Sunil Dutt [Tue, 22 Nov 2016 15:20:08 +0000 (20:50 +0530)]
Define a QCA vendor command to abort vendor scan
The new QCA_NL80211_VENDOR_SUBCMD_ABORT_SCAN command can be used to
abort an ongoing scan that was started with
QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN.
Jouni Malinen [Tue, 29 Nov 2016 14:07:25 +0000 (16:07 +0200)]
tests: PMF and Authentication frame injection
Verify that AP does not break PMF-enabled connection due to injected
Authentication frame. This is a regression test for
NL80211_FEATURE_FULL_AP_CLIENT_STATE changes resulting in dropping the
key in such a case.
Jouni Malinen [Tue, 29 Nov 2016 13:57:22 +0000 (15:57 +0200)]
Add MGMT_RX_PROCESS test command for hostapd
This makes it easier to write hwsim test cases to verify management
frame processing sequences with dropped or modified frames. When
ext_mgmt_frame_handling is used, this new command can be used to request
hostapd to process a received a management frame, e.g., based on
information reported in the MGMT-RX events.
This is more or less identical to the earlier wpa_supplicant commit 4de70e2330c54c32f42a5fc93517d65c0a2c3be9 ('Add MGMT_RX_PROCESS test
command for wpa_supplicant'), but for hostapd.
Jouni Malinen [Tue, 29 Nov 2016 14:15:31 +0000 (16:15 +0200)]
AP: Do not drop STA entry if PMF is used with full AP client state
This fixes a regression from commit bb598c3bdd0616f0c15e1a42e99591d8f3ff3323 ('AP: Add support for full
station state'). That commit added code to remove and re-add the kernel
STA entry when processing Authentication frames with a driver that
advertises support for full AP client state. That resulted in bypassing
PMF protections for unprotected Authentication frames with such drivers
since the TK was lost in this operation.
It is simplest to skip the STA entry clearing in this type of case
completely to leave the TK in place and to process the new
authentication exchange otherwise normally. This matches the behavior
used with the drivers that do not implement full AP client state.
Will Glynn [Sat, 26 Nov 2016 02:39:12 +0000 (02:39 +0000)]
FT: Explicitly check for MDE not present in non-FT association
IEEE Std 802.11-2012, 12.4.2 states that if an MDE is present in an
(Re)Association Request frame but the RSNE uses a non-FT AKM suite, the
AP shall reject the association using status code 43 ("Invalid AKMP").
wpa_validate_wpa_ie() now explicitly checks for this condition to meet
this requirement instead of simply ignoring the MDE based on non-FT AKM.
nl80211: Configure Beacon frame TX rate if driver advertises support
If the driver advertises support for setting Beacon frame data rate,
allow the user to configure this rate as part of starting the AP. Only
one Beacon frame TX rate is allowed.
Drivers advertising such support should set corresponding flag via the
NL80211_ATTR_EXT_FEATURES attribute.
Add support for user configurable Beacon frame data rate for AP mode
Allow configuration of Beacon frame TX rate from hostapd.conf with
"beacon_rate=xx" option. The following format is used to set
legacy/HT/VHT beacon rates:
Srinivas Dasari [Mon, 21 Nov 2016 12:10:36 +0000 (17:40 +0530)]
Use random MAC address for scanning only in non-connected state
cfg80211 rejects the scans issued with random MAC address if the STA is
in connected state. This resulted in failures when using MAC_RAND_SCAN
while connected (CTRL-EVENT-SCAN-FAILED ret=-95). Enable random MAC
address functionality only if the STA is not in connected state to avoid
this. The real MAC address of the STA is already revealed in the
association, so this is an acceptable fallback mechanism for now.
Jouni Malinen [Sat, 19 Nov 2016 21:54:50 +0000 (23:54 +0200)]
FT: Complete CONFIG_IEEE80211R_AP renaming for hostapd
Commit 4ec1fd8e42bad9390f14a58225b6e5f6fb691950 ('FT: Differentiate
between FT for station and for AP in build') renamed all
CONFIG_IEEE80211R instances within src/ap/* to CONFIG_IEEE80211R_AP, but
it did not change hostapd/* files to match. While this does not cause
much harm for normal use cases, this broke some test builds where
wpa_supplicant build is used to build in hostapd/*.c files for analysis.
Fix this by completing CONFIG_IEEE80211R_AP renaming.
Sabrina Dubroca [Wed, 2 Nov 2016 15:38:37 +0000 (16:38 +0100)]
wpa_supplicant: Add macsec_integ_only setting for MKA
So that the user can turn encryption on (MACsec provides
confidentiality+integrity) or off (MACsec provides integrity only). This
commit adds the configuration parameter while the actual behavior change
to disable encryption in the driver is handled in the following commit.
Sabrina Dubroca [Wed, 2 Nov 2016 15:38:36 +0000 (16:38 +0100)]
mka: Disable peer detection timeout for PSK mode
The first peer may take a long time to come up. In PSK mode we are
basically in a p2p system, and we cannot know when a peer will join the
key exchange. Wait indefinitely, and let the administrator decide if
they want to abort.
Sabrina Dubroca [Wed, 2 Nov 2016 15:38:35 +0000 (16:38 +0100)]
wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA
This enables configuring key_mgmt=NONE + mka_ckn + mka_cak.
This allows wpa_supplicant to work in a peer-to-peer mode, where peers
are authenticated by the pre-shared (CAK,CKN) pair. In this mode, peers
can act as key server to distribute keys for the MACsec instances.
This is what some MACsec switches support, and even without HW
support, it's a convenient way to setup a network.
Jouni Malinen [Sat, 19 Nov 2016 20:20:14 +0000 (22:20 +0200)]
Fix hostapd usage entry style for -T
Remove the extra equals sign from the line since hostapd usage text does
not have it for other entries either (while wpa_supplicant does and this
was likely copy-pasted from there).
Joel Cunningham [Thu, 10 Nov 2016 19:24:41 +0000 (13:24 -0600)]
nl80211: Fix get_inact_sec() returning -1 on failure
This commit fixes the nl80211 driver call get_inact_sec() to return -1
when STA inactivity time retrieval fails in i802_read_sta_data().
This was intended to be handled by initalizing the inactive_msec member
to -1 but i802_read_sta_data() assumes the data parameter is
uninitialized and memsets the entire structure, neutralizing the attempt
to distinguish between no value (-1) and a time value of 0.
This is fixed by now requiring i802_read_sta_data() callers to
initialize the data structure first (allowing get_inact_sec() to use
-1). This is a safe change because it does not change any driver API
behavior and only affects one other static function in driver_nl80211.c
Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
Sabrina Dubroca [Tue, 15 Nov 2016 17:06:23 +0000 (18:06 +0100)]
mka: Fix getting capabilities from the driver
In commit a25e4efc9e428d968e83398bd8c9c94698ba5851 ('mka: Add driver op
to get macsec capabilities') I added some code to check the driver's
capabilities. This commit has two problems:
- wrong enum type set in kay->macsec_confidentiality
- ignores that drivers could report MACSEC_CAP_NOT_IMPLEMENTED, in
which case the MKA would claim that MACsec is supported.
Fix this by interpreting MACSEC_CAP_NOT_IMPLEMENTED in the same way as a
DO_NOT_SECURE policy, and set the correct value in
kay->macsec_confidentiality.
Jouni Malinen [Wed, 16 Nov 2016 18:13:53 +0000 (20:13 +0200)]
GAS: Add Capability List ANQP-element support for Info ID 270, 280..299
This extends the anqp_elem configuration parameter support for new Info
IDs (270 (TDLS Capability) was previously missed from the list of
defined values, 280 has already been assigned in REVmc/D8.0; 281..299
are yet to be assigned). No additional source code changes are needed to
allow hostapd to advertise support for these if the ANQP-element value
is set with the anqp_elem parameter.
Jouni Malinen [Wed, 16 Nov 2016 16:17:08 +0000 (18:17 +0200)]
tests: Allow multiple management frames to be used with ap-mgmt-fuzzer
The optional "-m <multi.dat>" command line option can now be used to
specify a data file that can include multiple management frames with
each one prefixed with a 16-bit big endian length field. This allows a
single fuzzer run to be used to go through multi-frame exchanges. The
multi.dat file shows an example of this with Probe Request frame,
Authentication frame, Association Request frame, and an Action frame.
Jouni Malinen [Sun, 13 Nov 2016 16:22:38 +0000 (18:22 +0200)]
Debug print scan results matching the currently selected network
This provides more details on BSS selection process in the debug log.
Previously, the BSSs that were not either the current or the selected
one were not necessarily printed at all. Now all BSSs that match the
currently selected network are listed with their frequency and signal
strength details.
Jouni Malinen [Sun, 13 Nov 2016 15:46:00 +0000 (17:46 +0200)]
Use estimated throughput to avoid signal based roaming decision
Previously, the estimated throughput was used to enable roaming to a
better AP. However, this information was not used when considering a
roam to an AP that has better signal strength, but smaller estimated
throughput. This could result in allowing roaming from 5 GHz band to 2.4
GHz band in cases where 2.4 GHz band has significantly higher signal
strength, but still a lower throughput estimate.
Make this less likely to happen by increasing/reducing the minimum
required signal strength difference based on the estimated throughputs
of the current and selected AP. In addition, add more details about the
selection process to the debug log to make it easier to determine whaty
happened and why.
Jouni Malinen [Sat, 29 Oct 2016 19:23:53 +0000 (22:23 +0300)]
tests: Make ap_interworking_scan_filtering more robust
It was possible for the first wt.clear_bss_counters(bssid) call to fail
the test if timing worked out in a way that the wlantest process had not
received any Beacon frames from the first AP. Run a directed scan for
both of the BSSs before starting the test validation steps to make sure
such a case cannot fail this test case.
Ilan Peer [Thu, 27 Oct 2016 12:18:32 +0000 (15:18 +0300)]
FT: Differentiate between FT for station and for AP in build
Previously, CONFIG_IEEE80211R enabled build that supports FT for both
station mode and AP mode. However, in most wpa_supplicant cases only
station mode FT is required and there is no need for AP mode FT.
Add support to differentiate between station mode FT and AP mode FT in
wpa_supplicant builds by adding CONFIG_IEEE80211R_AP that should be used
when AP mode FT support is required in addition to station mode FT. This
allows binary size to be reduced for builds that require only the
station side FT functionality.
Avrahams Stern [Thu, 27 Oct 2016 12:18:27 +0000 (15:18 +0300)]
wpa_supplicant: Make CONFIG_MBO independent of CONFIG_AP
CONFIG_MBO was defined inside ifdef CONFIG_AP, so when AP support
was not compiled, MBO was not compiled either. However, CONFIG_MBO
is not related AP support, so it should not depend on CONFIG_AP.
Fix this by moving CONFIG_MBO outside of ifdef CONFIG_AP.
David Spinadel [Thu, 27 Oct 2016 12:18:25 +0000 (15:18 +0300)]
hostapd: Add a configuration to set an AP as stationary
Add a configuration option in hostapd.conf and in neighbor report that
sets an AP as stationary. To enable this option on the current AP set
the config option stationary_ap to 1. To set a neighbor entry to be
marked as stationary add the word stat to the SET_NEIGHBOR command. This
option tells hostapd to send LCI data even if it is older than requested
by max age subelement in RRM request.
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Ilan Peer [Thu, 27 Oct 2016 12:18:24 +0000 (15:18 +0300)]
hostapd: Clear location configuration when it is reset
In case that LCI or location civic configuration is cleared,
free the buffer holding the corresponding information to avoid
cases that the information is considered as valid/useful.
Ilan Peer [Thu, 27 Oct 2016 12:18:23 +0000 (15:18 +0300)]
hostapd: Fix adding neighbor entry
It is possible that a LCI or location civic configuration buffer
is valid but contains no data. In such a case do not add the LCI
and location civic information to the entry in the neighbor
data base.
Sabrina Dubroca [Fri, 21 Oct 2016 12:45:26 +0000 (14:45 +0200)]
mka: Remove "channel" hacks from the stack and the macsec_qca driver
This is specific to the macsec_qca driver. The core implementation
shouldn't care about this, and only deal with the complete secure
channel, and pass this down to the driver.
Drivers that have such limitations should take care of these in their
->create functions and throw an error.
Since the core MKA no longer saves the channel number, the macsec_qca
driver must be able to recover it. Add a map (which is just an array
since it's quite short) to match SCIs to channel numbers, and lookup
functions that will be called in every place where functions would get
the channel from the core code. Getting an available channel should be
part of channel creation, instead of being a preparation step.
Avrahams Stern [Tue, 18 Oct 2016 09:44:17 +0000 (12:44 +0300)]
wpa_supplicant: Use correct interface type when creating P2P interface
When starting ASP provisioning with connection capability set to NEW,
don't create the pending P2P interface as a GO interface because
Go negotiation will determine which side will be the GO and it is
possible that eventually this interface will become the client.
In this case, when the P2P client is started it will start scanning
and do other station specific operations while the interface type
is AP.
Instead, use type WPA_IF_P2P_GROUP when creating the interface which
means the interface type will be determined later.
Avrahams Stern [Tue, 18 Oct 2016 09:44:16 +0000 (12:44 +0300)]
P2P: Clear old P2PS provision data
Receiving a provision discovery request for an ASP service that
has auto accept set to false should result in a provision discovery
response with the status field set to "currently unavailable".
Having stale P2PS provision data, results in sending a response with
the status set to success because it is mistakenly referred to as the
follow-on provision discovery request.
Fix that by clearing stale P2PS provision data in the following cases:
1. When provision discovery is complete
2. When ASP services are flushed (in which case old ASP provisioning
is no longer valid).
Arik Nemtsov [Tue, 18 Oct 2016 09:44:15 +0000 (12:44 +0300)]
P2P: Clear listen state during PD-in-FIND
drv->in_listen should be cleared whenever the state timeout is cleared,
if they were set together. If the flag is not cleared, the
p2p_listen_end() called during cancel-remain-on-channel will not restart
the search, relying on the state timeout function to do it. Use the
p2p_stop_listen_for_freq() function to clear the listen state properly.
Michael Braun [Fri, 21 Oct 2016 11:11:56 +0000 (13:11 +0200)]
Remove duplicate dl_list_init() for global_ctrl_dst
Commit 56885eecf4026b0199d5ba75bd50395a17d323cc ('hostapd: Add UDP
support for ctrl_iface') added dl_list_init() for global_ctrl_dst to
hostapd_global_ctrl_iface_init().
Though, hostapd_global_ctrl_iface_init() is only called from
main.c:main(), which already initializes global_ctrl_dst unconditionally
before. Same with global_ctrl_sock.
Remove this duplicate initialization.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Cedric Izoard [Mon, 24 Oct 2016 11:05:11 +0000 (11:05 +0000)]
TDLS: Fix checks on prohibit bits
ext_capab/ext_capab_len do not include ID and Length so no extra +2
offset should be used. This fixes a regression from commit faf427645aa79a32ebd8093ff676abfc9d36e951 ('TDLS: Use proper IE parsing
routine for non-EAPOL-Key cases') that replaced the IE parser without
noticing the difference in the pointer offset.
Peng Xu [Mon, 24 Oct 2016 23:54:36 +0000 (16:54 -0700)]
nl80211: Update channel information after channel switch notification
When channel switch happens, driver wrapper's internal channel
information needs to be updated so that the new frequency will be used
in operations using drv->assoc_freq. Previously, only bss->freq was
updated and the new frequency was also indicated in the EVENT_CH_SWITCH
event. This could potentially leave out couple of cases that use
drv->assoc_freq at least as a fallback mechanism for getting the current
operating frequency.
Jouni Malinen [Fri, 28 Oct 2016 16:33:20 +0000 (19:33 +0300)]
Do not try to start/join RSN IBSS without CONFIG_IBSS_RSN=y
Previously, a build without IBSS RSN support tried to start/join an IBSS
even if the profile was configured with RSN parameters. This does not
work and resulted in quite confusing debug log. Make this clearer by
explicitly checking for this case and reject the connection attempt with
a clearer debug log entry instead of trying something that is known to
fail.
Sunil Dutt [Tue, 25 Oct 2016 15:41:04 +0000 (21:11 +0530)]
nl80211: Allow TDLS trigger modes to be configured to the host driver
This commit adds a control interface command to configure the TDLS
trigger mode to the host driver. This TDLS mode is configured through
the "SET tdls_trigger_control" control interface command.
lifeng [Mon, 17 Oct 2016 07:27:53 +0000 (15:27 +0800)]
Add more QCA vendor attribute definitions into qca-vendor.h
These attributes were previously maintained elsewhere. This commit moves
them to follow the standard assignment process through the qca-vendor.h
file in hostap.git.
lifeng [Wed, 26 Oct 2016 13:20:46 +0000 (21:20 +0800)]
QCA vendor attribute to report frame aggregation failure
Add a new vendor attribute config to set the reorder blocksize and
timeout in 4 ACs, and then report the frame aggregation failure
statistics in QCA_NL80211_VENDOR_SUBCMD_STATS_EXT command. In addition,
fix the spelling of the enum value for this subcommand.
Jouni Malinen [Thu, 27 Oct 2016 18:37:19 +0000 (21:37 +0300)]
tests: Avoid failures in ap_vlan_without_station with new kernel
The kernel commit 'mac80211: filter multicast data packets on AP /
AP_VLAN' started filtering out the test frame used in
ap_vlan_without_station and that resulted in false failures. For now,
ignore that "error" case to avoid claiming failures when the kernel is
doing what it is expected to do.
Jouni Malinen [Tue, 25 Oct 2016 21:22:49 +0000 (00:22 +0300)]
Note set_key(WPA_ALG_NONE) failure in debug log
This makes wpa_remove_ptk() call to wpa_auth_set_key() more consistent
with all the other calls that verify the return value to keep static
analyzers happier.
Jouni Malinen [Tue, 25 Oct 2016 20:44:00 +0000 (23:44 +0300)]
FILS: Claim FILS capability only if driver supports it
"GET_CAPABILITY fils" used to return "FILS" based on wpa_supplicant
configuration. This can be made more useful by checking both for
wpa_supplicant and driver support for FILS.
Jouni Malinen [Sun, 23 Oct 2016 09:31:55 +0000 (12:31 +0300)]
driver: Add option to pass FILS KEK/AAD to the driver for association
This allows the FILS KEK and AAD data (nonces) to be configured to the
driver for association so that the driver can encrypt the
(Re)Association Request frame and decrypt the (Re)Association Response
frame.
Sunil Dutt [Fri, 21 Oct 2016 06:43:16 +0000 (12:13 +0530)]
P2P: Check if the pref_freq reported by the driver supports P2P
Filter out get_pref_freq_list() (i.e.,
QCA_NL80211_VENDOR_SUBCMD_GET_PREFERRED_FREQ_LIST) output in case of
channel negotiation by removing channels that do not allow P2P operation
at all. Previously, only the explicitly disallowed channels were removed
and that could have resulted in selecting an operating channel that is
not allowed for P2P and failing to complete the operation to start the
group.
Jouni Malinen [Sat, 22 Oct 2016 19:48:25 +0000 (22:48 +0300)]
SME: Clear possibly used WPA/RSN IE for new connection
This was already done in the case SME in the driver is used, but the SME
code path was resetting the local WPA/RSN IE only for association. While
that was fine for existing use cases, FILS needs a new RSN IE to be set
for PMKSA caching case in Authentication frames, so clear the local IE
before starting new authentication.