3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
14 #ifdef CONFIG_MATCH_IFACE
17 #endif /* CONFIG_MATCH_IFACE */
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_defs.h"
40 #include "common/hw_features_common.h"
41 #include "common/gas_server.h"
42 #include "common/dpp.h"
45 #include "blacklist.h"
46 #include "wpas_glue.h"
47 #include "wps_supplicant.h"
50 #include "gas_query.h"
52 #include "p2p_supplicant.h"
53 #include "wifi_display.h"
59 #include "offchannel.h"
60 #include "hs20_supplicant.h"
64 #include "dpp_supplicant.h"
66 #include "ap/ap_config.h"
67 #include "ap/hostapd.h"
68 #endif /* CONFIG_MESH */
70 const char *const wpa_supplicant_version
=
71 "wpa_supplicant v" VERSION_STR
"\n"
72 "Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
74 const char *const wpa_supplicant_license
=
75 "This software may be distributed under the terms of the BSD license.\n"
76 "See README for more details.\n"
77 #ifdef EAP_TLS_OPENSSL
78 "\nThis product includes software developed by the OpenSSL Project\n"
79 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
80 #endif /* EAP_TLS_OPENSSL */
83 #ifndef CONFIG_NO_STDOUT_DEBUG
84 /* Long text divided into parts in order to fit in C89 strings size limits. */
85 const char *const wpa_supplicant_full_license1
=
87 const char *const wpa_supplicant_full_license2
=
88 "This software may be distributed under the terms of the BSD license.\n"
90 "Redistribution and use in source and binary forms, with or without\n"
91 "modification, are permitted provided that the following conditions are\n"
94 const char *const wpa_supplicant_full_license3
=
95 "1. Redistributions of source code must retain the above copyright\n"
96 " notice, this list of conditions and the following disclaimer.\n"
98 "2. Redistributions in binary form must reproduce the above copyright\n"
99 " notice, this list of conditions and the following disclaimer in the\n"
100 " documentation and/or other materials provided with the distribution.\n"
102 const char *const wpa_supplicant_full_license4
=
103 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
104 " names of its contributors may be used to endorse or promote products\n"
105 " derived from this software without specific prior written permission.\n"
107 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
108 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
109 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
110 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
111 const char *const wpa_supplicant_full_license5
=
112 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
113 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
114 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
115 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
116 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
117 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
118 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
120 #endif /* CONFIG_NO_STDOUT_DEBUG */
123 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx
, void *timeout_ctx
);
124 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
125 static void wpas_update_fils_connect_params(struct wpa_supplicant
*wpa_s
);
126 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
129 /* Configure default/group WEP keys for static WEP */
130 int wpa_set_wep_keys(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
134 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
135 if (ssid
->wep_key_len
[i
] == 0)
139 wpa_drv_set_key(wpa_s
, WPA_ALG_WEP
, NULL
,
140 i
, i
== ssid
->wep_tx_keyidx
, NULL
, 0,
141 ssid
->wep_key
[i
], ssid
->wep_key_len
[i
]);
148 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant
*wpa_s
,
149 struct wpa_ssid
*ssid
)
157 /* IBSS/WPA-None uses only one key (Group) for both receiving and
158 * sending unicast and multicast packets. */
160 if (ssid
->mode
!= WPAS_MODE_IBSS
) {
161 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Invalid mode %d (not "
162 "IBSS/ad-hoc) for WPA-None", ssid
->mode
);
166 if (!ssid
->psk_set
) {
167 wpa_msg(wpa_s
, MSG_INFO
, "WPA: No PSK configured for "
172 switch (wpa_s
->group_cipher
) {
173 case WPA_CIPHER_CCMP
:
174 os_memcpy(key
, ssid
->psk
, 16);
178 case WPA_CIPHER_GCMP
:
179 os_memcpy(key
, ssid
->psk
, 16);
183 case WPA_CIPHER_TKIP
:
184 /* WPA-None uses the same Michael MIC key for both TX and RX */
185 os_memcpy(key
, ssid
->psk
, 16 + 8);
186 os_memcpy(key
+ 16 + 8, ssid
->psk
+ 16, 8);
191 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Invalid group cipher %d for "
192 "WPA-None", wpa_s
->group_cipher
);
196 /* TODO: should actually remember the previously used seq#, both for TX
197 * and RX from each STA.. */
199 ret
= wpa_drv_set_key(wpa_s
, alg
, NULL
, 0, 1, seq
, 6, key
, keylen
);
200 os_memset(key
, 0, sizeof(key
));
205 static void wpa_supplicant_timeout(void *eloop_ctx
, void *timeout_ctx
)
207 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
208 const u8
*bssid
= wpa_s
->bssid
;
209 if (!is_zero_ether_addr(wpa_s
->pending_bssid
) &&
210 (wpa_s
->wpa_state
== WPA_AUTHENTICATING
||
211 wpa_s
->wpa_state
== WPA_ASSOCIATING
))
212 bssid
= wpa_s
->pending_bssid
;
213 wpa_msg(wpa_s
, MSG_INFO
, "Authentication with " MACSTR
" timed out.",
215 wpa_blacklist_add(wpa_s
, bssid
);
216 wpa_sm_notify_disassoc(wpa_s
->wpa
);
217 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
218 wpa_s
->reassociate
= 1;
221 * If we timed out, the AP or the local radio may be busy.
222 * So, wait a second until scanning again.
224 wpa_supplicant_req_scan(wpa_s
, 1, 0);
229 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
230 * @wpa_s: Pointer to wpa_supplicant data
231 * @sec: Number of seconds after which to time out authentication
232 * @usec: Number of microseconds after which to time out authentication
234 * This function is used to schedule a timeout for the current authentication
237 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant
*wpa_s
,
240 if (wpa_s
->conf
->ap_scan
== 0 &&
241 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
))
244 wpa_dbg(wpa_s
, MSG_DEBUG
, "Setting authentication timeout: %d sec "
245 "%d usec", sec
, usec
);
246 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
247 wpa_s
->last_auth_timeout_sec
= sec
;
248 eloop_register_timeout(sec
, usec
, wpa_supplicant_timeout
, wpa_s
, NULL
);
253 * wpas_auth_timeout_restart - Restart and change timeout for authentication
254 * @wpa_s: Pointer to wpa_supplicant data
255 * @sec_diff: difference in seconds applied to original timeout value
257 void wpas_auth_timeout_restart(struct wpa_supplicant
*wpa_s
, int sec_diff
)
259 int new_sec
= wpa_s
->last_auth_timeout_sec
+ sec_diff
;
261 if (eloop_is_timeout_registered(wpa_supplicant_timeout
, wpa_s
, NULL
)) {
262 wpa_dbg(wpa_s
, MSG_DEBUG
,
263 "Authentication timeout restart: %d sec", new_sec
);
264 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
265 eloop_register_timeout(new_sec
, 0, wpa_supplicant_timeout
,
272 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
273 * @wpa_s: Pointer to wpa_supplicant data
275 * This function is used to cancel authentication timeout scheduled with
276 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
279 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant
*wpa_s
)
281 wpa_dbg(wpa_s
, MSG_DEBUG
, "Cancelling authentication timeout");
282 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
283 wpa_blacklist_del(wpa_s
, wpa_s
->bssid
);
284 os_free(wpa_s
->last_con_fail_realm
);
285 wpa_s
->last_con_fail_realm
= NULL
;
286 wpa_s
->last_con_fail_realm_len
= 0;
291 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
292 * @wpa_s: Pointer to wpa_supplicant data
294 * This function is used to configure EAPOL state machine based on the selected
295 * authentication mode.
297 void wpa_supplicant_initiate_eapol(struct wpa_supplicant
*wpa_s
)
299 #ifdef IEEE8021X_EAPOL
300 struct eapol_config eapol_conf
;
301 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
303 #ifdef CONFIG_IBSS_RSN
304 if (ssid
->mode
== WPAS_MODE_IBSS
&&
305 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_NONE
&&
306 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPA_NONE
) {
308 * RSN IBSS authentication is per-STA and we can disable the
309 * per-BSSID EAPOL authentication.
311 eapol_sm_notify_portControl(wpa_s
->eapol
, ForceAuthorized
);
312 eapol_sm_notify_eap_success(wpa_s
->eapol
, TRUE
);
313 eapol_sm_notify_eap_fail(wpa_s
->eapol
, FALSE
);
316 #endif /* CONFIG_IBSS_RSN */
318 eapol_sm_notify_eap_success(wpa_s
->eapol
, FALSE
);
319 eapol_sm_notify_eap_fail(wpa_s
->eapol
, FALSE
);
321 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
||
322 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
)
323 eapol_sm_notify_portControl(wpa_s
->eapol
, ForceAuthorized
);
325 eapol_sm_notify_portControl(wpa_s
->eapol
, Auto
);
327 os_memset(&eapol_conf
, 0, sizeof(eapol_conf
));
328 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
329 eapol_conf
.accept_802_1x_keys
= 1;
330 eapol_conf
.required_keys
= 0;
331 if (ssid
->eapol_flags
& EAPOL_FLAG_REQUIRE_KEY_UNICAST
) {
332 eapol_conf
.required_keys
|= EAPOL_REQUIRE_KEY_UNICAST
;
334 if (ssid
->eapol_flags
& EAPOL_FLAG_REQUIRE_KEY_BROADCAST
) {
335 eapol_conf
.required_keys
|=
336 EAPOL_REQUIRE_KEY_BROADCAST
;
339 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
)
340 eapol_conf
.required_keys
= 0;
342 eapol_conf
.fast_reauth
= wpa_s
->conf
->fast_reauth
;
343 eapol_conf
.workaround
= ssid
->eap_workaround
;
344 eapol_conf
.eap_disabled
=
345 !wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) &&
346 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X_NO_WPA
&&
347 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPS
;
348 eapol_conf
.external_sim
= wpa_s
->conf
->external_sim
;
351 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
352 eapol_conf
.wps
|= EAPOL_LOCAL_WPS_IN_USE
;
353 if (wpa_s
->current_bss
) {
355 ie
= wpa_bss_get_vendor_ie_multi(wpa_s
->current_bss
,
360 EAPOL_PEER_IS_WPS20_AP
;
365 #endif /* CONFIG_WPS */
367 eapol_sm_notify_config(wpa_s
->eapol
, &ssid
->eap
, &eapol_conf
);
370 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
&& ssid
->mka_psk_set
)
371 ieee802_1x_create_preshared_mka(wpa_s
, ssid
);
373 ieee802_1x_alloc_kay_sm(wpa_s
, ssid
);
374 #endif /* CONFIG_MACSEC */
375 #endif /* IEEE8021X_EAPOL */
380 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
381 * @wpa_s: Pointer to wpa_supplicant data
382 * @ssid: Configuration data for the network
384 * This function is used to configure WPA state machine and related parameters
385 * to a mode where WPA is not enabled. This is called as part of the
386 * authentication configuration when the selected network does not use WPA.
388 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant
*wpa_s
,
389 struct wpa_ssid
*ssid
)
393 if (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
)
394 wpa_s
->key_mgmt
= WPA_KEY_MGMT_WPS
;
395 else if (ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
)
396 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_NO_WPA
;
398 wpa_s
->key_mgmt
= WPA_KEY_MGMT_NONE
;
399 wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, NULL
, 0);
400 wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, NULL
, 0);
401 wpa_sm_set_assoc_wpa_ie(wpa_s
->wpa
, NULL
, 0);
402 wpa_s
->pairwise_cipher
= WPA_CIPHER_NONE
;
403 wpa_s
->group_cipher
= WPA_CIPHER_NONE
;
404 wpa_s
->mgmt_group_cipher
= 0;
406 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
407 if (ssid
->wep_key_len
[i
] > 5) {
408 wpa_s
->pairwise_cipher
= WPA_CIPHER_WEP104
;
409 wpa_s
->group_cipher
= WPA_CIPHER_WEP104
;
411 } else if (ssid
->wep_key_len
[i
] > 0) {
412 wpa_s
->pairwise_cipher
= WPA_CIPHER_WEP40
;
413 wpa_s
->group_cipher
= WPA_CIPHER_WEP40
;
418 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_RSN_ENABLED
, 0);
419 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_KEY_MGMT
, wpa_s
->key_mgmt
);
420 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PAIRWISE
,
421 wpa_s
->pairwise_cipher
);
422 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_GROUP
, wpa_s
->group_cipher
);
423 #ifdef CONFIG_IEEE80211W
424 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MGMT_GROUP
,
425 wpa_s
->mgmt_group_cipher
);
426 #endif /* CONFIG_IEEE80211W */
428 pmksa_cache_clear_current(wpa_s
->wpa
);
432 void free_hw_features(struct wpa_supplicant
*wpa_s
)
435 if (wpa_s
->hw
.modes
== NULL
)
438 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
439 os_free(wpa_s
->hw
.modes
[i
].channels
);
440 os_free(wpa_s
->hw
.modes
[i
].rates
);
443 os_free(wpa_s
->hw
.modes
);
444 wpa_s
->hw
.modes
= NULL
;
448 void free_bss_tmp_disallowed(struct wpa_supplicant
*wpa_s
)
450 struct wpa_bss_tmp_disallowed
*bss
, *prev
;
452 dl_list_for_each_safe(bss
, prev
, &wpa_s
->bss_tmp_disallowed
,
453 struct wpa_bss_tmp_disallowed
, list
) {
454 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout
, wpa_s
, bss
);
455 dl_list_del(&bss
->list
);
461 void wpas_flush_fils_hlp_req(struct wpa_supplicant
*wpa_s
)
463 struct fils_hlp_req
*req
;
465 while ((req
= dl_list_first(&wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
467 dl_list_del(&req
->list
);
468 wpabuf_free(req
->pkt
);
474 static void wpa_supplicant_cleanup(struct wpa_supplicant
*wpa_s
)
478 bgscan_deinit(wpa_s
);
479 autoscan_deinit(wpa_s
);
480 scard_deinit(wpa_s
->scard
);
482 wpa_sm_set_scard_ctx(wpa_s
->wpa
, NULL
);
483 eapol_sm_register_scard_ctx(wpa_s
->eapol
, NULL
);
484 l2_packet_deinit(wpa_s
->l2
);
487 l2_packet_deinit(wpa_s
->l2_br
);
490 #ifdef CONFIG_TESTING_OPTIONS
491 l2_packet_deinit(wpa_s
->l2_test
);
492 wpa_s
->l2_test
= NULL
;
493 os_free(wpa_s
->get_pref_freq_list_override
);
494 wpa_s
->get_pref_freq_list_override
= NULL
;
495 wpabuf_free(wpa_s
->last_assoc_req_wpa_ie
);
496 wpa_s
->last_assoc_req_wpa_ie
= NULL
;
497 #endif /* CONFIG_TESTING_OPTIONS */
499 if (wpa_s
->conf
!= NULL
) {
500 struct wpa_ssid
*ssid
;
501 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
502 wpas_notify_network_removed(wpa_s
, ssid
);
505 os_free(wpa_s
->confname
);
506 wpa_s
->confname
= NULL
;
508 os_free(wpa_s
->confanother
);
509 wpa_s
->confanother
= NULL
;
511 os_free(wpa_s
->last_con_fail_realm
);
512 wpa_s
->last_con_fail_realm
= NULL
;
513 wpa_s
->last_con_fail_realm_len
= 0;
515 wpa_sm_set_eapol(wpa_s
->wpa
, NULL
);
516 eapol_sm_deinit(wpa_s
->eapol
);
519 rsn_preauth_deinit(wpa_s
->wpa
);
522 wpa_tdls_deinit(wpa_s
->wpa
);
523 #endif /* CONFIG_TDLS */
525 wmm_ac_clear_saved_tspecs(wpa_s
);
526 pmksa_candidate_free(wpa_s
->wpa
);
527 wpa_sm_deinit(wpa_s
->wpa
);
529 wpa_blacklist_clear(wpa_s
);
531 wpa_bss_deinit(wpa_s
);
533 wpa_supplicant_cancel_delayed_sched_scan(wpa_s
);
534 wpa_supplicant_cancel_scan(wpa_s
);
535 wpa_supplicant_cancel_auth_timeout(wpa_s
);
536 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures
, wpa_s
, NULL
);
537 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
538 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report
,
540 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
542 eloop_cancel_timeout(wpas_network_reenabled
, wpa_s
, NULL
);
544 wpas_wps_deinit(wpa_s
);
546 wpabuf_free(wpa_s
->pending_eapol_rx
);
547 wpa_s
->pending_eapol_rx
= NULL
;
549 #ifdef CONFIG_IBSS_RSN
550 ibss_rsn_deinit(wpa_s
->ibss_rsn
);
551 wpa_s
->ibss_rsn
= NULL
;
552 #endif /* CONFIG_IBSS_RSN */
557 wpa_supplicant_ap_deinit(wpa_s
);
558 #endif /* CONFIG_AP */
560 wpas_p2p_deinit(wpa_s
);
562 #ifdef CONFIG_OFFCHANNEL
563 offchannel_deinit(wpa_s
);
564 #endif /* CONFIG_OFFCHANNEL */
566 wpa_supplicant_cancel_sched_scan(wpa_s
);
568 os_free(wpa_s
->next_scan_freqs
);
569 wpa_s
->next_scan_freqs
= NULL
;
571 os_free(wpa_s
->manual_scan_freqs
);
572 wpa_s
->manual_scan_freqs
= NULL
;
573 os_free(wpa_s
->select_network_scan_freqs
);
574 wpa_s
->select_network_scan_freqs
= NULL
;
576 os_free(wpa_s
->manual_sched_scan_freqs
);
577 wpa_s
->manual_sched_scan_freqs
= NULL
;
579 wpas_mac_addr_rand_scan_clear(wpa_s
, MAC_ADDR_RAND_ALL
);
582 * Need to remove any pending gas-query radio work before the
583 * gas_query_deinit() call because gas_query::work has not yet been set
584 * for works that have not been started. gas_query_free() will be unable
585 * to cancel such pending radio works and once the pending gas-query
586 * radio work eventually gets removed, the deinit notification call to
587 * gas_query_start_cb() would result in dereferencing freed memory.
590 radio_remove_works(wpa_s
, "gas-query", 0);
591 gas_query_deinit(wpa_s
->gas
);
593 gas_server_deinit(wpa_s
->gas_server
);
594 wpa_s
->gas_server
= NULL
;
596 free_hw_features(wpa_s
);
598 ieee802_1x_dealloc_kay_sm(wpa_s
);
600 os_free(wpa_s
->bssid_filter
);
601 wpa_s
->bssid_filter
= NULL
;
603 os_free(wpa_s
->disallow_aps_bssid
);
604 wpa_s
->disallow_aps_bssid
= NULL
;
605 os_free(wpa_s
->disallow_aps_ssid
);
606 wpa_s
->disallow_aps_ssid
= NULL
;
608 wnm_bss_keep_alive_deinit(wpa_s
);
610 wnm_deallocate_memory(wpa_s
);
611 #endif /* CONFIG_WNM */
613 ext_password_deinit(wpa_s
->ext_pw
);
614 wpa_s
->ext_pw
= NULL
;
616 wpabuf_free(wpa_s
->last_gas_resp
);
617 wpa_s
->last_gas_resp
= NULL
;
618 wpabuf_free(wpa_s
->prev_gas_resp
);
619 wpa_s
->prev_gas_resp
= NULL
;
621 os_free(wpa_s
->last_scan_res
);
622 wpa_s
->last_scan_res
= NULL
;
626 wpa_drv_configure_frame_filters(wpa_s
, 0);
628 #endif /* CONFIG_HS20 */
630 for (i
= 0; i
< NUM_VENDOR_ELEM_FRAMES
; i
++) {
631 wpabuf_free(wpa_s
->vendor_elem
[i
]);
632 wpa_s
->vendor_elem
[i
] = NULL
;
635 wmm_ac_notify_disassoc(wpa_s
);
637 wpa_s
->sched_scan_plans_num
= 0;
638 os_free(wpa_s
->sched_scan_plans
);
639 wpa_s
->sched_scan_plans
= NULL
;
642 wpa_s
->non_pref_chan_num
= 0;
643 os_free(wpa_s
->non_pref_chan
);
644 wpa_s
->non_pref_chan
= NULL
;
645 #endif /* CONFIG_MBO */
647 free_bss_tmp_disallowed(wpa_s
);
649 wpabuf_free(wpa_s
->lci
);
651 wpas_clear_beacon_rep_data(wpa_s
);
653 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
656 struct external_pmksa_cache
*entry
;
658 while ((entry
= dl_list_last(&wpa_s
->mesh_external_pmksa_cache
,
659 struct external_pmksa_cache
,
661 dl_list_del(&entry
->list
);
662 os_free(entry
->pmksa_cache
);
666 #endif /* CONFIG_MESH */
667 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
669 wpas_flush_fils_hlp_req(wpa_s
);
671 wpabuf_free(wpa_s
->ric_ies
);
672 wpa_s
->ric_ies
= NULL
;
675 wpas_dpp_deinit(wpa_s
);
676 #endif /* CONFIG_DPP */
681 * wpa_clear_keys - Clear keys configured for the driver
682 * @wpa_s: Pointer to wpa_supplicant data
683 * @addr: Previously used BSSID or %NULL if not available
685 * This function clears the encryption keys that has been previously configured
688 void wpa_clear_keys(struct wpa_supplicant
*wpa_s
, const u8
*addr
)
692 #ifdef CONFIG_IEEE80211W
694 #else /* CONFIG_IEEE80211W */
696 #endif /* CONFIG_IEEE80211W */
698 /* MLME-DELETEKEYS.request */
699 for (i
= 0; i
< max
; i
++) {
700 if (wpa_s
->keys_cleared
& BIT(i
))
702 wpa_drv_set_key(wpa_s
, WPA_ALG_NONE
, NULL
, i
, 0, NULL
, 0,
705 if (!(wpa_s
->keys_cleared
& BIT(0)) && addr
&&
706 !is_zero_ether_addr(addr
)) {
707 wpa_drv_set_key(wpa_s
, WPA_ALG_NONE
, addr
, 0, 0, NULL
, 0, NULL
,
709 /* MLME-SETPROTECTION.request(None) */
710 wpa_drv_mlme_setprotection(
712 MLME_SETPROTECTION_PROTECT_TYPE_NONE
,
713 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE
);
715 wpa_s
->keys_cleared
= (u32
) -1;
720 * wpa_supplicant_state_txt - Get the connection state name as a text string
721 * @state: State (wpa_state; WPA_*)
722 * Returns: The state name as a printable text string
724 const char * wpa_supplicant_state_txt(enum wpa_states state
)
727 case WPA_DISCONNECTED
:
728 return "DISCONNECTED";
731 case WPA_INTERFACE_DISABLED
:
732 return "INTERFACE_DISABLED";
735 case WPA_AUTHENTICATING
:
736 return "AUTHENTICATING";
737 case WPA_ASSOCIATING
:
738 return "ASSOCIATING";
741 case WPA_4WAY_HANDSHAKE
:
742 return "4WAY_HANDSHAKE";
743 case WPA_GROUP_HANDSHAKE
:
744 return "GROUP_HANDSHAKE";
755 static void wpa_supplicant_start_bgscan(struct wpa_supplicant
*wpa_s
)
759 if (wpa_s
->current_ssid
&& wpa_s
->current_ssid
->bgscan
)
760 name
= wpa_s
->current_ssid
->bgscan
;
762 name
= wpa_s
->conf
->bgscan
;
763 if (name
== NULL
|| name
[0] == '\0')
765 if (wpas_driver_bss_selection(wpa_s
))
767 if (wpa_s
->current_ssid
== wpa_s
->bgscan_ssid
)
770 if (wpa_s
->p2p_group_interface
!= NOT_P2P_GROUP_INTERFACE
)
772 #endif /* CONFIG_P2P */
774 bgscan_deinit(wpa_s
);
775 if (wpa_s
->current_ssid
) {
776 if (bgscan_init(wpa_s
, wpa_s
->current_ssid
, name
)) {
777 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize "
780 * Live without bgscan; it is only used as a roaming
781 * optimization, so the initial connection is not
785 struct wpa_scan_results
*scan_res
;
786 wpa_s
->bgscan_ssid
= wpa_s
->current_ssid
;
787 scan_res
= wpa_supplicant_get_scan_results(wpa_s
, NULL
,
790 bgscan_notify_scan(wpa_s
, scan_res
);
791 wpa_scan_results_free(scan_res
);
795 wpa_s
->bgscan_ssid
= NULL
;
799 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant
*wpa_s
)
801 if (wpa_s
->bgscan_ssid
!= NULL
) {
802 bgscan_deinit(wpa_s
);
803 wpa_s
->bgscan_ssid
= NULL
;
807 #endif /* CONFIG_BGSCAN */
810 static void wpa_supplicant_start_autoscan(struct wpa_supplicant
*wpa_s
)
812 if (autoscan_init(wpa_s
, 0))
813 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize autoscan");
817 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant
*wpa_s
)
819 autoscan_deinit(wpa_s
);
823 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant
*wpa_s
)
825 if (wpa_s
->wpa_state
== WPA_DISCONNECTED
||
826 wpa_s
->wpa_state
== WPA_SCANNING
) {
827 autoscan_deinit(wpa_s
);
828 wpa_supplicant_start_autoscan(wpa_s
);
834 * wpa_supplicant_set_state - Set current connection state
835 * @wpa_s: Pointer to wpa_supplicant data
836 * @state: The new connection state
838 * This function is called whenever the connection state changes, e.g.,
839 * association is completed for WPA/WPA2 4-Way Handshake is started.
841 void wpa_supplicant_set_state(struct wpa_supplicant
*wpa_s
,
842 enum wpa_states state
)
844 enum wpa_states old_state
= wpa_s
->wpa_state
;
846 wpa_dbg(wpa_s
, MSG_DEBUG
, "State: %s -> %s",
847 wpa_supplicant_state_txt(wpa_s
->wpa_state
),
848 wpa_supplicant_state_txt(state
));
850 if (state
== WPA_COMPLETED
&&
851 os_reltime_initialized(&wpa_s
->roam_start
)) {
852 os_reltime_age(&wpa_s
->roam_start
, &wpa_s
->roam_time
);
853 wpa_s
->roam_start
.sec
= 0;
854 wpa_s
->roam_start
.usec
= 0;
855 wpas_notify_auth_changed(wpa_s
);
856 wpas_notify_roam_time(wpa_s
);
857 wpas_notify_roam_complete(wpa_s
);
858 } else if (state
== WPA_DISCONNECTED
&&
859 os_reltime_initialized(&wpa_s
->roam_start
)) {
860 wpa_s
->roam_start
.sec
= 0;
861 wpa_s
->roam_start
.usec
= 0;
862 wpa_s
->roam_time
.sec
= 0;
863 wpa_s
->roam_time
.usec
= 0;
864 wpas_notify_roam_complete(wpa_s
);
867 if (state
== WPA_INTERFACE_DISABLED
) {
868 /* Assure normal scan when interface is restored */
869 wpa_s
->normal_scans
= 0;
872 if (state
== WPA_COMPLETED
) {
873 wpas_connect_work_done(wpa_s
);
874 /* Reinitialize normal_scan counter */
875 wpa_s
->normal_scans
= 0;
880 * P2PS client has to reply to Probe Request frames received on the
881 * group operating channel. Enable Probe Request frame reporting for
882 * P2P connected client in case p2p_cli_probe configuration property is
885 if (wpa_s
->conf
->p2p_cli_probe
&& wpa_s
->current_ssid
&&
886 wpa_s
->current_ssid
->mode
== WPAS_MODE_INFRA
&&
887 wpa_s
->current_ssid
->p2p_group
) {
888 if (state
== WPA_COMPLETED
&& !wpa_s
->p2p_cli_probe
) {
889 wpa_dbg(wpa_s
, MSG_DEBUG
,
890 "P2P: Enable CLI Probe Request RX reporting");
891 wpa_s
->p2p_cli_probe
=
892 wpa_drv_probe_req_report(wpa_s
, 1) >= 0;
893 } else if (state
!= WPA_COMPLETED
&& wpa_s
->p2p_cli_probe
) {
894 wpa_dbg(wpa_s
, MSG_DEBUG
,
895 "P2P: Disable CLI Probe Request RX reporting");
896 wpa_s
->p2p_cli_probe
= 0;
897 wpa_drv_probe_req_report(wpa_s
, 0);
900 #endif /* CONFIG_P2P */
902 if (state
!= WPA_SCANNING
)
903 wpa_supplicant_notify_scanning(wpa_s
, 0);
905 if (state
== WPA_COMPLETED
&& wpa_s
->new_connection
) {
906 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
907 int fils_hlp_sent
= 0;
910 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
911 wpa_auth_alg_fils(wpa_s
->sme
.auth_alg
))
913 #endif /* CONFIG_SME */
914 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
915 wpa_auth_alg_fils(wpa_s
->auth_alg
))
918 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
919 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_CONNECTED
"- Connection to "
920 MACSTR
" completed [id=%d id_str=%s%s]",
921 MAC2STR(wpa_s
->bssid
),
922 ssid
? ssid
->id
: -1,
923 ssid
&& ssid
->id_str
? ssid
->id_str
: "",
924 fils_hlp_sent
? " FILS_HLP_SENT" : "");
925 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
926 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
927 wpa_blacklist_clear(wpa_s
);
928 wpa_s
->extra_blacklist_count
= 0;
929 wpa_s
->new_connection
= 0;
930 wpa_drv_set_operstate(wpa_s
, 1);
931 #ifndef IEEE8021X_EAPOL
932 wpa_drv_set_supp_port(wpa_s
, 1);
933 #endif /* IEEE8021X_EAPOL */
934 wpa_s
->after_wps
= 0;
935 wpa_s
->known_wps_freq
= 0;
936 wpas_p2p_completed(wpa_s
);
938 sme_sched_obss_scan(wpa_s
, 1);
940 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
941 if (!fils_hlp_sent
&& ssid
&& ssid
->eap
.erp
)
942 wpas_update_fils_connect_params(wpa_s
);
943 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
944 } else if (state
== WPA_DISCONNECTED
|| state
== WPA_ASSOCIATING
||
945 state
== WPA_ASSOCIATED
) {
946 wpa_s
->new_connection
= 1;
947 wpa_drv_set_operstate(wpa_s
, 0);
948 #ifndef IEEE8021X_EAPOL
949 wpa_drv_set_supp_port(wpa_s
, 0);
950 #endif /* IEEE8021X_EAPOL */
951 sme_sched_obss_scan(wpa_s
, 0);
953 wpa_s
->wpa_state
= state
;
956 if (state
== WPA_COMPLETED
)
957 wpa_supplicant_start_bgscan(wpa_s
);
958 else if (state
< WPA_ASSOCIATED
)
959 wpa_supplicant_stop_bgscan(wpa_s
);
960 #endif /* CONFIG_BGSCAN */
962 if (state
== WPA_AUTHENTICATING
)
963 wpa_supplicant_stop_autoscan(wpa_s
);
965 if (state
== WPA_DISCONNECTED
|| state
== WPA_INACTIVE
)
966 wpa_supplicant_start_autoscan(wpa_s
);
968 if (old_state
>= WPA_ASSOCIATED
&& wpa_s
->wpa_state
< WPA_ASSOCIATED
)
969 wmm_ac_notify_disassoc(wpa_s
);
971 if (wpa_s
->wpa_state
!= old_state
) {
972 wpas_notify_state_changed(wpa_s
, wpa_s
->wpa_state
, old_state
);
975 * Notify the P2P Device interface about a state change in one
978 wpas_p2p_indicate_state_change(wpa_s
);
980 if (wpa_s
->wpa_state
== WPA_COMPLETED
||
981 old_state
== WPA_COMPLETED
)
982 wpas_notify_auth_changed(wpa_s
);
987 void wpa_supplicant_terminate_proc(struct wpa_global
*global
)
991 struct wpa_supplicant
*wpa_s
= global
->ifaces
;
993 struct wpa_supplicant
*next
= wpa_s
->next
;
994 if (wpas_wps_terminate_pending(wpa_s
) == 1)
997 if (wpa_s
->p2p_group_interface
!= NOT_P2P_GROUP_INTERFACE
||
998 (wpa_s
->current_ssid
&& wpa_s
->current_ssid
->p2p_group
))
999 wpas_p2p_disconnect(wpa_s
);
1000 #endif /* CONFIG_P2P */
1003 #endif /* CONFIG_WPS */
1010 static void wpa_supplicant_terminate(int sig
, void *signal_ctx
)
1012 struct wpa_global
*global
= signal_ctx
;
1013 wpa_supplicant_terminate_proc(global
);
1017 void wpa_supplicant_clear_status(struct wpa_supplicant
*wpa_s
)
1019 enum wpa_states old_state
= wpa_s
->wpa_state
;
1021 wpa_s
->pairwise_cipher
= 0;
1022 wpa_s
->group_cipher
= 0;
1023 wpa_s
->mgmt_group_cipher
= 0;
1024 wpa_s
->key_mgmt
= 0;
1025 if (wpa_s
->wpa_state
!= WPA_INTERFACE_DISABLED
)
1026 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
1028 if (wpa_s
->wpa_state
!= old_state
)
1029 wpas_notify_state_changed(wpa_s
, wpa_s
->wpa_state
, old_state
);
1034 * wpa_supplicant_reload_configuration - Reload configuration data
1035 * @wpa_s: Pointer to wpa_supplicant data
1036 * Returns: 0 on success or -1 if configuration parsing failed
1038 * This function can be used to request that the configuration data is reloaded
1039 * (e.g., after configuration file change). This function is reloading
1040 * configuration only for one interface, so this may need to be called multiple
1041 * times if %wpa_supplicant is controlling multiple interfaces and all
1042 * interfaces need reconfiguration.
1044 int wpa_supplicant_reload_configuration(struct wpa_supplicant
*wpa_s
)
1046 struct wpa_config
*conf
;
1050 if (wpa_s
->confname
== NULL
)
1052 conf
= wpa_config_read(wpa_s
->confname
, NULL
);
1054 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to parse the configuration "
1055 "file '%s' - exiting", wpa_s
->confname
);
1058 if (wpa_s
->confanother
&&
1059 !wpa_config_read(wpa_s
->confanother
, conf
)) {
1060 wpa_msg(wpa_s
, MSG_ERROR
,
1061 "Failed to parse the configuration file '%s' - exiting",
1062 wpa_s
->confanother
);
1066 conf
->changed_parameters
= (unsigned int) -1;
1068 reconf_ctrl
= !!conf
->ctrl_interface
!= !!wpa_s
->conf
->ctrl_interface
1069 || (conf
->ctrl_interface
&& wpa_s
->conf
->ctrl_interface
&&
1070 os_strcmp(conf
->ctrl_interface
,
1071 wpa_s
->conf
->ctrl_interface
) != 0);
1073 if (reconf_ctrl
&& wpa_s
->ctrl_iface
) {
1074 wpa_supplicant_ctrl_iface_deinit(wpa_s
->ctrl_iface
);
1075 wpa_s
->ctrl_iface
= NULL
;
1078 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
1079 if (wpa_s
->current_ssid
) {
1080 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
1081 wpa_s
->own_disconnect_req
= 1;
1082 wpa_supplicant_deauthenticate(wpa_s
,
1083 WLAN_REASON_DEAUTH_LEAVING
);
1087 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1088 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1090 if (wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
1091 wpa_s
->key_mgmt
== WPA_KEY_MGMT_OWE
||
1092 wpa_s
->key_mgmt
== WPA_KEY_MGMT_DPP
) {
1094 * Clear forced success to clear EAP state for next
1097 eapol_sm_notify_eap_success(wpa_s
->eapol
, FALSE
);
1099 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
1100 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
1101 wpa_sm_pmksa_cache_flush(wpa_s
->wpa
, NULL
);
1102 wpa_sm_set_fast_reauth(wpa_s
->wpa
, wpa_s
->conf
->fast_reauth
);
1103 rsn_preauth_deinit(wpa_s
->wpa
);
1105 old_ap_scan
= wpa_s
->conf
->ap_scan
;
1106 wpa_config_free(wpa_s
->conf
);
1108 if (old_ap_scan
!= wpa_s
->conf
->ap_scan
)
1109 wpas_notify_ap_scan_changed(wpa_s
);
1112 wpa_s
->ctrl_iface
= wpa_supplicant_ctrl_iface_init(wpa_s
);
1114 wpa_supplicant_update_config(wpa_s
);
1116 wpa_supplicant_clear_status(wpa_s
);
1117 if (wpa_supplicant_enabled_networks(wpa_s
)) {
1118 wpa_s
->reassociate
= 1;
1119 wpa_supplicant_req_scan(wpa_s
, 0, 0);
1121 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reconfiguration completed");
1126 static void wpa_supplicant_reconfig(int sig
, void *signal_ctx
)
1128 struct wpa_global
*global
= signal_ctx
;
1129 struct wpa_supplicant
*wpa_s
;
1130 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
1131 wpa_dbg(wpa_s
, MSG_DEBUG
, "Signal %d received - reconfiguring",
1133 if (wpa_supplicant_reload_configuration(wpa_s
) < 0) {
1134 wpa_supplicant_terminate_proc(global
);
1138 if (wpa_debug_reopen_file() < 0) {
1139 /* Ignore errors since we cannot really do much to fix this */
1140 wpa_printf(MSG_DEBUG
, "Could not reopen debug log file");
1145 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant
*wpa_s
,
1146 struct wpa_ssid
*ssid
,
1147 struct wpa_ie_data
*ie
)
1149 int ret
= wpa_sm_parse_own_wpa_ie(wpa_s
->wpa
, ie
);
1152 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Failed to parse WPA IE "
1153 "from association info");
1158 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Using WPA IE from AssocReq to set "
1160 if (!(ie
->group_cipher
& ssid
->group_cipher
)) {
1161 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled group "
1162 "cipher 0x%x (mask 0x%x) - reject",
1163 ie
->group_cipher
, ssid
->group_cipher
);
1166 if (!(ie
->pairwise_cipher
& ssid
->pairwise_cipher
)) {
1167 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled pairwise "
1168 "cipher 0x%x (mask 0x%x) - reject",
1169 ie
->pairwise_cipher
, ssid
->pairwise_cipher
);
1172 if (!(ie
->key_mgmt
& ssid
->key_mgmt
)) {
1173 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled key "
1174 "management 0x%x (mask 0x%x) - reject",
1175 ie
->key_mgmt
, ssid
->key_mgmt
);
1179 #ifdef CONFIG_IEEE80211W
1180 if (!(ie
->capabilities
& WPA_CAPABILITY_MFPC
) &&
1181 wpas_get_ssid_pmf(wpa_s
, ssid
) == MGMT_FRAME_PROTECTION_REQUIRED
) {
1182 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver associated with an AP "
1183 "that does not support management frame protection - "
1187 #endif /* CONFIG_IEEE80211W */
1193 static int matching_ciphers(struct wpa_ssid
*ssid
, struct wpa_ie_data
*ie
,
1197 ie
->group_cipher
= wpa_default_rsn_cipher(freq
);
1198 if (!ie
->has_pairwise
)
1199 ie
->pairwise_cipher
= wpa_default_rsn_cipher(freq
);
1200 return (ie
->group_cipher
& ssid
->group_cipher
) &&
1201 (ie
->pairwise_cipher
& ssid
->pairwise_cipher
);
1206 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1207 * @wpa_s: Pointer to wpa_supplicant data
1208 * @bss: Scan results for the selected BSS, or %NULL if not available
1209 * @ssid: Configuration data for the selected network
1210 * @wpa_ie: Buffer for the WPA/RSN IE
1211 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1212 * used buffer length in case the functions returns success.
1213 * Returns: 0 on success or -1 on failure
1215 * This function is used to configure authentication and encryption parameters
1216 * based on the network configuration and scan result for the selected BSS (if
1219 int wpa_supplicant_set_suites(struct wpa_supplicant
*wpa_s
,
1220 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
,
1221 u8
*wpa_ie
, size_t *wpa_ie_len
)
1223 struct wpa_ie_data ie
;
1225 const u8
*bss_wpa
, *bss_rsn
, *bss_osen
;
1228 bss_wpa
= wpa_bss_get_vendor_ie(bss
, WPA_IE_VENDOR_TYPE
);
1229 bss_rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
1230 bss_osen
= wpa_bss_get_vendor_ie(bss
, OSEN_IE_VENDOR_TYPE
);
1232 bss_wpa
= bss_rsn
= bss_osen
= NULL
;
1234 if (bss_rsn
&& (ssid
->proto
& WPA_PROTO_RSN
) &&
1235 wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
) == 0 &&
1236 matching_ciphers(ssid
, &ie
, bss
->freq
) &&
1237 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1238 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using IEEE 802.11i/D9.0");
1239 proto
= WPA_PROTO_RSN
;
1240 } else if (bss_wpa
&& (ssid
->proto
& WPA_PROTO_WPA
) &&
1241 wpa_parse_wpa_ie(bss_wpa
, 2 + bss_wpa
[1], &ie
) == 0 &&
1242 (ie
.group_cipher
& ssid
->group_cipher
) &&
1243 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1244 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1245 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using IEEE 802.11i/D3.0");
1246 proto
= WPA_PROTO_WPA
;
1248 } else if (bss_osen
&& (ssid
->proto
& WPA_PROTO_OSEN
) &&
1249 wpa_parse_wpa_ie(bss_osen
, 2 + bss_osen
[1], &ie
) == 0 &&
1250 (ie
.group_cipher
& ssid
->group_cipher
) &&
1251 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1252 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1253 wpa_dbg(wpa_s
, MSG_DEBUG
, "HS 2.0: using OSEN");
1254 proto
= WPA_PROTO_OSEN
;
1255 } else if (bss_rsn
&& (ssid
->proto
& WPA_PROTO_OSEN
) &&
1256 wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
) == 0 &&
1257 (ie
.group_cipher
& ssid
->group_cipher
) &&
1258 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1259 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1260 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using OSEN (within RSN)");
1261 proto
= WPA_PROTO_RSN
;
1262 #endif /* CONFIG_HS20 */
1264 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select WPA/RSN");
1265 wpa_dbg(wpa_s
, MSG_DEBUG
,
1266 "WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1267 ssid
->proto
, ssid
->pairwise_cipher
, ssid
->group_cipher
,
1269 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: BSS " MACSTR
" ssid='%s'%s%s%s",
1270 MAC2STR(bss
->bssid
),
1271 wpa_ssid_txt(bss
->ssid
, bss
->ssid_len
),
1272 bss_wpa
? " WPA" : "",
1273 bss_rsn
? " RSN" : "",
1274 bss_osen
? " OSEN" : "");
1276 wpa_hexdump(MSG_DEBUG
, "RSN", bss_rsn
, 2 + bss_rsn
[1]);
1277 if (wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
)) {
1278 wpa_dbg(wpa_s
, MSG_DEBUG
,
1279 "Could not parse RSN element");
1281 wpa_dbg(wpa_s
, MSG_DEBUG
,
1282 "RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1283 ie
.pairwise_cipher
, ie
.group_cipher
,
1288 wpa_hexdump(MSG_DEBUG
, "WPA", bss_wpa
, 2 + bss_wpa
[1]);
1289 if (wpa_parse_wpa_ie(bss_wpa
, 2 + bss_wpa
[1], &ie
)) {
1290 wpa_dbg(wpa_s
, MSG_DEBUG
,
1291 "Could not parse WPA element");
1293 wpa_dbg(wpa_s
, MSG_DEBUG
,
1294 "WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1295 ie
.pairwise_cipher
, ie
.group_cipher
,
1301 if (ssid
->proto
& WPA_PROTO_OSEN
)
1302 proto
= WPA_PROTO_OSEN
;
1303 else if (ssid
->proto
& WPA_PROTO_RSN
)
1304 proto
= WPA_PROTO_RSN
;
1306 proto
= WPA_PROTO_WPA
;
1307 if (wpa_supplicant_suites_from_ai(wpa_s
, ssid
, &ie
) < 0) {
1308 os_memset(&ie
, 0, sizeof(ie
));
1309 ie
.group_cipher
= ssid
->group_cipher
;
1310 ie
.pairwise_cipher
= ssid
->pairwise_cipher
;
1311 ie
.key_mgmt
= ssid
->key_mgmt
;
1312 #ifdef CONFIG_IEEE80211W
1313 ie
.mgmt_group_cipher
= 0;
1314 if (ssid
->ieee80211w
!= NO_MGMT_FRAME_PROTECTION
) {
1315 if (ssid
->group_mgmt_cipher
&
1316 WPA_CIPHER_BIP_GMAC_256
)
1317 ie
.mgmt_group_cipher
=
1318 WPA_CIPHER_BIP_GMAC_256
;
1319 else if (ssid
->group_mgmt_cipher
&
1320 WPA_CIPHER_BIP_CMAC_256
)
1321 ie
.mgmt_group_cipher
=
1322 WPA_CIPHER_BIP_CMAC_256
;
1323 else if (ssid
->group_mgmt_cipher
&
1324 WPA_CIPHER_BIP_GMAC_128
)
1325 ie
.mgmt_group_cipher
=
1326 WPA_CIPHER_BIP_GMAC_128
;
1328 ie
.mgmt_group_cipher
=
1329 WPA_CIPHER_AES_128_CMAC
;
1331 #endif /* CONFIG_IEEE80211W */
1333 if ((ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
) &&
1335 !bss_wpa
&& !bss_rsn
&& !bss_osen
) {
1336 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
1337 wpa_s
->wpa_proto
= 0;
1341 #endif /* CONFIG_OWE */
1342 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Set cipher suites "
1343 "based on configuration");
1348 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected cipher suites: group %d "
1349 "pairwise %d key_mgmt %d proto %d",
1350 ie
.group_cipher
, ie
.pairwise_cipher
, ie
.key_mgmt
, proto
);
1351 #ifdef CONFIG_IEEE80211W
1352 if (ssid
->ieee80211w
) {
1353 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected mgmt group cipher %d",
1354 ie
.mgmt_group_cipher
);
1356 #endif /* CONFIG_IEEE80211W */
1358 wpa_s
->wpa_proto
= proto
;
1359 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PROTO
, proto
);
1360 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_RSN_ENABLED
,
1361 !!(ssid
->proto
& (WPA_PROTO_RSN
| WPA_PROTO_OSEN
)));
1363 if (bss
|| !wpa_s
->ap_ies_from_associnfo
) {
1364 if (wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, bss_wpa
,
1365 bss_wpa
? 2 + bss_wpa
[1] : 0) ||
1366 wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, bss_rsn
,
1367 bss_rsn
? 2 + bss_rsn
[1] : 0))
1371 #ifdef CONFIG_NO_WPA
1372 wpa_s
->group_cipher
= WPA_CIPHER_NONE
;
1373 wpa_s
->pairwise_cipher
= WPA_CIPHER_NONE
;
1374 #else /* CONFIG_NO_WPA */
1375 sel
= ie
.group_cipher
& ssid
->group_cipher
;
1376 wpa_s
->group_cipher
= wpa_pick_group_cipher(sel
);
1377 if (wpa_s
->group_cipher
< 0) {
1378 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select group "
1382 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using GTK %s",
1383 wpa_cipher_txt(wpa_s
->group_cipher
));
1385 sel
= ie
.pairwise_cipher
& ssid
->pairwise_cipher
;
1386 wpa_s
->pairwise_cipher
= wpa_pick_pairwise_cipher(sel
, 1);
1387 if (wpa_s
->pairwise_cipher
< 0) {
1388 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select pairwise "
1392 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using PTK %s",
1393 wpa_cipher_txt(wpa_s
->pairwise_cipher
));
1394 #endif /* CONFIG_NO_WPA */
1396 sel
= ie
.key_mgmt
& ssid
->key_mgmt
;
1398 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SAE
))
1399 sel
&= ~(WPA_KEY_MGMT_SAE
| WPA_KEY_MGMT_FT_SAE
);
1400 #endif /* CONFIG_SAE */
1402 #ifdef CONFIG_SUITEB192
1403 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
) {
1404 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
;
1405 wpa_dbg(wpa_s
, MSG_DEBUG
,
1406 "WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1407 #endif /* CONFIG_SUITEB192 */
1408 #ifdef CONFIG_SUITEB
1409 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SUITE_B
) {
1410 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SUITE_B
;
1411 wpa_dbg(wpa_s
, MSG_DEBUG
,
1412 "WPA: using KEY_MGMT 802.1X with Suite B");
1413 #endif /* CONFIG_SUITEB */
1415 #ifdef CONFIG_IEEE80211R
1416 } else if (sel
& WPA_KEY_MGMT_FT_FILS_SHA384
) {
1417 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_FILS_SHA384
;
1418 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT-FILS-SHA384");
1419 } else if (sel
& WPA_KEY_MGMT_FT_FILS_SHA256
) {
1420 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_FILS_SHA256
;
1421 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT-FILS-SHA256");
1422 #endif /* CONFIG_IEEE80211R */
1423 } else if (sel
& WPA_KEY_MGMT_FILS_SHA384
) {
1424 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FILS_SHA384
;
1425 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FILS-SHA384");
1426 } else if (sel
& WPA_KEY_MGMT_FILS_SHA256
) {
1427 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FILS_SHA256
;
1428 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FILS-SHA256");
1429 #endif /* CONFIG_FILS */
1430 #ifdef CONFIG_IEEE80211R
1431 #ifdef CONFIG_SHA384
1432 } else if (sel
& WPA_KEY_MGMT_FT_IEEE8021X_SHA384
) {
1433 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_IEEE8021X_SHA384
;
1434 wpa_dbg(wpa_s
, MSG_DEBUG
,
1435 "WPA: using KEY_MGMT FT/802.1X-SHA384");
1436 if (pmksa_cache_get_current(wpa_s
->wpa
)) {
1437 /* PMKSA caching with FT is not fully functional, so
1438 * disable the case for now. */
1439 wpa_dbg(wpa_s
, MSG_DEBUG
,
1440 "WPA: Disable PMKSA caching for FT/802.1X connection");
1441 pmksa_cache_clear_current(wpa_s
->wpa
);
1443 #endif /* CONFIG_SHA384 */
1444 } else if (sel
& WPA_KEY_MGMT_FT_IEEE8021X
) {
1445 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_IEEE8021X
;
1446 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT/802.1X");
1447 if (pmksa_cache_get_current(wpa_s
->wpa
)) {
1448 /* PMKSA caching with FT is not fully functional, so
1449 * disable the case for now. */
1450 wpa_dbg(wpa_s
, MSG_DEBUG
,
1451 "WPA: Disable PMKSA caching for FT/802.1X connection");
1452 pmksa_cache_clear_current(wpa_s
->wpa
);
1454 } else if (sel
& WPA_KEY_MGMT_FT_PSK
) {
1455 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_PSK
;
1456 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT/PSK");
1457 #endif /* CONFIG_IEEE80211R */
1459 } else if (sel
& WPA_KEY_MGMT_DPP
) {
1460 wpa_s
->key_mgmt
= WPA_KEY_MGMT_DPP
;
1461 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT DPP");
1462 #endif /* CONFIG_DPP */
1464 } else if (sel
& WPA_KEY_MGMT_SAE
) {
1465 wpa_s
->key_mgmt
= WPA_KEY_MGMT_SAE
;
1466 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT SAE");
1467 } else if (sel
& WPA_KEY_MGMT_FT_SAE
) {
1468 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_SAE
;
1469 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT FT/SAE");
1470 #endif /* CONFIG_SAE */
1471 #ifdef CONFIG_IEEE80211W
1472 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SHA256
) {
1473 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SHA256
;
1474 wpa_dbg(wpa_s
, MSG_DEBUG
,
1475 "WPA: using KEY_MGMT 802.1X with SHA256");
1476 } else if (sel
& WPA_KEY_MGMT_PSK_SHA256
) {
1477 wpa_s
->key_mgmt
= WPA_KEY_MGMT_PSK_SHA256
;
1478 wpa_dbg(wpa_s
, MSG_DEBUG
,
1479 "WPA: using KEY_MGMT PSK with SHA256");
1480 #endif /* CONFIG_IEEE80211W */
1481 } else if (sel
& WPA_KEY_MGMT_IEEE8021X
) {
1482 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X
;
1483 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT 802.1X");
1484 } else if (sel
& WPA_KEY_MGMT_PSK
) {
1485 wpa_s
->key_mgmt
= WPA_KEY_MGMT_PSK
;
1486 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT WPA-PSK");
1487 } else if (sel
& WPA_KEY_MGMT_WPA_NONE
) {
1488 wpa_s
->key_mgmt
= WPA_KEY_MGMT_WPA_NONE
;
1489 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT WPA-NONE");
1491 } else if (sel
& WPA_KEY_MGMT_OSEN
) {
1492 wpa_s
->key_mgmt
= WPA_KEY_MGMT_OSEN
;
1493 wpa_dbg(wpa_s
, MSG_DEBUG
, "HS 2.0: using KEY_MGMT OSEN");
1494 #endif /* CONFIG_HS20 */
1496 } else if (sel
& WPA_KEY_MGMT_OWE
) {
1497 wpa_s
->key_mgmt
= WPA_KEY_MGMT_OWE
;
1498 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT OWE");
1499 #endif /* CONFIG_OWE */
1501 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select "
1502 "authenticated key management type");
1506 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_KEY_MGMT
, wpa_s
->key_mgmt
);
1507 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PAIRWISE
,
1508 wpa_s
->pairwise_cipher
);
1509 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_GROUP
, wpa_s
->group_cipher
);
1511 #ifdef CONFIG_IEEE80211W
1512 sel
= ie
.mgmt_group_cipher
;
1513 if (ssid
->group_mgmt_cipher
)
1514 sel
&= ssid
->group_mgmt_cipher
;
1515 if (wpas_get_ssid_pmf(wpa_s
, ssid
) == NO_MGMT_FRAME_PROTECTION
||
1516 !(ie
.capabilities
& WPA_CAPABILITY_MFPC
))
1518 if (sel
& WPA_CIPHER_AES_128_CMAC
) {
1519 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_AES_128_CMAC
;
1520 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1522 } else if (sel
& WPA_CIPHER_BIP_GMAC_128
) {
1523 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_GMAC_128
;
1524 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1526 } else if (sel
& WPA_CIPHER_BIP_GMAC_256
) {
1527 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_GMAC_256
;
1528 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1530 } else if (sel
& WPA_CIPHER_BIP_CMAC_256
) {
1531 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_CMAC_256
;
1532 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1535 wpa_s
->mgmt_group_cipher
= 0;
1536 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: not using MGMT group cipher");
1538 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MGMT_GROUP
,
1539 wpa_s
->mgmt_group_cipher
);
1540 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MFP
,
1541 wpas_get_ssid_pmf(wpa_s
, ssid
));
1542 #endif /* CONFIG_IEEE80211W */
1544 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_OCV
, ssid
->ocv
);
1545 #endif /* CONFIG_OCV */
1547 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s
->wpa
, wpa_ie
, wpa_ie_len
)) {
1548 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to generate WPA IE");
1554 } else if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_DPP
) {
1555 /* Use PMK from DPP network introduction (PMKSA entry) */
1556 wpa_sm_set_pmk_from_pmksa(wpa_s
->wpa
);
1557 #endif /* CONFIG_DPP */
1558 } else if (wpa_key_mgmt_wpa_psk(ssid
->key_mgmt
)) {
1562 sae_only
= (ssid
->key_mgmt
& (WPA_KEY_MGMT_PSK
|
1563 WPA_KEY_MGMT_FT_PSK
|
1564 WPA_KEY_MGMT_PSK_SHA256
)) == 0;
1566 if (ssid
->psk_set
&& !sae_only
) {
1567 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (set in config)",
1568 ssid
->psk
, PMK_LEN
);
1569 wpa_sm_set_pmk(wpa_s
->wpa
, ssid
->psk
, PMK_LEN
, NULL
,
1574 if (wpa_key_mgmt_sae(ssid
->key_mgmt
) &&
1575 (ssid
->sae_password
|| ssid
->passphrase
))
1578 #ifndef CONFIG_NO_PBKDF2
1579 if (bss
&& ssid
->bssid_set
&& ssid
->ssid_len
== 0 &&
1580 ssid
->passphrase
&& !sae_only
) {
1582 pbkdf2_sha1(ssid
->passphrase
, bss
->ssid
, bss
->ssid_len
,
1583 4096, psk
, PMK_LEN
);
1584 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (from passphrase)",
1586 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
, NULL
);
1588 os_memset(psk
, 0, sizeof(psk
));
1590 #endif /* CONFIG_NO_PBKDF2 */
1591 #ifdef CONFIG_EXT_PASSWORD
1592 if (ssid
->ext_psk
&& !sae_only
) {
1593 struct wpabuf
*pw
= ext_password_get(wpa_s
->ext_pw
,
1595 char pw_str
[64 + 1];
1599 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: No PSK "
1600 "found from external storage");
1604 if (wpabuf_len(pw
) < 8 || wpabuf_len(pw
) > 64) {
1605 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: Unexpected "
1606 "PSK length %d in external storage",
1607 (int) wpabuf_len(pw
));
1608 ext_password_free(pw
);
1612 os_memcpy(pw_str
, wpabuf_head(pw
), wpabuf_len(pw
));
1613 pw_str
[wpabuf_len(pw
)] = '\0';
1615 #ifndef CONFIG_NO_PBKDF2
1616 if (wpabuf_len(pw
) >= 8 && wpabuf_len(pw
) < 64 && bss
)
1618 pbkdf2_sha1(pw_str
, bss
->ssid
, bss
->ssid_len
,
1619 4096, psk
, PMK_LEN
);
1620 os_memset(pw_str
, 0, sizeof(pw_str
));
1621 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (from "
1622 "external passphrase)",
1624 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
,
1627 os_memset(psk
, 0, sizeof(psk
));
1629 #endif /* CONFIG_NO_PBKDF2 */
1630 if (wpabuf_len(pw
) == 2 * PMK_LEN
) {
1631 if (hexstr2bin(pw_str
, psk
, PMK_LEN
) < 0) {
1632 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: "
1633 "Invalid PSK hex string");
1634 os_memset(pw_str
, 0, sizeof(pw_str
));
1635 ext_password_free(pw
);
1638 wpa_hexdump_key(MSG_MSGDUMP
,
1639 "PSK (from external PSK)",
1641 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
,
1644 os_memset(psk
, 0, sizeof(psk
));
1646 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: No suitable "
1648 os_memset(pw_str
, 0, sizeof(pw_str
));
1649 ext_password_free(pw
);
1653 os_memset(pw_str
, 0, sizeof(pw_str
));
1654 ext_password_free(pw
);
1656 #endif /* CONFIG_EXT_PASSWORD */
1659 wpa_msg(wpa_s
, MSG_INFO
,
1660 "No PSK available for association");
1661 wpas_auth_failed(wpa_s
, "NO_PSK_AVAILABLE");
1665 } else if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_OWE
) {
1666 /* OWE Diffie-Hellman exchange in (Re)Association
1667 * Request/Response frames set the PMK, so do not override it
1669 #endif /* CONFIG_OWE */
1671 wpa_sm_set_pmk_from_pmksa(wpa_s
->wpa
);
1677 static void wpas_ext_capab_byte(struct wpa_supplicant
*wpa_s
, u8
*pos
, int idx
)
1682 case 0: /* Bits 0-7 */
1684 case 1: /* Bits 8-15 */
1685 if (wpa_s
->conf
->coloc_intf_reporting
) {
1686 /* Bit 13 - Collocated Interference Reporting */
1690 case 2: /* Bits 16-23 */
1692 *pos
|= 0x02; /* Bit 17 - WNM-Sleep Mode */
1693 *pos
|= 0x08; /* Bit 19 - BSS Transition */
1694 #endif /* CONFIG_WNM */
1696 case 3: /* Bits 24-31 */
1698 *pos
|= 0x02; /* Bit 25 - SSID List */
1699 #endif /* CONFIG_WNM */
1700 #ifdef CONFIG_INTERWORKING
1701 if (wpa_s
->conf
->interworking
)
1702 *pos
|= 0x80; /* Bit 31 - Interworking */
1703 #endif /* CONFIG_INTERWORKING */
1705 case 4: /* Bits 32-39 */
1706 #ifdef CONFIG_INTERWORKING
1707 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_QOS_MAPPING
)
1708 *pos
|= 0x01; /* Bit 32 - QoS Map */
1709 #endif /* CONFIG_INTERWORKING */
1711 case 5: /* Bits 40-47 */
1713 if (wpa_s
->conf
->hs20
)
1714 *pos
|= 0x40; /* Bit 46 - WNM-Notification */
1715 #endif /* CONFIG_HS20 */
1717 *pos
|= 0x40; /* Bit 46 - WNM-Notification */
1718 #endif /* CONFIG_MBO */
1720 case 6: /* Bits 48-55 */
1722 case 7: /* Bits 56-63 */
1724 case 8: /* Bits 64-71 */
1725 if (wpa_s
->conf
->ftm_responder
)
1726 *pos
|= 0x40; /* Bit 70 - FTM responder */
1727 if (wpa_s
->conf
->ftm_initiator
)
1728 *pos
|= 0x80; /* Bit 71 - FTM initiator */
1730 case 9: /* Bits 72-79 */
1732 if (!wpa_s
->disable_fils
)
1734 #endif /* CONFIG_FILS */
1740 int wpas_build_ext_capab(struct wpa_supplicant
*wpa_s
, u8
*buf
, size_t buflen
)
1745 if (len
< wpa_s
->extended_capa_len
)
1746 len
= wpa_s
->extended_capa_len
;
1747 if (buflen
< (size_t) len
+ 2) {
1748 wpa_printf(MSG_INFO
,
1749 "Not enough room for building extended capabilities element");
1753 *pos
++ = WLAN_EID_EXT_CAPAB
;
1755 for (i
= 0; i
< len
; i
++, pos
++) {
1756 wpas_ext_capab_byte(wpa_s
, pos
, i
);
1758 if (i
< wpa_s
->extended_capa_len
) {
1759 *pos
&= ~wpa_s
->extended_capa_mask
[i
];
1760 *pos
|= wpa_s
->extended_capa
[i
];
1764 while (len
> 0 && buf
[1 + len
] == 0) {
1775 static int wpas_valid_bss(struct wpa_supplicant
*wpa_s
,
1776 struct wpa_bss
*test_bss
)
1778 struct wpa_bss
*bss
;
1780 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
1781 if (bss
== test_bss
)
1789 static int wpas_valid_ssid(struct wpa_supplicant
*wpa_s
,
1790 struct wpa_ssid
*test_ssid
)
1792 struct wpa_ssid
*ssid
;
1794 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
) {
1795 if (ssid
== test_ssid
)
1803 int wpas_valid_bss_ssid(struct wpa_supplicant
*wpa_s
, struct wpa_bss
*test_bss
,
1804 struct wpa_ssid
*test_ssid
)
1806 if (test_bss
&& !wpas_valid_bss(wpa_s
, test_bss
))
1809 return test_ssid
== NULL
|| wpas_valid_ssid(wpa_s
, test_ssid
);
1813 void wpas_connect_work_free(struct wpa_connect_work
*cwork
)
1821 void wpas_connect_work_done(struct wpa_supplicant
*wpa_s
)
1823 struct wpa_connect_work
*cwork
;
1824 struct wpa_radio_work
*work
= wpa_s
->connect_work
;
1829 wpa_s
->connect_work
= NULL
;
1832 wpas_connect_work_free(cwork
);
1833 radio_work_done(work
);
1837 int wpas_update_random_addr(struct wpa_supplicant
*wpa_s
, int style
)
1839 struct os_reltime now
;
1842 os_get_reltime(&now
);
1843 if (wpa_s
->last_mac_addr_style
== style
&&
1844 wpa_s
->last_mac_addr_change
.sec
!= 0 &&
1845 !os_reltime_expired(&now
, &wpa_s
->last_mac_addr_change
,
1846 wpa_s
->conf
->rand_addr_lifetime
)) {
1847 wpa_msg(wpa_s
, MSG_DEBUG
,
1848 "Previously selected random MAC address has not yet expired");
1854 if (random_mac_addr(addr
) < 0)
1858 os_memcpy(addr
, wpa_s
->perm_addr
, ETH_ALEN
);
1859 if (random_mac_addr_keep_oui(addr
) < 0)
1866 if (wpa_drv_set_mac_addr(wpa_s
, addr
) < 0) {
1867 wpa_msg(wpa_s
, MSG_INFO
,
1868 "Failed to set random MAC address");
1872 os_get_reltime(&wpa_s
->last_mac_addr_change
);
1873 wpa_s
->mac_addr_changed
= 1;
1874 wpa_s
->last_mac_addr_style
= style
;
1876 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0) {
1877 wpa_msg(wpa_s
, MSG_INFO
,
1878 "Could not update MAC address information");
1882 wpa_msg(wpa_s
, MSG_DEBUG
, "Using random MAC address " MACSTR
,
1889 int wpas_update_random_addr_disassoc(struct wpa_supplicant
*wpa_s
)
1891 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
||
1892 !wpa_s
->conf
->preassoc_mac_addr
)
1895 return wpas_update_random_addr(wpa_s
, wpa_s
->conf
->preassoc_mac_addr
);
1899 static void wpas_start_assoc_cb(struct wpa_radio_work
*work
, int deinit
);
1902 * wpa_supplicant_associate - Request association
1903 * @wpa_s: Pointer to wpa_supplicant data
1904 * @bss: Scan results for the selected BSS, or %NULL if not available
1905 * @ssid: Configuration data for the selected network
1907 * This function is used to request %wpa_supplicant to associate with a BSS.
1909 void wpa_supplicant_associate(struct wpa_supplicant
*wpa_s
,
1910 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
)
1912 struct wpa_connect_work
*cwork
;
1915 wpa_s
->own_disconnect_req
= 0;
1918 * If we are starting a new connection, any previously pending EAPOL
1919 * RX cannot be valid anymore.
1921 wpabuf_free(wpa_s
->pending_eapol_rx
);
1922 wpa_s
->pending_eapol_rx
= NULL
;
1924 if (ssid
->mac_addr
== -1)
1925 rand_style
= wpa_s
->conf
->mac_addr
;
1927 rand_style
= ssid
->mac_addr
;
1929 wmm_ac_clear_saved_tspecs(wpa_s
);
1930 wpa_s
->reassoc_same_bss
= 0;
1931 wpa_s
->reassoc_same_ess
= 0;
1932 #ifdef CONFIG_TESTING_OPTIONS
1933 wpa_s
->testing_resend_assoc
= 0;
1934 #endif /* CONFIG_TESTING_OPTIONS */
1936 if (wpa_s
->last_ssid
== ssid
) {
1937 wpa_dbg(wpa_s
, MSG_DEBUG
, "Re-association to the same ESS");
1938 wpa_s
->reassoc_same_ess
= 1;
1939 if (wpa_s
->current_bss
&& wpa_s
->current_bss
== bss
) {
1940 wmm_ac_save_tspecs(wpa_s
);
1941 wpa_s
->reassoc_same_bss
= 1;
1942 } else if (wpa_s
->current_bss
&& wpa_s
->current_bss
!= bss
) {
1943 os_get_reltime(&wpa_s
->roam_start
);
1947 if (rand_style
> 0 && !wpa_s
->reassoc_same_ess
) {
1948 if (wpas_update_random_addr(wpa_s
, rand_style
) < 0)
1950 wpa_sm_pmksa_cache_flush(wpa_s
->wpa
, ssid
);
1951 } else if (rand_style
== 0 && wpa_s
->mac_addr_changed
) {
1952 if (wpa_drv_set_mac_addr(wpa_s
, NULL
) < 0) {
1953 wpa_msg(wpa_s
, MSG_INFO
,
1954 "Could not restore permanent MAC address");
1957 wpa_s
->mac_addr_changed
= 0;
1958 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0) {
1959 wpa_msg(wpa_s
, MSG_INFO
,
1960 "Could not update MAC address information");
1963 wpa_msg(wpa_s
, MSG_DEBUG
, "Using permanent MAC address");
1965 wpa_s
->last_ssid
= ssid
;
1967 #ifdef CONFIG_IBSS_RSN
1968 ibss_rsn_deinit(wpa_s
->ibss_rsn
);
1969 wpa_s
->ibss_rsn
= NULL
;
1970 #else /* CONFIG_IBSS_RSN */
1971 if (ssid
->mode
== WPAS_MODE_IBSS
&&
1972 !(ssid
->key_mgmt
& (WPA_KEY_MGMT_NONE
| WPA_KEY_MGMT_WPA_NONE
))) {
1973 wpa_msg(wpa_s
, MSG_INFO
,
1974 "IBSS RSN not supported in the build");
1977 #endif /* CONFIG_IBSS_RSN */
1979 if (ssid
->mode
== WPAS_MODE_AP
|| ssid
->mode
== WPAS_MODE_P2P_GO
||
1980 ssid
->mode
== WPAS_MODE_P2P_GROUP_FORMATION
) {
1982 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_AP
)) {
1983 wpa_msg(wpa_s
, MSG_INFO
, "Driver does not support AP "
1987 if (wpa_supplicant_create_ap(wpa_s
, ssid
) < 0) {
1988 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
1989 if (ssid
->mode
== WPAS_MODE_P2P_GROUP_FORMATION
)
1990 wpas_p2p_ap_setup_failed(wpa_s
);
1993 wpa_s
->current_bss
= bss
;
1994 #else /* CONFIG_AP */
1995 wpa_msg(wpa_s
, MSG_ERROR
, "AP mode support not included in "
1997 #endif /* CONFIG_AP */
2001 if (ssid
->mode
== WPAS_MODE_MESH
) {
2003 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_MESH
)) {
2004 wpa_msg(wpa_s
, MSG_INFO
,
2005 "Driver does not support mesh mode");
2009 ssid
->frequency
= bss
->freq
;
2010 if (wpa_supplicant_join_mesh(wpa_s
, ssid
) < 0) {
2011 wpa_msg(wpa_s
, MSG_ERROR
, "Could not join mesh");
2014 wpa_s
->current_bss
= bss
;
2015 wpa_msg(wpa_s
, MSG_INFO
, MESH_GROUP_STARTED
"ssid=\"%s\" id=%d",
2016 wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
),
2018 wpas_notify_mesh_group_started(wpa_s
, ssid
);
2019 #else /* CONFIG_MESH */
2020 wpa_msg(wpa_s
, MSG_ERROR
,
2021 "mesh mode support not included in the build");
2022 #endif /* CONFIG_MESH */
2027 * Set WPA state machine configuration to match the selected network now
2028 * so that the information is available before wpas_start_assoc_cb()
2029 * gets called. This is needed at least for RSN pre-authentication where
2030 * candidate APs are added to a list based on scan result processing
2031 * before completion of the first association.
2033 wpa_supplicant_rsn_supp_set_config(wpa_s
, ssid
);
2036 if (wpas_dpp_check_connect(wpa_s
, ssid
, bss
) != 0)
2038 #endif /* CONFIG_DPP */
2042 wpa_tdls_ap_ies(wpa_s
->wpa
, (const u8
*) (bss
+ 1),
2044 #endif /* CONFIG_TDLS */
2046 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2047 ssid
->mode
== IEEE80211_MODE_INFRA
) {
2048 sme_authenticate(wpa_s
, bss
, ssid
);
2052 if (wpa_s
->connect_work
) {
2053 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reject wpa_supplicant_associate() call since connect_work exist");
2057 if (radio_work_pending(wpa_s
, "connect")) {
2058 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reject wpa_supplicant_associate() call since pending work exist");
2063 if (ssid
->mode
== WPAS_MODE_IBSS
|| ssid
->mode
== WPAS_MODE_MESH
) {
2064 /* Clear possibly set auth_alg, if any, from last attempt. */
2065 wpa_s
->sme
.auth_alg
= WPA_AUTH_ALG_OPEN
;
2067 #endif /* CONFIG_SME */
2069 wpas_abort_ongoing_scan(wpa_s
);
2071 cwork
= os_zalloc(sizeof(*cwork
));
2078 if (radio_add_work(wpa_s
, bss
? bss
->freq
: 0, "connect", 1,
2079 wpas_start_assoc_cb
, cwork
) < 0) {
2085 static int bss_is_ibss(struct wpa_bss
*bss
)
2087 return (bss
->caps
& (IEEE80211_CAP_ESS
| IEEE80211_CAP_IBSS
)) ==
2092 static int drv_supports_vht(struct wpa_supplicant
*wpa_s
,
2093 const struct wpa_ssid
*ssid
)
2095 enum hostapd_hw_mode hw_mode
;
2096 struct hostapd_hw_modes
*mode
= NULL
;
2100 hw_mode
= ieee80211_freq_to_chan(ssid
->frequency
, &channel
);
2101 if (hw_mode
== NUM_HOSTAPD_MODES
)
2103 for (i
= 0; wpa_s
->hw
.modes
&& i
< wpa_s
->hw
.num_modes
; i
++) {
2104 if (wpa_s
->hw
.modes
[i
].mode
== hw_mode
) {
2105 mode
= &wpa_s
->hw
.modes
[i
];
2113 return mode
->vht_capab
!= 0;
2117 void ibss_mesh_setup_freq(struct wpa_supplicant
*wpa_s
,
2118 const struct wpa_ssid
*ssid
,
2119 struct hostapd_freq_params
*freq
)
2121 enum hostapd_hw_mode hw_mode
;
2122 struct hostapd_hw_modes
*mode
= NULL
;
2123 int ht40plus
[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2125 int vht80
[] = { 36, 52, 100, 116, 132, 149 };
2126 struct hostapd_channel_data
*pri_chan
= NULL
, *sec_chan
= NULL
;
2128 int i
, chan_idx
, ht40
= -1, res
, obss_scan
= 1;
2130 struct hostapd_freq_params vht_freq
;
2131 int chwidth
, seg0
, seg1
;
2134 freq
->freq
= ssid
->frequency
;
2136 for (j
= 0; j
< wpa_s
->last_scan_res_used
; j
++) {
2137 struct wpa_bss
*bss
= wpa_s
->last_scan_res
[j
];
2139 if (ssid
->mode
!= WPAS_MODE_IBSS
)
2142 /* Don't adjust control freq in case of fixed_freq */
2143 if (ssid
->fixed_freq
)
2146 if (!bss_is_ibss(bss
))
2149 if (ssid
->ssid_len
== bss
->ssid_len
&&
2150 os_memcmp(ssid
->ssid
, bss
->ssid
, bss
->ssid_len
) == 0) {
2151 wpa_printf(MSG_DEBUG
,
2152 "IBSS already found in scan results, adjust control freq: %d",
2154 freq
->freq
= bss
->freq
;
2160 /* For IBSS check HT_IBSS flag */
2161 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2162 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_HT_IBSS
))
2165 if (wpa_s
->group_cipher
== WPA_CIPHER_WEP40
||
2166 wpa_s
->group_cipher
== WPA_CIPHER_WEP104
||
2167 wpa_s
->pairwise_cipher
== WPA_CIPHER_TKIP
) {
2168 wpa_printf(MSG_DEBUG
,
2169 "IBSS: WEP/TKIP detected, do not try to enable HT");
2173 hw_mode
= ieee80211_freq_to_chan(freq
->freq
, &channel
);
2174 for (i
= 0; wpa_s
->hw
.modes
&& i
< wpa_s
->hw
.num_modes
; i
++) {
2175 if (wpa_s
->hw
.modes
[i
].mode
== hw_mode
) {
2176 mode
= &wpa_s
->hw
.modes
[i
];
2184 #ifdef CONFIG_HT_OVERRIDES
2185 if (ssid
->disable_ht
) {
2186 freq
->ht_enabled
= 0;
2189 #endif /* CONFIG_HT_OVERRIDES */
2191 freq
->ht_enabled
= ht_supported(mode
);
2192 if (!freq
->ht_enabled
)
2195 /* Setup higher BW only for 5 GHz */
2196 if (mode
->mode
!= HOSTAPD_MODE_IEEE80211A
)
2199 for (chan_idx
= 0; chan_idx
< mode
->num_channels
; chan_idx
++) {
2200 pri_chan
= &mode
->channels
[chan_idx
];
2201 if (pri_chan
->chan
== channel
)
2208 /* Check primary channel flags */
2209 if (pri_chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2212 freq
->channel
= pri_chan
->chan
;
2214 #ifdef CONFIG_HT_OVERRIDES
2215 if (ssid
->disable_ht40
) {
2216 if (ssid
->disable_vht
)
2220 #endif /* CONFIG_HT_OVERRIDES */
2222 /* Check/setup HT40+/HT40- */
2223 for (j
= 0; j
< ARRAY_SIZE(ht40plus
); j
++) {
2224 if (ht40plus
[j
] == channel
) {
2230 /* Find secondary channel */
2231 for (i
= 0; i
< mode
->num_channels
; i
++) {
2232 sec_chan
= &mode
->channels
[i
];
2233 if (sec_chan
->chan
== channel
+ ht40
* 4)
2240 /* Check secondary channel flags */
2241 if (sec_chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2245 if (!(pri_chan
->flag
& HOSTAPD_CHAN_HT40MINUS
))
2248 if (!(pri_chan
->flag
& HOSTAPD_CHAN_HT40PLUS
))
2251 freq
->sec_channel_offset
= ht40
;
2254 struct wpa_scan_results
*scan_res
;
2256 scan_res
= wpa_supplicant_get_scan_results(wpa_s
, NULL
, 0);
2257 if (scan_res
== NULL
) {
2259 freq
->sec_channel_offset
= 0;
2263 res
= check_40mhz_5g(mode
, scan_res
, pri_chan
->chan
,
2268 freq
->sec_channel_offset
= 0;
2271 /* Configuration allowed */
2274 /* Switch pri/sec channels */
2275 freq
->freq
= hw_get_freq(mode
, sec_chan
->chan
);
2276 freq
->sec_channel_offset
= -freq
->sec_channel_offset
;
2277 freq
->channel
= sec_chan
->chan
;
2280 freq
->sec_channel_offset
= 0;
2284 wpa_scan_results_free(scan_res
);
2287 #ifdef CONFIG_HT_OVERRIDES
2289 #endif /* CONFIG_HT_OVERRIDES */
2290 wpa_printf(MSG_DEBUG
,
2291 "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2292 freq
->channel
, freq
->sec_channel_offset
);
2294 if (!drv_supports_vht(wpa_s
, ssid
))
2297 /* For IBSS check VHT_IBSS flag */
2298 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2299 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_VHT_IBSS
))
2304 #ifdef CONFIG_VHT_OVERRIDES
2305 if (ssid
->disable_vht
) {
2306 freq
->vht_enabled
= 0;
2309 #endif /* CONFIG_VHT_OVERRIDES */
2311 vht_freq
.vht_enabled
= vht_supported(mode
);
2312 if (!vht_freq
.vht_enabled
)
2315 /* setup center_freq1, bandwidth */
2316 for (j
= 0; j
< ARRAY_SIZE(vht80
); j
++) {
2317 if (freq
->channel
>= vht80
[j
] &&
2318 freq
->channel
< vht80
[j
] + 16)
2322 if (j
== ARRAY_SIZE(vht80
))
2325 for (i
= vht80
[j
]; i
< vht80
[j
] + 16; i
+= 4) {
2326 struct hostapd_channel_data
*chan
;
2328 chan
= hw_get_channel_chan(mode
, i
, NULL
);
2332 /* Back to HT configuration if channel not usable */
2333 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2337 chwidth
= VHT_CHANWIDTH_80MHZ
;
2338 seg0
= vht80
[j
] + 6;
2341 if (ssid
->max_oper_chwidth
== VHT_CHANWIDTH_80P80MHZ
) {
2342 /* setup center_freq2, bandwidth */
2343 for (k
= 0; k
< ARRAY_SIZE(vht80
); k
++) {
2344 /* Only accept 80 MHz segments separated by a gap */
2345 if (j
== k
|| abs(vht80
[j
] - vht80
[k
]) == 16)
2347 for (i
= vht80
[k
]; i
< vht80
[k
] + 16; i
+= 4) {
2348 struct hostapd_channel_data
*chan
;
2350 chan
= hw_get_channel_chan(mode
, i
, NULL
);
2354 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
|
2355 HOSTAPD_CHAN_NO_IR
|
2356 HOSTAPD_CHAN_RADAR
))
2359 /* Found a suitable second segment for 80+80 */
2360 chwidth
= VHT_CHANWIDTH_80P80MHZ
;
2362 VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ
;
2363 seg1
= vht80
[k
] + 6;
2366 if (chwidth
== VHT_CHANWIDTH_80P80MHZ
)
2369 } else if (ssid
->max_oper_chwidth
== VHT_CHANWIDTH_160MHZ
) {
2370 if (freq
->freq
== 5180) {
2371 chwidth
= VHT_CHANWIDTH_160MHZ
;
2372 vht_caps
|= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
2374 } else if (freq
->freq
== 5520) {
2375 chwidth
= VHT_CHANWIDTH_160MHZ
;
2376 vht_caps
|= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
2379 } else if (ssid
->max_oper_chwidth
== VHT_CHANWIDTH_USE_HT
) {
2380 chwidth
= VHT_CHANWIDTH_USE_HT
;
2381 seg0
= vht80
[j
] + 2;
2382 #ifdef CONFIG_HT_OVERRIDES
2383 if (ssid
->disable_ht40
)
2385 #endif /* CONFIG_HT_OVERRIDES */
2388 if (hostapd_set_freq_params(&vht_freq
, mode
->mode
, freq
->freq
,
2389 freq
->channel
, freq
->ht_enabled
,
2390 vht_freq
.vht_enabled
,
2391 freq
->sec_channel_offset
,
2392 chwidth
, seg0
, seg1
, vht_caps
) != 0)
2397 wpa_printf(MSG_DEBUG
, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2398 freq
->center_freq1
, freq
->center_freq2
, freq
->bandwidth
);
2403 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant
*wpa_s
, u8
*ie_buf
,
2406 struct fils_hlp_req
*req
;
2407 size_t rem_len
, hdr_len
, hlp_len
, len
, ie_len
= 0;
2411 dl_list_for_each(req
, &wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
2413 rem_len
= ie_buf_len
- ie_len
;
2414 pos
= wpabuf_head(req
->pkt
);
2415 hdr_len
= 1 + 2 * ETH_ALEN
+ 6;
2416 hlp_len
= wpabuf_len(req
->pkt
);
2418 if (rem_len
< 2 + hdr_len
+ hlp_len
) {
2419 wpa_printf(MSG_ERROR
,
2420 "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2421 (unsigned long) rem_len
,
2422 (unsigned long) (2 + hdr_len
+ hlp_len
));
2426 len
= (hdr_len
+ hlp_len
) > 255 ? 255 : hdr_len
+ hlp_len
;
2428 *buf
++ = WLAN_EID_EXTENSION
;
2431 /* Element ID Extension */
2432 *buf
++ = WLAN_EID_EXT_FILS_HLP_CONTAINER
;
2433 /* Destination MAC address */
2434 os_memcpy(buf
, req
->dst
, ETH_ALEN
);
2436 /* Source MAC address */
2437 os_memcpy(buf
, wpa_s
->own_addr
, ETH_ALEN
);
2439 /* LLC/SNAP Header */
2440 os_memcpy(buf
, "\xaa\xaa\x03\x00\x00\x00", 6);
2443 os_memcpy(buf
, pos
, len
- hdr_len
);
2444 buf
+= len
- hdr_len
;
2445 pos
+= len
- hdr_len
;
2447 hlp_len
-= len
- hdr_len
;
2452 len
= (hlp_len
> 255) ? 255 : hlp_len
;
2453 if (rem_len
< 2 + len
)
2455 *buf
++ = WLAN_EID_FRAGMENT
;
2457 os_memcpy(buf
, pos
, len
);
2471 int wpa_is_fils_supported(struct wpa_supplicant
*wpa_s
)
2473 return (((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2474 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SUPPORT_FILS
)) ||
2475 (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2476 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD
)));
2480 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant
*wpa_s
)
2482 #ifdef CONFIG_FILS_SK_PFS
2483 return (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2484 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SUPPORT_FILS
);
2485 #else /* CONFIG_FILS_SK_PFS */
2487 #endif /* CONFIG_FILS_SK_PFS */
2490 #endif /* CONFIG_FILS */
2493 static u8
* wpas_populate_assoc_ies(
2494 struct wpa_supplicant
*wpa_s
,
2495 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
,
2496 struct wpa_driver_associate_params
*params
,
2497 enum wpa_drv_update_connect_params_mask
*mask
)
2500 size_t max_wpa_ie_len
= 500;
2502 int algs
= WPA_AUTH_ALG_OPEN
;
2507 const u8
*realm
, *username
, *rrk
;
2508 size_t realm_len
, username_len
, rrk_len
;
2510 struct fils_hlp_req
*req
;
2512 dl_list_for_each(req
, &wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
2514 max_wpa_ie_len
+= 3 + 2 * ETH_ALEN
+ 6 + wpabuf_len(req
->pkt
) +
2515 2 + 2 * wpabuf_len(req
->pkt
) / 255;
2517 #endif /* CONFIG_FILS */
2519 wpa_ie
= os_malloc(max_wpa_ie_len
);
2521 wpa_printf(MSG_ERROR
,
2522 "Failed to allocate connect IE buffer for %lu bytes",
2523 (unsigned long) max_wpa_ie_len
);
2527 if (bss
&& (wpa_bss_get_vendor_ie(bss
, WPA_IE_VENDOR_TYPE
) ||
2528 wpa_bss_get_ie(bss
, WLAN_EID_RSN
)) &&
2529 wpa_key_mgmt_wpa(ssid
->key_mgmt
)) {
2530 int try_opportunistic
;
2531 const u8
*cache_id
= NULL
;
2533 try_opportunistic
= (ssid
->proactive_key_caching
< 0 ?
2535 ssid
->proactive_key_caching
) &&
2536 (ssid
->proto
& WPA_PROTO_RSN
);
2538 if (wpa_key_mgmt_fils(ssid
->key_mgmt
))
2539 cache_id
= wpa_bss_get_fils_cache_id(bss
);
2540 #endif /* CONFIG_FILS */
2541 if (pmksa_cache_set_current(wpa_s
->wpa
, NULL
, bss
->bssid
,
2542 ssid
, try_opportunistic
,
2544 eapol_sm_notify_pmkid_attempt(wpa_s
->eapol
);
2545 wpa_ie_len
= max_wpa_ie_len
;
2546 if (wpa_supplicant_set_suites(wpa_s
, bss
, ssid
,
2547 wpa_ie
, &wpa_ie_len
)) {
2548 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2549 "key management and encryption suites");
2554 } else if (bss
&& wpa_bss_get_vendor_ie(bss
, OSEN_IE_VENDOR_TYPE
) &&
2555 (ssid
->key_mgmt
& WPA_KEY_MGMT_OSEN
)) {
2556 /* No PMKSA caching, but otherwise similar to RSN/WPA */
2557 wpa_ie_len
= max_wpa_ie_len
;
2558 if (wpa_supplicant_set_suites(wpa_s
, bss
, ssid
,
2559 wpa_ie
, &wpa_ie_len
)) {
2560 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2561 "key management and encryption suites");
2565 #endif /* CONFIG_HS20 */
2566 } else if ((ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
) && bss
&&
2567 wpa_key_mgmt_wpa_ieee8021x(ssid
->key_mgmt
)) {
2569 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2570 * use non-WPA since the scan results did not indicate that the
2571 * AP is using WPA or WPA2.
2573 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2575 wpa_s
->wpa_proto
= 0;
2576 } else if (wpa_key_mgmt_wpa_any(ssid
->key_mgmt
)) {
2577 wpa_ie_len
= max_wpa_ie_len
;
2578 if (wpa_supplicant_set_suites(wpa_s
, NULL
, ssid
,
2579 wpa_ie
, &wpa_ie_len
)) {
2580 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2581 "key management and encryption suites (no "
2587 } else if (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
) {
2588 struct wpabuf
*wps_ie
;
2589 wps_ie
= wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid
));
2590 if (wps_ie
&& wpabuf_len(wps_ie
) <= max_wpa_ie_len
) {
2591 wpa_ie_len
= wpabuf_len(wps_ie
);
2592 os_memcpy(wpa_ie
, wpabuf_head(wps_ie
), wpa_ie_len
);
2595 wpabuf_free(wps_ie
);
2596 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2597 if (!bss
|| (bss
->caps
& IEEE80211_CAP_PRIVACY
))
2598 params
->wps
= WPS_MODE_PRIVACY
;
2600 params
->wps
= WPS_MODE_OPEN
;
2601 wpa_s
->wpa_proto
= 0;
2602 #endif /* CONFIG_WPS */
2604 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2606 wpa_s
->wpa_proto
= 0;
2609 #ifdef IEEE8021X_EAPOL
2610 if (ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
2612 if (ssid
->non_leap
== 0)
2613 algs
= WPA_AUTH_ALG_LEAP
;
2615 algs
|= WPA_AUTH_ALG_LEAP
;
2620 /* Clear FILS association */
2621 wpa_sm_set_reset_fils_completed(wpa_s
->wpa
, 0);
2623 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD
) &&
2624 ssid
->eap
.erp
&& wpa_key_mgmt_fils(wpa_s
->key_mgmt
) &&
2625 eapol_sm_get_erp_info(wpa_s
->eapol
, &ssid
->eap
, &username
,
2626 &username_len
, &realm
, &realm_len
,
2627 &next_seq_num
, &rrk
, &rrk_len
) == 0 &&
2628 (!wpa_s
->last_con_fail_realm
||
2629 wpa_s
->last_con_fail_realm_len
!= realm_len
||
2630 os_memcmp(wpa_s
->last_con_fail_realm
, realm
, realm_len
) != 0)) {
2631 algs
= WPA_AUTH_ALG_FILS
;
2632 params
->fils_erp_username
= username
;
2633 params
->fils_erp_username_len
= username_len
;
2634 params
->fils_erp_realm
= realm
;
2635 params
->fils_erp_realm_len
= realm_len
;
2636 params
->fils_erp_next_seq_num
= next_seq_num
;
2637 params
->fils_erp_rrk
= rrk
;
2638 params
->fils_erp_rrk_len
= rrk_len
;
2641 *mask
|= WPA_DRV_UPDATE_FILS_ERP_INFO
;
2643 #endif /* CONFIG_FILS */
2644 #endif /* IEEE8021X_EAPOL */
2646 if (wpa_s
->key_mgmt
& (WPA_KEY_MGMT_SAE
| WPA_KEY_MGMT_FT_SAE
))
2647 algs
= WPA_AUTH_ALG_SAE
;
2648 #endif /* CONFIG_SAE */
2650 wpa_dbg(wpa_s
, MSG_DEBUG
, "Automatic auth_alg selection: 0x%x", algs
);
2651 if (ssid
->auth_alg
) {
2652 algs
= ssid
->auth_alg
;
2653 wpa_dbg(wpa_s
, MSG_DEBUG
,
2654 "Overriding auth_alg selection: 0x%x", algs
);
2658 if (wpa_s
->global
->p2p
) {
2662 pos
= wpa_ie
+ wpa_ie_len
;
2663 len
= max_wpa_ie_len
- wpa_ie_len
;
2664 res
= wpas_p2p_assoc_req_ie(wpa_s
, bss
, pos
, len
,
2670 wpa_s
->cross_connect_disallowed
= 0;
2673 p2p
= wpa_bss_get_vendor_ie_multi(bss
, P2P_IE_VENDOR_TYPE
);
2675 wpa_s
->cross_connect_disallowed
=
2676 p2p_get_cross_connect_disallowed(p2p
);
2678 wpa_dbg(wpa_s
, MSG_DEBUG
, "P2P: WLAN AP %s cross "
2680 wpa_s
->cross_connect_disallowed
?
2681 "disallows" : "allows");
2685 os_memset(wpa_s
->p2p_ip_addr_info
, 0, sizeof(wpa_s
->p2p_ip_addr_info
));
2686 #endif /* CONFIG_P2P */
2689 wpa_ie_len
+= wpas_supp_op_class_ie(wpa_s
, ssid
, bss
->freq
,
2690 wpa_ie
+ wpa_ie_len
,
2696 * Workaround: Add Extended Capabilities element only if the AP
2697 * included this element in Beacon/Probe Response frames. Some older
2698 * APs seem to have interoperability issues if this element is
2699 * included, so while the standard may require us to include the
2700 * element in all cases, it is justifiable to skip it to avoid
2701 * interoperability issues.
2703 if (ssid
->p2p_group
)
2704 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_P2P_CLIENT
);
2706 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_STATION
);
2708 if (!bss
|| wpa_bss_get_ie(bss
, WLAN_EID_EXT_CAPAB
)) {
2711 ext_capab_len
= wpas_build_ext_capab(wpa_s
, ext_capab
,
2713 if (ext_capab_len
> 0 &&
2714 wpa_ie_len
+ ext_capab_len
<= max_wpa_ie_len
) {
2716 if (wpa_ie_len
> 0 && pos
[0] == WLAN_EID_RSN
)
2718 os_memmove(pos
+ ext_capab_len
, pos
,
2719 wpa_ie_len
- (pos
- wpa_ie
));
2720 wpa_ie_len
+= ext_capab_len
;
2721 os_memcpy(pos
, ext_capab
, ext_capab_len
);
2726 if (is_hs20_network(wpa_s
, ssid
, bss
)) {
2727 struct wpabuf
*hs20
;
2729 hs20
= wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN
);
2731 int pps_mo_id
= hs20_get_pps_mo_id(wpa_s
, ssid
);
2734 wpas_hs20_add_indication(hs20
, pps_mo_id
,
2735 get_hs20_version(bss
));
2736 wpas_hs20_add_roam_cons_sel(hs20
, ssid
);
2737 len
= max_wpa_ie_len
- wpa_ie_len
;
2738 if (wpabuf_len(hs20
) <= len
) {
2739 os_memcpy(wpa_ie
+ wpa_ie_len
,
2740 wpabuf_head(hs20
), wpabuf_len(hs20
));
2741 wpa_ie_len
+= wpabuf_len(hs20
);
2745 hs20_configure_frame_filters(wpa_s
);
2748 #endif /* CONFIG_HS20 */
2750 if (wpa_s
->vendor_elem
[VENDOR_ELEM_ASSOC_REQ
]) {
2751 struct wpabuf
*buf
= wpa_s
->vendor_elem
[VENDOR_ELEM_ASSOC_REQ
];
2754 len
= max_wpa_ie_len
- wpa_ie_len
;
2755 if (wpabuf_len(buf
) <= len
) {
2756 os_memcpy(wpa_ie
+ wpa_ie_len
,
2757 wpabuf_head(buf
), wpabuf_len(buf
));
2758 wpa_ie_len
+= wpabuf_len(buf
);
2763 if (wpa_s
->fst_ies
) {
2764 int fst_ies_len
= wpabuf_len(wpa_s
->fst_ies
);
2766 if (wpa_ie_len
+ fst_ies_len
<= max_wpa_ie_len
) {
2767 os_memcpy(wpa_ie
+ wpa_ie_len
,
2768 wpabuf_head(wpa_s
->fst_ies
), fst_ies_len
);
2769 wpa_ie_len
+= fst_ies_len
;
2772 #endif /* CONFIG_FST */
2775 mbo_ie
= bss
? wpa_bss_get_vendor_ie(bss
, MBO_IE_VENDOR_TYPE
) : NULL
;
2779 len
= wpas_mbo_ie(wpa_s
, wpa_ie
+ wpa_ie_len
,
2780 max_wpa_ie_len
- wpa_ie_len
,
2781 !!mbo_attr_from_mbo_ie(mbo_ie
,
2782 OCE_ATTR_ID_CAPA_IND
));
2786 #endif /* CONFIG_MBO */
2789 if (algs
== WPA_AUTH_ALG_FILS
) {
2792 len
= wpas_add_fils_hlp_req(wpa_s
, wpa_ie
+ wpa_ie_len
,
2793 max_wpa_ie_len
- wpa_ie_len
);
2796 #endif /* CONFIG_FILS */
2799 #ifdef CONFIG_TESTING_OPTIONS
2800 if (get_ie_ext(wpa_ie
, wpa_ie_len
, WLAN_EID_EXT_OWE_DH_PARAM
)) {
2801 wpa_printf(MSG_INFO
, "TESTING: Override OWE DH element");
2803 #endif /* CONFIG_TESTING_OPTIONS */
2804 if (algs
== WPA_AUTH_ALG_OPEN
&&
2805 ssid
->key_mgmt
== WPA_KEY_MGMT_OWE
) {
2806 struct wpabuf
*owe_ie
;
2809 if (ssid
->owe_group
) {
2810 group
= ssid
->owe_group
;
2811 } else if (wpa_s
->assoc_status_code
==
2812 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED
) {
2813 if (wpa_s
->last_owe_group
== 19)
2815 else if (wpa_s
->last_owe_group
== 20)
2818 group
= OWE_DH_GROUP
;
2820 group
= OWE_DH_GROUP
;
2823 wpa_s
->last_owe_group
= group
;
2824 wpa_printf(MSG_DEBUG
, "OWE: Try to use group %u", group
);
2825 owe_ie
= owe_build_assoc_req(wpa_s
->wpa
, group
);
2827 wpabuf_len(owe_ie
) <= max_wpa_ie_len
- wpa_ie_len
) {
2828 os_memcpy(wpa_ie
+ wpa_ie_len
,
2829 wpabuf_head(owe_ie
), wpabuf_len(owe_ie
));
2830 wpa_ie_len
+= wpabuf_len(owe_ie
);
2831 wpabuf_free(owe_ie
);
2834 #endif /* CONFIG_OWE */
2837 if (wpa_sm_get_key_mgmt(wpa_s
->wpa
) == WPA_KEY_MGMT_DPP
&&
2838 ssid
->dpp_netaccesskey
) {
2839 dpp_pfs_free(wpa_s
->dpp_pfs
);
2840 wpa_s
->dpp_pfs
= dpp_pfs_init(ssid
->dpp_netaccesskey
,
2841 ssid
->dpp_netaccesskey_len
);
2842 if (!wpa_s
->dpp_pfs
) {
2843 wpa_printf(MSG_DEBUG
, "DPP: Could not initialize PFS");
2844 /* Try to continue without PFS */
2847 if (wpabuf_len(wpa_s
->dpp_pfs
->ie
) <=
2848 max_wpa_ie_len
- wpa_ie_len
) {
2849 os_memcpy(wpa_ie
+ wpa_ie_len
,
2850 wpabuf_head(wpa_s
->dpp_pfs
->ie
),
2851 wpabuf_len(wpa_s
->dpp_pfs
->ie
));
2852 wpa_ie_len
+= wpabuf_len(wpa_s
->dpp_pfs
->ie
);
2856 #endif /* CONFIG_DPP2 */
2858 #ifdef CONFIG_IEEE80211R
2860 * Add MDIE under these conditions: the network profile allows FT,
2861 * the AP supports FT, and the mobility domain ID matches.
2863 if (bss
&& wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s
->wpa
))) {
2864 const u8
*mdie
= wpa_bss_get_ie(bss
, WLAN_EID_MOBILITY_DOMAIN
);
2866 if (mdie
&& mdie
[1] >= MOBILITY_DOMAIN_ID_LEN
) {
2868 const u8
*md
= mdie
+ 2;
2869 const u8
*wpa_md
= wpa_sm_get_ft_md(wpa_s
->wpa
);
2871 if (os_memcmp(md
, wpa_md
,
2872 MOBILITY_DOMAIN_ID_LEN
) == 0) {
2873 /* Add mobility domain IE */
2874 len
= wpa_ft_add_mdie(
2875 wpa_s
->wpa
, wpa_ie
+ wpa_ie_len
,
2876 max_wpa_ie_len
- wpa_ie_len
, mdie
);
2880 if (len
> 0 && wpa_s
->sme
.ft_used
&&
2881 wpa_sm_has_ptk(wpa_s
->wpa
)) {
2882 wpa_dbg(wpa_s
, MSG_DEBUG
,
2883 "SME: Trying to use FT over-the-air");
2884 algs
|= WPA_AUTH_ALG_FT
;
2886 #endif /* CONFIG_SME */
2889 #endif /* CONFIG_IEEE80211R */
2891 if (ssid
->multi_ap_backhaul_sta
) {
2892 size_t multi_ap_ie_len
;
2894 multi_ap_ie_len
= add_multi_ap_ie(wpa_ie
+ wpa_ie_len
,
2895 max_wpa_ie_len
- wpa_ie_len
,
2896 MULTI_AP_BACKHAUL_STA
);
2897 if (multi_ap_ie_len
== 0) {
2898 wpa_printf(MSG_ERROR
,
2899 "Multi-AP: Failed to build Multi-AP IE");
2903 wpa_ie_len
+= multi_ap_ie_len
;
2906 params
->wpa_ie
= wpa_ie
;
2907 params
->wpa_ie_len
= wpa_ie_len
;
2908 params
->auth_alg
= algs
;
2910 *mask
|= WPA_DRV_UPDATE_ASSOC_IES
| WPA_DRV_UPDATE_AUTH_TYPE
;
2916 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
2917 static void wpas_update_fils_connect_params(struct wpa_supplicant
*wpa_s
)
2919 struct wpa_driver_associate_params params
;
2920 enum wpa_drv_update_connect_params_mask mask
= 0;
2923 if (wpa_s
->auth_alg
!= WPA_AUTH_ALG_OPEN
)
2924 return; /* nothing to do */
2926 os_memset(¶ms
, 0, sizeof(params
));
2927 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
2928 wpa_s
->current_ssid
, ¶ms
, &mask
);
2932 if (params
.auth_alg
!= WPA_AUTH_ALG_FILS
) {
2937 wpa_s
->auth_alg
= params
.auth_alg
;
2938 wpa_drv_update_connect_params(wpa_s
, ¶ms
, mask
);
2941 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
2944 static void wpas_start_assoc_cb(struct wpa_radio_work
*work
, int deinit
)
2946 struct wpa_connect_work
*cwork
= work
->ctx
;
2947 struct wpa_bss
*bss
= cwork
->bss
;
2948 struct wpa_ssid
*ssid
= cwork
->ssid
;
2949 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
2951 int use_crypt
, ret
, i
, bssid_changed
;
2952 unsigned int cipher_pairwise
, cipher_group
, cipher_group_mgmt
;
2953 struct wpa_driver_associate_params params
;
2954 int wep_keys_set
= 0;
2955 int assoc_failed
= 0;
2956 struct wpa_ssid
*old_ssid
;
2957 u8 prev_bssid
[ETH_ALEN
];
2958 #ifdef CONFIG_HT_OVERRIDES
2959 struct ieee80211_ht_capabilities htcaps
;
2960 struct ieee80211_ht_capabilities htcaps_mask
;
2961 #endif /* CONFIG_HT_OVERRIDES */
2962 #ifdef CONFIG_VHT_OVERRIDES
2963 struct ieee80211_vht_capabilities vhtcaps
;
2964 struct ieee80211_vht_capabilities vhtcaps_mask
;
2965 #endif /* CONFIG_VHT_OVERRIDES */
2968 if (work
->started
) {
2969 wpa_s
->connect_work
= NULL
;
2971 /* cancel possible auth. timeout */
2972 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
,
2975 wpas_connect_work_free(cwork
);
2979 wpa_s
->connect_work
= work
;
2981 if (cwork
->bss_removed
|| !wpas_valid_bss_ssid(wpa_s
, bss
, ssid
) ||
2982 wpas_network_disabled(wpa_s
, ssid
)) {
2983 wpa_dbg(wpa_s
, MSG_DEBUG
, "BSS/SSID entry for association not valid anymore - drop connection attempt");
2984 wpas_connect_work_done(wpa_s
);
2988 os_memcpy(prev_bssid
, wpa_s
->bssid
, ETH_ALEN
);
2989 os_memset(¶ms
, 0, sizeof(params
));
2990 wpa_s
->reassociate
= 0;
2991 wpa_s
->eap_expected_failure
= 0;
2993 (!wpas_driver_bss_selection(wpa_s
) || wpas_wps_searching(wpa_s
))) {
2994 #ifdef CONFIG_IEEE80211R
2995 const u8
*ie
, *md
= NULL
;
2996 #endif /* CONFIG_IEEE80211R */
2997 wpa_msg(wpa_s
, MSG_INFO
, "Trying to associate with " MACSTR
2998 " (SSID='%s' freq=%d MHz)", MAC2STR(bss
->bssid
),
2999 wpa_ssid_txt(bss
->ssid
, bss
->ssid_len
), bss
->freq
);
3000 bssid_changed
= !is_zero_ether_addr(wpa_s
->bssid
);
3001 os_memset(wpa_s
->bssid
, 0, ETH_ALEN
);
3002 os_memcpy(wpa_s
->pending_bssid
, bss
->bssid
, ETH_ALEN
);
3004 wpas_notify_bssid_changed(wpa_s
);
3005 #ifdef CONFIG_IEEE80211R
3006 ie
= wpa_bss_get_ie(bss
, WLAN_EID_MOBILITY_DOMAIN
);
3007 if (ie
&& ie
[1] >= MOBILITY_DOMAIN_ID_LEN
)
3009 wpa_sm_set_ft_params(wpa_s
->wpa
, ie
, ie
? 2 + ie
[1] : 0);
3011 /* Prepare for the next transition */
3012 wpa_ft_prepare_auth_request(wpa_s
->wpa
, ie
);
3014 #endif /* CONFIG_IEEE80211R */
3016 } else if ((ssid
->ssid
== NULL
|| ssid
->ssid_len
== 0) &&
3017 wpa_s
->conf
->ap_scan
== 2 &&
3018 (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
)) {
3019 /* Use ap_scan==1 style network selection to find the network
3021 wpas_connect_work_done(wpa_s
);
3022 wpa_s
->scan_req
= MANUAL_SCAN_REQ
;
3023 wpa_s
->reassociate
= 1;
3024 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3026 #endif /* CONFIG_WPS */
3028 wpa_msg(wpa_s
, MSG_INFO
, "Trying to associate with SSID '%s'",
3029 wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
));
3031 os_memcpy(wpa_s
->pending_bssid
, bss
->bssid
, ETH_ALEN
);
3033 os_memset(wpa_s
->pending_bssid
, 0, ETH_ALEN
);
3036 wpa_supplicant_cancel_sched_scan(wpa_s
);
3038 wpa_supplicant_cancel_scan(wpa_s
);
3040 /* Starting new association, so clear the possibly used WPA IE from the
3041 * previous association. */
3042 wpa_sm_set_assoc_wpa_ie(wpa_s
->wpa
, NULL
, 0);
3044 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, bss
, ssid
, ¶ms
, NULL
);
3046 wpas_connect_work_done(wpa_s
);
3050 wpa_clear_keys(wpa_s
, bss
? bss
->bssid
: NULL
);
3052 cipher_pairwise
= wpa_s
->pairwise_cipher
;
3053 cipher_group
= wpa_s
->group_cipher
;
3054 cipher_group_mgmt
= wpa_s
->mgmt_group_cipher
;
3055 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
||
3056 wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
3057 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
)
3059 if (wpa_set_wep_keys(wpa_s
, ssid
)) {
3064 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
)
3067 #ifdef IEEE8021X_EAPOL
3068 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
3069 if ((ssid
->eapol_flags
&
3070 (EAPOL_FLAG_REQUIRE_KEY_UNICAST
|
3071 EAPOL_FLAG_REQUIRE_KEY_BROADCAST
)) == 0 &&
3075 /* Assume that dynamic WEP-104 keys will be used and
3076 * set cipher suites in order for drivers to expect
3078 cipher_pairwise
= cipher_group
= WPA_CIPHER_WEP104
;
3081 #endif /* IEEE8021X_EAPOL */
3083 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
) {
3084 /* Set the key before (and later after) association */
3085 wpa_supplicant_set_wpa_none_key(wpa_s
, ssid
);
3088 wpa_supplicant_set_state(wpa_s
, WPA_ASSOCIATING
);
3090 params
.ssid
= bss
->ssid
;
3091 params
.ssid_len
= bss
->ssid_len
;
3092 if (!wpas_driver_bss_selection(wpa_s
) || ssid
->bssid_set
||
3093 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
3094 wpa_printf(MSG_DEBUG
, "Limit connection to BSSID "
3095 MACSTR
" freq=%u MHz based on scan results "
3096 "(bssid_set=%d wps=%d)",
3097 MAC2STR(bss
->bssid
), bss
->freq
,
3099 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
);
3100 params
.bssid
= bss
->bssid
;
3101 params
.freq
.freq
= bss
->freq
;
3103 params
.bssid_hint
= bss
->bssid
;
3104 params
.freq_hint
= bss
->freq
;
3105 params
.pbss
= bss_is_pbss(bss
);
3107 if (ssid
->bssid_hint_set
)
3108 params
.bssid_hint
= ssid
->bssid_hint
;
3110 params
.ssid
= ssid
->ssid
;
3111 params
.ssid_len
= ssid
->ssid_len
;
3112 params
.pbss
= (ssid
->pbss
!= 2) ? ssid
->pbss
: 0;
3115 if (ssid
->mode
== WPAS_MODE_IBSS
&& ssid
->bssid_set
&&
3116 wpa_s
->conf
->ap_scan
== 2) {
3117 params
.bssid
= ssid
->bssid
;
3118 params
.fixed_bssid
= 1;
3121 /* Initial frequency for IBSS/mesh */
3122 if ((ssid
->mode
== WPAS_MODE_IBSS
|| ssid
->mode
== WPAS_MODE_MESH
) &&
3123 ssid
->frequency
> 0 && params
.freq
.freq
== 0)
3124 ibss_mesh_setup_freq(wpa_s
, ssid
, ¶ms
.freq
);
3126 if (ssid
->mode
== WPAS_MODE_IBSS
) {
3127 params
.fixed_freq
= ssid
->fixed_freq
;
3128 if (ssid
->beacon_int
)
3129 params
.beacon_int
= ssid
->beacon_int
;
3131 params
.beacon_int
= wpa_s
->conf
->beacon_int
;
3134 params
.pairwise_suite
= cipher_pairwise
;
3135 params
.group_suite
= cipher_group
;
3136 params
.mgmt_group_suite
= cipher_group_mgmt
;
3137 params
.key_mgmt_suite
= wpa_s
->key_mgmt
;
3138 params
.wpa_proto
= wpa_s
->wpa_proto
;
3139 wpa_s
->auth_alg
= params
.auth_alg
;
3140 params
.mode
= ssid
->mode
;
3141 params
.bg_scan_period
= ssid
->bg_scan_period
;
3142 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
3143 if (ssid
->wep_key_len
[i
])
3144 params
.wep_key
[i
] = ssid
->wep_key
[i
];
3145 params
.wep_key_len
[i
] = ssid
->wep_key_len
[i
];
3147 params
.wep_tx_keyidx
= ssid
->wep_tx_keyidx
;
3149 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
) &&
3150 (params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK
||
3151 params
.key_mgmt_suite
== WPA_KEY_MGMT_FT_PSK
)) {
3152 params
.passphrase
= ssid
->passphrase
;
3154 params
.psk
= ssid
->psk
;
3157 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X
) &&
3158 (params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X
||
3159 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SHA256
||
3160 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B
||
3161 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
))
3162 params
.req_key_mgmt_offload
= 1;
3164 if (wpa_s
->conf
->key_mgmt_offload
) {
3165 if (params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X
||
3166 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SHA256
||
3167 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B
||
3168 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
)
3169 params
.req_key_mgmt_offload
=
3170 ssid
->proactive_key_caching
< 0 ?
3171 wpa_s
->conf
->okc
: ssid
->proactive_key_caching
;
3173 params
.req_key_mgmt_offload
= 1;
3175 if ((params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK
||
3176 params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK_SHA256
||
3177 params
.key_mgmt_suite
== WPA_KEY_MGMT_FT_PSK
) &&
3179 params
.psk
= ssid
->psk
;
3182 params
.drop_unencrypted
= use_crypt
;
3184 #ifdef CONFIG_IEEE80211W
3185 params
.mgmt_frame_protection
= wpas_get_ssid_pmf(wpa_s
, ssid
);
3186 if (params
.mgmt_frame_protection
!= NO_MGMT_FRAME_PROTECTION
&& bss
) {
3187 const u8
*rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
3188 struct wpa_ie_data ie
;
3189 if (rsn
&& wpa_parse_wpa_ie(rsn
, 2 + rsn
[1], &ie
) == 0 &&
3191 (WPA_CAPABILITY_MFPC
| WPA_CAPABILITY_MFPR
)) {
3192 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected AP supports "
3193 "MFP: require MFP");
3194 params
.mgmt_frame_protection
=
3195 MGMT_FRAME_PROTECTION_REQUIRED
;
3197 } else if (!rsn
&& (ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
) &&
3199 params
.mgmt_frame_protection
= NO_MGMT_FRAME_PROTECTION
;
3200 #endif /* CONFIG_OWE */
3203 #endif /* CONFIG_IEEE80211W */
3205 params
.p2p
= ssid
->p2p_group
;
3207 if (wpa_s
->p2pdev
->set_sta_uapsd
)
3208 params
.uapsd
= wpa_s
->p2pdev
->sta_uapsd
;
3212 #ifdef CONFIG_HT_OVERRIDES
3213 os_memset(&htcaps
, 0, sizeof(htcaps
));
3214 os_memset(&htcaps_mask
, 0, sizeof(htcaps_mask
));
3215 params
.htcaps
= (u8
*) &htcaps
;
3216 params
.htcaps_mask
= (u8
*) &htcaps_mask
;
3217 wpa_supplicant_apply_ht_overrides(wpa_s
, ssid
, ¶ms
);
3218 #endif /* CONFIG_HT_OVERRIDES */
3219 #ifdef CONFIG_VHT_OVERRIDES
3220 os_memset(&vhtcaps
, 0, sizeof(vhtcaps
));
3221 os_memset(&vhtcaps_mask
, 0, sizeof(vhtcaps_mask
));
3222 params
.vhtcaps
= &vhtcaps
;
3223 params
.vhtcaps_mask
= &vhtcaps_mask
;
3224 wpa_supplicant_apply_vht_overrides(wpa_s
, ssid
, ¶ms
);
3225 #endif /* CONFIG_VHT_OVERRIDES */
3229 * If multi-channel concurrency is not supported, check for any
3230 * frequency conflict. In case of any frequency conflict, remove the
3231 * least prioritized connection.
3233 if (wpa_s
->num_multichan_concurrent
< 2) {
3235 num
= get_shared_radio_freqs(wpa_s
, &freq
, 1);
3236 if (num
> 0 && freq
> 0 && freq
!= params
.freq
.freq
) {
3237 wpa_printf(MSG_DEBUG
,
3238 "Assoc conflicting freq found (%d != %d)",
3239 freq
, params
.freq
.freq
);
3240 if (wpas_p2p_handle_frequency_conflicts(
3241 wpa_s
, params
.freq
.freq
, ssid
) < 0) {
3242 wpas_connect_work_done(wpa_s
);
3248 #endif /* CONFIG_P2P */
3250 if (wpa_s
->reassoc_same_ess
&& !is_zero_ether_addr(prev_bssid
) &&
3251 wpa_s
->current_ssid
)
3252 params
.prev_bssid
= prev_bssid
;
3254 ret
= wpa_drv_associate(wpa_s
, ¶ms
);
3257 wpa_msg(wpa_s
, MSG_INFO
, "Association request to the driver "
3259 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SANE_ERROR_CODES
) {
3261 * The driver is known to mean what is saying, so we
3262 * can stop right here; the association will not
3265 wpas_connection_failed(wpa_s
, wpa_s
->pending_bssid
);
3266 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
3267 os_memset(wpa_s
->pending_bssid
, 0, ETH_ALEN
);
3270 /* try to continue anyway; new association will be tried again
3275 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
) {
3276 /* Set the key after the association just in case association
3277 * cleared the previously configured key. */
3278 wpa_supplicant_set_wpa_none_key(wpa_s
, ssid
);
3279 /* No need to timeout authentication since there is no key
3281 wpa_supplicant_cancel_auth_timeout(wpa_s
);
3282 wpa_supplicant_set_state(wpa_s
, WPA_COMPLETED
);
3283 #ifdef CONFIG_IBSS_RSN
3284 } else if (ssid
->mode
== WPAS_MODE_IBSS
&&
3285 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_NONE
&&
3286 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPA_NONE
) {
3288 * RSN IBSS authentication is per-STA and we can disable the
3289 * per-BSSID authentication.
3291 wpa_supplicant_cancel_auth_timeout(wpa_s
);
3292 #endif /* CONFIG_IBSS_RSN */
3294 /* Timeout for IEEE 802.11 authentication and association */
3298 /* give IBSS a bit more time */
3299 timeout
= ssid
->mode
== WPAS_MODE_IBSS
? 10 : 5;
3300 } else if (wpa_s
->conf
->ap_scan
== 1) {
3301 /* give IBSS a bit more time */
3302 timeout
= ssid
->mode
== WPAS_MODE_IBSS
? 20 : 10;
3304 wpa_supplicant_req_auth_timeout(wpa_s
, timeout
, 0);
3308 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC
)) {
3309 /* Set static WEP keys again */
3310 wpa_set_wep_keys(wpa_s
, ssid
);
3313 if (wpa_s
->current_ssid
&& wpa_s
->current_ssid
!= ssid
) {
3315 * Do not allow EAP session resumption between different
3316 * network configurations.
3318 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
3320 old_ssid
= wpa_s
->current_ssid
;
3321 wpa_s
->current_ssid
= ssid
;
3323 if (!wpas_driver_bss_selection(wpa_s
) || ssid
->bssid_set
) {
3324 wpa_s
->current_bss
= bss
;
3326 hs20_configure_frame_filters(wpa_s
);
3327 #endif /* CONFIG_HS20 */
3330 wpa_supplicant_rsn_supp_set_config(wpa_s
, wpa_s
->current_ssid
);
3331 wpa_supplicant_initiate_eapol(wpa_s
);
3332 if (old_ssid
!= wpa_s
->current_ssid
)
3333 wpas_notify_network_changed(wpa_s
);
3337 static void wpa_supplicant_clear_connection(struct wpa_supplicant
*wpa_s
,
3340 struct wpa_ssid
*old_ssid
;
3342 wpas_connect_work_done(wpa_s
);
3343 wpa_clear_keys(wpa_s
, addr
);
3344 old_ssid
= wpa_s
->current_ssid
;
3345 wpa_supplicant_mark_disassoc(wpa_s
);
3346 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
3347 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3348 if (old_ssid
!= wpa_s
->current_ssid
)
3349 wpas_notify_network_changed(wpa_s
);
3350 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
3355 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3356 * @wpa_s: Pointer to wpa_supplicant data
3357 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3359 * This function is used to request %wpa_supplicant to deauthenticate from the
3362 void wpa_supplicant_deauthenticate(struct wpa_supplicant
*wpa_s
,
3366 union wpa_event_data event
;
3369 wpa_dbg(wpa_s
, MSG_DEBUG
, "Request to deauthenticate - bssid=" MACSTR
3370 " pending_bssid=" MACSTR
" reason=%d state=%s",
3371 MAC2STR(wpa_s
->bssid
), MAC2STR(wpa_s
->pending_bssid
),
3372 reason_code
, wpa_supplicant_state_txt(wpa_s
->wpa_state
));
3374 if (!is_zero_ether_addr(wpa_s
->pending_bssid
) &&
3375 (wpa_s
->wpa_state
== WPA_AUTHENTICATING
||
3376 wpa_s
->wpa_state
== WPA_ASSOCIATING
))
3377 addr
= wpa_s
->pending_bssid
;
3378 else if (!is_zero_ether_addr(wpa_s
->bssid
))
3379 addr
= wpa_s
->bssid
;
3380 else if (wpa_s
->wpa_state
== WPA_ASSOCIATING
) {
3382 * When using driver-based BSS selection, we may not know the
3383 * BSSID with which we are currently trying to associate. We
3384 * need to notify the driver of this disconnection even in such
3385 * a case, so use the all zeros address here.
3387 addr
= wpa_s
->bssid
;
3391 if (wpa_s
->enabled_4addr_mode
&& wpa_drv_set_4addr_mode(wpa_s
, 0) == 0)
3392 wpa_s
->enabled_4addr_mode
= 0;
3395 wpa_tdls_teardown_peers(wpa_s
->wpa
);
3396 #endif /* CONFIG_TDLS */
3400 struct mesh_conf
*mconf
;
3402 mconf
= wpa_s
->ifmsh
->mconf
;
3403 wpa_msg(wpa_s
, MSG_INFO
, MESH_GROUP_REMOVED
"%s",
3405 wpas_notify_mesh_group_removed(wpa_s
, mconf
->meshid
,
3406 mconf
->meshid_len
, reason_code
);
3407 wpa_supplicant_leave_mesh(wpa_s
);
3409 #endif /* CONFIG_MESH */
3412 wpa_drv_deauthenticate(wpa_s
, addr
, reason_code
);
3413 os_memset(&event
, 0, sizeof(event
));
3414 event
.deauth_info
.reason_code
= (u16
) reason_code
;
3415 event
.deauth_info
.locally_generated
= 1;
3416 wpa_supplicant_event(wpa_s
, EVENT_DEAUTH
, &event
);
3421 wpa_supplicant_clear_connection(wpa_s
, addr
);
3424 static void wpa_supplicant_enable_one_network(struct wpa_supplicant
*wpa_s
,
3425 struct wpa_ssid
*ssid
)
3427 if (!ssid
|| !ssid
->disabled
|| ssid
->disabled
== 2)
3431 ssid
->owe_transition_bss_select_count
= 0;
3432 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
3433 wpas_notify_network_enabled_changed(wpa_s
, ssid
);
3436 * Try to reassociate since there is no current configuration and a new
3437 * network was made available.
3439 if (!wpa_s
->current_ssid
&& !wpa_s
->disconnected
)
3440 wpa_s
->reassociate
= 1;
3445 * wpa_supplicant_add_network - Add a new network
3446 * @wpa_s: wpa_supplicant structure for a network interface
3447 * Returns: The new network configuration or %NULL if operation failed
3449 * This function performs the following operations:
3450 * 1. Adds a new network.
3451 * 2. Send network addition notification.
3452 * 3. Marks the network disabled.
3453 * 4. Set network default parameters.
3455 struct wpa_ssid
* wpa_supplicant_add_network(struct wpa_supplicant
*wpa_s
)
3457 struct wpa_ssid
*ssid
;
3459 ssid
= wpa_config_add_network(wpa_s
->conf
);
3462 wpas_notify_network_added(wpa_s
, ssid
);
3464 wpa_config_set_network_defaults(ssid
);
3471 * wpa_supplicant_remove_network - Remove a configured network based on id
3472 * @wpa_s: wpa_supplicant structure for a network interface
3473 * @id: Unique network id to search for
3474 * Returns: 0 on success, or -1 if the network was not found, -2 if the network
3475 * could not be removed
3477 * This function performs the following operations:
3478 * 1. Removes the network.
3479 * 2. Send network removal notification.
3480 * 3. Update internal state machines.
3481 * 4. Stop any running sched scans.
3483 int wpa_supplicant_remove_network(struct wpa_supplicant
*wpa_s
, int id
)
3485 struct wpa_ssid
*ssid
;
3488 ssid
= wpa_config_get_network(wpa_s
->conf
, id
);
3491 wpas_notify_network_removed(wpa_s
, ssid
);
3493 if (wpa_s
->last_ssid
== ssid
)
3494 wpa_s
->last_ssid
= NULL
;
3496 if (ssid
== wpa_s
->current_ssid
|| !wpa_s
->current_ssid
) {
3498 wpa_s
->sme
.prev_bssid_set
= 0;
3499 #endif /* CONFIG_SME */
3501 * Invalidate the EAP session cache if the current or
3502 * previously used network is removed.
3504 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
3507 if (ssid
== wpa_s
->current_ssid
) {
3508 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
3509 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3511 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
3512 wpa_s
->own_disconnect_req
= 1;
3513 wpa_supplicant_deauthenticate(wpa_s
,
3514 WLAN_REASON_DEAUTH_LEAVING
);
3517 was_disabled
= ssid
->disabled
;
3519 if (wpa_config_remove_network(wpa_s
->conf
, id
) < 0)
3522 if (!was_disabled
&& wpa_s
->sched_scanning
) {
3523 wpa_printf(MSG_DEBUG
,
3524 "Stop ongoing sched_scan to remove network from filters");
3525 wpa_supplicant_cancel_sched_scan(wpa_s
);
3526 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3534 * wpa_supplicant_enable_network - Mark a configured network as enabled
3535 * @wpa_s: wpa_supplicant structure for a network interface
3536 * @ssid: wpa_ssid structure for a configured network or %NULL
3538 * Enables the specified network or all networks if no network specified.
3540 void wpa_supplicant_enable_network(struct wpa_supplicant
*wpa_s
,
3541 struct wpa_ssid
*ssid
)
3544 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
3545 wpa_supplicant_enable_one_network(wpa_s
, ssid
);
3547 wpa_supplicant_enable_one_network(wpa_s
, ssid
);
3549 if (wpa_s
->reassociate
&& !wpa_s
->disconnected
&&
3550 (!wpa_s
->current_ssid
||
3551 wpa_s
->wpa_state
== WPA_DISCONNECTED
||
3552 wpa_s
->wpa_state
== WPA_SCANNING
)) {
3553 if (wpa_s
->sched_scanning
) {
3554 wpa_printf(MSG_DEBUG
, "Stop ongoing sched_scan to add "
3555 "new network to scan filters");
3556 wpa_supplicant_cancel_sched_scan(wpa_s
);
3559 if (wpa_supplicant_fast_associate(wpa_s
) != 1) {
3560 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
3561 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3568 * wpa_supplicant_disable_network - Mark a configured network as disabled
3569 * @wpa_s: wpa_supplicant structure for a network interface
3570 * @ssid: wpa_ssid structure for a configured network or %NULL
3572 * Disables the specified network or all networks if no network specified.
3574 void wpa_supplicant_disable_network(struct wpa_supplicant
*wpa_s
,
3575 struct wpa_ssid
*ssid
)
3577 struct wpa_ssid
*other_ssid
;
3581 if (wpa_s
->sched_scanning
)
3582 wpa_supplicant_cancel_sched_scan(wpa_s
);
3584 for (other_ssid
= wpa_s
->conf
->ssid
; other_ssid
;
3585 other_ssid
= other_ssid
->next
) {
3586 was_disabled
= other_ssid
->disabled
;
3587 if (was_disabled
== 2)
3588 continue; /* do not change persistent P2P group
3591 other_ssid
->disabled
= 1;
3593 if (was_disabled
!= other_ssid
->disabled
)
3594 wpas_notify_network_enabled_changed(
3597 if (wpa_s
->current_ssid
) {
3598 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
3599 wpa_s
->own_disconnect_req
= 1;
3600 wpa_supplicant_deauthenticate(
3601 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
3603 } else if (ssid
->disabled
!= 2) {
3604 if (ssid
== wpa_s
->current_ssid
) {
3605 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
3606 wpa_s
->own_disconnect_req
= 1;
3607 wpa_supplicant_deauthenticate(
3608 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
3611 was_disabled
= ssid
->disabled
;
3615 if (was_disabled
!= ssid
->disabled
) {
3616 wpas_notify_network_enabled_changed(wpa_s
, ssid
);
3617 if (wpa_s
->sched_scanning
) {
3618 wpa_printf(MSG_DEBUG
, "Stop ongoing sched_scan "
3619 "to remove network from filters");
3620 wpa_supplicant_cancel_sched_scan(wpa_s
);
3621 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3629 * wpa_supplicant_select_network - Attempt association with a network
3630 * @wpa_s: wpa_supplicant structure for a network interface
3631 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
3633 void wpa_supplicant_select_network(struct wpa_supplicant
*wpa_s
,
3634 struct wpa_ssid
*ssid
)
3637 struct wpa_ssid
*other_ssid
;
3638 int disconnected
= 0;
3640 if (ssid
&& ssid
!= wpa_s
->current_ssid
&& wpa_s
->current_ssid
) {
3641 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
3642 wpa_s
->own_disconnect_req
= 1;
3643 wpa_supplicant_deauthenticate(
3644 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
3649 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
3652 * Mark all other networks disabled or mark all networks enabled if no
3653 * network specified.
3655 for (other_ssid
= wpa_s
->conf
->ssid
; other_ssid
;
3656 other_ssid
= other_ssid
->next
) {
3657 int was_disabled
= other_ssid
->disabled
;
3658 if (was_disabled
== 2)
3659 continue; /* do not change persistent P2P group data */
3661 other_ssid
->disabled
= ssid
? (ssid
->id
!= other_ssid
->id
) : 0;
3662 if (was_disabled
&& !other_ssid
->disabled
)
3663 wpas_clear_temp_disabled(wpa_s
, other_ssid
, 0);
3665 if (was_disabled
!= other_ssid
->disabled
)
3666 wpas_notify_network_enabled_changed(wpa_s
, other_ssid
);
3669 if (ssid
&& ssid
== wpa_s
->current_ssid
&& wpa_s
->current_ssid
&&
3670 wpa_s
->wpa_state
>= WPA_AUTHENTICATING
) {
3671 /* We are already associated with the selected network */
3672 wpa_printf(MSG_DEBUG
, "Already associated with the "
3673 "selected network - do nothing");
3678 wpa_s
->current_ssid
= ssid
;
3679 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3680 wpa_s
->connect_without_scan
=
3681 (ssid
->mode
== WPAS_MODE_MESH
) ? ssid
: NULL
;
3684 * Don't optimize next scan freqs since a new ESS has been
3687 os_free(wpa_s
->next_scan_freqs
);
3688 wpa_s
->next_scan_freqs
= NULL
;
3690 wpa_s
->connect_without_scan
= NULL
;
3693 wpa_s
->disconnected
= 0;
3694 wpa_s
->reassociate
= 1;
3695 wpa_s
->last_owe_group
= 0;
3697 ssid
->owe_transition_bss_select_count
= 0;
3699 if (wpa_s
->connect_without_scan
||
3700 wpa_supplicant_fast_associate(wpa_s
) != 1) {
3701 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
3702 wpas_scan_reset_sched_scan(wpa_s
);
3703 wpa_supplicant_req_scan(wpa_s
, 0, disconnected
? 100000 : 0);
3707 wpas_notify_network_selected(wpa_s
, ssid
);
3712 * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
3713 * @wpa_s: wpa_supplicant structure for a network interface
3714 * @pkcs11_engine_path: PKCS #11 engine path or NULL
3715 * @pkcs11_module_path: PKCS #11 module path or NULL
3716 * Returns: 0 on success; -1 on failure
3718 * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
3719 * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
3720 * module path fails the paths will be reset to the default value (NULL).
3722 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant
*wpa_s
,
3723 const char *pkcs11_engine_path
,
3724 const char *pkcs11_module_path
)
3726 char *pkcs11_engine_path_copy
= NULL
;
3727 char *pkcs11_module_path_copy
= NULL
;
3729 if (pkcs11_engine_path
!= NULL
) {
3730 pkcs11_engine_path_copy
= os_strdup(pkcs11_engine_path
);
3731 if (pkcs11_engine_path_copy
== NULL
)
3734 if (pkcs11_module_path
!= NULL
) {
3735 pkcs11_module_path_copy
= os_strdup(pkcs11_module_path
);
3736 if (pkcs11_module_path_copy
== NULL
) {
3737 os_free(pkcs11_engine_path_copy
);
3742 os_free(wpa_s
->conf
->pkcs11_engine_path
);
3743 os_free(wpa_s
->conf
->pkcs11_module_path
);
3744 wpa_s
->conf
->pkcs11_engine_path
= pkcs11_engine_path_copy
;
3745 wpa_s
->conf
->pkcs11_module_path
= pkcs11_module_path_copy
;
3747 wpa_sm_set_eapol(wpa_s
->wpa
, NULL
);
3748 eapol_sm_deinit(wpa_s
->eapol
);
3749 wpa_s
->eapol
= NULL
;
3750 if (wpa_supplicant_init_eapol(wpa_s
)) {
3751 /* Error -> Reset paths to the default value (NULL) once. */
3752 if (pkcs11_engine_path
!= NULL
&& pkcs11_module_path
!= NULL
)
3753 wpas_set_pkcs11_engine_and_module_path(wpa_s
, NULL
,
3758 wpa_sm_set_eapol(wpa_s
->wpa
, wpa_s
->eapol
);
3765 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
3766 * @wpa_s: wpa_supplicant structure for a network interface
3767 * @ap_scan: AP scan mode
3768 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
3771 int wpa_supplicant_set_ap_scan(struct wpa_supplicant
*wpa_s
, int ap_scan
)
3776 if (ap_scan
< 0 || ap_scan
> 2)
3779 if (ap_scan
== 2 && os_strcmp(wpa_s
->driver
->name
, "nl80211") == 0) {
3780 wpa_printf(MSG_INFO
,
3781 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
3785 if (ap_scan
== 2 && ap_scan
!= wpa_s
->conf
->ap_scan
&&
3786 wpa_s
->wpa_state
>= WPA_ASSOCIATING
&&
3787 wpa_s
->wpa_state
< WPA_COMPLETED
) {
3788 wpa_printf(MSG_ERROR
, "ap_scan = %d (%d) rejected while "
3789 "associating", wpa_s
->conf
->ap_scan
, ap_scan
);
3792 #endif /* ANDROID */
3794 old_ap_scan
= wpa_s
->conf
->ap_scan
;
3795 wpa_s
->conf
->ap_scan
= ap_scan
;
3797 if (old_ap_scan
!= wpa_s
->conf
->ap_scan
)
3798 wpas_notify_ap_scan_changed(wpa_s
);
3805 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
3806 * @wpa_s: wpa_supplicant structure for a network interface
3807 * @expire_age: Expiration age in seconds
3808 * Returns: 0 if succeed or -1 if expire_age has an invalid value
3811 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant
*wpa_s
,
3812 unsigned int bss_expire_age
)
3814 if (bss_expire_age
< 10) {
3815 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid bss expiration age %u",
3819 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting bss expiration age: %d sec",
3821 wpa_s
->conf
->bss_expiration_age
= bss_expire_age
;
3828 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
3829 * @wpa_s: wpa_supplicant structure for a network interface
3830 * @expire_count: number of scans after which an unseen BSS is reclaimed
3831 * Returns: 0 if succeed or -1 if expire_count has an invalid value
3834 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant
*wpa_s
,
3835 unsigned int bss_expire_count
)
3837 if (bss_expire_count
< 1) {
3838 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid bss expiration count %u",
3842 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting bss expiration scan count: %u",
3844 wpa_s
->conf
->bss_expiration_scan_count
= bss_expire_count
;
3851 * wpa_supplicant_set_scan_interval - Set scan interval
3852 * @wpa_s: wpa_supplicant structure for a network interface
3853 * @scan_interval: scan interval in seconds
3854 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
3857 int wpa_supplicant_set_scan_interval(struct wpa_supplicant
*wpa_s
,
3860 if (scan_interval
< 0) {
3861 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid scan interval %d",
3865 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting scan interval: %d sec",
3867 wpa_supplicant_update_scan_int(wpa_s
, scan_interval
);
3874 * wpa_supplicant_set_debug_params - Set global debug params
3875 * @global: wpa_global structure
3876 * @debug_level: debug level
3877 * @debug_timestamp: determines if show timestamp in debug data
3878 * @debug_show_keys: determines if show keys in debug data
3879 * Returns: 0 if succeed or -1 if debug_level has wrong value
3881 int wpa_supplicant_set_debug_params(struct wpa_global
*global
, int debug_level
,
3882 int debug_timestamp
, int debug_show_keys
)
3885 int old_level
, old_timestamp
, old_show_keys
;
3887 /* check for allowed debuglevels */
3888 if (debug_level
!= MSG_EXCESSIVE
&&
3889 debug_level
!= MSG_MSGDUMP
&&
3890 debug_level
!= MSG_DEBUG
&&
3891 debug_level
!= MSG_INFO
&&
3892 debug_level
!= MSG_WARNING
&&
3893 debug_level
!= MSG_ERROR
)
3896 old_level
= wpa_debug_level
;
3897 old_timestamp
= wpa_debug_timestamp
;
3898 old_show_keys
= wpa_debug_show_keys
;
3900 wpa_debug_level
= debug_level
;
3901 wpa_debug_timestamp
= debug_timestamp
? 1 : 0;
3902 wpa_debug_show_keys
= debug_show_keys
? 1 : 0;
3904 if (wpa_debug_level
!= old_level
)
3905 wpas_notify_debug_level_changed(global
);
3906 if (wpa_debug_timestamp
!= old_timestamp
)
3907 wpas_notify_debug_timestamp_changed(global
);
3908 if (wpa_debug_show_keys
!= old_show_keys
)
3909 wpas_notify_debug_show_keys_changed(global
);
3916 static int owe_trans_ssid_match(struct wpa_supplicant
*wpa_s
, const u8
*bssid
,
3917 const u8
*entry_ssid
, size_t entry_ssid_len
)
3919 const u8
*owe
, *pos
, *end
;
3921 struct wpa_bss
*bss
;
3923 /* Check network profile SSID aganst the SSID in the
3924 * OWE Transition Mode element. */
3926 bss
= wpa_bss_get_bssid_latest(wpa_s
, bssid
);
3930 owe
= wpa_bss_get_vendor_ie(bss
, OWE_IE_VENDOR_TYPE
);
3935 end
= owe
+ 2 + owe
[1];
3937 if (end
- pos
< ETH_ALEN
+ 1)
3941 if (end
- pos
< ssid_len
|| ssid_len
> SSID_MAX_LEN
)
3944 return entry_ssid_len
== ssid_len
&&
3945 os_memcmp(pos
, entry_ssid
, ssid_len
) == 0;
3947 #endif /* CONFIG_OWE */
3951 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
3952 * @wpa_s: Pointer to wpa_supplicant data
3953 * Returns: A pointer to the current network structure or %NULL on failure
3955 struct wpa_ssid
* wpa_supplicant_get_ssid(struct wpa_supplicant
*wpa_s
)
3957 struct wpa_ssid
*entry
;
3958 u8 ssid
[SSID_MAX_LEN
];
3964 res
= wpa_drv_get_ssid(wpa_s
, ssid
);
3966 wpa_msg(wpa_s
, MSG_WARNING
, "Could not read SSID from "
3972 if (wpa_drv_get_bssid(wpa_s
, bssid
) < 0) {
3973 wpa_msg(wpa_s
, MSG_WARNING
, "Could not read BSSID from "
3978 wired
= wpa_s
->conf
->ap_scan
== 0 &&
3979 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
);
3981 entry
= wpa_s
->conf
->ssid
;
3983 if (!wpas_network_disabled(wpa_s
, entry
) &&
3984 ((ssid_len
== entry
->ssid_len
&&
3986 os_memcmp(ssid
, entry
->ssid
, ssid_len
) == 0)) ||
3988 (!entry
->bssid_set
||
3989 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
3992 if (!wpas_network_disabled(wpa_s
, entry
) &&
3993 (entry
->key_mgmt
& WPA_KEY_MGMT_WPS
) &&
3994 (entry
->ssid
== NULL
|| entry
->ssid_len
== 0) &&
3995 (!entry
->bssid_set
||
3996 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
3998 #endif /* CONFIG_WPS */
4001 if (!wpas_network_disabled(wpa_s
, entry
) &&
4002 owe_trans_ssid_match(wpa_s
, bssid
, entry
->ssid
,
4004 (!entry
->bssid_set
||
4005 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4007 #endif /* CONFIG_OWE */
4009 if (!wpas_network_disabled(wpa_s
, entry
) && entry
->bssid_set
&&
4010 entry
->ssid_len
== 0 &&
4011 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0)
4014 entry
= entry
->next
;
4021 static int select_driver(struct wpa_supplicant
*wpa_s
, int i
)
4023 struct wpa_global
*global
= wpa_s
->global
;
4025 if (wpa_drivers
[i
]->global_init
&& global
->drv_priv
[i
] == NULL
) {
4026 global
->drv_priv
[i
] = wpa_drivers
[i
]->global_init(global
);
4027 if (global
->drv_priv
[i
] == NULL
) {
4028 wpa_printf(MSG_ERROR
, "Failed to initialize driver "
4029 "'%s'", wpa_drivers
[i
]->name
);
4034 wpa_s
->driver
= wpa_drivers
[i
];
4035 wpa_s
->global_drv_priv
= global
->drv_priv
[i
];
4041 static int wpa_supplicant_set_driver(struct wpa_supplicant
*wpa_s
,
4046 const char *pos
, *driver
= name
;
4051 if (wpa_drivers
[0] == NULL
) {
4052 wpa_msg(wpa_s
, MSG_ERROR
, "No driver interfaces build into "
4058 /* default to first driver in the list */
4059 return select_driver(wpa_s
, 0);
4063 pos
= os_strchr(driver
, ',');
4067 len
= os_strlen(driver
);
4069 for (i
= 0; wpa_drivers
[i
]; i
++) {
4070 if (os_strlen(wpa_drivers
[i
]->name
) == len
&&
4071 os_strncmp(driver
, wpa_drivers
[i
]->name
, len
) ==
4073 /* First driver that succeeds wins */
4074 if (select_driver(wpa_s
, i
) == 0)
4082 wpa_msg(wpa_s
, MSG_ERROR
, "Unsupported driver '%s'", name
);
4088 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
4089 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
4090 * with struct wpa_driver_ops::init()
4091 * @src_addr: Source address of the EAPOL frame
4092 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
4093 * @len: Length of the EAPOL data
4095 * This function is called for each received EAPOL frame. Most driver
4096 * interfaces rely on more generic OS mechanism for receiving frames through
4097 * l2_packet, but if such a mechanism is not available, the driver wrapper may
4098 * take care of received EAPOL frames and deliver them to the core supplicant
4099 * code by calling this function.
4101 void wpa_supplicant_rx_eapol(void *ctx
, const u8
*src_addr
,
4102 const u8
*buf
, size_t len
)
4104 struct wpa_supplicant
*wpa_s
= ctx
;
4106 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
, MAC2STR(src_addr
));
4107 wpa_hexdump(MSG_MSGDUMP
, "RX EAPOL", buf
, len
);
4109 #ifdef CONFIG_TESTING_OPTIONS
4110 if (wpa_s
->ignore_auth_resp
) {
4111 wpa_printf(MSG_INFO
, "RX EAPOL - ignore_auth_resp active!");
4114 #endif /* CONFIG_TESTING_OPTIONS */
4116 if (wpa_s
->wpa_state
< WPA_ASSOCIATED
||
4117 (wpa_s
->last_eapol_matches_bssid
&&
4120 #endif /* CONFIG_AP */
4121 os_memcmp(src_addr
, wpa_s
->bssid
, ETH_ALEN
) != 0)) {
4123 * There is possible race condition between receiving the
4124 * association event and the EAPOL frame since they are coming
4125 * through different paths from the driver. In order to avoid
4126 * issues in trying to process the EAPOL frame before receiving
4127 * association information, lets queue it for processing until
4128 * the association event is received. This may also be needed in
4129 * driver-based roaming case, so also use src_addr != BSSID as a
4130 * trigger if we have previously confirmed that the
4131 * Authenticator uses BSSID as the src_addr (which is not the
4132 * case with wired IEEE 802.1X).
4134 wpa_dbg(wpa_s
, MSG_DEBUG
, "Not associated - Delay processing "
4135 "of received EAPOL frame (state=%s bssid=" MACSTR
")",
4136 wpa_supplicant_state_txt(wpa_s
->wpa_state
),
4137 MAC2STR(wpa_s
->bssid
));
4138 wpabuf_free(wpa_s
->pending_eapol_rx
);
4139 wpa_s
->pending_eapol_rx
= wpabuf_alloc_copy(buf
, len
);
4140 if (wpa_s
->pending_eapol_rx
) {
4141 os_get_reltime(&wpa_s
->pending_eapol_rx_time
);
4142 os_memcpy(wpa_s
->pending_eapol_rx_src
, src_addr
,
4148 wpa_s
->last_eapol_matches_bssid
=
4149 os_memcmp(src_addr
, wpa_s
->bssid
, ETH_ALEN
) == 0;
4152 if (wpa_s
->ap_iface
) {
4153 wpa_supplicant_ap_rx_eapol(wpa_s
, src_addr
, buf
, len
);
4156 #endif /* CONFIG_AP */
4158 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
) {
4159 wpa_dbg(wpa_s
, MSG_DEBUG
, "Ignored received EAPOL frame since "
4160 "no key management is configured");
4164 if (wpa_s
->eapol_received
== 0 &&
4165 (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
) ||
4166 !wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
4167 wpa_s
->wpa_state
!= WPA_COMPLETED
) &&
4168 (wpa_s
->current_ssid
== NULL
||
4169 wpa_s
->current_ssid
->mode
!= IEEE80211_MODE_IBSS
)) {
4170 /* Timeout for completing IEEE 802.1X and WPA authentication */
4173 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) ||
4174 wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
||
4175 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
4176 /* Use longer timeout for IEEE 802.1X/EAP */
4181 if (wpa_s
->current_ssid
&& wpa_s
->current_bss
&&
4182 (wpa_s
->current_ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
) &&
4183 eap_is_wps_pin_enrollee(&wpa_s
->current_ssid
->eap
)) {
4185 * Use shorter timeout if going through WPS AP iteration
4186 * for PIN config method with an AP that does not
4187 * advertise Selected Registrar.
4189 struct wpabuf
*wps_ie
;
4191 wps_ie
= wpa_bss_get_vendor_ie_multi(
4192 wpa_s
->current_bss
, WPS_IE_VENDOR_TYPE
);
4194 !wps_is_addr_authorized(wps_ie
, wpa_s
->own_addr
, 1))
4196 wpabuf_free(wps_ie
);
4198 #endif /* CONFIG_WPS */
4200 wpa_supplicant_req_auth_timeout(wpa_s
, timeout
, 0);
4202 wpa_s
->eapol_received
++;
4204 if (wpa_s
->countermeasures
) {
4205 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Countermeasures - dropped "
4210 #ifdef CONFIG_IBSS_RSN
4211 if (wpa_s
->current_ssid
&&
4212 wpa_s
->current_ssid
->mode
== WPAS_MODE_IBSS
) {
4213 ibss_rsn_rx_eapol(wpa_s
->ibss_rsn
, src_addr
, buf
, len
);
4216 #endif /* CONFIG_IBSS_RSN */
4218 /* Source address of the incoming EAPOL frame could be compared to the
4219 * current BSSID. However, it is possible that a centralized
4220 * Authenticator could be using another MAC address than the BSSID of
4221 * an AP, so just allow any address to be used for now. The replies are
4222 * still sent to the current BSSID (if available), though. */
4224 os_memcpy(wpa_s
->last_eapol_src
, src_addr
, ETH_ALEN
);
4225 if (!wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) &&
4226 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_OWE
&&
4227 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_DPP
&&
4228 eapol_sm_rx_eapol(wpa_s
->eapol
, src_addr
, buf
, len
) > 0)
4230 wpa_drv_poll(wpa_s
);
4231 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
))
4232 wpa_sm_rx_eapol(wpa_s
->wpa
, src_addr
, buf
, len
);
4233 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
)) {
4235 * Set portValid = TRUE here since we are going to skip 4-way
4236 * handshake processing which would normally set portValid. We
4237 * need this to allow the EAPOL state machines to be completed
4238 * without going through EAPOL-Key handshake.
4240 eapol_sm_notify_portValid(wpa_s
->eapol
, TRUE
);
4245 int wpa_supplicant_update_mac_addr(struct wpa_supplicant
*wpa_s
)
4247 if ((!wpa_s
->p2p_mgmt
||
4248 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
)) &&
4249 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE
)) {
4250 l2_packet_deinit(wpa_s
->l2
);
4251 wpa_s
->l2
= l2_packet_init(wpa_s
->ifname
,
4252 wpa_drv_get_mac_addr(wpa_s
),
4254 wpa_supplicant_rx_eapol
, wpa_s
, 0);
4255 if (wpa_s
->l2
== NULL
)
4258 if (l2_packet_set_packet_filter(wpa_s
->l2
,
4259 L2_PACKET_FILTER_PKTTYPE
))
4260 wpa_dbg(wpa_s
, MSG_DEBUG
,
4261 "Failed to attach pkt_type filter");
4263 const u8
*addr
= wpa_drv_get_mac_addr(wpa_s
);
4265 os_memcpy(wpa_s
->own_addr
, addr
, ETH_ALEN
);
4268 if (wpa_s
->l2
&& l2_packet_get_own_addr(wpa_s
->l2
, wpa_s
->own_addr
)) {
4269 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to get own L2 address");
4273 wpa_sm_set_own_addr(wpa_s
->wpa
, wpa_s
->own_addr
);
4279 static void wpa_supplicant_rx_eapol_bridge(void *ctx
, const u8
*src_addr
,
4280 const u8
*buf
, size_t len
)
4282 struct wpa_supplicant
*wpa_s
= ctx
;
4283 const struct l2_ethhdr
*eth
;
4285 if (len
< sizeof(*eth
))
4287 eth
= (const struct l2_ethhdr
*) buf
;
4289 if (os_memcmp(eth
->h_dest
, wpa_s
->own_addr
, ETH_ALEN
) != 0 &&
4290 !(eth
->h_dest
[0] & 0x01)) {
4291 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
" to " MACSTR
4292 " (bridge - not for this interface - ignore)",
4293 MAC2STR(src_addr
), MAC2STR(eth
->h_dest
));
4297 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
" to " MACSTR
4298 " (bridge)", MAC2STR(src_addr
), MAC2STR(eth
->h_dest
));
4299 wpa_supplicant_rx_eapol(wpa_s
, src_addr
, buf
+ sizeof(*eth
),
4300 len
- sizeof(*eth
));
4305 * wpa_supplicant_driver_init - Initialize driver interface parameters
4306 * @wpa_s: Pointer to wpa_supplicant data
4307 * Returns: 0 on success, -1 on failure
4309 * This function is called to initialize driver interface parameters.
4310 * wpa_drv_init() must have been called before this function to initialize the
4313 int wpa_supplicant_driver_init(struct wpa_supplicant
*wpa_s
)
4315 static int interface_count
= 0;
4317 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0)
4320 wpa_dbg(wpa_s
, MSG_DEBUG
, "Own MAC address: " MACSTR
,
4321 MAC2STR(wpa_s
->own_addr
));
4322 os_memcpy(wpa_s
->perm_addr
, wpa_s
->own_addr
, ETH_ALEN
);
4323 wpa_sm_set_own_addr(wpa_s
->wpa
, wpa_s
->own_addr
);
4325 if (wpa_s
->bridge_ifname
[0]) {
4326 wpa_dbg(wpa_s
, MSG_DEBUG
, "Receiving packets from bridge "
4327 "interface '%s'", wpa_s
->bridge_ifname
);
4328 wpa_s
->l2_br
= l2_packet_init_bridge(
4329 wpa_s
->bridge_ifname
, wpa_s
->ifname
, wpa_s
->own_addr
,
4330 ETH_P_EAPOL
, wpa_supplicant_rx_eapol_bridge
, wpa_s
, 1);
4331 if (wpa_s
->l2_br
== NULL
) {
4332 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to open l2_packet "
4333 "connection for the bridge interface '%s'",
4334 wpa_s
->bridge_ifname
);
4339 if (wpa_s
->conf
->ap_scan
== 2 &&
4340 os_strcmp(wpa_s
->driver
->name
, "nl80211") == 0) {
4341 wpa_printf(MSG_INFO
,
4342 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4345 wpa_clear_keys(wpa_s
, NULL
);
4347 /* Make sure that TKIP countermeasures are not left enabled (could
4348 * happen if wpa_supplicant is killed during countermeasures. */
4349 wpa_drv_set_countermeasures(wpa_s
, 0);
4351 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: flushing PMKID list in the driver");
4352 wpa_drv_flush_pmkid(wpa_s
);
4354 wpa_s
->prev_scan_ssid
= WILDCARD_SSID_SCAN
;
4355 wpa_s
->prev_scan_wildcard
= 0;
4357 if (wpa_supplicant_enabled_networks(wpa_s
)) {
4358 if (wpa_s
->wpa_state
== WPA_INTERFACE_DISABLED
) {
4359 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
4360 interface_count
= 0;
4363 if (!wpa_s
->p2p_mgmt
&&
4364 wpa_supplicant_delayed_sched_scan(wpa_s
,
4365 interface_count
% 3,
4367 wpa_supplicant_req_scan(wpa_s
, interface_count
% 3,
4369 #endif /* ANDROID */
4372 wpa_supplicant_set_state(wpa_s
, WPA_INACTIVE
);
4378 static int wpa_supplicant_daemon(const char *pid_file
)
4380 wpa_printf(MSG_DEBUG
, "Daemonize..");
4381 return os_daemonize(pid_file
);
4385 static struct wpa_supplicant
*
4386 wpa_supplicant_alloc(struct wpa_supplicant
*parent
)
4388 struct wpa_supplicant
*wpa_s
;
4390 wpa_s
= os_zalloc(sizeof(*wpa_s
));
4393 wpa_s
->scan_req
= INITIAL_SCAN_REQ
;
4394 wpa_s
->scan_interval
= 5;
4395 wpa_s
->new_connection
= 1;
4396 wpa_s
->parent
= parent
? parent
: wpa_s
;
4397 wpa_s
->p2pdev
= wpa_s
->parent
;
4398 wpa_s
->sched_scanning
= 0;
4400 dl_list_init(&wpa_s
->bss_tmp_disallowed
);
4401 dl_list_init(&wpa_s
->fils_hlp_req
);
4407 #ifdef CONFIG_HT_OVERRIDES
4409 static int wpa_set_htcap_mcs(struct wpa_supplicant
*wpa_s
,
4410 struct ieee80211_ht_capabilities
*htcaps
,
4411 struct ieee80211_ht_capabilities
*htcaps_mask
,
4414 /* parse ht_mcs into hex array */
4416 const char *tmp
= ht_mcs
;
4419 /* If ht_mcs is null, do not set anything */
4423 /* This is what we are setting in the kernel */
4424 os_memset(&htcaps
->supported_mcs_set
, 0, IEEE80211_HT_MCS_MASK_LEN
);
4426 wpa_msg(wpa_s
, MSG_DEBUG
, "set_htcap, ht_mcs -:%s:-", ht_mcs
);
4428 for (i
= 0; i
< IEEE80211_HT_MCS_MASK_LEN
; i
++) {
4432 v
= strtol(tmp
, &end
, 16);
4435 wpa_msg(wpa_s
, MSG_DEBUG
,
4436 "htcap value[%i]: %ld end: %p tmp: %p",
4441 htcaps
->supported_mcs_set
[i
] = v
;
4444 wpa_msg(wpa_s
, MSG_ERROR
,
4445 "Failed to parse ht-mcs: %s, error: %s\n",
4446 ht_mcs
, strerror(errno
));
4452 * If we were able to parse any values, then set mask for the MCS set.
4455 os_memset(&htcaps_mask
->supported_mcs_set
, 0xff,
4456 IEEE80211_HT_MCS_MASK_LEN
- 1);
4457 /* skip the 3 reserved bits */
4458 htcaps_mask
->supported_mcs_set
[IEEE80211_HT_MCS_MASK_LEN
- 1] =
4466 static int wpa_disable_max_amsdu(struct wpa_supplicant
*wpa_s
,
4467 struct ieee80211_ht_capabilities
*htcaps
,
4468 struct ieee80211_ht_capabilities
*htcaps_mask
,
4476 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_max_amsdu: %d", disabled
);
4478 msk
= host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE
);
4479 htcaps_mask
->ht_capabilities_info
|= msk
;
4481 htcaps
->ht_capabilities_info
&= msk
;
4483 htcaps
->ht_capabilities_info
|= msk
;
4489 static int wpa_set_ampdu_factor(struct wpa_supplicant
*wpa_s
,
4490 struct ieee80211_ht_capabilities
*htcaps
,
4491 struct ieee80211_ht_capabilities
*htcaps_mask
,
4497 wpa_msg(wpa_s
, MSG_DEBUG
, "set_ampdu_factor: %d", factor
);
4499 if (factor
< 0 || factor
> 3) {
4500 wpa_msg(wpa_s
, MSG_ERROR
, "ampdu_factor: %d out of range. "
4501 "Must be 0-3 or -1", factor
);
4505 htcaps_mask
->a_mpdu_params
|= 0x3; /* 2 bits for factor */
4506 htcaps
->a_mpdu_params
&= ~0x3;
4507 htcaps
->a_mpdu_params
|= factor
& 0x3;
4513 static int wpa_set_ampdu_density(struct wpa_supplicant
*wpa_s
,
4514 struct ieee80211_ht_capabilities
*htcaps
,
4515 struct ieee80211_ht_capabilities
*htcaps_mask
,
4521 wpa_msg(wpa_s
, MSG_DEBUG
, "set_ampdu_density: %d", density
);
4523 if (density
< 0 || density
> 7) {
4524 wpa_msg(wpa_s
, MSG_ERROR
,
4525 "ampdu_density: %d out of range. Must be 0-7 or -1.",
4530 htcaps_mask
->a_mpdu_params
|= 0x1C;
4531 htcaps
->a_mpdu_params
&= ~(0x1C);
4532 htcaps
->a_mpdu_params
|= (density
<< 2) & 0x1C;
4538 static int wpa_set_disable_ht40(struct wpa_supplicant
*wpa_s
,
4539 struct ieee80211_ht_capabilities
*htcaps
,
4540 struct ieee80211_ht_capabilities
*htcaps_mask
,
4544 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_ht40: %d", disabled
);
4546 set_disable_ht40(htcaps
, disabled
);
4547 set_disable_ht40(htcaps_mask
, 0);
4553 static int wpa_set_disable_sgi(struct wpa_supplicant
*wpa_s
,
4554 struct ieee80211_ht_capabilities
*htcaps
,
4555 struct ieee80211_ht_capabilities
*htcaps_mask
,
4558 /* Masking these out disables SGI */
4559 le16 msk
= host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ
|
4560 HT_CAP_INFO_SHORT_GI40MHZ
);
4563 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_sgi: %d", disabled
);
4566 htcaps
->ht_capabilities_info
&= ~msk
;
4568 htcaps
->ht_capabilities_info
|= msk
;
4570 htcaps_mask
->ht_capabilities_info
|= msk
;
4576 static int wpa_set_disable_ldpc(struct wpa_supplicant
*wpa_s
,
4577 struct ieee80211_ht_capabilities
*htcaps
,
4578 struct ieee80211_ht_capabilities
*htcaps_mask
,
4581 /* Masking these out disables LDPC */
4582 le16 msk
= host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP
);
4585 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_ldpc: %d", disabled
);
4588 htcaps
->ht_capabilities_info
&= ~msk
;
4590 htcaps
->ht_capabilities_info
|= msk
;
4592 htcaps_mask
->ht_capabilities_info
|= msk
;
4598 static int wpa_set_tx_stbc(struct wpa_supplicant
*wpa_s
,
4599 struct ieee80211_ht_capabilities
*htcaps
,
4600 struct ieee80211_ht_capabilities
*htcaps_mask
,
4603 le16 msk
= host_to_le16(HT_CAP_INFO_TX_STBC
);
4608 wpa_msg(wpa_s
, MSG_DEBUG
, "set_tx_stbc: %d", tx_stbc
);
4610 if (tx_stbc
< 0 || tx_stbc
> 1) {
4611 wpa_msg(wpa_s
, MSG_ERROR
,
4612 "tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc
);
4616 htcaps_mask
->ht_capabilities_info
|= msk
;
4617 htcaps
->ht_capabilities_info
&= ~msk
;
4618 htcaps
->ht_capabilities_info
|= (tx_stbc
<< 7) & msk
;
4624 static int wpa_set_rx_stbc(struct wpa_supplicant
*wpa_s
,
4625 struct ieee80211_ht_capabilities
*htcaps
,
4626 struct ieee80211_ht_capabilities
*htcaps_mask
,
4629 le16 msk
= host_to_le16(HT_CAP_INFO_RX_STBC_MASK
);
4634 wpa_msg(wpa_s
, MSG_DEBUG
, "set_rx_stbc: %d", rx_stbc
);
4636 if (rx_stbc
< 0 || rx_stbc
> 3) {
4637 wpa_msg(wpa_s
, MSG_ERROR
,
4638 "rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc
);
4642 htcaps_mask
->ht_capabilities_info
|= msk
;
4643 htcaps
->ht_capabilities_info
&= ~msk
;
4644 htcaps
->ht_capabilities_info
|= (rx_stbc
<< 8) & msk
;
4650 void wpa_supplicant_apply_ht_overrides(
4651 struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
4652 struct wpa_driver_associate_params
*params
)
4654 struct ieee80211_ht_capabilities
*htcaps
;
4655 struct ieee80211_ht_capabilities
*htcaps_mask
;
4660 params
->disable_ht
= ssid
->disable_ht
;
4661 if (!params
->htcaps
|| !params
->htcaps_mask
)
4664 htcaps
= (struct ieee80211_ht_capabilities
*) params
->htcaps
;
4665 htcaps_mask
= (struct ieee80211_ht_capabilities
*) params
->htcaps_mask
;
4666 wpa_set_htcap_mcs(wpa_s
, htcaps
, htcaps_mask
, ssid
->ht_mcs
);
4667 wpa_disable_max_amsdu(wpa_s
, htcaps
, htcaps_mask
,
4668 ssid
->disable_max_amsdu
);
4669 wpa_set_ampdu_factor(wpa_s
, htcaps
, htcaps_mask
, ssid
->ampdu_factor
);
4670 wpa_set_ampdu_density(wpa_s
, htcaps
, htcaps_mask
, ssid
->ampdu_density
);
4671 wpa_set_disable_ht40(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_ht40
);
4672 wpa_set_disable_sgi(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_sgi
);
4673 wpa_set_disable_ldpc(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_ldpc
);
4674 wpa_set_rx_stbc(wpa_s
, htcaps
, htcaps_mask
, ssid
->rx_stbc
);
4675 wpa_set_tx_stbc(wpa_s
, htcaps
, htcaps_mask
, ssid
->tx_stbc
);
4677 if (ssid
->ht40_intolerant
) {
4678 le16 bit
= host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT
);
4679 htcaps
->ht_capabilities_info
|= bit
;
4680 htcaps_mask
->ht_capabilities_info
|= bit
;
4684 #endif /* CONFIG_HT_OVERRIDES */
4687 #ifdef CONFIG_VHT_OVERRIDES
4688 void wpa_supplicant_apply_vht_overrides(
4689 struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
4690 struct wpa_driver_associate_params
*params
)
4692 struct ieee80211_vht_capabilities
*vhtcaps
;
4693 struct ieee80211_vht_capabilities
*vhtcaps_mask
;
4698 params
->disable_vht
= ssid
->disable_vht
;
4700 vhtcaps
= (void *) params
->vhtcaps
;
4701 vhtcaps_mask
= (void *) params
->vhtcaps_mask
;
4703 if (!vhtcaps
|| !vhtcaps_mask
)
4706 vhtcaps
->vht_capabilities_info
= host_to_le32(ssid
->vht_capa
);
4707 vhtcaps_mask
->vht_capabilities_info
= host_to_le32(ssid
->vht_capa_mask
);
4709 #ifdef CONFIG_HT_OVERRIDES
4710 if (ssid
->disable_sgi
) {
4711 vhtcaps_mask
->vht_capabilities_info
|= (VHT_CAP_SHORT_GI_80
|
4712 VHT_CAP_SHORT_GI_160
);
4713 vhtcaps
->vht_capabilities_info
&= ~(VHT_CAP_SHORT_GI_80
|
4714 VHT_CAP_SHORT_GI_160
);
4715 wpa_msg(wpa_s
, MSG_DEBUG
,
4716 "disable-sgi override specified, vht-caps: 0x%x",
4717 vhtcaps
->vht_capabilities_info
);
4720 /* if max ampdu is <= 3, we have to make the HT cap the same */
4721 if (ssid
->vht_capa_mask
& VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
) {
4724 max_ampdu
= (ssid
->vht_capa
&
4725 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
) >>
4726 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT
;
4728 max_ampdu
= max_ampdu
< 3 ? max_ampdu
: 3;
4729 wpa_set_ampdu_factor(wpa_s
,
4730 (void *) params
->htcaps
,
4731 (void *) params
->htcaps_mask
,
4734 #endif /* CONFIG_HT_OVERRIDES */
4736 #define OVERRIDE_MCS(i) \
4737 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
4738 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
4739 host_to_le16(3 << 2 * (i - 1)); \
4740 vhtcaps->vht_supported_mcs_set.tx_map |= \
4741 host_to_le16(ssid->vht_tx_mcs_nss_ ##i << \
4744 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
4745 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
4746 host_to_le16(3 << 2 * (i - 1)); \
4747 vhtcaps->vht_supported_mcs_set.rx_map |= \
4748 host_to_le16(ssid->vht_rx_mcs_nss_ ##i << \
4761 #endif /* CONFIG_VHT_OVERRIDES */
4764 static int pcsc_reader_init(struct wpa_supplicant
*wpa_s
)
4769 if (!wpa_s
->conf
->pcsc_reader
)
4772 wpa_s
->scard
= scard_init(wpa_s
->conf
->pcsc_reader
);
4776 if (wpa_s
->conf
->pcsc_pin
&&
4777 scard_set_pin(wpa_s
->scard
, wpa_s
->conf
->pcsc_pin
) < 0) {
4778 scard_deinit(wpa_s
->scard
);
4779 wpa_s
->scard
= NULL
;
4780 wpa_msg(wpa_s
, MSG_ERROR
, "PC/SC PIN validation failed");
4784 len
= sizeof(wpa_s
->imsi
) - 1;
4785 if (scard_get_imsi(wpa_s
->scard
, wpa_s
->imsi
, &len
)) {
4786 scard_deinit(wpa_s
->scard
);
4787 wpa_s
->scard
= NULL
;
4788 wpa_msg(wpa_s
, MSG_ERROR
, "Could not read IMSI");
4791 wpa_s
->imsi
[len
] = '\0';
4793 wpa_s
->mnc_len
= scard_get_mnc_len(wpa_s
->scard
);
4795 wpa_printf(MSG_DEBUG
, "SCARD: IMSI %s (MNC length %d)",
4796 wpa_s
->imsi
, wpa_s
->mnc_len
);
4798 wpa_sm_set_scard_ctx(wpa_s
->wpa
, wpa_s
->scard
);
4799 eapol_sm_register_scard_ctx(wpa_s
->eapol
, wpa_s
->scard
);
4800 #endif /* PCSC_FUNCS */
4806 int wpas_init_ext_pw(struct wpa_supplicant
*wpa_s
)
4810 ext_password_deinit(wpa_s
->ext_pw
);
4811 wpa_s
->ext_pw
= NULL
;
4812 eapol_sm_set_ext_pw_ctx(wpa_s
->eapol
, NULL
);
4814 if (!wpa_s
->conf
->ext_password_backend
)
4817 val
= os_strdup(wpa_s
->conf
->ext_password_backend
);
4820 pos
= os_strchr(val
, ':');
4824 wpa_printf(MSG_DEBUG
, "EXT PW: Initialize backend '%s'", val
);
4826 wpa_s
->ext_pw
= ext_password_init(val
, pos
);
4828 if (wpa_s
->ext_pw
== NULL
) {
4829 wpa_printf(MSG_DEBUG
, "EXT PW: Failed to initialize backend");
4832 eapol_sm_set_ext_pw_ctx(wpa_s
->eapol
, wpa_s
->ext_pw
);
4840 static const u8
* wpas_fst_get_bssid_cb(void *ctx
)
4842 struct wpa_supplicant
*wpa_s
= ctx
;
4844 return (is_zero_ether_addr(wpa_s
->bssid
) ||
4845 wpa_s
->wpa_state
!= WPA_COMPLETED
) ? NULL
: wpa_s
->bssid
;
4849 static void wpas_fst_get_channel_info_cb(void *ctx
,
4850 enum hostapd_hw_mode
*hw_mode
,
4853 struct wpa_supplicant
*wpa_s
= ctx
;
4855 if (wpa_s
->current_bss
) {
4856 *hw_mode
= ieee80211_freq_to_chan(wpa_s
->current_bss
->freq
,
4858 } else if (wpa_s
->hw
.num_modes
) {
4859 *hw_mode
= wpa_s
->hw
.modes
[0].mode
;
4867 static int wpas_fst_get_hw_modes(void *ctx
, struct hostapd_hw_modes
**modes
)
4869 struct wpa_supplicant
*wpa_s
= ctx
;
4871 *modes
= wpa_s
->hw
.modes
;
4872 return wpa_s
->hw
.num_modes
;
4876 static void wpas_fst_set_ies_cb(void *ctx
, const struct wpabuf
*fst_ies
)
4878 struct wpa_supplicant
*wpa_s
= ctx
;
4880 wpa_hexdump_buf(MSG_DEBUG
, "FST: Set IEs", fst_ies
);
4881 wpa_s
->fst_ies
= fst_ies
;
4885 static int wpas_fst_send_action_cb(void *ctx
, const u8
*da
, struct wpabuf
*data
)
4887 struct wpa_supplicant
*wpa_s
= ctx
;
4889 if (os_memcmp(wpa_s
->bssid
, da
, ETH_ALEN
) != 0) {
4890 wpa_printf(MSG_INFO
, "FST:%s:bssid=" MACSTR
" != da=" MACSTR
,
4891 __func__
, MAC2STR(wpa_s
->bssid
), MAC2STR(da
));
4894 return wpa_drv_send_action(wpa_s
, wpa_s
->assoc_freq
, 0, wpa_s
->bssid
,
4895 wpa_s
->own_addr
, wpa_s
->bssid
,
4896 wpabuf_head(data
), wpabuf_len(data
),
4901 static const struct wpabuf
* wpas_fst_get_mb_ie_cb(void *ctx
, const u8
*addr
)
4903 struct wpa_supplicant
*wpa_s
= ctx
;
4905 WPA_ASSERT(os_memcmp(wpa_s
->bssid
, addr
, ETH_ALEN
) == 0);
4906 return wpa_s
->received_mb_ies
;
4910 static void wpas_fst_update_mb_ie_cb(void *ctx
, const u8
*addr
,
4911 const u8
*buf
, size_t size
)
4913 struct wpa_supplicant
*wpa_s
= ctx
;
4914 struct mb_ies_info info
;
4916 WPA_ASSERT(os_memcmp(wpa_s
->bssid
, addr
, ETH_ALEN
) == 0);
4918 if (!mb_ies_info_by_ies(&info
, buf
, size
)) {
4919 wpabuf_free(wpa_s
->received_mb_ies
);
4920 wpa_s
->received_mb_ies
= mb_ies_by_info(&info
);
4925 static const u8
* wpas_fst_get_peer_first(void *ctx
,
4926 struct fst_get_peer_ctx
**get_ctx
,
4929 struct wpa_supplicant
*wpa_s
= ctx
;
4932 if (!is_zero_ether_addr(wpa_s
->bssid
))
4933 return (wpa_s
->received_mb_ies
|| !mb_only
) ?
4934 wpa_s
->bssid
: NULL
;
4939 static const u8
* wpas_fst_get_peer_next(void *ctx
,
4940 struct fst_get_peer_ctx
**get_ctx
,
4946 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant
*wpa_s
,
4947 struct fst_wpa_obj
*iface_obj
)
4949 iface_obj
->ctx
= wpa_s
;
4950 iface_obj
->get_bssid
= wpas_fst_get_bssid_cb
;
4951 iface_obj
->get_channel_info
= wpas_fst_get_channel_info_cb
;
4952 iface_obj
->get_hw_modes
= wpas_fst_get_hw_modes
;
4953 iface_obj
->set_ies
= wpas_fst_set_ies_cb
;
4954 iface_obj
->send_action
= wpas_fst_send_action_cb
;
4955 iface_obj
->get_mb_ie
= wpas_fst_get_mb_ie_cb
;
4956 iface_obj
->update_mb_ie
= wpas_fst_update_mb_ie_cb
;
4957 iface_obj
->get_peer_first
= wpas_fst_get_peer_first
;
4958 iface_obj
->get_peer_next
= wpas_fst_get_peer_next
;
4960 #endif /* CONFIG_FST */
4962 static int wpas_set_wowlan_triggers(struct wpa_supplicant
*wpa_s
,
4963 const struct wpa_driver_capa
*capa
)
4965 struct wowlan_triggers
*triggers
;
4968 if (!wpa_s
->conf
->wowlan_triggers
)
4971 triggers
= wpa_get_wowlan_triggers(wpa_s
->conf
->wowlan_triggers
, capa
);
4973 ret
= wpa_drv_wowlan(wpa_s
, triggers
);
4980 enum wpa_radio_work_band
wpas_freq_to_band(int freq
)
4983 return BAND_2_4_GHZ
;
4990 unsigned int wpas_get_bands(struct wpa_supplicant
*wpa_s
, const int *freqs
)
4993 unsigned int band
= 0;
4996 /* freqs are specified for the radio work */
4997 for (i
= 0; freqs
[i
]; i
++)
4998 band
|= wpas_freq_to_band(freqs
[i
]);
5001 * freqs are not specified, implies all
5002 * the supported freqs by HW
5004 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
5005 if (wpa_s
->hw
.modes
[i
].num_channels
!= 0) {
5006 if (wpa_s
->hw
.modes
[i
].mode
==
5007 HOSTAPD_MODE_IEEE80211B
||
5008 wpa_s
->hw
.modes
[i
].mode
==
5009 HOSTAPD_MODE_IEEE80211G
)
5010 band
|= BAND_2_4_GHZ
;
5011 else if (wpa_s
->hw
.modes
[i
].mode
==
5012 HOSTAPD_MODE_IEEE80211A
)
5014 else if (wpa_s
->hw
.modes
[i
].mode
==
5015 HOSTAPD_MODE_IEEE80211AD
)
5016 band
|= BAND_60_GHZ
;
5017 else if (wpa_s
->hw
.modes
[i
].mode
==
5018 HOSTAPD_MODE_IEEE80211ANY
)
5019 band
= BAND_2_4_GHZ
| BAND_5_GHZ
|
5029 static struct wpa_radio
* radio_add_interface(struct wpa_supplicant
*wpa_s
,
5032 struct wpa_supplicant
*iface
= wpa_s
->global
->ifaces
;
5033 struct wpa_radio
*radio
;
5035 while (rn
&& iface
) {
5036 radio
= iface
->radio
;
5037 if (radio
&& os_strcmp(rn
, radio
->name
) == 0) {
5038 wpa_printf(MSG_DEBUG
, "Add interface %s to existing radio %s",
5040 dl_list_add(&radio
->ifaces
, &wpa_s
->radio_list
);
5044 iface
= iface
->next
;
5047 wpa_printf(MSG_DEBUG
, "Add interface %s to a new radio %s",
5048 wpa_s
->ifname
, rn
? rn
: "N/A");
5049 radio
= os_zalloc(sizeof(*radio
));
5054 os_strlcpy(radio
->name
, rn
, sizeof(radio
->name
));
5055 dl_list_init(&radio
->ifaces
);
5056 dl_list_init(&radio
->work
);
5057 dl_list_add(&radio
->ifaces
, &wpa_s
->radio_list
);
5063 static void radio_work_free(struct wpa_radio_work
*work
)
5065 if (work
->wpa_s
->scan_work
== work
) {
5066 /* This should not really happen. */
5067 wpa_dbg(work
->wpa_s
, MSG_INFO
, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
5068 work
->type
, work
, work
->started
);
5069 work
->wpa_s
->scan_work
= NULL
;
5073 if (work
->wpa_s
->p2p_scan_work
== work
) {
5074 /* This should not really happen. */
5075 wpa_dbg(work
->wpa_s
, MSG_INFO
, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
5076 work
->type
, work
, work
->started
);
5077 work
->wpa_s
->p2p_scan_work
= NULL
;
5079 #endif /* CONFIG_P2P */
5081 if (work
->started
) {
5082 work
->wpa_s
->radio
->num_active_works
--;
5083 wpa_dbg(work
->wpa_s
, MSG_DEBUG
,
5084 "radio_work_free('%s'@%p): num_active_works --> %u",
5086 work
->wpa_s
->radio
->num_active_works
);
5089 dl_list_del(&work
->list
);
5094 static int radio_work_is_connect(struct wpa_radio_work
*work
)
5096 return os_strcmp(work
->type
, "sme-connect") == 0 ||
5097 os_strcmp(work
->type
, "connect") == 0;
5101 static int radio_work_is_scan(struct wpa_radio_work
*work
)
5103 return os_strcmp(work
->type
, "scan") == 0 ||
5104 os_strcmp(work
->type
, "p2p-scan") == 0;
5108 static struct wpa_radio_work
* radio_work_get_next_work(struct wpa_radio
*radio
)
5110 struct wpa_radio_work
*active_work
= NULL
;
5111 struct wpa_radio_work
*tmp
;
5113 /* Get the active work to know the type and band. */
5114 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
, list
) {
5122 /* No active work, start one */
5123 radio
->num_active_works
= 0;
5124 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
,
5126 if (os_strcmp(tmp
->type
, "scan") == 0 &&
5127 radio
->external_scan_running
&&
5128 (((struct wpa_driver_scan_params
*)
5129 tmp
->ctx
)->only_new_results
||
5130 tmp
->wpa_s
->clear_driver_scan_cache
))
5137 if (radio_work_is_connect(active_work
)) {
5139 * If the active work is either connect or sme-connect,
5140 * do not parallelize them with other radio works.
5142 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5143 "Do not parallelize radio work with %s",
5148 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
, list
) {
5153 * If connect or sme-connect are enqueued, parallelize only
5154 * those operations ahead of them in the queue.
5156 if (radio_work_is_connect(tmp
))
5159 /* Serialize parallel scan and p2p_scan operations on the same
5160 * interface since the driver_nl80211 mechanism for tracking
5161 * scan cookies does not yet have support for this. */
5162 if (active_work
->wpa_s
== tmp
->wpa_s
&&
5163 radio_work_is_scan(active_work
) &&
5164 radio_work_is_scan(tmp
)) {
5165 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5166 "Do not start work '%s' when another work '%s' is already scheduled",
5167 tmp
->type
, active_work
->type
);
5171 * Check that the radio works are distinct and
5172 * on different bands.
5174 if (os_strcmp(active_work
->type
, tmp
->type
) != 0 &&
5175 (active_work
->bands
!= tmp
->bands
)) {
5177 * If a scan has to be scheduled through nl80211 scan
5178 * interface and if an external scan is already running,
5179 * do not schedule the scan since it is likely to get
5180 * rejected by kernel.
5182 if (os_strcmp(tmp
->type
, "scan") == 0 &&
5183 radio
->external_scan_running
&&
5184 (((struct wpa_driver_scan_params
*)
5185 tmp
->ctx
)->only_new_results
||
5186 tmp
->wpa_s
->clear_driver_scan_cache
))
5189 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5190 "active_work:%s new_work:%s",
5191 active_work
->type
, tmp
->type
);
5196 /* Did not find a radio work to schedule in parallel. */
5201 static void radio_start_next_work(void *eloop_ctx
, void *timeout_ctx
)
5203 struct wpa_radio
*radio
= eloop_ctx
;
5204 struct wpa_radio_work
*work
;
5205 struct os_reltime now
, diff
;
5206 struct wpa_supplicant
*wpa_s
;
5208 work
= dl_list_first(&radio
->work
, struct wpa_radio_work
, list
);
5210 radio
->num_active_works
= 0;
5214 wpa_s
= dl_list_first(&radio
->ifaces
, struct wpa_supplicant
,
5218 wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
)) {
5220 return; /* already started and still in progress */
5222 if (wpa_s
&& wpa_s
->radio
->external_scan_running
) {
5223 wpa_printf(MSG_DEBUG
, "Delay radio work start until externally triggered scan completes");
5228 if (radio
->num_active_works
< MAX_ACTIVE_WORKS
) {
5229 /* get the work to schedule next */
5230 work
= radio_work_get_next_work(radio
);
5236 wpa_s
= work
->wpa_s
;
5237 os_get_reltime(&now
);
5238 os_reltime_sub(&now
, &work
->time
, &diff
);
5239 wpa_dbg(wpa_s
, MSG_DEBUG
,
5240 "Starting radio work '%s'@%p after %ld.%06ld second wait",
5241 work
->type
, work
, diff
.sec
, diff
.usec
);
5244 radio
->num_active_works
++;
5248 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
) &&
5249 radio
->num_active_works
< MAX_ACTIVE_WORKS
)
5250 radio_work_check_next(wpa_s
);
5255 * This function removes both started and pending radio works running on
5256 * the provided interface's radio.
5257 * Prior to the removal of the radio work, its callback (cb) is called with
5258 * deinit set to be 1. Each work's callback is responsible for clearing its
5259 * internal data and restoring to a correct state.
5260 * @wpa_s: wpa_supplicant data
5261 * @type: type of works to be removed
5262 * @remove_all: 1 to remove all the works on this radio, 0 to remove only
5263 * this interface's works.
5265 void radio_remove_works(struct wpa_supplicant
*wpa_s
,
5266 const char *type
, int remove_all
)
5268 struct wpa_radio_work
*work
, *tmp
;
5269 struct wpa_radio
*radio
= wpa_s
->radio
;
5271 dl_list_for_each_safe(work
, tmp
, &radio
->work
, struct wpa_radio_work
,
5273 if (type
&& os_strcmp(type
, work
->type
) != 0)
5276 /* skip other ifaces' works */
5277 if (!remove_all
&& work
->wpa_s
!= wpa_s
)
5280 wpa_dbg(wpa_s
, MSG_DEBUG
, "Remove radio work '%s'@%p%s",
5281 work
->type
, work
, work
->started
? " (started)" : "");
5283 radio_work_free(work
);
5286 /* in case we removed the started work */
5287 radio_work_check_next(wpa_s
);
5291 void radio_remove_pending_work(struct wpa_supplicant
*wpa_s
, void *ctx
)
5293 struct wpa_radio_work
*work
;
5294 struct wpa_radio
*radio
= wpa_s
->radio
;
5296 dl_list_for_each(work
, &radio
->work
, struct wpa_radio_work
, list
) {
5297 if (work
->ctx
!= ctx
)
5299 wpa_dbg(wpa_s
, MSG_DEBUG
, "Free pending radio work '%s'@%p%s",
5300 work
->type
, work
, work
->started
? " (started)" : "");
5301 radio_work_free(work
);
5307 static void radio_remove_interface(struct wpa_supplicant
*wpa_s
)
5309 struct wpa_radio
*radio
= wpa_s
->radio
;
5314 wpa_printf(MSG_DEBUG
, "Remove interface %s from radio %s",
5315 wpa_s
->ifname
, radio
->name
);
5316 dl_list_del(&wpa_s
->radio_list
);
5317 radio_remove_works(wpa_s
, NULL
, 0);
5318 wpa_s
->radio
= NULL
;
5319 if (!dl_list_empty(&radio
->ifaces
))
5320 return; /* Interfaces remain for this radio */
5322 wpa_printf(MSG_DEBUG
, "Remove radio %s", radio
->name
);
5323 eloop_cancel_timeout(radio_start_next_work
, radio
, NULL
);
5328 void radio_work_check_next(struct wpa_supplicant
*wpa_s
)
5330 struct wpa_radio
*radio
= wpa_s
->radio
;
5332 if (dl_list_empty(&radio
->work
))
5334 if (wpa_s
->ext_work_in_progress
) {
5335 wpa_printf(MSG_DEBUG
,
5336 "External radio work in progress - delay start of pending item");
5339 eloop_cancel_timeout(radio_start_next_work
, radio
, NULL
);
5340 eloop_register_timeout(0, 0, radio_start_next_work
, radio
, NULL
);
5345 * radio_add_work - Add a radio work item
5346 * @wpa_s: Pointer to wpa_supplicant data
5347 * @freq: Frequency of the offchannel operation in MHz or 0
5348 * @type: Unique identifier for each type of work
5349 * @next: Force as the next work to be executed
5350 * @cb: Callback function for indicating when radio is available
5351 * @ctx: Context pointer for the work (work->ctx in cb())
5352 * Returns: 0 on success, -1 on failure
5354 * This function is used to request time for an operation that requires
5355 * exclusive radio control. Once the radio is available, the registered callback
5356 * function will be called. radio_work_done() must be called once the exclusive
5357 * radio operation has been completed, so that the radio is freed for other
5358 * operations. The special case of deinit=1 is used to free the context data
5359 * during interface removal. That does not allow the callback function to start
5360 * the radio operation, i.e., it must free any resources allocated for the radio
5363 * The @freq parameter can be used to indicate a single channel on which the
5364 * offchannel operation will occur. This may allow multiple radio work
5365 * operations to be performed in parallel if they apply for the same channel.
5366 * Setting this to 0 indicates that the work item may use multiple channels or
5367 * requires exclusive control of the radio.
5369 int radio_add_work(struct wpa_supplicant
*wpa_s
, unsigned int freq
,
5370 const char *type
, int next
,
5371 void (*cb
)(struct wpa_radio_work
*work
, int deinit
),
5374 struct wpa_radio
*radio
= wpa_s
->radio
;
5375 struct wpa_radio_work
*work
;
5378 work
= os_zalloc(sizeof(*work
));
5381 wpa_dbg(wpa_s
, MSG_DEBUG
, "Add radio work '%s'@%p", type
, work
);
5382 os_get_reltime(&work
->time
);
5385 work
->wpa_s
= wpa_s
;
5390 work
->bands
= wpas_freq_to_band(freq
);
5391 else if (os_strcmp(type
, "scan") == 0 ||
5392 os_strcmp(type
, "p2p-scan") == 0)
5393 work
->bands
= wpas_get_bands(wpa_s
,
5394 ((struct wpa_driver_scan_params
*)
5397 work
->bands
= wpas_get_bands(wpa_s
, NULL
);
5399 was_empty
= dl_list_empty(&wpa_s
->radio
->work
);
5401 dl_list_add(&wpa_s
->radio
->work
, &work
->list
);
5403 dl_list_add_tail(&wpa_s
->radio
->work
, &work
->list
);
5405 wpa_dbg(wpa_s
, MSG_DEBUG
, "First radio work item in the queue - schedule start immediately");
5406 radio_work_check_next(wpa_s
);
5407 } else if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
)
5408 && radio
->num_active_works
< MAX_ACTIVE_WORKS
) {
5409 wpa_dbg(wpa_s
, MSG_DEBUG
,
5410 "Try to schedule a radio work (num_active_works=%u)",
5411 radio
->num_active_works
);
5412 radio_work_check_next(wpa_s
);
5420 * radio_work_done - Indicate that a radio work item has been completed
5421 * @work: Completed work
5423 * This function is called once the callback function registered with
5424 * radio_add_work() has completed its work.
5426 void radio_work_done(struct wpa_radio_work
*work
)
5428 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
5429 struct os_reltime now
, diff
;
5430 unsigned int started
= work
->started
;
5432 os_get_reltime(&now
);
5433 os_reltime_sub(&now
, &work
->time
, &diff
);
5434 wpa_dbg(wpa_s
, MSG_DEBUG
, "Radio work '%s'@%p %s in %ld.%06ld seconds",
5435 work
->type
, work
, started
? "done" : "canceled",
5436 diff
.sec
, diff
.usec
);
5437 radio_work_free(work
);
5439 radio_work_check_next(wpa_s
);
5443 struct wpa_radio_work
*
5444 radio_work_pending(struct wpa_supplicant
*wpa_s
, const char *type
)
5446 struct wpa_radio_work
*work
;
5447 struct wpa_radio
*radio
= wpa_s
->radio
;
5449 dl_list_for_each(work
, &radio
->work
, struct wpa_radio_work
, list
) {
5450 if (work
->wpa_s
== wpa_s
&& os_strcmp(work
->type
, type
) == 0)
5458 static int wpas_init_driver(struct wpa_supplicant
*wpa_s
,
5459 const struct wpa_interface
*iface
)
5461 const char *ifname
, *driver
, *rn
;
5463 driver
= iface
->driver
;
5465 if (wpa_supplicant_set_driver(wpa_s
, driver
) < 0)
5468 wpa_s
->drv_priv
= wpa_drv_init(wpa_s
, wpa_s
->ifname
);
5469 if (wpa_s
->drv_priv
== NULL
) {
5471 pos
= driver
? os_strchr(driver
, ',') : NULL
;
5473 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize "
5474 "driver interface - try next driver wrapper");
5478 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to initialize driver "
5482 if (wpa_drv_set_param(wpa_s
, wpa_s
->conf
->driver_param
) < 0) {
5483 wpa_msg(wpa_s
, MSG_ERROR
, "Driver interface rejected "
5484 "driver_param '%s'", wpa_s
->conf
->driver_param
);
5488 ifname
= wpa_drv_get_ifname(wpa_s
);
5489 if (ifname
&& os_strcmp(ifname
, wpa_s
->ifname
) != 0) {
5490 wpa_dbg(wpa_s
, MSG_DEBUG
, "Driver interface replaced "
5491 "interface name with '%s'", ifname
);
5492 os_strlcpy(wpa_s
->ifname
, ifname
, sizeof(wpa_s
->ifname
));
5495 rn
= wpa_driver_get_radio_name(wpa_s
);
5496 if (rn
&& rn
[0] == '\0')
5499 wpa_s
->radio
= radio_add_interface(wpa_s
, rn
);
5500 if (wpa_s
->radio
== NULL
)
5507 #ifdef CONFIG_GAS_SERVER
5509 static void wpas_gas_server_tx_status(struct wpa_supplicant
*wpa_s
,
5510 unsigned int freq
, const u8
*dst
,
5511 const u8
*src
, const u8
*bssid
,
5512 const u8
*data
, size_t data_len
,
5513 enum offchannel_send_action_result result
)
5515 wpa_printf(MSG_DEBUG
, "GAS: TX status: freq=%u dst=" MACSTR
5518 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
? "SUCCESS" :
5519 (result
== OFFCHANNEL_SEND_ACTION_NO_ACK
? "no-ACK" :
5521 gas_server_tx_status(wpa_s
->gas_server
, dst
, data
, data_len
,
5522 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
);
5526 static void wpas_gas_server_tx(void *ctx
, int freq
, const u8
*da
,
5527 struct wpabuf
*buf
, unsigned int wait_time
)
5529 struct wpa_supplicant
*wpa_s
= ctx
;
5530 const u8 broadcast
[ETH_ALEN
] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
5532 if (wait_time
> wpa_s
->max_remain_on_chan
)
5533 wait_time
= wpa_s
->max_remain_on_chan
;
5535 offchannel_send_action(wpa_s
, freq
, da
, wpa_s
->own_addr
, broadcast
,
5536 wpabuf_head(buf
), wpabuf_len(buf
),
5537 wait_time
, wpas_gas_server_tx_status
, 0);
5540 #endif /* CONFIG_GAS_SERVER */
5542 static int wpa_supplicant_init_iface(struct wpa_supplicant
*wpa_s
,
5543 const struct wpa_interface
*iface
)
5545 struct wpa_driver_capa capa
;
5549 wpa_printf(MSG_DEBUG
, "Initializing interface '%s' conf '%s' driver "
5550 "'%s' ctrl_interface '%s' bridge '%s'", iface
->ifname
,
5551 iface
->confname
? iface
->confname
: "N/A",
5552 iface
->driver
? iface
->driver
: "default",
5553 iface
->ctrl_interface
? iface
->ctrl_interface
: "N/A",
5554 iface
->bridge_ifname
? iface
->bridge_ifname
: "N/A");
5556 if (iface
->confname
) {
5557 #ifdef CONFIG_BACKEND_FILE
5558 wpa_s
->confname
= os_rel2abs_path(iface
->confname
);
5559 if (wpa_s
->confname
== NULL
) {
5560 wpa_printf(MSG_ERROR
, "Failed to get absolute path "
5561 "for configuration file '%s'.",
5565 wpa_printf(MSG_DEBUG
, "Configuration file '%s' -> '%s'",
5566 iface
->confname
, wpa_s
->confname
);
5567 #else /* CONFIG_BACKEND_FILE */
5568 wpa_s
->confname
= os_strdup(iface
->confname
);
5569 #endif /* CONFIG_BACKEND_FILE */
5570 wpa_s
->conf
= wpa_config_read(wpa_s
->confname
, NULL
);
5571 if (wpa_s
->conf
== NULL
) {
5572 wpa_printf(MSG_ERROR
, "Failed to read or parse "
5573 "configuration '%s'.", wpa_s
->confname
);
5576 wpa_s
->confanother
= os_rel2abs_path(iface
->confanother
);
5577 if (wpa_s
->confanother
&&
5578 !wpa_config_read(wpa_s
->confanother
, wpa_s
->conf
)) {
5579 wpa_printf(MSG_ERROR
,
5580 "Failed to read or parse configuration '%s'.",
5581 wpa_s
->confanother
);
5586 * Override ctrl_interface and driver_param if set on command
5589 if (iface
->ctrl_interface
) {
5590 os_free(wpa_s
->conf
->ctrl_interface
);
5591 wpa_s
->conf
->ctrl_interface
=
5592 os_strdup(iface
->ctrl_interface
);
5595 if (iface
->driver_param
) {
5596 os_free(wpa_s
->conf
->driver_param
);
5597 wpa_s
->conf
->driver_param
=
5598 os_strdup(iface
->driver_param
);
5601 if (iface
->p2p_mgmt
&& !iface
->ctrl_interface
) {
5602 os_free(wpa_s
->conf
->ctrl_interface
);
5603 wpa_s
->conf
->ctrl_interface
= NULL
;
5606 wpa_s
->conf
= wpa_config_alloc_empty(iface
->ctrl_interface
,
5607 iface
->driver_param
);
5609 if (wpa_s
->conf
== NULL
) {
5610 wpa_printf(MSG_ERROR
, "\nNo configuration found.");
5614 if (iface
->ifname
== NULL
) {
5615 wpa_printf(MSG_ERROR
, "\nInterface name is required.");
5618 if (os_strlen(iface
->ifname
) >= sizeof(wpa_s
->ifname
)) {
5619 wpa_printf(MSG_ERROR
, "\nToo long interface name '%s'.",
5623 os_strlcpy(wpa_s
->ifname
, iface
->ifname
, sizeof(wpa_s
->ifname
));
5625 if (iface
->bridge_ifname
) {
5626 if (os_strlen(iface
->bridge_ifname
) >=
5627 sizeof(wpa_s
->bridge_ifname
)) {
5628 wpa_printf(MSG_ERROR
, "\nToo long bridge interface "
5629 "name '%s'.", iface
->bridge_ifname
);
5632 os_strlcpy(wpa_s
->bridge_ifname
, iface
->bridge_ifname
,
5633 sizeof(wpa_s
->bridge_ifname
));
5636 /* RSNA Supplicant Key Management - INITIALIZE */
5637 eapol_sm_notify_portEnabled(wpa_s
->eapol
, FALSE
);
5638 eapol_sm_notify_portValid(wpa_s
->eapol
, FALSE
);
5640 /* Initialize driver interface and register driver event handler before
5641 * L2 receive handler so that association events are processed before
5642 * EAPOL-Key packets if both become available for the same select()
5644 if (wpas_init_driver(wpa_s
, iface
) < 0)
5647 if (wpa_supplicant_init_wpa(wpa_s
) < 0)
5650 wpa_sm_set_ifname(wpa_s
->wpa
, wpa_s
->ifname
,
5651 wpa_s
->bridge_ifname
[0] ? wpa_s
->bridge_ifname
:
5653 wpa_sm_set_fast_reauth(wpa_s
->wpa
, wpa_s
->conf
->fast_reauth
);
5655 if (wpa_s
->conf
->dot11RSNAConfigPMKLifetime
&&
5656 wpa_sm_set_param(wpa_s
->wpa
, RSNA_PMK_LIFETIME
,
5657 wpa_s
->conf
->dot11RSNAConfigPMKLifetime
)) {
5658 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
5659 "dot11RSNAConfigPMKLifetime");
5663 if (wpa_s
->conf
->dot11RSNAConfigPMKReauthThreshold
&&
5664 wpa_sm_set_param(wpa_s
->wpa
, RSNA_PMK_REAUTH_THRESHOLD
,
5665 wpa_s
->conf
->dot11RSNAConfigPMKReauthThreshold
)) {
5666 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
5667 "dot11RSNAConfigPMKReauthThreshold");
5671 if (wpa_s
->conf
->dot11RSNAConfigSATimeout
&&
5672 wpa_sm_set_param(wpa_s
->wpa
, RSNA_SA_TIMEOUT
,
5673 wpa_s
->conf
->dot11RSNAConfigSATimeout
)) {
5674 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
5675 "dot11RSNAConfigSATimeout");
5679 wpa_s
->hw
.modes
= wpa_drv_get_hw_feature_data(wpa_s
,
5680 &wpa_s
->hw
.num_modes
,
5683 if (wpa_s
->hw
.modes
) {
5686 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
5687 if (wpa_s
->hw
.modes
[i
].vht_capab
) {
5688 wpa_s
->hw_capab
= CAPAB_VHT
;
5692 if (wpa_s
->hw
.modes
[i
].ht_capab
&
5693 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET
)
5694 wpa_s
->hw_capab
= CAPAB_HT40
;
5695 else if (wpa_s
->hw
.modes
[i
].ht_capab
&&
5696 wpa_s
->hw_capab
== CAPAB_NO_HT_VHT
)
5697 wpa_s
->hw_capab
= CAPAB_HT
;
5701 capa_res
= wpa_drv_get_capa(wpa_s
, &capa
);
5702 if (capa_res
== 0) {
5703 wpa_s
->drv_capa_known
= 1;
5704 wpa_s
->drv_flags
= capa
.flags
;
5705 wpa_s
->drv_enc
= capa
.enc
;
5706 wpa_s
->drv_smps_modes
= capa
.smps_modes
;
5707 wpa_s
->drv_rrm_flags
= capa
.rrm_flags
;
5708 wpa_s
->probe_resp_offloads
= capa
.probe_resp_offloads
;
5709 wpa_s
->max_scan_ssids
= capa
.max_scan_ssids
;
5710 wpa_s
->max_sched_scan_ssids
= capa
.max_sched_scan_ssids
;
5711 wpa_s
->max_sched_scan_plans
= capa
.max_sched_scan_plans
;
5712 wpa_s
->max_sched_scan_plan_interval
=
5713 capa
.max_sched_scan_plan_interval
;
5714 wpa_s
->max_sched_scan_plan_iterations
=
5715 capa
.max_sched_scan_plan_iterations
;
5716 wpa_s
->sched_scan_supported
= capa
.sched_scan_supported
;
5717 wpa_s
->max_match_sets
= capa
.max_match_sets
;
5718 wpa_s
->max_remain_on_chan
= capa
.max_remain_on_chan
;
5719 wpa_s
->max_stations
= capa
.max_stations
;
5720 wpa_s
->extended_capa
= capa
.extended_capa
;
5721 wpa_s
->extended_capa_mask
= capa
.extended_capa_mask
;
5722 wpa_s
->extended_capa_len
= capa
.extended_capa_len
;
5723 wpa_s
->num_multichan_concurrent
=
5724 capa
.num_multichan_concurrent
;
5725 wpa_s
->wmm_ac_supported
= capa
.wmm_ac_supported
;
5727 if (capa
.mac_addr_rand_scan_supported
)
5728 wpa_s
->mac_addr_rand_supported
|= MAC_ADDR_RAND_SCAN
;
5729 if (wpa_s
->sched_scan_supported
&&
5730 capa
.mac_addr_rand_sched_scan_supported
)
5731 wpa_s
->mac_addr_rand_supported
|=
5732 (MAC_ADDR_RAND_SCHED_SCAN
| MAC_ADDR_RAND_PNO
);
5734 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_STATION
);
5735 if (wpa_s
->extended_capa
&&
5736 wpa_s
->extended_capa_len
>= 3 &&
5737 wpa_s
->extended_capa
[2] & 0x40)
5738 wpa_s
->multi_bss_support
= 1;
5740 if (wpa_s
->max_remain_on_chan
== 0)
5741 wpa_s
->max_remain_on_chan
= 1000;
5744 * Only take p2p_mgmt parameters when P2P Device is supported.
5745 * Doing it here as it determines whether l2_packet_init() will be done
5746 * during wpa_supplicant_driver_init().
5748 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
)
5749 wpa_s
->p2p_mgmt
= iface
->p2p_mgmt
;
5751 if (wpa_s
->num_multichan_concurrent
== 0)
5752 wpa_s
->num_multichan_concurrent
= 1;
5754 if (wpa_supplicant_driver_init(wpa_s
) < 0)
5758 if (!iface
->p2p_mgmt
&& wpa_tdls_init(wpa_s
->wpa
))
5760 #endif /* CONFIG_TDLS */
5762 if (wpa_s
->conf
->country
[0] && wpa_s
->conf
->country
[1] &&
5763 wpa_drv_set_country(wpa_s
, wpa_s
->conf
->country
)) {
5764 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to set country");
5769 if (wpa_s
->conf
->fst_group_id
) {
5770 struct fst_iface_cfg cfg
;
5771 struct fst_wpa_obj iface_obj
;
5773 fst_wpa_supplicant_fill_iface_obj(wpa_s
, &iface_obj
);
5774 os_strlcpy(cfg
.group_id
, wpa_s
->conf
->fst_group_id
,
5775 sizeof(cfg
.group_id
));
5776 cfg
.priority
= wpa_s
->conf
->fst_priority
;
5777 cfg
.llt
= wpa_s
->conf
->fst_llt
;
5779 wpa_s
->fst
= fst_attach(wpa_s
->ifname
, wpa_s
->own_addr
,
5782 wpa_msg(wpa_s
, MSG_ERROR
,
5783 "FST: Cannot attach iface %s to group %s",
5784 wpa_s
->ifname
, cfg
.group_id
);
5788 #endif /* CONFIG_FST */
5790 if (wpas_wps_init(wpa_s
))
5793 #ifdef CONFIG_GAS_SERVER
5794 wpa_s
->gas_server
= gas_server_init(wpa_s
, wpas_gas_server_tx
);
5795 if (!wpa_s
->gas_server
) {
5796 wpa_printf(MSG_ERROR
, "Failed to initialize GAS server");
5799 #endif /* CONFIG_GAS_SERVER */
5802 if (wpas_dpp_init(wpa_s
) < 0)
5804 #endif /* CONFIG_DPP */
5806 if (wpa_supplicant_init_eapol(wpa_s
) < 0)
5808 wpa_sm_set_eapol(wpa_s
->wpa
, wpa_s
->eapol
);
5810 wpa_s
->ctrl_iface
= wpa_supplicant_ctrl_iface_init(wpa_s
);
5811 if (wpa_s
->ctrl_iface
== NULL
) {
5812 wpa_printf(MSG_ERROR
,
5813 "Failed to initialize control interface '%s'.\n"
5814 "You may have another wpa_supplicant process "
5815 "already running or the file was\n"
5816 "left by an unclean termination of wpa_supplicant "
5817 "in which case you will need\n"
5818 "to manually remove this file before starting "
5819 "wpa_supplicant again.\n",
5820 wpa_s
->conf
->ctrl_interface
);
5824 wpa_s
->gas
= gas_query_init(wpa_s
);
5825 if (wpa_s
->gas
== NULL
) {
5826 wpa_printf(MSG_ERROR
, "Failed to initialize GAS query");
5830 if ((!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
) ||
5832 wpas_p2p_init(wpa_s
->global
, wpa_s
) < 0) {
5833 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to init P2P");
5837 if (wpa_bss_init(wpa_s
) < 0)
5840 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
5842 dl_list_init(&wpa_s
->mesh_external_pmksa_cache
);
5843 #endif /* CONFIG_MESH */
5844 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
5847 * Set Wake-on-WLAN triggers, if configured.
5848 * Note: We don't restore/remove the triggers on shutdown (it doesn't
5849 * have effect anyway when the interface is down).
5851 if (capa_res
== 0 && wpas_set_wowlan_triggers(wpa_s
, &capa
) < 0)
5854 #ifdef CONFIG_EAP_PROXY
5857 wpa_s
->mnc_len
= eapol_sm_get_eap_proxy_imsi(wpa_s
->eapol
, -1,
5859 if (wpa_s
->mnc_len
> 0) {
5860 wpa_s
->imsi
[len
] = '\0';
5861 wpa_printf(MSG_DEBUG
, "eap_proxy: IMSI %s (MNC length %d)",
5862 wpa_s
->imsi
, wpa_s
->mnc_len
);
5864 wpa_printf(MSG_DEBUG
, "eap_proxy: IMSI not available");
5867 #endif /* CONFIG_EAP_PROXY */
5869 if (pcsc_reader_init(wpa_s
) < 0)
5872 if (wpas_init_ext_pw(wpa_s
) < 0)
5875 wpas_rrm_reset(wpa_s
);
5877 wpas_sched_scan_plans_set(wpa_s
, wpa_s
->conf
->sched_scan_plans
);
5881 #endif /* CONFIG_HS20 */
5883 if (wpa_s
->conf
->oce
) {
5884 if ((wpa_s
->conf
->oce
& OCE_STA
) &&
5885 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OCE_STA
))
5886 wpa_s
->enable_oce
= OCE_STA
;
5887 if ((wpa_s
->conf
->oce
& OCE_STA_CFON
) &&
5888 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OCE_STA_CFON
)) {
5889 /* TODO: Need to add STA-CFON support */
5890 wpa_printf(MSG_ERROR
,
5891 "OCE STA-CFON feature is not yet supported");
5894 wpas_mbo_update_non_pref_chan(wpa_s
, wpa_s
->conf
->non_pref_chan
);
5895 #endif /* CONFIG_MBO */
5897 wpa_supplicant_set_default_scan_ies(wpa_s
);
5903 static void wpa_supplicant_deinit_iface(struct wpa_supplicant
*wpa_s
,
5904 int notify
, int terminate
)
5906 struct wpa_global
*global
= wpa_s
->global
;
5907 struct wpa_supplicant
*iface
, *prev
;
5909 if (wpa_s
== wpa_s
->parent
)
5910 wpas_p2p_group_remove(wpa_s
, "*");
5912 iface
= global
->ifaces
;
5914 if (iface
->p2pdev
== wpa_s
)
5915 iface
->p2pdev
= iface
->parent
;
5916 if (iface
== wpa_s
|| iface
->parent
!= wpa_s
) {
5917 iface
= iface
->next
;
5920 wpa_printf(MSG_DEBUG
,
5921 "Remove remaining child interface %s from parent %s",
5922 iface
->ifname
, wpa_s
->ifname
);
5924 iface
= iface
->next
;
5925 wpa_supplicant_remove_iface(global
, prev
, terminate
);
5928 wpa_s
->disconnected
= 1;
5929 if (wpa_s
->drv_priv
) {
5930 wpa_supplicant_deauthenticate(wpa_s
,
5931 WLAN_REASON_DEAUTH_LEAVING
);
5933 wpa_drv_set_countermeasures(wpa_s
, 0);
5934 wpa_clear_keys(wpa_s
, NULL
);
5937 wpa_supplicant_cleanup(wpa_s
);
5938 wpas_p2p_deinit_iface(wpa_s
);
5940 wpas_ctrl_radio_work_flush(wpa_s
);
5941 radio_remove_interface(wpa_s
);
5945 fst_detach(wpa_s
->fst
);
5948 if (wpa_s
->received_mb_ies
) {
5949 wpabuf_free(wpa_s
->received_mb_ies
);
5950 wpa_s
->received_mb_ies
= NULL
;
5952 #endif /* CONFIG_FST */
5954 if (wpa_s
->drv_priv
)
5955 wpa_drv_deinit(wpa_s
);
5958 wpas_notify_iface_removed(wpa_s
);
5961 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_TERMINATING
);
5963 if (wpa_s
->ctrl_iface
) {
5964 wpa_supplicant_ctrl_iface_deinit(wpa_s
->ctrl_iface
);
5965 wpa_s
->ctrl_iface
= NULL
;
5970 wpa_supplicant_mesh_iface_deinit(wpa_s
, wpa_s
->ifmsh
);
5971 wpa_s
->ifmsh
= NULL
;
5973 #endif /* CONFIG_MESH */
5975 if (wpa_s
->conf
!= NULL
) {
5976 wpa_config_free(wpa_s
->conf
);
5980 os_free(wpa_s
->ssids_from_scan_req
);
5986 #ifdef CONFIG_MATCH_IFACE
5989 * wpa_supplicant_match_iface - Match an interface description to a name
5990 * @global: Pointer to global data from wpa_supplicant_init()
5991 * @ifname: Name of the interface to match
5992 * Returns: Pointer to the created interface description or %NULL on failure
5994 struct wpa_interface
* wpa_supplicant_match_iface(struct wpa_global
*global
,
5998 struct wpa_interface
*iface
, *miface
;
6000 for (i
= 0; i
< global
->params
.match_iface_count
; i
++) {
6001 miface
= &global
->params
.match_ifaces
[i
];
6002 if (!miface
->ifname
||
6003 fnmatch(miface
->ifname
, ifname
, 0) == 0) {
6004 iface
= os_zalloc(sizeof(*iface
));
6008 iface
->ifname
= ifname
;
6018 * wpa_supplicant_match_existing - Match existing interfaces
6019 * @global: Pointer to global data from wpa_supplicant_init()
6020 * Returns: 0 on success, -1 on failure
6022 static int wpa_supplicant_match_existing(struct wpa_global
*global
)
6024 struct if_nameindex
*ifi
, *ifp
;
6025 struct wpa_supplicant
*wpa_s
;
6026 struct wpa_interface
*iface
;
6028 ifp
= if_nameindex();
6030 wpa_printf(MSG_ERROR
, "if_nameindex: %s", strerror(errno
));
6034 for (ifi
= ifp
; ifi
->if_name
; ifi
++) {
6035 wpa_s
= wpa_supplicant_get_iface(global
, ifi
->if_name
);
6038 iface
= wpa_supplicant_match_iface(global
, ifi
->if_name
);
6040 wpa_s
= wpa_supplicant_add_iface(global
, iface
, NULL
);
6047 if_freenameindex(ifp
);
6051 #endif /* CONFIG_MATCH_IFACE */
6055 * wpa_supplicant_add_iface - Add a new network interface
6056 * @global: Pointer to global data from wpa_supplicant_init()
6057 * @iface: Interface configuration options
6058 * @parent: Parent interface or %NULL to assign new interface as parent
6059 * Returns: Pointer to the created interface or %NULL on failure
6061 * This function is used to add new network interfaces for %wpa_supplicant.
6062 * This can be called before wpa_supplicant_run() to add interfaces before the
6063 * main event loop has been started. In addition, new interfaces can be added
6064 * dynamically while %wpa_supplicant is already running. This could happen,
6065 * e.g., when a hotplug network adapter is inserted.
6067 struct wpa_supplicant
* wpa_supplicant_add_iface(struct wpa_global
*global
,
6068 struct wpa_interface
*iface
,
6069 struct wpa_supplicant
*parent
)
6071 struct wpa_supplicant
*wpa_s
;
6072 struct wpa_interface t_iface
;
6073 struct wpa_ssid
*ssid
;
6075 if (global
== NULL
|| iface
== NULL
)
6078 wpa_s
= wpa_supplicant_alloc(parent
);
6082 wpa_s
->global
= global
;
6085 if (global
->params
.override_driver
) {
6086 wpa_printf(MSG_DEBUG
, "Override interface parameter: driver "
6088 iface
->driver
, global
->params
.override_driver
);
6089 t_iface
.driver
= global
->params
.override_driver
;
6091 if (global
->params
.override_ctrl_interface
) {
6092 wpa_printf(MSG_DEBUG
, "Override interface parameter: "
6093 "ctrl_interface ('%s' -> '%s')",
6094 iface
->ctrl_interface
,
6095 global
->params
.override_ctrl_interface
);
6096 t_iface
.ctrl_interface
=
6097 global
->params
.override_ctrl_interface
;
6099 if (wpa_supplicant_init_iface(wpa_s
, &t_iface
)) {
6100 wpa_printf(MSG_DEBUG
, "Failed to add interface %s",
6102 wpa_supplicant_deinit_iface(wpa_s
, 0, 0);
6106 if (iface
->p2p_mgmt
== 0) {
6107 /* Notify the control interfaces about new iface */
6108 if (wpas_notify_iface_added(wpa_s
)) {
6109 wpa_supplicant_deinit_iface(wpa_s
, 1, 0);
6113 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
6114 wpas_notify_network_added(wpa_s
, ssid
);
6117 wpa_s
->next
= global
->ifaces
;
6118 global
->ifaces
= wpa_s
;
6120 wpa_dbg(wpa_s
, MSG_DEBUG
, "Added interface %s", wpa_s
->ifname
);
6121 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
6124 if (wpa_s
->global
->p2p
== NULL
&&
6125 !wpa_s
->global
->p2p_disabled
&& !wpa_s
->conf
->p2p_disabled
&&
6126 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
) &&
6127 wpas_p2p_add_p2pdev_interface(
6128 wpa_s
, wpa_s
->global
->params
.conf_p2p_dev
) < 0) {
6129 wpa_printf(MSG_INFO
,
6130 "P2P: Failed to enable P2P Device interface");
6131 /* Try to continue without. P2P will be disabled. */
6133 #endif /* CONFIG_P2P */
6140 * wpa_supplicant_remove_iface - Remove a network interface
6141 * @global: Pointer to global data from wpa_supplicant_init()
6142 * @wpa_s: Pointer to the network interface to be removed
6143 * Returns: 0 if interface was removed, -1 if interface was not found
6145 * This function can be used to dynamically remove network interfaces from
6146 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
6147 * addition, this function is used to remove all remaining interfaces when
6148 * %wpa_supplicant is terminated.
6150 int wpa_supplicant_remove_iface(struct wpa_global
*global
,
6151 struct wpa_supplicant
*wpa_s
,
6154 struct wpa_supplicant
*prev
;
6156 unsigned int mesh_if_created
= wpa_s
->mesh_if_created
;
6157 char *ifname
= NULL
;
6158 struct wpa_supplicant
*parent
= wpa_s
->parent
;
6159 #endif /* CONFIG_MESH */
6161 /* Remove interface from the global list of interfaces */
6162 prev
= global
->ifaces
;
6163 if (prev
== wpa_s
) {
6164 global
->ifaces
= wpa_s
->next
;
6166 while (prev
&& prev
->next
!= wpa_s
)
6170 prev
->next
= wpa_s
->next
;
6173 wpa_dbg(wpa_s
, MSG_DEBUG
, "Removing interface %s", wpa_s
->ifname
);
6176 if (mesh_if_created
) {
6177 ifname
= os_strdup(wpa_s
->ifname
);
6178 if (ifname
== NULL
) {
6179 wpa_dbg(wpa_s
, MSG_ERROR
,
6180 "mesh: Failed to malloc ifname");
6184 #endif /* CONFIG_MESH */
6186 if (global
->p2p_group_formation
== wpa_s
)
6187 global
->p2p_group_formation
= NULL
;
6188 if (global
->p2p_invite_group
== wpa_s
)
6189 global
->p2p_invite_group
= NULL
;
6190 wpa_supplicant_deinit_iface(wpa_s
, 1, terminate
);
6193 if (mesh_if_created
) {
6194 wpa_drv_if_remove(parent
, WPA_IF_MESH
, ifname
);
6197 #endif /* CONFIG_MESH */
6204 * wpa_supplicant_get_eap_mode - Get the current EAP mode
6205 * @wpa_s: Pointer to the network interface
6206 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
6208 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant
*wpa_s
)
6210 const char *eapol_method
;
6212 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) == 0 &&
6213 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
6217 eapol_method
= eapol_sm_get_method_name(wpa_s
->eapol
);
6218 if (eapol_method
== NULL
)
6219 return "UNKNOWN-EAP";
6221 return eapol_method
;
6226 * wpa_supplicant_get_iface - Get a new network interface
6227 * @global: Pointer to global data from wpa_supplicant_init()
6228 * @ifname: Interface name
6229 * Returns: Pointer to the interface or %NULL if not found
6231 struct wpa_supplicant
* wpa_supplicant_get_iface(struct wpa_global
*global
,
6234 struct wpa_supplicant
*wpa_s
;
6236 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
6237 if (os_strcmp(wpa_s
->ifname
, ifname
) == 0)
6244 #ifndef CONFIG_NO_WPA_MSG
6245 static const char * wpa_supplicant_msg_ifname_cb(void *ctx
)
6247 struct wpa_supplicant
*wpa_s
= ctx
;
6250 return wpa_s
->ifname
;
6252 #endif /* CONFIG_NO_WPA_MSG */
6255 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
6256 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
6257 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
6259 /* Periodic cleanup tasks */
6260 static void wpas_periodic(void *eloop_ctx
, void *timeout_ctx
)
6262 struct wpa_global
*global
= eloop_ctx
;
6263 struct wpa_supplicant
*wpa_s
;
6265 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL
, 0,
6266 wpas_periodic
, global
, NULL
);
6270 p2p_expire_peers(global
->p2p
);
6271 #endif /* CONFIG_P2P */
6273 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
6274 wpa_bss_flush_by_age(wpa_s
, wpa_s
->conf
->bss_expiration_age
);
6277 #endif /* CONFIG_AP */
6283 * wpa_supplicant_init - Initialize %wpa_supplicant
6284 * @params: Parameters for %wpa_supplicant
6285 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
6287 * This function is used to initialize %wpa_supplicant. After successful
6288 * initialization, the returned data pointer can be used to add and remove
6289 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
6291 struct wpa_global
* wpa_supplicant_init(struct wpa_params
*params
)
6293 struct wpa_global
*global
;
6299 #ifdef CONFIG_DRIVER_NDIS
6301 void driver_ndis_init_ops(void);
6302 driver_ndis_init_ops();
6304 #endif /* CONFIG_DRIVER_NDIS */
6306 #ifndef CONFIG_NO_WPA_MSG
6307 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb
);
6308 #endif /* CONFIG_NO_WPA_MSG */
6310 if (params
->wpa_debug_file_path
)
6311 wpa_debug_open_file(params
->wpa_debug_file_path
);
6313 wpa_debug_setup_stdout();
6314 if (params
->wpa_debug_syslog
)
6315 wpa_debug_open_syslog();
6316 if (params
->wpa_debug_tracing
) {
6317 ret
= wpa_debug_open_linux_tracing();
6319 wpa_printf(MSG_ERROR
,
6320 "Failed to enable trace logging");
6325 ret
= eap_register_methods();
6327 wpa_printf(MSG_ERROR
, "Failed to register EAP methods");
6329 wpa_printf(MSG_ERROR
, "Two or more EAP methods used "
6330 "the same EAP type.");
6334 global
= os_zalloc(sizeof(*global
));
6337 dl_list_init(&global
->p2p_srv_bonjour
);
6338 dl_list_init(&global
->p2p_srv_upnp
);
6339 global
->params
.daemonize
= params
->daemonize
;
6340 global
->params
.wait_for_monitor
= params
->wait_for_monitor
;
6341 global
->params
.dbus_ctrl_interface
= params
->dbus_ctrl_interface
;
6342 if (params
->pid_file
)
6343 global
->params
.pid_file
= os_strdup(params
->pid_file
);
6344 if (params
->ctrl_interface
)
6345 global
->params
.ctrl_interface
=
6346 os_strdup(params
->ctrl_interface
);
6347 if (params
->ctrl_interface_group
)
6348 global
->params
.ctrl_interface_group
=
6349 os_strdup(params
->ctrl_interface_group
);
6350 if (params
->override_driver
)
6351 global
->params
.override_driver
=
6352 os_strdup(params
->override_driver
);
6353 if (params
->override_ctrl_interface
)
6354 global
->params
.override_ctrl_interface
=
6355 os_strdup(params
->override_ctrl_interface
);
6356 #ifdef CONFIG_MATCH_IFACE
6357 global
->params
.match_iface_count
= params
->match_iface_count
;
6358 if (params
->match_iface_count
) {
6359 global
->params
.match_ifaces
=
6360 os_calloc(params
->match_iface_count
,
6361 sizeof(struct wpa_interface
));
6362 os_memcpy(global
->params
.match_ifaces
,
6363 params
->match_ifaces
,
6364 params
->match_iface_count
*
6365 sizeof(struct wpa_interface
));
6367 #endif /* CONFIG_MATCH_IFACE */
6369 if (params
->conf_p2p_dev
)
6370 global
->params
.conf_p2p_dev
=
6371 os_strdup(params
->conf_p2p_dev
);
6372 #endif /* CONFIG_P2P */
6373 wpa_debug_level
= global
->params
.wpa_debug_level
=
6374 params
->wpa_debug_level
;
6375 wpa_debug_show_keys
= global
->params
.wpa_debug_show_keys
=
6376 params
->wpa_debug_show_keys
;
6377 wpa_debug_timestamp
= global
->params
.wpa_debug_timestamp
=
6378 params
->wpa_debug_timestamp
;
6380 wpa_printf(MSG_DEBUG
, "wpa_supplicant v" VERSION_STR
);
6383 wpa_printf(MSG_ERROR
, "Failed to initialize event loop");
6384 wpa_supplicant_deinit(global
);
6388 random_init(params
->entropy_file
);
6390 global
->ctrl_iface
= wpa_supplicant_global_ctrl_iface_init(global
);
6391 if (global
->ctrl_iface
== NULL
) {
6392 wpa_supplicant_deinit(global
);
6396 if (wpas_notify_supplicant_initialized(global
)) {
6397 wpa_supplicant_deinit(global
);
6401 for (i
= 0; wpa_drivers
[i
]; i
++)
6402 global
->drv_count
++;
6403 if (global
->drv_count
== 0) {
6404 wpa_printf(MSG_ERROR
, "No drivers enabled");
6405 wpa_supplicant_deinit(global
);
6408 global
->drv_priv
= os_calloc(global
->drv_count
, sizeof(void *));
6409 if (global
->drv_priv
== NULL
) {
6410 wpa_supplicant_deinit(global
);
6414 #ifdef CONFIG_WIFI_DISPLAY
6415 if (wifi_display_init(global
) < 0) {
6416 wpa_printf(MSG_ERROR
, "Failed to initialize Wi-Fi Display");
6417 wpa_supplicant_deinit(global
);
6420 #endif /* CONFIG_WIFI_DISPLAY */
6422 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL
, 0,
6423 wpas_periodic
, global
, NULL
);
6430 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
6431 * @global: Pointer to global data from wpa_supplicant_init()
6432 * Returns: 0 after successful event loop run, -1 on failure
6434 * This function starts the main event loop and continues running as long as
6435 * there are any remaining events. In most cases, this function is running as
6436 * long as the %wpa_supplicant process in still in use.
6438 int wpa_supplicant_run(struct wpa_global
*global
)
6440 struct wpa_supplicant
*wpa_s
;
6442 if (global
->params
.daemonize
&&
6443 (wpa_supplicant_daemon(global
->params
.pid_file
) ||
6444 eloop_sock_requeue()))
6447 #ifdef CONFIG_MATCH_IFACE
6448 if (wpa_supplicant_match_existing(global
))
6452 if (global
->params
.wait_for_monitor
) {
6453 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
)
6454 if (wpa_s
->ctrl_iface
&& !wpa_s
->p2p_mgmt
)
6455 wpa_supplicant_ctrl_iface_wait(
6459 eloop_register_signal_terminate(wpa_supplicant_terminate
, global
);
6460 eloop_register_signal_reconfig(wpa_supplicant_reconfig
, global
);
6469 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
6470 * @global: Pointer to global data from wpa_supplicant_init()
6472 * This function is called to deinitialize %wpa_supplicant and to free all
6473 * allocated resources. Remaining network interfaces will also be removed.
6475 void wpa_supplicant_deinit(struct wpa_global
*global
)
6482 eloop_cancel_timeout(wpas_periodic
, global
, NULL
);
6484 #ifdef CONFIG_WIFI_DISPLAY
6485 wifi_display_deinit(global
);
6486 #endif /* CONFIG_WIFI_DISPLAY */
6488 while (global
->ifaces
)
6489 wpa_supplicant_remove_iface(global
, global
->ifaces
, 1);
6491 if (global
->ctrl_iface
)
6492 wpa_supplicant_global_ctrl_iface_deinit(global
->ctrl_iface
);
6494 wpas_notify_supplicant_deinitialized(global
);
6496 eap_peer_unregister_methods();
6498 eap_server_unregister_methods();
6499 #endif /* CONFIG_AP */
6501 for (i
= 0; wpa_drivers
[i
] && global
->drv_priv
; i
++) {
6502 if (!global
->drv_priv
[i
])
6504 wpa_drivers
[i
]->global_deinit(global
->drv_priv
[i
]);
6506 os_free(global
->drv_priv
);
6512 if (global
->params
.pid_file
) {
6513 os_daemonize_terminate(global
->params
.pid_file
);
6514 os_free(global
->params
.pid_file
);
6516 os_free(global
->params
.ctrl_interface
);
6517 os_free(global
->params
.ctrl_interface_group
);
6518 os_free(global
->params
.override_driver
);
6519 os_free(global
->params
.override_ctrl_interface
);
6520 #ifdef CONFIG_MATCH_IFACE
6521 os_free(global
->params
.match_ifaces
);
6522 #endif /* CONFIG_MATCH_IFACE */
6524 os_free(global
->params
.conf_p2p_dev
);
6525 #endif /* CONFIG_P2P */
6527 os_free(global
->p2p_disallow_freq
.range
);
6528 os_free(global
->p2p_go_avoid_freq
.range
);
6529 os_free(global
->add_psk
);
6532 wpa_debug_close_syslog();
6533 wpa_debug_close_file();
6534 wpa_debug_close_linux_tracing();
6538 void wpa_supplicant_update_config(struct wpa_supplicant
*wpa_s
)
6540 if ((wpa_s
->conf
->changed_parameters
& CFG_CHANGED_COUNTRY
) &&
6541 wpa_s
->conf
->country
[0] && wpa_s
->conf
->country
[1]) {
6543 country
[0] = wpa_s
->conf
->country
[0];
6544 country
[1] = wpa_s
->conf
->country
[1];
6546 if (wpa_drv_set_country(wpa_s
, country
) < 0) {
6547 wpa_printf(MSG_ERROR
, "Failed to set country code "
6552 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_EXT_PW_BACKEND
)
6553 wpas_init_ext_pw(wpa_s
);
6555 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_SCHED_SCAN_PLANS
)
6556 wpas_sched_scan_plans_set(wpa_s
, wpa_s
->conf
->sched_scan_plans
);
6558 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_WOWLAN_TRIGGERS
) {
6559 struct wpa_driver_capa capa
;
6560 int res
= wpa_drv_get_capa(wpa_s
, &capa
);
6562 if (res
== 0 && wpas_set_wowlan_triggers(wpa_s
, &capa
) < 0)
6563 wpa_printf(MSG_ERROR
,
6564 "Failed to update wowlan_triggers to '%s'",
6565 wpa_s
->conf
->wowlan_triggers
);
6569 wpas_wps_update_config(wpa_s
);
6570 #endif /* CONFIG_WPS */
6571 wpas_p2p_update_config(wpa_s
);
6572 wpa_s
->conf
->changed_parameters
= 0;
6576 void add_freq(int *freqs
, int *num_freqs
, int freq
)
6580 for (i
= 0; i
< *num_freqs
; i
++) {
6581 if (freqs
[i
] == freq
)
6585 freqs
[*num_freqs
] = freq
;
6590 static int * get_bss_freqs_in_ess(struct wpa_supplicant
*wpa_s
)
6592 struct wpa_bss
*bss
, *cbss
;
6593 const int max_freqs
= 10;
6597 freqs
= os_calloc(max_freqs
+ 1, sizeof(int));
6601 cbss
= wpa_s
->current_bss
;
6603 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
6606 if (bss
->ssid_len
== cbss
->ssid_len
&&
6607 os_memcmp(bss
->ssid
, cbss
->ssid
, bss
->ssid_len
) == 0 &&
6608 wpa_blacklist_get(wpa_s
, bss
->bssid
) == NULL
) {
6609 add_freq(freqs
, &num_freqs
, bss
->freq
);
6610 if (num_freqs
== max_freqs
)
6615 if (num_freqs
== 0) {
6624 void wpas_connection_failed(struct wpa_supplicant
*wpa_s
, const u8
*bssid
)
6630 wpas_connect_work_done(wpa_s
);
6633 * Remove possible authentication timeout since the connection failed.
6635 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
6638 * There is no point in blacklisting the AP if this event is
6639 * generated based on local request to disconnect.
6641 if (wpa_s
->own_disconnect_req
) {
6642 wpa_s
->own_disconnect_req
= 0;
6643 wpa_dbg(wpa_s
, MSG_DEBUG
,
6644 "Ignore connection failure due to local request to disconnect");
6647 if (wpa_s
->disconnected
) {
6648 wpa_dbg(wpa_s
, MSG_DEBUG
, "Ignore connection failure "
6649 "indication since interface has been put into "
6650 "disconnected state");
6655 * Add the failed BSSID into the blacklist and speed up next scan
6656 * attempt if there could be other APs that could accept association.
6657 * The current blacklist count indicates how many times we have tried
6658 * connecting to this AP and multiple attempts mean that other APs are
6659 * either not available or has already been tried, so that we can start
6660 * increasing the delay here to avoid constant scanning.
6662 count
= wpa_blacklist_add(wpa_s
, bssid
);
6663 if (count
== 1 && wpa_s
->current_bss
) {
6665 * This BSS was not in the blacklist before. If there is
6666 * another BSS available for the same ESS, we should try that
6667 * next. Otherwise, we may as well try this one once more
6668 * before allowing other, likely worse, ESSes to be considered.
6670 freqs
= get_bss_freqs_in_ess(wpa_s
);
6672 wpa_dbg(wpa_s
, MSG_DEBUG
, "Another BSS in this ESS "
6673 "has been seen; try it next");
6674 wpa_blacklist_add(wpa_s
, bssid
);
6676 * On the next scan, go through only the known channels
6677 * used in this ESS based on previous scans to speed up
6678 * common load balancing use case.
6680 os_free(wpa_s
->next_scan_freqs
);
6681 wpa_s
->next_scan_freqs
= freqs
;
6686 * Add previous failure count in case the temporary blacklist was
6687 * cleared due to no other BSSes being available.
6689 count
+= wpa_s
->extra_blacklist_count
;
6691 if (count
> 3 && wpa_s
->current_ssid
) {
6692 wpa_printf(MSG_DEBUG
, "Continuous association failures - "
6693 "consider temporary network disabling");
6694 wpas_auth_failed(wpa_s
, "CONN_FAILED");
6715 wpa_dbg(wpa_s
, MSG_DEBUG
, "Blacklist count %d --> request scan in %d "
6716 "ms", count
, timeout
);
6719 * TODO: if more than one possible AP is available in scan results,
6720 * could try the other ones before requesting a new scan.
6722 wpa_supplicant_req_scan(wpa_s
, timeout
/ 1000,
6723 1000 * (timeout
% 1000));
6728 void fils_connection_failure(struct wpa_supplicant
*wpa_s
)
6730 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
6731 const u8
*realm
, *username
, *rrk
;
6732 size_t realm_len
, username_len
, rrk_len
;
6735 if (!ssid
|| !ssid
->eap
.erp
|| !wpa_key_mgmt_fils(ssid
->key_mgmt
) ||
6736 eapol_sm_get_erp_info(wpa_s
->eapol
, &ssid
->eap
,
6737 &username
, &username_len
,
6738 &realm
, &realm_len
, &next_seq_num
,
6739 &rrk
, &rrk_len
) != 0 ||
6743 wpa_hexdump_ascii(MSG_DEBUG
,
6744 "FILS: Store last connection failure realm",
6746 os_free(wpa_s
->last_con_fail_realm
);
6747 wpa_s
->last_con_fail_realm
= os_malloc(realm_len
);
6748 if (wpa_s
->last_con_fail_realm
) {
6749 wpa_s
->last_con_fail_realm_len
= realm_len
;
6750 os_memcpy(wpa_s
->last_con_fail_realm
, realm
, realm_len
);
6753 #endif /* CONFIG_FILS */
6756 int wpas_driver_bss_selection(struct wpa_supplicant
*wpa_s
)
6758 return wpa_s
->conf
->ap_scan
== 2 ||
6759 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_BSS_SELECTION
);
6763 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
6764 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant
*wpa_s
,
6765 struct wpa_ssid
*ssid
,
6769 #ifdef IEEE8021X_EAPOL
6770 struct eap_peer_config
*eap
= &ssid
->eap
;
6772 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: response handle field=%s", field
);
6773 wpa_hexdump_ascii_key(MSG_DEBUG
, "CTRL_IFACE: response value",
6774 (const u8
*) value
, os_strlen(value
));
6776 switch (wpa_supplicant_ctrl_req_from_string(field
)) {
6777 case WPA_CTRL_REQ_EAP_IDENTITY
:
6778 os_free(eap
->identity
);
6779 eap
->identity
= (u8
*) os_strdup(value
);
6780 eap
->identity_len
= os_strlen(value
);
6781 eap
->pending_req_identity
= 0;
6782 if (ssid
== wpa_s
->current_ssid
)
6783 wpa_s
->reassociate
= 1;
6785 case WPA_CTRL_REQ_EAP_PASSWORD
:
6786 bin_clear_free(eap
->password
, eap
->password_len
);
6787 eap
->password
= (u8
*) os_strdup(value
);
6788 eap
->password_len
= os_strlen(value
);
6789 eap
->pending_req_password
= 0;
6790 if (ssid
== wpa_s
->current_ssid
)
6791 wpa_s
->reassociate
= 1;
6793 case WPA_CTRL_REQ_EAP_NEW_PASSWORD
:
6794 bin_clear_free(eap
->new_password
, eap
->new_password_len
);
6795 eap
->new_password
= (u8
*) os_strdup(value
);
6796 eap
->new_password_len
= os_strlen(value
);
6797 eap
->pending_req_new_password
= 0;
6798 if (ssid
== wpa_s
->current_ssid
)
6799 wpa_s
->reassociate
= 1;
6801 case WPA_CTRL_REQ_EAP_PIN
:
6802 str_clear_free(eap
->pin
);
6803 eap
->pin
= os_strdup(value
);
6804 eap
->pending_req_pin
= 0;
6805 if (ssid
== wpa_s
->current_ssid
)
6806 wpa_s
->reassociate
= 1;
6808 case WPA_CTRL_REQ_EAP_OTP
:
6809 bin_clear_free(eap
->otp
, eap
->otp_len
);
6810 eap
->otp
= (u8
*) os_strdup(value
);
6811 eap
->otp_len
= os_strlen(value
);
6812 os_free(eap
->pending_req_otp
);
6813 eap
->pending_req_otp
= NULL
;
6814 eap
->pending_req_otp_len
= 0;
6816 case WPA_CTRL_REQ_EAP_PASSPHRASE
:
6817 str_clear_free(eap
->private_key_passwd
);
6818 eap
->private_key_passwd
= os_strdup(value
);
6819 eap
->pending_req_passphrase
= 0;
6820 if (ssid
== wpa_s
->current_ssid
)
6821 wpa_s
->reassociate
= 1;
6823 case WPA_CTRL_REQ_SIM
:
6824 str_clear_free(eap
->external_sim_resp
);
6825 eap
->external_sim_resp
= os_strdup(value
);
6826 eap
->pending_req_sim
= 0;
6828 case WPA_CTRL_REQ_PSK_PASSPHRASE
:
6829 if (wpa_config_set(ssid
, "psk", value
, 0) < 0)
6831 ssid
->mem_only_psk
= 1;
6832 if (ssid
->passphrase
)
6833 wpa_config_update_psk(ssid
);
6834 if (wpa_s
->wpa_state
== WPA_SCANNING
&& !wpa_s
->scanning
)
6835 wpa_supplicant_req_scan(wpa_s
, 0, 0);
6837 case WPA_CTRL_REQ_EXT_CERT_CHECK
:
6838 if (eap
->pending_ext_cert_check
!= PENDING_CHECK
)
6840 if (os_strcmp(value
, "good") == 0)
6841 eap
->pending_ext_cert_check
= EXT_CERT_CHECK_GOOD
;
6842 else if (os_strcmp(value
, "bad") == 0)
6843 eap
->pending_ext_cert_check
= EXT_CERT_CHECK_BAD
;
6848 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: Unknown field '%s'", field
);
6853 #else /* IEEE8021X_EAPOL */
6854 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: IEEE 802.1X not included");
6856 #endif /* IEEE8021X_EAPOL */
6858 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
6861 int wpas_network_disabled(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
6864 unsigned int drv_enc
;
6866 if (wpa_s
->p2p_mgmt
)
6867 return 1; /* no normal network profiles on p2p_mgmt interface */
6875 if (wpa_s
->drv_capa_known
)
6876 drv_enc
= wpa_s
->drv_enc
;
6878 drv_enc
= (unsigned int) -1;
6880 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
6881 size_t len
= ssid
->wep_key_len
[i
];
6884 if (len
== 5 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP40
))
6886 if (len
== 13 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP104
))
6888 if (len
== 16 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP128
))
6890 return 1; /* invalid WEP key */
6893 if (wpa_key_mgmt_wpa_psk(ssid
->key_mgmt
) && !ssid
->psk_set
&&
6894 (!ssid
->passphrase
|| ssid
->ssid_len
!= 0) && !ssid
->ext_psk
&&
6895 !(wpa_key_mgmt_sae(ssid
->key_mgmt
) && ssid
->sae_password
) &&
6896 !ssid
->mem_only_psk
)
6903 int wpas_get_ssid_pmf(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
6905 #ifdef CONFIG_IEEE80211W
6906 if (ssid
== NULL
|| ssid
->ieee80211w
== MGMT_FRAME_PROTECTION_DEFAULT
) {
6907 if (wpa_s
->conf
->pmf
== MGMT_FRAME_PROTECTION_OPTIONAL
&&
6908 !(wpa_s
->drv_enc
& WPA_DRIVER_CAPA_ENC_BIP
)) {
6910 * Driver does not support BIP -- ignore pmf=1 default
6911 * since the connection with PMF would fail and the
6912 * configuration does not require PMF to be enabled.
6914 return NO_MGMT_FRAME_PROTECTION
;
6919 ~(WPA_KEY_MGMT_NONE
| WPA_KEY_MGMT_WPS
|
6920 WPA_KEY_MGMT_IEEE8021X_NO_WPA
)) == 0) {
6922 * Do not use the default PMF value for non-RSN networks
6923 * since PMF is available only with RSN and pmf=2
6924 * configuration would otherwise prevent connections to
6925 * all open networks.
6927 return NO_MGMT_FRAME_PROTECTION
;
6930 return wpa_s
->conf
->pmf
;
6933 return ssid
->ieee80211w
;
6934 #else /* CONFIG_IEEE80211W */
6935 return NO_MGMT_FRAME_PROTECTION
;
6936 #endif /* CONFIG_IEEE80211W */
6940 int wpas_is_p2p_prioritized(struct wpa_supplicant
*wpa_s
)
6942 if (wpa_s
->global
->conc_pref
== WPA_CONC_PREF_P2P
)
6944 if (wpa_s
->global
->conc_pref
== WPA_CONC_PREF_STA
)
6950 void wpas_auth_failed(struct wpa_supplicant
*wpa_s
, char *reason
)
6952 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
6954 struct os_reltime now
;
6957 wpa_printf(MSG_DEBUG
, "Authentication failure but no known "
6962 if (ssid
->key_mgmt
== WPA_KEY_MGMT_WPS
)
6965 ssid
->auth_failures
++;
6968 if (ssid
->p2p_group
&&
6969 (wpa_s
->p2p_in_provisioning
|| wpa_s
->show_group_started
)) {
6971 * Skip the wait time since there is a short timeout on the
6972 * connection to a P2P group.
6976 #endif /* CONFIG_P2P */
6978 if (ssid
->auth_failures
> 50)
6980 else if (ssid
->auth_failures
> 10)
6982 else if (ssid
->auth_failures
> 5)
6984 else if (ssid
->auth_failures
> 3)
6986 else if (ssid
->auth_failures
> 2)
6988 else if (ssid
->auth_failures
> 1)
6993 if (ssid
->auth_failures
> 1 &&
6994 wpa_key_mgmt_wpa_ieee8021x(ssid
->key_mgmt
))
6995 dur
+= os_random() % (ssid
->auth_failures
* 10);
6997 os_get_reltime(&now
);
6998 if (now
.sec
+ dur
<= ssid
->disabled_until
.sec
)
7001 ssid
->disabled_until
.sec
= now
.sec
+ dur
;
7003 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_TEMP_DISABLED
7004 "id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
7005 ssid
->id
, wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
),
7006 ssid
->auth_failures
, dur
, reason
);
7010 void wpas_clear_temp_disabled(struct wpa_supplicant
*wpa_s
,
7011 struct wpa_ssid
*ssid
, int clear_failures
)
7016 if (ssid
->disabled_until
.sec
) {
7017 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_REENABLED
7018 "id=%d ssid=\"%s\"",
7019 ssid
->id
, wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
));
7021 ssid
->disabled_until
.sec
= 0;
7022 ssid
->disabled_until
.usec
= 0;
7024 ssid
->auth_failures
= 0;
7028 int disallowed_bssid(struct wpa_supplicant
*wpa_s
, const u8
*bssid
)
7032 if (wpa_s
->disallow_aps_bssid
== NULL
)
7035 for (i
= 0; i
< wpa_s
->disallow_aps_bssid_count
; i
++) {
7036 if (os_memcmp(wpa_s
->disallow_aps_bssid
+ i
* ETH_ALEN
,
7037 bssid
, ETH_ALEN
) == 0)
7045 int disallowed_ssid(struct wpa_supplicant
*wpa_s
, const u8
*ssid
,
7050 if (wpa_s
->disallow_aps_ssid
== NULL
|| ssid
== NULL
)
7053 for (i
= 0; i
< wpa_s
->disallow_aps_ssid_count
; i
++) {
7054 struct wpa_ssid_value
*s
= &wpa_s
->disallow_aps_ssid
[i
];
7055 if (ssid_len
== s
->ssid_len
&&
7056 os_memcmp(ssid
, s
->ssid
, ssid_len
) == 0)
7065 * wpas_request_connection - Request a new connection
7066 * @wpa_s: Pointer to the network interface
7068 * This function is used to request a new connection to be found. It will mark
7069 * the interface to allow reassociation and request a new scan to find a
7070 * suitable network to connect to.
7072 void wpas_request_connection(struct wpa_supplicant
*wpa_s
)
7074 wpa_s
->normal_scans
= 0;
7075 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
7076 wpa_supplicant_reinit_autoscan(wpa_s
);
7077 wpa_s
->extra_blacklist_count
= 0;
7078 wpa_s
->disconnected
= 0;
7079 wpa_s
->reassociate
= 1;
7080 wpa_s
->last_owe_group
= 0;
7082 if (wpa_supplicant_fast_associate(wpa_s
) != 1)
7083 wpa_supplicant_req_scan(wpa_s
, 0, 0);
7085 wpa_s
->reattach
= 0;
7090 * wpas_request_disconnection - Request disconnection
7091 * @wpa_s: Pointer to the network interface
7093 * This function is used to request disconnection from the currently connected
7094 * network. This will stop any ongoing scans and initiate deauthentication.
7096 void wpas_request_disconnection(struct wpa_supplicant
*wpa_s
)
7099 wpa_s
->sme
.prev_bssid_set
= 0;
7100 #endif /* CONFIG_SME */
7101 wpa_s
->reassociate
= 0;
7102 wpa_s
->disconnected
= 1;
7103 wpa_supplicant_cancel_sched_scan(wpa_s
);
7104 wpa_supplicant_cancel_scan(wpa_s
);
7105 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
7106 eloop_cancel_timeout(wpas_network_reenabled
, wpa_s
, NULL
);
7107 radio_remove_works(wpa_s
, "connect", 0);
7108 radio_remove_works(wpa_s
, "sme-connect", 0);
7112 void dump_freq_data(struct wpa_supplicant
*wpa_s
, const char *title
,
7113 struct wpa_used_freq_data
*freqs_data
,
7118 wpa_dbg(wpa_s
, MSG_DEBUG
, "Shared frequencies (len=%u): %s",
7120 for (i
= 0; i
< len
; i
++) {
7121 struct wpa_used_freq_data
*cur
= &freqs_data
[i
];
7122 wpa_dbg(wpa_s
, MSG_DEBUG
, "freq[%u]: %d, flags=0x%X",
7123 i
, cur
->freq
, cur
->flags
);
7129 * Find the operating frequencies of any of the virtual interfaces that
7130 * are using the same radio as the current interface, and in addition, get
7131 * information about the interface types that are using the frequency.
7133 int get_shared_radio_freqs_data(struct wpa_supplicant
*wpa_s
,
7134 struct wpa_used_freq_data
*freqs_data
,
7137 struct wpa_supplicant
*ifs
;
7140 unsigned int idx
= 0, i
;
7142 wpa_dbg(wpa_s
, MSG_DEBUG
,
7143 "Determining shared radio frequencies (max len %u)", len
);
7144 os_memset(freqs_data
, 0, sizeof(struct wpa_used_freq_data
) * len
);
7146 dl_list_for_each(ifs
, &wpa_s
->radio
->ifaces
, struct wpa_supplicant
,
7151 if (ifs
->current_ssid
== NULL
|| ifs
->assoc_freq
== 0)
7154 if (ifs
->current_ssid
->mode
== WPAS_MODE_AP
||
7155 ifs
->current_ssid
->mode
== WPAS_MODE_P2P_GO
||
7156 ifs
->current_ssid
->mode
== WPAS_MODE_MESH
)
7157 freq
= ifs
->current_ssid
->frequency
;
7158 else if (wpa_drv_get_bssid(ifs
, bssid
) == 0)
7159 freq
= ifs
->assoc_freq
;
7163 /* Hold only distinct freqs */
7164 for (i
= 0; i
< idx
; i
++)
7165 if (freqs_data
[i
].freq
== freq
)
7169 freqs_data
[idx
++].freq
= freq
;
7171 if (ifs
->current_ssid
->mode
== WPAS_MODE_INFRA
) {
7172 freqs_data
[i
].flags
|= ifs
->current_ssid
->p2p_group
?
7173 WPA_FREQ_USED_BY_P2P_CLIENT
:
7174 WPA_FREQ_USED_BY_INFRA_STATION
;
7178 dump_freq_data(wpa_s
, "completed iteration", freqs_data
, idx
);
7184 * Find the operating frequencies of any of the virtual interfaces that
7185 * are using the same radio as the current interface.
7187 int get_shared_radio_freqs(struct wpa_supplicant
*wpa_s
,
7188 int *freq_array
, unsigned int len
)
7190 struct wpa_used_freq_data
*freqs_data
;
7193 os_memset(freq_array
, 0, sizeof(int) * len
);
7195 freqs_data
= os_calloc(len
, sizeof(struct wpa_used_freq_data
));
7199 num
= get_shared_radio_freqs_data(wpa_s
, freqs_data
, len
);
7200 for (i
= 0; i
< num
; i
++)
7201 freq_array
[i
] = freqs_data
[i
].freq
;
7203 os_free(freqs_data
);
7209 struct wpa_supplicant
*
7210 wpas_vendor_elem(struct wpa_supplicant
*wpa_s
, enum wpa_vendor_elem_frame frame
)
7214 case VENDOR_ELEM_PROBE_REQ_P2P
:
7215 case VENDOR_ELEM_PROBE_RESP_P2P
:
7216 case VENDOR_ELEM_PROBE_RESP_P2P_GO
:
7217 case VENDOR_ELEM_BEACON_P2P_GO
:
7218 case VENDOR_ELEM_P2P_PD_REQ
:
7219 case VENDOR_ELEM_P2P_PD_RESP
:
7220 case VENDOR_ELEM_P2P_GO_NEG_REQ
:
7221 case VENDOR_ELEM_P2P_GO_NEG_RESP
:
7222 case VENDOR_ELEM_P2P_GO_NEG_CONF
:
7223 case VENDOR_ELEM_P2P_INV_REQ
:
7224 case VENDOR_ELEM_P2P_INV_RESP
:
7225 case VENDOR_ELEM_P2P_ASSOC_REQ
:
7226 case VENDOR_ELEM_P2P_ASSOC_RESP
:
7227 return wpa_s
->p2pdev
;
7228 #endif /* CONFIG_P2P */
7235 void wpas_vendor_elem_update(struct wpa_supplicant
*wpa_s
)
7240 wpa_printf(MSG_DEBUG
, "Update vendor elements");
7242 for (i
= 0; i
< NUM_VENDOR_ELEM_FRAMES
; i
++) {
7243 if (wpa_s
->vendor_elem
[i
]) {
7246 res
= os_snprintf(buf
, sizeof(buf
), "frame[%u]", i
);
7247 if (!os_snprintf_error(sizeof(buf
), res
)) {
7248 wpa_hexdump_buf(MSG_DEBUG
, buf
,
7249 wpa_s
->vendor_elem
[i
]);
7255 if (wpa_s
->parent
== wpa_s
&&
7256 wpa_s
->global
->p2p
&&
7257 !wpa_s
->global
->p2p_disabled
)
7258 p2p_set_vendor_elems(wpa_s
->global
->p2p
, wpa_s
->vendor_elem
);
7259 #endif /* CONFIG_P2P */
7263 int wpas_vendor_elem_remove(struct wpa_supplicant
*wpa_s
, int frame
,
7264 const u8
*elem
, size_t len
)
7268 ie
= wpabuf_mhead_u8(wpa_s
->vendor_elem
[frame
]);
7269 end
= ie
+ wpabuf_len(wpa_s
->vendor_elem
[frame
]);
7271 for (; ie
+ 1 < end
; ie
+= 2 + ie
[1]) {
7274 if (os_memcmp(ie
, elem
, len
) != 0)
7277 if (wpabuf_len(wpa_s
->vendor_elem
[frame
]) == len
) {
7278 wpabuf_free(wpa_s
->vendor_elem
[frame
]);
7279 wpa_s
->vendor_elem
[frame
] = NULL
;
7281 os_memmove(ie
, ie
+ len
, end
- (ie
+ len
));
7282 wpa_s
->vendor_elem
[frame
]->used
-= len
;
7284 wpas_vendor_elem_update(wpa_s
);
7292 struct hostapd_hw_modes
* get_mode(struct hostapd_hw_modes
*modes
,
7293 u16 num_modes
, enum hostapd_hw_mode mode
)
7297 for (i
= 0; i
< num_modes
; i
++) {
7298 if (modes
[i
].mode
== mode
)
7307 wpa_bss_tmp_disallowed
* wpas_get_disallowed_bss(struct wpa_supplicant
*wpa_s
,
7310 struct wpa_bss_tmp_disallowed
*bss
;
7312 dl_list_for_each(bss
, &wpa_s
->bss_tmp_disallowed
,
7313 struct wpa_bss_tmp_disallowed
, list
) {
7314 if (os_memcmp(bssid
, bss
->bssid
, ETH_ALEN
) == 0)
7322 static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant
*wpa_s
)
7324 struct wpa_bss_tmp_disallowed
*tmp
;
7325 unsigned int num_bssid
= 0;
7329 bssids
= os_malloc(dl_list_len(&wpa_s
->bss_tmp_disallowed
) * ETH_ALEN
);
7332 dl_list_for_each(tmp
, &wpa_s
->bss_tmp_disallowed
,
7333 struct wpa_bss_tmp_disallowed
, list
) {
7334 os_memcpy(&bssids
[num_bssid
* ETH_ALEN
], tmp
->bssid
,
7338 ret
= wpa_drv_set_bssid_blacklist(wpa_s
, num_bssid
, bssids
);
7344 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx
, void *timeout_ctx
)
7346 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
7347 struct wpa_bss_tmp_disallowed
*tmp
, *bss
= timeout_ctx
;
7349 /* Make sure the bss is not already freed */
7350 dl_list_for_each(tmp
, &wpa_s
->bss_tmp_disallowed
,
7351 struct wpa_bss_tmp_disallowed
, list
) {
7353 dl_list_del(&tmp
->list
);
7355 wpa_set_driver_tmp_disallow_list(wpa_s
);
7362 void wpa_bss_tmp_disallow(struct wpa_supplicant
*wpa_s
, const u8
*bssid
,
7363 unsigned int sec
, int rssi_threshold
)
7365 struct wpa_bss_tmp_disallowed
*bss
;
7367 bss
= wpas_get_disallowed_bss(wpa_s
, bssid
);
7369 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout
, wpa_s
, bss
);
7373 bss
= os_malloc(sizeof(*bss
));
7375 wpa_printf(MSG_DEBUG
,
7376 "Failed to allocate memory for temp disallow BSS");
7380 os_memcpy(bss
->bssid
, bssid
, ETH_ALEN
);
7381 dl_list_add(&wpa_s
->bss_tmp_disallowed
, &bss
->list
);
7382 wpa_set_driver_tmp_disallow_list(wpa_s
);
7385 bss
->rssi_threshold
= rssi_threshold
;
7386 eloop_register_timeout(sec
, 0, wpa_bss_tmp_disallow_timeout
,
7391 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant
*wpa_s
,
7392 struct wpa_bss
*bss
)
7394 struct wpa_bss_tmp_disallowed
*disallowed
= NULL
, *tmp
, *prev
;
7396 dl_list_for_each_safe(tmp
, prev
, &wpa_s
->bss_tmp_disallowed
,
7397 struct wpa_bss_tmp_disallowed
, list
) {
7398 if (os_memcmp(bss
->bssid
, tmp
->bssid
, ETH_ALEN
) == 0) {
7406 if (disallowed
->rssi_threshold
!= 0 &&
7407 bss
->level
> disallowed
->rssi_threshold
)