Commit Graph

1778 Commits

Author SHA1 Message Date
Johannes Berg
b14a210ce2 nl80211: Support GTK rekey offload
Add support to wpa_supplicant for device-based GTK rekeying. In order to
support that, pass the KEK, KCK, and replay counter to the driver, and
handle rekey events that update the latter.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-07-12 21:22:51 +03:00
Jouni Malinen
7aec3776b9 Sync with linux/nl80211.h from wireless-testing.git 2011-07-12 20:53:32 +03:00
Arik Nemtsov
95ab606345 nl80211: Send STA flags to kernel on station addition
Send STA flags to kernel when adding a new station. This ensures
stations are added with up to date flags by kernel drivers.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-07-12 20:28:31 +03:00
Arik Nemtsov
d83ab1fe37 hostapd: Set STA flags when adding a new station
When adding a new station, set the STA flags as part of the sta_add()
command. This ensures the flags are up to date when the station is added
by lower level drivers.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-07-12 20:26:52 +03:00
Hong Wu
715ed737dc FT: Disable PMKSA cache for FT-IEEE8021X
wpa_supplicant uses XXKEY instead of PMK to derive PMK-R0 and PMK-R1 for
FT-IEEE8021X key mgmt.

Signed-off-by: Hong Wu <hong.wu@dspg.com>
2011-07-05 20:49:51 +03:00
Jouni Malinen
cb465555d4 Allow PMKSA caching to be disabled on Authenticator
A new hostapd configuration parameter, disable_pmksa_caching=1, can now
be used to disable PMKSA caching on the Authenticator. This forces the
stations to complete EAP authentication on every association when WPA2
is being used.
2011-07-05 17:13:04 +03:00
Jouni Malinen
4f525d8e5b Move peer certificate wpa_msg() calls to notify.c
This type of wpa_supplicant specific message construction does not need
to be at the EAP implementation, so better move it up to notify.c.
2011-07-05 12:40:37 +03:00
Michael Chang
ade74830b4 Add dbus signal for information about server certification
In general, this patch attemps to extend commit
00468b4650 with dbus support.

This can be used by dbus client to implement subject match text
entry with preset value probed from server. This preset value, if
user accepts it, is remembered and passed to subject_match config
for any future authentication.

Signed-off-by: Michael Chang <mchang@novell.com>
2011-07-05 12:22:32 +03:00
Yogesh Ashok Powar
a3e685a04b hostapd: Clear keys configured when hostapd reloads configuration
Data path is broken when hostapd reloads its configuration
disabling the security which was previously enabled (WEP/WPA),
using kill -1, as old keys were not cleared.

The patch clears the keys configured when hostapd reloads
its configuration.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
2011-07-05 11:39:26 +03:00
Jouni Malinen
235279e777 TLS: Add support for tls_disable_time_checks=1 in client mode
This phase1 parameter for TLS-based EAP methods was already supported
with GnuTLS and this commit extends that support for OpenSSL and the
internal TLS implementation.
2011-07-05 11:29:42 +03:00
Angie Chinchilla
f5fc603251 P2P: Only call dev_lost() for devices that have been dev_found()
Fix a bug with the current dev_found()/dev_lost() usage. Previously
in p2p_device_free() dev_lost() was invoked for devices that had
not been dev_found(). This caused dbus related msgs to stderr like:
"Attempted to unregister path (path[0] = fi path[1] = w1) which isn't
registered"

Signed-off-by: Angie Chinchilla <angie.v.chinchilla@intel.com>
2011-07-04 20:30:16 +03:00
Jouni Malinen
5f310a9e24 nl80211: Process association/disassociation events in AP mode
This allows non-mac80211 drivers that implement AP mode SME/MLME
in firmware or driver to notify hostapd/wpa_supplicant of AP mode
association events.
2011-07-01 18:44:09 +03:00
Jouni Malinen
866af8b6bd nl80211: Allow AP mode to be started without monitor interface
This is in preparation for supporting AP mode with SME/MLME in the
driver/firmware.
2011-06-28 21:59:44 +03:00
Baruch Siach
567afddb69 atheros: Fix glibc 'invalid pointer' error when WPA_TRACE is enabled
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
2011-06-25 15:41:46 +03:00
Jayant Sane
2463ba70e2 P2P: Update listen and operating channel from P2P D-Bus
Some P2PDevice properties were not updated in p2p->cfg structure:
reg_class, channel, op_reg_class, and op_channel. Hence, update p2p->cfg
parameters through p2p core calls in wpas_p2p_update_config().

Signed-off-by: Jean-Michel.Bachot <jean-michelx.bachot@intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
2011-06-25 12:08:43 +03:00
Jayant Sane
6402fc438b P2P: Show P2P peer signal level in D-Bus P2P device properties
Move level parameter from p2p_device to p2p_device_info in order to
expose this information and modify D-Bus P2P handler to return this new
parameter through the P2P device properties.

Signed-off-by: Fabien Marotte <fabienx.marotte@intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
2011-06-23 21:29:10 +03:00
Helmut Schaa
d4744189b7 hostapd: Don't mask out non-symmetric STA HT caps
Previously hostapd just masked the STAs HT caps with its own. However,
some HT caps are not symmetric and as such need to be handled
different.

hostapd shouldn't overwrite the STAs SMPS mode as otherwise the driver
cannot know it has to use RTS/CTS to wake the receiver from dynamic
SMPS for MCS rates > 7.

hostapd shouldn't mask the RX and TX STBC caps with it's own. They are
already handled in a special case below.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2011-06-23 20:18:21 +03:00
Jouni Malinen
56234ee168 Add a copyright and license statement for a radiotap header file
This file is a part of the radiotap parser that Andy Green agreed to
relicense under the BSD license (per email, 11 Aug 2007 07:42:05
+0100). The copyright/license statement was updated in radiotap.c,
but this radiotap_iter.h file was forgotten at that point.
2011-06-23 16:39:26 +03:00
Zhu Yi
c3b0a1c8ad bsd: Fix set_key() sequence number endian issue
In set_key handler, the seq[8] is in little endian order defined by
WPA. BSD kernel uses a u_int64_t value ik_keyrsc to represent it
internally. The kernel expects the native endian order for the value.
Thus, we need to detect the endian order and swap bytes when
necessary.
2011-06-23 15:47:21 +03:00
Jouni Malinen
7cc7307d90 Fix hostapd build without NEED_AP_MLME=y 2011-06-22 21:45:14 +03:00
Jouni Malinen
9e2704c3a2 Add EVENT_RX_ACTION handler for hostapd
This fixes an issue with SA Query Response frames not being processed
anymore after wpa_supplicant started registering a handler for those.
This handler registration is in generic driver_nl80211.c code, so
hostapd uses it, too.
2011-06-21 20:55:46 +03:00
Jouni Malinen
55e632df72 Remove a compiler warning on uninitialized variable
This is not really ever used, but better keep the compiler output
cleaner.
2011-06-21 20:54:17 +03:00
Jouni Malinen
a6efc65ddb nl80211: Add support for driver-based PMKSA cache
Implement PMKSA cache operations add, remove, and flush using nl80211
commands NL80211_CMD_{SET,DEL,FLUSH}_PMKSA to support PMKSA caching
with drivers that select the AP and generate the RSN IE internally.
2011-06-20 10:17:33 +03:00
Jayant Sane
349b213cc8 P2P: Add callback for provision discovery failure
When provision discovery fails, this new callback will be called
so P2P users can react to the failure.

Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-06-12 14:26:22 -07:00
Jayant Sane
6b56cc2d97 P2P: Retry provision discovery requests in IDLE state
Since the peer may not be in Listen state when the provision discovery
request is sent, try to send the request again number of times when in
IDLE state. This was already done when p2p_find is in progress, but this
commit adds retries to the case where no other P2P operations are in
progress.

Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-06-12 14:20:39 -07:00
Jouni Malinen
6b98a33c86 Fix a compiler warning on WPS-AP-without-UPnP builds 2011-05-31 20:11:25 +03:00
Jouni Malinen
38e24575c1 random: Add support for maintaining internal entropy store over restarts
This can be used to avoid rejection of first two 4-way handshakes every
time hostapd (or wpa_supplicant in AP/IBSS mode) is restarted. A new
command line parameter, -e, can now be used to specify an entropy file
that will be used to maintain the needed state.
2011-05-31 20:07:11 +03:00
Jouni Malinen
f07ead6af9 nl80211: Re-order functions to group AP/hostapd specific code
Get rid of separate ifdef/endif blocks for AP specific and hostapd
specific code, i.e., only have one main block of code for each case.
2011-05-27 19:02:04 +03:00
Jouni Malinen
f7b3920c90 nl80211: Enable more AP callbacks for non-hostapd AP mode
Some of these are required for proper functionality (like
get_seqnum); others may not be needed yet, but including them
allows some extra ifdef/endif blocks to be removed.
2011-05-27 18:54:36 +03:00
Eliad Peller
257da77362 nl80211: Implement set_rate_sets for non-hostapd AP case
.set_rate_sets is not defined for non-hostapd, which prevents
configuring basic_rates when working as P2P GO.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-05-27 18:41:46 +03:00
Ken Zhu
41fd1d9e9a atheros: Fix auth_alg configuration for static WEP
When IEEE 802.1X is not enabled, driver_atheros.c needs to know how
to set authentication algorithms for static WEP.
2011-05-20 18:27:53 +03:00
Vinay Adella
86795546f7 WPS UPnP: Fix UPnP initialization for non-bridge case with some drivers
If the driver wrapper is setting up the interface up only at commit(),
UPnP initialization fails. Fix that by moving UPnP setup to happen after
the driver commit() call.
2011-05-19 12:55:47 +03:00
Jouni Malinen
fa5165586f WPS: Add a workaround for Windows 7 capability discovery for PBC
Windows 7 uses incorrect way of figuring out AP's WPS capabilities by
acting as a Registrar and using M1 from the AP. The config methods
attribute in that message is supposed to indicate only the configuration
method supported by the AP in Enrollee role, i.e., to add an external
Registrar. For that case, PBC shall not be used and as such, the
PushButton config method is removed from M1 by default. If pbc_in_m1=1
is included in the configuration file, the PushButton config method is
left in M1 (if included in config_methods parameter) to allow Windows 7
to use PBC instead of PIN (e.g., from a label in the AP).
2011-05-17 19:53:02 +03:00
Ben Greear
60eda5e47d Better messages when channel cannot be used in AP mode
Log messages letting user know that the channel cannot
be used because it is flagged unusable.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-05-16 22:01:11 +03:00
Jouni Malinen
46957a9b2d nl80211: Filter out duplicated BSS table entries from scan results
cfg80211 maintains separate BSS table entries for APs if the same
BSSID,SSID pair is seen on multiple channels. wpa_supplicant does
not use frequency as a separate key in the BSS table, so filter out
duplicated entries. Prefer associated BSS entry in such a case in
order to get the correct frequency into the BSS table.
2011-05-16 19:18:42 +03:00
Jouni Malinen
f5a8d42229 nl80211: Fetch assoc_freq from scan table for connect event
When kernel-based SME is used, use the scan table to find a BSS entry
for the associated AP when processing connected event.
2011-05-16 18:35:42 +03:00
Jouni Malinen
b8281964af Add workaround for race condition with AssocResp TX status
It may take some time for the TX status to be delivered for a
(Re)Association Response frame and if any Data frames are received
during that time, they may end up getting dropped as Class 3 frames in
not-associated state. This results in a Disassociation frame being sent
to the station and it assuming that the association has been lost.

Work around the issue by remembering that the (Re)Association Request
has already been accepted and skip the Deauth/Disassoc sending because
of the possible Class 3 frames before the TX status callback is
received.
2011-04-15 19:26:28 +03:00
Yi Zhu
ca79385ab5 bsd: Add support for setting HT values in IFM_MMASK 2011-04-14 22:22:24 +03:00
Jouni Malinen
fe655a8402 Add sanity checks for fseek and ftell return values
In theory, these calls could fail, but it is not really likely to
happen in practice in the use case here. Anyway, check that they do
not return an error before accepting the length of the file.
2011-04-14 20:22:21 +03:00
Jouni Malinen
c8d88a145b WPS: Fix off-by-one check in vendor extension parsing 2011-04-14 20:02:31 +03:00
Jouni Malinen
35530d1472 driver_test: Check set_ssid len before trying to hexdump the SSID 2011-04-14 19:52:26 +03:00
Jouni Malinen
6e432d3f10 WPS: Use strict validation of (Re)AssocReq only if IEs are known 2011-04-14 02:58:35 +03:00
Jouni Malinen
0bdaa741cd OpenSSL: Use consistent SSL_get_app_data validation in tls_verify_cb
The returned value cannot really be NULL, but better keep this
function consistent on whether the returned value is checked or not.
2011-04-14 02:50:52 +03:00
Jouni Malinen
066608f3ff Avoid theoretical NULL pointer dereference during TLS reassemble
This function does not get called with in_data == NULL in practice, but
it seems to be at least partly prepared for that case, so better make it
consistent by handling the NULL value throughout the function.
2011-04-14 02:45:14 +03:00
Jouni Malinen
b211f3eb71 Add sanity checks to EVENT_RX_PROBE_REQ event data
Both the SA and IEs from the received Probe Request frames must be
included and the Probe Request RX callback functions may assume that
these are not NULL.
2011-04-14 02:39:25 +03:00
Jouni Malinen
2a522e7192 Avoid theoretical NULL pointer dereference from debug code
The change to use wpa_dbg() in wpa_sm_parse_own_wpa_ie() could result
in a NULL pointer dereference if the function were called when WPA
state machine has not been initialized. While this cannot really
happen in practice, it is better to be prepared for that since that
was the case before the wpa_dbg() change.
2011-04-14 02:32:07 +03:00
Jouni Malinen
74727a7b32 Use type cast to get rid of implicit sign extension
The size_t value here can be 64-bit and result in implicit sign
extension. In this particular case, that gets masked out by
host_to_be32(), so there is no practical difference, but it is better
to get rid of the 64-bit variable explicitly.
2011-04-14 01:27:38 +03:00
Jouni Malinen
f8b5f7dc6b TNC: Fix TNC_{TNCC,TNCS}_ReportMessageTypes copy type
The supportedTypes parameter is a list of TNC_MessageType values
and the buffer to be copied should use size of TNC_MessageType, not
TNC_MessageTypeList. In practice, these are of same length on most
platforms, so this is not a critical issue, but anyway, the correct
type should be used.
2011-04-13 23:10:21 +03:00
Jouni Malinen
a04bf77209 TDLS: Validate FTIE length before processing it
This avoids reading past the end of the IE buffer should the FTIE
be too short. In addition, one debug hexdump was using uninitialized
pointer to the FTIE buffer, so fixed it to use the pointer from the
parse data.
2011-04-13 22:14:22 +03:00
Yi Zhu
d4a747f006 bsd: Fix buffer size for routing socket with IPv6 disabled
AF_INET6 is not always enabled by default, so use AF_INET instead. In
addition, use the old fixed length, 2048, as a failover value if the
sysctl fails for any reason.
2011-04-12 23:09:14 +03:00
Jouni Malinen
df13a1cdff Fix WPS AP mode regression
Commit 03d3f28a69 broke initialization of
EAPOL authenticator state machines since an error value from
wpa_auth_sta_key_mgmt() (-1) was not handled properly and the fixed
wpa_key_mgmt_wpa_psk() identified the value as a PSK-based AKM because
of all bits being set to 1. The special error value needs to handled
separately to avoid skipping EAPOL state machine initialization.
2011-04-11 19:22:49 +03:00
Adam Kent
4bb3377bc5 Fix #ifdef check for older openssl versions
Small compile fix for older versions of openssl that do not have SHA256
support and hence do not define OPENSSL_NO_SHA256.
2011-04-11 18:37:12 +03:00
Per Ekman
0b04889f0d Remove references to time_t/time()/random()
Replace direct calls in AP mode code with os_*() wrappers.
2011-04-11 18:33:48 +03:00
Jouni Malinen
03d3f28a69 Fix wpa_key_mgmt_*() helper functions to handle multiple bits
These can be used in some cases with a bitfield having multiple
AKMs enabled (e.g., WPA-PSK and WPA-PSK-SHA256). Address those
cases by checking whether any of the matching AKM are included.
2011-04-08 19:11:54 +03:00
Mahesh Palivela
a1ca02927a atheros: Add support for IEEE 802.11w configuration 2011-04-08 12:06:27 +03:00
Jouni Malinen
3f3602386e nl80211: Add support for auth_alg auto-selection with connect command
When the SME is in the driver or cfg80211, the automatic selection
of auth_alg is done by leaving out the NL80211_ATTR_AUTH_TYPE
attribute from the NL80211_CMD_CONNECT command.
2011-04-07 14:53:40 +03:00
Jouni Malinen
d332e7083c TDLS: Disable teardown MIC validation workaround
This MIC is required to be correct if the keys are set, so reject
the message if it does not have a valid MIC.
2011-04-07 14:48:46 +03:00
Jouni Malinen
d9040cdb10 Fix a typo in a MIB variable in hostapd ctrl_interface 2011-04-05 01:21:27 +03:00
Felix Fietkau
4378fc14eb nl80211: Send EAPOL frames as QoS data frames for QoS aware clients
This should fix EAPOL reauthentication and rekeying timeout issues
with Intel clients when using WMM (e.g., with IEEE 802.11n). These
stations do not seem to be able to handle EAPOL data frames as
non-QoS Data frames after the initial setup.

This adds STA flags to hapd_send_eapol() driver op to allow
driver_nl80211.c to mark the EAPOL frames as QoS Data frame
when injecting it through the monitor interface.
2011-04-02 22:03:05 +03:00
Paul Stewart
1c5c7273f5 driver: Function to directly poll signal quality
This provides a means for the supplicant to directly request signal
quality metrics from the driver. This is useful, for example for
background scan algorithms that might ask desire this information
out-of-band with CQM events.

Signed-off-by: Paul Stewart <pstew@google.com>
2011-03-31 17:56:48 +03:00
Eliad Peller
72863ea7c6 P2P: add a missing 'return' after building IE from an empty string
When building IE from an empty string and CONFIG_WPS_STRICT is
not defined, redundant 2 bytes are being added to the string.

We have to return right after building the "dummy" string.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-03-30 17:08:42 +03:00
Jouni Malinen
e4bf4db907 Work around SNonce updates on EAPOL-Key 1/4 retransmission
Some deployed supplicants update their SNonce for every receive
EAPOL-Key message 1/4 even when these messages happen during the
same 4-way handshake. Furthermore, some of these supplicants fail
to use the first SNonce that they sent and derive an incorrect PTK
using another SNonce that does not match with what the authenticator
is using from the first received message 2/4. This results in
failed 4-way handshake whenever the EAPOL-Key 1/4 retransmission
timeout is reached. The timeout for the first retry is fixed to
100 ms in the IEEE 802.11 standard and that seems to be short
enough to make it difficult for some stations to get the response
out before retransmission.

Work around this issue by increasing the initial EAPOL-Key 1/4
timeout by 1000 ms (i.e., total timeout of 1100 ms) if the station
acknowledges reception of the EAPOL-Key frame. If the driver does
not indicate TX status for EAPOL frames, use longer initial
timeout (1000 ms) unconditionally.
2011-03-29 17:39:12 +03:00
Jouni Malinen
2fee890af7 Add driver capa flag for EAPOL TX status and store capa in hostapd 2011-03-29 17:36:06 +03:00
Jouni Malinen
b67d0d9e4b P2P: Store more WPS attributes for peers
Store Manufacturer, Model Name, Model Number, and Serial Number
attributes for P2P peers and expose these through the existing
peer information mechanisms.
2011-03-28 15:27:10 +03:00
Jouni Malinen
b6e0180035 P2P: Add more WPS attributes into Listen state Probe Response
Configure more WPS attributes in the P2P module and use them
when generating WSC IE for Probe Response frames in Listen state.
2011-03-28 15:24:12 +03:00
Jouni Malinen
b8f64582e3 TDLS: Allow TDLS to be disabled at runtime for testing purposes
Control interface command 'SET tdls_disabled <1/0>' can now be used
to disable/enable TDLS at runtime. This is mainly for testing
purposes.
2011-03-24 20:44:17 +02:00
Jouni Malinen
21bdbe38be nl80211: Implement deauth for IBSS as leave IBSS command 2011-03-23 21:15:22 +02:00
Jouni Malinen
3c183894d4 Make GKeyDoneStations counting able to recover from mismatches
Previously, a bug in GKeyDoneStations count would remain in effect
until the authenticator is restarted. Make this more robust by
clearing the station count before each rekeying setup. While this
is not really supposed to be needed, there has been bugs in this
area in the past and it is safer to make the implementation recover
from such an issue automatically.
2011-03-23 17:06:17 +02:00
Jouni Malinen
2ade8ef296 Decrement GKeyDoneStations in WPA authenticator when STA is freed
If the STA to be freed is still included in GKeyDoneStations count,
decrement the count when the STA is freed. This does not happen in
AP mode since there is enough time to go through the authenticator
state machine to clear the STA. However, in the current RSN IBSS
implementation, the authenticator state for the STA is freed in a
way that does not allow the state machine to go through the clearing.
To address this, make sure that wpa_free_sta_sm() decrements the
GKeyDoneStations count if the STA happened to be in the process of
GTK rekeying.
2011-03-23 17:00:18 +02:00
Jouni Malinen
ef985058f4 nl80211: Use NL80211_CMD_DEL_STATION event to indicate IBSS peer loss 2011-03-23 15:32:55 +02:00
Jouni Malinen
d47fa330b8 random: Read /dev/random in the background with eloop read socket
This makes it more likely to be able to fetch the 20 octet seed from
/dev/random in cases where other programs may also be competing for
this.
2011-03-22 23:15:00 +02:00
Johannes Berg
c4bb881743 nl80211: Do not add interface to the global list in case of failure
This avoids leaving a freed interface on the global list in case
driver initialization fails.
2011-03-22 15:52:04 +02:00
Jouni Malinen
cd9fc7869a hostapd: Add testing mode for RSN element extensions
CFLAGS += -DCONFIG_RSN_TESTING in .config and rsn_testing=1 in
hostapd.conf can now be used to enable a testing mode that adds
extensions to RSN element. This can be used to check whether
station implementations are incompatible with future extensions
to the RSN element.
2011-03-21 13:59:05 +02:00
Sam Leffler
3e1996216e Add support for setting the syslog facility from the config file
This enables setting the syslog facility at build time.
2011-03-20 11:48:42 +02:00
Johannes Berg
c76e5d7f9b wpa_s AP mode: complete only when setup is complete
The AP code might, currently only in the case of HT40, defer actual
enabling to after a scan. In this case, the wpa_s AP code gets confused.
Add a callback for it to use and make it use it to finish only when the
setup has actually completed.

With appropriate hacks in place this allows using HT40 in P2P mode.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-19 13:11:15 +02:00
Jean-Michel Bachot
046ef4aa67 P2P: Add option for requested device type in P2P search/scan
With this, p2p_find can be extended to find certain requested device
types.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-19 12:57:46 +02:00
Jouni Malinen
10c5d2a593 P2P: Use a single define for max number of vendor extensions 2011-03-19 12:22:24 +02:00
Jean-Michel Bachot
6f2c060711 P2P: Keep track of peer WPS vendor extensions
Make the P2P code keep track of WPS vendor extensions received from
peers so they can be exposed via DBus later.

Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-19 12:22:21 +02:00
Jean-Michel Bachot
f95cac271b P2P: Allow adding of WPS vendor extension attributes
This adds the ability to add WPS vendor extension attributes in P2P
frames, like GO Negotiation and Probe Response frames.

Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-19 12:22:18 +02:00
Jean-Michel Bachot
4028a7fd43 WPS: Add support for adding WPS Vendor Extensions
This adds the ability to add WPS vendor extensions to an AP (or GO).
They will be added to the WSC IE(s) in Beacon and Probe Response frames.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-19 12:22:16 +02:00
Jouni Malinen
f3cb52fb90 WPS: Move P2P extension generation for WSC IE in Beacon frames
This cleans up debug log by keeping the WSC IE attributes for Beacon
frames before starting to build the Probe Response frame.
2011-03-19 12:22:09 +02:00
Xi Chen
ea244d2156 IBSS RSN: Clear IBSS RSN peers based on peer lost events 2011-03-18 17:04:46 +02:00
Johannes Berg
2f646b6e83 WPS: Store (secondary) device type as binary
Instead of converting back and forth from the string representation,
always use the binary representation internally.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-17 18:50:22 +02:00
Jouni Malinen
f2b3c6bc9c WPS: Add more debug information to PBC session overlap check 2011-03-17 18:04:56 +02:00
Jouni Malinen
0439b08d3d WPS: Fix active PBC session removal to ignore MAC address
Use only the UUID-E to remove active PBC session(s) at the completion of
successful PBC protocol run. This fixes potential issues with Enrollees
that use multiple MAC addresses and as such, can get multiple entries in
the PBC session list.
2011-03-17 18:03:20 +02:00
Jean-Michel Bachot
e57ae6e19e P2P: Keep track of secondary device types for peers
Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-17 11:45:46 +02:00
Jean-Michel Bachot
8e8c0df158 P2P: Add Secondary Device Type list in Probe Response frames
Add Secondary Device Type List attribute in WSC IE for P2P
Probe Response frames if one or more secondary device types
are configured.

Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-17 11:16:23 +02:00
Jean-Michel Bachot
a9e86bfb74 WPS: Add secondary device types into Probe Request frames
The secondary device type list is an optional attribute in the WSC IE.

Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-17 11:09:49 +02:00
Johannes Berg
ee7ab173c7 nl80211: Implement deauth/disassoc for non-HOSTAPD case
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-16 16:11:05 +02:00
Helmut Schaa
4f6bd86d07 hostapd: Don't force HT Mixed Mode for non-GF STAs
Currently hostapd will force HT Mixed Mode if at least one non-GF STA is
associated. This will force _all_ HT transmissions to be protected.

802.11n-2009 doesn't require HT Mixed Mode to be used in case of non-GF
STAs but instead the HT information element contains a flag if non-GF
STAs are present. All STAs are required to protect GF transmissions in
that case. Hence, setting HT Mixed mode if non-GF STAs are present is
superfluous.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2011-03-16 11:56:39 +02:00
Sujith Manoharan
ec2b890981 HT: Skip ht_capab validation if ieee80211n=0
There is no point in running through the 40 MHz scan if HT is
actually disabled regardless of whether the ht_capab parameter
is set.
2011-03-16 11:22:40 +02:00
Dmitry Shmidt
c6a3a11048 Check select() return value in wpa_ctrl_request()
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-03-15 15:54:21 +02:00
Paul Stewart
cf83fb0b5b wpa_supplicant: Add wpa_supplicant_get_eap_mode method
Signed-off-by: Paul Stewart <pstew@google.com>
2011-03-15 13:53:08 +02:00
Paul Stewart
c83e2e1c45 eapol_supp: Request EAP method from EAP state machine
Signed-off-by: Paul Stewart <pstew@google.com>
2011-03-15 13:49:26 +02:00
Paul Stewart
8813e4d57e eap_peer: Add method to return current method name
If there is an active EAP method, return its name.

Signed-off-by: Paul Stewart <pstew@google.com>
2011-03-15 13:47:33 +02:00
Jouni Malinen
e17a2477db nl80211: Extend bridge add/del operations for secondary BSSes
Previously, only the main interface was added to a bridge. Extend this
to apply to all configured BSSes.
2011-03-15 13:02:49 +02:00
Ken Zhu
7099861e4e atheros: Fix default TX key index setting for WEP 2011-03-11 17:55:43 +02:00
Jouni Malinen
61fbd3df04 Fix couple of typos in comments 2011-03-11 12:12:36 +02:00
Chao-Wen Yang
3152ff421e WPS: Indicate PBC session overlap in wps_pbc return value
Use a specific return value, WPS-PBC-OVERLAP, to indicate a reason
for rejecting a wps_pbc command in wpa_supplicant AP mode if the
PBC mode cannot be started due to PBC session overlap having been
detected during monitor time.
2011-03-10 18:59:51 +02:00
Jouni Malinen
3cc002ff97 WPS: Ignore PBC session overlap if a specific Enrollee is selected
This allows the user to complete WPS provisioning using PBC by
selected a specific Enrollee even if there are other Enrollees
in active PBC mode at the same time. The other Enrollees will be
rejected should they try to connect at the same time.
2011-03-10 18:51:00 +02:00
Jouni Malinen
80e75578c4 WPS: Show the received UUID-E from Probe Request in debug log
This makes it easier to debug PBC session overlap issues.
2011-03-10 18:38:16 +02:00
Jouni Malinen
b0dc4155c3 WPS: Use only UUID-E in PBC session overlap detection on Registrar
Ignore possible mismatches in the source address of the frame and only
use UUID-E to check whether a Probe Request or M1 is from the same
Enrollee when figuring out whether there is PBC session overlap. This
is needed to avoid potential issues with Enrollee devices that may have
multiple interfaces indicating active PBC state.
2011-03-10 18:33:53 +02:00
Jouni Malinen
b8fb017272 TDLS: Add tdls_testing 0x400 for ignoring AP prohibit TDLS 2011-03-06 14:54:52 +02:00
Jouni Malinen
52c9e6f3f5 TDLS: Do not allow setup to be started if AP prohibits TDLS 2011-03-06 14:54:49 +02:00
Jouni Malinen
fb12d186b6 TDLS: Add tdls_testing 0x200 for declining TDLS Setup Response 2011-03-06 14:54:47 +02:00
Jouni Malinen
94377fbc52 TDLS: Allow wpa_cli tdls_setup to start renegotiation
If there is already a link the requested peer, request start of
renegotiation instead of completely new link. This seems to be needed
to allow some driver to accept the trigger for a new negotiation.
2011-03-06 14:54:44 +02:00
Jouni Malinen
ad79dba127 TDLS: Add testing mode for disabling TPK expiration
tdls_testing 0x104 can now be used to disable expiration of TPK
(0x100) and to use a short lifetime when initiating link (0x4).
2011-03-06 14:54:41 +02:00
Jouni Malinen
0c4268eb27 TDLS: Add testing code for concurrent initiation
tdls_testing 0x80 can now be used to request wpa_supplicant to send
a TDLS Setup Request frame (i.e., try to initiate TDLS setup)
whenever a TDLS Setup Request frame has been received from a peer.
2011-03-06 14:54:39 +02:00
Jouni Malinen
43291b683c TDLS: Fix higher/lower MAC address check for concurrent init
The logic here was reversed: the STA with lower MAC address is the
one that continues as the initiator.
2011-03-06 14:54:36 +02:00
Jouni Malinen
a8b2c2d657 TDLS: Tear down old link when receiving TDLS Setup Request 2011-03-06 14:54:34 +02:00
Jouni Malinen
2a469a6b56 TDLS: Add tdls_testing flag (bit 6) for testing long TPK lifetime 2011-03-06 14:54:32 +02:00
Jouni Malinen
1c0b2ad1ce TDLS: Use more thorough validation of TPK handshake 2011-03-06 14:54:29 +02:00
Jouni Malinen
f0bfbe2a6c TDLS: Replace os_memset() of all peer data with safer approach
Blindly clearing all struct wpa_tdls_peer members is a risky
operation since it could easily clear pointers to allocated
memory, etc. information that really should not be removed.
Instead of hoping that new code gets added here to restore
the important variables, reverse the approach and only clear
structure members one by one when needed.
2011-03-06 14:54:27 +02:00
Jouni Malinen
c61f3e5544 TDLS: Remove unnecessary storing of Link ID IE in peer data 2011-03-06 14:54:24 +02:00
Jouni Malinen
3f466ec9e3 TDLS: Fix terminology to match with IEEE 802.11z 2011-03-06 14:54:22 +02:00
Jouni Malinen
a4c3e4b194 TDLS: Move TPK M1 sending to a separate function
Now all there TPK handshake messages are sent in similar functions
and are easier to find from the source code.
2011-03-06 14:54:20 +02:00
Jouni Malinen
2e1d335e44 TDLS: Allow unencrypted network negotiation through wpa_supplicant
This allows the same code path to be used for both protected and
unprotected configurations to limit need for duplicated code in
both the driver and wpa_supplicant.
2011-03-06 14:54:18 +02:00
Jouni Malinen
9fe6e4b4db TDLS: Clean up and fix Key Lifetime processing
This adds code for validating that the same Key Lifetime is used
throughout TPK handshake and enables TPK lifetime expiration and
renewal/teardown. These part seem to be working, but the actual
handling of TDLS Setup Confirm and renewal are not fully
functional yet.
2011-03-06 14:54:16 +02:00
Jouni Malinen
6b192bc346 TDLS: Add new testing modes for TPK lifetime testing
tdls_testing bits:
bit 3 = use short TPK lifetime (301 seconds)
bit 4 = use wrong TPK lifetime in TDLS Setup Response
bit 5 = use wrong TPK lifetime in TDLS Setup Confirm
2011-03-06 14:54:01 +02:00
Jouni Malinen
40cf22e6ff TDLS: Clear peer entries on association/disassociation
Since the TDLS links are allowed only to STAs that are in the same
BSS with us, clear all peer data whenever the BSS may have changed.
2011-03-06 14:53:58 +02:00
Jouni Malinen
5b0e6ece54 TDLS: Add a special testing feature for changing TDLS behavior
These special test cases can be configured at run time with "wpa_cli
tdls_testing <value>" where <value> is an integer (either as a decimal
or as a hex value with 0x prefix) bitmap of special features with
following bits available at this point:
bit 0 = long frame (add dummy subelement to make FTIE very long)
bit 1 = use alternative RSN IE (different RSN capab value and no extra
replay counters)
bit 2 = send incorrect BSSID in Link Identifier of TDLS Setup Request
(e.g., 1 = long FTIE, 2 = different RSN IE, 3 = both of those)

This is disabled by default and can be enabled for the build by
adding the following line to .config:
CFLAGS += -DCONFIG_TDLS_TESTING
2011-03-06 14:53:54 +02:00
Ganesh Prasadh
281ff0aa76 TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010) 2011-03-06 14:53:49 +02:00
Jouni Malinen
23ab8e863f Clear PeerKey pointer on deinit 2011-03-06 14:52:52 +02:00
Shan Palanisamy
a4dc6e1934 atheros: Add support for setting RSN/WPS IEs in Beacon/Probe Resp 2011-03-06 14:31:59 +02:00
Shan Palanisamy
39b08b5fc0 Indicate assoc vs. reassoc in association event
This allows driver wrappers to indicate whether the association was
done using Association Request/Response or with Reassociation
Request/Response frames.
2011-03-06 14:31:46 +02:00
Shan Palanisamy
d7956add9c FT: Make FT-over-DS configurable (hostapd.conf ft_over_ds=0/1) 2011-03-06 14:31:42 +02:00
Jouni Malinen
c0647147c1 Add defines for Valgrind client requests
CFLAGS += -DCONFIG_VALGRIND can now be used to enable support for
Valgrind client requests to help in removing some non-issues from
Valgrind reports. This is mainly aimed at allowing unknown ioctl
results to be marked as defined data.
2011-03-06 14:31:26 +02:00
Jouni Malinen
0fa0ad4e17 eloop: Fix integer overflow in long timeouts
If the os_time_t variable used for the expiration time (seconds)
overflows when the registered timeout value is being added,
assume that the event would happen after an infinite time, i.e.,
would not really happen in practice. This fixes issues with
long key timeouts getting converted to immediate expiration due
to the overflow.
2011-03-06 14:31:20 +02:00
Dmitry Shmidt
9fc6aa9f95 Add Android make files for hostapd and wpa_supplicant 2011-02-27 19:19:43 +02:00
Iain Hibbert
8ce58ceb25 Avoid preprocessor directives in macro arguments
os_snprintf() can be a preprocessor macro and according to
C99 (6.10.3 clause 11) the results of having preprocessor directives
inside the macro arguments is undefined.
2011-02-27 18:59:26 +02:00
Jouni Malinen
73304dbf65 Allow client control socket location to be overridden
Build options can now be used to replace the location of client
sockets for UNIX domain socket control interface:

CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/tmp\"
CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_PREFIX=\"wpa_ctrl_\"
2011-02-27 18:35:33 +02:00
Dmitry Shmidt
b3f3865e0e Use Android reserved namespace for control interface
On Android, use a special reserved namespace for the UNIX domain
socket.
2011-02-27 18:19:17 +02:00
Dmitry Shmidt
1480633f96 Use longer timeout in wpa_ctrl_request()
Wait longer for control interface response from wpa_supplicant to
avoid issues with some drivers that have long blocking operations.
2011-02-27 17:08:15 +02:00
Dmitry Shmidt
36fde1e79c Make wpa_ctrl_close() handle unopened connection 2011-02-27 17:07:07 +02:00
Masashi Honma
28878f8b0e bsd: Use correct size for routing socket
The buffer size for routing socket is fixed to 2048.
This patch fix it to obtain the size from OS.

This patch worked on x86 platform with NetBSD 5.0.2.
2011-02-27 14:01:39 +02:00
Dmitry Shmidt
4e2ead7a72 Add wpa_supplicant state change event for Android network manager
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-02-26 13:20:16 +02:00
Dmitry Shmidt
2a0cd0670b OpenSSL: Add access to Android certificates
This allows keystore:// prefix to be used with client_cert and
private_key configuration parameters.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-02-26 12:08:20 +02:00
Dmitry Shmidt
193f439a8c Add CONFIG_ANDROID_LOG support
This makes wpa_printf() calls use __android_log_vprint(). In addition,
hexdumps are commented out.
2011-02-25 16:44:34 +02:00
Dmitry Shmidt
1a13534f17 Change executable permissions for Android
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-02-25 16:21:18 +02:00
Jouni Malinen
c4d4aebe69 wext: Do not include typedefs for Android build
Android build gets __u32 and friends from
bionic/libc/kernel/arch-x86/asm/types.h and having the typedefs here
causes redefinition errors.
2011-02-25 13:36:17 +02:00
Jouni Malinen
47c64bfcc7 wext: Sync with linux/wireless.h from wireless-testing.git
This updates the Linux wireless extensions header file to be based
on the latest version (22).
2011-02-25 13:29:52 +02:00
Johannes Berg
56eeb8f299 P2P: Add method to signal lost device
This signal is used to notify users of the P2P
state machine or wpa_supplicant of lost devices.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-24 22:22:16 +02:00
Johannes Berg
c165d81eea P2P: Add p2p_get_peer_found to get peer info
This will only retrieve information about peers that have been fully
discovered, not peers that are only half-discovered based on their Probe
Request frames.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-24 22:05:22 +02:00
Johannes Berg
8fd7dc1b1c P2P: Add new_device flag to dev_found callback
The DBus code will want to have perfect matching of dev_found and the
dev_lost it adds so it doesn't need to keep track internally. Enable
that with a new flag in the core that tracks whether we have already
notified about this -- the existing users can ignore it.

The part where this is always set to 1 if the new device is discovered
by a driver that has P2P in the driver is buggy -- the driver should
feed the P2P peer database and then that should feed the notification
here instead.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-24 21:59:58 +02:00
Konguraj(Raj) Kulanthaivel
c5db8e5170 P2P: Embed publically visible struct in peer info
This embeds some information about each P2P peer that will be publically
visible in a struct that is shared.

The dev_found notification function is also passed the new struct, which
requires some work for the driver-based P2P management.

Signed-off-by: Konguraj(Raj) Kulanthaivel <konguraj.kulanthaivel@intel.com>
Signed-off-by: Fabien Marotte <fabienx.marotte@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-24 21:51:17 +02:00
Helmut Schaa
e926bcffd8 hostapd: Inherit correct MAC address for AP VLAN interfaces
When using multiple vifs and dynamic vlan tagging is enabled on any
interface, the created AP VLAN interfaces get the BSSID of the first
AP mode interface instead of the BSSID of the corresponding AP mode
interface.

Example:

wlan0 - xx:xx:xx:xx:x0
wlan1 - xx:xx:xx:xx:x1

Assume a STA connects to the AP interface wlan1 and gets a dynamic
VLAN tag 100 assigned by the RADIUS server. Hostapd will create an AP
VLAN interface wlan1.100 but doesn't set an address for this interface
which results in wlan1.100 getting the same address as wlan0:

wlan1.100 - xx:xx:xx:xx:x0

As a result the STA that was moved to wlan1.100 isn't able to finish its
4-way handshake since mac80211 won't pass its frames to wlan1.100 due to
the different address.

To fix this issue make use of the address of the AP interface when
creating an AP VLAN interface.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2011-02-24 21:25:40 +02:00
Ben Greear
24d75245bd AP: Update logging related to inactivity and disassociation
Add MAC addresses for stations and use wpa_msg instead of printf
methods to make it easier to grep logs and find messages for the
station in question.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-24 17:44:45 +02:00
Ben Greear
1aae01fc04 Add more wpa_auth debugging messages 2011-02-24 17:35:59 +02:00
Jouni Malinen
effab86ff2 Remove unneeded OpenSSL error messages from key/cert parsing
If parsing of the certificate or private key succeeds using any of
the tried encoding types, clear the OpenSSL error queue without
showing the pending errors in debug log since they do not really
provide any useful output and can be confusing.
2011-02-22 22:19:55 +02:00
Raghunathan Kailasanathan
58708b3bd1 nl80211: Use nl_atype() from libnl
libnl provides nla_type() which can be used to derive nla_type from
struct nlattr.
2011-02-22 21:48:49 +02:00
Guy Eilam
e4ac6417c7 utils: Corrected a typo in header's name definition
Corrected a typo in the BASE64_H definition that
might cause the header file to be included more than once.

Signed-off-by: Guy Eilam <guy@wizery.com>
2011-02-21 22:44:46 +02:00
Christian Lamparter
6fc34d9fe5 Increase internal TLSs client key exchange buffer
This patch fixes a problem I had when I tried to connect
an embedded system [wpa_supplicant, CONFIG_TLS=internal]
to my TLS secured network.

TLSv1: Send CertificateVerify
TLSv1: CertificateVerify hash - hexdump(len=36): ha .. ha
PKCS #1: pkcs1_generate_encryption_block - Invalid buffer lengths \
                        (modlen=512 outlen=454 inlen=36)

It turned out that a fixed 1000 byte message buffer was just
a little bit too small for the 4096 bit RSA certificates
I'm using.

Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
2011-02-21 18:25:34 +02:00
Helmut Schaa
f39b07d7ed hostapd: Allow coexistance of HT BSSes with WEP/TKIP BSSes
In multi BSS setups it wasn't possible to set up an HT BSS in
conjunction with a WEP/TKIP BSS. HT needed to be turned off entirely
to allow WEP/TKIP BSSes to be used.

In order to allow HT BSSes to coexist with non-HT WEP/TKIP BSSes add a
new BSS conf attribute "disable_11n" which disables HT capabilities on a
single BSS by suppressing HT IEs in the beacon and probe response
frames. Furthermore, mark all STAs associated to a WEP/TKIP BSS as
non-HT STAs. The disable_11n parameter is used internally; no new entry
is parsed from hostapd.conf.

This allows a non-HT WEP/TKIP BSS to coexist with a HT BSS without
having to disable HT mode entirely. Nevertheless, all STAs associated to
the WEP/TKIP BSS will only be served as if they were non-HT STAs.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2011-02-21 17:27:16 +02:00
Jouni Malinen
55bce124e5 FT: Fix FT-EAP to set EAPOL Authenticator into authenticated state
This is needed to avoid the EAPOL Authenticator from trying to start
new authentication when FT protocol is used. [Bug 384]
2011-02-20 21:56:56 +02:00
Jouni Malinen
7e0318505c FT: Specify source MAC address for RRB messages
Use l2_packet with Ethernet header included so that the source
address for RRB packets can be forced to be the local BSSID. This
fixes problems where unexpected bridge interface address may end
up getting used and the recipient of the frame dropping it as
unknown R0KH/R1KH.
2011-02-20 17:50:11 +02:00
Jouni Malinen
6603a96602 Flush STA entries in hostapd when clearing STAs from kernel
This is needed to keep kernel and hostapd in sync. In addition,
the obsolete entry in hostapd prevented use of Deauthentication
or Disassociation frame with reason code 6/7 mechanism to indicate
to the STA that there is no association if the STA missed the
broadcast Deauthentication frame for any reason.
2011-02-10 22:31:32 +02:00
Jouni Malinen
e3e52e364e hostapd: Fix RADIUS client configuration update on reconfig
The internal pointer to RADIUS client configuration needs to be
updated whenever a new hostapd configuration is loaded. Without
this, freed memory may be dereferenced and this can result in
segmentation faults.
2011-02-10 22:12:29 +02:00
Jouni Malinen
810f08bab4 Make sure reserved field in WMM IE is set to 0
This was previously left uninitialized for Beacon frames and could
potentially have any value.
2011-02-10 22:10:40 +02:00
Jouni Malinen
50b16da13f Fix CONFIG_NO_STDOUT_DEBUG=y build 2011-02-10 20:24:06 +02:00
Ben Greear
f049052b9e Use wpa_msg() instead of wpa_printf()
This converts number of debugging messages to use wpa_msg() in order
to allow the interface name to be shown with the messages.

A new function, wpa_dbg(), is introduced to allow
CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is
otherwise identical with wpa_msg(), but it gets compiled out if stdout
debugging is disabled.
2011-02-10 20:14:46 +02:00
Jouni Malinen
2944824315 hostapd: Add require_ht configuration parameter
This can be used to configure hostapd to reject association with
any station that does not support HT PHY.
2011-02-09 15:08:47 +02:00
Jouni Malinen
e67b55fb11 wpa_s AP: Deliver EVENT_RX_PROBE_REQ events to AP processing
This is needed to allows WPS PBC session overlap detection to work
with drivers that process Probe Request frames internally. This
code is is run in hostapd, but the wpa_supplicant AP mode did not
have call to the hostapd_probe_req_rx() function even though it
registered handlers for hostapd Probe Request RX callbacks.
2011-02-08 14:32:35 +02:00
Jouni Malinen
d601247ca9 P2P: Allow WPS_PBC command on GO to select on P2P Device Address
An optional parameter, p2p_dev_addr, can now be given to WPS_PBC
command on P2P GO to indicate that only the P2P device with the
specified P2P Device Address is allowed to connect using PBC. If
any other device tries to use PBC, a session overlap is indicated
and the negotiation is rejected with M2D. The command format for
specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g.,
WPS_PBC p2p_dev_addr=02:03:04:05:06:07

In addition, show the PBC session overlap indication as a WPS failure
event on an AP/GO interface. This particular new case shows up as
"WPS-FAIL msg=4 config_error=12".
2011-02-07 18:28:36 +02:00
Ben Greear
4f1495aefa Add interface name to wpa_msg() output
This makes log files much more readable if multiple interfaces
are being controlled by the same process. The interface name is
added to stdout/file/syslog entries, but not to the messages
sent to control interface monitors to avoid issues with parsing
in external programs.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-06 20:39:34 +02:00
Ben Greear
ac6912b5d1 wpa_supplicant: Support 'relog' command to re-open log files
This allows rolling log files:

mv log.txt log.txt.1
wpa_cli relog

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-06 20:15:19 +02:00
Johannes Berg
0c11c63375 util: Add compact MAC address formatting/parsing
The P2P DBus interface will use addresses for
DBus paths, and uses them without any separators.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 17:11:00 +02:00
Johannes Berg
0661eed204 AP: Add callback for STA authorized transitions
Add a callback for station's authorized transitions
to allow wpa_supplicant to emit events in DBus.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 16:56:59 +02:00
Johannes Berg
6905dcb1e0 AP: Introduce sta authorized wrappers
To enable making state change notifications on the WLAN_STA_AUTHORIZED
flag, introduce ap_sta_set_authorized(), and to reduce use of the flag
itself also add a wrapper for testing the flag: ap_sta_is_authorized().

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 16:52:32 +02:00
Johannes Berg
89e07afb2c nl80211: Use max_remain_on_chan data from nl80211
If the driver advertises max_remain_on_chan data, use it instead of
the hardcoded value of 5000. Keep the default at 5000 since that is the
value used by earlier versions of cfg80211/mac80211 and not advertised
in nl80211 for those.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-01 18:18:32 +02:00
Eliad Peller
f14f5141a0 nl80211: Remove excessive nl80211_set_mode() call
When authenticating, and the interface type is not already
NL80211_IFTYPE_STATION, we need to call wpa_driver_nl80211_set_mode()
only once. Remove the excessive call.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-02-01 16:38:38 +02:00
Jouni Malinen
7615078caf AP: Make sure ieee80211n_allowed_ht40_channel_pair() gets called
We need to call this function after having completed the neighboring
channel scan to figure out whether HT40 can be used and if so, which
channel is the secondary channel.
2011-02-01 16:09:26 +02:00
Nishant Sarmukadam
1b4d379366 AP: Ensure ieee80211n_supported_ht_capab() gets called to check ht caps
ieee80211n_supported_ht_capab is called after ieee80211n_check_40mhz in
function hostapd_check_ht_capab. ieee80211n_check_40mhz can return 1 in
a valid scenario where the initialization is completed in a callback. In
this case ieee80211n_supported_ht_capab is skipped and hostapd does not
check the ht capabilities reported by the driver. Fix this issue making
sure ieee80211n_supported_ht_capab gets called.

Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
2011-02-01 16:04:59 +02:00
Johannes Berg
d2da224948 AP: Enable WMM with default parameters by default for HT
If WMM is not disabled explicitly (wmm_enabled=0 in hostapd.conf),
enable WMM automatically whenever HT (ieee80211n) is enabled. Use
the default WMM parameters for AP TX queues and the EDCA parameters
advertised for stations in WMM IE if no overriding values are
included in the configuration.
2011-02-01 14:34:12 +02:00
Johannes Berg
9f51b11395 nl80211: use P2P interface types
We can use the P2P interface types to check if the driver supports P2P
and to tell the kernel that a given interface is going to be used for
P2P (when it is created).

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-01-31 21:49:48 +02:00
Jouni Malinen
df077c6262 Remove obsolete drivers wrappers: atmel, ndiswrapper, ipw, hermes
There is no real reason to maintain these in the current development
branch anymore. If someone really needs support for the obsolete
driver interfaces, these can be found in older wpa_supplicant
branches.

driver_atmel.c
- vendor-specific interface for ATMEL AT76C5XXx cards
- for some old out-of-tree driver; not for the upstream atmel*
  drivers

driver_ndiswrapper.c
- vendor-specific interface for an out-of-tree driver
- ndiswrapper should work with driver_wext.c, too

driver_ipw.c
- vendor-specific interface for old ipw2100/2200 driver
- the upstream driver works with driver_wext.c (and does not work
  with the old interface)

driver_hermes.c
- vendor driver that was not even included in the main wpa_supplicant
  releases
2011-01-30 21:29:25 +02:00
Helmut Schaa
f1bed4a70d nl80211: Make use of the ht opmode bss attribute
In order to enable protection mechanisms for different HT opmodes the
driver needs to be aware of the current HT opmode that is calculated by
hostapd. Hence, pass the current opmode to the nl80211 driver via
the bss attribute NL80211_ATTR_BSS_HT_OPMODE.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2011-01-30 21:16:29 +02:00
Jouni Malinen
1161ff1ef5 hostapd: Allow TDLS use to be prohibited in the BSS
tdls_prohibit=1 and tdls_prohibit_chan_switch=1 and now be used to
disable use of TDLS or TDLS channel switching in the BSS using
extended cabilities IE as defined in IEEE 802.11z.
2011-01-28 19:21:59 +02:00
Jouni Malinen
dfaeda0492 Fix couple of compiler warnings about uninitialized variables 2011-01-26 21:29:28 +02:00
Jouni Malinen
cbcf92b42f AP: Validate management frame length
Make sure that received management frames are long enough before
processing them. This avoids a potential segmentation fault if a
driver delivers an invalid frame all the way to hostapd.
2011-01-17 12:21:29 +02:00
Dan Harkins
e4d7b22a53 EAP-pwd: Fix some interoperability issues
The changes are:

  1. the word "and" in the hunting-and-pecking string passed to the KDF
     should be capitalized.
  2. the primebitlen used in the KDF should be a short not an int.
  3. the computation of MK in hostap is based on an older version of the
     draft and is not the way it's specified in the RFC.
  4. the group being passed into computation of the Commit was not in
     network order.
2011-01-16 13:12:07 +02:00
Jouni Malinen
b13d3d63d5 EAP-pwd: Use os_free to free memory allocated with os_malloc
The direct use of free() caused a crash with CONFIG_WPA_TRACE=y.
2011-01-16 13:02:11 +02:00
Jouni Malinen
bc8318acbc WPA: Add more info for EAPOL-Key Nonce/MIC debugging 2011-01-15 16:57:08 +02:00
Chao-Wen Yang
c5cf0a18f1 WPS: Add mechanism for indicating non-standard WPS errors
Previously, only the Configuration Error values were indicated in
WPS-FAIL events. Since those values are defined in the specification
it is not feasible to extend them for indicating other errors. Add
a new error indication value that is internal to wpa_supplicant and
hostapd to allow other errors to be indicated.

Use the new mechanism to indicate if negotiation fails because of
WEP or TKIP-only configurations being disallows by WPS 2.0.
2011-01-13 17:50:59 +02:00
Jouni Malinen
e24cf97c0d P2P: Check GO Neg Req retransmit limit in p2p_listen_end
This needs to be done both in the more normal location in
p2p_timeout_connect_listen() (internal timeout after driver event) and
in p2p_listen_end() as a workaround for the case where the driver event
is delayed to happen after the internal timeout.
2011-01-12 13:48:55 +02:00
Jouni Malinen
60ea8187c9 nl80211: Set NL80211_ATTR_KEY_DEFAULT_TYPES based on set_key addr
This allows mac80211 to configure default keys properly for RSN IBSS
mode.
2011-01-09 19:54:50 +02:00
Jouni Malinen
0382097ef3 Use set_key addr to distinguish default and multicast keys
Previously, both NULL and ff:ff:ff:ff:ff:ff addr were used in various
places to indicate default/broadcast keys. Make this more consistent
and useful by defining NULL to mean default key (i.e., used both for
unicast and broadcast) and ff:ff:ff:ff:ff:ff to indicate broadcast
key (i.e., used only with broadcast).
2011-01-09 19:44:28 +02:00
Jouni Malinen
8546ea1930 nl80211: Avoid infinite loop when searching a BSS
When hostapd is removing a virtual BSS interface, the loop here was
incorrectly not updating the iterator during list traversal and
ended up in an infinite loop in some cases.
2011-01-09 19:18:50 +02:00
Jouni Malinen
4d379f1243 Move hostap driver specific workaround into the driver wrapper 2011-01-09 12:50:57 +02:00
Jouni Malinen
dff99f8ec1 Do not use set_tx=1 when clearing keys with set_key 2011-01-09 12:18:36 +02:00
Jouni Malinen
260832214e Use key=NULL when clearing PTK with set_key
The key clearing operations are using NULL everywhere else, so make
this consistent with other callers.
2011-01-09 12:12:48 +02:00
Jouni Malinen
da64c266e7 Use more consistent set_key seq value when nothing is being set
Use NULL instead of (u8 *) "" as the seq value and make sure the
driver wrapper implementations can handle NULL value. This was
previously already done in number of places, but not everywhere.
2011-01-09 12:09:04 +02:00
Shan Palanisamy
dcc8bf7808 atheros: Rename "madwifi_" prefix to "atheros_" 2010-12-30 16:14:28 +02:00
Yi Zhu
23763c6516 bsd: Fix receive buffer alignment issue
wpa_supplicant seems to crash from time to time on a NetBSD 4.0 MIPS
platform. The root cause turned out to be a MIPS alignment issue.

In my wpa_supplicant crash case, in function
wpa_driver_bsd_event_receive (from driver_bsd.c), the buf[2048] address
is started from i.e. 0x7fffd546, which is not 4 bytes aligned. Later
when it is casted to (struct if_msghdr *), and rtm->rtm_flags is used.
rtm->rtm_flags is "int" type, but its address is not 4 bytes aligned.
This is because the start address of rtm is not 4 bytes aligned.
Unfortunately in NetBSD MIPS kernel (unlike Linux MIPS kernel emulates
unaligned access in its exception handler), the default behavior is to
generate a memory fault to the application that accesses unaligned
memory address. Thus comes the early mentioned wpa_supplicant crash. An
interesting note is when I'm using the wpa_supplicant version 0.4.9, I
never saw this problem. Maybe the stack layout is different. But I
didn't look into details.

I used below patch to resolve this problem. Now it runs correctly for at
least several hours. But you might have a better fix (maybe we can use
malloc/free so that it is at least cache line aligned?). I'm also not
sure if other drivers should have the same problem.
2010-12-30 16:13:19 +02:00
Yi Zhu
9f2951d2fd Fix driver_bsd.c compile error
I got an error for WPA_KEY_RSC_LEN is not defined when compiling the
driver_bsd.c on NetBSD 4.0. Below patch fixed it.
2010-12-30 16:12:32 +02:00
Jouni Malinen
3ac17eba31 P2P: Add initial support for driver-based P2P management
This adds partial callbacks and events to allow P2P management to be
implemented in a driver/firmware. This is not yet complete and is
very much subject to change in the future.
2010-12-30 12:48:55 +02:00
Jouni Malinen
f981eabcf0 WPS: Add option to disable open networks by default
CONFIG_WPS_REG_DISABLE_OPEN=y can be used to configure wpa_supplicant
to disable open networks by default when wps_reg command is used to
learn the current AP settings. When this is enabled, there will be a
WPS-OPEN-NETWORK ctrl_iface event and the user will need to explicitly
enable the network (e.g., with "select_network <id>") to connect to
the open network.
2010-12-30 12:28:13 +02:00
Johannes Berg
5dfca53fc0 nl80211: Use driver-based off-channel TX if available
If the underlying driver supports off-channel TX, it will now be used by
the nl80211 driver wrapper, setting WPA_DRIVER_FLAGS_OFFCHANNEL_TX
accordingly.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-12-29 14:05:34 +02:00
Johannes Berg
190b9062b2 P2P: Add option for offloading off-channel TX to the driver
With the new kernel functionality coming to Linux to allow off-channel
TX, we can take advantage of that in the P2P code that currently uses
remain-on-channel. If a driver advertises support for it, it will be
asked to handle off-channel TX by itself.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-12-29 13:59:17 +02:00
Johannes Berg
0d7e5a3a29 Allow AP mode to disconnect STAs based on low ACK condition
The nl80211 driver can report low ACK condition (in fact it reports
complete loss right now only). Use that, along with a config option, to
disconnect stations when the data connection is not working properly,
e.g., due to the STA having went outside the range of the AP. This is
disabled by default and can be enabled with disassoc_low_ack=1 in
hostapd or wpa_supplicant configuration file.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-12-28 17:15:01 +02:00
Jouni Malinen
d3e01b9d71 Re-initialize EAP ClientTimeout on for each session
ClientTimeout changes from EAP peer methods were not supposed to
change behavior for other EAP peer methods or even other sessions
of the same method. Re-initialize ClientTimeout whenever an EAP
peer method is initialized to avoid this. This addresses problems
where WPS (EAP-WSC) reduces the timeout and consecutive EAP runs
may fail due to too small timeout.
2010-12-28 12:09:14 +02:00