Arif Hussain [Fri, 24 Jan 2014 14:14:29 +0000 (16:14 +0200)]
P2P: Apply unsafe frequency rules to available channels
This adds a QCA vendor specific nl80211 event to allow the driver to
indicate a list of frequency ranges that should be avoided due to
interference or possible known co-existance constraints. Such
frequencies are marked as not allowed for P2P use to force groups to be
formed on different channels.
If a P2P GO is operating on a channel that the driver recommended not to
use, a notification about this is sent on the control interface and
upper layer code may decide to tear down the group and optionally
restart it on another channel. As a TODO item, this could also be changed
to use CSA to avoid removing the group.
Jouni Malinen [Fri, 24 Jan 2014 13:58:00 +0000 (15:58 +0200)]
Add a header file defining QCA OUI and vendor extensions
This file is used as a registry of identifier assignments from the
Qualcomm Atheros OUI 00:13:74 for purposes other than MAC address
assignment. One of the first uses will be for nl80211 vendor
commands/events which is reason for the preparation change in
driver_nl80211.c
Jouni Malinen [Thu, 23 Jan 2014 14:57:15 +0000 (16:57 +0200)]
Increase global ctrl_iface buffer to same size as per-interface
Since the global ctrl_iface can be used with IFNAME= prefix to send
commands to be processed by per-interface code, it should have the same
(well, close to same since the prefix takes some space) limits on
command length as the per-interface ctrl_iface. Increase the buffer from
256 to 4096 to achieve this.
Jouni Malinen [Thu, 23 Jan 2014 09:18:20 +0000 (11:18 +0200)]
GAS client: Use Protected Dual of Public Action frames with PMF
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Conver Public Action
GAS queries to use Dual of Public Action frame if PMF has been
negotiated with the AP to which the frame is being sent.
Jouni Malinen [Thu, 23 Jan 2014 09:15:28 +0000 (11:15 +0200)]
GAS server: Add support for Protected Dual of Public Action frames
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Add support for this
different category of Action frames being used for GAS. The payload
after the Category field is identical, so the only change is in using
the Category field based on what was received in the request frames. For
backwards compatibility, do not enforce protected dual to be used on the
AP side, i.e., follow what the station does.
Due to misplaced parenthesis, unprotected not-Robust Action frames
(e.g., Public Action frames) were dropped in handle_assoc() when such
frames were received during an association that had negotiated use of
PMF. This is not correct since only unprotected Robust Action frames
were supposed to be handled in this way.
This would have broken any Public Action frame use during PMF
association, but such frames were not really supposed to be used
currently (ANQP as the only possible use case should really use
protected dual option in such case).
Jouni Malinen [Thu, 23 Jan 2014 08:21:49 +0000 (10:21 +0200)]
Clear more configuration parameters to default on FLUSH
This makes it more convenient for test scripts to change parameters for
a specific test case without having to separately clear them between
each test case.
Raja Mani [Wed, 22 Jan 2014 14:15:23 +0000 (19:45 +0530)]
wpa_supplicant: Schedule PNO on completion of ongoing sched_scan
When start PNO request comes from control interface, wpa_supplicant
should wait until ongoing sched_scan (triggered by wpa_supplicant)
gets cancelled. Issuing cancel sched_scan and start PNO scan
one after another from pno_start() would lead wpa_supplicant to clear
wps->sched_scanning flag while getting sched_scan stopped event
from driver for cancel sched_scan request. In fact, PNO scan will
be in progress in driver and wpa_s->sched_scanning will not be set
in such cases.
In addition to this change, RSSI threshold limit is passed as part of
start sched_scan request. This was previously set only in pno_start(),
but the same parameter should be available for generic sched_scan calls
as well and this can now be reached through the new PNO start sequence.
Max Stepanov [Wed, 22 Jan 2014 14:05:47 +0000 (16:05 +0200)]
nl80211: Fix sizeof check in vendor command/event handling
Fix sizeof in a validity comparison of nl80211_vendor_cmd_info size. The
incorrect version happened to work on 64-bit builds due the structure
being eight octets, but this was incorrect and would not used with
32-bit builds.
Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
Max Stepanov [Wed, 22 Jan 2014 14:05:45 +0000 (16:05 +0200)]
wpa_supplicant: Fix seg fault in wpas_ctrl_radio_work_flush() in error case
Verify wpa_s->radio pointer before accessing it. If interface addition
fails, this could get called before wpa_s->radio has been set.
The segmentation fault details:
Program received signal SIGSEGV, Segmentation fault.
0x00000000004b9591 in wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
5754 dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,
Call stack:
0 wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
1 wpa_supplicant_deinit_iface (wpa_s=0x77fff0, notify=0, terminate=0) at wpa_supplicant.c:3619
2 wpa_supplicant_add_iface (global=0x75db10, iface=0x7fffffffe270) at wpa_supplicant.c:3691
3 wpas_p2p_add_p2pdev_interface (wpa_s=0x75dd20) at p2p_supplicant.c:3700
4 main (argc=<optimized out>, argv=<optimized out>) at main.c:317
Dmitry Shmidt [Fri, 17 Jan 2014 18:58:50 +0000 (10:58 -0800)]
P2P: Reduce peer expiration age to 60 sec and allow customization
The new default value (from 300 to 60 seconds) makes the internal P2P
peer list somewhat faster to react to peers becoming unreachable while
still maintaining entries for some time to avoid them disappearing
during user interaction (e.g., selecting a peer for a connection or
entering a PIN).
Raja Mani [Sat, 18 Jan 2014 14:46:24 +0000 (20:16 +0530)]
Skip normal scan when PNO is already in progress
Scan request failures are observed in wpa_supplicant debug log when
Android framework starts PNO scan in driver via ctrl interface command
'set pno 1' and wpa_supplicant also tries to issue a scan request after
PNO has started in the driver.
Some drivers may reject a normal scan request when PNO is already in
progress. wpa_supplicant should consider PNO status before issuing start
scan request to the driver. Otherwise, wpa_supplicant will get failures
from driver for the scan request and it will end up rescheduling scan
request in periodic interval and get a start scan request failure for
each attempt.
In order to avoid unnecessary scan attempt when PNO scan is already
running, PNO status is checked before issuing scan request to driver.
Rashmi Ramanna [Mon, 20 Jan 2014 20:55:09 +0000 (22:55 +0200)]
P2P: Extend the listen time based on the active concurrent session
A P2P Device while in the Listen state waiting to respond for the
obtained group negotiation request shall give a fair chance for other
concurrent sessions to use the shared radio by inducing an idle time
between the successive listen states. However, if there are no
concurrent operations, this idle time can be reduced.
Po-Lun Lai [Fri, 17 Jan 2014 17:35:03 +0000 (19:35 +0200)]
P2P: Allow GO Negotiation Request to update peer entry after PD
Previously, GO Negotiation Request frame was used to update a peer entry
if only a Probe Request from that peer had been received. However, it
would be possible, even if unlikely, for a peer to be discovered based
on receiving Provision Discovery Request frame from it and no Probe
Request frame. In such a case, the Listen frequency of the peer would
not be known and group formation could not be (re-)initialized with that
peer. Fix this by allowing the GO Negotiation Request frame to update
peer entry if the current peer entry does not include Listen or
Operating frequency.
Johannes Berg [Wed, 15 Jan 2014 19:58:39 +0000 (20:58 +0100)]
hwsim tests: vm: add optional time-warp
To test the code under the influence of time jumps, add the option
(--timewarp) to the VM tests to reset the clock all the time, which
makes the wall clock time jump speed up 20x, causing gettimeofday()
to be unreliable for timeout calculations.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Dmitry Shmidt [Wed, 15 Jan 2014 18:27:19 +0000 (10:27 -0800)]
P2P: Add missing direct global ctrl_iface commands for P2P
It should be noted that these commands are not exclusively used for P2P
or in the global context, so use of these commands through the global
control interface for operations that are specific to a single interface
have undefined behavior and that behavior may change in the future. As
such, these are recommend only for operations that are in the global
context (e.g., for P2P management).
Arend van Spriel [Wed, 15 Jan 2014 09:11:33 +0000 (10:11 +0100)]
Use minimal scan delay upon EVENT_INTERFACE_ADDED
This patch resets the static interface_count to zero in case of
wpa_supplicant_driver_init() call for wpa_s which is in
INTERFACE_DISABLED state. This interface_count is used for the delay of
the scan which is now minimal for dynamically added interfaces. This may
collide with a scan for another interface, but the same is true for any
chosen delay in this scenario. Also the state change to DISCONNECTED is
moved to wpa_supplicant_driver_init() so it will move from
INTERFACE_DISABLED to INACTIVE when there are no enabled networks.
Tested-by: Hante Meuleman <meuleman@broadcom.com> Signed-off-by: Arend van Spriel <arend@broadcom.com>
Arend van Spriel [Wed, 15 Jan 2014 09:11:32 +0000 (10:11 +0100)]
Reset normal_scans counter upon entering INTERFACE_DISABLED state
Depending on the implementation, the scheduled scan may not give results
quickly when in DISCONNECTED state. This patch resets
wpa_s::normal_scans upon entering to the INTERFACE_DISABLED state so a
normal scan is assured upon going to DISCONNECTED state after the
interface has been re-enabled. This mainly solves a long reconnect time
observed upon repeated kernel driver reloads, i.e., third reload
resulted in a scheduled scan.
Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-hostap: Arend van Spriel <arend@broadcom.com>
Jouni Malinen [Tue, 14 Jan 2014 21:31:23 +0000 (23:31 +0200)]
tests: Add some delay before wlantest operations
Since wlantest is a separate process that is not synchronized with rest
of the test components, there can be some latency in it having the STA
entries and counters updated. There is a race condition between this
happening and then test script clearing or fetching data. Make this race
condition less likely to cause bogus test failures by adding some wait
between these operations.
Jouni Malinen [Tue, 14 Jan 2014 21:37:15 +0000 (23:37 +0200)]
tests: Run dump_monitor() again if scan was pending
In addition to running the FLUSH command again, the pending monitor
interface events need be cleared in case the driver was running a scan
when reset() is called. This avoids issues, e.g., with discovery_dev_id
failing due to an unexpected P2P-DEVICE-FOUND event that was generated
by the pending scan operation that had not yet complete when the first
dump_monitor() call in reset() happened.
Sunil Dutt [Mon, 6 Jan 2014 13:06:13 +0000 (18:36 +0530)]
TDLS: Pass peer's Supported channel and oper class info during sta_add
The information of the peer's supported channel and operating class
is required for the driver to do TDLS off channel operations with a
compatible peer. Pass this information to the driver when the peer
station is getting added.
Johannes Berg [Tue, 14 Jan 2014 09:38:33 +0000 (10:38 +0100)]
hwsim tests: vm: read a config file from $HOME
The vm-config in the subdirectory is less useful as it
will get removed by "git clean" and similar, so read a
config file from ~/.wpas-vm-config in addition.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Mon, 13 Jan 2014 19:39:06 +0000 (21:39 +0200)]
P2P: Limit join-a-group scans based on SSID from invitation
If we already know the SSID of the P2P group we are trying to join, use
that SSID to limit scan responses and BSS selection since we do not
really look for any other network in this case. In addition, this can
fix cases where the peer has just changed its SSID (e.g., started a new
group) and there may be multiple BSS entries for the same BSSID.
Jouni Malinen [Mon, 13 Jan 2014 18:47:01 +0000 (20:47 +0200)]
tests: Double the connection timeout for EAP cases
It looks like slow virtual machines may have issues to complete some EAP
authentication cases (e.g., EAP-EKE in ap_ft_eap) within the 10 second
timeout under load. Double the timeout to avoid incorrect test failures.
Jouni Malinen [Mon, 13 Jan 2014 18:26:22 +0000 (20:26 +0200)]
tests: Clear data from ongoing scan on reset()
It was possible for the previous test case to leave unexpected BSS or
P2P peer table entries if a scan was in progress when the FLUSH command
was used. This could result in test failures, e.g., when running
discovery_dev_type_go followed by discovery_group_client where a P2P
peer was discovered on another channel at the end of the former test
case from a scan that was running durign the FLUSH operation that was
supposed to remove all P2P peers. This could result in
discovery_group_client failing due to dev[2] trying to send the
discoverability frame on incorrect channel (the one learned in the
previous test case) since discover_peer() skipped a new device
discovery. Fix this by running FLUSH operation again if a pending scan
operation is detected during the first FLUSH operation.
Jouni Malinen [Wed, 8 Jan 2014 14:14:30 +0000 (16:14 +0200)]
Clear configuration blobs on FLUSH command
All te network blocks and credentials were already cleared, but
configurations blobs should also be cleared here, e.g., to get
more consistent behavior test cases using EAP-FAST PACs.
Jouni Malinen [Wed, 8 Jan 2014 08:24:05 +0000 (10:24 +0200)]
Skip network disabling on expected EAP failure
Some EAP methods can go through a step that is expected to fail and as
such, should not trigger temporary network disabling when processing
EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as
a special case, but similar behavior is needed for EAP-FAST with
unauthenticated provisioning.
Jouni Malinen [Wed, 8 Jan 2014 08:22:51 +0000 (10:22 +0200)]
EAP-FAST peer: Make debug clearer on missing pac_file configuration
EAP-FAST requires pac_file to be configured, so make it clearer from the
debug output if missing configuration parameter was the reason for
EAP-FAST initialization failing.
Jouni Malinen [Tue, 7 Jan 2014 20:30:25 +0000 (22:30 +0200)]
EXT PW: Fix hash return in password fetching
The hash return buffer was previously left uninitialized in case
externally stored password ("password=ext:...") was used. This could
result in MSCHAPv2 failure if that uninitialized memory happened to be
something else than zero.
Jouni Malinen [Tue, 7 Jan 2014 18:14:53 +0000 (20:14 +0200)]
hostapd: Skip full AP configuration validation on SET command
It is possible for the configuration to be temporarily invalid when
adding a new AP through SET commands followed by ENABLE. Avoid this
issue by using less strict validation on SET commands and perform full
configuration validation only on ENABLE. Use cases with configuration
file maintain their previous behavior, i.e., full validation after the
file has been read.
Some drivers rely on the wait period for sending packets on the
off-channel. If the wait value is small, there's a race condition where
the driver ROC might complete before the packet was sent out. This
doesn't impede other drivers, as the wait is cancelled when a
Tx-completion arrives from the remote peer.
Eyal Shapira [Thu, 19 Dec 2013 10:03:29 +0000 (12:03 +0200)]
P2P: Cancel action frame offchan wait after recv GO Neg Conf
The missing call to scan_action_done() may keep us off-channel for 250
ms following sending GO Negotiation Response. In case the operating
channel is different from this channel and we're GO, a race could lead
to start beaconing while off-channel. This could potentially cause the
Beacon frames to go out on incorrect channel with some drivers.
Jouni Malinen [Tue, 7 Jan 2014 13:58:01 +0000 (15:58 +0200)]
bsd: Fix NULL pointer dereference on error path
The error path in bsd_init() on struct bsd_driver_data allocation was
jumping to location where drv is dereferenced. That will crash and it is
easier to just return from the function since no cleanup steps are
needed in this case.
Jouni Malinen [Tue, 7 Jan 2014 13:20:30 +0000 (15:20 +0200)]
tests: Make ap_wps_er_add_enrollee less likely to fail
WPS-ER-AP-REMOVE event from the ER is sent before HTTP UNSUBSCRIBE has
been completed. As such, it was possible for the following scan
validation step to be started before the AP has had a chance to react to
the ER status change. Makes this less likely to fail by waiting 200 ms
before starting the last scan.
Jouni Malinen [Mon, 6 Jan 2014 15:56:50 +0000 (17:56 +0200)]
P2P: Reject group formation on WPS provisioning failure
There is no need to wait for the 15 second group formation timeout to
clear the state if WPS failure is detected during P2P group formation.
Allow the WPS exchange steps (WSC_NACK and EAP-Failure) to be completed
and remove the group to get rid of the extra wait.
Jouni Malinen [Mon, 6 Jan 2014 15:54:16 +0000 (17:54 +0200)]
Fix TX status processing during AP mode shutdown in wpa_supplicant
A TX status event could be received after the AP interface has already
been deinitialized. This needs to check for NULL pointer before trying
to indicate the event to AP functions.
Jouni Malinen [Mon, 6 Jan 2014 05:53:37 +0000 (07:53 +0200)]
Interworking: Keep up to two pending GAS_REQUEST responses
Previously, only the last response data was kept in memory. This
increases that to hold up to two last responses to allow some more
parallel operations to be requested. In addition, the response data is
now freed as soon as the external program has fetched it.
nl80211: Move CS supported flag to wpa_driver_capa
Replace channel_switch_supported flag of the
wpa_driver_nl80211_data by WPA_DRIVER_FLAGS_AP_CSA inside
wpa_driver_capa.flags. It makes more sense and also can
be accessed by wpa_supplicant.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Jouni Malinen [Sun, 5 Jan 2014 19:50:34 +0000 (21:50 +0200)]
Add DRIVER-STATUS command for hostapd
This is just like the same command in wpa_supplicant, i.e., "hostapd_cli
status driver" can be used to fetch information about the driver status
and capabilities.
Jouni Malinen [Sun, 5 Jan 2014 16:32:24 +0000 (18:32 +0200)]
Remove PEAPv2 support
PEAPv2 implementation was not fully completed and there does not seem to
be any deployments of PEAPv2 nor any clear sign of such showing up in
the future either. As such, there is not much point in maintaining this
implementation in hostapd/wpa_supplicant.
Jouni Malinen [Sun, 5 Jan 2014 17:08:51 +0000 (19:08 +0200)]
EAP-pwd peer: Allow fragmentation limit to be configured
The standard fragment_size network parameter can now be used to
configure EAP-pwd fragmentation limit instead of always using the
hardcoded value of 1020.
Jouni Malinen [Sun, 5 Jan 2014 15:55:29 +0000 (17:55 +0200)]
EAP-IKEv2 peer: Allow fragmentation limit to be configured
The standard fragment_size network parameter can now be used to
configure EAP-IKEv2 fragmentation limit instead of always using the
hardcoded value of 1400.
Jouni Malinen [Sun, 5 Jan 2014 14:49:31 +0000 (16:49 +0200)]
tests: Allow multiple Enrollee events in ap_wps_er_add_enrollee_pbc
It was possible for the AP to report two enrollees in this test case
(i.e., both the expected wlan1 device and also the ER device on wlan0).
The previous test script would fail if the wlan0 device is reported
first. Fix this by allowed the expected target to be found in either the
first or the second WPS-ER-ENROLLEE-ADD event.
Jouni Malinen [Sun, 5 Jan 2014 14:42:48 +0000 (16:42 +0200)]
tests: Force p2p_find in p2p_service_discovery_fragmentation
It was possible for this test case to fail if P2P_FLUSH was issued
during a search scan and that scan adding back the peer. Avoid this by
forcing p2p_find to be started regardless of the current P2P peer table
contents for each round of service discovery.
Jouni Malinen [Sun, 5 Jan 2014 14:35:05 +0000 (16:35 +0200)]
tests: Make WPA2-Enterprise reauth test cases more robust
With the extra latencies removed from run-tests.py operations, it was
possible to hit race conditions in pairwise cipher configuration at the
end of the 4-way handshake. In some cases, the EAPOL-Start frame from
the station was not received by the AP and that could result in these
test cases failing. Since there are not really trying to test the race
condition, wait for the AP side to complete key configuration prior to
initiating the reauthentication sequence.
Jouni Malinen [Sun, 5 Jan 2014 14:09:43 +0000 (16:09 +0200)]
tests: Cleaner error processing for threads
When a thread is used to follow P2P group formation progress, it is
better to return a clear failure indication from the thread instead of
allowing an exception to be thrown from the thread.
Setting methodState = DONE for the case where GPSK-1 is found to be
invalid or incompatible allows EAP state machine to proceed to FAILURE
state instead of remaining stuck until AP times out the connection.
Jouni Malinen [Sun, 5 Jan 2014 12:17:08 +0000 (14:17 +0200)]
EAP-GPSK: Allow forced algorithm selection to be configured
phase1 parameter 'cipher' can now be used to specify which algorithm
proposal is selected, e.g., with phase1="cipher=1" selecting AES-based
design and cipher=2 SHA256-based. This is mainly for testing purposes,
but can also be used to enforce stronger algorithms to be used.
Jouni Malinen [Sun, 5 Jan 2014 12:13:50 +0000 (14:13 +0200)]
EAP peer: Improve failure reporting from METHOD with no eapRespData
One of the RFC 4137 state transitions (METHOD -> FAILURE) had been
forgotten and this could result in EAP peer method processing not
reporting failure immediately and instead, remain stuck waiting for the
connection to time out. Fix this by adding the methodState == DONE &&
decision == FAIL case to allow immediate reporting of failures.
The condition from RFC 4137 as-is would cause problems for number of the
existing EAP method implementations since they use that in places where
the final message before EAP-Failure should really be sent to the EAP
server (e.g., WSC_Done in EAP-WSC). Address this by includng eapRespData
== NULL as an additional constraint for entering FAILURE state directly
from METHOD.