P2P: Set p2p auth/assoc parameter based on connection type
Fix the previous code that was hardcoding the p2p parameter based
on the driver P2P capability regardless of whether the connection
was really used for P2P or not.
nl80211: Change vif type to P2P_CLI upon P2P authentication
Currently, wpa_driver_nl80211_authenticate() changes the interface type
to station. However, in case of P2P, we need to change the interface
type to P2P_CLI.
Add p2p field to the authentication params, and consider it for choosing
the correct interface type.
Commit 9f51b11395646efeb5d6a75d2cabc0bf7626496f added support for P2P
interfaces when adding a new interface. However, it didn't handle the
case in which the same interface is being used and its type is being
changed. Add support for this case.
Consequently, when doing "ap_scan_as_station" we now need to save the
actual AP interface type (AP/P2P GO) in order to restore it properly.
For that, change ap_scan_as_station type from int to nl80211_iftype, and
set it to NL80211_IFTYPE_UNSPECIFED when not used.
nl80211: Ignore ifdown event if mode change triggered it
When driver_nl80211.c has to set the netdev down to change iftype, an
RTM_NEWLINK event is generated. Do not generate
EVENT_INTERFACE_DISABLED event based on that.
This makes sure that the old connection is not maintained if the new
configuration does not allow it anymore. In addition, it is better to
use wpa_supplicant_clear_connection() instead of just clearing
wpa_s->current_ssid here to keep things in sync.
When the BSS table size limit has been reached, drop first the oldest
BSS entries for which there is not a matching network in the
configuration based on SSID (wildcards are ignored). This makes it
less likely to hit connection issues in environments with huge number
of visible APs.
Hong Wu [Sat, 16 Jul 2011 07:57:17 +0000 (10:57 +0300)]
FT: Fix the calculation of MIC Control field in FTIE
Reassociation Request/Response frame validation need to count all IEs in
the RIC. In addition, TIE is not protected, so it should not be included
in the count.
P2P: Filter Probe Request frames based on DA and BSSID in Listen state
Only accept Probe Request frames that have a Wildcard BSSID and a
destination address that matches with our P2P Device Address or is the
broadcast address per P2P specification 3.1.2.1.1.
Johannes Berg [Fri, 15 Jul 2011 14:13:44 +0000 (17:13 +0300)]
P2P: Fix p2p_intra_bss with nl80211
The current implementation of p2p_intra_bss doesn't work since the flag
isn't propagated into the corresponding hostapd config, so AP code will
never enable AP isolation and will in fact disable it again after it had
been enabled by the P2P code.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The paths pointer could have been NULL when going through the shared
freeing path in error case. Avoid the NULL pointer dereference by
checking whether that is the case. In addition, remove unnecessary
gotos to make the function more readable.
Johannes Berg [Fri, 15 Jul 2011 09:05:19 +0000 (12:05 +0300)]
nl80211: fix interface address assignment
When a new interface is created and already has a separate MAC address
assigned by the kernel, then we need to use that address, not just when
we've created a locally administered address.
This fixes use_p2p_group_interface=1 for iwlagn as it already makes
mac80211 assign an address for a second interface since the hardware has
two addresses assigned.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 12 Jul 2011 18:22:51 +0000 (21:22 +0300)]
nl80211: Support GTK rekey offload
Add support to wpa_supplicant for device-based GTK rekeying. In order to
support that, pass the KEK, KCK, and replay counter to the driver, and
handle rekey events that update the latter.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When adding a new station, set the STA flags as part of the sta_add()
command. This ensures the flags are up to date when the station is added
by lower level drivers.
Allow PMKSA caching to be disabled on Authenticator
A new hostapd configuration parameter, disable_pmksa_caching=1, can now
be used to disable PMKSA caching on the Authenticator. This forces the
stations to complete EAP authentication on every association when WPA2
is being used.
wpa_supplicant AP: Disable AP mode on disassoc paths
Regardless of how the AP mode is disabled, wpa_supplicant_ap_deinit()
must be called. Make sure this happens on all paths by calling the
deinit function from wpa_supplicant_mark_disassoc().
This can be used by dbus client to implement subject match text
entry with preset value probed from server. This preset value, if
user accepts it, is remembered and passed to subject_match config
for any future authentication.
hostapd: Clear keys configured when hostapd reloads configuration
Data path is broken when hostapd reloads its configuration
disabling the security which was previously enabled (WEP/WPA),
using kill -1, as old keys were not cleared.
The patch clears the keys configured when hostapd reloads
its configuration.
TLS: Add support for tls_disable_time_checks=1 in client mode
This phase1 parameter for TLS-based EAP methods was already supported
with GnuTLS and this commit extends that support for OpenSSL and the
internal TLS implementation.
P2P: Only call dev_lost() for devices that have been dev_found()
Fix a bug with the current dev_found()/dev_lost() usage. Previously
in p2p_device_free() dev_lost() was invoked for devices that had
not been dev_found(). This caused dbus related msgs to stderr like:
"Attempted to unregister path (path[0] = fi path[1] = w1) which isn't
registered"
Jouni Malinen [Mon, 27 Jun 2011 16:02:24 +0000 (19:02 +0300)]
Clear WPA and EAPOL state machine config pointer on network removal
Make sure that the WPA and EAPOL state machines do not hold a pointer
to a network configuration that is about to be freed. This can fix
potential issues with references to freed memory.
Jayant Sane [Sat, 25 Jun 2011 09:08:43 +0000 (12:08 +0300)]
P2P: Update listen and operating channel from P2P D-Bus
Some P2PDevice properties were not updated in p2p->cfg structure:
reg_class, channel, op_reg_class, and op_channel. Hence, update p2p->cfg
parameters through p2p core calls in wpas_p2p_update_config().
Jayant Sane [Fri, 24 Jun 2011 08:20:19 +0000 (11:20 +0300)]
P2P: More complete persistent group management over D-Bus
Extend commit c2762e410fa319f75a174aeb12343beddf99fce4 to allow
applications to manage (add/remove) persistent groups and accepted
network object paths while invoking a persistent group.
Jayant Sane [Thu, 23 Jun 2011 18:29:10 +0000 (21:29 +0300)]
P2P: Show P2P peer signal level in D-Bus P2P device properties
Move level parameter from p2p_device to p2p_device_info in order to
expose this information and modify D-Bus P2P handler to return this new
parameter through the P2P device properties.
Jayant Sane [Thu, 23 Jun 2011 18:25:13 +0000 (21:25 +0300)]
P2P: Update D-Bus network object semantics during group formation
Do not emit network objects during P2P group formation since such
network objects can confuse certain apps. Instead, a persistent group
object is created to allow apps to keep track of persistent groups.
Persistent group objects only represent the info needed to recreate the
group.
Also fixes a minor bug in the handling of persistent group objects
during WPS operations.
Helmut Schaa [Thu, 23 Jun 2011 17:18:21 +0000 (20:18 +0300)]
hostapd: Don't mask out non-symmetric STA HT caps
Previously hostapd just masked the STAs HT caps with its own. However,
some HT caps are not symmetric and as such need to be handled
different.
hostapd shouldn't overwrite the STAs SMPS mode as otherwise the driver
cannot know it has to use RTS/CTS to wake the receiver from dynamic
SMPS for MCS rates > 7.
hostapd shouldn't mask the RX and TX STBC caps with it's own. They are
already handled in a special case below.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Jouni Malinen [Thu, 23 Jun 2011 16:53:45 +0000 (19:53 +0300)]
Fix CONFIG_NO_WPA_PASSPHRASE=y build
Need to define CONFIG_NO_PBKDF2 even though the crypto cleanup moved
the function to a separate file since there is conditional code in
wpa_supplicant/config.c. In addition, wpa_passphrase should not be
built at all if passphrase functionality is removed.
Jouni Malinen [Thu, 23 Jun 2011 13:39:26 +0000 (16:39 +0300)]
Add a copyright and license statement for a radiotap header file
This file is a part of the radiotap parser that Andy Green agreed to
relicense under the BSD license (per email, 11 Aug 2007 07:42:05
+0100). The copyright/license statement was updated in radiotap.c,
but this radiotap_iter.h file was forgotten at that point.
Zhu Yi [Thu, 23 Jun 2011 12:47:21 +0000 (15:47 +0300)]
bsd: Fix set_key() sequence number endian issue
In set_key handler, the seq[8] is in little endian order defined by
WPA. BSD kernel uses a u_int64_t value ik_keyrsc to represent it
internally. The kernel expects the native endian order for the value.
Thus, we need to detect the endian order and swap bytes when
necessary.
Jouni Malinen [Thu, 23 Jun 2011 12:39:00 +0000 (15:39 +0300)]
Fix AP selection to check privacy mismatch and IBSS with WPA/RSN IE
These checks were previously skipped if the scan result included WPA
or RSN IE. However, that can result in selecting a network that does
not match local configuration in some cases.
Jouni Malinen [Tue, 21 Jun 2011 17:55:46 +0000 (20:55 +0300)]
Add EVENT_RX_ACTION handler for hostapd
This fixes an issue with SA Query Response frames not being processed
anymore after wpa_supplicant started registering a handler for those.
This handler registration is in generic driver_nl80211.c code, so
hostapd uses it, too.
Jouni Malinen [Tue, 21 Jun 2011 08:47:03 +0000 (11:47 +0300)]
P2P: Start GO without extra scan step
There are some corner cases, where the wpa_supplicant_req_scan() call
may end up scheduling a scan even if we are about to start a GO. Avoid
this by explicitly marking the GO network to be selected for the next
connection.
Jouni Malinen [Mon, 20 Jun 2011 07:17:33 +0000 (10:17 +0300)]
nl80211: Add support for driver-based PMKSA cache
Implement PMKSA cache operations add, remove, and flush using nl80211
commands NL80211_CMD_{SET,DEL,FLUSH}_PMKSA to support PMKSA caching
with drivers that select the AP and generate the RSN IE internally.
Johannes Berg [Sun, 12 Jun 2011 21:47:49 +0000 (14:47 -0700)]
DBus: Refactor array adding, add binary arrays
Some new code we're working on will require the dbus type "aay" (an
array of arrays of bytes). To add this, refactor the array code to
reduce code duplication by given a type string to the array starting
code, and also add code to create and parse such arrays from or into an
array of struct wpabuf respectively.
Since there's no unique DBus type for this, add a "fake"
WPAS_DBUS_TYPE_BINARRAY type that is separate from the regular DBus
types for parsing.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jayant Sane [Sun, 12 Jun 2011 21:20:39 +0000 (14:20 -0700)]
P2P: Retry provision discovery requests in IDLE state
Since the peer may not be in Listen state when the provision discovery
request is sent, try to send the request again number of times when in
IDLE state. This was already done when p2p_find is in progress, but this
commit adds retries to the case where no other P2P operations are in
progress.
Signed-off-by: Jayant Sane <jayant.sane@intel.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Tue, 31 May 2011 17:07:11 +0000 (20:07 +0300)]
random: Add support for maintaining internal entropy store over restarts
This can be used to avoid rejection of first two 4-way handshakes every
time hostapd (or wpa_supplicant in AP/IBSS mode) is restarted. A new
command line parameter, -e, can now be used to specify an entropy file
that will be used to maintain the needed state.
Jouni Malinen [Fri, 27 May 2011 15:54:36 +0000 (18:54 +0300)]
nl80211: Enable more AP callbacks for non-hostapd AP mode
Some of these are required for proper functionality (like
get_seqnum); others may not be needed yet, but including them
allows some extra ifdef/endif blocks to be removed.
Jouni Malinen [Thu, 19 May 2011 14:52:46 +0000 (17:52 +0300)]
Fix regression in RSN pre-authentication candidate list generation
Processing of the scan results for RSN pre-authentication candidates
was moved to happen before the network was selected. This resulted in
all candidates being dropped due to no SSID having been configured.
Fix this by moving the processing to happen after the network has
been selected. Since the raw scan results are not available at that
point, use the BSS table instead of scan results to fetch the
information.
Vinay Adella [Thu, 19 May 2011 09:55:47 +0000 (12:55 +0300)]
WPS UPnP: Fix UPnP initialization for non-bridge case with some drivers
If the driver wrapper is setting up the interface up only at commit(),
UPnP initialization fails. Fix that by moving UPnP setup to happen after
the driver commit() call.
Jouni Malinen [Tue, 17 May 2011 16:53:02 +0000 (19:53 +0300)]
WPS: Add a workaround for Windows 7 capability discovery for PBC
Windows 7 uses incorrect way of figuring out AP's WPS capabilities by
acting as a Registrar and using M1 from the AP. The config methods
attribute in that message is supposed to indicate only the configuration
method supported by the AP in Enrollee role, i.e., to add an external
Registrar. For that case, PBC shall not be used and as such, the
PushButton config method is removed from M1 by default. If pbc_in_m1=1
is included in the configuration file, the PushButton config method is
left in M1 (if included in config_methods parameter) to allow Windows 7
to use PBC instead of PIN (e.g., from a label in the AP).