Reset ft_completed if STA receives deauthentication
between FT reassoc success and the subsequent initial
mobility authentication and association.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit fb8984fd6f added a mechanism to
skip the Listen state when the peer is expected to be waiting for us to
initiate a new GO Negotiation. However, this flag was set when building
the GO Negotiation Response frame with status 1 regardless of whether we
managed to send that frame or peer receive it. This could result in GO
Negotiation failures in cases where the peer did not receive the
response and Listen channels of the devices were different. Fix this by
setting the flag only after TX status indicating success has been
received.
This fixes frequent failures shown for the test_grpform_pbc hwsim test
case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
We should not call getSessionID method if it's not provided. This fixes
a regression from commit 950c563076 where
EAP methods that did not implement getSessionId resulted in NULL pointer
dereference when deriving the key.
Signed-off-by: Shijie Zhang <shijiez@qca.qualcomm.com>
When Action frame TX is postponed until a pending p2p_scan completes,
there may be additional operations that need to be continued after the
postponed Action frame TX operation completes. Fix this by starting
pending operation (if any) from TX status event for after_scan_tx
frames.
This fixes common errors seen with the test_discovery hwsim test case.
Signed-hostap: Jouni Malinen <j@w1.fi>
Add "EAPLogoff" and "EAPLogon" interface DBus commands which
parallel the "logoff" and "logon" wpa_ctrl commands which terminate
and restart EAP authentication. Slightly enhance the "logon" case
by expiring any running "startWhile" timer.
Signed-hostap: Paul Stewart <pstew@chromium.org>
In order to test clients in scenarios where APs may (randomly)
drop certain management frames, introduce some testing options
into the hostapd configuration that can make it ignore certain
frames. For now, these are probe requests, authentication and
(re)association frames.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
This option can be used only for global parameters that are not going
to be changed from settings.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Iliyan Malchev <malchev@google.com>
Dmitry reported that the kernel could no longer parse the
scheduled scan attributes correctly after my patch to use
nla_nest_start/nla_nest_end. The reason is that the wrong
attribute is closed I accidentally made it close the full
scan config instead of just the SSID match set.
Reported-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Harmonize EAP status events over control interface to provide same
functionality as existing D-Bus callback.
Signed-hostap: Chris Hessing <chris.hessing@cloudpath.net>
A kernel commit ("mac80211: fix FT roaming") started validating that the
STA entry is marked associated when adding a key. While this is needed
to fix some FT use cases with hardware crypto, it has a side effect of
breaking TDLS key configuration. Work around this by trying to
re-configure the key for the direct link after the STA entry has been
set with all information. In addition, try to tear down the link if
anything goes wrong in key configuration (if both attempts fail) or
enabling the link in the driver.
Signed-hostap: Jouni Malinen <j@w1.fi>
"WPS_NFC_CONFIG_TOKEN <WPS/NDEF> <network id>" can now be used to build
an NFC configuration token from a locally configured network.
Signed-hostap: Jouni Malinen <j@w1.fi>
This extends the WPS ER commands that previously accepted only UUID as
an identifier for an AP to use either UUID or BSSID for this.
Signed-hostap: Jouni Malinen <j@w1.fi>
wps_build_public_key() takes the dh_ctx into use and another attempt to
use the same DH keys fails with wps->dh_ctx being set to NULL. Avoid
this by using the DH parameters only if dh_ctx is valid. This fixes
cases where a use of local pre-configured DH keys followed by an
operating using peer DH keys would faild due to unexpected attempt to
use local keys again.
Signed-hostap: Jouni Malinen <j@w1.fi>
Some extended capabilities (I'm currently interested in "Operating Mode
Notification" for VHT) are implemented by the kernel driver and exported
in nl80211. Use these in hostapd/wpa_supplicant.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The new wps_independent=1 configuration parameter can be used to remove
interfaces from the shared hostapd process WPS control (i.e., to apply
WPS operations only to a subset of interfaces instead of all).
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows WPS to update AP configuration in the case no hostapd
configuration file is used (i.e., dynamic configuration through the
control interface).
Signed-hostap: Jouni Malinen <j@w1.fi>
Instead of allocating a new message and then moving that into
the message being built, use nla_nest_start() and put the data
into the message directly.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
As per P2P specification v1.2: "The P2P Group Info attribute shall be
omitted if there are zero connected P2P Clients."
Do not add the attribute if there are not connected peers.
Signed-hostap: Chaitanya T K <chaitanya.mgit@gmail.com>
When the OS is out of random bytes in SM_STATE(WPA_PTK, AUTHENTICATION2)
in ap/wpa_auth.c, hostapd sends the sm to state DISCONNECT without
clearing ReAuthenticationRequest, resulting in an infinite loop.
Clearing sm->ReAuthenticationRequest using gdb fixes the running hostapd
instance for me. Also sm->Disconnect = TRUE should be used instead of
wpa_sta_disconnect() to make sure that the incomplete ANonce does not
get used.
Fix this issue by resetting sm->ReAuthenticationRequest even if the STA
gets disconnected and use sm->Disconnect instead of
wpa_sta_disconnect().
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
A non-HT capable AP on any channel could have triggered us to enable
protection regardless of own operating channel if the driver delivered
Beacon frames from other channels. The channel detection in ap_list is
not exactly ideal, but most cases can be handled by checking ap->channel
against the currently configured channel (or secondary channel in case
of HT40).
Signed-hostap: Jouni Malinen <j@w1.fi>
This iter_next/iter_prev pointers were not really used for anything, so
get rid of the unnecessary complexity in the AP list maintenance.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 6b56cc2d97 added a possible call to
p2p_reset_pending_pd() prior to checking config_methods match between
our request and peer response. That reset call could clear
dev->req_config_methods and as such, result in unexpected
P2P-PROV-DISC-FAILURE report here even in cases where the peer accepts
the provision discovery. Fix this by using a local copy of the
req_config_methods variable.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new -G<group> command line argument can now be used to set the group
for the control interfaces to enable cases where hostapd is used without
a configuration file and the controlling program is not running with
root user privileges.
Signed-hostap: Jouni Malinen <j@w1.fi>
Enhance TDLS Setup Request processing to support both external and
internal TDLS setup for the case where concurrent TDLS initialization
results in the TDLS Setup Request from the peer getting accepted.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
wpa_tdls_peer_free() ended up getting called after some of the
parameters from the TDLS Setup Request frame were copied into the struct
wpa_tdls_peer information. This could result in continuing with cleared
information in case the new exchange was the one that is used in
concurrent initialization case or if this is to re-negotiated an
existing TDLS link. The driver would not be provided with all the peer
capabilities correctly in such case.
Fix this by moving the existing_peer check to happen before the
information from the TDLS Setup Request frame is copied.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If we accept the peer TPK M1 after having sent our TPK M1, we need to
reject TPK M2 from the peer to avoid going through two TDLS setup
exchanges.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
In some cases where the ack for Invitation response is lost,
the device is stuck in invited state but the peer device starts
GO. In line with the implementation of Negotiation Confirm,
assume invitation response was actually received by the peer
even though ack was not reported.
Signed-hostap: Vivek Natarajan <nataraja@qca.qualcomm.com>
Commit b52f084cfa introduced a mechanism
for adding arbitrary vendor-specific elements into the Beacon and Probe
Response frames. However, this information was not added to the separate
buffers used for specifying Beacon and Probe Response IEs for drivers
that build the frames internally. Add vendor_elements to these values,
too, to support such drivers in addition to drivers that use the full
Beacon tail/head buffers.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When the wiphy information is split, there's no guarantee that the
channels are processed before the bitrates; in fact, with the current
kernel it happens the other way around. Therefore, the mode information
isn't set up correctly and there's no 11g mode.
Fix this by doing the 11b/11g determination as part of the
postprocessing.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Previously, P2P_PD_DURING_FIND state was scheduled for 200 ms and the
P2P state was not change until that timeout regardless of whether the PD
Response for recieved or not. There is no need to wait for that timeout
if the response is received, so allow the next operation to be performed
immediately after the response has been processed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This makes it easier to understand how scan operations and events occur
when multiple interfaces is being controlled by a single wpa_supplicant
process.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add a driver capability flag for drivers which support IBSS mode and set
it for nl80211 drivers which have set the NL80211_IFTYPE_ADHOC.
Add a new option "modes" to "get_capability" which will return "AP" and
"IBSS" if the corresponding capability flags are set.
The idea is that this can be used for UIs to find out if the driver
supports IBSS mode.
Signed-hostap: Bruno Randolf <br1@einfach.org>
Clear WLAN_STA_ASSOC_REQ_OK, otherwise no Class 3 frame will be sent to
the disconnected STA in response to data frames.
Signed-hostap: Felix Fietkau <nbd@openwrt.org>
If a peer replies to persistent group invitation with status code 8
(unknown group), remove the peer from the p2p_client_list if we are the
GO or remove the persistent group if we are the P2P client since it
looks like that the peer has dropped persistent group credentials and
the provisioning step needs to be executed again.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 50285f5ca8 changed number of rules
in channel selection and among other things, it broke the design where
the currently used operating channel on a virtual interface that is
shared by the same radio is preferred to avoid costs related to
multi-channel concurrency. Fix this regression by making the P2P module
aware of the shared channel and using that preference as the highest
priority when re-selecting the channel during negotiation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 50285f5ca8 ended up forcing channel
re-selection in number of cases where the peer would actually have
accepted our initial preference. Fix the parts related to best channel
information by using best_freq_overall as the highest priority and by
skipping the band changes if the peer supports the channel that we
picked since these were based on the assumption that
p2p_reselect_channel() is called only if the peer could not accept our
initial choice which is not the case anymore.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If the previously started setup is terminated in case both peers
initiate TDLS link at more or less the same time, disable the old link
to allow the dummy station entry to be deleted from cfg80211 so that a
new entry can be added for the setup direction that will be allowed to
proceed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add NL80211_CMD_UPDATE_FT_IES to support update of FT IEs to the
WLAN driver. Add NL80211_CMD_FT_EVENT to send FT event from the
WLAN driver. This will carry the target AP's MAC address along
with the relevant Information Elements. This event is used to
report received FT IEs (MDIE, FTIE, RSN IE, TIE, RICIE).
Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
It is possible for a P2P client to connect to an operating group without
exchanging any Probe Request/Response frames that would allow the GO to
discover the peer. To make sure there is a P2P peer entry at the GO, try
to add the peer information based on P2P IE in (Re)Association Request
frame.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>