Flávio Ceolin [Sat, 11 Feb 2012 09:36:50 +0000 (11:36 +0200)]
dbus: Make the P2P peer's properties accessible separately
Since there is the method org.freedesktop.DBus.Properties.GetAll that
returns all properties from a specific interface, it makes more sense to
separate the properties to make it possible to get only a single
property using the method org.freedesktop.DBus.Properties.Get as well.
Jouni Malinen [Sat, 11 Feb 2012 08:51:31 +0000 (10:51 +0200)]
Fix CONFIG_NO_SCAN_PROCESSING=y build
This fixes a build regression from commit cd2f4ddfb91c330c778d7464a393c5f26f07d432 by moving
wpa_supplicant_assoc_update_ie() outside the no-scan-processing ifdef
block.
Fix pmksa_cache_get() arguments in !IEEE80211_X_EAPOL builds
In case of !defined(IEEE8021X_EAPOL) the definition of the stub
pmksa_cache_get() in rsn_supp/pmksa_cache.h is not correct. This patch
adds the missing argument to the function definition to fix a
regression from commit 96efeeb66bd8762ab9fccd9fe2b5c3e276ff220c.
Signed-hostap: Antonio Quartulli <ordex@autistici.org>
Jouni Malinen [Thu, 9 Feb 2012 10:49:36 +0000 (12:49 +0200)]
P2P: Avoid re-starting p2p_search in some corner cases
Search (p2p_scan) could already have been started at the point
remain-on-channel end event is being processed, e.g., if an Action frame
TX is reported immediately aftet the end of an earlier remain-on-channel
operation and the response frame is sent using an offchannel operation
while p2p_find is still in progress. Avoid trying to re-run p2p_scan
while the previous one is still running.
Jouni Malinen [Thu, 9 Feb 2012 10:46:44 +0000 (12:46 +0200)]
P2P: Fix p2p_scan() error processing in p2p_search()
Commit 39185dfa549f076a6be114e0149a3649d302f477 changed the p2p_scan()
callback to return 1 in some cases, but forgot to change this p2p_scan()
call to handle that properly. Fix this by processing any non-zero value
as an error. This regression could leave the P2P module in state where
it believed a P2P scan was still running and refused to start some
operations until that scan gets completed (which would never happen
since it was not really started).
Ganesh Prasadh [Wed, 8 Feb 2012 10:37:57 +0000 (12:37 +0200)]
WPS: Allow wildcard UUID PIN to be used twice
Previously, PINs that are added with a wildcard UUID were allowed to
be used only by a single Enrollee. However, there may be more than one
Enrollee trying to connect when an AP indicates that active Registrar
is present. As a minimal workaround, allow two Enrollees to try to use
the wildcard PIN. More complete extension could use timeout and allow
larger set of Enrollees to try to connect (while still keeping in mind
PIN disabling requirement after 10 failed attempts).
Jouni Malinen [Wed, 8 Feb 2012 10:07:54 +0000 (12:07 +0200)]
Show BSS entry age (seconds since last update)
The BSS ctrl_iface command can sow the age of a BSS table entry to
make it easier for external programs to figure out whether an entry
is still current depending on the use case.
Jouni Malinen [Tue, 7 Feb 2012 14:23:21 +0000 (16:23 +0200)]
P2P: Allow BSS entry to be fetched based on GO P2P Device Address
"BSS p2p_dev_addr=<P2P Device Address>" can now be used to fetch a
specific BSS entry based on the P2P Device Address of the GO to avoid
having to iterate through the full BSS table when an external program
needs to figure out whether a specific peer is currently operating as
a GO.
Jouni Malinen [Mon, 6 Feb 2012 19:54:36 +0000 (21:54 +0200)]
P2P: Set Invitation Type to 1 for GO inviting to a persistent group
When a GO is operating a persistent group and invites a peer that has
been a P2P client in that persistent group, the Invitation Type in the
Invitation Request frame can be set to 1 to indicate that this is a
reinvocation of a persistent group. Do this based on the maintained
list of P2P clients that have been provided the credentials to this
group.
Jouni Malinen [Sun, 5 Feb 2012 18:52:24 +0000 (20:52 +0200)]
P2P: Wait for PD-before-join response
Even though the Provision Discovery Response frame from PD-before-join
does not really provide any additional information, it can be better to
wait for it before starting the join operation. This adds a minimal
extra latency in the most common case and cleans up the sequence of
driver operations and debug log by avoiding potential processing of the
Provision Discovery Response while already running a scan for the actual
connection.
If transmission of Provision Discovery Request fails, join operation is
started without the additional wait. In addition, a new timeout is used
to start the join if Provision Discovery Response is lost for any
reason.
Jouni Malinen [Sun, 5 Feb 2012 18:20:36 +0000 (20:20 +0200)]
P2P: Skip event notification on PD Response in join-group case
Provision Discovery is used as a notification to the GO in the case we
are about join a running group. In such case, there is not much point in
indicating the provision discovery response events to external programs
especially when the PIN-to-be-displayed was different from the one
returned for the p2p_connect command. Skip this confusing event
completely for join-a-running-group case.
Paul Stewart [Sun, 5 Feb 2012 16:43:06 +0000 (18:43 +0200)]
bgscan_simple: Refinements to fast-scan backoff
These changes account for situations where the CQM threshold
might be approximately the same as the currently received signal,
and thus CQM events are triggered often due to measurement
error/small fluctuations. This results in scanning occurring
too frequently.
Firstly, inhibit the immediate scan when the short-scan count
is at the maximum. This keeps bursts of CQM toggling from
causing a torrent of back-to-back scans. This does not inhibit
immediate scans if the CQM triggers a second time (if the signal
falls lower past the hysteresis). This reduces the scan rate in
the worst case (fast-rate toggling high/low CQM events) to the
short scan interval.
Secondly, change the behavior of the short scan count so it acts like
a "leaky bucket". As we perform short-scans, the bucket fills until
it reaches a maximal short-scan count, at which we back-off and
revert to a long scan interval. The short scan count decreases by
one (emptying the bucket) every time we complete a long scan interval
without a low-RSSI CQM event.
This reduces the impact of medium-rate toggling of high/low CQM
events, reducing the number of short-interval scans that occur before
returning to a long-interval if the system was recently doing
short scans.
Dan Williams [Sat, 4 Feb 2012 18:09:00 +0000 (20:09 +0200)]
Try fallback drivers if global init for preferred drivers fails
Driver global init was considered a hard failure. Thus if, for example,
you used the Broadcom STA driver and didn't have nl80211 or cfg80211
loaded into the kernel, and specified a driver value of "nl80211,wext",
the nl80211 driver's global init would fail with the following message:
nl80211: 'nl80211' generic netlink not found
Failed to initialize driver 'nl80211'
but since global init was a hard failure, creating the supplicant
interface would fail and the WEXT driver would not be tried.
Give other drivers a chance instead.
Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
Todd Previte [Sat, 4 Feb 2012 11:13:59 +0000 (13:13 +0200)]
P2P: Fix the setter function for DBus group properties
The setter function uses the same hostapd_data structure as the getter
which causes it to crash if called on a P2P client. To overcome this
issue, the role is checked to ensure it is called on a group owner and
the pointer is examined for validity. The function will return an error
if called on a non-GO system.
Todd Previte [Sat, 4 Feb 2012 11:08:12 +0000 (13:08 +0200)]
P2P: Fix DBus crash and return additional P2P group properties
When using DBus to get group properties, a segmentation fault is
generated on P2P clients due to a NULL pointer for the ap_iface struct.
The current implementation only returns vendor extensions when called on
a P2P group owner.
The code now checks the P2P role which allows for role-specific
information to be provided. This also fixes the crash issue by only
looking for the correct structures based on the current P2P role.
Jouni Malinen [Sat, 4 Feb 2012 10:32:35 +0000 (12:32 +0200)]
Use PMKSA cache entries with only a single network context
When looking for PMKSA cache entries to use with a new association, only
accept entries created with the same network block that was used to
create the cache entry.
Jouni Malinen [Sat, 4 Feb 2012 10:28:16 +0000 (12:28 +0200)]
Delay scan request on select_network if disconnecting
The disconnection command results in disassociation and deauthentication
events which were previously processed during the scan in case of
select_network command being used while associated with another network.
While this works in most cases, it can result in confusing event
messages in ctrl_iface and debug log. Avoid this by using a short delay
between the disconnection and scan request to allow the disconnection
events to be processed prior to starting the new scan.
Jouni Malinen [Sat, 4 Feb 2012 10:21:42 +0000 (12:21 +0200)]
Clear EAPOL authenticator authFail for PMKSA caching/FT
This fixes a corner case where a STA that has PMKSA cache entry (or
valid FT keys) could try to use full EAPOL/EAP authentication and fail.
If the STA will then try to use the still valid PMKSA cache entry (or
FT) before the STA entry has been cleared, authFail could have been left
to TRUE. That will make EAPOL authenticator PAE state machine enter HELD
state even though authSuccess was already forced to TRUE. This results
in the STA getting disconnected even though it should be allowed to
continue with 4-way handshake. While this is unlikely to happen in
practice, it is better to get this fixed by clearing authFail when
setting authSuccess.
Jouni Malinen [Sat, 4 Feb 2012 10:18:56 +0000 (12:18 +0200)]
Ignore TX status for Data frames from not associated STA
The TX status event may be received after a stations has been
disassociated in cases where the disassociation is following a
transmission of a Data frame. Ignore such events if the STA is not
associated at the moment the event is being processed. This avoids
confusing debug entries and rescheduling of the EAPOL TX timeouts for
STAs that are still in the STA table, but are not really in active EAPOL
session.
Jouni Malinen [Mon, 30 Jan 2012 15:31:06 +0000 (17:31 +0200)]
WPS: Disable AP PIN after 10 consecutive failures
While the exponential increase in the lockout period provides an
efficient mitigation mechanism against brute force attacks, this
additional trigger to enter indefinite lockout period (cleared by
restarting hostapd) will limit attacks even further by giving maximum of
10 attempts (without authorized user action) even in a very long term
attack.
Ben Greear [Sun, 29 Jan 2012 19:01:31 +0000 (21:01 +0200)]
Support HT capability overrides
This allows HT capabilities overrides on kernels that
support these features.
MCS Rates can be disabled to force to slower speeds when using HT.
Rates cannot be forced higher.
HT can be disabled, forcing an 802.11a/b/g/n station to act like
an 802.11a/b/g station.
HT40 can be disabled.
MAX A-MSDU can be disabled.
A-MPDU Factor and A-MPDU Density can be modified.
Please note that these are suggestions to the kernel. Only mac80211
drivers will work at all. The A-MPDU Factor can only be decreased and
the A-MPDU Density can only be increased currently.
Signed-hostap: Ben Greear <greearb@candelatech.com>
Jouni Malinen [Sun, 29 Jan 2012 18:23:07 +0000 (20:23 +0200)]
Remove duplicated TERMINATING event
Now that CTRL-EVENT-TERMINATING even is sent at the end of interface
removal in case wpa_supplicant process is going to terminate, there
is no need for this duplicated event in the signal handler.
Dmitry Shmidt [Sun, 29 Jan 2012 18:21:07 +0000 (20:21 +0200)]
Move ctrl_iface deinit into the end of interface deinit
This allows TERMINATING ctrl_iface event to be sent at the end of the
deinit sequence to avoid race conditions with new operations that this
event may trigger while wpa_supplicant would still be running through
the deinitialization path.
Dmitry Shmidt [Sun, 29 Jan 2012 18:18:48 +0000 (20:18 +0200)]
Deinit driver before notifying interface has been removed
This avoids issues with some external program starting to use the
interface based on the interface removal event before wpa_supplicant
has completed deinitialization of the driver interface.
wpa_auth: Fix race in rejecting 4-way handshake for entropy
When there is not enough entropy and there are two station associating
at the same time, one of the stations will be rejected, but during
that rejection, the "reject_4way_hs_for_entropy" flag gets cleared. This
may allow the second station to avoid rejection and complete a 4-Way
Handshake with a GTK that will be cleared as soon as more entropy is
available and another station connects.
This reworks the logic to ban all 4-way handshakes until enough entropy
is available.
Signed-hostap: Nicolas Cavallari <cavallar@lri.fr>
Eyal Shapira [Sun, 29 Jan 2012 15:44:31 +0000 (17:44 +0200)]
SME: Fix processing of Authentication timeout and failure
current_bss and pending_bssid weren't cleaned up so BSS
kept appearing in the scan results even when it was actually gone.
Use wpa_supplicant_mark_disassoc() to cleanup the wpa_s context
instead of just dropping wpa_state back to DISCONNECTED.
Eyal Shapira [Sun, 29 Jan 2012 15:39:08 +0000 (17:39 +0200)]
Interleave wildcard and specific SSID scans when max_ssids=1
For drivers limited to scan a single SSID at a time, this prevents
waiting too long for a wildcard scan in case there are several
scan_ssid networks in the configuration.
nl80211: Subscribe management frames for WPA_IF_AP_BSS types
In multiple BSSes scenario for the drivers that do not use
monitor interface and do not implement AP SME, RX MGMT
frame subscription happens only for the default bss (first_bss).
nl80211: Derive frequency for BSSes other than the first
Commit e4fb21676972952b5434e8c2a049e239d457abe6 moved frequency
storage from driver struct to bss struct and is assigned in
wpa_driver_nl80211_set_freq. As this wpa_driver_nl80211_set_freq is
triggered only on the first_bss, bss->freq for other BSSes is never
being set to the correct value. This sends MLME frames on frequency zero
(initialized value of freq) for BSSes other than the first.
To fix this derive frequency value from first_bss.
Simon Baatz [Sat, 28 Jan 2012 17:41:19 +0000 (19:41 +0200)]
EAP-AKA peer: Append realm when learning the pseudonym
The pseudonym identity should use a realm in environments where a realm is
used. Thus, the realm of the permanent identity is added to the pseudonym
username sent by the server.
Simon Baatz [Sat, 28 Jan 2012 17:38:46 +0000 (19:38 +0200)]
EAP-SIM peer: Append realm when learning the pseudonym
The pseudonym identity should use a realm in environments where a realm is
used. Thus, the realm of the permanent identity is added to the pseudonym
username sent by the server.
Jouni Malinen [Sat, 28 Jan 2012 15:12:30 +0000 (17:12 +0200)]
Rename systemd template files to avoid @ in the file name
Perforce does not like @ in the file name and since these template files
do not really need to have that in the name, make the files in
repository friendlier to Perforce. The generated *.service file will
maintain their old names.
Paul Stewart [Sat, 28 Jan 2012 09:21:37 +0000 (11:21 +0200)]
dbus: Create DBus getter/setter for FastReauth
Provide a means over DBus to set the conf->fast_reauth
property, which controls whether TLS session resumption
should be attempted for EAP-TLS 802.1X networks.
Jouni Malinen [Fri, 27 Jan 2012 20:32:15 +0000 (22:32 +0200)]
WPS: Fix an interoperability issue with mixed mode and AP Settings
It looks like Windows 7 WPS implementation does not like multiple
Authentication/Encryption Type bits to be set in M7 AP Settings
attributes, i.e., it refused to add a network profile if the AP
was configured for WPA/WPA2 mixed mode and AP PIN was used to
enroll the network.
Leave only a single bit set in the Authentication/Encryption Type
attributes in M7 when the AP is acting as an Enrollee to avoid this
issue.
Jouni Malinen [Fri, 27 Jan 2012 19:09:34 +0000 (21:09 +0200)]
P2P: Fix WSC IE inclusion for P2P disabled case
wpas_wps_in_use() was forcing WPS to be enabled unconditionally if P2P
support was included in the build. This is not really the correct
behavior for the case when P2P has been disabled at runtime. Change the
code here to verify runtime configuration of P2P before forcing WPS to
be enabled. This allows WSC IE to be left out from Probe Request frames
when scanning for APs without P2P or WPS being in use.
Jouni Malinen [Thu, 26 Jan 2012 15:44:11 +0000 (17:44 +0200)]
nl80211: Fix send_action on off-channel in P2P GO role
A P2P Action frame may need to be sent on another channel than the GO's
operating channel. This information was lost in
wpa_driver_nl80211_send_action() in the case the interface was in AP
mode. Pass the frequence and related parameters to send_mlme mechanism
to allow the correct frequence to be used with the send frame command in
AP (P2P GO) mode.
Jouni Malinen [Wed, 25 Jan 2012 20:32:58 +0000 (22:32 +0200)]
Fix ap_sta_disconnect() to clear EAPOL/WPA authenticator state
Number of places in hostapd use ap_sta_disconnect() instead of
ap_sta_disassociate() or ap_sta_deauthenticate(). There are some
differences between these functions, e.g., in the area how quickly
the EAPOL state machines get deinitialized. This can result in
somewhat unexpected events since the EAPOL/WPA authenticator
state machines could remain running after deauthentication.
Address this by forcing EAPOL/WPA authenticator state machines
to disabled state whenever ap_sta_disconnect() is called instead
of waiting for the deauthentication callback or other timeout
to clear the STA.
Jouni Malinen [Wed, 25 Jan 2012 15:27:47 +0000 (17:27 +0200)]
P2P: Do not expire peer entry if we are connected to the peer
Even though we may not update P2P peer entry while connected to the
peer as a P2P client, we should not be expiring a P2P peer entry while
that peer is the GO in a group where we are connected as a P2P client.
Jouni Malinen [Wed, 25 Jan 2012 15:00:59 +0000 (17:00 +0200)]
P2P: Do not expire peer entry if peer is connected as a client
Even though we may not receive a Probe Response from the peer during
the connection, we should not be expiring a P2P peer entry while that
peer is connected to a group where we are the GO.
Deepthi Gowri [Mon, 23 Jan 2012 18:12:06 +0000 (20:12 +0200)]
nl80211: P2P: Pass cookie parameter in send action frame
The cookie value needs to be fetched in GO mode, too, to be able to
indicate TX status callbacks with drivers that handle AP mode SME
functionality internally. This fixes issues with client discoverability
where TX status callback for GO Discoverability Request is needed to
trigger the GO to send Device Discoverability Response.
Jouni Malinen [Mon, 23 Jan 2012 16:26:09 +0000 (18:26 +0200)]
Stop sched_scan in number of cases where it should not be running
When a P2P group is removed, we better not leave possibly started
sched_scan running. This could happen when a separate group interface
was not used.
In addition, it looks safer to explicitly stop sched_scan before
starting P2P Listen or Find operations to make sure the offloaded
scanning is not running when doing similar P2P operations.
Sujith Manoharan [Mon, 23 Jan 2012 15:34:39 +0000 (17:34 +0200)]
Update WPA/RSN IE properly for driver based BSS selection
This patch fixes an issue with roaming for drivers that set
WPA_DRIVER_FLAGS_BSS_SELECTION (currently ath6kl). On moving to an AP
with a different BSSID, an EVENT_ASSOC is received and the subsequent
4-way handshake may fail because of a mismatch between the RSN IE in
message 3/4 and in Beacon/Probe Response. This happens only when the APs
use different RSN IE contents and ap_scan is set to 1, since
wpa_supplicant fails to update its cached IEs.
Initial association may fail, too, in case of multiple APs with
the same SSID, since BSSID selection is done by the driver and again
a mismatch could be seen.
Fix these two issues by clearing and updating the cached IEs on
receiving an Association event from the driver. Also, retrieve the
scan results when the new BSS information is not present locally.
Jouni Malinen [Sun, 22 Jan 2012 19:33:57 +0000 (21:33 +0200)]
Add preliminary MNC length determination based on IMSI
Some SIM cards do not include MNC length with in EF_AD. Try to figure
out the MNC length based on the MCC/MNC values in the beginning of the
IMSI. This covers a prepaid Elisa/Kolumbus card that would have ended
up using incorrect MNC length based on the 3-digit default.
Jouni Malinen [Sun, 22 Jan 2012 19:29:35 +0000 (21:29 +0200)]
Avoid unnecessary memory allocation in building of SIM realm
The temporary IMSI buffer can be used for this without needing the
extra memory allocation. In addition, the implementation is easier
to understand when the extra identity prefix value for EAP-SIM/AKA
is not included while fetching MCC/MNC from the IMSI.
Simon Baatz [Sun, 22 Jan 2012 17:28:24 +0000 (19:28 +0200)]
SIM/USIM: Add function to get the MNC length from the SIM/USIM
The EF-AD (administrative data) file may contain information about the
length of the MNC (2 or 3 digits) in the IMSI. This can be used to
construct the realm according to 3GPP TS 23.003 during EAP-SIM or
EAP-AKA authentication.
Jithu Jance [Sun, 22 Jan 2012 15:20:53 +0000 (17:20 +0200)]
P2P: Notify upper framework on stopping the p2p_find(SEARCH)
This patch notifies the upper framework that an on-going discovery has
been stopped. This is useful in cases where a p2p_find with a timeout
value initiated by the upper framework has been finished or when the
framework initiated "p2p_find" is stopped by a "p2p_connect".
Jouni Malinen [Sun, 22 Jan 2012 10:23:28 +0000 (12:23 +0200)]
Work around interop issue with WPA type EAPOL-Key 4/4 in WPA2 mode
Some deployed station implementations seem to send msg 4/4 with
incorrect type value in WPA2 mode. Add a workaround to ignore that issue
so that such stations can interoperate with hostapd authenticator. The
validation checks were added in commit f8e96eb6fd960a017793942cff0eb43b09f444c6.
Jouni Malinen [Sun, 8 Jan 2012 17:35:33 +0000 (09:35 -0800)]
P2P: Use Device ID attribute to filter Probe Request frames as GO
The Device ID attribute was already used in Listen state, but it was
ignored in GO role. Verify that there is a match with Device ID in
GO rule, too, before replying to the Probe Request frame.
Jouni Malinen [Mon, 2 Jan 2012 20:36:11 +0000 (22:36 +0200)]
Allow SNonce update after sending EAPOL-Key 3/4 if 1/4 was retransmitted
Some supplicant implementations (e.g., Windows XP WZC) update SNonce for
each EAPOL-Key 2/4. This breaks the workaround on accepting any of the
pending requests, so allow the SNonce to be updated even if we have
already sent out EAPOL-Key 3/4.
While the issue was made less likely to occur when the retransmit
timeout for the initial EAPOL-Key msg 1/4 was increased to 1000 ms,
this fixes the problem even if that timeout is not long enough.
Jouni Malinen [Mon, 2 Jan 2012 19:27:06 +0000 (21:27 +0200)]
Do not disconnect STA based on inactivity on driver failure
Now that we can use driver_nl80211.c with non-mac80211 drivers that
implement SME/MLME internally, we may not get inactivity time from the
driver. If that is the case, we need to skip disconnection based on
maximum inactivity timeout. This fixes some unexpected disconnection
cases with ath6kl in AP mode.
Jouni Malinen [Sun, 1 Jan 2012 16:53:12 +0000 (18:53 +0200)]
Do not trigger fast reconnection on locally generated deauth/disassoc
The deauthentication and disassociation events from nl80211 were being
processed identically regardless of whether the frame was generated by
the local STA or the AP. This resulted in fast reconnection mechanism
getting triggered even in the case where the disconnection was detected
locally (e.g., due to beacon loss) while this was supposed to happen
only in the case where the AP is sending an explicit Deauthentication
or Disassociation frame with a specific reason code.
Fix this by adding a new deauth/disassoc event variable to indicate
whether the event was generated locally.
Jouni Malinen [Sat, 31 Dec 2011 15:40:49 +0000 (17:40 +0200)]
dbus: Increase buffer size to fix Introspect XML
Commit e9c3c1afedd2d0c6a0939f40c40701af8c450e1f added a new D-Bus
method and that was enough to push the Introspect XML buffer over
the previously allocated 8000 bytes. Increase the buffer size to
make enough room for P2P interface. In addition, add a debug
message to indicate if an XML segment does not fit into the buffer
to make this types of failures somewhat easier to catch.
Jouni Malinen [Sat, 31 Dec 2011 11:42:23 +0000 (13:42 +0200)]
Clear EAPOL authWhile and heldWhile values when port is disabled
IEEE Std 802.1X-2004 does not clear authWhile and heldWhile in this
case, but doing so allows the timer tick to be stopped more quickly when
the port is not enabled. Since these variables are used only within HELD
and RECEIVE states, clearing them on initialization does not change
actual state machine behavior. This reduces some unnecessary operations
in port disabled state and cleans up the wpa_supplicant debug log after
disconnection.
Jouni Malinen [Sat, 31 Dec 2011 11:25:37 +0000 (13:25 +0200)]
Remove possible authentication timeout on connection failure
The authentication timeout could be triggered after the connection has
already been known to have failed. The event at that point can be
confusing, so better cancel the timeout when processing connection
failure.
Jouni Malinen [Sat, 31 Dec 2011 11:17:20 +0000 (13:17 +0200)]
WPS: Use single channel scan if AP channel already known
If the BSSID of the AP is specified in the WPS command, the target
AP is likely already in the BSS table and its operating channel is
known. Use this information to speed up connection by only scanning
the known channel.
Michał Górny [Thu, 29 Dec 2011 19:39:34 +0000 (21:39 +0200)]
Use correct (multi-user) target when installing systemd units
The 'network.target' is special (per systemd.special(7)), and is to be
brought up indirectly when network is actually configured (i.e. through
DHCP or static address settings).
Irrelevant of that, all services should be always installed in
multi-user.target.
Since wps_registrar_pbc_timeout is called to stop PBC, previously
registered wps_registrar_pbc_timeout must be canceled when canceling
the WPS operation.
Jouni Malinen [Thu, 29 Dec 2011 12:15:31 +0000 (14:15 +0200)]
nl80211: Fix NL80211_CMD_FRAME to not try offchannel without driver support
The offchanok parameter is hardcoded to one in number of paths and that
added NL80211_ATTR_OFFCHANNEL_TX_OK attribute to NL80211_CMD_FRAME
unconditional. cfg80211 rejects this with EINVAL if the driver does not
indicate support for offchannel TX. Fix this by not requesting
offchannel TX depending on driver capabilities. Remain-on-channel
operation was used for those cases anyway, so the additional attribute
was not really needed for these in the first place.
Jouni Malinen [Thu, 29 Dec 2011 11:28:17 +0000 (13:28 +0200)]
P2P: Stop remain-on-channel prior to starting join-a-group client
This fixes issues with drivers that do not handle concurrent
remain-on-channel and scan operations in a case where Provision
Discovery Response frame is not received to stop the Action frame
handshake.
P2P: Reject p2p_group_add if forced frequency is not acceptable
If the freq parameter is specified and we are already running legacy STA
on a different frequency with a driver that does not support
multi-channel concurrency, reject p2p_group_add. Same code already
exists in the path of P2P connection with go negotiation but is missing
for autonomous GO.
Jouni Malinen [Tue, 27 Dec 2011 18:32:29 +0000 (20:32 +0200)]
nl80211: Do not stop AP mode Probe Request reporting on Listen stop
When nl80211_setup_ap() has enabled Probe Request reporting, this must
not be disabled when P2P Listen state is stopped to avoid breaking AP
mode operations. This could happen, e.g., if a Probe Request frame was
received from a P2P device that the we are trying to invite to our group
(i.e., when operating in GO role). p2p_probe_req_rx() calls
p2p_invite_start() in this case and that ends up calling
p2p->cfg->stop_listen() which calls probe_req_report() driver op.
hostapd uses the poll method to check if the station is alive
after the station has been inactive for ap_max_inactivity seconds.
Make the poll mechanism configurable so that user can choose to
disconnect idle clients.
This can be especially useful when some devices/firmwares have
restrictions on the number of clients that can connect to the AP
and that limit is smaller than the total number of stations trying
to use the AP.
Jouni Malinen [Sat, 24 Dec 2011 11:50:59 +0000 (13:50 +0200)]
Increase initial group key handshake retransmit timeout to 500 ms
The 100 ms timeout on retransmitting group key message can be too short
for stations that are in power save mode or if there is a large number
of association stations. While the retransmission of the EAPOL-Key frame
should allow this to be recovered from, it is useful to avoid
unnecessary frames to save soem CPU and power.
Jouni Malinen [Fri, 23 Dec 2011 16:15:07 +0000 (18:15 +0200)]
nl80211: Fix mgmt RX for device SME in AP mode without monitor
Drivers that use device SME in AP mode may still need to be
subscribed for Action frame RX when monitor interface is not used.
This fixes number of P2P GO operations with ath6kl.
Jouni Malinen [Fri, 23 Dec 2011 16:13:01 +0000 (18:13 +0200)]
nl80211: Fix use_monitor driver capability for non-mac80211 drivers
Poll command may be enough for mac80211 to figure out whether monitor
interface is to be used, but this change did not take into account
non-mac80211 drivers that support AP mode without monitor interface.
For example, ath6kl needs to get use_monitor disabled.
Jouni Malinen [Thu, 22 Dec 2011 20:47:41 +0000 (22:47 +0200)]
P2P: Maintain a list of P2P Clients for persistent group on GO
Add a new persistent group network block field, p2p_client_list, to
maintain a list of P2P Clients that have connected to a persistent
group. This allows GO of a persistent group to figure out more easily
whether re-invocation of a persistent group can be used with a specific
peer device.
Jouni Malinen [Thu, 22 Dec 2011 19:45:20 +0000 (21:45 +0200)]
P2P: Show persistent group info on P2P_PEER data
Add "persistent=<network id>" line to P2P_PEER ctrl_iface data
if a persistent group credentials are available for this peer.
This makes it easier for external programs to figure out when
a persistent group could be re-invoked with this peer.
For now, this information is only available on the P2P client,
but similar information can be added for GO once a list of P2P
clients is maintained with the persistent group data.