When initializing, the scheduled scan code was being called before
everything is ready. With normal scans, the first scan round is
delayed, so the initialization is finished by the time it really
starts.
Add a function that can be used to request a delayed scheduled scan.
The scan will only start after the specified time has elapsed. Call
this function instead of starting the scheduled scan directly during
driver initialization.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Pass SSIDs to be matched in scheduled scan results. Only the SSIDs
that are included in the match lists will be reported by the driver,
so the filtering can be offloaded to the hardware and the power
consumption can be reduced.
Signed-off-by: Luciano Coelho <coelho@ti.com>
This patch uses sched_scan, if available, when the driver is
initialized. It also adds a couple of cancel operations where
appropriate.
Signed-off-by: Luciano Coelho <coelho@ti.com>
In new Linux kernel versions (>=3.0), nl80211 adds scheduled scan
capability. In order to use this feature to its full extent, we need
to support it in the wpa_supplicant core, so that it can also be used
by other drivers.
This commit adds initial scheduled scan support operations and events.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Move some code to separate functions to reorganize the P2P and WPS
handling during scans. This makes the code a bit cleaner and is
needed for the scheduled scan implementation to avoid duplicated code.
Signed-off-by: Luciano Coelho <coelho@ti.com>
Clear the P2P GO callback parameters when removing the group to avoid
using these for non-P2P AP mode.
This is a fix for the bug I found in the following scenario:
A) p2p_group_add
A) p2p_group_remove wlan0
A) add_n
A) set_n 0 ssid "testap"
A) set_n 0 key_mgmt NONE
A) set_n 0 mode 2
A) set_n 0 frequency 2412
A) enable_n 0
B) try connect to testap
Authentication request will be always rejected because of
HOSTAPD_ACL_REJECT and not cleaned callbacks when group removed.
This allows the AP to be selected based on the BSSID when WPA-PSK
is used with a passphrase. The PSK will be derived from the passphrase
after the SSID has been learned from scan results.
This implements GAS request mechanism that is aimed at being used to
replace use case specific GAS/ANQP implementations in the future.
Compared to the earlier implementation in P2P SD, this implementation
includes support for multiple concurrent requests and more thorough
validation of frames against the pending query data.
GAS header processing, including comeback and reassembly, are handled
within gas_query.c and the users of this module will only need to
provide the Query Request and process the (possibly reassembled)
Query Response.
GAS/ANQP is a generic protocol and in no way specific to P2P, so move
routines used to build GAS/ANQP frames to a separate file that can be
shared for other uses than just P2P service discovery.
The new function, p2p_scan_ie_buf_len(), can be used to figure out
how large a buffer needs to be allocated for p2p_scan_ie() use. This
makes it easier to add new data into the buffer without forcing all
callers to be updated to use a larger buffer.
The P2P search mechanism depends on the same scan functionality that
is used for station mode scans. If these operations are being used
at the same time, scan result processing is not handled properly.
Avoid unexpected behavior by delaying station mode scan requests
if a P2P operation is in progress.
Among other things, this allows the station mode connection attempt
to be continued after a P2P find or group formation has been completed
if the interface is available (i.e., when the P2P group uses a
separate virtual interface).
If the initial attempt to start a scan for p2p_find fails, an error
is reported. However, the P2P scan handler and search state was
left behind. That can result in unexpected behavior when the next
non-P2P scan results are indicated. Avoid this by clearing the
P2P search state on failure.
There is no need to request periodic bgscans when the driver claims
to have capability for roaming within ESS. Ignoring the bgscan
configuration allows the same configuration file to be used both
with drivers the handle roaming and with drivers that don't.
If the driver indicates that it supports BSS selection (including
roaming within an ESS) with WPA_DRIVER_FLAGS_BSS_SELECTION, modify
ap_scan=1 mode to behave like ap_scan=2 mode for BSS selection.
The initial scan is still done to avoid the need for strict
configuration of or security parameters (e.g., to figure out whether
TKIP or CCMP is being used as the group cipher). However, when
requesting the driver to connect, the bssid and freq parameters are
not provided to leave the driver in control of selecting which BSS
to use and to allow the driver to decide when to roam.
These protocols seem to be abandoned: latest IETF drafts have expired
years ago and it does not seem likely that EAP-TTLSv1 would be
deployed. The implementation in hostapd/wpa_supplicant was not complete
and not fully tested. In addition, the TLS/IA functionality was only
available when GnuTLS was used. Since GnuTLS removed this functionality
in 3.0.0, there is no available TLS/IA implementation in the latest
version of any supported TLS library.
Remove the EAP-TTLSv1 and TLS/IA implementation to clean up unwanted
complexity from hostapd and wpa_supplicant. In addition, this removes
any potential use of the GnuTLS extra library.
wpa_supplicant returns the PIN in reply to the connect method. Treating
this value as an integer runs the risk of not returning the correct
value if the first digit(s) happens to be a zero(es). To return the
correct PIN it needs to be returned as a string.
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Angie Chinchilla <angie.v.chinchilla@intel.com>
The default discovery type is to search for devices only on social
channels. Expand this to also support an initial full scan followed by the
scan of social channels as well as the progressive scan that scans through
all the channels in the Search state rounds. This does not change the
default of scanning only social channels although there is currently a
discrepancy wrt the default used by wpa_cli, which is the full scan first.
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Angie Chinchilla <angie.v.chinchilla@intel.com>
When parsing a dict entry which is an array of an array of bytes the entry
representing the dict entry has DBUS_TYPE_ARRAY as its type and
WPAS_DBUS_TYPE_ARRAY as its array_type. The function freeing this parsed
data incorrectly tested the entry type for WPAS_DBUS_TYPE_ARRAY while doing
no testing of this value for array_type. This results in a memory leak
whenever a D-Bus message with this type of data is parsed.
Messages affected are:
fi.w1.wpa_supplicant1.Interface.P2PDevice
using RequestedDeviceTypes with Find method
using SecondaryDeviceTypes or VendorExtension with P2PDeviceProperties
fi.w1.wpa_supplicant1.Group
using WPSVendorExtensions with Properties property
All of the above messages are parsed with the same function,
wpa_dbus_dict_get_entry, so the assignment of the entry's type and
array_type is consistent. The parsed data is also consistently freed with
the same function, wpa_dbus_dict_entry_clear, so we can use the same checks
to free the data correctly.
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Angie Chinchilla <angie.v.chinchilla@intel.com>
The action done handling needs to abort an off-channel period since one
might have been used for example for GO negotiation and after action
done the code assumes it can start a new off-channel period.
This fixes a bug I introduced when adding support for
in-kernel off-channel transmissions.
Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
eapol_test command line argument -o<file> can now be used to request
the received server certificate chain to be written to the specified
file. The certificates will be written in PEM format. [Bug 391]
The proactive_key_caching parameter was missed in mapping the
config_ssid data into the WPA state machine configuration. This
prevented addition of PMKSA cache entries based on PMKSA caching
candidate events.
This allows drivers to disable CCK rates from Probe Request frames.
For nl80211, this is currently applying only to the supported rates
element(s), but this mechanism could be extended to address TX rate
control masking, too, to lessen need for global rate disabling.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
The P2P specification (3.1.4.3) disallows use of the Label configuration
method between two P2P devices. This was previously enforced at upper
level, but the obsolete code can be removed from wpa_supplicant. This
adds a bit more strict enforcement of the policy, but should not result
in practical differences since no known P2P implementation uses Label
config method.
If a network configuration block is removed or modified, flush
all PMKSA cache entries that were created using that network
configuration. Similarly, invalidate EAP state (fast re-auth).
The special case for OKC on wpa_supplicant reconfiguration
(network_ctx pointer change) is now addressed as part of the
PMKSA cache flushing, so it does not need a separate mechanism
for clearing the network_ctx values in the PMKSA cache.
The previous code was trying to figure out which WPA version is
used based on the extra IEs requested for Association Request. That
did not work properly in cases where non-WPA networks are used with
some extra IEs. Fix this by using more robust mechanism for passing
the WPA versions from core wpa_supplicant to the driver_ops
associate().
Instead of hardcoding the Config Methods attribute value in Probe
Request frames, set this based on the configured parameter
config_methods to allow correct set of methods to be advertised.
This change is a first step in better supporting different driver
architectures for AP mode operations with nl80211. This commit in
itself does not add new functionality, but it makes it easier to add
new AP mode parameters to address needs of drivers that have more of
the MLME/SME in firmware or kernel.
Various pieces of the P2P code assume that P2P is enabled, so make
the D-Bus code not call the P2P stuff if P2P is disabled. Also
ensures that if P2P is disabled a suitable error is returned to
the D-Bus caller.
Signed-off-by: Dan Williams <dcbw@redhat.com>
The read, write, read-write permissions can be figured out from
getter/setter function pointers, so there is no need for maintaining
that information separately.
If uapsd is explicitly enabled, set conf->bss->wmm_enabled and
conf->bss->wmm_uapsd to enable (and advertise) uapsd.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
These properties are already correctly treated as bytes for the local
device, we need to do same for peers.
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
A number of fixes/improvements here:
1) Remove casting of getter/setter function types which allows
us to change the prototypes in the future and not have hard-to-find
runtime segfaults
2) Instead of having the getters create a fake reply message which
then gets its arguments copied into the real reply message, and is
then disposed, just pass message iters around and have them add
their arguments to the message itself
3) For setters, just pass in the message iter positioned at the
start of the argument list, instead of each setter having to skip
over the standard interface+property name
4) Convert error handling to use DBusError and return the error
back down through the call stacks to the function that will
actually send the error back to the caller, instead of having a
fake DBusMessage of type DBUS_MESSAGE_TYPE_ERROR that then
needs to have the error extracted from it.
But most of all, this fixes various segfaults (like rh #725517
and #678625) which were caused by some functions deep down in the
getter callpaths wanting a source DBusMessage* when the getters were
used for two things: signals (which don't have a source DBusMessage)
and methods (which will have a source DBusMessage that's being
replied to). This duality made the code fragile when handling
errors like invalid IEs over the air.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Fix the previous code that was hardcoding the p2p parameter based
on the driver P2P capability regardless of whether the connection
was really used for P2P or not.
Currently, wpa_driver_nl80211_authenticate() changes the interface type
to station. However, in case of P2P, we need to change the interface
type to P2P_CLI.
Add p2p field to the authentication params, and consider it for choosing
the correct interface type.
Signed-off-by: Eliad Peller <eliad@wizery.com>
This makes sure that the old connection is not maintained if the new
configuration does not allow it anymore. In addition, it is better to
use wpa_supplicant_clear_connection() instead of just clearing
wpa_s->current_ssid here to keep things in sync.
When the BSS table size limit has been reached, drop first the oldest
BSS entries for which there is not a matching network in the
configuration based on SSID (wildcards are ignored). This makes it
less likely to hit connection issues in environments with huge number
of visible APs.
Only accept Probe Request frames that have a Wildcard BSSID and a
destination address that matches with our P2P Device Address or is the
broadcast address per P2P specification 3.1.2.1.1.
The current implementation of p2p_intra_bss doesn't work since the flag
isn't propagated into the corresponding hostapd config, so AP code will
never enable AP isolation and will in fact disable it again after it had
been enabled by the P2P code.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The paths pointer could have been NULL when going through the shared
freeing path in error case. Avoid the NULL pointer dereference by
checking whether that is the case. In addition, remove unnecessary
gotos to make the function more readable.
Add support to wpa_supplicant for device-based GTK rekeying. In order to
support that, pass the KEK, KCK, and replay counter to the driver, and
handle rekey events that update the latter.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Previous ft_ies needs to be removed before supplicant starts a new FT
initial association and this requires the ft_used state to be cleared
here.
Signed-off-by: Hong Wu <hong.wu@dspg.com>
If the driver supports HT20, set the config parameter ieee80211n
to enable it. This does not enable HT40.
Signed-off-by: Angie Chinchilla <angie.v.chinchilla@intel.com>
Regardless of how the AP mode is disabled, wpa_supplicant_ap_deinit()
must be called. Make sure this happens on all paths by calling the
deinit function from wpa_supplicant_mark_disassoc().
In general, this patch attemps to extend commit
00468b4650 with dbus support.
This can be used by dbus client to implement subject match text
entry with preset value probed from server. This preset value, if
user accepts it, is remembered and passed to subject_match config
for any future authentication.
Signed-off-by: Michael Chang <mchang@novell.com>
This is required for cross-compilation support on certain
platforms to avoid changing the pkg-config files themselves.
Signed-off-by: David James <davidjames@chromium.org>
Signed-off-by: Paul Stewart <pstew@chromium.org>
Make sure that the WPA and EAPOL state machines do not hold a pointer
to a network configuration that is about to be freed. This can fix
potential issues with references to freed memory.
Fix a NULL pointer dereference in commit
3734552f15 in the case of PBC overlap and
timeout case.
Signed-off-by: Jean-Michel.Bachot <jean-michelx.bachot@intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Signed-off-by: Angie Chinchilla <angie.v.chinchilla@intel.com>
Some P2PDevice properties were not updated in p2p->cfg structure:
reg_class, channel, op_reg_class, and op_channel. Hence, update p2p->cfg
parameters through p2p core calls in wpas_p2p_update_config().
Signed-off-by: Jean-Michel.Bachot <jean-michelx.bachot@intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Signal is triggered if an error occurs during WPS provisioning phase.
Signed-off-by: Jean-Michel.Bachot <jean-michelx.bachot@intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Extend commit c2762e410f to allow
applications to manage (add/remove) persistent groups and accepted
network object paths while invoking a persistent group.
This can be used to activate the keep alive mechanism enabled in
mac80211. Allows to trigger Peer Disconnected signal if signal is lost
on a P2P peer.
Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Move level parameter from p2p_device to p2p_device_info in order to
expose this information and modify D-Bus P2P handler to return this new
parameter through the P2P device properties.
Signed-off-by: Fabien Marotte <fabienx.marotte@intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Do not emit network objects during P2P group formation since such
network objects can confuse certain apps. Instead, a persistent group
object is created to allow apps to keep track of persistent groups.
Persistent group objects only represent the info needed to recreate the
group.
Also fixes a minor bug in the handling of persistent group objects
during WPS operations.
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Append "P2P" to capability information if supported by device.
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Need to define CONFIG_NO_PBKDF2 even though the crypto cleanup moved
the function to a separate file since there is conditional code in
wpa_supplicant/config.c. In addition, wpa_passphrase should not be
built at all if passphrase functionality is removed.
These checks were previously skipped if the scan result included WPA
or RSN IE. However, that can result in selecting a network that does
not match local configuration in some cases.
There are some corner cases, where the wpa_supplicant_req_scan() call
may end up scheduling a scan even if we are about to start a GO. Avoid
this by explicitly marking the GO network to be selected for the next
connection.
Some new code we're working on will require the dbus type "aay" (an
array of arrays of bytes). To add this, refactor the array code to
reduce code duplication by given a type string to the array starting
code, and also add code to create and parse such arrays from or into an
array of struct wpabuf respectively.
Since there's no unique DBus type for this, add a "fake"
WPAS_DBUS_TYPE_BINARRAY type that is separate from the regular DBus
types for parsing.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Moved wpas_dbus_new_decompose_object_path from dbus_new_handlers.c
to dbus_new_helpers.c.
Signed-off-by: Fabien Marotte <fabienx.marotte@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This can be used to avoid rejection of first two 4-way handshakes every
time hostapd (or wpa_supplicant in AP/IBSS mode) is restarted. A new
command line parameter, -e, can now be used to specify an entropy file
that will be used to maintain the needed state.
Processing of the scan results for RSN pre-authentication candidates
was moved to happen before the network was selected. This resulted in
all candidates being dropped due to no SSID having been configured.
Fix this by moving the processing to happen after the network has
been selected. Since the raw scan results are not available at that
point, use the BSS table instead of scan results to fetch the
information.
When using the p2p_oper_reg_class configuration option instead of
p2p_group_add freq parameter, the operating class 124 was not
processed correctly. Include that class in the list of 5 GHz classes
for the p2p_oper_reg_class to resolve this.
Both the SA and IEs from the received Probe Request frames must be
included and the Probe Request RX callback functions may assume that
these are not NULL.
When comparing BSS table entries, handle empty concatenated
vendor-specific IE differently from completely missing IE. This
does not change anything for the only currently compared IE that
can be fragmented (WPS IE), but it is better to have the generic
code here ready for any possible new IE that could be used in
with zero-length data.
Better make sure the address value included in the event message gets
cleared in case the GO Device Address is not known for some reason.
Previously, this could potentially have been some random data from
stack should we ever hit the case where wpa_s->current_ssid is not
set (which should not really happen in normal use cases).
It is now possible to configure the the time in seconds that
wpa_supplicant waits before requesting a new scan after failing to find
a suitable network in scan results.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
If WPA/WPA2 was enabled in the configuration, the non-WPA exception
could allow an incorrect AP to be selected from scan results. Do
not use the exception if WPA/WPA2 is enabled in configuration.
Commit c76e5d7f9b moved the
ap_configured_cb() call into a completion callback from AP mode code.
However, this callback can be called before hostap_setup_interface()
returns. In that case, the ap_configured_cb() ended up getting
called before the wpa_supplicant connection information was updated.
Fix this by reordering code to set up everything before calling
hostapd_setup_interface().
This should fix EAPOL reauthentication and rekeying timeout issues
with Intel clients when using WMM (e.g., with IEEE 802.11n). These
stations do not seem to be able to handle EAPOL data frames as
non-QoS Data frames after the initial setup.
This adds STA flags to hapd_send_eapol() driver op to allow
driver_nl80211.c to mark the EAPOL frames as QoS Data frame
when injecting it through the monitor interface.
If the scan interval switches to the short interval soon after a
scan, bgscan_simple should not immediately scan again. However,
it should also make sure that the next scan occurs no later than
the new, short scan interval.
Signed-off-by: Paul Stewart <pstew@google.com>
We gain diminishing returns by the short scan interval. The short
scan interval is used to hunt for a better AP if the RSSI of the
current AP drops. However, if we never roam, and the AP continues
to have low RSSI, at some point we should give up and return to
the slow background scan rate, otherwise we waste a lot of power.
Signed-off-by: Paul Stewart <pstew@google.com>
It is not guaranteed that we will get a CQM signal shortly after setting
up monitoring. In order to establish the correct initial background
scanning rate, poll directly for the signal strength.
Signed-off-by: Paul Stewart
This provides a means for the supplicant to directly request signal
quality metrics from the driver. This is useful, for example for
background scan algorithms that might ask desire this information
out-of-band with CQM events.
Signed-off-by: Paul Stewart <pstew@google.com>
The "debug_strings" private array in dbus_new_handles.c has fallen out
of sync with wpa_debug.h. Add the new "excessive" level to the head of
the list, realigning everything.
Signed-off-by: Paul Stewart <pstew@google.com>
Change the old design of running a single long living RSN IBSS
instance to keep a separate instance for each IBSS connection.
This fixes number of issues in getting keys set properly for
new connections and is in general quite a bit more correct
design.
Replace compile-time BSS cache expiration age and scan count by config
parameters that can be set via wpa_cli and the new D-Bus API. The latter
is done with interface properties BSSExpireAge and BSSExpireCount.
Move the code snippet to switch on bgscan over to wpa_supplicant.c
from event.c, so that it can be activated on wpa_supplicant_set_state().
Also create a centralized place to switch off bgscan. bgscan is now
turned on in COMPLETED, not ASSOCIATED.
This adds a new command to the interface to remove all configured
netblocks. Without this it's necessary to query properties on the
interface and explicitly remove each netblock.
This fixes an issue seen in our wifi testbed, where we frequently
switch the SSID of the AP. wpa_supplicant's BSS list will have, for
example both <bssid, "Check11b"> (from the previous test) and <bssid,
"Check11g"> (from the current test) - note that the bssid is the same for
both. The (old) D-Bus API for fetching scan responses from wpa_supplicant
is fetch-by-bssid, so the caller (flimflam) incorrectly believes we're
associated with <bssid, "Check11b">.
Add an "Interface.FlushBSS" method to the new D-Bus API and a "flush"
method to the old API. Both take an age parameter that is a threshold
(in seconds) for selecting entries to evict. Setting this parameter
to zero flushes all entries from the cache.
This mechanism is useful for a connection manager to clear state at
startup and on resume (where the age parameter may be used to hold
onto recent/valid data).
This provides feature parity with the old-style D-Bus API. Explicit
properties to control global parameters is preferred but until that
happens this allows doing things like setting pkcs11_engine_path and
pkcs11_module_path via D-Bus.
The AP code might, currently only in the case of HT40, defer actual
enabling to after a scan. In this case, the wpa_s AP code gets confused.
Add a callback for it to use and make it use it to finish only when the
setup has actually completed.
With appropriate hacks in place this allows using HT40 in P2P mode.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When wpa_s scans in AP mode, it doesn't propagate the scan event to the
AP code, so that code can get stuck if it uses the callbacks there.
Simply call them where appropriate.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This adds the ability to add WPS vendor extension attributes in P2P
frames, like GO Negotiation and Probe Response frames.
Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of converting back and forth from the string representation,
always use the binary representation internally.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The secondary device type list is an optional attribute in the WSC IE.
Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
There's a bug in the getter for the 'Interfaces' property
of /fi/w1/wpa_supplicant1 (new D-Bus interface) which causes a
'Segmentation Fault' when there are multiple interfaces.
Chooses between EAP and non-EAP authentication modes and
uses the appropriate method to retrieve the name.
Signed-off-by: Paul Stewart <pstew@google.com>
Use a specific return value, WPS-PBC-OVERLAP, to indicate a reason
for rejecting a wps_pbc command in wpa_supplicant AP mode if the
PBC mode cannot be started due to PBC session overlap having been
detected during monitor time.
If the wpa_supplicant configuration file does not specify an UUID,
we need to copy the generated UUID, not the all zeros buffer
reserved for the configured UUID.
Instead of generating a different UUID for each interface, use the
same UUID that was either configured of generated for the first
interface. This avoids potential issues with PBC session overlap
detection should multiple interfaces end up running a PBC scan
at the same time which may happen at least in some P2P use cases.
If there is already a link the requested peer, request start of
renegotiation instead of completely new link. This seems to be needed
to allow some driver to accept the trigger for a new negotiation.
These special test cases can be configured at run time with "wpa_cli
tdls_testing <value>" where <value> is an integer (either as a decimal
or as a hex value with 0x prefix) bitmap of special features with
following bits available at this point:
bit 0 = long frame (add dummy subelement to make FTIE very long)
bit 1 = use alternative RSN IE (different RSN capab value and no extra
replay counters)
bit 2 = send incorrect BSSID in Link Identifier of TDLS Setup Request
(e.g., 1 = long FTIE, 2 = different RSN IE, 3 = both of those)
This is disabled by default and can be enabled for the build by
adding the following line to .config:
CFLAGS += -DCONFIG_TDLS_TESTING
This allows driver wrappers to indicate whether the association was
done using Association Request/Response or with Reassociation
Request/Response frames.
Add a notification function for the result of an invitation.
Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add a notification for received GO negotiation requests.
Signed-off-by: Konguraj(Raj) Kulanthaivel <konguraj.kulanthaivel@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The DBus code will want to have perfect matching of dev_found and the
dev_lost it adds so it doesn't need to keep track internally. Enable
that with a new flag in the core that tracks whether we have already
notified about this -- the existing users can ignore it.
The part where this is always set to 1 if the new device is discovered
by a driver that has P2P in the driver is buggy -- the driver should
feed the P2P peer database and then that should feed the notification
here instead.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This embeds some information about each P2P peer that will be publically
visible in a struct that is shared.
The dev_found notification function is also passed the new struct, which
requires some work for the driver-based P2P management.
Signed-off-by: Konguraj(Raj) Kulanthaivel <konguraj.kulanthaivel@intel.com>
Signed-off-by: Fabien Marotte <fabienx.marotte@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Previous code was assuming that the P2P module is always initialized.
However, that is not the case anymore with drivers that do not support
P2P. Add verification of whether P2P is enabled before trying to execute
P2P commands.
mac80211 authentication or association operation may get stuck for some
reasons, so wpa_supplicant better use an internal timer to recover from
this.
Signed-off-by: Ben Greear <greearb@candelatech.com>
GO may use M2D to notify that PBC overlap was detected if the GO was
configured to allow only a specific P2P Device to connect using PBC.
We need to report the M2D message on the parent interface if a
separate group interface is used. In addition, we can stop the P2P
operation if PBC overlap was indicated similarly to what we are
already doing in th case the overlap is detected locally.
Some of the wpa_supplicant control interface commands, like WPS_PIN,
may not include a newline in the end of the response. This can result
in the response being lost when wpa_cli redraws the screen after an
event message. Add a newline after such responses in interactive mode
to avoid the problem.
When FT protocol run is completed with FT-EAP, the EAPOL state machine
needs to be notified of the completed authentication to make sure it
does not try to start new authentication.
This converts number of debugging messages to use wpa_msg() in order
to allow the interface name to be shown with the messages.
A new function, wpa_dbg(), is introduced to allow
CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is
otherwise identical with wpa_msg(), but it gets compiled out if stdout
debugging is disabled.
This is needed to allows WPS PBC session overlap detection to work
with drivers that process Probe Request frames internally. This
code is is run in hostapd, but the wpa_supplicant AP mode did not
have call to the hostapd_probe_req_rx() function even though it
registered handlers for hostapd Probe Request RX callbacks.
An optional parameter, p2p_dev_addr, can now be given to WPS_PBC
command on P2P GO to indicate that only the P2P device with the
specified P2P Device Address is allowed to connect using PBC. If
any other device tries to use PBC, a session overlap is indicated
and the negotiation is rejected with M2D. The command format for
specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g.,
WPS_PBC p2p_dev_addr=02:03:04:05:06:07
In addition, show the PBC session overlap indication as a WPS failure
event on an AP/GO interface. This particular new case shows up as
"WPS-FAIL msg=4 config_error=12".
This makes log files much more readable if multiple interfaces
are being controlled by the same process. The interface name is
added to stdout/file/syslog entries, but not to the messages
sent to control interface monitors to avoid issues with parsing
in external programs.
Signed-off-by: Ben Greear <greearb@candelatech.com>
When the network was provisioned, we need to get the keys to be able to
reconnect without new provisioning. To be able to publish those keys but
not normally configured ones, add a new attribute to struct wpa_ssid
indicating whether or not keys may be exported.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
There are two issues with p2p_long_listen:
1) max_remain_on_channel is assumed to be 5 seconds,
2) if max_remain_on_channel is not a full multiple of
seconds, accounting breaks.
Fix these by converting p2p_long_listen to ms and
tracking it according to max_remain_on_channel.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When using FT-EAP, the second half of MSK is used as the starting
point for PMK key hierarchy. Configure that instead of the first
half of MSK when using FT with driver-based 4-way handshake and
FT protocol.
This was previously done for WPA/WPA2-Personal as part of association
processing when the driver is implementing 4-way handshake. The
portValid needs to be done for WPA/WPA2-Enterprise to get the proper
EAPOL authentication completed callback to configure PMK to the driver.
I tried these commands:
./wpa_cli -i wlan0 p2p_group_add
./wpa_cli -i wlan0 p2p_find
The second one results in following messages because it is invalid
operation.
-------
nl80211: Scan trigger failed: ret=-95 (Operation not supported)
P2P: Failed to start p2p_scan
-------
But the second one shows "OK" on control console.
This patch makes it to show "FAIL".
There is no real reason to maintain these in the current development
branch anymore. If someone really needs support for the obsolete
driver interfaces, these can be found in older wpa_supplicant
branches.
driver_atmel.c
- vendor-specific interface for ATMEL AT76C5XXx cards
- for some old out-of-tree driver; not for the upstream atmel*
drivers
driver_ndiswrapper.c
- vendor-specific interface for an out-of-tree driver
- ndiswrapper should work with driver_wext.c, too
driver_ipw.c
- vendor-specific interface for old ipw2100/2200 driver
- the upstream driver works with driver_wext.c (and does not work
with the old interface)
driver_hermes.c
- vendor driver that was not even included in the main wpa_supplicant
releases
This avoids an issue when a received EAPOL-Key frame from a peer
is initiating IBSS RSN Authenticator and Supplicant for the peer
and the following new-STA-in-IBSS event from the driver is adding
yet another instance of Authenticator/Supplicant. The EAPOL-Key
RX case was already checking whether an instance had been started;
the driver new-STA event needs to do same.
The driver may get confused if we set the initial TX GTK before having
fully configured and connected to an IBSS, so better delay this
operation until the connection (join/start IBSS) has been completed.
If the EAPOL processing times out (e.g., if the AP stops replying
to messages for some reason) during WPS negotiation, we need to
indicate WPS-FAIL event from eapol_cb since no other WPS failure is
reported for this particular case.
Previously, only the Configuration Error values were indicated in
WPS-FAIL events. Since those values are defined in the specification
it is not feasible to extend them for indicating other errors. Add
a new error indication value that is internal to wpa_supplicant and
hostapd to allow other errors to be indicated.
Use the new mechanism to indicate if negotiation fails because of
WEP or TKIP-only configurations being disallows by WPS 2.0.
Previously, both NULL and ff:ff:ff:ff:ff:ff addr were used in various
places to indicate default/broadcast keys. Make this more consistent
and useful by defining NULL to mean default key (i.e., used both for
unicast and broadcast) and ff:ff:ff:ff:ff:ff to indicate broadcast
key (i.e., used only with broadcast).
Use NULL instead of (u8 *) "" as the seq value and make sure the
driver wrapper implementations can handle NULL value. This was
previously already done in number of places, but not everywhere.
The BSS table entries may be in more or less random order and it is
better to show the most likely WPS configuration method in a way that is
somewhat more consistent instead of just showing the method of the first
BSS entry found in the table.
The proto configuration may be left to non-zero when moving from one
configuration to another. To avoid misidentifying a network
configuration as enabling WPA, check key_mgmt field, too.
This adds partial callbacks and events to allow P2P management to be
implemented in a driver/firmware. This is not yet complete and is
very much subject to change in the future.
CONFIG_WPS_REG_DISABLE_OPEN=y can be used to configure wpa_supplicant
to disable open networks by default when wps_reg command is used to
learn the current AP settings. When this is enabled, there will be a
WPS-OPEN-NETWORK ctrl_iface event and the user will need to explicitly
enable the network (e.g., with "select_network <id>") to connect to
the open network.
With the new kernel functionality coming to Linux to allow off-channel
TX, we can take advantage of that in the P2P code that currently uses
remain-on-channel. If a driver advertises support for it, it will be
asked to handle off-channel TX by itself.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The nl80211 driver can report low ACK condition (in fact it reports
complete loss right now only). Use that, along with a config option, to
disconnect stations when the data connection is not working properly,
e.g., due to the STA having went outside the range of the AP. This is
disabled by default and can be enabled with disassoc_low_ack=1 in
hostapd or wpa_supplicant configuration file.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The WPS mode was already verified when the AP was configured for
WPA/WPA2, but this was not done with AP that was in open mode.
Fix this by allowing wpa_supplicant_ssid_bss_match() to be called
in non-WPA configuration, too. With this change, wps_pbc BSSID
command will wait until the specified target AP is in active PBC
mode before trying to connect to it.
If a station received unprotected Deauthentication or Disassociation
frame with reason code 6 or 7 from the current AP, there may be a
mismatch in association state between the AP and STA. Verify whether
this is the case by using SA Query procedure. If not response is
received from the AP, deauthenticate.
This implementation is only for user space SME with
driver_nl80211.c.
Some new code I'm working on will need the scan_res_handler assigned all
the time in certain circumstances, so the easiest way is to reset it
within the handler. This is currently prevented by the way the code in
the event handler works -- change that to permit such usage.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The array's type should be given as the proper
DBUS_TYPE_STRING_AS_STRING, but evidently it
doesn't matter since it's all packed into a
variant type.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
If there is a pending GO Negotiation when p2p_cancel is used,
unauthorize the peer to avoid immediate reconnection from being
accepted without a new p2p_connect command.
We should cancel group formation completely on PBC overlap instead
of just partially notifying that operations were stopped. There is
no point in waiting for the group formation timeout in this case.
Previously, pairwise and group cipher suites were configured only
when kernel SME (nl80211 connect API) was used. However, mac80211
needs this information even in the user space SME case for one
thing: to disable HT when TKIP/WEP is used. Add
NL80211_ATTR_CIPHER_SUITES_PAIRWISE to fix this special case with
user space SME. This allows mac80211 to disable HT properly when
the AP is configured with configuration that is not allowed.
This add preliminary code for setting the per-STA RX GTK for
RSN IBSS when nl80211 drivers. For some reason, this does not
seem to fully work, but at least driver_nl80211.c is now aware of
what kind of key is being set and the whatever is missing from
making this key configuration go through should be specific to
nl80211/cfg80211.
This unref is guaranteed to be freeing a NULL pointer.
Tested manually: use dbus-send to send an invalid debug level parameter
Before change:
$ dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply
/fi/w1/wpa_supplicant1 org.freedesktop.DBus.Properties.Set
string:fi.w1.wpa_supplicant1 string:DebugLevel variant:string:msgdumpf
Error org.freedesktop.DBus.Error.NoReply: Message did not receive a reply
(timeout by message bus)
(and then wpa_supplicant crashes)
After change:
$ dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply
/fi/w1/wpa_supplicant1 org.freedesktop.DBus.Properties.Set
string:fi.w1.wpa_supplicant1 string:DebugLevel variant:string:msgdumpf
Error fi.w1.wpa_supplicant1.InvalidArgs: Did not receive correct message
arguments.
Signed-off-by: Paul Stewart <pstew@google.com>
When controlling multiple virtual interfaces on the same physical
radio, share the scan results events with sibling interfaces. This
decreases the time it takes to connect many virtual interfaces.
This is currently only supported on Linux with cfg80211-based
drivers when using nl80211 or wext driver interface.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Some drivers are not providing exactly reliable error codes (e.g.,
with WEXT), but others may actually indicate reliable information.
Allow driver wrappers to indicate if that is the case and use
optimizations if so. For now, this improves nl80211 with
NL80211_CMD_CONNECT for a case where connection request fails.
mac80211 can indicate this mainly because of channel selection
conflicts with other vifs. If there is another BSS on another
channel, we should try to connect to it instead.
WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P flag can now be used to
indicate that the initial interface (e.g., wlan0) is used for
P2P management operations and potentially non-P2P connections.
This is otherwise identical to
WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE, but the possibility of
non-P2P connections makes some operations differ.
This may make it less likely for udev to rename the interface that
would previously have been called wlan0-p2p-# (now: p2p-wlan0-#).
In addition, add some workaround code to handle the case where the
main interface name is close to the IFNAMSIZ length limit to
avoid going over that for the P2P group interface.
In theory, the interface name could be longer than IFNAMSIZ in
some systems, so use the same size buffer for this field as is
used with the main interface name.
Some other dnsmasq users (like libvirt) seem to be binding the DHCP
server to all interfaces which prevents the previously used mechanism
here from working (bind on the DHCP socket fails). If a failure is
noticed, try to start dnsmasq with -z option to avoid that.
Move the previously SME specific optimization code into generic
function that can be used from non-SME code, too, and use it to
handle disconnection events. In other words, allow disconnection
event to trigger similar optimized scanning case to handle a
common load balancing mechanism. If there is another BSS in the
same ESS when we receive a disconnection event, scan only the
known frequencies of such other BSSes on the next attempt to
speed up recovery.
The special case of requiring blacklisting count to be 2 or higher
is only needed when more than a single network is currently enabled.
As such, we should not do that when only a single network is enabled.
This make the station more likely to follow network side load
balancing attempts where the current AP may disassociate us with
an assumption that we would move to another AP.
When authentication or association fails when trying to connect to
a BSS in an ESS that has multiple BSSes based on previous scans,
limit the first recovery scan to only the known channels that has
been seen previously. This speeds up recovery in some of the most
commonly used load balancing mechanisms in enterprise WLAN
networks.
There were various issues in how the SME (i.e., nl80211-based driver
interface) handled various authentication and association timeouts and
failures. Authentication failure was not handled at all (wpa_supplicant
just stopped trying to connect completely), authentication timeout
resulted in blacklisting not working in the expected way (i.e., the same
BSS could be selected continuously), and association cases had similar
problems.
Use a common function to handle all these cases and fix the blacklist
operation. Use smaller delay before trying to scan again during the
initial cycle through the available APs to speed up connection. Add
a special case for another-BSS-in-the-same-ESS being present to
speed up recovery from networks with multiple APs doing load balancing
in various odd ways that are deployed out there.
assoc_freq needs to be cleared when an interface gets disconnected.
This fixes an issue where P2P Action frame transmission may fail
because of missing remain-on-channel operation when using the same
interface for group operations (or non-P2P connections) and P2P
management operations.
The wpa_supplicant_event() EVENT_TX_STATUS ack field needs to be
converted to use wpas_send_action_tx_status()
enum p2p_send_action_result in this case, too, to avoid getting
incorrect TX status for P2P processing.
By default, make hostapd and wpa_supplicant maintain an internal
entropy pool that is fed with following information:
hostapd:
- Probe Request frames (timing, RSSI)
- Association events (timing)
- SNonce from Supplicants
wpa_supplicant:
- Scan results (timing, signal/noise)
- Association events (timing)
The internal pool is used to augment the random numbers generated
with the OS mechanism (os_get_random()). While the internal
implementation is not expected to be very strong due to limited
amount of generic (non-platform specific) information to feed the
pool, this may strengthen key derivation on some devices that are
not configured to provide strong random numbers through
os_get_random() (e.g., /dev/urandom on Linux/BSD).
This new mechanism is not supposed to replace proper OS provided
random number generation mechanism. The OS mechanism needs to be
initialized properly (e.g., hw random number generator,
maintaining entropy pool over reboots, etc.) for any of the
security assumptions to hold.
If the os_get_random() is known to provide strong ramdom data (e.g., on
Linux/BSD, the board in question is known to have reliable source of
random data from /dev/urandom), the internal hostapd random pool can be
disabled. This will save some in binary size and CPU use. However, this
should only be considered for builds that are known to be used on
devices that meet the requirements described above. The internal pool
is disabled by adding CONFIG_NO_RANDOM_POOL=y to the .config file.
We can automatically accept invitations that are for a persistent
group that is already running. There is no need to confirm this
separately or preparare a new group interface.
When an Invitation to reinvoke a persistent group is accepted,
we need to make sure that any pending p2p_find or p2p_listen
operation gets stopped to avoid consuming all radio resources
doing device discovery while the group is being set up.
The duplicated WPS event in the parent interface should only be used
during P2P group formation, i.e., when the WPS operation was actually
started using the parent interface. When authorizing a client to
connect to an already running group, the WPS command is issued on
the group interface and there is no need to duplicate the event to
the parent interface.
This pointer is now used in number of places to check whether an
interface is in P2P Group Formation, so we better make sure it gets
cleared when group formation has been completed. This was done in
only some of the cases.
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change then.
In other words, the protocol is allowed to continue past M2, but
is stopped at M7 when AP is in this mode. WPS IE does not
advertise AP Setup Locked in this case to avoid interoperability
issues.
In wpa_supplicant, use ap_setup_locked=2 by default. Since the AP PIN
is disabled by default, this does not enable any new functionality
automatically. To allow the read-only ER to go through the protocol,
wps_ap_pin command needs to be used to enable the AP PIN.
The pending_invite_ssid_id of -1 (running group, not persistent) was
being stored incorrectly in the group interface, not device interface
(i.e., parent of the group interface) and consequently, the incorrect
information was used when processing the Invitation Response.
If there was a persistent group credentials stored with network id
0, those were used instead to try to set up a persistent group
instead of using the already running group.
Since the P2P peer entry may not have been available at the time the
join request was issued, we need to allow the P2P Interface Address
to be updated during join-scans when the P2P peer entry for the GO
may be added.
If the GO is not found, we cannot send Provisioning Discovery Request
frame and cannot really connect anyway. Since the Provisioning
Discovery is a mandatory part, it is better to continue join-scan
until the GO is found instead of moving to the next step where
normal connection scan is used (PD would not be used from there).
Use a limit of 10 scan attempts for p2p_connect join to avoid getting
in infinite loop trying to join. If the GO is not found with those
scans, indicate failure (P2P-GROUP-FORMATION-FAILURE) and stop the
join attempt.
CONFIG_WPA_CLI_EDIT=y can now be used to build wpa_cli with internal
implementation of line editing and history support. This can be used
as a replacement for CONFIG_READLINE=y.
Instead of using a separate process to receive and print event
messages, use a single-process design with eloop to simply
wpa_cli and interaction with readline.
Instead of multiple #ifdef blocks for readline within the function,
use two copies of the functions, one for readline, one without any
readline functionality.
When running "p2p_connect addr pbc join" command, send the
WPS-OVERLAP-DETECTED even also to the parent interface (i.e.,
the one on which the p2p_connect was issued) and not only the
group interface in case separate P2P group interfaces are used.
The driver wrapper may now indicate the preferred channel (e.g., based
on scan results) on both 2.4 GHz and 5 GHz bands (and an overall best
frequency). When setting up a GO, this preference information is used
to select the operating channel if configuration does not include
hardcoded channel. Similarly, this information can be used during
GO Negotiation to indicate preference for a specific channel based
on current channel conditions.
p2p_group_add command can now use special values (freq=2 and freq=5)
to indicate that the GO is to be started on the specified band.
wpa_supplicant_set_driver() is returning an error if the first driver
in the driver list is not built in. It should continue through the
driver list until it finds one that's built in.
If IEE8021X_EAPOL is not enabled in the config, wpa_drv_set_supp_port
must be called from the supplicant, otherwise port will not be
activated after association.
Commit d8d940b746 introduced a regression
that prevented TSN APs from being used with WEP since the AP was
rejected if it advertised WPA or RSN IE when we were configured to use
WEP. Resolve this by checking whether the AP is advertising a TSN, i.e.,
whether the AP allows WEP to be used as a group cipher. If so, allow
the AP to be selected if we are configured to use static WEP or
IEEE 802.1X (non-WPA).
It should be noted that this is still somewhat more restricted in AP
selection than earlier wpa_supplicant branches (0.7.x or older) that
ignore the WPA/RSN IE completely when configured for non-WPA.
The driver may end up leaving the current channel when we request
a new remain-on-channel and as such, it is better not assume we can
start new operations like sending an Action frame on the previous
off-channel.
If we have already asked the driver to start a new remain-on-channel,
we need to cancel it even if the actual remain-on-channel has not yet
started at the point when a new operation or timeout etc. triggers
Listen state to be stopped.
Even if p2p_scan_res_handler() returns 1 to indicate that scan result
iteration should be stopped, the p2p_scan_res_handled() needs to be
called to clear p2p_scan_running and to get a callback that will start
any operations that were delayed because of the running scan.
There is no need to separately move to the correct channel
for transmitting an Action frame that is using the group
interface (i.e., source address is P2P Interface Address).
This removes extra latency from P2P Action frame operations
within a P2P group.
This is an option to continue with wpa_supplicant and hostapd even if
config file has errors. The problem is that these daemons are the best
"candidates" for the config change, so if they can not start because
config file was let's say corrupted, you can not fix it easily.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This could have been using an uninitialized variable instead of
purposefully random value in picking up the channel. There is not
much of a difference for the use case here, but anyway, we may
as well do what was initially planned here and.
The destination address for p2p_serv_disc_resp must always be set
to an individual MAC address unlike p2p_serv_disc_req which may use
00:00:00:00:00:00 to indicate wildcard query. As such, we should not
try to check for this special case here.
The ieee80211_sta_free_hw_features() function is now used outside
the MLME code, so better make sure it gets included in the build
to avoid leaking memory.
Add a new driver event, EVENT_INTERFACE_UNAVAILABLE, for indicating
that the driver is not able to continue operating the virtual
interface in its current mode anymore, e.g., due to operating
channel for GO interface forced to a DFS channel by another virtual
interface.
When this happens for a P2P group interface, the P2P group will
be terminated and P2P-GROUP-REMOVED event shows the reason for
this as follows:
P2P-GROUP-REMOVED wlan0 GO reason=UNAVAILABLE
Replacing the BSSID with 'any' has never worked with wps_reg
command, so better not claim it could work. In addition, reject
this is wpa_supplicant to make it clearer that the operation
fails.
A new configuration parameter, p2p_group_idle, can now be used to set
idle timeout value for P2P groups in seconds (0 = no timeout). If set,
this values is used to remove P2P group (both GO and P2P client)
interfaces after the group has been idle (no clients/GO seen) for the
configuration duration.
The P2P-GROUP-REMOVED event is now indicating the reason for group
removal when known. For example:
P2P-GROUP-REMOVED wlan0 GO reason=REQUESTED
P2P-GROUP-REMOVED wlan1 client reason=IDLE
The driver wrapper may indicate EVENT_CHANNEL_LIST_CHANGED before
completing init(). This would likely result in segfault when driver
channel list is being read as part of processing this event when
P2P is enabled.
This command can be used to enroll a network based on a local
network configuration block instead of having to (re-)learn the
current AP settings with wps_er_learn.
This is not supposed to happen, but in theory, the GO may end up
changing its channels at some point. While it would be reasonable
to use one of the common channels, GO may be forced to use another
channel. The most likely reason for this would be if the P2P client
is enforcing only a single channel to be used (e.g., to avoid
multi-channel concurrent operations).
The P2P group component is now tracking of associated stations
in the group and the Group Limit bit in the Group Capabilities
is updated based on whether there is room for new clients in
the group.
This driver capability limit was supposed to indicate limit on
how many stations can associate with us in the AP mode, not how
many P2P peers are stored in the peer table.
The workaround to ignore no ctrl::ack received for GO Negotiation
Confirmation frame was only supposed to be used when the frame was
actually transmitted and just the ack was not received. However, due
to the way the driver failure on transmitting the frame were reported,
this ended up getting applied for all failures in sending the GO
Negotiation Confirmation frame.
Improve this by providing a mechanism to indicate whether send_action
operations fail locally before the frame was actually transmitted or
because of not receiving ack frame after having transmitted the frame.
This is needed to work around cases where the pending interface gets
removed, e.g., due to failed GO Negotiation. In such case, we may still
accept new GO Negotiation to be completed, but the interface did not
get created without a separate p2p_connect command.
The current implementation is not ideal since the re-created interface
may, at least in theory, get incorrect interface addrees. Though, this
would likely require that the driver supported more than one P2P group
interface and that the previous one was already taken into use for
another group.
This is a workaround for incorrect configuration (missing
virtual/physical identifier for config methods) for WPS 2.0 to
allow unmodified configuration from WPS 1.0 to be used while
enforcing compliant WPS 2.0 values.
The AP operation with wpa_supplicant requires an additional callback
to get the needed event information from hostapd side so that
wpa_msg() can be called for wpa_s->parent if needed.
This makes it easier to figure out what could have failed in the
WPS protocol and potentially provide more information for the
user on how to resolve the issue.
The driver wrapper can now indicate whether the driver supports
concurrent operations on multiple channels (e.g., infra STA connection
on 5 GHz channel 36 and P2P group on 2.4 GHz channel 1). If not,
P2P_CONNECT commands will be rejected if they would require
multi-channel concurrency.
The new failure codes for P2P_CONNECT:
FAIL-CHANNEL-UNAVAILABLE:
The requested/needed channel is not currently available (i.e., user has
an option of disconnecting another interface to make the channel
available).
FAIL-CHANNEL-UNSUPPORTED:
The request channel is not available for P2P.
Allow only the expected P2P Interface Address as the BSSID for
the AP to avoid selecting incorrect BSS should there be another
device that is advertising active PBC mode before the target
P2P GO does.
When the P2P state machine requests a remain- on-channel, there's a
potential race where it can then request a stop before the r-o-c has
actually started, in which case the stop will not be processed. Fix
that.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The new DBus API helper function wpas_dbus_error_unknown_error
function can be called as a result of a failure within internal
getter calls, which will call this function with a NULL message
parameter. However, dbus_message_new_error looks very unkindly
(i.e, abort()) on a NULL message, so in this case, we should not
call it.
I've observed this course of events during a call to
wpas_dbus_getter_bss_wpa with a faileld parse of the IE parameter.
We got here through a call to fill_dict_with_properties which
explicitly calls getters with a NULL message parameter. Judging
from the way it is called, this could easily occur if an AP sends
out a malformed (or mis-received) probe response. I usually run
into this problem while driving through San Francisco, so I'm
exposed to any number of base stations along this path.
This patch changes wpa_supplicant policy for handling '' in SSIDs field of
Interface.SSID DBus message. It treats '' (zero-length) SSID as a request
for a broadcast scan, instead of ignoring it.
This patch updates DBus API .Scan() logic per the test cases listed below:
1) Interface.Scan({'Type':'active', 'Channel':(2412, 20)})
Request: Active scan with only '' SSID (1 channel)
Should be: 1 broadcast ProbeRequest on specified channel
Previous: 1 broadcast ProbeRequest on specified channel
This Patch: 1 broadcast ProbeRequest on specified channel
2) Interface.Scan({'Type':'active', 'Channel':(2412, 20), 'SSIDs':['']})
Request: Active scan with only '' SSID (1 channel)
Should be: 1 broadcast ProbeRequest on specified channel
Previous: No ProbeRequests; passive scan results for specified channel
This Patch: FIXED: 1 broadcast ProbeRequest on specified channel
3) Interface.Scan({'Type':'active', 'Channel':(2412, 20), 'SSIDs':['MySSID']})
Request: Active scan with only non-'' SSIDs (1 channel)
Should be: 1 directed ProbeRequest for each SSID on specified channel,
no broadcast ProbeRequest
Previous: 1 directed ProbeRequest for each SSID on specified channel,
no broadcast ProbeRequest
This Patch: 1 directed ProbeRequest for each SSID on specified channel,
no broadcast ProbeRequest
4) Interface.Scan({'Type':'active', 'Channel':(2412, 20), 'SSIDs':['',
'MySSID']})
Request: Active scan with SSIDs, including 1 '' SSID (1 channel)
Should be: 1 broadcast ProbeRequest, 1 directed ProbeRequest for each
non-'' SSID on specified channel
Previous: 1 directed ProbeRequest for each non-'' SSID on specified
channel
This Patch: FIXED: 1 broadcast ProbeRequest, 1 directed ProbeRequest for
each non-'' SSID on specified channel
Currently the DBus Interface.Scan API is counter-intuitive. It issues
ProbeRequests when doing passive scans when channels are specified, and
does not issue ProbeRequests for broadcast active scans.
This patch updates DBus API .Scan() logic per the test cases listed below:
1) Interface.Scan({'Type':'passive'})
Request: Passive scan (all channels)
Should be: No ProbeRequests; Passive Scan results for all channels
Previous: 1 ProbeRequest on all channels for both broadcast SSID and
selected network (scan_ssid=1)
This Patch: --No change--: 1 ProbeRequest on all channels for both
broadcast SSID and selected network (scan_ssid=1)
2) Interface.Scan({'Type':'passive', 'Channel':(2412, 20)})
Request: Passive scan (1 channel)
Should be: No ProbeRequests; Passive Scan results for 1 channel
(plus overlapping channels)
Previous: 1 broadcast ProbeRequest on specified channel
This Patch: --Fixed--: No ProbeRequests; Passive Scan results for 1
channel (plus overlapping channels)
3) Interface.Scan({'Type':'active'})
Request: Active scan with no SSIDs (all channels)
Should be: 1 broadcast ProbeRequest on all channels
Previous: No ProbeRequests; passive scan results for all channels
This Patch: --Fixed--: 1 broadcast ProbeRequest on all channels
4) Interface.Scan({'Type':'active', 'Channel':(2412, 20)})
Request: Active scan with no SSIDs (1 channel)
Should be: 1 broadcast ProbeRequest on specified channel
Previous: No ProbeRequests; Passive scan results for specified
channel (plus overlapping channels)
This Patch: --Fixed--: 1 broadcast ProbeRequest on specified channel
The previous used .gitignore files were mathing some files that
were actually already in the repository (e.g.,
hostapd/logwatch/hostapd). Avoid this by listing the conflicting
entries in the root directory .gitignore with full path.
This cleans up debug log from unnecessary entries when using
wpa_cli/hostapd_cli or other ctrl_iface monitors that PING
periodically to check connectivity.
WPS 2.0 mandates the AP to include WPS IE in (Re)Association Response
if the matching (Re)Association Request included WPS IE. Provide the
needed WPS IE information to the driver_ops API for drivers that
process association frames internally.
Note: This modifies the driver_ops API by adding a new argument to
set_ap_wps_ie().
Instead of build time options (CONFIG_WPS_TESTING_EXTRA_CRED and
CONFIG_WPS_EXTENSIBILITY_TESTING), use a single build option
(CONFIG_WPS_TESTING) and runtime configuration of which testing
operations are enabled. This allows a single binary to be used
for various tests.
The runtime configuration can be done through control interface
with wpa_cli/hostapd_cli commands:
Enable extensibility tests:
set wps_version_number 0x57
Disable extensibility tests (WPS2 build):
set wps_version_number 0x20
Enable extra credential tests:
set wps_testing_dummy_cred 1
Disable extra credential tests:
set wps_testing_dummy_cred 0
Previously, wpa_supplicant remaining in scanning state without
trying to connect, but there is no particular need to do that.
Instead, cancel WPS operation completely whenever PBC session
overlap is detected.
Disconnection event may be received while in associating state.
Previously, wpa_supplicant could get stuck not trying to reconnect
in that case at least with nl80211. Allow scan request in this
state to avoid the issue. This helps especially with APs that do
load balancing by sending Deauthentication frame as a response to
Reassociation Request frame after successful Authentication frame
exchange.
ctrl_interface STA_AUTOCONNECT command can now be used to disable
automatic reconnection on receiving disconnection event. The default
behavior is for wpa_supplicant to try to reconnect automatically, i.e.,
to maintain previous behavior.
The overlap condition cannot disappear before group formation timeout
hits, so there is no point in continuing in this case and failure can
be indicated immediately.
This allows the pending group interface to be removed if we fail
to join a running group. A longer than 15 second timeout is needed
here since the GO may not have authorized our connection yet.
A new ctrl_interface command, WPS_CANCEL, can now be used to cancel
a pending or ongoing WPS operation. For now, this is only available
with wpa_supplicant (either in station or AP mode). Similar
functionality should be added for hostapd, too.
The scan operation before Provision Discovery Request may not include
the GO. However, we are likely to have the GO in our P2P peer table,
so use that information to figure out the operating channel if BSS
table entry is not available.
This is needed to make sure we do not try to accidentally enable GO
in channels that may not be allowed. In addition, this may help with
some driver that do not like channel 14 even as a passive scan
channel.
This command is supposed to return the PIN value that was generated
or passed in as an argument. In the AP case, the entered PIN was not
being returned.
This is needed to be able to change parameters for dynamically
created interfaces between the creation of the interface and
association/start AP commands.
Following ctrl_interface commands can now be used:
P2P_SET client_apsd disable
- disable configuration (i.e., use driver default) in client mode
P2P_SET client_apsd <BE>,<BK>,<VI>,<VO>;<max SP Length>
- enable UASPD with specific trigger configuration (0/1) per AC
(max SP Length is currently ignored)
P2P_SET go_apsd disable
- disable configuration (i.e., use driver default) in AP mode
P2P_SET go_apsd <0/1>
- disable/enable APSD in AP mode
This event indicates the Device Password ID that the peer tried
to use in GO Negotiation. For example:
P2P-GO-NEG-REQUEST 02:40:61:c2:f3:b7 dev_passwd_id=4
If enabled, cross connection allows GO to forward IPv4 packets
using masquerading NAT from the P2P clients in the group to an
uplink WLAN connection. This is disabled by default and can be
enabled with "wpa_cli p2p_set cross_connect 1" on the P2P device
interface.
For now, this applies to the test command that can be used to set
periodic NoA (p2p_set noa). The value are stored and periodic NoA
is enabled whenever there are no non-P2P STAs connected to the GO.
While this is not strictly speaking required by the P2P specification
for a not-P2P Managed Device, this can provide useful information for
the P2P manager AP and may be needed to pass certification tests.
For client-invites-device case, the pre-authorization of an invitation
to running group will need to allow Invitation Request from specified
address, too. This is for testing uses only.
"wpa_cli p2p_set peer_filter <MAC address>" can now be used to
only allow a single P2P Device (based on P2P Device Address) to be
discovered for testing. Setting the address to 00:00:00:00:00:00
disables the filter.
This is mainly designed for testing and allows p2p_connect join auth
to be used to accept a specific invitation to an active group that
may be received in the future.
The driver event for remain-on-channel may be delayed in a way that
allows management-frame-received event to be received before
wpa_supplicant knows that the driver is actually already on the
previously requested channel. We should not request a new
remain-on-channel to send a response to just a frame if we are waiting
for the driver to get to the same channel. Instead, just continue
waiting for the driver event.
When the first wpa_supplicant interface is not the correct one for
transmitting an Action frame (e.g., P2P Presence Request frame
uses a group interface), the code got stuck in an infinite busy
loop. Fix the iteration to go through the interfaces properly.
If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and
reject the frames if any of the mandatory attributes is missing or if an
included attribute uses an invalid value. In addition, verify that all
mandatory attributes are included and have valid values in the WSC
messages.
Advertize list of authorized enrollee MAC addresses in Beacon and
Probe Response frames and use these when selecting the AP. In order
to provide the list, the enrollee MAC address should be specified
whenever adding a new PIN. In addition, add UUID-R into
SetSelectedRegistrar action to make it potentially easier for an AP
to figure out which ER sent the action should there be multiple ERs
using the same IP address.
Verify that the driver wrapper is using a valid deauth/disassoc
event before dereferencing the addr pointer. The address is required
to be set in AP mode, but it is safer to verify this here than to
trust on all driver wrappers doing the correct thing.
Some NDIS drivers require a workaround to allow them to associate
with a WPS AP that is already using protection (Privacy field = 1).
Let driver_ndis.c know if the AP is already using Privacy and if so,
configure a dummy WEP key to force the driver to associate.
Commit d8d940b746 broke the logic on
iterating through all configured network blocks. This was supposed
to continue the loop on mismatch to allow other than the first
configured network to be found.
This patch adds support for wired IEEE 802.1X client on the Solaris.
I have tested with these:
OS : OpenSolaris 2009.06
EAP : EAP-MD5
Switch : Cisco Catalyst 2950
The driver is likely to indicate an immediate signal event when the
threshold value is configured. Since we do this immediately after
association, there is not much point in requesting a new scan to be
started based on this event.
The driver is likely to indicate an immediate signal event when the
threshold value is configured. Since we do this immediately after
association, there is not much point in requesting a new scan to be
started based on this event.
This removes quite a bit of duplicated code and allows network block
priority configuration to be used to prefer unprotected networks and
also allows use on open network with good signal strength even if
scan results show a protected network with marginal signal strength
that does not allow it to be used.
The wpa_supplicant compilation without CONFIG_WPS option results in
messages below.
scan.c: In function 'wpa_supplicant_scan':
scan.c:246: warning: unused variable 'wps'
This trivial patch erases this warning.
This clears up authentication state in the driver and in case of
cfg80211, unlocks the BSS entry for the previously used AP. The
previous commit cf4783e35f changed
only the ctrl_iface DISCONNECT command behavior; this new commit
does the same for D-Bus commands.
wpa_s->bssid is already cleared by mark_disassoc() when we're getting the
disassociation event for the case where wpa_supplicant requested
disassociation. wpa_s->sme.prev_bssid holds the BSSID we need to check
for, so use that instead.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
When passing several authentication algorithms through auth_alg, we
should try all of them when the first one fails. The wext driver goes
through the connect nl80211 command and the retries are then handled by
the kernel. The nl80211 doesn't and we have to handle that from
userspace.
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This is needed to avoid trying to reassociate based on new scan
results when using wpa_supplicant to control AP mode. This could
happen if something external triggered the driver to run a scan.
When SME is in wpa_supplicant (mac80211), we need to make sure that
the kernel code has valid BSS entry for the AP. In some cases it
seemed to be possible to end up not having current information in
cfg80211 or mac80211 which can result to association failures. Avoid
this by always running through the scan request before initial
connection attempt.
It is possible that l2_packet is not used with wpa_supplicant
in some cases, so better make sure we do not end up notifying
l2_packet code about authentications unless it was actually
initialized in the first place.
Store list of all discovered BSSes in the ESS and on which frequencies
they have been seen. Use this information to dynamically generated the
list of channels for background scans.
The AP configuration may change after provisioning, so it is better
not to use the current security policy to prioritize results. Instead,
use WPS Selected Registrar attribute as the main sorting key and use
signal strength next without considering security policy or rate sets.
The non-WPS provisioning case remains as-is, i.e., this change applies
only when trying to find an AP for WPS provisioning.
Addition of the background scanning mechanism in commit
60b94c9819 moved the scan trigger
into a new function that was also incrementing the scan_runs
counter, but the removal of the previous scan_runs incrementation
was forgotten from that patch. This counter should only be updated
into a single location, so remove the old one. This improves AP
selection for WPS provisioning by not skipping some of the initial
scans.
wps_er_config can now be used to configure an AP. It is similar to
wps_er_learn, but instead of only learning the current AP settings,
it continues to send M8 with the new settings for the AP.
wps_er_start command now takes an optional parameter that can be used
to configure a filter to only allow UPnP SSDP messages from the
specified IP address. In practice, this limits the WPS ER operations
to a single AP and filters out all other devices in the network.
This avoids an invalid D-Bus call during interface initialization.
The wpa_state change can happen before the D-Bus interface is set up,
so we must be preparted to handle this early event signal. In theory,
it should be possible to reorder initialization code to make sure
D-Bus signals are ready, but that would likely require quite a bit of
code restructuring, so it looks like a safer option for now is to just
skip the early event.
The wpa_supplicant compilation with CONFIG_AP option and without
CONFIG_IEEE80211R, CONFIG_WPS, NEED_SME, CONFIG_CLIENT_MLME options
results in following messages.
../src/ap/drv_callbacks.o: In function `hostapd_notif_assoc':
../src/ap/drv_callbacks.c:59: undefined reference to
`ieee802_11_parse_elems'
gmake: *** [wpa_supplicant] Error 1
Add a new wpa_supplicant state: interface disabled. This can be used
to allow wpa_supplicant to be running with the network interface even
when the driver does not actually allow any radio operations (e.g.,
due to rfkill).
Allow driver_nl80211.c and driver_wext.c to start while rfkill is in
blocked state (i.e., when ifconfig up fails) and process rfkill
events to block/unblock WLAN.
Use regular expression matches to see if input is not the (now translated?)
string "Select any network" and is a "<network id>: <ssid>" string or the
"all" keyword where that is applicable.
Signed-off-by: Kel Modderman <kel@otaku42.de>
This allows wpa_supplicant to be started quickly with an empty
configuration. If an external program wants to fetch scan results
from wpa_supplicant, it will need to request a scan explicitly
in this type of case.
Add "wpa-ft-psk", "wpa-psk-sha256", "wpa-ft-eap" and "wpa-eap-sha256"
possible KeyMgmt values of interface capabilities to fit values in
BSS RSN options dictionary.
This adds more details into the CTRL-EVENT-DISCONNECTED event to
make it easier to figure out which network was disconnected in some
race conditions and to what could have been the reason for
disconnection. The reason code is currently only available with
the nl80211 driver wrapper.
These bursts can result in control interface monitors being detached
even if the external program is still working properly. Use much larger
error threshold for ENOBUFS to avoid this.
There is no absolute requirement for separating address allocation
into separate functions, so simplify the driver wrapper interface
to use just if_add and if_remove instead of adding the new
alloc_interface_addr() and release_interface_addr() functions.
if_add() can now indicate if the driver forced a different interface
name or address on the virtual interface.
Scan only the frequency that was used during provisioning during the
first five scans for the connection. This speeds up connection in the
most likely case where the AP remains on the same channel. If the AP is
not found after these initial scans, all channels will be scanned.
'wpa_cli roam <bssid>' can now be used to test roaming within an ESS
(e.g., for FT over-the-air). This command will bypass a new scan and
will select the BSS based on the specified BSSID. It is responsibility
of the caller to make sure that the target AP is in the BSS table.
This can be done, e.g., by running a scan before the roam command,
if needed.
Instead of parsing the IEs in the callers, use the already existing
parser in wpa_ft.c to handle MDIE and FTIE from initial MD association
response. In addition, this provides more complete access to association
response IEs to FT code which will be needed to fix FT 4-way handshake
message 2/4.
This sets the FT Capability and Policy field in the MDIE to the values
received from the target AP (if available). This fixes the MDIE contents
during FT Protocol, but the correct value may not yet be used in initial
mobility domain association.
When using wpa_supplicant SME (i.e., using nl80211), the rsn_supp
module was not informed of the WPA/RSN IE that was used in
(Re)Association Request frame. This broke roaming between APs that
use different security policy (e.g., changing between WPA/TKIP and
WPA2/CCMP APs) or when using PMKSA caching.
This allows bgscan modules to use more information to decide on when
to perform background scans. bgscan_simple can now change between
short and long background scan intervals based on signal strength
and in addition, it can trigger immediate scans when the signal
strength is detected to be dropping.
bgscan_simple takes following parameters now:
short interval:signal strength threshold:long interval
For example:
bgscan="simple:30:-45:300"
This can be used to limit which frequencies are considered when
selecting a BSS. This is somewhat similar to scan_freq, but will
also affect any scan results regardless of which program triggered
the scan.
Need to kill the monitor process before running detach command on
the monitor connection to avoid race where the monitor process may
end up getting the detach command result.
Previously, this was only done with userspace MLME (i.e., driver_test.c);
now, driver_nl80211.c can deliver the FT Action Response (FT-over-DS)
for processing. The reassociation after successful FT Action frame
exchange is not yet implemented.
Despite comments in the wpa_config_update_prio_list(struct wpa_config
*config) telling that it is called "if priority for a network is
changed", it is apparently not.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
This patch allows wpa_supplicant to compile on Debian's kfreebsd
architectures.
Patch by Stefan Lippers-Hollmann based on work done by Petr Salinger
and Emmanuel Bouthenot for 0.6.X (http://bugs.debian.org/480572).
filter_ssids=1 global configuration parameter can now be used to
enable scan result filtering (with -Dnl80211 only for now) based on
the configured SSIDs. In other words, only the scan results that have
an SSID matching with one of the configured networks are included in the
BSS table. This can be used to reduce memory needs in environments that
have huge number of APs.
New global configuration parameter bss_max_count can now be used to
change the maximum BSS table size. The old fixed size limit (200) is
used as the default value for this parameter.
wpa_supplicant can now be notified of suspend/resume events, e.g.,
from pm-action scripts. This allows wpa_supplicant to clear information
that may become invalid during a suspend operation.
This is needed to allow the BSS table entry for the previously used
BSS to be removed. Now wpa_bss_in_use() can return 0 for the last BSS
that was used as soon as deauthentication/disassociation event has been
received.
Some drivers may need to use a specific ifname for the virtual
interface, so allow them to do this with a new parameter passed
to the alloc_interface_addr() handler.
CFLAGS += -DCONFIG_WPA_CLI_FORK=y in .config can be used to
configure wpa_cli build to make a version of wpa_cli that forks
a child process to receive event messages. This allows the events
to be shown immediately instead of having to wait for the next
periodic poll with PING.
This allows external programs (e.g., UI) to get more information
about server certificate chain used during TLS handshake. This can
be used both to automatically probe the authentication server to
figure out most likely network configuration and to get information
about reasons for failed authentications.
The follow new control interface events are used for this:
CTRL-EVENT-EAP-PEER-CERT
CTRL-EVENT-EAP-TLS-CERT-ERROR
In addition, there is now an option for matching the server certificate
instead of the full certificate chain for cases where a trusted CA is
not configured or even known. This can be used, e.g., by first probing
the network and learning the server certificate hash based on the new
events and then adding a network configuration with the server
certificate hash after user have accepted it. Future connections will
then be allowed as long as the same server certificate is used.
Authentication server probing can be done, e.g., with following
configuration options:
eap=TTLS PEAP TLS
identity=""
ca_cert="probe://"
Example set of control events for this:
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' hash=5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=8 depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' err='Server certificate chain probe'
CTRL-EVENT-EAP-FAILURE EAP authentication failed
Server certificate matching is configured with ca_cert, e.g.:
ca_cert="hash://server/sha256/5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a"
This functionality is currently available only with OpenSSL. Other
TLS libraries (including internal implementation) may be added in
the future.
When multiple APs are present in scan results with similar signal
strength, wpa_supplicant may end up bounching between them frequently
whenever new scan results are available (e.g., due to periodic scans
requested by NetworkManager). This can result in unnecessary roaming
and in case of the current cfg80211 version, to frequent network
disconnections.
Do not request a roam if the current BSS is still present in the scan
results and the selected BSS is in the same ESS and has only a slighly
stronger signal strength.
Expose RSN and WPA properties for BSS objects containing information
about key management and cipher suites. Get rid of WPA/RSN/WPSIE
byte array properties and add IEs byte array property with all IE data
instead.
This allows the driver wrappers to return two sets of IEs, so that
the BSS code can use information from both Beacon and Probe Response
frames if needed. For example, some Cisco APs seem to include more
information in Wireless Provisioning Services IE when it is in the
Beacon frame.
idx == 0 should be enough to make sure that the addr is set, but
verify that this is indeed the case to avoid any potential issues if
auth_set_key() gets called incorrectly.
There was an extra semicolon that broke the calculation of registered
properties and resulted in obj_desc->prop_changed_flags not being
allocated long enough for all the flags.
The path pointer used as the timeout_ctx was not constant; the path
string itself may have been the same, but the pointer certainly was not
since it was sometimes from stack and sometimes from the dynamically
allocated buffer in obj_desc. This caused some of the eloop timeout
cancellations not to find the timeout. Fix this by using the obj_desc
as the timeout context data.
Instead of sending PropertiesChanged signals for each changed
property separately, mark properties as changed and send aggregated
PropertiesChanged signals for each interface in each object.
Aggregated PropertiesChanged signal is sent
- for all object after responding on DBus call
- for specified object after manual call to
wpa_dbus_flush_object_changed_properties() function
- for each object separately after short timeout (currently 5 ms)
which starts when first property in object is marked changed
The actual supplicant state is exposed via a property on the interface
object. So having a separate signal StateChanged for notifying about
changes is a bad idea. The standard PropertiesChanged signal should be
used for this.
The advantage of StateChanged signal was that it includes the previous
state, but not even NetworkManager is making use of this. And tracking
the old state via the property and this signal is easily possible anyway.
Instead of using some magic integer values that really only mean
something to WPA internal code, just use simple strings. Possible
values are "msgdump", "debug", "info", "warning" and "error" which
map directly to WPA debugging support.
The three existing enums were already depending on using the same
values in couple of places and it is just simpler to standardize on
one of these to avoid need for mapping between different enums for
the exact same thing.
Most of this file was already moved into wpa_supplicant/scan.c and
we can remove the file completely by having couple of small helper
functions copied to the remaining users outside core wpa_supplicant
code.
This fits better in wpa_supplicant/scan.c. Couple of remaining
scan_helpers.c functions are currently used in driver wrappers,
but they can likely be removed in the future.
This adds new commands and events for allowing off-channel Action
frame exchanges to be requested. This functionality is not yet used
and is only fully supported by driver_test.c at this point.
driver_nl80211.c has support for the remain-on-channel commands, but
the Action frame TX/RX part is still pending review for the kernel
code and as such, is not yet included here.
This adds placeholder code for allowing the virtual interfaces to be
pre-allocated a MAC address before the interface type is known with
drivers that do not handle interface type changes.
Get rid of wpa_supplicant_sta_rx() and add a new driver event that is
marked to be used only with driver_test.c. In addition, remove this
functionality from privsep wrapper. This is only use for client mode
MLME testing with driver_test.c.
The wpa_s->bss_id list was being corrupted when the BSS entry needed
to be reallocated due to longer IE data. The entry has to be removed
from all lists before reallocation to avoid this (it was only removed
from the wpa_s->bss list).
There is no need to duplicate the method/signal/property arrays that
were registered for objects. The registration was using static arrays
on methods/signals/properties in all places and we can as well use
those throughout without having to allocate memory and copy all the
entries for every object. This reduces number of allocations and
amount of unnecessary code quite a bit.
Get more information about scans when updating BSS table information.
This allows the missing-from-scans expiration rule to work properly
when only partial set of channels or SSIDs are being scanned.
The perror() calls do not make much sense with libdbus functions and
wpa_printf() would really be used for all error printing anyway. In
addition, many of the error messages on out-of-memory cases are not
really of much use, so they were removed. This is also cleaning up
some of the error path handling to avoid duplicated code.
These cannot be NULL, so there is no point in checking for that. In
addition, the accessor function for this is just making the code harder
to understand.
This callback structure was specific to the new D-Bus API which makes
it more or less pointless. It is just simpler to call the notification
functions directly. More proper design could be to use a generic
mechanism for registering notification callbacks into notify.c, but
that is not yet available and should not be designed just based on a
single user.
These header files are included outside the dbus subdirectory and there
is not really any need to force the libdbus dbus/dbus.h header file to
be included into these files.
There is no need to go through methods, signals, and properties in
two loops and only collect interfaces in the first run. Get rid of
unnecessary CPU use by generating the XML data for interfaces with
a single pass.
The XML used in D-Bus introspection is simple and there is no need to use
libxml2 to generate it. This gets rid of the dependency on the large
library by using internal XML generation.
Simpler to use for loops instead of handling next pointer selection
in all places. In addition, couple of functions could have ended up
in an infinite loop on error path since the pointer update was missed.
In addition, remove Quality and Noise properties since the BSS table
is not the correct place for fetching per-channel information (Noise)
and Quality is not well-defined (nor available from many drivers).
We don't actually need to define separate user_data argument for
each method handler and property getter/setter. Instead, we can define
one argument for the whole object. That will make it easier to register
objects like BSS or Networks which require allocating and freeing
memory for their arguments.
This was mostly identical code that had been copied for the new D-Bus
API implementation and as such, should really have been shared from
the beginning. In addition, the copied code ended up generating
interesting stack traces since the actual D-Bus connection was being
shared even though the pointer to it was stored in two distinct
data structures. The old D-Bus code ended up dispatching some
D-Bus callbacks which ended up running the new D-Bus code.
Since the private context pointers were mostly identical, everything
seemed to more or less work, but this design was just making things
more complex and potentially very easy to break.
Do not try to unregister BSS objects twice (the latter one with invalid
path) and make sure all network objects get added and removed properly
(the ones read from configuration file were not being registered, but
were tried to be unregistered).
This will allow more cleanup to be done for scan results processing
since all code can now be made to depend on the BSS table instead of
the temporary scan results.
Once remaining code has been converted to use the BSS table, the new
scan results can be freed immediately after the BSS table has been
updated. In addition, filtering of BSS information should be added
to better support systems with limited resources. For now, memory
use can be limited by defining WPA_BSS_MAX_COUNT to be smaller.
Anyway, better filtering of results to only the configured networks
should be added to improve this.
Replace the scan results -based implementation with the use of information
from the new BSS table maintained by wpa_supplicant to get a more stable
source of BSS data. Change the use of BSSID as the key for the BSS object
to use the BSS table unique identifier so that multi-SSID APs can be
handled properly.
In addition, provide another option for iterating through the BSS
entries. The old iteration: "BSS 0", "BSS 1", .. with index number.
The new iteration: "BSS FIRST", "BSS NEXT-<prev id>", .. with id
fetched from the previous output (id=<id> line).
This allows the BSS list to be iterated in order of increasing id
to avoid problems with new scans reordering entries. The order on the
wpa_s->bss list changes with most recently updated entries being moved
to the tail of the list while wpa_s->bss_id list maintains its order
with new entries being added to the tail and old entries being removed
when they expire.
This allows the driver interface to be deinitialized before
struct hostapd_data instance gets freed. This needs to be done so
that the driver wrapper does not maintain a context pointer to
freed memory.
Collect information from scan results into a BSS table that will not
expire information as quickly as scan results where every new scan,
no matter for how limited set of channels/SSIDs, clears all old
information.
For now, this is only used for D-Bus BSS added/removed notifications,
but this will likely be extended to be used internally instead of the
scan results to better support partial scans.
This has example code for fetching and interface object and optionally
creating a new interface is one is not found. After that, a scan is
requested and the script continues to listed for signals from
wpa_supplicant and print information about scan results and state
changes.
Must initialize key to be NULL since it can be used in an error
message. If the Scan method did not actually include any dict entries,
the uninitialized pointer was used and this could result in
wpa_supplicant crashing.
Removed the hack that used typecast to get rid of const by using local
variables that are allocated and freed. Fix couple of memory leaks
and check that the required Ifname parameter is included.
Doxygen and some build tools may get a bit confused about same file
name being used in different directories. Clean this up a bit by
renaming some of the duplicated file names in src/ap.
Initialize struct hostapd_data driver context with the same driver
information that was initialized earlier during wpa_supplicant start.
This allows the AP mode operations to be completed directly with the
same calls in AP code without having to maintain a separate translation
layer between the AP and station mode driver context.
This code can be shared by both hostapd and wpa_supplicant and this
is an initial step in getting the generic code moved to be under the
src directories. Couple of generic files still remain under the
hostapd directory due to direct dependencies to files there. Once the
dependencies have been removed, they will also be moved to the src/ap
directory to allow wpa_supplicant to be built without requiring anything
from the hostapd directory.
It would be bettet to avoid including driver_i.h, i.e., direct driver
operation calls from hostapd components. This is an initial step in
that direction for WPS IE updates.
This mode allows associated stations to use 4-address frames to allow
layer 2 bridging to be used. At least for the time being, this is only
supported with driver=nl80211.
This adds config_methods configuration option for wpa_supplicant
following the design used in hostapd. In addition, the string is
now parsed in common code from src/wps/wps_common.c and the list
of configurable methods include all the defined methods from
WPS 1.0h spec.
The D-Bus interface does not really have anything to do with the
wpa_supplicant ctrl_iface interface and as such, this prefix in
dbus files is both confusing and unnecessarily. Make the file names
shorter by removing this prefix.
Instead of forcefully deinitializing ER immediately, give it some
time to complete unsubscription and call eloop_terminate() only once
ER code has completed its work.
WPA_TRACE=y builds will now verify that memory allocation in done
consistently using os_{zalloc,malloc,realloc,strdup,free} (i.e., no
mixing of os_* functions and unwrapper functions). In addition, some
common memory allocation issues (double-free, memory leaks, etc.) are
detected automatically.
WPA_TRACE=y can now be used to enable internal backtrace support that
will provide more details about implementation errors, e.g., when some
resources are not released correctly. In addition, this will print out
a backtrace automatically if SIGSEGV is received.
When setting up an AP with wpa_supplicant, the initial connection was
not necessarily setting oper state from DORMANT to UP which would be
blocking normal data frames. Fix this by initializing new_connection
to 1 so that even the first change to COMPLETED state will end up
setting oper state.
Replace driver wrapper calls to hostapd_tx_status(),
hostapd_rx_from_unknown_sta(), hostapd_mgmt_rx(), and
hostapd_mgmt_tx_cb() with new generic driver events
EVENT_TX_STATUS, EVENT_RX_FROM_UNKNOWN, and EVENT_RX_MGMT.
This cleans up lot of the driver wrapper code to be less dependent
on whether it is being used within wpa_supplicant AP mode or hostapd.
The Prism54.org project seems have been dead for a while and it does not
look like this driver would ever be maintained again. Furthermore, it is
difficult to find a version that would work with the driver_prism54.c
wrapper and there is another driver for these card in the Linux kernel
tree.
The hostapd integration in driver_prism54.c is quite different from the
other driver wrappers and would require major effort to get it cleaned
up. Since there does not seem to be any real users for the cleaned up
version, there does not seem to be justification to spend this effort on
the wrapper. This old code is making it much more difficult to clean up
the driver interface and at this point, the best option seems to be to
remove the driver wrappers. Should someone really still need this, the
old code will continue to be available in hostapd 0.6.x.
Instead of using the latest selected registrar change, collect selected
registrar information separately from all registrars and use the union
of this information when building the WPS IE for Beacon and Probe
Response frames.
Note: SetSelectedRegistrar UPnP action does not include a unique
identifier, so the ER matching routine is based only on the IP address
of the ER. In theory, there could be multiple ERs using the same IP
address (but different port or URL), so there may be some corner cases
that would not always match the correct ER entry at the AP. Anyway, this
is not really expected to occur in normal use cases and even if it did
happen, the selected registrar information is not any worse than it was
before when only the last change from any registrar for being
advertized.
In addition to the bitrate, the only other variable in this structure
is used internally in hostapd. Move this structure into hostapd.h and
make the driver API use simpler data structure (array of bitrates).
The following defines are not really needed in most places, so
remove them to clean up source code and build scripts:
EAP_TLS_FUNCS
EAP_TLS_OPENSSL
EAP_TLS_GNUTLS
CONFIG_TLS_INTERNAL
Wait for connection (IBSS join completed) event before marking state
completed. In addition, do not use the station mode authentication
timeout since that can trigger full disconnection from IBSS when
there is a timeout with just one of the peers.
Initialize the new DBus API before the old one, so new applications
which can use both, the old and the new API will be notified first
that new API is available.
cfg80211/mac80211 can get into somewhat confused state if the AP only
disassociates us and leaves us in authenticated state. For now, force
the state to be cleared with deauthentication to avoid confusing errors
if we try to associate with the AP again. This gets rid of 30 second
delay (scan timeout) in cases where only a disassociation frame is
received from the AP.
8a5ab9f5e5 fixed global driver context
for init2(), but it also broke driver initialization with driver
wrappers that do not use init2().. Fix this by setting wpa_s->global
before it gets dereferenced.
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.
In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
This avoids passing the raw scan results into the RSN code and by
doing so, removes the only dependency on src/drivers from the
src/rsn_supp code (or from any src subdirectory for that matter).
Use shared functions for converting Primary Device Type between binary
and string formats. In addition, use array of eight octets instead of a
specific structure with multiple fields to reduce code complexity.
This gets rid of previously deprecated driver_ops handlers set_wpa,
set_drop_unencrypted, set_auth_alg, set_mode. The same functionality
can be achieved by using the init/deinit/associate handlers.
These driver wrappers should not be used anymore; WEXT should be used
instead. However, there may still be users stuck on older kernel versions
that may require driver specific wrappers, so the source code still
remains in the repository.
Clean up driver interface by merging hostapd and wpa_supplicant
specific set_beacon driver_ops into a single one. In addition,
merge set_beacon_int into to the same operation.
This removes many of the cases where moving to the WPS tab can be
undesired. It is really only useful if we are not currently connected
and there is an AP available that would likely be able to provide us
network connectivity with use of WPS (active PBC more or selected
registrar set).
Clean up the peer dialog information to be more user friendly. Only
show the device type in the tooltip and move the verbose details into
a separate area in a new Properties dialog. The new dialog will also
show some of the standard fields with titles to make them easier to
read.
The Enrollee entry may be deleted while the PIN query dialog is open.
To avoid crashing on using freed entry, copy the needed data into
local variables before and use the local data after the PIN dialog
has been closed.
The peer entries are now using different icons based on their type. As
a starting point, a separate AP and laptop icons are used. More icons may
be added in the future to mark different device types (e.g., based on
primary device type information from WPS).
When using umask 0077, the control interface directory was left without
group read/execute permissions even if the configuration file explicitly
asked for the group to be allowed to access the control interface. Fix
this by adding read/execute permissions for group if a specific group is
defined in the configuration. [Bug 199]
Change the dbus policy file to only allow root applications to receive
signals from wpa_supplicant. This keeps WPS Credentials data secret
from non-root listeners.
When trying to build wpa_gui (Qt4 version) from openembedded it fails
because Qt4 is compiled without session manager and thus wpa_gui fails
to compile.
I attached a patch, that enables compiling without Session Manager (via
preprocessor) if it is not compiled into Qt4; otherwise, it behaves as
it does right now.
I checked to build on my host (Debian unstable, Session Manager
enabled) and openembedded (Session Manager disabled).
This will need some additional code in wps_er_pbc() to handle PBC mode
enabling for a single AP only. For now, this can only be expected to work
when the ER is connected to a single AP.
Clean up registration of large number of dbus method/property/signal
handlers by using arrays containing all the information needed to call
the registration functions.
New PINs can now be added to WPS ER. This results in the ER code
using SetSelectedRegistrar to modify AP state so that Enrollees
will be able to notice the actice registrar more easily.
Smartcard parameter update via DBus ended up re-initializing the EAPOL
state machine without updating the pointer inside WPA state machine.
This can trigger a segfault when EAP layer attempts to use the old
reference. Fix this by re-initializing the pointer inside WPA state
machine.
Better make sure we do not end up writing over the end of the local
registered_sig buffer regardless of how many arguments are used in
dbus method description.
There is no point checking whether wpa_s is not NULL after having
dereferenced it earlier in the function.. Furthermore, there is no
need to use a local variable for wpas_dbus_get_path() result.
The cleanup routine in the end would have dereferenced props pointer
which could be NULL. There is no need to go through that cleanup code
in this case, so just exit from the function with return instead.
ssid could be NULL here at least based on the function documentation,
so better check whether that is the case prior to calling the
notification function.
Commit d3a9822542 broke per-SSID scan
by using the ssid variable for internal loop and by doing so,
overriding the value that was needed below to figure out whether the
scan is for a specific SSID. Fix this by using a temporary variable
instead when looping over network finding which frequencies to scan for.
This was triggering some gcc versions to warn about strict aliasing.
Since the typecast is not really needed here, the cleanest way to get
rid of the warnings is to just use the correct type for the local
variable.
This is like wpa_msg(), but the output is directed only to
ctrl_interface listeners. In other words, the output will not be
shown on stdout or in syslog.
Change scan result reporting to use wpa_msg_ctrl() for
CTRL-EVENT-SCAN-RESULTS message at info level and wpa_printf() at
debug level to avoid showing scan result events in syslog in the
common configuration used with NetworkManager.
This patch implements the new DBus API. Both, the new and the
previous API may work concurrently and may be turned on or off
separately in .config file.
Some features of the new API are:
- more wpa_supplicant's events are signaled with DBus signals,
- introspection data (requires libxml2 and may be disabled),
- CurrentBSS and CurrentNetwork properties,
- PropertyChanged signal for most of properties,
- Relatively easy to extend.
.config options for the new API are: CONFIG_CTRL_IFACE_DBUS_NEW=y and
CONFIG_CTRL_IFACE_DBUS_INTRO=y for introspection.
This commit misses couple of parts from the full implementation
(these are still under review):
- fetching all configuration parameters for learning WPS information
- scan result BSS add/remove notification (register_bss() and
unregister_bss() notification callbacks)
Clean up code so that UPnP implementation does not need to include all
the HTTP functionality. In addition, make it easier to share HTTP server
functionality with other components in the future.
Instead of implementing HTTP client functionality inside
wps_upnp_event.c, use a generic HTTP client module to do this. The HTTP
client code can now be shared more easily for other purposes, too.
This is the first step in adding support for using wpa_supplicant as a
WPS External Registrar to manage APs over UPnP. Only the device
discovery part is implemented in this commit.
New wpa_supplicant command line options -o<driver> and -O<ctrl> can
now be used to override the parameters received in add interface
command from dbus or global ctrl_interface. This can be used, e.g.,
to enable control interface when using NetworkManager (add
-O/var/run/wpa_supplicant into the Exec parameter in
/usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service).
Similarly, this can be used to use another driver wrapper with
NetworkManager (e.g., -onl80211 to replace WEXT with nl80211).
This provides information about PBC mode result from the WPS Registrar
module. This could be used, e.g., to provide a user notification on the
AP UI on PBC failures.