With multiple interface like AP and station which is already
associated to some other AP, when we try to do channel switch
for the AP mode (different from the operation channel support of
station) and if the AP channel switch fails continously (including
the fallback channel switch), results in a crash due to NULL pointer
dereference. This is because hostapd_deinit_driver() assigns the
driver context (drv_priv) to NULL as we are not able to bring up
the interface with a new channel
Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
Add attribute for TA max duration after last TA received. So that local
time is synchromous to other communicating OCB STAs. If the duration
expires, OCB STA without UTC time source is not in sync to other STAs
and stop scheduling DSRC channel switch after max duration.
Signed-off-by: Zhaoyang Liu <zhaoyang@codeaurora.org>
Signed-off-by: Ferry Zhou <tianguiz@codeaurora.org>
Document QCA vendor OCB commands about IEEE Std 802.11 communication
outside the context of a basic service set. Also define all attributes
for the specific OCB commands.
Signed-off-by: Zhaoyang Liu <zhaoyang@codeaurora.org>
Signed-off-by: Ferry Zhou <tianguiz@codeaurora.org>
This change fixes the following compilation error:
wpa.c:2465: error: undefined reference to 'crypto_ecdh_deinit'
in builds where CONFIG_ECC does not get defined.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This fixes the following compiler warning:
wpa_auth.c:4249:34: error: address of array 'a->conf.fils_cache_id'
will always evaluate to 'true' [-Werror,-Wpointer-bool-conversion]
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Do not accept a link-local IPv4 address when waiting for a valid DHCP
address. This helps with hs20-osu-client use cases where DHCP response
has not yet been received.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, the Value node was not added if value of a node could not be
fetched. This can cause interoperability issues, so address that in the
same way as an empty length value, i.e., by adding a Value node with
zero-length contents.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In case wpa_supplicant is using driver_macsec_linux, but macsec module
is not (yet) loaded in the kernel, nl_socket_alloc() fails and drv->sk
is NULL. In this case, don't call libnl functions rntl_link_add() or
rtnl_link_change() using such NULL pointer, to prevent program from
getting segmentation faults like:
Program received signal SIGSEGV, Segmentation fault.
nl_socket_get_local_port (sk=sk@entry=0x0) at socket.c:365
365 if (sk->s_local.nl_pid == 0) {
(gdb) p sk
$1 = (const struct nl_sock *) 0x0
(gdb) bt
#0 nl_socket_get_local_port (sk=sk@entry=0x0) at socket.c:365
#1 0x00007ffff79c56a0 in nl_complete_msg (sk=sk@entry=0x0,
msg=msg@entry=0x55555595a1f0) at nl.c:491
#2 0x00007ffff79c56d1 in nl_send_auto (sk=sk@entry=0x0,
msg=msg@entry=0x55555595a1f0) at nl.c:522
#3 0x00007ffff79c652f in nl_send_sync (sk=sk@entry=0x0,
msg=0x55555595a1f0) at nl.c:556
#4 0x00007ffff755faf5 in rtnl_link_add (sk=0x0,
link=link@entry=0x55555595b0f0, flags=flags@entry=1024) at route/link.c:1548
#5 0x000055555567a298 in macsec_drv_create_transmit_sc (priv=0x55555593b130,
sc=0x55555593b320, conf_offset=<optimized out>) at ../src/drivers/driver_macsec_linux.c:998
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
ieee802_1x_kay_deinit_transmit_sc() frees the transmit secure channel
data, but secy_delete_transmit_sc() still needs it. Since this functions
are called sequentially, secy_delete_transmit_sc() can be called from
ieee802_1x_kay_deinit_transmit_sc() before txsc is freed.
Fixes: 128f6a98b3 ("mka: Fix the order of operations in secure channel deletion")
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
ieee802_1x_kay_deinit_receive_sc() frees the receive secure channel data,
but secy_delete_receive_sc() still needs it. Since these two functions
are always called sequentially, secy_delete_receive_sc() can be called
from ieee802_1x_kay_deinit_receive_sc() before rxsc is freed.
Fixes: 128f6a98b3 ("mka: Fix the order of operations in secure channel deletion")
Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
1. Add new attribute to report corresponding antenna information to the
chain RSSI which is used in subcmd
QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI.
2. Add a series of attr to support the new wmi interface
WMI_PDEV_PARAM_ANT_DIV_USRCFG which export parameters setting of antenna
diversity algorithm to userspace.
Signed-off-by: Li Feng <lifeng@qti.qualcomm.com>
QCA_WLAN_VENDOR_ATTR_CONFIG_PROPAGATION_ABS_DELAY is added to set
propagation delay's absolute value. This is a more detailed version of
QCA_WLAN_VENDOR_ATTR_CONFIG_PROPAGATION_DELAY.
Signed-off-by: Zhang Qian <zhangq@qti.qualcomm.com>
If a P2P_FIND command is issued for running the initial full scan and
the attempt to start that full scan fails, the previous behavior was to
wait for the ongoing scan to complete and then continue p2p_find scan
iterations. However, this continued with the social channels scan
instead of the initial full scan. This could end up missing the full
scan completely.
Fix this by marking the full scan pending if the new scan cannot be
started immediately. Then start the initial full scan after the ongoing
scan completes before moving to social channel only scan iterations.
This applies both for the P2P_FIND_START_WITH_FULL (no specific
frequency set) and P2P_FIND_PROGRESSIVE cases since both of them start
with a single full scan round.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes the "P2P_FIND freq=<MHz>" operation more robust by continuing
to include the specified frequency in the consecutive scan rounds
instead of including it only once in the first scan. In other words, the
first scan is only for the specified frequency just like the previous
behavior, but the following scans include all the social channels and
the specified frequency instead of just the previously used social
channels.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds an option to configure wpa_supplicant to use the perfect
forward secrecy option in FILS shared key authentication. A new build
option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A
new runtime network profile parameter fils_dh_group is used to enable
this by specifying which DH group to use. For example, fils_dh_group=19
would use FILS SK PFS with a 256-bit random ECP group.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds an option to configure hostapd to enable use of perfect
forward secrecy option in FILS shared key authentication. A new build
option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A
new runtime configuration parameter fils_dh_group is used to enable this
by specifying which DH group to use. For example, fils_dh_group=19 would
allow FILS SK PFS to be used with a 256-bit random ECP group.
Signed-off-by: Jouni Malinen <j@w1.fi>
draft-harkins-owe-07.txt does not specify these parameters, so need to
pick something sensible to use for the experimental implementation. The
Suite B 128-bit level AKM 00-0F-AC:11 has reasonable parameters for the
DH group 19 case (i.e., SHA256 hash), so use it for now. This can be
updated if the OWE RFC becomes clearer on the appropriate parameters
(KEK/KCK/MIC length, PRF/KDF algorithm, and key-wrap algorithm).
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds STA side addition of OWE Diffie-Hellman Parameter element into
(Re)Association Request frame and processing it in (Re)Association
Response frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
This adds AP side processing for OWE Diffie-Hellman Parameter element in
(Re)Association Request frame and adding it in (Re)Association Response
frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
The KDF define in RFC 5295 is very similar to HKDF-Expand() defined in
RFC 5869. Allow a NULL label to be used to select the RFC 5869 version
with arbitrary seed (info in RFC 5869) material without forcing the
label and NULL termination to be included. HKDF-Expand() will be needed
for OWE.
Signed-off-by: Jouni Malinen <j@w1.fi>
These allow ECDH to be used with compressed public key encoding (only
x-coordinate). This is needed for FILS PFS and OWE.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add a helper function that parses candidate list from command line
arguments.
This function will be used (in the following commits) to add
a candidate list to BSS transition management query.
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
This extends the GAS/ANQP parser in wpa_supplicant to process MBO
ANQP-elements and indicate received Cellular Data Connection Preference
values over the control interface.
When a valid MBO ANQP-element is received, the following control
interface message is sent:
RX-MBO-ANQP <BSSID> cell_conn_pref=<value>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This extends the GAS server to process MBO ANQP-elements and reply to a
query for the Cellular Data Connection Preference (if configured). The
new configuration parameter mbo_cell_data_conn_pref can be used to set
the value (0, 1, or 255) for the preference to indicate.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
MBO techspec v0.0_r27 changed the MBO ANQP-element format. The MBO
element in ANQP query should now include an MBO Query List element that
contains a list of MBO elements to query.
Add API to add the MBO Query List to an ANQP query.
Format:
ANQP_GET <addr> <info_id>[,<info_id>]...[,mbo:<subtype>...]
Example for querying neighbor report with MBO cellular data
connection preference:
ANQP_GET <bssid> 272,mbo:2
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
As FCC DFS requirement does not explicitly mention about the validity of
the (pre-)CAC when channel is switched, it is safe to assume that the
pre-CAC result will not be valid once the CAC completed channel is
switched or radar detection is not active on the (CAC completed) channel
within a time period which is allowed (10 seconds - channel switch time)
as per FCC DFS requirement.
Use the new driver event to allow the driver to notify expiry of the CAC
result on a channel. Move the DFS state of the channel to 'usable' when
processing pre-CAC expired event. This means any future operation on
that channel will require a new CAC to be completed. This event is
applicable only when DFS is not offloaded to the kernel driver.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
Process the new nl80211 event NL80211_RADAR_PRE_CAC_EXPIRED to allow the
driver to notify expiry of the CAC result on a channel.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
When DFS channel state is shared across multiple radios on the system it
is possible that a CAC completion event is propagated from other radio
to us. When in enabled state, do not proceed with setup completion upon
processing CAC completion event with devices where DFS is not offloaded,
when in state other than enabled make sure the configured DFS channel is
in available state before start the AP.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qti.qualcomm.com>
The userspace may want to delay the the first scheduled scan.
This enhances sched_scan to add initial delay (in seconds) before
starting first scan cycle. The driver may optionally choose to
ignore this parameter and start immediately (or at any other time).
This uses NL80211_ATTR_SCHED_SCAN_DELAY to add this via user
global configurable option: sched_scan_start_delay.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This leads to cleaner code overall, and also reduces the size
of the hostapd and wpa_supplicant binaries (in hwsim test build
on x86_64) by about 2.5 and 3.5KiB respectively.
The mechanical conversions all over the code were done with
the following spatch:
@@
expression SIZE, SRC;
expression a;
@@
-a = os_malloc(SIZE);
+a = os_memdup(SRC, SIZE);
<...
if (!a) {...}
...>
-os_memcpy(a, SRC, SIZE);
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This can be used to clean the code and reduce size by converting
os_malloc() followed by os_memcpy() cases to use a single function call.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add driver interface command using the QCA vendor extensions to check
the driverr whether to accept or reject a BSS transition candidate. For
the reject case, report an MBO reject reason code.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
radius_server_session_free() does not remove the session from the
session list and these radius_server_get_new_session() error paths ended
up leaving a pointer to freed memory into the session list. This
resulted in the following operations failing due to use of freed memory.
Fix this by using radius_server_session_remove() which removes the entry
from the list in addition to calling radius_server_session_free().
Signed-off-by: Jouni Malinen <j@w1.fi>
It was possible to hit a double-free on the l2_packet socket if
initialization of DHCP/NDISC snoop failed on a hostapd interface that
had previously had those enabled successfully. Fix this by clearing the
l2_packet pointers during deinit.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add QCA_NL80211_VENDOR_SUBCMD_BRP_SET_ANT_LIMIT for setting the number
of antennas that will be active in different modes for each connection.
Signed-off-by: Alexei Avshalom Lazar <qca_ailizaro@qca.qualcomm.com>
