Commit Graph

3863 Commits

Author SHA1 Message Date
Jouni Malinen
8c18fcc237 WPS: Add more debug information to M7 AP Settings
This allows the AP Settings data to be included in debug log
(only with -K on command line).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-07 19:33:47 +02:00
Jouni Malinen
d7a15d5953 WPS: Indicate current AP settings in M7 in unconfigurated state
Previously, unconfigured state was forcing the best supported
authentication and encryption state to be shown in WPS messages,
including AP Settings in M7 in case the AP acts as an Enrollee. This is
not really correct for the AP Settings case, so change that one to
indicate the currently configured state.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-07 19:33:19 +02:00
Jouni Malinen
d55fc03ef6 P2P: Handle unexpected GO Neg Req reject message more cleanly
The mechanism of using Status attribute in GO Negotiation Request was
used in some early specification drafts, but it is not compliant with
the current P2P specification where GO Negotiation Request is used only
for the purpose of initiating a new GO Negotiation. However, some
deployed devices use it to indicate rejection of GO Negotiation in a
case where they have sent out GO Negotiation Response with status 1. The
P2P specification explicitly disallows this.

To avoid unnecessary interoperability issues and extra frames, mark the
pending negotiation as failed and do not reply to this GO Negotiation
Request frame. Previously, GO Negotiation Response frame with status=4
was sent back as an indication of the GO Negotiation Request frame being
invalid. This response is not sent anymore and the status code for the
P2P-GO-NEG-FAILURE event is changed from 4 (invalid parameters) to 11
(rejected by user) for this specific workaround case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-07 16:26:59 +02:00
Jouni Malinen
334ec001bb Fix Beacon RX before AP setup completion
It is possible for the driver to report Beacon RX prior to hostapd
having completed AP mode setup, e.g., when changing country code. Beacon
frame processing for OLBC was not prepared for this and could trigger
segfault due to NULL pointer dereference. Fix this by ignoring the
Beacon frames received prior to completing interface setup when
determining OLBC updates.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-06 15:22:06 +02:00
Yun Park
72e7fb3fd9 nl80211: Fix regression in returning to AP mode after scan
Commit b1f625e0d8 extended
ap_scan_as_station to be able to distinguish between AP and P2P GO
iftypes. However, it did this in a way that completely lost the original
mode because drv->nlmode had already been replaced with the station
mode. Fix this by storing the correct old mode.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-05 22:53:59 +02:00
Jouni Malinen
a05e236b11 P2P: Do not re-start invitation on Probe Req RX if already ack'ed
If the peer device has already acknowledge receipt of the Invitation
Request frame, it is better not to re-start invitation by sending
another Invitation Request. This should not be needed since the peer
already has received the Invitation Request frame and sending the second
round in this type of sequence can cause issues with nl80211 offloaded
offchannel TX operations since driver_nl80211.c will lose the cookie
value for the first pending Action frame and may not be able to cancel
offchannel wait for it properly. this has been seen to trigger a failure
in the p2p_go_invite_auth test case with the scan failing due to GO
sending out Probe Response frame on incorrect channel (the channel used
in that not-cancelled Action TX).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-04 17:16:32 +02:00
Jouni Malinen
e8a1572532 The hostap.git master branch is now used for 2.2 development
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-04 16:10:44 +02:00
Jouni Malinen
0b5ff2ae12 WPS: Remove unused Credential AP Channel processing
Commit bd3a373767 added a mechanism to use
AP Channel attribute from within a Credential attribute to optimize
scans. However, this design is not actually used with the WPS NFC use
cases. With configuration token, the AP Channel attribute is in the same
container with the Credential attribute (and that was also handled in
the previous implementation). With connection handover, AP Channel
information is outside the Credential attribute as well.

Simplify implementation by removing the AP Channel within Credential
case. This allows wpas_wps_use_cred() to get the AP Channel from the
container instead of having to find this during credential iteration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-04 13:23:35 +02:00
Jouni Malinen
1536cb5756 WPS: Remove unused 802.1X attribute parsing and processing
This is not really used in practice and there is no need to maintain
unsed code that would only print debug log entries.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-04 13:23:35 +02:00
Jouni Malinen
b37d582eaf Replace ieee802_11_print_ssid() with wpa_ssid_txt()
There is no need to maintain two different functions for printing out
ASCII text version of SSID.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-04 13:23:35 +02:00
Jouni Malinen
93ee3022dc Change version information for the 2.1 release
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-04 13:23:35 +02:00
Jouni Malinen
8597ebdbd4 Fix hostapd segfault on beacon hint event
Commit 795baf773f ('hostapd: Filter
channel list updated events after country code change') uses the
EVENT_CHANNEL_LIST_CHANGED data pointer, but it updated only one of the
callers to provide that data. NL80211_CMD_REG_BEACON_HINT event was
still sending the event without the initiator data and resulted in NULL
pointer dereference, e.g., if a scan was run while hostapd was running
and the driver was in world roaming state and enabled a channel for
active scans.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-03 19:34:59 +02:00
Masashi Honma
c69ed4dd49 bsd: Fix hostapd compiler warning
The hostapd compilation displays a below warning On NetBSD 6.1.2.

../src/drivers/driver_bsd.c:72:1: warning: 'get80211opmode' defined but not used

This patch solves it and moves other functions to appropriate position to
reduce #ifdef.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2014-02-03 19:34:49 +02:00
Janusz Dziedzic
1412beeee9 nl80211: Show DFS region info in debug messages
Print DFS region info, if provided, when printing regulatory
information.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-01-30 14:10:25 +02:00
Janusz Dziedzic
fd92413417 hostapd: Increase timeout for channel list update to 5 seconds
Before this patch, 1 second timeout was used for regulatory updates. In
some cases, specially when we reload driver modules on some slower
platforms this could take more than 1 second (about 2 seconds). This is
important specially for DFS case, where we have to have correct DFS
region before we will start CAC. In other case (unknown DFS region), CAC
will fail. 5 seconds should be enough for all cases.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-01-30 14:05:14 +02:00
Johannes Berg
ff5e1d14af nl80211: Treat RSSI as part of each sched scan matchset
The original RSSI filter semantics for scheduled scan were
really confusing - a separate matchset was created, but it
wasn't actually treated as a separate matchset in the kernel
but rather used as the global RSSI value. The RSSI matchset
thus behaved like an RSSI filter outside of the matchsets,
being ANDed rather than ORed (as normal between matchsets.)

To make this less confusing, I changed the kernel API a bit
to actually treat the RSSI inside each matchset properly,
but keeping it compatible with the old approach by using a
matchset with only an RSSI value as the default for all the
other matchsets, and adding it as a separate matchset only
if it's the only one.

The proper way for wpa_supplicant to do this then would be
to add the RSSI to each SSID matchset, and only add another
matchset without SSID if there's none with.

However, to keep compatibility with older kernels, always
keep the non-SSID matchset and only add the RSSI to all the
other matchsets. This gets close to the desired behaviour,
the only difference would be that we shouldn't add the RSSI
matchset if there are others, but stays compatible with old
and new kernels, as new ones ignore the RSSI-only matchset
if there are others and those others have an RSSI.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2014-01-30 14:03:53 +02:00
Eytan Lifshitz
04c366cb1d Fix memory leaks and wrong memory access
1. In wpa_config_process_bgscan() fix memory leak after
   calling wpa_config_parse_string()
2. In hostapd_config_defaults(), on failure to allocate bss->radius,
   conf->bss was not freed.
3. In p2p_deauth_nofif(), memory allocated in p2p_parse_ies() was not
   freed in case of NULL minor_reason_code.
4. In p2p_disassoc_nofif(), memory allocated in p2p_parse_ies() was
   not freed in case of NULL minor_reason_code.
5. In p2p_process_go_neg_conf(), memory allocated was not freed in
   case that the P2P Device interface was not waiting for a
   GO Negotiation Confirm.
6. In wpa_set_pkcs11_engine_and_module_path(), the wrong pointer was
   checked.

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
2014-01-30 14:01:31 +02:00
Michal Kazior
4b0f2282cb nl80211: Fix channel switching with VHT80
It is possible for channel switch notification to be missing channel
type attribute. This is true at least for VHT80. This led to
iface->conf->secondary_channel being set to 0. This in turn made
subsequent DFS-triggered CSA to fail due to invalid frequency
parameters.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2014-01-30 13:58:48 +02:00
Shital Jaju
e28f39b7e9 nl80211: Verify that ifindex attribute is included in survey
This checks if the NL80211_ATTR_IFINDEX attribute is present before
trying to get the value of interface index.

Signed-hostap: Shital Jaju <shitalj@broadcom.com>
2014-01-30 13:44:07 +02:00
Jouni Malinen
91226e0d12 WPS: Add testing option to corrupt public key hash
If CONFIG_WPS_TESTING=y is enabled in build configuration, the new
wps_corrupt_pkhash parameter (similar to wps_testing_dummy_cred) can be
used to request public key hash to be corrupted in all generated OOB
Device Password attributes. This can be used for testing purposes to
validate public key hash validation steps.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
d2f18378e1 WPS NFC: Add BSSID and AP channel info to Configuration Token
This information can help the Enrollee to find the AP more quickly with
an optimized scan.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
75dbf98157 WPS-STRICT: Update valid Device Password ID and Config Error range
Accept the new values defined for WPS NFC.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
8e9f53c367 P2P NFC: Static handover with NFC Tag on client
This adds a new P2P Invitation mechanism to invite a P2P Device with an
NFC Tag to an already operating group when the GO with NFC Device reads
the NFC Tag. The P2P Device with the NFC Tag will then accept invitation
and connect to the group automatically using its OOB Device Password.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
dd87677115 P2P NFC: Enable own NFC Tag on GO Registrar
When "P2P_SET nfc_tag 1" is used to enable the own NFC Tag for P2P, also
enable it for any running GO interface.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
abe44e3ca2 P2P NFC: Add GO info into handover message when in client role
P2P Group ID can optionally be included in the connection handover
messages when acting as a P2P Client in a group. Add this information
and show it in the P2P-NFC-PEER-CLIENT event message.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
23318bea94 P2P NFC: Optimize join-a-group operation based on NFC information
When the NFC connection handover message received from a peer indicates
that the peer is operating as a GO on a specific channel, use that
information to avoid having to go through full scan. In addition, skip
the separate join-a-group scan since we already know the operating
channel, GO P2P Device Address, and SSID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
ac08752d28 WPS NFC: Use pubkey mismatch config error from Enrollee
This was already done for Registrar, but the Enrollee case did not
set config error properly if Registrar public key did not match the
hash received during NFC connection handover.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
59b45d1afe P2P NFC: Add processing of P2P client while NFC handover case
Instead of automatically triggering a connection, provide an indication
of one of the devices being a P2P client to upper layers to allow user
to determine what to do next.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
74df9ecd4a P2P NFC: Do not try to join peer if both devices are already GO
Send a P2P-NFC-BOTH-GO event to upper layers to determine what to
do in case both devices going through NFC connection handover are
already operating as a GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
25ef8529c1 P2P: Add support for IP address assignment in 4-way handshake
This new mechanism allows P2P Client to request an IPv4 address from the
GO as part of the 4-way handshake to avoid use of DHCP exchange after
4-way handshake. If the new mechanism is used, the assigned IP address
is shown in the P2P-GROUP-STARTED event on the client side with
following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP
address is included in the AP-STA-CONNECTED event on the GO side as a
new ip_addr parameter. The IP address is valid for the duration of the
association.

The IP address pool for this new mechanism is configured as global
wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask,
ip_addr_star, ip_addr_end. For example:

ip_addr_go=192.168.42.1
ip_addr_mask=255.255.255.0
ip_addr_start=192.168.42.2
ip_addr_end=192.168.42.100

DHCP mechanism is expected to be enabled at the same time to support P2P
Devices that do not use the new mechanism. The easiest way of managing
the IP addresses is by splitting the IP address range into two parts and
assign a separate range for wpa_supplicant and DHCP server.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:26 +02:00
Jouni Malinen
fdd48ff6e0 P2P NFC: Optimize GO Negotiation retries
When NFC connection handover is used to trigger GO Negotiation, the
channel used for the GO Negotiation frames is already known. As such,
there is no need to use the Listen operations to find the peer.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
c4f87a701b P2P NFC: Add NFC tag enabling for static handover
The device with the NFC Tag can be configured to enable NFC to be used
with "P2P_SET nfc_tag 1" and "P2P_LISTEN" commands to allow static
handover to be used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
db6ae69e6b P2P NFC: Report connection handover as trigger for P2P
"NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to
report completed NFC negotiated connection handover in which the P2P
alternative carrier was selected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
9358878055 P2P NFC: Build connection handover messages
"NFC_GET_HANDOVER_{REQ,SEL} NDEF P2P-CR" can now be used to build P2P
alternative carrier record for NFC connection handover request/select
messages.

Static connection handover case can be enabled by configuring the DH
parameters (either with wps_nfc_* configuration parameters or with
WPS_NFC_TOKEN command at run time. The NFC Tag contents can be generated
with "NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG" after having configured
Listen channel (p2p_listen_reg_class/p2p_listen_channel).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
c00ab85f7e P2P NFC: Define WPS_NFC config method
This will be used to track NFC as config method in P2P operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
0deab087cd P2P NFC: Allow separate WPS/P2P IES to be parsed
This will be needed for processing the NFC connection handover messages
for P2P.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
fca9958607 P2P NFC: Pass OOB Dev Password through P2P parser
This will be needed for processing the NFC connection handover messages
for P2P.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
ab9e34426f P2P NFC: Pass OOB Device Password ID to P2P
GO Negotiation needs to know which OOB Device Password ID is assigned
for the peer when NFC is used as the trigger.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
5154689468 P2P NFC: Add WPS attribute building for P2P NFC
These functions can be used to build the WPS attributes for P2P NFC
connection handover messages.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
01afd8dbd7 P2P NFC: Add NDEF helpers for P2P connection handover messages
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
9e323a24cd P2P NFC: Add OOB GO Negotiation Channel attribute
Add definition and helper functions for the new OOB GO Negotiation
Channel attribute.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
14d8645f63 WPS NFC: Allow BSSID and channel to be included in handover select
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
50d1f8901c NFC: Update WPS ER to use the new connection handover design
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
fa4c2988ae WPS NFC: Process new style handover select
The new WPS connection handover select includes Registrar public key
hash instead of credential. Use the new information to start
abbreviated WPS handshake instead of configuring a new network directly
from the old Credential-from-NFC design.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
068cdb1d98 WPS NFC: New style connection handover select from AP/Registrar
The contents of the WPS connection handover select message was modified
to include the Registrar public key hash instead of the credential.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
3189ca055d WPS NFC: Add AP mode connection handover report
The new NFC connection handover design requires the AP/Registrar to
process the connection handover request message received from the
Enrollee. Add control interface commands for handling this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
41f9ffb635 WPS NFC: Build new style carrier record for connection handover request
It is more useful to be able to build a single NFC carrier record
instead of the full connection handover request message to allow
external components to decide whether to negotiate which alternative
carrier is used. This updates the carrier record contents to the new
design to include Enrollee public key hash and provides this as a
carrier record instead of full message. An external program is expected
to be used to build the full NFC connection handover message with
potentially other alternative carrier records included.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
3f1639da57 WPS NFC: Split DH key generation to a separate function
This allows DH key generation to be shared for other purposes than just
the case of OOB Device Password building. In addition, force the DH
public key buffer to be full 192 octets with zero padding to avoid
issues with the buffer being used in messages sent to a peer device.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
975491793b WPS NFC: Update NFC connection handover design
The new Device Password ID 7 is used to indicate that NFC connection
handover is used with DH public key hash from both devices being
exchanged over the NFC connection handover messages. This allows an
abbreviated M1-M2 handshake to be used since Device Password does not
need to be used when DH is authenticated with the out-of-band
information (validation of the public key against the hash).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
34b6795015 WPS NFC: Use abbreviated handshake if both PK hashes delivered OOB
When both the Registrar and Enrollee public key hashes are delivered
out-of-band (in NFC connection handover), use abbreviated WPS handshake
(skip M3-M8).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
5f4545573f WPS NFC: Validate peer public key hash on Enrollee
Since the Enrollee can now get the public key hash from the Registrar,
there is need to validate this during the WPS protocol run.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
ff40cd6dd1 WPS NFC: Send M2D with config error 20 on pkhash mismatch
Instead of terminating the WPS protocol immediately, go through an M2D
exchange to notify Enrollee of the public key hash mismatch.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
e435417eef WPS: Remove Version attribute from NFC messages
This old Version attribute is not really needed anymore for these use
cases with the assumption that there are no existing WPS+NFC
deployments. It was removed from the WSC specification, so make the
implementation match that change.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
72403ecef7 WPS: Add builder functions for AP Channel and RF Bands attributes
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
ea43ad960b P2P: Make group operating channel available
Provide local GO channel to the P2P module so that it can be used in
messages that indicate the current operating channel.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
9f7cd9ae8a P2P: Split add-group-info into a helper function
This functionality is needed for other messages, too, so split the group
info building code into a separate helper function.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Arif Hussain
253f2e3795 P2P: Apply unsafe frequency rules to available channels
This adds a QCA vendor specific nl80211 event to allow the driver to
indicate a list of frequency ranges that should be avoided due to
interference or possible known co-existance constraints. Such
frequencies are marked as not allowed for P2P use to force groups to be
formed on different channels.

If a P2P GO is operating on a channel that the driver recommended not to
use, a notification about this is sent on the control interface and
upper layer code may decide to tear down the group and optionally
restart it on another channel. As a TODO item, this could also be changed
to use CSA to avoid removing the group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 11:49:05 +02:00
Jouni Malinen
1682c62360 Add a header file defining QCA OUI and vendor extensions
This file is used as a registry of identifier assignments from the
Qualcomm Atheros OUI 00:13:74 for purposes other than MAC address
assignment. One of the first uses will be for nl80211 vendor
commands/events which is reason for the preparation change in
driver_nl80211.c

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-24 15:58:00 +02:00
Jouni Malinen
c5a64e2d51 GAS client: Use Protected Dual of Public Action frames with PMF
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Conver Public Action
GAS queries to use Dual of Public Action frame if PMF has been
negotiated with the AP to which the frame is being sent.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 11:50:28 +02:00
Jouni Malinen
5ce00d09c0 GAS server: Add support for Protected Dual of Public Action frames
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Add support for this
different category of Action frames being used for GAS. The payload
after the Category field is identical, so the only change is in using
the Category field based on what was received in the request frames. For
backwards compatibility, do not enforce protected dual to be used on the
AP side, i.e., follow what the station does.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 11:19:55 +02:00
Jouni Malinen
e24fe94126 Add definitions for Protected Dual of Public Action frames
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 11:19:55 +02:00
Jouni Malinen
7b2c42f8b9 hostapd: Fix PMF robust Action frame processing rules
Due to misplaced parenthesis, unprotected not-Robust Action frames
(e.g., Public Action frames) were dropped in handle_assoc() when such
frames were received during an association that had negotiated use of
PMF. This is not correct since only unprotected Robust Action frames
were supposed to be handled in this way.

This would have broken any Public Action frame use during PMF
association, but such frames were not really supposed to be used
currently (ANQP as the only possible use case should really use
protected dual option in such case).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 10:24:21 +02:00
Max Stepanov
080cc445df nl80211: Fix sizeof check in vendor command/event handling
Fix sizeof in a validity comparison of nl80211_vendor_cmd_info size. The
incorrect version happened to work on 64-bit builds due the structure
being eight octets, but this was incorrect and would not used with
32-bit builds.

Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
2014-01-22 19:30:20 +02:00
Ilan Peer
a487b35572 hostapd: Fix segmentation fault when calling hostapd_cli all_sta
While iterating over the stations hostapd_ctrl_iface_sta_mib()
might be called with sta == NULL. Fix this.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2014-01-22 19:28:57 +02:00
Dmitry Shmidt
dcdd3838ef P2P: Reduce peer expiration age to 60 sec and allow customization
The new default value (from 300 to 60 seconds) makes the internal P2P
peer list somewhat faster to react to peers becoming unreachable while
still maintaining entries for some time to avoid them disappearing
during user interaction (e.g., selecting a peer for a connection or
entering a PIN).

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-01-21 16:24:40 +02:00
Rashmi Ramanna
a2d6365760 P2P: Extend the listen time based on the active concurrent session
A P2P Device while in the Listen state waiting to respond for the
obtained group negotiation request shall give a fair chance for other
concurrent sessions to use the shared radio by inducing an idle time
between the successive listen states. However, if there are no
concurrent operations, this idle time can be reduced.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-20 22:55:09 +02:00
Po-Lun Lai
3eaaca1a0b P2P: Allow GO Negotiation Request to update peer entry after PD
Previously, GO Negotiation Request frame was used to update a peer entry
if only a Probe Request from that peer had been received. However, it
would be possible, even if unlikely, for a peer to be discovered based
on receiving Provision Discovery Request frame from it and no Probe
Request frame. In such a case, the Listen frequency of the peer would
not be known and group formation could not be (re-)initialized with that
peer. Fix this by allowing the GO Negotiation Request frame to update
peer entry if the current peer entry does not include Listen or
Operating frequency.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-17 19:35:03 +02:00
Jithu Jance
a691d99ff5 P2P: Don't expire the peer, if GO Negotiation is in progress
This adds one more case of active P2P peer detection so that
p2p_expire_peers() cannot hit a case where a GO Negotiation peer would
be removed.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2014-01-17 11:53:33 +02:00
Sunil Dutt
efc64886b8 nl80211: Pass station supported channel and oper class info
Pass station supported channel and operating class information to kernel
for TDLS peers.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>x
2014-01-14 17:24:33 +02:00
Sunil Dutt
3ed97271ba TDLS: Pass peer's Supported channel and oper class info during sta_add
The information of the peer's supported channel and operating class
is required for the driver to do TDLS off channel operations with a
compatible peer. Pass this information to the driver when the peer
station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-14 17:24:33 +02:00
Janusz Dziedzic
eed65aad14 hostapd: DFS setup seg0 correctly for HT40-
Fix seg0 calculation for HT40+/HT40-.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-01-14 17:14:13 +02:00
Janusz Dziedzic
25592b236b hostapd: DFS/CSA check if CSA in progress
Check if CSA is already in progress, before triggering a new channel
switch.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-01-14 17:13:50 +02:00
Jouni Malinen
c60ba9f7ab Skip network disabling on expected EAP failure
Some EAP methods can go through a step that is expected to fail and as
such, should not trigger temporary network disabling when processing
EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as
a special case, but similar behavior is needed for EAP-FAST with
unauthenticated provisioning.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 16:42:15 +02:00
Jouni Malinen
7185e16a91 EAP-FAST peer: Make debug clearer on missing pac_file configuration
EAP-FAST requires pac_file to be configured, so make it clearer from the
debug output if missing configuration parameter was the reason for
EAP-FAST initialization failing.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 10:25:58 +02:00
Jouni Malinen
7b88b64cd3 EXT PW: Fix hash return in password fetching
The hash return buffer was previously left uninitialized in case
externally stored password ("password=ext:...") was used. This could
result in MSCHAPv2 failure if that uninitialized memory happened to be
something else than zero.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 22:32:12 +02:00
Jouni Malinen
08081ad8ef hostapd: Skip full AP configuration validation on SET command
It is possible for the configuration to be temporarily invalid when
adding a new AP through SET commands followed by ENABLE. Avoid this
issue by using less strict validation on SET commands and perform full
configuration validation only on ENABLE. Use cases with configuration
file maintain their previous behavior, i.e., full validation after the
file has been read.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 20:23:56 +02:00
Arik Nemtsov
1785d2e912 P2P: Wait on GO Negotiation Confirm transmit
This reverts commit 792c8877c3
('P2P: Send GO Negotiation Confirm without wait').

Some drivers rely on the wait period for sending packets on the
off-channel. If the wait value is small, there's a race condition where
the driver ROC might complete before the packet was sent out. This
doesn't impede other drivers, as the wait is cancelled when a
Tx-completion arrives from the remote peer.

Signed-hostap: Arik Nemtsov <arik@wizery.com>
2014-01-07 16:28:44 +02:00
Eyal Shapira
472fa2168a P2P: Cancel action frame offchan wait after recv GO Neg Conf
The missing call to scan_action_done() may keep us off-channel for 250
ms following sending GO Negotiation Response. In case the operating
channel is different from this channel and we're GO, a race could lead
to start beaconing while off-channel. This could potentially cause the
Beacon frames to go out on incorrect channel with some drivers.

Signed-hostap: Eyal Shapira <eyal@wizery.com>
2014-01-07 16:12:03 +02:00
Jouni Malinen
bfdc2a3172 bsd: Fix NULL pointer dereference on error path
The error path in bsd_init() on struct bsd_driver_data allocation was
jumping to location where drv is dereferenced. That will crash and it is
easier to just return from the function since no cleanup steps are
needed in this case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 15:58:01 +02:00
Masashi Honma
38bbd06ecf bsd: Prepare event buffer on init process
Currently these three steps runs for each event.
1. get buffer size via system
2. allocate a memory for event
3. free the memory

The wpa_supplicant receives 4 events from boot to be connected.
So this patch prepare the event buffer at the init process.

I have tested wpa_supplicant on NetBSD 6.1.2.
But I could not tested hostapd because I do not have AP enabled device.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2014-01-07 15:56:06 +02:00
Jouni Malinen
90a545ccba nl80211: Clean up netlink parsing and debug prints
This makes the RTM_NEWLINK, RTM_DELLINK, and operstate debug messages
easier to understand.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Andrei Otcheretianski
991aa9c73f nl80211: Move CS supported flag to wpa_driver_capa
Replace channel_switch_supported flag of the
wpa_driver_nl80211_data by WPA_DRIVER_FLAGS_AP_CSA inside
wpa_driver_capa.flags. It makes more sense and also can
be accessed by wpa_supplicant.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-01-07 10:45:12 +02:00
Jouni Malinen
f0cbb986ff Add DRIVER-STATUS command for hostapd
This is just like the same command in wpa_supplicant, i.e., "hostapd_cli
status driver" can be used to fetch information about the driver status
and capabilities.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
188ebcd07b EAP-IKEv2 peer: Fix a memory leak in notify round
The plaintext notification needs to be freed after encryption.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
a190189d22 Remove PEAPv2 support
PEAPv2 implementation was not fully completed and there does not seem to
be any deployments of PEAPv2 nor any clear sign of such showing up in
the future either. As such, there is not much point in maintaining this
implementation in hostapd/wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
16a19ddae8 EAP-pwd peer: Allow fragmentation limit to be configured
The standard fragment_size network parameter can now be used to
configure EAP-pwd fragmentation limit instead of always using the
hardcoded value of 1020.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
60bf585cce EAP-IKEv2 peer: Allow fragmentation limit to be configured
The standard fragment_size network parameter can now be used to
configure EAP-IKEv2 fragmentation limit instead of always using the
hardcoded value of 1400.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
ea6fc58ccf WPS: Convert printf() debug print to use wpa_printf()
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
c4b8c71ba4 EAP-GPSK: Report CSuite negotiation failure properly
Setting methodState = DONE for the case where GPSK-1 is found to be
invalid or incompatible allows EAP state machine to proceed to FAILURE
state instead of remaining stuck until AP times out the connection.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
5a0f596b7b EAP-GPSK: Allow forced algorithm selection to be configured
phase1 parameter 'cipher' can now be used to specify which algorithm
proposal is selected, e.g., with phase1="cipher=1" selecting AES-based
design and cipher=2 SHA256-based. This is mainly for testing purposes,
but can also be used to enforce stronger algorithms to be used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
5f01c3c84a EAP peer: Improve failure reporting from METHOD with no eapRespData
One of the RFC 4137 state transitions (METHOD -> FAILURE) had been
forgotten and this could result in EAP peer method processing not
reporting failure immediately and instead, remain stuck waiting for the
connection to time out. Fix this by adding the methodState == DONE &&
decision == FAIL case to allow immediate reporting of failures.

The condition from RFC 4137 as-is would cause problems for number of the
existing EAP method implementations since they use that in places where
the final message before EAP-Failure should really be sent to the EAP
server (e.g., WSC_Done in EAP-WSC). Address this by includng eapRespData
== NULL as an additional constraint for entering FAILURE state directly
from METHOD.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
a09ffd5f2f Fix req_scan-deplete-timeout and update eloop API for this
Commit e2f5a9889a was supposed to prevent
new scan request from pushing out the old one. However, it did not
really do that since eloop_deplete_timeout() returned 0 both for the
case where the old timeout existed (and was sooner) and if the old
timeout did not exist. It returned 1 only for the case where an old
timeout did exist and was larger than the new requested value. That case
used to result in wpa_supplicant_req_scan() rescheduling the timeout,
but hew code in eloop_deplete_timeout() did the exact same thing and as
such, did not really change anything apart from the debug log message.

Extend the eloop_deplete_timeout() (and eloop_replenish_timeout() for
that matter since it is very similar) to return three different values
based on whether the timeout existed or not and if yes, whether it was
modified. This allows wpa_supplicant_req_scan() to schedule a new
timeout only in the case there was no old timeout.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
1f965e622a Allow external programs to request wpa_radio work items
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
e05e130837 P2P: Use radio work to protect offchannel Action frame exchanges
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
1b5d4714dd Use radio work for P2P scan requests
Avoid concurrent P2P scan requests with any other exclusive use of the
radio by using the radio work queuing mechanism. This removes some of
the earlier workarounds that postponed scans depending on other
operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:39:25 +02:00
Jouni Malinen
dd43aaa509 Add helper functions for cloning and freeing scan parameters
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:35:52 +02:00
Jouni Malinen
466bcf99c3 Remove some unnecessary EAPOL port (un)authorized callbacks
If the port status did not change or would not need to get an update
after portEnabled changes, there is no need to try to set the driver to
use the same value it is already using based on the previous state.
Remove such calls to reduce number of operations during reassociation.
In addition, this cleans up the debug log by removing unnecessary
duplicated entries.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 23:49:38 +02:00
Jouni Malinen
949938aadf Ask driver to report only new scan results if requested
If the BSS table within wpa_supplicant is flushed, request the driver to
flush its own scan result table during the next scan. This can avoid
unexpected old BSS entries showing up after BSS_FLUSH or FLUSH command
in cases where the driver may maintain its internal cache of scan
results (e.g., cfg80211 BSS table persists at least for 15 seconds).

In addition to doing this automatically on BSS_FLUSH/FLUSH, a new SCAN
command argument, only_new=1, can be used to request a manual scan
request to do same. Though, it should be noted that this maintains the
BSS table within wpa_supplicant. BSS_FLUSH followed by SCAN command can
be used to clear all BSS entries from both the driver and
wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 23:03:31 +02:00
Jouni Malinen
a1a31b6c3f Remove hostapd dump_file functionality
This debugging mechanism has now been deprecated by the control
interface commands that can be used to fetch same internal information
from hostapd in a more convenient way. Leave the empty USR1 signal
handler and configuration file parameter for backwards compatibility.
They can be removed in future versions of hostapd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 18:15:07 +02:00
Jouni Malinen
ea23df652a Make EAPOL dump data available through ctrl_iface STA command
The per-STA/Supplicant state information from the EAPOL authenticator
is now available through "STA <MAC Address> eapol" command.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 17:49:48 +02:00
Jouni Malinen
96ea74b866 Convert EAPOL authenticator dump into easier to parse format
Use name=value entries one per each line and rename the state
entries to have unique names.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 17:37:21 +02:00
Jouni Malinen
f538be3e82 Add more STA information into the ctrl_iface STA command
This adds TX/RX statistics and information about association into the
per-STA data that is available through the hostapd control interface. In
addition, information about the EAP method is now included with the IEEE
802.1X data.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 16:58:14 +02:00
Jouni Malinen
101bdc2e8c Remove forgotten notes about already removed driver wrappers
These old driver wrappers have been removed quite some time ago, but
some of the build configuration notes were still describing how they
are configured.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 10:23:30 +02:00
Jouni Malinen
17b79e65a9 nl80211: Initial support for vendor commands and events
Print into the debug log the list of vendor commands and events that the
driver supports. In addition, add a generic handler for vendor events.
This can be extended for each vendor/subcmd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-01 23:47:35 +02:00
Jouni Malinen
c64e3a08a9 P2P: Send received Presence Response information to ctrl_iface monitors
The P2P_PRESENCE_REQ command did not give any easily available
indication of the response received from the GO. Make this more useful
by providing such response (if received) as a ctrl_iface monitor event
(P2P-PRESENCE-RESPONSE).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-01 18:44:44 +02:00
Jouni Malinen
f7fb676633 ACS: Mark acs_fail() static
This function is not used outside acs.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 22:30:49 +02:00
Jouni Malinen
3cf06c9e2c OpenSSL: Include sha1/sha256 header files to verify declarations
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:58:16 +02:00
Jouni Malinen
5ace51a48a WNM: Clean up le16 variable use to avoid sparse warnings
intval is marked le16 and should be used through proper byte order
conversion functions even if it ended up getting set correctly due to
the two operations cancelling each other.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:41:47 +02:00
Jouni Malinen
8cf1e68c02 Move declaration of hostapd_acs_completed() into correct header file
This function is in hw_features.c and as such, should be declared in
hw_features.h.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:34:43 +02:00
Jouni Malinen
0187c41d88 Declare wpa_debug_* variables in src/utils/wpa_debug.h
These were somewhat more hidden to avoid direct use, but there are now
numerous places where these are needed and more justification to make
the extern int declarations available from wpa_debug.h. In addition,
this avoids some warnings from sparse.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:29:52 +02:00
Jouni Malinen
fcc61230d1 Declare wpa_drivers in src/drivers/driver.h
This avoids some warnings from sparse.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:19:37 +02:00
Jouni Malinen
327b01d3d7 nl80211: Add driver param for forcing monitor and connect APIs
use_monitor=1 and force_connect_cmd=1 driver parameters can now be used
to force older monitor interface design and the connect API (SME in
driver) to increase hwsim testing coverage.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 15:45:18 +02:00
Jouni Malinen
6f06766e71 nl80211: Fix nl_mgmt handling in partial error case
If Action frame registration in nl80211_mgmt_subscribe_non_ap() failed
for any frame type, the previous implementation skipped
nl80211_mgmt_handle_register_eloop() call. This is not desirable since
none of the Action frame types could be received and even worse, the
following nl80211_destroy_eloop_handle() call for nl_mgmt would likely
result in crashing the process due to the ELOOP_SOCKET_INVALID XOR
operation. This could be triggered at least in a P2P group interface
startup failure case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 15:45:18 +02:00
Jouni Malinen
4ea6a47133 nl80211: Prefer newer scan result over older during duplicate removal
Previously, it was possible for bss_info_handler() to end up dropping a
newer scan result entry if there were two entries with the same BSSID
and SSID (i.e., only frequency was different) and we were not associated
with either. This could happen, e.g., in some P2P use cases where device
discovery may happen on different channels. Fix this by checking the age
of the scan entries as well to prefer the most recent response.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 15:45:18 +02:00
Jouni Malinen
2eef5177ad nl80211: Report set_supp_port failures in debug log
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:16:27 +02:00
Jouni Malinen
a0bdd1916f nl80211: Share a helper function for connect and associate commands
Most of the attributes to these commands are identical and there is no
need to maintain two copies of the same functionality.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:16:27 +02:00
Jouni Malinen
e00d546ca3 Remove unnecessary build #ifdef from definitions
This type of definition by itself does not change the binary at all.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:16:27 +02:00
Jouni Malinen
4848a38d85 Get rid of duplicated cipher suite and AKM definitions
WPA_CIPHER_* and CIPHER_* are used for the exact same set of cipher
suites with the main difference being that the WPA_CIPHER_* version is
suitable to be used as a bitfield. Similarly, WPA_KEY_MGMT_* and
KEY_MGMT_* have similar design for AKMs. There is no need to maintain
two separate copies of the definitions since the bitfield compatible
version can be used for both needs. Get rid of the CIPHER_* and
KEY_MGMT_* versions to clean up the implementation by getting rid of
unnecessary mapping functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:16:27 +02:00
Jouni Malinen
de4ed4a89b nl80211: Use helper functions for cipher suite mapping
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:16:27 +02:00
Jouni Malinen
a565084f96 nl80211: Set control port for NL80211_CMD_COMMAND
NL80211_ATTR_CONTROL_PORT was previously set only for
NL80211_CMD_ASSOCIATE, but it should also be set when using
NL80211_CMD_COMMAND (driver-based SME) even though none of the current
non-mac80211 drivers use this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:15:49 +02:00
Jouni Malinen
35f3d3ed5f nl80211: Clean up regulatory rule debug prints
Combine maximum bandwidth and EIRP into a single debug print.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-30 23:35:48 +02:00
Jouni Malinen
880de8851e nl80211: Print frame registration match on same debug line
This makes debug log a bit more readable.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-30 23:35:48 +02:00
Jouni Malinen
152cff6ba6 P2P: Remove WPA_DRIVER_FLAGS_P2P_MGMT option
The option of handling upper layer P2P management operations within the
driver/firmware was originally planned to be used with wpa_supplicant,
but this has not really happened and there is no clear sign of this
being needed in the near term either. This functionality has not been
completed and it is certainly not being kept up-to-date or tested. As
such, it is best to remove it for now and if this or something similar
is needed in the future, it can be brought back once a clear need for it
has been demonstrated first.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 18:20:47 +02:00
Jouni Malinen
4414d9ee95 SAE: Fix ECC element y coordinate validation step
prime_len was added to the start pointer twice and because of this, the
actual y coordinate was not verified to be valid. This could also result
in reading beyond the buffer in some cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 17:18:17 +02:00
Jouni Malinen
069fb4712b EAP-EKE: Allow forced algorithm selection to be configured
phase1 parameters dhgroup, encr, prf, and mac can now be used to specify
which algorithm proposal is selected, e.g., with phase1="dhgroup=3
encr=1 prf=1 mac=1" selecting the mandatory-to-implement case. This is
mainly for testing purposes, but can also be used to enforce stronger
algorithms to be used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 17:18:17 +02:00
Jouni Malinen
3a88914d8e Remove unused information element parsing data
These information elements are not really used anywhere in hostapd or
wpa_supplicant nor is there any plan to use them. As such, there is no
need to keep the code here either, so save couple of bytes here.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 17:18:17 +02:00
Jouni Malinen
dbfb8e82ff Remove unnecessary EVENT_RX_ACTION
This driver event was used separately for some Action frames, but all
the driver wrappers converted to this from information that would have
been enough to indicate an EVENT_RX_MGMT event. In addition, the
received event was then converted back to a full IEEE 802.11 management
frame for processing in most cases. This is unnecessary complexity, so
get rid of the extra path and use EVENT_RX_MGMT for Action frames as
well as other management frame subtypes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 17:18:17 +02:00
Jouni Malinen
1450e1e319 Define __maybe_unused
This can be used to silence compiler warnings in cases where #ifdef
blocks can leave some variables or functions unused and there is no
cleaner way of avoiding the warnings.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 13:38:27 +02:00
Jouni Malinen
912b34f000 Do not process Action frames twice in hostapd SME/MLME
Commit 88b32a99d3 added support for using
some Action frame processing in hostapd for drivers that handle most of
SME/MLME internally (it added FT, this has since be extended for SA
Query and WNM). However, this was added in a way that ended up getting
both the hostapd_rx_action() and hostapd_action_rx() called for Action
frames. This could result in an attempt to process FT, SA Query, and WNM
Action frames twice.

There is need for more significant cleanup in Action frame processing in
hostapd depending on the driver type, but as a simple step to avoid
issues, skip the hostapd_action_rx() call if hostapd_rx_action()
processed the frame.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 11:25:59 +02:00
Jouni Malinen
006309b546 Fix whitespace style
Commit 88b32a99d3 added couple of lines
with incorrect indentation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 11:25:59 +02:00
Jouni Malinen
67807132cf WPS: Remove unused send_wpabuf()
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:33 +02:00
Jouni Malinen
0e22b8dd4c WPS: Make sure reconfiguration timeout is not left behind on deinit
Even though this is a short timeout, it is at least theoretically
possible for the interface to be removed while waiting for
reconfiguration to start. Avoid issues with this by cancelling the
timeout on any WPS interface deinit. In theory, this should be postponed
until interface removal, but that does not fit very nicely to the
current wps_hostapd.c style.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
75d1d0f7b6 WPS: Allow testing mode to disable 2.0 functionality
Previously, wps_version_number was used only to test extensibility to
newer version numbers, but it can also be used to enable testing of
older versions (1.0), e.g., to avoid hitting some 2.0 specific
validation steps.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
f7e2542f28 Remove unused wps_device_data_dup()
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
c89d9dba9c Remove unnecessary extra tracking of eloop registration
It is fine to try to cancel a registration that does not exist, so there
is no need to have the duplicated checks for eloop timeout and socket
registration.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
c86bf160a7 Replace unnecessary hex_value() with hex2byte()
There is no need to maintain two functions for doing
the same type of hex-to-binary conversion.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
aa189ac9dd Enable FT with SAE
It was already possible to configure hostapd and wpa_supplicant to use
FT-SAE for the key management, but number of places were missing proper
AKM checks to allow FT to be used with the new AKM.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:31 +02:00
Jouni Malinen
2d2ecf51aa nl80211: Fix protected Action frame reporting for AP mode
Action frame RX report through EVENT_RX_ACTION did not indicate whether
the frame was protected or not even though that information is available
in mlme_event_mgmt(). hostapd_rx_action() has a workaround for setting
the protected flag for SA Query frames, but that did not apply for other
frames, like FT Action. This broke FT-over-DS when PMF is enabled with
newer kernel versions (i.e., the ones that do not use monitor interface
for receiving management frames).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:31 +02:00
Jouni Malinen
db76aa64f1 Fix PeerKey 4-way handshake
The earlier changes to buffer EAPOL frames when not associated to avoid
race conditions (especially commit
3ab35a6603 but maybe something even before
that) broke PeerKey 4-way handshake. Fix this by using a separate check
before the race condition workaround to process PeerKey 4-way handshake
EAPOL-Key messages differently.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-28 16:32:54 +02:00
Jouni Malinen
773272989a Fix PeerKey deinit behavior
PeerKey entries need to be removed on disassociation and this needs to
be done in a way that cancels the possibly pending eloop timeout.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-28 16:32:54 +02:00
Jouni Malinen
8d321a7d4c WNM: Move disassociation imminent sending to wnm_ap.c
This gets all WNM BSS Transition Management frame building and sending
within hostapd into the same location.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:57:47 +02:00
Jouni Malinen
b76f4c2763 hostapd: Make STA flags available through ctrl_iface STA command
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:35:12 +02:00
Jouni Malinen
aa03dbd517 Remove IEEE80211_REQUIRE_AUTH_ACK
This is not really needed for anything and the standard does not require
such validation step to be made for Authentication frame transmission.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:35:12 +02:00
Jouni Malinen
121f2ab49a Remove unused STA flags
These three flags were only displayed, but never set or used for
anything else.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:35:12 +02:00
Jouni Malinen
3578e665bf WNM: Add STA flag to indicate the current WNM-Sleep-Mode state
This can be useful for displaying the current STA state and also for
determining whether some operations are likely to fail or need
additional delay.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:35:12 +02:00
Jouni Malinen
477689788c WNM: Fix AP processing without wnm_oper driver callback
hostapd_drv_wnm_oper() needs to indicate an error if the driver callback
function is not implemented. Without this, the buf_len argument could
have been left uninitialized which could result in crashing the process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:48:04 +02:00
Jouni Malinen
2025cad9b8 WNM: Move ESS Disassoc Imminent sending to a helper function
This makes it easier to trigger the ESS Disassociation Imminent
operation from different sources.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-27 18:48:04 +02:00
Jouni Malinen
28ab64af9b WNM: Minimal processing of BSS Transition Management Query/Response
This adds first steps at processing a BSS Transition Management Query on
the AP side. Mainly, the message is parsed and printed out in the debug
log and a minimal BSS Transition Management Request frame is sent as a
response. BSS Transition Management Response frame is also parsed and
details printed out in the debug log.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:11:07 +02:00
Jouni Malinen
629edfef81 WNM: Fix Sleep Mode AP processing in open network
The previous version could end up calling WPA authenticator routines
even though the authenticator had not been initialized and this could
result in NULL pointer dereference.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 22:26:05 +02:00
Jouni Malinen
dff1e2856d Initial handling of GTK-not-used cipher suite
This prepares wpa_supplicant for accepting cases where the AP does not
use group addressed frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 22:26:05 +02:00
Jouni Malinen
51e3eafb68 OpenSSL: Do not accept SSL Client certificate for server
If the extended key usage of the AAA server certificate indicates
that the certificate is for client use, reject the TLS handshake.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 22:26:05 +02:00
Jouni Malinen
6bf61fb288 OpenSSL: Use certificates from TLS authentication in OCSP stapling
OCSP response may not include all the needed CA certificates, so use the
ones received during TLS handshake.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
c9629476f3 WPS ER: Fix deinit timeout handling with delayed/failing unsubscribe
The five second timeout to call wps_er_deinit_finish() could potentially
be left behind when removing the ER data based on some other event. This
could result in double-freeing of wps_er context killing the process,
e.g., if the WPS ER functionality is stopped while in the process of
unsubscribing from an AP and then restarted.

In addition, AP entries could still be present in the
er->ap_unsubscribing list when the deinit timeout hits. These entries
would still maintain HTTP context pointing to the ER which would be
freed here and as such, the following HTTP client callback could refer
to freed memory and kill the process. Fix this by freeing AP entries
from ap_unsubscribing list when ER is deinitialized from timeout even if
such AP entries have not completed unsubscription from UPnP events.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
7b75c30109 WPS: Reschedule AP configuration reload on EAP completion
Reduce race condition of the station trying to reconnect immediately
after AP reconfiguration through WPS by rescheduling the reload
timeout to happen after EAP completion rather than the originally
scheduled 100 ms after new configuration became known.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
a5f40eff18 Track whether scan was started by us or an external program
This can be used to improve scan behavior in cases external programs
request scans directly from the driver.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:27:48 +02:00
Jouni Malinen
18ae237783 Fix comment format
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:27:48 +02:00
Jouni Malinen
3ae3ec2727 nl80211: Add scanned frequencies/SSIDs into debug log
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:27:48 +02:00
Jouni Malinen
6ffa1687ee Add GAS-QUERY-START and GAS-QUERY-DONE event messages
External programs can use these new control interface events to better
track progress of GAS operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 16:55:45 +02:00
Jouni Malinen
93827f456a hostapd: Allow external management frame processing or testing
This enables more convenient protocol testing of station side
functionality in various error cases and unexpected sequences without
having to implement each test scenario within hostapd.
ext_mgmt_frame_handle parameter can be set to 1 to move all management
frame processing into an external program through control interface
events (MGMT-RX and MGMT-TX-STATUS) and command (MGMT_TX).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 16:55:45 +02:00
Jouni Malinen
98eda9c26d Move int_array helpfer functions to utils/common.c
These can be useful outside scan.c, so make them available.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 13:37:06 +02:00
Jouni Malinen
bee25cc932 nl80211: Fetch cipher capabilities from the driver
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-25 11:07:58 +02:00
Jouni Malinen
35c200624e Convert wpa_hexdump functions to use void pointer instead of u8 *
This removes need for ugly typecasts for some debug prints.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 23:12:37 +02:00
Jouni Malinen
5f9c134ab4 Remove obsolete license notifications
These files have been distributed only under the BSD license option
since February 2012. Clarify the license statements in the files to
match that to avoid confusion.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 22:59:52 +02:00
Jouni Malinen
bd1e328047 Android: Remove old WEXT extensions
Android has moved to nl80211, so no need to maintain these old WEXT
extensions in wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 22:52:18 +02:00
Jouni Malinen
bad5cdf491 Verify that beacon setup succeeds before proceeding
There is no point in starting the AP operations unless
the driver can be successfully configured to beacon.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 22:46:20 +02:00
Jouni Malinen
7d7f7be2e5 Verify group key configuration for WPA group
If configuration of the group key to the driver fails, move the WPA
group into failed state and indication group setup error to avoid cases
where AP could look like it is working even through the keys are not set
correctly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 22:38:16 +02:00
Jouni Malinen
30675c3416 Add definitions for new cipher suites from IEEE Std 802.11ac-2013
This adds initial parts for supporting the new GCMP-256, CCMP-256,
BIP-GMAC-128, BIP-GMAC-256, and BIP-CMAC-256 cipher suites.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 22:21:04 +02:00
Jouni Malinen
13b24a766f VHT: Use status code 104 to indicate VHT required
IEEE Std 802.11ac-2013 defines a status code for this, so use that
instead of the unspecified reason.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 21:19:45 +02:00
Andrei Otcheretianski
76aab0305c Add secondary channel IE for CSA
If secondary channel is provided for CSA, advertise it in the Secondary
Channel Offset element in Beacon and Probe Response frames.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-12-24 08:27:28 +02:00
Andrei Otcheretianski
8f4713c5c9 Store entire CS freq_params and not only freq
When CSA flow starts, store the entire struct hostapd_freq_params and
not only CS frequency as it was before. The additional freq_params are
required to advertise CS supplementary IEs such as secondary channel,
wide bandwidth CS, etc.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-12-24 08:23:40 +02:00
Andrei Otcheretianski
13daed58c7 Include driver.h in hostapd.h
This allows use of structs (and not only pointers) defined in drivers.h.
Remove also some not needed forward declarations and redundant includes.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-12-24 08:22:37 +02:00
Johannes Berg
196a217403 WPS_UPNP: Use monotonic time for event debouncing
The event debouncing isn't very accurate (since it doesn't
take sub-second resolution into account), but it should use
monotonic time anyway since it doesn't care about the wall
clock.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:57:10 +02:00
Johannes Berg
864c9afa6d wps_registrar: Use monotonic time for PBC workaround
The PBC ignore-start workaround just needs to check whether
the time is within 5 seconds, so should use monotonic time.

While at it, add a few more ifdefs to clearly separate the
code and variables needed.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:54:40 +02:00
Johannes Berg
61e98e9cf7 wps_registrar: Use monotonic time for PBC session timeout
PBC sessions are just time-stamped when activated, and
eventually time out, so should use monotonic time.

While at it, make the code use os_reltime_expired().

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:52:49 +02:00
Johannes Berg
3647e5a7cb wps_registrar: Use monotonic time for PIN timeout
If the PIN expires, then a timeout is given, so that monotonic
time should be used.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:51:41 +02:00
Johannes Berg
36186188ec rsn_supp: Use monotonic time for PMKSA cache expiry
Since this is just for relative timeouts, it should use
monotonic time.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:50:26 +02:00
Johannes Berg
e05f0605bf rsn_supp: Do not track expiration time
The eloop already tracks the expiration/lifetime, and the expiration
isn't really used, so remove it. It should otherwise have used monotonic
time, but since it's not actually used, we can remove it instead.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:33:25 +02:00
Johannes Berg
587071765d RADIUS server: Use monotonic time
The RADIUS server needs to calculate uptime, which is relative
and thus should use monotonic time.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:32:16 +02:00
Johannes Berg
40128043ca RADIUS client: Use monotonic time
Since the RADIUS client cares about relative time (retry timeout)
only, it should use monotonic time.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:30:45 +02:00
Johannes Berg
acb69cec6f wpa_supplicant: Use monotonic time for RX/BSS times
The BSS table, scan timeout, and related functionality should use
monotonic time since they care about relative values (age) only.
Unfortunately, these are all connected, so the patch can't be split
further. Another problem with this is that it changes the driver wrapper
API. Though, it seems only the test driver is using this.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:27:02 +02:00
Johannes Berg
f073fdee7b EAP server: Remove SIM-DB pending timestamp
This should probably have used monotonic time for entry timestamps, but
as those aren't used at all right now, so just remove them entirely.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:15:49 +02:00
Johannes Berg
636e19a53d wpa_ctrl: Use monotonic time for request retry loop
The request retry loop only retries for 5 seconds, so any time
jumps would probably not affect it much, but it should be using
monotonic time nonetheless since it only cares about duration.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:14:50 +02:00
Johannes Berg
7ffe7d222a AP: Use monotonic time for MMIC failure/TKIP countermeasures
Wall time jumps shouldn't affect MMIC failure/TKIP countermeasures,
so use monotonic time. Change the michael_mic_failure variable to
struct os_reltime for type-safety.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:13:34 +02:00
Johannes Berg
dd4e32bae4 AP: Use monotonic time for PMKSA cache
Since the PMKSA cache only uses relative time, use the monotonic time
functions instead of wall time to be correct when the clock jumps.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:01:07 +02:00
Johannes Berg
0fc545aee5 AP: Use monotonic time for STA accounting
For type-safety, make sta->acct_session_start a struct os_reltime
and then use monotonic time for accounting. For RADIUS reporting,
continue to use wall clock time as specified by RFC 2869, but for
the session time use monotonic time.

Interestingly, RFC 2869 doesn't specify a timezone, so the value
is somewhat arbitrary.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 06:57:53 +02:00
Jouni Malinen
429dd9aff1 Advertise QoS Map support based on driver capability
Do not assume the driver supports QoS Mapping, but instead, advertise
support for this only if CONFIG_INTERWORKING is defined and driver
indicates support for configuring QoS Map.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-23 11:05:20 +02:00
Kyeyoon Park
049105b486 nl80211: Add support for QoS Map configuration
This allows nl80211-based drivers to configure QoS Mapping in both AP
and station modes.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-23 10:44:59 +02:00
Jouni Malinen
74ddd64b26 nl80211: Sync with mac80211-next.git
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-23 10:44:54 +02:00
Jouni Malinen
9fcd300db6 nl80211: Sync with wireless-testing.git
The driver_nl80211.c changes are needed to avoid compiler warnings
with two frequency attributes pointing to the same value.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-23 10:44:48 +02:00
Marek Kwaczynski
493ba877c3 hostapd: Clear interface_added flag on error path
If more BSSes are added in config file than are supported by the driver,
segmentation fault can appear. For this case, the interface_added flag
needs to be cleared if adding a new BSS fails.

Signed-hostap: Marek Kwaczynski <marek.kwaczynski@tieto.com>
2013-12-14 21:13:52 -08:00
Janusz Dziedzic
f7154ceef7 DFS: Use channel switch when radar is detected
Until now DFS was simply restarting the AP when radar was detected. Now
CSA is used to perform smooth switch to the new channel. Stations not
supporting CSA will behave as before.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-12-07 20:50:15 -08:00
Janusz Dziedzic
6c6c58d157 hostapd: Make hostapd_set_freq_params() public
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-12-07 20:50:15 -08:00
Michal Kazior
b72f949b07 DFS: Allow skipping radar channels
This is needed for AP CSA. Since CSA must happen immediately after radar
is detected there's no time to perform CAC. Thus, radar channels must be
disabled when looking for a new channel to escape to after a radar is
detected.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-12-07 20:50:15 -08:00
Janusz Dziedzic
8d1fdde7f0 nl80211/hostapd: Extend channel switch notify handling
Adds support for VHT by parsing bandwidth and center_freq{1,2}.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-12-07 20:50:15 -08:00
Johannes Berg
10e694a618 AP: Use monotonic clock for SA query timeout
The usual, any timeouts should be using monotonic time.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-07 20:50:15 -08:00
Johannes Berg
af5389610b Use monotonic clock for RADIUS cache timeouts
Use monotonic clock for both cache and query timeouts.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-07 20:50:15 -08:00
Johannes Berg
fe52c210cf Use monotonic clock for last_sae_token_key_update
Just the usual, with a new function os_reltime_initialized()
thrown in that checks whether time has ever been retrieved
(time can't be completely zero).

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-07 20:50:15 -08:00
Johannes Berg
100298e896 AP: Use monotonic time for AP list
Use the new monotonic time to keep track of when an AP
entry expires.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-07 20:50:15 -08:00
Johannes Berg
e5c9e401a4 OS utils: Add os_reltime_expired()
This helper functions checks whether a given entry has expired,
given the last active timestamp, the current time, and a timeout.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-12-07 20:50:14 -08:00
Johannes Berg
b3493fa110 AP: Use monotonic time for STA connected time
Connected time is relative, so should be using monotonic time
rather than time of day.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-07 20:50:14 -08:00
Johannes Berg
ed0ebee14f OS utils: Provide os_reltime_age()
This function calculates and returns the time passed since
a given timestamp.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-07 18:55:58 -08:00
Jithu Jance
8567866d75 P2P: Handle frequency conflict in single channel concurrency case
Based on priority, remove the connection with least priority whenever
a frequency conflict is detected.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2013-12-07 18:55:58 -08:00
Masashi Honma
e706d2d30d bsd: Fix compilation error for NetBSD
Commit 5dd82c634c causes compilation error
on NetBSD 6.1.2. Fix compilation with #ifdef blocks.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2013-12-07 17:46:41 -08:00
Jouni Malinen
7feff06567 Add CONFIG_CODE_COVERAGE=y option for gcov
This can be used to measure code coverage from test scripts.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 19:16:12 +02:00
Jouni Malinen
d9c753b4f5 EAP server: Handle EAP method initialization failures more cleanly
Allow another EAP method to be tried if one of the enabled methods
fails. If all the remaining methods fail, reject connection by adding a
new METHOD_REQUEST -> FAILURE transition. Previously, this case resulted
in the state machine trying to send a message when none was available
and then waiting for a following event until timeout.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 18:26:05 +02:00
Jouni Malinen
59d343858d EAP server: Initialize TLS context based on private_key
It is possible for the authentication server to be configured with a
PKCS #12 file that includes a private key, a server certificate, and a
CA certificate. This combination could result in server_cert and ca_cert
parameters not being present and that should still result in TLS context
getting initialized.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 18:08:45 +02:00
Jouni Malinen
6b417a1b77 Reject TLS-based EAP server method if TLS context not initialized
It was possible to configure hostapd in a way that could try to
initialize a TLS-based EAP method even when TLS library context was not
initialized (e.g., due to not configuring server or CA certificate).
Such a case could potentially result in NULL pointer dereference in the
TLS library, so check for this condition and reject EAP method
initialization.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 18:01:12 +02:00
Jouni Malinen
158b090cda nl80211: Fix regression in P2P group interface removal
Commit 390e489c0d extended hostapd BSS
interface removal capabilities. However, it ended up causing a
regression in wpa_supplicant P2P group interface handling. That P2P
group interface is removed through another driver_nl80211.c BSS context
and as such, the bss->added_if is not set. Fix this by verifying whether
the request is for another ifindex and if so, removing the interface
even if added_if is not marked.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 12:41:32 +02:00
Mohammed Shafi Shajakhan
336167c80e AP: Fix inactivity STA timer trigger for driver offload case
Some non-mac80211 drivers, such as ath6kl, support STA inactivity timer
in firmware and may not provide connected stations' idle time to the
userspace. If the driver indicates support for offloaded operation, do
not start the inactivity timer in the hostapd.

Signed-hostap: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
2013-11-24 12:01:55 +02:00
Janusz Dziedzic
80ed037f00 Clear beacon_data before usage
struct beacon_data contains a lot of pointers. Make sure it gets cleared
to zero if hostapd_build_beacon_data() gets called from a path that does
not clear the structure first.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-11-22 23:21:43 +02:00
Dmitry Shmidt
982189632f Android: Revert static field back to send_and_recv_msgs()
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-22 23:12:40 +02:00
Jouni Malinen
5e2c3490d5 Android: Add driver_cmd for arbitrary driver commands
This is a mechanism used in Android to extend driver interface in vendor
specific ways. This is included only for the purpose of Android
compatibility. Proper interface commands should be used for any new
functionality.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-22 20:23:08 +02:00
Jouni Malinen
0de3803610 Android: Add P2P/WPS wrappers for private lib
Android uses a vendor specific library for implementing couple of driver
interface functions. Add the wrapper code to allow that mechanism to be
used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-22 20:23:03 +02:00
Dmitry Shmidt
7b74c0acfb Android: Clean entire socket directory
Despite interface (and group) related sockets are not used
for control, they are created and may be left.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-22 18:03:24 +02:00
Marek Kwaczynski
92ecda40e0 hostapd: Set proper VHT capabilities
Set VHT capabilities defined in config file instead only supported
by the driver.

Signed-hostap: Marek Kwaczynski <marek.kwaczynski@tieto.com>
2013-11-22 18:03:04 +02:00
Marek Kwaczynski
77a3e796e1 hostapd: Fix set beacon in multiple BSSID scenario
Check if the BSS interface has started before setting beacon.
Lack of this condition can cause segmantation fault.

Signed-hostap: Marek Kwaczynski <marek.kwaczynski@tieto.com>
2013-11-22 18:02:56 +02:00
Sunil Dutt
179fc5527d TDLS: Do not reenable TDLS link on retransmitted setup frame
A reenable of the TDLS link while the host driver is already processing
the same (due to the retransmitted M2/M3 frames) might result in a
failed TDLS setup handshake due to some host driver's implementation.
Thus, issue enable link only when the peer's TDLS status signifies no
prior link (tpk_success=0).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-22 17:47:09 +02:00
Jouni Malinen
cc14091eab VHT: Fix memory leak in STA entry
Commit de3cdf354a adding copying of the
STA's VHT capabilities into the STA entry on the AP. This was done in
allocated memory, but that new memory allocation was not freed anywhere.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-22 17:46:22 +02:00
Johannes Berg
594516b4c2 Use monotonic clock for relative time for eloop if available
Relative time shouldn't be calculated based on gettimeofday
because that clock can jump (e.g., when the time is adjusted
by the system administrator.)

On systems where that is available, use CLOCK_BOOTTIME (on
fairly recent Linux systems, this clock takes into account
the time spend suspended) or CLOCK_MONOTONIC (on Linux and
some POSIX systems, this clock is just freely running with
no adjustments.)

Reported-by: Holger Schurig <holgerschurig@gmail.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-11-20 23:52:56 +02:00
Jouni Malinen
461e3ebe43 Fix and work around some MinGW compilation issues
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-20 23:12:33 +02:00
Jouni Malinen
81cbc046fe Fix compiler warning for OpenSSL without HAVE_OCSP
Commit 080585c01a added ssl_ctx outside
ifdef HAVE_OCSP block that was the only user for this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-20 23:12:33 +02:00
Michal Kazior
68d628accd hostapd: Fix interface enabling/disabling and DFS
The 'started' state was tracked incorrectly. It also broke DFS
as it was using hostapd_enable/disable_iface() functions.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-11-20 22:29:35 +02:00
Jouni Malinen
0004374025 P2P: Prefer U-NII-3 over U-NII-1 during channel selection
Some devices disable use of U-NII-1 (channels 36-48) for P2P due to it
being indoor use only in number of locations. If U-NII-3 (channels
149-161) is available, try to pick a channel from that range first
during random channel selection to reduce likelihood of interoperability
issues.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-19 13:04:21 +02:00
Jouni Malinen
384bdd021b P2P: Prefer VHT channels for initial pick
If there are no other preferences from local configuration or driver,
prefer a random VHT channel instead of falling back to the fixed
pre-configured channel or 5 GHz/HT40 channel preference.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-18 17:58:14 +02:00
Jouni Malinen
a30d50b324 P2P: Prefer HT40 channels for initial pick
If there are no other preferences from local configuration or driver,
prefer a random HT40 channel instead of falling back to the fixed
pre-configured channel or 5 GHz channel preference.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-18 17:57:07 +02:00
Jouni Malinen
f24071076d P2P: Prefer 5 GHz channels for initial pick
If there are no other preferences from local configuration or driver,
prefer a random 5 GHz channel instead of falling back to the fixed
pre-configured channel (which is selected by default to be 1, 6, or 11).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-18 17:55:04 +02:00
Jouni Malinen
b2d4aaa2c7 P2P: Select VHT channel at random instead of using the first entry
Use the new p2p_channel_select() function to select a VHT channel
at random when no other preferences are in effect.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-18 17:51:27 +02:00
Jouni Malinen
ee8f6ea0ca P2P: Select HT40 channel at random instead of using the first entry
Use the new p2p_channel_select() function to select an HT40 channel
at random when no other preferences are in effect.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-18 17:50:55 +02:00
Jouni Malinen
5576663fba P2P: Move random channel selection into a helper function
The new p2p_channel_select() function can be re-used to implement
random channel selection from a set of operating classes in all
places that need such functonality.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-18 17:50:21 +02:00
Jouni Malinen
d33fef57a4 wlantest: Add support for log output into a file
This allows wlantest debug log output to be directed to a file so that
RELOG command can be used to rotate files more easily than stdout.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 21:40:17 +02:00
Andrei Otcheretianski
334bf36ac5 Add chan_switch to ctrl interface of wpa_supplicant and hostapd
Add chan_switch to the control interface of wpa_supplicant and hostapd,
and also to wpa_cli and hostapd_cli.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-11-17 17:12:58 +02:00
Andrei Otcheretianski
bf281c129f Add AP channel switch mechanism
Build CSA settings and call the driver to perform the switch. Construct
Beacon, Probe Response, and (Re)Association Response frames both for CSA
period and for the new channel. These frames are built based on the
current configuration. Add CSA IE in Beacon and Probe Response frames.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-11-17 17:12:58 +02:00
Andrei Otcheretianski
e44a384b68 Move AP parameter filling into a helper function
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-11-17 17:12:58 +02:00
Andrei Otcheretianski
1c4ffa8746 nl80211: Add channel switch implementation
Implement nl80211 switch_channel() operation.
Publish flags indicating kernel support for channel switch.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-11-17 17:12:49 +02:00
Andrei Otcheretianski
dcca2219ae wpa_supplicant: Update channel switch driver interface
Add csa_settings struct which holds parameters for CSA. Change driver
interface for switch_channel(), so that it will receive this struct and
not only the new frequency as it was before. This allows wpa_supplicant
to provide all the required parameters (beacons, proberesp, assocresp,
CSA IE) which are required by cfg80211 implementation.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-11-17 16:48:33 +02:00
Jouni Malinen
e1925bde36 eloop: Remove eloop_none.c
This was supposed to be a minimal sample of eloop wrapper, but it is
unclear whether this is of that much use and the file has not been kept
up-to-date. Remove this file to reduce maintenance effort. The other
eloop*.c files can be used as a starting point if something new is
needed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 16:48:20 +02:00
Jouni Malinen
3505743395 Sync with wireless-testing.git include/uapi/linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 16:48:03 +02:00
Masashi Honma
22cf7d7324 SCARD: Clean up SIM/USIM selection
Commit eb32460029 left an unneeded
sim_type argument to scard_init(). Remove that unnecessary argument to
clean up the implementation.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2013-11-17 16:47:38 +02:00
Paul Stewart
cea97a04f9 dbus_new: Add DBus TDLS methods
Add DBus methods for TDLS operations similar to those available
for the control interface. This includes Discover, Setup, and
Teardown commands. While here, add a method to query the TDLS
link status and add a DBus method for it.

Tested with CONFIG_TDLS enabled, on a TDLS-enabled host and
peer capable of TDLS:

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSStatus string:<peer-mac-address>

    yields: string "peer does not exist"

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSDiscover string:<peer-mac-address>

    yields no error

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSSetup string:<peer-mac-address>

    yields no error

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSStatus string:<peer-mac-address>

    yields: string "connected" after TDLS completes

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSTeardown string:<peer-mac-address>

    yields no error

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSStatus string:<peer-mac-address>

    yields: string "peer not connected"

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-11-17 16:47:32 +02:00
Dmitry Shmidt
e2f5a9889a Deplete scan request if new time is less than remaining
This avoids pushing out previous scheduled scan requests based on new
events.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-17 16:46:58 +02:00
Vinay Krishna Eranna
dcd25d4c3b P2P: Use negotiated channel from invitation for persistent GO
During persistent group re-invocation, GO may end up using a different
channel as the operation channel compared to what was indicated in the
invitation frames. This may break the connection if the peer device ends
up scanning the GO only on the channel from the invitation frame. Fix
this by using the negotiated channel (if available) on the GO as the
operating channel instead of the channel that was provided in the
p2p_invite command to start negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-16 18:05:28 +02:00
Abhishek Singh
795baf773f hostapd: Filter channel list updated events after country code change
We were not filtering the EVENT_CHANNEL_LIST_CHANGED events based on the
regulatory hint initiator. So wait for EVENT_CHANNEL_LIST_CHANGED event
after our own change was triggered even when regulatory hint initiator
was the driver. This could result in the wait for the channel list to be
updated to be terminated before the real change has occurred and as
such, old channel list remaining in use when configuring
hostapd/wpa_supplicant country parameter. Fix this by filtering the
hints according to the initiator and only regulatory hints initiated by
user will be used to stop the wait.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-15 02:59:55 +02:00
Jouni Malinen
146fa9b38f nl80211: Do not force interface down on deinit
If wpa_supplicant or hostapd was started with the interface
already up, do not force interface down on deinit.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-09 18:05:54 +02:00
Jouni Malinen
49b4b2058b nl80211: Do not for station mode on hostapd deinit
If hostapd was started with the interface already in AP mode, leave the
interface in AP mode on deinit instead of unconditionally forcing it to
station mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-09 17:29:32 +02:00
Jouni Malinen
04eff7d5ba nl80211: Remove build time condition on HOSTAPD define
It is common to build wpa_supplicant with AP mode support and it is
justifiable to clean up driver_nl80211.c by removing the conditional
build blocks based on hostapd vs. wpa_supplicant builds.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-09 17:22:49 +02:00
Jouni Malinen
0d547d5ff8 nl80211: Share more code between hostapd and wpa_supplicant
This gets rid of some ifdef HOSTAPD constructs and shares more
of the initialization code between hostapd and wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-09 17:09:02 +02:00
Jouni Malinen
7b7de4cf94 nl80211: Remove read-only last_freq/last_freq_ht
These variables were originally used in hostapd to clear HT channel
information when exiting. However, that functionality was lost with
commit f019981aee when moving to a common
code for setting the channel. Taken into account that no one seems to
have missed this functionality over the last four years, it seems safe
to drop this rather than try to fix the old hostapd behavior.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-09 17:02:05 +02:00
Kenny Root
1d415f1fcc Android: Switch keystore to binder
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 11:46:53 +02:00
Kenny Root
6dfdb80959 Android: Remove obsolete keystore path
It's not possible to get a raw private key from keystore anymore, so
this would fail every time anyway. Remove it so it doesn't confuse
anyone that looks at this code.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 11:37:48 +02:00
Kenny Root
1176ab6dd4 Android: Use keystore ENGINE for private key operations
The new keystore ENGINE is usable to perform private key operations when
we can't get the actual private key data. This is the case when hardware
crypto is enabled: the private key never leaves the hardware.

Subsequently, we need to be able to talk to OpenSSL ENGINEs that aren't
PKCS#11 or OpenSC. This just changes a few #define variables to allow us
to talk to our keystore engine without having one of those enabled and
without using a PIN.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 11:36:39 +02:00
Nick Kralevich
6dc94a635c Android: Use correct header file path for capability.h
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 11:36:14 +02:00
Kyeyoon Park
91f9e6078f GAS: Replenish AP station session timer to 5 seconds
If remaining AP session timeout is less than 5 seconds
for an existing station, replenish the timeout to 5 seconds.
This allows stations to be able to recycle a dialog token
value beyond 5 seconds for GAS exchange.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-08 00:22:32 +02:00
Kyeyoon Park
e5e74e5500 eloop: Add support for replenishing a registered timeout
eloop_replenish_timeout() finds a registered matching
<handler,eloop_data,user_data> timeout. If found, replenishes
the timeout if remaining time is less than the requested time.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-08 00:22:32 +02:00
Jouni Malinen
1c6edec60c nl80211: Work around nl_socket_set_nonblocking on Android
system/core/libnl_2 does not include nl_socket_set_nonblocking(), so
need to implement that to fix the build.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 17:10:34 +02:00
Paul Stewart
c101bb9d23 hostapd: Add option to send OBSS scan params
Add a parameter to send the overlapping BSS scan parameter
information element. This will require clients to perform
background scans to check for neigbors overlapping this
HT40 BSS. Since the implementation is incomplete it should
only be used for testing.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-11-07 14:05:41 +02:00
Jouni Malinen
83eefb40b5 P2P: Add debug print of P2P Group ID SSID
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 13:48:53 +02:00
Jouni Malinen
b6881b5218 WPS NFC: Add more debug for NFC Password Token matching
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 13:48:49 +02:00
Jouni Malinen
67a88a747c WPS NFC: Add debug log entry on OOB Dev Pw attribute addition
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 13:48:42 +02:00
Jouni Malinen
d28f4e44f1 Interworking: Do not reconnect if already connected
If we are already connected to the selected AP with a network block
that was created based on the selected credential, do not force a
reconnection or network block update.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 00:12:30 +02:00
Jouni Malinen
5e1a4565f8 hostapd: Do not start secondary BSS unless interface is enabled
It is possible for additional BSSs to be added while the primary
interface is still in the process of determining channel parameters (HT
co-ex scan, ACS, DFS). Do not enable secondary interfaces in such state
immediately, but instead, wait for the pending operation on the primary
interface to complete. Once that's done, the added extra BSSs will also
be enabled in hostapd_setup_interface_complete().

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 15:41:05 +02:00
Jouni Malinen
36501a22a4 hostapd: Verify hostapd_setup_bss calls
Reject multiple calls to hostapd_setup_bss() for any specific interface.
hostapd_cleanup() must have been called first before trying to restart a
BSS.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 15:41:05 +02:00
Jouni Malinen
54246f8d44 hostapd: Share a single function for BSS deinit
hostapd_bss_deinit() takes care of freeing the associated stations and
calling hostapd_cleanup() to deinit per-BSS services.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 12:48:24 +02:00
Jouni Malinen
6d1ca81ee8 Remove unused hostapd_cleanup_iface_pre()
This has not been used in years and can be removed to clean up the
hostapd deinit path a bit.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 12:44:54 +02:00
Jouni Malinen
747c85f932 hostapd: Add more debug prints to deinit path
This makes it easier to follow the various interface/BSS deinit
operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 12:42:20 +02:00
Jouni Malinen
6023a7880b Restore hapd->interface_added tracking to core hostapd
This reverts parts of commit 390e489c0d
that tried to enable removal of the first BSS. Since that operation is
now forced to remove all BSSs, these changes are not needed. The
hostapd_if_remove() operation in hostapd_free_hapd_data() is problematic
for the first BSS since it ends up freeing driver wrapper information
that is needed later when deinitializing the driver wrapper.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 01:38:17 +02:00
Jouni Malinen
486d2ff0eb hostapd: Deinit ctrl_iface in case of add interface failure
Since the control interface is now initialized as part of
hostapd_setup_interface(), it needs to be deinitialized on the error
path.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 01:32:55 +02:00
Jouni Malinen
cdf3fb1f1c Fix removal of a BSS that has not yet been fully initialized
If a secondary BSS is removed while it is waiting for the primary BSS to
complete channel setup (e.g., due to HT co-ex scan, ACS, or DFS), the
hostapd_data instance has not yet been initialized. Fix the BSS removal
code to take this special case into account and not try to deinitialize
the hostapd_data instance that has not yet been started.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 00:57:38 +02:00
Jouni Malinen
2f99d90726 Remove all BSSs on removal of the first one
The changes in commit 5592065850 to allow
any BSS to be removed were a bit too early since there are still number
of areas that use the first BSS as a special case. Especially the
driver_ops API is going to require quite a bit of cleanup before removal
of the first BSS without the other BSSes of the same radio can be done
safely.

For now, force all BSSs to be removed in case the first one is removed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 00:43:10 +02:00
Jouni Malinen
149338020b drivers: Do not call hostapd_logger()
This call requires a struct hostapd_data pointer and that is not really
something that the driver wrappers should be using.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 00:19:46 +02:00
Jouni Malinen
1281c0ab69 Remove a compiler warning from -O0 build
It looks like abs() result is signed and gcc warns about this when
running a build with -O0 but not with -O2.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 00:00:58 +02:00
Jouni Malinen
2b6623ab13 hostapd: Do not terminate process on dynamic interface add failure
Limit the calls to eloop_terminate() to happen only for the
initialization failure from the interfaces that we specified on the
command line. This allows hostapd process to continue operating even if
a dynamically added interface fails to start up. This allows the upper
layer software to fix a configuration error and retry.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-05 17:35:11 +02:00
Andrei Otcheretianski
3342c2636c wpa_supplicant: Fix updating GO beacons on WFD subelements change
When WFD Subelements are set, the IE in the Beacon frames of already
existing groups are not updated. This patch fixes this issue by setting
beacon_update to be 1 on WFD IE update.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-11-05 10:55:22 +02:00
Adriana Reus
72c12c1d30 EAPOL: Fix static analyzer warnings for pac_opaque_encr_key
The allocation was not verified to complete successfully and the
allocated memory was not freed on error paths.

Signed-hostap: Adriana Reus <adriana.reus@intel.com>
2013-11-05 10:28:57 +02:00
Jouni Malinen
d4f1a347ce Allow AP mode configuration with VHT enabled on 2.4 GHz
hostapd_set_freq_param() rejected the 20 MHz channel case with
vht_enabled due to the existing validation step including only 5 GHz (to
be more exact, only >= 5000 MHz). While the behavior may not be fully
defined for 2.4 GHz, we can enable this based on driver capability
advertisement to fix automatic VHT selection for P2P use cases.
mac80211_hwsim advertises VHT for 2.4 GHz band and that resulted in
failures when trying to start GO on that band with vht=1 parameter.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-04 11:51:56 +02:00
Jouni Malinen
bb337ddac2 DFS: Do not use cf1 to override freq for 20 MHz channels
NL80211_ATTR_CENTER_FREQ1 is defined to be used for anything but 20 MHz
bandwidth, so it could be unset for 20 MHz channels. Do not use it to
override center frequency from NL80211_ATTR_WIPHY_FREQ (if available)
for 20 MHz channels to avoid clearing frequency.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 21:50:48 +02:00
Jouni Malinen
0dfd2c61a5 Document AP mode startup functions
This provides some more details on how interfaces and BSSes are
initialized during hostapd startup.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 21:30:31 +02:00
Jouni Malinen
fee947bfc0 hostapd: Use correct wpa_printf verbosity level for message
This configuration file message is informative and MSG_INFO should be
used instead of MSG_ERROR.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 20:12:36 +02:00
Jouni Malinen
e4ba031531 hostapd: Use start_ctrl_iface() from hostapd_add_iface()
Better share the same function for initializing control interface from
the two possible paths that can add a new interface to hostapd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 19:51:06 +02:00
Jouni Malinen
bf7f09bd24 Fix AP mode QoS Map configuration to be per-BSS
This is a per-BSS configuration parameter and as such, needs to be
configured to the driver from hostapd_setup_bss() instead of
hostapd_driver_init().

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 19:51:06 +02:00
Jouni Malinen
dc036d9ee0 DFS: Convert hostapd_data use to hostapd_iface
DFS operations are specific to the interface (radio/wiphy), not BSS
(netdev/vif), so hostapd_iface is the appropriate element to use in
them.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 19:51:06 +02:00
Jouni Malinen
2db938e8de hostapd: Fill in phyname automatically
If per-BSS configuration enabling did not provide a phy name, iface->phy
was left empty. It can be helpful to set this up automatically, so fill
that when initializing the interface.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 19:51:06 +02:00
Jouni Malinen
5ae6449ca2 hostapd: Add ctrl_iface STATUS command
This can be used to fetch runtime information about hostapd interfaces.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 19:51:06 +02:00
Jouni Malinen
afadaff976 Optimize 40 MHz HT co-ex scan on AP
Only scan the affected channels instead of all enabled channels when
determining whether the primary and secondary channel for HT40 needs to
be swapped. This speed up HT40 setup considerably on 5 GHz band.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 19:51:06 +02:00
Jouni Malinen
7d6d73701e hostapd: Add AP-ENABLED/DISABLED ctrl_iface events
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 19:51:06 +02:00
Jouni Malinen
e1c5faf007 hostapd: Track interface state
The new hostapd_iface::state enum is used to track the current state of
the hostapd interface (a radio/wiphy).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 19:51:06 +02:00
Jouni Malinen
f0793bf191 hostapd: Wait for channel list update after country code change
If hostapd is requested to set the country code and the previous country
code differs from the new one, the channel list information from the
driver may change. This change may not be instant, so wait for an
EVENT_CHANNEL_LIST_CHANGED event before continuing interface setup with
fetching of the channel list information. This fixes issues where the
selected channel is not available based on the previous regulatory data
and update through CRDA takes some time.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 19:51:06 +02:00
Jouni Malinen
ae134e1d2b hostapd: Add ctrl_iface events for ACS
These give status information to external observers from automatic
channel selection operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 19:51:06 +02:00
Jouni Malinen
ad08e1413b hostapd: Move ctrl_iface initialization to happen earlier
Channel determination may take considerable time when ACS or DFS is
used, so it is useful to be able to observe this process through the
control interface. Move the initialization of the control interfaces to
happen before channel determination so that this can be achieved.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 19:51:06 +02:00
Jouni Malinen
4a5deb9b9d hostapd: Simplify interface initialization
Use hostapd_interface_init2() for all interfaces instead of the
previously used different paths for per-interface-config and
per-BSS-config cases. This moves the calls to hostapd_driver_init() and
hostapd_setup_interface() to happen after all configuration files have
been read.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 19:51:06 +02:00
Jouni Malinen
186c905912 DFS: Add control interface events for various DFS events
These can be useful for external programs that track the current state
of the AP.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 11:31:48 +02:00
Jouni Malinen
884f1a3c65 nl80211: Verify radar event attributes exist before using them
While these attributes may be expected to be present always, this needs
to be verified within driver_nl80211.c since we cannot depend on the
kernel/driver working correctly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 11:31:48 +02:00
Jouni Malinen
71cdf6b624 hostapd: Fix ENABLE failure to not remove interface
Previously, ENABLE command ended up freeing the hostapd_iface context on
initialization failures, but did not even remove the interface from the
list of available interfaces. This resulted in use of freed memory with
any following operation on the same interface. In addition, removing the
interface on initialization failure does not seem like the best
approach. Fix both of these issues by leaving the interface instance in
memory, but in disabled state so that the configuration can be fixed and
ENABLE used again to enable the interface or REMOVE used to remove the
interface.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-03 11:31:48 +02:00
Jouni Malinen
18ca733248 SAE: Fix group selection
Number of regressions had shown up in wpa_supplicant implementation of
SAE group selection due to different integer array termination (-1 in
hostapd, 0 in wpa_supplicant) being used for SAE groups. The
default_groups list did not seem to use any explicit termination value.
In addition, the sae_group_index was not cleared back to 0 properly
whenever a new SAE session was started.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-02 18:07:49 +02:00
Jouni Malinen
61323e70e1 Convert perror/printf calls to wpa_printf
This makes debug and error logging more consistent and allows them to be
directed to a file more easily.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-02 12:58:33 +02:00
Jouni Malinen
2aec4f3c0c Allow add-BSS operation to re-use existing netdev
When removing and re-adding the first wlan# netdev to hostapd
dynamically, the netdev is already present and should not be removed and
re-added to maintain its state as not-added-by-hostapd so that it does
not get removed automatically.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-31 22:34:25 +02:00
Jouni Malinen
5592065850 hostapd: Allow a single BSS to be removed from an interface
The global control interface command "REMOVE <ifname>" can now be used
to remove a single virtual interface (BSS) without affecting other
virtual interfaces on the same radio.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-31 22:30:15 +02:00
Kyeyoon Park
2e2fff37e9 hostapd: Allow a single BSS to be added to an interface
The global control interface command "ADD
bss_config=<phyname>:<config file>" can now be used to add a single
virtual interface (BSS) to an interface.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-31 22:30:15 +02:00
Kyeyoon Park
a1fb5692af hostapd: Make hostapd_interface_init_bss() available externally
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-31 22:00:31 +02:00
Kyeyoon Park
66936c6af8 hostapd: Make hostapd_init() available externally
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-31 22:00:31 +02:00
Kyeyoon Park
390e489c0d hostapd: Allow the first BSS in a multi-BSS setup to be removed
This moves the vif added check from core hostapd to the driver wrapper
(only driver_nl80211.c uses this) and reorders operations a bit to allow
the first BSS (vif) to be removed from a multi-BSS setup.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-31 22:00:31 +02:00
Kyeyoon Park
834ee56f78 nl80211: Make wpa_driver_nl80211_data::first_bss pointer
This is needed to allow the first BSS to be removed and replaced by the
next one in the list.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-31 22:00:31 +02:00
Jouni Malinen
748c0ac0e7 nl80211: Fix monitor interface reference counting
The first user of monitor interface was not counted and that could
result in the monitor interface getting removed if the initial interface
was removed from a multi-BSS setup.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-31 22:00:31 +02:00
Jouni Malinen
08e55ebbb0 nl80211: Add a debug print for DEL_BEACON
This is quite helpful in debugging beaconing issues.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-31 22:00:12 +02:00
Kyeyoon Park
33b0b330ce hostapd: Fix error path in hostapd_add_iface()
Incorrect count variable was used in freeing up the BSS data.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-31 15:59:12 +02:00
Helmut Schaa
770ecdf27c ACS: Do not get stuck while failing to do a subsequent scan
Return control flow to hostapd by calling hostapd_acs_completed()
if requesting a scan from the underlying device fails.

Signed-hostapd: Helmut Schaa <helmut.schaa@googlemail.com>
2013-10-31 15:12:21 +02:00
Michal Kazior
813d4bac5a DFS: Add support for multi-BSS
If radar was detected single BSS is notified about it. This caused only
that single BSS to be stopped and restarted. However, due to nl80211
interface combinations the BSS was not started on a new channel and
other BSSes remained operating on the old channel.

The downside is that hostapd_disable_iface() causes deauth frames to be
sent. This is undesired but on the other hand it doesn't make sense to
create workarounds that imitate CSA's 'block tx'. For proper Tx
quiescing CSA should be properly implemented.

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2013-10-31 15:12:17 +02:00
Michal Kazior
954e71d270 DFS: Reset cac_started properly
If CAC was stopped but hostapd was not terminated cac_started would
remain set to 1.

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2013-10-31 14:49:38 +02:00
Michal Kazior
6a398ddc9a DFS: Sanitize channel availability checks
Fixes corner case of holes in channel list and simplifies availability
checks.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-10-31 14:49:06 +02:00
Michal Kazior
32595da608 DFS: Fix HT40/VHT calculation
Decouple HT/VHT offset/center-freq calculations from channel lookup.
This will be necessary for further improvements on the DFS codebase.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-10-31 14:49:03 +02:00
Sunil Dutt
392e68e81f Set GTK rekey offload information after initial group key handshake
The GTK rekey offload information was sent to the driver immediately
after the 4-way handshake which ended up being before the initial group
key exchange in the case of WPA (v1). This could result in even that
initial GTK handshake being offloaded and wpa_supplicant being left in
WPA_GROUP_HANDSHAKE state. Fix this by postponing the operation to
happen only after the full set of initial EAPOL-Key exchanges have been
completed (i.e., in the existing location for WPA2 and a after the group
key handshake for WPA).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-30 11:41:40 +02:00
Jouni Malinen
bbc706a3c3 nl80211: Add debug prints for NL80211_CMD_SET_STATION
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-30 00:38:57 +02:00
Jouni Malinen
6f2db2fbdd hostapd: Validate configuration parameters on RELOAD command
Reject RELOAD control interface command if the dynamic configuration
changes have resulted into a state where the configuration is invalid.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-29 16:58:21 +02:00
Jouni Malinen
eff0fd1ee8 hostapd: Move generic configuration functions into src/ap
This allows the configuration validation routines to be called from
src/ap/*.c for runtime updates of configuration without reprocessing the
full configuration file.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-29 16:58:21 +02:00
Jouni Malinen
5afaa067d9 hostapd: Allow per-BSS (vif) configuration files
This provides a new option for configuring multiple virtual interfaces
(BSS) that share a single radio. The new command line parameter
-b<phyname>:<config file name> is used to define one or more virtual
interfaces for each PHY. The first such entry for a new PHY is used to
initialize the interface structure and all consecutive parameters that
have the same PHY name will be added as virtual BSS entries to that
interface. The radio parameters in the configuration files have to be
identical.

This can be used as an alternative for the bss=<ifname> separator and
multiple BSSes in a single configuration file design while still
allowing hostapd to control the PHY (struct hostapd_iface) as a group of
virtual interfaces (struct hostapd_data) so that common radio operations
like OLBC detection and HT40 co-ex scans can be done only once per real
radio.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-29 16:58:21 +02:00
Jouni Malinen
ebd79f07c4 hostapd: Make hostapd_config::bss array of pointers
This makes it more convenient to move BSS configuration entries between
struct hostapd_config instances to clean up per-BSS configuration file
design.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-29 16:58:21 +02:00
Jouni Malinen
a781e211f9 hostapd: Force PSK to be derived again on BSS reload
This may be needed if the wpa_psk information for previously derived
from passphrase and either the SSID or the passphrase has changed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-29 16:58:20 +02:00
Jouni Malinen
9f104b0324 hostapd: Reuse hostapd_clear_old() for RELOAD command
Instead of duplicating the functionality and missing changes (like the
hostapd_broadcast_wep_clear() call), use the hostapd_clear_old()
function that was already used for the similar case with configuration
file reload.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-29 16:09:34 +02:00
Dmitry Shmidt
32b62704fa Android: Fix ARRAY_SIZE() compilation
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-10-29 14:40:15 +02:00
Eliad Peller
ca9bc5b566 P2P: Add VHT support
Start GO with VHT support if VHT option was requested
and the appropriate channels are available.

Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
2013-10-27 20:08:36 +02:00
Eliad Peller
20ea1ca406 P2P: Add VHT parameter to P2P operations
Add the option to ask for VHT operation similarly to the way ht40 is
configured - either by adding 'vht' param to the relevant p2p_*
commands or by configuring p2p_go_vht=1 in the configuration file.

This patch only adds the configuration option (e.g., via control
interface). The actual handling of the VHT parameter (asking the driver
to use VHT, etc.) will be done by the following patch.

Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
2013-10-27 19:46:17 +02:00
Eliad Peller
53cfad46e2 nl80211: Mark VHT 80 MHz channels
Later on, we'll consider the availability of these
channels when starting P2P GO with VHT support.

Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
2013-10-27 19:37:10 +02:00
Eliad Peller
6b02335a96 hostapd: Mask out not-supported VHT capabilities
Mask the remote VHT capabilities with our own capabilities, similarly
to what is done for HT capabilities.

Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
2013-10-27 19:28:40 +02:00
Eliad Peller
7f0303d5b0 hostapd: Verify VHT 160/80+80 MHz driver support
Make sure the driver supports 160/80+80 MHz VHT capabilities
before trying to configure these channels.

Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
2013-10-27 19:17:23 +02:00
Eliad Peller
c781eb8428 hostapd: Verify VHT capabilities are supported by driver
Make sure the defined VHT capabilities are supported by the driver.

Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
2013-10-27 19:11:29 +02:00
Eliad Peller
b29b012cbc Fix some VHT Capabilities definitions
VHT_CAP_BEAMFORMEE_STS_MAX, VHT_CAP_SOUNDING_DIMENSION_OFFSET, and
VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT were not defined properly (wrong
name/size). Fix that and update the hostapd.conf parsing accordingly.

Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
2013-10-27 19:05:58 +02:00
Helmut Schaa
6651f1f9f1 nl80211: Use max tx power from regulatory domain
Previously the Country element contained the max TX power the local
hardware was capable of. Change this to just use the regulatory limit.

Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2013-10-27 18:42:16 +02:00
Jouni Malinen
7ac3616d0f nl80211: Replace perror() and printf() calls with wpa_printf()
This avoids use of stderr and makes debug messages more consistent.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-27 17:58:12 +02:00
Jouni Malinen
51e9f22809 P2P: Add option to allow additional client channels
The new p2p_add_cli_chan=1 configuration parameter can be used to
request passive-scan channels to be included in P2P channel lists for
cases where the local end may become the P2P client in a group. This
allows more options for the peer to use channels, e.g., if the local
device is not aware of its current location and has marked most channels
to require passive scanning.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-26 17:49:10 +03:00
Jouni Malinen
556b30daca P2P: Add option to remove channels from GO use
The new p2p_no_go_freq frequency range list (comma-separated list of
min-max frequency ranges in MHz) can now be used to configure channels
on which the local device is not allowed to operate as a GO, but on
which that device can be a P2P Client. These channels are left in the
P2P Channel List in GO Negotiation to allow the peer device to select
one of the channels for the cases where the peer becomes the GO. The
local end will remove these channels from consideration if it becomes
the GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-26 17:49:10 +03:00
Jouni Malinen
e7ecab4a3b Use ARRAY_SIZE() macro
Replace the common sizeof(a)/sizeof(a[0]) constructions with a more
readable version.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 17:49:05 +03:00
Jouni Malinen
39044a7033 Introduce ARRAY_SIZE() macro
This can be used to clean up the common sizeof(a)/sizeof(a[0])
constructions to use a more readable version.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 17:49:00 +03:00
Janusz Dziedzic
2e946249b1 DFS: Handle radar event when CAC actived correctly
When we have CAC active and receive a radar event, we should ignore
CAC_ABORT event and handle channel switch in the radar event handler.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-26 17:48:55 +03:00
Janusz Dziedzic
5eaf240af5 DFS: Fix overlapped() function to check only DFS channels
This fixes a problem when operating on non-DFS channel and receiving a
radar event for that channel. Previously, we would have decided to
switch channels.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-26 17:48:46 +03:00
Janusz Dziedzic
345276a6b5 DFS: Adjust center freq correctly for VHT20/VHT40
Setup correct seg0 for VHT with 20/40 MHz width (VHT_CHANWIDTH_USE_HT).

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-26 17:48:41 +03:00
Janusz Dziedzic
1dc17db34a DFS: Fix available channels list for VHT80
Add a table of available VHT80 channels. This table contains the first
available channel. We will also choose this first channel as the control
one.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-26 17:48:36 +03:00
Jouni Malinen
34068ac3b1 nl80211: Add debug prints on nl_recvmsgs() failure
These libnl calls could potentially fail and it is useful to know if
that has happened.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 17:48:28 +03:00
Johannes Berg
10b8592183 nl80211: Make eloop sockets non-blocking
To avoid a problem where the beacon socket occasionally
blocks, mark any sockets on the eloop as non-blocking.
The previous patch reordered the code to never send a
command after a socket was put on the eloop, but now also
invalidate the nl handle pointer while it's on there.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-10-26 17:48:22 +03:00
Johannes Berg
5f65e9f717 nl80211: Abstract handling of sockets on eloop
Abstract the handling of sockets on the eloop to avoid
destroying sockets still on the eloop and also to allow
the next patch to mark the socket non-blocking.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-10-26 17:48:17 +03:00
Johannes Berg
e8d1168b73 nl80211: Register for IBSS auth frames before eloop
The IBSS code registers the bss nl_mgmt socket for auth
frames when the join event happens, but that is too late
as then the socket is already on the eloop, which could
cause problems when other events are received at the
same time as the registration is done.

Move the auth frame registration to the initial setup
before the socket is put onto the eloop.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-10-26 17:48:09 +03:00
Jouni Malinen
03610ad28d Clean up get_seqnum() use for IPN
Some driver wrappers may implement this by writing eight octets even
though IPN is only six octets. Use a separate WPA_KEY_RSC_LEN (8) octet
buffer in the call to make sure there is enough buffer room available
for the full returned value and then copy it to IPN field.

The previous implementation used the following igtk field as the extra
buffer and then initialized that field afterwards, so this change does
not fix any real issue in behavior, but it is cleaner to use an explicit
buffer of the maximum length for get_seqnum().

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 15:56:07 +03:00
Jouni Malinen
3318376101 Add explicit buffer length checks for p2p_build_wps_ie()
Even though the length of this buffer is based only on locally
configured information, it is cleaner to include explicit buffer room
validation steps when adding the attributes into the buffer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 15:55:46 +03:00
Jouni Malinen
0f0120148a Verify that readlink() did not truncate result
linux_br_get() was forcing null termination on the buffer, but did not
check whether the string could have been truncated. Make this more
strict by rejecting any truncation case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 15:55:39 +03:00
Jouni Malinen
f5eb9da304 nl80211: Clean up if_add() for hostapd use
The allocation of new_bss and its use was separated by a lot of code in
this function. This can be cleaned up by moving the allocation next to
the use, so that this all can be within a single #ifdef HOSTAPD block.
The i802_check_bridge() call was outside type == WPA_IF_AP_BSS case, but
in practice, it is only used for WPA_IF_AP_BSS (and if used for
something else, this would have resulted in NULL pointer dereference
anyway).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 15:55:30 +03:00
Jouni Malinen
a288da61b6 OpenSSL: Fix memory leak on error path
If SSL_CTX_new() fails in tls_init(), the per-SSL app-data allocation
could have been leaked when multiple TLS instances are allocated.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 15:55:24 +03:00
Jouni Malinen
6cb4f11dba nl80211: Fix strerror() value in P2P Dev debug messages
send_and_recv_msgs() returns negative errno, so need to use -ret in the
strerror() call.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 15:55:18 +03:00
Jouni Malinen
35f836375d DFS: Add forgotten break statement
The VHT_CHANWIDTH_160MHZ case fell through to the default case and
printed out a debug message that was not supposed to be shown here.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 15:55:09 +03:00
Jouni Malinen
2f243b804a Remove os_strncpy()
os_strlpcy() should be used instead of os_strncpy() to guarantee null
termination. Since there are no remaining strncpy uses, remove
os_strncpy() definition.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 15:55:00 +03:00
Jouni Malinen
24f051eb14 Replace remainining strncpy() uses with strlcpy()
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 15:54:47 +03:00
Naresh Jayaram
fa56315cfc eap_proxy: Add context data pointer to the get_imsi call
This was already included in all the other calls to eap_proxy, but
somehow the get_imsi call had been forgotten.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-23 20:51:46 +03:00
Naresh Jayaram
07041c6f99 eap_proxy: Confirm eap_proxy initialization before reading SIM info
Trying to access the SIM card details without checking if the eap_proxy
layer has been initialized can results in a crash. Address this by
sending the request for the IMSI through eapol_supp_sm.c which can
verify that eap_proxy has been initialized.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-23 20:51:39 +03:00
Helmut Schaa
677cf19091 hostapd: Select any supported channel if ACS fails
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
2013-10-23 00:44:48 +03:00
Helmut Schaa
20f9cb1842 hostapd: Allow ACS to deal with partial survey data
Previously ACS required valid survey data on all available channels.
This can however not be guaranteed. Instead of just failing, fall back
to the subset of channels that have valid ACS data.

Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
2013-10-23 00:44:41 +03:00
Helmut Schaa
3645fd5aae hostapd: Propagate ACS errors to iface setup
Otherwise hostapd might hang doing nothing anymore. Propagate ACS
errors so we can fail gracefully.

Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
2013-10-23 00:44:36 +03:00
Helmut Schaa
0e1d0b370f hostapd: Don't get stuck after failed ACS
If ACS fails we still need to call hostapd_setup_interface_complete.
Otherwise hostapd will just hang doing nothing anymore. However, pass
an error to hostapd_setup_interface_complete to allow a graceful fail.

Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
2013-10-23 00:44:30 +03:00
Jouni Malinen
af8a827b90 Make frequency range list routines more general
This allows the frequency range list implementation to be shared for
other purposes.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-23 00:44:07 +03:00
Jouni Malinen
941dae0a2e P2P: Add more user friendly debug print of channel lists
This makes it easier to go through the P2P channel list operations in
the debug log without having to parse through the hexdump manually.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-23 00:39:17 +03:00
Michal Kazior
cd3b0700df nl80211: Fix DFS radar event parsing
Incorrect nla_get variants were used to get event type and frequency.
Kernel passes both as u32. This caused issues on tinynl/big-endian hosts
- CAC finished was treated as radar detection and frequency was 0.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-10-22 15:50:07 +03:00
Jouni Malinen
2b72df6374 nl80211: Free BSS structure even if netdev does not exists
It is possible for a vif netdev to be removed by something else than
hostapd and if that happens for a virtual AP interface, if_remove()
handler should still free the local data structure to avoid memory leaks
if something external removes a netdev.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-22 13:35:32 +03:00
Jouni Malinen
41cc50d19e nl80211: Update send_action_cookie on AP-offchannel-TX path
Previously, the send_mlme->send_frame->send_frame_cmd path that could be
used when a GO sends an offchannel Action frame ended up not updating
drv->send_action_cookie. This can result in an issue with not being able
to cancel wait for the response, e.g., in invitation-to-running-group
case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-21 18:24:20 +03:00
Jouni Malinen
dc46fd66c9 P2P: Cancel offchannel TX wait on Invitation Response RX
This fixes issues where a GO used offchannel-TX operation to send an
Invitation Request frame. Wait for the offchannel TX operation needs to
be stopped as soon as the Invitation Response frame has been received.
This addresses some issues where Probe Response frame from the GO
through the monitor interface may end up going out on a wrong channel
(the channel of this offchannel TX operation for invitation).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 21:38:02 +03:00
Jouni Malinen
8d82c2105b P2P: Fix PD retry channel on join-a-group case
Join-a-group needs to force the current operating channel of the target
group as the frequency to use for the PD exchange. When the channel was
selected based on a BSS entry for the GO, this worked only for the first
PD Request frame while the retries reverted to a potentially different
channel based on a P2P peer entry. Fix this by maintaining the forced
channel through the PD retry sequence.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 21:38:02 +03:00
Jouni Malinen
512629aefe P2P: Accept Invitation Response non-success without Channel List
P2P Invitation Response frame is required to include the Channel List
attribute only in Status=Success case. Skip the debug message claiming
that a mandatory attribute was not included in non-Success case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 21:37:52 +03:00
Jouni Malinen
db13605816 EAP-AKA/AKA' peer: Allow external USIM processing to be used
This allows the new external_sim=1 case to be used to perform UMTS
authentication step in EAP-AKA/AKA' peer process. Following control
interface event is used to request the operation:

CTRL-REQ-SIM-<network id>:UMTS-AUTH:<RAND>:<AUTN> needed for SSID <SSID>

Response from external processing is returned with
CTRL-RSP-SIM-<network id> UMTS-AUTH:<IK>:<CK>:<RES>
or
CTRL-RSP-SIM-<network id> UMTS-AUTS:<AUTS>

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 13:12:04 +03:00
Jouni Malinen
569ccf719f EAP-SIM peer: Allow external SIM processing to be used
This allows the new external_sim=1 case to be used to perform GSM
authentication step in EAP-SIM peer process. Following control interface
event is used to request the operation:

CTRL-REQ-SIM-<network id>:GSM-AUTH:<RAND1>:<RAND2>[:<RAND3>] needed
for SSID <SSID>

For example:
<3>CTRL-REQ-SIM-0:GSM-AUTH:5e3496ce7d5863b3b09f97f565513bc3:
73f0f0bc5c47bcbed6f572d07ab74056:447b784f08de80bdc2b1e100fccbb534
needed for SSID test

Response from external processing is returned with
CTRL-RSP-SIM-<network id> GSM-AUTH:<Kc1>:<SRES1>:<Kc2>:<SRES2>
[:<Kc3>:<SRES3>]

For example:
wpa_cli sim 0 GSM-AUTH:d41c76e0079247aa:2709ebfb:43baa77cfc8bcd6c:
0fa98dc1:a8ad1f6e30e

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 13:12:04 +03:00
Jouni Malinen
a5d44ac083 EAP peer: Add framework for external SIM/USIM processing
The new configuration parameter external_sim=<0/1> can now be used to
configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM
authentication for EAP-SIM or UMTS authentication for EAP-AKA). The
requests and responses for such operations are sent over the ctrl_iface
CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing
password query mechanism.

Changes to the EAP methods to use this new mechanism will be added in
separate commits.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-20 13:12:04 +03:00
Jouni Malinen
e88060e1a7 HTTP server: Allow TCP socket to be reused
This makes it easier to handle cases where the application is restarted
and the previously used local TCP port may not have been fully cleared
in the network stack.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Jouni Malinen
9bc33868bf Add test option for specifying hardcoded BSS Load element
The new bss_load_test parameter can be used to configure hostapd to
advertise a fixed BSS Load element in Beacon and Probe Response frames
for testing purposes. This functionality is disabled in the build by
default and can be enabled with CONFIG_TESTING_OPTIONS=y.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Jouni Malinen
9c7e43a5c6 Define BSS Load element id
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Jouni Malinen
56f5af489c Interworking: Add support for QoS Mapping functionality for the STA
Indicate support for QoS Mapping and configure driver to update the QoS
Map if QoS Map Set elements is received from the AP either in
(Re)Association Response or QoS Map Configure frame.

This commit adds support for receiving the frames with nl80211 drivers,
but the actual QoS Map configuration command is still missing.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Kyeyoon Park
850e1c2579 atheros: Add support for QoS Mapping configuration
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Kyeyoon Park
c551700f1f Interworking: Add support for QoS Mapping functionality for the AP
This allows QoS Map Set element to be added to (Re)Association Response
frames and in QoS Map Configure frame. The QoS Mapping parameters are
also made available for the driver interface.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Jouni Malinen
01f809c7db Add AAA server domain name suffix matching constraint
The new domain_suffix_match (and domain_suffix_match2 for Phase 2
EAP-TLS) can now be used to specify an additional constraint for the
server certificate domain name. If set, one of the dNSName values (or if
no dNSName is present, one of the commonName values) in the certificate
must have a suffix match with the specified value. Suffix match is done
based on full domain name labels, i.e., "example.com" matches
"test.example.com" but not "test-example.com".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 13:34:26 +03:00
Jouni Malinen
be7963b3c2 OpenSSL: Fix code indentation in OCSP processing
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 13:34:22 +03:00
Janusz Dziedzic
899cc14e10 hostapd: Add support for DFS with 160 MHz channel width
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-17 21:06:16 +03:00
Janusz Dziedzic
6de0e0c99e Mark DFS functions static and rename them
These functions are not used from outside dfs.c anymore.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-17 21:05:54 +03:00
Janusz Dziedzic
58b73e3dd9 hostapd: DFS with 40/80 MHz channel width support
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-17 21:05:44 +03:00
Janusz Dziedzic
846de15d7b DFS: Add more parameters to radar events
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-17 21:05:39 +03:00
Janusz Dziedzic
04e8003c6c nl80211: Use struct hostapd_freq_params with start_dfs_cac
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-17 21:05:31 +03:00
Janusz Dziedzic
72c753d7bb hostapd: Split hostapd_set_freq to helper function
This allows the functionality to fill in a struct hostapd_freq_params to
be shared.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-17 21:05:23 +03:00
Janusz Dziedzic
e76da50529 hostapd: Add AP DFS support
Add DFS structures/events handlers, CAC handling, and radar detection.
By default, after radar is detected or the channel became unavailable, a
random channel will be chosen.

This patches are based on the original work by Boris Presman and
Victor Goldenshtein. Most of the DFS code is moved to a new dfs.c/dfs.h
files.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>

Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-10-17 21:05:15 +03:00
Helmut Schaa
ded22b5390 hostapd: Fix segfault after ACS when flushing STAs
When hostapd receives an auth frame during ACS the transmission of
the according auth response will always fail:

ACS: Automatic channel selection started, this may take a bit
[..]
send_auth_reply: send: Resource temporarily unavailable
[..]

However, a station info entry was created. Once ACS is finished
it will flush all stations even though hapd was not yet fully
initialized. This results in a segfault when trying to access
hapd->radius:

0  0x0042c1c0 in radius_client_flush_auth ()
1  0x00416a94 in ap_free_sta ()
2  0x00416cc0 in hostapd_free_stas ()
3  0x0040bce8 in hostapd_flush_old_stations ()
4  0x0040c790 in hostapd_setup_interface_complete ()
5  0x0046347c in acs_scan_complete ()
6  0x0040f834 in hostapd_wpa_event ()
7  0x0043af08 in send_scan_event.part.46 ()
8  0x00443a64 in send_scan_event ()
9  0x00443c24 in do_process_drv_event ()
10 0x004449e8 in process_global_event ()
11 0x7767d7d0 in ?? ()

Fix this by not presuming anything about the initialization state of
hapd and checking ->radius before accessing.

Signed-off-hostapd: Helmut Schaa <helmut.schaa@googlemail.com>
2013-10-14 20:44:31 +03:00
Dmitry Shmidt
24d110dca3 Replace printf with wpa_printf debug message
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-10-14 20:40:57 +03:00
Swaroop Golti
63ce59dea8 P2P: Increase Invitation Request timeouts
In noisy environment peer may take more time to send Invitation
Response so increase Invitation Response timeout to 500 ms in success
case and also increase Invitation Request action wait time to 500 ms.
This makes the Invitation Request case use the same timeout with GO
Negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-05 18:14:33 -07:00
Sunil Dutt
5bfd7e9168 TDLS: Do not start concurrent TDLS setup
A new TDLS request shall transmit TPK M1 frame with a unique INonce.
Thus a new explicit request would fail an ongoing TDLS negotiation with
the error "TDLS: FTIE SNonce in TPK M3 does not match with FTIE SNonce
used in TPK M1" if the peer happens to receive two M1 frames before an
M3 frame. Check for the ongoing negotiation with the peer and do not
start a new one if we are already in a setup negotiation with the peer.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-30 17:38:41 +03:00
Sunil Dutt
33d85b63b5 TDLS: Use wpa_tdls_disable_peer_link() in TPK M1 processing
This function is used only with external setup, so this can cleaned up
to use simpler design.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-30 17:36:26 +03:00
Sunil Dutt
1a0a2ce39c TDLS: Use wpa_tdls_disable_peer_link() to avoid peer search
There is no need to go through the peer list when we already have a
pointer to the specific peer entry.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-30 17:34:13 +03:00
Sunil Dutt
83d3fdb7c6 TDLS: Use helper function for disable link operation
This is called from number of locations and it is more efficient to use
a new helper function instead of wpa_tdls_disable_link() that would do
peer address search from the list of peers.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-30 17:29:05 +03:00
Sunil Dutt
f130b105ec TDLS: Clean up wpa_tdls_teardown_link() uses
Making this function be used only for external setup case simplifies the
implementation and makes core wpa_supplicant calls in ctrl_iface.c and
events.c consistent.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-30 17:10:18 +03:00
Jouni Malinen
2b5b875f34 EAP-AKA server: Fix AUTS processing
Commit 8a9f58f2cc ("EAP-AKA server: Store
permanent username in session data") broke AUTS processing by skipping
new authentication triplet fetch after having reported AUTS. Fix this by
started new full authentication sequence immediately after reporting
AUTS so that the updated parameters are available for the Challenge
message.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-29 18:39:14 +03:00
Jouni Malinen
a771c07dfc Add driver status information to control interface
STATUS-DRIVER command can now be used to fetch driver interface status
information. This is mainly for exporting low-level driver interface
information for debug purposes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 17:19:30 +03:00
Jouni Malinen
739faee2a9 nl80211: Add some more debug prints for mgmt frame TX
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 12:10:57 +03:00
Jouni Malinen
f78f278520 nl80211: Fix off-channel Action frame TX from GO with use_monitor
TX frequency gets lost when going through the monitor send MLME option
and this resulted in P2P operations like invitation from a GO failing
when the driver needs monitor socket, but would support offchannel TX.
Fix this by using frame_cmd path instead in case the monitor socket
would have been hit for action frame TX.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-28 12:08:19 +03:00
Jouni Malinen
af96448488 nl80211: Add more debug prints for send_mlme operations
This makes it easier to debug issues in incorrect channel use in
management frame transmission.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 23:18:33 +03:00
Jouni Malinen
5d4c78fb1f nl80211: Reset nlmode to station on leaving IBSS
Previously, IBSS mode (NL80211_IFTYPE_ADHOC) was left in drv->nlmode
when leaving IBSS. This causes issues for send_mlme() handler for P2P
Probe Response transmission in Listen state. Fix this by clearing nlmode
back to NL80211_IFTYPE_STATION on leaving IBSS so that following P2P
operations can be executed correctly. Previously, this was fixed only
when the next authentication/association attempt in station mode
occured.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 23:14:41 +03:00
Jouni Malinen
0249c12596 Avoid compiler warning with CONFIG_NO_STDOUT_DEBUG=y
There is no need to use the bss variable which is used only within a
wpa_printf() call that can be conditionally removed from the build.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 19:24:17 +03:00
Jouni Malinen
ed1bf011da Allow hostapd config file for dynamically added interface
This extends hostapd global control interface command "ADD" to use a
configuration file instead of requiring configuration to be built using
SET command.

The command format is now following:
ADD <ifname> <control path|config=<path to config>>

For example:

ADD wlan0 /var/run/hostapd
ADD wlan0 config=/tmp/hostapd.conf

When using the configuration file option, ctrl_interface parameter in
the file needs to be set to allow ENABLE command to be issued on the new
interface.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 19:07:29 +03:00
Jouni Malinen
97bacf7cf6 Do not clear hostapd configuration parameters on disable-iface
There was a comment about the the cleanup steps being from
hostapd_cleanup_iface(). However, the operations that cleared some
security parameters do not seem to exist elsewhere and do not make sense
here. Remove them to avoid changing configuration with DISABLE followed
by ENABLE.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 18:35:32 +03:00
Jouni Malinen
66f4dd1550 hostapd: Fix couple of deinit path cases to clear pointers
This fixes some issues where dynamic interface enable/disable cycles
could end up trying to free resources twice and crash the process while
doing so.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 18:14:13 +03:00
Jouni Malinen
f18b7817ec nl80211: Print more debug info on management frame RX information
This can be useful in figuring out how drv->last_mgmt_freq gets set
to debug issues with P2P frames being sent on incorrect channel.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 17:42:00 +03:00
Kyeyoon Park
3ca96df596 atheros: Compile fix for driver code not defining IEEE80211_APPIE_FRAME_WNM
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 14:44:16 +03:00
Jouni Malinen
762c92a444 OpenSSL: Split OCSP peer_cert/peer_issuer debug output into parts
This makes it clearer which certificate was missing.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 14:43:58 +03:00
Kyeyoon Park
913c19c6e5 Fix wpa_config_parse_string() to null terminate printf decoded values
printf_decode() fills in a binary buffer and returns the length of
the written data. This did not use null termination since initial
use cases used the output as a binary value. However, Hotspot 2.0
cred block values are also using this for parsing strings. Those
cases could end up without proper null termination depending on what
os_malloc() ends up getting as the memory buffer. Fix these and make
printf_decode() more convenient by forcing the output buffer to be
null terminated.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-25 14:43:24 +03:00
Hardik Kantilal Patel
7ae1439a56 P2P: Prefer 20 MHz operating channels on 5 GHz band over 2.4 GHz
When no other user preference is specified, opt to use an operating
channel that allows 5 GHz band to be used rather than 2.4 GHz.
Previously, this was already done in practice for HT40 channels since no
such channel is enabled for P2P on 2.4 GHz. This commit extends this to
apply 5 GHz preference for 20 MHz channels as well.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-16 08:36:39 -07:00
Sunil Dutt
aa78cd338f Drop EAP packet with code 10 before EAPOL state machine processing
H3C WA2620i-AGN AP may send an EAP packet with an undefined EAP code
10 after successful EAP authentication which restarts the EAPOL
state machine. Drop such frames with this unrecognized code without
advancing the EAPOL supplicant or EAP peer state machines to avoid
interoperability issues with the AP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-15 22:42:33 -07:00
Sunil Dutt
1380fcbd9f TDLS: Do not modify RNonce for an TPK M1 frame with same INonce
There is no point in updating the RNonce for every obtained TPK M1 frame
(e.g., retransmission due to timeout) with the same INonce (SNonce in
FTIE). Update RNonce only if a TPK M1 is received with a different
INonce (new TDLS session) to avoid issues with two setup exchanges
getting mixed and exchange failing due to mismatching nonces ("TDLS:
FTIE ANonce in TPK M3 does not match with FTIE ANonce used in TPK M2").

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-15 12:09:40 -07:00
Sunil Dutt
8a658f2bdf TDLS: Disable the created link on a failed TDLS handshake
Clear the peer information and disable the created link on a
failed TDLS setup negotiation. This is needed to avoid leaving
TDLS setup pending and to return to the AP path in case anything
goes wrong during the setup attempt.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-15 11:51:00 -07:00
Jouni Malinen
d047ae6278 WPS: Ignore PBC-to-PIN change from M1 to M2 as a workaround
Some APs may incorrectly change Device Password ID from PBC in M1 to
Default PIN in M2 even when they are ready to continue with PBC. This
behavior used to work with earlier implementation in wpa_supplicant, but
commit b4a17a6ea7 started validating this
as part of a change that is needed to support NFC configuration method.

While this kind of AP behavior is against the WSC specification and
there could be potential use cases for moving from PBC to PIN, e.g., in
case of PBC session overlap, it is justifiable to work around this issue
to avoid interoperability issues with deployed APs. There are no known
implementations of PBC-to-PIN change from M1 to M2, so this should not
reduce available functionality in practice.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-14 12:02:33 -07:00
Jouni Malinen
5bf9a6c859 P2P: Add event messages for possible PSK failures on P2P groups
It is possible for the GO of a persistent group to change the PSK or
remove a client when per-client PSKs are used and this can happen
without the SSID changing (i.e., the group is still valid, but just not
for a specific client). If the client side of such persistent group ends
up trying to use an invalidated persistent group information, the
connection will fail in 4-way handshake. A new WPS provisioning step is
needed to recover from this.

Detect this type of case based on two 4-way handshake failures when
acting as a P2P client in a persistent group. A new
"P2P-PERSISTENT-PSK-FAIL id=<persistent group id>" event is used to
indicate when this happens. This makes it easier for upper layers to
remove the persistent group information with "REMOVE_NETWORK <persistent
group id>" if desired (e.g., based on user confirmation).

In addition to indicating the error cases for persistent groups, all
this type of PSK failures end up in the client removing the group with
the new reason=PSK_FAILURE information in the P2P-GROUP-REMOVED event.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 21:35:10 +03:00
Jouni Malinen
f2c566027e P2P: Add a command for removing a client from all groups
The new control interface command P2P_REMOVE_CLIENT <P2P Device
Address|iface=Address> can now be used to remove the specified client
from all groups (ongoing and persistent) in which the local device is a
GO. This will remove any per-client PSK entries and deauthenticate the
device.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 21:35:10 +03:00
Jouni Malinen
01a57fe420 P2P: Maintain list of per-client PSKs for persistent groups
Record all generated per-client PSKs in the persistent group network
block and configure these for the GO Authenticator whenever re-starting
the persistent group. This completes per-client PSK support for
persistent groups.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 21:35:10 +03:00
Jouni Malinen
759fd76b7f P2P: Select PSK based on Device Address instead of Interface Address
When using per-device PSKs, select the PSK based on the P2P Device
Address of the connecting client if that client is a P2P Device. This
allows the P2P Interface Address to be changed between P2P group
connections which may happen especially when using persistent groups.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 11:30:26 +03:00
Jouni Malinen
94ddef3e72 P2P: Make peer's P2P Device Address available to authenticator
This can be used to implement per-device PSK selection based on the
peer's P2P Device Address instead of P2P Interface Address.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 11:05:19 +03:00
Jouni Malinen
52177fbb70 P2P: Store P2P Device Address in per-device PSK records
This makes the P2P Device Address of the Enrollee available with the PSK
records to allow P2P Device Address instead of P2P Interface Address to
be used for finding the correct PSK.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 10:47:34 +03:00
Jouni Malinen
05766ed8de P2P: Allow per-device PSK to be assigned
"wpa_cli p2p_set per_sta_psk <0/1>" can now be used to disable/enable
use of per-device PSKs in P2P groups. This is disabled by default.
When enabled, a default passphrase is still generated by the GO for
legacy stations, but all P2P and non-P2P devices using WPS will get
a unique PSK.

This gives more protection for the P2P group by preventing clients from
being able to derive the unicast keys used by other clients. This is
also a step towards allowing specific clients to be removed from a group
reliably without having to tear down the full group to do so.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 10:14:29 +03:00
Syed Asifful Dayyan Rafiuddeen
0b5fb86a24 P2P: Stop listen state when listen-only duration is over
Even after listen duration is over, P2P module remained in
P2P_LISTEN_ONLY state, which is blocking station mode scans. Fix this by
stopping P2P listen explicitly to update p2p_state to IDLE when listen
duration expires.

Signed-hostap: Syed Asifful Dayyan <syedd@broadcom.com>
2013-08-31 18:09:15 +03:00
Michal Kazior
50f4f2a066 hostapd: Add Automatic Channel Selection (ACS) support
This adds ACS support to hostapd. Currently only survey-based
algorithm is available.

To use ACS you need to enable CONFIG_ACS=y in .config and use
channel=0 (or channel=acs_survey) in hostapd.conf.

For more details see wiki page [1] or comments in src/ap/acs.c.

[1]: http://wireless.kernel.org/en/users/Documentation/acs

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-08-31 11:51:06 +03:00
Andrejs Cainikovs
fcf20528a0 Fix MNC length for Swisscom SIM cards
Swisscom SIM cards do not include MNC length within EF_AD, and end up
using incorrect MNC length based on the 3-digit default. Hardcode MNC
length of 2 for Switzerland, in the same manner as it was done for
Finland.

Signed-hostap: Andrejs Cainikovs <andrejs.cainikovs@sonymobile.com>
2013-08-31 10:58:23 +03:00
Jouni Malinen
28de68ae56 P2P: Update peer operating channel from GO Negotiation Confirm
If the device that sends the GO Negotiation Confirm becomes the GO, it
may change its operating channel preference between GO Negotiation
Request and Confirm messages based on the channel list received from us.
Previously, the peer operating channel preference was not updated in
such a case and this could result in the initial scans after GO
Negotiation using incorrect operating channel and as such, extra delay
in the connection process. Fix this by updating the operating channel
information from GO Negotiation Confirm in cases where the peer becomes
the GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-26 14:16:31 +03:00
Jouni Malinen
6701fdc37f P2P: Use the first pref_chan entry as operating channel preference
If there are no higher priority preference for the operating channel,
use the first pref_chan entry as the operating channel preference over
the pre-configured channel which is not really a good indication of
preference. This changes the behavior for GO Negotiation Request frame
operating channel preference value in cases where p2p_pref_chan list is
set.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-26 14:10:23 +03:00
Jouni Malinen
99d7c76294 P2P: Add more debug info on operating channel selection
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-26 14:08:03 +03:00
Jouni Malinen
e743db4309 IBSS RSN: Add IBSS-RSN-COMPLETED event message
This new control interface event message is used to indicate when
both 4-way handshakes have been completed with a new IBSS peer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-25 23:09:22 +03:00
Jouni Malinen
4c559019bd P2P: Add state info to global STATUS command
This can be used for debugging purposes to see what the current P2P
module state is.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-25 21:02:12 +03:00
Michal Kazior
0185007c2e hostapd: Add survey dump support
This adds survey dump support for all frequencies
and for specific desired frequencies. This will later
be used by ACS code for spectrum heuristics.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-08-25 18:35:25 +03:00
Michal Kazior
245e026ec8 hostapd: Split up channel checking into helpers
This splits up the channel checking upon initialization into a few
helpers. This should make this a bit easier to follow. This also paves
the way for some initial ACS entry code.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-08-25 18:35:20 +03:00
Rui Paulo
ba873bdf86 wired: Wait for the link to become active before sending packets
Interfaces that take one or two seconds to reconfigure the link after we
set IFF_ALLMULTI or after we bring the interface up were dropping the
initial TX EAPOL packet which caused excessive delays in authentication.
This change applies to FreeBSD/DragonFly only.

Signed-hostap: Rui Paulo <rpaulo@FreeBSD.org>
2013-08-25 11:40:19 +03:00
Ilan Peer
d393de1d27 P2P: Validate the freq in p2p_group_add
Add additional input verification for the frequency parameter in
p2p_group_add (and other P2P operations for that matter). Without this
verification invalid freq could be set and not handled properly.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-08-25 11:28:56 +03:00
David Spinadel
239abaf2ab WPS: Set currently used RF band in RF Bands attribute
According to WSC specification (Ver 2.0.2, section 8.3), RF Bands
attribute should be set to the specific RF band used for the current
message. Add an option to set wanted band in wps_build_rf_bands() and
add a callback to get the current band from wpa_supplicant and hostapd.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
2013-08-25 10:55:53 +03:00
Ilan Peer
bf83eab553 nl80211: Start P2P Device when rfkill is unblocked
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-08-25 10:43:52 +03:00
Ilan Peer
60b13c2017 nl80211: Do not change type to station on P2P interfaces
It is possible that when trying to remove a dynamically added interface,
changing its type to station mode is not possible (since the kernel does
not support so in its interface combinations).

Since P2P interfaces are always dynamically added, avoid changing their
type to station in the deinit_ap() and deinit_p2p_client() nl80211
callbacks, assuming that the interface is about to be removed.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-08-25 10:20:54 +03:00
Jouni Malinen
5bcd5c5a68 FT RRB: Clear pad field to avoid sending out uninitialized data
The pad field in the RRB messages is unused, but it should be
initialized to avoid sending out arbitrary data from stack. This was
also generating number of valgrind complaints about uninitialized memory
accesses in local FT tests.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-25 00:35:10 +03:00
Jouni Malinen
b378c41fbc nl80211: Fix deinit path to unregister nl_mgmt socket
Commit 8e12685c43 replaced call to
nl80211_mgmt_unsubscribe() on the deinit path with a
wpa_driver_nl80211_set_mode() call. This is not enough to unregister the
bss->nl_mgmt read socket in all cases. Fix this by unconditionally
unsubscribing from the nl80211 events after having change mode to
station.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-24 23:45:11 +03:00
Jeffin Mammen
e96872a4f2 WPS: Track peer MAC address from the last operations
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 17:48:59 +03:00
Jeffin Mammen
ae23935e7d WPS: Track PBC status
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 17:48:25 +03:00
Jeffin Mammen
61b6520e16 WPS: Track result of the latest WPS operation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 17:48:20 +03:00
Jeffin Mammen
50396e29da WPS: Add PBC mode activated/disabled events
This makes it easier to track PBC state on the registrar.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 16:52:48 +03:00
Jouni Malinen
961750c1e8 WPS: Share a common function for error strings
This makes it easier to maintain the list of WPS_EI_* error values and
matching strings.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 16:32:34 +03:00
Sunil Dutt
30158a0d80 nl80211: Update the assoc_freq during connect
drv->assoc_freq was not updated during the connect command (neither
during the command's invocation nor after getting the event) unlike with
auth/assoc case where assoc_freq is updated. This resulted in
nl80211_get_link_noise() (and any other function for that matter) using
the improper drv->assoc_freq value with drivers that use the connect
API. Fix this by updating drv->assoc_freq on connect command and when
fetching the frequency from the driver.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 15:41:05 +03:00
Jouni Malinen
83e7bb0e5d nl80211: Add more debug prints for DEL_STATION commands
This makes the debug log clearer on AP mode STA operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 12:03:28 +03:00
Jouni Malinen
d2ba3d6bd9 VLAN: Simplify no-WEP with VLAN check
No need to have a local variable and two #ifndef blocks for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-07 12:24:18 +03:00
Michael Braun
d66dcb0d0b WEP: Remove VLAN support from hostapd
This removes WEP with VLAN support and thus avoids increasing
complexity for tagged VLANs.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-08-07 12:22:38 +03:00
Rui Paulo
646f12ad4c bsd: Add a commit routine
Signed-hostap: Rui Paulo <rpaulo@FreeBSD.org>
2013-08-07 11:03:44 +03:00
Rui Paulo
32dc6a319e bsd: Mark define sta_set_flags() only for hostapd
Signed-hostap: Rui Paulo <rpaulo@FreeBSD.org>
2013-08-07 11:02:55 +03:00
Rui Paulo
70a867c268 bsd: Mark the interface down before opening the routing socket
Signed-hostap: Rui Paulo <rpaulo@FreeBSD.org>
2013-08-07 11:01:12 +03:00
Rui Paulo
89f4690005 bsd: Compute the RSSI level
Signed-hostap: Rui Paulo <rpaulo@FreeBSD.org>
2013-08-07 10:57:51 +03:00
Rui Paulo
5dd82c634c bsd: Set IEEE80211_KEY_NOREPLAY in IBSS/AHDEMO mode
Signed-hostap: Rui Paulo <rpaulo@FreeBSD.org>
2013-08-07 10:57:10 +03:00
Rui Paulo
cb76af8a35 bsd: Skip SIOCSIFFFLAGS ioctl when there is no change.
Don't issue SIOCSIFFLAGS if the interface is already up or already down.

Signed-hostap: Rui Paulo <rpaulo@FreeBSD.org>
2013-08-07 10:54:16 +03:00
Sameer Thalappil
7239ea7f01 nl80211: Add stop AP mode event API
Stop AP command can be used by the driver as an event to indicate that
AP mode has stopped operation. WLAN driver may have encountered errors
that has forced the driver to report this event or concurrent operations
on virtual interfaces may have forced AP operation to be stopped. When
in P2P GO mode, wpa_supplicant uses this event to remove P2P group to
keep in sync with the driver state.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-06 23:28:40 +03:00
Michael Braun
c2db79f237 VLAN: Remove vlan_tail
Everything in hostapd can be implemented efficiently without vlan_tail.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-08-04 21:45:50 +03:00
Sunil Dutt
f7b4ef2208 TDLS: Handle transmission failures of TPK Handshake messages
A transmission failure of the TDLS Setup Request frame (TPK Handshake
M1) results in no further retries and the peer entry being left in state
where all TDLS Setup Request frames from the peer with higher address
would be rejected, thus always resulting in a failure to establish a
TDLS link. Handle the failures in transmission by disabling the link
immediately to ensure the traffic to the peer goes through the AP. This
commit also handles similar transmision failures for TPK Handshake M2
and M3 frames (TDLS Setup Response and Confirm).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-01 10:47:23 +03:00
Jouni Malinen
dc01de8a0e nl80211: Fix TDLS key configuration to not set TX key index
The nl80211 command for setting the TX index does not distinguish TDLS
vs. AP key and as such, the driver would not know what this set TX key
index operation is doing in the TDLS case. This could result in the TX
key index for AP being changed instead if static WEP is used in the AP
connection. Fix the issue by not setting TX key index when configuring a
TDLS key.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-07-31 18:34:16 +03:00
Ilan Peer
932659696e nl80211: Remove unused WPA_DRIVER_FLAGS_MULTI_CHANNEL_CONCURRENT
This is not used anymore after the previous commits that changed the
driver interface to use number of supported concurrent channels instead
of this flag.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Signed-hostap: David Spinadel <david.spinadel@intel.com>
2013-07-21 20:52:09 +03:00
Ilan Peer
4752147d88 nl80211: Report the number of concurrent support channels
Previously, drivers only reported if they support multiple concurrent
channels, but did not report the maximum number of supported channels.
Add this reporting to the driver capabilities and add the implementation
to driver_nl80211.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Signed-hostap: David Spinadel <david.spinadel@intel.com>
2013-07-21 19:49:47 +03:00
Antonio Quartulli
b21990b4bb nl80211: Register for AUTH frames when joining an IBSS network
In order to correctly handle IBSS/RSN, wpa_supplicant has to register
for any incoming Authentication frmae to properly react when those are
received.

Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 15:27:19 +03:00
Nicolas Cavallari
c91f796fb4 nl80211: Support not specifying the frame frequency
If the frequency is not specified the frame is now sent over
the channel used by the current BSS.

This will also log the payload of each sent CMD_FRAME.

Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
[antonio@open-mesh.com: commit message reworded]
Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 15:24:50 +03:00
Mohammed Shafi Shajakhan
ed07764699 nl80211: Remove redundant assignment of ifindex
wpa_driver_nl80211_finish_drv_init() takes care of assigning
the interface index.

Signed-hostap: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
2013-07-21 13:20:27 +03:00
Sujith Manoharan
69dd2967db WDS: Fix WEP usage with nl80211 wds_sta=1
The static WEP keys have to be configured for the new VLAN
interface that is created for a 4addr WDS peer, not doing so
breaks WEP functionality in nl80211/4addr based WDS links.

Signed-hostap: Sujith Manoharan <c_manoha@qca.qualcomm.com>
2013-07-20 17:41:22 +03:00
Michal Kazior
c8ebeda406 wpa_supplicant: Add support for VHT BSS membership selector
This allows wpa_supplicant to associate to an AP that has VHT BSS
membership selector set to indicate VHT support is required for the BSS.

Without the patch it was impossible to connect to, e.g., hostapd-based
AP that has require_vht=1. wpa_supplicant was complaining with:
  hardware does not support required rate 63.0 Mbps

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-07-20 17:28:42 +03:00
Sujith Manoharan
3f9a8137f5 hostapd: Add a config option to control beaconing
In a AP/STA concurrent setup, if the STA interface is continually
scanning, trying to connect to a network, the AP interface
is basically broken since beaconing would be erratic.

This option can be used in a WDS setup where one AP acts as a
Client/AP-Repeater. The Repeater AP interface has to start beaconing
only after the Client interface has established a WDS link with the
"Root AP".

Signed-hostap: Sujith Manoharan <c_manoha@qca.qualcomm.com>
2013-07-20 17:20:43 +03:00
Michal Kazior
182b2e535c Add missing host_to_le32() for big endian hosts
Compiling hostapd with VHT enabled on a big endian machine resulted in
an undefined symbol error. Fix this by defining the missing macro.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-07-20 17:17:32 +03:00
Jithu Jance
3f53c006c7 nl80211: Ignore disconnect event in case of locally generated request
Previously, there could be two disconnection events in core
wpa_supplicant when going through a case of wpa_supplicant-requested
disconnection with a driver that implements SME internally. This could
result in undesired behavior when a disconnection is followed by a new
connection attempt before the extra event has been received (e.g.,
during fast reassoc or WPS provisioning). Avoid such issues by ignoring
locally generated disconnect events after requesting cfg80211 to
disconnect.

This makes the previously used ignore_next_local_disconnect more
consistent by setting the variable within
wpa_driver_nl80211_disconnect() so that both callers get the same
behavior.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2013-07-20 16:06:13 +03:00
Jouni Malinen
eb7ddbf108 WPS: Stop SSDP service before freeing the pending entries
This avoids debug warnings about freeing referenced memory.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-07-11 17:03:50 +03:00
Jouni Malinen
98cbc0a2ab Remove forgotten Xcode defines
Commit 3962b65858 removed the Xcode
project files, but missed the defines in build_config.h. Remove these
since there are no users for them in the current snapshot.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-09 15:20:17 +03:00
Jouni Malinen
fe65847bb1 EAP-EKE: Add server implementation
This adds a new password-based EAP method defined in RFC 6124.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
7e7610d788 EAP-EKE: Add peer implementation
This adds a new password-based EAP method defined in RFC 6124.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
489202ddce EAP-SAKE: Use configured server identity
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
a607b42eeb EAP-PSK: Use configured server identity
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
15b042b854 EAP-MSCHAPv2: Use configured server identity
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
162865bc97 EAP-IKEv2 server: Use configured server identity
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
8f89d828b1 EAP-GPSK server: Use configured server identity
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
67fe933d40 Add server identity configuration for EAP server
The new server_id parameter in hostapd.conf can now be used to specify
which identity is delivered to the EAP peer with EAP methods that
support authenticated server identity.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-07 20:30:10 +03:00
Jouni Malinen
d53d2596e4 Fix build with older OpenSSL versions
Check that SSL_clear_options and SSL_CTX_clear_options are defined
before using them to avoid compilation failures with older OpenSSL
versions that did not include these macros.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-06-30 12:55:52 +03:00
Jouni Malinen
54d4ba427c nl80211: Silence a compiler warning with older gcc versions
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-06-30 12:54:47 +03:00
Jouni Malinen
851b0c5581 nl80211: Do not indicate P2P_DEVICE support by default
Since the P2P_DEVICE support indication was added to kernel before
everything was working properly, there may be kernel versions in use
with the new mechanism breaking P2P functionality (especially with
mac80211_hwsim). For now, disable P2P_DEVICE support by default and
allow it to be enabled with driver_param=p2p_device=1 in the
configuration file. This default behavior may be changed in the future
once the kernel issues has been resolved in stable releases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-06-30 10:50:13 +03:00
Arend van Spriel
7940c7902e nl80211: Use wdev id when cancelling wait for frame using P2P_DEVICE
Another function that needs the wdev id when P2P management is done
using the P2P_DEVICE interface.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-30 10:50:13 +03:00
Arend van Spriel
f608081c1d nl80211: Verify P2P GO/client address with all interface addresses
With P2P Device support there will be two interfaces with their
own MAC address. The P2P Interface Address must be unique so verify
it is.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-30 10:50:13 +03:00
Arend van Spriel
5fbcb45daf nl80211: Fix determining phy name for P2P Device
The phy name was determined using /sys/class/net/<ifname> but the P2P
Device is not listed there since it does not have an associated net
device. This patch changes name determination to obtain the name from
the wiphy information provide by nl80211.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-30 10:50:13 +03:00
Arend van Spriel
27ce1d64c4 nl80211: Fix nl80211_get_wiphy_index() for P2P Device
For P2P Device the netlink message should have wdev identifier
instead of the interface index. This fixes a failure which occurred
executing the P2P_GROUP_ADD command.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-30 10:50:13 +03:00
Jouni Malinen
080585c01a Add support for OCSP stapling to validate server certificate
When using OpenSSL with TLS-based EAP methods, wpa_supplicant can now be
configured to use OCSP stapling (TLS certificate status request) with
ocsp=1 network block parameter. ocsp=2 can be used to require valid OCSP
response before connection is allowed to continue.

hostapd as EAP server can be configured to return cached OCSP response
using the new ocsp_stapling_response parameter and an external mechanism
for updating the response data (e.g., "openssl ocsp ..." command).

This allows wpa_supplicant to verify that the server certificate has not
been revoked as part of the EAP-TLS/PEAP/TTLS/FAST handshake before
actual data connection has been established (i.e., when a CRL could not
be fetched even if a distribution point were specified).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-06-30 01:01:15 +03:00
Arend van Spriel
ab7a1addf2 nl80211: Fix P2P group interface creating using P2P Device
When P2P Device is used as P2P management interface the creation of the
P2P group interface fails because MAC address retrieval fails for the
P2P Device interface.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:52:58 +03:00
Arend van Spriel
fa93de4059 nl80211: Use wdev_id in nl80211_create_iface_once()
For P2P an interface may be created for the P2P client/group. The
create request is done on the P2P management interface, which may
be a P2P Device interface. In that case it needs to use the wdev_id.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:51:59 +03:00
Arend van Spriel
fdc554b8ae nl80211: Use wdev id to obtain P2P Device scan results
In order to get a P2P-DEVICE-FOUND event the supplicant needs to
see a peer device during SEARCH and LISTEN phase. The SEARCH
phase does a scan so obtaining the scan results for the P2P Device
interface needs to be supported, i.e., use the wdev_id.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:51:14 +03:00
Arend van Spriel
597b94f5f4 nl80211: Add .get_mac_addr() callback for P2P Device
For P2P Device the MAC address is determined upon .init2(). The
wpa_s for this interface retrieves this address in
wpa_supplicant_update_mac_addr() using the .get_mac_addr() callback.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:50:21 +03:00
Arend van Spriel
8e12685c43 nl80211: Rework setting interface mode
The function setting the interface mode also handles management
frame subscription. Rework it so subscription is done for the
P2P Device interface.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:49:16 +03:00
Arend van Spriel
91724d6faa nl80211: Introduce i802_set_iface_flags()
The driver uses linux_set_iface_flags() in several places. Introduce and
use i802_set_iface_flags() which also works for P2P Device interface.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:48:03 +03:00
Arend van Spriel
eb4582f273 nl80211: Remove P2P Device interface upon .deinit()
The .deinit() closes netlink for P2P Device. Before doing that remove
the P2P Device interface that was created by wpa_supplicant.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:46:34 +03:00
Arend van Spriel
f632e483b1 nl80211: Fix P2P Device interface initialization
Couple of issues upon initializing a P2P Device interface needed
to be solved.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:44:54 +03:00
Arend van Spriel
e472e1b458 nl80211: Handle creation of P2P Device interface
Add specific handler for creating the P2P Device to store the wdev_id as
this type of interface does not have an interface index.

Signed-hostap: Arend van Spriel <arend@broadcom.com>
2013-06-25 13:41:55 +03:00
Johannes Berg
01517c8b30 nl80211: Allow Android P2P functionality
To support Android the kernel may have a "p2p0" netdev for a P2P Device
even though this isn't very useful, but Android requires a netdev. To
support this in the supplicant, if the interface mode is P2P_DEVICE,
re-set it to the same instead of STATION mode.

Note that this is only possible with a kernel that creates a
netdev for the P2P Device wdev.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-06-25 13:38:03 +03:00
David Spinadel
6bae92e0f2 nl80211: Add support for P2P Device in add interface
Don't try to assign ifindex for P2P Device interface.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2013-06-25 13:36:04 +03:00
David Spinadel
d6dcfcdaac nl80211: Add a handler to create_interface
Add an option to pass a handler to nl80211_create_iface() and
nl80211_create_interface_once() that will be called after receiving the
message from the kernel. This handler will add the option to process the
message in different ways for different interfaces.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2013-06-25 13:35:05 +03:00
David Spinadel
d3aaef8034 nl80211: Hold wdev identification for P2P Device
Add wdev_id to i802_bss. wdev_id_set indicates whether this id is
available. Use wdev_id if assigned, instead of ifindex. Use wdev_id for
events that come from the kernel to identify the relevant interface.
This commit does not assign wdev_id value for the BSS yet, i.e., this is
only preparation for the value to be used in a future commit.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2013-06-25 13:33:45 +03:00
Nirav Shah
7aad838c92 nl80211: Identify if nl80211 is capable of P2P Device abstraction
Check the supported interfaces attribute to identify support for
a dedicated P2P Device interface type. If set, update the driver
capabilities flag to notify the supplicant.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2013-06-25 13:29:48 +03:00
David Spinadel
6a71413ef2 nl80211: Rename is_p2p_interface
Rename is_p2p_interface() to is_p2p_net_interface() since it used to
identify network P2P interfaces to disable 802.11b rates on them.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2013-06-25 13:26:17 +03:00
Michael Braun
8393e1a024 nl80211: Print interface name on set_key()
Sometimes an interface name that cannot be resolved is given to the
set_key function, so print the ifname in addition to the ifidx.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 12:25:15 +03:00
Michael Braun
80ebfd9527 VLAN: Avoid access to non-existing interfaces
Currently, hostapd_get_vlan_id_ifname() is used to determine if a given
vlan is valid *and* to actually determine the interface. This leads to
wpa_set_keys() sometimes setting the key on the wildcard interface name,
which does not make sense.

This patch therefore adds hostapd_vlan_id_valid() and makes
hostapd_get_vlan_id_ifname() not return a wildcard interface.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 12:03:02 +03:00
Michael Braun
4345fe963e bridge: Track inter-BSS usage
Currently, struct hostapd_vlan is a per-BSS data structure which
also contains informations about whether to remove the bridge
or clear wlan / tagged-vlan interface from the bridge.

In a multi-interface multi-BSS setup, this can lead to the following
race condition:
 1. wlan0 creates VLAN A, sets DVLAN_CLEAN_BR and DVLAN_CLEAN_VLAN_PORT
 2. wlan1 creates VLAN A, does not set DVLAN_CLEAN_BR and
    DVLAN_CLEAN_VLAN_PORT as already there
 3. wlan0 removes VLAN A, removes tagged-interface from the bridge
    but not the bridge.
    Now wlan1 VLAN A is unusable due to the missing uplink.
 4. wlan1 removes VLAN A, does not cleanup

Solution:
This requires an inter-BSS inter-interface data structure to track the
bridge / bridge port usage within hostapd. This data structure could
also be used to track any other device-has-been-created-by-hostapd
information or when regarding interface freeing.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 12:00:10 +03:00
Michael Braun
459eee923c bridge: Use safe default bridge interface
Currently by default, all BSS share the bridge brvlan%d.
While this is sane when no tagged-interface is given, this
is insane when different tagged interfaces are given, as
it would result in bridging those tagged interfaces.

This patch therefore uses br%s%d with %s=tagged_interface
and %d=VLAN ID as bridge name when a tagged-interface is given.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 11:10:00 +03:00
Michael Braun
2aaeedfa07 bridge: Give bridge name in per-bss configuration
Currently, when different BSS using different tagged vlan
interfaces, they are forced to share the bridge brvlan#,
which is not desirable.

This patch fixes this by making the bridge name configurable.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-06-25 11:09:01 +03:00
Andrei Otcheretianski
9578329874 Add AVG_RSSI report in signal_poll
Add AVG_RSSI report to the signal_poll command if it is reported by
the kernel.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-06-22 12:01:05 +03:00
Andrei Otcheretianski
2cc8d8f4e8 Add bandwidth and center freq info to signal_poll
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-06-22 12:00:46 +03:00
David Spinadel
2090a0b42e nl80211: Add prints for kernel events
Add prints for kernel event, including the event ID and event string.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-06-22 11:12:48 +03:00
Sunil Dutt
87436760a2 TDLS: Validate ext_supp_rates in copy_supp_rates
The ext_supp_rates passed to merge_byte_arrays would be invalid if not
advertized by the TDLS peer. Thus, validate the argument to avoid
crashes in such cases.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-20 15:10:15 +03:00
Jouni Malinen
85b4eac364 P2P: Do not reply to 802.11b-only Probe Request frames as GO
If AP mode SME/MLME within wpa_supplicant is used for processing Probe
Request frames in GO mode, drop Probe Request frames that include only
802.11b rates per P2P spec section 2.4.1.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-19 19:16:23 +03:00
Kyeyoon Park
4331263b73 Fix session timeout after ANQP dummy STA entry with SME-in-driver
Upon association, disable the timer that removes the dummy STA. This
timer caused the STA that associates within 5 seconds of doing an ANQP
query to disassociate, thinking it's a dummy STA. Similar call was
already there for the SME/MLME-in-hostapd case in handle_auth(), but the
SME-in-driver case was not previously addressed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-18 17:40:51 +03:00
Jouni Malinen
aa20e1a1fb Remove CONFIG_NO_WPA2 build parameter
There is not much use for enabling WPA without WPA2 nowadays since most
networks have been upgraded to WPA2. Furthermore, the code size savings
from disabling just WPA2 are pretty small, so there is not much
justification for maintaining this build option. Remove it to get rid of
undesired complexity.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-07 20:13:25 +03:00
Jouni Malinen
84ae1d44ca Fix WNM build without WPA2
Commit ae8535b6e1 added a new function
wpa_sm_pmf_enabled() which is called from WNM code without ifdefs.
Define a dummy wrapper for this function to fix build if WPA2 is
disabled.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-07 20:02:50 +03:00
Jouni Malinen
c33d5eb063 Fix build without WPA2 or EAP
Commit 4033935dd9 updated
pmksa_cache_flush() function arguments, but forgot to update the wrapper
function for cases where WPA2 or EAP has been disabled in the build.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-07 20:01:10 +03:00
Vivek Natarajan
8f395284bd P2P: Modify wait time in INVITE state based on Tx status of INV-REQ
In a noisy enviromment, some peers can be slow to respond to the
invitation request frames which may lead to unnecessary state timeout.
Increase this timeout to 350 ms to improve the probabilty of
successfully receiving the invitation response frames.

Signed-hostap: Vivek Natarajan <nataraja@qca.qualcomm.com>
2013-06-03 21:30:34 +03:00
Jouni Malinen
e112764e6d nl80211: Use NL80211_ATTR_PEER_AID to set TDLS peer AID
This is needed for TDLS with VHT to allow partial AID to be set
correctly for the direct link frames. cfg80211 validation rules
prevented NL80211_ATTR_STA_AID from being used for this in set_station
case, so the new attribute is used instead.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-30 10:25:23 +03:00
Jouni Malinen
f8a5fd4243 Synchronize with wireless-testing.git include/uapi/linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-30 10:22:47 +03:00
Jouni Malinen
9b1693a162 WPS: Allow Device Password Id changes between PIN methods
Commit b4a17a6ea7 added support for the
WPS Registrar to change the Device Password based on WSC specification
design. However, this added validation for Registrar behavior which
resulted in preventing a common P2P use case from working. Relax the
validation rules for builds with P2P enabled to allow the Enrollee (P2P
client) accepting M1/M2 changes in Device Password Id between Default
and Registrar-specified PIN.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-28 00:35:47 +03:00
Jouni Malinen
1ba51ec02b nl80211: Add debug print for set_supp_port operation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-27 20:32:54 +03:00
Jouni Malinen
add9b7a46a nl80211: Ignore deauth/disassoc event from old AP
It looks like cfg80211 can deliver a deauth/disassoc event during some
roaming cases while we are already in progress with a new
authentication/association. This happens at least with FT protocol.
Avoid issues with such disconnection event resulting in core
wpa_supplicant stopping the new connection attempt by tracking
auth/assoc BSSID more carefully within driver_nl80211.c and filtering
out events that do not apply for the current AP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-27 20:10:57 +03:00
Jouni Malinen
b54c9ff9ce FT: Fix TKIP group key configuration in FT protocol
The Michael MIC TX and RX keys needs to be swapped in the FT case just
like in all other TKIP key configuration cases. This fixes issues where
TKIP as group cipher resulted in Michael MIC failures being detected for
each received group-addressed frame after FT protocol use.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-24 16:03:54 +03:00
Jouni Malinen
3cb953e4b6 Do not set driver MAC ACL unless driver supports this
This cleans up debug log by not including comments about failed
operations in case the operation is known to fail due to not being
supported by the driver.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-24 13:37:22 +03:00
Vivek Natarajan
3c4ca36330 hostapd: Support MAC address based access control list
Enable MAC address based ACL for the drivers which advertise
this capabilty with NL80211_ATTR_MAC_ACL_MAX. Either of blacklist
or whitelist is supported, though, not simultaneously.

Signed-hostap: Vivek Natarajan <nataraja@qca.qualcomm.com>
2013-05-24 13:26:35 +03:00
Jouni Malinen
ae8535b6e1 WNM: Make ESS Disassoc Imminent event more convenient to use
Define a proper event prefix and include additional information to allow
ESS Dissassociation Imminent event to be used in a wpa_cli action
script.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-23 16:51:03 +03:00
Jouni Malinen
7b53acd395 WNM: Use defines for BSS Trans Mgmt field values
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-23 16:50:39 +03:00
Jouni Malinen
901d1fe1e5 WNM: Remove PMKSA cache entry on ESS disassoc imminent notification
This is needed to avoid allowing the STA to reconnect using a cached
PMKSA. ESS disassoc imminent notification is normally used to indicate
that the STA session will be terminated and as such, requiring full
authentication through the authentication server after this is needed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-23 16:50:06 +03:00
Sean Lin
72728c6fa8 P2P: Relax channel forcing for invitation processing with MCC support
When STA interface is connected and P2P interface gets invited in a
different channel from previous P2P group, the invitiation would fail
because of no common channel found. Fix this by using different logic
when device support multi channel concurrency.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-22 13:29:46 +03:00
Jouni Malinen
4033935dd9 Fix OKC-based PMKSA cache entry clearing
Commit c3fea27274 added a call to clear
all other PMKSA cache entries for the same network if the PMKSA cache
entry of the current AP changed. This was needed to fix OKC cases since
the other APs would likely use the new PMK in the future. However, this
ended up clearing entries in cases where that is not desired and this
resulted in needing additional full EAP authentication with networks
that did not support OKC if wpa_supplicant was configured to try to use
it.

Make PMKSA cache entry flushing more limited so that the other entries
are removed only if they used the old PMK that was replaced for the
current AP and only if that PMK had previously been used successfully
(i.e., opportunistic flag was already cleared back to 0 in
wpa_supplicant_key_neg_complete()). This is still enough to fix the
issue described in that older commit while not causing problems for
standard PMKSA caching operations even if OKC is enabled in
wpa_supplicant configuration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-22 13:24:30 +03:00
Jouni Malinen
1045ec36a3 nl80211: Add couple of additional iftypes to debug prints
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-21 16:51:06 +03:00
Sunil Dutt
2cadc8e1e5 TDLS: Retry TDLS Setup Response more quickly
TDLS responder STA used to retransmit the TDLS Setup Response after 5
seconds if the TDLS Setup Confirm is not received. The initiator would
have enabled the TDLS link and started transmitting the data to the peer
on the TDLS link after transmitting the TDLS Setup Confirm frame. If the
TDLS Setup Confirm frame is not received by the receiver, the
transmissions from the initiator on the direct link would get failed for
the TDLS link not getting enabled on the receiver. This commit reduces
the data delivery failure duration by shortening the retry time of the
TDLS Setup Response frames. The retry limit of the TDLS Response frame
also is increased to ensure that the peer does not miss the frames in
the reduced time period.

Signed-hostap: Sunil Dutt <duttus@codeaurora.org>
2013-05-20 21:30:27 +03:00
Kyeyoon Park
d5b559b641 WNM: Add disassociation timeout processing for ESS_DISASSOC
The hostapd_cli ess_disassoc command now takes three arguments (STA MAC
address, timeout in ms, URL) and the STA is disconnected after the
specified timeout.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-20 11:13:40 +03:00
Jouni Malinen
c4bf83a723 P2P: No duplicate AP-STA-CONNECTED/DISCONNECTED as global event
These events are sent as a special case to both the group interface and
"parent interface" (i.e., the interface that was used for managing P2P
negotiation). The latter is not really correct event, so get rid of it
with the new global control interface design where there is no need to
support legacy upper layer implementations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 19:18:31 +03:00
Jouni Malinen
7793c959e6 Clean up AP-STA-CONNECTED/DISCONNECTED prints
Use shared code to print the parameters so that they do not need to be
generated four times separately.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 19:09:41 +03:00
Jouni Malinen
ed496f131f P2P: Clean up debug prints
Replace direct wpa_msg() calls with p2p_dbg(), p2p_info(), and p2p_err()
calls that use a new debug_print() callback to handle actual debug
printing outside the P2P module.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 18:47:36 +03:00
Jouni Malinen
710ae9ac1f P2P: Move p2p_find stopped event message into p2p_supplicant.c
This removes wpa_ctrl.h dependency from src/p2p/* and makes the P2P
events more consistent, i.e., everything that is aimed for upper layer
processing from the wpa_supplicant control interfaces is generated in
p2p_supplicant.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 16:06:40 +03:00
Jouni Malinen
47bfe49c31 Add wpa_msg_global() for global events
This function can be used instead of wpa_msg() and wpa_msg_ctrl() to
indicate that an event is not specific to a network interface.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 14:19:24 +03:00
Jouni Malinen
d2a9e2c76d Abstract and Android sockets for global ctrl_iface
The wpa_supplicant global control interface parameter can now be used to
explicitly specify an abstract UNIX domain socket (Linux specific
extension) with "@abstract:" prefix and an Android control socket with
"@android:" prefix.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 11:42:09 +03:00
Jouni Malinen
058c8636a7 FT RRB: Fix a memory leak on error path
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 09:49:26 +03:00
Suryadevara Sudheer
c6ccf12d3f P2P: Use preferred channel list during GO creation
This extends support for p2p_pref_Chan configuration parameter for
autonomous GO creation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-17 11:27:02 +03:00
Suryadevara Sudheer
6d956c4064 P2P: Re-select channel in invitation case with peer info
Allow invitation exchange to update operating channel selection after
peer channel list has been received similarly to how GO negotiation was
handled.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-17 11:18:02 +03:00
Vinayak Kamath
65bcd0a92d WNM: Add sending of BSS Transition Management Query
The new control interface command can be used to send a
BSS Transition Management Query frame to the current AP.

Signed-hostap: Vinayak Kamath <vkamat@codeaurora.org>
2013-05-16 17:50:31 +03:00
Vinayak Kamath
e27d20bb68 WNM: Add neighbor report processing for BSS Transition Management
Process the neighbor report received in BSS Management Request frames.

Signed-hostap: Vinayak Kamath <vkamat@codeaurora.org>
2013-05-16 17:48:59 +03:00
Jouni Malinen
0af2db7478 edit: Fix libreadline history clearing with WPA_TRACE
The HIST_ENTRY and its variables are allocated within libreadline, so
they won't have the WPA_TRACE special header and cannot be freed with
os_free(). Use free() to avoid issues during wpa_cli termination if any
of the new commands added to the history are to be removed (e.g.,
set_network could include a password).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-14 16:46:38 +03:00
Jouni Malinen
455299fb40 nl80211: Fix foreign address filtering for MLME frame events
Commit 97279d8d1a started filtering MLME
frame events based on Address 1 (destination) field. This works fine for
frames sent to us, but it did filter out some corner cases where we
actually want to process an event based on a frame sent by us. The main
such case is deauthentication or disassociation triggered by something
external to wpa_supplicant in the system. Fix this by accepting events
for frames where either Address 1 or 2 (transmitter) matches the
interface address.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-13 11:53:21 +03:00
Paul Stewart
7c0e1e2757 tls_openssl: Store TLS context per-connection
Store context for each tls_init() caller, so events are generated for
the correct wpa_s instance. The tls_global variable is retained for
older OpenSSL implementations that may not have app-data for SSL_CTX.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-05-10 00:22:08 +03:00
Simon Wunderlich
b113a171ac DFS: Add ieee80211h hostapd configuration parameter
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 20:14:53 +03:00
Simon Wunderlich
695c70381f nl80211: Add driver_ops for stopping AP beaconing
This can be used to stop AP mode beaconing temporarily, e.g., in
response to a radar detected event.

This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 20:06:33 +03:00
Simon Wunderlich
f90e9c1c8b nl80211: Add driver_ops for starting radar detection
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 20:05:01 +03:00
Simon Wunderlich
fc96522eb9 nl80211: Add channel flags for DFS state information
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 20:02:57 +03:00
Simon Wunderlich
f295d0c86a nl80211: Add driver capability flag for radar detection
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 19:59:47 +03:00
Simon Wunderlich
04be54fa09 nl80211: Add driver events for radar detection
This patch is based on the original work by Boris Presman and
Victor Goldenshtein. Channel Switch Announcement support has been
removed and event handling as well as channel set handling was
changed, among various other changes.

Cc: Boris Presman <boris.presman@ti.com>
Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 19:59:40 +03:00
Simon Wunderlich
a7505b1775 eloop: Allow to run event loop multiple times in a row
DFS implementation requires to run an eventloop while monitoring
the Channel Availability Check (CAC). After that, the "real" event
loop is started, and should not fail doing so.

Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
2013-05-09 16:42:14 +03:00
Sunil Dutt
55293aaf4e TDLS: Do not overwrite the reason code in the Tear Down Request
The reason code for the teardown request is overwritten for open
mode. This commit removes the code that does so by reverting parts
of commit 0cb12963b6.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-07 16:27:31 +03:00
Jouni Malinen
03565bc2d6 Synchronize with wireless-testing.git include/uapi/linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-06 15:59:49 +03:00
Jouni Malinen
f11b72c3e9 TDLS: Move AID=1 workaround into driver_nl80211.c
The use of AID=1 for the nl80211 dummy STA case is specific to the
driver (cfg80211), so better move this into the driver wrapper instead
of generic TDLS implementation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-06 15:57:03 +03:00
Sunil Dutt
785336998d TDLS: Pass peer's AID information to kernel
The information of the peer's AID is required for the driver to
construct partial AID in VHT PPDU's. Pass this information to the driver
during add/set station operations (well, as soon as the information is
available, i.e., with set station operation currently).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-06 15:47:44 +03:00
Jouni Malinen
ad0685e901 edit: Fix history processing on running old command
currbuf_valid needs to be cleared when an old command from history is
processed to avoid leaving a bogus entry that makes history_prev() skip
the last entry in history.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-05 13:09:55 +03:00
Jouni Malinen
11e5a49c28 WPS: Do not use void* in arithmetic
This is a C compiler extension and not needed, so replace with standard
compliant way of calculating the pointer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-04 20:19:45 +03:00
Jouni Malinen
048edb1070 Revert "nl80211: Add nla_put_u32() wrapper for Android"
This reverts commit df2f9ec6b2.

The current AOSP snapshot for JB includes nla_put_u32(), so this is not
needed anymore and is also causing linking issues due to duplicated
definition.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-04 20:19:43 +03:00
Johannes Berg
8543ed8a37 WPA: Print pairwise EAPOL-Key flag as a bool
Since "pairwise" is defined as an integer, the current assignment leads
to it having the value 0 or 8, which is a bit strange in debug output:

WPA: Send EAPOL(version=2 secure=1 mic=1 ack=1 install=1 pairwise=8
kde_len=46 keyidx=2 encr=1)

Use !!(...) to normalize it to 0 or 1.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-05-04 11:48:57 +03:00
Johannes Berg
7af092a015 hostapd: Add Key MIC in group EAPOL-Key frames corruption test option
For some testing it can be useful to force the Key MIC in group
EAPOL-Key frames to be corrupt. Add an option to allow setting a
probability for corrupting the Key MIC and use it in the WPA code,
increasing the first byte of the MIC by one to corrupt it if desired.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-05-04 11:45:03 +03:00
Ilan Peer
b691dcb129 nl80211: Fix max_remain_on_chan capability reading
In case that NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP is supported,
wiphy_info_handler() is called several times, where
NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION is present only in one
of these calls. Thus capa->max_remain_on_chan is overridden in
all other calls.

Fix it so the default value is set only after all the wiphy info was
received.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-05-04 11:28:54 +03:00
Jouni Malinen
b57b560034 wpa_supplicant: Default to nl80211 instead of wext
nl80211 has obsoleted WEXT as the preferred kernel interface for
controlling wireless drivers. Update wpa_supplicant driver interface
list order so that nl80211 gets used first if both nl80211 and wext
interfaces are included in the build. In addition, update README to
reflect the fact that WEXT is obsolete.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-29 16:55:44 +03:00
Jouni Malinen
c64686229f WPS ER: Allow UPnP interface to be forced
"WPS_ER_START ifname=<interace>" can now be used to force a specific
interface to be used for UPnP operations. This is especially useful for
automated test cases where the lo interface can now be used easily to
perform ER operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-28 21:56:24 +03:00
Ben Greear
728d97171b Use status code 17 (unable to handle new STA) on max-STA limitation
This is more useful information than the previously used value 1
(unspecified failure).

Signed-hostap: Ben Greear <greearb@candelatech.com>
2013-04-28 16:45:55 +03:00
Jouni Malinen
5e24dc8a4b Add dup_binstr() to help common binary string tasks
There are quite a few places in the current implementation where a nul
terminated string is generated from binary data. Add a helper function
to simplify the code a bit.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 23:44:59 +03:00
Jouni Malinen
2c48211c49 FT RRB: Validate os_malloc() return value before using it
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 23:05:15 +03:00
Michael Braun
7ca902b53e Make vlan_file optional if dynamic_vlan is used
My APs generate their configuration on their own using a different
number of (vlan-enabled) bss. Currently, all my vlan_file files consist
of a single line: the wildcard line. Configuration file generation would
be easier, if the hostapd configuration file would not depend on those
simple vlan_file files.

This patch removes the need for those one-line files by using the
<device>.<vlan> naming scheme if no vlan_file is given (or that file is
empty). This should not break any existing setup, as using dynamic_vlan
with no vlan configured does not make sense anyway.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-04-27 22:53:34 +03:00
Jouni Malinen
bdb112d35f Add bitfield routines
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:16:40 +03:00
Jouni Malinen
fe904963d0 WPS: Fix AP auto configuration on config token generation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-27 22:14:56 +03:00
Jouni Malinen
8f7a6dd7d0 WPS NFC: Allow Device Password ID override for selected registrar
When a specific out-of-band Device Password is enabled, it can be useful
to be able to advertise that in the selected registrar information.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-27 22:14:31 +03:00
Jouni Malinen
aaecb69d87 WPS: Use generic MAC Address attribute builder
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:13:36 +03:00
Jouni Malinen
9ccd916504 P2P: Clean up channel--frequency conversion functions
All P2P use cases are required to use the global operating table and
there is no need to need to try to maintain some backwards compatibility
with country code -specific values. Clean up the implementation by
removing the unnecessary country parameter.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:12:13 +03:00
Jouni Malinen
e864c0aefe Use a common frequency to channel conversion function
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:11:51 +03:00
Deepthi Gowri
02db75b6c2 FT: Reset FT flag upon STA deauthentication
Reset ft_completed if STA receives deauthentication
between FT reassoc success and the subsequent initial
mobility authentication and association.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-26 17:56:24 +03:00
Jouni Malinen
7800d45c71 P2P: Set P2P_DEV_PEER_WAITING_RESPONSE from TX status callback
Commit fb8984fd6f added a mechanism to
skip the Listen state when the peer is expected to be waiting for us to
initiate a new GO Negotiation. However, this flag was set when building
the GO Negotiation Response frame with status 1 regardless of whether we
managed to send that frame or peer receive it. This could result in GO
Negotiation failures in cases where the peer did not receive the
response and Listen channels of the devices were different. Fix this by
setting the flag only after TX status indicating success has been
received.

This fixes frequent failures shown for the test_grpform_pbc hwsim test
case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-26 12:57:52 +03:00
Shijie Zhang
d78d3c6190 EAP peer: Add check before calling getSessionId method
We should not call getSessionID method if it's not provided. This fixes
a regression from commit 950c563076 where
EAP methods that did not implement getSessionId resulted in NULL pointer
dereference when deriving the key.

Signed-off-by: Shijie Zhang <shijiez@qca.qualcomm.com>
2013-04-26 12:30:01 +03:00
Jouni Malinen
97279d8d1a nl80211: Drop frame events that are for foreign address
This avoids duplicate processing of events when multiple BSSes are
configured.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-24 01:02:01 +03:00
Jouni Malinen
cc2ada868e nl80211: Reduce debug on Probe Request frames
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-24 01:01:21 +03:00
Jouni Malinen
63a965c313 P2P: Fix after_scan_tx processing during ongoing operations
When Action frame TX is postponed until a pending p2p_scan completes,
there may be additional operations that need to be continued after the
postponed Action frame TX operation completes. Fix this by starting
pending operation (if any) from TX status event for after_scan_tx
frames.

This fixes common errors seen with the test_discovery hwsim test case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-23 21:15:54 +03:00
Paul Stewart
754632c965 dbus_new: Add EAP logon/logoff
Add "EAPLogoff" and "EAPLogon" interface DBus commands which
parallel the "logoff" and "logon" wpa_ctrl commands which terminate
and restart EAP authentication.  Slightly enhance the "logon" case
by expiring any running "startWhile" timer.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-04-23 17:57:55 +03:00
Johannes Berg
c2aff6b1d1 hostapd: Add some testing options
In order to test clients in scenarios where APs may (randomly)
drop certain management frames, introduce some testing options
into the hostapd configuration that can make it ignore certain
frames. For now, these are probe requests, authentication and
(re)association frames.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-04-23 17:51:28 +03:00
Dmitry Shmidt
e6304cad47 wpa_supplicant: Add option -I for additional config file
This option can be used only for global parameters that are not going
to be changed from settings.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Iliyan Malchev <malchev@google.com>
2013-04-23 17:38:57 +03:00
Johannes Berg
adc96dc2ad nl80211: Fix nla_nest_start conversion
Dmitry reported that the kernel could no longer parse the
scheduled scan attributes correctly after my patch to use
nla_nest_start/nla_nest_end. The reason is that the wrong
attribute is closed I accidentally made it close the full
scan config instead of just the SSID match set.

Reported-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-04-23 17:19:20 +03:00
Chris Hessing
c7a39ba4e1 Provide TLS alerts to CLI/UI over control interface
Harmonize EAP status events over control interface to provide same
functionality as existing D-Bus callback.

Signed-hostap: Chris Hessing <chris.hessing@cloudpath.net>
2013-04-23 16:46:02 +03:00
Jouni Malinen
75fa7d19a4 TDLS: Fix key configuration with current mac80211
A kernel commit ("mac80211: fix FT roaming") started validating that the
STA entry is marked associated when adding a key. While this is needed
to fix some FT use cases with hardware crypto, it has a side effect of
breaking TDLS key configuration. Work around this by trying to
re-configure the key for the direct link after the STA entry has been
set with all information. In addition, try to tear down the link if
anything goes wrong in key configuration (if both attempts fail) or
enabling the link in the driver.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-03 18:39:10 +03:00
Jouni Malinen
88c8bf311e WPS NFC: Allow configuration token to be built from network block
"WPS_NFC_CONFIG_TOKEN <WPS/NDEF> <network id>" can now be used to build
an NFC configuration token from a locally configured network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 21:28:57 +03:00
Jouni Malinen
e205401c72 WPS ER: Allow Enrollee to be specified with MAC address
wps_er_pbc and wps_er_pin can now be used with both the UUID and MAC
Address of the Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 20:52:44 +03:00
Jouni Malinen
59307b3007 WPS ER: Allow AP to be specified with BSSID
This extends the WPS ER commands that previously accepted only UUID as
an identifier for an AP to use either UUID or BSSID for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 20:32:09 +03:00
Jouni Malinen
49e160a58d WPS: Fix use of pre-configured DH keys with multiple operations
wps_build_public_key() takes the dh_ctx into use and another attempt to
use the same DH keys fails with wps->dh_ctx being set to NULL. Avoid
this by using the DH parameters only if dh_ctx is valid. This fixes
cases where a use of local pre-configured DH keys followed by an
operating using peer DH keys would faild due to unexpected attempt to
use local keys again.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 19:30:34 +03:00
Jouni Malinen
5c9d63d46f WPS: Be more careful with pre-configured DH parameters
Make the implementation more robust against error cases with
pre-configured DH parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 19:27:32 +03:00
Jouni Malinen
3db5439a5f Optimize Extended Capabilities element to be of minimal length
Leave out zero octets from the end of the element.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 21:58:17 +03:00
Johannes Berg
8cd6b7bce8 hostapd/wpa_s: Use driver's extended capabilities
Some extended capabilities (I'm currently interested in "Operating Mode
Notification" for VHT) are implemented by the kernel driver and exported
in nl80211. Use these in hostapd/wpa_supplicant.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-31 21:51:44 +03:00
Jouni Malinen
ab547b5857 WPS: Add more helpful debug for invalid WPS_REG command parsing
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 12:34:35 +03:00
Jouni Malinen
a679c0f284 WPS: Allow hostapd process to control independent WPS interfaces
The new wps_independent=1 configuration parameter can be used to remove
interfaces from the shared hostapd process WPS control (i.e., to apply
WPS operations only to a subset of interfaces instead of all).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 12:34:35 +03:00
Jouni Malinen
ccdff94035 WPS AP: Add support for reconfiguration with in-memory config
This allows WPS to update AP configuration in the case no hostapd
configuration file is used (i.e., dynamic configuration through the
control interface).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 12:34:35 +03:00
Johannes Berg
8970bae806 nl80211: Use nla_nest_start/end instead of nla_put_nested
Instead of allocating a new message and then moving that into
the message being built, use nla_nest_start() and put the data
into the message directly.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-30 20:37:44 +02:00
Chaitanya TK
558d69e3ba P2P: Omit P2P Group Info in case of no connected peers
As per P2P specification v1.2: "The P2P Group Info attribute shall be
omitted if there are zero connected P2P Clients."

Do not add the attribute if there are not connected peers.

Signed-hostap: Chaitanya T K <chaitanya.mgit@gmail.com>
2013-03-30 20:08:42 +02:00
Michael Braun
65a32cdbcb AP: Fix infinite loop in WPA state machine when out of random bytes
When the OS is out of random bytes in SM_STATE(WPA_PTK, AUTHENTICATION2)
in ap/wpa_auth.c, hostapd sends the sm to state DISCONNECT without
clearing ReAuthenticationRequest, resulting in an infinite loop.
Clearing sm->ReAuthenticationRequest using gdb fixes the running hostapd
instance for me. Also sm->Disconnect = TRUE should be used instead of
wpa_sta_disconnect() to make sure that the incomplete ANonce does not
get used.

Fix this issue by resetting sm->ReAuthenticationRequest even if the STA
gets disconnected and use sm->Disconnect instead of
wpa_sta_disconnect().

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-03-30 19:53:22 +02:00
Jouni Malinen
a5f61b2b87 Fix OLBC non-HT AP detection to check channel
A non-HT capable AP on any channel could have triggered us to enable
protection regardless of own operating channel if the driver delivered
Beacon frames from other channels. The channel detection in ap_list is
not exactly ideal, but most cases can be handled by checking ap->channel
against the currently configured channel (or secondary channel in case
of HT40).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 18:05:18 +02:00
Jouni Malinen
69554d78f6 ap_list: Remove unused functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 17:06:50 +02:00
Jouni Malinen
08c99cafd2 ap_list: Remove unused iteration list pointers
This iter_next/iter_prev pointers were not really used for anything, so
get rid of the unnecessary complexity in the AP list maintenance.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 17:06:27 +02:00
Jouni Malinen
6b16917f39 ap_list: Remove unused fields
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 16:58:58 +02:00
Jouni Malinen
66f1f751d2 P2P: Fix provision discovery response handling in some cases
Commit 6b56cc2d97 added a possible call to
p2p_reset_pending_pd() prior to checking config_methods match between
our request and peer response. That reset call could clear
dev->req_config_methods and as such, result in unexpected
P2P-PROV-DISC-FAILURE report here even in cases where the peer accepts
the provision discovery. Fix this by using a local copy of the
req_config_methods variable.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 16:10:43 +02:00
Jouni Malinen
187f87f04c hostapd: Allow ctrl_iface group to be specified on command line
The new -G<group> command line argument can now be used to set the group
for the control interfaces to enable cases where hostapd is used without
a configuration file and the controlling program is not running with
root user privileges.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-29 17:09:31 +02:00
Sunil Dutt
9f890c982a TDLS: Support both external and internal setup in disabling link
Enhance TDLS Setup Request processing to support both external and
internal TDLS setup for the case where concurrent TDLS initialization
results in the TDLS Setup Request from the peer getting accepted.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-28 15:05:10 +02:00
Jouni Malinen
864fe3a47c TDLS: Fix TDLS Setup Request processing in existing-peer cases
wpa_tdls_peer_free() ended up getting called after some of the
parameters from the TDLS Setup Request frame were copied into the struct
wpa_tdls_peer information. This could result in continuing with cleared
information in case the new exchange was the one that is used in
concurrent initialization case or if this is to re-negotiated an
existing TDLS link. The driver would not be provided with all the peer
capabilities correctly in such case.

Fix this by moving the existing_peer check to happen before the
information from the TDLS Setup Request frame is copied.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-28 12:38:24 +02:00