Johannes Berg [Tue, 25 Jun 2013 10:38:03 +0000 (13:38 +0300)]
nl80211: Allow Android P2P functionality
To support Android the kernel may have a "p2p0" netdev for a P2P Device
even though this isn't very useful, but Android requires a netdev. To
support this in the supplicant, if the interface mode is P2P_DEVICE,
re-set it to the same instead of STATION mode.
Note that this is only possible with a kernel that creates a
netdev for the P2P Device wdev.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
David Spinadel [Tue, 25 Jun 2013 10:35:05 +0000 (13:35 +0300)]
nl80211: Add a handler to create_interface
Add an option to pass a handler to nl80211_create_iface() and
nl80211_create_interface_once() that will be called after receiving the
message from the kernel. This handler will add the option to process the
message in different ways for different interfaces.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
David Spinadel [Tue, 25 Jun 2013 10:33:45 +0000 (13:33 +0300)]
nl80211: Hold wdev identification for P2P Device
Add wdev_id to i802_bss. wdev_id_set indicates whether this id is
available. Use wdev_id if assigned, instead of ifindex. Use wdev_id for
events that come from the kernel to identify the relevant interface.
This commit does not assign wdev_id value for the BSS yet, i.e., this is
only preparation for the value to be used in a future commit.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Nirav Shah [Tue, 25 Jun 2013 10:29:48 +0000 (13:29 +0300)]
nl80211: Identify if nl80211 is capable of P2P Device abstraction
Check the supported interfaces attribute to identify support for
a dedicated P2P Device interface type. If set, update the driver
capabilities flag to notify the supplicant.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Michael Braun [Tue, 25 Jun 2013 09:03:02 +0000 (12:03 +0300)]
VLAN: Avoid access to non-existing interfaces
Currently, hostapd_get_vlan_id_ifname() is used to determine if a given
vlan is valid *and* to actually determine the interface. This leads to
wpa_set_keys() sometimes setting the key on the wildcard interface name,
which does not make sense.
This patch therefore adds hostapd_vlan_id_valid() and makes
hostapd_get_vlan_id_ifname() not return a wildcard interface.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Tue, 25 Jun 2013 08:55:30 +0000 (11:55 +0300)]
bridge: Track inter-BSS usage
Currently, struct hostapd_vlan is a per-BSS data structure which
also contains informations about whether to remove the bridge
or clear wlan / tagged-vlan interface from the bridge.
In a multi-interface multi-BSS setup, this can lead to the following
race condition:
1. wlan0 creates VLAN A, sets DVLAN_CLEAN_BR and DVLAN_CLEAN_VLAN_PORT
2. wlan1 creates VLAN A, does not set DVLAN_CLEAN_BR and
DVLAN_CLEAN_VLAN_PORT as already there
3. wlan0 removes VLAN A, removes tagged-interface from the bridge
but not the bridge.
Now wlan1 VLAN A is unusable due to the missing uplink.
4. wlan1 removes VLAN A, does not cleanup
Solution:
This requires an inter-BSS inter-interface data structure to track the
bridge / bridge port usage within hostapd. This data structure could
also be used to track any other device-has-been-created-by-hostapd
information or when regarding interface freeing.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
Michael Braun [Tue, 25 Jun 2013 08:10:00 +0000 (11:10 +0300)]
bridge: Use safe default bridge interface
Currently by default, all BSS share the bridge brvlan%d.
While this is sane when no tagged-interface is given, this
is insane when different tagged interfaces are given, as
it would result in bridging those tagged interfaces.
This patch therefore uses br%s%d with %s=tagged_interface
and %d=VLAN ID as bridge name when a tagged-interface is given.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
Johannes Berg [Sat, 22 Jun 2013 10:17:14 +0000 (13:17 +0300)]
wlantest: Always write radiotap pcap-ng
When writing pcap-ng files, always include a radiotap
header even if there wasn't one in the input. For now
just drop prism headers, I don't have any to test.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Chengyi Zhao [Sat, 22 Jun 2013 09:09:09 +0000 (12:09 +0300)]
D-Bus: Emit signal when a station is authorized or deauthorized
Add "StaAuthorized" and "StaDeauthorized" D-Bus interface in AP mode.
After enabling the AP mode of wpa_supplicant, the other process need to
get the MAC address and authorization status of every station, so
wpa_supplicant emits signal when the station is authorized or
deauthorized.
Alexander Bondar [Sat, 22 Jun 2013 08:28:33 +0000 (11:28 +0300)]
Remove 802.11b rates only in case of P2P group operation
11b rates removal have had impact on SoftAP functionality in
wpa_supplicant. This patch verifies that only in case of P2P group
operation 11b rates will be eliminated. Refer also to commit 4c2c30289305b67c09f464ba29352b008b5ec433.
Signed-hostap: Alexander Bondar <alexander.bondar@intel.com>
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
Sunil Dutt [Thu, 20 Jun 2013 12:10:15 +0000 (15:10 +0300)]
TDLS: Validate ext_supp_rates in copy_supp_rates
The ext_supp_rates passed to merge_byte_arrays would be invalid if not
advertized by the TDLS peer. Thus, validate the argument to avoid
crashes in such cases.
Jouni Malinen [Wed, 19 Jun 2013 16:16:23 +0000 (19:16 +0300)]
P2P: Do not reply to 802.11b-only Probe Request frames as GO
If AP mode SME/MLME within wpa_supplicant is used for processing Probe
Request frames in GO mode, drop Probe Request frames that include only
802.11b rates per P2P spec section 2.4.1.
Kyeyoon Park [Tue, 18 Jun 2013 14:40:51 +0000 (17:40 +0300)]
Fix session timeout after ANQP dummy STA entry with SME-in-driver
Upon association, disable the timer that removes the dummy STA. This
timer caused the STA that associates within 5 seconds of doing an ANQP
query to disassociate, thinking it's a dummy STA. Similar call was
already there for the SME/MLME-in-hostapd case in handle_auth(), but the
SME-in-driver case was not previously addressed.
Jouni Malinen [Fri, 7 Jun 2013 17:13:25 +0000 (20:13 +0300)]
Remove CONFIG_NO_WPA2 build parameter
There is not much use for enabling WPA without WPA2 nowadays since most
networks have been upgraded to WPA2. Furthermore, the code size savings
from disabling just WPA2 are pretty small, so there is not much
justification for maintaining this build option. Remove it to get rid of
undesired complexity.
Jouni Malinen [Fri, 7 Jun 2013 17:02:50 +0000 (20:02 +0300)]
Fix WNM build without WPA2
Commit ae8535b6e1a98ca40ce87650a4179851e7cd13a7 added a new function
wpa_sm_pmf_enabled() which is called from WNM code without ifdefs.
Define a dummy wrapper for this function to fix build if WPA2 is
disabled.
Jouni Malinen [Fri, 7 Jun 2013 17:01:10 +0000 (20:01 +0300)]
Fix build without WPA2 or EAP
Commit 4033935dd9098938838d6d7934ceb65f92a1fa3c updated
pmksa_cache_flush() function arguments, but forgot to update the wrapper
function for cases where WPA2 or EAP has been disabled in the build.
Wei-Jen Lin [Tue, 4 Jun 2013 23:03:26 +0000 (02:03 +0300)]
P2P: Automatic channel selection at re-invocation of persistent GO
If the driver wrapper supports best operation channel indication, the
p2p_group_add command can now use special values (freq=2 and freq=5) to
indicate that the re-invoked persistent GO is to be started on the
specified band.
Vivek Natarajan [Mon, 3 Jun 2013 18:30:34 +0000 (21:30 +0300)]
P2P: Modify wait time in INVITE state based on Tx status of INV-REQ
In a noisy enviromment, some peers can be slow to respond to the
invitation request frames which may lead to unnecessary state timeout.
Increase this timeout to 350 ms to improve the probabilty of
successfully receiving the invitation response frames.
Jouni Malinen [Thu, 30 May 2013 07:25:23 +0000 (10:25 +0300)]
nl80211: Use NL80211_ATTR_PEER_AID to set TDLS peer AID
This is needed for TDLS with VHT to allow partial AID to be set
correctly for the direct link frames. cfg80211 validation rules
prevented NL80211_ATTR_STA_AID from being used for this in set_station
case, so the new attribute is used instead.
Jouni Malinen [Mon, 27 May 2013 21:35:47 +0000 (00:35 +0300)]
WPS: Allow Device Password Id changes between PIN methods
Commit b4a17a6ea74b2ffba082e05c84730e979513042c added support for the
WPS Registrar to change the Device Password based on WSC specification
design. However, this added validation for Registrar behavior which
resulted in preventing a common P2P use case from working. Relax the
validation rules for builds with P2P enabled to allow the Enrollee (P2P
client) accepting M1/M2 changes in Device Password Id between Default
and Registrar-specified PIN.
Jouni Malinen [Mon, 27 May 2013 17:10:57 +0000 (20:10 +0300)]
nl80211: Ignore deauth/disassoc event from old AP
It looks like cfg80211 can deliver a deauth/disassoc event during some
roaming cases while we are already in progress with a new
authentication/association. This happens at least with FT protocol.
Avoid issues with such disconnection event resulting in core
wpa_supplicant stopping the new connection attempt by tracking
auth/assoc BSSID more carefully within driver_nl80211.c and filtering
out events that do not apply for the current AP.
Jouni Malinen [Sun, 26 May 2013 18:46:54 +0000 (21:46 +0300)]
wlantest: Select correct TDLS context if multiple exists
Some corner cases may result in both directions of TDLS tracking context
existing. If that is the case, the incorrect one may end up getting
picked when figuring out which TK to use for decryption or fix
statistics counter to increment. Fix this by preferring the context that
has TDLS link up.
Jouni Malinen [Sun, 26 May 2013 16:39:48 +0000 (19:39 +0300)]
wlantest: Add support for writing pcapng files
The new -n<file> command line argument can be used to request wlantest
to write all read or captured frames into a pcapng file. This is similar
to the -w argument, but with pcapng allowing per-frame comments to be
embedded in the file.
Jouni Malinen [Fri, 24 May 2013 13:03:54 +0000 (16:03 +0300)]
FT: Fix TKIP group key configuration in FT protocol
The Michael MIC TX and RX keys needs to be swapped in the FT case just
like in all other TKIP key configuration cases. This fixes issues where
TKIP as group cipher resulted in Michael MIC failures being detected for
each received group-addressed frame after FT protocol use.
Jouni Malinen [Fri, 24 May 2013 10:37:22 +0000 (13:37 +0300)]
Do not set driver MAC ACL unless driver supports this
This cleans up debug log by not including comments about failed
operations in case the operation is known to fail due to not being
supported by the driver.
Vivek Natarajan [Thu, 23 May 2013 11:38:20 +0000 (14:38 +0300)]
hostapd: Support MAC address based access control list
Enable MAC address based ACL for the drivers which advertise
this capabilty with NL80211_ATTR_MAC_ACL_MAX. Either of blacklist
or whitelist is supported, though, not simultaneously.
Jouni Malinen [Thu, 23 May 2013 17:35:02 +0000 (20:35 +0300)]
wpa_cli: Support tab completion with ifname= prefix
Enable tab completion for the cases where ifname= prefix is used in
interactive mode by skipping over that prefix before running through the
per-command completion routines. The ifname= prefix itself is also
covered by adding the possible interface names to the command list.
Jouni Malinen [Thu, 23 May 2013 17:04:17 +0000 (20:04 +0300)]
wpa_cli: Allow IFNAME= prefix to be used
Strip out the IFNAME=<ifname> prefix from commands before parsing them
through the normal processing and then add the prefix back to the
beginning of the actual control interface command to make per-interface
commands work through the global control interface without having to use
the 'raw' command.
Jouni Malinen [Thu, 23 May 2013 12:57:13 +0000 (15:57 +0300)]
WNM: Fix ess_disassoc timeout to be specified in TBTTs
This was previously claimed to be in ms, but the field in BSS Transition
Management Request frame is in number of TBTTs (beacon interval). Use
that unit in the ESS_DISASSOC control interface command to be able to
specify any value and just modify the timeout value to be calculated
based on beacon interval.
WNM: Remove PMKSA cache entry on ESS disassoc imminent notification
This is needed to avoid allowing the STA to reconnect using a cached
PMKSA. ESS disassoc imminent notification is normally used to indicate
that the STA session will be terminated and as such, requiring full
authentication through the authentication server after this is needed.
Jouni Malinen [Tue, 21 May 2013 16:34:00 +0000 (19:34 +0300)]
Fix already-associated detection with driver-based BSS selection
wpa_s->pending_bssid is all zeros during connection attempt when
driver-based BSS selection is used. Take this into account when
determining whether new scan results should trigger a connection based
on wpa_s->current_ssid, i.e., a connection attempt with the selected
network instead of selected BSS.
Sean Lin [Wed, 22 May 2013 10:29:46 +0000 (13:29 +0300)]
P2P: Relax channel forcing for invitation processing with MCC support
When STA interface is connected and P2P interface gets invited in a
different channel from previous P2P group, the invitiation would fail
because of no common channel found. Fix this by using different logic
when device support multi channel concurrency.
Jouni Malinen [Wed, 22 May 2013 10:24:30 +0000 (13:24 +0300)]
Fix OKC-based PMKSA cache entry clearing
Commit c3fea272747f738f5723fc577371fe03711d988f added a call to clear
all other PMKSA cache entries for the same network if the PMKSA cache
entry of the current AP changed. This was needed to fix OKC cases since
the other APs would likely use the new PMK in the future. However, this
ended up clearing entries in cases where that is not desired and this
resulted in needing additional full EAP authentication with networks
that did not support OKC if wpa_supplicant was configured to try to use
it.
Make PMKSA cache entry flushing more limited so that the other entries
are removed only if they used the old PMK that was replaced for the
current AP and only if that PMK had previously been used successfully
(i.e., opportunistic flag was already cleared back to 0 in
wpa_supplicant_key_neg_complete()). This is still enough to fix the
issue described in that older commit while not causing problems for
standard PMKSA caching operations even if OKC is enabled in
wpa_supplicant configuration.
Sunil Dutt [Mon, 20 May 2013 10:07:24 +0000 (15:37 +0530)]
TDLS: Retry TDLS Setup Response more quickly
TDLS responder STA used to retransmit the TDLS Setup Response after 5
seconds if the TDLS Setup Confirm is not received. The initiator would
have enabled the TDLS link and started transmitting the data to the peer
on the TDLS link after transmitting the TDLS Setup Confirm frame. If the
TDLS Setup Confirm frame is not received by the receiver, the
transmissions from the initiator on the direct link would get failed for
the TDLS link not getting enabled on the receiver. This commit reduces
the data delivery failure duration by shortening the retry time of the
TDLS Setup Response frames. The retry limit of the TDLS Response frame
also is increased to ensure that the peer does not miss the frames in
the reduced time period.
Kyeyoon Park [Fri, 5 Apr 2013 15:41:26 +0000 (18:41 +0300)]
WNM: Add disassociation timeout processing for ESS_DISASSOC
The hostapd_cli ess_disassoc command now takes three arguments (STA MAC
address, timeout in ms, URL) and the STA is disconnected after the
specified timeout.
GAS: Assign new dialog token even if previous one is free
This makes the design more robust against unexpected duplicates since
each new GAS exchange gets a different dialog token compared to the
previous one.
Jouni Malinen [Tue, 29 Jan 2013 15:33:34 +0000 (07:33 -0800)]
GAS: Ignore replays if previous frag_id without dropping GAS session
It looks like it may be possible for an older GAS response to get retransmitted
even after the first copy has been processed. While this should not really come
up all the way to wpa_supplicant due to sequence number being same (i.e.,
duplicate detection should from the frame), some cases have been observed where
this did cause issues. Drop such a frame silently without dropping the ongoing
GAS session to allow a frame with the next frag_id to be processed after this.
Jouni Malinen [Fri, 28 Oct 2011 11:39:44 +0000 (14:39 +0300)]
Add test code for fetching the last configured GTK
This can be useful for some test cases, so allow wpa_supplicant to be
built with special test functionality to expose the current (last
configured) GTK. This is disabled by default and can be enabled by
adding following line into .config:
CFLAGS += -DCONFIG_TESTING_GET_GTK
The GTK can then be fetched with "wpa_cli get gtk".
Jouni Malinen [Sat, 18 May 2013 16:41:08 +0000 (19:41 +0300)]
P2P: Direct global ctrl_iface commands automatically for P2P
The P2P management operations like P2P_FIND and P2P_CONNECT are not
really specific to any network interface. These are P2P Device level
operations that are in more global device context. Allow those to be
sent through the global control interface without IFNAME parameter.
For now, these commands are directed within wpa_supplicant to the
network interface that initialized the global P2P context. This may
change in the future if a special context is added for P2P operations.
Anyway, such changes can now be done internally within wpa_supplicant
without affecting this global control interface design from external
view point.
Jouni Malinen [Sat, 18 May 2013 16:18:31 +0000 (19:18 +0300)]
P2P: No duplicate AP-STA-CONNECTED/DISCONNECTED as global event
These events are sent as a special case to both the group interface and
"parent interface" (i.e., the interface that was used for managing P2P
negotiation). The latter is not really correct event, so get rid of it
with the new global control interface design where there is no need to
support legacy upper layer implementations.
Jouni Malinen [Sat, 18 May 2013 15:59:51 +0000 (18:59 +0300)]
P2P: Mark P2P events global (not specific to interface)
This removes the "IFNAME=<ifname> " prefix from P2P events that are
received through the global control interface since these events are not
really specific to any network interface, but the full device.
Jouni Malinen [Sat, 18 May 2013 15:47:36 +0000 (18:47 +0300)]
P2P: Clean up debug prints
Replace direct wpa_msg() calls with p2p_dbg(), p2p_info(), and p2p_err()
calls that use a new debug_print() callback to handle actual debug
printing outside the P2P module.
Jouni Malinen [Sat, 18 May 2013 13:06:40 +0000 (16:06 +0300)]
P2P: Move p2p_find stopped event message into p2p_supplicant.c
This removes wpa_ctrl.h dependency from src/p2p/* and makes the P2P
events more consistent, i.e., everything that is aimed for upper layer
processing from the wpa_supplicant control interfaces is generated in
p2p_supplicant.c.
Jouni Malinen [Sat, 18 May 2013 11:07:28 +0000 (14:07 +0300)]
Allow global ctrl_iface monitors
The ATTACH/DETACH mechanism to request event messages from
wpa_supplicant can now be used through the global control interface,
too. This results in events from all interfaces being delivered through
a single monitor socket. "IFNAME=<ifname> " prefix is used on events
that are specific to an interface.
Jouni Malinen [Sat, 18 May 2013 09:03:35 +0000 (12:03 +0300)]
Android: Clarify keystore include directories
This updates hostapd to build using the new keystore header file
location and adds a note that the old frameworks/base/cmds/keystore can
be removed at some point in the future when old Android releases do not
need to be supported.
Jouni Malinen [Sat, 18 May 2013 08:42:09 +0000 (11:42 +0300)]
Abstract and Android sockets for global ctrl_iface
The wpa_supplicant global control interface parameter can now be used to
explicitly specify an abstract UNIX domain socket (Linux specific
extension) with "@abstract:" prefix and an Android control socket with
"@android:" prefix.
Jouni Malinen [Sat, 18 May 2013 08:40:23 +0000 (11:40 +0300)]
wpa_cli: Allow global interface to be used in interactive mode
This is mostly a corner case at this point, but if wpa_cli was started
with global control interface connection (-g) and interactive mode,
per-interface control interface was tried to be opened with the
previously opened global ctrl_iface connection gettign leaked.
Jouni Malinen [Sat, 18 May 2013 07:19:38 +0000 (10:19 +0300)]
Allow global ctrl_iface to be used for per-interface commands
"IFNAME=<ifname> " prefix can now be used on the wpa_supplicant global
control interface to direct a command to a specific interface instead of
having to use an interface specific control interface for this. This
allows a single socket to be used for controlling multiple virtual
interfaces.
Yufeng Wang [Fri, 17 May 2013 08:03:52 +0000 (11:03 +0300)]
P2P: Fix p2p_pref_chan setting from configuration file
Commit 21d996f775a2131bb0c73d6e18ca9b382f017057 added p2p_pref_chan as a
configuration file parameter, but included only the case of dynamically
setting this at runtime through the control interface SET command.
Complete this functionality by taking this value into use directly from
the configuration file, too.
By default, dbus_connection_dispatch() will call _exit() if the bus
connection has been closed. This caused wpa_supplicant to terminate
without properly cleaning up after itself.
To ensure that we terminate cleanly when the messagebus terminates,
override the exit_on_disconnect behavior and install a filter to handle
libdbus's "Disconnected" signal.
[Bug 474]
Signed-hostap: Daniel Gnoutcheff <daniel@gnoutcheff.name>
Jouni Malinen [Wed, 15 May 2013 14:33:50 +0000 (17:33 +0300)]
WPS: Clear connection failure counts on WPS success
The WPS provisioning case does not result in successful connection by
design and as such, this can result in networks getting temporarily
disabled. Avoid this by clearing the failure counts on WPS success.
Jouni Malinen [Wed, 15 May 2013 13:46:45 +0000 (16:46 +0300)]
WPS NFC: Connect using learnt credential after NFC Tag read
Instead of just adding the new network, prefer the network learnt from a
configuration token during the first connection attempt. This makes the
WPS NFC case behave similarly to the in-band provisioning cases if there
are more preferred networks in the scan results.
Jouni Malinen [Tue, 14 May 2013 13:46:38 +0000 (16:46 +0300)]
edit: Fix libreadline history clearing with WPA_TRACE
The HIST_ENTRY and its variables are allocated within libreadline, so
they won't have the WPA_TRACE special header and cannot be freed with
os_free(). Use free() to avoid issues during wpa_cli termination if any
of the new commands added to the history are to be removed (e.g.,
set_network could include a password).
Jouni Malinen [Mon, 13 May 2013 08:53:21 +0000 (11:53 +0300)]
nl80211: Fix foreign address filtering for MLME frame events
Commit 97279d8d1ad40bd7d884af8e2fc26dff0163331a started filtering MLME
frame events based on Address 1 (destination) field. This works fine for
frames sent to us, but it did filter out some corner cases where we
actually want to process an event based on a frame sent by us. The main
such case is deauthentication or disassociation triggered by something
external to wpa_supplicant in the system. Fix this by accepting events
for frames where either Address 1 or 2 (transmitter) matches the
interface address.
Jouni Malinen [Sun, 12 May 2013 16:16:35 +0000 (19:16 +0300)]
Mark interface disconnected on removal request
This cleans up debug log by not trying to process the disconnection
event as a failure that could result in blacklist addition and auto
connect attempt. These are pointless operations since the interface is
going to removed immediately after this.
Jouni Malinen [Sun, 12 May 2013 16:15:33 +0000 (19:15 +0300)]
Do not try auto connect mechanism in disconnected state
This cleans up debug log by not requesting the auto connect on
dissassociation event if we are already in disconnected state and would
not try to connect anyway.
Jouni Malinen [Sun, 12 May 2013 16:12:29 +0000 (19:12 +0300)]
Do not add BSS to blacklist on local disconnection request
There is no point in marking a BSS temporarily blacklisted based on a
connection failure or disconnection case if that happens as a result of
a local request to disconnect. The blacklist entry could result on
unexpected BSS getting selected on the next connection attempt. In
addition, the code to try to find another BSS within the ESS could
result in scanning a single channel on the next attempt. Fix these
issues by handling the connection failure events only if we are not in
disconnected state (i.e., would try to reconnect after this
automatically).
Jouni Malinen [Sat, 11 May 2013 18:01:46 +0000 (21:01 +0300)]
wpadebug: Add a simple WebView activity
This provides a simple web browser that can be started and stopped from
other apps or native applications.
This activity can be started with the following command:
am start -a android.action.MAIN -c android.intent.category.LAUNCHER \
-n w1.fi.wpadebug/.WpaWebViewActivity -e w1.fi.wpadebug.URL <URL>
If <URL> is set to FINISH the activity is finished.