This allows QoS Map Set element to be added to (Re)Association Response
frames and in QoS Map Configure frame. The QoS Mapping parameters are
also made available for the driver interface.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add DFS structures/events handlers, CAC handling, and radar detection.
By default, after radar is detected or the channel became unavailable, a
random channel will be chosen.
This patches are based on the original work by Boris Presman and
Victor Goldenshtein. Most of the DFS code is moved to a new dfs.c/dfs.h
files.
Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
This can be used to implement per-device PSK selection based on the
peer's P2P Device Address instead of P2P Interface Address.
Signed-hostap: Jouni Malinen <j@w1.fi>
This adds survey dump support for all frequencies
and for specific desired frequencies. This will later
be used by ACS code for spectrum heuristics.
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
Upon association, disable the timer that removes the dummy STA. This
timer caused the STA that associates within 5 seconds of doing an ANQP
query to disassociate, thinking it's a dummy STA. Similar call was
already there for the SME/MLME-in-hostapd case in handle_auth(), but the
SME-in-driver case was not previously addressed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When AP mode operation reject the client, nl80211 layer advertises the
connect failed event with the reason for failures (for example, max
client reached, etc.) using NL80211_CMD_CONN_FAILED.
This patch adds some debug messages whenever such an event is received
from the nl80211 layer and also the same event is posted to the upper
layer via wpa_msg().
Signed-off-by: Raja Mani <rmani@qca.qualcomm.com>
Replace CONFIG_IEEE80211V with CONFIG_WNM to get more consistent build
options for WNM-Sleep Mode operations. Previously it was possible to
define CONFIG_IEEE80211V without CONFIG_WNM which would break the build.
In addition, IEEE 802.11v has been merged into IEEE Std 802.11-2012 and
WNM is a better term to use for this new functionality anyway.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows the AP to figure out whether a station is a HS 2.0 STA
during the association and access any information that the STA may have
included in this element.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
There was an issue with EAPOL frame exchanges in a multi-BSS
configuration when a station switches between the BSSes controlled by
the same hostapd process. When processing the EAPOL packet, the array of
virtual APs (iface->bss) is searched looking for the station that sent
the packet in order to identify which signal context should be used
during processing. The first match of the station in its list gets used
in the ieee802_1x_receive() function. However, even after a station has
disassociated, it remains in the list of stations pending an inactivity
timeout. This leads to the wrong hapd context (one where the station had
already disassociated) being used in some cases (if the current/active
bss entry appears in the list after one where the station has just
disassociated from) for EAPOL processing.
Fix this by checking the WLAN_STA_ASSOC flag before assuming the right
hapd context was found for the given station.
Signed-hostap: David Bird <dbird@powercloudsystems.com>
intended-for: hostap-1
All the other places processing EVENT_RX_MGMT events assume that the
event data is included, so not much point in verifying that here.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows the SA Query mechanism in hostapd to be used with drivers
that implement authentication and association MLME/SME.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 1b487b8b1e added CH_SWITCH
event for nl80211, but ended up using hostapd_hw_get_channel()
regardless of build configuration for driver interfaces. This
function is not always available, so make its use conditional
on NEED_AP_MLME.
Signed-hostap: Jouni Malinen <j@w1.fi>
Some drivers may independently decide to switch channels. Handle this by
updating the hostapd and wpa_supplicant AP and GO configuration.
Signed-hostap: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
When hostapd (or wpa_supplicant AP mode) limits the maximum number
of STA entries with a driver that implements SME, the driver needs
to be notified of the failed STA addition. Disassociate the STA if
the driver notifies of an association that would go beyond the
maximum number of STAs.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The next ap_handle_timer action was already cleared when association
is handled with user space -based SME. However, this step was missing
from the driver callback for indicating new association. This could
result in the first ap_handle_timer timeout on the new association
removing the station unexpectedly. Fix this by resetting the timeout_next
in hostapd_notif_assoc().
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
The signal strength is currently never used as the only driver reporting
it is nl80211 which uses IEEE80211_RADIOTAP_DB_ANTSIGNAL which is never
populated by the kernel. The kernel will (soon) populate
IEEE80211_RADIOTAP_DBM_ANTSIGNAL instead though, so use that.
Also, since it was never really populated, we can redefine the signal
field to be in dBm units only.
My next patch will also require knowing the signal strength of probe
requests throughout the code (where available), so add it to the
necessary APIs.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
This event can be very frequent in AP mode when Beacon frames from
neighboring BSSes are delivered to user space. Drop the debug
message priority from DEBUG to EXCESSIVE for Beacon frames.
Signed-hostap: Jouni Malinen <j@w1.fi>
The new event can be used when EAPOL TX status can't be reported as a
complete 802.11 frame but is instead reported as just the EAPOL data as
originally passed to hapd_send_eapol().
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Instead of trying to remember to add wpa_msg() calls for every possible
path where a STA becomes authorized or unauthorized, use
ap_sta_set_authorized() to send these events more consistently.
Signed-hostap: Jouni Malinen <j@w1.fi>
This offloads the station polling to driver wrappers, which may offload
it again to the driver. The hostap driver wrapper uses "real" data
frames while nl80211 uses null data frames.
Also add a specific event to indicate that a poll was successful for
future use with the nl80211 driver.
Commit 17f6b90056 moved the concatenation
of WPS IEs, but did not include the validation that the IE buffer is not
NULL. In addition, the concatenation needs to be done based on the full
IE buffer instead of the parsed pointer that includes only a single
WPS IE.
Make the WPS processing of (Re)Association Request frame IEs conditional
on WPS support. This fixes a build issue with wps_is_20() not being
defined and makes the non-WPS build a bit smaller.
Extend the code that waits for the station to send EAPOL-Start before
initiating EAPOL authenticator operations to cover the case where the
station includes WPS IE in (Re)Association Request frame if that IE
does not include support for WPS 2.0. While this should not really
be needed, this may help with some deployed WPS 1.0 stations that do
not support EAPOL operations correctly and may get confused of the
EAP-Request/Identity packets that would show up twice if EAPOL-Start
is transmitted.
Only accept Probe Request frames that have a Wildcard BSSID and a
destination address that matches with our P2P Device Address or is the
broadcast address per P2P specification 3.1.2.1.1.
This fixes an issue with SA Query Response frames not being processed
anymore after wpa_supplicant started registering a handler for those.
This handler registration is in generic driver_nl80211.c code, so
hostapd uses it, too.
Both the SA and IEs from the received Probe Request frames must be
included and the Probe Request RX callback functions may assume that
these are not NULL.
This allows driver wrappers to indicate whether the association was
done using Association Request/Response or with Reassociation
Request/Response frames.
This is needed to allows WPS PBC session overlap detection to work
with drivers that process Probe Request frames internally. This
code is is run in hostapd, but the wpa_supplicant AP mode did not
have call to the hostapd_probe_req_rx() function even though it
registered handlers for hostapd Probe Request RX callbacks.
An optional parameter, p2p_dev_addr, can now be given to WPS_PBC
command on P2P GO to indicate that only the P2P device with the
specified P2P Device Address is allowed to connect using PBC. If
any other device tries to use PBC, a session overlap is indicated
and the negotiation is rejected with M2D. The command format for
specifying the address is "WPS_PBC p2p_dev_addr=<address>", e.g.,
WPS_PBC p2p_dev_addr=02:03:04:05:06:07
In addition, show the PBC session overlap indication as a WPS failure
event on an AP/GO interface. This particular new case shows up as
"WPS-FAIL msg=4 config_error=12".
The nl80211 driver can report low ACK condition (in fact it reports
complete loss right now only). Use that, along with a config option, to
disconnect stations when the data connection is not working properly,
e.g., due to the STA having went outside the range of the AP. This is
disabled by default and can be enabled with disassoc_low_ack=1 in
hostapd or wpa_supplicant configuration file.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
By default, make hostapd and wpa_supplicant maintain an internal
entropy pool that is fed with following information:
hostapd:
- Probe Request frames (timing, RSSI)
- Association events (timing)
- SNonce from Supplicants
wpa_supplicant:
- Scan results (timing, signal/noise)
- Association events (timing)
The internal pool is used to augment the random numbers generated
with the OS mechanism (os_get_random()). While the internal
implementation is not expected to be very strong due to limited
amount of generic (non-platform specific) information to feed the
pool, this may strengthen key derivation on some devices that are
not configured to provide strong random numbers through
os_get_random() (e.g., /dev/urandom on Linux/BSD).
This new mechanism is not supposed to replace proper OS provided
random number generation mechanism. The OS mechanism needs to be
initialized properly (e.g., hw random number generator,
maintaining entropy pool over reboots, etc.) for any of the
security assumptions to hold.
If the os_get_random() is known to provide strong ramdom data (e.g., on
Linux/BSD, the board in question is known to have reliable source of
random data from /dev/urandom), the internal hostapd random pool can be
disabled. This will save some in binary size and CPU use. However, this
should only be considered for builds that are known to be used on
devices that meet the requirements described above. The internal pool
is disabled by adding CONFIG_NO_RANDOM_POOL=y to the .config file.