-by: Jouni Malinen <j@w1.fi>
This provides more details on BSS selection process in the debug log.
Previously, the BSSs that were not either the current or the selected
one were not necessarily printed at all. Now all BSSs that match the
currently selected network are listed with their frequency and signal
strength details.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, the estimated throughput was used to enable roaming to a
better AP. However, this information was not used when considering a
roam to an AP that has better signal strength, but smaller estimated
throughput. This could result in allowing roaming from 5 GHz band to 2.4
GHz band in cases where 2.4 GHz band has significantly higher signal
strength, but still a lower throughput estimate.
Make this less likely to happen by increasing/reducing the minimum
required signal strength difference based on the estimated throughputs
of the current and selected AP. In addition, add more details about the
selection process to the debug log to make it easier to determine whaty
happened and why.
Signed-off-by: Jouni Malinen <j@w1.fi>
Previously, a build without IBSS RSN support tried to start/join an IBSS
even if the profile was configured with RSN parameters. This does not
work and resulted in quite confusing debug log. Make this clearer by
explicitly checking for this case and reject the connection attempt with
a clearer debug log entry instead of trying something that is known to
fail.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Decrypt the AES-SIV protected elements and verify Key-Auth. Parse and
configure keys to the driver.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Scan results were not propagated to all interfaces if scan results
started a new operation, in order to prevent concurrent operations. But
this can cause other interfaces to trigger a new scan when scan results
are already available. Instead, always notify other interfaces of the
scan results, but note that new operations are not allowed.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When scheduled scan stops without the interface request (for example,
driver stopped it unexpectedly), start a regular scan to continue
scanning for networks and avoid being left with no scan at all.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
In some cases, after a sudden AP disappearing and reconnection to
another AP in the same ESS, if another scan occurs, wpa_supplicant might
try to roam to the old AP (if it was better ranked than the new one)
because it is still saved in BSS list and the blacklist entry was
cleared in previous reconnect. This attempt is going to fail if the AP
is not present anymore and it'll cause long disconnections.
Remove an AP that is probably out of range from the BSS list to avoid
such disconnections. In particular mac80211-based drivers use the
WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in locally generated
disconnection events for cases where the AP does not reply anymore.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
As the scan channels might need to change when the channel list has been
updated by the kernel. Use the simulated sched_scan timeout
(wpas_scan_restart_sched_scan()) to handle a possible race where an
ongoing sched_scan has stopped asynchronously while trying to restart a
new sched_scan.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Add a testing mechanism to allow association disallowed set by AP to be
ignored. This can be used to verify AP behavior for disallowing a
specific association.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Implement "SET ignore_auth_resp <0/1>" command to simulate auth/assoc
response loss and EAPOL RX packet loss by ignoring corresponding
incoming events.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
When an interface becomes disabled (e.g., when RF-kill becomes blocked)
we should clear the stored scan results to avoid maintaining stale
information.
Fix this by flushing the BSS entries when an interface becomes
disabled.
Signed-off-by: Moshe Benji <moshe.benji@intel.com>
The new network profile parameter group_rekey can now be used to specify
the group rekeying internal in seconds for IBSS.
Signed-off-by: Jouni Malinen <j@w1.fi>
If the driver indicates a roamed event with already completed
authorization, altAccept = TRUE could have resulted in the EAP state
machine ending up in the FAILURE state from the INITIALIZE state. This
is not correct behavior and similar cases were already addressed for FT
and WPA-PSK. Fix the offloaded roamed+authorized (EAP/PMKSA caching)
case by doing similar changes to EAPOL/EAP state variable updates during
association event handling.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows P2P Listen to be offloaded to device to enhance power
saving.
To start P2P listen offload, from wpa_cli interface, issue the command:
p2p_lo_start <freq> <period> <interval> <count>
To stop P2P listen offload, issue the command:
p2p_lo_stop
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a new "timeout" argument to the event message if the nl80211 message
indicates that the connection failure is not due to an explicit AP
rejection message. This makes it easier for external programs to figure
out why the connection failed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The P2P Device interface can only send Public Action frames. Non-Public
Action frames must be sent over a group interface. The previous
implementation sometimes tried to send non-Public Action frames such as
GO Discoverability over the P2P Device interface, however, the source
address of the frame was set to the group interface address so the code
in offchannel.c knew to select the correct interface for the TX.
The check breaks when the P2P Device and group interfaces have the same
MAC address. In this case the frame will be sent over the P2P Device
interface and the send will fail.
Fix this problem in two places:
1. In offchannel, route non-Public Action frames to the GO
interface when the above conditions are met.
2. When a TX_STATUS event arrives on such routed frame, it will
arrive on the GO interface but it must be handled by the P2P Device
interface since it has the relevant state logic.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
The NL80211_CMD_WIPHY_REG_CHANGE can be handled by any of the
interfaces that are currently controlled by the wpa_supplicant.
However, some applications expect the REGDOM_CHANGE event to be
sent on the control interface of the initially added interface
(and do not expect the event on any of child interfaces).
To resolve this, when processing NL80211_CMD_WIPHY_REG_CHANGE,
find the highest parent in the chain, and use its control interface
to emit the CTRL-EVENT-REGDOM-CHANGE event.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Since ieee80211w=2 is an explicit configuration to wpa_supplicant, the
connection attempt for such non-PMF (non-RSN) capable networks should be
skipped.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Handle radio measurement request that contains LCI request. Send
measurement report based on a configurable LCI report element. The LCI
report element is configured over the control interface with
SET lci <hexdump of the element>
and cleared with
SET lci ""
Signed-off-by: David Spinadel <david.spinadel@intel.com>
When a station starts an association to a Hotspot 2.0 network, request
the driver to do the following, based on the BSS capabilities:
1. Enable gratuitous ARP filtering
2. Enable unsolicited Neighbor Advertisement filtering
3. Enable unicast IP packet encrypted with GTK filtering if
DGAF disabled bit is zero
Clear the filter configuration when the station interface is
disassociated.
Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
Add a new value 2 to the pbss parameter of wpa_ssid structure, which
means "don't care". This value is used in infrastructure mode to request
connection to either AP or PCP, whichever is available in the scan
results. The value is also used in regular WPS (not P2P group formation)
to make WPS work with devices running as either AP or PCP.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Commit dd271857a5 ('Skip normal scan when
PNO is already in progress') fixed issues with normal scans getting
rejected by the driver when PNO scan is already running. The part about
skipping such a scan request is fine, but the part about clearing
wpa_s->pno back to 0 in EVENT_SCHED_SCAN_STOPPED handler is problematic.
If PNO is stopped ("SET pno 0") and then restarted ("SET pno 1")
immediately, it is possible for the EVENT_SCHED_SCAN_STOPPED event from
the stopping part to be received only after the new PNO instance has
been started. This would have resulted in clearing wpa_s->pno and the
driver and wpa_supplicant getting out of sync. This would then prevent
PNO from being stopped with "SET pno 0" (that fails if wpa_s->pno == 0).
Fix this race condition by reverting the wpa_s->pno = 0 addition from
the EVENT_SCHED_SCAN_STOPPED handler.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. Since there are no non-IE fields in the
Probe Request frames, get the location of the variable length IEs simply
by using the pointer to the frame header and the known header length.
Signed-off-by: Jouni Malinen <j@w1.fi>
The initial connection to an ESS was already explicitly increasing the
likelihood of picking a 5 GHz BSS. While the throughput estimation is
likely to do same for the roaming decision, it might be possible that
that does not cover all cases. Add couple of dB extra preference for 5
GHz in case the roaming decision falls back to comparing signal levels.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new wpa_supplicant command line argument -M can be used to describe
matching rules with a wildcard interface name (e.g., "wlan*").
This is very useful for systems without udev (Linux) or devd (FreeBSD).
Signed-off-by: Roy Marples <roy@marples.name>
Interface additions/removals are not guaranteed to be for the driver
listening to the kernel events. As such, send the events to
wpa_supplicant_event_global() which can then pick the correct interface
registered with wpa_supplicant to send the event to.
Signed-off-by: Roy Marples <roy@marples.name>
The 4-way handshake fails with the error "WPA: No wpa_ie set - cannot
generate msg 2/4" while connecting to OSEN network with drivers that
indicate used Association Request frame elements because OSEN IE is not
handled in wpa_supplicant_event_associnfo() if data->assoc_info.req_ies
is not NULL.
Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
(Re)Association Response frame with status code other than 0 is now
notified over DBUS as a part of PropertiesChanged signal. This can be
used by application in case AP is denying association with status code
17 (band steering) so that it does not interfere in the BSSID selection
logic of wpa_supplicant.
Signed-off-by: Naveen Singh <nasingh@google.com>
An interface can be disabled while it has an ongoing scan request.
In such a case, when the scan results notification is received,
it was being ignored (as the interface is already disabled) so the
scan state was not cleared. This can cause undetermined behavior
for the next scan request.
To handle this, clear the scan state when EVENT_SCAN_RESULTS is
received and the interface is disabled.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Commit 02e122a995 ('Reschedule scan from
wpas_stop_pno if it was postponed') uses wpa_s->scanning as the only
condition for automatically starting a postponed scan request from
EVENT_SCHED_SCAN_STOPPED event handler. However, wpa_s->scanning may be
set for sched_scan and as such, this can result in unexpected extra
scans without there having been any real postponed request.
Make this more accurate by verifying that there really is a pending
request for a scan before speeding up its start.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If WPA2 is used, MBO AP must enable PMF. Refuse to select a BSS that has
MBO and WPA2 enabled without PMF.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add the transition candidate list to BSS Transition Management Response
frame. The candidates preference is set using the regular wpa_supplicant
BSS selection logic. If the BSS transition request is rejected and
updated scan results are not available, the list is not added.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Add parsing of MBO IE in BSS Transition Management Request frames. If
the MBO IE includes the association retry delay attribute, do not try to
reconnect to the current BSS until the delay time is over.
If the MBO IE includes the cellular data connection preference attribute
or the transition rejection reason attribute, send a message to upper
layers with the data.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Prevent association to MBO APs that have association disallowed
attribute in MBO IE in Beacon or Probe Response frames.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.
Add a new "pbss" argument to network block. The argument is used
in the following scenarios:
1. When network has mode=2 (AP), when pbss flag is set will start
as a PCP instead of an AP.
2. When network has mode=0 (station), when pbss flag is set will
connect to PCP instead of AP.
The function wpa_scan_res_match() was modified to match BSS according to
the pbss flag in the network block (wpa_ssid structure). When pbss flag
is set it will match only PCPs, and when it is clear it will match only
APs.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Since hostapd supports ACS now, let's enable its support in
wpa_supplicant as well when starting AP mode.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
[u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master]
[u.oelmann@pengutronix.de: adjusted added text in defconfig]
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Let's reuse hostapd code for such handling. This will be useful to get
ACS support into wpa_supplicant where this one needs to handle the
survey event so it fills in the result ACS subsystem will require.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
[u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master]
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Previously, when wpa_supplicant received bgscan results with a preferred
network, it connected to that network without disconnecting from the
previous one. This might result in an inconsistent state of upper
layers.
Fix this by disconnecting from the current AP before connecting to the
new one when the network profile changes and there is an existing
connection.
Signed-off-by: Ayala Beker <ayala.beker@intel.com>
If scan results arrive during the connection process, the network
selection function was called, interrupting the current connection.
While a regular scan is mutually exclusive with connection establishment
via the nature of radio work, there's no such protection for scheduled
scan. Prevent network selection while a connection is in progress.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Previously, MB IEs were parsed only from association event. Try to get
MB IEs from other management frames like Probe Response frames. The MB
IEs from the association event may not be up-to-date and in some cases
may actually be missing and updating the information based on other
frames can improve robustness of FST exchanges.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows offloaded roaming to inform user space of the change in IP
subnet post roaming. The device may have roamed to a network which is in
a different subnet which will result in IP connectivity loss. Indicating
the change in subnet enables the user space to refresh the IP address or
to perform IP subnet validation if unknown status is indicated.
The driver indication is reported with a new event from wpa_supplicant
in the following format:
CTRL-EVENT-SUBNET-STATUS-UPDATE status=<0/1/2>
where
0 = unknown
1 = IP subnet unchanged (can continue to use the old IP address)
2 = IP subnet changed (need to get a new IP address)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If "STA_AUTOCONNECT 0" has been used to disable automatic connection on
disconnection event and the driver indicates a failure for the data
connection after successful WPS handshake, it is possible to hit a case
where wpa_s->disconnected is set to 1 and further attempts to connect
shall stop.
While "STA_AUTOCONNECT 0" is used to disable automatic reconnection
attempts in general, this specific WPS case can benefit from trying
again even with that configuration for a short period of time. Extend
the wpa_supplicant re-enable-networks-after-WPS 10 second timeout to
apply for ignoring disabled STA_AUTOCONNECT immediately after a WPS
provisioning step.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
The AP is not expected to send out a WNM-Sleep Mode Response frame
without the STA trying to use WNM-Sleep Mode. Drop such unexpected
responses to reduce unnecessary processing of the frame.
Signed-off-by: Jouni Malinen <j@w1.fi>