Commit Graph

3545 Commits

Author SHA1 Message Date
Jouni Malinen
c0333c8dd5 Check rx_mgmt::frame more consistently against NULL
If a driver wrapper misbehaves and does not indicate a frame body in the
event, core hostapd code should handle this consistently since that case
was already checked for in one location.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
d6c6b1fb9d Make sta NULL-check easier for static analyzers
sta == NULL check is already done above based on category !=
WLAN_ACTION_PUBLIC, but that seems to be too complex for some static
analyzers, so avoid invalid reports by explicitly checking for this
again in the WLAN_ACTION_FT case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
0bceb8d6f4 Make dl_list_first() and dl_list_last() uses easier for static analyzers
The previous check for dl_list_len() or having an entry from the list is
sufficient, but some static analyzers cannot figure out that
dl_list_first() and dl_list_last() will return non-NULL in this type of
cases. Avoid invalid reports by explicitly checking for NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
5f693cb1b6 WPS HTTP: Remove unused assignment
bbp is not used in the code path that skips trailers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
ee4fefc015 Remove duplicated variable zeroing
It's enough to do this once as part of the for loop.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
4a9d0ebe4a Make PMKID check easier for static analyzers
Checking sm->pmksa is sufficient here, but that seems to be too
difficult for static analyzers to follow, so avoid false reports by
explicitly checking pmkid as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
06df2aa60a Remove floating constant suffix 'd' from test coee
clang scan-build does not seem to like the 'd' suffix on floating
constants and ends up reporting analyzer failures. Since this suffix
does not seem to be needed, get rid of it to clear such warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
d06e9ac5f5 P2P: Verify operating channel validity for NFC connection handover
p2p_freq_to_channel() could return an error if the GO or P2P Client
operating channel is not valid. Check for this before generating the NFC
handover message.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:10 +03:00
Jouni Malinen
13a524a30d nl80211: Remove unnecessary wpa_driver_nl80211_set_freq() wrapper
This is not of any real use anymore with nl80211_set_channel() taking
care of channel setting operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:10 +03:00
Peng Xu
e87ef7517e nl80211: Add support for changing AP mode channel bandwidth
Configure driver with the new channel parameters (mainly, HT 20/40 MHz
bandwidth changes) as part of set_ap().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:09 +03:00
Jouni Malinen
30575183f6 Sync with mac80211-next.git nl80211.h
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:09 +03:00
Peng Xu
5f0bca77a8 Retry initial 20/40 MHz co-ex scan if the driver is busy
This makes the initial OBSS scans in AP mode before starting 40 MHz BSS
more robust. In addition, HT20 can be used as a backup option if none of
the scans succeed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:09 +03:00
Peng Xu
587d60d2b7 Add AP mode support for HT 20/40 co-ex Action frame
If a 2.4 GHz band AP receives a 20/40 Coexistence management frame from
a connected station with 20/40 BSS Intolerant Channel Report element
containing the channel list in which any legacy AP are detected or AP
with 40 MHz intolerant bit set in HT Cap IE is detected in the affected
range of the BSS, the BSS will be moved from 40 to 20 MHz channel width.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:09 +03:00
Peng Xu
9c47f6a2a6 hostapd: Extend support for HT 20/40 coexistence feature
Extend the minimal HT 20/40 co-ex support to include dynamic changes
during the lifetime of the BSS. If any STA connects to a 2.4 GHz AP with
40 MHz intolerant bit set then the AP will switch to 20 MHz operating
mode.

If for a period of time specified by OBSS delay factor and OBSS scan
interval AP does not have any information about 40 MHz intolerant STAs,
the BSS is switched from HT20 to HT40 mode.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:09 +03:00
Peng Xu
196c9c7cd2 Make channel parameters available in set_ap() driver operation
This provides information to allow the driver to be configured for
updated channel parameters, e.g., when dynamically changing HT20/HT40
bandwidth.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:16:51 +03:00
Jouni Malinen
27b418715f WPS: Print setsockopt() failure in debug log
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-28 16:54:09 +03:00
Jouni Malinen
52cb20730a trace: Replace demangle.h with internal defines
It looks like the demangle.h from binutils-dev is not installed that
commonly anymore. Since we need only two defines from that file, replace
the header file with those defines to make it easier to build with
WPA_TRACE_BFD=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-25 19:27:48 +03:00
Jouni Malinen
0e80ea2c70 nl80211: Fix some coding style issues
Some trailing whitespace and spaces for indentation were present in the
driver wrapper and header files.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-25 19:27:07 +03:00
Jouni Malinen
a26582cb98 Make qca-vendor.h independent of other header files
Move the definitions that depended in common.h into a separate header
file so that qca-vendor.h can be copied and used as-is in other
projects.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-25 11:41:36 +03:00
Amar Singhal
4a64d5a9db nl80211: Allocate QCA vendor subcmd for extended statistics
This allocates a QCA vendor subcmd for extended statistics
functionality and also an attribute for delivering the payload
for extended statistics.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-25 11:36:11 +03:00
Ilan Peer
dcdce14741 radiotap: Fix compilation for systems without le16toh/le32toh
These functions are not standard and do not exist in all systems, e.g.,
variants of Android. Instead use the macros defined in common.h.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-04-24 12:15:32 +03:00
Maxime Bizon
2aa82e52da Interworking: Don't filter probe requests when interworking is disabled
With hidden SSID (ignore_broadcast_ssid), an IOS device trying to
connect to the AP will send a probe request with ANT == 2. If
interworking support is just compiled (not enabled), we will drop the
probe request since default ANT is 0.

Check that interworking is enabled before filtering based on ANT or
HESSID to match the behavior of code without CONFIG_INTERWORKING.

Signed-off-by: Maxime Bizon <mbizon@freebox.fr>
2014-04-24 12:15:32 +03:00
Naresh Jayaram
13f6a07efc Add SIM identifier to the network profile and cred block
This allows the specific SIM to be identified for authentication
purposes in multi-SIM devices. This SIM number represents the index of
the SIM slot. This SIM number shall be used for the authentication using
the respective SIM for the Wi-Fi connection to the corresponding
network.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-24 12:15:32 +03:00
Marek Puzyniak
8a0f3bf613 AP: Fix checking if DFS is required
Sometimes function hostapd_is_dfs_required() returns -1 which indicates
that it was not possible to check if DFS was required. This happens for
channels from the 2.4 GHz band where DFS checking should not happen.
This can be fixed by returning DFS-not-required for mode different from
IEEE80211A and when DFS support is not available (ieee80211h not set).

Signed-off-by: Marek Puzyniak <marek.puzyniak@tieto.com>
2014-04-17 17:12:52 +03:00
Jouni Malinen
6d99bd8076 nl80211: Debug print HT/VHT capability override information
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-17 17:11:11 +03:00
Jouni Malinen
d2c33b91ad Reduce the amount of time PTK/TPTK/GTK is kept in memory
Some of the buffers used to keep a copy of PTK/TPTK/GTK in the
supplicant implementation maintained a copy of the keys longer than
necessary. Clear these buffers to zero when the key is not needed
anymore to minimize the amount of time key material is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-16 01:29:27 +03:00
Jouni Malinen
e47ee249bc l2_packet: Fix l2_packet_none (hostapd default)
The sample code here ended up trying to register an eloop socket with fd
== -1. This was not really ever supposed to be used, but it is now also
hitting an assert in eloop. Skip the unnecessary
eloop_register_read_sock() to avoid this.

This was causing issues for hostapd since CONFIG_L2_PACKET is not set by
default. If CONFIG_RSN_PREAUTH=y was not used for CONFIG_L2_PACKET was
not set in .config explicitly, the defaul use of l2_packet_none.c ended
up hitting the newly added assert() in eloop.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-14 23:04:55 +03:00
Johannes Berg
30476e4fe7 wlantest: Tag and ignore generated packets
Rather than ignoring packets with a minimal 8-byte radiotap
header, which may occur elsewhere, tag generated (decrypted)
packets with an empty vendor namespace tag and ignore those.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-04-13 23:54:25 +03:00
Johannes Berg
bacb984b2d radiotap: Update radiotap parser to library version
Update the radiotap parser to the latest version of the
http://git.sipsolutions.net/radiotap.git/ library to get
parsing for vendor namespaces.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-04-13 23:49:59 +03:00
Jouni Malinen
142817b2f9 Add a wpa_supplicant ctrl_iface event for regdom changes
CTRL-EVENT-REGDOM-CHANGE event provides an external notification of
regulatory domain (and any driver channel list) changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 16:32:38 +03:00
Jouni Malinen
d6a36f3956 nl80211: Mask out deauth even after own deauth request
This was already done for the disconnect event, but
SME-in-wpa_supplicant case needs to do same with the deauth event to
avoid getting extra events during WPS disconnect-and-reconnect sequence.
This can speed up WPS processing by removing unnecessary failures or
retries due to the extra event being processed during the next
association attempt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 11:39:49 +03:00
Jouni Malinen
0cd860284c Add CTRL-EVENT-SIGNAL-CHANGE for bgscan signal update events
This allows external programs to monitor driver signal change events
through wpa_supplicant when bgscan is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:52 +03:00
Felix Fietkau
83c4cb5217 nl80211: Handle multiple interface combinations for P2P
The first combination may allow single-channel concurrency for
P2P + managed, but there may be others that allow multi-channel
concurrency. Parse all of them to find the maximum number of channels.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2014-04-11 19:22:00 +03:00
Nirav Shah
0e0e1e564f P2P: Add retry mechanism for GO Negotiation Confirmation
wpa_supplicant now retries for P2P_GO_NEG_CNF_MAX_RETRY_COUNT times if
it doesn't receive acknowledgement for GO Negotiation Confirmation
frame. Currently, P2P_GO_NEG_CNF_MAX_RETRY_COUNT is set to 1.

While this is not strictly speaking following the P2P specification,
this can improve robustness of GO Negotiation in environments with
interference and also with peer devices that do not behave properly
(e.g., by not remaining awake on the negotiation channel through the
full GO Negotiation).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-11 11:57:05 +03:00
Abhishek Singh
9392c9be7a nl80211: Use LEAVE_IBSS with driver-based-SME
NL80211_CMD_LEAVE_IBSS was used only with wpa_supplicant-based SME.
Extend this to drivers that implement SME internally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-10 19:51:51 +03:00
Jouni Malinen
bb52293e71 OpenSSL: Detect and prevent TLS heartbeat attack
Some OpenSSL versions have vulnerability in TLS heartbeat request
processing. Check the processed message to determine if the attack has
been used and if so, do not send the response to the peer. This does not
prevent the buffer read overflow within OpenSSL, but this prevents the
attacker from receiving the information.

This change is an additional layer of protection if some yet to be
identified paths were to expose this OpenSSL vulnerability. However, the
way OpenSSL is used for EAP-TLS/TTLS/PEAP/FAST in hostapd/wpa_supplicant
was already rejecting the messages before the response goes out and as
such, this additional change is unlikely to be needed to avoid the
issue.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-09 14:58:48 +03:00
Jouni Malinen
1aa6f953bb WNM: Fix neighbor report subelement parser
Only the Neighbor Report element should be included here, so verify that
the element id matches. In addition, verify that each subelement has
valid length before using the data.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:01:55 +03:00
Jouni Malinen
5583b8d1eb Document and rename HT Capability/Operation fields
This makes the definitions match the terminology used in IEEE Std
802.11-2012 and makes it easier to understand how the HT Operation
element subfields are used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 22:45:11 +03:00
Jouni Malinen
1dde5b5cdd Remove PSMP option from ht_capab
This was used to fill in the "PSMP support" subfield that was defined
during P802.11n development. However, this subfield was marked reserved
in the published IEEE Std 802.11n-2009 and it is not supported by
current drivers that use hostapd for SME either. As such, there is not
much point in maintaining this field as ht_capab parameter within
hostapd either.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 22:02:14 +03:00
Amarnath Hullur Subramanyam
4a16a0bd55 nl80211: Add QCA vendor subcmd for NAN
QCA vendor extension is used for NAN functionality. This defines the
subcommand and attribute to address this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 17:13:08 +03:00
Jouni Malinen
dc39004318 WPS: Remove unused WEP related functionality
Now that WPS 2.0 support is enabled unconditionally, WEP and Shared auth
type are not allowed. This made some of the older code unused and that
can now be removed to clean up the implementation. There is still one
place where WEP is allowed for testing purposes: wpa_supplicant as
Registrar trying to configure an AP to use WEP. That is now only allowed
in CONFIG_TESTING_OPTIONS=y builds, though.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 12:31:45 +03:00
Jouni Malinen
9437c2d0ea EAP-pwd peer: Fix fragmentation of PWD-Confirm-Resp
This is somewhat of a corner case since there is no real point in using
so short a fragmentation threshold that it would result in this message
getting fragmented. Anyway, it is better be complete and support this
case as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 00:51:00 +03:00
Jouni Malinen
48f668eecf EAP-pwd: Fix memory leak on error path with fragmentation
If fragmentation is used, the temporary inbuf/outbuf could have been
leaked in error cases (e.g., reaching maximum number of roundtrips).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 00:34:30 +03:00
Jouni Malinen
9ff4de6de4 Move DROP_SA command to be within ifdef CONFIG_TESTING_OPTIONS
This is a test command and has no use in production builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 23:59:31 +03:00
Jouni Malinen
e1a273a61d Remove used KDE addition code from EAPOL-Key msg 4/4
EAPOL-Key msg 4/4 has no specified KDE use, so remove the unused code to
simplify the implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 23:30:16 +03:00
Jouni Malinen
76d3fb1eeb Remove unused wpa_sm_get_param() function
This function was not used anywhere and was not up-to-date with
full tet of parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 20:42:12 +03:00
Jouni Malinen
ed429931a0 TDLS: Add test mode for MIC failure testing
"SET tdls_testing 0x800" can be used to enable a special test mode that
forces the FTIE MIC in TDLS setup messages to be incorrect.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 20:42:12 +03:00
Jouni Malinen
1619e9d512 Interworking: Add ctrl_iface events on cred block modifications
Following events are now sent to ctrl_iface monitors to indicate if
credential blocks have been added, modified, or removed:

CRED-ADDED <id>
CRED-MODIFIED <id> <field>
CRED-REMOVE <id>

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-04 19:10:47 +03:00
Jouni Malinen
21611ea9fd edit: Increase buffer size to 4096 bytes
wpa_supplicant and wpa_cli had already moved to allowing up to 4096 byte
buffer size to be used for control interface commands. This was limited
by the line edit buffer in interactive mode. Increase that limit to
match the other buffers to avoid artificially truncating long commands.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-31 12:30:50 +03:00
Jouni Malinen
1e03c6cb7d XML: Remove forgotten, unused definition of debug_print_func
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-31 12:25:13 +03:00