Commit Graph

1731 Commits

Author SHA1 Message Date
Luciano Coelho
35b741fdf7 Increase maximum number of SSIDs per scan
With scheduled scan support, we may need to pass more than 10 SSIDs in
a single scan request. Some drivers (e.g., wl12xx) support up to 16
SSIDs at once.

Change WPAS_MAX_SCAN_SSIDS from 10 to 16.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Luciano Coelho
d21c63b925 nl80211: Add scheduled scan support
This commit adds scheduled scan support in the nl80211 driver.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Luciano Coelho
cbdf3507e9 Add scheduled scan driver operations
In new Linux kernel versions (>=3.0), nl80211 adds scheduled scan
capability. In order to use this feature to its full extent, we need
to support it in the wpa_supplicant core, so that it can also be used
by other drivers.

This commit adds initial scheduled scan support operations and events.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Jouni Malinen
1e1a0a4dc9 edit: Fix history prev/next selection
Commit 19ec1f262e tried to fix some
cases for history prev selection, but it broke others. Fix this
properly by using a separate entry for the current edit line that
is not yet in history buffer.
2011-10-15 14:03:35 +03:00
Jouni Malinen
44dc872ee5 nl80211: Add debug print for channel changes 2011-10-15 13:29:56 +03:00
Jouni Malinen
dcd1eb5be5 Fix some forgotten comments in set_beacon to set_ap change 2011-10-15 13:15:24 +03:00
Jithu Jance
6758b1677a nl80211: Use shorter monitor interface name for P2P GO
Currently the P2P Interface name[p2p-%s-%d] is reset when the P2P
Interface name reaches the "IFNAMSIZ" limit. Monitor interface name is
derived from p2p interface name with the addition of few characters
[mon.p2p-%s-%d] and hence Monitor interface name hits IFNAMSIZ limit
before P2P Interface name. Rename the monitor interface name to
mon-%s-%d to reduce the length to same with p2p-%s-%d.
2011-10-15 13:07:30 +03:00
Yogesh Ashok Powar
8666585b9e Disconnect STA when it fails to get added in kernel driver/firmware
Data path for stations that get successfully associated to the
hostapd but fail to get added in the driver/firmware, will not
work. In such cases, hostapd should deauth and disconnect such
stations. In such scenario, hostapd should disconnect the STAs.

Sample output with following patch
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: authenticated
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: associated (aid 1)
wlan0: AP-STA-CONNECTED 0c:74:c2:9a:4c:59
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: Could not add STA to kernel driver
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: deauthenticated due to local deauth request

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
2011-10-15 12:41:28 +03:00
B. J
5dd80dd661 Fix NT-hash password use with integrated authentication server
The password_hash parameter was not copied in case of the integrated
authentication server (but was for RADIUS server). This broke EAP
authentication when the user entry used NT-hash.
2011-10-15 12:13:27 +03:00
Janusz Dziedzic
f1afcb391e P2P: Fix wpabuf reuse on p2p_group_notif_noa()
This currently unused function would have triggered wpabuf overflows
due to incorrect variable being reset to zero in the case the old
NoA wpabuf was large enough for the new data.
2011-10-13 01:06:11 +03:00
Jouni Malinen
fd8e4fda50 EAPOL auth: Disconnect after IEEE 802.1X failure
The EAPOL authenticator was previously forcing disconnection in the WPS
use case. However, this can be benefitial operation with any IEEE 802.1X
authentication mechanism and need not be limited to WPS. This helps some
use cases like EAP-FAST where provisioning may require two
authentication runs if the authentication server does not allow the PAC
provisioning step to be used for normal data connection. While the
station would be free to decide to re-associate in such a case, not all
stations do and as such, it helps if the AP does that instead of leaving
the association up with EAPOL state machine in HELD state for 60
seconds.
2011-10-12 20:07:16 +03:00
Jouni Malinen
88dc899a1b EAP-FAST: Allow unprotected EAP-Failure in provisioning case
While EAP-FAST uses protected success notification, RFC 5422, Section
3.5 points out a possibility of EAP-Failure being sent out even after
protected success notification in case of provisioning. Change the
EAP-FAST peer implementation to accept that exception to the protected
success notification. This allows the station to re-connect more quickly
to complete EAP-FAST connection in the case the server rejects the
initial attempt by only allowing it to use to provision a new PAC.
2011-10-12 20:05:02 +03:00
Jouni Malinen
4458d91554 P2P: Do not change SSID during GO negotiation
If GO Negotiation Request (or in theory, also GO Negotiation Response)
frame is delivered multiple time for processing, the SSID of the group
could end up getting changed. This could result in possible issues if
the peer ended up using different SSID. To avoid this, make sure the
SSID does not get changed unless the negotiation is for a new group.
2011-10-11 18:29:31 +03:00
Jouni Malinen
c3fea27274 Clear OKC-based PMKSA caching entries if PMK is changed
Whenever PMK gets changed (e.g., due to re-authentication), all PMKSA
caching entries that were created using the previous PMK needs to be
replaced. Previously, only the entry for the current AP was cleared.
Flush the other entries based on network_ctx matches to get rid of the
OKC entries. These entries can then be re-creating using OKC with the
new PMK.
2011-10-02 19:36:37 +03:00
Jouni Malinen
15e2c77d03 Sync with wireless-testing.git linux/nl80211.h 2011-10-02 13:16:42 +03:00
Johannes Berg
1473f95e98 AP: Use QoS nullfunc for connection poll
When polling a station that has been inactive for a while, hostapd currently
always uses a null data frame. This is a bit strange with uAPSD clients
(though it seems to mostly work) since the EOSP bit can never be set in a
non-QoS frame. Make hostapd use QoS null data frames for probing when the
station is a QoS STA.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-10-01 21:04:11 +03:00
Marek Kwaczynski
ed908a55da P2P: Refresh peer entries on Probe Request RX
Do not expire P2P peer entries if Probe Request frames are received from
them.
2011-10-01 20:40:14 +03:00
Zhi Chen
56aa082a1d WPS: Send AP Settings as a wrapped Credential attribute to ctrl_iface
Wrap self-generated WPS credential for new AP settings and send that to
control interface to provide the needed information in
WPS-NEW-AP-SETTINGS for external processing.
2011-09-30 22:26:37 +03:00
Shan Palanisamy
a52eba0f44 FT: Add driver wrappers for FT with driver-based MLME/SME 2011-09-30 00:05:29 +03:00
Jouni Malinen
0c840c33f7 Move GAS/ANQP build routines to a separate file from P2P
GAS/ANQP is a generic protocol and in no way specific to P2P, so move
routines used to build GAS/ANQP frames to a separate file that can be
shared for other uses than just P2P service discovery.
2011-09-29 22:18:46 +03:00
Jouni Malinen
206e1f422f P2P: Provide mechanism for figuring out p2p_scan_ie() buffer need
The new function, p2p_scan_ie_buf_len(), can be used to figure out
how large a buffer needs to be allocated for p2p_scan_ie() use. This
makes it easier to add new data into the buffer without forcing all
callers to be updated to use a larger buffer.
2011-09-29 22:18:23 +03:00
Jouni Malinen
fc6997b345 P2P: Fix group formation after previous commit
p2p_in_progress() have to ignore P2P_PROVISIONING state to allow
station mode (which includes P2P client) scan to work.
2011-09-29 21:48:07 +03:00
Jouni Malinen
303f60d39b P2P: Do not request station mode scans during P2P operations
The P2P search mechanism depends on the same scan functionality that
is used for station mode scans. If these operations are being used
at the same time, scan result processing is not handled properly.
Avoid unexpected behavior by delaying station mode scan requests
if a P2P operation is in progress.

Among other things, this allows the station mode connection attempt
to be continued after a P2P find or group formation has been completed
if the interface is available (i.e., when the P2P group uses a
separate virtual interface).
2011-09-29 16:53:55 +03:00
Jouni Malinen
0c96fd6d03 P2P: Do not leave P2P scan handler registered if scan fails
If the initial attempt to start a scan for p2p_find fails, an error
is reported. However, the P2P scan handler and search state was
left behind. That can result in unexpected behavior when the next
non-P2P scan results are indicated. Avoid this by clearing the
P2P search state on failure.
2011-09-29 16:52:23 +03:00
Vivek Natarajan
004ba773ce nl80211: Add driver flag for firmware-based BSS selection
This new flag can be used to change wpa_supplicant behavior in the
default ap_scan=1 mode to move BSS selection into the driver (likely
firmware). This commit is only adding the flag; separate commits
will be used to change the actual connection/roaming behavior.
2011-09-26 14:26:55 +03:00
Jouni Malinen
daa30c23aa Rename and fix ANQP definitions to match IEEE Std 802.11u-2011 2011-09-26 11:51:58 +03:00
Mathieu Olivari
8a8c1c0ea5 atheros: Allow flattened driver include file directories
Remove the full driver path to the driver header file to make it
easier to use common include directory for all driver headers.
2011-09-26 11:49:22 +03:00
Jouni Malinen
fd2f2d0489 Remove EAP-TTLSv1 and TLS/IA
These protocols seem to be abandoned: latest IETF drafts have expired
years ago and it does not seem likely that EAP-TTLSv1 would be
deployed. The implementation in hostapd/wpa_supplicant was not complete
and not fully tested. In addition, the TLS/IA functionality was only
available when GnuTLS was used. Since GnuTLS removed this functionality
in 3.0.0, there is no available TLS/IA implementation in the latest
version of any supported TLS library.

Remove the EAP-TTLSv1 and TLS/IA implementation to clean up unwanted
complexity from hostapd and wpa_supplicant. In addition, this removes
any potential use of the GnuTLS extra library.
2011-09-25 21:28:32 +03:00
Jouni Malinen
e655e1f512 GnuTLS: Fix build bit various GnuTLS versions
This fixes some build issues in GnuTLS wrapper to be compatible with
at least following GnuTLS versions: 2.2.5, 2.4.3, 2.6.6, 2.8.6,
2.10.5, 2.12.11, 3.0.3.
2011-09-25 19:32:28 +03:00
Jouni Malinen
5c47af9a7a TLS: Add support for TLS v1.1 (RFC 4346) with internal TLS
This is disabled by defautl and can be enabled with CONFIG_TLSV11=y
build configuration parameter.
2011-09-25 17:24:46 +03:00
Jouni Malinen
3bff59f857 TLS: Do not enforce in-place processing in tlsv1_record_send()
In preparation for record layer format changes, modify
tlsv1_record_send() to use separate buffers for payload
and the output message.
2011-09-25 17:11:52 +03:00
Jouni Malinen
85b7187ffc TLS: Add protection against record layer CBC attacks
Instead of using separate bad_record_mac and decryption_failed alerts,
use only bad_record_mac alert regardless of how the CBC decryption
failed. This provides less information to attackers that could modify
packets. In addition, instead of returning immediately on error, run
through the MAC check to make timing attacks more difficult.
2011-09-25 16:57:35 +03:00
Jouni Malinen
26296a8a7c TLS: Avoid unnecessary copying of encrypted data at record layer
When the received data will be decrypted, there is no need to first
copy it and then handle decryption in-place when decryption step can
take care of both operations.
2011-09-25 16:52:46 +03:00
Jouni Malinen
61f1ed911d TLS: Fix record layer protocol version validation
TLS v1.0 and v1.1 RFCs were not exactly clear on the use of the
protocol version in record later. As such, accept any {03,xx} value
to remain compatible with existing implementations and new protocol
versions.
2011-09-25 16:48:06 +03:00
Jouni Malinen
54b8f99454 P2P: Fix a race condition in some P2P command sequencies
The p2p->drv_in_listen variable is used to track Listen state operations
in the driver. This is cleared when the driver reports that the Listen
state has ended (p2p_listen_end() gets called). However, it is possible
that the driver does not indicate that if the Listen state is canceled.
This can apparently happen in some cases where p2p_connect command is
issues while the Listen state is in progress.

Work around this issue by clearing p2p->drv_in_listen when Listen state
is stopped as part of p2p_stop operation. This allows the P2P module to
process CONNECT_LISTEN timeout in p2p_timeout_connect_listen() to move
to CONNECT state, e.g., when starting GO Negotiation after Device
Discoverability mechanism.
2011-09-22 22:49:21 +03:00
Subrat Dash
6a5200e699 atheros: Fix WEXT SIOCGIWESSID use with WE-21 and newer
The "too long" buffer (32+1 octets) prevented AP from starting up with
32 octet SSID with WE-21 and newer. Fix this by reducing the
SIOCGIWESSID buffer length.
2011-09-22 15:42:03 +03:00
Pavel Roskin
ffbf1eaa26 Fix typos found by codespell
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-09-22 00:43:59 +03:00
Pavel Roskin
a776b19cda wext: Remove write-only variable ap_num
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-09-22 00:41:17 +03:00
Jouni Malinen
c36d52427a nl80211: Support PMKSA candidate events
This adds support for RSN pre-authentication with nl80211 interface and
drivers that handle roaming internally (i.e., wpa_supplicant is not
responsible for requesting scan results that provide the needed
information without these events).
2011-09-21 16:14:41 +03:00
Jouni Malinen
c8c71b395c Sync with wireless-testing.git linux/nl80211.h 2011-09-21 16:14:00 +03:00
Jouni Malinen
20f5a4c24c nl80211: Work around EALREADY from connect command
cfg80211 does not currently allow NL80211_CMD_CONNECT when there
is already an association. This can result in wpa_supplicant being
unable to request a connection if the interface is already in
connected state. Work around this by requesting disconnection if
the connect command fails with EALREADY error. This allows
wpa_supplicant to recover from the unexpected state and complete
the connect request on next attempt.
2011-09-18 21:26:55 +03:00
Jouni Malinen
1b414f59fc eapol_test: Add option for writing server certificate chain to a file
eapol_test command line argument -o<file> can now be used to request
the received server certificate chain to be written to the specified
file. The certificates will be written in PEM format. [Bug 391]
2011-09-17 22:42:54 +03:00
Jouni Malinen
8a55f56453 RSN: Add a debug message when considing addition of OKC entry 2011-09-16 18:45:15 +03:00
Jouni Malinen
a8b8379adf Sync with wireless-testing.git linux/nl80211.h 2011-09-16 17:13:08 +03:00
Jouni Malinen
633d4469e8 Fix AP build without CONFIG_WPS=y
Make the WPS processing of (Re)Association Request frame IEs conditional
on WPS support. This fixes a build issue with wps_is_20() not being
defined and makes the non-WPS build a bit smaller.
2011-09-12 22:23:45 +03:00
Jouni Malinen
531e420dd7 Remove time.h include from utils/includes.h
os_*() wrappers should be used instead of functions from time.h.
Removing the header from includes.h enforces this. os_unix.c can
include this its uses are valid wrapper calls. wps_upnp.c uses
gmtime() for which there is no os_*() wrapper available yet, so
allow it to use time.h, too. Similarly, allow dump_state.c to
use time.h for ctime().
2011-09-12 22:19:26 +03:00
Per Ekman
3d9e2e6615 Remove references to time_t/time()
Use os_time() in AP mode instead of direct time() calls.
2011-09-12 22:14:30 +03:00
Johannes Berg
531f0331a1 nl80211: Cancel not yet started r-o-c
Currently, the following can happen:

1) P2P state machine requests R-O-C
2) user changes their mind and aborts
3) P2P state machine aborts R-O-C
4) driver_nl80211 rejects abort since there
   was no notification about the start yet
5) R-O-C period start notification from kernel
6) P2P state machine requests new R-O-C
7) this overlaps with old R-O-C -- iwlwifi driver
   can't handle that and returns -EBUSY
8) state machine stops dead in its tracks

The reason is that the abort isn't going through properly. Instead of
tracking whether a R-O-C is active in driver_nl80211, track whether one
was requested to avoid this scenario.

Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-09-10 22:57:41 +03:00
Rajkumar Manoharan
47185fc788 P2P: Remove CCK supported rates when running P2P scan
This allows drivers to disable CCK rates from Probe Request frames.
For nl80211, this is currently applying only to the supported rates
element(s), but this mechanism could be extended to address TX rate
control masking, too, to lessen need for global rate disabling.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
2011-09-10 22:40:30 +03:00
Johannes Berg
7626850dd6 nl80211: Automatically use concurrent P2P if possible
Since the kernel can now advertise P2P concurrent support by advertising
interface combinations, we can take advantage of that and automatically
use P2P_CONCURRENT / P2P_MGMT_AND_NON_P2P for drivers that advertise
support.

Keep driver_param=use_p2p_group_interface=1 for anyone not advertising
interface combinations in their drivers yet.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-09-10 21:52:21 +03:00