Johannes Berg [Sat, 26 Oct 2013 13:06:49 +0000 (16:06 +0300)]
nl80211: Abstract handling of sockets on eloop
Abstract the handling of sockets on the eloop to avoid
destroying sockets still on the eloop and also to allow
the next patch to mark the socket non-blocking.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sat, 26 Oct 2013 13:00:52 +0000 (16:00 +0300)]
nl80211: Register for IBSS auth frames before eloop
The IBSS code registers the bss nl_mgmt socket for auth
frames when the join event happens, but that is too late
as then the socket is already on the eloop, which could
cause problems when other events are received at the
same time as the registration is done.
Move the auth frame registration to the initial setup
before the socket is put onto the eloop.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Sat, 26 Oct 2013 10:30:28 +0000 (13:30 +0300)]
Clean up get_seqnum() use for IPN
Some driver wrappers may implement this by writing eight octets even
though IPN is only six octets. Use a separate WPA_KEY_RSC_LEN (8) octet
buffer in the call to make sure there is enough buffer room available
for the full returned value and then copy it to IPN field.
The previous implementation used the following igtk field as the extra
buffer and then initialized that field afterwards, so this change does
not fix any real issue in behavior, but it is cleaner to use an explicit
buffer of the maximum length for get_seqnum().
Jouni Malinen [Sat, 26 Oct 2013 09:54:20 +0000 (12:54 +0300)]
Add explicit buffer length checks for p2p_build_wps_ie()
Even though the length of this buffer is based only on locally
configured information, it is cleaner to include explicit buffer room
validation steps when adding the attributes into the buffer.
Jouni Malinen [Sat, 26 Oct 2013 09:25:20 +0000 (12:25 +0300)]
Verify that readlink() did not truncate result
linux_br_get() was forcing null termination on the buffer, but did not
check whether the string could have been truncated. Make this more
strict by rejecting any truncation case.
Jouni Malinen [Sat, 26 Oct 2013 09:14:03 +0000 (12:14 +0300)]
nl80211: Clean up if_add() for hostapd use
The allocation of new_bss and its use was separated by a lot of code in
this function. This can be cleaned up by moving the allocation next to
the use, so that this all can be within a single #ifdef HOSTAPD block.
The i802_check_bridge() call was outside type == WPA_IF_AP_BSS case, but
in practice, it is only used for WPA_IF_AP_BSS (and if used for
something else, this would have resulted in NULL pointer dereference
anyway).
Jouni Malinen [Sat, 26 Oct 2013 08:43:28 +0000 (11:43 +0300)]
Remove os_strncpy()
os_strlpcy() should be used instead of os_strncpy() to guarantee null
termination. Since there are no remaining strncpy uses, remove
os_strncpy() definition.
Jouni Malinen [Thu, 24 Oct 2013 17:13:32 +0000 (20:13 +0300)]
P2P: Fix snprintf buffer length for group ifname backup
Commit 2e5ba4b6d14e600d259bbaf59a8fca61dab8f987 moved this to a function
and updated one of the os_snprintf() calls to use the len parameter, but
forgot the other one.
Naresh Jayaram [Wed, 23 Oct 2013 16:17:14 +0000 (19:17 +0300)]
eap_proxy: Confirm eap_proxy initialization before reading SIM info
Trying to access the SIM card details without checking if the eap_proxy
layer has been initialized can results in a crash. Address this by
sending the request for the IMSI through eapol_supp_sm.c which can
verify that eap_proxy has been initialized.
Po-Lun Lai [Wed, 23 Oct 2013 10:16:31 +0000 (13:16 +0300)]
P2P: Check Action frame payload match before accepted TX status
It is possible for there to be two pending off-channel TX frames, e.g.,
when two devices initiate GO Negotiation at more or less the same time.
This could result in the TX status report for the first frame clearing
wpa_s->pending_action_tx that included the newer frame that has not yet
been transmitted (i.e., is waiting to be sent out). Avoid losing that
frame by confirming that the TX status payload matches the pending frame
before clearing the pending frame and reporting the TX status callback.
Jouni Malinen [Wed, 23 Oct 2013 08:51:45 +0000 (11:51 +0300)]
Fix ENABLE_NETWORK not to reconnect in disconnected state
DISCONNECT followed by ENABLE_NETWORK ended up starting a scan for a new
connection due to wpa_supplicant_enable_one_network() setting
wpa_s->reassociate = 1. This was done regardless of wpa_s->disconnected
being 1 which should imply that wpa_supplicant should not try to connect
before asked explicitly with REASSOCIATE or RECONNECT.
Fix this by making ENABLE_NETWORK setting of reassociate = 1 and
starting of scans for connection conditional on wpa_s->disconnected ==
0. This will make ENABLE_NETWORK trigger a connection only if
wpa_supplicant is already in a state where it would try to connect if
there are any enabled networks.
Helmut Schaa [Tue, 22 Oct 2013 21:23:13 +0000 (00:23 +0300)]
hostapd: Allow ACS to deal with partial survey data
Previously ACS required valid survey data on all available channels.
This can however not be guaranteed. Instead of just failing, fall back
to the subset of channels that have valid ACS data.
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
Helmut Schaa [Tue, 22 Oct 2013 21:15:57 +0000 (00:15 +0300)]
hostapd: Don't get stuck after failed ACS
If ACS fails we still need to call hostapd_setup_interface_complete.
Otherwise hostapd will just hang doing nothing anymore. However, pass
an error to hostapd_setup_interface_complete to allow a graceful fail.
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
Dan Williams [Tue, 22 Oct 2013 13:09:46 +0000 (16:09 +0300)]
dbus: Add boolean AllowRoam option to Scan() method options dictionary
To disallow roaming when a scan request's results are read, callers
of the D-Bus Scan() method may add a new "AllowRoam" boolean key
to the scan options dictionary and set that key's value to FALSE.
Pontus Fuchs [Tue, 22 Oct 2013 12:57:21 +0000 (15:57 +0300)]
Don't start second scan when changing scan interval
If a scan is currently running and the scan interval is changed, a
second scan will be started before the current has finished. This will
in turn, if no networks are configured, cause wpa_s->state to be
forced to WPA_INACTIVE before the first scan has finished.
Michal Kazior [Tue, 22 Oct 2013 12:50:07 +0000 (15:50 +0300)]
nl80211: Fix DFS radar event parsing
Incorrect nla_get variants were used to get event type and frequency.
Kernel passes both as u32. This caused issues on tinynl/big-endian hosts
- CAC finished was treated as radar detection and frequency was 0.
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
Jouni Malinen [Tue, 22 Oct 2013 10:35:32 +0000 (13:35 +0300)]
nl80211: Free BSS structure even if netdev does not exists
It is possible for a vif netdev to be removed by something else than
hostapd and if that happens for a virtual AP interface, if_remove()
handler should still free the local data structure to avoid memory leaks
if something external removes a netdev.
Jouni Malinen [Mon, 21 Oct 2013 15:09:37 +0000 (18:09 +0300)]
nl80211: Update send_action_cookie on AP-offchannel-TX path
Previously, the send_mlme->send_frame->send_frame_cmd path that could be
used when a GO sends an offchannel Action frame ended up not updating
drv->send_action_cookie. This can result in an issue with not being able
to cancel wait for the response, e.g., in invitation-to-running-group
case.
test_p2p_go_invite_auth is similar to test_p2p_go_invite with the main
difference being in the peer device pre-authorizing the invitation
instead of processing invitation at upper layers after having received
it.
Jouni Malinen [Mon, 21 Oct 2013 11:36:27 +0000 (14:36 +0300)]
GAS: Add support for multiple pending queries for the same destination
Need to use the pointer to the current ongoing query instead of matching
from the pending list based on the destination address so that we get
the correct query instance when processing the TX status report.
Kyeyoon Park [Mon, 21 Oct 2013 10:15:45 +0000 (13:15 +0300)]
GAS: Delay GAS query Tx while scanning/connecting
Offchannel operations needed for a GAS query can conflict with ongoing
scan/connection progress, so delay GAS queries if such an operation is
in progress on the current interface or any virtual interface sharing
the same radio.
Kyeyoon Park [Mon, 21 Oct 2013 10:13:42 +0000 (13:13 +0300)]
GAS: Delay GAS query Tx while another query is in progress
It would be possible to issue another GAS query when a previous one is
still in progress and this could result in conflicting offchannel
operations. Prevent that by delaying GAS query initiation until the
previous operation has been completed.
Jouni Malinen [Sun, 20 Oct 2013 18:34:39 +0000 (21:34 +0300)]
WPS: Clear after_wps from number of new locations
This makes it less likely to forget WPS single-channel scan optimization
in effect after having completed the WPS operation or in case WPS
operating gets cancelled.
Jouni Malinen [Sun, 20 Oct 2013 16:14:41 +0000 (19:14 +0300)]
tests: Stop test run on NOTE command failure
There is no point trying to go through a test case if the NOTE command
to write TEST-START entry does not succeed. This avoids some excessive
waits on buildbot trying to forcefully kill the programs on its timeout
if wpa_supplicant gets stuck waiting for something (like the current
issue with libnl events and commands having a chance of hitting a
blocking wait on netlink messages).
Jouni Malinen [Sun, 20 Oct 2013 15:33:17 +0000 (18:33 +0300)]
P2P: Fix Operating Channel in Invitation Request for operating group
When a GO or P2P Client invites a peer device to join an already
operating group, the Operating Channel in Invitation Request needs to be
forced to the current operating channel of the group.
Jouni Malinen [Sun, 20 Oct 2013 15:19:27 +0000 (18:19 +0300)]
P2P: Cancel offchannel TX wait on Invitation Response RX
This fixes issues where a GO used offchannel-TX operation to send an
Invitation Request frame. Wait for the offchannel TX operation needs to
be stopped as soon as the Invitation Response frame has been received.
This addresses some issues where Probe Response frame from the GO
through the monitor interface may end up going out on a wrong channel
(the channel of this offchannel TX operation for invitation).
Jouni Malinen [Sun, 20 Oct 2013 15:09:46 +0000 (18:09 +0300)]
D-Bus: Clean up debug print for P2P invitation result
wpa_printf() does not need '\n' so remove the extra newline. In
addition, drop the priority of this message from MSG_INFO to MSG_DEBUG
since this is in no way exceptional operation.
Jouni Malinen [Sun, 20 Oct 2013 15:06:15 +0000 (18:06 +0300)]
P2P: Fix PD retry channel on join-a-group case
Join-a-group needs to force the current operating channel of the target
group as the frequency to use for the PD exchange. When the channel was
selected based on a BSS entry for the GO, this worked only for the first
PD Request frame while the retries reverted to a potentially different
channel based on a P2P peer entry. Fix this by maintaining the forced
channel through the PD retry sequence.
Jouni Malinen [Sun, 20 Oct 2013 15:03:33 +0000 (18:03 +0300)]
tests: Force GO to have an old entry in test_p2p_go_invite
This adds more coverage to testing by forcing the GO to be found with an
older entry in the BSS table and with that entry having a different
operating channel. Such a case has found issues with PD retries and
scanning if incorrect frequency and SSID is selected for the group.
Instead of relying on the old BSS entry with different operating channel
to happen based on a specific test case sequence, force this to happen
for this test case every time.
Jouni Malinen [Sun, 20 Oct 2013 14:22:50 +0000 (17:22 +0300)]
P2P: Accept Invitation Response non-success without Channel List
P2P Invitation Response frame is required to include the Channel List
attribute only in Status=Success case. Skip the debug message claiming
that a mandatory attribute was not included in non-Success case.
Jouni Malinen [Sun, 20 Oct 2013 09:10:53 +0000 (12:10 +0300)]
eap_proxy: Fix IMSI fetch for home vs. visited network determination
Use similar mechanism to CONFIG_PCSC=y case to set the IMSI and MNC
length for eap_proxy. This allows automatic 3GPP realm comparison
against the domain list.
Jouni Malinen [Sat, 19 Oct 2013 21:01:24 +0000 (00:01 +0300)]
EAP-AKA/AKA' peer: Allow external USIM processing to be used
This allows the new external_sim=1 case to be used to perform UMTS
authentication step in EAP-AKA/AKA' peer process. Following control
interface event is used to request the operation:
CTRL-REQ-SIM-<network id>:UMTS-AUTH:<RAND>:<AUTN> needed for SSID <SSID>
Response from external processing is returned with
CTRL-RSP-SIM-<network id> UMTS-AUTH:<IK>:<CK>:<RES>
or
CTRL-RSP-SIM-<network id> UMTS-AUTS:<AUTS>
Jouni Malinen [Sat, 19 Oct 2013 15:36:12 +0000 (18:36 +0300)]
EAP-SIM peer: Allow external SIM processing to be used
This allows the new external_sim=1 case to be used to perform GSM
authentication step in EAP-SIM peer process. Following control interface
event is used to request the operation:
CTRL-REQ-SIM-<network id>:GSM-AUTH:<RAND1>:<RAND2>[:<RAND3>] needed
for SSID <SSID>
Jouni Malinen [Sat, 19 Oct 2013 14:32:05 +0000 (17:32 +0300)]
EAP peer: Add framework for external SIM/USIM processing
The new configuration parameter external_sim=<0/1> can now be used to
configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM
authentication for EAP-SIM or UMTS authentication for EAP-AKA). The
requests and responses for such operations are sent over the ctrl_iface
CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing
password query mechanism.
Changes to the EAP methods to use this new mechanism will be added in
separate commits.
Jouni Malinen [Sat, 19 Oct 2013 13:28:56 +0000 (16:28 +0300)]
eapol_test: Initialize BSS lists
This is needed to avoid issues with control interface commands that
could request BSS list during an eapol_test run. wpa_cli tries to update
its internal BSS list and that could trigger eapol_test crashes without
this.
Jouni Malinen [Sat, 19 Oct 2013 13:26:01 +0000 (16:26 +0300)]
Send CTRL-RSP command response before processing EAPOL update
This is what the original implementation did years ago, but the move to
using separate control interface backends re-ordered the implementation
to process EAPOL notification first. Use a registered timeout to allow
the ctrl_iface response to be sent out first to get somewhat faster
response time and to avoid pending operations that could result in
ctrl_iface response and unsolicited event messages from getting mixed
up.
Jouni Malinen [Sat, 19 Oct 2013 10:08:37 +0000 (13:08 +0300)]
eapol_test: Initialize wpa_s->global to fix ctrl_iface
wpa_s->global is now dereferenced in number of places and at least one
of them hits in eapol_test cases. Fix issues with this by setting the
global pointer to empty data.
Jouni Malinen [Sat, 15 Jun 2013 03:40:52 +0000 (20:40 -0700)]
GAS: Update timeout from TX status handler
This allow GAS operations to be fine-tuned based what happens with GAS
query TX. Failed queries are timed out immediately and acknowledged
queries are given some more time to account for possible TX queue
latencies.
Jouni Malinen [Fri, 14 Jun 2013 18:42:23 +0000 (11:42 -0700)]
HTTP server: Allow TCP socket to be reused
This makes it easier to handle cases where the application is restarted
and the previously used local TCP port may not have been fully cleared
in the network stack.
Jouni Malinen [Tue, 6 Aug 2013 15:23:22 +0000 (18:23 +0300)]
Add test option for specifying hardcoded BSS Load element
The new bss_load_test parameter can be used to configure hostapd to
advertise a fixed BSS Load element in Beacon and Probe Response frames
for testing purposes. This functionality is disabled in the build by
default and can be enabled with CONFIG_TESTING_OPTIONS=y.
Interworking: Add support for QoS Mapping functionality for the STA
Indicate support for QoS Mapping and configure driver to update the QoS
Map if QoS Map Set elements is received from the AP either in
(Re)Association Response or QoS Map Configure frame.
This commit adds support for receiving the frames with nl80211 drivers,
but the actual QoS Map configuration command is still missing.
Kyeyoon Park [Wed, 24 Jul 2013 09:28:20 +0000 (12:28 +0300)]
Interworking: Add support for QoS Mapping functionality for the AP
This allows QoS Map Set element to be added to (Re)Association Response
frames and in QoS Map Configure frame. The QoS Mapping parameters are
also made available for the driver interface.
Jouni Malinen [Mon, 7 Oct 2013 01:14:51 +0000 (18:14 -0700)]
Interworking: Add domain_suffix_match for credentials
This allow domain_suffix_match to be specified for a cred block and then
get this copied for the network blocks generated from this credential as
part of Interworking network selection.
Jouni Malinen [Fri, 2 Aug 2013 15:42:54 +0000 (18:42 +0300)]
Interworking: Add support for multiple home FQDNs
Credentials can now be configured with more than one FQDN ('domain'
field in the cred block) to perform Domain Name List matching against
multiple home domains.
Jouni Malinen [Mon, 7 Oct 2013 01:02:16 +0000 (18:02 -0700)]
Add AAA server domain name suffix matching constraint
The new domain_suffix_match (and domain_suffix_match2 for Phase 2
EAP-TLS) can now be used to specify an additional constraint for the
server certificate domain name. If set, one of the dNSName values (or if
no dNSName is present, one of the commonName values) in the certificate
must have a suffix match with the specified value. Suffix match is done
based on full domain name labels, i.e., "example.com" matches
"test.example.com" but not "test-example.com".
Janusz Dziedzic [Tue, 15 Oct 2013 17:27:25 +0000 (20:27 +0300)]
hostapd: Add AP DFS support
Add DFS structures/events handlers, CAC handling, and radar detection.
By default, after radar is detected or the channel became unavailable, a
random channel will be chosen.
This patches are based on the original work by Boris Presman and
Victor Goldenshtein. Most of the DFS code is moved to a new dfs.c/dfs.h
files.
Cc: Boris Presman <boris.presman@ti.com> Cc: Victor Goldenshtein <victorg@ti.com>
Signed-hostap: Simon Wunderlich <siwu@hrz.tu-chemnitz.de>
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Jouni Malinen [Tue, 15 Oct 2013 14:07:35 +0000 (17:07 +0300)]
tests: Make sure hlr_auc_gw exits and clean up sockets
If a test run is terminated forcefully, hlr_auc_gw could have been left
running and/or some of the control interface files could still remain.
This could result in hlr_auc_gw not starting again for the next test
run.
Pontus Fuchs [Mon, 14 Oct 2013 17:49:26 +0000 (20:49 +0300)]
Increase buffer size and prevent write beyond buffer end
wpa_config_write_key_mgmt has a buffer size of 50. This is not enough
to fit the longest case. I used a network with "WPA-PSK WPA-EAP
WPA-NONE" and CONFIG_IEEE80211R=y + CONFIG_IEEE80211W=y to produce
a string longer than 50 chars. Increase the buffer size to 100 to
prevent truncated output.
Truncated output is not the only problem. If the buffer end is
reached when adding certain key mgmt types the function does not
return immediately. This leaves pos > end. When a second os_sprintf
is called the calculation of end - pos yields a large positive
number for buffer size. End result is a write beyond the buffer end.
Fix this by bailing out if buffer end is reached.
Helmut Schaa [Mon, 14 Oct 2013 17:44:31 +0000 (20:44 +0300)]
hostapd: Fix segfault after ACS when flushing STAs
When hostapd receives an auth frame during ACS the transmission of
the according auth response will always fail:
ACS: Automatic channel selection started, this may take a bit
[..]
send_auth_reply: send: Resource temporarily unavailable
[..]
However, a station info entry was created. Once ACS is finished
it will flush all stations even though hapd was not yet fully
initialized. This results in a segfault when trying to access
hapd->radius:
0 0x0042c1c0 in radius_client_flush_auth ()
1 0x00416a94 in ap_free_sta ()
2 0x00416cc0 in hostapd_free_stas ()
3 0x0040bce8 in hostapd_flush_old_stations ()
4 0x0040c790 in hostapd_setup_interface_complete ()
5 0x0046347c in acs_scan_complete ()
6 0x0040f834 in hostapd_wpa_event ()
7 0x0043af08 in send_scan_event.part.46 ()
8 0x00443a64 in send_scan_event ()
9 0x00443c24 in do_process_drv_event ()
10 0x004449e8 in process_global_event ()
11 0x7767d7d0 in ?? ()
Fix this by not presuming anything about the initialization state of
hapd and checking ->radius before accessing.
Signed-off-hostapd: Helmut Schaa <helmut.schaa@googlemail.com>
Jouni Malinen [Mon, 14 Oct 2013 16:41:23 +0000 (19:41 +0300)]
P2P: Do not allow P2P client connection without P2P IE from GO
P2P-GROUP-STARTED event depends on having enough information about the
group available. To avoid incomplete information from being delivered to
upper layers, do not accept scan results without P2P IE (e.g., from a
non-P2P scan) for P2P client association process. This can be of use for
some join-a-group cases where non-P2P scans have generated the BSS entry
for the GO.
Jouni Malinen [Mon, 14 Oct 2013 16:28:00 +0000 (19:28 +0300)]
P2P: Allow persistent group determination based on Beacon frame
P2P IE may be available from a Beacon frame from a GO even if we have
not yet received a Probe Response frame with P2P IE from that GO. Since
all the needed information for determining the GO's P2P Device Address
and group capabilities are available, use that information instead of
displaying incomplete group information.
Jouni Malinen [Mon, 14 Oct 2013 16:25:28 +0000 (19:25 +0300)]
P2P: Allow GO to be discovered based on Beacon frame
This fixes some P2P-join-a-group cases where GO may have been discovered
based on passive scan or non-P2P scan. P2P IEs may have been received
from a Beacon frame in such a case and that information can be used to
create a P2P peer entry, e.g., to allow provision discovery exchange to
be completed.
Jouni Malinen [Mon, 14 Oct 2013 16:22:09 +0000 (19:22 +0300)]
P2P: Show P2P flag in BSS entries also based on Beacon frames
It is possible that a P2P GO has been discovered through a non-P2P scan
that did not return P2P IE in Probe Response frames. To cover those
cases, check also Beacon frame (if received) for P2P IE.
P2P: Do not drop P2P IEs from BSS table on non-P2P scans
This could happen when non-P2P station interface runs a scan without P2P
IE in the Probe Request frame. P2P GO would reply to that with a Probe
Response that does not include P2P IE. Do not update the IEs in this BSS
entry to avoid such loss of information that may be needed for P2P
operations to determine group information.
Jouni Malinen [Sun, 6 Oct 2013 05:15:28 +0000 (22:15 -0700)]
P2P: Make sure wait for the first client gets stopped
If a group was removed before the wait for the first client had timed
out and the client had not yet connected, p2p_go_wait_client could have
been left set and with that, scan operations could be unnecessarily
delayed. This fixes some undesired delays from commit c1c0b35fea656345b672984910cc3b93938bc5e5.
Swaroop Golti [Sun, 6 Oct 2013 01:14:33 +0000 (18:14 -0700)]
P2P: Increase Invitation Request timeouts
In noisy environment peer may take more time to send Invitation
Response so increase Invitation Response timeout to 500 ms in success
case and also increase Invitation Request action wait time to 500 ms.
This makes the Invitation Request case use the same timeout with GO
Negotiation.
Deepthi Gowri [Sun, 6 Oct 2013 00:54:52 +0000 (17:54 -0700)]
P2P: Clear p2p_group_formation and p2p_in_provisioning on group removal
Commit 41f853235fe1d1fad1acecc0ee5dfe81c872c6b2 extends group formation
timeout for the first data connection to complete and resets
p2p_go_group_formation_completed flag due to which p2p_in_provisioning
and p2p_group_formation flags are not cleared when
wpas_group_formation_completed() is called. This can result in both
station scan and p2p_find failures in the case where separate P2P group
interface is not used and the client does not complete 4-way handshake.
Fix this by clearing p2p_group_formation and p2p_in_provisioning when
such a P2P group is deleted.
Arif Hussain [Wed, 2 Oct 2013 14:38:35 +0000 (07:38 -0700)]
Include Extended Capabilities element based on scan results
Add Extended Capabilities element to association request only if the AP
included this element in Beacon/Probe Response frames. This is a
workaround to address interoperability issues with some older APs that
do not seem to be able to handle Extended Capabilities element in
(Re)Association Request frames.
A new TDLS request shall transmit TPK M1 frame with a unique INonce.
Thus a new explicit request would fail an ongoing TDLS negotiation with
the error "TDLS: FTIE SNonce in TPK M3 does not match with FTIE SNonce
used in TPK M1" if the peer happens to receive two M1 frames before an
M3 frame. Check for the ongoing negotiation with the peer and do not
start a new one if we are already in a setup negotiation with the peer.