Commit Graph

1867 Commits

Author SHA1 Message Date
Jouni Malinen
54e9c5fc69 EAP: Clear ClientTimeout back to default value in INITIALIZE
This fixes an issue where WPS run leaves a small ClientTimeout
value (2) configured and the next EAPOL authentication is started
with that small value even for Identity exchange. This can cause
problems when an EAPOL packet gets dropped immediately after
association and a retry of that packet is needed (which may take
more than two seconds).
2011-10-18 18:44:35 +03:00
Dmitry Shmidt
ed3eecd786 Android: Add wpa_ctrl_cleanup()
This function can be used to clean up local UNIX domain socket files
that may be left over from clients that were previously connected to
wpa_supplicant. At least for now, this is only available for Android
builds.
2011-10-18 17:27:53 +03:00
Jouni Malinen
ea08bfe384 netlink: Do not use void pointer for pointer arithmetic
This is a non-standard extension in gcc, so better not depend on it.
2011-10-18 17:00:08 +03:00
Jouni Malinen
39b97072b2 Add support for Time Advertisement
This adds preliminary support for IEEE 802.11v Time Advertisement
mechanism with UTC TSF offset.
2011-10-18 00:24:16 +03:00
Jouni Malinen
96b2cb226a Add os_gmtime() as wrapper for gmtime() 2011-10-18 00:23:42 +03:00
Jouni Malinen
4b2a77aba2 Interworking: Add support for configuring Roaming Consortium List 2011-10-17 23:55:50 +03:00
Jouni Malinen
c7c178e15e Interworking: Add Advertisement Protocol element
For now, assume that ANQP will always be enabled with Interworking.
This may be made separately configurable in the future.
2011-10-17 23:19:52 +03:00
Jouni Malinen
3c11382b6c Remove set_intra_bss() driver_ops
This has been replaced by the isolate parameter available through
set_ap() calls.
2011-10-17 23:04:27 +03:00
Jouni Malinen
ecff342716 atheros: Add a placeholder function for set_ap() driver_ops 2011-10-17 21:36:28 +03:00
Jouni Malinen
8a33a63f58 Add Interworking configuration in set_ap() driver_ops
Drivers that implement SME/MLME may find it easier to use separated
information to configure Interworking related parameters.
2011-10-17 21:35:41 +03:00
Jouni Malinen
a194b06c81 Add Ext Capab and Interworking elements to extra IEs
These need to be provided to drivers that implement SME/MLME.
2011-10-17 21:30:44 +03:00
Jouni Malinen
06c4d2472f Move Ext Capab and Interworking element construction into shared file
These needs to be available for drivers that implement SME/MLME.
2011-10-17 21:03:52 +03:00
Jouni Malinen
c2ff13c533 Clean up AP mode extra IE construction
Make it easier to add more IEs into the buffers.
2011-10-17 20:55:06 +03:00
Jouni Malinen
6c0575c322 Remove unused function argument 2011-10-17 20:10:07 +03:00
Jouni Malinen
31357268e5 Move AP BSS configuration parameters into set_ap()
Remove the separate driver_ops functions set_cts_protect(),
set_preamble(), set_short_slot_time(), and set_ht_params(). These
belong into same set of operations as set_ap(), so there is no need
to maintain separate functions that just make the driver wrapper
more complex.

Since these have only been used with driver_nl80211.c, the driver_ops
can be removed immediately instead of maintaining backwards
compatibility period with the old functions.
2011-10-17 19:31:33 +03:00
Jouni Malinen
fd13a54180 Deprecate set_intra_bss() driver_ops
The AP client isolation parameter is now available through set_ap().
driver_nl80211.c was the only driver wrapper using the set_intra_bss()
call in hostap.git, but some external trees may have used this. Once
those are cleared, the set_infra_bss() driver_ops can be removed
completely. The only remaining use case for it currently is in P2P
GO mode with wpa_supplicant.
2011-10-17 18:58:46 +03:00
Jouni Malinen
5ce0f8b31b Remove unused P2P device discovery hack from Beacon configuration
AP mode operations were used for P2P device discovery Listen state
only during early experiments. This has now been cleaned up and
ieee802_11_set_beacon() is not called for P2P device discovery.
As such, this hack to skip Beacon configuration can be removed.
2011-10-17 18:39:31 +03:00
Jouni Malinen
062390efd4 Start deprecating various AP mode driver_ops
The preferred way of configuring AP mode will be to use set_ap() instead
of number of separate operations hostapd has collected over the years.
2011-10-17 18:35:25 +03:00
Jouni Malinen
9e85b1ed49 atheros: Add debug hexdumps for IE configuration 2011-10-17 17:56:59 +03:00
Mahesh Palivela
d4370eac2e Move SA Query mechanism into a file that can be shared more easily
This is the first step in allowing SA Query mechanism in hostapd to be
used with drivers that implement authentication and association MLME/SME
(i.e., do not use ieee802_11.c).
2011-10-17 17:33:17 +03:00
Jouni Malinen
73c41a8fab Interworking: Parse NAI Realms and match against home realm 2011-10-16 23:55:34 +03:00
Jouni Malinen
b02fe7ff32 Interworking: Add commands for network selection
This adds the basic mechanism for running through network selection:
scan, ANQP fetch, network selection, and connection. Actual rules for
network selection and the creation of the network block are still
missing, but will be added in separate commits.
2011-10-16 23:55:34 +03:00
Jouni Malinen
69fbdfe48d GAS: Export gas_build_initial_resp()
This is needed for some GAS error response messages where the ANQP
Advertisement Protocol element is not used.
2011-10-16 23:55:34 +03:00
Jouni Malinen
696be77eee Define new IEEE 802.11u status codes 2011-10-16 23:55:34 +03:00
Jouni Malinen
71269b3708 WNM: Add BSS Transition Management Request for ESS Disassoc Imminent
"hostapd_cli ess_disassoc (STA addr) (URL)" can now be used to send
an ESS Dissassociation Imminent notification to the STA. This event
is shown in wpa_supplicant ctrl_iface monitors (e.g., wpa_cli):
"WNM: ESS Disassociation Imminent - session_info_url=http://example.com/session/"
2011-10-16 23:55:34 +03:00
Jouni Malinen
4fe9fa0d29 nl80211: Register GAS frames for Interworking
The GAS frames are used both with P2P and Interworking, so register
them if CONFIG_INTERWORKING is used without CONFIG_P2P.
2011-10-16 23:55:34 +03:00
Jouni Malinen
46ee0427b1 IEEE 802.11u: Allow Interworking and HESSID to be configured
The new wpa_supplicant.conf file global parameters interworking and
hessid can be used to configure wpa_supplicant to include
Interworking element in Probe Request frames.
2011-10-16 23:55:34 +03:00
Jouni Malinen
b83e3e93c8 IEEE 802.11u: Add configuration and advertisement for Interworking 2011-10-16 23:55:34 +03:00
Jouni Malinen
08a74e6a61 Use a common error handler in hostapd_notif_assoc() 2011-10-16 17:57:27 +03:00
Jouni Malinen
2bb20281cb Clean up IE processing in hostapd_notif_assoc() 2011-10-16 17:49:02 +03:00
Jouni Malinen
fa15d405c7 WPS: Fix WPS IE processing
Commit 17f6b90056 moved the concatenation
of WPS IEs, but did not include the validation that the IE buffer is not
NULL. In addition, the concatenation needs to be done based on the full
IE buffer instead of the parsed pointer that includes only a single
WPS IE.
2011-10-16 17:10:48 +03:00
Jouni Malinen
1472d32f72 Remove unused function argument 2011-10-16 14:00:30 +03:00
Jouni Malinen
619e6726ba base64: Stop decoding at the first sequence of pad characters
The base64 encoded data cannot included pad characters in the middle, so
we can stop the loop at the first sequence of pad characters. If the
sequence includes more than two pad characters, the encoding is invalid
and we can indicate failure.
2011-10-16 12:36:21 +03:00
Jouni Malinen
c3b75919fa Fix double free with CONFIG_WPS_STRICT=y
Commit 17f6b90056 extended the use of
the concatenated WPS IE outside the CONFIG_WPS_STRICT block, but
forgot to remove the old wpabuf_free(wps) call.
2011-10-16 12:11:00 +03:00
Luciano Coelho
bd525934e5 nl80211: Add support for sched_scan filtering
Use the SSID filter list passed in the scheduled scan request down to
the kernel driver, so it can use the list to return only the wanted
SSIDs. Some kernel drivers can use this information to offload the
SSID filter to the hardware, helping with reducing the power
consumption.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:14 +03:00
Luciano Coelho
b59e6f267b Add filter support to scheduled scans
Pass SSIDs to be matched in scheduled scan results. Only the SSIDs
that are included in the match lists will be reported by the driver,
so the filtering can be offloaded to the hardware and the power
consumption can be reduced.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:14 +03:00
Luciano Coelho
35b741fdf7 Increase maximum number of SSIDs per scan
With scheduled scan support, we may need to pass more than 10 SSIDs in
a single scan request. Some drivers (e.g., wl12xx) support up to 16
SSIDs at once.

Change WPAS_MAX_SCAN_SSIDS from 10 to 16.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Luciano Coelho
d21c63b925 nl80211: Add scheduled scan support
This commit adds scheduled scan support in the nl80211 driver.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Luciano Coelho
cbdf3507e9 Add scheduled scan driver operations
In new Linux kernel versions (>=3.0), nl80211 adds scheduled scan
capability. In order to use this feature to its full extent, we need
to support it in the wpa_supplicant core, so that it can also be used
by other drivers.

This commit adds initial scheduled scan support operations and events.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Jouni Malinen
1e1a0a4dc9 edit: Fix history prev/next selection
Commit 19ec1f262e tried to fix some
cases for history prev selection, but it broke others. Fix this
properly by using a separate entry for the current edit line that
is not yet in history buffer.
2011-10-15 14:03:35 +03:00
Jouni Malinen
44dc872ee5 nl80211: Add debug print for channel changes 2011-10-15 13:29:56 +03:00
Jouni Malinen
dcd1eb5be5 Fix some forgotten comments in set_beacon to set_ap change 2011-10-15 13:15:24 +03:00
Jithu Jance
6758b1677a nl80211: Use shorter monitor interface name for P2P GO
Currently the P2P Interface name[p2p-%s-%d] is reset when the P2P
Interface name reaches the "IFNAMSIZ" limit. Monitor interface name is
derived from p2p interface name with the addition of few characters
[mon.p2p-%s-%d] and hence Monitor interface name hits IFNAMSIZ limit
before P2P Interface name. Rename the monitor interface name to
mon-%s-%d to reduce the length to same with p2p-%s-%d.
2011-10-15 13:07:30 +03:00
Yogesh Ashok Powar
8666585b9e Disconnect STA when it fails to get added in kernel driver/firmware
Data path for stations that get successfully associated to the
hostapd but fail to get added in the driver/firmware, will not
work. In such cases, hostapd should deauth and disconnect such
stations. In such scenario, hostapd should disconnect the STAs.

Sample output with following patch
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: authenticated
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: associated (aid 1)
wlan0: AP-STA-CONNECTED 0c:74:c2:9a:4c:59
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: Could not add STA to kernel driver
wlan0: STA 0c:74:c2:9a:4c:59 IEEE 802.11: deauthenticated due to local deauth request

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
2011-10-15 12:41:28 +03:00
B. J
5dd80dd661 Fix NT-hash password use with integrated authentication server
The password_hash parameter was not copied in case of the integrated
authentication server (but was for RADIUS server). This broke EAP
authentication when the user entry used NT-hash.
2011-10-15 12:13:27 +03:00
Janusz Dziedzic
f1afcb391e P2P: Fix wpabuf reuse on p2p_group_notif_noa()
This currently unused function would have triggered wpabuf overflows
due to incorrect variable being reset to zero in the case the old
NoA wpabuf was large enough for the new data.
2011-10-13 01:06:11 +03:00
Jouni Malinen
fd8e4fda50 EAPOL auth: Disconnect after IEEE 802.1X failure
The EAPOL authenticator was previously forcing disconnection in the WPS
use case. However, this can be benefitial operation with any IEEE 802.1X
authentication mechanism and need not be limited to WPS. This helps some
use cases like EAP-FAST where provisioning may require two
authentication runs if the authentication server does not allow the PAC
provisioning step to be used for normal data connection. While the
station would be free to decide to re-associate in such a case, not all
stations do and as such, it helps if the AP does that instead of leaving
the association up with EAPOL state machine in HELD state for 60
seconds.
2011-10-12 20:07:16 +03:00
Jouni Malinen
88dc899a1b EAP-FAST: Allow unprotected EAP-Failure in provisioning case
While EAP-FAST uses protected success notification, RFC 5422, Section
3.5 points out a possibility of EAP-Failure being sent out even after
protected success notification in case of provisioning. Change the
EAP-FAST peer implementation to accept that exception to the protected
success notification. This allows the station to re-connect more quickly
to complete EAP-FAST connection in the case the server rejects the
initial attempt by only allowing it to use to provision a new PAC.
2011-10-12 20:05:02 +03:00
Jouni Malinen
4458d91554 P2P: Do not change SSID during GO negotiation
If GO Negotiation Request (or in theory, also GO Negotiation Response)
frame is delivered multiple time for processing, the SSID of the group
could end up getting changed. This could result in possible issues if
the peer ended up using different SSID. To avoid this, make sure the
SSID does not get changed unless the negotiation is for a new group.
2011-10-11 18:29:31 +03:00
Jouni Malinen
c3fea27274 Clear OKC-based PMKSA caching entries if PMK is changed
Whenever PMK gets changed (e.g., due to re-authentication), all PMKSA
caching entries that were created using the previous PMK needs to be
replaced. Previously, only the entry for the current AP was cleared.
Flush the other entries based on network_ctx matches to get rid of the
OKC entries. These entries can then be re-creating using OKC with the
new PMK.
2011-10-02 19:36:37 +03:00
Jouni Malinen
15e2c77d03 Sync with wireless-testing.git linux/nl80211.h 2011-10-02 13:16:42 +03:00
Johannes Berg
1473f95e98 AP: Use QoS nullfunc for connection poll
When polling a station that has been inactive for a while, hostapd currently
always uses a null data frame. This is a bit strange with uAPSD clients
(though it seems to mostly work) since the EOSP bit can never be set in a
non-QoS frame. Make hostapd use QoS null data frames for probing when the
station is a QoS STA.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-10-01 21:04:11 +03:00
Marek Kwaczynski
ed908a55da P2P: Refresh peer entries on Probe Request RX
Do not expire P2P peer entries if Probe Request frames are received from
them.
2011-10-01 20:40:14 +03:00
Zhi Chen
56aa082a1d WPS: Send AP Settings as a wrapped Credential attribute to ctrl_iface
Wrap self-generated WPS credential for new AP settings and send that to
control interface to provide the needed information in
WPS-NEW-AP-SETTINGS for external processing.
2011-09-30 22:26:37 +03:00
Shan Palanisamy
a52eba0f44 FT: Add driver wrappers for FT with driver-based MLME/SME 2011-09-30 00:05:29 +03:00
Jouni Malinen
0c840c33f7 Move GAS/ANQP build routines to a separate file from P2P
GAS/ANQP is a generic protocol and in no way specific to P2P, so move
routines used to build GAS/ANQP frames to a separate file that can be
shared for other uses than just P2P service discovery.
2011-09-29 22:18:46 +03:00
Jouni Malinen
206e1f422f P2P: Provide mechanism for figuring out p2p_scan_ie() buffer need
The new function, p2p_scan_ie_buf_len(), can be used to figure out
how large a buffer needs to be allocated for p2p_scan_ie() use. This
makes it easier to add new data into the buffer without forcing all
callers to be updated to use a larger buffer.
2011-09-29 22:18:23 +03:00
Jouni Malinen
fc6997b345 P2P: Fix group formation after previous commit
p2p_in_progress() have to ignore P2P_PROVISIONING state to allow
station mode (which includes P2P client) scan to work.
2011-09-29 21:48:07 +03:00
Jouni Malinen
303f60d39b P2P: Do not request station mode scans during P2P operations
The P2P search mechanism depends on the same scan functionality that
is used for station mode scans. If these operations are being used
at the same time, scan result processing is not handled properly.
Avoid unexpected behavior by delaying station mode scan requests
if a P2P operation is in progress.

Among other things, this allows the station mode connection attempt
to be continued after a P2P find or group formation has been completed
if the interface is available (i.e., when the P2P group uses a
separate virtual interface).
2011-09-29 16:53:55 +03:00
Jouni Malinen
0c96fd6d03 P2P: Do not leave P2P scan handler registered if scan fails
If the initial attempt to start a scan for p2p_find fails, an error
is reported. However, the P2P scan handler and search state was
left behind. That can result in unexpected behavior when the next
non-P2P scan results are indicated. Avoid this by clearing the
P2P search state on failure.
2011-09-29 16:52:23 +03:00
Vivek Natarajan
004ba773ce nl80211: Add driver flag for firmware-based BSS selection
This new flag can be used to change wpa_supplicant behavior in the
default ap_scan=1 mode to move BSS selection into the driver (likely
firmware). This commit is only adding the flag; separate commits
will be used to change the actual connection/roaming behavior.
2011-09-26 14:26:55 +03:00
Jouni Malinen
daa30c23aa Rename and fix ANQP definitions to match IEEE Std 802.11u-2011 2011-09-26 11:51:58 +03:00
Mathieu Olivari
8a8c1c0ea5 atheros: Allow flattened driver include file directories
Remove the full driver path to the driver header file to make it
easier to use common include directory for all driver headers.
2011-09-26 11:49:22 +03:00
Jouni Malinen
fd2f2d0489 Remove EAP-TTLSv1 and TLS/IA
These protocols seem to be abandoned: latest IETF drafts have expired
years ago and it does not seem likely that EAP-TTLSv1 would be
deployed. The implementation in hostapd/wpa_supplicant was not complete
and not fully tested. In addition, the TLS/IA functionality was only
available when GnuTLS was used. Since GnuTLS removed this functionality
in 3.0.0, there is no available TLS/IA implementation in the latest
version of any supported TLS library.

Remove the EAP-TTLSv1 and TLS/IA implementation to clean up unwanted
complexity from hostapd and wpa_supplicant. In addition, this removes
any potential use of the GnuTLS extra library.
2011-09-25 21:28:32 +03:00
Jouni Malinen
e655e1f512 GnuTLS: Fix build bit various GnuTLS versions
This fixes some build issues in GnuTLS wrapper to be compatible with
at least following GnuTLS versions: 2.2.5, 2.4.3, 2.6.6, 2.8.6,
2.10.5, 2.12.11, 3.0.3.
2011-09-25 19:32:28 +03:00
Jouni Malinen
5c47af9a7a TLS: Add support for TLS v1.1 (RFC 4346) with internal TLS
This is disabled by defautl and can be enabled with CONFIG_TLSV11=y
build configuration parameter.
2011-09-25 17:24:46 +03:00
Jouni Malinen
3bff59f857 TLS: Do not enforce in-place processing in tlsv1_record_send()
In preparation for record layer format changes, modify
tlsv1_record_send() to use separate buffers for payload
and the output message.
2011-09-25 17:11:52 +03:00
Jouni Malinen
85b7187ffc TLS: Add protection against record layer CBC attacks
Instead of using separate bad_record_mac and decryption_failed alerts,
use only bad_record_mac alert regardless of how the CBC decryption
failed. This provides less information to attackers that could modify
packets. In addition, instead of returning immediately on error, run
through the MAC check to make timing attacks more difficult.
2011-09-25 16:57:35 +03:00
Jouni Malinen
26296a8a7c TLS: Avoid unnecessary copying of encrypted data at record layer
When the received data will be decrypted, there is no need to first
copy it and then handle decryption in-place when decryption step can
take care of both operations.
2011-09-25 16:52:46 +03:00
Jouni Malinen
61f1ed911d TLS: Fix record layer protocol version validation
TLS v1.0 and v1.1 RFCs were not exactly clear on the use of the
protocol version in record later. As such, accept any {03,xx} value
to remain compatible with existing implementations and new protocol
versions.
2011-09-25 16:48:06 +03:00
Jouni Malinen
54b8f99454 P2P: Fix a race condition in some P2P command sequencies
The p2p->drv_in_listen variable is used to track Listen state operations
in the driver. This is cleared when the driver reports that the Listen
state has ended (p2p_listen_end() gets called). However, it is possible
that the driver does not indicate that if the Listen state is canceled.
This can apparently happen in some cases where p2p_connect command is
issues while the Listen state is in progress.

Work around this issue by clearing p2p->drv_in_listen when Listen state
is stopped as part of p2p_stop operation. This allows the P2P module to
process CONNECT_LISTEN timeout in p2p_timeout_connect_listen() to move
to CONNECT state, e.g., when starting GO Negotiation after Device
Discoverability mechanism.
2011-09-22 22:49:21 +03:00
Subrat Dash
6a5200e699 atheros: Fix WEXT SIOCGIWESSID use with WE-21 and newer
The "too long" buffer (32+1 octets) prevented AP from starting up with
32 octet SSID with WE-21 and newer. Fix this by reducing the
SIOCGIWESSID buffer length.
2011-09-22 15:42:03 +03:00
Pavel Roskin
ffbf1eaa26 Fix typos found by codespell
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-09-22 00:43:59 +03:00
Pavel Roskin
a776b19cda wext: Remove write-only variable ap_num
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-09-22 00:41:17 +03:00
Jouni Malinen
c36d52427a nl80211: Support PMKSA candidate events
This adds support for RSN pre-authentication with nl80211 interface and
drivers that handle roaming internally (i.e., wpa_supplicant is not
responsible for requesting scan results that provide the needed
information without these events).
2011-09-21 16:14:41 +03:00
Jouni Malinen
c8c71b395c Sync with wireless-testing.git linux/nl80211.h 2011-09-21 16:14:00 +03:00
Jouni Malinen
20f5a4c24c nl80211: Work around EALREADY from connect command
cfg80211 does not currently allow NL80211_CMD_CONNECT when there
is already an association. This can result in wpa_supplicant being
unable to request a connection if the interface is already in
connected state. Work around this by requesting disconnection if
the connect command fails with EALREADY error. This allows
wpa_supplicant to recover from the unexpected state and complete
the connect request on next attempt.
2011-09-18 21:26:55 +03:00
Jouni Malinen
1b414f59fc eapol_test: Add option for writing server certificate chain to a file
eapol_test command line argument -o<file> can now be used to request
the received server certificate chain to be written to the specified
file. The certificates will be written in PEM format. [Bug 391]
2011-09-17 22:42:54 +03:00
Jouni Malinen
8a55f56453 RSN: Add a debug message when considing addition of OKC entry 2011-09-16 18:45:15 +03:00
Jouni Malinen
a8b8379adf Sync with wireless-testing.git linux/nl80211.h 2011-09-16 17:13:08 +03:00
Jouni Malinen
633d4469e8 Fix AP build without CONFIG_WPS=y
Make the WPS processing of (Re)Association Request frame IEs conditional
on WPS support. This fixes a build issue with wps_is_20() not being
defined and makes the non-WPS build a bit smaller.
2011-09-12 22:23:45 +03:00
Jouni Malinen
531e420dd7 Remove time.h include from utils/includes.h
os_*() wrappers should be used instead of functions from time.h.
Removing the header from includes.h enforces this. os_unix.c can
include this its uses are valid wrapper calls. wps_upnp.c uses
gmtime() for which there is no os_*() wrapper available yet, so
allow it to use time.h, too. Similarly, allow dump_state.c to
use time.h for ctime().
2011-09-12 22:19:26 +03:00
Per Ekman
3d9e2e6615 Remove references to time_t/time()
Use os_time() in AP mode instead of direct time() calls.
2011-09-12 22:14:30 +03:00
Johannes Berg
531f0331a1 nl80211: Cancel not yet started r-o-c
Currently, the following can happen:

1) P2P state machine requests R-O-C
2) user changes their mind and aborts
3) P2P state machine aborts R-O-C
4) driver_nl80211 rejects abort since there
   was no notification about the start yet
5) R-O-C period start notification from kernel
6) P2P state machine requests new R-O-C
7) this overlaps with old R-O-C -- iwlwifi driver
   can't handle that and returns -EBUSY
8) state machine stops dead in its tracks

The reason is that the abort isn't going through properly. Instead of
tracking whether a R-O-C is active in driver_nl80211, track whether one
was requested to avoid this scenario.

Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-09-10 22:57:41 +03:00
Rajkumar Manoharan
47185fc788 P2P: Remove CCK supported rates when running P2P scan
This allows drivers to disable CCK rates from Probe Request frames.
For nl80211, this is currently applying only to the supported rates
element(s), but this mechanism could be extended to address TX rate
control masking, too, to lessen need for global rate disabling.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
2011-09-10 22:40:30 +03:00
Johannes Berg
7626850dd6 nl80211: Automatically use concurrent P2P if possible
Since the kernel can now advertise P2P concurrent support by advertising
interface combinations, we can take advantage of that and automatically
use P2P_CONCURRENT / P2P_MGMT_AND_NON_P2P for drivers that advertise
support.

Keep driver_param=use_p2p_group_interface=1 for anyone not advertising
interface combinations in their drivers yet.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-09-10 21:52:21 +03:00
Jouni Malinen
25e5d5bc08 P2P: Allow advertisement config methods to be limited
The default config methods was hardcoded to claim support for
PushButton, Display, and Keypad. While these are supported by
most P2P devices, there may be some cases where it is convenient
to be able to disable a specific config method. Use config_methods
configuration parameter to set the default values for Config Methods
in the P2P Device Info attribute.
2011-09-08 16:48:06 +03:00
Jouni Malinen
07fecd3915 P2P: Remove Label config method
The P2P specification (3.1.4.3) disallows use of the Label configuration
method between two P2P devices. This was previously enforced at upper
level, but the obsolete code can be removed from wpa_supplicant. This
adds a bit more strict enforcement of the policy, but should not result
in practical differences since no known P2P implementation uses Label
config method.
2011-09-08 16:40:03 +03:00
Jouni Malinen
d8a790b922 Flush PMKSA cache entries and invalidate EAP state on network changes
If a network configuration block is removed or modified, flush
all PMKSA cache entries that were created using that network
configuration. Similarly, invalidate EAP state (fast re-auth).

The special case for OKC on wpa_supplicant reconfiguration
(network_ctx pointer change) is now addressed as part of the
PMKSA cache flushing, so it does not need a separate mechanism
for clearing the network_ctx values in the PMKSA cache.
2011-09-07 17:46:00 +03:00
Jouni Malinen
734baae0af Clear driver PMKSA cache entry on PMKSA cache expiration
If the driver maintains its own copy of the PMKSA cache, we need to
clear an entry from the driver whenever wpa_supplicant is dropping
an old PMKSA cache entry.
2011-09-07 16:31:09 +03:00
Jouni Malinen
cc28ad8cdf Fix Deauth/Disassoc callback handling with test frames
The Deauth/Disassoc TX status callbacks were ending up kicking the
station entry from kernel driver when test functionality was used to
inject Deauth/Disassoc frames from the AP with the purpose of leaving
the local association in place. Fix this by using STA flags to figure
out whether there was a pending callback for the frame that we need
to act on.

In addition, add forgotten functionality for the Disassoc TX status
callback to match the behavior with Deauth.
2011-09-06 21:03:02 +03:00
Jouni Malinen
64fa840a97 nl80211: Fix WPA_VERSIONS attribute for Connect command
The previous code was trying to figure out which WPA version is
used based on the extra IEs requested for Association Request. That
did not work properly in cases where non-WPA networks are used with
some extra IEs. Fix this by using more robust mechanism for passing
the WPA versions from core wpa_supplicant to the driver_ops
associate().
2011-09-02 20:40:23 +03:00
Jouni Malinen
83180479f0 Android: Modify wireless_copy.h to fix Android build 2011-09-02 16:50:43 +03:00
Bharat Chakravarty
a9355fac5f WPS: Set Probe Request config methods based on configuration
Instead of hardcoding the Config Methods attribute value in Probe
Request frames, set this based on the configured parameter
config_methods to allow correct set of methods to be advertised.
2011-09-01 15:24:45 +03:00
Jouni Malinen
ae9c400358 WPS ER: Fix UPnP XML Device Description parser to find correct device
The device description file may include multiple devices. Improve the
simplistic parser by first trying to find the WFADevice:1 device before
fetching the device parameters. While this is still far from complete
XML parsing, this should address the most common root device
specifications.
2011-08-31 13:56:03 +03:00
Jouni Malinen
86957e6298 nl80211: Support AP mode probe/action frame TX/RX without monitor iface
This allows non-mac80211 drivers to report received Probe Request
frames to user space and Probe Response and Action frames to be sent
from user space when using AP/P2P GO mode.
2011-08-29 14:26:55 +03:00
Jouni Malinen
4dc03726de Delay STA entry removal until Deauth/Disassoc TX status in AP mode
This allows the driver to use PS buffering of Deauthentication and
Disassociation frames when the STA is in power save sleep. The STA
entry (and PTK) will be removed from the kernel only after the
Deauth/Disassoc has been transmitted (e.g., when the STA wakes up).
A hardcoded two second timeout is used to limit the length of this
window should the driver fail to deliver the frame (e.g., the STA
is out of range and does not wake up). The kernel STA entry is
marked unauthorized during the wait to avoid accepting Data
frames from the STA that we have decided to disconnect.

This behavior is available only with drivers that provide TX status
events for Deauth/Disassoc frames (nl80211 at this point). Other
drivers continue to use the previous behavior where the STA entry
is removed immediately.
2011-08-28 23:07:02 +03:00
Jouni Malinen
49a191a142 EAP: Add "expanded" EAP type to get_name functions 2011-08-28 19:23:16 +03:00
Jouni Malinen
17f6b90056 WPS: Wait for EAPOL-Start unless WPS 2.0 station as workaround
Extend the code that waits for the station to send EAPOL-Start before
initiating EAPOL authenticator operations to cover the case where the
station includes WPS IE in (Re)Association Request frame if that IE
does not include support for WPS 2.0. While this should not really
be needed, this may help with some deployed WPS 1.0 stations that do
not support EAPOL operations correctly and may get confused of the
EAP-Request/Identity packets that would show up twice if EAPOL-Start
is transmitted.
2011-08-28 19:16:59 +03:00
Jouni Malinen
fb91db5639 Provide extra IEs for AP mode management frames with set_ap
Drivers that build Beacon, Probe Response, and (Re)Association
Response frames can use this information to and WPS and P2P IE
when needed.
2011-08-26 21:14:25 +03:00
Jouni Malinen
97a7a0b504 Add support for setting SSID hiding mode through set_ap() 2011-08-26 21:12:47 +03:00
Jouni Malinen
b11d1d6439 Add crypto parameters to set_ap() command separately
This helps drivers that build the Beacon and Probe Response frames
internally.
2011-08-26 21:11:42 +03:00
Jouni Malinen
d8cc23a438 Sync with include/linux/nl80211.h in wireless-testing.git 2011-08-26 21:09:08 +03:00
Jouni Malinen
9ca47fff8c WPS: Drop responses from ER to a STA that is not in WPS protocol
If an ER tries to send a message to a STA that is not in the middle
of WPS protocol, do not try to deliver that. This can help with issues
where an ER takes long time to reply to M1 and another Registrar has
already completed negotiation.
2011-08-12 11:58:32 +03:00
Jouni Malinen
de6e463f57 Make sure that EAP callbacks are not done if state machine has been removed
It is possible to get a response for a pending EAP callback after the
EAP state machine has already completed its work or has timed out. For
those cases, make sure that the callback function is not delivered since
it could result in NULL pointer dereferences.
2011-08-12 11:56:44 +03:00
Jouni Malinen
167dc97501 WPS: Fix M2/M2D Config Methods to include PushButton even if PBC not in use
The Config Methods attribute in M2 and M2D messages is supposed to
indicate which configuration methods are supported by the Registrar. As
such, it should not depend on whether PBC mode is currently active or
not. That will only affect the Selected Registrar Config Methods and
Device Password ID attributes.
2011-08-11 17:03:57 +03:00
Jouni Malinen
59639fa112 WPS: Fix default virt/phy pushbutton config method setting
Instead of always adding PHY PushButton config method, only add this
if neither virtual nor physical push button is advertised.
2011-08-11 16:51:40 +03:00
Jouni Malinen
ccb941e6da Add SSID as a separate item in AP mode Beacon setup
This makes it easier for drivers that need the SSID to get it from the
Beacon setup operation without having to parse the Beacon IEs.
2011-08-10 13:29:32 +03:00
Jouni Malinen
19c3b56685 Replace set_beacon() driver op with set_ap()
This change is a first step in better supporting different driver
architectures for AP mode operations with nl80211. This commit in
itself does not add new functionality, but it makes it easier to add
new AP mode parameters to address needs of drivers that have more of
the MLME/SME in firmware or kernel.
2011-08-10 13:22:37 +03:00
Jouni Malinen
5fb1a23252 nl80211: Fix hostapd build 2011-08-09 23:32:26 +03:00
Jouni Malinen
bdffdc5ddb AP: Reorder WPA/Beacon initialization
Split WPA initialization into two parts so that the Beacon frames can be
configured fully before the initial keys (GTK/IGTK) are configured. This
makes it easier for drivers that depend on the AP security mode being
fully set before the keys are configured.
2011-08-09 14:56:16 +03:00
Jouni Malinen
bc45d4279f WPS: Do not update Beacon IEs before initial IE set
This avoids a request to the driver to first start beaconing before
the WPA/RSN IE has been generated and then immediately changing the
beacon IEs once the WPA/RSN IE is ready.
2011-08-09 14:40:06 +03:00
Jouni Malinen
f10bfc9adb nl80211: Add l2_packet for AP mode EAPOL TX without monitor iface
This can be used with drivers that do not support monitor interface
when transmitting EAPOL frames in AP mode.
2011-08-09 14:04:53 +03:00
Jouni Malinen
9db931ed6d nl80211: Do not include NL80211_ATTR_DURATION in TX frame if zero
When offloading of the offchannel TX wait is not used, it is better to
not include NL80211_ATTR_DURATION to avoid confusing nl80211/cfg80211.
2011-08-09 14:01:31 +03:00
Jouni Malinen
a381f2a286 nl80211: Fix connect command to not claim WPA if WPS is used
Such using params->wpa_ie to figure out whether the connection is for
WPA/WPA2 is not correct since that buffer is used also to add WPS IE. In
case of WPS, do not add NL80211_ATTR_WPA_VERSIONS to avoid confusing
drivers.
2011-08-09 13:59:43 +03:00
Jouni Malinen
a05225c819 nl80211: Add more debug information on frame TX command failures 2011-08-09 13:59:12 +03:00
Jouni Malinen
2e92310217 random: Check fwrite return value to avoid warnings
Some compilers complain about fwrite calls if the return value is
not checked, so check the value even if it does not really make
much of a difference in this particular case.
2011-08-06 21:16:31 +03:00
Jouni Malinen
6921f1f386 TLS: Reorder certificates if needed when reading them
The internal TLS implementation assumes that the certificate chain
is ordered by issuer certificate following the certificate that it
signed. Add the certificates to the chain in suitable order when
loading multiple certificates.
2011-08-04 22:39:03 +03:00
Anish Nataraj
628d54639a Dispatch more WPS events through hostapd ctrl_iface 2011-08-04 16:56:41 +03:00
Jouni Malinen
70dbe3b6d7 P2P: Fix 802.11b-only rate validation for Probe Request frames
Commit e1d526293b added code for verifying
whether the receive Probe Request frame was indicating support for only
802.11b rates, but it missed the for loop for the extended supported
rates element. Add that to fix the validation code for cases where
non-802.11b rates are in the extended supported rates element.
2011-08-02 11:18:03 +03:00
Jouni Malinen
93ac240496 Clarify hostapd error message on unsupported hw_mode value 2011-07-31 00:51:34 +03:00
Pavel Roskin
e783c9b0e5 madwifi: Implement set_freq for hostapd, adjust hostapd.conf
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-07-29 20:51:55 +03:00
Pavel Roskin
374038fbde hostap: Remove unused variable in handle_frame()
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-07-29 20:51:55 +03:00
Pavel Roskin
f11634bf5d hostap: Add channel selection support in hostapd
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-07-29 20:51:50 +03:00
Dmitry Shmidt
a79d5479df Increase maximum number of SSIDs per scan with ProbeReq to 10 2011-07-19 08:55:46 +03:00
Eliad Peller
2f4f73b154 nl80211: Change vif type to P2P_CLI upon P2P authentication
Currently, wpa_driver_nl80211_authenticate() changes the interface type
to station. However, in case of P2P, we need to change the interface
type to P2P_CLI.

Add p2p field to the authentication params, and consider it for choosing
the correct interface type.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-07-17 20:25:58 +03:00
Eliad Peller
b1f625e0d8 nl80211: Consider P2P when changing vif type
Commit 9f51b11395 added support for P2P
interfaces when adding a new interface. However, it didn't handle the
case in which the same interface is being used and its type is being
changed. Add support for this case.

Consequently, when doing "ap_scan_as_station" we now need to save the
actual AP interface type (AP/P2P GO) in order to restore it properly.
For that, change ap_scan_as_station type from int to nl80211_iftype, and
set it to NL80211_IFTYPE_UNSPECIFED when not used.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-07-17 20:22:11 +03:00
Jouni Malinen
ff6a158b40 nl80211: Do not re-set iftype when initializing added interface
There is no need to force the interface into station mode when
wpa_supplicant adds a new interface (e.g., P2P group) with the correct
iftype.
2011-07-17 20:03:25 +03:00
Jouni Malinen
a1922f934d nl80211: Add more debug info for iftype changes 2011-07-17 19:47:41 +03:00
Jouni Malinen
7d9c369827 nl80211: Ignore ifdown event if mode change triggered it
When driver_nl80211.c has to set the netdev down to change iftype, an
RTM_NEWLINK event is generated. Do not generate
EVENT_INTERFACE_DISABLED event based on that.
2011-07-17 13:56:34 +03:00
Jouni Malinen
6554237f38 FT: Share IE parser implementation for Authenticator and Supplicant
These are almost identical, so there is no point in using separate
implementations.
2011-07-16 11:13:39 +03:00
Jouni Malinen
c3c828ebfd FT: Fix FT IE parser to not count TIE as protected IE 2011-07-16 11:05:28 +03:00
Hong Wu
c284b46141 FT: Fix the calculation of MIC Control field in FTIE
Reassociation Request/Response frame validation need to count all IEs in
the RIC. In addition, TIE is not protected, so it should not be included
in the count.

Signed-off-by: Hong Wu <hong.wu@dspg.com>
2011-07-16 10:57:17 +03:00
Jouni Malinen
e1d526293b P2P: Do not reply to Probe Request frame indicating only 802.11b rates
Per P2P specification 2.4.1, P2P Device shall shall not respond to
Probe Request frames that indicate support for only 802.11b rates.
2011-07-15 21:49:50 +03:00
Jouni Malinen
97c5b3c45b P2P: Check Device ID match in Probe Request frames in Listen state
Do not reply to Probe Request frames that include a Device ID that
does not match with our own P2P Device Address.
2011-07-15 20:48:06 +03:00
Jouni Malinen
04a85e4401 P2P: Filter Probe Request frames based on DA and BSSID in Listen state
Only accept Probe Request frames that have a Wildcard BSSID and a
destination address that matches with our P2P Device Address or is the
broadcast address per P2P specification 3.1.2.1.1.
2011-07-15 20:28:46 +03:00
Jouni Malinen
15f0961447 Check random_get_bytes() result before writing entropy file 2011-07-15 17:17:48 +03:00
Jouni Malinen
40eebf2353 MD5: Fix clearing of temporary stack memory to use correct length
sizeof of the structure instead of the pointer was supposed to be used
here. Fix this to clear the full structure at the end of MD5Final().
2011-07-15 13:42:06 +03:00
Johannes Berg
f67eeb5c32 nl80211: fix interface address assignment
When a new interface is created and already has a separate MAC address
assigned by the kernel, then we need to use that address, not just when
we've created a locally administered address.

This fixes use_p2p_group_interface=1 for iwlagn as it already makes
mac80211 assign an address for a second interface since the hardware has
two addresses assigned.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-07-15 12:05:19 +03:00
Johannes Berg
b14a210ce2 nl80211: Support GTK rekey offload
Add support to wpa_supplicant for device-based GTK rekeying. In order to
support that, pass the KEK, KCK, and replay counter to the driver, and
handle rekey events that update the latter.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-07-12 21:22:51 +03:00
Jouni Malinen
7aec3776b9 Sync with linux/nl80211.h from wireless-testing.git 2011-07-12 20:53:32 +03:00
Arik Nemtsov
95ab606345 nl80211: Send STA flags to kernel on station addition
Send STA flags to kernel when adding a new station. This ensures
stations are added with up to date flags by kernel drivers.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-07-12 20:28:31 +03:00
Arik Nemtsov
d83ab1fe37 hostapd: Set STA flags when adding a new station
When adding a new station, set the STA flags as part of the sta_add()
command. This ensures the flags are up to date when the station is added
by lower level drivers.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-07-12 20:26:52 +03:00
Hong Wu
715ed737dc FT: Disable PMKSA cache for FT-IEEE8021X
wpa_supplicant uses XXKEY instead of PMK to derive PMK-R0 and PMK-R1 for
FT-IEEE8021X key mgmt.

Signed-off-by: Hong Wu <hong.wu@dspg.com>
2011-07-05 20:49:51 +03:00
Jouni Malinen
cb465555d4 Allow PMKSA caching to be disabled on Authenticator
A new hostapd configuration parameter, disable_pmksa_caching=1, can now
be used to disable PMKSA caching on the Authenticator. This forces the
stations to complete EAP authentication on every association when WPA2
is being used.
2011-07-05 17:13:04 +03:00
Jouni Malinen
4f525d8e5b Move peer certificate wpa_msg() calls to notify.c
This type of wpa_supplicant specific message construction does not need
to be at the EAP implementation, so better move it up to notify.c.
2011-07-05 12:40:37 +03:00
Michael Chang
ade74830b4 Add dbus signal for information about server certification
In general, this patch attemps to extend commit
00468b4650 with dbus support.

This can be used by dbus client to implement subject match text
entry with preset value probed from server. This preset value, if
user accepts it, is remembered and passed to subject_match config
for any future authentication.

Signed-off-by: Michael Chang <mchang@novell.com>
2011-07-05 12:22:32 +03:00
Yogesh Ashok Powar
a3e685a04b hostapd: Clear keys configured when hostapd reloads configuration
Data path is broken when hostapd reloads its configuration
disabling the security which was previously enabled (WEP/WPA),
using kill -1, as old keys were not cleared.

The patch clears the keys configured when hostapd reloads
its configuration.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
2011-07-05 11:39:26 +03:00
Jouni Malinen
235279e777 TLS: Add support for tls_disable_time_checks=1 in client mode
This phase1 parameter for TLS-based EAP methods was already supported
with GnuTLS and this commit extends that support for OpenSSL and the
internal TLS implementation.
2011-07-05 11:29:42 +03:00
Angie Chinchilla
f5fc603251 P2P: Only call dev_lost() for devices that have been dev_found()
Fix a bug with the current dev_found()/dev_lost() usage. Previously
in p2p_device_free() dev_lost() was invoked for devices that had
not been dev_found(). This caused dbus related msgs to stderr like:
"Attempted to unregister path (path[0] = fi path[1] = w1) which isn't
registered"

Signed-off-by: Angie Chinchilla <angie.v.chinchilla@intel.com>
2011-07-04 20:30:16 +03:00