Commit Graph

1598 Commits

Author SHA1 Message Date
Jouni Malinen
51e2a27a21 hostapd_driver_ops reduction
set_sta_vlan, get_inact_sec, sta_deauth, sta_disassoc, and sta_remove
to use inline functions instead of extra abstraction.
2010-11-24 15:36:02 +02:00
Jouni Malinen
b5b1b18f39 hostapd_driver_ops reduction: set_countermeasures 2010-11-24 15:26:44 +02:00
Jouni Malinen
cee7d66b1d hostapd: Start removing struct hostapd_driver_ops abstraction
Commit bf65bc638f started the path to
add this new abstraction for driver operations in AP mode to allow
wpa_supplicant to control AP mode operations. At that point, the
extra abstraction was needed, but it is not needed anymore since
hostapd and wpa_supplicant share the same struct wpa_driver_ops.

Start removing the unneeded abstraction by converting
send_mgmt_frame() to an inline function, hostapd_drv_send_mlme().
This is similar to the design that is used in wpa_supplicant and
that was used in hostapd in the past (hostapd_send_mgmt_frame()
inline function).
2010-11-24 15:19:50 +02:00
Jouni Malinen
719007f5c0 l2_packet: Use wpa_printf() instead of perror() 2010-11-24 15:00:22 +02:00
Jouni Malinen
ebbec8b2fa nl80211: Fix send commands to return 0 on success
driver.h defines these functions to return 0 on success, not
number of bytes transmitted. Most callers are checking "< 0" for
error condition, but not all. Address this by following the driver
API specification on 0 meaning success.
2010-11-24 14:58:58 +02:00
Jouni Malinen
08704cd885 hostapd: Verify availability of random data when using WPA/WPA2
On Linux, verify that the kernel entropy pool is capable of providing
strong random data before allowing WPA/WPA2 connection to be
established. If 20 bytes of data cannot be read from /dev/random,
force first two 4-way handshakes to fail while collecting entropy
into the internal pool in hostapd. After that, give up on /dev/random
and allow the AP to function based on the combination of /dev/urandom
and whatever data has been collected into the internal entropy pool.
2010-11-24 13:08:03 +02:00
Masashi Honma
dbb6ed7e75 Fix memory leak on EAPOL Authenticator error path
wlan0: RADIUS No authentication server configured
MEMLEAK[0x999feb8]: len 1040
WPA_TRACE: memleak - START
[3]: ./hostapd(radius_msg_new+0x33) [0x8074f43]
     radius_msg_new() ../src/radius/radius.c:117
[4]: ./hostapd() [0x806095e]
     ieee802_1x_encapsulate_radius() ../src/ap/ieee802_1x.c:439
     ieee802_1x_aaa_send() ../src/ap/ieee802_1x.c:1496

For example, this error occured when I used WPS hostapd without
"eap_server=1" definition in configuration file.
2010-11-24 01:42:50 +02:00
Jouni Malinen
bbb921daaa Maintain internal entropy pool for augmenting random number generation
By default, make hostapd and wpa_supplicant maintain an internal
entropy pool that is fed with following information:

hostapd:
- Probe Request frames (timing, RSSI)
- Association events (timing)
- SNonce from Supplicants

wpa_supplicant:
- Scan results (timing, signal/noise)
- Association events (timing)

The internal pool is used to augment the random numbers generated
with the OS mechanism (os_get_random()). While the internal
implementation is not expected to be very strong due to limited
amount of generic (non-platform specific) information to feed the
pool, this may strengthen key derivation on some devices that are
not configured to provide strong random numbers through
os_get_random() (e.g., /dev/urandom on Linux/BSD).

This new mechanism is not supposed to replace proper OS provided
random number generation mechanism. The OS mechanism needs to be
initialized properly (e.g., hw random number generator,
maintaining entropy pool over reboots, etc.) for any of the
security assumptions to hold.

If the os_get_random() is known to provide strong ramdom data (e.g., on
Linux/BSD, the board in question is known to have reliable source of
random data from /dev/urandom), the internal hostapd random pool can be
disabled. This will save some in binary size and CPU use. However, this
should only be considered for builds that are known to be used on
devices that meet the requirements described above. The internal pool
is disabled by adding CONFIG_NO_RANDOM_POOL=y to the .config file.
2010-11-24 01:29:40 +02:00
Jouni Malinen
3642c4313a Annotate places depending on strong random numbers
This commit adds a new wrapper, random_get_bytes(), that is currently
defined to use os_get_random() as is. The places using
random_get_bytes() depend on the returned value being strong random
number, i.e., something that is infeasible for external device to
figure out. These values are used either directly as a key or as
nonces/challenges that are used as input for key derivation or
authentication.

The remaining direct uses of os_get_random() do not need as strong
random numbers to function correctly.
2010-11-24 01:05:20 +02:00
Jouni Malinen
1bdb7ab3af Re-initialize GMK and Key Counter on first station connection
This adds more time for the system entropy pool to be filled before
requesting random data for generating the WPA/WPA2 encryption keys.
This can be helpful especially on embedded devices that do not have
hardware random number generator and may lack good sources of
randomness especially early in the bootup sequence when hostapd is
likely to be started.

GMK and Key Counter are still initialized once in the beginning to
match the RSN Authenticator state machine behavior and to make sure
that the driver does not transmit broadcast frames unencrypted.
However, both GMK (and GTK derived from it) and Key Counter will be
re-initialized when the first station connects and is about to
enter 4-way handshake.
2010-11-24 00:52:46 +02:00
Jouni Malinen
3c7302c219 Report errors from key derivation/configuration
Eventually, these should be acted on, so at least get the return
values passed one layer up.
2010-11-23 01:05:26 +02:00
Jouni Malinen
5cb9d5c3d1 Mix in more data to GTK/IGTK derivation
The example GMK-to-GTK derivation described in the IEEE 802.11 standard
is marked informative and there is no protocol reason for following it
since this derivation is done only on the AP/Authenticator and does not
need to match with the Supplicant. Mix in more data into the derivation
process to get more separation from GMK.
2010-11-23 00:57:14 +02:00
Jouni Malinen
e3acc8f1c8 edit: Clear edit line on deinit 2010-11-21 12:07:29 +02:00
Jouni Malinen
566aef60ab edit: Limit maximum number of history entries to 100 2010-11-21 12:04:44 +02:00
Jouni Malinen
70de7d56fe edit: Implement history file read/write 2010-11-21 12:01:50 +02:00
Jouni Malinen
19ec1f262e edit: Fix history prev selection 2010-11-21 11:49:36 +02:00
Jouni Malinen
8953e9681a edit: Move history save file specification to caller 2010-11-21 11:43:09 +02:00
Jouni Malinen
ec9aac9468 edit: Use struct dl_list for history buffer 2010-11-21 11:25:34 +02:00
Jouni Malinen
31e1206baa edit: Fix delete_word when not in the end of line 2010-11-20 23:05:12 +02:00
Jouni Malinen
464144a43b edit: Add history buffer search
Ctrl-R can now be used to start history search mode.
2010-11-20 17:55:35 +02:00
Jouni Malinen
42034d6f60 edit: Clean up escape code parser 2010-11-20 16:59:55 +02:00
Jouni Malinen
0bee81352f edit: Split escape code parsing into a separate function
This makes edit_read_char() simpler and easier to extend since it
does not need to know anything about the escape codes anymore.
2010-11-20 15:55:51 +02:00
Jouni Malinen
ef6ee3e5a3 edit: Sort completion list 2010-11-20 12:41:15 +02:00
Jouni Malinen
9364990ace edit: Really fix the completion of last character
The previous commit broke completion in various places. The proper
way of handling the completion of full word is to verify whether
there are more than one possible match at that point.
2010-11-20 12:27:06 +02:00
Jouni Malinen
414780027a edit: Fix completion at the last character
Completion needs to be done even if the full word has been entered.
In addition, fix the space-after-full-word to properly allocate room
for the extra character when completion is used in the middle of the
string.
2010-11-20 11:59:04 +02:00
Jouni Malinen
89eb6b774d edit: Fix delete word to update current position 2010-11-20 11:48:00 +02:00
Jouni Malinen
e4f13f9256 edit: Fix completion of arguments other than the first one 2010-11-20 11:45:42 +02:00
Jouni Malinen
73669f1b03 edit: Fix Home/End escape codes 2010-11-20 11:20:48 +02:00
Jouni Malinen
ef49bb80a9 wlantest: Add interactive mode to wlantest_cli 2010-11-20 10:48:32 +02:00
Jouni Malinen
7302a35ed4 edit: Add string completion support on tab 2010-11-20 00:42:02 +02:00
Jouni Malinen
7d23e971f0 wlantest: Add preliminary infrastructure for injecting frames
This adds new commands for wlantest_cli to request wlantest to
inject frames. This version can only send out Authentication
frames and unprotected SA Query Request frames, but there is
now place to add more frames and encryption with future commits.
2010-11-19 00:35:13 +02:00
Jouni Malinen
9dd7d6b09c WPS: Add special AP Setup Locked mode to allow read only ER
ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change then.
In other words, the protocol is allowed to continue past M2, but
is stopped at M7 when AP is in this mode. WPS IE does not
advertise AP Setup Locked in this case to avoid interoperability
issues.

In wpa_supplicant, use ap_setup_locked=2 by default. Since the AP PIN
is disabled by default, this does not enable any new functionality
automatically. To allow the read-only ER to go through the protocol,
wps_ap_pin command needs to be used to enable the AP PIN.
2010-11-17 16:48:39 +02:00
Jouni Malinen
e8ecb5fb49 Move wpa_cli readline integration into src/utils/edit_readline.c
All three line editing options are now located in src/utils/edit*.c
and provide the same API to allow easy build time selection.
2010-11-14 22:37:43 +02:00
Jouni Malinen
bdc45634f0 wpa_cli: Use edit API as a wrapper for optional readline 2010-11-14 21:19:35 +02:00
Jouni Malinen
616e0e728e edit: Redraw input line on ^L 2010-11-14 21:03:24 +02:00
Jouni Malinen
82a855bda8 Move command line editing routines into src/utils/edit*.[ch]
This allows the same routines to be shared with other programs
since these are not really specific to wpa_cli.
2010-11-14 20:59:29 +02:00
Jouni Malinen
f3b87561d7 Share WPA IE parser function for RSN authenticator/supplicant
There is no point in maintaining two almost identical versions
of this parser. Move WPA IE parser into wpa_common.c similarly
to what was already the case with RSN IE parse.
2010-11-12 21:52:14 +02:00
Jouni Malinen
8ea3dd21d2 AP: Verify that HT40 secondary channel is supported
Refuse to enable HT40 mode AP unless both the primary and secondary
channels are enabled for AP use.
2010-11-12 18:31:56 +02:00
Jouni Malinen
d8e66e80b9 Add HT40 flags into driver channel list
This can be used to figure out whether the driver would allow
HT40-/HT40+ on any specific channel.
2010-11-12 18:13:37 +02:00
Jouni Malinen
bc8714283d WPS: Fix UPnP deinit order to avoid using freed memory
When multiple wireless interfaces are used with WPS, the UPnP
subscriptions need to be removed whenever a matching Registrar
instance gets removed. This avoids a segfault due to access to
freed memory during hostapd shutdown.

In addition, the UPnP interface instance structure needs to be
freed to avoid memory leak.
2010-11-11 16:56:36 +02:00
Jouni Malinen
c17b1e274f WPS ER: Fix compiler warning on non-WPS2 builds 2010-11-11 14:54:18 +02:00
Jouni Malinen
fd806bac5f WPS: Change concurrent radio AP to use only one WPS UPnP instance
WPS external Registrars can get confused about multiple UPnP
instances (one per radio) on a dual-concurrent APs. Simplify the
design by sharing a single UPnP state machine for all wireless
interfaces controlled by hostapd. This matches with the previous
changes that made a single command enable WPS functionality on
all interfaces.

This is relatively minimal change to address the sharing of the
state among multiple struct hostapd_data instances. More cleanup
can be done separately to remove unnecessary copies of information.
2010-11-11 14:50:13 +02:00
Jouni Malinen
91626c9fa7 P2P: Reselect operating channel preference based on best channels
When the peer does not include our initial preference in the Channel
List attribute during GO Negotiation, try to use the best channel of
the other band as the new preference instead of falling back to the
first channel in the intersection.
2010-11-10 13:34:33 +02:00
Anil Gathala Sudha
7cfc4ac319 P2P: Add support for automatic channel selection at GO
The driver wrapper may now indicate the preferred channel (e.g., based
on scan results) on both 2.4 GHz and 5 GHz bands (and an overall best
frequency). When setting up a GO, this preference information is used
to select the operating channel if configuration does not include
hardcoded channel. Similarly, this information can be used during
GO Negotiation to indicate preference for a specific channel based
on current channel conditions.

p2p_group_add command can now use special values (freq=2 and freq=5)
to indicate that the GO is to be started on the specified band.
2010-11-10 13:33:47 +02:00
Jouni Malinen
4d9f9ee7e5 wlantest: Parse Key Data KDEs and store GTK and IGTK 2010-11-09 20:29:12 +02:00
Felix Fietkau
c2aa25fb34 hostapd: Fix config reload for multi-BSS
Secondary BSS interfaces need to be activated after the config has
been reloaded.
2010-11-09 16:35:49 +02:00
Felix Fietkau
d3b4286967 Allow client isolation to be configured (ap_isolate=1)
Client isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging is
allowed.
2010-11-09 16:27:15 +02:00
Felix Fietkau
5a5009dc92 Fix rate table handling
With the nl80211 driver, the rate table is mode dependent, so it
must be initialized after the hardware mode has been selected.
2010-11-09 16:17:50 +02:00
Felix Fietkau
d38ae2ea85 Add bridge handling for WDS STA interfaces
By default, add them to the configured bridge of the AP interface
(if present), but allow the user to specify a separate bridge.
2010-11-09 16:12:42 +02:00
Felix Fietkau
4a8c72959e nl80211: Fix AP VLAN handling for WDS STA reassociation
When a STA reassociates, the AP VLAN interface is still present,
do not attempt to create it in that case.
2010-11-09 16:03:05 +02:00
Felix Fietkau
7826ceae91 Fix WDS STA reassociation
If the STA entry is present in hostapd, but not in the kernel driver, its
WDS status needs to be restored when the STA reassociates
2010-11-09 16:00:09 +02:00
Felix Fietkau
3efb432952 driver_roboswitch: include net/if.h instead of linux/if.h
including linux/if.h clashes with other header files on some systems
2010-11-09 15:55:34 +02:00
Felix Fietkau
089da7c32b driver_madwifi: fix a compile error on big endian systems 2010-11-09 15:53:56 +02:00
Jouni Malinen
22a062815d WPS: Add wildcard AuthorizedMACs entry for PBC 2010-11-09 11:24:06 +02:00
Jouni Malinen
43882f1efc Allow TSN AP to be selected when configured for WEP
Commit d8d940b746 introduced a regression
that prevented TSN APs from being used with WEP since the AP was
rejected if it advertised WPA or RSN IE when we were configured to use
WEP. Resolve this by checking whether the AP is advertising a TSN, i.e.,
whether the AP allows WEP to be used as a group cipher. If so, allow
the AP to be selected if we are configured to use static WEP or
IEEE 802.1X (non-WPA).

It should be noted that this is still somewhat more restricted in AP
selection than earlier wpa_supplicant branches (0.7.x or older) that
ignore the WPA/RSN IE completely when configured for non-WPA.
2010-11-08 21:14:32 +02:00
Jouni Malinen
a149fcc77d wlantest: Add preliminary version of IEEE 802.11 protocol testing tool
This tool can be used to capture IEEE 802.11 frames either from a
monitor interface for realtime capturing or from pcap files for
offline analysis. This version is only adding basic infrastructure for
going through the frames and parsing their headers.
2010-11-07 23:29:00 +02:00
Jouni Malinen
6fc58a89e1 Fix EAP standalone server
Commit c3fc47ea8e fixed EAP passthrough
server to allow Logoff/Re-authentication to be used. However, it
broke EAP standalone server while doing that. Fix this by reverting
the earlier fix and by clearing the EAP Identity information in the
EAP server code whenever an EAPOL-Start or EAPOL-Logoff packet is
received.
2010-11-07 16:25:35 +02:00
Jouni Malinen
f44ae20783 P2P: Drop pending TX frame on new p2p_connect
We need to drop the pending frame to avoid issues with the new GO
Negotiation, e.g., when the pending frame was from a previous attempt at
starting a GO Negotiation.
2010-11-05 18:17:20 +02:00
Jouni Malinen
7e3c178142 Remove unused TX queue parameters related to Beacon frames
These are not used by any driver wrapper, i.e., only the four
data queues (BK, BE, VI, VO) are configurable. Better remove these
so that there is no confusion about being able to configure
something additional.
2010-11-05 01:23:17 +02:00
Jouni Malinen
ccb7e5ee59 WPS: Send WSC_NACK if message without Message Type is received 2010-11-04 18:17:00 +02:00
Jouni Malinen
4a64a51b63 WPS: Share common function for building WSC ACK/NACK
These are identical functions in Enrollee and Registrar and there
is no need to maintain two copies of the same functionality.
2010-11-04 18:16:14 +02:00
Jouni Malinen
7b23f0f3c8 WPS: Do not advertise support for WEP in WPS 2.0 build
There is no point in advertising support for WEP or Shared Key
authentication if we are going to reject those anyway based on
WPS 2.0 rules.
2010-11-04 17:37:20 +02:00
Jouni Malinen
c7c0ddfd91 WPS: Remove PushButton from M1 ConfigMethods on AP
These config methods are for the Enrollee role, i.e., for adding
external Registrars, and as such, PushButton should not be claimed
to be supported.
2010-11-04 17:29:48 +02:00
Jouni Malinen
6e1468839c nl80211: Allow libnl to be replaced with libnl-tiny
CONFIG_LIBNL_TINY=y can be used to select libnl-tiny instead of
libnl.
2010-11-04 17:14:58 +02:00
Jouni Malinen
8dcb61ce5d WPS: Comment out WEP configuration lines on reconfig 2010-11-04 17:02:16 +02:00
Jouni Malinen
07fef399a1 WPS ER: Clear WPS state if PutMessage does not include NewOutMessage
This is needed to avoid getting stuck with pending WPS operation, e.g.,
when an AP replies to WSC_NACK with HTTP OK, but without following
message.
2010-11-02 11:20:54 +02:00
Helmut Schaa
65ae1afd44 nl80211: Pass data frames from unknown STAs to hostapd
Pass data frames from unknown STAs to hostapd in order to reply with
a Deauthentication or Disassociation frame. This fixes compliance
with IEEE Std 802.11-2007, 11.3.

Furthermore, this does not cause a lot of overhead (at least with
mac80211 drivers) since mac80211 does not pass all data frames (but
at least from unauthenticated and unassociated STAs) to cooked monitor
interfaces.

Tested with rt2800pci on a MIPS board.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2010-10-31 21:36:43 +02:00
Jouni Malinen
d96e79f1e7 Make wpa_hexdump_buf{,-key} handle NULL buffer
This matches with behavior of other wpa_hexdump* functions.
2010-10-31 12:09:18 +02:00
Dmitry Shmidt
7a6a6374f2 Clear vars in drivers makefile
drivers.mak is shared between hostapd and wpa_supplicant and
compiling them together may create "wrong" flags.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2010-10-31 11:59:31 +02:00
Jouni Malinen
5245483f80 WPS ER: Add validation of WPS attributes in proxied Probe Request
When strict validation is enabled in the build, check the WPS
attributes in proxied Probe Request frames.
2010-10-31 11:57:13 +02:00
Jouni Malinen
ea78c315a2 Add ctrl_interface event for association rejected 2010-10-27 20:28:16 +03:00
Jouni Malinen
59ddf221c8 Add BSSID to association rejected events 2010-10-27 20:27:39 +03:00
Jouni Malinen
10c4edde6e P2P: Do not re-send PD Request for join-a-group after acked frame
We are not actually interested in the PD Response in join-a-group
case, so there is no point in trying to send PD Request until the
response is received. This avoids an extra PD getting started after
a join-a-group operation in some cases.
2010-10-27 19:36:10 +03:00
Jouni Malinen
c926593119 Allow EAPOL frames from pre-authenticating station to be processed 2010-10-27 11:34:29 +03:00
Shan Palanisamy
d143bdc862 atheros: Remove debug for ioctls that are not used anymore
This is needed to fix build with a newer driver version.
2010-10-27 11:33:40 +03:00
Jouni Malinen
e11f5a2cbc hostapd: Set operstate UP when initializing AP mode
This is needed to avoid problems with other applications setting and
leaving the interface to IF_OPER_DORMANT state. In AP mode, the interface
is ready immediately after the keys are set, so we better make sure the
DORMANT state does not prevent normal operations after that.
2010-10-26 16:30:28 +03:00
Jouni Malinen
4e0c025d13 P2P: Fix parsing of UTF-8 device names
The control character verification was supposed to only replace
bytes 0..31, not 0..31 and 128..255 as happened on systems where
char is signed.
2010-10-26 10:40:35 +03:00
Jouni Malinen
be88391dee WPS ER: Cache AP settings for APs that restart UPnP
This is needed to avoid issues with APs that restart their UPnP,
e.g., when ER reconfigures them. The previously known settings are
now cached and taken into use if an AP is detected to leave
(ssdp:byebye) and then return.
2010-10-25 22:22:07 +03:00
Jouni Malinen
ed159ad41b WPS ER: Add more details to wps_er_pbc failure returns
Indicate the reason for the failure when wps_er_pbc is rejected.
2010-10-25 21:59:25 +03:00
Jouni Malinen
669f322d0e WPS ER: Fix SetSelectedRegistrar to include wildcard AuthorizedMACs
This is required by WPS 2.0, so add the wildcard address to
AuthorizedMACs if no addresses are in the list.
2010-10-25 21:45:29 +03:00
Jouni Malinen
20ebd9c4b9 WPS ER: Only activate PBC mode on single AP
Verify that the UUID given to wps_er_pbc command is known and only
activate PBC mode on the matching AP. The UUID can be that of the
AP or the station/Enrollee.
2010-10-25 21:41:10 +03:00
Jouni Malinen
3e7533b399 WPS ER: Show SetSelectedRegistrar events as ctrl_iface events
This makes it easier to figure out if something goes wrong in
preparing the AP for enrolling a station.
2010-10-25 21:29:22 +03:00
Jouni Malinen
c973f3868a P2P: Remove P2P group on driver resource becoming unavailable
Add a new driver event, EVENT_INTERFACE_UNAVAILABLE, for indicating
that the driver is not able to continue operating the virtual
interface in its current mode anymore, e.g., due to operating
channel for GO interface forced to a DFS channel by another virtual
interface.

When this happens for a P2P group interface, the P2P group will
be terminated and P2P-GROUP-REMOVED event shows the reason for
this as follows:
P2P-GROUP-REMOVED wlan0 GO reason=UNAVAILABLE
2010-10-25 19:16:11 +03:00
Jouni Malinen
3071e18109 P2P: Add mechanism for timing out idle groups
A new configuration parameter, p2p_group_idle, can now be used to set
idle timeout value for P2P groups in seconds (0 = no timeout). If set,
this values is used to remove P2P group (both GO and P2P client)
interfaces after the group has been idle (no clients/GO seen) for the
configuration duration.

The P2P-GROUP-REMOVED event is now indicating the reason for group
removal when known. For example:
P2P-GROUP-REMOVED wlan0 GO reason=REQUESTED
P2P-GROUP-REMOVED wlan1 client reason=IDLE
2010-10-25 18:24:15 +03:00
Jouni Malinen
1f4c7b6b2a hostapd: Fix compiler warning
Commit 83e843e830 copied a workaround
without updating the return value to match with the void function.
2010-10-25 13:38:06 +03:00
Jouni Malinen
83e843e830 hostapd: Avoid crashing on station mode disassoc event
Some driver wrappers may end up indicating a disassociation or
deauthentication event without the address of the station, e.g.,
based on a previous non-AP mode event. Avoid crashing hostapd
by verifying that the require address parameter is available in
the event before processing it.
2010-10-22 17:43:23 +03:00
Jouni Malinen
450eddcfae hostapd: Add wps_config ctrl_interface command for configuring AP
This command can be used to configure the AP using the internal
WPS registrar. It works in the same way as new AP settings received
from an ER.
2010-10-21 16:49:41 +03:00
Jouni Malinen
7374b68ee9 P2P: Fix p2p_send_action conversions
Couple of these missed the change in the first argument and resulted
in various crashes.
2010-10-20 21:32:18 +03:00
Jouni Malinen
3f9285ff19 P2P: Delay send_action call if p2p_scan is in progress
In order to avoid confusing the driver with a new remain-on-channel
request, delay sending of a new Action frame if the driver indicates
Action frame RX diromg a scan.
2010-10-20 19:44:21 +03:00
Jouni Malinen
0b8889d8e5 P2P: Do not stop Listen state if it is on correct channel
This is needed to optimize response to GO Negotiation Request frames.
The extra remain-on-channel cancel followed by new remain-on-channel for
the same channel takes too much time with some driver/firmware
designs for the response to go out quickly enough to avoid peer
timing out while waiting for our response.
2010-10-20 19:44:16 +03:00
Jouni Malinen
ef10f4733f WPS ER: Add wps_er_set_config to use local configuration
This command can be used to enroll a network based on a local
network configuration block instead of having to (re-)learn the
current AP settings with wps_er_learn.
2010-10-20 13:37:01 +03:00
Jouni Malinen
cbbf4a1cc3 WPS: Fix a compiler warning in hostapd_wps_update_ie() 2010-10-20 13:35:55 +03:00
Jouni Malinen
2c8a4eef41 WPS: Update Beacon/ProbeResp IE on wps_version_number changes
This test command is supposed to change the WPS version number in all
places immediately, so make sure that the IEs used in management
frames get updated immediately.
2010-10-19 19:57:01 +03:00
Jouni Malinen
3f4ce13fde P2P: Track non-P2P members in the group and set Group Limit bit
The P2P group component is now tracking of associated stations
in the group and the Group Limit bit in the Group Capabilities
is updated based on whether there is room for new clients in
the group.
2010-10-19 18:10:28 +03:00
Jouni Malinen
93b7ddd032 P2P: Skip GO Neg Conf ack failure workaround of send failures
The workaround to ignore no ctrl::ack received for GO Negotiation
Confirmation frame was only supposed to be used when the frame was
actually transmitted and just the ack was not received. However, due
to the way the driver failure on transmitting the frame were reported,
this ended up getting applied for all failures in sending the GO
Negotiation Confirmation frame.

Improve this by providing a mechanism to indicate whether send_action
operations fail locally before the frame was actually transmitted or
because of not receiving ack frame after having transmitted the frame.
2010-10-19 12:47:33 +03:00
Jouni Malinen
2b67a67144 WPS UPnP: Add more debug for event subscription 2010-10-19 12:43:48 +03:00
Jouni Malinen
99ba7f889b WPS: Do not drop subscriptions based on max queue length
UPnP event subscriptions are not supposed to be dropped based on
whether events can be delivered quickly enough. Leave dropping to
happen only based on failed deliveries to avoid issues with a burst
of events kicking out still active subscribers.
2010-10-17 21:36:04 +03:00
Jouni Malinen
f30e698c08 WPS UPnP: Add more priority for queuing EAP events 2010-10-17 21:30:25 +03:00
Jouni Malinen
08a98b6544 WPS UPnP: Throttle WLANEvent notifications to 5 per second
Do not send more than five Probe Request WLANEvent notifications
per second. Even though the limit should in theory apply to all
WLANEvents, it is better not to drop EAP notifications because
of Probe Request frames and really, the only real reason for
event bursts is Probe Request frames.
2010-10-17 21:24:12 +03:00
Jouni Malinen
3904567d0b WPS: Limit Probe Request event queuing if subscriber may have left
Instead of queuing all events for a subscriber, only queue more
important events if delivery of event notifications starts failing.
This allows more time for the subscriber to recover since the maximum
queue length if not reached because of Probe Request frames only.
2010-10-17 20:58:58 +03:00
Jouni Malinen
d1e17fbc9c WPS: Schedule sending of pending events after failure
There is no point leaving these pending events waiting for something
new to trigger us to continue.
2010-10-17 20:57:11 +03:00
Jouni Malinen
8c3a2f11ab WPS: Separate local error from max queue length reached
Drop subscription only if the max queue length has been reached;
not based on any error.
2010-10-17 20:29:28 +03:00
Jouni Malinen
dd50c2d425 WPS UPnP: Improved event notification failure processing
Instead of dropping the subscription on first failure, allow up to
10 failures before dropping. In addition, drop the callback URLs
one by one instead of full subscription if only one URL is failing.
2010-10-17 20:26:03 +03:00
Jouni Malinen
10fb1a984f WPS: Convert assert() to error return 2010-10-17 20:23:51 +03:00
Jouni Malinen
1f1d4df09a WPS UPnP: Fix memory leak on retry case
The event entry needs to be freed when giving up on retries.
2010-10-17 20:22:03 +03:00
Jouni Malinen
3953627b35 WPS: Add more debug info for UPnP operations 2010-10-17 20:20:28 +03:00
Jouni Malinen
ed31b5ebcf WPS: Remove unused define
This timeout value was moved to now separate HTTP client implementation.
2010-10-17 20:15:08 +03:00
Jouni Malinen
75c3fc2e8a WPS: Cleaned up URL parser not to modify const buffer
There is no need to use '\0' termination here in string parsing,
so we may as well clean this up to follow the const declaration.
2010-10-17 20:12:54 +03:00
Jouni Malinen
75779589e8 WPS: Drop subscription if it does not have any valid callback address 2010-10-17 20:11:03 +03:00
Jouni Malinen
d0ebf3285f WPS: Remove unused error path code 2010-10-17 20:10:09 +03:00
Jouni Malinen
acd0ef4d3c WPS UPnP: Fix HTTP client timeout event code
The define here was overriding the event code enum value and that
resulted in incorrect code being used and WPS UPnP code ignoring the
timeout events.
2010-10-17 20:07:33 +03:00
Jouni Malinen
0e8da74e22 Fix build with drivers that use driver_wext.c
If CONFIG_DRIVER_WEXT=y is not used in .config, but driver_wext.c
gets pull in to help another driver wrapper, rfkill code needs to
included to fix the build.
2010-10-15 22:11:33 +03:00
Jouni Malinen
33c5deb816 nl80211: Indicate channel list change events
Listen to regulatory event messages from kernel and convert them to
internal driver event notifications indicated that the channel list
may have changed.
2010-10-15 18:56:36 +03:00
Jouni Malinen
b5c9da8db3 P2P: Add mechanism for updating P2P channel list based on driver events
This allows P2P channel list to be updated whenever the driver changes
its list of allowed channels, e.g., based on country code from scan
results.
2010-10-15 18:55:22 +03:00
Anil Gathala Sudha
a0dee79709 P2P: Send AP mode WPS-FAIL event to parent interface
The AP operation with wpa_supplicant requires an additional callback
to get the needed event information from hostapd side so that
wpa_msg() can be called for wpa_s->parent if needed.
2010-10-14 20:57:00 +03:00
Jouni Malinen
fc215bfe86 WPS: Add WPS-FAIL ctrl_interface event for hostapd 2010-10-14 20:50:46 +03:00
Jouni Malinen
81611b95ff WPS: Add Config Error into WPS-FAIL events
This makes it easier to figure out what could have failed in the
WPS protocol and potentially provide more information for the
user on how to resolve the issue.
2010-10-14 20:49:54 +03:00
Jouni Malinen
d054a4622c P2P: Reject multi-channel concurrent operations depending on driver
The driver wrapper can now indicate whether the driver supports
concurrent operations on multiple channels (e.g., infra STA connection
on 5 GHz channel 36 and P2P group on 2.4 GHz channel 1). If not,
P2P_CONNECT commands will be rejected if they would require
multi-channel concurrency.

The new failure codes for P2P_CONNECT:

FAIL-CHANNEL-UNAVAILABLE:
The requested/needed channel is not currently available (i.e., user has
an option of disconnecting another interface to make the channel
available).

FAIL-CHANNEL-UNSUPPORTED:
The request channel is not available for P2P.
2010-10-14 14:24:56 +03:00
Jouni Malinen
7861cb08c9 P2P: Share code for p2p_connect/authorize channel preparation 2010-10-14 12:45:15 +03:00
Jouni Malinen
1e19f73495 P2P: Verify that p2p_connect forced frequency is allowed for P2P
Do not accept forced frequency unless the specified channel is
allowed for P2P, i.e., is included in the local list of
advertised channels.
2010-10-14 12:42:17 +03:00
Paul Stewart
7ee35bf395 nl80211: Add more details into signal change events
Add new survey retrieval function and add txrate to station into the
EVENT_SIGNAL_CHANGE events.
2010-10-12 20:01:50 +03:00
Jouni Malinen
68d6fe5693 WPS: Workaround broken Credential encoding from some D-Link APs
At least D-Link DIR-600 and DIR-825 have been reported to include
an extra octet after the Network Key attribute within a Credential
attribute. This can happen at least when they are provisioning an
open network.

Add a workaround to detect this incorrectly encoded attribute and
to skip the extra octet when parsing such a Credential.
2010-10-11 16:07:49 +03:00
Johannes Berg
5582a5d1b3 nl80211: Use nl80211 for Probe Request/Response frames
The new nl80211 API means we don't need to use monitor interfaces. This
means that the P2P implementation now requires a kernel that has support
for generic management frame (not just Action frame) transmission.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-10-10 18:10:37 +03:00
Johannes Berg
9884f9cc1c nl80211: Refactor Action frame TX
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-10-10 18:00:25 +03:00
Johannes Berg
bd94971e11 nl80211: Use new frame registration API
This is backward compatible since older kernels will ignore the extra
attribute and only allow registration for Action frames.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-10-10 17:55:18 +03:00
Johannes Berg
6ee04cfcf4 nl80211: support intra-BSS configuration
Using the AP_ISOLATE nl80211 option, we can support intra-BSS
distribution configuration.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-10-10 17:48:54 +03:00
Johannes Berg
a65a9aed7e nl80211: work around libnl bug
libnl has a bug, when binding more than two sockets and releasing one,
it will release the wrong address and then try to reuse it, which fails.
Therefore, we need to reimplement the socket address assignment logic
locally for libnl 1.1.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-10-10 17:47:15 +03:00
Jouni Malinen
4e698e5c30 WPS: Fix WPS commands in wpa_supplicant AP mode
Commit 9290cc1800 broke this by moving
to use for_each_interface() which is not available in wpa_supplicant
AP mode.
2010-10-10 17:43:42 +03:00
Jouni Malinen
ca0d6b81d6 P2P: Fix a typo to fix CONFIG_P2P=y build
Previous typo fix was missed here.
2010-10-10 17:28:47 +03:00
Jouni Malinen
257a515295 nl80211: Sync with wireless-testing.git 2010-10-09 11:57:05 +03:00
Jouni Malinen
c3fc47ea8e EAP server: Allow reauth to be started with passthrough
Some sequencies of EAPOL logoff/logon/start messages seem to be
able to get the previous implementation into state where hostapd
would not be able to start reauthentication when external
authentication server is used. The EAP server code would bypass
the initial Identity Request generation and EAPOL code would not
be able to send anything to the authentication server or supplicant
at that point. Work around this by forcing EAP server code to
start with Identity Request after INITIALIZE state even if the
Identity is known.
2010-10-09 08:53:45 +03:00
Jouni Malinen
dce044cce5 P2P: Extend P2P manager functionality to work with driver MLME
Add P2P IE into Beacon, Probe Response, and (Re)Association Request
frames for drivers that generate this frames internally.
2010-10-08 18:16:07 +03:00
Jouni Malinen
b74c19faf5 P2P: Fix a typo in P2P manager definition 2010-10-08 18:15:38 +03:00
Jouni Malinen
2f7d9f2dd9 Apply WPS configuration changes to all interfaces that use WPS
When a single hostapd process is controlling multiple interfaces,
apply the received or auto-generated configuration changes to all
interfaces that have enabled WPS.
2010-10-08 17:32:10 +03:00
Jouni Malinen
e55f98f4b8 Disable AP PIN on all interfaces controlled by the same process
When a single hostapd process is used to manage multiple interfaces,
disable AP PIN on all interfaces if an attack is detected on any
interface.
2010-10-08 17:24:58 +03:00
Jouni Malinen
9290cc1800 Apply hostapd WPS commands to all interfaces on concurrent APs
When the same hostapd process is controlling multiple interfaces,
apply WPS commands (push button, add PIN, change AP PIN) to all
interfaces that are configured to use WPS.
2010-10-08 17:15:16 +03:00
Jouni Malinen
bf0ed63f3f Allow a postfix to be defined for the version number
A separate build number (etc.) version number postfix can now be
added to the build without having to modify source code files by
defining VERSION_STR_POSTFIX. This can be done, e.g., by adding
following line to .config:

CFLAGS += -DVERSION_STR_POSTFIX=\"-foo\"
2010-10-07 10:51:04 +03:00
Jouni Malinen
0314e26a61 Fix wpa_supplicant AP mode with WPS not to crash
Commit 3379a3a795 added a direct
iface->for_each_interface use without verification whether the
function is available. This works with hostapd, but not
wpa_supplicant (which crashes on segfault).
2010-10-06 16:46:43 +03:00
Jouni Malinen
416192628d Fix AP mode 40 MHz pri/sec channel parsing in overlap determination
The previous implementation ended up incorrectly assuming that all
40 MHz use cases have secondary channel above the primary one. Fix this
by properly masking the secondary channel offset field and checking its
value.
2010-10-06 14:09:44 +03:00
David A Benjamin
32f4e7b124 wext: Fix scan result signal levels when driver reports in dBm
wpa_supplicant showed signal levels incorrectly with some drivers:
Jun  6 16:29:36 rupert wpa_supplicant[18945]: Current BSS: 00:0d:97:11:40:d6
level=190
Jun  6 16:29:36 rupert wpa_supplicant[18945]: Selected BSS: 00:0d:97:11:50:09
level=192

Judging from output from other tools (iwlist) and the min_diff block
at the end of wpa_supplicant_need_to_roam, it seems these values
should actually be negative. Specifically, if one treats that number
as a signed char instead of unsigned, everything matches up.

To be honest, I've little to no understanding of wireless, but looking
at the source code for wireless-tools (iw_print_stats in iwlib.c), it
seems that the fields of the iw_quality struct need to be decoded
differently depending on various flags. I guess
src/drivers/driver_wext.c should have similar logic in
wext_get_scan_qual.

I wrote a patch that attempts to replicate some of that logic,
although it may be more complicated than is necessary; I think some of
the complexity is for backwards-compatibility, which might not be
necessary depending on wpa_supplicant's dependencies? In any case, it
is attached. Again, I don't know how any of this works, so it's likely
the patch is a bit off. But I think at least the logic to determine
min_diff in wpa_supplicant_need_to_roam would be more accurate if
level were determined correctly.
2010-10-04 08:25:00 +03:00
Jouni Malinen
8602b0f213 nl80211: Include linux/rtnetlink.h explicitly
This is needed with libnl-tiny to get various definitions that
get included implicitly with libnl.
2010-09-29 21:52:51 -07:00
Jouni Malinen
7598389afe nl80211: Sync the header file with wireless-testing.git 2010-09-29 21:39:40 -07:00
Jouni Malinen
12970f8a57 atheros: Prefer WSC IE in (Re)Association Request frame
This is needed to work properly with WPS stations that may include
both WPA/RSN IE and WSC IE when associating for WPS provisioning.
2010-09-24 17:01:03 -07:00
Jouni Malinen
6d1031b971 WPS ER: Add more debug info on initialization errors 2010-09-24 16:05:58 -07:00
Jouni Malinen
a9d69254e3 WPS ER: Make sure PIN timeout does not interrupt PBC operation
We need to clear the selected registrar timeout from wps_er_learn
when stopping the protocol run at M7 (previously, this was done only
when WSC_Done was being processed). In addition, we need to cancel
the timeout when a new PBC operation is started.
2010-09-23 14:45:55 -07:00
Jouni Malinen
fa37511fa7 WPS: Fix hostapd reconfig to update WPS UPnP string pointers
This is needed to update the pointers maintained within WPS code
to use the new configuration data instead of maintaining pointers
to the old configuration which will be freed. This fixes strings in
UPnP discovery after reconfig (they used to be random freed memory..).
2010-09-22 19:34:32 -07:00
Jouni Malinen
7d698c4ec7 WPS: Add more debug details for Credential building 2010-09-22 19:20:01 -07:00
Jouni Malinen
2d5e0d78e9 WPS ER: Fix debug message for protocol run done case
This is not a failure and should not be indicated as such in the
debug log.
2010-09-22 19:19:33 -07:00
Jouni Malinen
3237bfb1a3 WPS: Fix strict validation of encrypted data for WSC 2.0-only case
Need to figure out whether the message is from a WSC 2.0 -based
device based on the unencrypted attributes, not the contents of the
encrypted data since the Version2 subelement is only included in the
unencrypted area.
2010-09-22 19:17:13 -07:00
Jouni Malinen
70153d385c hostapd: Add virt/phy flag for Display/PushButton if needed (WPS 2.0)
This seems to be the easiest way of making sure the Config Methods
value is compliant with the WSC 2.0 specification without having
to modify the configuration file. However, this will only add the
virtual flag, so the configuration files should really be updated
to specify values that match the AP design.
2010-09-22 17:45:43 -07:00
Jouni Malinen
370cb2a9ce WPS: Making some parsing messages use excessive debug level
This makes it easier to read -dd debug logs in environments that
have multiple WPS or P2P devices.
2010-09-22 11:39:58 -07:00
Jouni Malinen
82fb18472e WPS: Fix strict validation of (Re)Association Response
This frame is supposed to include Response Type, not Request Type
attribute.
2010-09-22 11:13:18 -07:00
Jouni Malinen
0e2e565a44 WPS 2.0: Provide (Re)Association Response WPS IE to driver
WPS 2.0 mandates the AP to include WPS IE in (Re)Association Response
if the matching (Re)Association Request included WPS IE. Provide the
needed WPS IE information to the driver_ops API for drivers that
process association frames internally.

Note: This modifies the driver_ops API by adding a new argument to
set_ap_wps_ie().
2010-09-22 10:46:44 -07:00
Jouni Malinen
baf7081ccd WPS: Add MAC address to validation error message for Probe Request
This makes it easier to figure out which device is sending invalid
Probe Request frames.
2010-09-22 10:07:20 -07:00
Jouni Malinen
b4e34f2fdf WPS: Make testing operations configurable at runtime
Instead of build time options (CONFIG_WPS_TESTING_EXTRA_CRED and
CONFIG_WPS_EXTENSIBILITY_TESTING), use a single build option
(CONFIG_WPS_TESTING) and runtime configuration of which testing
operations are enabled. This allows a single binary to be used
for various tests.

The runtime configuration can be done through control interface
with wpa_cli/hostapd_cli commands:
Enable extensibility tests:
set wps_version_number 0x57
Disable extensibility tests (WPS2 build):
set wps_version_number 0x20
Enable extra credential tests:
set wps_testing_dummy_cred 1
Disable extra credential tests:
set wps_testing_dummy_cred 0
2010-09-21 19:51:23 -07:00
Jouni Malinen
ab98525399 WPS 2.0: Fix AuthorizedMACs check to accept wildcard address
We need to accept both our own address and the ff:ff:ff:ff:ff:ff
as an indication of the AP having authorized us.
2010-09-21 19:36:44 -07:00
Jouni Malinen
252d7db297 P2P: Fill in default Config Methods in Invitation Request
If the peer is not authorized for GO Negotiation, wps_method is not
actually set. In that case, it is better to fill in our default
config methods rather than end up leaving the field to be zero.
2010-09-21 18:26:01 -07:00
Jouni Malinen
3379a3a795 WPS: Fix Beacon WPS IE on concurrent dualband AP in PBC mode
The Beacon frame must include UUID-E and RF Bands attributes when
in active PBC mode to allow stations to figure out that two BSSes in
PBC mode is not a PBC session overlap.
2010-09-20 15:32:29 -07:00
Jouni Malinen
ff28ccafd5 WPS: Add BSSID to strict validation error messages
This makes it easier to figure out which AP is sending invalid
Beacon or Probe Response frames.
2010-09-20 14:54:22 -07:00
Jouni Malinen
e0369e3664 WPS: Use same UUID in multi-interface case
When generating the UUID based on MAC address, share the same UUID
with all interfaces. This fixes a potential issue with concurrent
dualband APs where the UUID needs to be same for PBC to work properly.
2010-09-20 14:28:43 -07:00
Jouni Malinen
e64e3d245e WPS: Fix CONFIG_WPS_OOB build
The Version2 attribute was previous changed to a subelement and
the OOB code was missed during the change.
2010-09-19 17:18:43 -07:00
Jouni Malinen
3d32c6517d EAP-pwd: Fix couple of memory leaks 2010-09-14 22:16:17 -10:00
Jouni Malinen
d52be1db76 EAP-pwd: Move bnctx into per-protocol instance structure
This avoids double frees of bnctx and related crashes.
2010-09-14 22:04:09 -10:00
Dan Harkins
df684d82ff EAP-pwd: Add support for EAP-pwd server and peer functionality
This adds an initial EAP-pwd (RFC 5931) implementation. For now,
this requires OpenSSL.
2010-09-14 21:51:40 -10:00
Sudhakar Swaminathan
0f66abd25b P2P: Add option for disabling intra BSS distribution
p2p_intra_bss configuration parameter can now be used to
disable/enable intra BSS distribution (bridging of frames between
the clients in a group).
2010-09-10 10:30:26 -07:00
Ardong Chen
2049af2bd5 P2P: Fix invitation_received callback to use NULL bssid (if not known)
Previously, the storage buffer for the Group BSSID was returned
regardless of whether it was included in the invitation or not.
2010-09-10 10:30:26 -07:00
Jouni Malinen
e2197af1b2 P2P: Make sure parsed Device Name gets null terminated
If the msg->device_name buffer is filled from two different sources,
the copy from the P2P Device Info attribute needs to make sure that
the values gets null terminated to match the length of the correct
string should the other place use another string (which is not really
allowed by the spec, but could happen).
2010-09-10 10:30:26 -07:00
Jouni Malinen
ae3e342108 P2P: Add peer timeout into group formation 15 second timeout
This adds some more time for WPS provisioning step in case the peer
takes long time to start group interface operations.
2010-09-10 10:30:25 -07:00
Ardong Chen
2f9929ffcc WPS: Allow pending WPS operation to be cancelled
A new ctrl_interface command, WPS_CANCEL, can now be used to cancel
a pending or ongoing WPS operation. For now, this is only available
with wpa_supplicant (either in station or AP mode). Similar
functionality should be added for hostapd, too.
2010-09-10 10:30:25 -07:00
Jouni Malinen
fbe7027239 P2P: Provide local event on GO Neg Req rejection
If an authorized (p2p_connect used locally) GO Negotiation is
rejected when receiving GO Negotiation Request from the peer,
indicate the failure with a ctrl_interface P2P-GO-NEG-FAILURE
event. Previously, this event was only shown on the peer (i.e.,
the device receiving the GO Negotiation Response with non-zero
Status code).
2010-09-10 10:30:25 -07:00
Ardong Chen
ffe98dfb88 P2P: Process Invitation Request from previously unknown peer
Since this message now includes P2P Device Info attribute, it is
reasonable to learn the peer data and process the message instead of
rejecting the message.
2010-09-10 10:30:25 -07:00
Ardong Chen
17bef1e97a P2P: Add peer entry based on Provision Discovery Request
Add (or complete Probe Request only) P2P peer entry when receiving
Provision Discovery Request from a previously unknown peer. This is
especially of use for a GO when a P2P client is requesting to join
a running group.
2010-09-10 10:30:25 -07:00
Jouni Malinen
812bf56ab1 Fix build without CONFIG_P2P=y 2010-09-09 07:20:28 -07:00
Jouni Malinen
e9a7ae41fa P2P: Use SSID from GO Negotiation to limit WPS provisioning step
In order to avoid picking incorrect SSID from old scan results, use
SSID from GO Negotiation to select the AP.
2010-09-09 07:17:23 -07:00
Jouni Malinen
f8d0131a11 P2P: Use operating frequency from peer table as backup for join
The scan operation before Provision Discovery Request may not include
the GO. However, we are likely to have the GO in our P2P peer table,
so use that information to figure out the operating channel if BSS
table entry is not available.
2010-09-09 07:17:23 -07:00
Jouni Malinen
f7a6905735 P2P: Add a workaround for Extended Listen Timing getting stuck
This should not really happen, but it looks like the Listen command
may fail is something else (e.g., a scan) was running at an
inconvenient time. As a workaround, allow new Extended Listen
operation to be started if this state is detected.
2010-09-09 07:17:23 -07:00
Jouni Malinen
6125c661d5 P2P: Fix cross connection allowed parser to use correct field
The previous version had a bug that could result in NULL pointer
dereference if the P2P IE included Manageability attribute, but no
Capability attribute.
2010-09-09 07:17:22 -07:00
Jouni Malinen
5548ddc217 P2P: Allow P2P IE without Device Info in (Re)Assoc Req
This can happen, e.g., when a P2P client connects to a P2P group
using the infrastructure WLAN interface instead of P2P group
interface. In that case, the P2P client may behave as if the GO
would be a P2P Manager WLAN AP.
2010-09-09 07:17:21 -07:00
Jouni Malinen
b6c79a998f Add test command for disabling/enabling A-MPDU aggregation
ctrl_iface command "SET ampdu <0/1>" can now be used to
disable/enable A-MPDU aggregation.
2010-09-09 07:17:21 -07:00
Jouni Malinen
0cc8be3e45 P2P: Fix code order to avoid potential NULL pointer dereference 2010-09-09 07:17:21 -07:00
Jouni Malinen
c4ea4c5c90 P2P: Allow driver wrapper to indicate how many stations are supported
This can be used to limit the number of clients allowed to connect
to the group on the GO.
2010-09-09 07:17:21 -07:00
Jouni Malinen
eea2fd9eff P2P: Add mechanism for configuring UAPSD parameters for group
This is needed to be able to change parameters for dynamically
created interfaces between the creation of the interface and
association/start AP commands.

Following ctrl_interface commands can now be used:

P2P_SET client_apsd disable
- disable configuration (i.e., use driver default) in client mode

P2P_SET client_apsd <BE>,<BK>,<VI>,<VO>;<max SP Length>
- enable UASPD with specific trigger configuration (0/1) per AC
  (max SP Length is currently ignored)

P2P_SET go_apsd disable
- disable configuration (i.e., use driver default) in AP mode

P2P_SET go_apsd <0/1>
- disable/enable APSD in AP mode
2010-09-09 07:17:21 -07:00
Jouni Malinen
2f837b41dc P2P: Fix build after WSC 2.0 change to use WFA vendor extension 2010-09-09 07:17:21 -07:00
Jouni Malinen
2d509b39b1 WPS: Fix ER PBC overlap detection build with P2P changes 2010-09-09 07:17:21 -07:00
Jouni Malinen
5ded7d3eb8 P2P: Fix GAS fragmentation to match with IEEE 802.11u
P2P specification v1.15 fixed the description of the GAS fragmentation
to not duplicate NQP Query Response Field header in all fragments. This
change makes the fragmentation match with the description in IEEE
802.11u. The change is not backwards compatible with previous P2P
specification versions as far as fragmented SD responses are concerned.
2010-09-09 07:17:21 -07:00
Jouni Malinen
3dfda83d9c P2P: Add Device Password ID to GO Neg Request RX event
This event indicates the Device Password ID that the peer tried
to use in GO Negotiation. For example:
P2P-GO-NEG-REQUEST 02:40:61:c2:f3:b7 dev_passwd_id=4
2010-09-09 07:17:20 -07:00
Jouni Malinen
4147a2cc64 P2P: Fix p2p_connect join with interface address
Need to fetch P2P Device Address from the peers table in case the
p2p_connect join command uses interface address.
2010-09-09 07:17:20 -07:00
Jouni Malinen
72044390f3 P2P: Add support for cross connection
If enabled, cross connection allows GO to forward IPv4 packets
using masquerading NAT from the P2P clients in the group to an
uplink WLAN connection. This is disabled by default and can be
enabled with "wpa_cli p2p_set cross_connect 1" on the P2P device
interface.
2010-09-09 07:17:20 -07:00
Jouni Malinen
6c6915f3db P2P: Add defined values for P2P Manageability Bitmap 2010-09-09 07:17:20 -07:00
Jouni Malinen
0af196088c P2P: Fix device discoverability to not wait before sending GO Neg Req
When we receive Device Discoverability Response, we need to initiate
new GO Negotiation as quickly as possible to avoid the target client
from going back to sleep. Make sure we do not end up in
P2P_CONNECT_LISTEN state (short Listen mode) in this case.
2010-09-09 07:17:20 -07:00
Jouni Malinen
aefb53bd5d P2P: Disable periodic NoA when non-P2P STA is connected
For now, this applies to the test command that can be used to set
periodic NoA (p2p_set noa). The value are stored and periodic NoA
is enabled whenever there are no non-P2P STAs connected to the GO.
2010-09-09 07:17:20 -07:00
Jouni Malinen
4c08c0bd57 P2P: Include P2P IE in (Re)AssocReq to infra AP if it uses P2P IE
While this is not strictly speaking required by the P2P specification
for a not-P2P Managed Device, this can provide useful information for
the P2P manager AP and may be needed to pass certification tests.
2010-09-09 07:17:20 -07:00
Jouni Malinen
5be5305b7e P2P: Include Extended Listen Timing attribute in (Re)AssocReq
If extended listen timing is enabled, it should be advertised in
(Re)Association Request frames sent to GOs.
2010-09-09 07:17:20 -07:00
Jouni Malinen
04d8dad5c7 P2P: Wait on operating channel between invitation requests
If running in active GO mode to invite a device to join the group,
wait on operating channel instead of listen channel.
2010-09-09 07:17:20 -07:00
Jouni Malinen
d9d6a58c8f P2P: Fix invitation to active group to use correct operating channel
Invitation Request must use the current operating frequency of the
group, not the default operating channel.
2010-09-09 07:17:20 -07:00
Jouni Malinen
48e4377093 P2P: Fix WSC IE not to include two Device Name attrs with WPS 2.0 is used 2010-09-09 07:17:20 -07:00
Jouni Malinen
d5b20a73b2 P2P: Fix channel forcing for p2p_connect auth 2010-09-09 07:17:19 -07:00
Jouni Malinen
18eff3a3a7 P2P: Use 0-timeout when inviting to running group as client 2010-09-09 07:17:19 -07:00
Jouni Malinen
952f119242 P2P: Add Device Info attribute to Invitation Request
This was added as a mandatory attribute in one of the recent spec
updates.
2010-09-09 07:17:19 -07:00
Jouni Malinen
55a625799f P2P: Add Group Info attr into Probe Response in GO without clients
While there is no real value in this, the spec seems to mark this
attribute as mandatory from GO, so better included it regardless
of whether we have clients or not (the attribute is empty in case
no clients are connected).
2010-09-09 07:17:19 -07:00
Jouni Malinen
80c9582a5f P2P: Add test command for filtering which peers are discovered
"wpa_cli p2p_set peer_filter <MAC address>" can now be used to
only allow a single P2P Device (based on P2P Device Address) to be
discovered for testing. Setting the address to 00:00:00:00:00:00
disables the filter.
2010-09-09 07:17:19 -07:00
Jouni Malinen
9e00ea1aa3 P2P: Fix country string mismatch validation off-by-one offset
0x04 was being checked from incorrect location when skipping country
code validation.
2010-09-09 07:17:19 -07:00
Jouni Malinen
18708aadfc P2P: Initial support for SD fragmentation (GAS Comeback Request/Response) 2010-09-09 07:17:19 -07:00
Jouni Malinen
bf608cad56 P2P: Rename SD info not available define to match with spec change 2010-09-09 07:17:19 -07:00
Jouni Malinen
3c5126a41f P2P: Set Device Password ID in WPS M1/M2 per new rules
If the P2P client (WPS Enrollee) uses a PIN from the GO (Registrar),
Device Password ID in M1 & M2 is set to Registrar-specified.
2010-09-09 07:17:19 -07:00
Jouni Malinen
c381508d88 P2P: Implement power save configuration
wpa_cli p2p_set ps <0/1/2>
wpa_cli p2p_set oppps <0/1>
wpa_cli p2p_set ctwindow <0..> msec
2010-09-09 07:17:19 -07:00
Jouni Malinen
40c03fd40b P2P: Handle p2p_scan tracking in SEARCH state
Previously, only the initial p2p_scan was used to delay starting new
P2P operations. However, this should have applied to the SEARCH state
scans, too.
2010-09-09 07:17:18 -07:00
Jouni Malinen
962473c136 P2P: Add preliminary P2P Manager AP support for hostapd 2010-09-09 07:17:18 -07:00
Jouni Malinen
ef7963917c P2P: Add group notification from (re)association request 2010-09-09 07:17:18 -07:00
Jouni Malinen
f684e608af P2P: Use PSK format in WPS Credential 2010-09-09 07:17:17 -07:00
Jouni Malinen
8ccbe415ba P2P: Add group notifications 2010-09-09 07:17:17 -07:00
Jouni Malinen
e44f8bf20a P2P: Add P2P configuration and callbacks in hostapd code 2010-09-09 07:17:17 -07:00
Jouni Malinen
b22128efdc P2P: Add initial version of P2P Module 2010-09-09 07:17:17 -07:00
Jouni Malinen
c2af2afb3b P2P: Preparations for adding P2P IE into Beacon/Probe Response frames 2010-09-09 07:17:17 -07:00
Jouni Malinen
b305c684b8 P2P: Save a copy of P2P IE(s) data from (Re)Association Request 2010-09-09 07:17:17 -07:00
Jouni Malinen
046b26a24e nl80211: Add P2P operations 2010-09-09 07:17:17 -07:00
Jouni Malinen
2883205ec8 driver_test: Add functionality for allowing P2P testing 2010-09-09 07:17:17 -07:00
Jouni Malinen
75bde05d53 P2P: Add driver operations for P2P use 2010-09-09 07:17:16 -07:00
Jouni Malinen
62281bc690 P2P: Do no process Probe Request with P2P wildcard SSID in WPS
The Probe Request frames used in P2P Device Discovery should not be
processed by the WPS implementation.
2010-09-09 07:17:16 -07:00
Jouni Malinen
935a948f97 P2P: Enable use of WPS Requested Device Type without WPS 2.0 2010-09-09 07:17:16 -07:00
Jouni Malinen
63675def6e P2P: Add Device Name into WPS IE in Probe Request frames 2010-09-09 07:17:16 -07:00
Jouni Malinen
91a9464528 Make IEEE 802.11 IE parser aware of P2P IE
This does not handle fragmented IEs and is only used to check quickly
whether the IE blob includes any P2P IE(s).
2010-09-09 07:17:16 -07:00
Jouni Malinen
dd6cc5a20c P2P: Wi-Fi Direct frame format definitions 2010-09-09 07:17:16 -07:00
Jouni Malinen
fdc9eeb175 WPS 2.0: Convert new attributes into WFA vendor extension
The WSC 2.0 specification moved to use another design for the new
attributes to avoid backwards compatibility issues with some
deployed implementations.
2010-09-09 06:07:49 -07:00
Jouni Malinen
ac4dcaf7bf WPS 2.0: Fix strict mode validation of UPnP MAC Address format
This was supposed to only reject the message from WPS 2.0 ER, not from
WPS 1.0 ER.
2010-09-09 06:07:49 -07:00
Jouni Malinen
42f50264c0 WPS: Make fragment size configurable for EAP-WSC peer
"wpa_cli set wps_fragment_size <val>" can now be used to configure the
fragment size limit for EAP-WSC.
2010-09-09 06:07:49 -07:00
Jouni Malinen
ecece754db WPS: Add more debug prints for authorized MACs operations 2010-09-09 06:07:49 -07:00
Jouni Malinen
498cdee0c7 WPS ER: Use PBC overlap detection
ER should follow same rules as internal Registrar in an AP for
session overlap detection.
2010-09-09 06:07:49 -07:00
Jouni Malinen
6a4477236e WPS 2.0: Only reject Probe Request frames from WPS 2.0 devices 2010-09-09 06:07:49 -07:00
Jouni Malinen
e69b86b71d WPS 2.0: By default, use strict validation reject only with WPS 2.0 2010-09-09 06:07:49 -07:00
Jouni Malinen
5fabd9fefb WPS: Fix strict validation to mandate Network Index attribute
While this attribute is is now deprecated, it is still required
for backwards compatibility. Better check this if strict validation
is enabled.
2010-09-09 06:07:49 -07:00
Jouni Malinen
e6e25d37a3 WPS 2.0: Use strict validation of NewWLANEventMAC only with WPS 2.0
This avoids some testing issues with WPS 1.0 implementations while
maintaining strict validation for WPS 2.0 implementations.
2010-09-09 06:07:49 -07:00
Jouni Malinen
b68ccf4048 WPS ER: Do not use SetSelectedRegistrar when learning/configuring AP 2010-09-09 06:07:49 -07:00
Jouni Malinen
ad4741183f WPS 2.0: Make sure PHY/VIRT flag gets set for PBC 2010-09-09 06:07:48 -07:00
Jouni Malinen
168f840169 WPS 2.0: Add strict validation of SetSelectedRegistrar attributes 2010-09-09 06:07:48 -07:00
Jouni Malinen
545ee4fd3d WPS 2.0: Add wildcard AuthorizedMACs if Enrollee address is not known 2010-09-09 06:07:48 -07:00
Jouni Malinen
53587ec183 WPS 2.0: Make WSC 2.0 support to be build option (CONFIG_WPS2)
For now, the default build will only include WSC 1.0 support.
CONFIG_WPS2=y can be used to add support for WSC 2.0.
2010-09-09 06:07:48 -07:00
Jouni Malinen
c15a854aec WPS 2.0: Add tool for testing protocol extensibility
This is disabled by default and can be enabled by defining
CONFIG_WPS_EXTENSIBILITY_TESTING.
2010-09-09 06:07:48 -07:00
Jouni Malinen
4a34969824 WPS: Add a test mechanism for adding an extra credential into M8
This can be used to build a test version of ER that adds an extra
Credential attribute into M8.
2010-09-09 06:07:48 -07:00
Jouni Malinen
54f489be45 WPS 2.0: Validate WPS attributes in management frames and WSC messages
If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and
reject the frames if any of the mandatory attributes is missing or if an
included attribute uses an invalid value. In addition, verify that all
mandatory attributes are included and have valid values in the WSC
messages.
2010-09-09 06:07:48 -07:00
Jouni Malinen
00ae50bc87 atheros: Use larger buffer for WSC IE changes
This resolves issues in updating Beacon/Probe Response frame IEs
in a case where the value may be long enough to get fragmented
into multiple IEs.
2010-09-09 06:07:48 -07:00
Jouni Malinen
ed1c1ebfb4 WPS 2.0: Ignore WEP Credentials as station Enrollee
Ignore Credential if it is for a WEP network. Reject the message if
no valid Credential is found.
2010-09-09 06:07:48 -07:00
Jouni Malinen
6be2d7f826 WPS 2.0: Enforce new security policy of received AP Settings
When receiving new AP Settings from ER, reject WEP configuration
and upgrade WPA-Personal/TKIP only to mixed mode (i.e., add
WPA2-Personal/CCMP).
2010-09-09 06:07:48 -07:00
Jouni Malinen
6b633b4da7 WPS 2.0: Fix Probe Request WPS IE building to be able to fragment data
If all the device information attributes use their maximum lengths,
a single WPS IE is not enough to fit in all the data and as such,
we must be able to fragment the data. In addition, the wpabuf needs
to be allocated larger to fit in maximum data.
2010-09-09 06:07:47 -07:00
Jouni Malinen
dcc4d8be75 WPS 2.0: Disable WPS workarounds if CONFIG_WPS_STRICT is defined 2010-09-09 06:07:47 -07:00
Jouni Malinen
5314d652d4 WPS 2.0: Modify empty-string workaround to meet 2.0 rules
Instead of using 0x00 as the extra character, use space (' ') to
avoid failing tests that verify that the variable length string
attributes are not null terminated. In addition, this workaround
can now be disabled by defining CONFIG_WPS_STRICT for the build.
This can be done by adding following line to .config:
CFLAGS += -DCONFIG_WPS_STRICT

However, it should be noted that such a build may not interoperate
with some deployed WPS 1.0 -based implementations and as such, is
mainly designed for testing.
2010-09-09 06:07:47 -07:00
Jouni Malinen
6a857074f4 WPS 2.0: Add virtual/physical display and pushbutton config methods 2010-09-09 06:07:47 -07:00
Jouni Malinen
662bd57522 WPS 2.0: Add device attributes into Probe Request
Add Manufacturer, Model Name, Model Number, and Device Name attributes
into the WSC IE in the Probe Request frames.
2010-09-09 06:07:47 -07:00
Jouni Malinen
cfe1c3f1ef WPS 2.0: Add Request to Enroll attribute into Probe Request
Whenever wpa_supplication is using Request Type Enrollee, it is trying
to enroll into a network. Indicate this with the explicit inclusion of
Request to Enroll attribute with value TRUE.
2010-09-09 06:07:47 -07:00
Jouni Malinen
31fcea931d WPS 2.0: Add support for AuthorizedMACs attribute
Advertize list of authorized enrollee MAC addresses in Beacon and
Probe Response frames and use these when selecting the AP. In order
to provide the list, the enrollee MAC address should be specified
whenever adding a new PIN. In addition, add UUID-R into
SetSelectedRegistrar action to make it potentially easier for an AP
to figure out which ER sent the action should there be multiple ERs
using the same IP address.
2010-09-09 06:07:47 -07:00