This allows a single ANQP query to be used to fetch both IEEE 802.11
defined ANQP elements and Hotspot 2.0 vendor specific elements.
ANQP_GET <addr> <info id>[,<info id>]...
[,hs20:<subtype>][...,hs20:<subtype>]
For example:
ANQP_GET 00:11:22:33:44:55:66 258,268,hs20:3,hs20:4
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
There is not much point in building devices with WPS 1.0 only supported
nowadays. As such, there is not sufficient justification for maintaining
extra complexity for the CONFIG_WPS2 build option either. Remove this by
enabling WSC 2.0 support unconditionally.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
"SET blob <name> <hexdump>" can now be used to set a configuration blob
through the wpa_supplicant control interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
The radio_work type was stored within the dynamically allocated
wpa_radio_work buffer and that buffer ended up getting freed before the
final use of the type string within radio_work_done(). This resulted in
freed memory being used for a debug print. Avoid this by freeing the
wpa_external_work instance after having completed radio_work_done() for
the related work.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add "reattach" command to perform single-channel single-ssid scan
instead of full scan when trying to reconnect to the currently
"connected" network (assuming old scan results are not current enough to
skip the scan completely). This allows the scan result to come back in
much faster time. In ath9k, the scan took around 12 seconds with full
background scan, and only 0.1 second with the single-channel single-ssid
scan. Thus, take much less time for the client to re-establish
connection with the currently "connected" network.
Signed-hostap: Peter Qiu <zqiu@chromium.org>
Move pno_start() and pno_stop() to scan.c as a more relevant location
and rename them to wpas_start_pno()/wpas_stop_pno().
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
This enables more convenient protocol testing of AP and P2P
functionality in various error cases and unexpected sequences without
having to implement each test scenario within wpa_supplicant.
ext_mgmt_frame_handle parameter can be set to 1 to move all management
frame processing into an external program through control interface
events (MGMT-RX and MGMT-TX-STATUS) and command (MGMT_TX). This is
similar to the test interface that was added to hostapd previously, but
allows more control on offchannel operations and more direct integration
with the internal P2P module.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a callback to the driver interface that allows vendor specific
commands to be sent. In addition, a control interface command is added
to expose this new interface outside wpa_supplicant:
Vendor command's format:
VENDOR <vendor id> <sub command id> [<hex formatted data>]
The 3rd argument will be converted to binary data and then passed as
argument to the sub command.
This interface is driver independent, but for now, this is only
implemented for the nl80211 driver interface using the cfg80211 vendor
commands.
Signed-off-by: Beni Lev <beni.lev@intel.com>
The pos pointer can be compared to the start of the buffer pointer to
determine whether the entry is the first one in the list. This gets rid
of some static analyzer warnings about unused variable writes.
Signed-off-by: Jouni Malinen <j@w1.fi>
The new provisioning_sp cred field can now be used to track which SP
provisioned the credential. This makes it easier to find the matching
PPS MO from the management tree (./Wi-Fi/<provisioning_sp>).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new wpa_cli fetch_osu command can be used to fetch information about
all OSU providers and write that to a text file with the icons in
separate files. cancel_osu_fetch command can be used to stop ongoing OSU
provider list fetch.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_supplicant can request OSU icon data with "hs20_icon_request <BSSID>
<icon filename>". This transmits an Icon Request ANQP element and
processes the response in Icon Binary File ANQP elements.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The HS 2.0 Indication element from wpa_supplicant now includes the
release number field and wpa_supplicant shows the release number of the
AP in STATUS command (hs20=1 replaced with hs20=<release>).
The new update_identifier field in the cred block can now be used to
configure the PPS MO ID so that wpa_supplicant adds it to the Indication
element in Association Request frames.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This parameter was actually used in some testing cases in a way that did
not really work well with the FLUSH command ending up disabling PMF.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, any network block could be used to select the BSS to connect
to when processing scan results after Interworking network selection.
This can result in somewhat unexpected network selection in cases where
credential preferences indicated that a specific network was selected,
but another network ended up getting used for the connection. While the
older networks continue to be valid, add special processing for this
initial post-interworking-connect case to get more consistent network
selection to match with the Interworking network selection result.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
CONFIG_MODULE_TESTS=y build option can now be used to build in module
tests into hostapd and wpa_supplicant binaries. These test cases will be
used to get better testing coverage for various details that are
difficult to test otherwise through the control interface control. A
single control interface command is used to executed these tests within
the hwsim test framework. This commit adds just the new mechanism, but no
module tests are yet integrated into this mechanism.
Signed-off-by: Jouni Malinen <j@w1.fi>
While testing rfkill blocking of a scanning interface, it
was seen that the ongoing scan never completes. This happens
since EVENT_SCAN_RESULTS is discarded on a disabled interface.
Fix this and also other possible radio work completion issues
by removing all the radio works (including started) of the
disabled interface.
To be able to remove already started radio works, make their
callbacks be reentrant with deinit flag (when the work
is started), so each radio work should be able to handle
its own termination.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
The more generic NFC_REPORT_HANDOVER is now used to report completed NFC
connection handover operations in either role and NFC_RX_HANDOVER_REQ
did not have any implementation within wpa_supplicant.
Signed-off-by: Jouni Malinen <j@w1.fi>
Memory allocated by calling function ieee802_11_vendor_ie_concat()
was not freed on an error path int ctrl_iface BSS command.
Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
P2P persistent connection may fail due to 802.11d channel change event
invalidating support of the operating frequency sent in the invitation
request, before receiving the invitation response. If the operating
frequency is invalid at the time the invitation response is processed
and there is no forced frequency provided by user, allow frequency
re-selection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If P2P was disabled (e.g., due to driver not supporting it or through
p2p_disabled=1 configuration), setting Wi-Fi Display parameters could
result in segmentation fault when the WFD IE is updated without the P2P
module being initialized. Fix this by skipping the update if P2P module
is not in use. In addition, show Wi-Fi Display as disabled in "GET
wifi_display" and refuse to enable it with "SET wifi_display 1" if P2P
is not enabled.
Signed-hostap: Jouni Malinen <j@w1.fi>
This can be used to force an operating channel for P2P group formation
triggered by NFC operations.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
These optional attributes, if present, can be used to speed up the
initial connection by using a single channel scan.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If CONFIG_WPS_TESTING=y is enabled in build configuration, the new
wps_corrupt_pkhash parameter (similar to wps_testing_dummy_cred) can be
used to request public key hash to be corrupted in all generated OOB
Device Password attributes. This can be used for testing purposes to
validate public key hash validation steps.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When the NFC connection handover message received from a peer indicates
that the peer is operating as a GO on a specific channel, use that
information to avoid having to go through full scan. In addition, skip
the separate join-a-group scan since we already know the operating
channel, GO P2P Device Address, and SSID.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The device with the NFC Tag can be configured to enable NFC to be used
with "P2P_SET nfc_tag 1" and "P2P_LISTEN" commands to allow static
handover to be used.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
"NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to
report completed NFC negotiated connection handover in which the P2P
alternative carrier was selected.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
"NFC_GET_HANDOVER_{REQ,SEL} NDEF P2P-CR" can now be used to build P2P
alternative carrier record for NFC connection handover request/select
messages.
Static connection handover case can be enabled by configuring the DH
parameters (either with wps_nfc_* configuration parameters or with
WPS_NFC_TOKEN command at run time. The NFC Tag contents can be generated
with "NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG" after having configured
Listen channel (p2p_listen_reg_class/p2p_listen_channel).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
New functionality is needed for this with the update NFC connection
handover design that depends on the AP side using the public key hash
from the handover request.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It is more useful to be able to build a single NFC carrier record
instead of the full connection handover request message to allow
external components to decide whether to negotiate which alternative
carrier is used. This updates the carrier record contents to the new
design to include Enrollee public key hash and provides this as a
carrier record instead of full message. An external program is expected
to be used to build the full NFC connection handover message with
potentially other alternative carrier records included.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If the SSID of the WPS AP is known, it should be possible to limit AP
selection based on this when searching for an active WPS AP. This commit
adds a mechanism to specify SSID for this type of uses.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Since the Enrollee can now get the public key hash from the Registrar,
there is need to validate this during the WPS protocol run.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it more convenient for test scripts to change parameters for
a specific test case without having to separately clear them between
each test case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When start PNO request comes from control interface, wpa_supplicant
should wait until ongoing sched_scan (triggered by wpa_supplicant)
gets cancelled. Issuing cancel sched_scan and start PNO scan
one after another from pno_start() would lead wpa_supplicant to clear
wps->sched_scanning flag while getting sched_scan stopped event
from driver for cancel sched_scan request. In fact, PNO scan will
be in progress in driver and wpa_s->sched_scanning will not be set
in such cases.
In addition to this change, RSSI threshold limit is passed as part of
start sched_scan request. This was previously set only in pno_start(),
but the same parameter should be available for generic sched_scan calls
as well and this can now be reached through the new PNO start sequence.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Verify wpa_s->radio pointer before accessing it. If interface addition
fails, this could get called before wpa_s->radio has been set.
The segmentation fault details:
Program received signal SIGSEGV, Segmentation fault.
0x00000000004b9591 in wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
5754 dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,
Call stack:
0 wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
1 wpa_supplicant_deinit_iface (wpa_s=0x77fff0, notify=0, terminate=0) at wpa_supplicant.c:3619
2 wpa_supplicant_add_iface (global=0x75db10, iface=0x7fffffffe270) at wpa_supplicant.c:3691
3 wpas_p2p_add_p2pdev_interface (wpa_s=0x75dd20) at p2p_supplicant.c:3700
4 main (argc=<optimized out>, argv=<optimized out>) at main.c:317
Function:
5750 void wpas_ctrl_radio_work_flush(struct wpa_supplicant *wpa_s)
5751 {
5752 struct wpa_radio_work *work, *tmp;
5753
5754 dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,
5755 struct wpa_radio_work, list) {
5756 struct wpa_external_work *ework;
5757
5758 if (os_strncmp(work->type, "ext:", 4) != 0)
Root cause:
(gdb) p wpa_s->radio
$1 = (struct wpa_radio *) 0x0
Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
It should be noted that these commands are not exclusively used for P2P
or in the global context, so use of these commands through the global
control interface for operations that are specific to a single interface
have undefined behavior and that behavior may change in the future. As
such, these are recommend only for operations that are in the global
context (e.g., for P2P management).
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
All te network blocks and credentials were already cleared, but
configurations blobs should also be cleared here, e.g., to get
more consistent behavior test cases using EAP-FAST PACs.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, only the last response data was kept in memory. This
increases that to hold up to two last responses to allow some more
parallel operations to be requested. In addition, the response data is
now freed as soon as the external program has fetched it.
Signed-hostap: Jouni Malinen <j@w1.fi>
This can be used to limit which channels are scanned using the specified
list of frequency ranges in the same format that the SCAN command uses.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new radio work item concept can be used to request time for an
operation that requires exclusive radio control, e.g., a scan. Once the
radio is available, the registered callback function will be called.
radio_work_done() must be called once the exclusive radio operation has
been completed, so that the radio is freed for other operations. The
special case of deinit=1 is used to free the context data during
interface removal. That does not allow the callback function to start
the radio operation, i.e., it needs to free the allocated resources
and return.
Signed-hostap: Jouni Malinen <j@w1.fi>
The newer wpa_dbg() print includes the same information in a more
convenient form, so remove the duplicate RX ctrl_iface hexdump in the
cases where there is no key material in the control interface commands
(the possible-key-material case is still using wpa_hexdump_ascii_key).
Signed-hostap: Jouni Malinen <j@w1.fi>
If the BSS table within wpa_supplicant is flushed, request the driver to
flush its own scan result table during the next scan. This can avoid
unexpected old BSS entries showing up after BSS_FLUSH or FLUSH command
in cases where the driver may maintain its internal cache of scan
results (e.g., cfg80211 BSS table persists at least for 15 seconds).
In addition to doing this automatically on BSS_FLUSH/FLUSH, a new SCAN
command argument, only_new=1, can be used to request a manual scan
request to do same. Though, it should be noted that this maintains the
BSS table within wpa_supplicant. BSS_FLUSH followed by SCAN command can
be used to clear all BSS entries from both the driver and
wpa_supplicant.
Signed-hostap: Jouni Malinen <j@w1.fi>
These were somewhat more hidden to avoid direct use, but there are now
numerous places where these are needed and more justification to make
the extern int declarations available from wpa_debug.h. In addition,
this avoids some warnings from sparse.
Signed-hostap: Jouni Malinen <j@w1.fi>
This makes it easier to enable various testing parameters and
functionality in build configuration.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This allows users of wpa_supplicant control interface to figure out when
their specific scan command has been started and completed. For example:
CTRL-EVENT-SCAN-STARTED
> scan freq=2412,2417 passive=1 use_id=1
3
CTRL-EVENT-SCAN-RESULTS
CTRL-EVENT-SCAN-STARTED id=3
CTRL-EVENT-SCAN-RESULTS id=3
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows external programs to request wpa_supplicant to execute
a passive scan (i.e., do not send any Probe Request frames).
Signed-hostap: Jouni Malinen <j@w1.fi>
The new freq=<frequency ranges> parameter to the SCAN command can be
used to request a scan to be performed on the specified set of channels
instead of on all channels. For example, "wpa_cli scan
freq=2400-2500,5180" would scan channels 1-14 and 36. Only the channels
that the driver indicates as enabled and that are within the specified
ranges are included in the request.
Signed-hostap: Jouni Malinen <j@w1.fi>
Use an array of ciphers and a loop instead of copy-pasted copies of the
same printing functionality for each cipher.
Signed-hostap: Jouni Malinen <j@w1.fi>
This adds initial parts for supporting the new GCMP-256, CCMP-256,
BIP-GMAC-128, BIP-GMAC-256, and BIP-CMAC-256 cipher suites.
Signed-hostap: Jouni Malinen <j@w1.fi>
The BSS table, scan timeout, and related functionality should use
monotonic time since they care about relative values (age) only.
Unfortunately, these are all connected, so the patch can't be split
further. Another problem with this is that it changes the driver wrapper
API. Though, it seems only the test driver is using this.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
This is a mechanism used in Android to extend driver interface in vendor
specific ways. This is included only for the purpose of Android
compatibility. Proper interface commands should be used for any new
functionality.
Signed-hostap: Jouni Malinen <j@w1.fi>
While starting from PNO start context, the scheduled scan was not
setting the flag wpa_s->scanning. This was resulting in the subsequent
SCAN command to proceed further and send command to nl80211/cfg80211.
The expected behavior of cancelling sched_scan was not happening here.
While sched_scan is in progress and a legacy scan comes on the
cli/socket, the sched_scan is cancelled and normal scan is allowed to
continue. However, sometimes sched_scan cancelled event comes a bit
delayed and we will send out the scan command before the wpa_s->scanning
is cleared. Instead, reschedule the incoming scan req if the
wpa_s->scanning shows that it is still in progress.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Add chan_switch to the control interface of wpa_supplicant and hostapd,
and also to wpa_cli and hostapd_cli.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This triggers re-transmission of CTRL-EVENT-STATE-CHANGE and
CTRL-EVENT-CONNECTED events on STATUS command for Android framework
specific processing.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
There are use cases requesting the host driver to initiate the TDLS
setup with the peer only when configured by the external applications.
Thus, enable this control by tdls_external_control=1 and pass the
requisite information for the specific TDLS operation to the driver
on the request from such use cases.
This operation mode expects the driver to initiate TDLS link
automatically based on signal strength and traffic to a peer and tear
down links whenever they are not used or suitable due to signal strength
etc. The list of peers with which such operations are to be performed
are provided with the TDLS driver operations.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This allows sp_type={home,roaming,unknown} to be used to determine
network type with SIM-based credentials even if the domain name
parameter is not configured explicitly.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add the option to ask for VHT operation similarly to the way ht40 is
configured - either by adding 'vht' param to the relevant p2p_*
commands or by configuring p2p_go_vht=1 in the configuration file.
This patch only adds the configuration option (e.g., via control
interface). The actual handling of the VHT parameter (asking the driver
to use VHT, etc.) will be done by the following patch.
Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
Both of these variables can result in optimized WPS scans, so better
clear these more consistently to avoid unexpected single-channel scans.
Signed-hostap: Jouni Malinen <j@w1.fi>
This makes it less likely to forget WPS single-channel scan optimization
in effect after having completed the WPS operation or in case WPS
operating gets cancelled.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is what the original implementation did years ago, but the move to
using separate control interface backends re-ordered the implementation
to process EAPOL notification first. Use a registered timeout to allow
the ctrl_iface response to be sent out first to get somewhat faster
response time and to avoid pending operations that could result in
ctrl_iface response and unsolicited event messages from getting mixed
up.
Signed-hostap: Jouni Malinen <j@w1.fi>
Credentials can now be configured with more than one FQDN ('domain'
field in the cred block) to perform Domain Name List matching against
multiple home domains.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
It is possible that a P2P GO has been discovered through a non-P2P scan
that did not return P2P IE in Probe Response frames. To cover those
cases, check also Beacon frame (if received) for P2P IE.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
STATUS-DRIVER command can now be used to fetch driver interface status
information. This is mainly for exporting low-level driver interface
information for debug purposes.
Signed-hostap: Jouni Malinen <j@w1.fi>
Previously, GO considered the group to be fully re-invoked after
starting beaconing on successful invitation exchange. This would leave
the group running until idle timeout (which may not be enabled) or
explicit removal if the client fails to connect for any reason. Since
the client is expected to connect immediately after the invitation
exchange that ends with status=0 (i.e., either client initiated the
exchange or it responded with success), extend group formation timeout
to cover that period until the first successfully completed data
connection. This allows the GO to remove the group automatically if the
client devices does not connect within
P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE (15) seconds.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The interval for the PNO scan did not use the configured sched_scan
interval. This commit addresses the same by using the configured value
or the default of 10 seconds if configuration parameter is not used.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The new control interface command P2P_REMOVE_CLIENT <P2P Device
Address|iface=Address> can now be used to remove the specified client
from all groups (ongoing and persistent) in which the local device is a
GO. This will remove any per-client PSK entries and deauthenticate the
device.
Signed-hostap: Jouni Malinen <j@w1.fi>
"wpa_cli p2p_set per_sta_psk <0/1>" can now be used to disable/enable
use of per-device PSKs in P2P groups. This is disabled by default.
When enabled, a default passphrase is still generated by the GO for
legacy stations, but all P2P and non-P2P devices using WPS will get
a unique PSK.
This gives more protection for the P2P group by preventing clients from
being able to derive the unicast keys used by other clients. This is
also a step towards allowing specific clients to be removed from a group
reliably without having to tear down the full group to do so.
Signed-hostap: Jouni Malinen <j@w1.fi>
This provides global status information that is applicable to all
interfaces (e.g., P2P state). In addition, ifname/address pairs are
listed to get information of all the interfaces that are currently
managed through this wpa_supplicant instance.
Signed-hostap: Jouni Malinen <j@w1.fi>
This iterates through all interfaces and saves configuration file
updates for each interface that allows it (update_config=1).
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows global parameters to be set through the global control
interface without having to use IFNAME prefix. For now, this covers
only the wifi_display parameter.
Signed-hostap: Jouni Malinen <j@w1.fi>
When the device indicates to take care of TDLS operations the TDLS
setup is done calling wpas_drv_tdls_oper(). This patch does a similar
thing for the teardown. This fixes failure of teardown:
"TDLS: Could not find peer <mac> for link Teardown"
Signed-hostap: Arend van Spriel <arend@broadcom.com>
Add AVG_RSSI report to the signal_poll command if it is reported by
the kernel.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
This is needed to get wpa_supplicant into clean state during testing if
a test case triggers countermeasures.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This can be useful for some test cases, so allow wpa_supplicant to be
built with special test functionality to expose the current (last
configured) GTK. This is disabled by default and can be enabled by
adding following line into .config:
CFLAGS += -DCONFIG_TESTING_GET_GTK
The GTK can then be fetched with "wpa_cli get gtk".
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
