Commit Graph

1232 Commits

Author SHA1 Message Date
Sam Leffler
d4c1ec56f1 dbus: Add ConfigFile to AddInterface properties
This provides feature parity with the old-style D-Bus API. Explicit
properties to control global parameters is preferred but until that
happens this allows doing things like setting pkcs11_engine_path and
pkcs11_module_path via D-Bus.
2011-03-20 11:52:57 +02:00
Jouni Malinen
fe885594ac Document CONFIG_DEBUG_SYSLOG and CONFIG_DEBUG_SYSLOG_FACILITY 2011-03-20 11:49:41 +02:00
Sam Leffler
3e1996216e Add support for setting the syslog facility from the config file
This enables setting the syslog facility at build time.
2011-03-20 11:48:42 +02:00
Johannes Berg
c76e5d7f9b wpa_s AP mode: complete only when setup is complete
The AP code might, currently only in the case of HT40, defer actual
enabling to after a scan. In this case, the wpa_s AP code gets confused.
Add a callback for it to use and make it use it to finish only when the
setup has actually completed.

With appropriate hacks in place this allows using HT40 in P2P mode.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-19 13:11:15 +02:00
Johannes Berg
c202f19c68 wpa_s AP mode: propagate scan event
When wpa_s scans in AP mode, it doesn't propagate the scan event to the
AP code, so that code can get stuck if it uses the callbacks there.
Simply call them where appropriate.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-19 13:08:08 +02:00
Jean-Michel Bachot
046ef4aa67 P2P: Add option for requested device type in P2P search/scan
With this, p2p_find can be extended to find certain requested device
types.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-19 12:57:46 +02:00
Jean-Michel Bachot
f95cac271b P2P: Allow adding of WPS vendor extension attributes
This adds the ability to add WPS vendor extension attributes in P2P
frames, like GO Negotiation and Probe Response frames.

Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-19 12:22:18 +02:00
Xi Chen
ea244d2156 IBSS RSN: Clear IBSS RSN peers based on peer lost events 2011-03-18 17:04:46 +02:00
Johannes Berg
2f646b6e83 WPS: Store (secondary) device type as binary
Instead of converting back and forth from the string representation,
always use the binary representation internally.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-17 18:50:22 +02:00
Jouni Malinen
85a821d611 WPS: Fix copying of UUID from the first interface
Use the first interface (last in the list), not the last added
interface. In addition, use the same routine to set the UUID
after reconfiguration.
2011-03-17 18:07:00 +02:00
Jouni Malinen
586bad514b Make the link process quieter unless V=1 is specified
Hide the long command lines used for linking the binaries in the
default build. "make V=1" can be used to show the actual commands
if needed.
2011-03-17 12:31:38 +02:00
Jean-Michel Bachot
a9e86bfb74 WPS: Add secondary device types into Probe Request frames
The secondary device type list is an optional attribute in the WSC IE.

Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-17 11:09:49 +02:00
Xi Chen
13579b987b IBSS RSN: Enable group rekeying every 10 minutes 2011-03-16 16:28:56 +02:00
Xi Chen
92ac6376c4 IBSS RSN: Add for_each_sta handler for authenticator 2011-03-16 16:28:32 +02:00
Xi Chen
f385833bda IBSS RSN: Add supp_get_state handler 2011-03-16 16:27:08 +02:00
Xi Chen
df41824501 IBSS RSN: Do not start if not yet connected to IBSS
This is used to avoid starting IBSS RSN processing with a peer before
the IBSS connection itself has been completed.
2011-03-16 16:26:26 +02:00
Johannes Berg
d8a43924ec wpa_s AP mode: Add notification functions for STA authorized
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-16 15:58:41 +02:00
Catalin Drula
5b49c9d5ed dbus: Fix interface list getter with multiple interfaces
There's a bug in the getter for the 'Interfaces' property
of /fi/w1/wpa_supplicant1 (new D-Bus interface) which causes a
'Segmentation Fault' when there are multiple interfaces.
2011-03-16 12:30:09 +02:00
Jouni Malinen
4db9f805c7 Move .config to the toplevel .gitignore 2011-03-15 17:52:13 +02:00
Jouni Malinen
8e8f849f9d Android: Use /data/system/wpa_supplicant path as default in wpa_cli 2011-03-15 15:27:17 +02:00
Jouni Malinen
c5c5817c33 wpa_cli: Allow wpa_supplicant control interface default to be changed
CONFIG_CTRL_IFACE_DIR can now be defined to modify the default directory
wpa_cli uses for the wpa_supplicant control interface.
2011-03-15 15:26:27 +02:00
Dmitry Shmidt
b1001e4c45 wpa_cli: Add Android socket support
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-03-15 15:18:07 +02:00
Paul Stewart
5bbf9f1086 Add DBus state change notification for AuthMode property
Signed-off-by: Paul Stewart <pstew@google.com>
2011-03-15 13:54:59 +02:00
Paul Stewart
ba6f267f64 dbus: Add D-Bus method for current authentication mode
Chooses between EAP and non-EAP authentication modes and
uses the appropriate method to retrieve the name.

Signed-off-by: Paul Stewart <pstew@google.com>
2011-03-15 13:53:56 +02:00
Paul Stewart
cf83fb0b5b wpa_supplicant: Add wpa_supplicant_get_eap_mode method
Signed-off-by: Paul Stewart <pstew@google.com>
2011-03-15 13:53:08 +02:00
Jouni Malinen
e17a2477db nl80211: Extend bridge add/del operations for secondary BSSes
Previously, only the main interface was added to a bridge. Extend this
to apply to all configured BSSes.
2011-03-15 13:02:49 +02:00
Chao-Wen Yang
3152ff421e WPS: Indicate PBC session overlap in wps_pbc return value
Use a specific return value, WPS-PBC-OVERLAP, to indicate a reason
for rejecting a wps_pbc command in wpa_supplicant AP mode if the
PBC mode cannot be started due to PBC session overlap having been
detected during monitor time.
2011-03-10 18:59:51 +02:00
Jouni Malinen
ab45223b1a wpa_supplicant AP: Copy generated UUID for AP configuration
If the wpa_supplicant configuration file does not specify an UUID,
we need to copy the generated UUID, not the all zeros buffer
reserved for the configured UUID.
2011-03-10 18:40:16 +02:00
Jouni Malinen
ca29141c83 WPS: Copy UUID from the first interface
Instead of generating a different UUID for each interface, use the
same UUID that was either configured of generated for the first
interface. This avoids potential issues with PBC session overlap
detection should multiple interfaces end up running a PBC scan
at the same time which may happen at least in some P2P use cases.
2011-03-10 18:36:07 +02:00
Jouni Malinen
52c9e6f3f5 TDLS: Do not allow setup to be started if AP prohibits TDLS 2011-03-06 14:54:49 +02:00
Jouni Malinen
94377fbc52 TDLS: Allow wpa_cli tdls_setup to start renegotiation
If there is already a link the requested peer, request start of
renegotiation instead of completely new link. This seems to be needed
to allow some driver to accept the trigger for a new negotiation.
2011-03-06 14:54:44 +02:00
Jouni Malinen
5b0e6ece54 TDLS: Add a special testing feature for changing TDLS behavior
These special test cases can be configured at run time with "wpa_cli
tdls_testing <value>" where <value> is an integer (either as a decimal
or as a hex value with 0x prefix) bitmap of special features with
following bits available at this point:
bit 0 = long frame (add dummy subelement to make FTIE very long)
bit 1 = use alternative RSN IE (different RSN capab value and no extra
replay counters)
bit 2 = send incorrect BSSID in Link Identifier of TDLS Setup Request
(e.g., 1 = long FTIE, 2 = different RSN IE, 3 = both of those)

This is disabled by default and can be enabled for the build by
adding the following line to .config:
CFLAGS += -DCONFIG_TDLS_TESTING
2011-03-06 14:53:54 +02:00
Ganesh Prasadh
281ff0aa76 TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010) 2011-03-06 14:53:49 +02:00
Shan Palanisamy
39b08b5fc0 Indicate assoc vs. reassoc in association event
This allows driver wrappers to indicate whether the association was
done using Association Request/Response or with Reassociation
Request/Response frames.
2011-03-06 14:31:46 +02:00
Dmitry Shmidt
9fc6aa9f95 Add Android make files for hostapd and wpa_supplicant 2011-02-27 19:19:43 +02:00
Dmitry Shmidt
b3f3865e0e Use Android reserved namespace for control interface
On Android, use a special reserved namespace for the UNIX domain
socket.
2011-02-27 18:19:17 +02:00
Jouni Malinen
9e0749737c Update copyright notices to include the new year 2011-02-27 12:50:00 +02:00
Dmitry Shmidt
4e2ead7a72 Add wpa_supplicant state change event for Android network manager
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-02-26 13:20:16 +02:00
Dmitry Shmidt
fb0e5bd7df ctrl_iface: Return only finished line for scan results
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-02-26 13:16:04 +02:00
Konguraj(Raj) Kulanthaivel
43a26f606c P2P: Add wpas_notify_p2p_sd_response
Signed-off-by: Konguraj(Raj) Kulanthaivel <konguraj.kulanthaivel@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-24 22:47:34 +02:00
Konguraj(Raj) Kulanthaivel
e1653cac23 P2P: Add wpas_notify_p2p_sd_request
Signed-off-by: Konguraj(Raj) Kulanthaivel <konguraj.kulanthaivel@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-24 22:45:39 +02:00
Jean-Michel Bachot
5ccdf84f0d P2P: Add invitation result notification
Add a notification function for the result of an invitation.

Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-24 22:40:21 +02:00
Jayant Sane
c2641bf7cf P2P: Add GO negotiation status notification
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-24 22:34:52 +02:00
Konguraj(Raj) Kulanthaivel
32d1bce0c0 P2P: Add wpas_notify_p2p_go_neg_req
Add a notification for received GO negotiation requests.

Signed-off-by: Konguraj(Raj) Kulanthaivel <konguraj.kulanthaivel@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-24 22:30:19 +02:00
Johannes Berg
408af93ed4 P2P: Add group removed notification
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-24 22:27:23 +02:00
Johannes Berg
56eeb8f299 P2P: Add method to signal lost device
This signal is used to notify users of the P2P
state machine or wpa_supplicant of lost devices.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-24 22:22:16 +02:00
Johannes Berg
d642d2d267 P2P: Add notification for P2P device found
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-24 22:08:18 +02:00
Johannes Berg
8fd7dc1b1c P2P: Add new_device flag to dev_found callback
The DBus code will want to have perfect matching of dev_found and the
dev_lost it adds so it doesn't need to keep track internally. Enable
that with a new flag in the core that tracks whether we have already
notified about this -- the existing users can ignore it.

The part where this is always set to 1 if the new device is discovered
by a driver that has P2P in the driver is buggy -- the driver should
feed the P2P peer database and then that should feed the notification
here instead.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-24 21:59:58 +02:00
Konguraj(Raj) Kulanthaivel
c5db8e5170 P2P: Embed publically visible struct in peer info
This embeds some information about each P2P peer that will be publically
visible in a struct that is shared.

The dev_found notification function is also passed the new struct, which
requires some work for the driver-based P2P management.

Signed-off-by: Konguraj(Raj) Kulanthaivel <konguraj.kulanthaivel@intel.com>
Signed-off-by: Fabien Marotte <fabienx.marotte@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-24 21:51:17 +02:00
Jouni Malinen
9526fd293f P2P: Handle P2P-not-supported without segfaults
Previous code was assuming that the P2P module is always initialized.
However, that is not the case anymore with drivers that do not support
P2P. Add verification of whether P2P is enabled before trying to execute
P2P commands.
2011-02-24 21:13:30 +02:00
Ben Greear
48b84f18a3 Wait 1 second before (re)scanning on authentication timeout
If we timed out, the AP or the local radio may be busy.
So, wait a second until scanning again.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-24 17:16:16 +02:00
Ben Greear
e29853bbff SME: Add timers for authentication and asscoiation
mac80211 authentication or association operation may get stuck for some
reasons, so wpa_supplicant better use an internal timer to recover from
this.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-24 16:59:46 +02:00
Jouni Malinen
b89883a444 P2P: Notify WPS-M2D event on parent interface and handle PBC overlap
GO may use M2D to notify that PBC overlap was detected if the GO was
configured to allow only a specific P2P Device to connect using PBC.
We need to report the M2D message on the parent interface if a
separate group interface is used. In addition, we can stop the P2P
operation if PBC overlap was indicated similarly to what we are
already doing in th case the overlap is detected locally.
2011-02-22 12:20:16 +02:00
Jouni Malinen
a432bafbca wpa_cli: Add newline to end of responses in interactive mode
Some of the wpa_supplicant control interface commands, like WPS_PIN,
may not include a newline in the end of the response. This can result
in the response being lost when wpa_cli redraws the screen after an
event message. Add a newline after such responses in interactive mode
to avoid the problem.
2011-02-21 22:50:11 +02:00
Ben Greear
4c9695be8f WPS ER: Stop eloop only on the last terminate_cb
This allows all WPS ER instances to be cleaned up properly if more
than one interface has an active WPS ER when wpa_supplicant is being
killed.
2011-02-21 21:47:46 +02:00
Jouni Malinen
16a83d2965 FT: Set EAPOL state machined to authenticated state with FT-EAP
When FT protocol run is completed with FT-EAP, the EAPOL state machine
needs to be notified of the completed authentication to make sure it
does not try to start new authentication.
2011-02-20 21:57:53 +02:00
Ben Greear
e1504976f1 Do not propagate bad scan results to siblings sharing the radio
This decreases useless work and re-scans by siblings when a
device gets a scan failure.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-16 18:55:37 +02:00
Jouni Malinen
50b16da13f Fix CONFIG_NO_STDOUT_DEBUG=y build 2011-02-10 20:24:06 +02:00
Ben Greear
f049052b9e Use wpa_msg() instead of wpa_printf()
This converts number of debugging messages to use wpa_msg() in order
to allow the interface name to be shown with the messages.

A new function, wpa_dbg(), is introduced to allow
CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is
otherwise identical with wpa_msg(), but it gets compiled out if stdout
debugging is disabled.
2011-02-10 20:14:46 +02:00
Jouni Malinen
e67b55fb11 wpa_s AP: Deliver EVENT_RX_PROBE_REQ events to AP processing
This is needed to allows WPS PBC session overlap detection to work
with drivers that process Probe Request frames internally. This
code is is run in hostapd, but the wpa_supplicant AP mode did not
have call to the hostapd_probe_req_rx() function even though it
registered handlers for hostapd Probe Request RX callbacks.
2011-02-08 14:32:35 +02:00
Jouni Malinen
d601247ca9 P2P: Allow WPS_PBC command on GO to select on P2P Device Address
An optional parameter, p2p_dev_addr, can now be given to WPS_PBC
command on P2P GO to indicate that only the P2P device with the
specified P2P Device Address is allowed to connect using PBC. If
any other device tries to use PBC, a session overlap is indicated
and the negotiation is rejected with M2D. The command format for
specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g.,
WPS_PBC p2p_dev_addr=02:03:04:05:06:07

In addition, show the PBC session overlap indication as a WPS failure
event on an AP/GO interface. This particular new case shows up as
"WPS-FAIL msg=4 config_error=12".
2011-02-07 18:28:36 +02:00
Ben Greear
4f1495aefa Add interface name to wpa_msg() output
This makes log files much more readable if multiple interfaces
are being controlled by the same process. The interface name is
added to stdout/file/syslog entries, but not to the messages
sent to control interface monitors to avoid issues with parsing
in external programs.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-06 20:39:34 +02:00
Ben Greear
ac6912b5d1 wpa_supplicant: Support 'relog' command to re-open log files
This allows rolling log files:

mv log.txt log.txt.1
wpa_cli relog

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-06 20:15:19 +02:00
Johannes Berg
3103f34576 P2P: Add wpas_p2p_disconnect()
Add a new API function wpas_p2p_disconnect()
to disconnect from or dissolve a group.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 17:30:15 +02:00
Johannes Berg
bbeee9b0db P2P: Use a variable for generated PIN to allow multiple uses
In order to pass the same PIN to multiple notifications in the future,
generate it centrally.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 17:12:37 +02:00
Johannes Berg
d750b7e699 DBus: Improve error reporting
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 17:03:32 +02:00
Johannes Berg
6d7111418d DBus: Increase introspection buffer sizes
The P2P additions will add more data so
that the current buffers aren't big enough.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 17:01:29 +02:00
Johannes Berg
d1c8ac88b9 DBus: Publish provisioned keys in network properties
When the network was provisioned, we need to get the keys to be able to
reconnect without new provisioning. To be able to publish those keys but
not normally configured ones, add a new attribute to struct wpa_ssid
indicating whether or not keys may be exported.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 17:00:12 +02:00
Johannes Berg
839b33ad90 P2P: Clear driver Probe Response IE on stop_listen
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-01 18:30:33 +02:00
Johannes Berg
11fb02be67 P2P: Fix p2p_long_listen
There are two issues with p2p_long_listen:
 1) max_remain_on_channel is assumed to be 5 seconds,
 2) if max_remain_on_channel is not a full multiple of
    seconds, accounting breaks.

Fix these by converting p2p_long_listen to ms and
tracking it according to max_remain_on_channel.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-01 18:09:38 +02:00
Jouni Malinen
09c395b4bb FT: Configure FT XXKey as PMK for driver-based 4-way handshake
When using FT-EAP, the second half of MSK is used as the starting
point for PMK key hierarchy. Configure that instead of the first
half of MSK when using FT with driver-based 4-way handshake and
FT protocol.
2011-02-01 00:06:13 +02:00
Jouni Malinen
98ea943177 Set portValid=TRUE on association for driver-based 4-way handshake
This was previously done for WPA/WPA2-Personal as part of association
processing when the driver is implementing 4-way handshake. The
portValid needs to be done for WPA/WPA2-Enterprise to get the proper
EAPOL authentication completed callback to configure PMK to the driver.
2011-02-01 00:04:02 +02:00
Masashi Honma
6c714cd7d4 P2P: Show "FAIL" for failed p2p_find operation
I tried these commands:

./wpa_cli -i wlan0 p2p_group_add
./wpa_cli -i wlan0 p2p_find

The second one results in following messages because it is invalid
operation.

-------
nl80211: Scan trigger failed: ret=-95 (Operation not supported)
P2P: Failed to start p2p_scan
-------

But the second one shows "OK" on control console.

This patch makes it to show "FAIL".
2011-01-31 17:29:31 +02:00
Jouni Malinen
df077c6262 Remove obsolete drivers wrappers: atmel, ndiswrapper, ipw, hermes
There is no real reason to maintain these in the current development
branch anymore. If someone really needs support for the obsolete
driver interfaces, these can be found in older wpa_supplicant
branches.

driver_atmel.c
- vendor-specific interface for ATMEL AT76C5XXx cards
- for some old out-of-tree driver; not for the upstream atmel*
  drivers

driver_ndiswrapper.c
- vendor-specific interface for an out-of-tree driver
- ndiswrapper should work with driver_wext.c, too

driver_ipw.c
- vendor-specific interface for old ipw2100/2200 driver
- the upstream driver works with driver_wext.c (and does not work
  with the old interface)

driver_hermes.c
- vendor driver that was not even included in the main wpa_supplicant
  releases
2011-01-30 21:29:25 +02:00
Jouni Malinen
6c9a98a20d IBSS RSN: Do not start multiple Auth/Supp for same peer
This avoids an issue when a received EAPOL-Key frame from a peer
is initiating IBSS RSN Authenticator and Supplicant for the peer
and the following new-STA-in-IBSS event from the driver is adding
yet another instance of Authenticator/Supplicant. The EAPOL-Key
RX case was already checking whether an instance had been started;
the driver new-STA event needs to do same.
2011-01-15 16:55:15 +02:00
Jouni Malinen
50b05780c2 IBSS RSN: Delay setting of the initial TX GTK
The driver may get confused if we set the initial TX GTK before having
fully configured and connected to an IBSS, so better delay this
operation until the connection (join/start IBSS) has been completed.
2011-01-15 14:07:02 +02:00
Chao-Wen Yang
449adbaca9 WPS: Indicate WPS-FAIL event on EAPOL timeout-based failure callback
If the EAPOL processing times out (e.g., if the AP stops replying
to messages for some reason) during WPS negotiation, we need to
indicate WPS-FAIL event from eapol_cb since no other WPS failure is
reported for this particular case.
2011-01-13 18:04:33 +02:00
Chao-Wen Yang
c5cf0a18f1 WPS: Add mechanism for indicating non-standard WPS errors
Previously, only the Configuration Error values were indicated in
WPS-FAIL events. Since those values are defined in the specification
it is not feasible to extend them for indicating other errors. Add
a new error indication value that is internal to wpa_supplicant and
hostapd to allow other errors to be indicated.

Use the new mechanism to indicate if negotiation fails because of
WEP or TKIP-only configurations being disallows by WPS 2.0.
2011-01-13 17:50:59 +02:00
Jouni Malinen
0382097ef3 Use set_key addr to distinguish default and multicast keys
Previously, both NULL and ff:ff:ff:ff:ff:ff addr were used in various
places to indicate default/broadcast keys. Make this more consistent
and useful by defining NULL to mean default key (i.e., used both for
unicast and broadcast) and ff:ff:ff:ff:ff:ff to indicate broadcast
key (i.e., used only with broadcast).
2011-01-09 19:44:28 +02:00
Jouni Malinen
da64c266e7 Use more consistent set_key seq value when nothing is being set
Use NULL instead of (u8 *) "" as the seq value and make sure the
driver wrapper implementations can handle NULL value. This was
previously already done in number of places, but not everywhere.
2011-01-09 12:09:04 +02:00
Jouni Malinen
6c6ad81f9c WPS: Make WPS-AP-AVAILABLE* events a bit more consistent
The BSS table entries may be in more or less random order and it is
better to show the most likely WPS configuration method in a way that is
somewhat more consistent instead of just showing the method of the first
BSS entry found in the table.
2011-01-05 11:49:03 +02:00
Jouni Malinen
df83fb7d00 Fix wpa_supplicant_ssid_bss_match() handler for non-WPA
The proto configuration may be left to non-zero when moving from one
configuration to another. To avoid misidentifying a network
configuration as enabling WPA, check key_mgmt field, too.
2010-12-30 18:27:33 +02:00
Jouni Malinen
3ac17eba31 P2P: Add initial support for driver-based P2P management
This adds partial callbacks and events to allow P2P management to be
implemented in a driver/firmware. This is not yet complete and is
very much subject to change in the future.
2010-12-30 12:48:55 +02:00
Jouni Malinen
f981eabcf0 WPS: Add option to disable open networks by default
CONFIG_WPS_REG_DISABLE_OPEN=y can be used to configure wpa_supplicant
to disable open networks by default when wps_reg command is used to
learn the current AP settings. When this is enabled, there will be a
WPS-OPEN-NETWORK ctrl_iface event and the user will need to explicitly
enable the network (e.g., with "select_network <id>") to connect to
the open network.
2010-12-30 12:28:13 +02:00
Johannes Berg
190b9062b2 P2P: Add option for offloading off-channel TX to the driver
With the new kernel functionality coming to Linux to allow off-channel
TX, we can take advantage of that in the P2P code that currently uses
remain-on-channel. If a driver advertises support for it, it will be
asked to handle off-channel TX by itself.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-12-29 13:59:17 +02:00
Johannes Berg
0d7e5a3a29 Allow AP mode to disconnect STAs based on low ACK condition
The nl80211 driver can report low ACK condition (in fact it reports
complete loss right now only). Use that, along with a config option, to
disconnect stations when the data connection is not working properly,
e.g., due to the STA having went outside the range of the AP. This is
disabled by default and can be enabled with disassoc_low_ack=1 in
hostapd or wpa_supplicant configuration file.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-12-28 17:15:01 +02:00
Jouni Malinen
cc5e390d28 WPS: Require PBC match with wps_pbc that specifies BSSID
The WPS mode was already verified when the AP was configured for
WPA/WPA2, but this was not done with AP that was in open mode.
Fix this by allowing wpa_supplicant_ssid_bss_match() to be called
in non-WPA configuration, too. With this change, wps_pbc BSSID
command will wait until the specified target AP is in active PBC
mode before trying to connect to it.
2010-12-28 08:56:23 +02:00
Jouni Malinen
5e8b237864 Fix CONFIG_SME build without CONFIG_IEEE80211W 2010-12-19 12:44:58 +02:00
Jouni Malinen
7d878ca769 Use SA Query procedure to recovery from AP/STA state mismatch
If a station received unprotected Deauthentication or Disassociation
frame with reason code 6 or 7 from the current AP, there may be a
mismatch in association state between the AP and STA. Verify whether
this is the case by using SA Query procedure. If not response is
received from the AP, deauthenticate.

This implementation is only for user space SME with
driver_nl80211.c.
2010-12-19 11:58:00 +02:00
Johannes Berg
0423d090ce P2P: Fix some int size warnings
When u64 != unsigned long, the compiler will give
some warnings. Fix these.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-12-17 17:09:50 +02:00
Dan Williams
1e6288df6b dbus: Emit property changed events when adding/removing BSSes
The supplicant was not emitting property changed events when the BSSs
property changed.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2010-12-17 15:56:01 +02:00
Johannes Berg
860fddbb41 Allow setting scan_res_handler from the callback function
Some new code I'm working on will need the scan_res_handler assigned all
the time in certain circumstances, so the easiest way is to reset it
within the handler. This is currently prevented by the way the code in
the event handler works -- change that to permit such usage.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-12-17 15:31:05 +02:00
Johannes Berg
a2810199ec dbus: Fix type in wpa_dbus_dict_begin_string_array
The array's type should be given as the proper
DBUS_TYPE_STRING_AS_STRING, but evidently it
doesn't matter since it's all packed into a
variant type.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-12-17 15:20:32 +02:00
Sudhakar Swaminathan
45fee6f090 P2P: Cancel group formation timeout on p2p_cancel 2010-12-17 15:06:48 +02:00
Sudhakar Swaminathan
231bbd0375 P2P: Unauthorize pending P2P GO Neg peer on p2p_cancel
If there is a pending GO Negotiation when p2p_cancel is used,
unauthorize the peer to avoid immediate reconnection from being
accepted without a new p2p_connect command.
2010-12-17 15:05:35 +02:00
Sudhakar Swaminathan
0a14e3ec8b P2P: Cancel group formation on PBC overlap
We should cancel group formation completely on PBC overlap instead
of just partially notifying that operations were stopped. There is
no point in waiting for the group formation timeout in this case.
2010-12-17 15:04:14 +02:00
Masashi Honma
4d2ea6a6a9 P2P: Fix wpa_cli help typo 2010-12-17 15:01:28 +02:00
Jouni Malinen
aca0160548 nl80211: Set cipher suites when using user space SME
Previously, pairwise and group cipher suites were configured only
when kernel SME (nl80211 connect API) was used. However, mac80211
needs this information even in the user space SME case for one
thing: to disable HT when TKIP/WEP is used. Add
NL80211_ATTR_CIPHER_SUITES_PAIRWISE to fix this special case with
user space SME. This allows mac80211 to disable HT properly when
the AP is configured with configuration that is not allowed.
2010-12-13 21:08:53 +02:00
Jouni Malinen
89c38e32c7 RSN IBSS: RX GTK configuration with nl80211
This add preliminary code for setting the per-STA RX GTK for
RSN IBSS when nl80211 drivers. For some reason, this does not
seem to fully work, but at least driver_nl80211.c is now aware of
what kind of key is being set and the whatever is missing from
making this key configuration go through should be specific to
nl80211/cfg80211.
2010-12-04 20:31:22 -08:00
Jouni Malinen
df4bc5091e IBSS RSN: Do not start 4-way handshake unless RSN is enabled 2010-12-04 18:17:05 -08:00
Paul Stewart
8e5f078fb9 dbus_new_handlers: Omit errant dbus_message_unref
This unref is guaranteed to be freeing a NULL pointer.

Tested manually: use dbus-send to send an invalid debug level parameter

Before change:

$ dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply
/fi/w1/wpa_supplicant1 org.freedesktop.DBus.Properties.Set
string:fi.w1.wpa_supplicant1 string:DebugLevel variant:string:msgdumpf
Error org.freedesktop.DBus.Error.NoReply: Message did not receive a reply
(timeout by message bus)
(and then wpa_supplicant crashes)

After change:

$ dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply
/fi/w1/wpa_supplicant1 org.freedesktop.DBus.Properties.Set
string:fi.w1.wpa_supplicant1 string:DebugLevel variant:string:msgdumpf
Error fi.w1.wpa_supplicant1.InvalidArgs: Did not receive correct message
arguments.

Signed-off-by: Paul Stewart <pstew@google.com>
2010-12-04 11:58:44 -08:00
Ben Greear
6859f1cb24 Enable sharing of scan result events among virtual interfaces
When controlling multiple virtual interfaces on the same physical
radio, share the scan results events with sibling interfaces. This
decreases the time it takes to connect many virtual interfaces.

This is currently only supported on Linux with cfg80211-based
drivers when using nl80211 or wext driver interface.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2010-11-26 21:46:30 +02:00
Ben Greear
c577db2afd Add interface name to some debug prints
This makes it easier to figure out what is happening when controlling
multiple interfaces from a single wpa_supplicant process.
2010-11-26 21:16:36 +02:00
Tomasz Bursztyka
1b232e479d dbus: Fix new dbus API for WPS
Start() method's optional Bssid argument needs a byte array, not an
array of arrays.
2010-11-26 19:47:24 +02:00
Jouni Malinen
871f4dd069 Allow driver wrappers to indicate whether result codes are sane
Some drivers are not providing exactly reliable error codes (e.g.,
with WEXT), but others may actually indicate reliable information.
Allow driver wrappers to indicate if that is the case and use
optimizations if so. For now, this improves nl80211 with
NL80211_CMD_CONNECT for a case where connection request fails.
2010-11-26 17:41:21 +02:00
Jouni Malinen
c05d6d188c Do not segfault on EVENT_ASSOC_REJECT without BSSID 2010-11-26 17:38:46 +02:00
Jouni Malinen
e5ad96b745 SME: Optimize recovery from assocication command failures
mac80211 can indicate this mainly because of channel selection
conflicts with other vifs. If there is another BSS on another
channel, we should try to connect to it instead.
2010-11-26 17:37:22 +02:00
Jouni Malinen
971e357f19 P2P: Add new driver option for interface allocation
WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P flag can now be used to
indicate that the initial interface (e.g., wlan0) is used for
P2P management operations and potentially non-P2P connections.
This is otherwise identical to
WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE, but the possibility of
non-P2P connections makes some operations differ.
2010-11-26 15:52:16 +02:00
Jouni Malinen
a1eca5cfd8 P2P: Rename the group interface name to use p2p- prefix
This may make it less likely for udev to rename the interface that
would previously have been called wlan0-p2p-# (now: p2p-wlan0-#).
In addition, add some workaround code to handle the case where the
main interface name is close to the IFNAMSIZ length limit to
avoid going over that for the P2P group interface.
2010-11-26 15:50:22 +02:00
Jouni Malinen
0f85ef5cf0 P2P: Use larger pending_interface_name buffer
In theory, the interface name could be longer than IFNAMSIZ in
some systems, so use the same size buffer for this field as is
used with the main interface name.
2010-11-26 15:49:26 +02:00
Jouni Malinen
afa4926c95 P2P: Use alternative way of starting dnsmasq if needed
Some other dnsmasq users (like libvirt) seem to be binding the DHCP
server to all interfaces which prevents the previously used mechanism
here from working (bind on the DHCP socket fails). If a failure is
noticed, try to start dnsmasq with -z option to avoid that.
2010-11-26 15:47:13 +02:00
Jouni Malinen
0fb337c121 Extend load balancing optimization in BSS blacklisting
Move the previously SME specific optimization code into generic
function that can be used from non-SME code, too, and use it to
handle disconnection events. In other words, allow disconnection
event to trigger similar optimized scanning case to handle a
common load balancing mechanism. If there is another BSS in the
same ESS when we receive a disconnection event, scan only the
known frequencies of such other BSSes on the next attempt to
speed up recovery.
2010-11-26 11:36:03 +02:00
Jouni Malinen
5471c3434e Blacklist BSS on first failure if only a single network is enabled
The special case of requiring blacklisting count to be 2 or higher
is only needed when more than a single network is currently enabled.
As such, we should not do that when only a single network is enabled.
This make the station more likely to follow network side load
balancing attempts where the current AP may disassociate us with
an assumption that we would move to another AP.
2010-11-26 11:23:50 +02:00
Jouni Malinen
34dbfc0cb3 Fix CONFIG_AP=y build without NEED_AP_MLME driver 2010-11-25 23:41:32 +02:00
Jouni Malinen
0fe620de7e Fix CONFIG_AP=y build without CONFIG_WPS=y 2010-11-25 23:34:56 +02:00
Jouni Malinen
f47d639d49 SME: Optimize recovery from common load balancing mechanisms
When authentication or association fails when trying to connect to
a BSS in an ESS that has multiple BSSes based on previous scans,
limit the first recovery scan to only the known channels that has
been seen previously. This speeds up recovery in some of the most
commonly used load balancing mechanisms in enterprise WLAN
networks.
2010-11-25 22:51:56 +02:00
Jouni Malinen
7e6646c794 SME: Fix re-try after auth/assoc timeout/failure
There were various issues in how the SME (i.e., nl80211-based driver
interface) handled various authentication and association timeouts and
failures. Authentication failure was not handled at all (wpa_supplicant
just stopped trying to connect completely), authentication timeout
resulted in blacklisting not working in the expected way (i.e., the same
BSS could be selected continuously), and association cases had similar
problems.

Use a common function to handle all these cases and fix the blacklist
operation. Use smaller delay before trying to scan again during the
initial cycle through the available APs to speed up connection. Add
a special case for another-BSS-in-the-same-ESS being present to
speed up recovery from networks with multiple APs doing load balancing
in various odd ways that are deployed out there.
2010-11-25 22:00:04 +02:00
Jouni Malinen
3c85f144ce P2P: Fix Action frame sending after disconnection
assoc_freq needs to be cleared when an interface gets disconnected.
This fixes an issue where P2P Action frame transmission may fail
because of missing remain-on-channel operation when using the same
interface for group operations (or non-P2P connections) and P2P
management operations.
2010-11-25 16:04:07 +02:00
Sudhakar Swaminathan
9d562b7946 P2P: Add p2p_unauthorize command
This can be used to remove authorization from a previous p2p_connect
commands that has not yet resulted in completed GO Negotiation.
2010-11-25 13:09:50 +02:00
Jouni Malinen
7a80af658d Fix CONFIG_AP=y build without CONFIG_P2P=y 2010-11-24 16:55:17 +02:00
Jouni Malinen
fe99fb74f1 Fix wpa_supplicant AP mode build after hostapd changes 2010-11-24 16:52:04 +02:00
Albert Liu
1d39378a0b P2P: Fix RX ack status on Action frames sent via interface in GO mode
The wpa_supplicant_event() EVENT_TX_STATUS ack field needs to be
converted to use wpas_send_action_tx_status()
enum p2p_send_action_result in this case, too, to avoid getting
incorrect TX status for P2P processing.
2010-11-24 14:25:33 +02:00
Jouni Malinen
bbb921daaa Maintain internal entropy pool for augmenting random number generation
By default, make hostapd and wpa_supplicant maintain an internal
entropy pool that is fed with following information:

hostapd:
- Probe Request frames (timing, RSSI)
- Association events (timing)
- SNonce from Supplicants

wpa_supplicant:
- Scan results (timing, signal/noise)
- Association events (timing)

The internal pool is used to augment the random numbers generated
with the OS mechanism (os_get_random()). While the internal
implementation is not expected to be very strong due to limited
amount of generic (non-platform specific) information to feed the
pool, this may strengthen key derivation on some devices that are
not configured to provide strong random numbers through
os_get_random() (e.g., /dev/urandom on Linux/BSD).

This new mechanism is not supposed to replace proper OS provided
random number generation mechanism. The OS mechanism needs to be
initialized properly (e.g., hw random number generator,
maintaining entropy pool over reboots, etc.) for any of the
security assumptions to hold.

If the os_get_random() is known to provide strong ramdom data (e.g., on
Linux/BSD, the board in question is known to have reliable source of
random data from /dev/urandom), the internal hostapd random pool can be
disabled. This will save some in binary size and CPU use. However, this
should only be considered for builds that are known to be used on
devices that meet the requirements described above. The internal pool
is disabled by adding CONFIG_NO_RANDOM_POOL=y to the .config file.
2010-11-24 01:29:40 +02:00
Jouni Malinen
b21e2c84f1 Include own MAC address in status info even in non-P2P builds 2010-11-21 12:35:49 +02:00
Jouni Malinen
8953e9681a edit: Move history save file specification to caller 2010-11-21 11:43:09 +02:00
Jouni Malinen
f6b25ca5b4 P2P: Add some initial documentation for P2P use 2010-11-19 13:24:45 +02:00
Jouni Malinen
ab72eb5256 P2P: Accept invitations to already running persistent group
We can automatically accept invitations that are for a persistent
group that is already running. There is no need to confirm this
separately or preparare a new group interface.
2010-11-19 12:58:31 +02:00
Jouni Malinen
9d39057c2b P2P: Stop p2p_find/p2p_listen when Invitation is accepted
When an Invitation to reinvoke a persistent group is accepted,
we need to make sure that any pending p2p_find or p2p_listen
operation gets stopped to avoid consuming all radio resources
doing device discovery while the group is being set up.
2010-11-19 12:58:03 +02:00
Jouni Malinen
6c0da49f62 P2P: Do not start multiple copies of same persistent group
When running p2p_group_add persistent=<id>, verify whether the
requested group is already running and if so, do not try to
start another copy of it.
2010-11-19 12:57:36 +02:00
Jouni Malinen
ca806fb540 P2P: Indicate WPS events from AP mode only during group formation
The duplicated WPS event in the parent interface should only be used
during P2P group formation, i.e., when the WPS operation was actually
started using the parent interface. When authorizing a client to
connect to an already running group, the WPS command is issued on
the group interface and there is no need to duplicate the event to
the parent interface.
2010-11-18 12:42:02 +02:00
Jouni Malinen
d1b024c9e5 P2P: Make sure wpa_s->global->p2p_group_formation gets cleared
This pointer is now used in number of places to check whether an
interface is in P2P Group Formation, so we better make sure it gets
cleared when group formation has been completed. This was done in
only some of the cases.
2010-11-18 12:41:27 +02:00
Jouni Malinen
9dd7d6b09c WPS: Add special AP Setup Locked mode to allow read only ER
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change then.
In other words, the protocol is allowed to continue past M2, but
is stopped at M7 when AP is in this mode. WPS IE does not
advertise AP Setup Locked in this case to avoid interoperability
issues.

In wpa_supplicant, use ap_setup_locked=2 by default. Since the AP PIN
is disabled by default, this does not enable any new functionality
automatically. To allow the read-only ER to go through the protocol,
wps_ap_pin command needs to be used to enable the AP PIN.
2010-11-17 16:48:39 +02:00
Jouni Malinen
70d84f11fe WPS: Add wps_ap_pin ctrl_iface command for wpa_supplicant AP mode
This can be used to control the AP PIN in wpa_supplicant AP mode
in the same way as the identical command in hostapd ctrl_iface.
2010-11-17 16:46:55 +02:00
Jouni Malinen
bb79dc720b P2P: Fix invitation-to-running-group handling
The pending_invite_ssid_id of -1 (running group, not persistent) was
being stored incorrectly in the group interface, not device interface
(i.e., parent of the group interface) and consequently, the incorrect
information was used when processing the Invitation Response.

If there was a persistent group credentials stored with network id
0, those were used instead to try to set up a persistent group
instead of using the already running group.
2010-11-16 15:22:06 +02:00
Albert Liu
5496062919 P2P: Update pending join interface address during scans
Since the P2P peer entry may not have been available at the time the
join request was issued, we need to allow the P2P Interface Address
to be updated during join-scans when the P2P peer entry for the GO
may be added.
2010-11-15 16:16:39 +02:00
Jouni Malinen
9b1ab931b1 P2P: Allow multiple scan runs to find GO for p2p_connect join
If the GO is not found, we cannot send Provisioning Discovery Request
frame and cannot really connect anyway. Since the Provisioning
Discovery is a mandatory part, it is better to continue join-scan
until the GO is found instead of moving to the next step where
normal connection scan is used (PD would not be used from there).

Use a limit of 10 scan attempts for p2p_connect join to avoid getting
in infinite loop trying to join. If the GO is not found with those
scans, indicate failure (P2P-GROUP-FORMATION-FAILURE) and stop the
join attempt.
2010-11-15 16:15:38 +02:00
Jouni Malinen
e8ecb5fb49 Move wpa_cli readline integration into src/utils/edit_readline.c
All three line editing options are now located in src/utils/edit*.c
and provide the same API to allow easy build time selection.
2010-11-14 22:37:43 +02:00
Jouni Malinen
bdc45634f0 wpa_cli: Use edit API as a wrapper for optional readline 2010-11-14 21:19:35 +02:00
Jouni Malinen
82a855bda8 Move command line editing routines into src/utils/edit*.[ch]
This allows the same routines to be shared with other programs
since these are not really specific to wpa_cli.
2010-11-14 20:59:29 +02:00
Jouni Malinen
aee680e8b2 wpa_cli: Add internal line edit implementation
CONFIG_WPA_CLI_EDIT=y can now be used to build wpa_cli with internal
implementation of line editing and history support. This can be used
as a replacement for CONFIG_READLINE=y.
2010-11-14 19:15:23 +02:00
Jouni Malinen
cd10156798 wpa_cli: Replace CONFIG_WPA_CLI_FORK design with eloop
Instead of using a separate process to receive and print event
messages, use a single-process design with eloop to simply
wpa_cli and interaction with readline.
2010-11-14 13:16:51 +02:00
Jouni Malinen
6f1c6549ed wpa_cli: Split wpa_cli_interactive() into two versions
Instead of multiple #ifdef blocks for readline within the function,
use two copies of the functions, one for readline, one without any
readline functionality.
2010-11-14 11:30:19 +02:00
Jean Trivelly
01d92811f9 P2P: Add network_added notification when p2p device becomes GO
Notification is done when you become P2P client but was missing
when you become GO.

Signed-off-by: Jean Trivelly <jeanx.trivelly@linux.intel.com>
2010-11-12 21:21:24 +02:00
Jouni Malinen
5254eb7e50 P2P: Fix HT40 secondary channel validation 2010-11-12 19:04:48 +02:00
Jouni Malinen
5122242925 P2P: Add HT40 operating classes based on driver channel flags
This allows P2P to negotiate HT40 channels. For now, only 5 GHz
HT40 operating classes are enabled.
2010-11-12 18:14:12 +02:00
Jouni Malinen
148bb37f2e P2P: Send WPS-OVERLAP-DETECTED also to the parent interface
When running "p2p_connect addr pbc join" command, send the
WPS-OVERLAP-DETECTED even also to the parent interface (i.e.,
the one on which the p2p_connect was issued) and not only the
group interface in case separate P2P group interfaces are used.
2010-11-12 11:30:58 +02:00
Jouni Malinen
aaca650540 P2P: Replace the default country with "XX" (non-country entity) 2010-11-10 16:22:22 +02:00
Anil Gathala Sudha
7cfc4ac319 P2P: Add support for automatic channel selection at GO
The driver wrapper may now indicate the preferred channel (e.g., based
on scan results) on both 2.4 GHz and 5 GHz bands (and an overall best
frequency). When setting up a GO, this preference information is used
to select the operating channel if configuration does not include
hardcoded channel. Similarly, this information can be used during
GO Negotiation to indicate preference for a specific channel based
on current channel conditions.

p2p_group_add command can now use special values (freq=2 and freq=5)
to indicate that the GO is to be started on the specified band.
2010-11-10 13:33:47 +02:00
Samuel Ortiz
74b1c84a0b wpa_supplicant: Test all compiled drivers before failing
wpa_supplicant_set_driver() is returning an error if the first driver
in the driver list is not built in. It should continue through the
driver list until it finds one that's built in.
2010-11-09 16:45:27 +02:00
Felix Fietkau
99ac2913d8 wpa_supplicant: Fix port state management without IEEE8021X_EAPOL
If IEE8021X_EAPOL is not enabled in the config, wpa_drv_set_supp_port
must be called from the supplicant, otherwise port will not be
activated after association.
2010-11-09 16:31:33 +02:00