A P2P Action frame may need to be sent on another channel than the GO's
operating channel. This information was lost in
wpa_driver_nl80211_send_action() in the case the interface was in AP
mode. Pass the frequence and related parameters to send_mlme mechanism
to allow the correct frequence to be used with the send frame command in
AP (P2P GO) mode.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Number of places in hostapd use ap_sta_disconnect() instead of
ap_sta_disassociate() or ap_sta_deauthenticate(). There are some
differences between these functions, e.g., in the area how quickly
the EAPOL state machines get deinitialized. This can result in
somewhat unexpected events since the EAPOL/WPA authenticator
state machines could remain running after deauthentication.
Address this by forcing EAPOL/WPA authenticator state machines
to disabled state whenever ap_sta_disconnect() is called instead
of waiting for the deauthentication callback or other timeout
to clear the STA.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Even though we may not update P2P peer entry while connected to the
peer as a P2P client, we should not be expiring a P2P peer entry while
that peer is the GO in a group where we are connected as a P2P client.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Even though we may not receive a Probe Response from the peer during
the connection, we should not be expiring a P2P peer entry while that
peer is connected to a group where we are the GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The cookie value needs to be fetched in GO mode, too, to be able to
indicate TX status callbacks with drivers that handle AP mode SME
functionality internally. This fixes issues with client discoverability
where TX status callback for GO Discoverability Request is needed to
trigger the GO to send Device Discoverability Response.
Some SIM cards do not include MNC length with in EF_AD. Try to figure
out the MNC length based on the MCC/MNC values in the beginning of the
IMSI. This covers a prepaid Elisa/Kolumbus card that would have ended
up using incorrect MNC length based on the 3-digit default.
Signed-hostap: Jouni Malinen <j@w1.fi>
The temporary IMSI buffer can be used for this without needing the
extra memory allocation. In addition, the implementation is easier
to understand when the extra identity prefix value for EAP-SIM/AKA
is not included while fetching MCC/MNC from the IMSI.
Signed-hostap: Jouni Malinen <j@w1.fi>
The EF-AD (administrative data) file may contain information about the
length of the MNC (2 or 3 digits) in the IMSI. This can be used to
construct the realm according to 3GPP TS 23.003 during EAP-SIM or
EAP-AKA authentication.
Signed-hostap: Simon Baatz <gmbnomis@gmail.com>
This patch notifies the upper framework that an on-going discovery has
been stopped. This is useful in cases where a p2p_find with a timeout
value initiated by the upper framework has been finished or when the
framework initiated "p2p_find" is stopped by a "p2p_connect".
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Some deployed station implementations seem to send msg 4/4 with
incorrect type value in WPA2 mode. Add a workaround to ignore that issue
so that such stations can interoperate with hostapd authenticator. The
validation checks were added in commit
f8e96eb6fd.
Signed-hostap: Jouni Malinen <j@w1.fi>
The Device ID attribute was already used in Listen state, but it was
ignored in GO role. Verify that there is a match with Device ID in
GO rule, too, before replying to the Probe Request frame.
Signed-hostap: Jouni Malinen <j@w1.fi>
dev_id=<P2P Device Addr> can now be specified as an argument to
p2p_find to request P2P find for a specific P2P device.
Signed-hostap: Jouni Malinen <j@w1.fi>
Some supplicant implementations (e.g., Windows XP WZC) update SNonce for
each EAPOL-Key 2/4. This breaks the workaround on accepting any of the
pending requests, so allow the SNonce to be updated even if we have
already sent out EAPOL-Key 3/4.
While the issue was made less likely to occur when the retransmit
timeout for the initial EAPOL-Key msg 1/4 was increased to 1000 ms,
this fixes the problem even if that timeout is not long enough.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Now that we can use driver_nl80211.c with non-mac80211 drivers that
implement SME/MLME internally, we may not get inactivity time from the
driver. If that is the case, we need to skip disconnection based on
maximum inactivity timeout. This fixes some unexpected disconnection
cases with ath6kl in AP mode.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The deauthentication and disassociation events from nl80211 were being
processed identically regardless of whether the frame was generated by
the local STA or the AP. This resulted in fast reconnection mechanism
getting triggered even in the case where the disconnection was detected
locally (e.g., due to beacon loss) while this was supposed to happen
only in the case where the AP is sending an explicit Deauthentication
or Disassociation frame with a specific reason code.
Fix this by adding a new deauth/disassoc event variable to indicate
whether the event was generated locally.
Signed-hostap: Jouni Malinen <j@w1.fi>
IEEE Std 802.1X-2004 does not clear authWhile and heldWhile in this
case, but doing so allows the timer tick to be stopped more quickly when
the port is not enabled. Since these variables are used only within HELD
and RECEIVE states, clearing them on initialization does not change
actual state machine behavior. This reduces some unnecessary operations
in port disabled state and cleans up the wpa_supplicant debug log after
disconnection.
Signed-hostap: Jouni Malinen <j@w1.fi>
Since wps_registrar_pbc_timeout is called to stop PBC, previously
registered wps_registrar_pbc_timeout must be canceled when canceling
the WPS operation.
Signed-off-by: Spencer Chang <jungwalk@gmail.com>
The offchanok parameter is hardcoded to one in number of paths and that
added NL80211_ATTR_OFFCHANNEL_TX_OK attribute to NL80211_CMD_FRAME
unconditional. cfg80211 rejects this with EINVAL if the driver does not
indicate support for offchannel TX. Fix this by not requesting
offchannel TX depending on driver capabilities. Remain-on-channel
operation was used for those cases anyway, so the additional attribute
was not really needed for these in the first place.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When nl80211_setup_ap() has enabled Probe Request reporting, this must
not be disabled when P2P Listen state is stopped to avoid breaking AP
mode operations. This could happen, e.g., if a Probe Request frame was
received from a P2P device that the we are trying to invite to our group
(i.e., when operating in GO role). p2p_probe_req_rx() calls
p2p_invite_start() in this case and that ends up calling
p2p->cfg->stop_listen() which calls probe_req_report() driver op.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
hostapd uses the poll method to check if the station is alive
after the station has been inactive for ap_max_inactivity seconds.
Make the poll mechanism configurable so that user can choose to
disconnect idle clients.
This can be especially useful when some devices/firmwares have
restrictions on the number of clients that can connect to the AP
and that limit is smaller than the total number of stations trying
to use the AP.
Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
The 100 ms timeout on retransmitting group key message can be too short
for stations that are in power save mode or if there is a large number
of association stations. While the retransmission of the EAPOL-Key frame
should allow this to be recovered from, it is useful to avoid
unnecessary frames to save soem CPU and power.
Signed-hostap: Jouni Malinen <j@w1.fi>
Drivers that use device SME in AP mode may still need to be
subscribed for Action frame RX when monitor interface is not used.
This fixes number of P2P GO operations with ath6kl.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Poll command may be enough for mac80211 to figure out whether monitor
interface is to be used, but this change did not take into account
non-mac80211 drivers that support AP mode without monitor interface.
For example, ath6kl needs to get use_monitor disabled.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add a new persistent group network block field, p2p_client_list, to
maintain a list of P2P Clients that have connected to a persistent
group. This allows GO of a persistent group to figure out more easily
whether re-invocation of a persistent group can be used with a specific
peer device.
Signed-hostap: Jouni Malinen <j@w1.fi>
The P2P module provides access to public peer data in struct
p2p_peer_info. Use this to build the P2P_PEER information in
ctrl_iface.c instead of providing such text format data from the P2P
module.
The internal data that was previously built in p2p_get_peer_info() as
part of the text format peer data is now available through a separate
p2p_get_peer_info_txt() function. This is still included in P2P_PEER
output to maintain backwards compatibility with external programs that
could have started to use this. However, it should be noted that this
data is not really supposed to be used for anything else apart from
debugging purposes and its format is subject to change.
Signed-hostap: Jouni Malinen <j@w1.fi>
p2p_get_peer_info() was used in multiple places just to check whether a
specific peer is known. This was not the designed use for the function,
so introduce a simpler function for that purpose to make it obvious that
the p2p_get_peer_info() function is actually used only in ctrl_iface.c.
Signed-hostap: Jouni Malinen <j@w1.fi>
If p2p_listen is issued during a p2p_scan, a pending after-scan operation
is scheduled. However, since there is support for only a single pending
operation, this was able to override a previously scheduled pending
connect command. This can break some command sequences, so give higher
priority to pending connect operation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Android ICS system/core/libnl_2 has very limited genl_ctrl_resolve()
implementation that cannot handle names other than nlctrl. Work
around that by implementing more complete genl_ctrl_resolve()
functionality within driver_nl80211.c for Android builds.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This event can be very frequent in AP mode when Beacon frames from
neighboring BSSes are delivered to user space. Drop the debug
message priority from DEBUG to EXCESSIVE for Beacon frames.
Signed-hostap: Jouni Malinen <j@w1.fi>
I needed this patch to compile against the latest
libnl code. I added this to my config file:
CONFIG_LIBNL32=y
Signed-hostap: Ben Greear <greearb@candelatech.com>
When waiting for go_neg frame from the peer in WAIT_PEER_CONNECT state,
I have observed that sometimes it takes 20 to 30 secs for successful GO
negotiation. I also found out that it is because of 1 second idle time,
in WAIT_PEER_CONNECT state. While it is good to have 1 second idle time
[for doing power-save or doing some other legacy STA Scan or some other
useful stuff], this makes GO Negotiation process slow.
We wait for 1 second idle and then listen for a random time between
100(min)-300(max) ms. Assume P1 is in WAIT_PEER_CONNECT state and P2 is
the one which is now to send go_neg frame. If P2 sends GO Negotiation
frame just at the boundary of 300 ms of P1 and assume that P2 takes
close to 600-800 ms for one iteration of sending go_neg request (one
iteration is GO Negotiation Request frame time + dwell time +
listen_time), P2 needs to transmit at least 16-18 Action frames for
hitting the listen time of P1.
Following patch reduces the idle time to 500 ms. Alternatively we can
increase the listen time interval to 500 ms just for WAIT_PEER_CONNECT
state.
Provision discovery from a known peer should actually check for
dev->flags & P2P_DEV_PROBE_REQ_ONLY. This is creating an issue of
updating the listen frequency of peer with the PD request frame
frequency. PD request frame will be sent by the peer on our local listen
frequency. This patch fixes that error. Suggested check has already been
implemented in the invitation req receive path.
The Provision Discovery Request needs to be sent on the operating
channel of the GO and as such, the frequency from the BSS table
(scan results) need to override the frequency in the P2P peer
table that could be based on the Listen channel of the GO.
Signed-hostap: Jouni Malinen <j@w1.fi>
The GO negotiation response is very cryptic at the moment. For a success
message we only know on which interface the negotiation succeeded, not
which peer. For a failure we know the interface also and a status code
(number).
It will be very useful for clients to know upon receipt of such a message
which peer the negotiation occurred with.
Now that the peer information is available and the API is changed
already, the function composing the D-Bus message might as well include
all GO negotiation information. This is done with a dict to make things
easier on clients if this result information changes down the line.
Signed-hostap: Reinette Chatre <reinette.chatre@intel.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
When the station is connected to P2P GO after calling p2p_find command
the device sees itself. It is related to lack of filtering itself from
clients connected to P2P GO.
Step by step:
1. dev1: p2p_group_add
2. dev2: p2p_connect <MAC1> pbc join
3. dev1: wps_pbc
4. dev2: p2p_find
Skip P2P client information for our own device from a GO with which
we are connected.
It looks like some USIM cards respond with 0x67 (Wrong length) instead
of 0x6c to 00 b2 01 04 ff. This was getting rejected in
scard_get_record_len(). ETSI TS 102 221 is not very clear on this
detail, but it looks fine to accept the 0x67 error value, too, to learn
the record length.
Signed-hostap: Jouni Malinen <j@w1.fi>
Return 1/0 instead 0/-1 to indicate valid/invalid element so that
the if statement makes more sense with !wmm_valid().
Signed-hostap: Jouni Malinen <j@w1.fi>
This updates a previous patch did more or less the same thing by
providing the qosinfo as a single variable to the driver wrappers.
Signed-hostap: Jason Young <jason.young@dspg.com>
Add uapsd_queues and max_sp fields to sta_info struct,
and pass them to the sta_add callback.
These values are determined by the WMM IE in the (Re)Association Request.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Check whether the driver advertises support for U-APSD
in AP mode, and evaluate wmm_uapsd only in this case.
Signed-off-by: Eliad Peller <eliad@wizery.com>
The wpa_hexdump_ascii() call did not get converted properly and this
was missed becaused of it getting defined out from the build. Anyway,
this better use the correct variable names should that debug print
ever be enabled for Android.
Signed-hostap: Jouni Malinen <j@w1.fi>
A Pending Provision Discovery Request was sent in SEARCH phase after a
previous provision discovery timeout. Fix this by resetting the config
method of P2P device in the pending PD reset function. This avoids the
sending of a pending Provision Discovery Request during the next P2P
search.
Signed-off-by: Jean-Michel.Bachot <jean-michelx.bachot@intel.com>
Some debug messages used incorrect name for Provision Discovery.
Replace "Provisioning Discovery" with "Provision Discovery".
Signed-hostap: Jouni Malinen <j@w1.fi>
It is safer to assume that the driver could be using NoA and reject
any Presence Request unless we are sure that noa NoA is in use.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows per-device PSK to be configured for WPA-Personal using a
RADIUS authentication server. This uses RADIUS-based MAC address ACL
(macaddr_acl=2), i.e., Access-Request uses the MAC address of the
station as the User-Name and User-Password. The WPA passphrase is
returned in Tunnel-Password attribute in Access-Accept. This
functionality can be enabled with the new hostapd.conf parameter,
wpa_psk_radius.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
WPS overlap detection can detect false overlap if a P2P peer
changes UUID while authentication is ongoing. Changing UUID
is of course wrong but this is what some popular devices do
so we need to work around it in order to keep compatibility
with these devices. There already is a mechanism in WPS
registrar to skip overlap detection if P2P addresses of two
sessions match but it wasn't really triggered because the
address wasn't filled in in the caller function.
Let's fill in this address and also clean up WPS PBC sessions
on WSC process completion if UUID was changed.
Signed-hostap: Vitaly Wool<vitalywool@gmail.com>
Pass the raw Probe Response template to kernel via netlink using the
set_ap() driver callback. The data is sent as one of the Beacon
attributes.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Configure a Probe Response template for drivers that support it. The
template is updated when the Beacon template is updated.
The Probe Response template is propagated to the driver via the set_ap()
callback.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
This is needed for Probe Response template, so move the code into a
separate function that can be shared.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Translate nl80211 flags to wpa_supplicant flags for Probe Response
offload support. The existence of the nl80211 PROBE_RESP_OFFLOAD_SUPPORT
attribute means Probe Response offload is supported. The value of the
attribute is a bitmap of supported protocols.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
This previously helped when debugging some auth issues when hitting the
AP with 128 association attempts all at once.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Append "p2p_dev_addr" parameter to AP-STA-DISCONNECTED event for P2P
connections. In addition, for AP-STA-CONNECTED event during P2P
connection, the "dev_addr=" print is replaced with "p2p_dev_addr=" to
be more consistent with other events.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Storing the address in the BSS instead of the DRV struct makes it usable
for hostapd and thus gets rid of the linux_get_ifhwaddr() call when
receiving a spurious frame.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Testing code can now be enabled in the hostapd RADIUS server to dump
each derived MSK into a text file (e.g., to be used as an input to
wlantest). This functionality is not included in the default build
and can be enabled by adding the following line to hostapd/.config:
CFLAGS += -DCONFIG_RADIUS_TEST
The MSK dump file is specified with dump_msk_file parameter in
hostapd.conf (path to the dump file). If this variable is not set,
MSK dump mechanism is not enabled at run time.
Signed-hostap: Jouni Malinen <j@w1.fi>
If Provision Discovery Request is sent for GO role (i.e., P2P Group ID
attribute is included), add the group interface name to the control
interface event on the GO. This makes it easier to figure out which
ctrl_iface needs to be used for wps_pbc/wps_pin command to authorize
the joining P2P client.
Signed-hostap: Jouni Malinen <j@w1.fi>
If p2p_prov_disc join command is used prior to p2p_connect join,
skip the duplicated provision discovery exchange.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
This can be used to request Provision Discovery Request to be sent
for the purpose of joining a running group, e.g., to request the GO
to display a PIN that we can then use with p2p_connect join command.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Since the nl_cache is not used anymore, there is no need for maintaining
the struct nl80211_handles wrapper for struct nl_handle. Clean this up
by using nl_handle directly.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is a rewrite of Ben Greear's patch, making the
nl80211 code use just a single multicast event socket.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
When running AP mode, we need to receive beacons over overlapping BSSes
to handle protection. Use the new nl80211 command for this. As the
command works per wiphy (and we don't want to receive the Beacon frames
multiple times) add an abstraction that keeps track of per-wiphy data.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
These events are necessary to send deauth frames to
stations sending spurious data frames. Subscribe to
them on the per-BSS event socket.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
To achieve this, multiple things are needed:
1) since hostapd needs to handle *all* action frames,
make the normal registration only when in a non-AP
mode, to be able to do this use the new socket
2) store the frequency in each BSS to be able to give
the right frequency to nl80211's mgmt-tx operation
3) make TX status processing reject non-matched cookie
only in non-AP mode
The whole thing depends on having station-poll support
in the kernel. That's currently a good indicator since
the kernel patches are added together.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Fix start of reauthentication after failed authentication with
passthrough (external AAA server) to use internal EAP Identity method.
Signed-hostap: Jouni Malinen <j@w1.fi>
This reverts commit 204dd3f420.
start_reauth was not supposed to be used in this way and setting it
to TRUE in INITIALIZE breaks internal EAP server.
Signed-hostap: Jouni Malinen <j@w1.fi>
When using authentication retry within driver_nl80211.c, a failure on the
second attempt has to be indicated with a driver event since the return
code from wpa_driver_nl80211_authenticate() is not actually delivered to
the core code in that case.
Signed-hostap: Jouni Malinen <j@w1.fi>
cfg80211 rejects NL80211_CMD_AUTHENTICATE with ENOENT if the BSS entry
for the target BSS is not available. This can happen if the cfg80211
entry has expired before wpa_supplicant entry (e.g., during a suspend).
To recover from this quickly, run a single channel scan to get the
cfg80211 entry back and then retry authentication command again. This
is handled within driver_nl80211.c to keep the core wpa_supplicant
implementation cleaner.
Signed-hostap: Jouni Malinen <j@w1.fi>
The pseudonym is a temporary identity, but is no one-time identifier (like
the fast re-authentication identity). Thus, do not forget it if the server
does not include it in every challenge. There are servers that include the
pseudonym identity only at full-auth. [Bug 424]
Make sure sign extension does not end up getting used here by
explicitly type casting the variables to correct size.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 34445d12ee forgot to convert
the hostapd_prepare_rates() inline wrapper for builds that do not
define NEED_AP_MLME.
Signed-hostap: Jouni Malinen <j@w1.fi>
P2P invitation responses are transmitted with the BSSID set to the peer
address. Pass these action frames up to allow the GO to receive the
Invitation Response (and avoid sending the Invitation Request multiple
times).
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Set the NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT flag for nl80211 to tell
drivers (mac80211) to not encrypt the EAPOL frames for WEP IEEE 802.1X.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
In preparation for things that receive on a BSS-specific handle,
allocate a CB for it and hook it up to receive functions.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The next patch will add process_bss_event, rename process_event to
process_drv_event to differentiate between them.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
By passing the nl_cb as the context to the eloop function we can
(in the next patch) use the same eloop function for BSS events.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Storing the frequency in the bss struct allows using it for frame
commands in AP mode and not relying on the driver struct as much, which
is good for hostapd mode.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
