3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
14 #ifdef CONFIG_MATCH_IFACE
17 #endif /* CONFIG_MATCH_IFACE */
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_common.h"
40 #include "common/ieee802_11_defs.h"
41 #include "common/hw_features_common.h"
42 #include "common/gas_server.h"
43 #include "common/dpp.h"
46 #include "blacklist.h"
47 #include "wpas_glue.h"
48 #include "wps_supplicant.h"
51 #include "gas_query.h"
53 #include "p2p_supplicant.h"
54 #include "wifi_display.h"
60 #include "offchannel.h"
61 #include "hs20_supplicant.h"
65 #include "dpp_supplicant.h"
67 #include "ap/ap_config.h"
68 #include "ap/hostapd.h"
69 #endif /* CONFIG_MESH */
71 const char *const wpa_supplicant_version
=
72 "wpa_supplicant v" VERSION_STR
"\n"
73 "Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
75 const char *const wpa_supplicant_license
=
76 "This software may be distributed under the terms of the BSD license.\n"
77 "See README for more details.\n"
78 #ifdef EAP_TLS_OPENSSL
79 "\nThis product includes software developed by the OpenSSL Project\n"
80 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
81 #endif /* EAP_TLS_OPENSSL */
84 #ifndef CONFIG_NO_STDOUT_DEBUG
85 /* Long text divided into parts in order to fit in C89 strings size limits. */
86 const char *const wpa_supplicant_full_license1
=
88 const char *const wpa_supplicant_full_license2
=
89 "This software may be distributed under the terms of the BSD license.\n"
91 "Redistribution and use in source and binary forms, with or without\n"
92 "modification, are permitted provided that the following conditions are\n"
95 const char *const wpa_supplicant_full_license3
=
96 "1. Redistributions of source code must retain the above copyright\n"
97 " notice, this list of conditions and the following disclaimer.\n"
99 "2. Redistributions in binary form must reproduce the above copyright\n"
100 " notice, this list of conditions and the following disclaimer in the\n"
101 " documentation and/or other materials provided with the distribution.\n"
103 const char *const wpa_supplicant_full_license4
=
104 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
105 " names of its contributors may be used to endorse or promote products\n"
106 " derived from this software without specific prior written permission.\n"
108 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
109 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
110 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
111 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
112 const char *const wpa_supplicant_full_license5
=
113 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
114 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
115 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
116 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
117 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
118 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
119 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
121 #endif /* CONFIG_NO_STDOUT_DEBUG */
124 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx
, void *timeout_ctx
);
125 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
126 static void wpas_update_fils_connect_params(struct wpa_supplicant
*wpa_s
);
127 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
130 /* Configure default/group WEP keys for static WEP */
131 int wpa_set_wep_keys(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
135 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
136 if (ssid
->wep_key_len
[i
] == 0)
140 wpa_drv_set_key(wpa_s
, WPA_ALG_WEP
, NULL
,
141 i
, i
== ssid
->wep_tx_keyidx
, NULL
, 0,
142 ssid
->wep_key
[i
], ssid
->wep_key_len
[i
]);
149 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant
*wpa_s
,
150 struct wpa_ssid
*ssid
)
158 /* IBSS/WPA-None uses only one key (Group) for both receiving and
159 * sending unicast and multicast packets. */
161 if (ssid
->mode
!= WPAS_MODE_IBSS
) {
162 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Invalid mode %d (not "
163 "IBSS/ad-hoc) for WPA-None", ssid
->mode
);
167 if (!ssid
->psk_set
) {
168 wpa_msg(wpa_s
, MSG_INFO
, "WPA: No PSK configured for "
173 switch (wpa_s
->group_cipher
) {
174 case WPA_CIPHER_CCMP
:
175 os_memcpy(key
, ssid
->psk
, 16);
179 case WPA_CIPHER_GCMP
:
180 os_memcpy(key
, ssid
->psk
, 16);
184 case WPA_CIPHER_TKIP
:
185 /* WPA-None uses the same Michael MIC key for both TX and RX */
186 os_memcpy(key
, ssid
->psk
, 16 + 8);
187 os_memcpy(key
+ 16 + 8, ssid
->psk
+ 16, 8);
192 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Invalid group cipher %d for "
193 "WPA-None", wpa_s
->group_cipher
);
197 /* TODO: should actually remember the previously used seq#, both for TX
198 * and RX from each STA.. */
200 ret
= wpa_drv_set_key(wpa_s
, alg
, NULL
, 0, 1, seq
, 6, key
, keylen
);
201 os_memset(key
, 0, sizeof(key
));
206 static void wpa_supplicant_timeout(void *eloop_ctx
, void *timeout_ctx
)
208 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
209 const u8
*bssid
= wpa_s
->bssid
;
210 if (!is_zero_ether_addr(wpa_s
->pending_bssid
) &&
211 (wpa_s
->wpa_state
== WPA_AUTHENTICATING
||
212 wpa_s
->wpa_state
== WPA_ASSOCIATING
))
213 bssid
= wpa_s
->pending_bssid
;
214 wpa_msg(wpa_s
, MSG_INFO
, "Authentication with " MACSTR
" timed out.",
216 wpa_blacklist_add(wpa_s
, bssid
);
217 wpa_sm_notify_disassoc(wpa_s
->wpa
);
218 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
219 wpa_s
->reassociate
= 1;
222 * If we timed out, the AP or the local radio may be busy.
223 * So, wait a second until scanning again.
225 wpa_supplicant_req_scan(wpa_s
, 1, 0);
230 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
231 * @wpa_s: Pointer to wpa_supplicant data
232 * @sec: Number of seconds after which to time out authentication
233 * @usec: Number of microseconds after which to time out authentication
235 * This function is used to schedule a timeout for the current authentication
238 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant
*wpa_s
,
241 if (wpa_s
->conf
->ap_scan
== 0 &&
242 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
))
245 wpa_dbg(wpa_s
, MSG_DEBUG
, "Setting authentication timeout: %d sec "
246 "%d usec", sec
, usec
);
247 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
248 wpa_s
->last_auth_timeout_sec
= sec
;
249 eloop_register_timeout(sec
, usec
, wpa_supplicant_timeout
, wpa_s
, NULL
);
254 * wpas_auth_timeout_restart - Restart and change timeout for authentication
255 * @wpa_s: Pointer to wpa_supplicant data
256 * @sec_diff: difference in seconds applied to original timeout value
258 void wpas_auth_timeout_restart(struct wpa_supplicant
*wpa_s
, int sec_diff
)
260 int new_sec
= wpa_s
->last_auth_timeout_sec
+ sec_diff
;
262 if (eloop_is_timeout_registered(wpa_supplicant_timeout
, wpa_s
, NULL
)) {
263 wpa_dbg(wpa_s
, MSG_DEBUG
,
264 "Authentication timeout restart: %d sec", new_sec
);
265 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
266 eloop_register_timeout(new_sec
, 0, wpa_supplicant_timeout
,
273 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
274 * @wpa_s: Pointer to wpa_supplicant data
276 * This function is used to cancel authentication timeout scheduled with
277 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
280 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant
*wpa_s
)
282 wpa_dbg(wpa_s
, MSG_DEBUG
, "Cancelling authentication timeout");
283 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
284 wpa_blacklist_del(wpa_s
, wpa_s
->bssid
);
285 os_free(wpa_s
->last_con_fail_realm
);
286 wpa_s
->last_con_fail_realm
= NULL
;
287 wpa_s
->last_con_fail_realm_len
= 0;
292 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
293 * @wpa_s: Pointer to wpa_supplicant data
295 * This function is used to configure EAPOL state machine based on the selected
296 * authentication mode.
298 void wpa_supplicant_initiate_eapol(struct wpa_supplicant
*wpa_s
)
300 #ifdef IEEE8021X_EAPOL
301 struct eapol_config eapol_conf
;
302 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
304 #ifdef CONFIG_IBSS_RSN
305 if (ssid
->mode
== WPAS_MODE_IBSS
&&
306 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_NONE
&&
307 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPA_NONE
) {
309 * RSN IBSS authentication is per-STA and we can disable the
310 * per-BSSID EAPOL authentication.
312 eapol_sm_notify_portControl(wpa_s
->eapol
, ForceAuthorized
);
313 eapol_sm_notify_eap_success(wpa_s
->eapol
, TRUE
);
314 eapol_sm_notify_eap_fail(wpa_s
->eapol
, FALSE
);
317 #endif /* CONFIG_IBSS_RSN */
319 eapol_sm_notify_eap_success(wpa_s
->eapol
, FALSE
);
320 eapol_sm_notify_eap_fail(wpa_s
->eapol
, FALSE
);
322 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
||
323 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
)
324 eapol_sm_notify_portControl(wpa_s
->eapol
, ForceAuthorized
);
326 eapol_sm_notify_portControl(wpa_s
->eapol
, Auto
);
328 os_memset(&eapol_conf
, 0, sizeof(eapol_conf
));
329 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
330 eapol_conf
.accept_802_1x_keys
= 1;
331 eapol_conf
.required_keys
= 0;
332 if (ssid
->eapol_flags
& EAPOL_FLAG_REQUIRE_KEY_UNICAST
) {
333 eapol_conf
.required_keys
|= EAPOL_REQUIRE_KEY_UNICAST
;
335 if (ssid
->eapol_flags
& EAPOL_FLAG_REQUIRE_KEY_BROADCAST
) {
336 eapol_conf
.required_keys
|=
337 EAPOL_REQUIRE_KEY_BROADCAST
;
340 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
)
341 eapol_conf
.required_keys
= 0;
343 eapol_conf
.fast_reauth
= wpa_s
->conf
->fast_reauth
;
344 eapol_conf
.workaround
= ssid
->eap_workaround
;
345 eapol_conf
.eap_disabled
=
346 !wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) &&
347 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X_NO_WPA
&&
348 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPS
;
349 eapol_conf
.external_sim
= wpa_s
->conf
->external_sim
;
352 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
353 eapol_conf
.wps
|= EAPOL_LOCAL_WPS_IN_USE
;
354 if (wpa_s
->current_bss
) {
356 ie
= wpa_bss_get_vendor_ie_multi(wpa_s
->current_bss
,
361 EAPOL_PEER_IS_WPS20_AP
;
366 #endif /* CONFIG_WPS */
368 eapol_sm_notify_config(wpa_s
->eapol
, &ssid
->eap
, &eapol_conf
);
371 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
&& ssid
->mka_psk_set
)
372 ieee802_1x_create_preshared_mka(wpa_s
, ssid
);
374 ieee802_1x_alloc_kay_sm(wpa_s
, ssid
);
375 #endif /* CONFIG_MACSEC */
376 #endif /* IEEE8021X_EAPOL */
381 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
382 * @wpa_s: Pointer to wpa_supplicant data
383 * @ssid: Configuration data for the network
385 * This function is used to configure WPA state machine and related parameters
386 * to a mode where WPA is not enabled. This is called as part of the
387 * authentication configuration when the selected network does not use WPA.
389 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant
*wpa_s
,
390 struct wpa_ssid
*ssid
)
394 if (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
)
395 wpa_s
->key_mgmt
= WPA_KEY_MGMT_WPS
;
396 else if (ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
)
397 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_NO_WPA
;
399 wpa_s
->key_mgmt
= WPA_KEY_MGMT_NONE
;
400 wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, NULL
, 0);
401 wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, NULL
, 0);
402 wpa_sm_set_assoc_wpa_ie(wpa_s
->wpa
, NULL
, 0);
403 wpa_s
->pairwise_cipher
= WPA_CIPHER_NONE
;
404 wpa_s
->group_cipher
= WPA_CIPHER_NONE
;
405 wpa_s
->mgmt_group_cipher
= 0;
407 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
408 if (ssid
->wep_key_len
[i
] > 5) {
409 wpa_s
->pairwise_cipher
= WPA_CIPHER_WEP104
;
410 wpa_s
->group_cipher
= WPA_CIPHER_WEP104
;
412 } else if (ssid
->wep_key_len
[i
] > 0) {
413 wpa_s
->pairwise_cipher
= WPA_CIPHER_WEP40
;
414 wpa_s
->group_cipher
= WPA_CIPHER_WEP40
;
419 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_RSN_ENABLED
, 0);
420 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_KEY_MGMT
, wpa_s
->key_mgmt
);
421 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PAIRWISE
,
422 wpa_s
->pairwise_cipher
);
423 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_GROUP
, wpa_s
->group_cipher
);
424 #ifdef CONFIG_IEEE80211W
425 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MGMT_GROUP
,
426 wpa_s
->mgmt_group_cipher
);
427 #endif /* CONFIG_IEEE80211W */
429 pmksa_cache_clear_current(wpa_s
->wpa
);
433 void free_hw_features(struct wpa_supplicant
*wpa_s
)
436 if (wpa_s
->hw
.modes
== NULL
)
439 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
440 os_free(wpa_s
->hw
.modes
[i
].channels
);
441 os_free(wpa_s
->hw
.modes
[i
].rates
);
444 os_free(wpa_s
->hw
.modes
);
445 wpa_s
->hw
.modes
= NULL
;
449 void free_bss_tmp_disallowed(struct wpa_supplicant
*wpa_s
)
451 struct wpa_bss_tmp_disallowed
*bss
, *prev
;
453 dl_list_for_each_safe(bss
, prev
, &wpa_s
->bss_tmp_disallowed
,
454 struct wpa_bss_tmp_disallowed
, list
) {
455 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout
, wpa_s
, bss
);
456 dl_list_del(&bss
->list
);
462 void wpas_flush_fils_hlp_req(struct wpa_supplicant
*wpa_s
)
464 struct fils_hlp_req
*req
;
466 while ((req
= dl_list_first(&wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
468 dl_list_del(&req
->list
);
469 wpabuf_free(req
->pkt
);
475 static void wpa_supplicant_cleanup(struct wpa_supplicant
*wpa_s
)
479 bgscan_deinit(wpa_s
);
480 autoscan_deinit(wpa_s
);
481 scard_deinit(wpa_s
->scard
);
483 wpa_sm_set_scard_ctx(wpa_s
->wpa
, NULL
);
484 eapol_sm_register_scard_ctx(wpa_s
->eapol
, NULL
);
485 l2_packet_deinit(wpa_s
->l2
);
488 l2_packet_deinit(wpa_s
->l2_br
);
491 #ifdef CONFIG_TESTING_OPTIONS
492 l2_packet_deinit(wpa_s
->l2_test
);
493 wpa_s
->l2_test
= NULL
;
494 os_free(wpa_s
->get_pref_freq_list_override
);
495 wpa_s
->get_pref_freq_list_override
= NULL
;
496 wpabuf_free(wpa_s
->last_assoc_req_wpa_ie
);
497 wpa_s
->last_assoc_req_wpa_ie
= NULL
;
498 #endif /* CONFIG_TESTING_OPTIONS */
500 if (wpa_s
->conf
!= NULL
) {
501 struct wpa_ssid
*ssid
;
502 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
503 wpas_notify_network_removed(wpa_s
, ssid
);
506 os_free(wpa_s
->confname
);
507 wpa_s
->confname
= NULL
;
509 os_free(wpa_s
->confanother
);
510 wpa_s
->confanother
= NULL
;
512 os_free(wpa_s
->last_con_fail_realm
);
513 wpa_s
->last_con_fail_realm
= NULL
;
514 wpa_s
->last_con_fail_realm_len
= 0;
516 wpa_sm_set_eapol(wpa_s
->wpa
, NULL
);
517 eapol_sm_deinit(wpa_s
->eapol
);
520 rsn_preauth_deinit(wpa_s
->wpa
);
523 wpa_tdls_deinit(wpa_s
->wpa
);
524 #endif /* CONFIG_TDLS */
526 wmm_ac_clear_saved_tspecs(wpa_s
);
527 pmksa_candidate_free(wpa_s
->wpa
);
528 wpa_sm_deinit(wpa_s
->wpa
);
530 wpa_blacklist_clear(wpa_s
);
532 wpa_bss_deinit(wpa_s
);
534 wpa_supplicant_cancel_delayed_sched_scan(wpa_s
);
535 wpa_supplicant_cancel_scan(wpa_s
);
536 wpa_supplicant_cancel_auth_timeout(wpa_s
);
537 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures
, wpa_s
, NULL
);
538 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
539 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report
,
541 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
543 eloop_cancel_timeout(wpas_network_reenabled
, wpa_s
, NULL
);
545 wpas_wps_deinit(wpa_s
);
547 wpabuf_free(wpa_s
->pending_eapol_rx
);
548 wpa_s
->pending_eapol_rx
= NULL
;
550 #ifdef CONFIG_IBSS_RSN
551 ibss_rsn_deinit(wpa_s
->ibss_rsn
);
552 wpa_s
->ibss_rsn
= NULL
;
553 #endif /* CONFIG_IBSS_RSN */
558 wpa_supplicant_ap_deinit(wpa_s
);
559 #endif /* CONFIG_AP */
561 wpas_p2p_deinit(wpa_s
);
563 #ifdef CONFIG_OFFCHANNEL
564 offchannel_deinit(wpa_s
);
565 #endif /* CONFIG_OFFCHANNEL */
567 wpa_supplicant_cancel_sched_scan(wpa_s
);
569 os_free(wpa_s
->next_scan_freqs
);
570 wpa_s
->next_scan_freqs
= NULL
;
572 os_free(wpa_s
->manual_scan_freqs
);
573 wpa_s
->manual_scan_freqs
= NULL
;
574 os_free(wpa_s
->select_network_scan_freqs
);
575 wpa_s
->select_network_scan_freqs
= NULL
;
577 os_free(wpa_s
->manual_sched_scan_freqs
);
578 wpa_s
->manual_sched_scan_freqs
= NULL
;
580 wpas_mac_addr_rand_scan_clear(wpa_s
, MAC_ADDR_RAND_ALL
);
583 * Need to remove any pending gas-query radio work before the
584 * gas_query_deinit() call because gas_query::work has not yet been set
585 * for works that have not been started. gas_query_free() will be unable
586 * to cancel such pending radio works and once the pending gas-query
587 * radio work eventually gets removed, the deinit notification call to
588 * gas_query_start_cb() would result in dereferencing freed memory.
591 radio_remove_works(wpa_s
, "gas-query", 0);
592 gas_query_deinit(wpa_s
->gas
);
594 gas_server_deinit(wpa_s
->gas_server
);
595 wpa_s
->gas_server
= NULL
;
597 free_hw_features(wpa_s
);
599 ieee802_1x_dealloc_kay_sm(wpa_s
);
601 os_free(wpa_s
->bssid_filter
);
602 wpa_s
->bssid_filter
= NULL
;
604 os_free(wpa_s
->disallow_aps_bssid
);
605 wpa_s
->disallow_aps_bssid
= NULL
;
606 os_free(wpa_s
->disallow_aps_ssid
);
607 wpa_s
->disallow_aps_ssid
= NULL
;
609 wnm_bss_keep_alive_deinit(wpa_s
);
611 wnm_deallocate_memory(wpa_s
);
612 #endif /* CONFIG_WNM */
614 ext_password_deinit(wpa_s
->ext_pw
);
615 wpa_s
->ext_pw
= NULL
;
617 wpabuf_free(wpa_s
->last_gas_resp
);
618 wpa_s
->last_gas_resp
= NULL
;
619 wpabuf_free(wpa_s
->prev_gas_resp
);
620 wpa_s
->prev_gas_resp
= NULL
;
622 os_free(wpa_s
->last_scan_res
);
623 wpa_s
->last_scan_res
= NULL
;
627 wpa_drv_configure_frame_filters(wpa_s
, 0);
629 #endif /* CONFIG_HS20 */
631 for (i
= 0; i
< NUM_VENDOR_ELEM_FRAMES
; i
++) {
632 wpabuf_free(wpa_s
->vendor_elem
[i
]);
633 wpa_s
->vendor_elem
[i
] = NULL
;
636 wmm_ac_notify_disassoc(wpa_s
);
638 wpa_s
->sched_scan_plans_num
= 0;
639 os_free(wpa_s
->sched_scan_plans
);
640 wpa_s
->sched_scan_plans
= NULL
;
643 wpa_s
->non_pref_chan_num
= 0;
644 os_free(wpa_s
->non_pref_chan
);
645 wpa_s
->non_pref_chan
= NULL
;
646 #endif /* CONFIG_MBO */
648 free_bss_tmp_disallowed(wpa_s
);
650 wpabuf_free(wpa_s
->lci
);
652 wpas_clear_beacon_rep_data(wpa_s
);
654 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
657 struct external_pmksa_cache
*entry
;
659 while ((entry
= dl_list_last(&wpa_s
->mesh_external_pmksa_cache
,
660 struct external_pmksa_cache
,
662 dl_list_del(&entry
->list
);
663 os_free(entry
->pmksa_cache
);
667 #endif /* CONFIG_MESH */
668 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
670 wpas_flush_fils_hlp_req(wpa_s
);
672 wpabuf_free(wpa_s
->ric_ies
);
673 wpa_s
->ric_ies
= NULL
;
676 wpas_dpp_deinit(wpa_s
);
677 dpp_global_deinit(wpa_s
->dpp
);
679 #endif /* CONFIG_DPP */
684 * wpa_clear_keys - Clear keys configured for the driver
685 * @wpa_s: Pointer to wpa_supplicant data
686 * @addr: Previously used BSSID or %NULL if not available
688 * This function clears the encryption keys that has been previously configured
691 void wpa_clear_keys(struct wpa_supplicant
*wpa_s
, const u8
*addr
)
695 #ifdef CONFIG_IEEE80211W
697 #else /* CONFIG_IEEE80211W */
699 #endif /* CONFIG_IEEE80211W */
701 /* MLME-DELETEKEYS.request */
702 for (i
= 0; i
< max
; i
++) {
703 if (wpa_s
->keys_cleared
& BIT(i
))
705 wpa_drv_set_key(wpa_s
, WPA_ALG_NONE
, NULL
, i
, 0, NULL
, 0,
708 if (!(wpa_s
->keys_cleared
& BIT(0)) && addr
&&
709 !is_zero_ether_addr(addr
)) {
710 wpa_drv_set_key(wpa_s
, WPA_ALG_NONE
, addr
, 0, 0, NULL
, 0, NULL
,
712 /* MLME-SETPROTECTION.request(None) */
713 wpa_drv_mlme_setprotection(
715 MLME_SETPROTECTION_PROTECT_TYPE_NONE
,
716 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE
);
718 wpa_s
->keys_cleared
= (u32
) -1;
723 * wpa_supplicant_state_txt - Get the connection state name as a text string
724 * @state: State (wpa_state; WPA_*)
725 * Returns: The state name as a printable text string
727 const char * wpa_supplicant_state_txt(enum wpa_states state
)
730 case WPA_DISCONNECTED
:
731 return "DISCONNECTED";
734 case WPA_INTERFACE_DISABLED
:
735 return "INTERFACE_DISABLED";
738 case WPA_AUTHENTICATING
:
739 return "AUTHENTICATING";
740 case WPA_ASSOCIATING
:
741 return "ASSOCIATING";
744 case WPA_4WAY_HANDSHAKE
:
745 return "4WAY_HANDSHAKE";
746 case WPA_GROUP_HANDSHAKE
:
747 return "GROUP_HANDSHAKE";
758 static void wpa_supplicant_start_bgscan(struct wpa_supplicant
*wpa_s
)
762 if (wpa_s
->current_ssid
&& wpa_s
->current_ssid
->bgscan
)
763 name
= wpa_s
->current_ssid
->bgscan
;
765 name
= wpa_s
->conf
->bgscan
;
766 if (name
== NULL
|| name
[0] == '\0')
768 if (wpas_driver_bss_selection(wpa_s
))
770 if (wpa_s
->current_ssid
== wpa_s
->bgscan_ssid
)
773 if (wpa_s
->p2p_group_interface
!= NOT_P2P_GROUP_INTERFACE
)
775 #endif /* CONFIG_P2P */
777 bgscan_deinit(wpa_s
);
778 if (wpa_s
->current_ssid
) {
779 if (bgscan_init(wpa_s
, wpa_s
->current_ssid
, name
)) {
780 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize "
783 * Live without bgscan; it is only used as a roaming
784 * optimization, so the initial connection is not
788 struct wpa_scan_results
*scan_res
;
789 wpa_s
->bgscan_ssid
= wpa_s
->current_ssid
;
790 scan_res
= wpa_supplicant_get_scan_results(wpa_s
, NULL
,
793 bgscan_notify_scan(wpa_s
, scan_res
);
794 wpa_scan_results_free(scan_res
);
798 wpa_s
->bgscan_ssid
= NULL
;
802 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant
*wpa_s
)
804 if (wpa_s
->bgscan_ssid
!= NULL
) {
805 bgscan_deinit(wpa_s
);
806 wpa_s
->bgscan_ssid
= NULL
;
810 #endif /* CONFIG_BGSCAN */
813 static void wpa_supplicant_start_autoscan(struct wpa_supplicant
*wpa_s
)
815 if (autoscan_init(wpa_s
, 0))
816 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize autoscan");
820 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant
*wpa_s
)
822 autoscan_deinit(wpa_s
);
826 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant
*wpa_s
)
828 if (wpa_s
->wpa_state
== WPA_DISCONNECTED
||
829 wpa_s
->wpa_state
== WPA_SCANNING
) {
830 autoscan_deinit(wpa_s
);
831 wpa_supplicant_start_autoscan(wpa_s
);
837 * wpa_supplicant_set_state - Set current connection state
838 * @wpa_s: Pointer to wpa_supplicant data
839 * @state: The new connection state
841 * This function is called whenever the connection state changes, e.g.,
842 * association is completed for WPA/WPA2 4-Way Handshake is started.
844 void wpa_supplicant_set_state(struct wpa_supplicant
*wpa_s
,
845 enum wpa_states state
)
847 enum wpa_states old_state
= wpa_s
->wpa_state
;
849 wpa_dbg(wpa_s
, MSG_DEBUG
, "State: %s -> %s",
850 wpa_supplicant_state_txt(wpa_s
->wpa_state
),
851 wpa_supplicant_state_txt(state
));
853 if (state
== WPA_COMPLETED
&&
854 os_reltime_initialized(&wpa_s
->roam_start
)) {
855 os_reltime_age(&wpa_s
->roam_start
, &wpa_s
->roam_time
);
856 wpa_s
->roam_start
.sec
= 0;
857 wpa_s
->roam_start
.usec
= 0;
858 wpas_notify_auth_changed(wpa_s
);
859 wpas_notify_roam_time(wpa_s
);
860 wpas_notify_roam_complete(wpa_s
);
861 } else if (state
== WPA_DISCONNECTED
&&
862 os_reltime_initialized(&wpa_s
->roam_start
)) {
863 wpa_s
->roam_start
.sec
= 0;
864 wpa_s
->roam_start
.usec
= 0;
865 wpa_s
->roam_time
.sec
= 0;
866 wpa_s
->roam_time
.usec
= 0;
867 wpas_notify_roam_complete(wpa_s
);
870 if (state
== WPA_INTERFACE_DISABLED
) {
871 /* Assure normal scan when interface is restored */
872 wpa_s
->normal_scans
= 0;
875 if (state
== WPA_COMPLETED
) {
876 wpas_connect_work_done(wpa_s
);
877 /* Reinitialize normal_scan counter */
878 wpa_s
->normal_scans
= 0;
883 * P2PS client has to reply to Probe Request frames received on the
884 * group operating channel. Enable Probe Request frame reporting for
885 * P2P connected client in case p2p_cli_probe configuration property is
888 if (wpa_s
->conf
->p2p_cli_probe
&& wpa_s
->current_ssid
&&
889 wpa_s
->current_ssid
->mode
== WPAS_MODE_INFRA
&&
890 wpa_s
->current_ssid
->p2p_group
) {
891 if (state
== WPA_COMPLETED
&& !wpa_s
->p2p_cli_probe
) {
892 wpa_dbg(wpa_s
, MSG_DEBUG
,
893 "P2P: Enable CLI Probe Request RX reporting");
894 wpa_s
->p2p_cli_probe
=
895 wpa_drv_probe_req_report(wpa_s
, 1) >= 0;
896 } else if (state
!= WPA_COMPLETED
&& wpa_s
->p2p_cli_probe
) {
897 wpa_dbg(wpa_s
, MSG_DEBUG
,
898 "P2P: Disable CLI Probe Request RX reporting");
899 wpa_s
->p2p_cli_probe
= 0;
900 wpa_drv_probe_req_report(wpa_s
, 0);
903 #endif /* CONFIG_P2P */
905 if (state
!= WPA_SCANNING
)
906 wpa_supplicant_notify_scanning(wpa_s
, 0);
908 if (state
== WPA_COMPLETED
&& wpa_s
->new_connection
) {
909 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
910 int fils_hlp_sent
= 0;
913 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
914 wpa_auth_alg_fils(wpa_s
->sme
.auth_alg
))
916 #endif /* CONFIG_SME */
917 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
918 wpa_auth_alg_fils(wpa_s
->auth_alg
))
921 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
922 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_CONNECTED
"- Connection to "
923 MACSTR
" completed [id=%d id_str=%s%s]",
924 MAC2STR(wpa_s
->bssid
),
925 ssid
? ssid
->id
: -1,
926 ssid
&& ssid
->id_str
? ssid
->id_str
: "",
927 fils_hlp_sent
? " FILS_HLP_SENT" : "");
928 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
929 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
930 wpa_blacklist_clear(wpa_s
);
931 wpa_s
->extra_blacklist_count
= 0;
932 wpa_s
->new_connection
= 0;
933 wpa_drv_set_operstate(wpa_s
, 1);
934 #ifndef IEEE8021X_EAPOL
935 wpa_drv_set_supp_port(wpa_s
, 1);
936 #endif /* IEEE8021X_EAPOL */
937 wpa_s
->after_wps
= 0;
938 wpa_s
->known_wps_freq
= 0;
939 wpas_p2p_completed(wpa_s
);
941 sme_sched_obss_scan(wpa_s
, 1);
943 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
944 if (!fils_hlp_sent
&& ssid
&& ssid
->eap
.erp
)
945 wpas_update_fils_connect_params(wpa_s
);
946 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
947 } else if (state
== WPA_DISCONNECTED
|| state
== WPA_ASSOCIATING
||
948 state
== WPA_ASSOCIATED
) {
949 wpa_s
->new_connection
= 1;
950 wpa_drv_set_operstate(wpa_s
, 0);
951 #ifndef IEEE8021X_EAPOL
952 wpa_drv_set_supp_port(wpa_s
, 0);
953 #endif /* IEEE8021X_EAPOL */
954 sme_sched_obss_scan(wpa_s
, 0);
956 wpa_s
->wpa_state
= state
;
959 if (state
== WPA_COMPLETED
)
960 wpa_supplicant_start_bgscan(wpa_s
);
961 else if (state
< WPA_ASSOCIATED
)
962 wpa_supplicant_stop_bgscan(wpa_s
);
963 #endif /* CONFIG_BGSCAN */
965 if (state
> WPA_SCANNING
)
966 wpa_supplicant_stop_autoscan(wpa_s
);
968 if (state
== WPA_DISCONNECTED
|| state
== WPA_INACTIVE
)
969 wpa_supplicant_start_autoscan(wpa_s
);
971 if (old_state
>= WPA_ASSOCIATED
&& wpa_s
->wpa_state
< WPA_ASSOCIATED
)
972 wmm_ac_notify_disassoc(wpa_s
);
974 if (wpa_s
->wpa_state
!= old_state
) {
975 wpas_notify_state_changed(wpa_s
, wpa_s
->wpa_state
, old_state
);
978 * Notify the P2P Device interface about a state change in one
981 wpas_p2p_indicate_state_change(wpa_s
);
983 if (wpa_s
->wpa_state
== WPA_COMPLETED
||
984 old_state
== WPA_COMPLETED
)
985 wpas_notify_auth_changed(wpa_s
);
990 void wpa_supplicant_terminate_proc(struct wpa_global
*global
)
994 struct wpa_supplicant
*wpa_s
= global
->ifaces
;
996 struct wpa_supplicant
*next
= wpa_s
->next
;
997 if (wpas_wps_terminate_pending(wpa_s
) == 1)
1000 if (wpa_s
->p2p_group_interface
!= NOT_P2P_GROUP_INTERFACE
||
1001 (wpa_s
->current_ssid
&& wpa_s
->current_ssid
->p2p_group
))
1002 wpas_p2p_disconnect(wpa_s
);
1003 #endif /* CONFIG_P2P */
1006 #endif /* CONFIG_WPS */
1013 static void wpa_supplicant_terminate(int sig
, void *signal_ctx
)
1015 struct wpa_global
*global
= signal_ctx
;
1016 wpa_supplicant_terminate_proc(global
);
1020 void wpa_supplicant_clear_status(struct wpa_supplicant
*wpa_s
)
1022 enum wpa_states old_state
= wpa_s
->wpa_state
;
1024 wpa_s
->pairwise_cipher
= 0;
1025 wpa_s
->group_cipher
= 0;
1026 wpa_s
->mgmt_group_cipher
= 0;
1027 wpa_s
->key_mgmt
= 0;
1028 if (wpa_s
->wpa_state
!= WPA_INTERFACE_DISABLED
)
1029 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
1031 if (wpa_s
->wpa_state
!= old_state
)
1032 wpas_notify_state_changed(wpa_s
, wpa_s
->wpa_state
, old_state
);
1037 * wpa_supplicant_reload_configuration - Reload configuration data
1038 * @wpa_s: Pointer to wpa_supplicant data
1039 * Returns: 0 on success or -1 if configuration parsing failed
1041 * This function can be used to request that the configuration data is reloaded
1042 * (e.g., after configuration file change). This function is reloading
1043 * configuration only for one interface, so this may need to be called multiple
1044 * times if %wpa_supplicant is controlling multiple interfaces and all
1045 * interfaces need reconfiguration.
1047 int wpa_supplicant_reload_configuration(struct wpa_supplicant
*wpa_s
)
1049 struct wpa_config
*conf
;
1053 if (wpa_s
->confname
== NULL
)
1055 conf
= wpa_config_read(wpa_s
->confname
, NULL
);
1057 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to parse the configuration "
1058 "file '%s' - exiting", wpa_s
->confname
);
1061 if (wpa_s
->confanother
&&
1062 !wpa_config_read(wpa_s
->confanother
, conf
)) {
1063 wpa_msg(wpa_s
, MSG_ERROR
,
1064 "Failed to parse the configuration file '%s' - exiting",
1065 wpa_s
->confanother
);
1069 conf
->changed_parameters
= (unsigned int) -1;
1071 reconf_ctrl
= !!conf
->ctrl_interface
!= !!wpa_s
->conf
->ctrl_interface
1072 || (conf
->ctrl_interface
&& wpa_s
->conf
->ctrl_interface
&&
1073 os_strcmp(conf
->ctrl_interface
,
1074 wpa_s
->conf
->ctrl_interface
) != 0);
1076 if (reconf_ctrl
&& wpa_s
->ctrl_iface
) {
1077 wpa_supplicant_ctrl_iface_deinit(wpa_s
->ctrl_iface
);
1078 wpa_s
->ctrl_iface
= NULL
;
1081 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
1082 if (wpa_s
->current_ssid
) {
1083 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
1084 wpa_s
->own_disconnect_req
= 1;
1085 wpa_supplicant_deauthenticate(wpa_s
,
1086 WLAN_REASON_DEAUTH_LEAVING
);
1090 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1091 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1093 if (wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
1094 wpa_s
->key_mgmt
== WPA_KEY_MGMT_OWE
||
1095 wpa_s
->key_mgmt
== WPA_KEY_MGMT_DPP
) {
1097 * Clear forced success to clear EAP state for next
1100 eapol_sm_notify_eap_success(wpa_s
->eapol
, FALSE
);
1102 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
1103 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
1104 wpa_sm_pmksa_cache_flush(wpa_s
->wpa
, NULL
);
1105 wpa_sm_set_fast_reauth(wpa_s
->wpa
, wpa_s
->conf
->fast_reauth
);
1106 rsn_preauth_deinit(wpa_s
->wpa
);
1108 old_ap_scan
= wpa_s
->conf
->ap_scan
;
1109 wpa_config_free(wpa_s
->conf
);
1111 if (old_ap_scan
!= wpa_s
->conf
->ap_scan
)
1112 wpas_notify_ap_scan_changed(wpa_s
);
1115 wpa_s
->ctrl_iface
= wpa_supplicant_ctrl_iface_init(wpa_s
);
1117 wpa_supplicant_update_config(wpa_s
);
1119 wpa_supplicant_clear_status(wpa_s
);
1120 if (wpa_supplicant_enabled_networks(wpa_s
)) {
1121 wpa_s
->reassociate
= 1;
1122 wpa_supplicant_req_scan(wpa_s
, 0, 0);
1124 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reconfiguration completed");
1129 static void wpa_supplicant_reconfig(int sig
, void *signal_ctx
)
1131 struct wpa_global
*global
= signal_ctx
;
1132 struct wpa_supplicant
*wpa_s
;
1133 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
1134 wpa_dbg(wpa_s
, MSG_DEBUG
, "Signal %d received - reconfiguring",
1136 if (wpa_supplicant_reload_configuration(wpa_s
) < 0) {
1137 wpa_supplicant_terminate_proc(global
);
1141 if (wpa_debug_reopen_file() < 0) {
1142 /* Ignore errors since we cannot really do much to fix this */
1143 wpa_printf(MSG_DEBUG
, "Could not reopen debug log file");
1148 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant
*wpa_s
,
1149 struct wpa_ssid
*ssid
,
1150 struct wpa_ie_data
*ie
)
1152 int ret
= wpa_sm_parse_own_wpa_ie(wpa_s
->wpa
, ie
);
1155 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Failed to parse WPA IE "
1156 "from association info");
1161 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Using WPA IE from AssocReq to set "
1163 if (!(ie
->group_cipher
& ssid
->group_cipher
)) {
1164 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled group "
1165 "cipher 0x%x (mask 0x%x) - reject",
1166 ie
->group_cipher
, ssid
->group_cipher
);
1169 if (!(ie
->pairwise_cipher
& ssid
->pairwise_cipher
)) {
1170 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled pairwise "
1171 "cipher 0x%x (mask 0x%x) - reject",
1172 ie
->pairwise_cipher
, ssid
->pairwise_cipher
);
1175 if (!(ie
->key_mgmt
& ssid
->key_mgmt
)) {
1176 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled key "
1177 "management 0x%x (mask 0x%x) - reject",
1178 ie
->key_mgmt
, ssid
->key_mgmt
);
1182 #ifdef CONFIG_IEEE80211W
1183 if (!(ie
->capabilities
& WPA_CAPABILITY_MFPC
) &&
1184 wpas_get_ssid_pmf(wpa_s
, ssid
) == MGMT_FRAME_PROTECTION_REQUIRED
) {
1185 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver associated with an AP "
1186 "that does not support management frame protection - "
1190 #endif /* CONFIG_IEEE80211W */
1196 static int matching_ciphers(struct wpa_ssid
*ssid
, struct wpa_ie_data
*ie
,
1200 ie
->group_cipher
= wpa_default_rsn_cipher(freq
);
1201 if (!ie
->has_pairwise
)
1202 ie
->pairwise_cipher
= wpa_default_rsn_cipher(freq
);
1203 return (ie
->group_cipher
& ssid
->group_cipher
) &&
1204 (ie
->pairwise_cipher
& ssid
->pairwise_cipher
);
1209 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1210 * @wpa_s: Pointer to wpa_supplicant data
1211 * @bss: Scan results for the selected BSS, or %NULL if not available
1212 * @ssid: Configuration data for the selected network
1213 * @wpa_ie: Buffer for the WPA/RSN IE
1214 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1215 * used buffer length in case the functions returns success.
1216 * Returns: 0 on success or -1 on failure
1218 * This function is used to configure authentication and encryption parameters
1219 * based on the network configuration and scan result for the selected BSS (if
1222 int wpa_supplicant_set_suites(struct wpa_supplicant
*wpa_s
,
1223 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
,
1224 u8
*wpa_ie
, size_t *wpa_ie_len
)
1226 struct wpa_ie_data ie
;
1228 const u8
*bss_wpa
, *bss_rsn
, *bss_osen
;
1231 bss_wpa
= wpa_bss_get_vendor_ie(bss
, WPA_IE_VENDOR_TYPE
);
1232 bss_rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
1233 bss_osen
= wpa_bss_get_vendor_ie(bss
, OSEN_IE_VENDOR_TYPE
);
1235 bss_wpa
= bss_rsn
= bss_osen
= NULL
;
1237 if (bss_rsn
&& (ssid
->proto
& WPA_PROTO_RSN
) &&
1238 wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
) == 0 &&
1239 matching_ciphers(ssid
, &ie
, bss
->freq
) &&
1240 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1241 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using IEEE 802.11i/D9.0");
1242 proto
= WPA_PROTO_RSN
;
1243 } else if (bss_wpa
&& (ssid
->proto
& WPA_PROTO_WPA
) &&
1244 wpa_parse_wpa_ie(bss_wpa
, 2 + bss_wpa
[1], &ie
) == 0 &&
1245 (ie
.group_cipher
& ssid
->group_cipher
) &&
1246 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1247 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1248 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using IEEE 802.11i/D3.0");
1249 proto
= WPA_PROTO_WPA
;
1251 } else if (bss_osen
&& (ssid
->proto
& WPA_PROTO_OSEN
) &&
1252 wpa_parse_wpa_ie(bss_osen
, 2 + bss_osen
[1], &ie
) == 0 &&
1253 (ie
.group_cipher
& ssid
->group_cipher
) &&
1254 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1255 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1256 wpa_dbg(wpa_s
, MSG_DEBUG
, "HS 2.0: using OSEN");
1257 proto
= WPA_PROTO_OSEN
;
1258 } else if (bss_rsn
&& (ssid
->proto
& WPA_PROTO_OSEN
) &&
1259 wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
) == 0 &&
1260 (ie
.group_cipher
& ssid
->group_cipher
) &&
1261 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1262 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1263 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using OSEN (within RSN)");
1264 proto
= WPA_PROTO_RSN
;
1265 #endif /* CONFIG_HS20 */
1267 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select WPA/RSN");
1268 wpa_dbg(wpa_s
, MSG_DEBUG
,
1269 "WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1270 ssid
->proto
, ssid
->pairwise_cipher
, ssid
->group_cipher
,
1272 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: BSS " MACSTR
" ssid='%s'%s%s%s",
1273 MAC2STR(bss
->bssid
),
1274 wpa_ssid_txt(bss
->ssid
, bss
->ssid_len
),
1275 bss_wpa
? " WPA" : "",
1276 bss_rsn
? " RSN" : "",
1277 bss_osen
? " OSEN" : "");
1279 wpa_hexdump(MSG_DEBUG
, "RSN", bss_rsn
, 2 + bss_rsn
[1]);
1280 if (wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
)) {
1281 wpa_dbg(wpa_s
, MSG_DEBUG
,
1282 "Could not parse RSN element");
1284 wpa_dbg(wpa_s
, MSG_DEBUG
,
1285 "RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1286 ie
.pairwise_cipher
, ie
.group_cipher
,
1291 wpa_hexdump(MSG_DEBUG
, "WPA", bss_wpa
, 2 + bss_wpa
[1]);
1292 if (wpa_parse_wpa_ie(bss_wpa
, 2 + bss_wpa
[1], &ie
)) {
1293 wpa_dbg(wpa_s
, MSG_DEBUG
,
1294 "Could not parse WPA element");
1296 wpa_dbg(wpa_s
, MSG_DEBUG
,
1297 "WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1298 ie
.pairwise_cipher
, ie
.group_cipher
,
1304 if (ssid
->proto
& WPA_PROTO_OSEN
)
1305 proto
= WPA_PROTO_OSEN
;
1306 else if (ssid
->proto
& WPA_PROTO_RSN
)
1307 proto
= WPA_PROTO_RSN
;
1309 proto
= WPA_PROTO_WPA
;
1310 if (wpa_supplicant_suites_from_ai(wpa_s
, ssid
, &ie
) < 0) {
1311 os_memset(&ie
, 0, sizeof(ie
));
1312 ie
.group_cipher
= ssid
->group_cipher
;
1313 ie
.pairwise_cipher
= ssid
->pairwise_cipher
;
1314 ie
.key_mgmt
= ssid
->key_mgmt
;
1315 #ifdef CONFIG_IEEE80211W
1316 ie
.mgmt_group_cipher
= 0;
1317 if (ssid
->ieee80211w
!= NO_MGMT_FRAME_PROTECTION
) {
1318 if (ssid
->group_mgmt_cipher
&
1319 WPA_CIPHER_BIP_GMAC_256
)
1320 ie
.mgmt_group_cipher
=
1321 WPA_CIPHER_BIP_GMAC_256
;
1322 else if (ssid
->group_mgmt_cipher
&
1323 WPA_CIPHER_BIP_CMAC_256
)
1324 ie
.mgmt_group_cipher
=
1325 WPA_CIPHER_BIP_CMAC_256
;
1326 else if (ssid
->group_mgmt_cipher
&
1327 WPA_CIPHER_BIP_GMAC_128
)
1328 ie
.mgmt_group_cipher
=
1329 WPA_CIPHER_BIP_GMAC_128
;
1331 ie
.mgmt_group_cipher
=
1332 WPA_CIPHER_AES_128_CMAC
;
1334 #endif /* CONFIG_IEEE80211W */
1336 if ((ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
) &&
1338 !bss_wpa
&& !bss_rsn
&& !bss_osen
) {
1339 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
1340 wpa_s
->wpa_proto
= 0;
1344 #endif /* CONFIG_OWE */
1345 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Set cipher suites "
1346 "based on configuration");
1351 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected cipher suites: group %d "
1352 "pairwise %d key_mgmt %d proto %d",
1353 ie
.group_cipher
, ie
.pairwise_cipher
, ie
.key_mgmt
, proto
);
1354 #ifdef CONFIG_IEEE80211W
1355 if (ssid
->ieee80211w
) {
1356 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected mgmt group cipher %d",
1357 ie
.mgmt_group_cipher
);
1359 #endif /* CONFIG_IEEE80211W */
1361 wpa_s
->wpa_proto
= proto
;
1362 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PROTO
, proto
);
1363 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_RSN_ENABLED
,
1364 !!(ssid
->proto
& (WPA_PROTO_RSN
| WPA_PROTO_OSEN
)));
1366 if (bss
|| !wpa_s
->ap_ies_from_associnfo
) {
1367 if (wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, bss_wpa
,
1368 bss_wpa
? 2 + bss_wpa
[1] : 0) ||
1369 wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, bss_rsn
,
1370 bss_rsn
? 2 + bss_rsn
[1] : 0))
1374 #ifdef CONFIG_NO_WPA
1375 wpa_s
->group_cipher
= WPA_CIPHER_NONE
;
1376 wpa_s
->pairwise_cipher
= WPA_CIPHER_NONE
;
1377 #else /* CONFIG_NO_WPA */
1378 sel
= ie
.group_cipher
& ssid
->group_cipher
;
1379 wpa_dbg(wpa_s
, MSG_DEBUG
,
1380 "WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
1381 ie
.group_cipher
, ssid
->group_cipher
, sel
);
1382 wpa_s
->group_cipher
= wpa_pick_group_cipher(sel
);
1383 if (wpa_s
->group_cipher
< 0) {
1384 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select group "
1388 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using GTK %s",
1389 wpa_cipher_txt(wpa_s
->group_cipher
));
1391 sel
= ie
.pairwise_cipher
& ssid
->pairwise_cipher
;
1392 wpa_dbg(wpa_s
, MSG_DEBUG
,
1393 "WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
1394 ie
.pairwise_cipher
, ssid
->pairwise_cipher
, sel
);
1395 wpa_s
->pairwise_cipher
= wpa_pick_pairwise_cipher(sel
, 1);
1396 if (wpa_s
->pairwise_cipher
< 0) {
1397 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select pairwise "
1401 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using PTK %s",
1402 wpa_cipher_txt(wpa_s
->pairwise_cipher
));
1403 #endif /* CONFIG_NO_WPA */
1405 sel
= ie
.key_mgmt
& ssid
->key_mgmt
;
1406 wpa_dbg(wpa_s
, MSG_DEBUG
,
1407 "WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
1408 ie
.key_mgmt
, ssid
->key_mgmt
, sel
);
1410 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SAE
))
1411 sel
&= ~(WPA_KEY_MGMT_SAE
| WPA_KEY_MGMT_FT_SAE
);
1412 #endif /* CONFIG_SAE */
1414 #ifdef CONFIG_IEEE80211R
1415 #ifdef CONFIG_SHA384
1416 } else if (sel
& WPA_KEY_MGMT_FT_IEEE8021X_SHA384
) {
1417 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_IEEE8021X_SHA384
;
1418 wpa_dbg(wpa_s
, MSG_DEBUG
,
1419 "WPA: using KEY_MGMT FT/802.1X-SHA384");
1420 if (pmksa_cache_get_current(wpa_s
->wpa
)) {
1421 /* PMKSA caching with FT is not fully functional, so
1422 * disable the case for now. */
1423 wpa_dbg(wpa_s
, MSG_DEBUG
,
1424 "WPA: Disable PMKSA caching for FT/802.1X connection");
1425 pmksa_cache_clear_current(wpa_s
->wpa
);
1427 #endif /* CONFIG_SHA384 */
1428 #endif /* CONFIG_IEEE80211R */
1429 #ifdef CONFIG_SUITEB192
1430 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
) {
1431 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
;
1432 wpa_dbg(wpa_s
, MSG_DEBUG
,
1433 "WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1434 #endif /* CONFIG_SUITEB192 */
1435 #ifdef CONFIG_SUITEB
1436 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SUITE_B
) {
1437 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SUITE_B
;
1438 wpa_dbg(wpa_s
, MSG_DEBUG
,
1439 "WPA: using KEY_MGMT 802.1X with Suite B");
1440 #endif /* CONFIG_SUITEB */
1442 #ifdef CONFIG_IEEE80211R
1443 } else if (sel
& WPA_KEY_MGMT_FT_FILS_SHA384
) {
1444 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_FILS_SHA384
;
1445 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT-FILS-SHA384");
1446 } else if (sel
& WPA_KEY_MGMT_FT_FILS_SHA256
) {
1447 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_FILS_SHA256
;
1448 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT-FILS-SHA256");
1449 #endif /* CONFIG_IEEE80211R */
1450 } else if (sel
& WPA_KEY_MGMT_FILS_SHA384
) {
1451 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FILS_SHA384
;
1452 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FILS-SHA384");
1453 } else if (sel
& WPA_KEY_MGMT_FILS_SHA256
) {
1454 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FILS_SHA256
;
1455 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FILS-SHA256");
1456 #endif /* CONFIG_FILS */
1457 #ifdef CONFIG_IEEE80211R
1458 } else if (sel
& WPA_KEY_MGMT_FT_IEEE8021X
) {
1459 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_IEEE8021X
;
1460 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT/802.1X");
1461 if (pmksa_cache_get_current(wpa_s
->wpa
)) {
1462 /* PMKSA caching with FT is not fully functional, so
1463 * disable the case for now. */
1464 wpa_dbg(wpa_s
, MSG_DEBUG
,
1465 "WPA: Disable PMKSA caching for FT/802.1X connection");
1466 pmksa_cache_clear_current(wpa_s
->wpa
);
1468 #endif /* CONFIG_IEEE80211R */
1470 } else if (sel
& WPA_KEY_MGMT_DPP
) {
1471 wpa_s
->key_mgmt
= WPA_KEY_MGMT_DPP
;
1472 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT DPP");
1473 #endif /* CONFIG_DPP */
1475 } else if (sel
& WPA_KEY_MGMT_FT_SAE
) {
1476 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_SAE
;
1477 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT FT/SAE");
1478 } else if (sel
& WPA_KEY_MGMT_SAE
) {
1479 wpa_s
->key_mgmt
= WPA_KEY_MGMT_SAE
;
1480 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT SAE");
1481 #endif /* CONFIG_SAE */
1482 #ifdef CONFIG_IEEE80211R
1483 } else if (sel
& WPA_KEY_MGMT_FT_PSK
) {
1484 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_PSK
;
1485 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT/PSK");
1486 #endif /* CONFIG_IEEE80211R */
1487 #ifdef CONFIG_IEEE80211W
1488 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SHA256
) {
1489 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SHA256
;
1490 wpa_dbg(wpa_s
, MSG_DEBUG
,
1491 "WPA: using KEY_MGMT 802.1X with SHA256");
1492 } else if (sel
& WPA_KEY_MGMT_PSK_SHA256
) {
1493 wpa_s
->key_mgmt
= WPA_KEY_MGMT_PSK_SHA256
;
1494 wpa_dbg(wpa_s
, MSG_DEBUG
,
1495 "WPA: using KEY_MGMT PSK with SHA256");
1496 #endif /* CONFIG_IEEE80211W */
1497 } else if (sel
& WPA_KEY_MGMT_IEEE8021X
) {
1498 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X
;
1499 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT 802.1X");
1500 } else if (sel
& WPA_KEY_MGMT_PSK
) {
1501 wpa_s
->key_mgmt
= WPA_KEY_MGMT_PSK
;
1502 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT WPA-PSK");
1503 } else if (sel
& WPA_KEY_MGMT_WPA_NONE
) {
1504 wpa_s
->key_mgmt
= WPA_KEY_MGMT_WPA_NONE
;
1505 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT WPA-NONE");
1507 } else if (sel
& WPA_KEY_MGMT_OSEN
) {
1508 wpa_s
->key_mgmt
= WPA_KEY_MGMT_OSEN
;
1509 wpa_dbg(wpa_s
, MSG_DEBUG
, "HS 2.0: using KEY_MGMT OSEN");
1510 #endif /* CONFIG_HS20 */
1512 } else if (sel
& WPA_KEY_MGMT_OWE
) {
1513 wpa_s
->key_mgmt
= WPA_KEY_MGMT_OWE
;
1514 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT OWE");
1515 #endif /* CONFIG_OWE */
1517 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select "
1518 "authenticated key management type");
1522 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_KEY_MGMT
, wpa_s
->key_mgmt
);
1523 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PAIRWISE
,
1524 wpa_s
->pairwise_cipher
);
1525 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_GROUP
, wpa_s
->group_cipher
);
1527 #ifdef CONFIG_IEEE80211W
1528 sel
= ie
.mgmt_group_cipher
;
1529 if (ssid
->group_mgmt_cipher
)
1530 sel
&= ssid
->group_mgmt_cipher
;
1531 if (wpas_get_ssid_pmf(wpa_s
, ssid
) == NO_MGMT_FRAME_PROTECTION
||
1532 !(ie
.capabilities
& WPA_CAPABILITY_MFPC
))
1534 wpa_dbg(wpa_s
, MSG_DEBUG
,
1535 "WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
1536 ie
.mgmt_group_cipher
, ssid
->group_mgmt_cipher
, sel
);
1537 if (sel
& WPA_CIPHER_AES_128_CMAC
) {
1538 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_AES_128_CMAC
;
1539 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1541 } else if (sel
& WPA_CIPHER_BIP_GMAC_128
) {
1542 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_GMAC_128
;
1543 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1545 } else if (sel
& WPA_CIPHER_BIP_GMAC_256
) {
1546 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_GMAC_256
;
1547 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1549 } else if (sel
& WPA_CIPHER_BIP_CMAC_256
) {
1550 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_CMAC_256
;
1551 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1554 wpa_s
->mgmt_group_cipher
= 0;
1555 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: not using MGMT group cipher");
1557 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MGMT_GROUP
,
1558 wpa_s
->mgmt_group_cipher
);
1559 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MFP
,
1560 wpas_get_ssid_pmf(wpa_s
, ssid
));
1561 #endif /* CONFIG_IEEE80211W */
1563 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_OCV
, ssid
->ocv
);
1564 #endif /* CONFIG_OCV */
1566 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s
->wpa
, wpa_ie
, wpa_ie_len
)) {
1567 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to generate WPA IE");
1573 } else if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_DPP
) {
1574 /* Use PMK from DPP network introduction (PMKSA entry) */
1575 wpa_sm_set_pmk_from_pmksa(wpa_s
->wpa
);
1576 #endif /* CONFIG_DPP */
1577 } else if (wpa_key_mgmt_wpa_psk(ssid
->key_mgmt
)) {
1581 sae_only
= (ssid
->key_mgmt
& (WPA_KEY_MGMT_PSK
|
1582 WPA_KEY_MGMT_FT_PSK
|
1583 WPA_KEY_MGMT_PSK_SHA256
)) == 0;
1585 if (ssid
->psk_set
&& !sae_only
) {
1586 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (set in config)",
1587 ssid
->psk
, PMK_LEN
);
1588 wpa_sm_set_pmk(wpa_s
->wpa
, ssid
->psk
, PMK_LEN
, NULL
,
1593 if (wpa_key_mgmt_sae(ssid
->key_mgmt
) &&
1594 (ssid
->sae_password
|| ssid
->passphrase
))
1597 #ifndef CONFIG_NO_PBKDF2
1598 if (bss
&& ssid
->bssid_set
&& ssid
->ssid_len
== 0 &&
1599 ssid
->passphrase
&& !sae_only
) {
1601 pbkdf2_sha1(ssid
->passphrase
, bss
->ssid
, bss
->ssid_len
,
1602 4096, psk
, PMK_LEN
);
1603 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (from passphrase)",
1605 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
, NULL
);
1607 os_memset(psk
, 0, sizeof(psk
));
1609 #endif /* CONFIG_NO_PBKDF2 */
1610 #ifdef CONFIG_EXT_PASSWORD
1611 if (ssid
->ext_psk
&& !sae_only
) {
1612 struct wpabuf
*pw
= ext_password_get(wpa_s
->ext_pw
,
1614 char pw_str
[64 + 1];
1618 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: No PSK "
1619 "found from external storage");
1623 if (wpabuf_len(pw
) < 8 || wpabuf_len(pw
) > 64) {
1624 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: Unexpected "
1625 "PSK length %d in external storage",
1626 (int) wpabuf_len(pw
));
1627 ext_password_free(pw
);
1631 os_memcpy(pw_str
, wpabuf_head(pw
), wpabuf_len(pw
));
1632 pw_str
[wpabuf_len(pw
)] = '\0';
1634 #ifndef CONFIG_NO_PBKDF2
1635 if (wpabuf_len(pw
) >= 8 && wpabuf_len(pw
) < 64 && bss
)
1637 pbkdf2_sha1(pw_str
, bss
->ssid
, bss
->ssid_len
,
1638 4096, psk
, PMK_LEN
);
1639 os_memset(pw_str
, 0, sizeof(pw_str
));
1640 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (from "
1641 "external passphrase)",
1643 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
,
1646 os_memset(psk
, 0, sizeof(psk
));
1648 #endif /* CONFIG_NO_PBKDF2 */
1649 if (wpabuf_len(pw
) == 2 * PMK_LEN
) {
1650 if (hexstr2bin(pw_str
, psk
, PMK_LEN
) < 0) {
1651 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: "
1652 "Invalid PSK hex string");
1653 os_memset(pw_str
, 0, sizeof(pw_str
));
1654 ext_password_free(pw
);
1657 wpa_hexdump_key(MSG_MSGDUMP
,
1658 "PSK (from external PSK)",
1660 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
,
1663 os_memset(psk
, 0, sizeof(psk
));
1665 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: No suitable "
1667 os_memset(pw_str
, 0, sizeof(pw_str
));
1668 ext_password_free(pw
);
1672 os_memset(pw_str
, 0, sizeof(pw_str
));
1673 ext_password_free(pw
);
1675 #endif /* CONFIG_EXT_PASSWORD */
1678 wpa_msg(wpa_s
, MSG_INFO
,
1679 "No PSK available for association");
1680 wpas_auth_failed(wpa_s
, "NO_PSK_AVAILABLE");
1684 } else if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_OWE
) {
1685 /* OWE Diffie-Hellman exchange in (Re)Association
1686 * Request/Response frames set the PMK, so do not override it
1688 #endif /* CONFIG_OWE */
1690 wpa_sm_set_pmk_from_pmksa(wpa_s
->wpa
);
1696 static void wpas_ext_capab_byte(struct wpa_supplicant
*wpa_s
, u8
*pos
, int idx
)
1701 case 0: /* Bits 0-7 */
1703 case 1: /* Bits 8-15 */
1704 if (wpa_s
->conf
->coloc_intf_reporting
) {
1705 /* Bit 13 - Collocated Interference Reporting */
1709 case 2: /* Bits 16-23 */
1711 *pos
|= 0x02; /* Bit 17 - WNM-Sleep Mode */
1712 *pos
|= 0x08; /* Bit 19 - BSS Transition */
1713 #endif /* CONFIG_WNM */
1715 case 3: /* Bits 24-31 */
1717 *pos
|= 0x02; /* Bit 25 - SSID List */
1718 #endif /* CONFIG_WNM */
1719 #ifdef CONFIG_INTERWORKING
1720 if (wpa_s
->conf
->interworking
)
1721 *pos
|= 0x80; /* Bit 31 - Interworking */
1722 #endif /* CONFIG_INTERWORKING */
1724 case 4: /* Bits 32-39 */
1725 #ifdef CONFIG_INTERWORKING
1726 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_QOS_MAPPING
)
1727 *pos
|= 0x01; /* Bit 32 - QoS Map */
1728 #endif /* CONFIG_INTERWORKING */
1730 case 5: /* Bits 40-47 */
1732 if (wpa_s
->conf
->hs20
)
1733 *pos
|= 0x40; /* Bit 46 - WNM-Notification */
1734 #endif /* CONFIG_HS20 */
1736 *pos
|= 0x40; /* Bit 46 - WNM-Notification */
1737 #endif /* CONFIG_MBO */
1739 case 6: /* Bits 48-55 */
1741 case 7: /* Bits 56-63 */
1743 case 8: /* Bits 64-71 */
1744 if (wpa_s
->conf
->ftm_responder
)
1745 *pos
|= 0x40; /* Bit 70 - FTM responder */
1746 if (wpa_s
->conf
->ftm_initiator
)
1747 *pos
|= 0x80; /* Bit 71 - FTM initiator */
1749 case 9: /* Bits 72-79 */
1751 if (!wpa_s
->disable_fils
)
1753 #endif /* CONFIG_FILS */
1759 int wpas_build_ext_capab(struct wpa_supplicant
*wpa_s
, u8
*buf
, size_t buflen
)
1764 if (len
< wpa_s
->extended_capa_len
)
1765 len
= wpa_s
->extended_capa_len
;
1766 if (buflen
< (size_t) len
+ 2) {
1767 wpa_printf(MSG_INFO
,
1768 "Not enough room for building extended capabilities element");
1772 *pos
++ = WLAN_EID_EXT_CAPAB
;
1774 for (i
= 0; i
< len
; i
++, pos
++) {
1775 wpas_ext_capab_byte(wpa_s
, pos
, i
);
1777 if (i
< wpa_s
->extended_capa_len
) {
1778 *pos
&= ~wpa_s
->extended_capa_mask
[i
];
1779 *pos
|= wpa_s
->extended_capa
[i
];
1783 while (len
> 0 && buf
[1 + len
] == 0) {
1794 static int wpas_valid_bss(struct wpa_supplicant
*wpa_s
,
1795 struct wpa_bss
*test_bss
)
1797 struct wpa_bss
*bss
;
1799 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
1800 if (bss
== test_bss
)
1808 static int wpas_valid_ssid(struct wpa_supplicant
*wpa_s
,
1809 struct wpa_ssid
*test_ssid
)
1811 struct wpa_ssid
*ssid
;
1813 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
) {
1814 if (ssid
== test_ssid
)
1822 int wpas_valid_bss_ssid(struct wpa_supplicant
*wpa_s
, struct wpa_bss
*test_bss
,
1823 struct wpa_ssid
*test_ssid
)
1825 if (test_bss
&& !wpas_valid_bss(wpa_s
, test_bss
))
1828 return test_ssid
== NULL
|| wpas_valid_ssid(wpa_s
, test_ssid
);
1832 void wpas_connect_work_free(struct wpa_connect_work
*cwork
)
1840 void wpas_connect_work_done(struct wpa_supplicant
*wpa_s
)
1842 struct wpa_connect_work
*cwork
;
1843 struct wpa_radio_work
*work
= wpa_s
->connect_work
;
1848 wpa_s
->connect_work
= NULL
;
1851 wpas_connect_work_free(cwork
);
1852 radio_work_done(work
);
1856 int wpas_update_random_addr(struct wpa_supplicant
*wpa_s
, int style
)
1858 struct os_reltime now
;
1861 os_get_reltime(&now
);
1862 if (wpa_s
->last_mac_addr_style
== style
&&
1863 wpa_s
->last_mac_addr_change
.sec
!= 0 &&
1864 !os_reltime_expired(&now
, &wpa_s
->last_mac_addr_change
,
1865 wpa_s
->conf
->rand_addr_lifetime
)) {
1866 wpa_msg(wpa_s
, MSG_DEBUG
,
1867 "Previously selected random MAC address has not yet expired");
1873 if (random_mac_addr(addr
) < 0)
1877 os_memcpy(addr
, wpa_s
->perm_addr
, ETH_ALEN
);
1878 if (random_mac_addr_keep_oui(addr
) < 0)
1885 if (wpa_drv_set_mac_addr(wpa_s
, addr
) < 0) {
1886 wpa_msg(wpa_s
, MSG_INFO
,
1887 "Failed to set random MAC address");
1891 os_get_reltime(&wpa_s
->last_mac_addr_change
);
1892 wpa_s
->mac_addr_changed
= 1;
1893 wpa_s
->last_mac_addr_style
= style
;
1895 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0) {
1896 wpa_msg(wpa_s
, MSG_INFO
,
1897 "Could not update MAC address information");
1901 wpa_msg(wpa_s
, MSG_DEBUG
, "Using random MAC address " MACSTR
,
1908 int wpas_update_random_addr_disassoc(struct wpa_supplicant
*wpa_s
)
1910 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
||
1911 !wpa_s
->conf
->preassoc_mac_addr
)
1914 return wpas_update_random_addr(wpa_s
, wpa_s
->conf
->preassoc_mac_addr
);
1918 static void wpas_start_assoc_cb(struct wpa_radio_work
*work
, int deinit
);
1921 * wpa_supplicant_associate - Request association
1922 * @wpa_s: Pointer to wpa_supplicant data
1923 * @bss: Scan results for the selected BSS, or %NULL if not available
1924 * @ssid: Configuration data for the selected network
1926 * This function is used to request %wpa_supplicant to associate with a BSS.
1928 void wpa_supplicant_associate(struct wpa_supplicant
*wpa_s
,
1929 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
)
1931 struct wpa_connect_work
*cwork
;
1934 wpa_s
->own_disconnect_req
= 0;
1937 * If we are starting a new connection, any previously pending EAPOL
1938 * RX cannot be valid anymore.
1940 wpabuf_free(wpa_s
->pending_eapol_rx
);
1941 wpa_s
->pending_eapol_rx
= NULL
;
1943 if (ssid
->mac_addr
== -1)
1944 rand_style
= wpa_s
->conf
->mac_addr
;
1946 rand_style
= ssid
->mac_addr
;
1948 wmm_ac_clear_saved_tspecs(wpa_s
);
1949 wpa_s
->reassoc_same_bss
= 0;
1950 wpa_s
->reassoc_same_ess
= 0;
1951 #ifdef CONFIG_TESTING_OPTIONS
1952 wpa_s
->testing_resend_assoc
= 0;
1953 #endif /* CONFIG_TESTING_OPTIONS */
1955 if (wpa_s
->last_ssid
== ssid
) {
1956 wpa_dbg(wpa_s
, MSG_DEBUG
, "Re-association to the same ESS");
1957 wpa_s
->reassoc_same_ess
= 1;
1958 if (wpa_s
->current_bss
&& wpa_s
->current_bss
== bss
) {
1959 wmm_ac_save_tspecs(wpa_s
);
1960 wpa_s
->reassoc_same_bss
= 1;
1961 } else if (wpa_s
->current_bss
&& wpa_s
->current_bss
!= bss
) {
1962 os_get_reltime(&wpa_s
->roam_start
);
1966 if (rand_style
> 0 && !wpa_s
->reassoc_same_ess
) {
1967 if (wpas_update_random_addr(wpa_s
, rand_style
) < 0)
1969 wpa_sm_pmksa_cache_flush(wpa_s
->wpa
, ssid
);
1970 } else if (rand_style
== 0 && wpa_s
->mac_addr_changed
) {
1971 if (wpa_drv_set_mac_addr(wpa_s
, NULL
) < 0) {
1972 wpa_msg(wpa_s
, MSG_INFO
,
1973 "Could not restore permanent MAC address");
1976 wpa_s
->mac_addr_changed
= 0;
1977 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0) {
1978 wpa_msg(wpa_s
, MSG_INFO
,
1979 "Could not update MAC address information");
1982 wpa_msg(wpa_s
, MSG_DEBUG
, "Using permanent MAC address");
1984 wpa_s
->last_ssid
= ssid
;
1986 #ifdef CONFIG_IBSS_RSN
1987 ibss_rsn_deinit(wpa_s
->ibss_rsn
);
1988 wpa_s
->ibss_rsn
= NULL
;
1989 #else /* CONFIG_IBSS_RSN */
1990 if (ssid
->mode
== WPAS_MODE_IBSS
&&
1991 !(ssid
->key_mgmt
& (WPA_KEY_MGMT_NONE
| WPA_KEY_MGMT_WPA_NONE
))) {
1992 wpa_msg(wpa_s
, MSG_INFO
,
1993 "IBSS RSN not supported in the build");
1996 #endif /* CONFIG_IBSS_RSN */
1998 if (ssid
->mode
== WPAS_MODE_AP
|| ssid
->mode
== WPAS_MODE_P2P_GO
||
1999 ssid
->mode
== WPAS_MODE_P2P_GROUP_FORMATION
) {
2001 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_AP
)) {
2002 wpa_msg(wpa_s
, MSG_INFO
, "Driver does not support AP "
2006 if (wpa_supplicant_create_ap(wpa_s
, ssid
) < 0) {
2007 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
2008 if (ssid
->mode
== WPAS_MODE_P2P_GROUP_FORMATION
)
2009 wpas_p2p_ap_setup_failed(wpa_s
);
2012 wpa_s
->current_bss
= bss
;
2013 #else /* CONFIG_AP */
2014 wpa_msg(wpa_s
, MSG_ERROR
, "AP mode support not included in "
2016 #endif /* CONFIG_AP */
2020 if (ssid
->mode
== WPAS_MODE_MESH
) {
2022 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_MESH
)) {
2023 wpa_msg(wpa_s
, MSG_INFO
,
2024 "Driver does not support mesh mode");
2028 ssid
->frequency
= bss
->freq
;
2029 if (wpa_supplicant_join_mesh(wpa_s
, ssid
) < 0) {
2030 wpa_msg(wpa_s
, MSG_ERROR
, "Could not join mesh");
2033 wpa_s
->current_bss
= bss
;
2034 wpa_msg(wpa_s
, MSG_INFO
, MESH_GROUP_STARTED
"ssid=\"%s\" id=%d",
2035 wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
),
2037 wpas_notify_mesh_group_started(wpa_s
, ssid
);
2038 #else /* CONFIG_MESH */
2039 wpa_msg(wpa_s
, MSG_ERROR
,
2040 "mesh mode support not included in the build");
2041 #endif /* CONFIG_MESH */
2046 * Set WPA state machine configuration to match the selected network now
2047 * so that the information is available before wpas_start_assoc_cb()
2048 * gets called. This is needed at least for RSN pre-authentication where
2049 * candidate APs are added to a list based on scan result processing
2050 * before completion of the first association.
2052 wpa_supplicant_rsn_supp_set_config(wpa_s
, ssid
);
2055 if (wpas_dpp_check_connect(wpa_s
, ssid
, bss
) != 0)
2057 #endif /* CONFIG_DPP */
2061 wpa_tdls_ap_ies(wpa_s
->wpa
, (const u8
*) (bss
+ 1),
2063 #endif /* CONFIG_TDLS */
2065 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2066 ssid
->mode
== IEEE80211_MODE_INFRA
) {
2067 sme_authenticate(wpa_s
, bss
, ssid
);
2071 if (wpa_s
->connect_work
) {
2072 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reject wpa_supplicant_associate() call since connect_work exist");
2076 if (radio_work_pending(wpa_s
, "connect")) {
2077 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reject wpa_supplicant_associate() call since pending work exist");
2082 if (ssid
->mode
== WPAS_MODE_IBSS
|| ssid
->mode
== WPAS_MODE_MESH
) {
2083 /* Clear possibly set auth_alg, if any, from last attempt. */
2084 wpa_s
->sme
.auth_alg
= WPA_AUTH_ALG_OPEN
;
2086 #endif /* CONFIG_SME */
2088 wpas_abort_ongoing_scan(wpa_s
);
2090 cwork
= os_zalloc(sizeof(*cwork
));
2097 if (radio_add_work(wpa_s
, bss
? bss
->freq
: 0, "connect", 1,
2098 wpas_start_assoc_cb
, cwork
) < 0) {
2104 static int bss_is_ibss(struct wpa_bss
*bss
)
2106 return (bss
->caps
& (IEEE80211_CAP_ESS
| IEEE80211_CAP_IBSS
)) ==
2111 static int drv_supports_vht(struct wpa_supplicant
*wpa_s
,
2112 const struct wpa_ssid
*ssid
)
2114 enum hostapd_hw_mode hw_mode
;
2115 struct hostapd_hw_modes
*mode
= NULL
;
2119 hw_mode
= ieee80211_freq_to_chan(ssid
->frequency
, &channel
);
2120 if (hw_mode
== NUM_HOSTAPD_MODES
)
2122 for (i
= 0; wpa_s
->hw
.modes
&& i
< wpa_s
->hw
.num_modes
; i
++) {
2123 if (wpa_s
->hw
.modes
[i
].mode
== hw_mode
) {
2124 mode
= &wpa_s
->hw
.modes
[i
];
2132 return mode
->vht_capab
!= 0;
2136 void ibss_mesh_setup_freq(struct wpa_supplicant
*wpa_s
,
2137 const struct wpa_ssid
*ssid
,
2138 struct hostapd_freq_params
*freq
)
2140 enum hostapd_hw_mode hw_mode
;
2141 struct hostapd_hw_modes
*mode
= NULL
;
2142 int ht40plus
[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2144 int vht80
[] = { 36, 52, 100, 116, 132, 149 };
2145 struct hostapd_channel_data
*pri_chan
= NULL
, *sec_chan
= NULL
;
2147 int i
, chan_idx
, ht40
= -1, res
, obss_scan
= 1;
2149 struct hostapd_freq_params vht_freq
;
2150 int chwidth
, seg0
, seg1
;
2153 freq
->freq
= ssid
->frequency
;
2155 for (j
= 0; j
< wpa_s
->last_scan_res_used
; j
++) {
2156 struct wpa_bss
*bss
= wpa_s
->last_scan_res
[j
];
2158 if (ssid
->mode
!= WPAS_MODE_IBSS
)
2161 /* Don't adjust control freq in case of fixed_freq */
2162 if (ssid
->fixed_freq
)
2165 if (!bss_is_ibss(bss
))
2168 if (ssid
->ssid_len
== bss
->ssid_len
&&
2169 os_memcmp(ssid
->ssid
, bss
->ssid
, bss
->ssid_len
) == 0) {
2170 wpa_printf(MSG_DEBUG
,
2171 "IBSS already found in scan results, adjust control freq: %d",
2173 freq
->freq
= bss
->freq
;
2179 /* For IBSS check HT_IBSS flag */
2180 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2181 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_HT_IBSS
))
2184 if (wpa_s
->group_cipher
== WPA_CIPHER_WEP40
||
2185 wpa_s
->group_cipher
== WPA_CIPHER_WEP104
||
2186 wpa_s
->pairwise_cipher
== WPA_CIPHER_TKIP
) {
2187 wpa_printf(MSG_DEBUG
,
2188 "IBSS: WEP/TKIP detected, do not try to enable HT");
2192 hw_mode
= ieee80211_freq_to_chan(freq
->freq
, &channel
);
2193 for (i
= 0; wpa_s
->hw
.modes
&& i
< wpa_s
->hw
.num_modes
; i
++) {
2194 if (wpa_s
->hw
.modes
[i
].mode
== hw_mode
) {
2195 mode
= &wpa_s
->hw
.modes
[i
];
2203 #ifdef CONFIG_HT_OVERRIDES
2204 if (ssid
->disable_ht
) {
2205 freq
->ht_enabled
= 0;
2208 #endif /* CONFIG_HT_OVERRIDES */
2210 freq
->ht_enabled
= ht_supported(mode
);
2211 if (!freq
->ht_enabled
)
2214 /* Setup higher BW only for 5 GHz */
2215 if (mode
->mode
!= HOSTAPD_MODE_IEEE80211A
)
2218 for (chan_idx
= 0; chan_idx
< mode
->num_channels
; chan_idx
++) {
2219 pri_chan
= &mode
->channels
[chan_idx
];
2220 if (pri_chan
->chan
== channel
)
2227 /* Check primary channel flags */
2228 if (pri_chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2231 freq
->channel
= pri_chan
->chan
;
2233 #ifdef CONFIG_HT_OVERRIDES
2234 if (ssid
->disable_ht40
) {
2235 if (ssid
->disable_vht
)
2239 #endif /* CONFIG_HT_OVERRIDES */
2241 /* Check/setup HT40+/HT40- */
2242 for (j
= 0; j
< ARRAY_SIZE(ht40plus
); j
++) {
2243 if (ht40plus
[j
] == channel
) {
2249 /* Find secondary channel */
2250 for (i
= 0; i
< mode
->num_channels
; i
++) {
2251 sec_chan
= &mode
->channels
[i
];
2252 if (sec_chan
->chan
== channel
+ ht40
* 4)
2259 /* Check secondary channel flags */
2260 if (sec_chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2264 if (!(pri_chan
->flag
& HOSTAPD_CHAN_HT40MINUS
))
2267 if (!(pri_chan
->flag
& HOSTAPD_CHAN_HT40PLUS
))
2270 freq
->sec_channel_offset
= ht40
;
2273 struct wpa_scan_results
*scan_res
;
2275 scan_res
= wpa_supplicant_get_scan_results(wpa_s
, NULL
, 0);
2276 if (scan_res
== NULL
) {
2278 freq
->sec_channel_offset
= 0;
2282 res
= check_40mhz_5g(mode
, scan_res
, pri_chan
->chan
,
2287 freq
->sec_channel_offset
= 0;
2290 /* Configuration allowed */
2293 /* Switch pri/sec channels */
2294 freq
->freq
= hw_get_freq(mode
, sec_chan
->chan
);
2295 freq
->sec_channel_offset
= -freq
->sec_channel_offset
;
2296 freq
->channel
= sec_chan
->chan
;
2299 freq
->sec_channel_offset
= 0;
2303 wpa_scan_results_free(scan_res
);
2306 #ifdef CONFIG_HT_OVERRIDES
2308 #endif /* CONFIG_HT_OVERRIDES */
2309 wpa_printf(MSG_DEBUG
,
2310 "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2311 freq
->channel
, freq
->sec_channel_offset
);
2313 if (!drv_supports_vht(wpa_s
, ssid
))
2316 /* For IBSS check VHT_IBSS flag */
2317 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2318 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_VHT_IBSS
))
2323 #ifdef CONFIG_VHT_OVERRIDES
2324 if (ssid
->disable_vht
) {
2325 freq
->vht_enabled
= 0;
2328 #endif /* CONFIG_VHT_OVERRIDES */
2330 vht_freq
.vht_enabled
= vht_supported(mode
);
2331 if (!vht_freq
.vht_enabled
)
2334 /* setup center_freq1, bandwidth */
2335 for (j
= 0; j
< ARRAY_SIZE(vht80
); j
++) {
2336 if (freq
->channel
>= vht80
[j
] &&
2337 freq
->channel
< vht80
[j
] + 16)
2341 if (j
== ARRAY_SIZE(vht80
))
2344 for (i
= vht80
[j
]; i
< vht80
[j
] + 16; i
+= 4) {
2345 struct hostapd_channel_data
*chan
;
2347 chan
= hw_get_channel_chan(mode
, i
, NULL
);
2351 /* Back to HT configuration if channel not usable */
2352 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2356 chwidth
= VHT_CHANWIDTH_80MHZ
;
2357 seg0
= vht80
[j
] + 6;
2360 if (ssid
->max_oper_chwidth
== VHT_CHANWIDTH_80P80MHZ
) {
2361 /* setup center_freq2, bandwidth */
2362 for (k
= 0; k
< ARRAY_SIZE(vht80
); k
++) {
2363 /* Only accept 80 MHz segments separated by a gap */
2364 if (j
== k
|| abs(vht80
[j
] - vht80
[k
]) == 16)
2366 for (i
= vht80
[k
]; i
< vht80
[k
] + 16; i
+= 4) {
2367 struct hostapd_channel_data
*chan
;
2369 chan
= hw_get_channel_chan(mode
, i
, NULL
);
2373 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
|
2374 HOSTAPD_CHAN_NO_IR
|
2375 HOSTAPD_CHAN_RADAR
))
2378 /* Found a suitable second segment for 80+80 */
2379 chwidth
= VHT_CHANWIDTH_80P80MHZ
;
2381 VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ
;
2382 seg1
= vht80
[k
] + 6;
2385 if (chwidth
== VHT_CHANWIDTH_80P80MHZ
)
2388 } else if (ssid
->max_oper_chwidth
== VHT_CHANWIDTH_160MHZ
) {
2389 if (freq
->freq
== 5180) {
2390 chwidth
= VHT_CHANWIDTH_160MHZ
;
2391 vht_caps
|= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
2393 } else if (freq
->freq
== 5520) {
2394 chwidth
= VHT_CHANWIDTH_160MHZ
;
2395 vht_caps
|= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
2398 } else if (ssid
->max_oper_chwidth
== VHT_CHANWIDTH_USE_HT
) {
2399 chwidth
= VHT_CHANWIDTH_USE_HT
;
2400 seg0
= vht80
[j
] + 2;
2401 #ifdef CONFIG_HT_OVERRIDES
2402 if (ssid
->disable_ht40
)
2404 #endif /* CONFIG_HT_OVERRIDES */
2407 if (hostapd_set_freq_params(&vht_freq
, mode
->mode
, freq
->freq
,
2408 freq
->channel
, freq
->ht_enabled
,
2409 vht_freq
.vht_enabled
,
2410 freq
->sec_channel_offset
,
2411 chwidth
, seg0
, seg1
, vht_caps
) != 0)
2416 wpa_printf(MSG_DEBUG
, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2417 freq
->center_freq1
, freq
->center_freq2
, freq
->bandwidth
);
2422 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant
*wpa_s
, u8
*ie_buf
,
2425 struct fils_hlp_req
*req
;
2426 size_t rem_len
, hdr_len
, hlp_len
, len
, ie_len
= 0;
2430 dl_list_for_each(req
, &wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
2432 rem_len
= ie_buf_len
- ie_len
;
2433 pos
= wpabuf_head(req
->pkt
);
2434 hdr_len
= 1 + 2 * ETH_ALEN
+ 6;
2435 hlp_len
= wpabuf_len(req
->pkt
);
2437 if (rem_len
< 2 + hdr_len
+ hlp_len
) {
2438 wpa_printf(MSG_ERROR
,
2439 "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2440 (unsigned long) rem_len
,
2441 (unsigned long) (2 + hdr_len
+ hlp_len
));
2445 len
= (hdr_len
+ hlp_len
) > 255 ? 255 : hdr_len
+ hlp_len
;
2447 *buf
++ = WLAN_EID_EXTENSION
;
2450 /* Element ID Extension */
2451 *buf
++ = WLAN_EID_EXT_FILS_HLP_CONTAINER
;
2452 /* Destination MAC address */
2453 os_memcpy(buf
, req
->dst
, ETH_ALEN
);
2455 /* Source MAC address */
2456 os_memcpy(buf
, wpa_s
->own_addr
, ETH_ALEN
);
2458 /* LLC/SNAP Header */
2459 os_memcpy(buf
, "\xaa\xaa\x03\x00\x00\x00", 6);
2462 os_memcpy(buf
, pos
, len
- hdr_len
);
2463 buf
+= len
- hdr_len
;
2464 pos
+= len
- hdr_len
;
2466 hlp_len
-= len
- hdr_len
;
2471 len
= (hlp_len
> 255) ? 255 : hlp_len
;
2472 if (rem_len
< 2 + len
)
2474 *buf
++ = WLAN_EID_FRAGMENT
;
2476 os_memcpy(buf
, pos
, len
);
2490 int wpa_is_fils_supported(struct wpa_supplicant
*wpa_s
)
2492 return (((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2493 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SUPPORT_FILS
)) ||
2494 (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2495 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD
)));
2499 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant
*wpa_s
)
2501 #ifdef CONFIG_FILS_SK_PFS
2502 return (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2503 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SUPPORT_FILS
);
2504 #else /* CONFIG_FILS_SK_PFS */
2506 #endif /* CONFIG_FILS_SK_PFS */
2509 #endif /* CONFIG_FILS */
2512 static u8
* wpas_populate_assoc_ies(
2513 struct wpa_supplicant
*wpa_s
,
2514 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
,
2515 struct wpa_driver_associate_params
*params
,
2516 enum wpa_drv_update_connect_params_mask
*mask
)
2519 size_t max_wpa_ie_len
= 500;
2521 int algs
= WPA_AUTH_ALG_OPEN
;
2526 int sae_pmksa_cached
= 0;
2527 #endif /* CONFIG_SAE */
2529 const u8
*realm
, *username
, *rrk
;
2530 size_t realm_len
, username_len
, rrk_len
;
2532 struct fils_hlp_req
*req
;
2534 dl_list_for_each(req
, &wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
2536 max_wpa_ie_len
+= 3 + 2 * ETH_ALEN
+ 6 + wpabuf_len(req
->pkt
) +
2537 2 + 2 * wpabuf_len(req
->pkt
) / 255;
2539 #endif /* CONFIG_FILS */
2541 wpa_ie
= os_malloc(max_wpa_ie_len
);
2543 wpa_printf(MSG_ERROR
,
2544 "Failed to allocate connect IE buffer for %lu bytes",
2545 (unsigned long) max_wpa_ie_len
);
2549 if (bss
&& (wpa_bss_get_vendor_ie(bss
, WPA_IE_VENDOR_TYPE
) ||
2550 wpa_bss_get_ie(bss
, WLAN_EID_RSN
)) &&
2551 wpa_key_mgmt_wpa(ssid
->key_mgmt
)) {
2552 int try_opportunistic
;
2553 const u8
*cache_id
= NULL
;
2555 try_opportunistic
= (ssid
->proactive_key_caching
< 0 ?
2557 ssid
->proactive_key_caching
) &&
2558 (ssid
->proto
& WPA_PROTO_RSN
);
2560 if (wpa_key_mgmt_fils(ssid
->key_mgmt
))
2561 cache_id
= wpa_bss_get_fils_cache_id(bss
);
2562 #endif /* CONFIG_FILS */
2563 if (pmksa_cache_set_current(wpa_s
->wpa
, NULL
, bss
->bssid
,
2564 ssid
, try_opportunistic
,
2565 cache_id
, 0) == 0) {
2566 eapol_sm_notify_pmkid_attempt(wpa_s
->eapol
);
2568 sae_pmksa_cached
= 1;
2569 #endif /* CONFIG_SAE */
2571 wpa_ie_len
= max_wpa_ie_len
;
2572 if (wpa_supplicant_set_suites(wpa_s
, bss
, ssid
,
2573 wpa_ie
, &wpa_ie_len
)) {
2574 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2575 "key management and encryption suites");
2580 } else if (bss
&& wpa_bss_get_vendor_ie(bss
, OSEN_IE_VENDOR_TYPE
) &&
2581 (ssid
->key_mgmt
& WPA_KEY_MGMT_OSEN
)) {
2582 /* No PMKSA caching, but otherwise similar to RSN/WPA */
2583 wpa_ie_len
= max_wpa_ie_len
;
2584 if (wpa_supplicant_set_suites(wpa_s
, bss
, ssid
,
2585 wpa_ie
, &wpa_ie_len
)) {
2586 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2587 "key management and encryption suites");
2591 #endif /* CONFIG_HS20 */
2592 } else if ((ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
) && bss
&&
2593 wpa_key_mgmt_wpa_ieee8021x(ssid
->key_mgmt
)) {
2595 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2596 * use non-WPA since the scan results did not indicate that the
2597 * AP is using WPA or WPA2.
2599 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2601 wpa_s
->wpa_proto
= 0;
2602 } else if (wpa_key_mgmt_wpa_any(ssid
->key_mgmt
)) {
2603 wpa_ie_len
= max_wpa_ie_len
;
2604 if (wpa_supplicant_set_suites(wpa_s
, NULL
, ssid
,
2605 wpa_ie
, &wpa_ie_len
)) {
2606 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2607 "key management and encryption suites (no "
2613 } else if (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
) {
2614 struct wpabuf
*wps_ie
;
2615 wps_ie
= wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid
));
2616 if (wps_ie
&& wpabuf_len(wps_ie
) <= max_wpa_ie_len
) {
2617 wpa_ie_len
= wpabuf_len(wps_ie
);
2618 os_memcpy(wpa_ie
, wpabuf_head(wps_ie
), wpa_ie_len
);
2621 wpabuf_free(wps_ie
);
2622 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2623 if (!bss
|| (bss
->caps
& IEEE80211_CAP_PRIVACY
))
2624 params
->wps
= WPS_MODE_PRIVACY
;
2626 params
->wps
= WPS_MODE_OPEN
;
2627 wpa_s
->wpa_proto
= 0;
2628 #endif /* CONFIG_WPS */
2630 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2632 wpa_s
->wpa_proto
= 0;
2635 #ifdef IEEE8021X_EAPOL
2636 if (ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
2638 if (ssid
->non_leap
== 0)
2639 algs
= WPA_AUTH_ALG_LEAP
;
2641 algs
|= WPA_AUTH_ALG_LEAP
;
2646 /* Clear FILS association */
2647 wpa_sm_set_reset_fils_completed(wpa_s
->wpa
, 0);
2649 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD
) &&
2650 ssid
->eap
.erp
&& wpa_key_mgmt_fils(wpa_s
->key_mgmt
) &&
2651 eapol_sm_get_erp_info(wpa_s
->eapol
, &ssid
->eap
, &username
,
2652 &username_len
, &realm
, &realm_len
,
2653 &next_seq_num
, &rrk
, &rrk_len
) == 0 &&
2654 (!wpa_s
->last_con_fail_realm
||
2655 wpa_s
->last_con_fail_realm_len
!= realm_len
||
2656 os_memcmp(wpa_s
->last_con_fail_realm
, realm
, realm_len
) != 0)) {
2657 algs
= WPA_AUTH_ALG_FILS
;
2658 params
->fils_erp_username
= username
;
2659 params
->fils_erp_username_len
= username_len
;
2660 params
->fils_erp_realm
= realm
;
2661 params
->fils_erp_realm_len
= realm_len
;
2662 params
->fils_erp_next_seq_num
= next_seq_num
;
2663 params
->fils_erp_rrk
= rrk
;
2664 params
->fils_erp_rrk_len
= rrk_len
;
2667 *mask
|= WPA_DRV_UPDATE_FILS_ERP_INFO
;
2669 #endif /* CONFIG_FILS */
2670 #endif /* IEEE8021X_EAPOL */
2672 if (wpa_s
->key_mgmt
& (WPA_KEY_MGMT_SAE
| WPA_KEY_MGMT_FT_SAE
))
2673 algs
= WPA_AUTH_ALG_SAE
;
2674 #endif /* CONFIG_SAE */
2676 wpa_dbg(wpa_s
, MSG_DEBUG
, "Automatic auth_alg selection: 0x%x", algs
);
2677 if (ssid
->auth_alg
) {
2678 algs
= ssid
->auth_alg
;
2679 wpa_dbg(wpa_s
, MSG_DEBUG
,
2680 "Overriding auth_alg selection: 0x%x", algs
);
2684 if (sae_pmksa_cached
&& algs
== WPA_AUTH_ALG_SAE
) {
2685 wpa_dbg(wpa_s
, MSG_DEBUG
,
2686 "SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
2687 algs
= WPA_AUTH_ALG_OPEN
;
2689 #endif /* CONFIG_SAE */
2692 if (wpa_s
->global
->p2p
) {
2696 pos
= wpa_ie
+ wpa_ie_len
;
2697 len
= max_wpa_ie_len
- wpa_ie_len
;
2698 res
= wpas_p2p_assoc_req_ie(wpa_s
, bss
, pos
, len
,
2704 wpa_s
->cross_connect_disallowed
= 0;
2707 p2p
= wpa_bss_get_vendor_ie_multi(bss
, P2P_IE_VENDOR_TYPE
);
2709 wpa_s
->cross_connect_disallowed
=
2710 p2p_get_cross_connect_disallowed(p2p
);
2712 wpa_dbg(wpa_s
, MSG_DEBUG
, "P2P: WLAN AP %s cross "
2714 wpa_s
->cross_connect_disallowed
?
2715 "disallows" : "allows");
2719 os_memset(wpa_s
->p2p_ip_addr_info
, 0, sizeof(wpa_s
->p2p_ip_addr_info
));
2720 #endif /* CONFIG_P2P */
2723 wpa_ie_len
+= wpas_supp_op_class_ie(wpa_s
, ssid
, bss
->freq
,
2724 wpa_ie
+ wpa_ie_len
,
2730 * Workaround: Add Extended Capabilities element only if the AP
2731 * included this element in Beacon/Probe Response frames. Some older
2732 * APs seem to have interoperability issues if this element is
2733 * included, so while the standard may require us to include the
2734 * element in all cases, it is justifiable to skip it to avoid
2735 * interoperability issues.
2737 if (ssid
->p2p_group
)
2738 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_P2P_CLIENT
);
2740 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_STATION
);
2742 if (!bss
|| wpa_bss_get_ie(bss
, WLAN_EID_EXT_CAPAB
)) {
2745 ext_capab_len
= wpas_build_ext_capab(wpa_s
, ext_capab
,
2747 if (ext_capab_len
> 0 &&
2748 wpa_ie_len
+ ext_capab_len
<= max_wpa_ie_len
) {
2750 if (wpa_ie_len
> 0 && pos
[0] == WLAN_EID_RSN
)
2752 os_memmove(pos
+ ext_capab_len
, pos
,
2753 wpa_ie_len
- (pos
- wpa_ie
));
2754 wpa_ie_len
+= ext_capab_len
;
2755 os_memcpy(pos
, ext_capab
, ext_capab_len
);
2760 if (is_hs20_network(wpa_s
, ssid
, bss
)) {
2761 struct wpabuf
*hs20
;
2763 hs20
= wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN
);
2765 int pps_mo_id
= hs20_get_pps_mo_id(wpa_s
, ssid
);
2768 wpas_hs20_add_indication(hs20
, pps_mo_id
,
2769 get_hs20_version(bss
));
2770 wpas_hs20_add_roam_cons_sel(hs20
, ssid
);
2771 len
= max_wpa_ie_len
- wpa_ie_len
;
2772 if (wpabuf_len(hs20
) <= len
) {
2773 os_memcpy(wpa_ie
+ wpa_ie_len
,
2774 wpabuf_head(hs20
), wpabuf_len(hs20
));
2775 wpa_ie_len
+= wpabuf_len(hs20
);
2779 hs20_configure_frame_filters(wpa_s
);
2782 #endif /* CONFIG_HS20 */
2784 if (wpa_s
->vendor_elem
[VENDOR_ELEM_ASSOC_REQ
]) {
2785 struct wpabuf
*buf
= wpa_s
->vendor_elem
[VENDOR_ELEM_ASSOC_REQ
];
2788 len
= max_wpa_ie_len
- wpa_ie_len
;
2789 if (wpabuf_len(buf
) <= len
) {
2790 os_memcpy(wpa_ie
+ wpa_ie_len
,
2791 wpabuf_head(buf
), wpabuf_len(buf
));
2792 wpa_ie_len
+= wpabuf_len(buf
);
2797 if (wpa_s
->fst_ies
) {
2798 int fst_ies_len
= wpabuf_len(wpa_s
->fst_ies
);
2800 if (wpa_ie_len
+ fst_ies_len
<= max_wpa_ie_len
) {
2801 os_memcpy(wpa_ie
+ wpa_ie_len
,
2802 wpabuf_head(wpa_s
->fst_ies
), fst_ies_len
);
2803 wpa_ie_len
+= fst_ies_len
;
2806 #endif /* CONFIG_FST */
2809 mbo_ie
= bss
? wpa_bss_get_vendor_ie(bss
, MBO_IE_VENDOR_TYPE
) : NULL
;
2813 len
= wpas_mbo_ie(wpa_s
, wpa_ie
+ wpa_ie_len
,
2814 max_wpa_ie_len
- wpa_ie_len
,
2815 !!mbo_attr_from_mbo_ie(mbo_ie
,
2816 OCE_ATTR_ID_CAPA_IND
));
2820 #endif /* CONFIG_MBO */
2823 if (algs
== WPA_AUTH_ALG_FILS
) {
2826 len
= wpas_add_fils_hlp_req(wpa_s
, wpa_ie
+ wpa_ie_len
,
2827 max_wpa_ie_len
- wpa_ie_len
);
2830 #endif /* CONFIG_FILS */
2833 #ifdef CONFIG_TESTING_OPTIONS
2834 if (get_ie_ext(wpa_ie
, wpa_ie_len
, WLAN_EID_EXT_OWE_DH_PARAM
)) {
2835 wpa_printf(MSG_INFO
, "TESTING: Override OWE DH element");
2837 #endif /* CONFIG_TESTING_OPTIONS */
2838 if (algs
== WPA_AUTH_ALG_OPEN
&&
2839 ssid
->key_mgmt
== WPA_KEY_MGMT_OWE
) {
2840 struct wpabuf
*owe_ie
;
2843 if (ssid
->owe_group
) {
2844 group
= ssid
->owe_group
;
2845 } else if (wpa_s
->assoc_status_code
==
2846 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED
) {
2847 if (wpa_s
->last_owe_group
== 19)
2849 else if (wpa_s
->last_owe_group
== 20)
2852 group
= OWE_DH_GROUP
;
2854 group
= OWE_DH_GROUP
;
2857 wpa_s
->last_owe_group
= group
;
2858 wpa_printf(MSG_DEBUG
, "OWE: Try to use group %u", group
);
2859 owe_ie
= owe_build_assoc_req(wpa_s
->wpa
, group
);
2861 wpabuf_len(owe_ie
) <= max_wpa_ie_len
- wpa_ie_len
) {
2862 os_memcpy(wpa_ie
+ wpa_ie_len
,
2863 wpabuf_head(owe_ie
), wpabuf_len(owe_ie
));
2864 wpa_ie_len
+= wpabuf_len(owe_ie
);
2866 wpabuf_free(owe_ie
);
2868 #endif /* CONFIG_OWE */
2871 if (wpa_sm_get_key_mgmt(wpa_s
->wpa
) == WPA_KEY_MGMT_DPP
&&
2872 ssid
->dpp_netaccesskey
) {
2873 dpp_pfs_free(wpa_s
->dpp_pfs
);
2874 wpa_s
->dpp_pfs
= dpp_pfs_init(ssid
->dpp_netaccesskey
,
2875 ssid
->dpp_netaccesskey_len
);
2876 if (!wpa_s
->dpp_pfs
) {
2877 wpa_printf(MSG_DEBUG
, "DPP: Could not initialize PFS");
2878 /* Try to continue without PFS */
2881 if (wpabuf_len(wpa_s
->dpp_pfs
->ie
) <=
2882 max_wpa_ie_len
- wpa_ie_len
) {
2883 os_memcpy(wpa_ie
+ wpa_ie_len
,
2884 wpabuf_head(wpa_s
->dpp_pfs
->ie
),
2885 wpabuf_len(wpa_s
->dpp_pfs
->ie
));
2886 wpa_ie_len
+= wpabuf_len(wpa_s
->dpp_pfs
->ie
);
2890 #endif /* CONFIG_DPP2 */
2892 #ifdef CONFIG_IEEE80211R
2894 * Add MDIE under these conditions: the network profile allows FT,
2895 * the AP supports FT, and the mobility domain ID matches.
2897 if (bss
&& wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s
->wpa
))) {
2898 const u8
*mdie
= wpa_bss_get_ie(bss
, WLAN_EID_MOBILITY_DOMAIN
);
2900 if (mdie
&& mdie
[1] >= MOBILITY_DOMAIN_ID_LEN
) {
2902 const u8
*md
= mdie
+ 2;
2903 const u8
*wpa_md
= wpa_sm_get_ft_md(wpa_s
->wpa
);
2905 if (os_memcmp(md
, wpa_md
,
2906 MOBILITY_DOMAIN_ID_LEN
) == 0) {
2907 /* Add mobility domain IE */
2908 len
= wpa_ft_add_mdie(
2909 wpa_s
->wpa
, wpa_ie
+ wpa_ie_len
,
2910 max_wpa_ie_len
- wpa_ie_len
, mdie
);
2914 if (len
> 0 && wpa_s
->sme
.ft_used
&&
2915 wpa_sm_has_ptk(wpa_s
->wpa
)) {
2916 wpa_dbg(wpa_s
, MSG_DEBUG
,
2917 "SME: Trying to use FT over-the-air");
2918 algs
|= WPA_AUTH_ALG_FT
;
2920 #endif /* CONFIG_SME */
2923 #endif /* CONFIG_IEEE80211R */
2925 if (ssid
->multi_ap_backhaul_sta
) {
2926 size_t multi_ap_ie_len
;
2928 multi_ap_ie_len
= add_multi_ap_ie(wpa_ie
+ wpa_ie_len
,
2929 max_wpa_ie_len
- wpa_ie_len
,
2930 MULTI_AP_BACKHAUL_STA
);
2931 if (multi_ap_ie_len
== 0) {
2932 wpa_printf(MSG_ERROR
,
2933 "Multi-AP: Failed to build Multi-AP IE");
2937 wpa_ie_len
+= multi_ap_ie_len
;
2940 params
->wpa_ie
= wpa_ie
;
2941 params
->wpa_ie_len
= wpa_ie_len
;
2942 params
->auth_alg
= algs
;
2944 *mask
|= WPA_DRV_UPDATE_ASSOC_IES
| WPA_DRV_UPDATE_AUTH_TYPE
;
2950 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
2951 static void wpas_update_fils_connect_params(struct wpa_supplicant
*wpa_s
)
2953 struct wpa_driver_associate_params params
;
2954 enum wpa_drv_update_connect_params_mask mask
= 0;
2957 if (wpa_s
->auth_alg
!= WPA_AUTH_ALG_OPEN
)
2958 return; /* nothing to do */
2960 os_memset(¶ms
, 0, sizeof(params
));
2961 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
2962 wpa_s
->current_ssid
, ¶ms
, &mask
);
2966 if (params
.auth_alg
!= WPA_AUTH_ALG_FILS
) {
2971 wpa_s
->auth_alg
= params
.auth_alg
;
2972 wpa_drv_update_connect_params(wpa_s
, ¶ms
, mask
);
2975 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
2979 void wpas_update_mbo_connect_params(struct wpa_supplicant
*wpa_s
)
2981 struct wpa_driver_associate_params params
;
2985 * Update MBO connect params only in case of change of MBO attributes
2986 * when connected, if the AP support MBO.
2989 if (wpa_s
->wpa_state
!= WPA_COMPLETED
|| !wpa_s
->current_ssid
||
2990 !wpa_s
->current_bss
||
2991 !wpa_bss_get_vendor_ie(wpa_s
->current_bss
, MBO_IE_VENDOR_TYPE
))
2994 os_memset(¶ms
, 0, sizeof(params
));
2995 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
2996 wpa_s
->current_ssid
, ¶ms
, NULL
);
3000 wpa_drv_update_connect_params(wpa_s
, ¶ms
, WPA_DRV_UPDATE_ASSOC_IES
);
3003 #endif /* CONFIG_MBO */
3006 static void wpas_start_assoc_cb(struct wpa_radio_work
*work
, int deinit
)
3008 struct wpa_connect_work
*cwork
= work
->ctx
;
3009 struct wpa_bss
*bss
= cwork
->bss
;
3010 struct wpa_ssid
*ssid
= cwork
->ssid
;
3011 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
3013 int use_crypt
, ret
, i
, bssid_changed
;
3014 unsigned int cipher_pairwise
, cipher_group
, cipher_group_mgmt
;
3015 struct wpa_driver_associate_params params
;
3016 int wep_keys_set
= 0;
3017 int assoc_failed
= 0;
3018 struct wpa_ssid
*old_ssid
;
3019 u8 prev_bssid
[ETH_ALEN
];
3020 #ifdef CONFIG_HT_OVERRIDES
3021 struct ieee80211_ht_capabilities htcaps
;
3022 struct ieee80211_ht_capabilities htcaps_mask
;
3023 #endif /* CONFIG_HT_OVERRIDES */
3024 #ifdef CONFIG_VHT_OVERRIDES
3025 struct ieee80211_vht_capabilities vhtcaps
;
3026 struct ieee80211_vht_capabilities vhtcaps_mask
;
3027 #endif /* CONFIG_VHT_OVERRIDES */
3030 if (work
->started
) {
3031 wpa_s
->connect_work
= NULL
;
3033 /* cancel possible auth. timeout */
3034 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
,
3037 wpas_connect_work_free(cwork
);
3041 wpa_s
->connect_work
= work
;
3043 if (cwork
->bss_removed
|| !wpas_valid_bss_ssid(wpa_s
, bss
, ssid
) ||
3044 wpas_network_disabled(wpa_s
, ssid
)) {
3045 wpa_dbg(wpa_s
, MSG_DEBUG
, "BSS/SSID entry for association not valid anymore - drop connection attempt");
3046 wpas_connect_work_done(wpa_s
);
3050 os_memcpy(prev_bssid
, wpa_s
->bssid
, ETH_ALEN
);
3051 os_memset(¶ms
, 0, sizeof(params
));
3052 wpa_s
->reassociate
= 0;
3053 wpa_s
->eap_expected_failure
= 0;
3055 (!wpas_driver_bss_selection(wpa_s
) || wpas_wps_searching(wpa_s
))) {
3056 #ifdef CONFIG_IEEE80211R
3057 const u8
*ie
, *md
= NULL
;
3058 #endif /* CONFIG_IEEE80211R */
3059 wpa_msg(wpa_s
, MSG_INFO
, "Trying to associate with " MACSTR
3060 " (SSID='%s' freq=%d MHz)", MAC2STR(bss
->bssid
),
3061 wpa_ssid_txt(bss
->ssid
, bss
->ssid_len
), bss
->freq
);
3062 bssid_changed
= !is_zero_ether_addr(wpa_s
->bssid
);
3063 os_memset(wpa_s
->bssid
, 0, ETH_ALEN
);
3064 os_memcpy(wpa_s
->pending_bssid
, bss
->bssid
, ETH_ALEN
);
3066 wpas_notify_bssid_changed(wpa_s
);
3067 #ifdef CONFIG_IEEE80211R
3068 ie
= wpa_bss_get_ie(bss
, WLAN_EID_MOBILITY_DOMAIN
);
3069 if (ie
&& ie
[1] >= MOBILITY_DOMAIN_ID_LEN
)
3071 wpa_sm_set_ft_params(wpa_s
->wpa
, ie
, ie
? 2 + ie
[1] : 0);
3073 /* Prepare for the next transition */
3074 wpa_ft_prepare_auth_request(wpa_s
->wpa
, ie
);
3076 #endif /* CONFIG_IEEE80211R */
3078 } else if ((ssid
->ssid
== NULL
|| ssid
->ssid_len
== 0) &&
3079 wpa_s
->conf
->ap_scan
== 2 &&
3080 (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
)) {
3081 /* Use ap_scan==1 style network selection to find the network
3083 wpas_connect_work_done(wpa_s
);
3084 wpa_s
->scan_req
= MANUAL_SCAN_REQ
;
3085 wpa_s
->reassociate
= 1;
3086 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3088 #endif /* CONFIG_WPS */
3090 wpa_msg(wpa_s
, MSG_INFO
, "Trying to associate with SSID '%s'",
3091 wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
));
3093 os_memcpy(wpa_s
->pending_bssid
, bss
->bssid
, ETH_ALEN
);
3095 os_memset(wpa_s
->pending_bssid
, 0, ETH_ALEN
);
3098 wpa_supplicant_cancel_sched_scan(wpa_s
);
3100 wpa_supplicant_cancel_scan(wpa_s
);
3102 /* Starting new association, so clear the possibly used WPA IE from the
3103 * previous association. */
3104 wpa_sm_set_assoc_wpa_ie(wpa_s
->wpa
, NULL
, 0);
3106 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, bss
, ssid
, ¶ms
, NULL
);
3108 wpas_connect_work_done(wpa_s
);
3112 wpa_clear_keys(wpa_s
, bss
? bss
->bssid
: NULL
);
3114 cipher_pairwise
= wpa_s
->pairwise_cipher
;
3115 cipher_group
= wpa_s
->group_cipher
;
3116 cipher_group_mgmt
= wpa_s
->mgmt_group_cipher
;
3117 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
||
3118 wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
3119 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
)
3121 if (wpa_set_wep_keys(wpa_s
, ssid
)) {
3126 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
)
3129 #ifdef IEEE8021X_EAPOL
3130 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
3131 if ((ssid
->eapol_flags
&
3132 (EAPOL_FLAG_REQUIRE_KEY_UNICAST
|
3133 EAPOL_FLAG_REQUIRE_KEY_BROADCAST
)) == 0 &&
3137 /* Assume that dynamic WEP-104 keys will be used and
3138 * set cipher suites in order for drivers to expect
3140 cipher_pairwise
= cipher_group
= WPA_CIPHER_WEP104
;
3143 #endif /* IEEE8021X_EAPOL */
3145 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
) {
3146 /* Set the key before (and later after) association */
3147 wpa_supplicant_set_wpa_none_key(wpa_s
, ssid
);
3150 wpa_supplicant_set_state(wpa_s
, WPA_ASSOCIATING
);
3152 params
.ssid
= bss
->ssid
;
3153 params
.ssid_len
= bss
->ssid_len
;
3154 if (!wpas_driver_bss_selection(wpa_s
) || ssid
->bssid_set
||
3155 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
3156 wpa_printf(MSG_DEBUG
, "Limit connection to BSSID "
3157 MACSTR
" freq=%u MHz based on scan results "
3158 "(bssid_set=%d wps=%d)",
3159 MAC2STR(bss
->bssid
), bss
->freq
,
3161 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
);
3162 params
.bssid
= bss
->bssid
;
3163 params
.freq
.freq
= bss
->freq
;
3165 params
.bssid_hint
= bss
->bssid
;
3166 params
.freq_hint
= bss
->freq
;
3167 params
.pbss
= bss_is_pbss(bss
);
3169 if (ssid
->bssid_hint_set
)
3170 params
.bssid_hint
= ssid
->bssid_hint
;
3172 params
.ssid
= ssid
->ssid
;
3173 params
.ssid_len
= ssid
->ssid_len
;
3174 params
.pbss
= (ssid
->pbss
!= 2) ? ssid
->pbss
: 0;
3177 if (ssid
->mode
== WPAS_MODE_IBSS
&& ssid
->bssid_set
&&
3178 wpa_s
->conf
->ap_scan
== 2) {
3179 params
.bssid
= ssid
->bssid
;
3180 params
.fixed_bssid
= 1;
3183 /* Initial frequency for IBSS/mesh */
3184 if ((ssid
->mode
== WPAS_MODE_IBSS
|| ssid
->mode
== WPAS_MODE_MESH
) &&
3185 ssid
->frequency
> 0 && params
.freq
.freq
== 0)
3186 ibss_mesh_setup_freq(wpa_s
, ssid
, ¶ms
.freq
);
3188 if (ssid
->mode
== WPAS_MODE_IBSS
) {
3189 params
.fixed_freq
= ssid
->fixed_freq
;
3190 if (ssid
->beacon_int
)
3191 params
.beacon_int
= ssid
->beacon_int
;
3193 params
.beacon_int
= wpa_s
->conf
->beacon_int
;
3196 params
.pairwise_suite
= cipher_pairwise
;
3197 params
.group_suite
= cipher_group
;
3198 params
.mgmt_group_suite
= cipher_group_mgmt
;
3199 params
.key_mgmt_suite
= wpa_s
->key_mgmt
;
3200 params
.wpa_proto
= wpa_s
->wpa_proto
;
3201 wpa_s
->auth_alg
= params
.auth_alg
;
3202 params
.mode
= ssid
->mode
;
3203 params
.bg_scan_period
= ssid
->bg_scan_period
;
3204 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
3205 if (ssid
->wep_key_len
[i
])
3206 params
.wep_key
[i
] = ssid
->wep_key
[i
];
3207 params
.wep_key_len
[i
] = ssid
->wep_key_len
[i
];
3209 params
.wep_tx_keyidx
= ssid
->wep_tx_keyidx
;
3211 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
) &&
3212 (params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK
||
3213 params
.key_mgmt_suite
== WPA_KEY_MGMT_FT_PSK
)) {
3214 params
.passphrase
= ssid
->passphrase
;
3216 params
.psk
= ssid
->psk
;
3219 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X
) &&
3220 (params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X
||
3221 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SHA256
||
3222 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B
||
3223 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
))
3224 params
.req_key_mgmt_offload
= 1;
3226 if (wpa_s
->conf
->key_mgmt_offload
) {
3227 if (params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X
||
3228 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SHA256
||
3229 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B
||
3230 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
)
3231 params
.req_key_mgmt_offload
=
3232 ssid
->proactive_key_caching
< 0 ?
3233 wpa_s
->conf
->okc
: ssid
->proactive_key_caching
;
3235 params
.req_key_mgmt_offload
= 1;
3237 if ((params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK
||
3238 params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK_SHA256
||
3239 params
.key_mgmt_suite
== WPA_KEY_MGMT_FT_PSK
) &&
3241 params
.psk
= ssid
->psk
;
3244 params
.drop_unencrypted
= use_crypt
;
3246 #ifdef CONFIG_IEEE80211W
3247 params
.mgmt_frame_protection
= wpas_get_ssid_pmf(wpa_s
, ssid
);
3248 if (params
.mgmt_frame_protection
!= NO_MGMT_FRAME_PROTECTION
&& bss
) {
3249 const u8
*rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
3250 struct wpa_ie_data ie
;
3251 if (rsn
&& wpa_parse_wpa_ie(rsn
, 2 + rsn
[1], &ie
) == 0 &&
3253 (WPA_CAPABILITY_MFPC
| WPA_CAPABILITY_MFPR
)) {
3254 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected AP supports "
3255 "MFP: require MFP");
3256 params
.mgmt_frame_protection
=
3257 MGMT_FRAME_PROTECTION_REQUIRED
;
3259 } else if (!rsn
&& (ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
) &&
3261 params
.mgmt_frame_protection
= NO_MGMT_FRAME_PROTECTION
;
3262 #endif /* CONFIG_OWE */
3265 #endif /* CONFIG_IEEE80211W */
3267 params
.p2p
= ssid
->p2p_group
;
3269 if (wpa_s
->p2pdev
->set_sta_uapsd
)
3270 params
.uapsd
= wpa_s
->p2pdev
->sta_uapsd
;
3274 #ifdef CONFIG_HT_OVERRIDES
3275 os_memset(&htcaps
, 0, sizeof(htcaps
));
3276 os_memset(&htcaps_mask
, 0, sizeof(htcaps_mask
));
3277 params
.htcaps
= (u8
*) &htcaps
;
3278 params
.htcaps_mask
= (u8
*) &htcaps_mask
;
3279 wpa_supplicant_apply_ht_overrides(wpa_s
, ssid
, ¶ms
);
3280 #endif /* CONFIG_HT_OVERRIDES */
3281 #ifdef CONFIG_VHT_OVERRIDES
3282 os_memset(&vhtcaps
, 0, sizeof(vhtcaps
));
3283 os_memset(&vhtcaps_mask
, 0, sizeof(vhtcaps_mask
));
3284 params
.vhtcaps
= &vhtcaps
;
3285 params
.vhtcaps_mask
= &vhtcaps_mask
;
3286 wpa_supplicant_apply_vht_overrides(wpa_s
, ssid
, ¶ms
);
3287 #endif /* CONFIG_VHT_OVERRIDES */
3291 * If multi-channel concurrency is not supported, check for any
3292 * frequency conflict. In case of any frequency conflict, remove the
3293 * least prioritized connection.
3295 if (wpa_s
->num_multichan_concurrent
< 2) {
3297 num
= get_shared_radio_freqs(wpa_s
, &freq
, 1);
3298 if (num
> 0 && freq
> 0 && freq
!= params
.freq
.freq
) {
3299 wpa_printf(MSG_DEBUG
,
3300 "Assoc conflicting freq found (%d != %d)",
3301 freq
, params
.freq
.freq
);
3302 if (wpas_p2p_handle_frequency_conflicts(
3303 wpa_s
, params
.freq
.freq
, ssid
) < 0) {
3304 wpas_connect_work_done(wpa_s
);
3310 #endif /* CONFIG_P2P */
3312 if (wpa_s
->reassoc_same_ess
&& !is_zero_ether_addr(prev_bssid
) &&
3313 wpa_s
->current_ssid
)
3314 params
.prev_bssid
= prev_bssid
;
3316 ret
= wpa_drv_associate(wpa_s
, ¶ms
);
3319 wpa_msg(wpa_s
, MSG_INFO
, "Association request to the driver "
3321 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SANE_ERROR_CODES
) {
3323 * The driver is known to mean what is saying, so we
3324 * can stop right here; the association will not
3327 wpas_connection_failed(wpa_s
, wpa_s
->pending_bssid
);
3328 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
3329 os_memset(wpa_s
->pending_bssid
, 0, ETH_ALEN
);
3332 /* try to continue anyway; new association will be tried again
3337 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
) {
3338 /* Set the key after the association just in case association
3339 * cleared the previously configured key. */
3340 wpa_supplicant_set_wpa_none_key(wpa_s
, ssid
);
3341 /* No need to timeout authentication since there is no key
3343 wpa_supplicant_cancel_auth_timeout(wpa_s
);
3344 wpa_supplicant_set_state(wpa_s
, WPA_COMPLETED
);
3345 #ifdef CONFIG_IBSS_RSN
3346 } else if (ssid
->mode
== WPAS_MODE_IBSS
&&
3347 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_NONE
&&
3348 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPA_NONE
) {
3350 * RSN IBSS authentication is per-STA and we can disable the
3351 * per-BSSID authentication.
3353 wpa_supplicant_cancel_auth_timeout(wpa_s
);
3354 #endif /* CONFIG_IBSS_RSN */
3356 /* Timeout for IEEE 802.11 authentication and association */
3360 /* give IBSS a bit more time */
3361 timeout
= ssid
->mode
== WPAS_MODE_IBSS
? 10 : 5;
3362 } else if (wpa_s
->conf
->ap_scan
== 1) {
3363 /* give IBSS a bit more time */
3364 timeout
= ssid
->mode
== WPAS_MODE_IBSS
? 20 : 10;
3366 wpa_supplicant_req_auth_timeout(wpa_s
, timeout
, 0);
3370 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC
)) {
3371 /* Set static WEP keys again */
3372 wpa_set_wep_keys(wpa_s
, ssid
);
3375 if (wpa_s
->current_ssid
&& wpa_s
->current_ssid
!= ssid
) {
3377 * Do not allow EAP session resumption between different
3378 * network configurations.
3380 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
3382 old_ssid
= wpa_s
->current_ssid
;
3383 wpa_s
->current_ssid
= ssid
;
3385 if (!wpas_driver_bss_selection(wpa_s
) || ssid
->bssid_set
) {
3386 wpa_s
->current_bss
= bss
;
3388 hs20_configure_frame_filters(wpa_s
);
3389 #endif /* CONFIG_HS20 */
3392 wpa_supplicant_rsn_supp_set_config(wpa_s
, wpa_s
->current_ssid
);
3393 wpa_supplicant_initiate_eapol(wpa_s
);
3394 if (old_ssid
!= wpa_s
->current_ssid
)
3395 wpas_notify_network_changed(wpa_s
);
3399 static void wpa_supplicant_clear_connection(struct wpa_supplicant
*wpa_s
,
3402 struct wpa_ssid
*old_ssid
;
3404 wpas_connect_work_done(wpa_s
);
3405 wpa_clear_keys(wpa_s
, addr
);
3406 old_ssid
= wpa_s
->current_ssid
;
3407 wpa_supplicant_mark_disassoc(wpa_s
);
3408 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
3409 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3410 if (old_ssid
!= wpa_s
->current_ssid
)
3411 wpas_notify_network_changed(wpa_s
);
3412 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
3417 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3418 * @wpa_s: Pointer to wpa_supplicant data
3419 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3421 * This function is used to request %wpa_supplicant to deauthenticate from the
3424 void wpa_supplicant_deauthenticate(struct wpa_supplicant
*wpa_s
,
3428 union wpa_event_data event
;
3431 wpa_dbg(wpa_s
, MSG_DEBUG
, "Request to deauthenticate - bssid=" MACSTR
3432 " pending_bssid=" MACSTR
" reason=%d (%s) state=%s",
3433 MAC2STR(wpa_s
->bssid
), MAC2STR(wpa_s
->pending_bssid
),
3434 reason_code
, reason2str(reason_code
),
3435 wpa_supplicant_state_txt(wpa_s
->wpa_state
));
3437 if (!is_zero_ether_addr(wpa_s
->pending_bssid
) &&
3438 (wpa_s
->wpa_state
== WPA_AUTHENTICATING
||
3439 wpa_s
->wpa_state
== WPA_ASSOCIATING
))
3440 addr
= wpa_s
->pending_bssid
;
3441 else if (!is_zero_ether_addr(wpa_s
->bssid
))
3442 addr
= wpa_s
->bssid
;
3443 else if (wpa_s
->wpa_state
== WPA_ASSOCIATING
) {
3445 * When using driver-based BSS selection, we may not know the
3446 * BSSID with which we are currently trying to associate. We
3447 * need to notify the driver of this disconnection even in such
3448 * a case, so use the all zeros address here.
3450 addr
= wpa_s
->bssid
;
3454 if (wpa_s
->enabled_4addr_mode
&& wpa_drv_set_4addr_mode(wpa_s
, 0) == 0)
3455 wpa_s
->enabled_4addr_mode
= 0;
3458 wpa_tdls_teardown_peers(wpa_s
->wpa
);
3459 #endif /* CONFIG_TDLS */
3463 struct mesh_conf
*mconf
;
3465 mconf
= wpa_s
->ifmsh
->mconf
;
3466 wpa_msg(wpa_s
, MSG_INFO
, MESH_GROUP_REMOVED
"%s",
3468 wpas_notify_mesh_group_removed(wpa_s
, mconf
->meshid
,
3469 mconf
->meshid_len
, reason_code
);
3470 wpa_supplicant_leave_mesh(wpa_s
);
3472 #endif /* CONFIG_MESH */
3475 wpa_drv_deauthenticate(wpa_s
, addr
, reason_code
);
3476 os_memset(&event
, 0, sizeof(event
));
3477 event
.deauth_info
.reason_code
= reason_code
;
3478 event
.deauth_info
.locally_generated
= 1;
3479 wpa_supplicant_event(wpa_s
, EVENT_DEAUTH
, &event
);
3484 wpa_supplicant_clear_connection(wpa_s
, addr
);
3487 static void wpa_supplicant_enable_one_network(struct wpa_supplicant
*wpa_s
,
3488 struct wpa_ssid
*ssid
)
3490 if (!ssid
|| !ssid
->disabled
|| ssid
->disabled
== 2)
3494 ssid
->owe_transition_bss_select_count
= 0;
3495 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
3496 wpas_notify_network_enabled_changed(wpa_s
, ssid
);
3499 * Try to reassociate since there is no current configuration and a new
3500 * network was made available.
3502 if (!wpa_s
->current_ssid
&& !wpa_s
->disconnected
)
3503 wpa_s
->reassociate
= 1;
3508 * wpa_supplicant_add_network - Add a new network
3509 * @wpa_s: wpa_supplicant structure for a network interface
3510 * Returns: The new network configuration or %NULL if operation failed
3512 * This function performs the following operations:
3513 * 1. Adds a new network.
3514 * 2. Send network addition notification.
3515 * 3. Marks the network disabled.
3516 * 4. Set network default parameters.
3518 struct wpa_ssid
* wpa_supplicant_add_network(struct wpa_supplicant
*wpa_s
)
3520 struct wpa_ssid
*ssid
;
3522 ssid
= wpa_config_add_network(wpa_s
->conf
);
3525 wpas_notify_network_added(wpa_s
, ssid
);
3527 wpa_config_set_network_defaults(ssid
);
3534 * wpa_supplicant_remove_network - Remove a configured network based on id
3535 * @wpa_s: wpa_supplicant structure for a network interface
3536 * @id: Unique network id to search for
3537 * Returns: 0 on success, or -1 if the network was not found, -2 if the network
3538 * could not be removed
3540 * This function performs the following operations:
3541 * 1. Removes the network.
3542 * 2. Send network removal notification.
3543 * 3. Update internal state machines.
3544 * 4. Stop any running sched scans.
3546 int wpa_supplicant_remove_network(struct wpa_supplicant
*wpa_s
, int id
)
3548 struct wpa_ssid
*ssid
;
3551 ssid
= wpa_config_get_network(wpa_s
->conf
, id
);
3554 wpas_notify_network_removed(wpa_s
, ssid
);
3556 if (wpa_s
->last_ssid
== ssid
)
3557 wpa_s
->last_ssid
= NULL
;
3559 if (ssid
== wpa_s
->current_ssid
|| !wpa_s
->current_ssid
) {
3561 wpa_s
->sme
.prev_bssid_set
= 0;
3562 #endif /* CONFIG_SME */
3564 * Invalidate the EAP session cache if the current or
3565 * previously used network is removed.
3567 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
3570 if (ssid
== wpa_s
->current_ssid
) {
3571 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
3572 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3574 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
3575 wpa_s
->own_disconnect_req
= 1;
3576 wpa_supplicant_deauthenticate(wpa_s
,
3577 WLAN_REASON_DEAUTH_LEAVING
);
3580 was_disabled
= ssid
->disabled
;
3582 if (wpa_config_remove_network(wpa_s
->conf
, id
) < 0)
3585 if (!was_disabled
&& wpa_s
->sched_scanning
) {
3586 wpa_printf(MSG_DEBUG
,
3587 "Stop ongoing sched_scan to remove network from filters");
3588 wpa_supplicant_cancel_sched_scan(wpa_s
);
3589 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3597 * wpa_supplicant_enable_network - Mark a configured network as enabled
3598 * @wpa_s: wpa_supplicant structure for a network interface
3599 * @ssid: wpa_ssid structure for a configured network or %NULL
3601 * Enables the specified network or all networks if no network specified.
3603 void wpa_supplicant_enable_network(struct wpa_supplicant
*wpa_s
,
3604 struct wpa_ssid
*ssid
)
3607 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
3608 wpa_supplicant_enable_one_network(wpa_s
, ssid
);
3610 wpa_supplicant_enable_one_network(wpa_s
, ssid
);
3612 if (wpa_s
->reassociate
&& !wpa_s
->disconnected
&&
3613 (!wpa_s
->current_ssid
||
3614 wpa_s
->wpa_state
== WPA_DISCONNECTED
||
3615 wpa_s
->wpa_state
== WPA_SCANNING
)) {
3616 if (wpa_s
->sched_scanning
) {
3617 wpa_printf(MSG_DEBUG
, "Stop ongoing sched_scan to add "
3618 "new network to scan filters");
3619 wpa_supplicant_cancel_sched_scan(wpa_s
);
3622 if (wpa_supplicant_fast_associate(wpa_s
) != 1) {
3623 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
3624 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3631 * wpa_supplicant_disable_network - Mark a configured network as disabled
3632 * @wpa_s: wpa_supplicant structure for a network interface
3633 * @ssid: wpa_ssid structure for a configured network or %NULL
3635 * Disables the specified network or all networks if no network specified.
3637 void wpa_supplicant_disable_network(struct wpa_supplicant
*wpa_s
,
3638 struct wpa_ssid
*ssid
)
3640 struct wpa_ssid
*other_ssid
;
3644 if (wpa_s
->sched_scanning
)
3645 wpa_supplicant_cancel_sched_scan(wpa_s
);
3647 for (other_ssid
= wpa_s
->conf
->ssid
; other_ssid
;
3648 other_ssid
= other_ssid
->next
) {
3649 was_disabled
= other_ssid
->disabled
;
3650 if (was_disabled
== 2)
3651 continue; /* do not change persistent P2P group
3654 other_ssid
->disabled
= 1;
3656 if (was_disabled
!= other_ssid
->disabled
)
3657 wpas_notify_network_enabled_changed(
3660 if (wpa_s
->current_ssid
) {
3661 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
3662 wpa_s
->own_disconnect_req
= 1;
3663 wpa_supplicant_deauthenticate(
3664 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
3666 } else if (ssid
->disabled
!= 2) {
3667 if (ssid
== wpa_s
->current_ssid
) {
3668 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
3669 wpa_s
->own_disconnect_req
= 1;
3670 wpa_supplicant_deauthenticate(
3671 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
3674 was_disabled
= ssid
->disabled
;
3678 if (was_disabled
!= ssid
->disabled
) {
3679 wpas_notify_network_enabled_changed(wpa_s
, ssid
);
3680 if (wpa_s
->sched_scanning
) {
3681 wpa_printf(MSG_DEBUG
, "Stop ongoing sched_scan "
3682 "to remove network from filters");
3683 wpa_supplicant_cancel_sched_scan(wpa_s
);
3684 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3692 * wpa_supplicant_select_network - Attempt association with a network
3693 * @wpa_s: wpa_supplicant structure for a network interface
3694 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
3696 void wpa_supplicant_select_network(struct wpa_supplicant
*wpa_s
,
3697 struct wpa_ssid
*ssid
)
3700 struct wpa_ssid
*other_ssid
;
3701 int disconnected
= 0;
3703 if (ssid
&& ssid
!= wpa_s
->current_ssid
&& wpa_s
->current_ssid
) {
3704 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
3705 wpa_s
->own_disconnect_req
= 1;
3706 wpa_supplicant_deauthenticate(
3707 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
3712 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
3715 * Mark all other networks disabled or mark all networks enabled if no
3716 * network specified.
3718 for (other_ssid
= wpa_s
->conf
->ssid
; other_ssid
;
3719 other_ssid
= other_ssid
->next
) {
3720 int was_disabled
= other_ssid
->disabled
;
3721 if (was_disabled
== 2)
3722 continue; /* do not change persistent P2P group data */
3724 other_ssid
->disabled
= ssid
? (ssid
->id
!= other_ssid
->id
) : 0;
3725 if (was_disabled
&& !other_ssid
->disabled
)
3726 wpas_clear_temp_disabled(wpa_s
, other_ssid
, 0);
3728 if (was_disabled
!= other_ssid
->disabled
)
3729 wpas_notify_network_enabled_changed(wpa_s
, other_ssid
);
3732 if (ssid
&& ssid
== wpa_s
->current_ssid
&& wpa_s
->current_ssid
&&
3733 wpa_s
->wpa_state
>= WPA_AUTHENTICATING
) {
3734 /* We are already associated with the selected network */
3735 wpa_printf(MSG_DEBUG
, "Already associated with the "
3736 "selected network - do nothing");
3741 wpa_s
->current_ssid
= ssid
;
3742 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3743 wpa_s
->connect_without_scan
=
3744 (ssid
->mode
== WPAS_MODE_MESH
) ? ssid
: NULL
;
3747 * Don't optimize next scan freqs since a new ESS has been
3750 os_free(wpa_s
->next_scan_freqs
);
3751 wpa_s
->next_scan_freqs
= NULL
;
3753 wpa_s
->connect_without_scan
= NULL
;
3756 wpa_s
->disconnected
= 0;
3757 wpa_s
->reassociate
= 1;
3758 wpa_s
->last_owe_group
= 0;
3760 ssid
->owe_transition_bss_select_count
= 0;
3762 if (wpa_s
->connect_without_scan
||
3763 wpa_supplicant_fast_associate(wpa_s
) != 1) {
3764 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
3765 wpas_scan_reset_sched_scan(wpa_s
);
3766 wpa_supplicant_req_scan(wpa_s
, 0, disconnected
? 100000 : 0);
3770 wpas_notify_network_selected(wpa_s
, ssid
);
3775 * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
3776 * @wpa_s: wpa_supplicant structure for a network interface
3777 * @pkcs11_engine_path: PKCS #11 engine path or NULL
3778 * @pkcs11_module_path: PKCS #11 module path or NULL
3779 * Returns: 0 on success; -1 on failure
3781 * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
3782 * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
3783 * module path fails the paths will be reset to the default value (NULL).
3785 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant
*wpa_s
,
3786 const char *pkcs11_engine_path
,
3787 const char *pkcs11_module_path
)
3789 char *pkcs11_engine_path_copy
= NULL
;
3790 char *pkcs11_module_path_copy
= NULL
;
3792 if (pkcs11_engine_path
!= NULL
) {
3793 pkcs11_engine_path_copy
= os_strdup(pkcs11_engine_path
);
3794 if (pkcs11_engine_path_copy
== NULL
)
3797 if (pkcs11_module_path
!= NULL
) {
3798 pkcs11_module_path_copy
= os_strdup(pkcs11_module_path
);
3799 if (pkcs11_module_path_copy
== NULL
) {
3800 os_free(pkcs11_engine_path_copy
);
3805 os_free(wpa_s
->conf
->pkcs11_engine_path
);
3806 os_free(wpa_s
->conf
->pkcs11_module_path
);
3807 wpa_s
->conf
->pkcs11_engine_path
= pkcs11_engine_path_copy
;
3808 wpa_s
->conf
->pkcs11_module_path
= pkcs11_module_path_copy
;
3810 wpa_sm_set_eapol(wpa_s
->wpa
, NULL
);
3811 eapol_sm_deinit(wpa_s
->eapol
);
3812 wpa_s
->eapol
= NULL
;
3813 if (wpa_supplicant_init_eapol(wpa_s
)) {
3814 /* Error -> Reset paths to the default value (NULL) once. */
3815 if (pkcs11_engine_path
!= NULL
&& pkcs11_module_path
!= NULL
)
3816 wpas_set_pkcs11_engine_and_module_path(wpa_s
, NULL
,
3821 wpa_sm_set_eapol(wpa_s
->wpa
, wpa_s
->eapol
);
3828 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
3829 * @wpa_s: wpa_supplicant structure for a network interface
3830 * @ap_scan: AP scan mode
3831 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
3834 int wpa_supplicant_set_ap_scan(struct wpa_supplicant
*wpa_s
, int ap_scan
)
3839 if (ap_scan
< 0 || ap_scan
> 2)
3842 if (ap_scan
== 2 && os_strcmp(wpa_s
->driver
->name
, "nl80211") == 0) {
3843 wpa_printf(MSG_INFO
,
3844 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
3848 if (ap_scan
== 2 && ap_scan
!= wpa_s
->conf
->ap_scan
&&
3849 wpa_s
->wpa_state
>= WPA_ASSOCIATING
&&
3850 wpa_s
->wpa_state
< WPA_COMPLETED
) {
3851 wpa_printf(MSG_ERROR
, "ap_scan = %d (%d) rejected while "
3852 "associating", wpa_s
->conf
->ap_scan
, ap_scan
);
3855 #endif /* ANDROID */
3857 old_ap_scan
= wpa_s
->conf
->ap_scan
;
3858 wpa_s
->conf
->ap_scan
= ap_scan
;
3860 if (old_ap_scan
!= wpa_s
->conf
->ap_scan
)
3861 wpas_notify_ap_scan_changed(wpa_s
);
3868 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
3869 * @wpa_s: wpa_supplicant structure for a network interface
3870 * @expire_age: Expiration age in seconds
3871 * Returns: 0 if succeed or -1 if expire_age has an invalid value
3874 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant
*wpa_s
,
3875 unsigned int bss_expire_age
)
3877 if (bss_expire_age
< 10) {
3878 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid bss expiration age %u",
3882 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting bss expiration age: %d sec",
3884 wpa_s
->conf
->bss_expiration_age
= bss_expire_age
;
3891 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
3892 * @wpa_s: wpa_supplicant structure for a network interface
3893 * @expire_count: number of scans after which an unseen BSS is reclaimed
3894 * Returns: 0 if succeed or -1 if expire_count has an invalid value
3897 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant
*wpa_s
,
3898 unsigned int bss_expire_count
)
3900 if (bss_expire_count
< 1) {
3901 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid bss expiration count %u",
3905 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting bss expiration scan count: %u",
3907 wpa_s
->conf
->bss_expiration_scan_count
= bss_expire_count
;
3914 * wpa_supplicant_set_scan_interval - Set scan interval
3915 * @wpa_s: wpa_supplicant structure for a network interface
3916 * @scan_interval: scan interval in seconds
3917 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
3920 int wpa_supplicant_set_scan_interval(struct wpa_supplicant
*wpa_s
,
3923 if (scan_interval
< 0) {
3924 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid scan interval %d",
3928 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting scan interval: %d sec",
3930 wpa_supplicant_update_scan_int(wpa_s
, scan_interval
);
3937 * wpa_supplicant_set_debug_params - Set global debug params
3938 * @global: wpa_global structure
3939 * @debug_level: debug level
3940 * @debug_timestamp: determines if show timestamp in debug data
3941 * @debug_show_keys: determines if show keys in debug data
3942 * Returns: 0 if succeed or -1 if debug_level has wrong value
3944 int wpa_supplicant_set_debug_params(struct wpa_global
*global
, int debug_level
,
3945 int debug_timestamp
, int debug_show_keys
)
3948 int old_level
, old_timestamp
, old_show_keys
;
3950 /* check for allowed debuglevels */
3951 if (debug_level
!= MSG_EXCESSIVE
&&
3952 debug_level
!= MSG_MSGDUMP
&&
3953 debug_level
!= MSG_DEBUG
&&
3954 debug_level
!= MSG_INFO
&&
3955 debug_level
!= MSG_WARNING
&&
3956 debug_level
!= MSG_ERROR
)
3959 old_level
= wpa_debug_level
;
3960 old_timestamp
= wpa_debug_timestamp
;
3961 old_show_keys
= wpa_debug_show_keys
;
3963 wpa_debug_level
= debug_level
;
3964 wpa_debug_timestamp
= debug_timestamp
? 1 : 0;
3965 wpa_debug_show_keys
= debug_show_keys
? 1 : 0;
3967 if (wpa_debug_level
!= old_level
)
3968 wpas_notify_debug_level_changed(global
);
3969 if (wpa_debug_timestamp
!= old_timestamp
)
3970 wpas_notify_debug_timestamp_changed(global
);
3971 if (wpa_debug_show_keys
!= old_show_keys
)
3972 wpas_notify_debug_show_keys_changed(global
);
3979 static int owe_trans_ssid_match(struct wpa_supplicant
*wpa_s
, const u8
*bssid
,
3980 const u8
*entry_ssid
, size_t entry_ssid_len
)
3982 const u8
*owe
, *pos
, *end
;
3984 struct wpa_bss
*bss
;
3986 /* Check network profile SSID aganst the SSID in the
3987 * OWE Transition Mode element. */
3989 bss
= wpa_bss_get_bssid_latest(wpa_s
, bssid
);
3993 owe
= wpa_bss_get_vendor_ie(bss
, OWE_IE_VENDOR_TYPE
);
3998 end
= owe
+ 2 + owe
[1];
4000 if (end
- pos
< ETH_ALEN
+ 1)
4004 if (end
- pos
< ssid_len
|| ssid_len
> SSID_MAX_LEN
)
4007 return entry_ssid_len
== ssid_len
&&
4008 os_memcmp(pos
, entry_ssid
, ssid_len
) == 0;
4010 #endif /* CONFIG_OWE */
4014 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
4015 * @wpa_s: Pointer to wpa_supplicant data
4016 * Returns: A pointer to the current network structure or %NULL on failure
4018 struct wpa_ssid
* wpa_supplicant_get_ssid(struct wpa_supplicant
*wpa_s
)
4020 struct wpa_ssid
*entry
;
4021 u8 ssid
[SSID_MAX_LEN
];
4027 res
= wpa_drv_get_ssid(wpa_s
, ssid
);
4029 wpa_msg(wpa_s
, MSG_WARNING
, "Could not read SSID from "
4035 if (wpa_drv_get_bssid(wpa_s
, bssid
) < 0) {
4036 wpa_msg(wpa_s
, MSG_WARNING
, "Could not read BSSID from "
4041 wired
= wpa_s
->conf
->ap_scan
== 0 &&
4042 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
);
4044 entry
= wpa_s
->conf
->ssid
;
4046 if (!wpas_network_disabled(wpa_s
, entry
) &&
4047 ((ssid_len
== entry
->ssid_len
&&
4049 os_memcmp(ssid
, entry
->ssid
, ssid_len
) == 0)) ||
4051 (!entry
->bssid_set
||
4052 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4055 if (!wpas_network_disabled(wpa_s
, entry
) &&
4056 (entry
->key_mgmt
& WPA_KEY_MGMT_WPS
) &&
4057 (entry
->ssid
== NULL
|| entry
->ssid_len
== 0) &&
4058 (!entry
->bssid_set
||
4059 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4061 #endif /* CONFIG_WPS */
4064 if (!wpas_network_disabled(wpa_s
, entry
) &&
4065 owe_trans_ssid_match(wpa_s
, bssid
, entry
->ssid
,
4067 (!entry
->bssid_set
||
4068 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4070 #endif /* CONFIG_OWE */
4072 if (!wpas_network_disabled(wpa_s
, entry
) && entry
->bssid_set
&&
4073 entry
->ssid_len
== 0 &&
4074 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0)
4077 entry
= entry
->next
;
4084 static int select_driver(struct wpa_supplicant
*wpa_s
, int i
)
4086 struct wpa_global
*global
= wpa_s
->global
;
4088 if (wpa_drivers
[i
]->global_init
&& global
->drv_priv
[i
] == NULL
) {
4089 global
->drv_priv
[i
] = wpa_drivers
[i
]->global_init(global
);
4090 if (global
->drv_priv
[i
] == NULL
) {
4091 wpa_printf(MSG_ERROR
, "Failed to initialize driver "
4092 "'%s'", wpa_drivers
[i
]->name
);
4097 wpa_s
->driver
= wpa_drivers
[i
];
4098 wpa_s
->global_drv_priv
= global
->drv_priv
[i
];
4104 static int wpa_supplicant_set_driver(struct wpa_supplicant
*wpa_s
,
4109 const char *pos
, *driver
= name
;
4114 if (wpa_drivers
[0] == NULL
) {
4115 wpa_msg(wpa_s
, MSG_ERROR
, "No driver interfaces build into "
4121 /* default to first driver in the list */
4122 return select_driver(wpa_s
, 0);
4126 pos
= os_strchr(driver
, ',');
4130 len
= os_strlen(driver
);
4132 for (i
= 0; wpa_drivers
[i
]; i
++) {
4133 if (os_strlen(wpa_drivers
[i
]->name
) == len
&&
4134 os_strncmp(driver
, wpa_drivers
[i
]->name
, len
) ==
4136 /* First driver that succeeds wins */
4137 if (select_driver(wpa_s
, i
) == 0)
4145 wpa_msg(wpa_s
, MSG_ERROR
, "Unsupported driver '%s'", name
);
4151 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
4152 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
4153 * with struct wpa_driver_ops::init()
4154 * @src_addr: Source address of the EAPOL frame
4155 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
4156 * @len: Length of the EAPOL data
4158 * This function is called for each received EAPOL frame. Most driver
4159 * interfaces rely on more generic OS mechanism for receiving frames through
4160 * l2_packet, but if such a mechanism is not available, the driver wrapper may
4161 * take care of received EAPOL frames and deliver them to the core supplicant
4162 * code by calling this function.
4164 void wpa_supplicant_rx_eapol(void *ctx
, const u8
*src_addr
,
4165 const u8
*buf
, size_t len
)
4167 struct wpa_supplicant
*wpa_s
= ctx
;
4169 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
, MAC2STR(src_addr
));
4170 wpa_hexdump(MSG_MSGDUMP
, "RX EAPOL", buf
, len
);
4172 #ifdef CONFIG_TESTING_OPTIONS
4173 if (wpa_s
->ignore_auth_resp
) {
4174 wpa_printf(MSG_INFO
, "RX EAPOL - ignore_auth_resp active!");
4177 #endif /* CONFIG_TESTING_OPTIONS */
4179 if (wpa_s
->wpa_state
< WPA_ASSOCIATED
||
4180 (wpa_s
->last_eapol_matches_bssid
&&
4183 #endif /* CONFIG_AP */
4184 os_memcmp(src_addr
, wpa_s
->bssid
, ETH_ALEN
) != 0)) {
4186 * There is possible race condition between receiving the
4187 * association event and the EAPOL frame since they are coming
4188 * through different paths from the driver. In order to avoid
4189 * issues in trying to process the EAPOL frame before receiving
4190 * association information, lets queue it for processing until
4191 * the association event is received. This may also be needed in
4192 * driver-based roaming case, so also use src_addr != BSSID as a
4193 * trigger if we have previously confirmed that the
4194 * Authenticator uses BSSID as the src_addr (which is not the
4195 * case with wired IEEE 802.1X).
4197 wpa_dbg(wpa_s
, MSG_DEBUG
, "Not associated - Delay processing "
4198 "of received EAPOL frame (state=%s bssid=" MACSTR
")",
4199 wpa_supplicant_state_txt(wpa_s
->wpa_state
),
4200 MAC2STR(wpa_s
->bssid
));
4201 wpabuf_free(wpa_s
->pending_eapol_rx
);
4202 wpa_s
->pending_eapol_rx
= wpabuf_alloc_copy(buf
, len
);
4203 if (wpa_s
->pending_eapol_rx
) {
4204 os_get_reltime(&wpa_s
->pending_eapol_rx_time
);
4205 os_memcpy(wpa_s
->pending_eapol_rx_src
, src_addr
,
4211 wpa_s
->last_eapol_matches_bssid
=
4212 os_memcmp(src_addr
, wpa_s
->bssid
, ETH_ALEN
) == 0;
4215 if (wpa_s
->ap_iface
) {
4216 wpa_supplicant_ap_rx_eapol(wpa_s
, src_addr
, buf
, len
);
4219 #endif /* CONFIG_AP */
4221 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
) {
4222 wpa_dbg(wpa_s
, MSG_DEBUG
, "Ignored received EAPOL frame since "
4223 "no key management is configured");
4227 if (wpa_s
->eapol_received
== 0 &&
4228 (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
) ||
4229 !wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
4230 wpa_s
->wpa_state
!= WPA_COMPLETED
) &&
4231 (wpa_s
->current_ssid
== NULL
||
4232 wpa_s
->current_ssid
->mode
!= IEEE80211_MODE_IBSS
)) {
4233 /* Timeout for completing IEEE 802.1X and WPA authentication */
4236 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) ||
4237 wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
||
4238 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
4239 /* Use longer timeout for IEEE 802.1X/EAP */
4244 if (wpa_s
->current_ssid
&& wpa_s
->current_bss
&&
4245 (wpa_s
->current_ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
) &&
4246 eap_is_wps_pin_enrollee(&wpa_s
->current_ssid
->eap
)) {
4248 * Use shorter timeout if going through WPS AP iteration
4249 * for PIN config method with an AP that does not
4250 * advertise Selected Registrar.
4252 struct wpabuf
*wps_ie
;
4254 wps_ie
= wpa_bss_get_vendor_ie_multi(
4255 wpa_s
->current_bss
, WPS_IE_VENDOR_TYPE
);
4257 !wps_is_addr_authorized(wps_ie
, wpa_s
->own_addr
, 1))
4259 wpabuf_free(wps_ie
);
4261 #endif /* CONFIG_WPS */
4263 wpa_supplicant_req_auth_timeout(wpa_s
, timeout
, 0);
4265 wpa_s
->eapol_received
++;
4267 if (wpa_s
->countermeasures
) {
4268 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Countermeasures - dropped "
4273 #ifdef CONFIG_IBSS_RSN
4274 if (wpa_s
->current_ssid
&&
4275 wpa_s
->current_ssid
->mode
== WPAS_MODE_IBSS
) {
4276 ibss_rsn_rx_eapol(wpa_s
->ibss_rsn
, src_addr
, buf
, len
);
4279 #endif /* CONFIG_IBSS_RSN */
4281 /* Source address of the incoming EAPOL frame could be compared to the
4282 * current BSSID. However, it is possible that a centralized
4283 * Authenticator could be using another MAC address than the BSSID of
4284 * an AP, so just allow any address to be used for now. The replies are
4285 * still sent to the current BSSID (if available), though. */
4287 os_memcpy(wpa_s
->last_eapol_src
, src_addr
, ETH_ALEN
);
4288 if (!wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) &&
4289 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_OWE
&&
4290 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_DPP
&&
4291 eapol_sm_rx_eapol(wpa_s
->eapol
, src_addr
, buf
, len
) > 0)
4293 wpa_drv_poll(wpa_s
);
4294 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
))
4295 wpa_sm_rx_eapol(wpa_s
->wpa
, src_addr
, buf
, len
);
4296 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
)) {
4298 * Set portValid = TRUE here since we are going to skip 4-way
4299 * handshake processing which would normally set portValid. We
4300 * need this to allow the EAPOL state machines to be completed
4301 * without going through EAPOL-Key handshake.
4303 eapol_sm_notify_portValid(wpa_s
->eapol
, TRUE
);
4308 int wpa_supplicant_update_mac_addr(struct wpa_supplicant
*wpa_s
)
4310 if ((!wpa_s
->p2p_mgmt
||
4311 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
)) &&
4312 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE
)) {
4313 l2_packet_deinit(wpa_s
->l2
);
4314 wpa_s
->l2
= l2_packet_init(wpa_s
->ifname
,
4315 wpa_drv_get_mac_addr(wpa_s
),
4317 wpa_supplicant_rx_eapol
, wpa_s
, 0);
4318 if (wpa_s
->l2
== NULL
)
4321 if (l2_packet_set_packet_filter(wpa_s
->l2
,
4322 L2_PACKET_FILTER_PKTTYPE
))
4323 wpa_dbg(wpa_s
, MSG_DEBUG
,
4324 "Failed to attach pkt_type filter");
4326 const u8
*addr
= wpa_drv_get_mac_addr(wpa_s
);
4328 os_memcpy(wpa_s
->own_addr
, addr
, ETH_ALEN
);
4331 if (wpa_s
->l2
&& l2_packet_get_own_addr(wpa_s
->l2
, wpa_s
->own_addr
)) {
4332 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to get own L2 address");
4336 wpa_sm_set_own_addr(wpa_s
->wpa
, wpa_s
->own_addr
);
4342 static void wpa_supplicant_rx_eapol_bridge(void *ctx
, const u8
*src_addr
,
4343 const u8
*buf
, size_t len
)
4345 struct wpa_supplicant
*wpa_s
= ctx
;
4346 const struct l2_ethhdr
*eth
;
4348 if (len
< sizeof(*eth
))
4350 eth
= (const struct l2_ethhdr
*) buf
;
4352 if (os_memcmp(eth
->h_dest
, wpa_s
->own_addr
, ETH_ALEN
) != 0 &&
4353 !(eth
->h_dest
[0] & 0x01)) {
4354 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
" to " MACSTR
4355 " (bridge - not for this interface - ignore)",
4356 MAC2STR(src_addr
), MAC2STR(eth
->h_dest
));
4360 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
" to " MACSTR
4361 " (bridge)", MAC2STR(src_addr
), MAC2STR(eth
->h_dest
));
4362 wpa_supplicant_rx_eapol(wpa_s
, src_addr
, buf
+ sizeof(*eth
),
4363 len
- sizeof(*eth
));
4368 * wpa_supplicant_driver_init - Initialize driver interface parameters
4369 * @wpa_s: Pointer to wpa_supplicant data
4370 * Returns: 0 on success, -1 on failure
4372 * This function is called to initialize driver interface parameters.
4373 * wpa_drv_init() must have been called before this function to initialize the
4376 int wpa_supplicant_driver_init(struct wpa_supplicant
*wpa_s
)
4378 static int interface_count
= 0;
4380 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0)
4383 wpa_dbg(wpa_s
, MSG_DEBUG
, "Own MAC address: " MACSTR
,
4384 MAC2STR(wpa_s
->own_addr
));
4385 os_memcpy(wpa_s
->perm_addr
, wpa_s
->own_addr
, ETH_ALEN
);
4386 wpa_sm_set_own_addr(wpa_s
->wpa
, wpa_s
->own_addr
);
4388 if (wpa_s
->bridge_ifname
[0]) {
4389 wpa_dbg(wpa_s
, MSG_DEBUG
, "Receiving packets from bridge "
4390 "interface '%s'", wpa_s
->bridge_ifname
);
4391 wpa_s
->l2_br
= l2_packet_init_bridge(
4392 wpa_s
->bridge_ifname
, wpa_s
->ifname
, wpa_s
->own_addr
,
4393 ETH_P_EAPOL
, wpa_supplicant_rx_eapol_bridge
, wpa_s
, 1);
4394 if (wpa_s
->l2_br
== NULL
) {
4395 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to open l2_packet "
4396 "connection for the bridge interface '%s'",
4397 wpa_s
->bridge_ifname
);
4402 if (wpa_s
->conf
->ap_scan
== 2 &&
4403 os_strcmp(wpa_s
->driver
->name
, "nl80211") == 0) {
4404 wpa_printf(MSG_INFO
,
4405 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4408 wpa_clear_keys(wpa_s
, NULL
);
4410 /* Make sure that TKIP countermeasures are not left enabled (could
4411 * happen if wpa_supplicant is killed during countermeasures. */
4412 wpa_drv_set_countermeasures(wpa_s
, 0);
4414 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: flushing PMKID list in the driver");
4415 wpa_drv_flush_pmkid(wpa_s
);
4417 wpa_s
->prev_scan_ssid
= WILDCARD_SSID_SCAN
;
4418 wpa_s
->prev_scan_wildcard
= 0;
4420 if (wpa_supplicant_enabled_networks(wpa_s
)) {
4421 if (wpa_s
->wpa_state
== WPA_INTERFACE_DISABLED
) {
4422 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
4423 interface_count
= 0;
4426 if (!wpa_s
->p2p_mgmt
&&
4427 wpa_supplicant_delayed_sched_scan(wpa_s
,
4428 interface_count
% 3,
4430 wpa_supplicant_req_scan(wpa_s
, interface_count
% 3,
4432 #endif /* ANDROID */
4435 wpa_supplicant_set_state(wpa_s
, WPA_INACTIVE
);
4441 static int wpa_supplicant_daemon(const char *pid_file
)
4443 wpa_printf(MSG_DEBUG
, "Daemonize..");
4444 return os_daemonize(pid_file
);
4448 static struct wpa_supplicant
*
4449 wpa_supplicant_alloc(struct wpa_supplicant
*parent
)
4451 struct wpa_supplicant
*wpa_s
;
4453 wpa_s
= os_zalloc(sizeof(*wpa_s
));
4456 wpa_s
->scan_req
= INITIAL_SCAN_REQ
;
4457 wpa_s
->scan_interval
= 5;
4458 wpa_s
->new_connection
= 1;
4459 wpa_s
->parent
= parent
? parent
: wpa_s
;
4460 wpa_s
->p2pdev
= wpa_s
->parent
;
4461 wpa_s
->sched_scanning
= 0;
4463 dl_list_init(&wpa_s
->bss_tmp_disallowed
);
4464 dl_list_init(&wpa_s
->fils_hlp_req
);
4470 #ifdef CONFIG_HT_OVERRIDES
4472 static int wpa_set_htcap_mcs(struct wpa_supplicant
*wpa_s
,
4473 struct ieee80211_ht_capabilities
*htcaps
,
4474 struct ieee80211_ht_capabilities
*htcaps_mask
,
4477 /* parse ht_mcs into hex array */
4479 const char *tmp
= ht_mcs
;
4482 /* If ht_mcs is null, do not set anything */
4486 /* This is what we are setting in the kernel */
4487 os_memset(&htcaps
->supported_mcs_set
, 0, IEEE80211_HT_MCS_MASK_LEN
);
4489 wpa_msg(wpa_s
, MSG_DEBUG
, "set_htcap, ht_mcs -:%s:-", ht_mcs
);
4491 for (i
= 0; i
< IEEE80211_HT_MCS_MASK_LEN
; i
++) {
4495 v
= strtol(tmp
, &end
, 16);
4498 wpa_msg(wpa_s
, MSG_DEBUG
,
4499 "htcap value[%i]: %ld end: %p tmp: %p",
4504 htcaps
->supported_mcs_set
[i
] = v
;
4507 wpa_msg(wpa_s
, MSG_ERROR
,
4508 "Failed to parse ht-mcs: %s, error: %s\n",
4509 ht_mcs
, strerror(errno
));
4515 * If we were able to parse any values, then set mask for the MCS set.
4518 os_memset(&htcaps_mask
->supported_mcs_set
, 0xff,
4519 IEEE80211_HT_MCS_MASK_LEN
- 1);
4520 /* skip the 3 reserved bits */
4521 htcaps_mask
->supported_mcs_set
[IEEE80211_HT_MCS_MASK_LEN
- 1] =
4529 static int wpa_disable_max_amsdu(struct wpa_supplicant
*wpa_s
,
4530 struct ieee80211_ht_capabilities
*htcaps
,
4531 struct ieee80211_ht_capabilities
*htcaps_mask
,
4539 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_max_amsdu: %d", disabled
);
4541 msk
= host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE
);
4542 htcaps_mask
->ht_capabilities_info
|= msk
;
4544 htcaps
->ht_capabilities_info
&= msk
;
4546 htcaps
->ht_capabilities_info
|= msk
;
4552 static int wpa_set_ampdu_factor(struct wpa_supplicant
*wpa_s
,
4553 struct ieee80211_ht_capabilities
*htcaps
,
4554 struct ieee80211_ht_capabilities
*htcaps_mask
,
4560 wpa_msg(wpa_s
, MSG_DEBUG
, "set_ampdu_factor: %d", factor
);
4562 if (factor
< 0 || factor
> 3) {
4563 wpa_msg(wpa_s
, MSG_ERROR
, "ampdu_factor: %d out of range. "
4564 "Must be 0-3 or -1", factor
);
4568 htcaps_mask
->a_mpdu_params
|= 0x3; /* 2 bits for factor */
4569 htcaps
->a_mpdu_params
&= ~0x3;
4570 htcaps
->a_mpdu_params
|= factor
& 0x3;
4576 static int wpa_set_ampdu_density(struct wpa_supplicant
*wpa_s
,
4577 struct ieee80211_ht_capabilities
*htcaps
,
4578 struct ieee80211_ht_capabilities
*htcaps_mask
,
4584 wpa_msg(wpa_s
, MSG_DEBUG
, "set_ampdu_density: %d", density
);
4586 if (density
< 0 || density
> 7) {
4587 wpa_msg(wpa_s
, MSG_ERROR
,
4588 "ampdu_density: %d out of range. Must be 0-7 or -1.",
4593 htcaps_mask
->a_mpdu_params
|= 0x1C;
4594 htcaps
->a_mpdu_params
&= ~(0x1C);
4595 htcaps
->a_mpdu_params
|= (density
<< 2) & 0x1C;
4601 static int wpa_set_disable_ht40(struct wpa_supplicant
*wpa_s
,
4602 struct ieee80211_ht_capabilities
*htcaps
,
4603 struct ieee80211_ht_capabilities
*htcaps_mask
,
4607 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_ht40: %d", disabled
);
4609 set_disable_ht40(htcaps
, disabled
);
4610 set_disable_ht40(htcaps_mask
, 0);
4616 static int wpa_set_disable_sgi(struct wpa_supplicant
*wpa_s
,
4617 struct ieee80211_ht_capabilities
*htcaps
,
4618 struct ieee80211_ht_capabilities
*htcaps_mask
,
4621 /* Masking these out disables SGI */
4622 le16 msk
= host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ
|
4623 HT_CAP_INFO_SHORT_GI40MHZ
);
4626 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_sgi: %d", disabled
);
4629 htcaps
->ht_capabilities_info
&= ~msk
;
4631 htcaps
->ht_capabilities_info
|= msk
;
4633 htcaps_mask
->ht_capabilities_info
|= msk
;
4639 static int wpa_set_disable_ldpc(struct wpa_supplicant
*wpa_s
,
4640 struct ieee80211_ht_capabilities
*htcaps
,
4641 struct ieee80211_ht_capabilities
*htcaps_mask
,
4644 /* Masking these out disables LDPC */
4645 le16 msk
= host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP
);
4648 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_ldpc: %d", disabled
);
4651 htcaps
->ht_capabilities_info
&= ~msk
;
4653 htcaps
->ht_capabilities_info
|= msk
;
4655 htcaps_mask
->ht_capabilities_info
|= msk
;
4661 static int wpa_set_tx_stbc(struct wpa_supplicant
*wpa_s
,
4662 struct ieee80211_ht_capabilities
*htcaps
,
4663 struct ieee80211_ht_capabilities
*htcaps_mask
,
4666 le16 msk
= host_to_le16(HT_CAP_INFO_TX_STBC
);
4671 wpa_msg(wpa_s
, MSG_DEBUG
, "set_tx_stbc: %d", tx_stbc
);
4673 if (tx_stbc
< 0 || tx_stbc
> 1) {
4674 wpa_msg(wpa_s
, MSG_ERROR
,
4675 "tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc
);
4679 htcaps_mask
->ht_capabilities_info
|= msk
;
4680 htcaps
->ht_capabilities_info
&= ~msk
;
4681 htcaps
->ht_capabilities_info
|= (tx_stbc
<< 7) & msk
;
4687 static int wpa_set_rx_stbc(struct wpa_supplicant
*wpa_s
,
4688 struct ieee80211_ht_capabilities
*htcaps
,
4689 struct ieee80211_ht_capabilities
*htcaps_mask
,
4692 le16 msk
= host_to_le16(HT_CAP_INFO_RX_STBC_MASK
);
4697 wpa_msg(wpa_s
, MSG_DEBUG
, "set_rx_stbc: %d", rx_stbc
);
4699 if (rx_stbc
< 0 || rx_stbc
> 3) {
4700 wpa_msg(wpa_s
, MSG_ERROR
,
4701 "rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc
);
4705 htcaps_mask
->ht_capabilities_info
|= msk
;
4706 htcaps
->ht_capabilities_info
&= ~msk
;
4707 htcaps
->ht_capabilities_info
|= (rx_stbc
<< 8) & msk
;
4713 void wpa_supplicant_apply_ht_overrides(
4714 struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
4715 struct wpa_driver_associate_params
*params
)
4717 struct ieee80211_ht_capabilities
*htcaps
;
4718 struct ieee80211_ht_capabilities
*htcaps_mask
;
4723 params
->disable_ht
= ssid
->disable_ht
;
4724 if (!params
->htcaps
|| !params
->htcaps_mask
)
4727 htcaps
= (struct ieee80211_ht_capabilities
*) params
->htcaps
;
4728 htcaps_mask
= (struct ieee80211_ht_capabilities
*) params
->htcaps_mask
;
4729 wpa_set_htcap_mcs(wpa_s
, htcaps
, htcaps_mask
, ssid
->ht_mcs
);
4730 wpa_disable_max_amsdu(wpa_s
, htcaps
, htcaps_mask
,
4731 ssid
->disable_max_amsdu
);
4732 wpa_set_ampdu_factor(wpa_s
, htcaps
, htcaps_mask
, ssid
->ampdu_factor
);
4733 wpa_set_ampdu_density(wpa_s
, htcaps
, htcaps_mask
, ssid
->ampdu_density
);
4734 wpa_set_disable_ht40(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_ht40
);
4735 wpa_set_disable_sgi(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_sgi
);
4736 wpa_set_disable_ldpc(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_ldpc
);
4737 wpa_set_rx_stbc(wpa_s
, htcaps
, htcaps_mask
, ssid
->rx_stbc
);
4738 wpa_set_tx_stbc(wpa_s
, htcaps
, htcaps_mask
, ssid
->tx_stbc
);
4740 if (ssid
->ht40_intolerant
) {
4741 le16 bit
= host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT
);
4742 htcaps
->ht_capabilities_info
|= bit
;
4743 htcaps_mask
->ht_capabilities_info
|= bit
;
4747 #endif /* CONFIG_HT_OVERRIDES */
4750 #ifdef CONFIG_VHT_OVERRIDES
4751 void wpa_supplicant_apply_vht_overrides(
4752 struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
4753 struct wpa_driver_associate_params
*params
)
4755 struct ieee80211_vht_capabilities
*vhtcaps
;
4756 struct ieee80211_vht_capabilities
*vhtcaps_mask
;
4761 params
->disable_vht
= ssid
->disable_vht
;
4763 vhtcaps
= (void *) params
->vhtcaps
;
4764 vhtcaps_mask
= (void *) params
->vhtcaps_mask
;
4766 if (!vhtcaps
|| !vhtcaps_mask
)
4769 vhtcaps
->vht_capabilities_info
= host_to_le32(ssid
->vht_capa
);
4770 vhtcaps_mask
->vht_capabilities_info
= host_to_le32(ssid
->vht_capa_mask
);
4772 #ifdef CONFIG_HT_OVERRIDES
4773 if (ssid
->disable_sgi
) {
4774 vhtcaps_mask
->vht_capabilities_info
|= (VHT_CAP_SHORT_GI_80
|
4775 VHT_CAP_SHORT_GI_160
);
4776 vhtcaps
->vht_capabilities_info
&= ~(VHT_CAP_SHORT_GI_80
|
4777 VHT_CAP_SHORT_GI_160
);
4778 wpa_msg(wpa_s
, MSG_DEBUG
,
4779 "disable-sgi override specified, vht-caps: 0x%x",
4780 vhtcaps
->vht_capabilities_info
);
4783 /* if max ampdu is <= 3, we have to make the HT cap the same */
4784 if (ssid
->vht_capa_mask
& VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
) {
4787 max_ampdu
= (ssid
->vht_capa
&
4788 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
) >>
4789 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT
;
4791 max_ampdu
= max_ampdu
< 3 ? max_ampdu
: 3;
4792 wpa_set_ampdu_factor(wpa_s
,
4793 (void *) params
->htcaps
,
4794 (void *) params
->htcaps_mask
,
4797 #endif /* CONFIG_HT_OVERRIDES */
4799 #define OVERRIDE_MCS(i) \
4800 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
4801 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
4802 host_to_le16(3 << 2 * (i - 1)); \
4803 vhtcaps->vht_supported_mcs_set.tx_map |= \
4804 host_to_le16(ssid->vht_tx_mcs_nss_ ##i << \
4807 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
4808 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
4809 host_to_le16(3 << 2 * (i - 1)); \
4810 vhtcaps->vht_supported_mcs_set.rx_map |= \
4811 host_to_le16(ssid->vht_rx_mcs_nss_ ##i << \
4824 #endif /* CONFIG_VHT_OVERRIDES */
4827 static int pcsc_reader_init(struct wpa_supplicant
*wpa_s
)
4832 if (!wpa_s
->conf
->pcsc_reader
)
4835 wpa_s
->scard
= scard_init(wpa_s
->conf
->pcsc_reader
);
4839 if (wpa_s
->conf
->pcsc_pin
&&
4840 scard_set_pin(wpa_s
->scard
, wpa_s
->conf
->pcsc_pin
) < 0) {
4841 scard_deinit(wpa_s
->scard
);
4842 wpa_s
->scard
= NULL
;
4843 wpa_msg(wpa_s
, MSG_ERROR
, "PC/SC PIN validation failed");
4847 len
= sizeof(wpa_s
->imsi
) - 1;
4848 if (scard_get_imsi(wpa_s
->scard
, wpa_s
->imsi
, &len
)) {
4849 scard_deinit(wpa_s
->scard
);
4850 wpa_s
->scard
= NULL
;
4851 wpa_msg(wpa_s
, MSG_ERROR
, "Could not read IMSI");
4854 wpa_s
->imsi
[len
] = '\0';
4856 wpa_s
->mnc_len
= scard_get_mnc_len(wpa_s
->scard
);
4858 wpa_printf(MSG_DEBUG
, "SCARD: IMSI %s (MNC length %d)",
4859 wpa_s
->imsi
, wpa_s
->mnc_len
);
4861 wpa_sm_set_scard_ctx(wpa_s
->wpa
, wpa_s
->scard
);
4862 eapol_sm_register_scard_ctx(wpa_s
->eapol
, wpa_s
->scard
);
4863 #endif /* PCSC_FUNCS */
4869 int wpas_init_ext_pw(struct wpa_supplicant
*wpa_s
)
4873 ext_password_deinit(wpa_s
->ext_pw
);
4874 wpa_s
->ext_pw
= NULL
;
4875 eapol_sm_set_ext_pw_ctx(wpa_s
->eapol
, NULL
);
4877 if (!wpa_s
->conf
->ext_password_backend
)
4880 val
= os_strdup(wpa_s
->conf
->ext_password_backend
);
4883 pos
= os_strchr(val
, ':');
4887 wpa_printf(MSG_DEBUG
, "EXT PW: Initialize backend '%s'", val
);
4889 wpa_s
->ext_pw
= ext_password_init(val
, pos
);
4891 if (wpa_s
->ext_pw
== NULL
) {
4892 wpa_printf(MSG_DEBUG
, "EXT PW: Failed to initialize backend");
4895 eapol_sm_set_ext_pw_ctx(wpa_s
->eapol
, wpa_s
->ext_pw
);
4903 static const u8
* wpas_fst_get_bssid_cb(void *ctx
)
4905 struct wpa_supplicant
*wpa_s
= ctx
;
4907 return (is_zero_ether_addr(wpa_s
->bssid
) ||
4908 wpa_s
->wpa_state
!= WPA_COMPLETED
) ? NULL
: wpa_s
->bssid
;
4912 static void wpas_fst_get_channel_info_cb(void *ctx
,
4913 enum hostapd_hw_mode
*hw_mode
,
4916 struct wpa_supplicant
*wpa_s
= ctx
;
4918 if (wpa_s
->current_bss
) {
4919 *hw_mode
= ieee80211_freq_to_chan(wpa_s
->current_bss
->freq
,
4921 } else if (wpa_s
->hw
.num_modes
) {
4922 *hw_mode
= wpa_s
->hw
.modes
[0].mode
;
4930 static int wpas_fst_get_hw_modes(void *ctx
, struct hostapd_hw_modes
**modes
)
4932 struct wpa_supplicant
*wpa_s
= ctx
;
4934 *modes
= wpa_s
->hw
.modes
;
4935 return wpa_s
->hw
.num_modes
;
4939 static void wpas_fst_set_ies_cb(void *ctx
, const struct wpabuf
*fst_ies
)
4941 struct wpa_supplicant
*wpa_s
= ctx
;
4943 wpa_hexdump_buf(MSG_DEBUG
, "FST: Set IEs", fst_ies
);
4944 wpa_s
->fst_ies
= fst_ies
;
4948 static int wpas_fst_send_action_cb(void *ctx
, const u8
*da
, struct wpabuf
*data
)
4950 struct wpa_supplicant
*wpa_s
= ctx
;
4952 if (os_memcmp(wpa_s
->bssid
, da
, ETH_ALEN
) != 0) {
4953 wpa_printf(MSG_INFO
, "FST:%s:bssid=" MACSTR
" != da=" MACSTR
,
4954 __func__
, MAC2STR(wpa_s
->bssid
), MAC2STR(da
));
4957 return wpa_drv_send_action(wpa_s
, wpa_s
->assoc_freq
, 0, wpa_s
->bssid
,
4958 wpa_s
->own_addr
, wpa_s
->bssid
,
4959 wpabuf_head(data
), wpabuf_len(data
),
4964 static const struct wpabuf
* wpas_fst_get_mb_ie_cb(void *ctx
, const u8
*addr
)
4966 struct wpa_supplicant
*wpa_s
= ctx
;
4968 WPA_ASSERT(os_memcmp(wpa_s
->bssid
, addr
, ETH_ALEN
) == 0);
4969 return wpa_s
->received_mb_ies
;
4973 static void wpas_fst_update_mb_ie_cb(void *ctx
, const u8
*addr
,
4974 const u8
*buf
, size_t size
)
4976 struct wpa_supplicant
*wpa_s
= ctx
;
4977 struct mb_ies_info info
;
4979 WPA_ASSERT(os_memcmp(wpa_s
->bssid
, addr
, ETH_ALEN
) == 0);
4981 if (!mb_ies_info_by_ies(&info
, buf
, size
)) {
4982 wpabuf_free(wpa_s
->received_mb_ies
);
4983 wpa_s
->received_mb_ies
= mb_ies_by_info(&info
);
4988 static const u8
* wpas_fst_get_peer_first(void *ctx
,
4989 struct fst_get_peer_ctx
**get_ctx
,
4992 struct wpa_supplicant
*wpa_s
= ctx
;
4995 if (!is_zero_ether_addr(wpa_s
->bssid
))
4996 return (wpa_s
->received_mb_ies
|| !mb_only
) ?
4997 wpa_s
->bssid
: NULL
;
5002 static const u8
* wpas_fst_get_peer_next(void *ctx
,
5003 struct fst_get_peer_ctx
**get_ctx
,
5009 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant
*wpa_s
,
5010 struct fst_wpa_obj
*iface_obj
)
5012 iface_obj
->ctx
= wpa_s
;
5013 iface_obj
->get_bssid
= wpas_fst_get_bssid_cb
;
5014 iface_obj
->get_channel_info
= wpas_fst_get_channel_info_cb
;
5015 iface_obj
->get_hw_modes
= wpas_fst_get_hw_modes
;
5016 iface_obj
->set_ies
= wpas_fst_set_ies_cb
;
5017 iface_obj
->send_action
= wpas_fst_send_action_cb
;
5018 iface_obj
->get_mb_ie
= wpas_fst_get_mb_ie_cb
;
5019 iface_obj
->update_mb_ie
= wpas_fst_update_mb_ie_cb
;
5020 iface_obj
->get_peer_first
= wpas_fst_get_peer_first
;
5021 iface_obj
->get_peer_next
= wpas_fst_get_peer_next
;
5023 #endif /* CONFIG_FST */
5025 static int wpas_set_wowlan_triggers(struct wpa_supplicant
*wpa_s
,
5026 const struct wpa_driver_capa
*capa
)
5028 struct wowlan_triggers
*triggers
;
5031 if (!wpa_s
->conf
->wowlan_triggers
)
5034 triggers
= wpa_get_wowlan_triggers(wpa_s
->conf
->wowlan_triggers
, capa
);
5036 ret
= wpa_drv_wowlan(wpa_s
, triggers
);
5043 enum wpa_radio_work_band
wpas_freq_to_band(int freq
)
5046 return BAND_2_4_GHZ
;
5053 unsigned int wpas_get_bands(struct wpa_supplicant
*wpa_s
, const int *freqs
)
5056 unsigned int band
= 0;
5059 /* freqs are specified for the radio work */
5060 for (i
= 0; freqs
[i
]; i
++)
5061 band
|= wpas_freq_to_band(freqs
[i
]);
5064 * freqs are not specified, implies all
5065 * the supported freqs by HW
5067 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
5068 if (wpa_s
->hw
.modes
[i
].num_channels
!= 0) {
5069 if (wpa_s
->hw
.modes
[i
].mode
==
5070 HOSTAPD_MODE_IEEE80211B
||
5071 wpa_s
->hw
.modes
[i
].mode
==
5072 HOSTAPD_MODE_IEEE80211G
)
5073 band
|= BAND_2_4_GHZ
;
5074 else if (wpa_s
->hw
.modes
[i
].mode
==
5075 HOSTAPD_MODE_IEEE80211A
)
5077 else if (wpa_s
->hw
.modes
[i
].mode
==
5078 HOSTAPD_MODE_IEEE80211AD
)
5079 band
|= BAND_60_GHZ
;
5080 else if (wpa_s
->hw
.modes
[i
].mode
==
5081 HOSTAPD_MODE_IEEE80211ANY
)
5082 band
= BAND_2_4_GHZ
| BAND_5_GHZ
|
5092 static struct wpa_radio
* radio_add_interface(struct wpa_supplicant
*wpa_s
,
5095 struct wpa_supplicant
*iface
= wpa_s
->global
->ifaces
;
5096 struct wpa_radio
*radio
;
5098 while (rn
&& iface
) {
5099 radio
= iface
->radio
;
5100 if (radio
&& os_strcmp(rn
, radio
->name
) == 0) {
5101 wpa_printf(MSG_DEBUG
, "Add interface %s to existing radio %s",
5103 dl_list_add(&radio
->ifaces
, &wpa_s
->radio_list
);
5107 iface
= iface
->next
;
5110 wpa_printf(MSG_DEBUG
, "Add interface %s to a new radio %s",
5111 wpa_s
->ifname
, rn
? rn
: "N/A");
5112 radio
= os_zalloc(sizeof(*radio
));
5117 os_strlcpy(radio
->name
, rn
, sizeof(radio
->name
));
5118 dl_list_init(&radio
->ifaces
);
5119 dl_list_init(&radio
->work
);
5120 dl_list_add(&radio
->ifaces
, &wpa_s
->radio_list
);
5126 static void radio_work_free(struct wpa_radio_work
*work
)
5128 if (work
->wpa_s
->scan_work
== work
) {
5129 /* This should not really happen. */
5130 wpa_dbg(work
->wpa_s
, MSG_INFO
, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
5131 work
->type
, work
, work
->started
);
5132 work
->wpa_s
->scan_work
= NULL
;
5136 if (work
->wpa_s
->p2p_scan_work
== work
) {
5137 /* This should not really happen. */
5138 wpa_dbg(work
->wpa_s
, MSG_INFO
, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
5139 work
->type
, work
, work
->started
);
5140 work
->wpa_s
->p2p_scan_work
= NULL
;
5142 #endif /* CONFIG_P2P */
5144 if (work
->started
) {
5145 work
->wpa_s
->radio
->num_active_works
--;
5146 wpa_dbg(work
->wpa_s
, MSG_DEBUG
,
5147 "radio_work_free('%s'@%p): num_active_works --> %u",
5149 work
->wpa_s
->radio
->num_active_works
);
5152 dl_list_del(&work
->list
);
5157 static int radio_work_is_connect(struct wpa_radio_work
*work
)
5159 return os_strcmp(work
->type
, "sme-connect") == 0 ||
5160 os_strcmp(work
->type
, "connect") == 0;
5164 static int radio_work_is_scan(struct wpa_radio_work
*work
)
5166 return os_strcmp(work
->type
, "scan") == 0 ||
5167 os_strcmp(work
->type
, "p2p-scan") == 0;
5171 static struct wpa_radio_work
* radio_work_get_next_work(struct wpa_radio
*radio
)
5173 struct wpa_radio_work
*active_work
= NULL
;
5174 struct wpa_radio_work
*tmp
;
5176 /* Get the active work to know the type and band. */
5177 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
, list
) {
5185 /* No active work, start one */
5186 radio
->num_active_works
= 0;
5187 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
,
5189 if (os_strcmp(tmp
->type
, "scan") == 0 &&
5190 radio
->external_scan_running
&&
5191 (((struct wpa_driver_scan_params
*)
5192 tmp
->ctx
)->only_new_results
||
5193 tmp
->wpa_s
->clear_driver_scan_cache
))
5200 if (radio_work_is_connect(active_work
)) {
5202 * If the active work is either connect or sme-connect,
5203 * do not parallelize them with other radio works.
5205 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5206 "Do not parallelize radio work with %s",
5211 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
, list
) {
5216 * If connect or sme-connect are enqueued, parallelize only
5217 * those operations ahead of them in the queue.
5219 if (radio_work_is_connect(tmp
))
5222 /* Serialize parallel scan and p2p_scan operations on the same
5223 * interface since the driver_nl80211 mechanism for tracking
5224 * scan cookies does not yet have support for this. */
5225 if (active_work
->wpa_s
== tmp
->wpa_s
&&
5226 radio_work_is_scan(active_work
) &&
5227 radio_work_is_scan(tmp
)) {
5228 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5229 "Do not start work '%s' when another work '%s' is already scheduled",
5230 tmp
->type
, active_work
->type
);
5234 * Check that the radio works are distinct and
5235 * on different bands.
5237 if (os_strcmp(active_work
->type
, tmp
->type
) != 0 &&
5238 (active_work
->bands
!= tmp
->bands
)) {
5240 * If a scan has to be scheduled through nl80211 scan
5241 * interface and if an external scan is already running,
5242 * do not schedule the scan since it is likely to get
5243 * rejected by kernel.
5245 if (os_strcmp(tmp
->type
, "scan") == 0 &&
5246 radio
->external_scan_running
&&
5247 (((struct wpa_driver_scan_params
*)
5248 tmp
->ctx
)->only_new_results
||
5249 tmp
->wpa_s
->clear_driver_scan_cache
))
5252 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5253 "active_work:%s new_work:%s",
5254 active_work
->type
, tmp
->type
);
5259 /* Did not find a radio work to schedule in parallel. */
5264 static void radio_start_next_work(void *eloop_ctx
, void *timeout_ctx
)
5266 struct wpa_radio
*radio
= eloop_ctx
;
5267 struct wpa_radio_work
*work
;
5268 struct os_reltime now
, diff
;
5269 struct wpa_supplicant
*wpa_s
;
5271 work
= dl_list_first(&radio
->work
, struct wpa_radio_work
, list
);
5273 radio
->num_active_works
= 0;
5277 wpa_s
= dl_list_first(&radio
->ifaces
, struct wpa_supplicant
,
5281 wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
)) {
5283 return; /* already started and still in progress */
5285 if (wpa_s
&& wpa_s
->radio
->external_scan_running
) {
5286 wpa_printf(MSG_DEBUG
, "Delay radio work start until externally triggered scan completes");
5291 if (radio
->num_active_works
< MAX_ACTIVE_WORKS
) {
5292 /* get the work to schedule next */
5293 work
= radio_work_get_next_work(radio
);
5299 wpa_s
= work
->wpa_s
;
5300 os_get_reltime(&now
);
5301 os_reltime_sub(&now
, &work
->time
, &diff
);
5302 wpa_dbg(wpa_s
, MSG_DEBUG
,
5303 "Starting radio work '%s'@%p after %ld.%06ld second wait",
5304 work
->type
, work
, diff
.sec
, diff
.usec
);
5307 radio
->num_active_works
++;
5311 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
) &&
5312 radio
->num_active_works
< MAX_ACTIVE_WORKS
)
5313 radio_work_check_next(wpa_s
);
5318 * This function removes both started and pending radio works running on
5319 * the provided interface's radio.
5320 * Prior to the removal of the radio work, its callback (cb) is called with
5321 * deinit set to be 1. Each work's callback is responsible for clearing its
5322 * internal data and restoring to a correct state.
5323 * @wpa_s: wpa_supplicant data
5324 * @type: type of works to be removed
5325 * @remove_all: 1 to remove all the works on this radio, 0 to remove only
5326 * this interface's works.
5328 void radio_remove_works(struct wpa_supplicant
*wpa_s
,
5329 const char *type
, int remove_all
)
5331 struct wpa_radio_work
*work
, *tmp
;
5332 struct wpa_radio
*radio
= wpa_s
->radio
;
5334 dl_list_for_each_safe(work
, tmp
, &radio
->work
, struct wpa_radio_work
,
5336 if (type
&& os_strcmp(type
, work
->type
) != 0)
5339 /* skip other ifaces' works */
5340 if (!remove_all
&& work
->wpa_s
!= wpa_s
)
5343 wpa_dbg(wpa_s
, MSG_DEBUG
, "Remove radio work '%s'@%p%s",
5344 work
->type
, work
, work
->started
? " (started)" : "");
5346 radio_work_free(work
);
5349 /* in case we removed the started work */
5350 radio_work_check_next(wpa_s
);
5354 void radio_remove_pending_work(struct wpa_supplicant
*wpa_s
, void *ctx
)
5356 struct wpa_radio_work
*work
;
5357 struct wpa_radio
*radio
= wpa_s
->radio
;
5359 dl_list_for_each(work
, &radio
->work
, struct wpa_radio_work
, list
) {
5360 if (work
->ctx
!= ctx
)
5362 wpa_dbg(wpa_s
, MSG_DEBUG
, "Free pending radio work '%s'@%p%s",
5363 work
->type
, work
, work
->started
? " (started)" : "");
5364 radio_work_free(work
);
5370 static void radio_remove_interface(struct wpa_supplicant
*wpa_s
)
5372 struct wpa_radio
*radio
= wpa_s
->radio
;
5377 wpa_printf(MSG_DEBUG
, "Remove interface %s from radio %s",
5378 wpa_s
->ifname
, radio
->name
);
5379 dl_list_del(&wpa_s
->radio_list
);
5380 radio_remove_works(wpa_s
, NULL
, 0);
5381 wpa_s
->radio
= NULL
;
5382 if (!dl_list_empty(&radio
->ifaces
))
5383 return; /* Interfaces remain for this radio */
5385 wpa_printf(MSG_DEBUG
, "Remove radio %s", radio
->name
);
5386 eloop_cancel_timeout(radio_start_next_work
, radio
, NULL
);
5391 void radio_work_check_next(struct wpa_supplicant
*wpa_s
)
5393 struct wpa_radio
*radio
= wpa_s
->radio
;
5395 if (dl_list_empty(&radio
->work
))
5397 if (wpa_s
->ext_work_in_progress
) {
5398 wpa_printf(MSG_DEBUG
,
5399 "External radio work in progress - delay start of pending item");
5402 eloop_cancel_timeout(radio_start_next_work
, radio
, NULL
);
5403 eloop_register_timeout(0, 0, radio_start_next_work
, radio
, NULL
);
5408 * radio_add_work - Add a radio work item
5409 * @wpa_s: Pointer to wpa_supplicant data
5410 * @freq: Frequency of the offchannel operation in MHz or 0
5411 * @type: Unique identifier for each type of work
5412 * @next: Force as the next work to be executed
5413 * @cb: Callback function for indicating when radio is available
5414 * @ctx: Context pointer for the work (work->ctx in cb())
5415 * Returns: 0 on success, -1 on failure
5417 * This function is used to request time for an operation that requires
5418 * exclusive radio control. Once the radio is available, the registered callback
5419 * function will be called. radio_work_done() must be called once the exclusive
5420 * radio operation has been completed, so that the radio is freed for other
5421 * operations. The special case of deinit=1 is used to free the context data
5422 * during interface removal. That does not allow the callback function to start
5423 * the radio operation, i.e., it must free any resources allocated for the radio
5426 * The @freq parameter can be used to indicate a single channel on which the
5427 * offchannel operation will occur. This may allow multiple radio work
5428 * operations to be performed in parallel if they apply for the same channel.
5429 * Setting this to 0 indicates that the work item may use multiple channels or
5430 * requires exclusive control of the radio.
5432 int radio_add_work(struct wpa_supplicant
*wpa_s
, unsigned int freq
,
5433 const char *type
, int next
,
5434 void (*cb
)(struct wpa_radio_work
*work
, int deinit
),
5437 struct wpa_radio
*radio
= wpa_s
->radio
;
5438 struct wpa_radio_work
*work
;
5441 work
= os_zalloc(sizeof(*work
));
5444 wpa_dbg(wpa_s
, MSG_DEBUG
, "Add radio work '%s'@%p", type
, work
);
5445 os_get_reltime(&work
->time
);
5448 work
->wpa_s
= wpa_s
;
5453 work
->bands
= wpas_freq_to_band(freq
);
5454 else if (os_strcmp(type
, "scan") == 0 ||
5455 os_strcmp(type
, "p2p-scan") == 0)
5456 work
->bands
= wpas_get_bands(wpa_s
,
5457 ((struct wpa_driver_scan_params
*)
5460 work
->bands
= wpas_get_bands(wpa_s
, NULL
);
5462 was_empty
= dl_list_empty(&wpa_s
->radio
->work
);
5464 dl_list_add(&wpa_s
->radio
->work
, &work
->list
);
5466 dl_list_add_tail(&wpa_s
->radio
->work
, &work
->list
);
5468 wpa_dbg(wpa_s
, MSG_DEBUG
, "First radio work item in the queue - schedule start immediately");
5469 radio_work_check_next(wpa_s
);
5470 } else if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
)
5471 && radio
->num_active_works
< MAX_ACTIVE_WORKS
) {
5472 wpa_dbg(wpa_s
, MSG_DEBUG
,
5473 "Try to schedule a radio work (num_active_works=%u)",
5474 radio
->num_active_works
);
5475 radio_work_check_next(wpa_s
);
5483 * radio_work_done - Indicate that a radio work item has been completed
5484 * @work: Completed work
5486 * This function is called once the callback function registered with
5487 * radio_add_work() has completed its work.
5489 void radio_work_done(struct wpa_radio_work
*work
)
5491 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
5492 struct os_reltime now
, diff
;
5493 unsigned int started
= work
->started
;
5495 os_get_reltime(&now
);
5496 os_reltime_sub(&now
, &work
->time
, &diff
);
5497 wpa_dbg(wpa_s
, MSG_DEBUG
, "Radio work '%s'@%p %s in %ld.%06ld seconds",
5498 work
->type
, work
, started
? "done" : "canceled",
5499 diff
.sec
, diff
.usec
);
5500 radio_work_free(work
);
5502 radio_work_check_next(wpa_s
);
5506 struct wpa_radio_work
*
5507 radio_work_pending(struct wpa_supplicant
*wpa_s
, const char *type
)
5509 struct wpa_radio_work
*work
;
5510 struct wpa_radio
*radio
= wpa_s
->radio
;
5512 dl_list_for_each(work
, &radio
->work
, struct wpa_radio_work
, list
) {
5513 if (work
->wpa_s
== wpa_s
&& os_strcmp(work
->type
, type
) == 0)
5521 static int wpas_init_driver(struct wpa_supplicant
*wpa_s
,
5522 const struct wpa_interface
*iface
)
5524 const char *ifname
, *driver
, *rn
;
5526 driver
= iface
->driver
;
5528 if (wpa_supplicant_set_driver(wpa_s
, driver
) < 0)
5531 wpa_s
->drv_priv
= wpa_drv_init(wpa_s
, wpa_s
->ifname
);
5532 if (wpa_s
->drv_priv
== NULL
) {
5534 pos
= driver
? os_strchr(driver
, ',') : NULL
;
5536 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize "
5537 "driver interface - try next driver wrapper");
5541 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to initialize driver "
5545 if (wpa_drv_set_param(wpa_s
, wpa_s
->conf
->driver_param
) < 0) {
5546 wpa_msg(wpa_s
, MSG_ERROR
, "Driver interface rejected "
5547 "driver_param '%s'", wpa_s
->conf
->driver_param
);
5551 ifname
= wpa_drv_get_ifname(wpa_s
);
5552 if (ifname
&& os_strcmp(ifname
, wpa_s
->ifname
) != 0) {
5553 wpa_dbg(wpa_s
, MSG_DEBUG
, "Driver interface replaced "
5554 "interface name with '%s'", ifname
);
5555 os_strlcpy(wpa_s
->ifname
, ifname
, sizeof(wpa_s
->ifname
));
5558 rn
= wpa_driver_get_radio_name(wpa_s
);
5559 if (rn
&& rn
[0] == '\0')
5562 wpa_s
->radio
= radio_add_interface(wpa_s
, rn
);
5563 if (wpa_s
->radio
== NULL
)
5570 #ifdef CONFIG_GAS_SERVER
5572 static void wpas_gas_server_tx_status(struct wpa_supplicant
*wpa_s
,
5573 unsigned int freq
, const u8
*dst
,
5574 const u8
*src
, const u8
*bssid
,
5575 const u8
*data
, size_t data_len
,
5576 enum offchannel_send_action_result result
)
5578 wpa_printf(MSG_DEBUG
, "GAS: TX status: freq=%u dst=" MACSTR
5581 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
? "SUCCESS" :
5582 (result
== OFFCHANNEL_SEND_ACTION_NO_ACK
? "no-ACK" :
5584 gas_server_tx_status(wpa_s
->gas_server
, dst
, data
, data_len
,
5585 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
);
5589 static void wpas_gas_server_tx(void *ctx
, int freq
, const u8
*da
,
5590 struct wpabuf
*buf
, unsigned int wait_time
)
5592 struct wpa_supplicant
*wpa_s
= ctx
;
5593 const u8 broadcast
[ETH_ALEN
] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
5595 if (wait_time
> wpa_s
->max_remain_on_chan
)
5596 wait_time
= wpa_s
->max_remain_on_chan
;
5598 offchannel_send_action(wpa_s
, freq
, da
, wpa_s
->own_addr
, broadcast
,
5599 wpabuf_head(buf
), wpabuf_len(buf
),
5600 wait_time
, wpas_gas_server_tx_status
, 0);
5603 #endif /* CONFIG_GAS_SERVER */
5605 static int wpa_supplicant_init_iface(struct wpa_supplicant
*wpa_s
,
5606 const struct wpa_interface
*iface
)
5608 struct wpa_driver_capa capa
;
5612 wpa_printf(MSG_DEBUG
, "Initializing interface '%s' conf '%s' driver "
5613 "'%s' ctrl_interface '%s' bridge '%s'", iface
->ifname
,
5614 iface
->confname
? iface
->confname
: "N/A",
5615 iface
->driver
? iface
->driver
: "default",
5616 iface
->ctrl_interface
? iface
->ctrl_interface
: "N/A",
5617 iface
->bridge_ifname
? iface
->bridge_ifname
: "N/A");
5619 if (iface
->confname
) {
5620 #ifdef CONFIG_BACKEND_FILE
5621 wpa_s
->confname
= os_rel2abs_path(iface
->confname
);
5622 if (wpa_s
->confname
== NULL
) {
5623 wpa_printf(MSG_ERROR
, "Failed to get absolute path "
5624 "for configuration file '%s'.",
5628 wpa_printf(MSG_DEBUG
, "Configuration file '%s' -> '%s'",
5629 iface
->confname
, wpa_s
->confname
);
5630 #else /* CONFIG_BACKEND_FILE */
5631 wpa_s
->confname
= os_strdup(iface
->confname
);
5632 #endif /* CONFIG_BACKEND_FILE */
5633 wpa_s
->conf
= wpa_config_read(wpa_s
->confname
, NULL
);
5634 if (wpa_s
->conf
== NULL
) {
5635 wpa_printf(MSG_ERROR
, "Failed to read or parse "
5636 "configuration '%s'.", wpa_s
->confname
);
5639 wpa_s
->confanother
= os_rel2abs_path(iface
->confanother
);
5640 if (wpa_s
->confanother
&&
5641 !wpa_config_read(wpa_s
->confanother
, wpa_s
->conf
)) {
5642 wpa_printf(MSG_ERROR
,
5643 "Failed to read or parse configuration '%s'.",
5644 wpa_s
->confanother
);
5649 * Override ctrl_interface and driver_param if set on command
5652 if (iface
->ctrl_interface
) {
5653 os_free(wpa_s
->conf
->ctrl_interface
);
5654 wpa_s
->conf
->ctrl_interface
=
5655 os_strdup(iface
->ctrl_interface
);
5658 if (iface
->driver_param
) {
5659 os_free(wpa_s
->conf
->driver_param
);
5660 wpa_s
->conf
->driver_param
=
5661 os_strdup(iface
->driver_param
);
5664 if (iface
->p2p_mgmt
&& !iface
->ctrl_interface
) {
5665 os_free(wpa_s
->conf
->ctrl_interface
);
5666 wpa_s
->conf
->ctrl_interface
= NULL
;
5669 wpa_s
->conf
= wpa_config_alloc_empty(iface
->ctrl_interface
,
5670 iface
->driver_param
);
5672 if (wpa_s
->conf
== NULL
) {
5673 wpa_printf(MSG_ERROR
, "\nNo configuration found.");
5677 if (iface
->ifname
== NULL
) {
5678 wpa_printf(MSG_ERROR
, "\nInterface name is required.");
5681 if (os_strlen(iface
->ifname
) >= sizeof(wpa_s
->ifname
)) {
5682 wpa_printf(MSG_ERROR
, "\nToo long interface name '%s'.",
5686 os_strlcpy(wpa_s
->ifname
, iface
->ifname
, sizeof(wpa_s
->ifname
));
5688 if (iface
->bridge_ifname
) {
5689 if (os_strlen(iface
->bridge_ifname
) >=
5690 sizeof(wpa_s
->bridge_ifname
)) {
5691 wpa_printf(MSG_ERROR
, "\nToo long bridge interface "
5692 "name '%s'.", iface
->bridge_ifname
);
5695 os_strlcpy(wpa_s
->bridge_ifname
, iface
->bridge_ifname
,
5696 sizeof(wpa_s
->bridge_ifname
));
5699 /* RSNA Supplicant Key Management - INITIALIZE */
5700 eapol_sm_notify_portEnabled(wpa_s
->eapol
, FALSE
);
5701 eapol_sm_notify_portValid(wpa_s
->eapol
, FALSE
);
5703 /* Initialize driver interface and register driver event handler before
5704 * L2 receive handler so that association events are processed before
5705 * EAPOL-Key packets if both become available for the same select()
5707 if (wpas_init_driver(wpa_s
, iface
) < 0)
5710 if (wpa_supplicant_init_wpa(wpa_s
) < 0)
5713 wpa_sm_set_ifname(wpa_s
->wpa
, wpa_s
->ifname
,
5714 wpa_s
->bridge_ifname
[0] ? wpa_s
->bridge_ifname
:
5716 wpa_sm_set_fast_reauth(wpa_s
->wpa
, wpa_s
->conf
->fast_reauth
);
5718 if (wpa_s
->conf
->dot11RSNAConfigPMKLifetime
&&
5719 wpa_sm_set_param(wpa_s
->wpa
, RSNA_PMK_LIFETIME
,
5720 wpa_s
->conf
->dot11RSNAConfigPMKLifetime
)) {
5721 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
5722 "dot11RSNAConfigPMKLifetime");
5726 if (wpa_s
->conf
->dot11RSNAConfigPMKReauthThreshold
&&
5727 wpa_sm_set_param(wpa_s
->wpa
, RSNA_PMK_REAUTH_THRESHOLD
,
5728 wpa_s
->conf
->dot11RSNAConfigPMKReauthThreshold
)) {
5729 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
5730 "dot11RSNAConfigPMKReauthThreshold");
5734 if (wpa_s
->conf
->dot11RSNAConfigSATimeout
&&
5735 wpa_sm_set_param(wpa_s
->wpa
, RSNA_SA_TIMEOUT
,
5736 wpa_s
->conf
->dot11RSNAConfigSATimeout
)) {
5737 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
5738 "dot11RSNAConfigSATimeout");
5742 wpa_s
->hw
.modes
= wpa_drv_get_hw_feature_data(wpa_s
,
5743 &wpa_s
->hw
.num_modes
,
5746 if (wpa_s
->hw
.modes
) {
5749 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
5750 if (wpa_s
->hw
.modes
[i
].vht_capab
) {
5751 wpa_s
->hw_capab
= CAPAB_VHT
;
5755 if (wpa_s
->hw
.modes
[i
].ht_capab
&
5756 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET
)
5757 wpa_s
->hw_capab
= CAPAB_HT40
;
5758 else if (wpa_s
->hw
.modes
[i
].ht_capab
&&
5759 wpa_s
->hw_capab
== CAPAB_NO_HT_VHT
)
5760 wpa_s
->hw_capab
= CAPAB_HT
;
5764 capa_res
= wpa_drv_get_capa(wpa_s
, &capa
);
5765 if (capa_res
== 0) {
5766 wpa_s
->drv_capa_known
= 1;
5767 wpa_s
->drv_flags
= capa
.flags
;
5768 wpa_s
->drv_enc
= capa
.enc
;
5769 wpa_s
->drv_smps_modes
= capa
.smps_modes
;
5770 wpa_s
->drv_rrm_flags
= capa
.rrm_flags
;
5771 wpa_s
->probe_resp_offloads
= capa
.probe_resp_offloads
;
5772 wpa_s
->max_scan_ssids
= capa
.max_scan_ssids
;
5773 wpa_s
->max_sched_scan_ssids
= capa
.max_sched_scan_ssids
;
5774 wpa_s
->max_sched_scan_plans
= capa
.max_sched_scan_plans
;
5775 wpa_s
->max_sched_scan_plan_interval
=
5776 capa
.max_sched_scan_plan_interval
;
5777 wpa_s
->max_sched_scan_plan_iterations
=
5778 capa
.max_sched_scan_plan_iterations
;
5779 wpa_s
->sched_scan_supported
= capa
.sched_scan_supported
;
5780 wpa_s
->max_match_sets
= capa
.max_match_sets
;
5781 wpa_s
->max_remain_on_chan
= capa
.max_remain_on_chan
;
5782 wpa_s
->max_stations
= capa
.max_stations
;
5783 wpa_s
->extended_capa
= capa
.extended_capa
;
5784 wpa_s
->extended_capa_mask
= capa
.extended_capa_mask
;
5785 wpa_s
->extended_capa_len
= capa
.extended_capa_len
;
5786 wpa_s
->num_multichan_concurrent
=
5787 capa
.num_multichan_concurrent
;
5788 wpa_s
->wmm_ac_supported
= capa
.wmm_ac_supported
;
5790 if (capa
.mac_addr_rand_scan_supported
)
5791 wpa_s
->mac_addr_rand_supported
|= MAC_ADDR_RAND_SCAN
;
5792 if (wpa_s
->sched_scan_supported
&&
5793 capa
.mac_addr_rand_sched_scan_supported
)
5794 wpa_s
->mac_addr_rand_supported
|=
5795 (MAC_ADDR_RAND_SCHED_SCAN
| MAC_ADDR_RAND_PNO
);
5797 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_STATION
);
5798 if (wpa_s
->extended_capa
&&
5799 wpa_s
->extended_capa_len
>= 3 &&
5800 wpa_s
->extended_capa
[2] & 0x40)
5801 wpa_s
->multi_bss_support
= 1;
5803 if (wpa_s
->max_remain_on_chan
== 0)
5804 wpa_s
->max_remain_on_chan
= 1000;
5807 * Only take p2p_mgmt parameters when P2P Device is supported.
5808 * Doing it here as it determines whether l2_packet_init() will be done
5809 * during wpa_supplicant_driver_init().
5811 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
)
5812 wpa_s
->p2p_mgmt
= iface
->p2p_mgmt
;
5814 if (wpa_s
->num_multichan_concurrent
== 0)
5815 wpa_s
->num_multichan_concurrent
= 1;
5817 if (wpa_supplicant_driver_init(wpa_s
) < 0)
5821 if (!iface
->p2p_mgmt
&& wpa_tdls_init(wpa_s
->wpa
))
5823 #endif /* CONFIG_TDLS */
5825 if (wpa_s
->conf
->country
[0] && wpa_s
->conf
->country
[1] &&
5826 wpa_drv_set_country(wpa_s
, wpa_s
->conf
->country
)) {
5827 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to set country");
5832 if (wpa_s
->conf
->fst_group_id
) {
5833 struct fst_iface_cfg cfg
;
5834 struct fst_wpa_obj iface_obj
;
5836 fst_wpa_supplicant_fill_iface_obj(wpa_s
, &iface_obj
);
5837 os_strlcpy(cfg
.group_id
, wpa_s
->conf
->fst_group_id
,
5838 sizeof(cfg
.group_id
));
5839 cfg
.priority
= wpa_s
->conf
->fst_priority
;
5840 cfg
.llt
= wpa_s
->conf
->fst_llt
;
5842 wpa_s
->fst
= fst_attach(wpa_s
->ifname
, wpa_s
->own_addr
,
5845 wpa_msg(wpa_s
, MSG_ERROR
,
5846 "FST: Cannot attach iface %s to group %s",
5847 wpa_s
->ifname
, cfg
.group_id
);
5851 #endif /* CONFIG_FST */
5853 if (wpas_wps_init(wpa_s
))
5856 #ifdef CONFIG_GAS_SERVER
5857 wpa_s
->gas_server
= gas_server_init(wpa_s
, wpas_gas_server_tx
);
5858 if (!wpa_s
->gas_server
) {
5859 wpa_printf(MSG_ERROR
, "Failed to initialize GAS server");
5862 #endif /* CONFIG_GAS_SERVER */
5865 if (wpas_dpp_init(wpa_s
) < 0)
5867 #endif /* CONFIG_DPP */
5869 if (wpa_supplicant_init_eapol(wpa_s
) < 0)
5871 wpa_sm_set_eapol(wpa_s
->wpa
, wpa_s
->eapol
);
5873 wpa_s
->ctrl_iface
= wpa_supplicant_ctrl_iface_init(wpa_s
);
5874 if (wpa_s
->ctrl_iface
== NULL
) {
5875 wpa_printf(MSG_ERROR
,
5876 "Failed to initialize control interface '%s'.\n"
5877 "You may have another wpa_supplicant process "
5878 "already running or the file was\n"
5879 "left by an unclean termination of wpa_supplicant "
5880 "in which case you will need\n"
5881 "to manually remove this file before starting "
5882 "wpa_supplicant again.\n",
5883 wpa_s
->conf
->ctrl_interface
);
5887 wpa_s
->gas
= gas_query_init(wpa_s
);
5888 if (wpa_s
->gas
== NULL
) {
5889 wpa_printf(MSG_ERROR
, "Failed to initialize GAS query");
5893 if ((!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
) ||
5895 wpas_p2p_init(wpa_s
->global
, wpa_s
) < 0) {
5896 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to init P2P");
5900 if (wpa_bss_init(wpa_s
) < 0)
5903 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
5905 dl_list_init(&wpa_s
->mesh_external_pmksa_cache
);
5906 #endif /* CONFIG_MESH */
5907 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
5910 * Set Wake-on-WLAN triggers, if configured.
5911 * Note: We don't restore/remove the triggers on shutdown (it doesn't
5912 * have effect anyway when the interface is down).
5914 if (capa_res
== 0 && wpas_set_wowlan_triggers(wpa_s
, &capa
) < 0)
5917 #ifdef CONFIG_EAP_PROXY
5920 wpa_s
->mnc_len
= eapol_sm_get_eap_proxy_imsi(wpa_s
->eapol
, -1,
5922 if (wpa_s
->mnc_len
> 0) {
5923 wpa_s
->imsi
[len
] = '\0';
5924 wpa_printf(MSG_DEBUG
, "eap_proxy: IMSI %s (MNC length %d)",
5925 wpa_s
->imsi
, wpa_s
->mnc_len
);
5927 wpa_printf(MSG_DEBUG
, "eap_proxy: IMSI not available");
5930 #endif /* CONFIG_EAP_PROXY */
5932 if (pcsc_reader_init(wpa_s
) < 0)
5935 if (wpas_init_ext_pw(wpa_s
) < 0)
5938 wpas_rrm_reset(wpa_s
);
5940 wpas_sched_scan_plans_set(wpa_s
, wpa_s
->conf
->sched_scan_plans
);
5944 #endif /* CONFIG_HS20 */
5946 if (wpa_s
->conf
->oce
) {
5947 if ((wpa_s
->conf
->oce
& OCE_STA
) &&
5948 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OCE_STA
))
5949 wpa_s
->enable_oce
= OCE_STA
;
5950 if ((wpa_s
->conf
->oce
& OCE_STA_CFON
) &&
5951 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OCE_STA_CFON
)) {
5952 /* TODO: Need to add STA-CFON support */
5953 wpa_printf(MSG_ERROR
,
5954 "OCE STA-CFON feature is not yet supported");
5957 wpas_mbo_update_non_pref_chan(wpa_s
, wpa_s
->conf
->non_pref_chan
);
5958 #endif /* CONFIG_MBO */
5960 wpa_supplicant_set_default_scan_ies(wpa_s
);
5966 static void wpa_supplicant_deinit_iface(struct wpa_supplicant
*wpa_s
,
5967 int notify
, int terminate
)
5969 struct wpa_global
*global
= wpa_s
->global
;
5970 struct wpa_supplicant
*iface
, *prev
;
5972 if (wpa_s
== wpa_s
->parent
)
5973 wpas_p2p_group_remove(wpa_s
, "*");
5975 iface
= global
->ifaces
;
5977 if (iface
->p2pdev
== wpa_s
)
5978 iface
->p2pdev
= iface
->parent
;
5979 if (iface
== wpa_s
|| iface
->parent
!= wpa_s
) {
5980 iface
= iface
->next
;
5983 wpa_printf(MSG_DEBUG
,
5984 "Remove remaining child interface %s from parent %s",
5985 iface
->ifname
, wpa_s
->ifname
);
5987 iface
= iface
->next
;
5988 wpa_supplicant_remove_iface(global
, prev
, terminate
);
5991 wpa_s
->disconnected
= 1;
5992 if (wpa_s
->drv_priv
) {
5993 wpa_supplicant_deauthenticate(wpa_s
,
5994 WLAN_REASON_DEAUTH_LEAVING
);
5996 wpa_drv_set_countermeasures(wpa_s
, 0);
5997 wpa_clear_keys(wpa_s
, NULL
);
6000 wpa_supplicant_cleanup(wpa_s
);
6001 wpas_p2p_deinit_iface(wpa_s
);
6003 wpas_ctrl_radio_work_flush(wpa_s
);
6004 radio_remove_interface(wpa_s
);
6008 fst_detach(wpa_s
->fst
);
6011 if (wpa_s
->received_mb_ies
) {
6012 wpabuf_free(wpa_s
->received_mb_ies
);
6013 wpa_s
->received_mb_ies
= NULL
;
6015 #endif /* CONFIG_FST */
6017 if (wpa_s
->drv_priv
)
6018 wpa_drv_deinit(wpa_s
);
6021 wpas_notify_iface_removed(wpa_s
);
6024 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_TERMINATING
);
6026 if (wpa_s
->ctrl_iface
) {
6027 wpa_supplicant_ctrl_iface_deinit(wpa_s
->ctrl_iface
);
6028 wpa_s
->ctrl_iface
= NULL
;
6033 wpa_supplicant_mesh_iface_deinit(wpa_s
, wpa_s
->ifmsh
);
6034 wpa_s
->ifmsh
= NULL
;
6036 #endif /* CONFIG_MESH */
6038 if (wpa_s
->conf
!= NULL
) {
6039 wpa_config_free(wpa_s
->conf
);
6043 os_free(wpa_s
->ssids_from_scan_req
);
6049 #ifdef CONFIG_MATCH_IFACE
6052 * wpa_supplicant_match_iface - Match an interface description to a name
6053 * @global: Pointer to global data from wpa_supplicant_init()
6054 * @ifname: Name of the interface to match
6055 * Returns: Pointer to the created interface description or %NULL on failure
6057 struct wpa_interface
* wpa_supplicant_match_iface(struct wpa_global
*global
,
6061 struct wpa_interface
*iface
, *miface
;
6063 for (i
= 0; i
< global
->params
.match_iface_count
; i
++) {
6064 miface
= &global
->params
.match_ifaces
[i
];
6065 if (!miface
->ifname
||
6066 fnmatch(miface
->ifname
, ifname
, 0) == 0) {
6067 iface
= os_zalloc(sizeof(*iface
));
6071 iface
->ifname
= ifname
;
6081 * wpa_supplicant_match_existing - Match existing interfaces
6082 * @global: Pointer to global data from wpa_supplicant_init()
6083 * Returns: 0 on success, -1 on failure
6085 static int wpa_supplicant_match_existing(struct wpa_global
*global
)
6087 struct if_nameindex
*ifi
, *ifp
;
6088 struct wpa_supplicant
*wpa_s
;
6089 struct wpa_interface
*iface
;
6091 ifp
= if_nameindex();
6093 wpa_printf(MSG_ERROR
, "if_nameindex: %s", strerror(errno
));
6097 for (ifi
= ifp
; ifi
->if_name
; ifi
++) {
6098 wpa_s
= wpa_supplicant_get_iface(global
, ifi
->if_name
);
6101 iface
= wpa_supplicant_match_iface(global
, ifi
->if_name
);
6103 wpa_s
= wpa_supplicant_add_iface(global
, iface
, NULL
);
6110 if_freenameindex(ifp
);
6114 #endif /* CONFIG_MATCH_IFACE */
6118 * wpa_supplicant_add_iface - Add a new network interface
6119 * @global: Pointer to global data from wpa_supplicant_init()
6120 * @iface: Interface configuration options
6121 * @parent: Parent interface or %NULL to assign new interface as parent
6122 * Returns: Pointer to the created interface or %NULL on failure
6124 * This function is used to add new network interfaces for %wpa_supplicant.
6125 * This can be called before wpa_supplicant_run() to add interfaces before the
6126 * main event loop has been started. In addition, new interfaces can be added
6127 * dynamically while %wpa_supplicant is already running. This could happen,
6128 * e.g., when a hotplug network adapter is inserted.
6130 struct wpa_supplicant
* wpa_supplicant_add_iface(struct wpa_global
*global
,
6131 struct wpa_interface
*iface
,
6132 struct wpa_supplicant
*parent
)
6134 struct wpa_supplicant
*wpa_s
;
6135 struct wpa_interface t_iface
;
6136 struct wpa_ssid
*ssid
;
6138 if (global
== NULL
|| iface
== NULL
)
6141 wpa_s
= wpa_supplicant_alloc(parent
);
6145 wpa_s
->global
= global
;
6148 if (global
->params
.override_driver
) {
6149 wpa_printf(MSG_DEBUG
, "Override interface parameter: driver "
6151 iface
->driver
, global
->params
.override_driver
);
6152 t_iface
.driver
= global
->params
.override_driver
;
6154 if (global
->params
.override_ctrl_interface
) {
6155 wpa_printf(MSG_DEBUG
, "Override interface parameter: "
6156 "ctrl_interface ('%s' -> '%s')",
6157 iface
->ctrl_interface
,
6158 global
->params
.override_ctrl_interface
);
6159 t_iface
.ctrl_interface
=
6160 global
->params
.override_ctrl_interface
;
6162 if (wpa_supplicant_init_iface(wpa_s
, &t_iface
)) {
6163 wpa_printf(MSG_DEBUG
, "Failed to add interface %s",
6165 wpa_supplicant_deinit_iface(wpa_s
, 0, 0);
6169 if (iface
->p2p_mgmt
== 0) {
6170 /* Notify the control interfaces about new iface */
6171 if (wpas_notify_iface_added(wpa_s
)) {
6172 wpa_supplicant_deinit_iface(wpa_s
, 1, 0);
6176 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
6177 wpas_notify_network_added(wpa_s
, ssid
);
6180 wpa_s
->next
= global
->ifaces
;
6181 global
->ifaces
= wpa_s
;
6183 wpa_dbg(wpa_s
, MSG_DEBUG
, "Added interface %s", wpa_s
->ifname
);
6184 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
6187 if (wpa_s
->global
->p2p
== NULL
&&
6188 !wpa_s
->global
->p2p_disabled
&& !wpa_s
->conf
->p2p_disabled
&&
6189 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
) &&
6190 wpas_p2p_add_p2pdev_interface(
6191 wpa_s
, wpa_s
->global
->params
.conf_p2p_dev
) < 0) {
6192 wpa_printf(MSG_INFO
,
6193 "P2P: Failed to enable P2P Device interface");
6194 /* Try to continue without. P2P will be disabled. */
6196 #endif /* CONFIG_P2P */
6203 * wpa_supplicant_remove_iface - Remove a network interface
6204 * @global: Pointer to global data from wpa_supplicant_init()
6205 * @wpa_s: Pointer to the network interface to be removed
6206 * Returns: 0 if interface was removed, -1 if interface was not found
6208 * This function can be used to dynamically remove network interfaces from
6209 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
6210 * addition, this function is used to remove all remaining interfaces when
6211 * %wpa_supplicant is terminated.
6213 int wpa_supplicant_remove_iface(struct wpa_global
*global
,
6214 struct wpa_supplicant
*wpa_s
,
6217 struct wpa_supplicant
*prev
;
6219 unsigned int mesh_if_created
= wpa_s
->mesh_if_created
;
6220 char *ifname
= NULL
;
6221 struct wpa_supplicant
*parent
= wpa_s
->parent
;
6222 #endif /* CONFIG_MESH */
6224 /* Remove interface from the global list of interfaces */
6225 prev
= global
->ifaces
;
6226 if (prev
== wpa_s
) {
6227 global
->ifaces
= wpa_s
->next
;
6229 while (prev
&& prev
->next
!= wpa_s
)
6233 prev
->next
= wpa_s
->next
;
6236 wpa_dbg(wpa_s
, MSG_DEBUG
, "Removing interface %s", wpa_s
->ifname
);
6239 if (mesh_if_created
) {
6240 ifname
= os_strdup(wpa_s
->ifname
);
6241 if (ifname
== NULL
) {
6242 wpa_dbg(wpa_s
, MSG_ERROR
,
6243 "mesh: Failed to malloc ifname");
6247 #endif /* CONFIG_MESH */
6249 if (global
->p2p_group_formation
== wpa_s
)
6250 global
->p2p_group_formation
= NULL
;
6251 if (global
->p2p_invite_group
== wpa_s
)
6252 global
->p2p_invite_group
= NULL
;
6253 wpa_supplicant_deinit_iface(wpa_s
, 1, terminate
);
6256 if (mesh_if_created
) {
6257 wpa_drv_if_remove(parent
, WPA_IF_MESH
, ifname
);
6260 #endif /* CONFIG_MESH */
6267 * wpa_supplicant_get_eap_mode - Get the current EAP mode
6268 * @wpa_s: Pointer to the network interface
6269 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
6271 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant
*wpa_s
)
6273 const char *eapol_method
;
6275 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) == 0 &&
6276 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
6280 eapol_method
= eapol_sm_get_method_name(wpa_s
->eapol
);
6281 if (eapol_method
== NULL
)
6282 return "UNKNOWN-EAP";
6284 return eapol_method
;
6289 * wpa_supplicant_get_iface - Get a new network interface
6290 * @global: Pointer to global data from wpa_supplicant_init()
6291 * @ifname: Interface name
6292 * Returns: Pointer to the interface or %NULL if not found
6294 struct wpa_supplicant
* wpa_supplicant_get_iface(struct wpa_global
*global
,
6297 struct wpa_supplicant
*wpa_s
;
6299 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
6300 if (os_strcmp(wpa_s
->ifname
, ifname
) == 0)
6307 #ifndef CONFIG_NO_WPA_MSG
6308 static const char * wpa_supplicant_msg_ifname_cb(void *ctx
)
6310 struct wpa_supplicant
*wpa_s
= ctx
;
6313 return wpa_s
->ifname
;
6315 #endif /* CONFIG_NO_WPA_MSG */
6318 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
6319 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
6320 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
6322 /* Periodic cleanup tasks */
6323 static void wpas_periodic(void *eloop_ctx
, void *timeout_ctx
)
6325 struct wpa_global
*global
= eloop_ctx
;
6326 struct wpa_supplicant
*wpa_s
;
6328 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL
, 0,
6329 wpas_periodic
, global
, NULL
);
6333 p2p_expire_peers(global
->p2p
);
6334 #endif /* CONFIG_P2P */
6336 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
6337 wpa_bss_flush_by_age(wpa_s
, wpa_s
->conf
->bss_expiration_age
);
6340 #endif /* CONFIG_AP */
6346 * wpa_supplicant_init - Initialize %wpa_supplicant
6347 * @params: Parameters for %wpa_supplicant
6348 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
6350 * This function is used to initialize %wpa_supplicant. After successful
6351 * initialization, the returned data pointer can be used to add and remove
6352 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
6354 struct wpa_global
* wpa_supplicant_init(struct wpa_params
*params
)
6356 struct wpa_global
*global
;
6362 #ifdef CONFIG_DRIVER_NDIS
6364 void driver_ndis_init_ops(void);
6365 driver_ndis_init_ops();
6367 #endif /* CONFIG_DRIVER_NDIS */
6369 #ifndef CONFIG_NO_WPA_MSG
6370 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb
);
6371 #endif /* CONFIG_NO_WPA_MSG */
6373 if (params
->wpa_debug_file_path
)
6374 wpa_debug_open_file(params
->wpa_debug_file_path
);
6376 wpa_debug_setup_stdout();
6377 if (params
->wpa_debug_syslog
)
6378 wpa_debug_open_syslog();
6379 if (params
->wpa_debug_tracing
) {
6380 ret
= wpa_debug_open_linux_tracing();
6382 wpa_printf(MSG_ERROR
,
6383 "Failed to enable trace logging");
6388 ret
= eap_register_methods();
6390 wpa_printf(MSG_ERROR
, "Failed to register EAP methods");
6392 wpa_printf(MSG_ERROR
, "Two or more EAP methods used "
6393 "the same EAP type.");
6397 global
= os_zalloc(sizeof(*global
));
6400 dl_list_init(&global
->p2p_srv_bonjour
);
6401 dl_list_init(&global
->p2p_srv_upnp
);
6402 global
->params
.daemonize
= params
->daemonize
;
6403 global
->params
.wait_for_monitor
= params
->wait_for_monitor
;
6404 global
->params
.dbus_ctrl_interface
= params
->dbus_ctrl_interface
;
6405 if (params
->pid_file
)
6406 global
->params
.pid_file
= os_strdup(params
->pid_file
);
6407 if (params
->ctrl_interface
)
6408 global
->params
.ctrl_interface
=
6409 os_strdup(params
->ctrl_interface
);
6410 if (params
->ctrl_interface_group
)
6411 global
->params
.ctrl_interface_group
=
6412 os_strdup(params
->ctrl_interface_group
);
6413 if (params
->override_driver
)
6414 global
->params
.override_driver
=
6415 os_strdup(params
->override_driver
);
6416 if (params
->override_ctrl_interface
)
6417 global
->params
.override_ctrl_interface
=
6418 os_strdup(params
->override_ctrl_interface
);
6419 #ifdef CONFIG_MATCH_IFACE
6420 global
->params
.match_iface_count
= params
->match_iface_count
;
6421 if (params
->match_iface_count
) {
6422 global
->params
.match_ifaces
=
6423 os_calloc(params
->match_iface_count
,
6424 sizeof(struct wpa_interface
));
6425 os_memcpy(global
->params
.match_ifaces
,
6426 params
->match_ifaces
,
6427 params
->match_iface_count
*
6428 sizeof(struct wpa_interface
));
6430 #endif /* CONFIG_MATCH_IFACE */
6432 if (params
->conf_p2p_dev
)
6433 global
->params
.conf_p2p_dev
=
6434 os_strdup(params
->conf_p2p_dev
);
6435 #endif /* CONFIG_P2P */
6436 wpa_debug_level
= global
->params
.wpa_debug_level
=
6437 params
->wpa_debug_level
;
6438 wpa_debug_show_keys
= global
->params
.wpa_debug_show_keys
=
6439 params
->wpa_debug_show_keys
;
6440 wpa_debug_timestamp
= global
->params
.wpa_debug_timestamp
=
6441 params
->wpa_debug_timestamp
;
6443 wpa_printf(MSG_DEBUG
, "wpa_supplicant v" VERSION_STR
);
6446 wpa_printf(MSG_ERROR
, "Failed to initialize event loop");
6447 wpa_supplicant_deinit(global
);
6451 random_init(params
->entropy_file
);
6453 global
->ctrl_iface
= wpa_supplicant_global_ctrl_iface_init(global
);
6454 if (global
->ctrl_iface
== NULL
) {
6455 wpa_supplicant_deinit(global
);
6459 if (wpas_notify_supplicant_initialized(global
)) {
6460 wpa_supplicant_deinit(global
);
6464 for (i
= 0; wpa_drivers
[i
]; i
++)
6465 global
->drv_count
++;
6466 if (global
->drv_count
== 0) {
6467 wpa_printf(MSG_ERROR
, "No drivers enabled");
6468 wpa_supplicant_deinit(global
);
6471 global
->drv_priv
= os_calloc(global
->drv_count
, sizeof(void *));
6472 if (global
->drv_priv
== NULL
) {
6473 wpa_supplicant_deinit(global
);
6477 #ifdef CONFIG_WIFI_DISPLAY
6478 if (wifi_display_init(global
) < 0) {
6479 wpa_printf(MSG_ERROR
, "Failed to initialize Wi-Fi Display");
6480 wpa_supplicant_deinit(global
);
6483 #endif /* CONFIG_WIFI_DISPLAY */
6485 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL
, 0,
6486 wpas_periodic
, global
, NULL
);
6493 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
6494 * @global: Pointer to global data from wpa_supplicant_init()
6495 * Returns: 0 after successful event loop run, -1 on failure
6497 * This function starts the main event loop and continues running as long as
6498 * there are any remaining events. In most cases, this function is running as
6499 * long as the %wpa_supplicant process in still in use.
6501 int wpa_supplicant_run(struct wpa_global
*global
)
6503 struct wpa_supplicant
*wpa_s
;
6505 if (global
->params
.daemonize
&&
6506 (wpa_supplicant_daemon(global
->params
.pid_file
) ||
6507 eloop_sock_requeue()))
6510 #ifdef CONFIG_MATCH_IFACE
6511 if (wpa_supplicant_match_existing(global
))
6515 if (global
->params
.wait_for_monitor
) {
6516 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
)
6517 if (wpa_s
->ctrl_iface
&& !wpa_s
->p2p_mgmt
)
6518 wpa_supplicant_ctrl_iface_wait(
6522 eloop_register_signal_terminate(wpa_supplicant_terminate
, global
);
6523 eloop_register_signal_reconfig(wpa_supplicant_reconfig
, global
);
6532 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
6533 * @global: Pointer to global data from wpa_supplicant_init()
6535 * This function is called to deinitialize %wpa_supplicant and to free all
6536 * allocated resources. Remaining network interfaces will also be removed.
6538 void wpa_supplicant_deinit(struct wpa_global
*global
)
6545 eloop_cancel_timeout(wpas_periodic
, global
, NULL
);
6547 #ifdef CONFIG_WIFI_DISPLAY
6548 wifi_display_deinit(global
);
6549 #endif /* CONFIG_WIFI_DISPLAY */
6551 while (global
->ifaces
)
6552 wpa_supplicant_remove_iface(global
, global
->ifaces
, 1);
6554 if (global
->ctrl_iface
)
6555 wpa_supplicant_global_ctrl_iface_deinit(global
->ctrl_iface
);
6557 wpas_notify_supplicant_deinitialized(global
);
6559 eap_peer_unregister_methods();
6561 eap_server_unregister_methods();
6562 #endif /* CONFIG_AP */
6564 for (i
= 0; wpa_drivers
[i
] && global
->drv_priv
; i
++) {
6565 if (!global
->drv_priv
[i
])
6567 wpa_drivers
[i
]->global_deinit(global
->drv_priv
[i
]);
6569 os_free(global
->drv_priv
);
6575 if (global
->params
.pid_file
) {
6576 os_daemonize_terminate(global
->params
.pid_file
);
6577 os_free(global
->params
.pid_file
);
6579 os_free(global
->params
.ctrl_interface
);
6580 os_free(global
->params
.ctrl_interface_group
);
6581 os_free(global
->params
.override_driver
);
6582 os_free(global
->params
.override_ctrl_interface
);
6583 #ifdef CONFIG_MATCH_IFACE
6584 os_free(global
->params
.match_ifaces
);
6585 #endif /* CONFIG_MATCH_IFACE */
6587 os_free(global
->params
.conf_p2p_dev
);
6588 #endif /* CONFIG_P2P */
6590 os_free(global
->p2p_disallow_freq
.range
);
6591 os_free(global
->p2p_go_avoid_freq
.range
);
6592 os_free(global
->add_psk
);
6595 wpa_debug_close_syslog();
6596 wpa_debug_close_file();
6597 wpa_debug_close_linux_tracing();
6601 void wpa_supplicant_update_config(struct wpa_supplicant
*wpa_s
)
6603 if ((wpa_s
->conf
->changed_parameters
& CFG_CHANGED_COUNTRY
) &&
6604 wpa_s
->conf
->country
[0] && wpa_s
->conf
->country
[1]) {
6606 country
[0] = wpa_s
->conf
->country
[0];
6607 country
[1] = wpa_s
->conf
->country
[1];
6609 if (wpa_drv_set_country(wpa_s
, country
) < 0) {
6610 wpa_printf(MSG_ERROR
, "Failed to set country code "
6615 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_EXT_PW_BACKEND
)
6616 wpas_init_ext_pw(wpa_s
);
6618 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_SCHED_SCAN_PLANS
)
6619 wpas_sched_scan_plans_set(wpa_s
, wpa_s
->conf
->sched_scan_plans
);
6621 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_WOWLAN_TRIGGERS
) {
6622 struct wpa_driver_capa capa
;
6623 int res
= wpa_drv_get_capa(wpa_s
, &capa
);
6625 if (res
== 0 && wpas_set_wowlan_triggers(wpa_s
, &capa
) < 0)
6626 wpa_printf(MSG_ERROR
,
6627 "Failed to update wowlan_triggers to '%s'",
6628 wpa_s
->conf
->wowlan_triggers
);
6632 wpas_wps_update_config(wpa_s
);
6633 #endif /* CONFIG_WPS */
6634 wpas_p2p_update_config(wpa_s
);
6635 wpa_s
->conf
->changed_parameters
= 0;
6639 void add_freq(int *freqs
, int *num_freqs
, int freq
)
6643 for (i
= 0; i
< *num_freqs
; i
++) {
6644 if (freqs
[i
] == freq
)
6648 freqs
[*num_freqs
] = freq
;
6653 static int * get_bss_freqs_in_ess(struct wpa_supplicant
*wpa_s
)
6655 struct wpa_bss
*bss
, *cbss
;
6656 const int max_freqs
= 10;
6660 freqs
= os_calloc(max_freqs
+ 1, sizeof(int));
6664 cbss
= wpa_s
->current_bss
;
6666 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
6669 if (bss
->ssid_len
== cbss
->ssid_len
&&
6670 os_memcmp(bss
->ssid
, cbss
->ssid
, bss
->ssid_len
) == 0 &&
6671 wpa_blacklist_get(wpa_s
, bss
->bssid
) == NULL
) {
6672 add_freq(freqs
, &num_freqs
, bss
->freq
);
6673 if (num_freqs
== max_freqs
)
6678 if (num_freqs
== 0) {
6687 void wpas_connection_failed(struct wpa_supplicant
*wpa_s
, const u8
*bssid
)
6693 wpas_connect_work_done(wpa_s
);
6696 * Remove possible authentication timeout since the connection failed.
6698 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
6701 * There is no point in blacklisting the AP if this event is
6702 * generated based on local request to disconnect.
6704 if (wpa_s
->own_disconnect_req
) {
6705 wpa_s
->own_disconnect_req
= 0;
6706 wpa_dbg(wpa_s
, MSG_DEBUG
,
6707 "Ignore connection failure due to local request to disconnect");
6710 if (wpa_s
->disconnected
) {
6711 wpa_dbg(wpa_s
, MSG_DEBUG
, "Ignore connection failure "
6712 "indication since interface has been put into "
6713 "disconnected state");
6718 * Add the failed BSSID into the blacklist and speed up next scan
6719 * attempt if there could be other APs that could accept association.
6720 * The current blacklist count indicates how many times we have tried
6721 * connecting to this AP and multiple attempts mean that other APs are
6722 * either not available or has already been tried, so that we can start
6723 * increasing the delay here to avoid constant scanning.
6725 count
= wpa_blacklist_add(wpa_s
, bssid
);
6726 if (count
== 1 && wpa_s
->current_bss
) {
6728 * This BSS was not in the blacklist before. If there is
6729 * another BSS available for the same ESS, we should try that
6730 * next. Otherwise, we may as well try this one once more
6731 * before allowing other, likely worse, ESSes to be considered.
6733 freqs
= get_bss_freqs_in_ess(wpa_s
);
6735 wpa_dbg(wpa_s
, MSG_DEBUG
, "Another BSS in this ESS "
6736 "has been seen; try it next");
6737 wpa_blacklist_add(wpa_s
, bssid
);
6739 * On the next scan, go through only the known channels
6740 * used in this ESS based on previous scans to speed up
6741 * common load balancing use case.
6743 os_free(wpa_s
->next_scan_freqs
);
6744 wpa_s
->next_scan_freqs
= freqs
;
6749 * Add previous failure count in case the temporary blacklist was
6750 * cleared due to no other BSSes being available.
6752 count
+= wpa_s
->extra_blacklist_count
;
6754 if (count
> 3 && wpa_s
->current_ssid
) {
6755 wpa_printf(MSG_DEBUG
, "Continuous association failures - "
6756 "consider temporary network disabling");
6757 wpas_auth_failed(wpa_s
, "CONN_FAILED");
6778 wpa_dbg(wpa_s
, MSG_DEBUG
, "Blacklist count %d --> request scan in %d "
6779 "ms", count
, timeout
);
6782 * TODO: if more than one possible AP is available in scan results,
6783 * could try the other ones before requesting a new scan.
6786 /* speed up the connection attempt with normal scan */
6787 wpa_s
->normal_scans
= 0;
6788 wpa_supplicant_req_scan(wpa_s
, timeout
/ 1000,
6789 1000 * (timeout
% 1000));
6794 void fils_connection_failure(struct wpa_supplicant
*wpa_s
)
6796 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
6797 const u8
*realm
, *username
, *rrk
;
6798 size_t realm_len
, username_len
, rrk_len
;
6801 if (!ssid
|| !ssid
->eap
.erp
|| !wpa_key_mgmt_fils(ssid
->key_mgmt
) ||
6802 eapol_sm_get_erp_info(wpa_s
->eapol
, &ssid
->eap
,
6803 &username
, &username_len
,
6804 &realm
, &realm_len
, &next_seq_num
,
6805 &rrk
, &rrk_len
) != 0 ||
6809 wpa_hexdump_ascii(MSG_DEBUG
,
6810 "FILS: Store last connection failure realm",
6812 os_free(wpa_s
->last_con_fail_realm
);
6813 wpa_s
->last_con_fail_realm
= os_malloc(realm_len
);
6814 if (wpa_s
->last_con_fail_realm
) {
6815 wpa_s
->last_con_fail_realm_len
= realm_len
;
6816 os_memcpy(wpa_s
->last_con_fail_realm
, realm
, realm_len
);
6819 #endif /* CONFIG_FILS */
6822 int wpas_driver_bss_selection(struct wpa_supplicant
*wpa_s
)
6824 return wpa_s
->conf
->ap_scan
== 2 ||
6825 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_BSS_SELECTION
);
6829 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
6830 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant
*wpa_s
,
6831 struct wpa_ssid
*ssid
,
6835 #ifdef IEEE8021X_EAPOL
6836 struct eap_peer_config
*eap
= &ssid
->eap
;
6838 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: response handle field=%s", field
);
6839 wpa_hexdump_ascii_key(MSG_DEBUG
, "CTRL_IFACE: response value",
6840 (const u8
*) value
, os_strlen(value
));
6842 switch (wpa_supplicant_ctrl_req_from_string(field
)) {
6843 case WPA_CTRL_REQ_EAP_IDENTITY
:
6844 os_free(eap
->identity
);
6845 eap
->identity
= (u8
*) os_strdup(value
);
6846 eap
->identity_len
= os_strlen(value
);
6847 eap
->pending_req_identity
= 0;
6848 if (ssid
== wpa_s
->current_ssid
)
6849 wpa_s
->reassociate
= 1;
6851 case WPA_CTRL_REQ_EAP_PASSWORD
:
6852 bin_clear_free(eap
->password
, eap
->password_len
);
6853 eap
->password
= (u8
*) os_strdup(value
);
6854 eap
->password_len
= os_strlen(value
);
6855 eap
->pending_req_password
= 0;
6856 if (ssid
== wpa_s
->current_ssid
)
6857 wpa_s
->reassociate
= 1;
6859 case WPA_CTRL_REQ_EAP_NEW_PASSWORD
:
6860 bin_clear_free(eap
->new_password
, eap
->new_password_len
);
6861 eap
->new_password
= (u8
*) os_strdup(value
);
6862 eap
->new_password_len
= os_strlen(value
);
6863 eap
->pending_req_new_password
= 0;
6864 if (ssid
== wpa_s
->current_ssid
)
6865 wpa_s
->reassociate
= 1;
6867 case WPA_CTRL_REQ_EAP_PIN
:
6868 str_clear_free(eap
->pin
);
6869 eap
->pin
= os_strdup(value
);
6870 eap
->pending_req_pin
= 0;
6871 if (ssid
== wpa_s
->current_ssid
)
6872 wpa_s
->reassociate
= 1;
6874 case WPA_CTRL_REQ_EAP_OTP
:
6875 bin_clear_free(eap
->otp
, eap
->otp_len
);
6876 eap
->otp
= (u8
*) os_strdup(value
);
6877 eap
->otp_len
= os_strlen(value
);
6878 os_free(eap
->pending_req_otp
);
6879 eap
->pending_req_otp
= NULL
;
6880 eap
->pending_req_otp_len
= 0;
6882 case WPA_CTRL_REQ_EAP_PASSPHRASE
:
6883 str_clear_free(eap
->private_key_passwd
);
6884 eap
->private_key_passwd
= os_strdup(value
);
6885 eap
->pending_req_passphrase
= 0;
6886 if (ssid
== wpa_s
->current_ssid
)
6887 wpa_s
->reassociate
= 1;
6889 case WPA_CTRL_REQ_SIM
:
6890 str_clear_free(eap
->external_sim_resp
);
6891 eap
->external_sim_resp
= os_strdup(value
);
6892 eap
->pending_req_sim
= 0;
6894 case WPA_CTRL_REQ_PSK_PASSPHRASE
:
6895 if (wpa_config_set(ssid
, "psk", value
, 0) < 0)
6897 ssid
->mem_only_psk
= 1;
6898 if (ssid
->passphrase
)
6899 wpa_config_update_psk(ssid
);
6900 if (wpa_s
->wpa_state
== WPA_SCANNING
&& !wpa_s
->scanning
)
6901 wpa_supplicant_req_scan(wpa_s
, 0, 0);
6903 case WPA_CTRL_REQ_EXT_CERT_CHECK
:
6904 if (eap
->pending_ext_cert_check
!= PENDING_CHECK
)
6906 if (os_strcmp(value
, "good") == 0)
6907 eap
->pending_ext_cert_check
= EXT_CERT_CHECK_GOOD
;
6908 else if (os_strcmp(value
, "bad") == 0)
6909 eap
->pending_ext_cert_check
= EXT_CERT_CHECK_BAD
;
6914 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: Unknown field '%s'", field
);
6919 #else /* IEEE8021X_EAPOL */
6920 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: IEEE 802.1X not included");
6922 #endif /* IEEE8021X_EAPOL */
6924 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
6927 int wpas_network_disabled(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
6930 unsigned int drv_enc
;
6932 if (wpa_s
->p2p_mgmt
)
6933 return 1; /* no normal network profiles on p2p_mgmt interface */
6941 if (wpa_s
->drv_capa_known
)
6942 drv_enc
= wpa_s
->drv_enc
;
6944 drv_enc
= (unsigned int) -1;
6946 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
6947 size_t len
= ssid
->wep_key_len
[i
];
6950 if (len
== 5 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP40
))
6952 if (len
== 13 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP104
))
6954 if (len
== 16 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP128
))
6956 return 1; /* invalid WEP key */
6959 if (wpa_key_mgmt_wpa_psk(ssid
->key_mgmt
) && !ssid
->psk_set
&&
6960 (!ssid
->passphrase
|| ssid
->ssid_len
!= 0) && !ssid
->ext_psk
&&
6961 !(wpa_key_mgmt_sae(ssid
->key_mgmt
) && ssid
->sae_password
) &&
6962 !ssid
->mem_only_psk
)
6969 int wpas_get_ssid_pmf(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
6971 #ifdef CONFIG_IEEE80211W
6972 if (ssid
== NULL
|| ssid
->ieee80211w
== MGMT_FRAME_PROTECTION_DEFAULT
) {
6973 if (wpa_s
->conf
->pmf
== MGMT_FRAME_PROTECTION_OPTIONAL
&&
6974 !(wpa_s
->drv_enc
& WPA_DRIVER_CAPA_ENC_BIP
)) {
6976 * Driver does not support BIP -- ignore pmf=1 default
6977 * since the connection with PMF would fail and the
6978 * configuration does not require PMF to be enabled.
6980 return NO_MGMT_FRAME_PROTECTION
;
6985 ~(WPA_KEY_MGMT_NONE
| WPA_KEY_MGMT_WPS
|
6986 WPA_KEY_MGMT_IEEE8021X_NO_WPA
)) == 0) {
6988 * Do not use the default PMF value for non-RSN networks
6989 * since PMF is available only with RSN and pmf=2
6990 * configuration would otherwise prevent connections to
6991 * all open networks.
6993 return NO_MGMT_FRAME_PROTECTION
;
6996 return wpa_s
->conf
->pmf
;
6999 return ssid
->ieee80211w
;
7000 #else /* CONFIG_IEEE80211W */
7001 return NO_MGMT_FRAME_PROTECTION
;
7002 #endif /* CONFIG_IEEE80211W */
7006 int wpas_is_p2p_prioritized(struct wpa_supplicant
*wpa_s
)
7008 if (wpa_s
->global
->conc_pref
== WPA_CONC_PREF_P2P
)
7010 if (wpa_s
->global
->conc_pref
== WPA_CONC_PREF_STA
)
7016 void wpas_auth_failed(struct wpa_supplicant
*wpa_s
, char *reason
)
7018 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
7020 struct os_reltime now
;
7023 wpa_printf(MSG_DEBUG
, "Authentication failure but no known "
7028 if (ssid
->key_mgmt
== WPA_KEY_MGMT_WPS
)
7031 ssid
->auth_failures
++;
7034 if (ssid
->p2p_group
&&
7035 (wpa_s
->p2p_in_provisioning
|| wpa_s
->show_group_started
)) {
7037 * Skip the wait time since there is a short timeout on the
7038 * connection to a P2P group.
7042 #endif /* CONFIG_P2P */
7044 if (ssid
->auth_failures
> 50)
7046 else if (ssid
->auth_failures
> 10)
7048 else if (ssid
->auth_failures
> 5)
7050 else if (ssid
->auth_failures
> 3)
7052 else if (ssid
->auth_failures
> 2)
7054 else if (ssid
->auth_failures
> 1)
7059 if (ssid
->auth_failures
> 1 &&
7060 wpa_key_mgmt_wpa_ieee8021x(ssid
->key_mgmt
))
7061 dur
+= os_random() % (ssid
->auth_failures
* 10);
7063 os_get_reltime(&now
);
7064 if (now
.sec
+ dur
<= ssid
->disabled_until
.sec
)
7067 ssid
->disabled_until
.sec
= now
.sec
+ dur
;
7069 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_TEMP_DISABLED
7070 "id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
7071 ssid
->id
, wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
),
7072 ssid
->auth_failures
, dur
, reason
);
7076 void wpas_clear_temp_disabled(struct wpa_supplicant
*wpa_s
,
7077 struct wpa_ssid
*ssid
, int clear_failures
)
7082 if (ssid
->disabled_until
.sec
) {
7083 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_REENABLED
7084 "id=%d ssid=\"%s\"",
7085 ssid
->id
, wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
));
7087 ssid
->disabled_until
.sec
= 0;
7088 ssid
->disabled_until
.usec
= 0;
7090 ssid
->auth_failures
= 0;
7094 int disallowed_bssid(struct wpa_supplicant
*wpa_s
, const u8
*bssid
)
7098 if (wpa_s
->disallow_aps_bssid
== NULL
)
7101 for (i
= 0; i
< wpa_s
->disallow_aps_bssid_count
; i
++) {
7102 if (os_memcmp(wpa_s
->disallow_aps_bssid
+ i
* ETH_ALEN
,
7103 bssid
, ETH_ALEN
) == 0)
7111 int disallowed_ssid(struct wpa_supplicant
*wpa_s
, const u8
*ssid
,
7116 if (wpa_s
->disallow_aps_ssid
== NULL
|| ssid
== NULL
)
7119 for (i
= 0; i
< wpa_s
->disallow_aps_ssid_count
; i
++) {
7120 struct wpa_ssid_value
*s
= &wpa_s
->disallow_aps_ssid
[i
];
7121 if (ssid_len
== s
->ssid_len
&&
7122 os_memcmp(ssid
, s
->ssid
, ssid_len
) == 0)
7131 * wpas_request_connection - Request a new connection
7132 * @wpa_s: Pointer to the network interface
7134 * This function is used to request a new connection to be found. It will mark
7135 * the interface to allow reassociation and request a new scan to find a
7136 * suitable network to connect to.
7138 void wpas_request_connection(struct wpa_supplicant
*wpa_s
)
7140 wpa_s
->normal_scans
= 0;
7141 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
7142 wpa_supplicant_reinit_autoscan(wpa_s
);
7143 wpa_s
->extra_blacklist_count
= 0;
7144 wpa_s
->disconnected
= 0;
7145 wpa_s
->reassociate
= 1;
7146 wpa_s
->last_owe_group
= 0;
7148 if (wpa_supplicant_fast_associate(wpa_s
) != 1)
7149 wpa_supplicant_req_scan(wpa_s
, 0, 0);
7151 wpa_s
->reattach
= 0;
7156 * wpas_request_disconnection - Request disconnection
7157 * @wpa_s: Pointer to the network interface
7159 * This function is used to request disconnection from the currently connected
7160 * network. This will stop any ongoing scans and initiate deauthentication.
7162 void wpas_request_disconnection(struct wpa_supplicant
*wpa_s
)
7165 wpa_s
->sme
.prev_bssid_set
= 0;
7166 #endif /* CONFIG_SME */
7167 wpa_s
->reassociate
= 0;
7168 wpa_s
->disconnected
= 1;
7169 wpa_supplicant_cancel_sched_scan(wpa_s
);
7170 wpa_supplicant_cancel_scan(wpa_s
);
7171 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
7172 eloop_cancel_timeout(wpas_network_reenabled
, wpa_s
, NULL
);
7173 radio_remove_works(wpa_s
, "connect", 0);
7174 radio_remove_works(wpa_s
, "sme-connect", 0);
7178 void dump_freq_data(struct wpa_supplicant
*wpa_s
, const char *title
,
7179 struct wpa_used_freq_data
*freqs_data
,
7184 wpa_dbg(wpa_s
, MSG_DEBUG
, "Shared frequencies (len=%u): %s",
7186 for (i
= 0; i
< len
; i
++) {
7187 struct wpa_used_freq_data
*cur
= &freqs_data
[i
];
7188 wpa_dbg(wpa_s
, MSG_DEBUG
, "freq[%u]: %d, flags=0x%X",
7189 i
, cur
->freq
, cur
->flags
);
7195 * Find the operating frequencies of any of the virtual interfaces that
7196 * are using the same radio as the current interface, and in addition, get
7197 * information about the interface types that are using the frequency.
7199 int get_shared_radio_freqs_data(struct wpa_supplicant
*wpa_s
,
7200 struct wpa_used_freq_data
*freqs_data
,
7203 struct wpa_supplicant
*ifs
;
7206 unsigned int idx
= 0, i
;
7208 wpa_dbg(wpa_s
, MSG_DEBUG
,
7209 "Determining shared radio frequencies (max len %u)", len
);
7210 os_memset(freqs_data
, 0, sizeof(struct wpa_used_freq_data
) * len
);
7212 dl_list_for_each(ifs
, &wpa_s
->radio
->ifaces
, struct wpa_supplicant
,
7217 if (ifs
->current_ssid
== NULL
|| ifs
->assoc_freq
== 0)
7220 if (ifs
->current_ssid
->mode
== WPAS_MODE_AP
||
7221 ifs
->current_ssid
->mode
== WPAS_MODE_P2P_GO
||
7222 ifs
->current_ssid
->mode
== WPAS_MODE_MESH
)
7223 freq
= ifs
->current_ssid
->frequency
;
7224 else if (wpa_drv_get_bssid(ifs
, bssid
) == 0)
7225 freq
= ifs
->assoc_freq
;
7229 /* Hold only distinct freqs */
7230 for (i
= 0; i
< idx
; i
++)
7231 if (freqs_data
[i
].freq
== freq
)
7235 freqs_data
[idx
++].freq
= freq
;
7237 if (ifs
->current_ssid
->mode
== WPAS_MODE_INFRA
) {
7238 freqs_data
[i
].flags
|= ifs
->current_ssid
->p2p_group
?
7239 WPA_FREQ_USED_BY_P2P_CLIENT
:
7240 WPA_FREQ_USED_BY_INFRA_STATION
;
7244 dump_freq_data(wpa_s
, "completed iteration", freqs_data
, idx
);
7250 * Find the operating frequencies of any of the virtual interfaces that
7251 * are using the same radio as the current interface.
7253 int get_shared_radio_freqs(struct wpa_supplicant
*wpa_s
,
7254 int *freq_array
, unsigned int len
)
7256 struct wpa_used_freq_data
*freqs_data
;
7259 os_memset(freq_array
, 0, sizeof(int) * len
);
7261 freqs_data
= os_calloc(len
, sizeof(struct wpa_used_freq_data
));
7265 num
= get_shared_radio_freqs_data(wpa_s
, freqs_data
, len
);
7266 for (i
= 0; i
< num
; i
++)
7267 freq_array
[i
] = freqs_data
[i
].freq
;
7269 os_free(freqs_data
);
7275 struct wpa_supplicant
*
7276 wpas_vendor_elem(struct wpa_supplicant
*wpa_s
, enum wpa_vendor_elem_frame frame
)
7280 case VENDOR_ELEM_PROBE_REQ_P2P
:
7281 case VENDOR_ELEM_PROBE_RESP_P2P
:
7282 case VENDOR_ELEM_PROBE_RESP_P2P_GO
:
7283 case VENDOR_ELEM_BEACON_P2P_GO
:
7284 case VENDOR_ELEM_P2P_PD_REQ
:
7285 case VENDOR_ELEM_P2P_PD_RESP
:
7286 case VENDOR_ELEM_P2P_GO_NEG_REQ
:
7287 case VENDOR_ELEM_P2P_GO_NEG_RESP
:
7288 case VENDOR_ELEM_P2P_GO_NEG_CONF
:
7289 case VENDOR_ELEM_P2P_INV_REQ
:
7290 case VENDOR_ELEM_P2P_INV_RESP
:
7291 case VENDOR_ELEM_P2P_ASSOC_REQ
:
7292 case VENDOR_ELEM_P2P_ASSOC_RESP
:
7293 return wpa_s
->p2pdev
;
7294 #endif /* CONFIG_P2P */
7301 void wpas_vendor_elem_update(struct wpa_supplicant
*wpa_s
)
7306 wpa_printf(MSG_DEBUG
, "Update vendor elements");
7308 for (i
= 0; i
< NUM_VENDOR_ELEM_FRAMES
; i
++) {
7309 if (wpa_s
->vendor_elem
[i
]) {
7312 res
= os_snprintf(buf
, sizeof(buf
), "frame[%u]", i
);
7313 if (!os_snprintf_error(sizeof(buf
), res
)) {
7314 wpa_hexdump_buf(MSG_DEBUG
, buf
,
7315 wpa_s
->vendor_elem
[i
]);
7321 if (wpa_s
->parent
== wpa_s
&&
7322 wpa_s
->global
->p2p
&&
7323 !wpa_s
->global
->p2p_disabled
)
7324 p2p_set_vendor_elems(wpa_s
->global
->p2p
, wpa_s
->vendor_elem
);
7325 #endif /* CONFIG_P2P */
7329 int wpas_vendor_elem_remove(struct wpa_supplicant
*wpa_s
, int frame
,
7330 const u8
*elem
, size_t len
)
7334 ie
= wpabuf_mhead_u8(wpa_s
->vendor_elem
[frame
]);
7335 end
= ie
+ wpabuf_len(wpa_s
->vendor_elem
[frame
]);
7337 for (; ie
+ 1 < end
; ie
+= 2 + ie
[1]) {
7340 if (os_memcmp(ie
, elem
, len
) != 0)
7343 if (wpabuf_len(wpa_s
->vendor_elem
[frame
]) == len
) {
7344 wpabuf_free(wpa_s
->vendor_elem
[frame
]);
7345 wpa_s
->vendor_elem
[frame
] = NULL
;
7347 os_memmove(ie
, ie
+ len
, end
- (ie
+ len
));
7348 wpa_s
->vendor_elem
[frame
]->used
-= len
;
7350 wpas_vendor_elem_update(wpa_s
);
7358 struct hostapd_hw_modes
* get_mode(struct hostapd_hw_modes
*modes
,
7359 u16 num_modes
, enum hostapd_hw_mode mode
)
7363 for (i
= 0; i
< num_modes
; i
++) {
7364 if (modes
[i
].mode
== mode
)
7373 wpa_bss_tmp_disallowed
* wpas_get_disallowed_bss(struct wpa_supplicant
*wpa_s
,
7376 struct wpa_bss_tmp_disallowed
*bss
;
7378 dl_list_for_each(bss
, &wpa_s
->bss_tmp_disallowed
,
7379 struct wpa_bss_tmp_disallowed
, list
) {
7380 if (os_memcmp(bssid
, bss
->bssid
, ETH_ALEN
) == 0)
7388 static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant
*wpa_s
)
7390 struct wpa_bss_tmp_disallowed
*tmp
;
7391 unsigned int num_bssid
= 0;
7395 bssids
= os_malloc(dl_list_len(&wpa_s
->bss_tmp_disallowed
) * ETH_ALEN
);
7398 dl_list_for_each(tmp
, &wpa_s
->bss_tmp_disallowed
,
7399 struct wpa_bss_tmp_disallowed
, list
) {
7400 os_memcpy(&bssids
[num_bssid
* ETH_ALEN
], tmp
->bssid
,
7404 ret
= wpa_drv_set_bssid_blacklist(wpa_s
, num_bssid
, bssids
);
7410 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx
, void *timeout_ctx
)
7412 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
7413 struct wpa_bss_tmp_disallowed
*tmp
, *bss
= timeout_ctx
;
7415 /* Make sure the bss is not already freed */
7416 dl_list_for_each(tmp
, &wpa_s
->bss_tmp_disallowed
,
7417 struct wpa_bss_tmp_disallowed
, list
) {
7419 dl_list_del(&tmp
->list
);
7421 wpa_set_driver_tmp_disallow_list(wpa_s
);
7428 void wpa_bss_tmp_disallow(struct wpa_supplicant
*wpa_s
, const u8
*bssid
,
7429 unsigned int sec
, int rssi_threshold
)
7431 struct wpa_bss_tmp_disallowed
*bss
;
7433 bss
= wpas_get_disallowed_bss(wpa_s
, bssid
);
7435 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout
, wpa_s
, bss
);
7439 bss
= os_malloc(sizeof(*bss
));
7441 wpa_printf(MSG_DEBUG
,
7442 "Failed to allocate memory for temp disallow BSS");
7446 os_memcpy(bss
->bssid
, bssid
, ETH_ALEN
);
7447 dl_list_add(&wpa_s
->bss_tmp_disallowed
, &bss
->list
);
7448 wpa_set_driver_tmp_disallow_list(wpa_s
);
7451 bss
->rssi_threshold
= rssi_threshold
;
7452 eloop_register_timeout(sec
, 0, wpa_bss_tmp_disallow_timeout
,
7457 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant
*wpa_s
,
7458 struct wpa_bss
*bss
)
7460 struct wpa_bss_tmp_disallowed
*disallowed
= NULL
, *tmp
, *prev
;
7462 dl_list_for_each_safe(tmp
, prev
, &wpa_s
->bss_tmp_disallowed
,
7463 struct wpa_bss_tmp_disallowed
, list
) {
7464 if (os_memcmp(bss
->bssid
, tmp
->bssid
, ETH_ALEN
) == 0) {
7472 if (disallowed
->rssi_threshold
!= 0 &&
7473 bss
->level
> disallowed
->rssi_threshold
)