This driver event was used separately for some Action frames, but all
the driver wrappers converted to this from information that would have
been enough to indicate an EVENT_RX_MGMT event. In addition, the
received event was then converted back to a full IEEE 802.11 management
frame for processing in most cases. This is unnecessary complexity, so
get rid of the extra path and use EVENT_RX_MGMT for Action frames as
well as other management frame subtypes.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 88b32a99d3 added support for using
some Action frame processing in hostapd for drivers that handle most of
SME/MLME internally (it added FT, this has since be extended for SA
Query and WNM). However, this was added in a way that ended up getting
both the hostapd_rx_action() and hostapd_action_rx() called for Action
frames. This could result in an attempt to process FT, SA Query, and WNM
Action frames twice.
There is need for more significant cleanup in Action frame processing in
hostapd depending on the driver type, but as a simple step to avoid
issues, skip the hostapd_action_rx() call if hostapd_rx_action()
processed the frame.
Signed-hostap: Jouni Malinen <j@w1.fi>
Even though this is a short timeout, it is at least theoretically
possible for the interface to be removed while waiting for
reconfiguration to start. Avoid issues with this by cancelling the
timeout on any WPS interface deinit. In theory, this should be postponed
until interface removal, but that does not fit very nicely to the
current wps_hostapd.c style.
Signed-hostap: Jouni Malinen <j@w1.fi>
It was already possible to configure hostapd and wpa_supplicant to use
FT-SAE for the key management, but number of places were missing proper
AKM checks to allow FT to be used with the new AKM.
Signed-hostap: Jouni Malinen <j@w1.fi>
Action frame RX report through EVENT_RX_ACTION did not indicate whether
the frame was protected or not even though that information is available
in mlme_event_mgmt(). hostapd_rx_action() has a workaround for setting
the protected flag for SA Query frames, but that did not apply for other
frames, like FT Action. This broke FT-over-DS when PMF is enabled with
newer kernel versions (i.e., the ones that do not use monitor interface
for receiving management frames).
Signed-hostap: Jouni Malinen <j@w1.fi>
This is not really needed for anything and the standard does not require
such validation step to be made for Authentication frame transmission.
Signed-hostap: Jouni Malinen <j@w1.fi>
This can be useful for displaying the current STA state and also for
determining whether some operations are likely to fail or need
additional delay.
Signed-hostap: Jouni Malinen <j@w1.fi>
hostapd_drv_wnm_oper() needs to indicate an error if the driver callback
function is not implemented. Without this, the buf_len argument could
have been left uninitialized which could result in crashing the process.
Signed-hostap: Jouni Malinen <j@w1.fi>
This makes it easier to trigger the ESS Disassociation Imminent
operation from different sources.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This adds first steps at processing a BSS Transition Management Query on
the AP side. Mainly, the message is parsed and printed out in the debug
log and a minimal BSS Transition Management Request frame is sent as a
response. BSS Transition Management Response frame is also parsed and
details printed out in the debug log.
Signed-hostap: Jouni Malinen <j@w1.fi>
The previous version could end up calling WPA authenticator routines
even though the authenticator had not been initialized and this could
result in NULL pointer dereference.
Signed-hostap: Jouni Malinen <j@w1.fi>
Reduce race condition of the station trying to reconnect immediately
after AP reconfiguration through WPS by rescheduling the reload
timeout to happen after EAP completion rather than the originally
scheduled 100 ms after new configuration became known.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This enables more convenient protocol testing of station side
functionality in various error cases and unexpected sequences without
having to implement each test scenario within hostapd.
ext_mgmt_frame_handle parameter can be set to 1 to move all management
frame processing into an external program through control interface
events (MGMT-RX and MGMT-TX-STATUS) and command (MGMT_TX).
Signed-hostap: Jouni Malinen <j@w1.fi>
These files have been distributed only under the BSD license option
since February 2012. Clarify the license statements in the files to
match that to avoid confusion.
Signed-hostap: Jouni Malinen <j@w1.fi>
If configuration of the group key to the driver fails, move the WPA
group into failed state and indication group setup error to avoid cases
where AP could look like it is working even through the keys are not set
correctly.
Signed-hostap: Jouni Malinen <j@w1.fi>
This adds initial parts for supporting the new GCMP-256, CCMP-256,
BIP-GMAC-128, BIP-GMAC-256, and BIP-CMAC-256 cipher suites.
Signed-hostap: Jouni Malinen <j@w1.fi>
If secondary channel is provided for CSA, advertise it in the Secondary
Channel Offset element in Beacon and Probe Response frames.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
When CSA flow starts, store the entire struct hostapd_freq_params and
not only CS frequency as it was before. The additional freq_params are
required to advertise CS supplementary IEs such as secondary channel,
wide bandwidth CS, etc.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This allows use of structs (and not only pointers) defined in drivers.h.
Remove also some not needed forward declarations and redundant includes.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Wall time jumps shouldn't affect MMIC failure/TKIP countermeasures,
so use monotonic time. Change the michael_mic_failure variable to
struct os_reltime for type-safety.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Since the PMKSA cache only uses relative time, use the monotonic time
functions instead of wall time to be correct when the clock jumps.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
For type-safety, make sta->acct_session_start a struct os_reltime
and then use monotonic time for accounting. For RADIUS reporting,
continue to use wall clock time as specified by RFC 2869, but for
the session time use monotonic time.
Interestingly, RFC 2869 doesn't specify a timezone, so the value
is somewhat arbitrary.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
If more BSSes are added in config file than are supported by the driver,
segmentation fault can appear. For this case, the interface_added flag
needs to be cleared if adding a new BSS fails.
Signed-hostap: Marek Kwaczynski <marek.kwaczynski@tieto.com>
Until now DFS was simply restarting the AP when radar was detected. Now
CSA is used to perform smooth switch to the new channel. Stations not
supporting CSA will behave as before.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
This is needed for AP CSA. Since CSA must happen immediately after radar
is detected there's no time to perform CAC. Thus, radar channels must be
disabled when looking for a new channel to escape to after a radar is
detected.
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
Adds support for VHT by parsing bandwidth and center_freq{1,2}.
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Just the usual, with a new function os_reltime_initialized()
thrown in that checks whether time has ever been retrieved
(time can't be completely zero).
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
It is possible for the authentication server to be configured with a
PKCS #12 file that includes a private key, a server certificate, and a
CA certificate. This combination could result in server_cert and ca_cert
parameters not being present and that should still result in TLS context
getting initialized.
Signed-hostap: Jouni Malinen <j@w1.fi>
Some non-mac80211 drivers, such as ath6kl, support STA inactivity timer
in firmware and may not provide connected stations' idle time to the
userspace. If the driver indicates support for offloaded operation, do
not start the inactivity timer in the hostapd.
Signed-hostap: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
struct beacon_data contains a lot of pointers. Make sure it gets cleared
to zero if hostapd_build_beacon_data() gets called from a path that does
not clear the structure first.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Check if the BSS interface has started before setting beacon.
Lack of this condition can cause segmantation fault.
Signed-hostap: Marek Kwaczynski <marek.kwaczynski@tieto.com>
Commit de3cdf354a adding copying of the
STA's VHT capabilities into the STA entry on the AP. This was done in
allocated memory, but that new memory allocation was not freed anywhere.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The 'started' state was tracked incorrectly. It also broke DFS
as it was using hostapd_enable/disable_iface() functions.
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
Add chan_switch to the control interface of wpa_supplicant and hostapd,
and also to wpa_cli and hostapd_cli.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Build CSA settings and call the driver to perform the switch. Construct
Beacon, Probe Response, and (Re)Association Response frames both for CSA
period and for the new channel. These frames are built based on the
current configuration. Add CSA IE in Beacon and Probe Response frames.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>