3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
14 #ifdef CONFIG_MATCH_IFACE
17 #endif /* CONFIG_MATCH_IFACE */
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_common.h"
40 #include "common/ieee802_11_defs.h"
41 #include "common/hw_features_common.h"
42 #include "common/gas_server.h"
43 #include "common/dpp.h"
46 #include "blacklist.h"
47 #include "wpas_glue.h"
48 #include "wps_supplicant.h"
51 #include "gas_query.h"
53 #include "p2p_supplicant.h"
54 #include "wifi_display.h"
60 #include "offchannel.h"
61 #include "hs20_supplicant.h"
65 #include "dpp_supplicant.h"
67 #include "ap/ap_config.h"
68 #include "ap/hostapd.h"
69 #endif /* CONFIG_MESH */
71 const char *const wpa_supplicant_version
=
72 "wpa_supplicant v" VERSION_STR
"\n"
73 "Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
75 const char *const wpa_supplicant_license
=
76 "This software may be distributed under the terms of the BSD license.\n"
77 "See README for more details.\n"
78 #ifdef EAP_TLS_OPENSSL
79 "\nThis product includes software developed by the OpenSSL Project\n"
80 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
81 #endif /* EAP_TLS_OPENSSL */
84 #ifndef CONFIG_NO_STDOUT_DEBUG
85 /* Long text divided into parts in order to fit in C89 strings size limits. */
86 const char *const wpa_supplicant_full_license1
=
88 const char *const wpa_supplicant_full_license2
=
89 "This software may be distributed under the terms of the BSD license.\n"
91 "Redistribution and use in source and binary forms, with or without\n"
92 "modification, are permitted provided that the following conditions are\n"
95 const char *const wpa_supplicant_full_license3
=
96 "1. Redistributions of source code must retain the above copyright\n"
97 " notice, this list of conditions and the following disclaimer.\n"
99 "2. Redistributions in binary form must reproduce the above copyright\n"
100 " notice, this list of conditions and the following disclaimer in the\n"
101 " documentation and/or other materials provided with the distribution.\n"
103 const char *const wpa_supplicant_full_license4
=
104 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
105 " names of its contributors may be used to endorse or promote products\n"
106 " derived from this software without specific prior written permission.\n"
108 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
109 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
110 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
111 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
112 const char *const wpa_supplicant_full_license5
=
113 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
114 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
115 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
116 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
117 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
118 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
119 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
121 #endif /* CONFIG_NO_STDOUT_DEBUG */
124 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx
, void *timeout_ctx
);
125 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
126 static void wpas_update_fils_connect_params(struct wpa_supplicant
*wpa_s
);
127 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
129 static void wpas_update_owe_connect_params(struct wpa_supplicant
*wpa_s
);
130 #endif /* CONFIG_OWE */
134 /* Configure default/group WEP keys for static WEP */
135 int wpa_set_wep_keys(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
139 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
140 if (ssid
->wep_key_len
[i
] == 0)
144 wpa_drv_set_key(wpa_s
, WPA_ALG_WEP
, NULL
,
145 i
, i
== ssid
->wep_tx_keyidx
, NULL
, 0,
146 ssid
->wep_key
[i
], ssid
->wep_key_len
[i
],
147 i
== ssid
->wep_tx_keyidx
?
148 KEY_FLAG_GROUP_RX_TX_DEFAULT
:
149 KEY_FLAG_GROUP_RX_TX
);
154 #endif /* CONFIG_WEP */
157 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant
*wpa_s
,
158 struct wpa_ssid
*ssid
)
166 /* IBSS/WPA-None uses only one key (Group) for both receiving and
167 * sending unicast and multicast packets. */
169 if (ssid
->mode
!= WPAS_MODE_IBSS
) {
170 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Invalid mode %d (not "
171 "IBSS/ad-hoc) for WPA-None", ssid
->mode
);
175 if (!ssid
->psk_set
) {
176 wpa_msg(wpa_s
, MSG_INFO
, "WPA: No PSK configured for "
181 switch (wpa_s
->group_cipher
) {
182 case WPA_CIPHER_CCMP
:
183 os_memcpy(key
, ssid
->psk
, 16);
187 case WPA_CIPHER_GCMP
:
188 os_memcpy(key
, ssid
->psk
, 16);
192 case WPA_CIPHER_TKIP
:
193 /* WPA-None uses the same Michael MIC key for both TX and RX */
194 os_memcpy(key
, ssid
->psk
, 16 + 8);
195 os_memcpy(key
+ 16 + 8, ssid
->psk
+ 16, 8);
200 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Invalid group cipher %d for "
201 "WPA-None", wpa_s
->group_cipher
);
205 /* TODO: should actually remember the previously used seq#, both for TX
206 * and RX from each STA.. */
208 ret
= wpa_drv_set_key(wpa_s
, alg
, NULL
, 0, 1, seq
, 6, key
, keylen
,
209 KEY_FLAG_GROUP_RX_TX_DEFAULT
);
210 os_memset(key
, 0, sizeof(key
));
215 static void wpa_supplicant_timeout(void *eloop_ctx
, void *timeout_ctx
)
217 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
218 const u8
*bssid
= wpa_s
->bssid
;
219 if (!is_zero_ether_addr(wpa_s
->pending_bssid
) &&
220 (wpa_s
->wpa_state
== WPA_AUTHENTICATING
||
221 wpa_s
->wpa_state
== WPA_ASSOCIATING
))
222 bssid
= wpa_s
->pending_bssid
;
223 wpa_msg(wpa_s
, MSG_INFO
, "Authentication with " MACSTR
" timed out.",
225 wpa_blacklist_add(wpa_s
, bssid
);
226 wpa_sm_notify_disassoc(wpa_s
->wpa
);
227 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
228 wpa_s
->reassociate
= 1;
231 * If we timed out, the AP or the local radio may be busy.
232 * So, wait a second until scanning again.
234 wpa_supplicant_req_scan(wpa_s
, 1, 0);
239 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
240 * @wpa_s: Pointer to wpa_supplicant data
241 * @sec: Number of seconds after which to time out authentication
242 * @usec: Number of microseconds after which to time out authentication
244 * This function is used to schedule a timeout for the current authentication
247 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant
*wpa_s
,
250 if (wpa_s
->conf
->ap_scan
== 0 &&
251 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
))
254 wpa_dbg(wpa_s
, MSG_DEBUG
, "Setting authentication timeout: %d sec "
255 "%d usec", sec
, usec
);
256 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
257 wpa_s
->last_auth_timeout_sec
= sec
;
258 eloop_register_timeout(sec
, usec
, wpa_supplicant_timeout
, wpa_s
, NULL
);
263 * wpas_auth_timeout_restart - Restart and change timeout for authentication
264 * @wpa_s: Pointer to wpa_supplicant data
265 * @sec_diff: difference in seconds applied to original timeout value
267 void wpas_auth_timeout_restart(struct wpa_supplicant
*wpa_s
, int sec_diff
)
269 int new_sec
= wpa_s
->last_auth_timeout_sec
+ sec_diff
;
271 if (eloop_is_timeout_registered(wpa_supplicant_timeout
, wpa_s
, NULL
)) {
272 wpa_dbg(wpa_s
, MSG_DEBUG
,
273 "Authentication timeout restart: %d sec", new_sec
);
274 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
275 eloop_register_timeout(new_sec
, 0, wpa_supplicant_timeout
,
282 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
283 * @wpa_s: Pointer to wpa_supplicant data
285 * This function is used to cancel authentication timeout scheduled with
286 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
289 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant
*wpa_s
)
291 wpa_dbg(wpa_s
, MSG_DEBUG
, "Cancelling authentication timeout");
292 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
293 wpa_blacklist_del(wpa_s
, wpa_s
->bssid
);
294 os_free(wpa_s
->last_con_fail_realm
);
295 wpa_s
->last_con_fail_realm
= NULL
;
296 wpa_s
->last_con_fail_realm_len
= 0;
301 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
302 * @wpa_s: Pointer to wpa_supplicant data
304 * This function is used to configure EAPOL state machine based on the selected
305 * authentication mode.
307 void wpa_supplicant_initiate_eapol(struct wpa_supplicant
*wpa_s
)
309 #ifdef IEEE8021X_EAPOL
310 struct eapol_config eapol_conf
;
311 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
313 #ifdef CONFIG_IBSS_RSN
314 if (ssid
->mode
== WPAS_MODE_IBSS
&&
315 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_NONE
&&
316 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPA_NONE
) {
318 * RSN IBSS authentication is per-STA and we can disable the
319 * per-BSSID EAPOL authentication.
321 eapol_sm_notify_portControl(wpa_s
->eapol
, ForceAuthorized
);
322 eapol_sm_notify_eap_success(wpa_s
->eapol
, TRUE
);
323 eapol_sm_notify_eap_fail(wpa_s
->eapol
, FALSE
);
326 #endif /* CONFIG_IBSS_RSN */
328 eapol_sm_notify_eap_success(wpa_s
->eapol
, FALSE
);
329 eapol_sm_notify_eap_fail(wpa_s
->eapol
, FALSE
);
331 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
||
332 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
)
333 eapol_sm_notify_portControl(wpa_s
->eapol
, ForceAuthorized
);
335 eapol_sm_notify_portControl(wpa_s
->eapol
, Auto
);
337 os_memset(&eapol_conf
, 0, sizeof(eapol_conf
));
338 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
339 eapol_conf
.accept_802_1x_keys
= 1;
340 eapol_conf
.required_keys
= 0;
341 if (ssid
->eapol_flags
& EAPOL_FLAG_REQUIRE_KEY_UNICAST
) {
342 eapol_conf
.required_keys
|= EAPOL_REQUIRE_KEY_UNICAST
;
344 if (ssid
->eapol_flags
& EAPOL_FLAG_REQUIRE_KEY_BROADCAST
) {
345 eapol_conf
.required_keys
|=
346 EAPOL_REQUIRE_KEY_BROADCAST
;
349 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
)
350 eapol_conf
.required_keys
= 0;
352 eapol_conf
.fast_reauth
= wpa_s
->conf
->fast_reauth
;
353 eapol_conf
.workaround
= ssid
->eap_workaround
;
354 eapol_conf
.eap_disabled
=
355 !wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) &&
356 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X_NO_WPA
&&
357 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPS
;
358 eapol_conf
.external_sim
= wpa_s
->conf
->external_sim
;
361 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
362 eapol_conf
.wps
|= EAPOL_LOCAL_WPS_IN_USE
;
363 if (wpa_s
->current_bss
) {
365 ie
= wpa_bss_get_vendor_ie_multi(wpa_s
->current_bss
,
370 EAPOL_PEER_IS_WPS20_AP
;
375 #endif /* CONFIG_WPS */
377 eapol_sm_notify_config(wpa_s
->eapol
, &ssid
->eap
, &eapol_conf
);
380 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
&& ssid
->mka_psk_set
)
381 ieee802_1x_create_preshared_mka(wpa_s
, ssid
);
383 ieee802_1x_alloc_kay_sm(wpa_s
, ssid
);
384 #endif /* CONFIG_MACSEC */
385 #endif /* IEEE8021X_EAPOL */
390 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
391 * @wpa_s: Pointer to wpa_supplicant data
392 * @ssid: Configuration data for the network
394 * This function is used to configure WPA state machine and related parameters
395 * to a mode where WPA is not enabled. This is called as part of the
396 * authentication configuration when the selected network does not use WPA.
398 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant
*wpa_s
,
399 struct wpa_ssid
*ssid
)
403 #endif /* CONFIG_WEP */
405 if (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
)
406 wpa_s
->key_mgmt
= WPA_KEY_MGMT_WPS
;
407 else if (ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
)
408 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_NO_WPA
;
410 wpa_s
->key_mgmt
= WPA_KEY_MGMT_NONE
;
411 wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, NULL
, 0);
412 wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, NULL
, 0);
413 wpa_sm_set_ap_rsnxe(wpa_s
->wpa
, NULL
, 0);
414 wpa_sm_set_assoc_wpa_ie(wpa_s
->wpa
, NULL
, 0);
415 wpa_sm_set_assoc_rsnxe(wpa_s
->wpa
, NULL
, 0);
416 wpa_s
->rsnxe_len
= 0;
417 wpa_s
->pairwise_cipher
= WPA_CIPHER_NONE
;
418 wpa_s
->group_cipher
= WPA_CIPHER_NONE
;
419 wpa_s
->mgmt_group_cipher
= 0;
422 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
423 if (ssid
->wep_key_len
[i
] > 5) {
424 wpa_s
->pairwise_cipher
= WPA_CIPHER_WEP104
;
425 wpa_s
->group_cipher
= WPA_CIPHER_WEP104
;
427 } else if (ssid
->wep_key_len
[i
] > 0) {
428 wpa_s
->pairwise_cipher
= WPA_CIPHER_WEP40
;
429 wpa_s
->group_cipher
= WPA_CIPHER_WEP40
;
433 #endif /* CONFIG_WEP */
435 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_RSN_ENABLED
, 0);
436 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_KEY_MGMT
, wpa_s
->key_mgmt
);
437 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PAIRWISE
,
438 wpa_s
->pairwise_cipher
);
439 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_GROUP
, wpa_s
->group_cipher
);
440 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MGMT_GROUP
,
441 wpa_s
->mgmt_group_cipher
);
443 pmksa_cache_clear_current(wpa_s
->wpa
);
447 void free_hw_features(struct wpa_supplicant
*wpa_s
)
450 if (wpa_s
->hw
.modes
== NULL
)
453 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
454 os_free(wpa_s
->hw
.modes
[i
].channels
);
455 os_free(wpa_s
->hw
.modes
[i
].rates
);
458 os_free(wpa_s
->hw
.modes
);
459 wpa_s
->hw
.modes
= NULL
;
463 void free_bss_tmp_disallowed(struct wpa_supplicant
*wpa_s
)
465 struct wpa_bss_tmp_disallowed
*bss
, *prev
;
467 dl_list_for_each_safe(bss
, prev
, &wpa_s
->bss_tmp_disallowed
,
468 struct wpa_bss_tmp_disallowed
, list
) {
469 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout
, wpa_s
, bss
);
470 dl_list_del(&bss
->list
);
476 void wpas_flush_fils_hlp_req(struct wpa_supplicant
*wpa_s
)
478 struct fils_hlp_req
*req
;
480 while ((req
= dl_list_first(&wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
482 dl_list_del(&req
->list
);
483 wpabuf_free(req
->pkt
);
489 void wpas_clear_disabled_interface(void *eloop_ctx
, void *timeout_ctx
)
491 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
493 if (wpa_s
->wpa_state
!= WPA_INTERFACE_DISABLED
)
495 wpa_dbg(wpa_s
, MSG_DEBUG
, "Clear cached state on disabled interface");
496 wpa_bss_flush(wpa_s
);
500 #ifdef CONFIG_TESTING_OPTIONS
501 void wpas_clear_driver_signal_override(struct wpa_supplicant
*wpa_s
)
503 struct driver_signal_override
*dso
;
505 while ((dso
= dl_list_first(&wpa_s
->drv_signal_override
,
506 struct driver_signal_override
, list
))) {
507 dl_list_del(&dso
->list
);
511 #endif /* CONFIG_TESTING_OPTIONS */
514 static void wpa_supplicant_cleanup(struct wpa_supplicant
*wpa_s
)
518 bgscan_deinit(wpa_s
);
519 autoscan_deinit(wpa_s
);
520 scard_deinit(wpa_s
->scard
);
522 wpa_sm_set_scard_ctx(wpa_s
->wpa
, NULL
);
523 eapol_sm_register_scard_ctx(wpa_s
->eapol
, NULL
);
524 l2_packet_deinit(wpa_s
->l2
);
527 l2_packet_deinit(wpa_s
->l2_br
);
530 #ifdef CONFIG_TESTING_OPTIONS
531 l2_packet_deinit(wpa_s
->l2_test
);
532 wpa_s
->l2_test
= NULL
;
533 os_free(wpa_s
->get_pref_freq_list_override
);
534 wpa_s
->get_pref_freq_list_override
= NULL
;
535 wpabuf_free(wpa_s
->last_assoc_req_wpa_ie
);
536 wpa_s
->last_assoc_req_wpa_ie
= NULL
;
537 os_free(wpa_s
->extra_sae_rejected_groups
);
538 wpa_s
->extra_sae_rejected_groups
= NULL
;
539 wpabuf_free(wpa_s
->rsne_override_eapol
);
540 wpa_s
->rsne_override_eapol
= NULL
;
541 wpabuf_free(wpa_s
->rsnxe_override_assoc
);
542 wpa_s
->rsnxe_override_assoc
= NULL
;
543 wpabuf_free(wpa_s
->rsnxe_override_eapol
);
544 wpa_s
->rsnxe_override_eapol
= NULL
;
545 wpas_clear_driver_signal_override(wpa_s
);
546 #endif /* CONFIG_TESTING_OPTIONS */
548 if (wpa_s
->conf
!= NULL
) {
549 struct wpa_ssid
*ssid
;
550 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
551 wpas_notify_network_removed(wpa_s
, ssid
);
554 os_free(wpa_s
->confname
);
555 wpa_s
->confname
= NULL
;
557 os_free(wpa_s
->confanother
);
558 wpa_s
->confanother
= NULL
;
560 os_free(wpa_s
->last_con_fail_realm
);
561 wpa_s
->last_con_fail_realm
= NULL
;
562 wpa_s
->last_con_fail_realm_len
= 0;
564 wpa_sm_set_eapol(wpa_s
->wpa
, NULL
);
565 eapol_sm_deinit(wpa_s
->eapol
);
568 rsn_preauth_deinit(wpa_s
->wpa
);
571 wpa_tdls_deinit(wpa_s
->wpa
);
572 #endif /* CONFIG_TDLS */
574 wmm_ac_clear_saved_tspecs(wpa_s
);
575 pmksa_candidate_free(wpa_s
->wpa
);
576 wpa_sm_deinit(wpa_s
->wpa
);
578 wpa_blacklist_clear(wpa_s
);
580 wpa_bss_deinit(wpa_s
);
582 wpa_supplicant_cancel_delayed_sched_scan(wpa_s
);
583 wpa_supplicant_cancel_scan(wpa_s
);
584 wpa_supplicant_cancel_auth_timeout(wpa_s
);
585 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures
, wpa_s
, NULL
);
586 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
587 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report
,
589 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
591 eloop_cancel_timeout(wpas_network_reenabled
, wpa_s
, NULL
);
592 eloop_cancel_timeout(wpas_clear_disabled_interface
, wpa_s
, NULL
);
594 wpas_wps_deinit(wpa_s
);
596 wpabuf_free(wpa_s
->pending_eapol_rx
);
597 wpa_s
->pending_eapol_rx
= NULL
;
599 #ifdef CONFIG_IBSS_RSN
600 ibss_rsn_deinit(wpa_s
->ibss_rsn
);
601 wpa_s
->ibss_rsn
= NULL
;
602 #endif /* CONFIG_IBSS_RSN */
607 wpa_supplicant_ap_deinit(wpa_s
);
608 #endif /* CONFIG_AP */
610 wpas_p2p_deinit(wpa_s
);
612 #ifdef CONFIG_OFFCHANNEL
613 offchannel_deinit(wpa_s
);
614 #endif /* CONFIG_OFFCHANNEL */
616 wpa_supplicant_cancel_sched_scan(wpa_s
);
618 os_free(wpa_s
->next_scan_freqs
);
619 wpa_s
->next_scan_freqs
= NULL
;
621 os_free(wpa_s
->manual_scan_freqs
);
622 wpa_s
->manual_scan_freqs
= NULL
;
623 os_free(wpa_s
->select_network_scan_freqs
);
624 wpa_s
->select_network_scan_freqs
= NULL
;
626 os_free(wpa_s
->manual_sched_scan_freqs
);
627 wpa_s
->manual_sched_scan_freqs
= NULL
;
629 wpas_mac_addr_rand_scan_clear(wpa_s
, MAC_ADDR_RAND_ALL
);
632 * Need to remove any pending gas-query radio work before the
633 * gas_query_deinit() call because gas_query::work has not yet been set
634 * for works that have not been started. gas_query_free() will be unable
635 * to cancel such pending radio works and once the pending gas-query
636 * radio work eventually gets removed, the deinit notification call to
637 * gas_query_start_cb() would result in dereferencing freed memory.
640 radio_remove_works(wpa_s
, "gas-query", 0);
641 gas_query_deinit(wpa_s
->gas
);
643 gas_server_deinit(wpa_s
->gas_server
);
644 wpa_s
->gas_server
= NULL
;
646 free_hw_features(wpa_s
);
648 ieee802_1x_dealloc_kay_sm(wpa_s
);
650 os_free(wpa_s
->bssid_filter
);
651 wpa_s
->bssid_filter
= NULL
;
653 os_free(wpa_s
->disallow_aps_bssid
);
654 wpa_s
->disallow_aps_bssid
= NULL
;
655 os_free(wpa_s
->disallow_aps_ssid
);
656 wpa_s
->disallow_aps_ssid
= NULL
;
658 wnm_bss_keep_alive_deinit(wpa_s
);
660 wnm_deallocate_memory(wpa_s
);
661 #endif /* CONFIG_WNM */
663 ext_password_deinit(wpa_s
->ext_pw
);
664 wpa_s
->ext_pw
= NULL
;
666 wpabuf_free(wpa_s
->last_gas_resp
);
667 wpa_s
->last_gas_resp
= NULL
;
668 wpabuf_free(wpa_s
->prev_gas_resp
);
669 wpa_s
->prev_gas_resp
= NULL
;
671 os_free(wpa_s
->last_scan_res
);
672 wpa_s
->last_scan_res
= NULL
;
676 wpa_drv_configure_frame_filters(wpa_s
, 0);
678 #endif /* CONFIG_HS20 */
680 for (i
= 0; i
< NUM_VENDOR_ELEM_FRAMES
; i
++) {
681 wpabuf_free(wpa_s
->vendor_elem
[i
]);
682 wpa_s
->vendor_elem
[i
] = NULL
;
685 wmm_ac_notify_disassoc(wpa_s
);
687 wpa_s
->sched_scan_plans_num
= 0;
688 os_free(wpa_s
->sched_scan_plans
);
689 wpa_s
->sched_scan_plans
= NULL
;
692 wpa_s
->non_pref_chan_num
= 0;
693 os_free(wpa_s
->non_pref_chan
);
694 wpa_s
->non_pref_chan
= NULL
;
695 #endif /* CONFIG_MBO */
697 free_bss_tmp_disallowed(wpa_s
);
699 wpabuf_free(wpa_s
->lci
);
701 wpas_clear_beacon_rep_data(wpa_s
);
703 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
706 struct external_pmksa_cache
*entry
;
708 while ((entry
= dl_list_last(&wpa_s
->mesh_external_pmksa_cache
,
709 struct external_pmksa_cache
,
711 dl_list_del(&entry
->list
);
712 os_free(entry
->pmksa_cache
);
716 #endif /* CONFIG_MESH */
717 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
719 wpas_flush_fils_hlp_req(wpa_s
);
721 wpabuf_free(wpa_s
->ric_ies
);
722 wpa_s
->ric_ies
= NULL
;
725 wpas_dpp_deinit(wpa_s
);
726 dpp_global_deinit(wpa_s
->dpp
);
728 #endif /* CONFIG_DPP */
733 * wpa_clear_keys - Clear keys configured for the driver
734 * @wpa_s: Pointer to wpa_supplicant data
735 * @addr: Previously used BSSID or %NULL if not available
737 * This function clears the encryption keys that has been previously configured
740 void wpa_clear_keys(struct wpa_supplicant
*wpa_s
, const u8
*addr
)
744 /* MLME-DELETEKEYS.request */
745 for (i
= 0; i
< max
; i
++) {
746 if (wpa_s
->keys_cleared
& BIT(i
))
748 wpa_drv_set_key(wpa_s
, WPA_ALG_NONE
, NULL
, i
, 0, NULL
, 0,
749 NULL
, 0, KEY_FLAG_GROUP
);
751 if (!(wpa_s
->keys_cleared
& BIT(0)) && addr
&&
752 !is_zero_ether_addr(addr
)) {
753 wpa_drv_set_key(wpa_s
, WPA_ALG_NONE
, addr
, 0, 0, NULL
, 0, NULL
,
754 0, KEY_FLAG_PAIRWISE
);
755 /* MLME-SETPROTECTION.request(None) */
756 wpa_drv_mlme_setprotection(
758 MLME_SETPROTECTION_PROTECT_TYPE_NONE
,
759 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE
);
761 wpa_s
->keys_cleared
= (u32
) -1;
766 * wpa_supplicant_state_txt - Get the connection state name as a text string
767 * @state: State (wpa_state; WPA_*)
768 * Returns: The state name as a printable text string
770 const char * wpa_supplicant_state_txt(enum wpa_states state
)
773 case WPA_DISCONNECTED
:
774 return "DISCONNECTED";
777 case WPA_INTERFACE_DISABLED
:
778 return "INTERFACE_DISABLED";
781 case WPA_AUTHENTICATING
:
782 return "AUTHENTICATING";
783 case WPA_ASSOCIATING
:
784 return "ASSOCIATING";
787 case WPA_4WAY_HANDSHAKE
:
788 return "4WAY_HANDSHAKE";
789 case WPA_GROUP_HANDSHAKE
:
790 return "GROUP_HANDSHAKE";
801 static void wpa_supplicant_start_bgscan(struct wpa_supplicant
*wpa_s
)
805 if (wpa_s
->current_ssid
&& wpa_s
->current_ssid
->bgscan
)
806 name
= wpa_s
->current_ssid
->bgscan
;
808 name
= wpa_s
->conf
->bgscan
;
809 if (name
== NULL
|| name
[0] == '\0')
811 if (wpas_driver_bss_selection(wpa_s
))
813 if (wpa_s
->current_ssid
== wpa_s
->bgscan_ssid
)
816 if (wpa_s
->p2p_group_interface
!= NOT_P2P_GROUP_INTERFACE
)
818 #endif /* CONFIG_P2P */
820 bgscan_deinit(wpa_s
);
821 if (wpa_s
->current_ssid
) {
822 if (bgscan_init(wpa_s
, wpa_s
->current_ssid
, name
)) {
823 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize "
826 * Live without bgscan; it is only used as a roaming
827 * optimization, so the initial connection is not
831 struct wpa_scan_results
*scan_res
;
832 wpa_s
->bgscan_ssid
= wpa_s
->current_ssid
;
833 scan_res
= wpa_supplicant_get_scan_results(wpa_s
, NULL
,
836 bgscan_notify_scan(wpa_s
, scan_res
);
837 wpa_scan_results_free(scan_res
);
841 wpa_s
->bgscan_ssid
= NULL
;
845 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant
*wpa_s
)
847 if (wpa_s
->bgscan_ssid
!= NULL
) {
848 bgscan_deinit(wpa_s
);
849 wpa_s
->bgscan_ssid
= NULL
;
853 #endif /* CONFIG_BGSCAN */
856 static void wpa_supplicant_start_autoscan(struct wpa_supplicant
*wpa_s
)
858 if (autoscan_init(wpa_s
, 0))
859 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize autoscan");
863 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant
*wpa_s
)
865 autoscan_deinit(wpa_s
);
869 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant
*wpa_s
)
871 if (wpa_s
->wpa_state
== WPA_DISCONNECTED
||
872 wpa_s
->wpa_state
== WPA_SCANNING
) {
873 autoscan_deinit(wpa_s
);
874 wpa_supplicant_start_autoscan(wpa_s
);
880 * wpa_supplicant_set_state - Set current connection state
881 * @wpa_s: Pointer to wpa_supplicant data
882 * @state: The new connection state
884 * This function is called whenever the connection state changes, e.g.,
885 * association is completed for WPA/WPA2 4-Way Handshake is started.
887 void wpa_supplicant_set_state(struct wpa_supplicant
*wpa_s
,
888 enum wpa_states state
)
890 enum wpa_states old_state
= wpa_s
->wpa_state
;
891 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
892 Boolean update_fils_connect_params
= FALSE
;
893 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
895 wpa_dbg(wpa_s
, MSG_DEBUG
, "State: %s -> %s",
896 wpa_supplicant_state_txt(wpa_s
->wpa_state
),
897 wpa_supplicant_state_txt(state
));
899 if (state
== WPA_COMPLETED
&&
900 os_reltime_initialized(&wpa_s
->roam_start
)) {
901 os_reltime_age(&wpa_s
->roam_start
, &wpa_s
->roam_time
);
902 wpa_s
->roam_start
.sec
= 0;
903 wpa_s
->roam_start
.usec
= 0;
904 wpas_notify_auth_changed(wpa_s
);
905 wpas_notify_roam_time(wpa_s
);
906 wpas_notify_roam_complete(wpa_s
);
907 } else if (state
== WPA_DISCONNECTED
&&
908 os_reltime_initialized(&wpa_s
->roam_start
)) {
909 wpa_s
->roam_start
.sec
= 0;
910 wpa_s
->roam_start
.usec
= 0;
911 wpa_s
->roam_time
.sec
= 0;
912 wpa_s
->roam_time
.usec
= 0;
913 wpas_notify_roam_complete(wpa_s
);
916 if (state
== WPA_INTERFACE_DISABLED
) {
917 /* Assure normal scan when interface is restored */
918 wpa_s
->normal_scans
= 0;
921 if (state
== WPA_COMPLETED
) {
922 wpas_connect_work_done(wpa_s
);
923 /* Reinitialize normal_scan counter */
924 wpa_s
->normal_scans
= 0;
929 * P2PS client has to reply to Probe Request frames received on the
930 * group operating channel. Enable Probe Request frame reporting for
931 * P2P connected client in case p2p_cli_probe configuration property is
934 if (wpa_s
->conf
->p2p_cli_probe
&& wpa_s
->current_ssid
&&
935 wpa_s
->current_ssid
->mode
== WPAS_MODE_INFRA
&&
936 wpa_s
->current_ssid
->p2p_group
) {
937 if (state
== WPA_COMPLETED
&& !wpa_s
->p2p_cli_probe
) {
938 wpa_dbg(wpa_s
, MSG_DEBUG
,
939 "P2P: Enable CLI Probe Request RX reporting");
940 wpa_s
->p2p_cli_probe
=
941 wpa_drv_probe_req_report(wpa_s
, 1) >= 0;
942 } else if (state
!= WPA_COMPLETED
&& wpa_s
->p2p_cli_probe
) {
943 wpa_dbg(wpa_s
, MSG_DEBUG
,
944 "P2P: Disable CLI Probe Request RX reporting");
945 wpa_s
->p2p_cli_probe
= 0;
946 wpa_drv_probe_req_report(wpa_s
, 0);
949 #endif /* CONFIG_P2P */
951 if (state
!= WPA_SCANNING
)
952 wpa_supplicant_notify_scanning(wpa_s
, 0);
954 if (state
== WPA_COMPLETED
&& wpa_s
->new_connection
) {
955 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
956 int fils_hlp_sent
= 0;
959 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
960 wpa_auth_alg_fils(wpa_s
->sme
.auth_alg
))
962 #endif /* CONFIG_SME */
963 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
964 wpa_auth_alg_fils(wpa_s
->auth_alg
))
967 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
968 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_CONNECTED
"- Connection to "
969 MACSTR
" completed [id=%d id_str=%s%s]",
970 MAC2STR(wpa_s
->bssid
),
971 ssid
? ssid
->id
: -1,
972 ssid
&& ssid
->id_str
? ssid
->id_str
: "",
973 fils_hlp_sent
? " FILS_HLP_SENT" : "");
974 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
975 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
976 wpa_blacklist_clear(wpa_s
);
977 wpa_s
->extra_blacklist_count
= 0;
978 wpa_s
->new_connection
= 0;
979 wpa_drv_set_operstate(wpa_s
, 1);
980 #ifndef IEEE8021X_EAPOL
981 wpa_drv_set_supp_port(wpa_s
, 1);
982 #endif /* IEEE8021X_EAPOL */
983 wpa_s
->after_wps
= 0;
984 wpa_s
->known_wps_freq
= 0;
985 wpas_p2p_completed(wpa_s
);
987 sme_sched_obss_scan(wpa_s
, 1);
989 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
990 if (!fils_hlp_sent
&& ssid
&& ssid
->eap
.erp
)
991 update_fils_connect_params
= TRUE
;
992 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
994 if (ssid
&& (ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
))
995 wpas_update_owe_connect_params(wpa_s
);
996 #endif /* CONFIG_OWE */
997 } else if (state
== WPA_DISCONNECTED
|| state
== WPA_ASSOCIATING
||
998 state
== WPA_ASSOCIATED
) {
999 wpa_s
->new_connection
= 1;
1000 wpa_drv_set_operstate(wpa_s
, 0);
1001 #ifndef IEEE8021X_EAPOL
1002 wpa_drv_set_supp_port(wpa_s
, 0);
1003 #endif /* IEEE8021X_EAPOL */
1004 sme_sched_obss_scan(wpa_s
, 0);
1006 wpa_s
->wpa_state
= state
;
1008 #ifdef CONFIG_BGSCAN
1009 if (state
== WPA_COMPLETED
)
1010 wpa_supplicant_start_bgscan(wpa_s
);
1011 else if (state
< WPA_ASSOCIATED
)
1012 wpa_supplicant_stop_bgscan(wpa_s
);
1013 #endif /* CONFIG_BGSCAN */
1015 if (state
> WPA_SCANNING
)
1016 wpa_supplicant_stop_autoscan(wpa_s
);
1018 if (state
== WPA_DISCONNECTED
|| state
== WPA_INACTIVE
)
1019 wpa_supplicant_start_autoscan(wpa_s
);
1021 if (old_state
>= WPA_ASSOCIATED
&& wpa_s
->wpa_state
< WPA_ASSOCIATED
)
1022 wmm_ac_notify_disassoc(wpa_s
);
1024 if (wpa_s
->wpa_state
!= old_state
) {
1025 wpas_notify_state_changed(wpa_s
, wpa_s
->wpa_state
, old_state
);
1028 * Notify the P2P Device interface about a state change in one
1029 * of the interfaces.
1031 wpas_p2p_indicate_state_change(wpa_s
);
1033 if (wpa_s
->wpa_state
== WPA_COMPLETED
||
1034 old_state
== WPA_COMPLETED
)
1035 wpas_notify_auth_changed(wpa_s
);
1037 if (wpa_s
->wpa_state
== WPA_COMPLETED
)
1038 wpas_dpp_connected(wpa_s
);
1039 #endif /* CONFIG_DPP2 */
1041 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
1042 if (update_fils_connect_params
)
1043 wpas_update_fils_connect_params(wpa_s
);
1044 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
1048 void wpa_supplicant_terminate_proc(struct wpa_global
*global
)
1052 struct wpa_supplicant
*wpa_s
= global
->ifaces
;
1054 struct wpa_supplicant
*next
= wpa_s
->next
;
1055 if (wpas_wps_terminate_pending(wpa_s
) == 1)
1058 if (wpa_s
->p2p_group_interface
!= NOT_P2P_GROUP_INTERFACE
||
1059 (wpa_s
->current_ssid
&& wpa_s
->current_ssid
->p2p_group
))
1060 wpas_p2p_disconnect(wpa_s
);
1061 #endif /* CONFIG_P2P */
1064 #endif /* CONFIG_WPS */
1071 static void wpa_supplicant_terminate(int sig
, void *signal_ctx
)
1073 struct wpa_global
*global
= signal_ctx
;
1074 wpa_supplicant_terminate_proc(global
);
1078 void wpa_supplicant_clear_status(struct wpa_supplicant
*wpa_s
)
1080 enum wpa_states old_state
= wpa_s
->wpa_state
;
1082 wpa_s
->pairwise_cipher
= 0;
1083 wpa_s
->group_cipher
= 0;
1084 wpa_s
->mgmt_group_cipher
= 0;
1085 wpa_s
->key_mgmt
= 0;
1086 if (wpa_s
->wpa_state
!= WPA_INTERFACE_DISABLED
)
1087 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
1089 if (wpa_s
->wpa_state
!= old_state
)
1090 wpas_notify_state_changed(wpa_s
, wpa_s
->wpa_state
, old_state
);
1095 * wpa_supplicant_reload_configuration - Reload configuration data
1096 * @wpa_s: Pointer to wpa_supplicant data
1097 * Returns: 0 on success or -1 if configuration parsing failed
1099 * This function can be used to request that the configuration data is reloaded
1100 * (e.g., after configuration file change). This function is reloading
1101 * configuration only for one interface, so this may need to be called multiple
1102 * times if %wpa_supplicant is controlling multiple interfaces and all
1103 * interfaces need reconfiguration.
1105 int wpa_supplicant_reload_configuration(struct wpa_supplicant
*wpa_s
)
1107 struct wpa_config
*conf
;
1111 if (wpa_s
->confname
== NULL
)
1113 conf
= wpa_config_read(wpa_s
->confname
, NULL
);
1115 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to parse the configuration "
1116 "file '%s' - exiting", wpa_s
->confname
);
1119 if (wpa_s
->confanother
&&
1120 !wpa_config_read(wpa_s
->confanother
, conf
)) {
1121 wpa_msg(wpa_s
, MSG_ERROR
,
1122 "Failed to parse the configuration file '%s' - exiting",
1123 wpa_s
->confanother
);
1127 conf
->changed_parameters
= (unsigned int) -1;
1129 reconf_ctrl
= !!conf
->ctrl_interface
!= !!wpa_s
->conf
->ctrl_interface
1130 || (conf
->ctrl_interface
&& wpa_s
->conf
->ctrl_interface
&&
1131 os_strcmp(conf
->ctrl_interface
,
1132 wpa_s
->conf
->ctrl_interface
) != 0);
1134 if (reconf_ctrl
&& wpa_s
->ctrl_iface
) {
1135 wpa_supplicant_ctrl_iface_deinit(wpa_s
->ctrl_iface
);
1136 wpa_s
->ctrl_iface
= NULL
;
1139 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
1140 if (wpa_s
->current_ssid
) {
1141 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
1142 wpa_s
->own_disconnect_req
= 1;
1143 wpa_supplicant_deauthenticate(wpa_s
,
1144 WLAN_REASON_DEAUTH_LEAVING
);
1148 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1149 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1151 if (wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
1152 wpa_s
->key_mgmt
== WPA_KEY_MGMT_OWE
||
1153 wpa_s
->key_mgmt
== WPA_KEY_MGMT_DPP
) {
1155 * Clear forced success to clear EAP state for next
1158 eapol_sm_notify_eap_success(wpa_s
->eapol
, FALSE
);
1160 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
1161 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
1162 wpa_sm_pmksa_cache_flush(wpa_s
->wpa
, NULL
);
1163 wpa_sm_set_fast_reauth(wpa_s
->wpa
, wpa_s
->conf
->fast_reauth
);
1164 rsn_preauth_deinit(wpa_s
->wpa
);
1166 old_ap_scan
= wpa_s
->conf
->ap_scan
;
1167 wpa_config_free(wpa_s
->conf
);
1169 if (old_ap_scan
!= wpa_s
->conf
->ap_scan
)
1170 wpas_notify_ap_scan_changed(wpa_s
);
1173 wpa_s
->ctrl_iface
= wpa_supplicant_ctrl_iface_init(wpa_s
);
1175 wpa_supplicant_update_config(wpa_s
);
1177 wpa_supplicant_clear_status(wpa_s
);
1178 if (wpa_supplicant_enabled_networks(wpa_s
)) {
1179 wpa_s
->reassociate
= 1;
1180 wpa_supplicant_req_scan(wpa_s
, 0, 0);
1182 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reconfiguration completed");
1187 static void wpa_supplicant_reconfig(int sig
, void *signal_ctx
)
1189 struct wpa_global
*global
= signal_ctx
;
1190 struct wpa_supplicant
*wpa_s
;
1191 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
1192 wpa_dbg(wpa_s
, MSG_DEBUG
, "Signal %d received - reconfiguring",
1194 if (wpa_supplicant_reload_configuration(wpa_s
) < 0) {
1195 wpa_supplicant_terminate_proc(global
);
1199 if (wpa_debug_reopen_file() < 0) {
1200 /* Ignore errors since we cannot really do much to fix this */
1201 wpa_printf(MSG_DEBUG
, "Could not reopen debug log file");
1206 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant
*wpa_s
,
1207 struct wpa_ssid
*ssid
,
1208 struct wpa_ie_data
*ie
)
1210 int ret
= wpa_sm_parse_own_wpa_ie(wpa_s
->wpa
, ie
);
1213 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Failed to parse WPA IE "
1214 "from association info");
1219 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Using WPA IE from AssocReq to set "
1221 if (!(ie
->group_cipher
& ssid
->group_cipher
)) {
1222 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled group "
1223 "cipher 0x%x (mask 0x%x) - reject",
1224 ie
->group_cipher
, ssid
->group_cipher
);
1227 if (!(ie
->pairwise_cipher
& ssid
->pairwise_cipher
)) {
1228 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled pairwise "
1229 "cipher 0x%x (mask 0x%x) - reject",
1230 ie
->pairwise_cipher
, ssid
->pairwise_cipher
);
1233 if (!(ie
->key_mgmt
& ssid
->key_mgmt
)) {
1234 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled key "
1235 "management 0x%x (mask 0x%x) - reject",
1236 ie
->key_mgmt
, ssid
->key_mgmt
);
1240 if (!(ie
->capabilities
& WPA_CAPABILITY_MFPC
) &&
1241 wpas_get_ssid_pmf(wpa_s
, ssid
) == MGMT_FRAME_PROTECTION_REQUIRED
) {
1242 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver associated with an AP "
1243 "that does not support management frame protection - "
1252 static int matching_ciphers(struct wpa_ssid
*ssid
, struct wpa_ie_data
*ie
,
1256 ie
->group_cipher
= wpa_default_rsn_cipher(freq
);
1257 if (!ie
->has_pairwise
)
1258 ie
->pairwise_cipher
= wpa_default_rsn_cipher(freq
);
1259 return (ie
->group_cipher
& ssid
->group_cipher
) &&
1260 (ie
->pairwise_cipher
& ssid
->pairwise_cipher
);
1265 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1266 * @wpa_s: Pointer to wpa_supplicant data
1267 * @bss: Scan results for the selected BSS, or %NULL if not available
1268 * @ssid: Configuration data for the selected network
1269 * @wpa_ie: Buffer for the WPA/RSN IE
1270 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1271 * used buffer length in case the functions returns success.
1272 * Returns: 0 on success or -1 on failure
1274 * This function is used to configure authentication and encryption parameters
1275 * based on the network configuration and scan result for the selected BSS (if
1278 int wpa_supplicant_set_suites(struct wpa_supplicant
*wpa_s
,
1279 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
,
1280 u8
*wpa_ie
, size_t *wpa_ie_len
)
1282 struct wpa_ie_data ie
;
1283 int sel
, proto
, sae_pwe
;
1284 const u8
*bss_wpa
, *bss_rsn
, *bss_rsnx
, *bss_osen
;
1287 bss_wpa
= wpa_bss_get_vendor_ie(bss
, WPA_IE_VENDOR_TYPE
);
1288 bss_rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
1289 bss_rsnx
= wpa_bss_get_ie(bss
, WLAN_EID_RSNX
);
1290 bss_osen
= wpa_bss_get_vendor_ie(bss
, OSEN_IE_VENDOR_TYPE
);
1292 bss_wpa
= bss_rsn
= bss_rsnx
= bss_osen
= NULL
;
1295 if (bss_rsn
&& (ssid
->proto
& WPA_PROTO_RSN
) &&
1296 wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
) == 0 &&
1297 matching_ciphers(ssid
, &ie
, bss
->freq
) &&
1298 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1299 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using IEEE 802.11i/D9.0");
1300 proto
= WPA_PROTO_RSN
;
1301 } else if (bss_wpa
&& (ssid
->proto
& WPA_PROTO_WPA
) &&
1302 wpa_parse_wpa_ie(bss_wpa
, 2 + bss_wpa
[1], &ie
) == 0 &&
1303 (ie
.group_cipher
& ssid
->group_cipher
) &&
1304 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1305 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1306 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using IEEE 802.11i/D3.0");
1307 proto
= WPA_PROTO_WPA
;
1309 } else if (bss_osen
&& (ssid
->proto
& WPA_PROTO_OSEN
) &&
1310 wpa_parse_wpa_ie(bss_osen
, 2 + bss_osen
[1], &ie
) == 0 &&
1311 (ie
.group_cipher
& ssid
->group_cipher
) &&
1312 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1313 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1314 wpa_dbg(wpa_s
, MSG_DEBUG
, "HS 2.0: using OSEN");
1315 proto
= WPA_PROTO_OSEN
;
1316 } else if (bss_rsn
&& (ssid
->proto
& WPA_PROTO_OSEN
) &&
1317 wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
) == 0 &&
1318 (ie
.group_cipher
& ssid
->group_cipher
) &&
1319 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1320 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1321 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using OSEN (within RSN)");
1322 proto
= WPA_PROTO_RSN
;
1323 #endif /* CONFIG_HS20 */
1325 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select WPA/RSN");
1326 wpa_dbg(wpa_s
, MSG_DEBUG
,
1327 "WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1328 ssid
->proto
, ssid
->pairwise_cipher
, ssid
->group_cipher
,
1330 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: BSS " MACSTR
" ssid='%s'%s%s%s",
1331 MAC2STR(bss
->bssid
),
1332 wpa_ssid_txt(bss
->ssid
, bss
->ssid_len
),
1333 bss_wpa
? " WPA" : "",
1334 bss_rsn
? " RSN" : "",
1335 bss_osen
? " OSEN" : "");
1337 wpa_hexdump(MSG_DEBUG
, "RSN", bss_rsn
, 2 + bss_rsn
[1]);
1338 if (wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
)) {
1339 wpa_dbg(wpa_s
, MSG_DEBUG
,
1340 "Could not parse RSN element");
1342 wpa_dbg(wpa_s
, MSG_DEBUG
,
1343 "RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1344 ie
.pairwise_cipher
, ie
.group_cipher
,
1349 wpa_hexdump(MSG_DEBUG
, "WPA", bss_wpa
, 2 + bss_wpa
[1]);
1350 if (wpa_parse_wpa_ie(bss_wpa
, 2 + bss_wpa
[1], &ie
)) {
1351 wpa_dbg(wpa_s
, MSG_DEBUG
,
1352 "Could not parse WPA element");
1354 wpa_dbg(wpa_s
, MSG_DEBUG
,
1355 "WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1356 ie
.pairwise_cipher
, ie
.group_cipher
,
1362 if (ssid
->proto
& WPA_PROTO_OSEN
)
1363 proto
= WPA_PROTO_OSEN
;
1364 else if (ssid
->proto
& WPA_PROTO_RSN
)
1365 proto
= WPA_PROTO_RSN
;
1367 proto
= WPA_PROTO_WPA
;
1368 if (wpa_supplicant_suites_from_ai(wpa_s
, ssid
, &ie
) < 0) {
1369 os_memset(&ie
, 0, sizeof(ie
));
1370 ie
.group_cipher
= ssid
->group_cipher
;
1371 ie
.pairwise_cipher
= ssid
->pairwise_cipher
;
1372 ie
.key_mgmt
= ssid
->key_mgmt
;
1373 ie
.mgmt_group_cipher
= 0;
1374 if (ssid
->ieee80211w
!= NO_MGMT_FRAME_PROTECTION
) {
1375 if (ssid
->group_mgmt_cipher
&
1376 WPA_CIPHER_BIP_GMAC_256
)
1377 ie
.mgmt_group_cipher
=
1378 WPA_CIPHER_BIP_GMAC_256
;
1379 else if (ssid
->group_mgmt_cipher
&
1380 WPA_CIPHER_BIP_CMAC_256
)
1381 ie
.mgmt_group_cipher
=
1382 WPA_CIPHER_BIP_CMAC_256
;
1383 else if (ssid
->group_mgmt_cipher
&
1384 WPA_CIPHER_BIP_GMAC_128
)
1385 ie
.mgmt_group_cipher
=
1386 WPA_CIPHER_BIP_GMAC_128
;
1388 ie
.mgmt_group_cipher
=
1389 WPA_CIPHER_AES_128_CMAC
;
1392 if ((ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
) &&
1394 !bss_wpa
&& !bss_rsn
&& !bss_osen
) {
1395 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
1396 wpa_s
->wpa_proto
= 0;
1400 #endif /* CONFIG_OWE */
1401 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Set cipher suites "
1402 "based on configuration");
1407 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected cipher suites: group %d "
1408 "pairwise %d key_mgmt %d proto %d",
1409 ie
.group_cipher
, ie
.pairwise_cipher
, ie
.key_mgmt
, proto
);
1410 if (ssid
->ieee80211w
) {
1411 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected mgmt group cipher %d",
1412 ie
.mgmt_group_cipher
);
1415 wpa_s
->wpa_proto
= proto
;
1416 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PROTO
, proto
);
1417 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_RSN_ENABLED
,
1418 !!(ssid
->proto
& (WPA_PROTO_RSN
| WPA_PROTO_OSEN
)));
1420 if (bss
|| !wpa_s
->ap_ies_from_associnfo
) {
1421 if (wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, bss_wpa
,
1422 bss_wpa
? 2 + bss_wpa
[1] : 0) ||
1423 wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, bss_rsn
,
1424 bss_rsn
? 2 + bss_rsn
[1] : 0) ||
1425 wpa_sm_set_ap_rsnxe(wpa_s
->wpa
, bss_rsnx
,
1426 bss_rsnx
? 2 + bss_rsnx
[1] : 0))
1430 #ifdef CONFIG_NO_WPA
1431 wpa_s
->group_cipher
= WPA_CIPHER_NONE
;
1432 wpa_s
->pairwise_cipher
= WPA_CIPHER_NONE
;
1433 #else /* CONFIG_NO_WPA */
1434 sel
= ie
.group_cipher
& ssid
->group_cipher
;
1435 wpa_dbg(wpa_s
, MSG_DEBUG
,
1436 "WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
1437 ie
.group_cipher
, ssid
->group_cipher
, sel
);
1438 wpa_s
->group_cipher
= wpa_pick_group_cipher(sel
);
1439 if (wpa_s
->group_cipher
< 0) {
1440 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select group "
1444 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using GTK %s",
1445 wpa_cipher_txt(wpa_s
->group_cipher
));
1447 sel
= ie
.pairwise_cipher
& ssid
->pairwise_cipher
;
1448 wpa_dbg(wpa_s
, MSG_DEBUG
,
1449 "WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
1450 ie
.pairwise_cipher
, ssid
->pairwise_cipher
, sel
);
1451 wpa_s
->pairwise_cipher
= wpa_pick_pairwise_cipher(sel
, 1);
1452 if (wpa_s
->pairwise_cipher
< 0) {
1453 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select pairwise "
1457 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using PTK %s",
1458 wpa_cipher_txt(wpa_s
->pairwise_cipher
));
1459 #endif /* CONFIG_NO_WPA */
1461 sel
= ie
.key_mgmt
& ssid
->key_mgmt
;
1463 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SAE
))
1464 sel
&= ~(WPA_KEY_MGMT_SAE
| WPA_KEY_MGMT_FT_SAE
);
1465 #endif /* CONFIG_SAE */
1466 #ifdef CONFIG_IEEE80211R
1467 if (!(wpa_s
->drv_flags
& (WPA_DRIVER_FLAGS_SME
|
1468 WPA_DRIVER_FLAGS_UPDATE_FT_IES
)))
1469 sel
&= ~WPA_KEY_MGMT_FT
;
1470 #endif /* CONFIG_IEEE80211R */
1471 wpa_dbg(wpa_s
, MSG_DEBUG
,
1472 "WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
1473 ie
.key_mgmt
, ssid
->key_mgmt
, sel
);
1475 #ifdef CONFIG_IEEE80211R
1476 #ifdef CONFIG_SHA384
1477 } else if ((sel
& WPA_KEY_MGMT_FT_IEEE8021X_SHA384
) &&
1478 os_strcmp(wpa_supplicant_get_eap_mode(wpa_s
), "LEAP") != 0) {
1479 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_IEEE8021X_SHA384
;
1480 wpa_dbg(wpa_s
, MSG_DEBUG
,
1481 "WPA: using KEY_MGMT FT/802.1X-SHA384");
1482 if (!ssid
->ft_eap_pmksa_caching
&&
1483 pmksa_cache_get_current(wpa_s
->wpa
)) {
1484 /* PMKSA caching with FT may have interoperability
1485 * issues, so disable that case by default for now. */
1486 wpa_dbg(wpa_s
, MSG_DEBUG
,
1487 "WPA: Disable PMKSA caching for FT/802.1X connection");
1488 pmksa_cache_clear_current(wpa_s
->wpa
);
1490 #endif /* CONFIG_SHA384 */
1491 #endif /* CONFIG_IEEE80211R */
1492 #ifdef CONFIG_SUITEB192
1493 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
) {
1494 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
;
1495 wpa_dbg(wpa_s
, MSG_DEBUG
,
1496 "WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1497 #endif /* CONFIG_SUITEB192 */
1498 #ifdef CONFIG_SUITEB
1499 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SUITE_B
) {
1500 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SUITE_B
;
1501 wpa_dbg(wpa_s
, MSG_DEBUG
,
1502 "WPA: using KEY_MGMT 802.1X with Suite B");
1503 #endif /* CONFIG_SUITEB */
1505 #ifdef CONFIG_IEEE80211R
1506 } else if (sel
& WPA_KEY_MGMT_FT_FILS_SHA384
) {
1507 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_FILS_SHA384
;
1508 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT-FILS-SHA384");
1509 } else if (sel
& WPA_KEY_MGMT_FT_FILS_SHA256
) {
1510 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_FILS_SHA256
;
1511 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT-FILS-SHA256");
1512 #endif /* CONFIG_IEEE80211R */
1513 } else if (sel
& WPA_KEY_MGMT_FILS_SHA384
) {
1514 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FILS_SHA384
;
1515 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FILS-SHA384");
1516 } else if (sel
& WPA_KEY_MGMT_FILS_SHA256
) {
1517 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FILS_SHA256
;
1518 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FILS-SHA256");
1519 #endif /* CONFIG_FILS */
1520 #ifdef CONFIG_IEEE80211R
1521 } else if ((sel
& WPA_KEY_MGMT_FT_IEEE8021X
) &&
1522 os_strcmp(wpa_supplicant_get_eap_mode(wpa_s
), "LEAP") != 0) {
1523 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_IEEE8021X
;
1524 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT/802.1X");
1525 if (!ssid
->ft_eap_pmksa_caching
&&
1526 pmksa_cache_get_current(wpa_s
->wpa
)) {
1527 /* PMKSA caching with FT may have interoperability
1528 * issues, so disable that case by default for now. */
1529 wpa_dbg(wpa_s
, MSG_DEBUG
,
1530 "WPA: Disable PMKSA caching for FT/802.1X connection");
1531 pmksa_cache_clear_current(wpa_s
->wpa
);
1533 #endif /* CONFIG_IEEE80211R */
1535 } else if (sel
& WPA_KEY_MGMT_DPP
) {
1536 wpa_s
->key_mgmt
= WPA_KEY_MGMT_DPP
;
1537 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT DPP");
1538 #endif /* CONFIG_DPP */
1540 } else if (sel
& WPA_KEY_MGMT_FT_SAE
) {
1541 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_SAE
;
1542 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT FT/SAE");
1543 } else if (sel
& WPA_KEY_MGMT_SAE
) {
1544 wpa_s
->key_mgmt
= WPA_KEY_MGMT_SAE
;
1545 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT SAE");
1546 #endif /* CONFIG_SAE */
1547 #ifdef CONFIG_IEEE80211R
1548 } else if (sel
& WPA_KEY_MGMT_FT_PSK
) {
1549 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_PSK
;
1550 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT/PSK");
1551 #endif /* CONFIG_IEEE80211R */
1552 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SHA256
) {
1553 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SHA256
;
1554 wpa_dbg(wpa_s
, MSG_DEBUG
,
1555 "WPA: using KEY_MGMT 802.1X with SHA256");
1556 } else if (sel
& WPA_KEY_MGMT_PSK_SHA256
) {
1557 wpa_s
->key_mgmt
= WPA_KEY_MGMT_PSK_SHA256
;
1558 wpa_dbg(wpa_s
, MSG_DEBUG
,
1559 "WPA: using KEY_MGMT PSK with SHA256");
1560 } else if (sel
& WPA_KEY_MGMT_IEEE8021X
) {
1561 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X
;
1562 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT 802.1X");
1563 } else if (sel
& WPA_KEY_MGMT_PSK
) {
1564 wpa_s
->key_mgmt
= WPA_KEY_MGMT_PSK
;
1565 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT WPA-PSK");
1566 } else if (sel
& WPA_KEY_MGMT_WPA_NONE
) {
1567 wpa_s
->key_mgmt
= WPA_KEY_MGMT_WPA_NONE
;
1568 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT WPA-NONE");
1570 } else if (sel
& WPA_KEY_MGMT_OSEN
) {
1571 wpa_s
->key_mgmt
= WPA_KEY_MGMT_OSEN
;
1572 wpa_dbg(wpa_s
, MSG_DEBUG
, "HS 2.0: using KEY_MGMT OSEN");
1573 #endif /* CONFIG_HS20 */
1575 } else if (sel
& WPA_KEY_MGMT_OWE
) {
1576 wpa_s
->key_mgmt
= WPA_KEY_MGMT_OWE
;
1577 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT OWE");
1578 #endif /* CONFIG_OWE */
1580 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select "
1581 "authenticated key management type");
1585 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_KEY_MGMT
, wpa_s
->key_mgmt
);
1586 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PAIRWISE
,
1587 wpa_s
->pairwise_cipher
);
1588 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_GROUP
, wpa_s
->group_cipher
);
1590 if (!(ie
.capabilities
& WPA_CAPABILITY_MFPC
) &&
1591 wpas_get_ssid_pmf(wpa_s
, ssid
) == MGMT_FRAME_PROTECTION_REQUIRED
) {
1592 wpa_msg(wpa_s
, MSG_INFO
,
1593 "RSN: Management frame protection required but the selected AP does not enable it");
1597 sel
= ie
.mgmt_group_cipher
;
1598 if (ssid
->group_mgmt_cipher
)
1599 sel
&= ssid
->group_mgmt_cipher
;
1600 if (wpas_get_ssid_pmf(wpa_s
, ssid
) == NO_MGMT_FRAME_PROTECTION
||
1601 !(ie
.capabilities
& WPA_CAPABILITY_MFPC
))
1603 wpa_dbg(wpa_s
, MSG_DEBUG
,
1604 "WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
1605 ie
.mgmt_group_cipher
, ssid
->group_mgmt_cipher
, sel
);
1606 if (sel
& WPA_CIPHER_AES_128_CMAC
) {
1607 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_AES_128_CMAC
;
1608 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1610 } else if (sel
& WPA_CIPHER_BIP_GMAC_128
) {
1611 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_GMAC_128
;
1612 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1614 } else if (sel
& WPA_CIPHER_BIP_GMAC_256
) {
1615 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_GMAC_256
;
1616 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1618 } else if (sel
& WPA_CIPHER_BIP_CMAC_256
) {
1619 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_CMAC_256
;
1620 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1623 wpa_s
->mgmt_group_cipher
= 0;
1624 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: not using MGMT group cipher");
1626 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MGMT_GROUP
,
1627 wpa_s
->mgmt_group_cipher
);
1628 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MFP
,
1629 wpas_get_ssid_pmf(wpa_s
, ssid
));
1631 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_OCV
, ssid
->ocv
);
1632 #endif /* CONFIG_OCV */
1633 sae_pwe
= wpa_s
->conf
->sae_pwe
;
1634 if (ssid
->sae_password_id
&& sae_pwe
!= 3)
1636 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_SAE_PWE
, sae_pwe
);
1638 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s
->wpa
, wpa_ie
, wpa_ie_len
)) {
1639 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to generate WPA IE");
1643 wpa_s
->rsnxe_len
= sizeof(wpa_s
->rsnxe
);
1644 if (wpa_sm_set_assoc_rsnxe_default(wpa_s
->wpa
, wpa_s
->rsnxe
,
1645 &wpa_s
->rsnxe_len
)) {
1646 wpa_msg(wpa_s
, MSG_WARNING
, "RSN: Failed to generate RSNXE");
1652 } else if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_DPP
) {
1653 /* Use PMK from DPP network introduction (PMKSA entry) */
1654 wpa_sm_set_pmk_from_pmksa(wpa_s
->wpa
);
1655 #endif /* CONFIG_DPP */
1656 } else if (wpa_key_mgmt_wpa_psk(ssid
->key_mgmt
)) {
1660 sae_only
= (ssid
->key_mgmt
& (WPA_KEY_MGMT_PSK
|
1661 WPA_KEY_MGMT_FT_PSK
|
1662 WPA_KEY_MGMT_PSK_SHA256
)) == 0;
1664 if (ssid
->psk_set
&& !sae_only
) {
1665 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (set in config)",
1666 ssid
->psk
, PMK_LEN
);
1667 wpa_sm_set_pmk(wpa_s
->wpa
, ssid
->psk
, PMK_LEN
, NULL
,
1672 if (wpa_key_mgmt_sae(ssid
->key_mgmt
) &&
1673 (ssid
->sae_password
|| ssid
->passphrase
))
1676 #ifndef CONFIG_NO_PBKDF2
1677 if (bss
&& ssid
->bssid_set
&& ssid
->ssid_len
== 0 &&
1678 ssid
->passphrase
&& !sae_only
) {
1680 pbkdf2_sha1(ssid
->passphrase
, bss
->ssid
, bss
->ssid_len
,
1681 4096, psk
, PMK_LEN
);
1682 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (from passphrase)",
1684 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
, NULL
);
1686 os_memset(psk
, 0, sizeof(psk
));
1688 #endif /* CONFIG_NO_PBKDF2 */
1689 #ifdef CONFIG_EXT_PASSWORD
1690 if (ssid
->ext_psk
&& !sae_only
) {
1691 struct wpabuf
*pw
= ext_password_get(wpa_s
->ext_pw
,
1693 char pw_str
[64 + 1];
1697 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: No PSK "
1698 "found from external storage");
1702 if (wpabuf_len(pw
) < 8 || wpabuf_len(pw
) > 64) {
1703 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: Unexpected "
1704 "PSK length %d in external storage",
1705 (int) wpabuf_len(pw
));
1706 ext_password_free(pw
);
1710 os_memcpy(pw_str
, wpabuf_head(pw
), wpabuf_len(pw
));
1711 pw_str
[wpabuf_len(pw
)] = '\0';
1713 #ifndef CONFIG_NO_PBKDF2
1714 if (wpabuf_len(pw
) >= 8 && wpabuf_len(pw
) < 64 && bss
)
1716 pbkdf2_sha1(pw_str
, bss
->ssid
, bss
->ssid_len
,
1717 4096, psk
, PMK_LEN
);
1718 os_memset(pw_str
, 0, sizeof(pw_str
));
1719 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (from "
1720 "external passphrase)",
1722 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
,
1725 os_memset(psk
, 0, sizeof(psk
));
1727 #endif /* CONFIG_NO_PBKDF2 */
1728 if (wpabuf_len(pw
) == 2 * PMK_LEN
) {
1729 if (hexstr2bin(pw_str
, psk
, PMK_LEN
) < 0) {
1730 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: "
1731 "Invalid PSK hex string");
1732 os_memset(pw_str
, 0, sizeof(pw_str
));
1733 ext_password_free(pw
);
1736 wpa_hexdump_key(MSG_MSGDUMP
,
1737 "PSK (from external PSK)",
1739 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
,
1742 os_memset(psk
, 0, sizeof(psk
));
1744 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: No suitable "
1746 os_memset(pw_str
, 0, sizeof(pw_str
));
1747 ext_password_free(pw
);
1751 os_memset(pw_str
, 0, sizeof(pw_str
));
1752 ext_password_free(pw
);
1754 #endif /* CONFIG_EXT_PASSWORD */
1757 wpa_msg(wpa_s
, MSG_INFO
,
1758 "No PSK available for association");
1759 wpas_auth_failed(wpa_s
, "NO_PSK_AVAILABLE");
1763 } else if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_OWE
) {
1764 /* OWE Diffie-Hellman exchange in (Re)Association
1765 * Request/Response frames set the PMK, so do not override it
1767 #endif /* CONFIG_OWE */
1769 wpa_sm_set_pmk_from_pmksa(wpa_s
->wpa
);
1771 if (ssid
->mode
!= WPAS_MODE_IBSS
&&
1772 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
) &&
1773 (ssid
->wpa_deny_ptk0_rekey
== PTK0_REKEY_ALLOW_NEVER
||
1774 (ssid
->wpa_deny_ptk0_rekey
== PTK0_REKEY_ALLOW_LOCAL_OK
&&
1775 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SAFE_PTK0_REKEYS
)))) {
1776 wpa_msg(wpa_s
, MSG_INFO
,
1777 "Disable PTK0 rekey support - replaced with reconnect");
1778 wpa_s
->deny_ptk0_rekey
= 1;
1779 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_DENY_PTK0_REKEY
, 1);
1781 wpa_s
->deny_ptk0_rekey
= 0;
1782 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_DENY_PTK0_REKEY
, 0);
1789 static void wpas_ext_capab_byte(struct wpa_supplicant
*wpa_s
, u8
*pos
, int idx
)
1794 case 0: /* Bits 0-7 */
1796 case 1: /* Bits 8-15 */
1797 if (wpa_s
->conf
->coloc_intf_reporting
) {
1798 /* Bit 13 - Collocated Interference Reporting */
1802 case 2: /* Bits 16-23 */
1804 *pos
|= 0x02; /* Bit 17 - WNM-Sleep Mode */
1805 if (!wpa_s
->disable_mbo_oce
&& !wpa_s
->conf
->disable_btm
)
1806 *pos
|= 0x08; /* Bit 19 - BSS Transition */
1807 #endif /* CONFIG_WNM */
1809 case 3: /* Bits 24-31 */
1811 *pos
|= 0x02; /* Bit 25 - SSID List */
1812 #endif /* CONFIG_WNM */
1813 #ifdef CONFIG_INTERWORKING
1814 if (wpa_s
->conf
->interworking
)
1815 *pos
|= 0x80; /* Bit 31 - Interworking */
1816 #endif /* CONFIG_INTERWORKING */
1818 case 4: /* Bits 32-39 */
1819 #ifdef CONFIG_INTERWORKING
1820 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_QOS_MAPPING
)
1821 *pos
|= 0x01; /* Bit 32 - QoS Map */
1822 #endif /* CONFIG_INTERWORKING */
1824 case 5: /* Bits 40-47 */
1826 if (wpa_s
->conf
->hs20
)
1827 *pos
|= 0x40; /* Bit 46 - WNM-Notification */
1828 #endif /* CONFIG_HS20 */
1830 *pos
|= 0x40; /* Bit 46 - WNM-Notification */
1831 #endif /* CONFIG_MBO */
1833 case 6: /* Bits 48-55 */
1835 case 7: /* Bits 56-63 */
1837 case 8: /* Bits 64-71 */
1838 if (wpa_s
->conf
->ftm_responder
)
1839 *pos
|= 0x40; /* Bit 70 - FTM responder */
1840 if (wpa_s
->conf
->ftm_initiator
)
1841 *pos
|= 0x80; /* Bit 71 - FTM initiator */
1843 case 9: /* Bits 72-79 */
1845 if (!wpa_s
->disable_fils
)
1847 #endif /* CONFIG_FILS */
1853 int wpas_build_ext_capab(struct wpa_supplicant
*wpa_s
, u8
*buf
, size_t buflen
)
1858 if (len
< wpa_s
->extended_capa_len
)
1859 len
= wpa_s
->extended_capa_len
;
1860 if (buflen
< (size_t) len
+ 2) {
1861 wpa_printf(MSG_INFO
,
1862 "Not enough room for building extended capabilities element");
1866 *pos
++ = WLAN_EID_EXT_CAPAB
;
1868 for (i
= 0; i
< len
; i
++, pos
++) {
1869 wpas_ext_capab_byte(wpa_s
, pos
, i
);
1871 if (i
< wpa_s
->extended_capa_len
) {
1872 *pos
&= ~wpa_s
->extended_capa_mask
[i
];
1873 *pos
|= wpa_s
->extended_capa
[i
];
1877 while (len
> 0 && buf
[1 + len
] == 0) {
1888 static int wpas_valid_bss(struct wpa_supplicant
*wpa_s
,
1889 struct wpa_bss
*test_bss
)
1891 struct wpa_bss
*bss
;
1893 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
1894 if (bss
== test_bss
)
1902 static int wpas_valid_ssid(struct wpa_supplicant
*wpa_s
,
1903 struct wpa_ssid
*test_ssid
)
1905 struct wpa_ssid
*ssid
;
1907 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
) {
1908 if (ssid
== test_ssid
)
1916 int wpas_valid_bss_ssid(struct wpa_supplicant
*wpa_s
, struct wpa_bss
*test_bss
,
1917 struct wpa_ssid
*test_ssid
)
1919 if (test_bss
&& !wpas_valid_bss(wpa_s
, test_bss
))
1922 return test_ssid
== NULL
|| wpas_valid_ssid(wpa_s
, test_ssid
);
1926 void wpas_connect_work_free(struct wpa_connect_work
*cwork
)
1934 void wpas_connect_work_done(struct wpa_supplicant
*wpa_s
)
1936 struct wpa_connect_work
*cwork
;
1937 struct wpa_radio_work
*work
= wpa_s
->connect_work
;
1942 wpa_s
->connect_work
= NULL
;
1945 wpas_connect_work_free(cwork
);
1946 radio_work_done(work
);
1950 int wpas_update_random_addr(struct wpa_supplicant
*wpa_s
, int style
)
1952 struct os_reltime now
;
1955 os_get_reltime(&now
);
1956 if (wpa_s
->last_mac_addr_style
== style
&&
1957 wpa_s
->last_mac_addr_change
.sec
!= 0 &&
1958 !os_reltime_expired(&now
, &wpa_s
->last_mac_addr_change
,
1959 wpa_s
->conf
->rand_addr_lifetime
)) {
1960 wpa_msg(wpa_s
, MSG_DEBUG
,
1961 "Previously selected random MAC address has not yet expired");
1967 if (random_mac_addr(addr
) < 0)
1971 os_memcpy(addr
, wpa_s
->perm_addr
, ETH_ALEN
);
1972 if (random_mac_addr_keep_oui(addr
) < 0)
1979 if (wpa_drv_set_mac_addr(wpa_s
, addr
) < 0) {
1980 wpa_msg(wpa_s
, MSG_INFO
,
1981 "Failed to set random MAC address");
1985 os_get_reltime(&wpa_s
->last_mac_addr_change
);
1986 wpa_s
->mac_addr_changed
= 1;
1987 wpa_s
->last_mac_addr_style
= style
;
1989 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0) {
1990 wpa_msg(wpa_s
, MSG_INFO
,
1991 "Could not update MAC address information");
1995 wpa_msg(wpa_s
, MSG_DEBUG
, "Using random MAC address " MACSTR
,
2002 int wpas_update_random_addr_disassoc(struct wpa_supplicant
*wpa_s
)
2004 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
||
2005 !wpa_s
->conf
->preassoc_mac_addr
)
2008 return wpas_update_random_addr(wpa_s
, wpa_s
->conf
->preassoc_mac_addr
);
2012 static void wpa_s_setup_sae_pt(struct wpa_config
*conf
, struct wpa_ssid
*ssid
)
2015 int *groups
= conf
->sae_groups
;
2016 int default_groups
[] = { 19, 20, 21, 0 };
2017 const char *password
;
2019 if (!groups
|| groups
[0] <= 0)
2020 groups
= default_groups
;
2022 password
= ssid
->sae_password
;
2024 password
= ssid
->passphrase
;
2026 if ((conf
->sae_pwe
== 0 && !ssid
->sae_password_id
) || !password
||
2027 conf
->sae_pwe
== 3) {
2028 /* PT derivation not needed */
2029 sae_deinit_pt(ssid
->pt
);
2035 return; /* PT already derived */
2036 ssid
->pt
= sae_derive_pt(groups
, ssid
->ssid
, ssid
->ssid_len
,
2037 (const u8
*) password
, os_strlen(password
),
2038 ssid
->sae_password_id
);
2039 #endif /* CONFIG_SAE */
2043 static void wpa_s_clear_sae_rejected(struct wpa_supplicant
*wpa_s
)
2045 #if defined(CONFIG_SAE) && defined(CONFIG_SME)
2046 os_free(wpa_s
->sme
.sae_rejected_groups
);
2047 wpa_s
->sme
.sae_rejected_groups
= NULL
;
2048 #ifdef CONFIG_TESTING_OPTIONS
2049 if (wpa_s
->extra_sae_rejected_groups
) {
2050 int i
, *groups
= wpa_s
->extra_sae_rejected_groups
;
2052 for (i
= 0; groups
[i
]; i
++) {
2053 wpa_printf(MSG_DEBUG
,
2054 "TESTING: Indicate rejection of an extra SAE group %d",
2056 int_array_add_unique(&wpa_s
->sme
.sae_rejected_groups
,
2060 #endif /* CONFIG_TESTING_OPTIONS */
2061 #endif /* CONFIG_SAE && CONFIG_SME */
2065 static void wpas_start_assoc_cb(struct wpa_radio_work
*work
, int deinit
);
2068 * wpa_supplicant_associate - Request association
2069 * @wpa_s: Pointer to wpa_supplicant data
2070 * @bss: Scan results for the selected BSS, or %NULL if not available
2071 * @ssid: Configuration data for the selected network
2073 * This function is used to request %wpa_supplicant to associate with a BSS.
2075 void wpa_supplicant_associate(struct wpa_supplicant
*wpa_s
,
2076 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
)
2078 struct wpa_connect_work
*cwork
;
2081 wpa_s
->own_disconnect_req
= 0;
2082 wpa_s
->own_reconnect_req
= 0;
2085 * If we are starting a new connection, any previously pending EAPOL
2086 * RX cannot be valid anymore.
2088 wpabuf_free(wpa_s
->pending_eapol_rx
);
2089 wpa_s
->pending_eapol_rx
= NULL
;
2091 if (ssid
->mac_addr
== -1)
2092 rand_style
= wpa_s
->conf
->mac_addr
;
2094 rand_style
= ssid
->mac_addr
;
2096 wpa_s
->multi_ap_ie
= 0;
2097 wmm_ac_clear_saved_tspecs(wpa_s
);
2098 wpa_s
->reassoc_same_bss
= 0;
2099 wpa_s
->reassoc_same_ess
= 0;
2100 #ifdef CONFIG_TESTING_OPTIONS
2101 wpa_s
->testing_resend_assoc
= 0;
2102 #endif /* CONFIG_TESTING_OPTIONS */
2104 if (wpa_s
->last_ssid
== ssid
) {
2105 wpa_dbg(wpa_s
, MSG_DEBUG
, "Re-association to the same ESS");
2106 wpa_s
->reassoc_same_ess
= 1;
2107 if (wpa_s
->current_bss
&& wpa_s
->current_bss
== bss
) {
2108 wmm_ac_save_tspecs(wpa_s
);
2109 wpa_s
->reassoc_same_bss
= 1;
2110 } else if (wpa_s
->current_bss
&& wpa_s
->current_bss
!= bss
) {
2111 os_get_reltime(&wpa_s
->roam_start
);
2115 wpa_s_clear_sae_rejected(wpa_s
);
2116 wpa_s_setup_sae_pt(wpa_s
->conf
, ssid
);
2117 #endif /* CONFIG_SAE */
2120 if (rand_style
> 0 && !wpa_s
->reassoc_same_ess
) {
2121 if (wpas_update_random_addr(wpa_s
, rand_style
) < 0)
2123 wpa_sm_pmksa_cache_flush(wpa_s
->wpa
, ssid
);
2124 } else if (rand_style
== 0 && wpa_s
->mac_addr_changed
) {
2125 if (wpa_drv_set_mac_addr(wpa_s
, NULL
) < 0) {
2126 wpa_msg(wpa_s
, MSG_INFO
,
2127 "Could not restore permanent MAC address");
2130 wpa_s
->mac_addr_changed
= 0;
2131 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0) {
2132 wpa_msg(wpa_s
, MSG_INFO
,
2133 "Could not update MAC address information");
2136 wpa_msg(wpa_s
, MSG_DEBUG
, "Using permanent MAC address");
2138 wpa_s
->last_ssid
= ssid
;
2140 #ifdef CONFIG_IBSS_RSN
2141 ibss_rsn_deinit(wpa_s
->ibss_rsn
);
2142 wpa_s
->ibss_rsn
= NULL
;
2143 #else /* CONFIG_IBSS_RSN */
2144 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2145 !(ssid
->key_mgmt
& (WPA_KEY_MGMT_NONE
| WPA_KEY_MGMT_WPA_NONE
))) {
2146 wpa_msg(wpa_s
, MSG_INFO
,
2147 "IBSS RSN not supported in the build");
2150 #endif /* CONFIG_IBSS_RSN */
2152 if (ssid
->mode
== WPAS_MODE_AP
|| ssid
->mode
== WPAS_MODE_P2P_GO
||
2153 ssid
->mode
== WPAS_MODE_P2P_GROUP_FORMATION
) {
2155 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_AP
)) {
2156 wpa_msg(wpa_s
, MSG_INFO
, "Driver does not support AP "
2160 if (wpa_supplicant_create_ap(wpa_s
, ssid
) < 0) {
2161 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
2162 if (ssid
->mode
== WPAS_MODE_P2P_GROUP_FORMATION
)
2163 wpas_p2p_ap_setup_failed(wpa_s
);
2166 wpa_s
->current_bss
= bss
;
2167 #else /* CONFIG_AP */
2168 wpa_msg(wpa_s
, MSG_ERROR
, "AP mode support not included in "
2170 #endif /* CONFIG_AP */
2174 if (ssid
->mode
== WPAS_MODE_MESH
) {
2176 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_MESH
)) {
2177 wpa_msg(wpa_s
, MSG_INFO
,
2178 "Driver does not support mesh mode");
2182 ssid
->frequency
= bss
->freq
;
2183 if (wpa_supplicant_join_mesh(wpa_s
, ssid
) < 0) {
2184 wpa_msg(wpa_s
, MSG_ERROR
, "Could not join mesh");
2187 wpa_s
->current_bss
= bss
;
2188 wpa_msg(wpa_s
, MSG_INFO
, MESH_GROUP_STARTED
"ssid=\"%s\" id=%d",
2189 wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
),
2191 wpas_notify_mesh_group_started(wpa_s
, ssid
);
2192 #else /* CONFIG_MESH */
2193 wpa_msg(wpa_s
, MSG_ERROR
,
2194 "mesh mode support not included in the build");
2195 #endif /* CONFIG_MESH */
2200 * Set WPA state machine configuration to match the selected network now
2201 * so that the information is available before wpas_start_assoc_cb()
2202 * gets called. This is needed at least for RSN pre-authentication where
2203 * candidate APs are added to a list based on scan result processing
2204 * before completion of the first association.
2206 wpa_supplicant_rsn_supp_set_config(wpa_s
, ssid
);
2209 if (wpas_dpp_check_connect(wpa_s
, ssid
, bss
) != 0)
2211 #endif /* CONFIG_DPP */
2215 wpa_tdls_ap_ies(wpa_s
->wpa
, (const u8
*) (bss
+ 1),
2217 #endif /* CONFIG_TDLS */
2220 wpas_mbo_check_pmf(wpa_s
, bss
, ssid
);
2221 #endif /* CONFIG_MBO */
2223 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2224 ssid
->mode
== WPAS_MODE_INFRA
) {
2225 sme_authenticate(wpa_s
, bss
, ssid
);
2229 if (wpa_s
->connect_work
) {
2230 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reject wpa_supplicant_associate() call since connect_work exist");
2234 if (radio_work_pending(wpa_s
, "connect")) {
2235 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reject wpa_supplicant_associate() call since pending work exist");
2240 if (ssid
->mode
== WPAS_MODE_IBSS
|| ssid
->mode
== WPAS_MODE_MESH
) {
2241 /* Clear possibly set auth_alg, if any, from last attempt. */
2242 wpa_s
->sme
.auth_alg
= WPA_AUTH_ALG_OPEN
;
2244 #endif /* CONFIG_SME */
2246 wpas_abort_ongoing_scan(wpa_s
);
2248 cwork
= os_zalloc(sizeof(*cwork
));
2255 if (radio_add_work(wpa_s
, bss
? bss
->freq
: 0, "connect", 1,
2256 wpas_start_assoc_cb
, cwork
) < 0) {
2262 static int bss_is_ibss(struct wpa_bss
*bss
)
2264 return (bss
->caps
& (IEEE80211_CAP_ESS
| IEEE80211_CAP_IBSS
)) ==
2269 static int drv_supports_vht(struct wpa_supplicant
*wpa_s
,
2270 const struct wpa_ssid
*ssid
)
2272 enum hostapd_hw_mode hw_mode
;
2273 struct hostapd_hw_modes
*mode
= NULL
;
2277 hw_mode
= ieee80211_freq_to_chan(ssid
->frequency
, &channel
);
2278 if (hw_mode
== NUM_HOSTAPD_MODES
)
2280 for (i
= 0; wpa_s
->hw
.modes
&& i
< wpa_s
->hw
.num_modes
; i
++) {
2281 if (wpa_s
->hw
.modes
[i
].mode
== hw_mode
) {
2282 mode
= &wpa_s
->hw
.modes
[i
];
2290 return mode
->vht_capab
!= 0;
2294 void ibss_mesh_setup_freq(struct wpa_supplicant
*wpa_s
,
2295 const struct wpa_ssid
*ssid
,
2296 struct hostapd_freq_params
*freq
)
2298 int ieee80211_mode
= wpas_mode_to_ieee80211_mode(ssid
->mode
);
2299 enum hostapd_hw_mode hw_mode
;
2300 struct hostapd_hw_modes
*mode
= NULL
;
2301 int ht40plus
[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2303 int vht80
[] = { 36, 52, 100, 116, 132, 149 };
2304 struct hostapd_channel_data
*pri_chan
= NULL
, *sec_chan
= NULL
;
2306 int i
, chan_idx
, ht40
= -1, res
, obss_scan
= 1;
2308 struct hostapd_freq_params vht_freq
;
2309 int chwidth
, seg0
, seg1
;
2313 freq
->freq
= ssid
->frequency
;
2315 for (j
= 0; j
< wpa_s
->last_scan_res_used
; j
++) {
2316 struct wpa_bss
*bss
= wpa_s
->last_scan_res
[j
];
2318 if (ssid
->mode
!= WPAS_MODE_IBSS
)
2321 /* Don't adjust control freq in case of fixed_freq */
2322 if (ssid
->fixed_freq
)
2325 if (!bss_is_ibss(bss
))
2328 if (ssid
->ssid_len
== bss
->ssid_len
&&
2329 os_memcmp(ssid
->ssid
, bss
->ssid
, bss
->ssid_len
) == 0) {
2330 wpa_printf(MSG_DEBUG
,
2331 "IBSS already found in scan results, adjust control freq: %d",
2333 freq
->freq
= bss
->freq
;
2339 /* For IBSS check HT_IBSS flag */
2340 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2341 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_HT_IBSS
))
2344 if (wpa_s
->group_cipher
== WPA_CIPHER_WEP40
||
2345 wpa_s
->group_cipher
== WPA_CIPHER_WEP104
||
2346 wpa_s
->pairwise_cipher
== WPA_CIPHER_TKIP
) {
2347 wpa_printf(MSG_DEBUG
,
2348 "IBSS: WEP/TKIP detected, do not try to enable HT");
2352 hw_mode
= ieee80211_freq_to_chan(freq
->freq
, &channel
);
2353 for (i
= 0; wpa_s
->hw
.modes
&& i
< wpa_s
->hw
.num_modes
; i
++) {
2354 if (wpa_s
->hw
.modes
[i
].mode
== hw_mode
) {
2355 mode
= &wpa_s
->hw
.modes
[i
];
2363 is_24ghz
= hw_mode
== HOSTAPD_MODE_IEEE80211G
||
2364 hw_mode
== HOSTAPD_MODE_IEEE80211B
;
2366 #ifdef CONFIG_HT_OVERRIDES
2367 if (ssid
->disable_ht
) {
2368 freq
->ht_enabled
= 0;
2371 #endif /* CONFIG_HT_OVERRIDES */
2373 freq
->ht_enabled
= ht_supported(mode
);
2374 if (!freq
->ht_enabled
)
2377 /* Allow HE on 2.4 GHz without VHT: see nl80211_put_freq_params() */
2379 freq
->he_enabled
= mode
->he_capab
[ieee80211_mode
].he_supported
;
2381 /* Setup higher BW only for 5 GHz */
2382 if (mode
->mode
!= HOSTAPD_MODE_IEEE80211A
)
2385 for (chan_idx
= 0; chan_idx
< mode
->num_channels
; chan_idx
++) {
2386 pri_chan
= &mode
->channels
[chan_idx
];
2387 if (pri_chan
->chan
== channel
)
2394 /* Check primary channel flags */
2395 if (pri_chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2398 freq
->channel
= pri_chan
->chan
;
2400 #ifdef CONFIG_HT_OVERRIDES
2401 if (ssid
->disable_ht40
) {
2402 #ifdef CONFIG_VHT_OVERRIDES
2403 if (ssid
->disable_vht
)
2405 #endif /* CONFIG_VHT_OVERRIDES */
2408 #endif /* CONFIG_HT_OVERRIDES */
2410 /* Check/setup HT40+/HT40- */
2411 for (j
= 0; j
< ARRAY_SIZE(ht40plus
); j
++) {
2412 if (ht40plus
[j
] == channel
) {
2418 /* Find secondary channel */
2419 for (i
= 0; i
< mode
->num_channels
; i
++) {
2420 sec_chan
= &mode
->channels
[i
];
2421 if (sec_chan
->chan
== channel
+ ht40
* 4)
2428 /* Check secondary channel flags */
2429 if (sec_chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2433 if (!(pri_chan
->flag
& HOSTAPD_CHAN_HT40MINUS
))
2436 if (!(pri_chan
->flag
& HOSTAPD_CHAN_HT40PLUS
))
2439 freq
->sec_channel_offset
= ht40
;
2442 struct wpa_scan_results
*scan_res
;
2444 scan_res
= wpa_supplicant_get_scan_results(wpa_s
, NULL
, 0);
2445 if (scan_res
== NULL
) {
2447 freq
->sec_channel_offset
= 0;
2451 res
= check_40mhz_5g(scan_res
, pri_chan
, sec_chan
);
2455 freq
->sec_channel_offset
= 0;
2458 /* Configuration allowed */
2461 /* Switch pri/sec channels */
2462 freq
->freq
= hw_get_freq(mode
, sec_chan
->chan
);
2463 freq
->sec_channel_offset
= -freq
->sec_channel_offset
;
2464 freq
->channel
= sec_chan
->chan
;
2467 freq
->sec_channel_offset
= 0;
2471 wpa_scan_results_free(scan_res
);
2474 #ifdef CONFIG_HT_OVERRIDES
2476 #endif /* CONFIG_HT_OVERRIDES */
2477 wpa_printf(MSG_DEBUG
,
2478 "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2479 freq
->channel
, freq
->sec_channel_offset
);
2481 if (!drv_supports_vht(wpa_s
, ssid
))
2484 /* For IBSS check VHT_IBSS flag */
2485 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2486 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_VHT_IBSS
))
2491 #ifdef CONFIG_VHT_OVERRIDES
2492 if (ssid
->disable_vht
) {
2493 freq
->vht_enabled
= 0;
2496 #endif /* CONFIG_VHT_OVERRIDES */
2498 vht_freq
.vht_enabled
= vht_supported(mode
);
2499 if (!vht_freq
.vht_enabled
)
2502 /* Enable HE with VHT for 5 GHz */
2503 freq
->he_enabled
= mode
->he_capab
[ieee80211_mode
].he_supported
;
2505 /* setup center_freq1, bandwidth */
2506 for (j
= 0; j
< ARRAY_SIZE(vht80
); j
++) {
2507 if (freq
->channel
>= vht80
[j
] &&
2508 freq
->channel
< vht80
[j
] + 16)
2512 if (j
== ARRAY_SIZE(vht80
))
2515 for (i
= vht80
[j
]; i
< vht80
[j
] + 16; i
+= 4) {
2516 struct hostapd_channel_data
*chan
;
2518 chan
= hw_get_channel_chan(mode
, i
, NULL
);
2522 /* Back to HT configuration if channel not usable */
2523 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2527 chwidth
= CHANWIDTH_80MHZ
;
2528 seg0
= vht80
[j
] + 6;
2531 if (ssid
->max_oper_chwidth
== CHANWIDTH_80P80MHZ
) {
2532 /* setup center_freq2, bandwidth */
2533 for (k
= 0; k
< ARRAY_SIZE(vht80
); k
++) {
2534 /* Only accept 80 MHz segments separated by a gap */
2535 if (j
== k
|| abs(vht80
[j
] - vht80
[k
]) == 16)
2537 for (i
= vht80
[k
]; i
< vht80
[k
] + 16; i
+= 4) {
2538 struct hostapd_channel_data
*chan
;
2540 chan
= hw_get_channel_chan(mode
, i
, NULL
);
2544 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
|
2545 HOSTAPD_CHAN_NO_IR
|
2546 HOSTAPD_CHAN_RADAR
))
2549 /* Found a suitable second segment for 80+80 */
2550 chwidth
= CHANWIDTH_80P80MHZ
;
2552 VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ
;
2553 seg1
= vht80
[k
] + 6;
2556 if (chwidth
== CHANWIDTH_80P80MHZ
)
2559 } else if (ssid
->max_oper_chwidth
== CHANWIDTH_160MHZ
) {
2560 if (freq
->freq
== 5180) {
2561 chwidth
= CHANWIDTH_160MHZ
;
2562 vht_caps
|= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
2564 } else if (freq
->freq
== 5520) {
2565 chwidth
= CHANWIDTH_160MHZ
;
2566 vht_caps
|= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
2569 } else if (ssid
->max_oper_chwidth
== CHANWIDTH_USE_HT
) {
2570 chwidth
= CHANWIDTH_USE_HT
;
2571 seg0
= vht80
[j
] + 2;
2572 #ifdef CONFIG_HT_OVERRIDES
2573 if (ssid
->disable_ht40
)
2575 #endif /* CONFIG_HT_OVERRIDES */
2578 if (hostapd_set_freq_params(&vht_freq
, mode
->mode
, freq
->freq
,
2579 freq
->channel
, ssid
->enable_edmg
,
2580 ssid
->edmg_channel
, freq
->ht_enabled
,
2581 vht_freq
.vht_enabled
, freq
->he_enabled
,
2582 freq
->sec_channel_offset
,
2583 chwidth
, seg0
, seg1
, vht_caps
,
2584 &mode
->he_capab
[ieee80211_mode
]) != 0)
2589 wpa_printf(MSG_DEBUG
, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2590 freq
->center_freq1
, freq
->center_freq2
, freq
->bandwidth
);
2595 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant
*wpa_s
, u8
*ie_buf
,
2598 struct fils_hlp_req
*req
;
2599 size_t rem_len
, hdr_len
, hlp_len
, len
, ie_len
= 0;
2603 dl_list_for_each(req
, &wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
2605 rem_len
= ie_buf_len
- ie_len
;
2606 pos
= wpabuf_head(req
->pkt
);
2607 hdr_len
= 1 + 2 * ETH_ALEN
+ 6;
2608 hlp_len
= wpabuf_len(req
->pkt
);
2610 if (rem_len
< 2 + hdr_len
+ hlp_len
) {
2611 wpa_printf(MSG_ERROR
,
2612 "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2613 (unsigned long) rem_len
,
2614 (unsigned long) (2 + hdr_len
+ hlp_len
));
2618 len
= (hdr_len
+ hlp_len
) > 255 ? 255 : hdr_len
+ hlp_len
;
2620 *buf
++ = WLAN_EID_EXTENSION
;
2623 /* Element ID Extension */
2624 *buf
++ = WLAN_EID_EXT_FILS_HLP_CONTAINER
;
2625 /* Destination MAC address */
2626 os_memcpy(buf
, req
->dst
, ETH_ALEN
);
2628 /* Source MAC address */
2629 os_memcpy(buf
, wpa_s
->own_addr
, ETH_ALEN
);
2631 /* LLC/SNAP Header */
2632 os_memcpy(buf
, "\xaa\xaa\x03\x00\x00\x00", 6);
2635 os_memcpy(buf
, pos
, len
- hdr_len
);
2636 buf
+= len
- hdr_len
;
2637 pos
+= len
- hdr_len
;
2639 hlp_len
-= len
- hdr_len
;
2644 len
= (hlp_len
> 255) ? 255 : hlp_len
;
2645 if (rem_len
< 2 + len
)
2647 *buf
++ = WLAN_EID_FRAGMENT
;
2649 os_memcpy(buf
, pos
, len
);
2663 int wpa_is_fils_supported(struct wpa_supplicant
*wpa_s
)
2665 return (((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2666 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SUPPORT_FILS
)) ||
2667 (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2668 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD
)));
2672 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant
*wpa_s
)
2674 #ifdef CONFIG_FILS_SK_PFS
2675 return (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2676 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SUPPORT_FILS
);
2677 #else /* CONFIG_FILS_SK_PFS */
2679 #endif /* CONFIG_FILS_SK_PFS */
2682 #endif /* CONFIG_FILS */
2685 static u8
* wpas_populate_assoc_ies(
2686 struct wpa_supplicant
*wpa_s
,
2687 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
,
2688 struct wpa_driver_associate_params
*params
,
2689 enum wpa_drv_update_connect_params_mask
*mask
)
2692 size_t max_wpa_ie_len
= 500;
2694 int algs
= WPA_AUTH_ALG_OPEN
;
2699 int sae_pmksa_cached
= 0;
2700 #endif /* CONFIG_SAE */
2702 const u8
*realm
, *username
, *rrk
;
2703 size_t realm_len
, username_len
, rrk_len
;
2705 struct fils_hlp_req
*req
;
2707 dl_list_for_each(req
, &wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
2709 max_wpa_ie_len
+= 3 + 2 * ETH_ALEN
+ 6 + wpabuf_len(req
->pkt
) +
2710 2 + 2 * wpabuf_len(req
->pkt
) / 255;
2712 #endif /* CONFIG_FILS */
2714 wpa_ie
= os_malloc(max_wpa_ie_len
);
2716 wpa_printf(MSG_ERROR
,
2717 "Failed to allocate connect IE buffer for %lu bytes",
2718 (unsigned long) max_wpa_ie_len
);
2722 if (bss
&& (wpa_bss_get_vendor_ie(bss
, WPA_IE_VENDOR_TYPE
) ||
2723 wpa_bss_get_ie(bss
, WLAN_EID_RSN
)) &&
2724 wpa_key_mgmt_wpa(ssid
->key_mgmt
)) {
2725 int try_opportunistic
;
2726 const u8
*cache_id
= NULL
;
2728 try_opportunistic
= (ssid
->proactive_key_caching
< 0 ?
2730 ssid
->proactive_key_caching
) &&
2731 (ssid
->proto
& WPA_PROTO_RSN
);
2733 if (wpa_key_mgmt_fils(ssid
->key_mgmt
))
2734 cache_id
= wpa_bss_get_fils_cache_id(bss
);
2735 #endif /* CONFIG_FILS */
2736 if (pmksa_cache_set_current(wpa_s
->wpa
, NULL
, bss
->bssid
,
2737 ssid
, try_opportunistic
,
2738 cache_id
, 0) == 0) {
2739 eapol_sm_notify_pmkid_attempt(wpa_s
->eapol
);
2741 sae_pmksa_cached
= 1;
2742 #endif /* CONFIG_SAE */
2744 wpa_ie_len
= max_wpa_ie_len
;
2745 if (wpa_supplicant_set_suites(wpa_s
, bss
, ssid
,
2746 wpa_ie
, &wpa_ie_len
)) {
2747 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2748 "key management and encryption suites");
2753 } else if (bss
&& wpa_bss_get_vendor_ie(bss
, OSEN_IE_VENDOR_TYPE
) &&
2754 (ssid
->key_mgmt
& WPA_KEY_MGMT_OSEN
)) {
2755 /* No PMKSA caching, but otherwise similar to RSN/WPA */
2756 wpa_ie_len
= max_wpa_ie_len
;
2757 if (wpa_supplicant_set_suites(wpa_s
, bss
, ssid
,
2758 wpa_ie
, &wpa_ie_len
)) {
2759 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2760 "key management and encryption suites");
2764 #endif /* CONFIG_HS20 */
2765 } else if ((ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
) && bss
&&
2766 wpa_key_mgmt_wpa_ieee8021x(ssid
->key_mgmt
)) {
2768 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2769 * use non-WPA since the scan results did not indicate that the
2770 * AP is using WPA or WPA2.
2772 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2774 wpa_s
->wpa_proto
= 0;
2775 } else if (wpa_key_mgmt_wpa_any(ssid
->key_mgmt
)) {
2776 wpa_ie_len
= max_wpa_ie_len
;
2777 if (wpa_supplicant_set_suites(wpa_s
, NULL
, ssid
,
2778 wpa_ie
, &wpa_ie_len
)) {
2779 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2780 "key management and encryption suites (no "
2786 } else if (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
) {
2787 struct wpabuf
*wps_ie
;
2788 wps_ie
= wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid
));
2789 if (wps_ie
&& wpabuf_len(wps_ie
) <= max_wpa_ie_len
) {
2790 wpa_ie_len
= wpabuf_len(wps_ie
);
2791 os_memcpy(wpa_ie
, wpabuf_head(wps_ie
), wpa_ie_len
);
2794 wpabuf_free(wps_ie
);
2795 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2796 if (!bss
|| (bss
->caps
& IEEE80211_CAP_PRIVACY
))
2797 params
->wps
= WPS_MODE_PRIVACY
;
2799 params
->wps
= WPS_MODE_OPEN
;
2800 wpa_s
->wpa_proto
= 0;
2801 #endif /* CONFIG_WPS */
2803 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2805 wpa_s
->wpa_proto
= 0;
2808 #ifdef IEEE8021X_EAPOL
2809 if (ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
2811 if (ssid
->non_leap
== 0)
2812 algs
= WPA_AUTH_ALG_LEAP
;
2814 algs
|= WPA_AUTH_ALG_LEAP
;
2819 /* Clear FILS association */
2820 wpa_sm_set_reset_fils_completed(wpa_s
->wpa
, 0);
2822 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD
) &&
2823 ssid
->eap
.erp
&& wpa_key_mgmt_fils(wpa_s
->key_mgmt
) &&
2824 eapol_sm_get_erp_info(wpa_s
->eapol
, &ssid
->eap
, &username
,
2825 &username_len
, &realm
, &realm_len
,
2826 &next_seq_num
, &rrk
, &rrk_len
) == 0 &&
2827 (!wpa_s
->last_con_fail_realm
||
2828 wpa_s
->last_con_fail_realm_len
!= realm_len
||
2829 os_memcmp(wpa_s
->last_con_fail_realm
, realm
, realm_len
) != 0)) {
2830 algs
= WPA_AUTH_ALG_FILS
;
2831 params
->fils_erp_username
= username
;
2832 params
->fils_erp_username_len
= username_len
;
2833 params
->fils_erp_realm
= realm
;
2834 params
->fils_erp_realm_len
= realm_len
;
2835 params
->fils_erp_next_seq_num
= next_seq_num
;
2836 params
->fils_erp_rrk
= rrk
;
2837 params
->fils_erp_rrk_len
= rrk_len
;
2840 *mask
|= WPA_DRV_UPDATE_FILS_ERP_INFO
;
2842 #endif /* CONFIG_FILS */
2843 #endif /* IEEE8021X_EAPOL */
2845 if (wpa_s
->key_mgmt
& (WPA_KEY_MGMT_SAE
| WPA_KEY_MGMT_FT_SAE
))
2846 algs
= WPA_AUTH_ALG_SAE
;
2847 #endif /* CONFIG_SAE */
2849 wpa_dbg(wpa_s
, MSG_DEBUG
, "Automatic auth_alg selection: 0x%x", algs
);
2850 if (ssid
->auth_alg
) {
2851 algs
= ssid
->auth_alg
;
2852 wpa_dbg(wpa_s
, MSG_DEBUG
,
2853 "Overriding auth_alg selection: 0x%x", algs
);
2857 if (sae_pmksa_cached
&& algs
== WPA_AUTH_ALG_SAE
) {
2858 wpa_dbg(wpa_s
, MSG_DEBUG
,
2859 "SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
2860 algs
= WPA_AUTH_ALG_OPEN
;
2862 #endif /* CONFIG_SAE */
2865 if (wpa_s
->global
->p2p
) {
2869 pos
= wpa_ie
+ wpa_ie_len
;
2870 len
= max_wpa_ie_len
- wpa_ie_len
;
2871 res
= wpas_p2p_assoc_req_ie(wpa_s
, bss
, pos
, len
,
2877 wpa_s
->cross_connect_disallowed
= 0;
2880 p2p
= wpa_bss_get_vendor_ie_multi(bss
, P2P_IE_VENDOR_TYPE
);
2882 wpa_s
->cross_connect_disallowed
=
2883 p2p_get_cross_connect_disallowed(p2p
);
2885 wpa_dbg(wpa_s
, MSG_DEBUG
, "P2P: WLAN AP %s cross "
2887 wpa_s
->cross_connect_disallowed
?
2888 "disallows" : "allows");
2892 os_memset(wpa_s
->p2p_ip_addr_info
, 0, sizeof(wpa_s
->p2p_ip_addr_info
));
2893 #endif /* CONFIG_P2P */
2896 wpa_ie_len
+= wpas_supp_op_class_ie(wpa_s
, ssid
, bss
,
2897 wpa_ie
+ wpa_ie_len
,
2903 * Workaround: Add Extended Capabilities element only if the AP
2904 * included this element in Beacon/Probe Response frames. Some older
2905 * APs seem to have interoperability issues if this element is
2906 * included, so while the standard may require us to include the
2907 * element in all cases, it is justifiable to skip it to avoid
2908 * interoperability issues.
2910 if (ssid
->p2p_group
)
2911 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_P2P_CLIENT
);
2913 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_STATION
);
2915 if (!bss
|| wpa_bss_get_ie(bss
, WLAN_EID_EXT_CAPAB
)) {
2918 ext_capab_len
= wpas_build_ext_capab(wpa_s
, ext_capab
,
2920 if (ext_capab_len
> 0 &&
2921 wpa_ie_len
+ ext_capab_len
<= max_wpa_ie_len
) {
2923 if (wpa_ie_len
> 0 && pos
[0] == WLAN_EID_RSN
)
2925 os_memmove(pos
+ ext_capab_len
, pos
,
2926 wpa_ie_len
- (pos
- wpa_ie
));
2927 wpa_ie_len
+= ext_capab_len
;
2928 os_memcpy(pos
, ext_capab
, ext_capab_len
);
2933 if (is_hs20_network(wpa_s
, ssid
, bss
)) {
2934 struct wpabuf
*hs20
;
2936 hs20
= wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN
);
2938 int pps_mo_id
= hs20_get_pps_mo_id(wpa_s
, ssid
);
2941 wpas_hs20_add_indication(hs20
, pps_mo_id
,
2942 get_hs20_version(bss
));
2943 wpas_hs20_add_roam_cons_sel(hs20
, ssid
);
2944 len
= max_wpa_ie_len
- wpa_ie_len
;
2945 if (wpabuf_len(hs20
) <= len
) {
2946 os_memcpy(wpa_ie
+ wpa_ie_len
,
2947 wpabuf_head(hs20
), wpabuf_len(hs20
));
2948 wpa_ie_len
+= wpabuf_len(hs20
);
2952 hs20_configure_frame_filters(wpa_s
);
2955 #endif /* CONFIG_HS20 */
2957 if (wpa_s
->vendor_elem
[VENDOR_ELEM_ASSOC_REQ
]) {
2958 struct wpabuf
*buf
= wpa_s
->vendor_elem
[VENDOR_ELEM_ASSOC_REQ
];
2961 len
= max_wpa_ie_len
- wpa_ie_len
;
2962 if (wpabuf_len(buf
) <= len
) {
2963 os_memcpy(wpa_ie
+ wpa_ie_len
,
2964 wpabuf_head(buf
), wpabuf_len(buf
));
2965 wpa_ie_len
+= wpabuf_len(buf
);
2970 if (wpa_s
->fst_ies
) {
2971 int fst_ies_len
= wpabuf_len(wpa_s
->fst_ies
);
2973 if (wpa_ie_len
+ fst_ies_len
<= max_wpa_ie_len
) {
2974 os_memcpy(wpa_ie
+ wpa_ie_len
,
2975 wpabuf_head(wpa_s
->fst_ies
), fst_ies_len
);
2976 wpa_ie_len
+= fst_ies_len
;
2979 #endif /* CONFIG_FST */
2982 mbo_ie
= bss
? wpa_bss_get_vendor_ie(bss
, MBO_IE_VENDOR_TYPE
) : NULL
;
2983 if (!wpa_s
->disable_mbo_oce
&& mbo_ie
) {
2986 len
= wpas_mbo_ie(wpa_s
, wpa_ie
+ wpa_ie_len
,
2987 max_wpa_ie_len
- wpa_ie_len
,
2988 !!mbo_attr_from_mbo_ie(mbo_ie
,
2989 OCE_ATTR_ID_CAPA_IND
));
2993 #endif /* CONFIG_MBO */
2996 if (algs
== WPA_AUTH_ALG_FILS
) {
2999 len
= wpas_add_fils_hlp_req(wpa_s
, wpa_ie
+ wpa_ie_len
,
3000 max_wpa_ie_len
- wpa_ie_len
);
3003 #endif /* CONFIG_FILS */
3006 #ifdef CONFIG_TESTING_OPTIONS
3007 if (get_ie_ext(wpa_ie
, wpa_ie_len
, WLAN_EID_EXT_OWE_DH_PARAM
)) {
3008 wpa_printf(MSG_INFO
, "TESTING: Override OWE DH element");
3010 #endif /* CONFIG_TESTING_OPTIONS */
3011 if (algs
== WPA_AUTH_ALG_OPEN
&&
3012 ssid
->key_mgmt
== WPA_KEY_MGMT_OWE
) {
3013 struct wpabuf
*owe_ie
;
3016 if (ssid
->owe_group
) {
3017 group
= ssid
->owe_group
;
3018 } else if (wpa_s
->assoc_status_code
==
3019 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED
) {
3020 if (wpa_s
->last_owe_group
== 19)
3022 else if (wpa_s
->last_owe_group
== 20)
3025 group
= OWE_DH_GROUP
;
3027 group
= OWE_DH_GROUP
;
3030 wpa_s
->last_owe_group
= group
;
3031 wpa_printf(MSG_DEBUG
, "OWE: Try to use group %u", group
);
3032 owe_ie
= owe_build_assoc_req(wpa_s
->wpa
, group
);
3034 wpabuf_len(owe_ie
) <= max_wpa_ie_len
- wpa_ie_len
) {
3035 os_memcpy(wpa_ie
+ wpa_ie_len
,
3036 wpabuf_head(owe_ie
), wpabuf_len(owe_ie
));
3037 wpa_ie_len
+= wpabuf_len(owe_ie
);
3039 wpabuf_free(owe_ie
);
3041 #endif /* CONFIG_OWE */
3044 if (wpa_sm_get_key_mgmt(wpa_s
->wpa
) == WPA_KEY_MGMT_DPP
&&
3045 ssid
->dpp_netaccesskey
) {
3046 dpp_pfs_free(wpa_s
->dpp_pfs
);
3047 wpa_s
->dpp_pfs
= dpp_pfs_init(ssid
->dpp_netaccesskey
,
3048 ssid
->dpp_netaccesskey_len
);
3049 if (!wpa_s
->dpp_pfs
) {
3050 wpa_printf(MSG_DEBUG
, "DPP: Could not initialize PFS");
3051 /* Try to continue without PFS */
3054 if (wpabuf_len(wpa_s
->dpp_pfs
->ie
) <=
3055 max_wpa_ie_len
- wpa_ie_len
) {
3056 os_memcpy(wpa_ie
+ wpa_ie_len
,
3057 wpabuf_head(wpa_s
->dpp_pfs
->ie
),
3058 wpabuf_len(wpa_s
->dpp_pfs
->ie
));
3059 wpa_ie_len
+= wpabuf_len(wpa_s
->dpp_pfs
->ie
);
3063 #endif /* CONFIG_DPP2 */
3065 #ifdef CONFIG_IEEE80211R
3067 * Add MDIE under these conditions: the network profile allows FT,
3068 * the AP supports FT, and the mobility domain ID matches.
3070 if (bss
&& wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s
->wpa
))) {
3071 const u8
*mdie
= wpa_bss_get_ie(bss
, WLAN_EID_MOBILITY_DOMAIN
);
3073 if (mdie
&& mdie
[1] >= MOBILITY_DOMAIN_ID_LEN
) {
3075 const u8
*md
= mdie
+ 2;
3076 const u8
*wpa_md
= wpa_sm_get_ft_md(wpa_s
->wpa
);
3078 if (os_memcmp(md
, wpa_md
,
3079 MOBILITY_DOMAIN_ID_LEN
) == 0) {
3080 /* Add mobility domain IE */
3081 len
= wpa_ft_add_mdie(
3082 wpa_s
->wpa
, wpa_ie
+ wpa_ie_len
,
3083 max_wpa_ie_len
- wpa_ie_len
, mdie
);
3087 if (len
> 0 && wpa_s
->sme
.ft_used
&&
3088 wpa_sm_has_ptk(wpa_s
->wpa
)) {
3089 wpa_dbg(wpa_s
, MSG_DEBUG
,
3090 "SME: Trying to use FT over-the-air");
3091 algs
|= WPA_AUTH_ALG_FT
;
3093 #endif /* CONFIG_SME */
3096 #endif /* CONFIG_IEEE80211R */
3098 #ifdef CONFIG_TESTING_OPTIONS
3099 if (wpa_s
->rsnxe_override_assoc
&&
3100 wpabuf_len(wpa_s
->rsnxe_override_assoc
) <=
3101 max_wpa_ie_len
- wpa_ie_len
) {
3102 wpa_printf(MSG_DEBUG
, "TESTING: RSNXE AssocReq override");
3103 os_memcpy(wpa_ie
+ wpa_ie_len
,
3104 wpabuf_head(wpa_s
->rsnxe_override_assoc
),
3105 wpabuf_len(wpa_s
->rsnxe_override_assoc
));
3106 wpa_ie_len
+= wpabuf_len(wpa_s
->rsnxe_override_assoc
);
3108 #endif /* CONFIG_TESTING_OPTIONS */
3109 if (wpa_s
->rsnxe_len
> 0 &&
3110 wpa_s
->rsnxe_len
<= max_wpa_ie_len
- wpa_ie_len
) {
3111 os_memcpy(wpa_ie
+ wpa_ie_len
, wpa_s
->rsnxe
, wpa_s
->rsnxe_len
);
3112 wpa_ie_len
+= wpa_s
->rsnxe_len
;
3115 if (ssid
->multi_ap_backhaul_sta
) {
3116 size_t multi_ap_ie_len
;
3118 multi_ap_ie_len
= add_multi_ap_ie(wpa_ie
+ wpa_ie_len
,
3119 max_wpa_ie_len
- wpa_ie_len
,
3120 MULTI_AP_BACKHAUL_STA
);
3121 if (multi_ap_ie_len
== 0) {
3122 wpa_printf(MSG_ERROR
,
3123 "Multi-AP: Failed to build Multi-AP IE");
3127 wpa_ie_len
+= multi_ap_ie_len
;
3130 params
->wpa_ie
= wpa_ie
;
3131 params
->wpa_ie_len
= wpa_ie_len
;
3132 params
->auth_alg
= algs
;
3134 *mask
|= WPA_DRV_UPDATE_ASSOC_IES
| WPA_DRV_UPDATE_AUTH_TYPE
;
3141 static void wpas_update_owe_connect_params(struct wpa_supplicant
*wpa_s
)
3143 struct wpa_driver_associate_params params
;
3146 os_memset(¶ms
, 0, sizeof(params
));
3147 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
3148 wpa_s
->current_ssid
, ¶ms
, NULL
);
3152 wpa_drv_update_connect_params(wpa_s
, ¶ms
, WPA_DRV_UPDATE_ASSOC_IES
);
3155 #endif /* CONFIG_OWE */
3158 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
3159 static void wpas_update_fils_connect_params(struct wpa_supplicant
*wpa_s
)
3161 struct wpa_driver_associate_params params
;
3162 enum wpa_drv_update_connect_params_mask mask
= 0;
3165 if (wpa_s
->auth_alg
!= WPA_AUTH_ALG_OPEN
)
3166 return; /* nothing to do */
3168 os_memset(¶ms
, 0, sizeof(params
));
3169 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
3170 wpa_s
->current_ssid
, ¶ms
, &mask
);
3174 if (params
.auth_alg
!= WPA_AUTH_ALG_FILS
) {
3179 wpa_s
->auth_alg
= params
.auth_alg
;
3180 wpa_drv_update_connect_params(wpa_s
, ¶ms
, mask
);
3183 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
3186 static u8
wpa_ie_get_edmg_oper_chans(const u8
*edmg_ie
)
3188 if (!edmg_ie
|| edmg_ie
[1] < 6)
3190 return edmg_ie
[EDMG_BSS_OPERATING_CHANNELS_OFFSET
];
3194 static u8
wpa_ie_get_edmg_oper_chan_width(const u8
*edmg_ie
)
3196 if (!edmg_ie
|| edmg_ie
[1] < 6)
3198 return edmg_ie
[EDMG_OPERATING_CHANNEL_WIDTH_OFFSET
];
3202 /* Returns the intersection of two EDMG configurations.
3203 * Note: The current implementation is limited to CB2 only (CB1 included),
3204 * i.e., the implementation supports up to 2 contiguous channels.
3205 * For supporting non-contiguous (aggregated) channels and for supporting
3206 * CB3 and above, this function will need to be extended.
3208 static struct ieee80211_edmg_config
3209 get_edmg_intersection(struct ieee80211_edmg_config a
,
3210 struct ieee80211_edmg_config b
,
3213 struct ieee80211_edmg_config result
;
3214 int i
, contiguous
= 0;
3215 int max_contiguous
= 0;
3217 result
.channels
= b
.channels
& a
.channels
;
3218 if (!result
.channels
) {
3219 wpa_printf(MSG_DEBUG
,
3220 "EDMG not possible: cannot intersect channels 0x%x and 0x%x",
3221 a
.channels
, b
.channels
);
3225 if (!(result
.channels
& BIT(primary_channel
- 1))) {
3226 wpa_printf(MSG_DEBUG
,
3227 "EDMG not possible: the primary channel %d is not one of the intersected channels 0x%x",
3228 primary_channel
, result
.channels
);
3232 /* Find max contiguous channels */
3233 for (i
= 0; i
< 6; i
++) {
3234 if (result
.channels
& BIT(i
))
3239 if (contiguous
> max_contiguous
)
3240 max_contiguous
= contiguous
;
3243 /* Assuming AP and STA supports ONLY contiguous channels,
3244 * bw configuration can have value between 4-7.
3246 if ((b
.bw_config
< a
.bw_config
))
3247 result
.bw_config
= b
.bw_config
;
3249 result
.bw_config
= a
.bw_config
;
3251 if ((max_contiguous
>= 2 && result
.bw_config
< EDMG_BW_CONFIG_5
) ||
3252 (max_contiguous
>= 1 && result
.bw_config
< EDMG_BW_CONFIG_4
)) {
3253 wpa_printf(MSG_DEBUG
,
3254 "EDMG not possible: not enough contiguous channels %d for supporting CB1 or CB2",
3262 result
.channels
= 0;
3263 result
.bw_config
= 0;
3268 static struct ieee80211_edmg_config
3269 get_supported_edmg(struct wpa_supplicant
*wpa_s
,
3270 struct hostapd_freq_params
*freq
,
3271 struct ieee80211_edmg_config request_edmg
)
3273 enum hostapd_hw_mode hw_mode
;
3274 struct hostapd_hw_modes
*mode
= NULL
;
3277 if (!wpa_s
->hw
.modes
)
3280 hw_mode
= ieee80211_freq_to_chan(freq
->freq
, &primary_channel
);
3281 if (hw_mode
== NUM_HOSTAPD_MODES
)
3284 mode
= get_mode(wpa_s
->hw
.modes
, wpa_s
->hw
.num_modes
, hw_mode
, 0);
3288 return get_edmg_intersection(mode
->edmg
, request_edmg
, primary_channel
);
3291 request_edmg
.channels
= 0;
3292 request_edmg
.bw_config
= 0;
3293 return request_edmg
;
3298 void wpas_update_mbo_connect_params(struct wpa_supplicant
*wpa_s
)
3300 struct wpa_driver_associate_params params
;
3304 * Update MBO connect params only in case of change of MBO attributes
3305 * when connected, if the AP support MBO.
3308 if (wpa_s
->wpa_state
!= WPA_COMPLETED
|| !wpa_s
->current_ssid
||
3309 !wpa_s
->current_bss
||
3310 !wpa_bss_get_vendor_ie(wpa_s
->current_bss
, MBO_IE_VENDOR_TYPE
))
3313 os_memset(¶ms
, 0, sizeof(params
));
3314 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
3315 wpa_s
->current_ssid
, ¶ms
, NULL
);
3319 wpa_drv_update_connect_params(wpa_s
, ¶ms
, WPA_DRV_UPDATE_ASSOC_IES
);
3322 #endif /* CONFIG_MBO */
3325 static void wpas_start_assoc_cb(struct wpa_radio_work
*work
, int deinit
)
3327 struct wpa_connect_work
*cwork
= work
->ctx
;
3328 struct wpa_bss
*bss
= cwork
->bss
;
3329 struct wpa_ssid
*ssid
= cwork
->ssid
;
3330 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
3332 const u8
*edmg_ie_oper
;
3333 int use_crypt
, ret
, bssid_changed
;
3334 unsigned int cipher_pairwise
, cipher_group
, cipher_group_mgmt
;
3335 struct wpa_driver_associate_params params
;
3336 #if defined(CONFIG_WEP) || defined(IEEE8021X_EAPOL)
3337 int wep_keys_set
= 0;
3338 #endif /* CONFIG_WEP || IEEE8021X_EAPOL */
3339 int assoc_failed
= 0;
3340 struct wpa_ssid
*old_ssid
;
3341 u8 prev_bssid
[ETH_ALEN
];
3342 #ifdef CONFIG_HT_OVERRIDES
3343 struct ieee80211_ht_capabilities htcaps
;
3344 struct ieee80211_ht_capabilities htcaps_mask
;
3345 #endif /* CONFIG_HT_OVERRIDES */
3346 #ifdef CONFIG_VHT_OVERRIDES
3347 struct ieee80211_vht_capabilities vhtcaps
;
3348 struct ieee80211_vht_capabilities vhtcaps_mask
;
3349 #endif /* CONFIG_VHT_OVERRIDES */
3352 if (work
->started
) {
3353 wpa_s
->connect_work
= NULL
;
3355 /* cancel possible auth. timeout */
3356 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
,
3359 wpas_connect_work_free(cwork
);
3363 wpa_s
->connect_work
= work
;
3365 if (cwork
->bss_removed
|| !wpas_valid_bss_ssid(wpa_s
, bss
, ssid
) ||
3366 wpas_network_disabled(wpa_s
, ssid
)) {
3367 wpa_dbg(wpa_s
, MSG_DEBUG
, "BSS/SSID entry for association not valid anymore - drop connection attempt");
3368 wpas_connect_work_done(wpa_s
);
3372 os_memcpy(prev_bssid
, wpa_s
->bssid
, ETH_ALEN
);
3373 os_memset(¶ms
, 0, sizeof(params
));
3374 wpa_s
->reassociate
= 0;
3375 wpa_s
->eap_expected_failure
= 0;
3377 (!wpas_driver_bss_selection(wpa_s
) || wpas_wps_searching(wpa_s
))) {
3378 #ifdef CONFIG_IEEE80211R
3379 const u8
*ie
, *md
= NULL
;
3380 #endif /* CONFIG_IEEE80211R */
3381 wpa_msg(wpa_s
, MSG_INFO
, "Trying to associate with " MACSTR
3382 " (SSID='%s' freq=%d MHz)", MAC2STR(bss
->bssid
),
3383 wpa_ssid_txt(bss
->ssid
, bss
->ssid_len
), bss
->freq
);
3384 bssid_changed
= !is_zero_ether_addr(wpa_s
->bssid
);
3385 os_memset(wpa_s
->bssid
, 0, ETH_ALEN
);
3386 os_memcpy(wpa_s
->pending_bssid
, bss
->bssid
, ETH_ALEN
);
3388 wpas_notify_bssid_changed(wpa_s
);
3389 #ifdef CONFIG_IEEE80211R
3390 ie
= wpa_bss_get_ie(bss
, WLAN_EID_MOBILITY_DOMAIN
);
3391 if (ie
&& ie
[1] >= MOBILITY_DOMAIN_ID_LEN
)
3393 wpa_sm_set_ft_params(wpa_s
->wpa
, ie
, ie
? 2 + ie
[1] : 0);
3395 /* Prepare for the next transition */
3396 wpa_ft_prepare_auth_request(wpa_s
->wpa
, ie
);
3398 #endif /* CONFIG_IEEE80211R */
3400 } else if ((ssid
->ssid
== NULL
|| ssid
->ssid_len
== 0) &&
3401 wpa_s
->conf
->ap_scan
== 2 &&
3402 (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
)) {
3403 /* Use ap_scan==1 style network selection to find the network
3405 wpas_connect_work_done(wpa_s
);
3406 wpa_s
->scan_req
= MANUAL_SCAN_REQ
;
3407 wpa_s
->reassociate
= 1;
3408 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3410 #endif /* CONFIG_WPS */
3412 wpa_msg(wpa_s
, MSG_INFO
, "Trying to associate with SSID '%s'",
3413 wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
));
3415 os_memcpy(wpa_s
->pending_bssid
, bss
->bssid
, ETH_ALEN
);
3417 os_memset(wpa_s
->pending_bssid
, 0, ETH_ALEN
);
3420 wpa_supplicant_cancel_sched_scan(wpa_s
);
3422 wpa_supplicant_cancel_scan(wpa_s
);
3424 /* Starting new association, so clear the possibly used WPA IE from the
3425 * previous association. */
3426 wpa_sm_set_assoc_wpa_ie(wpa_s
->wpa
, NULL
, 0);
3427 wpa_sm_set_assoc_rsnxe(wpa_s
->wpa
, NULL
, 0);
3428 wpa_s
->rsnxe_len
= 0;
3430 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, bss
, ssid
, ¶ms
, NULL
);
3432 wpas_connect_work_done(wpa_s
);
3436 wpa_clear_keys(wpa_s
, bss
? bss
->bssid
: NULL
);
3438 cipher_pairwise
= wpa_s
->pairwise_cipher
;
3439 cipher_group
= wpa_s
->group_cipher
;
3440 cipher_group_mgmt
= wpa_s
->mgmt_group_cipher
;
3441 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
||
3442 wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
3443 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
)
3446 if (wpa_set_wep_keys(wpa_s
, ssid
)) {
3450 #endif /* CONFIG_WEP */
3452 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
)
3455 #ifdef IEEE8021X_EAPOL
3456 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
3457 if ((ssid
->eapol_flags
&
3458 (EAPOL_FLAG_REQUIRE_KEY_UNICAST
|
3459 EAPOL_FLAG_REQUIRE_KEY_BROADCAST
)) == 0 &&
3463 /* Assume that dynamic WEP-104 keys will be used and
3464 * set cipher suites in order for drivers to expect
3466 cipher_pairwise
= cipher_group
= WPA_CIPHER_WEP104
;
3469 #endif /* IEEE8021X_EAPOL */
3471 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
) {
3472 /* Set the key before (and later after) association */
3473 wpa_supplicant_set_wpa_none_key(wpa_s
, ssid
);
3476 wpa_supplicant_set_state(wpa_s
, WPA_ASSOCIATING
);
3478 params
.ssid
= bss
->ssid
;
3479 params
.ssid_len
= bss
->ssid_len
;
3480 if (!wpas_driver_bss_selection(wpa_s
) || ssid
->bssid_set
||
3481 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
3482 wpa_printf(MSG_DEBUG
, "Limit connection to BSSID "
3483 MACSTR
" freq=%u MHz based on scan results "
3484 "(bssid_set=%d wps=%d)",
3485 MAC2STR(bss
->bssid
), bss
->freq
,
3487 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
);
3488 params
.bssid
= bss
->bssid
;
3489 params
.freq
.freq
= bss
->freq
;
3491 params
.bssid_hint
= bss
->bssid
;
3492 params
.freq_hint
= bss
->freq
;
3493 params
.pbss
= bss_is_pbss(bss
);
3495 if (ssid
->bssid_hint_set
)
3496 params
.bssid_hint
= ssid
->bssid_hint
;
3498 params
.ssid
= ssid
->ssid
;
3499 params
.ssid_len
= ssid
->ssid_len
;
3500 params
.pbss
= (ssid
->pbss
!= 2) ? ssid
->pbss
: 0;
3503 if (ssid
->mode
== WPAS_MODE_IBSS
&& ssid
->bssid_set
&&
3504 wpa_s
->conf
->ap_scan
== 2) {
3505 params
.bssid
= ssid
->bssid
;
3506 params
.fixed_bssid
= 1;
3509 /* Initial frequency for IBSS/mesh */
3510 if ((ssid
->mode
== WPAS_MODE_IBSS
|| ssid
->mode
== WPAS_MODE_MESH
) &&
3511 ssid
->frequency
> 0 && params
.freq
.freq
== 0)
3512 ibss_mesh_setup_freq(wpa_s
, ssid
, ¶ms
.freq
);
3514 if (ssid
->mode
== WPAS_MODE_IBSS
) {
3515 params
.fixed_freq
= ssid
->fixed_freq
;
3516 if (ssid
->beacon_int
)
3517 params
.beacon_int
= ssid
->beacon_int
;
3519 params
.beacon_int
= wpa_s
->conf
->beacon_int
;
3522 if (bss
&& ssid
->enable_edmg
)
3523 edmg_ie_oper
= get_ie_ext((const u8
*) (bss
+ 1), bss
->ie_len
,
3524 WLAN_EID_EXT_EDMG_OPERATION
);
3526 edmg_ie_oper
= NULL
;
3529 params
.freq
.edmg
.channels
=
3530 wpa_ie_get_edmg_oper_chans(edmg_ie_oper
);
3531 params
.freq
.edmg
.bw_config
=
3532 wpa_ie_get_edmg_oper_chan_width(edmg_ie_oper
);
3533 wpa_printf(MSG_DEBUG
,
3534 "AP supports EDMG channels 0x%x, bw_config %d",
3535 params
.freq
.edmg
.channels
,
3536 params
.freq
.edmg
.bw_config
);
3538 /* User may ask for specific EDMG channel for EDMG connection
3539 * (must be supported by AP)
3541 if (ssid
->edmg_channel
) {
3542 struct ieee80211_edmg_config configured_edmg
;
3543 enum hostapd_hw_mode hw_mode
;
3546 hw_mode
= ieee80211_freq_to_chan(bss
->freq
,
3548 if (hw_mode
== NUM_HOSTAPD_MODES
)
3551 hostapd_encode_edmg_chan(ssid
->enable_edmg
,
3556 if (ieee802_edmg_is_allowed(params
.freq
.edmg
,
3558 params
.freq
.edmg
= configured_edmg
;
3559 wpa_printf(MSG_DEBUG
,
3560 "Use EDMG channel %d for connection",
3561 ssid
->edmg_channel
);
3564 params
.freq
.edmg
.channels
= 0;
3565 params
.freq
.edmg
.bw_config
= 0;
3566 wpa_printf(MSG_WARNING
,
3567 "EDMG channel %d not supported by AP, fallback to DMG",
3568 ssid
->edmg_channel
);
3572 if (params
.freq
.edmg
.channels
) {
3573 wpa_printf(MSG_DEBUG
,
3574 "EDMG before: channels 0x%x, bw_config %d",
3575 params
.freq
.edmg
.channels
,
3576 params
.freq
.edmg
.bw_config
);
3577 params
.freq
.edmg
= get_supported_edmg(wpa_s
,
3580 wpa_printf(MSG_DEBUG
,
3581 "EDMG after: channels 0x%x, bw_config %d",
3582 params
.freq
.edmg
.channels
,
3583 params
.freq
.edmg
.bw_config
);
3587 params
.pairwise_suite
= cipher_pairwise
;
3588 params
.group_suite
= cipher_group
;
3589 params
.mgmt_group_suite
= cipher_group_mgmt
;
3590 params
.key_mgmt_suite
= wpa_s
->key_mgmt
;
3591 params
.wpa_proto
= wpa_s
->wpa_proto
;
3592 wpa_s
->auth_alg
= params
.auth_alg
;
3593 params
.mode
= ssid
->mode
;
3594 params
.bg_scan_period
= ssid
->bg_scan_period
;
3599 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
3600 if (ssid
->wep_key_len
[i
])
3601 params
.wep_key
[i
] = ssid
->wep_key
[i
];
3602 params
.wep_key_len
[i
] = ssid
->wep_key_len
[i
];
3604 params
.wep_tx_keyidx
= ssid
->wep_tx_keyidx
;
3606 #endif /* CONFIG_WEP */
3608 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
) &&
3609 (params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK
||
3610 params
.key_mgmt_suite
== WPA_KEY_MGMT_FT_PSK
)) {
3611 params
.passphrase
= ssid
->passphrase
;
3613 params
.psk
= ssid
->psk
;
3616 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X
) &&
3617 (params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X
||
3618 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SHA256
||
3619 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B
||
3620 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
))
3621 params
.req_handshake_offload
= 1;
3623 if (wpa_s
->conf
->key_mgmt_offload
) {
3624 if (params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X
||
3625 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SHA256
||
3626 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B
||
3627 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
)
3628 params
.req_key_mgmt_offload
=
3629 ssid
->proactive_key_caching
< 0 ?
3630 wpa_s
->conf
->okc
: ssid
->proactive_key_caching
;
3632 params
.req_key_mgmt_offload
= 1;
3634 if ((params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK
||
3635 params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK_SHA256
||
3636 params
.key_mgmt_suite
== WPA_KEY_MGMT_FT_PSK
) &&
3638 params
.psk
= ssid
->psk
;
3641 params
.drop_unencrypted
= use_crypt
;
3643 params
.mgmt_frame_protection
= wpas_get_ssid_pmf(wpa_s
, ssid
);
3644 if (params
.mgmt_frame_protection
!= NO_MGMT_FRAME_PROTECTION
&& bss
) {
3645 const u8
*rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
3646 struct wpa_ie_data ie
;
3647 if (rsn
&& wpa_parse_wpa_ie(rsn
, 2 + rsn
[1], &ie
) == 0 &&
3649 (WPA_CAPABILITY_MFPC
| WPA_CAPABILITY_MFPR
)) {
3650 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected AP supports "
3651 "MFP: require MFP");
3652 params
.mgmt_frame_protection
=
3653 MGMT_FRAME_PROTECTION_REQUIRED
;
3655 } else if (!rsn
&& (ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
) &&
3657 params
.mgmt_frame_protection
= NO_MGMT_FRAME_PROTECTION
;
3658 #endif /* CONFIG_OWE */
3662 params
.p2p
= ssid
->p2p_group
;
3664 if (wpa_s
->p2pdev
->set_sta_uapsd
)
3665 params
.uapsd
= wpa_s
->p2pdev
->sta_uapsd
;
3669 #ifdef CONFIG_HT_OVERRIDES
3670 os_memset(&htcaps
, 0, sizeof(htcaps
));
3671 os_memset(&htcaps_mask
, 0, sizeof(htcaps_mask
));
3672 params
.htcaps
= (u8
*) &htcaps
;
3673 params
.htcaps_mask
= (u8
*) &htcaps_mask
;
3674 wpa_supplicant_apply_ht_overrides(wpa_s
, ssid
, ¶ms
);
3675 #endif /* CONFIG_HT_OVERRIDES */
3676 #ifdef CONFIG_VHT_OVERRIDES
3677 os_memset(&vhtcaps
, 0, sizeof(vhtcaps
));
3678 os_memset(&vhtcaps_mask
, 0, sizeof(vhtcaps_mask
));
3679 params
.vhtcaps
= &vhtcaps
;
3680 params
.vhtcaps_mask
= &vhtcaps_mask
;
3681 wpa_supplicant_apply_vht_overrides(wpa_s
, ssid
, ¶ms
);
3682 #endif /* CONFIG_VHT_OVERRIDES */
3686 * If multi-channel concurrency is not supported, check for any
3687 * frequency conflict. In case of any frequency conflict, remove the
3688 * least prioritized connection.
3690 if (wpa_s
->num_multichan_concurrent
< 2) {
3692 num
= get_shared_radio_freqs(wpa_s
, &freq
, 1);
3693 if (num
> 0 && freq
> 0 && freq
!= params
.freq
.freq
) {
3694 wpa_printf(MSG_DEBUG
,
3695 "Assoc conflicting freq found (%d != %d)",
3696 freq
, params
.freq
.freq
);
3697 if (wpas_p2p_handle_frequency_conflicts(
3698 wpa_s
, params
.freq
.freq
, ssid
) < 0) {
3699 wpas_connect_work_done(wpa_s
);
3705 #endif /* CONFIG_P2P */
3707 if (wpa_s
->reassoc_same_ess
&& !is_zero_ether_addr(prev_bssid
) &&
3708 wpa_s
->current_ssid
)
3709 params
.prev_bssid
= prev_bssid
;
3711 ret
= wpa_drv_associate(wpa_s
, ¶ms
);
3714 wpa_msg(wpa_s
, MSG_INFO
, "Association request to the driver "
3716 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SANE_ERROR_CODES
) {
3718 * The driver is known to mean what is saying, so we
3719 * can stop right here; the association will not
3722 wpas_connection_failed(wpa_s
, wpa_s
->pending_bssid
);
3723 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
3724 os_memset(wpa_s
->pending_bssid
, 0, ETH_ALEN
);
3727 /* try to continue anyway; new association will be tried again
3732 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
) {
3733 /* Set the key after the association just in case association
3734 * cleared the previously configured key. */
3735 wpa_supplicant_set_wpa_none_key(wpa_s
, ssid
);
3736 /* No need to timeout authentication since there is no key
3738 wpa_supplicant_cancel_auth_timeout(wpa_s
);
3739 wpa_supplicant_set_state(wpa_s
, WPA_COMPLETED
);
3740 #ifdef CONFIG_IBSS_RSN
3741 } else if (ssid
->mode
== WPAS_MODE_IBSS
&&
3742 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_NONE
&&
3743 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPA_NONE
) {
3745 * RSN IBSS authentication is per-STA and we can disable the
3746 * per-BSSID authentication.
3748 wpa_supplicant_cancel_auth_timeout(wpa_s
);
3749 #endif /* CONFIG_IBSS_RSN */
3751 /* Timeout for IEEE 802.11 authentication and association */
3755 /* give IBSS a bit more time */
3756 timeout
= ssid
->mode
== WPAS_MODE_IBSS
? 10 : 5;
3757 } else if (wpa_s
->conf
->ap_scan
== 1) {
3758 /* give IBSS a bit more time */
3759 timeout
= ssid
->mode
== WPAS_MODE_IBSS
? 20 : 10;
3761 wpa_supplicant_req_auth_timeout(wpa_s
, timeout
, 0);
3766 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC
)) {
3767 /* Set static WEP keys again */
3768 wpa_set_wep_keys(wpa_s
, ssid
);
3770 #endif /* CONFIG_WEP */
3772 if (wpa_s
->current_ssid
&& wpa_s
->current_ssid
!= ssid
) {
3774 * Do not allow EAP session resumption between different
3775 * network configurations.
3777 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
3779 old_ssid
= wpa_s
->current_ssid
;
3780 wpa_s
->current_ssid
= ssid
;
3782 if (!wpas_driver_bss_selection(wpa_s
) || ssid
->bssid_set
) {
3783 wpa_s
->current_bss
= bss
;
3785 hs20_configure_frame_filters(wpa_s
);
3786 #endif /* CONFIG_HS20 */
3789 wpa_supplicant_rsn_supp_set_config(wpa_s
, wpa_s
->current_ssid
);
3790 wpa_supplicant_initiate_eapol(wpa_s
);
3791 if (old_ssid
!= wpa_s
->current_ssid
)
3792 wpas_notify_network_changed(wpa_s
);
3796 static void wpa_supplicant_clear_connection(struct wpa_supplicant
*wpa_s
,
3799 struct wpa_ssid
*old_ssid
;
3801 wpas_connect_work_done(wpa_s
);
3802 wpa_clear_keys(wpa_s
, addr
);
3803 old_ssid
= wpa_s
->current_ssid
;
3804 wpa_supplicant_mark_disassoc(wpa_s
);
3805 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
3806 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3807 if (old_ssid
!= wpa_s
->current_ssid
)
3808 wpas_notify_network_changed(wpa_s
);
3809 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
3814 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3815 * @wpa_s: Pointer to wpa_supplicant data
3816 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3818 * This function is used to request %wpa_supplicant to deauthenticate from the
3821 void wpa_supplicant_deauthenticate(struct wpa_supplicant
*wpa_s
,
3825 union wpa_event_data event
;
3828 wpa_dbg(wpa_s
, MSG_DEBUG
, "Request to deauthenticate - bssid=" MACSTR
3829 " pending_bssid=" MACSTR
" reason=%d (%s) state=%s",
3830 MAC2STR(wpa_s
->bssid
), MAC2STR(wpa_s
->pending_bssid
),
3831 reason_code
, reason2str(reason_code
),
3832 wpa_supplicant_state_txt(wpa_s
->wpa_state
));
3834 if (!is_zero_ether_addr(wpa_s
->pending_bssid
) &&
3835 (wpa_s
->wpa_state
== WPA_AUTHENTICATING
||
3836 wpa_s
->wpa_state
== WPA_ASSOCIATING
))
3837 addr
= wpa_s
->pending_bssid
;
3838 else if (!is_zero_ether_addr(wpa_s
->bssid
))
3839 addr
= wpa_s
->bssid
;
3840 else if (wpa_s
->wpa_state
== WPA_ASSOCIATING
) {
3842 * When using driver-based BSS selection, we may not know the
3843 * BSSID with which we are currently trying to associate. We
3844 * need to notify the driver of this disconnection even in such
3845 * a case, so use the all zeros address here.
3847 addr
= wpa_s
->bssid
;
3851 if (wpa_s
->enabled_4addr_mode
&& wpa_drv_set_4addr_mode(wpa_s
, 0) == 0)
3852 wpa_s
->enabled_4addr_mode
= 0;
3855 wpa_tdls_teardown_peers(wpa_s
->wpa
);
3856 #endif /* CONFIG_TDLS */
3860 struct mesh_conf
*mconf
;
3862 mconf
= wpa_s
->ifmsh
->mconf
;
3863 wpa_msg(wpa_s
, MSG_INFO
, MESH_GROUP_REMOVED
"%s",
3865 wpas_notify_mesh_group_removed(wpa_s
, mconf
->meshid
,
3866 mconf
->meshid_len
, reason_code
);
3867 wpa_supplicant_leave_mesh(wpa_s
);
3869 #endif /* CONFIG_MESH */
3872 wpa_drv_deauthenticate(wpa_s
, addr
, reason_code
);
3873 os_memset(&event
, 0, sizeof(event
));
3874 event
.deauth_info
.reason_code
= reason_code
;
3875 event
.deauth_info
.locally_generated
= 1;
3876 wpa_supplicant_event(wpa_s
, EVENT_DEAUTH
, &event
);
3881 wpa_supplicant_clear_connection(wpa_s
, addr
);
3885 void wpa_supplicant_reconnect(struct wpa_supplicant
*wpa_s
)
3887 wpa_s
->own_reconnect_req
= 1;
3888 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_UNSPECIFIED
);
3893 static void wpa_supplicant_enable_one_network(struct wpa_supplicant
*wpa_s
,
3894 struct wpa_ssid
*ssid
)
3896 if (!ssid
|| !ssid
->disabled
|| ssid
->disabled
== 2)
3900 ssid
->owe_transition_bss_select_count
= 0;
3901 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
3902 wpas_notify_network_enabled_changed(wpa_s
, ssid
);
3905 * Try to reassociate since there is no current configuration and a new
3906 * network was made available.
3908 if (!wpa_s
->current_ssid
&& !wpa_s
->disconnected
)
3909 wpa_s
->reassociate
= 1;
3914 * wpa_supplicant_add_network - Add a new network
3915 * @wpa_s: wpa_supplicant structure for a network interface
3916 * Returns: The new network configuration or %NULL if operation failed
3918 * This function performs the following operations:
3919 * 1. Adds a new network.
3920 * 2. Send network addition notification.
3921 * 3. Marks the network disabled.
3922 * 4. Set network default parameters.
3924 struct wpa_ssid
* wpa_supplicant_add_network(struct wpa_supplicant
*wpa_s
)
3926 struct wpa_ssid
*ssid
;
3928 ssid
= wpa_config_add_network(wpa_s
->conf
);
3931 wpas_notify_network_added(wpa_s
, ssid
);
3933 wpa_config_set_network_defaults(ssid
);
3940 * wpa_supplicant_remove_network - Remove a configured network based on id
3941 * @wpa_s: wpa_supplicant structure for a network interface
3942 * @id: Unique network id to search for
3943 * Returns: 0 on success, or -1 if the network was not found, -2 if the network
3944 * could not be removed
3946 * This function performs the following operations:
3947 * 1. Removes the network.
3948 * 2. Send network removal notification.
3949 * 3. Update internal state machines.
3950 * 4. Stop any running sched scans.
3952 int wpa_supplicant_remove_network(struct wpa_supplicant
*wpa_s
, int id
)
3954 struct wpa_ssid
*ssid
;
3957 ssid
= wpa_config_get_network(wpa_s
->conf
, id
);
3960 wpas_notify_network_removed(wpa_s
, ssid
);
3962 if (wpa_s
->last_ssid
== ssid
)
3963 wpa_s
->last_ssid
= NULL
;
3965 if (ssid
== wpa_s
->current_ssid
|| !wpa_s
->current_ssid
) {
3967 wpa_s
->sme
.prev_bssid_set
= 0;
3968 #endif /* CONFIG_SME */
3970 * Invalidate the EAP session cache if the current or
3971 * previously used network is removed.
3973 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
3976 if (ssid
== wpa_s
->current_ssid
) {
3977 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
3978 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3980 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
3981 wpa_s
->own_disconnect_req
= 1;
3982 wpa_supplicant_deauthenticate(wpa_s
,
3983 WLAN_REASON_DEAUTH_LEAVING
);
3986 was_disabled
= ssid
->disabled
;
3988 if (wpa_config_remove_network(wpa_s
->conf
, id
) < 0)
3991 if (!was_disabled
&& wpa_s
->sched_scanning
) {
3992 wpa_printf(MSG_DEBUG
,
3993 "Stop ongoing sched_scan to remove network from filters");
3994 wpa_supplicant_cancel_sched_scan(wpa_s
);
3995 wpa_supplicant_req_scan(wpa_s
, 0, 0);
4003 * wpa_supplicant_enable_network - Mark a configured network as enabled
4004 * @wpa_s: wpa_supplicant structure for a network interface
4005 * @ssid: wpa_ssid structure for a configured network or %NULL
4007 * Enables the specified network or all networks if no network specified.
4009 void wpa_supplicant_enable_network(struct wpa_supplicant
*wpa_s
,
4010 struct wpa_ssid
*ssid
)
4013 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
4014 wpa_supplicant_enable_one_network(wpa_s
, ssid
);
4016 wpa_supplicant_enable_one_network(wpa_s
, ssid
);
4018 if (wpa_s
->reassociate
&& !wpa_s
->disconnected
&&
4019 (!wpa_s
->current_ssid
||
4020 wpa_s
->wpa_state
== WPA_DISCONNECTED
||
4021 wpa_s
->wpa_state
== WPA_SCANNING
)) {
4022 if (wpa_s
->sched_scanning
) {
4023 wpa_printf(MSG_DEBUG
, "Stop ongoing sched_scan to add "
4024 "new network to scan filters");
4025 wpa_supplicant_cancel_sched_scan(wpa_s
);
4028 if (wpa_supplicant_fast_associate(wpa_s
) != 1) {
4029 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
4030 wpa_supplicant_req_scan(wpa_s
, 0, 0);
4037 * wpa_supplicant_disable_network - Mark a configured network as disabled
4038 * @wpa_s: wpa_supplicant structure for a network interface
4039 * @ssid: wpa_ssid structure for a configured network or %NULL
4041 * Disables the specified network or all networks if no network specified.
4043 void wpa_supplicant_disable_network(struct wpa_supplicant
*wpa_s
,
4044 struct wpa_ssid
*ssid
)
4046 struct wpa_ssid
*other_ssid
;
4050 if (wpa_s
->sched_scanning
)
4051 wpa_supplicant_cancel_sched_scan(wpa_s
);
4053 for (other_ssid
= wpa_s
->conf
->ssid
; other_ssid
;
4054 other_ssid
= other_ssid
->next
) {
4055 was_disabled
= other_ssid
->disabled
;
4056 if (was_disabled
== 2)
4057 continue; /* do not change persistent P2P group
4060 other_ssid
->disabled
= 1;
4062 if (was_disabled
!= other_ssid
->disabled
)
4063 wpas_notify_network_enabled_changed(
4066 if (wpa_s
->current_ssid
) {
4067 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
4068 wpa_s
->own_disconnect_req
= 1;
4069 wpa_supplicant_deauthenticate(
4070 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
4072 } else if (ssid
->disabled
!= 2) {
4073 if (ssid
== wpa_s
->current_ssid
) {
4074 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
4075 wpa_s
->own_disconnect_req
= 1;
4076 wpa_supplicant_deauthenticate(
4077 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
4080 was_disabled
= ssid
->disabled
;
4084 if (was_disabled
!= ssid
->disabled
) {
4085 wpas_notify_network_enabled_changed(wpa_s
, ssid
);
4086 if (wpa_s
->sched_scanning
) {
4087 wpa_printf(MSG_DEBUG
, "Stop ongoing sched_scan "
4088 "to remove network from filters");
4089 wpa_supplicant_cancel_sched_scan(wpa_s
);
4090 wpa_supplicant_req_scan(wpa_s
, 0, 0);
4098 * wpa_supplicant_select_network - Attempt association with a network
4099 * @wpa_s: wpa_supplicant structure for a network interface
4100 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
4102 void wpa_supplicant_select_network(struct wpa_supplicant
*wpa_s
,
4103 struct wpa_ssid
*ssid
)
4106 struct wpa_ssid
*other_ssid
;
4107 int disconnected
= 0;
4109 if (ssid
&& ssid
!= wpa_s
->current_ssid
&& wpa_s
->current_ssid
) {
4110 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
4111 wpa_s
->own_disconnect_req
= 1;
4112 wpa_supplicant_deauthenticate(
4113 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
4118 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
4121 * Mark all other networks disabled or mark all networks enabled if no
4122 * network specified.
4124 for (other_ssid
= wpa_s
->conf
->ssid
; other_ssid
;
4125 other_ssid
= other_ssid
->next
) {
4126 int was_disabled
= other_ssid
->disabled
;
4127 if (was_disabled
== 2)
4128 continue; /* do not change persistent P2P group data */
4130 other_ssid
->disabled
= ssid
? (ssid
->id
!= other_ssid
->id
) : 0;
4131 if (was_disabled
&& !other_ssid
->disabled
)
4132 wpas_clear_temp_disabled(wpa_s
, other_ssid
, 0);
4134 if (was_disabled
!= other_ssid
->disabled
)
4135 wpas_notify_network_enabled_changed(wpa_s
, other_ssid
);
4138 if (ssid
&& ssid
== wpa_s
->current_ssid
&& wpa_s
->current_ssid
&&
4139 wpa_s
->wpa_state
>= WPA_AUTHENTICATING
) {
4140 /* We are already associated with the selected network */
4141 wpa_printf(MSG_DEBUG
, "Already associated with the "
4142 "selected network - do nothing");
4147 wpa_s
->current_ssid
= ssid
;
4148 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
4149 wpa_s
->connect_without_scan
=
4150 (ssid
->mode
== WPAS_MODE_MESH
) ? ssid
: NULL
;
4153 * Don't optimize next scan freqs since a new ESS has been
4156 os_free(wpa_s
->next_scan_freqs
);
4157 wpa_s
->next_scan_freqs
= NULL
;
4159 wpa_s
->connect_without_scan
= NULL
;
4162 wpa_s
->disconnected
= 0;
4163 wpa_s
->reassociate
= 1;
4164 wpa_s_clear_sae_rejected(wpa_s
);
4165 wpa_s
->last_owe_group
= 0;
4167 ssid
->owe_transition_bss_select_count
= 0;
4168 wpa_s_setup_sae_pt(wpa_s
->conf
, ssid
);
4171 if (wpa_s
->connect_without_scan
||
4172 wpa_supplicant_fast_associate(wpa_s
) != 1) {
4173 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
4174 wpas_scan_reset_sched_scan(wpa_s
);
4175 wpa_supplicant_req_scan(wpa_s
, 0, disconnected
? 100000 : 0);
4179 wpas_notify_network_selected(wpa_s
, ssid
);
4184 * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
4185 * @wpa_s: wpa_supplicant structure for a network interface
4186 * @pkcs11_engine_path: PKCS #11 engine path or NULL
4187 * @pkcs11_module_path: PKCS #11 module path or NULL
4188 * Returns: 0 on success; -1 on failure
4190 * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
4191 * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
4192 * module path fails the paths will be reset to the default value (NULL).
4194 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant
*wpa_s
,
4195 const char *pkcs11_engine_path
,
4196 const char *pkcs11_module_path
)
4198 char *pkcs11_engine_path_copy
= NULL
;
4199 char *pkcs11_module_path_copy
= NULL
;
4201 if (pkcs11_engine_path
!= NULL
) {
4202 pkcs11_engine_path_copy
= os_strdup(pkcs11_engine_path
);
4203 if (pkcs11_engine_path_copy
== NULL
)
4206 if (pkcs11_module_path
!= NULL
) {
4207 pkcs11_module_path_copy
= os_strdup(pkcs11_module_path
);
4208 if (pkcs11_module_path_copy
== NULL
) {
4209 os_free(pkcs11_engine_path_copy
);
4214 os_free(wpa_s
->conf
->pkcs11_engine_path
);
4215 os_free(wpa_s
->conf
->pkcs11_module_path
);
4216 wpa_s
->conf
->pkcs11_engine_path
= pkcs11_engine_path_copy
;
4217 wpa_s
->conf
->pkcs11_module_path
= pkcs11_module_path_copy
;
4219 wpa_sm_set_eapol(wpa_s
->wpa
, NULL
);
4220 eapol_sm_deinit(wpa_s
->eapol
);
4221 wpa_s
->eapol
= NULL
;
4222 if (wpa_supplicant_init_eapol(wpa_s
)) {
4223 /* Error -> Reset paths to the default value (NULL) once. */
4224 if (pkcs11_engine_path
!= NULL
&& pkcs11_module_path
!= NULL
)
4225 wpas_set_pkcs11_engine_and_module_path(wpa_s
, NULL
,
4230 wpa_sm_set_eapol(wpa_s
->wpa
, wpa_s
->eapol
);
4237 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
4238 * @wpa_s: wpa_supplicant structure for a network interface
4239 * @ap_scan: AP scan mode
4240 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
4243 int wpa_supplicant_set_ap_scan(struct wpa_supplicant
*wpa_s
, int ap_scan
)
4248 if (ap_scan
< 0 || ap_scan
> 2)
4251 if (ap_scan
== 2 && os_strcmp(wpa_s
->driver
->name
, "nl80211") == 0) {
4252 wpa_printf(MSG_INFO
,
4253 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4257 if (ap_scan
== 2 && ap_scan
!= wpa_s
->conf
->ap_scan
&&
4258 wpa_s
->wpa_state
>= WPA_ASSOCIATING
&&
4259 wpa_s
->wpa_state
< WPA_COMPLETED
) {
4260 wpa_printf(MSG_ERROR
, "ap_scan = %d (%d) rejected while "
4261 "associating", wpa_s
->conf
->ap_scan
, ap_scan
);
4264 #endif /* ANDROID */
4266 old_ap_scan
= wpa_s
->conf
->ap_scan
;
4267 wpa_s
->conf
->ap_scan
= ap_scan
;
4269 if (old_ap_scan
!= wpa_s
->conf
->ap_scan
)
4270 wpas_notify_ap_scan_changed(wpa_s
);
4277 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
4278 * @wpa_s: wpa_supplicant structure for a network interface
4279 * @expire_age: Expiration age in seconds
4280 * Returns: 0 if succeed or -1 if expire_age has an invalid value
4283 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant
*wpa_s
,
4284 unsigned int bss_expire_age
)
4286 if (bss_expire_age
< 10) {
4287 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid bss expiration age %u",
4291 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting bss expiration age: %d sec",
4293 wpa_s
->conf
->bss_expiration_age
= bss_expire_age
;
4300 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
4301 * @wpa_s: wpa_supplicant structure for a network interface
4302 * @expire_count: number of scans after which an unseen BSS is reclaimed
4303 * Returns: 0 if succeed or -1 if expire_count has an invalid value
4306 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant
*wpa_s
,
4307 unsigned int bss_expire_count
)
4309 if (bss_expire_count
< 1) {
4310 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid bss expiration count %u",
4314 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting bss expiration scan count: %u",
4316 wpa_s
->conf
->bss_expiration_scan_count
= bss_expire_count
;
4323 * wpa_supplicant_set_scan_interval - Set scan interval
4324 * @wpa_s: wpa_supplicant structure for a network interface
4325 * @scan_interval: scan interval in seconds
4326 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
4329 int wpa_supplicant_set_scan_interval(struct wpa_supplicant
*wpa_s
,
4332 if (scan_interval
< 0) {
4333 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid scan interval %d",
4337 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting scan interval: %d sec",
4339 wpa_supplicant_update_scan_int(wpa_s
, scan_interval
);
4346 * wpa_supplicant_set_debug_params - Set global debug params
4347 * @global: wpa_global structure
4348 * @debug_level: debug level
4349 * @debug_timestamp: determines if show timestamp in debug data
4350 * @debug_show_keys: determines if show keys in debug data
4351 * Returns: 0 if succeed or -1 if debug_level has wrong value
4353 int wpa_supplicant_set_debug_params(struct wpa_global
*global
, int debug_level
,
4354 int debug_timestamp
, int debug_show_keys
)
4357 int old_level
, old_timestamp
, old_show_keys
;
4359 /* check for allowed debuglevels */
4360 if (debug_level
!= MSG_EXCESSIVE
&&
4361 debug_level
!= MSG_MSGDUMP
&&
4362 debug_level
!= MSG_DEBUG
&&
4363 debug_level
!= MSG_INFO
&&
4364 debug_level
!= MSG_WARNING
&&
4365 debug_level
!= MSG_ERROR
)
4368 old_level
= wpa_debug_level
;
4369 old_timestamp
= wpa_debug_timestamp
;
4370 old_show_keys
= wpa_debug_show_keys
;
4372 wpa_debug_level
= debug_level
;
4373 wpa_debug_timestamp
= debug_timestamp
? 1 : 0;
4374 wpa_debug_show_keys
= debug_show_keys
? 1 : 0;
4376 if (wpa_debug_level
!= old_level
)
4377 wpas_notify_debug_level_changed(global
);
4378 if (wpa_debug_timestamp
!= old_timestamp
)
4379 wpas_notify_debug_timestamp_changed(global
);
4380 if (wpa_debug_show_keys
!= old_show_keys
)
4381 wpas_notify_debug_show_keys_changed(global
);
4388 static int owe_trans_ssid_match(struct wpa_supplicant
*wpa_s
, const u8
*bssid
,
4389 const u8
*entry_ssid
, size_t entry_ssid_len
)
4391 const u8
*owe
, *pos
, *end
;
4393 struct wpa_bss
*bss
;
4395 /* Check network profile SSID aganst the SSID in the
4396 * OWE Transition Mode element. */
4398 bss
= wpa_bss_get_bssid_latest(wpa_s
, bssid
);
4402 owe
= wpa_bss_get_vendor_ie(bss
, OWE_IE_VENDOR_TYPE
);
4407 end
= owe
+ 2 + owe
[1];
4409 if (end
- pos
< ETH_ALEN
+ 1)
4413 if (end
- pos
< ssid_len
|| ssid_len
> SSID_MAX_LEN
)
4416 return entry_ssid_len
== ssid_len
&&
4417 os_memcmp(pos
, entry_ssid
, ssid_len
) == 0;
4419 #endif /* CONFIG_OWE */
4423 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
4424 * @wpa_s: Pointer to wpa_supplicant data
4425 * Returns: A pointer to the current network structure or %NULL on failure
4427 struct wpa_ssid
* wpa_supplicant_get_ssid(struct wpa_supplicant
*wpa_s
)
4429 struct wpa_ssid
*entry
;
4430 u8 ssid
[SSID_MAX_LEN
];
4436 res
= wpa_drv_get_ssid(wpa_s
, ssid
);
4438 wpa_msg(wpa_s
, MSG_WARNING
, "Could not read SSID from "
4444 if (wpa_drv_get_bssid(wpa_s
, bssid
) < 0) {
4445 wpa_msg(wpa_s
, MSG_WARNING
, "Could not read BSSID from "
4450 wired
= wpa_s
->conf
->ap_scan
== 0 &&
4451 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
);
4453 entry
= wpa_s
->conf
->ssid
;
4455 if (!wpas_network_disabled(wpa_s
, entry
) &&
4456 ((ssid_len
== entry
->ssid_len
&&
4458 os_memcmp(ssid
, entry
->ssid
, ssid_len
) == 0)) ||
4460 (!entry
->bssid_set
||
4461 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4464 if (!wpas_network_disabled(wpa_s
, entry
) &&
4465 (entry
->key_mgmt
& WPA_KEY_MGMT_WPS
) &&
4466 (entry
->ssid
== NULL
|| entry
->ssid_len
== 0) &&
4467 (!entry
->bssid_set
||
4468 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4470 #endif /* CONFIG_WPS */
4473 if (!wpas_network_disabled(wpa_s
, entry
) &&
4474 owe_trans_ssid_match(wpa_s
, bssid
, entry
->ssid
,
4476 (!entry
->bssid_set
||
4477 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4479 #endif /* CONFIG_OWE */
4481 if (!wpas_network_disabled(wpa_s
, entry
) && entry
->bssid_set
&&
4482 entry
->ssid_len
== 0 &&
4483 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0)
4486 entry
= entry
->next
;
4493 static int select_driver(struct wpa_supplicant
*wpa_s
, int i
)
4495 struct wpa_global
*global
= wpa_s
->global
;
4497 if (wpa_drivers
[i
]->global_init
&& global
->drv_priv
[i
] == NULL
) {
4498 global
->drv_priv
[i
] = wpa_drivers
[i
]->global_init(global
);
4499 if (global
->drv_priv
[i
] == NULL
) {
4500 wpa_printf(MSG_ERROR
, "Failed to initialize driver "
4501 "'%s'", wpa_drivers
[i
]->name
);
4506 wpa_s
->driver
= wpa_drivers
[i
];
4507 wpa_s
->global_drv_priv
= global
->drv_priv
[i
];
4513 static int wpa_supplicant_set_driver(struct wpa_supplicant
*wpa_s
,
4518 const char *pos
, *driver
= name
;
4523 if (wpa_drivers
[0] == NULL
) {
4524 wpa_msg(wpa_s
, MSG_ERROR
, "No driver interfaces build into "
4530 /* default to first driver in the list */
4531 return select_driver(wpa_s
, 0);
4535 pos
= os_strchr(driver
, ',');
4539 len
= os_strlen(driver
);
4541 for (i
= 0; wpa_drivers
[i
]; i
++) {
4542 if (os_strlen(wpa_drivers
[i
]->name
) == len
&&
4543 os_strncmp(driver
, wpa_drivers
[i
]->name
, len
) ==
4545 /* First driver that succeeds wins */
4546 if (select_driver(wpa_s
, i
) == 0)
4554 wpa_msg(wpa_s
, MSG_ERROR
, "Unsupported driver '%s'", name
);
4560 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
4561 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
4562 * with struct wpa_driver_ops::init()
4563 * @src_addr: Source address of the EAPOL frame
4564 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
4565 * @len: Length of the EAPOL data
4567 * This function is called for each received EAPOL frame. Most driver
4568 * interfaces rely on more generic OS mechanism for receiving frames through
4569 * l2_packet, but if such a mechanism is not available, the driver wrapper may
4570 * take care of received EAPOL frames and deliver them to the core supplicant
4571 * code by calling this function.
4573 void wpa_supplicant_rx_eapol(void *ctx
, const u8
*src_addr
,
4574 const u8
*buf
, size_t len
)
4576 struct wpa_supplicant
*wpa_s
= ctx
;
4578 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
, MAC2STR(src_addr
));
4579 wpa_hexdump(MSG_MSGDUMP
, "RX EAPOL", buf
, len
);
4581 #ifdef CONFIG_TESTING_OPTIONS
4582 if (wpa_s
->ignore_auth_resp
) {
4583 wpa_printf(MSG_INFO
, "RX EAPOL - ignore_auth_resp active!");
4586 #endif /* CONFIG_TESTING_OPTIONS */
4588 if (wpa_s
->wpa_state
< WPA_ASSOCIATED
||
4589 (wpa_s
->last_eapol_matches_bssid
&&
4592 #endif /* CONFIG_AP */
4593 os_memcmp(src_addr
, wpa_s
->bssid
, ETH_ALEN
) != 0)) {
4595 * There is possible race condition between receiving the
4596 * association event and the EAPOL frame since they are coming
4597 * through different paths from the driver. In order to avoid
4598 * issues in trying to process the EAPOL frame before receiving
4599 * association information, lets queue it for processing until
4600 * the association event is received. This may also be needed in
4601 * driver-based roaming case, so also use src_addr != BSSID as a
4602 * trigger if we have previously confirmed that the
4603 * Authenticator uses BSSID as the src_addr (which is not the
4604 * case with wired IEEE 802.1X).
4606 wpa_dbg(wpa_s
, MSG_DEBUG
, "Not associated - Delay processing "
4607 "of received EAPOL frame (state=%s bssid=" MACSTR
")",
4608 wpa_supplicant_state_txt(wpa_s
->wpa_state
),
4609 MAC2STR(wpa_s
->bssid
));
4610 wpabuf_free(wpa_s
->pending_eapol_rx
);
4611 wpa_s
->pending_eapol_rx
= wpabuf_alloc_copy(buf
, len
);
4612 if (wpa_s
->pending_eapol_rx
) {
4613 os_get_reltime(&wpa_s
->pending_eapol_rx_time
);
4614 os_memcpy(wpa_s
->pending_eapol_rx_src
, src_addr
,
4620 wpa_s
->last_eapol_matches_bssid
=
4621 os_memcmp(src_addr
, wpa_s
->bssid
, ETH_ALEN
) == 0;
4624 if (wpa_s
->ap_iface
) {
4625 wpa_supplicant_ap_rx_eapol(wpa_s
, src_addr
, buf
, len
);
4628 #endif /* CONFIG_AP */
4630 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
) {
4631 wpa_dbg(wpa_s
, MSG_DEBUG
, "Ignored received EAPOL frame since "
4632 "no key management is configured");
4636 if (wpa_s
->eapol_received
== 0 &&
4637 (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
) ||
4638 !wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
4639 wpa_s
->wpa_state
!= WPA_COMPLETED
) &&
4640 (wpa_s
->current_ssid
== NULL
||
4641 wpa_s
->current_ssid
->mode
!= WPAS_MODE_IBSS
)) {
4642 /* Timeout for completing IEEE 802.1X and WPA authentication */
4645 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) ||
4646 wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
||
4647 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
4648 /* Use longer timeout for IEEE 802.1X/EAP */
4653 if (wpa_s
->current_ssid
&& wpa_s
->current_bss
&&
4654 (wpa_s
->current_ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
) &&
4655 eap_is_wps_pin_enrollee(&wpa_s
->current_ssid
->eap
)) {
4657 * Use shorter timeout if going through WPS AP iteration
4658 * for PIN config method with an AP that does not
4659 * advertise Selected Registrar.
4661 struct wpabuf
*wps_ie
;
4663 wps_ie
= wpa_bss_get_vendor_ie_multi(
4664 wpa_s
->current_bss
, WPS_IE_VENDOR_TYPE
);
4666 !wps_is_addr_authorized(wps_ie
, wpa_s
->own_addr
, 1))
4668 wpabuf_free(wps_ie
);
4670 #endif /* CONFIG_WPS */
4672 wpa_supplicant_req_auth_timeout(wpa_s
, timeout
, 0);
4674 wpa_s
->eapol_received
++;
4676 if (wpa_s
->countermeasures
) {
4677 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Countermeasures - dropped "
4682 #ifdef CONFIG_IBSS_RSN
4683 if (wpa_s
->current_ssid
&&
4684 wpa_s
->current_ssid
->mode
== WPAS_MODE_IBSS
) {
4685 ibss_rsn_rx_eapol(wpa_s
->ibss_rsn
, src_addr
, buf
, len
);
4688 #endif /* CONFIG_IBSS_RSN */
4690 /* Source address of the incoming EAPOL frame could be compared to the
4691 * current BSSID. However, it is possible that a centralized
4692 * Authenticator could be using another MAC address than the BSSID of
4693 * an AP, so just allow any address to be used for now. The replies are
4694 * still sent to the current BSSID (if available), though. */
4696 os_memcpy(wpa_s
->last_eapol_src
, src_addr
, ETH_ALEN
);
4697 if (!wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) &&
4698 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_OWE
&&
4699 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_DPP
&&
4700 eapol_sm_rx_eapol(wpa_s
->eapol
, src_addr
, buf
, len
) > 0)
4702 wpa_drv_poll(wpa_s
);
4703 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
))
4704 wpa_sm_rx_eapol(wpa_s
->wpa
, src_addr
, buf
, len
);
4705 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
)) {
4707 * Set portValid = TRUE here since we are going to skip 4-way
4708 * handshake processing which would normally set portValid. We
4709 * need this to allow the EAPOL state machines to be completed
4710 * without going through EAPOL-Key handshake.
4712 eapol_sm_notify_portValid(wpa_s
->eapol
, TRUE
);
4717 int wpa_supplicant_update_mac_addr(struct wpa_supplicant
*wpa_s
)
4719 if ((!wpa_s
->p2p_mgmt
||
4720 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
)) &&
4721 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE
)) {
4722 l2_packet_deinit(wpa_s
->l2
);
4723 wpa_s
->l2
= l2_packet_init(wpa_s
->ifname
,
4724 wpa_drv_get_mac_addr(wpa_s
),
4726 wpa_supplicant_rx_eapol
, wpa_s
, 0);
4727 if (wpa_s
->l2
== NULL
)
4730 if (l2_packet_set_packet_filter(wpa_s
->l2
,
4731 L2_PACKET_FILTER_PKTTYPE
))
4732 wpa_dbg(wpa_s
, MSG_DEBUG
,
4733 "Failed to attach pkt_type filter");
4735 const u8
*addr
= wpa_drv_get_mac_addr(wpa_s
);
4737 os_memcpy(wpa_s
->own_addr
, addr
, ETH_ALEN
);
4740 if (wpa_s
->l2
&& l2_packet_get_own_addr(wpa_s
->l2
, wpa_s
->own_addr
)) {
4741 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to get own L2 address");
4745 wpa_sm_set_own_addr(wpa_s
->wpa
, wpa_s
->own_addr
);
4746 wpas_wps_update_mac_addr(wpa_s
);
4750 fst_update_mac_addr(wpa_s
->fst
, wpa_s
->own_addr
);
4751 #endif /* CONFIG_FST */
4757 static void wpa_supplicant_rx_eapol_bridge(void *ctx
, const u8
*src_addr
,
4758 const u8
*buf
, size_t len
)
4760 struct wpa_supplicant
*wpa_s
= ctx
;
4761 const struct l2_ethhdr
*eth
;
4763 if (len
< sizeof(*eth
))
4765 eth
= (const struct l2_ethhdr
*) buf
;
4767 if (os_memcmp(eth
->h_dest
, wpa_s
->own_addr
, ETH_ALEN
) != 0 &&
4768 !(eth
->h_dest
[0] & 0x01)) {
4769 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
" to " MACSTR
4770 " (bridge - not for this interface - ignore)",
4771 MAC2STR(src_addr
), MAC2STR(eth
->h_dest
));
4775 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
" to " MACSTR
4776 " (bridge)", MAC2STR(src_addr
), MAC2STR(eth
->h_dest
));
4777 wpa_supplicant_rx_eapol(wpa_s
, src_addr
, buf
+ sizeof(*eth
),
4778 len
- sizeof(*eth
));
4783 * wpa_supplicant_driver_init - Initialize driver interface parameters
4784 * @wpa_s: Pointer to wpa_supplicant data
4785 * Returns: 0 on success, -1 on failure
4787 * This function is called to initialize driver interface parameters.
4788 * wpa_drv_init() must have been called before this function to initialize the
4791 int wpa_supplicant_driver_init(struct wpa_supplicant
*wpa_s
)
4793 static int interface_count
= 0;
4795 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0)
4798 wpa_dbg(wpa_s
, MSG_DEBUG
, "Own MAC address: " MACSTR
,
4799 MAC2STR(wpa_s
->own_addr
));
4800 os_memcpy(wpa_s
->perm_addr
, wpa_s
->own_addr
, ETH_ALEN
);
4801 wpa_sm_set_own_addr(wpa_s
->wpa
, wpa_s
->own_addr
);
4803 if (wpa_s
->bridge_ifname
[0]) {
4804 wpa_dbg(wpa_s
, MSG_DEBUG
, "Receiving packets from bridge "
4805 "interface '%s'", wpa_s
->bridge_ifname
);
4806 wpa_s
->l2_br
= l2_packet_init_bridge(
4807 wpa_s
->bridge_ifname
, wpa_s
->ifname
, wpa_s
->own_addr
,
4808 ETH_P_EAPOL
, wpa_supplicant_rx_eapol_bridge
, wpa_s
, 1);
4809 if (wpa_s
->l2_br
== NULL
) {
4810 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to open l2_packet "
4811 "connection for the bridge interface '%s'",
4812 wpa_s
->bridge_ifname
);
4817 if (wpa_s
->conf
->ap_scan
== 2 &&
4818 os_strcmp(wpa_s
->driver
->name
, "nl80211") == 0) {
4819 wpa_printf(MSG_INFO
,
4820 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4823 wpa_clear_keys(wpa_s
, NULL
);
4825 /* Make sure that TKIP countermeasures are not left enabled (could
4826 * happen if wpa_supplicant is killed during countermeasures. */
4827 wpa_drv_set_countermeasures(wpa_s
, 0);
4829 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: flushing PMKID list in the driver");
4830 wpa_drv_flush_pmkid(wpa_s
);
4832 wpa_s
->prev_scan_ssid
= WILDCARD_SSID_SCAN
;
4833 wpa_s
->prev_scan_wildcard
= 0;
4835 if (wpa_supplicant_enabled_networks(wpa_s
)) {
4836 if (wpa_s
->wpa_state
== WPA_INTERFACE_DISABLED
) {
4837 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
4838 interface_count
= 0;
4841 if (!wpa_s
->p2p_mgmt
&&
4842 wpa_supplicant_delayed_sched_scan(wpa_s
,
4843 interface_count
% 3,
4845 wpa_supplicant_req_scan(wpa_s
, interface_count
% 3,
4847 #endif /* ANDROID */
4850 wpa_supplicant_set_state(wpa_s
, WPA_INACTIVE
);
4856 static int wpa_supplicant_daemon(const char *pid_file
)
4858 wpa_printf(MSG_DEBUG
, "Daemonize..");
4859 return os_daemonize(pid_file
);
4863 static struct wpa_supplicant
*
4864 wpa_supplicant_alloc(struct wpa_supplicant
*parent
)
4866 struct wpa_supplicant
*wpa_s
;
4868 wpa_s
= os_zalloc(sizeof(*wpa_s
));
4871 wpa_s
->scan_req
= INITIAL_SCAN_REQ
;
4872 wpa_s
->scan_interval
= 5;
4873 wpa_s
->new_connection
= 1;
4874 wpa_s
->parent
= parent
? parent
: wpa_s
;
4875 wpa_s
->p2pdev
= wpa_s
->parent
;
4876 wpa_s
->sched_scanning
= 0;
4878 dl_list_init(&wpa_s
->bss_tmp_disallowed
);
4879 dl_list_init(&wpa_s
->fils_hlp_req
);
4880 #ifdef CONFIG_TESTING_OPTIONS
4881 dl_list_init(&wpa_s
->drv_signal_override
);
4882 #endif /* CONFIG_TESTING_OPTIONS */
4888 #ifdef CONFIG_HT_OVERRIDES
4890 static int wpa_set_htcap_mcs(struct wpa_supplicant
*wpa_s
,
4891 struct ieee80211_ht_capabilities
*htcaps
,
4892 struct ieee80211_ht_capabilities
*htcaps_mask
,
4895 /* parse ht_mcs into hex array */
4897 const char *tmp
= ht_mcs
;
4900 /* If ht_mcs is null, do not set anything */
4904 /* This is what we are setting in the kernel */
4905 os_memset(&htcaps
->supported_mcs_set
, 0, IEEE80211_HT_MCS_MASK_LEN
);
4907 wpa_msg(wpa_s
, MSG_DEBUG
, "set_htcap, ht_mcs -:%s:-", ht_mcs
);
4909 for (i
= 0; i
< IEEE80211_HT_MCS_MASK_LEN
; i
++) {
4913 v
= strtol(tmp
, &end
, 16);
4916 wpa_msg(wpa_s
, MSG_DEBUG
,
4917 "htcap value[%i]: %ld end: %p tmp: %p",
4922 htcaps
->supported_mcs_set
[i
] = v
;
4925 wpa_msg(wpa_s
, MSG_ERROR
,
4926 "Failed to parse ht-mcs: %s, error: %s\n",
4927 ht_mcs
, strerror(errno
));
4933 * If we were able to parse any values, then set mask for the MCS set.
4936 os_memset(&htcaps_mask
->supported_mcs_set
, 0xff,
4937 IEEE80211_HT_MCS_MASK_LEN
- 1);
4938 /* skip the 3 reserved bits */
4939 htcaps_mask
->supported_mcs_set
[IEEE80211_HT_MCS_MASK_LEN
- 1] =
4947 static int wpa_disable_max_amsdu(struct wpa_supplicant
*wpa_s
,
4948 struct ieee80211_ht_capabilities
*htcaps
,
4949 struct ieee80211_ht_capabilities
*htcaps_mask
,
4957 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_max_amsdu: %d", disabled
);
4959 msk
= host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE
);
4960 htcaps_mask
->ht_capabilities_info
|= msk
;
4962 htcaps
->ht_capabilities_info
&= msk
;
4964 htcaps
->ht_capabilities_info
|= msk
;
4970 static int wpa_set_ampdu_factor(struct wpa_supplicant
*wpa_s
,
4971 struct ieee80211_ht_capabilities
*htcaps
,
4972 struct ieee80211_ht_capabilities
*htcaps_mask
,
4978 wpa_msg(wpa_s
, MSG_DEBUG
, "set_ampdu_factor: %d", factor
);
4980 if (factor
< 0 || factor
> 3) {
4981 wpa_msg(wpa_s
, MSG_ERROR
, "ampdu_factor: %d out of range. "
4982 "Must be 0-3 or -1", factor
);
4986 htcaps_mask
->a_mpdu_params
|= 0x3; /* 2 bits for factor */
4987 htcaps
->a_mpdu_params
&= ~0x3;
4988 htcaps
->a_mpdu_params
|= factor
& 0x3;
4994 static int wpa_set_ampdu_density(struct wpa_supplicant
*wpa_s
,
4995 struct ieee80211_ht_capabilities
*htcaps
,
4996 struct ieee80211_ht_capabilities
*htcaps_mask
,
5002 wpa_msg(wpa_s
, MSG_DEBUG
, "set_ampdu_density: %d", density
);
5004 if (density
< 0 || density
> 7) {
5005 wpa_msg(wpa_s
, MSG_ERROR
,
5006 "ampdu_density: %d out of range. Must be 0-7 or -1.",
5011 htcaps_mask
->a_mpdu_params
|= 0x1C;
5012 htcaps
->a_mpdu_params
&= ~(0x1C);
5013 htcaps
->a_mpdu_params
|= (density
<< 2) & 0x1C;
5019 static int wpa_set_disable_ht40(struct wpa_supplicant
*wpa_s
,
5020 struct ieee80211_ht_capabilities
*htcaps
,
5021 struct ieee80211_ht_capabilities
*htcaps_mask
,
5025 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_ht40: %d", disabled
);
5027 set_disable_ht40(htcaps
, disabled
);
5028 set_disable_ht40(htcaps_mask
, 0);
5034 static int wpa_set_disable_sgi(struct wpa_supplicant
*wpa_s
,
5035 struct ieee80211_ht_capabilities
*htcaps
,
5036 struct ieee80211_ht_capabilities
*htcaps_mask
,
5039 /* Masking these out disables SGI */
5040 le16 msk
= host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ
|
5041 HT_CAP_INFO_SHORT_GI40MHZ
);
5044 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_sgi: %d", disabled
);
5047 htcaps
->ht_capabilities_info
&= ~msk
;
5049 htcaps
->ht_capabilities_info
|= msk
;
5051 htcaps_mask
->ht_capabilities_info
|= msk
;
5057 static int wpa_set_disable_ldpc(struct wpa_supplicant
*wpa_s
,
5058 struct ieee80211_ht_capabilities
*htcaps
,
5059 struct ieee80211_ht_capabilities
*htcaps_mask
,
5062 /* Masking these out disables LDPC */
5063 le16 msk
= host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP
);
5066 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_ldpc: %d", disabled
);
5069 htcaps
->ht_capabilities_info
&= ~msk
;
5071 htcaps
->ht_capabilities_info
|= msk
;
5073 htcaps_mask
->ht_capabilities_info
|= msk
;
5079 static int wpa_set_tx_stbc(struct wpa_supplicant
*wpa_s
,
5080 struct ieee80211_ht_capabilities
*htcaps
,
5081 struct ieee80211_ht_capabilities
*htcaps_mask
,
5084 le16 msk
= host_to_le16(HT_CAP_INFO_TX_STBC
);
5089 wpa_msg(wpa_s
, MSG_DEBUG
, "set_tx_stbc: %d", tx_stbc
);
5091 if (tx_stbc
< 0 || tx_stbc
> 1) {
5092 wpa_msg(wpa_s
, MSG_ERROR
,
5093 "tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc
);
5097 htcaps_mask
->ht_capabilities_info
|= msk
;
5098 htcaps
->ht_capabilities_info
&= ~msk
;
5099 htcaps
->ht_capabilities_info
|= (tx_stbc
<< 7) & msk
;
5105 static int wpa_set_rx_stbc(struct wpa_supplicant
*wpa_s
,
5106 struct ieee80211_ht_capabilities
*htcaps
,
5107 struct ieee80211_ht_capabilities
*htcaps_mask
,
5110 le16 msk
= host_to_le16(HT_CAP_INFO_RX_STBC_MASK
);
5115 wpa_msg(wpa_s
, MSG_DEBUG
, "set_rx_stbc: %d", rx_stbc
);
5117 if (rx_stbc
< 0 || rx_stbc
> 3) {
5118 wpa_msg(wpa_s
, MSG_ERROR
,
5119 "rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc
);
5123 htcaps_mask
->ht_capabilities_info
|= msk
;
5124 htcaps
->ht_capabilities_info
&= ~msk
;
5125 htcaps
->ht_capabilities_info
|= (rx_stbc
<< 8) & msk
;
5131 void wpa_supplicant_apply_ht_overrides(
5132 struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
5133 struct wpa_driver_associate_params
*params
)
5135 struct ieee80211_ht_capabilities
*htcaps
;
5136 struct ieee80211_ht_capabilities
*htcaps_mask
;
5141 params
->disable_ht
= ssid
->disable_ht
;
5142 if (!params
->htcaps
|| !params
->htcaps_mask
)
5145 htcaps
= (struct ieee80211_ht_capabilities
*) params
->htcaps
;
5146 htcaps_mask
= (struct ieee80211_ht_capabilities
*) params
->htcaps_mask
;
5147 wpa_set_htcap_mcs(wpa_s
, htcaps
, htcaps_mask
, ssid
->ht_mcs
);
5148 wpa_disable_max_amsdu(wpa_s
, htcaps
, htcaps_mask
,
5149 ssid
->disable_max_amsdu
);
5150 wpa_set_ampdu_factor(wpa_s
, htcaps
, htcaps_mask
, ssid
->ampdu_factor
);
5151 wpa_set_ampdu_density(wpa_s
, htcaps
, htcaps_mask
, ssid
->ampdu_density
);
5152 wpa_set_disable_ht40(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_ht40
);
5153 wpa_set_disable_sgi(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_sgi
);
5154 wpa_set_disable_ldpc(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_ldpc
);
5155 wpa_set_rx_stbc(wpa_s
, htcaps
, htcaps_mask
, ssid
->rx_stbc
);
5156 wpa_set_tx_stbc(wpa_s
, htcaps
, htcaps_mask
, ssid
->tx_stbc
);
5158 if (ssid
->ht40_intolerant
) {
5159 le16 bit
= host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT
);
5160 htcaps
->ht_capabilities_info
|= bit
;
5161 htcaps_mask
->ht_capabilities_info
|= bit
;
5165 #endif /* CONFIG_HT_OVERRIDES */
5168 #ifdef CONFIG_VHT_OVERRIDES
5169 void wpa_supplicant_apply_vht_overrides(
5170 struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
5171 struct wpa_driver_associate_params
*params
)
5173 struct ieee80211_vht_capabilities
*vhtcaps
;
5174 struct ieee80211_vht_capabilities
*vhtcaps_mask
;
5179 params
->disable_vht
= ssid
->disable_vht
;
5181 vhtcaps
= (void *) params
->vhtcaps
;
5182 vhtcaps_mask
= (void *) params
->vhtcaps_mask
;
5184 if (!vhtcaps
|| !vhtcaps_mask
)
5187 vhtcaps
->vht_capabilities_info
= host_to_le32(ssid
->vht_capa
);
5188 vhtcaps_mask
->vht_capabilities_info
= host_to_le32(ssid
->vht_capa_mask
);
5190 #ifdef CONFIG_HT_OVERRIDES
5191 if (ssid
->disable_sgi
) {
5192 vhtcaps_mask
->vht_capabilities_info
|= (VHT_CAP_SHORT_GI_80
|
5193 VHT_CAP_SHORT_GI_160
);
5194 vhtcaps
->vht_capabilities_info
&= ~(VHT_CAP_SHORT_GI_80
|
5195 VHT_CAP_SHORT_GI_160
);
5196 wpa_msg(wpa_s
, MSG_DEBUG
,
5197 "disable-sgi override specified, vht-caps: 0x%x",
5198 vhtcaps
->vht_capabilities_info
);
5201 /* if max ampdu is <= 3, we have to make the HT cap the same */
5202 if (ssid
->vht_capa_mask
& VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
) {
5205 max_ampdu
= (ssid
->vht_capa
&
5206 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
) >>
5207 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT
;
5209 max_ampdu
= max_ampdu
< 3 ? max_ampdu
: 3;
5210 wpa_set_ampdu_factor(wpa_s
,
5211 (void *) params
->htcaps
,
5212 (void *) params
->htcaps_mask
,
5215 #endif /* CONFIG_HT_OVERRIDES */
5217 #define OVERRIDE_MCS(i) \
5218 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
5219 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
5220 host_to_le16(3 << 2 * (i - 1)); \
5221 vhtcaps->vht_supported_mcs_set.tx_map |= \
5222 host_to_le16(ssid->vht_tx_mcs_nss_ ##i << \
5225 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
5226 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
5227 host_to_le16(3 << 2 * (i - 1)); \
5228 vhtcaps->vht_supported_mcs_set.rx_map |= \
5229 host_to_le16(ssid->vht_rx_mcs_nss_ ##i << \
5242 #endif /* CONFIG_VHT_OVERRIDES */
5245 static int pcsc_reader_init(struct wpa_supplicant
*wpa_s
)
5250 if (!wpa_s
->conf
->pcsc_reader
)
5253 wpa_s
->scard
= scard_init(wpa_s
->conf
->pcsc_reader
);
5257 if (wpa_s
->conf
->pcsc_pin
&&
5258 scard_set_pin(wpa_s
->scard
, wpa_s
->conf
->pcsc_pin
) < 0) {
5259 scard_deinit(wpa_s
->scard
);
5260 wpa_s
->scard
= NULL
;
5261 wpa_msg(wpa_s
, MSG_ERROR
, "PC/SC PIN validation failed");
5265 len
= sizeof(wpa_s
->imsi
) - 1;
5266 if (scard_get_imsi(wpa_s
->scard
, wpa_s
->imsi
, &len
)) {
5267 scard_deinit(wpa_s
->scard
);
5268 wpa_s
->scard
= NULL
;
5269 wpa_msg(wpa_s
, MSG_ERROR
, "Could not read IMSI");
5272 wpa_s
->imsi
[len
] = '\0';
5274 wpa_s
->mnc_len
= scard_get_mnc_len(wpa_s
->scard
);
5276 wpa_printf(MSG_DEBUG
, "SCARD: IMSI %s (MNC length %d)",
5277 wpa_s
->imsi
, wpa_s
->mnc_len
);
5279 wpa_sm_set_scard_ctx(wpa_s
->wpa
, wpa_s
->scard
);
5280 eapol_sm_register_scard_ctx(wpa_s
->eapol
, wpa_s
->scard
);
5281 #endif /* PCSC_FUNCS */
5287 int wpas_init_ext_pw(struct wpa_supplicant
*wpa_s
)
5291 ext_password_deinit(wpa_s
->ext_pw
);
5292 wpa_s
->ext_pw
= NULL
;
5293 eapol_sm_set_ext_pw_ctx(wpa_s
->eapol
, NULL
);
5295 if (!wpa_s
->conf
->ext_password_backend
)
5298 val
= os_strdup(wpa_s
->conf
->ext_password_backend
);
5301 pos
= os_strchr(val
, ':');
5305 wpa_printf(MSG_DEBUG
, "EXT PW: Initialize backend '%s'", val
);
5307 wpa_s
->ext_pw
= ext_password_init(val
, pos
);
5309 if (wpa_s
->ext_pw
== NULL
) {
5310 wpa_printf(MSG_DEBUG
, "EXT PW: Failed to initialize backend");
5313 eapol_sm_set_ext_pw_ctx(wpa_s
->eapol
, wpa_s
->ext_pw
);
5321 static const u8
* wpas_fst_get_bssid_cb(void *ctx
)
5323 struct wpa_supplicant
*wpa_s
= ctx
;
5325 return (is_zero_ether_addr(wpa_s
->bssid
) ||
5326 wpa_s
->wpa_state
!= WPA_COMPLETED
) ? NULL
: wpa_s
->bssid
;
5330 static void wpas_fst_get_channel_info_cb(void *ctx
,
5331 enum hostapd_hw_mode
*hw_mode
,
5334 struct wpa_supplicant
*wpa_s
= ctx
;
5336 if (wpa_s
->current_bss
) {
5337 *hw_mode
= ieee80211_freq_to_chan(wpa_s
->current_bss
->freq
,
5339 } else if (wpa_s
->hw
.num_modes
) {
5340 *hw_mode
= wpa_s
->hw
.modes
[0].mode
;
5348 static int wpas_fst_get_hw_modes(void *ctx
, struct hostapd_hw_modes
**modes
)
5350 struct wpa_supplicant
*wpa_s
= ctx
;
5352 *modes
= wpa_s
->hw
.modes
;
5353 return wpa_s
->hw
.num_modes
;
5357 static void wpas_fst_set_ies_cb(void *ctx
, const struct wpabuf
*fst_ies
)
5359 struct wpa_supplicant
*wpa_s
= ctx
;
5361 wpa_hexdump_buf(MSG_DEBUG
, "FST: Set IEs", fst_ies
);
5362 wpa_s
->fst_ies
= fst_ies
;
5366 static int wpas_fst_send_action_cb(void *ctx
, const u8
*da
, struct wpabuf
*data
)
5368 struct wpa_supplicant
*wpa_s
= ctx
;
5370 if (os_memcmp(wpa_s
->bssid
, da
, ETH_ALEN
) != 0) {
5371 wpa_printf(MSG_INFO
, "FST:%s:bssid=" MACSTR
" != da=" MACSTR
,
5372 __func__
, MAC2STR(wpa_s
->bssid
), MAC2STR(da
));
5375 return wpa_drv_send_action(wpa_s
, wpa_s
->assoc_freq
, 0, wpa_s
->bssid
,
5376 wpa_s
->own_addr
, wpa_s
->bssid
,
5377 wpabuf_head(data
), wpabuf_len(data
),
5382 static const struct wpabuf
* wpas_fst_get_mb_ie_cb(void *ctx
, const u8
*addr
)
5384 struct wpa_supplicant
*wpa_s
= ctx
;
5386 WPA_ASSERT(os_memcmp(wpa_s
->bssid
, addr
, ETH_ALEN
) == 0);
5387 return wpa_s
->received_mb_ies
;
5391 static void wpas_fst_update_mb_ie_cb(void *ctx
, const u8
*addr
,
5392 const u8
*buf
, size_t size
)
5394 struct wpa_supplicant
*wpa_s
= ctx
;
5395 struct mb_ies_info info
;
5397 WPA_ASSERT(os_memcmp(wpa_s
->bssid
, addr
, ETH_ALEN
) == 0);
5399 if (!mb_ies_info_by_ies(&info
, buf
, size
)) {
5400 wpabuf_free(wpa_s
->received_mb_ies
);
5401 wpa_s
->received_mb_ies
= mb_ies_by_info(&info
);
5406 static const u8
* wpas_fst_get_peer_first(void *ctx
,
5407 struct fst_get_peer_ctx
**get_ctx
,
5410 struct wpa_supplicant
*wpa_s
= ctx
;
5413 if (!is_zero_ether_addr(wpa_s
->bssid
))
5414 return (wpa_s
->received_mb_ies
|| !mb_only
) ?
5415 wpa_s
->bssid
: NULL
;
5420 static const u8
* wpas_fst_get_peer_next(void *ctx
,
5421 struct fst_get_peer_ctx
**get_ctx
,
5427 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant
*wpa_s
,
5428 struct fst_wpa_obj
*iface_obj
)
5430 iface_obj
->ctx
= wpa_s
;
5431 iface_obj
->get_bssid
= wpas_fst_get_bssid_cb
;
5432 iface_obj
->get_channel_info
= wpas_fst_get_channel_info_cb
;
5433 iface_obj
->get_hw_modes
= wpas_fst_get_hw_modes
;
5434 iface_obj
->set_ies
= wpas_fst_set_ies_cb
;
5435 iface_obj
->send_action
= wpas_fst_send_action_cb
;
5436 iface_obj
->get_mb_ie
= wpas_fst_get_mb_ie_cb
;
5437 iface_obj
->update_mb_ie
= wpas_fst_update_mb_ie_cb
;
5438 iface_obj
->get_peer_first
= wpas_fst_get_peer_first
;
5439 iface_obj
->get_peer_next
= wpas_fst_get_peer_next
;
5441 #endif /* CONFIG_FST */
5443 static int wpas_set_wowlan_triggers(struct wpa_supplicant
*wpa_s
,
5444 const struct wpa_driver_capa
*capa
)
5446 struct wowlan_triggers
*triggers
;
5449 if (!wpa_s
->conf
->wowlan_triggers
)
5452 triggers
= wpa_get_wowlan_triggers(wpa_s
->conf
->wowlan_triggers
, capa
);
5454 ret
= wpa_drv_wowlan(wpa_s
, triggers
);
5461 enum wpa_radio_work_band
wpas_freq_to_band(int freq
)
5464 return BAND_2_4_GHZ
;
5471 unsigned int wpas_get_bands(struct wpa_supplicant
*wpa_s
, const int *freqs
)
5474 unsigned int band
= 0;
5477 /* freqs are specified for the radio work */
5478 for (i
= 0; freqs
[i
]; i
++)
5479 band
|= wpas_freq_to_band(freqs
[i
]);
5482 * freqs are not specified, implies all
5483 * the supported freqs by HW
5485 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
5486 if (wpa_s
->hw
.modes
[i
].num_channels
!= 0) {
5487 if (wpa_s
->hw
.modes
[i
].mode
==
5488 HOSTAPD_MODE_IEEE80211B
||
5489 wpa_s
->hw
.modes
[i
].mode
==
5490 HOSTAPD_MODE_IEEE80211G
)
5491 band
|= BAND_2_4_GHZ
;
5492 else if (wpa_s
->hw
.modes
[i
].mode
==
5493 HOSTAPD_MODE_IEEE80211A
)
5495 else if (wpa_s
->hw
.modes
[i
].mode
==
5496 HOSTAPD_MODE_IEEE80211AD
)
5497 band
|= BAND_60_GHZ
;
5498 else if (wpa_s
->hw
.modes
[i
].mode
==
5499 HOSTAPD_MODE_IEEE80211ANY
)
5500 band
= BAND_2_4_GHZ
| BAND_5_GHZ
|
5510 static struct wpa_radio
* radio_add_interface(struct wpa_supplicant
*wpa_s
,
5513 struct wpa_supplicant
*iface
= wpa_s
->global
->ifaces
;
5514 struct wpa_radio
*radio
;
5516 while (rn
&& iface
) {
5517 radio
= iface
->radio
;
5518 if (radio
&& os_strcmp(rn
, radio
->name
) == 0) {
5519 wpa_printf(MSG_DEBUG
, "Add interface %s to existing radio %s",
5521 dl_list_add(&radio
->ifaces
, &wpa_s
->radio_list
);
5525 iface
= iface
->next
;
5528 wpa_printf(MSG_DEBUG
, "Add interface %s to a new radio %s",
5529 wpa_s
->ifname
, rn
? rn
: "N/A");
5530 radio
= os_zalloc(sizeof(*radio
));
5535 os_strlcpy(radio
->name
, rn
, sizeof(radio
->name
));
5536 dl_list_init(&radio
->ifaces
);
5537 dl_list_init(&radio
->work
);
5538 dl_list_add(&radio
->ifaces
, &wpa_s
->radio_list
);
5544 static void radio_work_free(struct wpa_radio_work
*work
)
5546 if (work
->wpa_s
->scan_work
== work
) {
5547 /* This should not really happen. */
5548 wpa_dbg(work
->wpa_s
, MSG_INFO
, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
5549 work
->type
, work
, work
->started
);
5550 work
->wpa_s
->scan_work
= NULL
;
5554 if (work
->wpa_s
->p2p_scan_work
== work
) {
5555 /* This should not really happen. */
5556 wpa_dbg(work
->wpa_s
, MSG_INFO
, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
5557 work
->type
, work
, work
->started
);
5558 work
->wpa_s
->p2p_scan_work
= NULL
;
5560 #endif /* CONFIG_P2P */
5562 if (work
->started
) {
5563 work
->wpa_s
->radio
->num_active_works
--;
5564 wpa_dbg(work
->wpa_s
, MSG_DEBUG
,
5565 "radio_work_free('%s'@%p): num_active_works --> %u",
5567 work
->wpa_s
->radio
->num_active_works
);
5570 dl_list_del(&work
->list
);
5575 static int radio_work_is_connect(struct wpa_radio_work
*work
)
5577 return os_strcmp(work
->type
, "sme-connect") == 0 ||
5578 os_strcmp(work
->type
, "connect") == 0;
5582 static int radio_work_is_scan(struct wpa_radio_work
*work
)
5584 return os_strcmp(work
->type
, "scan") == 0 ||
5585 os_strcmp(work
->type
, "p2p-scan") == 0;
5589 static struct wpa_radio_work
* radio_work_get_next_work(struct wpa_radio
*radio
)
5591 struct wpa_radio_work
*active_work
= NULL
;
5592 struct wpa_radio_work
*tmp
;
5594 /* Get the active work to know the type and band. */
5595 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
, list
) {
5603 /* No active work, start one */
5604 radio
->num_active_works
= 0;
5605 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
,
5607 if (os_strcmp(tmp
->type
, "scan") == 0 &&
5608 radio
->external_scan_running
&&
5609 (((struct wpa_driver_scan_params
*)
5610 tmp
->ctx
)->only_new_results
||
5611 tmp
->wpa_s
->clear_driver_scan_cache
))
5618 if (radio_work_is_connect(active_work
)) {
5620 * If the active work is either connect or sme-connect,
5621 * do not parallelize them with other radio works.
5623 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5624 "Do not parallelize radio work with %s",
5629 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
, list
) {
5634 * If connect or sme-connect are enqueued, parallelize only
5635 * those operations ahead of them in the queue.
5637 if (radio_work_is_connect(tmp
))
5640 /* Serialize parallel scan and p2p_scan operations on the same
5641 * interface since the driver_nl80211 mechanism for tracking
5642 * scan cookies does not yet have support for this. */
5643 if (active_work
->wpa_s
== tmp
->wpa_s
&&
5644 radio_work_is_scan(active_work
) &&
5645 radio_work_is_scan(tmp
)) {
5646 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5647 "Do not start work '%s' when another work '%s' is already scheduled",
5648 tmp
->type
, active_work
->type
);
5652 * Check that the radio works are distinct and
5653 * on different bands.
5655 if (os_strcmp(active_work
->type
, tmp
->type
) != 0 &&
5656 (active_work
->bands
!= tmp
->bands
)) {
5658 * If a scan has to be scheduled through nl80211 scan
5659 * interface and if an external scan is already running,
5660 * do not schedule the scan since it is likely to get
5661 * rejected by kernel.
5663 if (os_strcmp(tmp
->type
, "scan") == 0 &&
5664 radio
->external_scan_running
&&
5665 (((struct wpa_driver_scan_params
*)
5666 tmp
->ctx
)->only_new_results
||
5667 tmp
->wpa_s
->clear_driver_scan_cache
))
5670 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5671 "active_work:%s new_work:%s",
5672 active_work
->type
, tmp
->type
);
5677 /* Did not find a radio work to schedule in parallel. */
5682 static void radio_start_next_work(void *eloop_ctx
, void *timeout_ctx
)
5684 struct wpa_radio
*radio
= eloop_ctx
;
5685 struct wpa_radio_work
*work
;
5686 struct os_reltime now
, diff
;
5687 struct wpa_supplicant
*wpa_s
;
5689 work
= dl_list_first(&radio
->work
, struct wpa_radio_work
, list
);
5691 radio
->num_active_works
= 0;
5695 wpa_s
= dl_list_first(&radio
->ifaces
, struct wpa_supplicant
,
5699 wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
)) {
5701 return; /* already started and still in progress */
5703 if (wpa_s
&& wpa_s
->radio
->external_scan_running
) {
5704 wpa_printf(MSG_DEBUG
, "Delay radio work start until externally triggered scan completes");
5709 if (radio
->num_active_works
< MAX_ACTIVE_WORKS
) {
5710 /* get the work to schedule next */
5711 work
= radio_work_get_next_work(radio
);
5717 wpa_s
= work
->wpa_s
;
5718 os_get_reltime(&now
);
5719 os_reltime_sub(&now
, &work
->time
, &diff
);
5720 wpa_dbg(wpa_s
, MSG_DEBUG
,
5721 "Starting radio work '%s'@%p after %ld.%06ld second wait",
5722 work
->type
, work
, diff
.sec
, diff
.usec
);
5725 radio
->num_active_works
++;
5729 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
) &&
5730 radio
->num_active_works
< MAX_ACTIVE_WORKS
)
5731 radio_work_check_next(wpa_s
);
5736 * This function removes both started and pending radio works running on
5737 * the provided interface's radio.
5738 * Prior to the removal of the radio work, its callback (cb) is called with
5739 * deinit set to be 1. Each work's callback is responsible for clearing its
5740 * internal data and restoring to a correct state.
5741 * @wpa_s: wpa_supplicant data
5742 * @type: type of works to be removed
5743 * @remove_all: 1 to remove all the works on this radio, 0 to remove only
5744 * this interface's works.
5746 void radio_remove_works(struct wpa_supplicant
*wpa_s
,
5747 const char *type
, int remove_all
)
5749 struct wpa_radio_work
*work
, *tmp
;
5750 struct wpa_radio
*radio
= wpa_s
->radio
;
5752 dl_list_for_each_safe(work
, tmp
, &radio
->work
, struct wpa_radio_work
,
5754 if (type
&& os_strcmp(type
, work
->type
) != 0)
5757 /* skip other ifaces' works */
5758 if (!remove_all
&& work
->wpa_s
!= wpa_s
)
5761 wpa_dbg(wpa_s
, MSG_DEBUG
, "Remove radio work '%s'@%p%s",
5762 work
->type
, work
, work
->started
? " (started)" : "");
5764 radio_work_free(work
);
5767 /* in case we removed the started work */
5768 radio_work_check_next(wpa_s
);
5772 void radio_remove_pending_work(struct wpa_supplicant
*wpa_s
, void *ctx
)
5774 struct wpa_radio_work
*work
;
5775 struct wpa_radio
*radio
= wpa_s
->radio
;
5777 dl_list_for_each(work
, &radio
->work
, struct wpa_radio_work
, list
) {
5778 if (work
->ctx
!= ctx
)
5780 wpa_dbg(wpa_s
, MSG_DEBUG
, "Free pending radio work '%s'@%p%s",
5781 work
->type
, work
, work
->started
? " (started)" : "");
5782 radio_work_free(work
);
5788 static void radio_remove_interface(struct wpa_supplicant
*wpa_s
)
5790 struct wpa_radio
*radio
= wpa_s
->radio
;
5795 wpa_printf(MSG_DEBUG
, "Remove interface %s from radio %s",
5796 wpa_s
->ifname
, radio
->name
);
5797 dl_list_del(&wpa_s
->radio_list
);
5798 radio_remove_works(wpa_s
, NULL
, 0);
5799 wpa_s
->radio
= NULL
;
5800 if (!dl_list_empty(&radio
->ifaces
))
5801 return; /* Interfaces remain for this radio */
5803 wpa_printf(MSG_DEBUG
, "Remove radio %s", radio
->name
);
5804 eloop_cancel_timeout(radio_start_next_work
, radio
, NULL
);
5809 void radio_work_check_next(struct wpa_supplicant
*wpa_s
)
5811 struct wpa_radio
*radio
= wpa_s
->radio
;
5813 if (dl_list_empty(&radio
->work
))
5815 if (wpa_s
->ext_work_in_progress
) {
5816 wpa_printf(MSG_DEBUG
,
5817 "External radio work in progress - delay start of pending item");
5820 eloop_cancel_timeout(radio_start_next_work
, radio
, NULL
);
5821 eloop_register_timeout(0, 0, radio_start_next_work
, radio
, NULL
);
5826 * radio_add_work - Add a radio work item
5827 * @wpa_s: Pointer to wpa_supplicant data
5828 * @freq: Frequency of the offchannel operation in MHz or 0
5829 * @type: Unique identifier for each type of work
5830 * @next: Force as the next work to be executed
5831 * @cb: Callback function for indicating when radio is available
5832 * @ctx: Context pointer for the work (work->ctx in cb())
5833 * Returns: 0 on success, -1 on failure
5835 * This function is used to request time for an operation that requires
5836 * exclusive radio control. Once the radio is available, the registered callback
5837 * function will be called. radio_work_done() must be called once the exclusive
5838 * radio operation has been completed, so that the radio is freed for other
5839 * operations. The special case of deinit=1 is used to free the context data
5840 * during interface removal. That does not allow the callback function to start
5841 * the radio operation, i.e., it must free any resources allocated for the radio
5844 * The @freq parameter can be used to indicate a single channel on which the
5845 * offchannel operation will occur. This may allow multiple radio work
5846 * operations to be performed in parallel if they apply for the same channel.
5847 * Setting this to 0 indicates that the work item may use multiple channels or
5848 * requires exclusive control of the radio.
5850 int radio_add_work(struct wpa_supplicant
*wpa_s
, unsigned int freq
,
5851 const char *type
, int next
,
5852 void (*cb
)(struct wpa_radio_work
*work
, int deinit
),
5855 struct wpa_radio
*radio
= wpa_s
->radio
;
5856 struct wpa_radio_work
*work
;
5859 work
= os_zalloc(sizeof(*work
));
5862 wpa_dbg(wpa_s
, MSG_DEBUG
, "Add radio work '%s'@%p", type
, work
);
5863 os_get_reltime(&work
->time
);
5866 work
->wpa_s
= wpa_s
;
5871 work
->bands
= wpas_freq_to_band(freq
);
5872 else if (os_strcmp(type
, "scan") == 0 ||
5873 os_strcmp(type
, "p2p-scan") == 0)
5874 work
->bands
= wpas_get_bands(wpa_s
,
5875 ((struct wpa_driver_scan_params
*)
5878 work
->bands
= wpas_get_bands(wpa_s
, NULL
);
5880 was_empty
= dl_list_empty(&wpa_s
->radio
->work
);
5882 dl_list_add(&wpa_s
->radio
->work
, &work
->list
);
5884 dl_list_add_tail(&wpa_s
->radio
->work
, &work
->list
);
5886 wpa_dbg(wpa_s
, MSG_DEBUG
, "First radio work item in the queue - schedule start immediately");
5887 radio_work_check_next(wpa_s
);
5888 } else if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
)
5889 && radio
->num_active_works
< MAX_ACTIVE_WORKS
) {
5890 wpa_dbg(wpa_s
, MSG_DEBUG
,
5891 "Try to schedule a radio work (num_active_works=%u)",
5892 radio
->num_active_works
);
5893 radio_work_check_next(wpa_s
);
5901 * radio_work_done - Indicate that a radio work item has been completed
5902 * @work: Completed work
5904 * This function is called once the callback function registered with
5905 * radio_add_work() has completed its work.
5907 void radio_work_done(struct wpa_radio_work
*work
)
5909 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
5910 struct os_reltime now
, diff
;
5911 unsigned int started
= work
->started
;
5913 os_get_reltime(&now
);
5914 os_reltime_sub(&now
, &work
->time
, &diff
);
5915 wpa_dbg(wpa_s
, MSG_DEBUG
, "Radio work '%s'@%p %s in %ld.%06ld seconds",
5916 work
->type
, work
, started
? "done" : "canceled",
5917 diff
.sec
, diff
.usec
);
5918 radio_work_free(work
);
5920 radio_work_check_next(wpa_s
);
5924 struct wpa_radio_work
*
5925 radio_work_pending(struct wpa_supplicant
*wpa_s
, const char *type
)
5927 struct wpa_radio_work
*work
;
5928 struct wpa_radio
*radio
= wpa_s
->radio
;
5930 dl_list_for_each(work
, &radio
->work
, struct wpa_radio_work
, list
) {
5931 if (work
->wpa_s
== wpa_s
&& os_strcmp(work
->type
, type
) == 0)
5939 static int wpas_init_driver(struct wpa_supplicant
*wpa_s
,
5940 const struct wpa_interface
*iface
)
5942 const char *ifname
, *driver
, *rn
;
5944 driver
= iface
->driver
;
5946 if (wpa_supplicant_set_driver(wpa_s
, driver
) < 0)
5949 wpa_s
->drv_priv
= wpa_drv_init(wpa_s
, wpa_s
->ifname
);
5950 if (wpa_s
->drv_priv
== NULL
) {
5952 pos
= driver
? os_strchr(driver
, ',') : NULL
;
5954 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize "
5955 "driver interface - try next driver wrapper");
5959 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to initialize driver "
5963 if (wpa_drv_set_param(wpa_s
, wpa_s
->conf
->driver_param
) < 0) {
5964 wpa_msg(wpa_s
, MSG_ERROR
, "Driver interface rejected "
5965 "driver_param '%s'", wpa_s
->conf
->driver_param
);
5969 ifname
= wpa_drv_get_ifname(wpa_s
);
5970 if (ifname
&& os_strcmp(ifname
, wpa_s
->ifname
) != 0) {
5971 wpa_dbg(wpa_s
, MSG_DEBUG
, "Driver interface replaced "
5972 "interface name with '%s'", ifname
);
5973 os_strlcpy(wpa_s
->ifname
, ifname
, sizeof(wpa_s
->ifname
));
5976 rn
= wpa_driver_get_radio_name(wpa_s
);
5977 if (rn
&& rn
[0] == '\0')
5980 wpa_s
->radio
= radio_add_interface(wpa_s
, rn
);
5981 if (wpa_s
->radio
== NULL
)
5988 #ifdef CONFIG_GAS_SERVER
5990 static void wpas_gas_server_tx_status(struct wpa_supplicant
*wpa_s
,
5991 unsigned int freq
, const u8
*dst
,
5992 const u8
*src
, const u8
*bssid
,
5993 const u8
*data
, size_t data_len
,
5994 enum offchannel_send_action_result result
)
5996 wpa_printf(MSG_DEBUG
, "GAS: TX status: freq=%u dst=" MACSTR
5999 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
? "SUCCESS" :
6000 (result
== OFFCHANNEL_SEND_ACTION_NO_ACK
? "no-ACK" :
6002 gas_server_tx_status(wpa_s
->gas_server
, dst
, data
, data_len
,
6003 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
);
6007 static void wpas_gas_server_tx(void *ctx
, int freq
, const u8
*da
,
6008 struct wpabuf
*buf
, unsigned int wait_time
)
6010 struct wpa_supplicant
*wpa_s
= ctx
;
6011 const u8 broadcast
[ETH_ALEN
] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
6013 if (wait_time
> wpa_s
->max_remain_on_chan
)
6014 wait_time
= wpa_s
->max_remain_on_chan
;
6016 offchannel_send_action(wpa_s
, freq
, da
, wpa_s
->own_addr
, broadcast
,
6017 wpabuf_head(buf
), wpabuf_len(buf
),
6018 wait_time
, wpas_gas_server_tx_status
, 0);
6021 #endif /* CONFIG_GAS_SERVER */
6023 static int wpa_supplicant_init_iface(struct wpa_supplicant
*wpa_s
,
6024 const struct wpa_interface
*iface
)
6026 struct wpa_driver_capa capa
;
6030 wpa_printf(MSG_DEBUG
, "Initializing interface '%s' conf '%s' driver "
6031 "'%s' ctrl_interface '%s' bridge '%s'", iface
->ifname
,
6032 iface
->confname
? iface
->confname
: "N/A",
6033 iface
->driver
? iface
->driver
: "default",
6034 iface
->ctrl_interface
? iface
->ctrl_interface
: "N/A",
6035 iface
->bridge_ifname
? iface
->bridge_ifname
: "N/A");
6037 if (iface
->confname
) {
6038 #ifdef CONFIG_BACKEND_FILE
6039 wpa_s
->confname
= os_rel2abs_path(iface
->confname
);
6040 if (wpa_s
->confname
== NULL
) {
6041 wpa_printf(MSG_ERROR
, "Failed to get absolute path "
6042 "for configuration file '%s'.",
6046 wpa_printf(MSG_DEBUG
, "Configuration file '%s' -> '%s'",
6047 iface
->confname
, wpa_s
->confname
);
6048 #else /* CONFIG_BACKEND_FILE */
6049 wpa_s
->confname
= os_strdup(iface
->confname
);
6050 #endif /* CONFIG_BACKEND_FILE */
6051 wpa_s
->conf
= wpa_config_read(wpa_s
->confname
, NULL
);
6052 if (wpa_s
->conf
== NULL
) {
6053 wpa_printf(MSG_ERROR
, "Failed to read or parse "
6054 "configuration '%s'.", wpa_s
->confname
);
6057 wpa_s
->confanother
= os_rel2abs_path(iface
->confanother
);
6058 if (wpa_s
->confanother
&&
6059 !wpa_config_read(wpa_s
->confanother
, wpa_s
->conf
)) {
6060 wpa_printf(MSG_ERROR
,
6061 "Failed to read or parse configuration '%s'.",
6062 wpa_s
->confanother
);
6067 * Override ctrl_interface and driver_param if set on command
6070 if (iface
->ctrl_interface
) {
6071 os_free(wpa_s
->conf
->ctrl_interface
);
6072 wpa_s
->conf
->ctrl_interface
=
6073 os_strdup(iface
->ctrl_interface
);
6076 if (iface
->driver_param
) {
6077 os_free(wpa_s
->conf
->driver_param
);
6078 wpa_s
->conf
->driver_param
=
6079 os_strdup(iface
->driver_param
);
6082 if (iface
->p2p_mgmt
&& !iface
->ctrl_interface
) {
6083 os_free(wpa_s
->conf
->ctrl_interface
);
6084 wpa_s
->conf
->ctrl_interface
= NULL
;
6087 wpa_s
->conf
= wpa_config_alloc_empty(iface
->ctrl_interface
,
6088 iface
->driver_param
);
6090 if (wpa_s
->conf
== NULL
) {
6091 wpa_printf(MSG_ERROR
, "\nNo configuration found.");
6095 if (iface
->ifname
== NULL
) {
6096 wpa_printf(MSG_ERROR
, "\nInterface name is required.");
6099 if (os_strlen(iface
->ifname
) >= sizeof(wpa_s
->ifname
)) {
6100 wpa_printf(MSG_ERROR
, "\nToo long interface name '%s'.",
6104 os_strlcpy(wpa_s
->ifname
, iface
->ifname
, sizeof(wpa_s
->ifname
));
6106 if (iface
->bridge_ifname
) {
6107 if (os_strlen(iface
->bridge_ifname
) >=
6108 sizeof(wpa_s
->bridge_ifname
)) {
6109 wpa_printf(MSG_ERROR
, "\nToo long bridge interface "
6110 "name '%s'.", iface
->bridge_ifname
);
6113 os_strlcpy(wpa_s
->bridge_ifname
, iface
->bridge_ifname
,
6114 sizeof(wpa_s
->bridge_ifname
));
6117 /* RSNA Supplicant Key Management - INITIALIZE */
6118 eapol_sm_notify_portEnabled(wpa_s
->eapol
, FALSE
);
6119 eapol_sm_notify_portValid(wpa_s
->eapol
, FALSE
);
6121 /* Initialize driver interface and register driver event handler before
6122 * L2 receive handler so that association events are processed before
6123 * EAPOL-Key packets if both become available for the same select()
6125 if (wpas_init_driver(wpa_s
, iface
) < 0)
6128 if (wpa_supplicant_init_wpa(wpa_s
) < 0)
6131 wpa_sm_set_ifname(wpa_s
->wpa
, wpa_s
->ifname
,
6132 wpa_s
->bridge_ifname
[0] ? wpa_s
->bridge_ifname
:
6134 wpa_sm_set_fast_reauth(wpa_s
->wpa
, wpa_s
->conf
->fast_reauth
);
6136 if (wpa_s
->conf
->dot11RSNAConfigPMKLifetime
&&
6137 wpa_sm_set_param(wpa_s
->wpa
, RSNA_PMK_LIFETIME
,
6138 wpa_s
->conf
->dot11RSNAConfigPMKLifetime
)) {
6139 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
6140 "dot11RSNAConfigPMKLifetime");
6144 if (wpa_s
->conf
->dot11RSNAConfigPMKReauthThreshold
&&
6145 wpa_sm_set_param(wpa_s
->wpa
, RSNA_PMK_REAUTH_THRESHOLD
,
6146 wpa_s
->conf
->dot11RSNAConfigPMKReauthThreshold
)) {
6147 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
6148 "dot11RSNAConfigPMKReauthThreshold");
6152 if (wpa_s
->conf
->dot11RSNAConfigSATimeout
&&
6153 wpa_sm_set_param(wpa_s
->wpa
, RSNA_SA_TIMEOUT
,
6154 wpa_s
->conf
->dot11RSNAConfigSATimeout
)) {
6155 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
6156 "dot11RSNAConfigSATimeout");
6160 wpa_s
->hw
.modes
= wpa_drv_get_hw_feature_data(wpa_s
,
6161 &wpa_s
->hw
.num_modes
,
6164 if (wpa_s
->hw
.modes
) {
6167 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
6168 if (wpa_s
->hw
.modes
[i
].vht_capab
) {
6169 wpa_s
->hw_capab
= CAPAB_VHT
;
6173 if (wpa_s
->hw
.modes
[i
].ht_capab
&
6174 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET
)
6175 wpa_s
->hw_capab
= CAPAB_HT40
;
6176 else if (wpa_s
->hw
.modes
[i
].ht_capab
&&
6177 wpa_s
->hw_capab
== CAPAB_NO_HT_VHT
)
6178 wpa_s
->hw_capab
= CAPAB_HT
;
6182 capa_res
= wpa_drv_get_capa(wpa_s
, &capa
);
6183 if (capa_res
== 0) {
6184 wpa_s
->drv_capa_known
= 1;
6185 wpa_s
->drv_flags
= capa
.flags
;
6186 wpa_s
->drv_enc
= capa
.enc
;
6187 wpa_s
->drv_rrm_flags
= capa
.rrm_flags
;
6188 wpa_s
->probe_resp_offloads
= capa
.probe_resp_offloads
;
6189 wpa_s
->max_scan_ssids
= capa
.max_scan_ssids
;
6190 wpa_s
->max_sched_scan_ssids
= capa
.max_sched_scan_ssids
;
6191 wpa_s
->max_sched_scan_plans
= capa
.max_sched_scan_plans
;
6192 wpa_s
->max_sched_scan_plan_interval
=
6193 capa
.max_sched_scan_plan_interval
;
6194 wpa_s
->max_sched_scan_plan_iterations
=
6195 capa
.max_sched_scan_plan_iterations
;
6196 wpa_s
->sched_scan_supported
= capa
.sched_scan_supported
;
6197 wpa_s
->max_match_sets
= capa
.max_match_sets
;
6198 wpa_s
->max_remain_on_chan
= capa
.max_remain_on_chan
;
6199 wpa_s
->max_stations
= capa
.max_stations
;
6200 wpa_s
->extended_capa
= capa
.extended_capa
;
6201 wpa_s
->extended_capa_mask
= capa
.extended_capa_mask
;
6202 wpa_s
->extended_capa_len
= capa
.extended_capa_len
;
6203 wpa_s
->num_multichan_concurrent
=
6204 capa
.num_multichan_concurrent
;
6205 wpa_s
->wmm_ac_supported
= capa
.wmm_ac_supported
;
6207 if (capa
.mac_addr_rand_scan_supported
)
6208 wpa_s
->mac_addr_rand_supported
|= MAC_ADDR_RAND_SCAN
;
6209 if (wpa_s
->sched_scan_supported
&&
6210 capa
.mac_addr_rand_sched_scan_supported
)
6211 wpa_s
->mac_addr_rand_supported
|=
6212 (MAC_ADDR_RAND_SCHED_SCAN
| MAC_ADDR_RAND_PNO
);
6214 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_STATION
);
6215 if (wpa_s
->extended_capa
&&
6216 wpa_s
->extended_capa_len
>= 3 &&
6217 wpa_s
->extended_capa
[2] & 0x40)
6218 wpa_s
->multi_bss_support
= 1;
6220 if (wpa_s
->max_remain_on_chan
== 0)
6221 wpa_s
->max_remain_on_chan
= 1000;
6224 * Only take p2p_mgmt parameters when P2P Device is supported.
6225 * Doing it here as it determines whether l2_packet_init() will be done
6226 * during wpa_supplicant_driver_init().
6228 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
)
6229 wpa_s
->p2p_mgmt
= iface
->p2p_mgmt
;
6231 if (wpa_s
->num_multichan_concurrent
== 0)
6232 wpa_s
->num_multichan_concurrent
= 1;
6234 if (wpa_supplicant_driver_init(wpa_s
) < 0)
6238 if (!iface
->p2p_mgmt
&& wpa_tdls_init(wpa_s
->wpa
))
6240 #endif /* CONFIG_TDLS */
6242 if (wpa_s
->conf
->country
[0] && wpa_s
->conf
->country
[1] &&
6243 wpa_drv_set_country(wpa_s
, wpa_s
->conf
->country
)) {
6244 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to set country");
6249 if (wpa_s
->conf
->fst_group_id
) {
6250 struct fst_iface_cfg cfg
;
6251 struct fst_wpa_obj iface_obj
;
6253 fst_wpa_supplicant_fill_iface_obj(wpa_s
, &iface_obj
);
6254 os_strlcpy(cfg
.group_id
, wpa_s
->conf
->fst_group_id
,
6255 sizeof(cfg
.group_id
));
6256 cfg
.priority
= wpa_s
->conf
->fst_priority
;
6257 cfg
.llt
= wpa_s
->conf
->fst_llt
;
6259 wpa_s
->fst
= fst_attach(wpa_s
->ifname
, wpa_s
->own_addr
,
6262 wpa_msg(wpa_s
, MSG_ERROR
,
6263 "FST: Cannot attach iface %s to group %s",
6264 wpa_s
->ifname
, cfg
.group_id
);
6268 #endif /* CONFIG_FST */
6270 if (wpas_wps_init(wpa_s
))
6273 #ifdef CONFIG_GAS_SERVER
6274 wpa_s
->gas_server
= gas_server_init(wpa_s
, wpas_gas_server_tx
);
6275 if (!wpa_s
->gas_server
) {
6276 wpa_printf(MSG_ERROR
, "Failed to initialize GAS server");
6279 #endif /* CONFIG_GAS_SERVER */
6282 if (wpas_dpp_init(wpa_s
) < 0)
6284 #endif /* CONFIG_DPP */
6286 if (wpa_supplicant_init_eapol(wpa_s
) < 0)
6288 wpa_sm_set_eapol(wpa_s
->wpa
, wpa_s
->eapol
);
6290 wpa_s
->ctrl_iface
= wpa_supplicant_ctrl_iface_init(wpa_s
);
6291 if (wpa_s
->ctrl_iface
== NULL
) {
6292 wpa_printf(MSG_ERROR
,
6293 "Failed to initialize control interface '%s'.\n"
6294 "You may have another wpa_supplicant process "
6295 "already running or the file was\n"
6296 "left by an unclean termination of wpa_supplicant "
6297 "in which case you will need\n"
6298 "to manually remove this file before starting "
6299 "wpa_supplicant again.\n",
6300 wpa_s
->conf
->ctrl_interface
);
6304 wpa_s
->gas
= gas_query_init(wpa_s
);
6305 if (wpa_s
->gas
== NULL
) {
6306 wpa_printf(MSG_ERROR
, "Failed to initialize GAS query");
6310 if ((!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
) ||
6312 wpas_p2p_init(wpa_s
->global
, wpa_s
) < 0) {
6313 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to init P2P");
6317 if (wpa_bss_init(wpa_s
) < 0)
6320 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
6322 dl_list_init(&wpa_s
->mesh_external_pmksa_cache
);
6323 #endif /* CONFIG_MESH */
6324 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
6327 * Set Wake-on-WLAN triggers, if configured.
6328 * Note: We don't restore/remove the triggers on shutdown (it doesn't
6329 * have effect anyway when the interface is down).
6331 if (capa_res
== 0 && wpas_set_wowlan_triggers(wpa_s
, &capa
) < 0)
6334 #ifdef CONFIG_EAP_PROXY
6337 wpa_s
->mnc_len
= eapol_sm_get_eap_proxy_imsi(wpa_s
->eapol
, -1,
6339 if (wpa_s
->mnc_len
> 0) {
6340 wpa_s
->imsi
[len
] = '\0';
6341 wpa_printf(MSG_DEBUG
, "eap_proxy: IMSI %s (MNC length %d)",
6342 wpa_s
->imsi
, wpa_s
->mnc_len
);
6344 wpa_printf(MSG_DEBUG
, "eap_proxy: IMSI not available");
6347 #endif /* CONFIG_EAP_PROXY */
6349 if (pcsc_reader_init(wpa_s
) < 0)
6352 if (wpas_init_ext_pw(wpa_s
) < 0)
6355 wpas_rrm_reset(wpa_s
);
6357 wpas_sched_scan_plans_set(wpa_s
, wpa_s
->conf
->sched_scan_plans
);
6361 #endif /* CONFIG_HS20 */
6363 if (!wpa_s
->disable_mbo_oce
&& wpa_s
->conf
->oce
) {
6364 if ((wpa_s
->conf
->oce
& OCE_STA
) &&
6365 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OCE_STA
))
6366 wpa_s
->enable_oce
= OCE_STA
;
6367 if ((wpa_s
->conf
->oce
& OCE_STA_CFON
) &&
6368 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OCE_STA_CFON
)) {
6369 /* TODO: Need to add STA-CFON support */
6370 wpa_printf(MSG_ERROR
,
6371 "OCE STA-CFON feature is not yet supported");
6374 wpas_mbo_update_non_pref_chan(wpa_s
, wpa_s
->conf
->non_pref_chan
);
6375 #endif /* CONFIG_MBO */
6377 wpa_supplicant_set_default_scan_ies(wpa_s
);
6383 static void wpa_supplicant_deinit_iface(struct wpa_supplicant
*wpa_s
,
6384 int notify
, int terminate
)
6386 struct wpa_global
*global
= wpa_s
->global
;
6387 struct wpa_supplicant
*iface
, *prev
;
6389 if (wpa_s
== wpa_s
->parent
)
6390 wpas_p2p_group_remove(wpa_s
, "*");
6392 iface
= global
->ifaces
;
6394 if (iface
->p2pdev
== wpa_s
)
6395 iface
->p2pdev
= iface
->parent
;
6396 if (iface
== wpa_s
|| iface
->parent
!= wpa_s
) {
6397 iface
= iface
->next
;
6400 wpa_printf(MSG_DEBUG
,
6401 "Remove remaining child interface %s from parent %s",
6402 iface
->ifname
, wpa_s
->ifname
);
6404 iface
= iface
->next
;
6405 wpa_supplicant_remove_iface(global
, prev
, terminate
);
6408 wpa_s
->disconnected
= 1;
6409 if (wpa_s
->drv_priv
) {
6410 /* Don't deauthenticate if WoWLAN is enabled */
6411 if (!wpa_drv_get_wowlan(wpa_s
)) {
6412 wpa_supplicant_deauthenticate(
6413 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
6415 wpa_drv_set_countermeasures(wpa_s
, 0);
6416 wpa_clear_keys(wpa_s
, NULL
);
6418 wpa_msg(wpa_s
, MSG_INFO
,
6419 "Do not deauthenticate as part of interface deinit since WoWLAN is enabled");
6423 wpa_supplicant_cleanup(wpa_s
);
6424 wpas_p2p_deinit_iface(wpa_s
);
6426 wpas_ctrl_radio_work_flush(wpa_s
);
6427 radio_remove_interface(wpa_s
);
6431 fst_detach(wpa_s
->fst
);
6434 if (wpa_s
->received_mb_ies
) {
6435 wpabuf_free(wpa_s
->received_mb_ies
);
6436 wpa_s
->received_mb_ies
= NULL
;
6438 #endif /* CONFIG_FST */
6440 if (wpa_s
->drv_priv
)
6441 wpa_drv_deinit(wpa_s
);
6444 wpas_notify_iface_removed(wpa_s
);
6447 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_TERMINATING
);
6449 if (wpa_s
->ctrl_iface
) {
6450 wpa_supplicant_ctrl_iface_deinit(wpa_s
->ctrl_iface
);
6451 wpa_s
->ctrl_iface
= NULL
;
6456 wpa_supplicant_mesh_iface_deinit(wpa_s
, wpa_s
->ifmsh
);
6457 wpa_s
->ifmsh
= NULL
;
6459 #endif /* CONFIG_MESH */
6461 if (wpa_s
->conf
!= NULL
) {
6462 wpa_config_free(wpa_s
->conf
);
6466 os_free(wpa_s
->ssids_from_scan_req
);
6467 os_free(wpa_s
->last_scan_freqs
);
6473 #ifdef CONFIG_MATCH_IFACE
6476 * wpa_supplicant_match_iface - Match an interface description to a name
6477 * @global: Pointer to global data from wpa_supplicant_init()
6478 * @ifname: Name of the interface to match
6479 * Returns: Pointer to the created interface description or %NULL on failure
6481 struct wpa_interface
* wpa_supplicant_match_iface(struct wpa_global
*global
,
6485 struct wpa_interface
*iface
, *miface
;
6487 for (i
= 0; i
< global
->params
.match_iface_count
; i
++) {
6488 miface
= &global
->params
.match_ifaces
[i
];
6489 if (!miface
->ifname
||
6490 fnmatch(miface
->ifname
, ifname
, 0) == 0) {
6491 iface
= os_zalloc(sizeof(*iface
));
6495 iface
->ifname
= ifname
;
6505 * wpa_supplicant_match_existing - Match existing interfaces
6506 * @global: Pointer to global data from wpa_supplicant_init()
6507 * Returns: 0 on success, -1 on failure
6509 static int wpa_supplicant_match_existing(struct wpa_global
*global
)
6511 struct if_nameindex
*ifi
, *ifp
;
6512 struct wpa_supplicant
*wpa_s
;
6513 struct wpa_interface
*iface
;
6515 ifp
= if_nameindex();
6517 wpa_printf(MSG_ERROR
, "if_nameindex: %s", strerror(errno
));
6521 for (ifi
= ifp
; ifi
->if_name
; ifi
++) {
6522 wpa_s
= wpa_supplicant_get_iface(global
, ifi
->if_name
);
6525 iface
= wpa_supplicant_match_iface(global
, ifi
->if_name
);
6527 wpa_s
= wpa_supplicant_add_iface(global
, iface
, NULL
);
6534 if_freenameindex(ifp
);
6538 #endif /* CONFIG_MATCH_IFACE */
6542 * wpa_supplicant_add_iface - Add a new network interface
6543 * @global: Pointer to global data from wpa_supplicant_init()
6544 * @iface: Interface configuration options
6545 * @parent: Parent interface or %NULL to assign new interface as parent
6546 * Returns: Pointer to the created interface or %NULL on failure
6548 * This function is used to add new network interfaces for %wpa_supplicant.
6549 * This can be called before wpa_supplicant_run() to add interfaces before the
6550 * main event loop has been started. In addition, new interfaces can be added
6551 * dynamically while %wpa_supplicant is already running. This could happen,
6552 * e.g., when a hotplug network adapter is inserted.
6554 struct wpa_supplicant
* wpa_supplicant_add_iface(struct wpa_global
*global
,
6555 struct wpa_interface
*iface
,
6556 struct wpa_supplicant
*parent
)
6558 struct wpa_supplicant
*wpa_s
;
6559 struct wpa_interface t_iface
;
6560 struct wpa_ssid
*ssid
;
6562 if (global
== NULL
|| iface
== NULL
)
6565 wpa_s
= wpa_supplicant_alloc(parent
);
6569 wpa_s
->global
= global
;
6572 if (global
->params
.override_driver
) {
6573 wpa_printf(MSG_DEBUG
, "Override interface parameter: driver "
6575 iface
->driver
, global
->params
.override_driver
);
6576 t_iface
.driver
= global
->params
.override_driver
;
6578 if (global
->params
.override_ctrl_interface
) {
6579 wpa_printf(MSG_DEBUG
, "Override interface parameter: "
6580 "ctrl_interface ('%s' -> '%s')",
6581 iface
->ctrl_interface
,
6582 global
->params
.override_ctrl_interface
);
6583 t_iface
.ctrl_interface
=
6584 global
->params
.override_ctrl_interface
;
6586 if (wpa_supplicant_init_iface(wpa_s
, &t_iface
)) {
6587 wpa_printf(MSG_DEBUG
, "Failed to add interface %s",
6589 wpa_supplicant_deinit_iface(wpa_s
, 0, 0);
6593 if (iface
->p2p_mgmt
== 0) {
6594 /* Notify the control interfaces about new iface */
6595 if (wpas_notify_iface_added(wpa_s
)) {
6596 wpa_supplicant_deinit_iface(wpa_s
, 1, 0);
6600 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
6601 wpas_notify_network_added(wpa_s
, ssid
);
6604 wpa_s
->next
= global
->ifaces
;
6605 global
->ifaces
= wpa_s
;
6607 wpa_dbg(wpa_s
, MSG_DEBUG
, "Added interface %s", wpa_s
->ifname
);
6608 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
6611 if (wpa_s
->global
->p2p
== NULL
&&
6612 !wpa_s
->global
->p2p_disabled
&& !wpa_s
->conf
->p2p_disabled
&&
6613 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
) &&
6614 wpas_p2p_add_p2pdev_interface(
6615 wpa_s
, wpa_s
->global
->params
.conf_p2p_dev
) < 0) {
6616 wpa_printf(MSG_INFO
,
6617 "P2P: Failed to enable P2P Device interface");
6618 /* Try to continue without. P2P will be disabled. */
6620 #endif /* CONFIG_P2P */
6627 * wpa_supplicant_remove_iface - Remove a network interface
6628 * @global: Pointer to global data from wpa_supplicant_init()
6629 * @wpa_s: Pointer to the network interface to be removed
6630 * Returns: 0 if interface was removed, -1 if interface was not found
6632 * This function can be used to dynamically remove network interfaces from
6633 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
6634 * addition, this function is used to remove all remaining interfaces when
6635 * %wpa_supplicant is terminated.
6637 int wpa_supplicant_remove_iface(struct wpa_global
*global
,
6638 struct wpa_supplicant
*wpa_s
,
6641 struct wpa_supplicant
*prev
;
6643 unsigned int mesh_if_created
= wpa_s
->mesh_if_created
;
6644 char *ifname
= NULL
;
6645 struct wpa_supplicant
*parent
= wpa_s
->parent
;
6646 #endif /* CONFIG_MESH */
6648 /* Remove interface from the global list of interfaces */
6649 prev
= global
->ifaces
;
6650 if (prev
== wpa_s
) {
6651 global
->ifaces
= wpa_s
->next
;
6653 while (prev
&& prev
->next
!= wpa_s
)
6657 prev
->next
= wpa_s
->next
;
6660 wpa_dbg(wpa_s
, MSG_DEBUG
, "Removing interface %s", wpa_s
->ifname
);
6663 if (mesh_if_created
) {
6664 ifname
= os_strdup(wpa_s
->ifname
);
6665 if (ifname
== NULL
) {
6666 wpa_dbg(wpa_s
, MSG_ERROR
,
6667 "mesh: Failed to malloc ifname");
6671 #endif /* CONFIG_MESH */
6673 if (global
->p2p_group_formation
== wpa_s
)
6674 global
->p2p_group_formation
= NULL
;
6675 if (global
->p2p_invite_group
== wpa_s
)
6676 global
->p2p_invite_group
= NULL
;
6677 wpa_supplicant_deinit_iface(wpa_s
, 1, terminate
);
6680 if (mesh_if_created
) {
6681 wpa_drv_if_remove(parent
, WPA_IF_MESH
, ifname
);
6684 #endif /* CONFIG_MESH */
6691 * wpa_supplicant_get_eap_mode - Get the current EAP mode
6692 * @wpa_s: Pointer to the network interface
6693 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
6695 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant
*wpa_s
)
6697 const char *eapol_method
;
6699 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) == 0 &&
6700 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
6704 eapol_method
= eapol_sm_get_method_name(wpa_s
->eapol
);
6705 if (eapol_method
== NULL
)
6706 return "UNKNOWN-EAP";
6708 return eapol_method
;
6713 * wpa_supplicant_get_iface - Get a new network interface
6714 * @global: Pointer to global data from wpa_supplicant_init()
6715 * @ifname: Interface name
6716 * Returns: Pointer to the interface or %NULL if not found
6718 struct wpa_supplicant
* wpa_supplicant_get_iface(struct wpa_global
*global
,
6721 struct wpa_supplicant
*wpa_s
;
6723 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
6724 if (os_strcmp(wpa_s
->ifname
, ifname
) == 0)
6731 #ifndef CONFIG_NO_WPA_MSG
6732 static const char * wpa_supplicant_msg_ifname_cb(void *ctx
)
6734 struct wpa_supplicant
*wpa_s
= ctx
;
6737 return wpa_s
->ifname
;
6739 #endif /* CONFIG_NO_WPA_MSG */
6742 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
6743 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
6744 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
6746 /* Periodic cleanup tasks */
6747 static void wpas_periodic(void *eloop_ctx
, void *timeout_ctx
)
6749 struct wpa_global
*global
= eloop_ctx
;
6750 struct wpa_supplicant
*wpa_s
;
6752 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL
, 0,
6753 wpas_periodic
, global
, NULL
);
6757 p2p_expire_peers(global
->p2p
);
6758 #endif /* CONFIG_P2P */
6760 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
6761 wpa_bss_flush_by_age(wpa_s
, wpa_s
->conf
->bss_expiration_age
);
6764 #endif /* CONFIG_AP */
6770 * wpa_supplicant_init - Initialize %wpa_supplicant
6771 * @params: Parameters for %wpa_supplicant
6772 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
6774 * This function is used to initialize %wpa_supplicant. After successful
6775 * initialization, the returned data pointer can be used to add and remove
6776 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
6778 struct wpa_global
* wpa_supplicant_init(struct wpa_params
*params
)
6780 struct wpa_global
*global
;
6786 #ifdef CONFIG_DRIVER_NDIS
6788 void driver_ndis_init_ops(void);
6789 driver_ndis_init_ops();
6791 #endif /* CONFIG_DRIVER_NDIS */
6793 #ifndef CONFIG_NO_WPA_MSG
6794 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb
);
6795 #endif /* CONFIG_NO_WPA_MSG */
6797 if (params
->wpa_debug_file_path
)
6798 wpa_debug_open_file(params
->wpa_debug_file_path
);
6799 if (!params
->wpa_debug_file_path
&& !params
->wpa_debug_syslog
)
6800 wpa_debug_setup_stdout();
6801 if (params
->wpa_debug_syslog
)
6802 wpa_debug_open_syslog();
6803 if (params
->wpa_debug_tracing
) {
6804 ret
= wpa_debug_open_linux_tracing();
6806 wpa_printf(MSG_ERROR
,
6807 "Failed to enable trace logging");
6812 ret
= eap_register_methods();
6814 wpa_printf(MSG_ERROR
, "Failed to register EAP methods");
6816 wpa_printf(MSG_ERROR
, "Two or more EAP methods used "
6817 "the same EAP type.");
6821 global
= os_zalloc(sizeof(*global
));
6824 dl_list_init(&global
->p2p_srv_bonjour
);
6825 dl_list_init(&global
->p2p_srv_upnp
);
6826 global
->params
.daemonize
= params
->daemonize
;
6827 global
->params
.wait_for_monitor
= params
->wait_for_monitor
;
6828 global
->params
.dbus_ctrl_interface
= params
->dbus_ctrl_interface
;
6829 if (params
->pid_file
)
6830 global
->params
.pid_file
= os_strdup(params
->pid_file
);
6831 if (params
->ctrl_interface
)
6832 global
->params
.ctrl_interface
=
6833 os_strdup(params
->ctrl_interface
);
6834 if (params
->ctrl_interface_group
)
6835 global
->params
.ctrl_interface_group
=
6836 os_strdup(params
->ctrl_interface_group
);
6837 if (params
->override_driver
)
6838 global
->params
.override_driver
=
6839 os_strdup(params
->override_driver
);
6840 if (params
->override_ctrl_interface
)
6841 global
->params
.override_ctrl_interface
=
6842 os_strdup(params
->override_ctrl_interface
);
6843 #ifdef CONFIG_MATCH_IFACE
6844 global
->params
.match_iface_count
= params
->match_iface_count
;
6845 if (params
->match_iface_count
) {
6846 global
->params
.match_ifaces
=
6847 os_calloc(params
->match_iface_count
,
6848 sizeof(struct wpa_interface
));
6849 os_memcpy(global
->params
.match_ifaces
,
6850 params
->match_ifaces
,
6851 params
->match_iface_count
*
6852 sizeof(struct wpa_interface
));
6854 #endif /* CONFIG_MATCH_IFACE */
6856 if (params
->conf_p2p_dev
)
6857 global
->params
.conf_p2p_dev
=
6858 os_strdup(params
->conf_p2p_dev
);
6859 #endif /* CONFIG_P2P */
6860 wpa_debug_level
= global
->params
.wpa_debug_level
=
6861 params
->wpa_debug_level
;
6862 wpa_debug_show_keys
= global
->params
.wpa_debug_show_keys
=
6863 params
->wpa_debug_show_keys
;
6864 wpa_debug_timestamp
= global
->params
.wpa_debug_timestamp
=
6865 params
->wpa_debug_timestamp
;
6867 wpa_printf(MSG_DEBUG
, "wpa_supplicant v%s", VERSION_STR
);
6870 wpa_printf(MSG_ERROR
, "Failed to initialize event loop");
6871 wpa_supplicant_deinit(global
);
6875 random_init(params
->entropy_file
);
6877 global
->ctrl_iface
= wpa_supplicant_global_ctrl_iface_init(global
);
6878 if (global
->ctrl_iface
== NULL
) {
6879 wpa_supplicant_deinit(global
);
6883 if (wpas_notify_supplicant_initialized(global
)) {
6884 wpa_supplicant_deinit(global
);
6888 for (i
= 0; wpa_drivers
[i
]; i
++)
6889 global
->drv_count
++;
6890 if (global
->drv_count
== 0) {
6891 wpa_printf(MSG_ERROR
, "No drivers enabled");
6892 wpa_supplicant_deinit(global
);
6895 global
->drv_priv
= os_calloc(global
->drv_count
, sizeof(void *));
6896 if (global
->drv_priv
== NULL
) {
6897 wpa_supplicant_deinit(global
);
6901 #ifdef CONFIG_WIFI_DISPLAY
6902 if (wifi_display_init(global
) < 0) {
6903 wpa_printf(MSG_ERROR
, "Failed to initialize Wi-Fi Display");
6904 wpa_supplicant_deinit(global
);
6907 #endif /* CONFIG_WIFI_DISPLAY */
6909 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL
, 0,
6910 wpas_periodic
, global
, NULL
);
6917 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
6918 * @global: Pointer to global data from wpa_supplicant_init()
6919 * Returns: 0 after successful event loop run, -1 on failure
6921 * This function starts the main event loop and continues running as long as
6922 * there are any remaining events. In most cases, this function is running as
6923 * long as the %wpa_supplicant process in still in use.
6925 int wpa_supplicant_run(struct wpa_global
*global
)
6927 struct wpa_supplicant
*wpa_s
;
6929 if (global
->params
.daemonize
&&
6930 (wpa_supplicant_daemon(global
->params
.pid_file
) ||
6931 eloop_sock_requeue()))
6934 #ifdef CONFIG_MATCH_IFACE
6935 if (wpa_supplicant_match_existing(global
))
6939 if (global
->params
.wait_for_monitor
) {
6940 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
)
6941 if (wpa_s
->ctrl_iface
&& !wpa_s
->p2p_mgmt
)
6942 wpa_supplicant_ctrl_iface_wait(
6946 eloop_register_signal_terminate(wpa_supplicant_terminate
, global
);
6947 eloop_register_signal_reconfig(wpa_supplicant_reconfig
, global
);
6956 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
6957 * @global: Pointer to global data from wpa_supplicant_init()
6959 * This function is called to deinitialize %wpa_supplicant and to free all
6960 * allocated resources. Remaining network interfaces will also be removed.
6962 void wpa_supplicant_deinit(struct wpa_global
*global
)
6969 eloop_cancel_timeout(wpas_periodic
, global
, NULL
);
6971 #ifdef CONFIG_WIFI_DISPLAY
6972 wifi_display_deinit(global
);
6973 #endif /* CONFIG_WIFI_DISPLAY */
6975 while (global
->ifaces
)
6976 wpa_supplicant_remove_iface(global
, global
->ifaces
, 1);
6978 if (global
->ctrl_iface
)
6979 wpa_supplicant_global_ctrl_iface_deinit(global
->ctrl_iface
);
6981 wpas_notify_supplicant_deinitialized(global
);
6983 eap_peer_unregister_methods();
6985 eap_server_unregister_methods();
6986 #endif /* CONFIG_AP */
6988 for (i
= 0; wpa_drivers
[i
] && global
->drv_priv
; i
++) {
6989 if (!global
->drv_priv
[i
])
6991 wpa_drivers
[i
]->global_deinit(global
->drv_priv
[i
]);
6993 os_free(global
->drv_priv
);
6999 if (global
->params
.pid_file
) {
7000 os_daemonize_terminate(global
->params
.pid_file
);
7001 os_free(global
->params
.pid_file
);
7003 os_free(global
->params
.ctrl_interface
);
7004 os_free(global
->params
.ctrl_interface_group
);
7005 os_free(global
->params
.override_driver
);
7006 os_free(global
->params
.override_ctrl_interface
);
7007 #ifdef CONFIG_MATCH_IFACE
7008 os_free(global
->params
.match_ifaces
);
7009 #endif /* CONFIG_MATCH_IFACE */
7011 os_free(global
->params
.conf_p2p_dev
);
7012 #endif /* CONFIG_P2P */
7014 os_free(global
->p2p_disallow_freq
.range
);
7015 os_free(global
->p2p_go_avoid_freq
.range
);
7016 os_free(global
->add_psk
);
7019 wpa_debug_close_syslog();
7020 wpa_debug_close_file();
7021 wpa_debug_close_linux_tracing();
7025 void wpa_supplicant_update_config(struct wpa_supplicant
*wpa_s
)
7027 if ((wpa_s
->conf
->changed_parameters
& CFG_CHANGED_COUNTRY
) &&
7028 wpa_s
->conf
->country
[0] && wpa_s
->conf
->country
[1]) {
7030 country
[0] = wpa_s
->conf
->country
[0];
7031 country
[1] = wpa_s
->conf
->country
[1];
7033 if (wpa_drv_set_country(wpa_s
, country
) < 0) {
7034 wpa_printf(MSG_ERROR
, "Failed to set country code "
7039 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_EXT_PW_BACKEND
)
7040 wpas_init_ext_pw(wpa_s
);
7042 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_SCHED_SCAN_PLANS
)
7043 wpas_sched_scan_plans_set(wpa_s
, wpa_s
->conf
->sched_scan_plans
);
7045 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_WOWLAN_TRIGGERS
) {
7046 struct wpa_driver_capa capa
;
7047 int res
= wpa_drv_get_capa(wpa_s
, &capa
);
7049 if (res
== 0 && wpas_set_wowlan_triggers(wpa_s
, &capa
) < 0)
7050 wpa_printf(MSG_ERROR
,
7051 "Failed to update wowlan_triggers to '%s'",
7052 wpa_s
->conf
->wowlan_triggers
);
7055 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_DISABLE_BTM
)
7056 wpa_supplicant_set_default_scan_ies(wpa_s
);
7059 wpas_wps_update_config(wpa_s
);
7060 #endif /* CONFIG_WPS */
7061 wpas_p2p_update_config(wpa_s
);
7062 wpa_s
->conf
->changed_parameters
= 0;
7066 void add_freq(int *freqs
, int *num_freqs
, int freq
)
7070 for (i
= 0; i
< *num_freqs
; i
++) {
7071 if (freqs
[i
] == freq
)
7075 freqs
[*num_freqs
] = freq
;
7080 static int * get_bss_freqs_in_ess(struct wpa_supplicant
*wpa_s
)
7082 struct wpa_bss
*bss
, *cbss
;
7083 const int max_freqs
= 10;
7087 freqs
= os_calloc(max_freqs
+ 1, sizeof(int));
7091 cbss
= wpa_s
->current_bss
;
7093 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
7096 if (bss
->ssid_len
== cbss
->ssid_len
&&
7097 os_memcmp(bss
->ssid
, cbss
->ssid
, bss
->ssid_len
) == 0 &&
7098 wpa_blacklist_get(wpa_s
, bss
->bssid
) == NULL
) {
7099 add_freq(freqs
, &num_freqs
, bss
->freq
);
7100 if (num_freqs
== max_freqs
)
7105 if (num_freqs
== 0) {
7114 void wpas_connection_failed(struct wpa_supplicant
*wpa_s
, const u8
*bssid
)
7120 wpas_connect_work_done(wpa_s
);
7123 * Remove possible authentication timeout since the connection failed.
7125 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
7128 * There is no point in blacklisting the AP if this event is
7129 * generated based on local request to disconnect.
7131 if (wpa_s
->own_disconnect_req
|| wpa_s
->own_reconnect_req
) {
7132 wpa_s
->own_disconnect_req
= 0;
7133 wpa_dbg(wpa_s
, MSG_DEBUG
,
7134 "Ignore connection failure due to local request to disconnect");
7137 if (wpa_s
->disconnected
) {
7138 wpa_dbg(wpa_s
, MSG_DEBUG
, "Ignore connection failure "
7139 "indication since interface has been put into "
7140 "disconnected state");
7145 * Add the failed BSSID into the blacklist and speed up next scan
7146 * attempt if there could be other APs that could accept association.
7147 * The current blacklist count indicates how many times we have tried
7148 * connecting to this AP and multiple attempts mean that other APs are
7149 * either not available or has already been tried, so that we can start
7150 * increasing the delay here to avoid constant scanning.
7152 count
= wpa_blacklist_add(wpa_s
, bssid
);
7153 if (count
== 1 && wpa_s
->current_bss
) {
7155 * This BSS was not in the blacklist before. If there is
7156 * another BSS available for the same ESS, we should try that
7157 * next. Otherwise, we may as well try this one once more
7158 * before allowing other, likely worse, ESSes to be considered.
7160 freqs
= get_bss_freqs_in_ess(wpa_s
);
7162 wpa_dbg(wpa_s
, MSG_DEBUG
, "Another BSS in this ESS "
7163 "has been seen; try it next");
7164 wpa_blacklist_add(wpa_s
, bssid
);
7166 * On the next scan, go through only the known channels
7167 * used in this ESS based on previous scans to speed up
7168 * common load balancing use case.
7170 os_free(wpa_s
->next_scan_freqs
);
7171 wpa_s
->next_scan_freqs
= freqs
;
7176 * Add previous failure count in case the temporary blacklist was
7177 * cleared due to no other BSSes being available.
7179 count
+= wpa_s
->extra_blacklist_count
;
7181 if (count
> 3 && wpa_s
->current_ssid
) {
7182 wpa_printf(MSG_DEBUG
, "Continuous association failures - "
7183 "consider temporary network disabling");
7184 wpas_auth_failed(wpa_s
, "CONN_FAILED");
7205 wpa_dbg(wpa_s
, MSG_DEBUG
, "Blacklist count %d --> request scan in %d "
7206 "ms", count
, timeout
);
7209 * TODO: if more than one possible AP is available in scan results,
7210 * could try the other ones before requesting a new scan.
7213 /* speed up the connection attempt with normal scan */
7214 wpa_s
->normal_scans
= 0;
7215 wpa_supplicant_req_scan(wpa_s
, timeout
/ 1000,
7216 1000 * (timeout
% 1000));
7221 void fils_connection_failure(struct wpa_supplicant
*wpa_s
)
7223 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
7224 const u8
*realm
, *username
, *rrk
;
7225 size_t realm_len
, username_len
, rrk_len
;
7228 if (!ssid
|| !ssid
->eap
.erp
|| !wpa_key_mgmt_fils(ssid
->key_mgmt
) ||
7229 eapol_sm_get_erp_info(wpa_s
->eapol
, &ssid
->eap
,
7230 &username
, &username_len
,
7231 &realm
, &realm_len
, &next_seq_num
,
7232 &rrk
, &rrk_len
) != 0 ||
7236 wpa_hexdump_ascii(MSG_DEBUG
,
7237 "FILS: Store last connection failure realm",
7239 os_free(wpa_s
->last_con_fail_realm
);
7240 wpa_s
->last_con_fail_realm
= os_malloc(realm_len
);
7241 if (wpa_s
->last_con_fail_realm
) {
7242 wpa_s
->last_con_fail_realm_len
= realm_len
;
7243 os_memcpy(wpa_s
->last_con_fail_realm
, realm
, realm_len
);
7246 #endif /* CONFIG_FILS */
7249 int wpas_driver_bss_selection(struct wpa_supplicant
*wpa_s
)
7251 return wpa_s
->conf
->ap_scan
== 2 ||
7252 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_BSS_SELECTION
);
7256 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
7257 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant
*wpa_s
,
7258 struct wpa_ssid
*ssid
,
7262 #ifdef IEEE8021X_EAPOL
7263 struct eap_peer_config
*eap
= &ssid
->eap
;
7265 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: response handle field=%s", field
);
7266 wpa_hexdump_ascii_key(MSG_DEBUG
, "CTRL_IFACE: response value",
7267 (const u8
*) value
, os_strlen(value
));
7269 switch (wpa_supplicant_ctrl_req_from_string(field
)) {
7270 case WPA_CTRL_REQ_EAP_IDENTITY
:
7271 os_free(eap
->identity
);
7272 eap
->identity
= (u8
*) os_strdup(value
);
7273 eap
->identity_len
= os_strlen(value
);
7274 eap
->pending_req_identity
= 0;
7275 if (ssid
== wpa_s
->current_ssid
)
7276 wpa_s
->reassociate
= 1;
7278 case WPA_CTRL_REQ_EAP_PASSWORD
:
7279 bin_clear_free(eap
->password
, eap
->password_len
);
7280 eap
->password
= (u8
*) os_strdup(value
);
7281 eap
->password_len
= os_strlen(value
);
7282 eap
->pending_req_password
= 0;
7283 if (ssid
== wpa_s
->current_ssid
)
7284 wpa_s
->reassociate
= 1;
7286 case WPA_CTRL_REQ_EAP_NEW_PASSWORD
:
7287 bin_clear_free(eap
->new_password
, eap
->new_password_len
);
7288 eap
->new_password
= (u8
*) os_strdup(value
);
7289 eap
->new_password_len
= os_strlen(value
);
7290 eap
->pending_req_new_password
= 0;
7291 if (ssid
== wpa_s
->current_ssid
)
7292 wpa_s
->reassociate
= 1;
7294 case WPA_CTRL_REQ_EAP_PIN
:
7295 str_clear_free(eap
->cert
.pin
);
7296 eap
->cert
.pin
= os_strdup(value
);
7297 eap
->pending_req_pin
= 0;
7298 if (ssid
== wpa_s
->current_ssid
)
7299 wpa_s
->reassociate
= 1;
7301 case WPA_CTRL_REQ_EAP_OTP
:
7302 bin_clear_free(eap
->otp
, eap
->otp_len
);
7303 eap
->otp
= (u8
*) os_strdup(value
);
7304 eap
->otp_len
= os_strlen(value
);
7305 os_free(eap
->pending_req_otp
);
7306 eap
->pending_req_otp
= NULL
;
7307 eap
->pending_req_otp_len
= 0;
7309 case WPA_CTRL_REQ_EAP_PASSPHRASE
:
7310 str_clear_free(eap
->cert
.private_key_passwd
);
7311 eap
->cert
.private_key_passwd
= os_strdup(value
);
7312 eap
->pending_req_passphrase
= 0;
7313 if (ssid
== wpa_s
->current_ssid
)
7314 wpa_s
->reassociate
= 1;
7316 case WPA_CTRL_REQ_SIM
:
7317 str_clear_free(eap
->external_sim_resp
);
7318 eap
->external_sim_resp
= os_strdup(value
);
7319 eap
->pending_req_sim
= 0;
7321 case WPA_CTRL_REQ_PSK_PASSPHRASE
:
7322 if (wpa_config_set(ssid
, "psk", value
, 0) < 0)
7324 ssid
->mem_only_psk
= 1;
7325 if (ssid
->passphrase
)
7326 wpa_config_update_psk(ssid
);
7327 if (wpa_s
->wpa_state
== WPA_SCANNING
&& !wpa_s
->scanning
)
7328 wpa_supplicant_req_scan(wpa_s
, 0, 0);
7330 case WPA_CTRL_REQ_EXT_CERT_CHECK
:
7331 if (eap
->pending_ext_cert_check
!= PENDING_CHECK
)
7333 if (os_strcmp(value
, "good") == 0)
7334 eap
->pending_ext_cert_check
= EXT_CERT_CHECK_GOOD
;
7335 else if (os_strcmp(value
, "bad") == 0)
7336 eap
->pending_ext_cert_check
= EXT_CERT_CHECK_BAD
;
7341 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: Unknown field '%s'", field
);
7346 #else /* IEEE8021X_EAPOL */
7347 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: IEEE 802.1X not included");
7349 #endif /* IEEE8021X_EAPOL */
7351 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
7354 int wpas_network_disabled(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
7358 unsigned int drv_enc
;
7359 #endif /* CONFIG_WEP */
7361 if (wpa_s
->p2p_mgmt
)
7362 return 1; /* no normal network profiles on p2p_mgmt interface */
7371 if (wpa_s
->drv_capa_known
)
7372 drv_enc
= wpa_s
->drv_enc
;
7374 drv_enc
= (unsigned int) -1;
7376 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
7377 size_t len
= ssid
->wep_key_len
[i
];
7380 if (len
== 5 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP40
))
7382 if (len
== 13 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP104
))
7384 if (len
== 16 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP128
))
7386 return 1; /* invalid WEP key */
7388 #endif /* CONFIG_WEP */
7390 if (wpa_key_mgmt_wpa_psk(ssid
->key_mgmt
) && !ssid
->psk_set
&&
7391 (!ssid
->passphrase
|| ssid
->ssid_len
!= 0) && !ssid
->ext_psk
&&
7392 !(wpa_key_mgmt_sae(ssid
->key_mgmt
) && ssid
->sae_password
) &&
7393 !ssid
->mem_only_psk
)
7400 int wpas_get_ssid_pmf(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
7402 if (ssid
== NULL
|| ssid
->ieee80211w
== MGMT_FRAME_PROTECTION_DEFAULT
) {
7403 if (wpa_s
->conf
->pmf
== MGMT_FRAME_PROTECTION_OPTIONAL
&&
7404 !(wpa_s
->drv_enc
& WPA_DRIVER_CAPA_ENC_BIP
)) {
7406 * Driver does not support BIP -- ignore pmf=1 default
7407 * since the connection with PMF would fail and the
7408 * configuration does not require PMF to be enabled.
7410 return NO_MGMT_FRAME_PROTECTION
;
7415 ~(WPA_KEY_MGMT_NONE
| WPA_KEY_MGMT_WPS
|
7416 WPA_KEY_MGMT_IEEE8021X_NO_WPA
)) == 0) {
7418 * Do not use the default PMF value for non-RSN networks
7419 * since PMF is available only with RSN and pmf=2
7420 * configuration would otherwise prevent connections to
7421 * all open networks.
7423 return NO_MGMT_FRAME_PROTECTION
;
7426 return wpa_s
->conf
->pmf
;
7429 return ssid
->ieee80211w
;
7433 int wpas_is_p2p_prioritized(struct wpa_supplicant
*wpa_s
)
7435 if (wpa_s
->global
->conc_pref
== WPA_CONC_PREF_P2P
)
7437 if (wpa_s
->global
->conc_pref
== WPA_CONC_PREF_STA
)
7443 void wpas_auth_failed(struct wpa_supplicant
*wpa_s
, char *reason
)
7445 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
7447 struct os_reltime now
;
7450 wpa_printf(MSG_DEBUG
, "Authentication failure but no known "
7455 if (ssid
->key_mgmt
== WPA_KEY_MGMT_WPS
)
7458 ssid
->auth_failures
++;
7461 if (ssid
->p2p_group
&&
7462 (wpa_s
->p2p_in_provisioning
|| wpa_s
->show_group_started
)) {
7464 * Skip the wait time since there is a short timeout on the
7465 * connection to a P2P group.
7469 #endif /* CONFIG_P2P */
7471 if (ssid
->auth_failures
> 50)
7473 else if (ssid
->auth_failures
> 10)
7475 else if (ssid
->auth_failures
> 5)
7477 else if (ssid
->auth_failures
> 3)
7479 else if (ssid
->auth_failures
> 2)
7481 else if (ssid
->auth_failures
> 1)
7486 if (ssid
->auth_failures
> 1 &&
7487 wpa_key_mgmt_wpa_ieee8021x(ssid
->key_mgmt
))
7488 dur
+= os_random() % (ssid
->auth_failures
* 10);
7490 os_get_reltime(&now
);
7491 if (now
.sec
+ dur
<= ssid
->disabled_until
.sec
)
7494 ssid
->disabled_until
.sec
= now
.sec
+ dur
;
7496 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_TEMP_DISABLED
7497 "id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
7498 ssid
->id
, wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
),
7499 ssid
->auth_failures
, dur
, reason
);
7503 void wpas_clear_temp_disabled(struct wpa_supplicant
*wpa_s
,
7504 struct wpa_ssid
*ssid
, int clear_failures
)
7509 if (ssid
->disabled_until
.sec
) {
7510 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_REENABLED
7511 "id=%d ssid=\"%s\"",
7512 ssid
->id
, wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
));
7514 ssid
->disabled_until
.sec
= 0;
7515 ssid
->disabled_until
.usec
= 0;
7517 ssid
->auth_failures
= 0;
7521 int disallowed_bssid(struct wpa_supplicant
*wpa_s
, const u8
*bssid
)
7525 if (wpa_s
->disallow_aps_bssid
== NULL
)
7528 for (i
= 0; i
< wpa_s
->disallow_aps_bssid_count
; i
++) {
7529 if (os_memcmp(wpa_s
->disallow_aps_bssid
+ i
* ETH_ALEN
,
7530 bssid
, ETH_ALEN
) == 0)
7538 int disallowed_ssid(struct wpa_supplicant
*wpa_s
, const u8
*ssid
,
7543 if (wpa_s
->disallow_aps_ssid
== NULL
|| ssid
== NULL
)
7546 for (i
= 0; i
< wpa_s
->disallow_aps_ssid_count
; i
++) {
7547 struct wpa_ssid_value
*s
= &wpa_s
->disallow_aps_ssid
[i
];
7548 if (ssid_len
== s
->ssid_len
&&
7549 os_memcmp(ssid
, s
->ssid
, ssid_len
) == 0)
7558 * wpas_request_connection - Request a new connection
7559 * @wpa_s: Pointer to the network interface
7561 * This function is used to request a new connection to be found. It will mark
7562 * the interface to allow reassociation and request a new scan to find a
7563 * suitable network to connect to.
7565 void wpas_request_connection(struct wpa_supplicant
*wpa_s
)
7567 wpa_s
->normal_scans
= 0;
7568 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
7569 wpa_supplicant_reinit_autoscan(wpa_s
);
7570 wpa_s
->extra_blacklist_count
= 0;
7571 wpa_s
->disconnected
= 0;
7572 wpa_s
->reassociate
= 1;
7573 wpa_s
->last_owe_group
= 0;
7575 if (wpa_supplicant_fast_associate(wpa_s
) != 1)
7576 wpa_supplicant_req_scan(wpa_s
, 0, 0);
7578 wpa_s
->reattach
= 0;
7583 * wpas_request_disconnection - Request disconnection
7584 * @wpa_s: Pointer to the network interface
7586 * This function is used to request disconnection from the currently connected
7587 * network. This will stop any ongoing scans and initiate deauthentication.
7589 void wpas_request_disconnection(struct wpa_supplicant
*wpa_s
)
7592 wpa_s
->sme
.prev_bssid_set
= 0;
7593 #endif /* CONFIG_SME */
7594 wpa_s
->reassociate
= 0;
7595 wpa_s
->disconnected
= 1;
7596 wpa_supplicant_cancel_sched_scan(wpa_s
);
7597 wpa_supplicant_cancel_scan(wpa_s
);
7598 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
7599 eloop_cancel_timeout(wpas_network_reenabled
, wpa_s
, NULL
);
7600 radio_remove_works(wpa_s
, "connect", 0);
7601 radio_remove_works(wpa_s
, "sme-connect", 0);
7605 void dump_freq_data(struct wpa_supplicant
*wpa_s
, const char *title
,
7606 struct wpa_used_freq_data
*freqs_data
,
7611 wpa_dbg(wpa_s
, MSG_DEBUG
, "Shared frequencies (len=%u): %s",
7613 for (i
= 0; i
< len
; i
++) {
7614 struct wpa_used_freq_data
*cur
= &freqs_data
[i
];
7615 wpa_dbg(wpa_s
, MSG_DEBUG
, "freq[%u]: %d, flags=0x%X",
7616 i
, cur
->freq
, cur
->flags
);
7622 * Find the operating frequencies of any of the virtual interfaces that
7623 * are using the same radio as the current interface, and in addition, get
7624 * information about the interface types that are using the frequency.
7626 int get_shared_radio_freqs_data(struct wpa_supplicant
*wpa_s
,
7627 struct wpa_used_freq_data
*freqs_data
,
7630 struct wpa_supplicant
*ifs
;
7633 unsigned int idx
= 0, i
;
7635 wpa_dbg(wpa_s
, MSG_DEBUG
,
7636 "Determining shared radio frequencies (max len %u)", len
);
7637 os_memset(freqs_data
, 0, sizeof(struct wpa_used_freq_data
) * len
);
7639 dl_list_for_each(ifs
, &wpa_s
->radio
->ifaces
, struct wpa_supplicant
,
7644 if (ifs
->current_ssid
== NULL
|| ifs
->assoc_freq
== 0)
7647 if (ifs
->current_ssid
->mode
== WPAS_MODE_AP
||
7648 ifs
->current_ssid
->mode
== WPAS_MODE_P2P_GO
||
7649 ifs
->current_ssid
->mode
== WPAS_MODE_MESH
)
7650 freq
= ifs
->current_ssid
->frequency
;
7651 else if (wpa_drv_get_bssid(ifs
, bssid
) == 0)
7652 freq
= ifs
->assoc_freq
;
7656 /* Hold only distinct freqs */
7657 for (i
= 0; i
< idx
; i
++)
7658 if (freqs_data
[i
].freq
== freq
)
7662 freqs_data
[idx
++].freq
= freq
;
7664 if (ifs
->current_ssid
->mode
== WPAS_MODE_INFRA
) {
7665 freqs_data
[i
].flags
|= ifs
->current_ssid
->p2p_group
?
7666 WPA_FREQ_USED_BY_P2P_CLIENT
:
7667 WPA_FREQ_USED_BY_INFRA_STATION
;
7671 dump_freq_data(wpa_s
, "completed iteration", freqs_data
, idx
);
7677 * Find the operating frequencies of any of the virtual interfaces that
7678 * are using the same radio as the current interface.
7680 int get_shared_radio_freqs(struct wpa_supplicant
*wpa_s
,
7681 int *freq_array
, unsigned int len
)
7683 struct wpa_used_freq_data
*freqs_data
;
7686 os_memset(freq_array
, 0, sizeof(int) * len
);
7688 freqs_data
= os_calloc(len
, sizeof(struct wpa_used_freq_data
));
7692 num
= get_shared_radio_freqs_data(wpa_s
, freqs_data
, len
);
7693 for (i
= 0; i
< num
; i
++)
7694 freq_array
[i
] = freqs_data
[i
].freq
;
7696 os_free(freqs_data
);
7702 struct wpa_supplicant
*
7703 wpas_vendor_elem(struct wpa_supplicant
*wpa_s
, enum wpa_vendor_elem_frame frame
)
7707 case VENDOR_ELEM_PROBE_REQ_P2P
:
7708 case VENDOR_ELEM_PROBE_RESP_P2P
:
7709 case VENDOR_ELEM_PROBE_RESP_P2P_GO
:
7710 case VENDOR_ELEM_BEACON_P2P_GO
:
7711 case VENDOR_ELEM_P2P_PD_REQ
:
7712 case VENDOR_ELEM_P2P_PD_RESP
:
7713 case VENDOR_ELEM_P2P_GO_NEG_REQ
:
7714 case VENDOR_ELEM_P2P_GO_NEG_RESP
:
7715 case VENDOR_ELEM_P2P_GO_NEG_CONF
:
7716 case VENDOR_ELEM_P2P_INV_REQ
:
7717 case VENDOR_ELEM_P2P_INV_RESP
:
7718 case VENDOR_ELEM_P2P_ASSOC_REQ
:
7719 case VENDOR_ELEM_P2P_ASSOC_RESP
:
7720 return wpa_s
->p2pdev
;
7721 #endif /* CONFIG_P2P */
7728 void wpas_vendor_elem_update(struct wpa_supplicant
*wpa_s
)
7733 wpa_printf(MSG_DEBUG
, "Update vendor elements");
7735 for (i
= 0; i
< NUM_VENDOR_ELEM_FRAMES
; i
++) {
7736 if (wpa_s
->vendor_elem
[i
]) {
7739 res
= os_snprintf(buf
, sizeof(buf
), "frame[%u]", i
);
7740 if (!os_snprintf_error(sizeof(buf
), res
)) {
7741 wpa_hexdump_buf(MSG_DEBUG
, buf
,
7742 wpa_s
->vendor_elem
[i
]);
7748 if (wpa_s
->parent
== wpa_s
&&
7749 wpa_s
->global
->p2p
&&
7750 !wpa_s
->global
->p2p_disabled
)
7751 p2p_set_vendor_elems(wpa_s
->global
->p2p
, wpa_s
->vendor_elem
);
7752 #endif /* CONFIG_P2P */
7756 int wpas_vendor_elem_remove(struct wpa_supplicant
*wpa_s
, int frame
,
7757 const u8
*elem
, size_t len
)
7761 ie
= wpabuf_mhead_u8(wpa_s
->vendor_elem
[frame
]);
7762 end
= ie
+ wpabuf_len(wpa_s
->vendor_elem
[frame
]);
7764 for (; ie
+ 1 < end
; ie
+= 2 + ie
[1]) {
7767 if (os_memcmp(ie
, elem
, len
) != 0)
7770 if (wpabuf_len(wpa_s
->vendor_elem
[frame
]) == len
) {
7771 wpabuf_free(wpa_s
->vendor_elem
[frame
]);
7772 wpa_s
->vendor_elem
[frame
] = NULL
;
7774 os_memmove(ie
, ie
+ len
, end
- (ie
+ len
));
7775 wpa_s
->vendor_elem
[frame
]->used
-= len
;
7777 wpas_vendor_elem_update(wpa_s
);
7785 struct hostapd_hw_modes
* get_mode(struct hostapd_hw_modes
*modes
,
7786 u16 num_modes
, enum hostapd_hw_mode mode
,
7791 for (i
= 0; i
< num_modes
; i
++) {
7792 if (modes
[i
].mode
!= mode
||
7793 !modes
[i
].num_channels
|| !modes
[i
].channels
)
7795 if ((!is_6ghz
&& !is_6ghz_freq(modes
[i
].channels
[0].freq
)) ||
7796 (is_6ghz
&& is_6ghz_freq(modes
[i
].channels
[0].freq
)))
7805 wpa_bss_tmp_disallowed
* wpas_get_disallowed_bss(struct wpa_supplicant
*wpa_s
,
7808 struct wpa_bss_tmp_disallowed
*bss
;
7810 dl_list_for_each(bss
, &wpa_s
->bss_tmp_disallowed
,
7811 struct wpa_bss_tmp_disallowed
, list
) {
7812 if (os_memcmp(bssid
, bss
->bssid
, ETH_ALEN
) == 0)
7820 static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant
*wpa_s
)
7822 struct wpa_bss_tmp_disallowed
*tmp
;
7823 unsigned int num_bssid
= 0;
7827 bssids
= os_malloc(dl_list_len(&wpa_s
->bss_tmp_disallowed
) * ETH_ALEN
);
7830 dl_list_for_each(tmp
, &wpa_s
->bss_tmp_disallowed
,
7831 struct wpa_bss_tmp_disallowed
, list
) {
7832 os_memcpy(&bssids
[num_bssid
* ETH_ALEN
], tmp
->bssid
,
7836 ret
= wpa_drv_set_bssid_blacklist(wpa_s
, num_bssid
, bssids
);
7842 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx
, void *timeout_ctx
)
7844 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
7845 struct wpa_bss_tmp_disallowed
*tmp
, *bss
= timeout_ctx
;
7847 /* Make sure the bss is not already freed */
7848 dl_list_for_each(tmp
, &wpa_s
->bss_tmp_disallowed
,
7849 struct wpa_bss_tmp_disallowed
, list
) {
7851 dl_list_del(&tmp
->list
);
7853 wpa_set_driver_tmp_disallow_list(wpa_s
);
7860 void wpa_bss_tmp_disallow(struct wpa_supplicant
*wpa_s
, const u8
*bssid
,
7861 unsigned int sec
, int rssi_threshold
)
7863 struct wpa_bss_tmp_disallowed
*bss
;
7865 bss
= wpas_get_disallowed_bss(wpa_s
, bssid
);
7867 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout
, wpa_s
, bss
);
7871 bss
= os_malloc(sizeof(*bss
));
7873 wpa_printf(MSG_DEBUG
,
7874 "Failed to allocate memory for temp disallow BSS");
7878 os_memcpy(bss
->bssid
, bssid
, ETH_ALEN
);
7879 dl_list_add(&wpa_s
->bss_tmp_disallowed
, &bss
->list
);
7880 wpa_set_driver_tmp_disallow_list(wpa_s
);
7883 bss
->rssi_threshold
= rssi_threshold
;
7884 eloop_register_timeout(sec
, 0, wpa_bss_tmp_disallow_timeout
,
7889 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant
*wpa_s
,
7890 struct wpa_bss
*bss
)
7892 struct wpa_bss_tmp_disallowed
*disallowed
= NULL
, *tmp
, *prev
;
7894 dl_list_for_each_safe(tmp
, prev
, &wpa_s
->bss_tmp_disallowed
,
7895 struct wpa_bss_tmp_disallowed
, list
) {
7896 if (os_memcmp(bss
->bssid
, tmp
->bssid
, ETH_ALEN
) == 0) {
7904 if (disallowed
->rssi_threshold
!= 0 &&
7905 bss
->level
> disallowed
->rssi_threshold
)
7912 int wpas_enable_mac_addr_randomization(struct wpa_supplicant
*wpa_s
,
7913 unsigned int type
, const u8
*addr
,
7916 if ((addr
&& !mask
) || (!addr
&& mask
)) {
7917 wpa_printf(MSG_INFO
,
7918 "MAC_ADDR_RAND_SCAN invalid addr/mask combination");
7922 if (addr
&& mask
&& (!(mask
[0] & 0x01) || (addr
[0] & 0x01))) {
7923 wpa_printf(MSG_INFO
,
7924 "MAC_ADDR_RAND_SCAN cannot allow multicast address");
7928 if (type
& MAC_ADDR_RAND_SCAN
) {
7929 if (wpas_mac_addr_rand_scan_set(wpa_s
, MAC_ADDR_RAND_SCAN
,
7934 if (type
& MAC_ADDR_RAND_SCHED_SCAN
) {
7935 if (wpas_mac_addr_rand_scan_set(wpa_s
, MAC_ADDR_RAND_SCHED_SCAN
,
7939 if (wpa_s
->sched_scanning
&& !wpa_s
->pno
)
7940 wpas_scan_restart_sched_scan(wpa_s
);
7943 if (type
& MAC_ADDR_RAND_PNO
) {
7944 if (wpas_mac_addr_rand_scan_set(wpa_s
, MAC_ADDR_RAND_PNO
,
7949 wpas_stop_pno(wpa_s
);
7950 wpas_start_pno(wpa_s
);
7958 int wpas_disable_mac_addr_randomization(struct wpa_supplicant
*wpa_s
,
7961 wpas_mac_addr_rand_scan_clear(wpa_s
, type
);
7963 if (type
& MAC_ADDR_RAND_PNO
) {
7964 wpas_stop_pno(wpa_s
);
7965 wpas_start_pno(wpa_s
);
7967 } else if (wpa_s
->sched_scanning
&& (type
& MAC_ADDR_RAND_SCHED_SCAN
)) {
7968 wpas_scan_restart_sched_scan(wpa_s
);
7975 int wpa_drv_signal_poll(struct wpa_supplicant
*wpa_s
,
7976 struct wpa_signal_info
*si
)
7980 if (!wpa_s
->driver
->signal_poll
)
7983 res
= wpa_s
->driver
->signal_poll(wpa_s
->drv_priv
, si
);
7985 #ifdef CONFIG_TESTING_OPTIONS
7987 struct driver_signal_override
*dso
;
7989 dl_list_for_each(dso
, &wpa_s
->drv_signal_override
,
7990 struct driver_signal_override
, list
) {
7991 if (os_memcmp(wpa_s
->bssid
, dso
->bssid
,
7994 wpa_printf(MSG_DEBUG
,
7995 "Override driver signal_poll information: current_signal: %d->%d avg_signal: %d->%d avg_beacon_signal: %d->%d current_noise: %d->%d",
7997 dso
->si_current_signal
,
8000 si
->avg_beacon_signal
,
8001 dso
->si_avg_beacon_signal
,
8003 dso
->si_current_noise
);
8004 si
->current_signal
= dso
->si_current_signal
;
8005 si
->avg_signal
= dso
->si_avg_signal
;
8006 si
->avg_beacon_signal
= dso
->si_avg_beacon_signal
;
8007 si
->current_noise
= dso
->si_current_noise
;
8011 #endif /* CONFIG_TESTING_OPTIONS */
8017 struct wpa_scan_results
*
8018 wpa_drv_get_scan_results2(struct wpa_supplicant
*wpa_s
)
8020 struct wpa_scan_results
*scan_res
;
8021 #ifdef CONFIG_TESTING_OPTIONS
8023 #endif /* CONFIG_TESTING_OPTIONS */
8025 if (!wpa_s
->driver
->get_scan_results2
)
8028 scan_res
= wpa_s
->driver
->get_scan_results2(wpa_s
->drv_priv
);
8030 #ifdef CONFIG_TESTING_OPTIONS
8031 for (idx
= 0; scan_res
&& idx
< scan_res
->num
; idx
++) {
8032 struct driver_signal_override
*dso
;
8033 struct wpa_scan_res
*res
= scan_res
->res
[idx
];
8035 dl_list_for_each(dso
, &wpa_s
->drv_signal_override
,
8036 struct driver_signal_override
, list
) {
8037 if (os_memcmp(res
->bssid
, dso
->bssid
, ETH_ALEN
) != 0)
8039 wpa_printf(MSG_DEBUG
,
8040 "Override driver scan signal level %d->%d for "
8042 res
->level
, dso
->scan_level
,
8043 MAC2STR(res
->bssid
));
8044 res
->flags
|= WPA_SCAN_QUAL_INVALID
;
8045 if (dso
->scan_level
< 0)
8046 res
->flags
|= WPA_SCAN_LEVEL_DBM
;
8048 res
->flags
&= ~WPA_SCAN_LEVEL_DBM
;
8049 res
->level
= dso
->scan_level
;
8053 #endif /* CONFIG_TESTING_OPTIONS */