3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
14 #ifdef CONFIG_MATCH_IFACE
17 #endif /* CONFIG_MATCH_IFACE */
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_common.h"
40 #include "common/ieee802_11_defs.h"
41 #include "common/hw_features_common.h"
42 #include "common/gas_server.h"
43 #include "common/dpp.h"
46 #include "blacklist.h"
47 #include "wpas_glue.h"
48 #include "wps_supplicant.h"
51 #include "gas_query.h"
53 #include "p2p_supplicant.h"
54 #include "wifi_display.h"
60 #include "offchannel.h"
61 #include "hs20_supplicant.h"
65 #include "dpp_supplicant.h"
67 #include "ap/ap_config.h"
68 #include "ap/hostapd.h"
69 #endif /* CONFIG_MESH */
71 const char *const wpa_supplicant_version
=
72 "wpa_supplicant v" VERSION_STR
"\n"
73 "Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
75 const char *const wpa_supplicant_license
=
76 "This software may be distributed under the terms of the BSD license.\n"
77 "See README for more details.\n"
78 #ifdef EAP_TLS_OPENSSL
79 "\nThis product includes software developed by the OpenSSL Project\n"
80 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
81 #endif /* EAP_TLS_OPENSSL */
84 #ifndef CONFIG_NO_STDOUT_DEBUG
85 /* Long text divided into parts in order to fit in C89 strings size limits. */
86 const char *const wpa_supplicant_full_license1
=
88 const char *const wpa_supplicant_full_license2
=
89 "This software may be distributed under the terms of the BSD license.\n"
91 "Redistribution and use in source and binary forms, with or without\n"
92 "modification, are permitted provided that the following conditions are\n"
95 const char *const wpa_supplicant_full_license3
=
96 "1. Redistributions of source code must retain the above copyright\n"
97 " notice, this list of conditions and the following disclaimer.\n"
99 "2. Redistributions in binary form must reproduce the above copyright\n"
100 " notice, this list of conditions and the following disclaimer in the\n"
101 " documentation and/or other materials provided with the distribution.\n"
103 const char *const wpa_supplicant_full_license4
=
104 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
105 " names of its contributors may be used to endorse or promote products\n"
106 " derived from this software without specific prior written permission.\n"
108 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
109 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
110 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
111 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
112 const char *const wpa_supplicant_full_license5
=
113 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
114 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
115 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
116 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
117 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
118 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
119 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
121 #endif /* CONFIG_NO_STDOUT_DEBUG */
124 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx
, void *timeout_ctx
);
125 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
126 static void wpas_update_fils_connect_params(struct wpa_supplicant
*wpa_s
);
127 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
129 static void wpas_update_owe_connect_params(struct wpa_supplicant
*wpa_s
);
130 #endif /* CONFIG_OWE */
133 /* Configure default/group WEP keys for static WEP */
134 int wpa_set_wep_keys(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
138 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
139 if (ssid
->wep_key_len
[i
] == 0)
143 wpa_drv_set_key(wpa_s
, WPA_ALG_WEP
, NULL
,
144 i
, i
== ssid
->wep_tx_keyidx
, NULL
, 0,
145 ssid
->wep_key
[i
], ssid
->wep_key_len
[i
],
146 i
== ssid
->wep_tx_keyidx
?
147 KEY_FLAG_GROUP_RX_TX_DEFAULT
:
148 KEY_FLAG_GROUP_RX_TX
);
155 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant
*wpa_s
,
156 struct wpa_ssid
*ssid
)
164 /* IBSS/WPA-None uses only one key (Group) for both receiving and
165 * sending unicast and multicast packets. */
167 if (ssid
->mode
!= WPAS_MODE_IBSS
) {
168 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Invalid mode %d (not "
169 "IBSS/ad-hoc) for WPA-None", ssid
->mode
);
173 if (!ssid
->psk_set
) {
174 wpa_msg(wpa_s
, MSG_INFO
, "WPA: No PSK configured for "
179 switch (wpa_s
->group_cipher
) {
180 case WPA_CIPHER_CCMP
:
181 os_memcpy(key
, ssid
->psk
, 16);
185 case WPA_CIPHER_GCMP
:
186 os_memcpy(key
, ssid
->psk
, 16);
190 case WPA_CIPHER_TKIP
:
191 /* WPA-None uses the same Michael MIC key for both TX and RX */
192 os_memcpy(key
, ssid
->psk
, 16 + 8);
193 os_memcpy(key
+ 16 + 8, ssid
->psk
+ 16, 8);
198 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Invalid group cipher %d for "
199 "WPA-None", wpa_s
->group_cipher
);
203 /* TODO: should actually remember the previously used seq#, both for TX
204 * and RX from each STA.. */
206 ret
= wpa_drv_set_key(wpa_s
, alg
, NULL
, 0, 1, seq
, 6, key
, keylen
,
207 KEY_FLAG_GROUP_RX_TX_DEFAULT
);
208 os_memset(key
, 0, sizeof(key
));
213 static void wpa_supplicant_timeout(void *eloop_ctx
, void *timeout_ctx
)
215 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
216 const u8
*bssid
= wpa_s
->bssid
;
217 if (!is_zero_ether_addr(wpa_s
->pending_bssid
) &&
218 (wpa_s
->wpa_state
== WPA_AUTHENTICATING
||
219 wpa_s
->wpa_state
== WPA_ASSOCIATING
))
220 bssid
= wpa_s
->pending_bssid
;
221 wpa_msg(wpa_s
, MSG_INFO
, "Authentication with " MACSTR
" timed out.",
223 wpa_blacklist_add(wpa_s
, bssid
);
224 wpa_sm_notify_disassoc(wpa_s
->wpa
);
225 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
226 wpa_s
->reassociate
= 1;
229 * If we timed out, the AP or the local radio may be busy.
230 * So, wait a second until scanning again.
232 wpa_supplicant_req_scan(wpa_s
, 1, 0);
237 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
238 * @wpa_s: Pointer to wpa_supplicant data
239 * @sec: Number of seconds after which to time out authentication
240 * @usec: Number of microseconds after which to time out authentication
242 * This function is used to schedule a timeout for the current authentication
245 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant
*wpa_s
,
248 if (wpa_s
->conf
->ap_scan
== 0 &&
249 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
))
252 wpa_dbg(wpa_s
, MSG_DEBUG
, "Setting authentication timeout: %d sec "
253 "%d usec", sec
, usec
);
254 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
255 wpa_s
->last_auth_timeout_sec
= sec
;
256 eloop_register_timeout(sec
, usec
, wpa_supplicant_timeout
, wpa_s
, NULL
);
261 * wpas_auth_timeout_restart - Restart and change timeout for authentication
262 * @wpa_s: Pointer to wpa_supplicant data
263 * @sec_diff: difference in seconds applied to original timeout value
265 void wpas_auth_timeout_restart(struct wpa_supplicant
*wpa_s
, int sec_diff
)
267 int new_sec
= wpa_s
->last_auth_timeout_sec
+ sec_diff
;
269 if (eloop_is_timeout_registered(wpa_supplicant_timeout
, wpa_s
, NULL
)) {
270 wpa_dbg(wpa_s
, MSG_DEBUG
,
271 "Authentication timeout restart: %d sec", new_sec
);
272 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
273 eloop_register_timeout(new_sec
, 0, wpa_supplicant_timeout
,
280 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
281 * @wpa_s: Pointer to wpa_supplicant data
283 * This function is used to cancel authentication timeout scheduled with
284 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
287 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant
*wpa_s
)
289 wpa_dbg(wpa_s
, MSG_DEBUG
, "Cancelling authentication timeout");
290 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
291 wpa_blacklist_del(wpa_s
, wpa_s
->bssid
);
292 os_free(wpa_s
->last_con_fail_realm
);
293 wpa_s
->last_con_fail_realm
= NULL
;
294 wpa_s
->last_con_fail_realm_len
= 0;
299 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
300 * @wpa_s: Pointer to wpa_supplicant data
302 * This function is used to configure EAPOL state machine based on the selected
303 * authentication mode.
305 void wpa_supplicant_initiate_eapol(struct wpa_supplicant
*wpa_s
)
307 #ifdef IEEE8021X_EAPOL
308 struct eapol_config eapol_conf
;
309 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
311 #ifdef CONFIG_IBSS_RSN
312 if (ssid
->mode
== WPAS_MODE_IBSS
&&
313 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_NONE
&&
314 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPA_NONE
) {
316 * RSN IBSS authentication is per-STA and we can disable the
317 * per-BSSID EAPOL authentication.
319 eapol_sm_notify_portControl(wpa_s
->eapol
, ForceAuthorized
);
320 eapol_sm_notify_eap_success(wpa_s
->eapol
, TRUE
);
321 eapol_sm_notify_eap_fail(wpa_s
->eapol
, FALSE
);
324 #endif /* CONFIG_IBSS_RSN */
326 eapol_sm_notify_eap_success(wpa_s
->eapol
, FALSE
);
327 eapol_sm_notify_eap_fail(wpa_s
->eapol
, FALSE
);
329 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
||
330 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
)
331 eapol_sm_notify_portControl(wpa_s
->eapol
, ForceAuthorized
);
333 eapol_sm_notify_portControl(wpa_s
->eapol
, Auto
);
335 os_memset(&eapol_conf
, 0, sizeof(eapol_conf
));
336 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
337 eapol_conf
.accept_802_1x_keys
= 1;
338 eapol_conf
.required_keys
= 0;
339 if (ssid
->eapol_flags
& EAPOL_FLAG_REQUIRE_KEY_UNICAST
) {
340 eapol_conf
.required_keys
|= EAPOL_REQUIRE_KEY_UNICAST
;
342 if (ssid
->eapol_flags
& EAPOL_FLAG_REQUIRE_KEY_BROADCAST
) {
343 eapol_conf
.required_keys
|=
344 EAPOL_REQUIRE_KEY_BROADCAST
;
347 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
)
348 eapol_conf
.required_keys
= 0;
350 eapol_conf
.fast_reauth
= wpa_s
->conf
->fast_reauth
;
351 eapol_conf
.workaround
= ssid
->eap_workaround
;
352 eapol_conf
.eap_disabled
=
353 !wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) &&
354 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X_NO_WPA
&&
355 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPS
;
356 eapol_conf
.external_sim
= wpa_s
->conf
->external_sim
;
359 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
360 eapol_conf
.wps
|= EAPOL_LOCAL_WPS_IN_USE
;
361 if (wpa_s
->current_bss
) {
363 ie
= wpa_bss_get_vendor_ie_multi(wpa_s
->current_bss
,
368 EAPOL_PEER_IS_WPS20_AP
;
373 #endif /* CONFIG_WPS */
375 eapol_sm_notify_config(wpa_s
->eapol
, &ssid
->eap
, &eapol_conf
);
378 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
&& ssid
->mka_psk_set
)
379 ieee802_1x_create_preshared_mka(wpa_s
, ssid
);
381 ieee802_1x_alloc_kay_sm(wpa_s
, ssid
);
382 #endif /* CONFIG_MACSEC */
383 #endif /* IEEE8021X_EAPOL */
388 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
389 * @wpa_s: Pointer to wpa_supplicant data
390 * @ssid: Configuration data for the network
392 * This function is used to configure WPA state machine and related parameters
393 * to a mode where WPA is not enabled. This is called as part of the
394 * authentication configuration when the selected network does not use WPA.
396 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant
*wpa_s
,
397 struct wpa_ssid
*ssid
)
401 if (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
)
402 wpa_s
->key_mgmt
= WPA_KEY_MGMT_WPS
;
403 else if (ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
)
404 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_NO_WPA
;
406 wpa_s
->key_mgmt
= WPA_KEY_MGMT_NONE
;
407 wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, NULL
, 0);
408 wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, NULL
, 0);
409 wpa_sm_set_ap_rsnxe(wpa_s
->wpa
, NULL
, 0);
410 wpa_sm_set_assoc_wpa_ie(wpa_s
->wpa
, NULL
, 0);
411 wpa_sm_set_assoc_rsnxe(wpa_s
->wpa
, NULL
, 0);
412 wpa_s
->rsnxe_len
= 0;
413 wpa_s
->pairwise_cipher
= WPA_CIPHER_NONE
;
414 wpa_s
->group_cipher
= WPA_CIPHER_NONE
;
415 wpa_s
->mgmt_group_cipher
= 0;
417 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
418 if (ssid
->wep_key_len
[i
] > 5) {
419 wpa_s
->pairwise_cipher
= WPA_CIPHER_WEP104
;
420 wpa_s
->group_cipher
= WPA_CIPHER_WEP104
;
422 } else if (ssid
->wep_key_len
[i
] > 0) {
423 wpa_s
->pairwise_cipher
= WPA_CIPHER_WEP40
;
424 wpa_s
->group_cipher
= WPA_CIPHER_WEP40
;
429 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_RSN_ENABLED
, 0);
430 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_KEY_MGMT
, wpa_s
->key_mgmt
);
431 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PAIRWISE
,
432 wpa_s
->pairwise_cipher
);
433 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_GROUP
, wpa_s
->group_cipher
);
434 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MGMT_GROUP
,
435 wpa_s
->mgmt_group_cipher
);
437 pmksa_cache_clear_current(wpa_s
->wpa
);
441 void free_hw_features(struct wpa_supplicant
*wpa_s
)
444 if (wpa_s
->hw
.modes
== NULL
)
447 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
448 os_free(wpa_s
->hw
.modes
[i
].channels
);
449 os_free(wpa_s
->hw
.modes
[i
].rates
);
452 os_free(wpa_s
->hw
.modes
);
453 wpa_s
->hw
.modes
= NULL
;
457 void free_bss_tmp_disallowed(struct wpa_supplicant
*wpa_s
)
459 struct wpa_bss_tmp_disallowed
*bss
, *prev
;
461 dl_list_for_each_safe(bss
, prev
, &wpa_s
->bss_tmp_disallowed
,
462 struct wpa_bss_tmp_disallowed
, list
) {
463 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout
, wpa_s
, bss
);
464 dl_list_del(&bss
->list
);
470 void wpas_flush_fils_hlp_req(struct wpa_supplicant
*wpa_s
)
472 struct fils_hlp_req
*req
;
474 while ((req
= dl_list_first(&wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
476 dl_list_del(&req
->list
);
477 wpabuf_free(req
->pkt
);
483 void wpas_clear_disabled_interface(void *eloop_ctx
, void *timeout_ctx
)
485 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
487 if (wpa_s
->wpa_state
!= WPA_INTERFACE_DISABLED
)
489 wpa_dbg(wpa_s
, MSG_DEBUG
, "Clear cached state on disabled interface");
490 wpa_bss_flush(wpa_s
);
494 #ifdef CONFIG_TESTING_OPTIONS
495 void wpas_clear_driver_signal_override(struct wpa_supplicant
*wpa_s
)
497 struct driver_signal_override
*dso
;
499 while ((dso
= dl_list_first(&wpa_s
->drv_signal_override
,
500 struct driver_signal_override
, list
))) {
501 dl_list_del(&dso
->list
);
505 #endif /* CONFIG_TESTING_OPTIONS */
508 static void wpa_supplicant_cleanup(struct wpa_supplicant
*wpa_s
)
512 bgscan_deinit(wpa_s
);
513 autoscan_deinit(wpa_s
);
514 scard_deinit(wpa_s
->scard
);
516 wpa_sm_set_scard_ctx(wpa_s
->wpa
, NULL
);
517 eapol_sm_register_scard_ctx(wpa_s
->eapol
, NULL
);
518 l2_packet_deinit(wpa_s
->l2
);
521 l2_packet_deinit(wpa_s
->l2_br
);
524 #ifdef CONFIG_TESTING_OPTIONS
525 l2_packet_deinit(wpa_s
->l2_test
);
526 wpa_s
->l2_test
= NULL
;
527 os_free(wpa_s
->get_pref_freq_list_override
);
528 wpa_s
->get_pref_freq_list_override
= NULL
;
529 wpabuf_free(wpa_s
->last_assoc_req_wpa_ie
);
530 wpa_s
->last_assoc_req_wpa_ie
= NULL
;
531 os_free(wpa_s
->extra_sae_rejected_groups
);
532 wpa_s
->extra_sae_rejected_groups
= NULL
;
533 wpabuf_free(wpa_s
->rsnxe_override_assoc
);
534 wpa_s
->rsnxe_override_assoc
= NULL
;
535 wpabuf_free(wpa_s
->rsnxe_override_eapol
);
536 wpa_s
->rsnxe_override_eapol
= NULL
;
537 wpas_clear_driver_signal_override(wpa_s
);
538 #endif /* CONFIG_TESTING_OPTIONS */
540 if (wpa_s
->conf
!= NULL
) {
541 struct wpa_ssid
*ssid
;
542 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
543 wpas_notify_network_removed(wpa_s
, ssid
);
546 os_free(wpa_s
->confname
);
547 wpa_s
->confname
= NULL
;
549 os_free(wpa_s
->confanother
);
550 wpa_s
->confanother
= NULL
;
552 os_free(wpa_s
->last_con_fail_realm
);
553 wpa_s
->last_con_fail_realm
= NULL
;
554 wpa_s
->last_con_fail_realm_len
= 0;
556 wpa_sm_set_eapol(wpa_s
->wpa
, NULL
);
557 eapol_sm_deinit(wpa_s
->eapol
);
560 rsn_preauth_deinit(wpa_s
->wpa
);
563 wpa_tdls_deinit(wpa_s
->wpa
);
564 #endif /* CONFIG_TDLS */
566 wmm_ac_clear_saved_tspecs(wpa_s
);
567 pmksa_candidate_free(wpa_s
->wpa
);
568 wpa_sm_deinit(wpa_s
->wpa
);
570 wpa_blacklist_clear(wpa_s
);
572 wpa_bss_deinit(wpa_s
);
574 wpa_supplicant_cancel_delayed_sched_scan(wpa_s
);
575 wpa_supplicant_cancel_scan(wpa_s
);
576 wpa_supplicant_cancel_auth_timeout(wpa_s
);
577 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures
, wpa_s
, NULL
);
578 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
579 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report
,
581 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
583 eloop_cancel_timeout(wpas_network_reenabled
, wpa_s
, NULL
);
584 eloop_cancel_timeout(wpas_clear_disabled_interface
, wpa_s
, NULL
);
586 wpas_wps_deinit(wpa_s
);
588 wpabuf_free(wpa_s
->pending_eapol_rx
);
589 wpa_s
->pending_eapol_rx
= NULL
;
591 #ifdef CONFIG_IBSS_RSN
592 ibss_rsn_deinit(wpa_s
->ibss_rsn
);
593 wpa_s
->ibss_rsn
= NULL
;
594 #endif /* CONFIG_IBSS_RSN */
599 wpa_supplicant_ap_deinit(wpa_s
);
600 #endif /* CONFIG_AP */
602 wpas_p2p_deinit(wpa_s
);
604 #ifdef CONFIG_OFFCHANNEL
605 offchannel_deinit(wpa_s
);
606 #endif /* CONFIG_OFFCHANNEL */
608 wpa_supplicant_cancel_sched_scan(wpa_s
);
610 os_free(wpa_s
->next_scan_freqs
);
611 wpa_s
->next_scan_freqs
= NULL
;
613 os_free(wpa_s
->manual_scan_freqs
);
614 wpa_s
->manual_scan_freqs
= NULL
;
615 os_free(wpa_s
->select_network_scan_freqs
);
616 wpa_s
->select_network_scan_freqs
= NULL
;
618 os_free(wpa_s
->manual_sched_scan_freqs
);
619 wpa_s
->manual_sched_scan_freqs
= NULL
;
621 wpas_mac_addr_rand_scan_clear(wpa_s
, MAC_ADDR_RAND_ALL
);
624 * Need to remove any pending gas-query radio work before the
625 * gas_query_deinit() call because gas_query::work has not yet been set
626 * for works that have not been started. gas_query_free() will be unable
627 * to cancel such pending radio works and once the pending gas-query
628 * radio work eventually gets removed, the deinit notification call to
629 * gas_query_start_cb() would result in dereferencing freed memory.
632 radio_remove_works(wpa_s
, "gas-query", 0);
633 gas_query_deinit(wpa_s
->gas
);
635 gas_server_deinit(wpa_s
->gas_server
);
636 wpa_s
->gas_server
= NULL
;
638 free_hw_features(wpa_s
);
640 ieee802_1x_dealloc_kay_sm(wpa_s
);
642 os_free(wpa_s
->bssid_filter
);
643 wpa_s
->bssid_filter
= NULL
;
645 os_free(wpa_s
->disallow_aps_bssid
);
646 wpa_s
->disallow_aps_bssid
= NULL
;
647 os_free(wpa_s
->disallow_aps_ssid
);
648 wpa_s
->disallow_aps_ssid
= NULL
;
650 wnm_bss_keep_alive_deinit(wpa_s
);
652 wnm_deallocate_memory(wpa_s
);
653 #endif /* CONFIG_WNM */
655 ext_password_deinit(wpa_s
->ext_pw
);
656 wpa_s
->ext_pw
= NULL
;
658 wpabuf_free(wpa_s
->last_gas_resp
);
659 wpa_s
->last_gas_resp
= NULL
;
660 wpabuf_free(wpa_s
->prev_gas_resp
);
661 wpa_s
->prev_gas_resp
= NULL
;
663 os_free(wpa_s
->last_scan_res
);
664 wpa_s
->last_scan_res
= NULL
;
668 wpa_drv_configure_frame_filters(wpa_s
, 0);
670 #endif /* CONFIG_HS20 */
672 for (i
= 0; i
< NUM_VENDOR_ELEM_FRAMES
; i
++) {
673 wpabuf_free(wpa_s
->vendor_elem
[i
]);
674 wpa_s
->vendor_elem
[i
] = NULL
;
677 wmm_ac_notify_disassoc(wpa_s
);
679 wpa_s
->sched_scan_plans_num
= 0;
680 os_free(wpa_s
->sched_scan_plans
);
681 wpa_s
->sched_scan_plans
= NULL
;
684 wpa_s
->non_pref_chan_num
= 0;
685 os_free(wpa_s
->non_pref_chan
);
686 wpa_s
->non_pref_chan
= NULL
;
687 #endif /* CONFIG_MBO */
689 free_bss_tmp_disallowed(wpa_s
);
691 wpabuf_free(wpa_s
->lci
);
693 wpas_clear_beacon_rep_data(wpa_s
);
695 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
698 struct external_pmksa_cache
*entry
;
700 while ((entry
= dl_list_last(&wpa_s
->mesh_external_pmksa_cache
,
701 struct external_pmksa_cache
,
703 dl_list_del(&entry
->list
);
704 os_free(entry
->pmksa_cache
);
708 #endif /* CONFIG_MESH */
709 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
711 wpas_flush_fils_hlp_req(wpa_s
);
713 wpabuf_free(wpa_s
->ric_ies
);
714 wpa_s
->ric_ies
= NULL
;
717 wpas_dpp_deinit(wpa_s
);
718 dpp_global_deinit(wpa_s
->dpp
);
720 #endif /* CONFIG_DPP */
725 * wpa_clear_keys - Clear keys configured for the driver
726 * @wpa_s: Pointer to wpa_supplicant data
727 * @addr: Previously used BSSID or %NULL if not available
729 * This function clears the encryption keys that has been previously configured
732 void wpa_clear_keys(struct wpa_supplicant
*wpa_s
, const u8
*addr
)
736 /* MLME-DELETEKEYS.request */
737 for (i
= 0; i
< max
; i
++) {
738 if (wpa_s
->keys_cleared
& BIT(i
))
740 wpa_drv_set_key(wpa_s
, WPA_ALG_NONE
, NULL
, i
, 0, NULL
, 0,
741 NULL
, 0, KEY_FLAG_GROUP
);
743 if (!(wpa_s
->keys_cleared
& BIT(0)) && addr
&&
744 !is_zero_ether_addr(addr
)) {
745 wpa_drv_set_key(wpa_s
, WPA_ALG_NONE
, addr
, 0, 0, NULL
, 0, NULL
,
746 0, KEY_FLAG_PAIRWISE
);
747 /* MLME-SETPROTECTION.request(None) */
748 wpa_drv_mlme_setprotection(
750 MLME_SETPROTECTION_PROTECT_TYPE_NONE
,
751 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE
);
753 wpa_s
->keys_cleared
= (u32
) -1;
758 * wpa_supplicant_state_txt - Get the connection state name as a text string
759 * @state: State (wpa_state; WPA_*)
760 * Returns: The state name as a printable text string
762 const char * wpa_supplicant_state_txt(enum wpa_states state
)
765 case WPA_DISCONNECTED
:
766 return "DISCONNECTED";
769 case WPA_INTERFACE_DISABLED
:
770 return "INTERFACE_DISABLED";
773 case WPA_AUTHENTICATING
:
774 return "AUTHENTICATING";
775 case WPA_ASSOCIATING
:
776 return "ASSOCIATING";
779 case WPA_4WAY_HANDSHAKE
:
780 return "4WAY_HANDSHAKE";
781 case WPA_GROUP_HANDSHAKE
:
782 return "GROUP_HANDSHAKE";
793 static void wpa_supplicant_start_bgscan(struct wpa_supplicant
*wpa_s
)
797 if (wpa_s
->current_ssid
&& wpa_s
->current_ssid
->bgscan
)
798 name
= wpa_s
->current_ssid
->bgscan
;
800 name
= wpa_s
->conf
->bgscan
;
801 if (name
== NULL
|| name
[0] == '\0')
803 if (wpas_driver_bss_selection(wpa_s
))
805 if (wpa_s
->current_ssid
== wpa_s
->bgscan_ssid
)
808 if (wpa_s
->p2p_group_interface
!= NOT_P2P_GROUP_INTERFACE
)
810 #endif /* CONFIG_P2P */
812 bgscan_deinit(wpa_s
);
813 if (wpa_s
->current_ssid
) {
814 if (bgscan_init(wpa_s
, wpa_s
->current_ssid
, name
)) {
815 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize "
818 * Live without bgscan; it is only used as a roaming
819 * optimization, so the initial connection is not
823 struct wpa_scan_results
*scan_res
;
824 wpa_s
->bgscan_ssid
= wpa_s
->current_ssid
;
825 scan_res
= wpa_supplicant_get_scan_results(wpa_s
, NULL
,
828 bgscan_notify_scan(wpa_s
, scan_res
);
829 wpa_scan_results_free(scan_res
);
833 wpa_s
->bgscan_ssid
= NULL
;
837 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant
*wpa_s
)
839 if (wpa_s
->bgscan_ssid
!= NULL
) {
840 bgscan_deinit(wpa_s
);
841 wpa_s
->bgscan_ssid
= NULL
;
845 #endif /* CONFIG_BGSCAN */
848 static void wpa_supplicant_start_autoscan(struct wpa_supplicant
*wpa_s
)
850 if (autoscan_init(wpa_s
, 0))
851 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize autoscan");
855 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant
*wpa_s
)
857 autoscan_deinit(wpa_s
);
861 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant
*wpa_s
)
863 if (wpa_s
->wpa_state
== WPA_DISCONNECTED
||
864 wpa_s
->wpa_state
== WPA_SCANNING
) {
865 autoscan_deinit(wpa_s
);
866 wpa_supplicant_start_autoscan(wpa_s
);
872 * wpa_supplicant_set_state - Set current connection state
873 * @wpa_s: Pointer to wpa_supplicant data
874 * @state: The new connection state
876 * This function is called whenever the connection state changes, e.g.,
877 * association is completed for WPA/WPA2 4-Way Handshake is started.
879 void wpa_supplicant_set_state(struct wpa_supplicant
*wpa_s
,
880 enum wpa_states state
)
882 enum wpa_states old_state
= wpa_s
->wpa_state
;
883 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
884 Boolean update_fils_connect_params
= FALSE
;
885 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
887 wpa_dbg(wpa_s
, MSG_DEBUG
, "State: %s -> %s",
888 wpa_supplicant_state_txt(wpa_s
->wpa_state
),
889 wpa_supplicant_state_txt(state
));
891 if (state
== WPA_COMPLETED
&&
892 os_reltime_initialized(&wpa_s
->roam_start
)) {
893 os_reltime_age(&wpa_s
->roam_start
, &wpa_s
->roam_time
);
894 wpa_s
->roam_start
.sec
= 0;
895 wpa_s
->roam_start
.usec
= 0;
896 wpas_notify_auth_changed(wpa_s
);
897 wpas_notify_roam_time(wpa_s
);
898 wpas_notify_roam_complete(wpa_s
);
899 } else if (state
== WPA_DISCONNECTED
&&
900 os_reltime_initialized(&wpa_s
->roam_start
)) {
901 wpa_s
->roam_start
.sec
= 0;
902 wpa_s
->roam_start
.usec
= 0;
903 wpa_s
->roam_time
.sec
= 0;
904 wpa_s
->roam_time
.usec
= 0;
905 wpas_notify_roam_complete(wpa_s
);
908 if (state
== WPA_INTERFACE_DISABLED
) {
909 /* Assure normal scan when interface is restored */
910 wpa_s
->normal_scans
= 0;
913 if (state
== WPA_COMPLETED
) {
914 wpas_connect_work_done(wpa_s
);
915 /* Reinitialize normal_scan counter */
916 wpa_s
->normal_scans
= 0;
921 * P2PS client has to reply to Probe Request frames received on the
922 * group operating channel. Enable Probe Request frame reporting for
923 * P2P connected client in case p2p_cli_probe configuration property is
926 if (wpa_s
->conf
->p2p_cli_probe
&& wpa_s
->current_ssid
&&
927 wpa_s
->current_ssid
->mode
== WPAS_MODE_INFRA
&&
928 wpa_s
->current_ssid
->p2p_group
) {
929 if (state
== WPA_COMPLETED
&& !wpa_s
->p2p_cli_probe
) {
930 wpa_dbg(wpa_s
, MSG_DEBUG
,
931 "P2P: Enable CLI Probe Request RX reporting");
932 wpa_s
->p2p_cli_probe
=
933 wpa_drv_probe_req_report(wpa_s
, 1) >= 0;
934 } else if (state
!= WPA_COMPLETED
&& wpa_s
->p2p_cli_probe
) {
935 wpa_dbg(wpa_s
, MSG_DEBUG
,
936 "P2P: Disable CLI Probe Request RX reporting");
937 wpa_s
->p2p_cli_probe
= 0;
938 wpa_drv_probe_req_report(wpa_s
, 0);
941 #endif /* CONFIG_P2P */
943 if (state
!= WPA_SCANNING
)
944 wpa_supplicant_notify_scanning(wpa_s
, 0);
946 if (state
== WPA_COMPLETED
&& wpa_s
->new_connection
) {
947 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
948 int fils_hlp_sent
= 0;
951 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
952 wpa_auth_alg_fils(wpa_s
->sme
.auth_alg
))
954 #endif /* CONFIG_SME */
955 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
956 wpa_auth_alg_fils(wpa_s
->auth_alg
))
959 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
960 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_CONNECTED
"- Connection to "
961 MACSTR
" completed [id=%d id_str=%s%s]",
962 MAC2STR(wpa_s
->bssid
),
963 ssid
? ssid
->id
: -1,
964 ssid
&& ssid
->id_str
? ssid
->id_str
: "",
965 fils_hlp_sent
? " FILS_HLP_SENT" : "");
966 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
967 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
968 wpa_blacklist_clear(wpa_s
);
969 wpa_s
->extra_blacklist_count
= 0;
970 wpa_s
->new_connection
= 0;
971 wpa_drv_set_operstate(wpa_s
, 1);
972 #ifndef IEEE8021X_EAPOL
973 wpa_drv_set_supp_port(wpa_s
, 1);
974 #endif /* IEEE8021X_EAPOL */
975 wpa_s
->after_wps
= 0;
976 wpa_s
->known_wps_freq
= 0;
977 wpas_p2p_completed(wpa_s
);
979 sme_sched_obss_scan(wpa_s
, 1);
981 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
982 if (!fils_hlp_sent
&& ssid
&& ssid
->eap
.erp
)
983 update_fils_connect_params
= TRUE
;
984 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
986 if (ssid
&& (ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
))
987 wpas_update_owe_connect_params(wpa_s
);
988 #endif /* CONFIG_OWE */
989 } else if (state
== WPA_DISCONNECTED
|| state
== WPA_ASSOCIATING
||
990 state
== WPA_ASSOCIATED
) {
991 wpa_s
->new_connection
= 1;
992 wpa_drv_set_operstate(wpa_s
, 0);
993 #ifndef IEEE8021X_EAPOL
994 wpa_drv_set_supp_port(wpa_s
, 0);
995 #endif /* IEEE8021X_EAPOL */
996 sme_sched_obss_scan(wpa_s
, 0);
998 wpa_s
->wpa_state
= state
;
1000 #ifdef CONFIG_BGSCAN
1001 if (state
== WPA_COMPLETED
)
1002 wpa_supplicant_start_bgscan(wpa_s
);
1003 else if (state
< WPA_ASSOCIATED
)
1004 wpa_supplicant_stop_bgscan(wpa_s
);
1005 #endif /* CONFIG_BGSCAN */
1007 if (state
> WPA_SCANNING
)
1008 wpa_supplicant_stop_autoscan(wpa_s
);
1010 if (state
== WPA_DISCONNECTED
|| state
== WPA_INACTIVE
)
1011 wpa_supplicant_start_autoscan(wpa_s
);
1013 if (old_state
>= WPA_ASSOCIATED
&& wpa_s
->wpa_state
< WPA_ASSOCIATED
)
1014 wmm_ac_notify_disassoc(wpa_s
);
1016 if (wpa_s
->wpa_state
!= old_state
) {
1017 wpas_notify_state_changed(wpa_s
, wpa_s
->wpa_state
, old_state
);
1020 * Notify the P2P Device interface about a state change in one
1021 * of the interfaces.
1023 wpas_p2p_indicate_state_change(wpa_s
);
1025 if (wpa_s
->wpa_state
== WPA_COMPLETED
||
1026 old_state
== WPA_COMPLETED
)
1027 wpas_notify_auth_changed(wpa_s
);
1029 if (wpa_s
->wpa_state
== WPA_COMPLETED
)
1030 wpas_dpp_connected(wpa_s
);
1031 #endif /* CONFIG_DPP2 */
1033 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
1034 if (update_fils_connect_params
)
1035 wpas_update_fils_connect_params(wpa_s
);
1036 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
1040 void wpa_supplicant_terminate_proc(struct wpa_global
*global
)
1044 struct wpa_supplicant
*wpa_s
= global
->ifaces
;
1046 struct wpa_supplicant
*next
= wpa_s
->next
;
1047 if (wpas_wps_terminate_pending(wpa_s
) == 1)
1050 if (wpa_s
->p2p_group_interface
!= NOT_P2P_GROUP_INTERFACE
||
1051 (wpa_s
->current_ssid
&& wpa_s
->current_ssid
->p2p_group
))
1052 wpas_p2p_disconnect(wpa_s
);
1053 #endif /* CONFIG_P2P */
1056 #endif /* CONFIG_WPS */
1063 static void wpa_supplicant_terminate(int sig
, void *signal_ctx
)
1065 struct wpa_global
*global
= signal_ctx
;
1066 wpa_supplicant_terminate_proc(global
);
1070 void wpa_supplicant_clear_status(struct wpa_supplicant
*wpa_s
)
1072 enum wpa_states old_state
= wpa_s
->wpa_state
;
1074 wpa_s
->pairwise_cipher
= 0;
1075 wpa_s
->group_cipher
= 0;
1076 wpa_s
->mgmt_group_cipher
= 0;
1077 wpa_s
->key_mgmt
= 0;
1078 if (wpa_s
->wpa_state
!= WPA_INTERFACE_DISABLED
)
1079 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
1081 if (wpa_s
->wpa_state
!= old_state
)
1082 wpas_notify_state_changed(wpa_s
, wpa_s
->wpa_state
, old_state
);
1087 * wpa_supplicant_reload_configuration - Reload configuration data
1088 * @wpa_s: Pointer to wpa_supplicant data
1089 * Returns: 0 on success or -1 if configuration parsing failed
1091 * This function can be used to request that the configuration data is reloaded
1092 * (e.g., after configuration file change). This function is reloading
1093 * configuration only for one interface, so this may need to be called multiple
1094 * times if %wpa_supplicant is controlling multiple interfaces and all
1095 * interfaces need reconfiguration.
1097 int wpa_supplicant_reload_configuration(struct wpa_supplicant
*wpa_s
)
1099 struct wpa_config
*conf
;
1103 if (wpa_s
->confname
== NULL
)
1105 conf
= wpa_config_read(wpa_s
->confname
, NULL
);
1107 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to parse the configuration "
1108 "file '%s' - exiting", wpa_s
->confname
);
1111 if (wpa_s
->confanother
&&
1112 !wpa_config_read(wpa_s
->confanother
, conf
)) {
1113 wpa_msg(wpa_s
, MSG_ERROR
,
1114 "Failed to parse the configuration file '%s' - exiting",
1115 wpa_s
->confanother
);
1119 conf
->changed_parameters
= (unsigned int) -1;
1121 reconf_ctrl
= !!conf
->ctrl_interface
!= !!wpa_s
->conf
->ctrl_interface
1122 || (conf
->ctrl_interface
&& wpa_s
->conf
->ctrl_interface
&&
1123 os_strcmp(conf
->ctrl_interface
,
1124 wpa_s
->conf
->ctrl_interface
) != 0);
1126 if (reconf_ctrl
&& wpa_s
->ctrl_iface
) {
1127 wpa_supplicant_ctrl_iface_deinit(wpa_s
->ctrl_iface
);
1128 wpa_s
->ctrl_iface
= NULL
;
1131 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
1132 if (wpa_s
->current_ssid
) {
1133 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
1134 wpa_s
->own_disconnect_req
= 1;
1135 wpa_supplicant_deauthenticate(wpa_s
,
1136 WLAN_REASON_DEAUTH_LEAVING
);
1140 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1141 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1143 if (wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
1144 wpa_s
->key_mgmt
== WPA_KEY_MGMT_OWE
||
1145 wpa_s
->key_mgmt
== WPA_KEY_MGMT_DPP
) {
1147 * Clear forced success to clear EAP state for next
1150 eapol_sm_notify_eap_success(wpa_s
->eapol
, FALSE
);
1152 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
1153 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
1154 wpa_sm_pmksa_cache_flush(wpa_s
->wpa
, NULL
);
1155 wpa_sm_set_fast_reauth(wpa_s
->wpa
, wpa_s
->conf
->fast_reauth
);
1156 rsn_preauth_deinit(wpa_s
->wpa
);
1158 old_ap_scan
= wpa_s
->conf
->ap_scan
;
1159 wpa_config_free(wpa_s
->conf
);
1161 if (old_ap_scan
!= wpa_s
->conf
->ap_scan
)
1162 wpas_notify_ap_scan_changed(wpa_s
);
1165 wpa_s
->ctrl_iface
= wpa_supplicant_ctrl_iface_init(wpa_s
);
1167 wpa_supplicant_update_config(wpa_s
);
1169 wpa_supplicant_clear_status(wpa_s
);
1170 if (wpa_supplicant_enabled_networks(wpa_s
)) {
1171 wpa_s
->reassociate
= 1;
1172 wpa_supplicant_req_scan(wpa_s
, 0, 0);
1174 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reconfiguration completed");
1179 static void wpa_supplicant_reconfig(int sig
, void *signal_ctx
)
1181 struct wpa_global
*global
= signal_ctx
;
1182 struct wpa_supplicant
*wpa_s
;
1183 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
1184 wpa_dbg(wpa_s
, MSG_DEBUG
, "Signal %d received - reconfiguring",
1186 if (wpa_supplicant_reload_configuration(wpa_s
) < 0) {
1187 wpa_supplicant_terminate_proc(global
);
1191 if (wpa_debug_reopen_file() < 0) {
1192 /* Ignore errors since we cannot really do much to fix this */
1193 wpa_printf(MSG_DEBUG
, "Could not reopen debug log file");
1198 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant
*wpa_s
,
1199 struct wpa_ssid
*ssid
,
1200 struct wpa_ie_data
*ie
)
1202 int ret
= wpa_sm_parse_own_wpa_ie(wpa_s
->wpa
, ie
);
1205 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Failed to parse WPA IE "
1206 "from association info");
1211 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Using WPA IE from AssocReq to set "
1213 if (!(ie
->group_cipher
& ssid
->group_cipher
)) {
1214 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled group "
1215 "cipher 0x%x (mask 0x%x) - reject",
1216 ie
->group_cipher
, ssid
->group_cipher
);
1219 if (!(ie
->pairwise_cipher
& ssid
->pairwise_cipher
)) {
1220 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled pairwise "
1221 "cipher 0x%x (mask 0x%x) - reject",
1222 ie
->pairwise_cipher
, ssid
->pairwise_cipher
);
1225 if (!(ie
->key_mgmt
& ssid
->key_mgmt
)) {
1226 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled key "
1227 "management 0x%x (mask 0x%x) - reject",
1228 ie
->key_mgmt
, ssid
->key_mgmt
);
1232 if (!(ie
->capabilities
& WPA_CAPABILITY_MFPC
) &&
1233 wpas_get_ssid_pmf(wpa_s
, ssid
) == MGMT_FRAME_PROTECTION_REQUIRED
) {
1234 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver associated with an AP "
1235 "that does not support management frame protection - "
1244 static int matching_ciphers(struct wpa_ssid
*ssid
, struct wpa_ie_data
*ie
,
1248 ie
->group_cipher
= wpa_default_rsn_cipher(freq
);
1249 if (!ie
->has_pairwise
)
1250 ie
->pairwise_cipher
= wpa_default_rsn_cipher(freq
);
1251 return (ie
->group_cipher
& ssid
->group_cipher
) &&
1252 (ie
->pairwise_cipher
& ssid
->pairwise_cipher
);
1257 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1258 * @wpa_s: Pointer to wpa_supplicant data
1259 * @bss: Scan results for the selected BSS, or %NULL if not available
1260 * @ssid: Configuration data for the selected network
1261 * @wpa_ie: Buffer for the WPA/RSN IE
1262 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1263 * used buffer length in case the functions returns success.
1264 * Returns: 0 on success or -1 on failure
1266 * This function is used to configure authentication and encryption parameters
1267 * based on the network configuration and scan result for the selected BSS (if
1270 int wpa_supplicant_set_suites(struct wpa_supplicant
*wpa_s
,
1271 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
,
1272 u8
*wpa_ie
, size_t *wpa_ie_len
)
1274 struct wpa_ie_data ie
;
1275 int sel
, proto
, sae_pwe
;
1276 const u8
*bss_wpa
, *bss_rsn
, *bss_rsnx
, *bss_osen
;
1279 bss_wpa
= wpa_bss_get_vendor_ie(bss
, WPA_IE_VENDOR_TYPE
);
1280 bss_rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
1281 bss_rsnx
= wpa_bss_get_ie(bss
, WLAN_EID_RSNX
);
1282 bss_osen
= wpa_bss_get_vendor_ie(bss
, OSEN_IE_VENDOR_TYPE
);
1284 bss_wpa
= bss_rsn
= bss_rsnx
= bss_osen
= NULL
;
1287 if (bss_rsn
&& (ssid
->proto
& WPA_PROTO_RSN
) &&
1288 wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
) == 0 &&
1289 matching_ciphers(ssid
, &ie
, bss
->freq
) &&
1290 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1291 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using IEEE 802.11i/D9.0");
1292 proto
= WPA_PROTO_RSN
;
1293 } else if (bss_wpa
&& (ssid
->proto
& WPA_PROTO_WPA
) &&
1294 wpa_parse_wpa_ie(bss_wpa
, 2 + bss_wpa
[1], &ie
) == 0 &&
1295 (ie
.group_cipher
& ssid
->group_cipher
) &&
1296 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1297 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1298 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using IEEE 802.11i/D3.0");
1299 proto
= WPA_PROTO_WPA
;
1301 } else if (bss_osen
&& (ssid
->proto
& WPA_PROTO_OSEN
) &&
1302 wpa_parse_wpa_ie(bss_osen
, 2 + bss_osen
[1], &ie
) == 0 &&
1303 (ie
.group_cipher
& ssid
->group_cipher
) &&
1304 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1305 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1306 wpa_dbg(wpa_s
, MSG_DEBUG
, "HS 2.0: using OSEN");
1307 proto
= WPA_PROTO_OSEN
;
1308 } else if (bss_rsn
&& (ssid
->proto
& WPA_PROTO_OSEN
) &&
1309 wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
) == 0 &&
1310 (ie
.group_cipher
& ssid
->group_cipher
) &&
1311 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1312 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1313 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using OSEN (within RSN)");
1314 proto
= WPA_PROTO_RSN
;
1315 #endif /* CONFIG_HS20 */
1317 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select WPA/RSN");
1318 wpa_dbg(wpa_s
, MSG_DEBUG
,
1319 "WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1320 ssid
->proto
, ssid
->pairwise_cipher
, ssid
->group_cipher
,
1322 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: BSS " MACSTR
" ssid='%s'%s%s%s",
1323 MAC2STR(bss
->bssid
),
1324 wpa_ssid_txt(bss
->ssid
, bss
->ssid_len
),
1325 bss_wpa
? " WPA" : "",
1326 bss_rsn
? " RSN" : "",
1327 bss_osen
? " OSEN" : "");
1329 wpa_hexdump(MSG_DEBUG
, "RSN", bss_rsn
, 2 + bss_rsn
[1]);
1330 if (wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
)) {
1331 wpa_dbg(wpa_s
, MSG_DEBUG
,
1332 "Could not parse RSN element");
1334 wpa_dbg(wpa_s
, MSG_DEBUG
,
1335 "RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1336 ie
.pairwise_cipher
, ie
.group_cipher
,
1341 wpa_hexdump(MSG_DEBUG
, "WPA", bss_wpa
, 2 + bss_wpa
[1]);
1342 if (wpa_parse_wpa_ie(bss_wpa
, 2 + bss_wpa
[1], &ie
)) {
1343 wpa_dbg(wpa_s
, MSG_DEBUG
,
1344 "Could not parse WPA element");
1346 wpa_dbg(wpa_s
, MSG_DEBUG
,
1347 "WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1348 ie
.pairwise_cipher
, ie
.group_cipher
,
1354 if (ssid
->proto
& WPA_PROTO_OSEN
)
1355 proto
= WPA_PROTO_OSEN
;
1356 else if (ssid
->proto
& WPA_PROTO_RSN
)
1357 proto
= WPA_PROTO_RSN
;
1359 proto
= WPA_PROTO_WPA
;
1360 if (wpa_supplicant_suites_from_ai(wpa_s
, ssid
, &ie
) < 0) {
1361 os_memset(&ie
, 0, sizeof(ie
));
1362 ie
.group_cipher
= ssid
->group_cipher
;
1363 ie
.pairwise_cipher
= ssid
->pairwise_cipher
;
1364 ie
.key_mgmt
= ssid
->key_mgmt
;
1365 ie
.mgmt_group_cipher
= 0;
1366 if (ssid
->ieee80211w
!= NO_MGMT_FRAME_PROTECTION
) {
1367 if (ssid
->group_mgmt_cipher
&
1368 WPA_CIPHER_BIP_GMAC_256
)
1369 ie
.mgmt_group_cipher
=
1370 WPA_CIPHER_BIP_GMAC_256
;
1371 else if (ssid
->group_mgmt_cipher
&
1372 WPA_CIPHER_BIP_CMAC_256
)
1373 ie
.mgmt_group_cipher
=
1374 WPA_CIPHER_BIP_CMAC_256
;
1375 else if (ssid
->group_mgmt_cipher
&
1376 WPA_CIPHER_BIP_GMAC_128
)
1377 ie
.mgmt_group_cipher
=
1378 WPA_CIPHER_BIP_GMAC_128
;
1380 ie
.mgmt_group_cipher
=
1381 WPA_CIPHER_AES_128_CMAC
;
1384 if ((ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
) &&
1386 !bss_wpa
&& !bss_rsn
&& !bss_osen
) {
1387 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
1388 wpa_s
->wpa_proto
= 0;
1392 #endif /* CONFIG_OWE */
1393 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Set cipher suites "
1394 "based on configuration");
1399 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected cipher suites: group %d "
1400 "pairwise %d key_mgmt %d proto %d",
1401 ie
.group_cipher
, ie
.pairwise_cipher
, ie
.key_mgmt
, proto
);
1402 if (ssid
->ieee80211w
) {
1403 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected mgmt group cipher %d",
1404 ie
.mgmt_group_cipher
);
1407 wpa_s
->wpa_proto
= proto
;
1408 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PROTO
, proto
);
1409 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_RSN_ENABLED
,
1410 !!(ssid
->proto
& (WPA_PROTO_RSN
| WPA_PROTO_OSEN
)));
1412 if (bss
|| !wpa_s
->ap_ies_from_associnfo
) {
1413 if (wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, bss_wpa
,
1414 bss_wpa
? 2 + bss_wpa
[1] : 0) ||
1415 wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, bss_rsn
,
1416 bss_rsn
? 2 + bss_rsn
[1] : 0) ||
1417 wpa_sm_set_ap_rsnxe(wpa_s
->wpa
, bss_rsnx
,
1418 bss_rsnx
? 2 + bss_rsnx
[1] : 0))
1422 #ifdef CONFIG_NO_WPA
1423 wpa_s
->group_cipher
= WPA_CIPHER_NONE
;
1424 wpa_s
->pairwise_cipher
= WPA_CIPHER_NONE
;
1425 #else /* CONFIG_NO_WPA */
1426 sel
= ie
.group_cipher
& ssid
->group_cipher
;
1427 wpa_dbg(wpa_s
, MSG_DEBUG
,
1428 "WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
1429 ie
.group_cipher
, ssid
->group_cipher
, sel
);
1430 wpa_s
->group_cipher
= wpa_pick_group_cipher(sel
);
1431 if (wpa_s
->group_cipher
< 0) {
1432 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select group "
1436 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using GTK %s",
1437 wpa_cipher_txt(wpa_s
->group_cipher
));
1439 sel
= ie
.pairwise_cipher
& ssid
->pairwise_cipher
;
1440 wpa_dbg(wpa_s
, MSG_DEBUG
,
1441 "WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
1442 ie
.pairwise_cipher
, ssid
->pairwise_cipher
, sel
);
1443 wpa_s
->pairwise_cipher
= wpa_pick_pairwise_cipher(sel
, 1);
1444 if (wpa_s
->pairwise_cipher
< 0) {
1445 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select pairwise "
1449 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using PTK %s",
1450 wpa_cipher_txt(wpa_s
->pairwise_cipher
));
1451 #endif /* CONFIG_NO_WPA */
1453 sel
= ie
.key_mgmt
& ssid
->key_mgmt
;
1454 wpa_dbg(wpa_s
, MSG_DEBUG
,
1455 "WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
1456 ie
.key_mgmt
, ssid
->key_mgmt
, sel
);
1458 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SAE
))
1459 sel
&= ~(WPA_KEY_MGMT_SAE
| WPA_KEY_MGMT_FT_SAE
);
1460 #endif /* CONFIG_SAE */
1462 #ifdef CONFIG_IEEE80211R
1463 #ifdef CONFIG_SHA384
1464 } else if ((sel
& WPA_KEY_MGMT_FT_IEEE8021X_SHA384
) &&
1465 os_strcmp(wpa_supplicant_get_eap_mode(wpa_s
), "LEAP") != 0) {
1466 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_IEEE8021X_SHA384
;
1467 wpa_dbg(wpa_s
, MSG_DEBUG
,
1468 "WPA: using KEY_MGMT FT/802.1X-SHA384");
1469 if (!ssid
->ft_eap_pmksa_caching
&&
1470 pmksa_cache_get_current(wpa_s
->wpa
)) {
1471 /* PMKSA caching with FT may have interoperability
1472 * issues, so disable that case by default for now. */
1473 wpa_dbg(wpa_s
, MSG_DEBUG
,
1474 "WPA: Disable PMKSA caching for FT/802.1X connection");
1475 pmksa_cache_clear_current(wpa_s
->wpa
);
1477 #endif /* CONFIG_SHA384 */
1478 #endif /* CONFIG_IEEE80211R */
1479 #ifdef CONFIG_SUITEB192
1480 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
) {
1481 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
;
1482 wpa_dbg(wpa_s
, MSG_DEBUG
,
1483 "WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1484 #endif /* CONFIG_SUITEB192 */
1485 #ifdef CONFIG_SUITEB
1486 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SUITE_B
) {
1487 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SUITE_B
;
1488 wpa_dbg(wpa_s
, MSG_DEBUG
,
1489 "WPA: using KEY_MGMT 802.1X with Suite B");
1490 #endif /* CONFIG_SUITEB */
1492 #ifdef CONFIG_IEEE80211R
1493 } else if (sel
& WPA_KEY_MGMT_FT_FILS_SHA384
) {
1494 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_FILS_SHA384
;
1495 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT-FILS-SHA384");
1496 } else if (sel
& WPA_KEY_MGMT_FT_FILS_SHA256
) {
1497 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_FILS_SHA256
;
1498 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT-FILS-SHA256");
1499 #endif /* CONFIG_IEEE80211R */
1500 } else if (sel
& WPA_KEY_MGMT_FILS_SHA384
) {
1501 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FILS_SHA384
;
1502 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FILS-SHA384");
1503 } else if (sel
& WPA_KEY_MGMT_FILS_SHA256
) {
1504 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FILS_SHA256
;
1505 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FILS-SHA256");
1506 #endif /* CONFIG_FILS */
1507 #ifdef CONFIG_IEEE80211R
1508 } else if ((sel
& WPA_KEY_MGMT_FT_IEEE8021X
) &&
1509 os_strcmp(wpa_supplicant_get_eap_mode(wpa_s
), "LEAP") != 0) {
1510 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_IEEE8021X
;
1511 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT/802.1X");
1512 if (!ssid
->ft_eap_pmksa_caching
&&
1513 pmksa_cache_get_current(wpa_s
->wpa
)) {
1514 /* PMKSA caching with FT may have interoperability
1515 * issues, so disable that case by default for now. */
1516 wpa_dbg(wpa_s
, MSG_DEBUG
,
1517 "WPA: Disable PMKSA caching for FT/802.1X connection");
1518 pmksa_cache_clear_current(wpa_s
->wpa
);
1520 #endif /* CONFIG_IEEE80211R */
1522 } else if (sel
& WPA_KEY_MGMT_DPP
) {
1523 wpa_s
->key_mgmt
= WPA_KEY_MGMT_DPP
;
1524 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT DPP");
1525 #endif /* CONFIG_DPP */
1527 } else if (sel
& WPA_KEY_MGMT_FT_SAE
) {
1528 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_SAE
;
1529 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT FT/SAE");
1530 } else if (sel
& WPA_KEY_MGMT_SAE
) {
1531 wpa_s
->key_mgmt
= WPA_KEY_MGMT_SAE
;
1532 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT SAE");
1533 #endif /* CONFIG_SAE */
1534 #ifdef CONFIG_IEEE80211R
1535 } else if (sel
& WPA_KEY_MGMT_FT_PSK
) {
1536 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_PSK
;
1537 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT/PSK");
1538 #endif /* CONFIG_IEEE80211R */
1539 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SHA256
) {
1540 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SHA256
;
1541 wpa_dbg(wpa_s
, MSG_DEBUG
,
1542 "WPA: using KEY_MGMT 802.1X with SHA256");
1543 } else if (sel
& WPA_KEY_MGMT_PSK_SHA256
) {
1544 wpa_s
->key_mgmt
= WPA_KEY_MGMT_PSK_SHA256
;
1545 wpa_dbg(wpa_s
, MSG_DEBUG
,
1546 "WPA: using KEY_MGMT PSK with SHA256");
1547 } else if (sel
& WPA_KEY_MGMT_IEEE8021X
) {
1548 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X
;
1549 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT 802.1X");
1550 } else if (sel
& WPA_KEY_MGMT_PSK
) {
1551 wpa_s
->key_mgmt
= WPA_KEY_MGMT_PSK
;
1552 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT WPA-PSK");
1553 } else if (sel
& WPA_KEY_MGMT_WPA_NONE
) {
1554 wpa_s
->key_mgmt
= WPA_KEY_MGMT_WPA_NONE
;
1555 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT WPA-NONE");
1557 } else if (sel
& WPA_KEY_MGMT_OSEN
) {
1558 wpa_s
->key_mgmt
= WPA_KEY_MGMT_OSEN
;
1559 wpa_dbg(wpa_s
, MSG_DEBUG
, "HS 2.0: using KEY_MGMT OSEN");
1560 #endif /* CONFIG_HS20 */
1562 } else if (sel
& WPA_KEY_MGMT_OWE
) {
1563 wpa_s
->key_mgmt
= WPA_KEY_MGMT_OWE
;
1564 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT OWE");
1565 #endif /* CONFIG_OWE */
1567 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select "
1568 "authenticated key management type");
1572 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_KEY_MGMT
, wpa_s
->key_mgmt
);
1573 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PAIRWISE
,
1574 wpa_s
->pairwise_cipher
);
1575 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_GROUP
, wpa_s
->group_cipher
);
1577 if (!(ie
.capabilities
& WPA_CAPABILITY_MFPC
) &&
1578 wpas_get_ssid_pmf(wpa_s
, ssid
) == MGMT_FRAME_PROTECTION_REQUIRED
) {
1579 wpa_msg(wpa_s
, MSG_INFO
,
1580 "RSN: Management frame protection required but the selected AP does not enable it");
1584 sel
= ie
.mgmt_group_cipher
;
1585 if (ssid
->group_mgmt_cipher
)
1586 sel
&= ssid
->group_mgmt_cipher
;
1587 if (wpas_get_ssid_pmf(wpa_s
, ssid
) == NO_MGMT_FRAME_PROTECTION
||
1588 !(ie
.capabilities
& WPA_CAPABILITY_MFPC
))
1590 wpa_dbg(wpa_s
, MSG_DEBUG
,
1591 "WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
1592 ie
.mgmt_group_cipher
, ssid
->group_mgmt_cipher
, sel
);
1593 if (sel
& WPA_CIPHER_AES_128_CMAC
) {
1594 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_AES_128_CMAC
;
1595 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1597 } else if (sel
& WPA_CIPHER_BIP_GMAC_128
) {
1598 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_GMAC_128
;
1599 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1601 } else if (sel
& WPA_CIPHER_BIP_GMAC_256
) {
1602 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_GMAC_256
;
1603 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1605 } else if (sel
& WPA_CIPHER_BIP_CMAC_256
) {
1606 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_CMAC_256
;
1607 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1610 wpa_s
->mgmt_group_cipher
= 0;
1611 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: not using MGMT group cipher");
1613 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MGMT_GROUP
,
1614 wpa_s
->mgmt_group_cipher
);
1615 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MFP
,
1616 wpas_get_ssid_pmf(wpa_s
, ssid
));
1618 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_OCV
, ssid
->ocv
);
1619 #endif /* CONFIG_OCV */
1620 sae_pwe
= wpa_s
->conf
->sae_pwe
;
1621 if (ssid
->sae_password_id
&& sae_pwe
!= 3)
1623 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_SAE_PWE
, sae_pwe
);
1625 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s
->wpa
, wpa_ie
, wpa_ie_len
)) {
1626 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to generate WPA IE");
1630 wpa_s
->rsnxe_len
= sizeof(wpa_s
->rsnxe
);
1631 if (wpa_sm_set_assoc_rsnxe_default(wpa_s
->wpa
, wpa_s
->rsnxe
,
1632 &wpa_s
->rsnxe_len
)) {
1633 wpa_msg(wpa_s
, MSG_WARNING
, "RSN: Failed to generate RSNXE");
1639 } else if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_DPP
) {
1640 /* Use PMK from DPP network introduction (PMKSA entry) */
1641 wpa_sm_set_pmk_from_pmksa(wpa_s
->wpa
);
1642 #endif /* CONFIG_DPP */
1643 } else if (wpa_key_mgmt_wpa_psk(ssid
->key_mgmt
)) {
1647 sae_only
= (ssid
->key_mgmt
& (WPA_KEY_MGMT_PSK
|
1648 WPA_KEY_MGMT_FT_PSK
|
1649 WPA_KEY_MGMT_PSK_SHA256
)) == 0;
1651 if (ssid
->psk_set
&& !sae_only
) {
1652 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (set in config)",
1653 ssid
->psk
, PMK_LEN
);
1654 wpa_sm_set_pmk(wpa_s
->wpa
, ssid
->psk
, PMK_LEN
, NULL
,
1659 if (wpa_key_mgmt_sae(ssid
->key_mgmt
) &&
1660 (ssid
->sae_password
|| ssid
->passphrase
))
1663 #ifndef CONFIG_NO_PBKDF2
1664 if (bss
&& ssid
->bssid_set
&& ssid
->ssid_len
== 0 &&
1665 ssid
->passphrase
&& !sae_only
) {
1667 pbkdf2_sha1(ssid
->passphrase
, bss
->ssid
, bss
->ssid_len
,
1668 4096, psk
, PMK_LEN
);
1669 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (from passphrase)",
1671 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
, NULL
);
1673 os_memset(psk
, 0, sizeof(psk
));
1675 #endif /* CONFIG_NO_PBKDF2 */
1676 #ifdef CONFIG_EXT_PASSWORD
1677 if (ssid
->ext_psk
&& !sae_only
) {
1678 struct wpabuf
*pw
= ext_password_get(wpa_s
->ext_pw
,
1680 char pw_str
[64 + 1];
1684 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: No PSK "
1685 "found from external storage");
1689 if (wpabuf_len(pw
) < 8 || wpabuf_len(pw
) > 64) {
1690 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: Unexpected "
1691 "PSK length %d in external storage",
1692 (int) wpabuf_len(pw
));
1693 ext_password_free(pw
);
1697 os_memcpy(pw_str
, wpabuf_head(pw
), wpabuf_len(pw
));
1698 pw_str
[wpabuf_len(pw
)] = '\0';
1700 #ifndef CONFIG_NO_PBKDF2
1701 if (wpabuf_len(pw
) >= 8 && wpabuf_len(pw
) < 64 && bss
)
1703 pbkdf2_sha1(pw_str
, bss
->ssid
, bss
->ssid_len
,
1704 4096, psk
, PMK_LEN
);
1705 os_memset(pw_str
, 0, sizeof(pw_str
));
1706 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (from "
1707 "external passphrase)",
1709 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
,
1712 os_memset(psk
, 0, sizeof(psk
));
1714 #endif /* CONFIG_NO_PBKDF2 */
1715 if (wpabuf_len(pw
) == 2 * PMK_LEN
) {
1716 if (hexstr2bin(pw_str
, psk
, PMK_LEN
) < 0) {
1717 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: "
1718 "Invalid PSK hex string");
1719 os_memset(pw_str
, 0, sizeof(pw_str
));
1720 ext_password_free(pw
);
1723 wpa_hexdump_key(MSG_MSGDUMP
,
1724 "PSK (from external PSK)",
1726 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
,
1729 os_memset(psk
, 0, sizeof(psk
));
1731 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: No suitable "
1733 os_memset(pw_str
, 0, sizeof(pw_str
));
1734 ext_password_free(pw
);
1738 os_memset(pw_str
, 0, sizeof(pw_str
));
1739 ext_password_free(pw
);
1741 #endif /* CONFIG_EXT_PASSWORD */
1744 wpa_msg(wpa_s
, MSG_INFO
,
1745 "No PSK available for association");
1746 wpas_auth_failed(wpa_s
, "NO_PSK_AVAILABLE");
1750 } else if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_OWE
) {
1751 /* OWE Diffie-Hellman exchange in (Re)Association
1752 * Request/Response frames set the PMK, so do not override it
1754 #endif /* CONFIG_OWE */
1756 wpa_sm_set_pmk_from_pmksa(wpa_s
->wpa
);
1762 static void wpas_ext_capab_byte(struct wpa_supplicant
*wpa_s
, u8
*pos
, int idx
)
1767 case 0: /* Bits 0-7 */
1769 case 1: /* Bits 8-15 */
1770 if (wpa_s
->conf
->coloc_intf_reporting
) {
1771 /* Bit 13 - Collocated Interference Reporting */
1775 case 2: /* Bits 16-23 */
1777 *pos
|= 0x02; /* Bit 17 - WNM-Sleep Mode */
1778 if (!wpa_s
->disable_mbo_oce
&& !wpa_s
->conf
->disable_btm
)
1779 *pos
|= 0x08; /* Bit 19 - BSS Transition */
1780 #endif /* CONFIG_WNM */
1782 case 3: /* Bits 24-31 */
1784 *pos
|= 0x02; /* Bit 25 - SSID List */
1785 #endif /* CONFIG_WNM */
1786 #ifdef CONFIG_INTERWORKING
1787 if (wpa_s
->conf
->interworking
)
1788 *pos
|= 0x80; /* Bit 31 - Interworking */
1789 #endif /* CONFIG_INTERWORKING */
1791 case 4: /* Bits 32-39 */
1792 #ifdef CONFIG_INTERWORKING
1793 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_QOS_MAPPING
)
1794 *pos
|= 0x01; /* Bit 32 - QoS Map */
1795 #endif /* CONFIG_INTERWORKING */
1797 case 5: /* Bits 40-47 */
1799 if (wpa_s
->conf
->hs20
)
1800 *pos
|= 0x40; /* Bit 46 - WNM-Notification */
1801 #endif /* CONFIG_HS20 */
1803 *pos
|= 0x40; /* Bit 46 - WNM-Notification */
1804 #endif /* CONFIG_MBO */
1806 case 6: /* Bits 48-55 */
1808 case 7: /* Bits 56-63 */
1810 case 8: /* Bits 64-71 */
1811 if (wpa_s
->conf
->ftm_responder
)
1812 *pos
|= 0x40; /* Bit 70 - FTM responder */
1813 if (wpa_s
->conf
->ftm_initiator
)
1814 *pos
|= 0x80; /* Bit 71 - FTM initiator */
1816 case 9: /* Bits 72-79 */
1818 if (!wpa_s
->disable_fils
)
1820 #endif /* CONFIG_FILS */
1826 int wpas_build_ext_capab(struct wpa_supplicant
*wpa_s
, u8
*buf
, size_t buflen
)
1831 if (len
< wpa_s
->extended_capa_len
)
1832 len
= wpa_s
->extended_capa_len
;
1833 if (buflen
< (size_t) len
+ 2) {
1834 wpa_printf(MSG_INFO
,
1835 "Not enough room for building extended capabilities element");
1839 *pos
++ = WLAN_EID_EXT_CAPAB
;
1841 for (i
= 0; i
< len
; i
++, pos
++) {
1842 wpas_ext_capab_byte(wpa_s
, pos
, i
);
1844 if (i
< wpa_s
->extended_capa_len
) {
1845 *pos
&= ~wpa_s
->extended_capa_mask
[i
];
1846 *pos
|= wpa_s
->extended_capa
[i
];
1850 while (len
> 0 && buf
[1 + len
] == 0) {
1861 static int wpas_valid_bss(struct wpa_supplicant
*wpa_s
,
1862 struct wpa_bss
*test_bss
)
1864 struct wpa_bss
*bss
;
1866 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
1867 if (bss
== test_bss
)
1875 static int wpas_valid_ssid(struct wpa_supplicant
*wpa_s
,
1876 struct wpa_ssid
*test_ssid
)
1878 struct wpa_ssid
*ssid
;
1880 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
) {
1881 if (ssid
== test_ssid
)
1889 int wpas_valid_bss_ssid(struct wpa_supplicant
*wpa_s
, struct wpa_bss
*test_bss
,
1890 struct wpa_ssid
*test_ssid
)
1892 if (test_bss
&& !wpas_valid_bss(wpa_s
, test_bss
))
1895 return test_ssid
== NULL
|| wpas_valid_ssid(wpa_s
, test_ssid
);
1899 void wpas_connect_work_free(struct wpa_connect_work
*cwork
)
1907 void wpas_connect_work_done(struct wpa_supplicant
*wpa_s
)
1909 struct wpa_connect_work
*cwork
;
1910 struct wpa_radio_work
*work
= wpa_s
->connect_work
;
1915 wpa_s
->connect_work
= NULL
;
1918 wpas_connect_work_free(cwork
);
1919 radio_work_done(work
);
1923 int wpas_update_random_addr(struct wpa_supplicant
*wpa_s
, int style
)
1925 struct os_reltime now
;
1928 os_get_reltime(&now
);
1929 if (wpa_s
->last_mac_addr_style
== style
&&
1930 wpa_s
->last_mac_addr_change
.sec
!= 0 &&
1931 !os_reltime_expired(&now
, &wpa_s
->last_mac_addr_change
,
1932 wpa_s
->conf
->rand_addr_lifetime
)) {
1933 wpa_msg(wpa_s
, MSG_DEBUG
,
1934 "Previously selected random MAC address has not yet expired");
1940 if (random_mac_addr(addr
) < 0)
1944 os_memcpy(addr
, wpa_s
->perm_addr
, ETH_ALEN
);
1945 if (random_mac_addr_keep_oui(addr
) < 0)
1952 if (wpa_drv_set_mac_addr(wpa_s
, addr
) < 0) {
1953 wpa_msg(wpa_s
, MSG_INFO
,
1954 "Failed to set random MAC address");
1958 os_get_reltime(&wpa_s
->last_mac_addr_change
);
1959 wpa_s
->mac_addr_changed
= 1;
1960 wpa_s
->last_mac_addr_style
= style
;
1962 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0) {
1963 wpa_msg(wpa_s
, MSG_INFO
,
1964 "Could not update MAC address information");
1968 wpa_msg(wpa_s
, MSG_DEBUG
, "Using random MAC address " MACSTR
,
1975 int wpas_update_random_addr_disassoc(struct wpa_supplicant
*wpa_s
)
1977 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
||
1978 !wpa_s
->conf
->preassoc_mac_addr
)
1981 return wpas_update_random_addr(wpa_s
, wpa_s
->conf
->preassoc_mac_addr
);
1985 static void wpa_s_setup_sae_pt(struct wpa_config
*conf
, struct wpa_ssid
*ssid
)
1988 int *groups
= conf
->sae_groups
;
1989 int default_groups
[] = { 19, 20, 21, 0 };
1990 const char *password
;
1992 if (!groups
|| groups
[0] <= 0)
1993 groups
= default_groups
;
1995 password
= ssid
->sae_password
;
1997 password
= ssid
->passphrase
;
1999 if ((conf
->sae_pwe
== 0 && !ssid
->sae_password_id
) || !password
||
2000 conf
->sae_pwe
== 3) {
2001 /* PT derivation not needed */
2002 sae_deinit_pt(ssid
->pt
);
2008 return; /* PT already derived */
2009 ssid
->pt
= sae_derive_pt(groups
, ssid
->ssid
, ssid
->ssid_len
,
2010 (const u8
*) password
, os_strlen(password
),
2011 ssid
->sae_password_id
);
2012 #endif /* CONFIG_SAE */
2016 static void wpa_s_clear_sae_rejected(struct wpa_supplicant
*wpa_s
)
2018 #if defined(CONFIG_SAE) && defined(CONFIG_SME)
2019 os_free(wpa_s
->sme
.sae_rejected_groups
);
2020 wpa_s
->sme
.sae_rejected_groups
= NULL
;
2021 #ifdef CONFIG_TESTING_OPTIONS
2022 if (wpa_s
->extra_sae_rejected_groups
) {
2023 int i
, *groups
= wpa_s
->extra_sae_rejected_groups
;
2025 for (i
= 0; groups
[i
]; i
++) {
2026 wpa_printf(MSG_DEBUG
,
2027 "TESTING: Indicate rejection of an extra SAE group %d",
2029 int_array_add_unique(&wpa_s
->sme
.sae_rejected_groups
,
2033 #endif /* CONFIG_TESTING_OPTIONS */
2034 #endif /* CONFIG_SAE && CONFIG_SME */
2038 static void wpas_start_assoc_cb(struct wpa_radio_work
*work
, int deinit
);
2041 * wpa_supplicant_associate - Request association
2042 * @wpa_s: Pointer to wpa_supplicant data
2043 * @bss: Scan results for the selected BSS, or %NULL if not available
2044 * @ssid: Configuration data for the selected network
2046 * This function is used to request %wpa_supplicant to associate with a BSS.
2048 void wpa_supplicant_associate(struct wpa_supplicant
*wpa_s
,
2049 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
)
2051 struct wpa_connect_work
*cwork
;
2054 wpa_s
->own_disconnect_req
= 0;
2057 * If we are starting a new connection, any previously pending EAPOL
2058 * RX cannot be valid anymore.
2060 wpabuf_free(wpa_s
->pending_eapol_rx
);
2061 wpa_s
->pending_eapol_rx
= NULL
;
2063 if (ssid
->mac_addr
== -1)
2064 rand_style
= wpa_s
->conf
->mac_addr
;
2066 rand_style
= ssid
->mac_addr
;
2068 wmm_ac_clear_saved_tspecs(wpa_s
);
2069 wpa_s
->reassoc_same_bss
= 0;
2070 wpa_s
->reassoc_same_ess
= 0;
2071 #ifdef CONFIG_TESTING_OPTIONS
2072 wpa_s
->testing_resend_assoc
= 0;
2073 #endif /* CONFIG_TESTING_OPTIONS */
2075 if (wpa_s
->last_ssid
== ssid
) {
2076 wpa_dbg(wpa_s
, MSG_DEBUG
, "Re-association to the same ESS");
2077 wpa_s
->reassoc_same_ess
= 1;
2078 if (wpa_s
->current_bss
&& wpa_s
->current_bss
== bss
) {
2079 wmm_ac_save_tspecs(wpa_s
);
2080 wpa_s
->reassoc_same_bss
= 1;
2081 } else if (wpa_s
->current_bss
&& wpa_s
->current_bss
!= bss
) {
2082 os_get_reltime(&wpa_s
->roam_start
);
2086 wpa_s_clear_sae_rejected(wpa_s
);
2087 wpa_s_setup_sae_pt(wpa_s
->conf
, ssid
);
2088 #endif /* CONFIG_SAE */
2091 if (rand_style
> 0 && !wpa_s
->reassoc_same_ess
) {
2092 if (wpas_update_random_addr(wpa_s
, rand_style
) < 0)
2094 wpa_sm_pmksa_cache_flush(wpa_s
->wpa
, ssid
);
2095 } else if (rand_style
== 0 && wpa_s
->mac_addr_changed
) {
2096 if (wpa_drv_set_mac_addr(wpa_s
, NULL
) < 0) {
2097 wpa_msg(wpa_s
, MSG_INFO
,
2098 "Could not restore permanent MAC address");
2101 wpa_s
->mac_addr_changed
= 0;
2102 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0) {
2103 wpa_msg(wpa_s
, MSG_INFO
,
2104 "Could not update MAC address information");
2107 wpa_msg(wpa_s
, MSG_DEBUG
, "Using permanent MAC address");
2109 wpa_s
->last_ssid
= ssid
;
2111 #ifdef CONFIG_IBSS_RSN
2112 ibss_rsn_deinit(wpa_s
->ibss_rsn
);
2113 wpa_s
->ibss_rsn
= NULL
;
2114 #else /* CONFIG_IBSS_RSN */
2115 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2116 !(ssid
->key_mgmt
& (WPA_KEY_MGMT_NONE
| WPA_KEY_MGMT_WPA_NONE
))) {
2117 wpa_msg(wpa_s
, MSG_INFO
,
2118 "IBSS RSN not supported in the build");
2121 #endif /* CONFIG_IBSS_RSN */
2123 if (ssid
->mode
== WPAS_MODE_AP
|| ssid
->mode
== WPAS_MODE_P2P_GO
||
2124 ssid
->mode
== WPAS_MODE_P2P_GROUP_FORMATION
) {
2126 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_AP
)) {
2127 wpa_msg(wpa_s
, MSG_INFO
, "Driver does not support AP "
2131 if (wpa_supplicant_create_ap(wpa_s
, ssid
) < 0) {
2132 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
2133 if (ssid
->mode
== WPAS_MODE_P2P_GROUP_FORMATION
)
2134 wpas_p2p_ap_setup_failed(wpa_s
);
2137 wpa_s
->current_bss
= bss
;
2138 #else /* CONFIG_AP */
2139 wpa_msg(wpa_s
, MSG_ERROR
, "AP mode support not included in "
2141 #endif /* CONFIG_AP */
2145 if (ssid
->mode
== WPAS_MODE_MESH
) {
2147 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_MESH
)) {
2148 wpa_msg(wpa_s
, MSG_INFO
,
2149 "Driver does not support mesh mode");
2153 ssid
->frequency
= bss
->freq
;
2154 if (wpa_supplicant_join_mesh(wpa_s
, ssid
) < 0) {
2155 wpa_msg(wpa_s
, MSG_ERROR
, "Could not join mesh");
2158 wpa_s
->current_bss
= bss
;
2159 wpa_msg(wpa_s
, MSG_INFO
, MESH_GROUP_STARTED
"ssid=\"%s\" id=%d",
2160 wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
),
2162 wpas_notify_mesh_group_started(wpa_s
, ssid
);
2163 #else /* CONFIG_MESH */
2164 wpa_msg(wpa_s
, MSG_ERROR
,
2165 "mesh mode support not included in the build");
2166 #endif /* CONFIG_MESH */
2171 * Set WPA state machine configuration to match the selected network now
2172 * so that the information is available before wpas_start_assoc_cb()
2173 * gets called. This is needed at least for RSN pre-authentication where
2174 * candidate APs are added to a list based on scan result processing
2175 * before completion of the first association.
2177 wpa_supplicant_rsn_supp_set_config(wpa_s
, ssid
);
2180 if (wpas_dpp_check_connect(wpa_s
, ssid
, bss
) != 0)
2182 #endif /* CONFIG_DPP */
2186 wpa_tdls_ap_ies(wpa_s
->wpa
, (const u8
*) (bss
+ 1),
2188 #endif /* CONFIG_TDLS */
2191 wpas_mbo_check_pmf(wpa_s
, bss
, ssid
);
2192 #endif /* CONFIG_MBO */
2194 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2195 ssid
->mode
== WPAS_MODE_INFRA
) {
2196 sme_authenticate(wpa_s
, bss
, ssid
);
2200 if (wpa_s
->connect_work
) {
2201 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reject wpa_supplicant_associate() call since connect_work exist");
2205 if (radio_work_pending(wpa_s
, "connect")) {
2206 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reject wpa_supplicant_associate() call since pending work exist");
2211 if (ssid
->mode
== WPAS_MODE_IBSS
|| ssid
->mode
== WPAS_MODE_MESH
) {
2212 /* Clear possibly set auth_alg, if any, from last attempt. */
2213 wpa_s
->sme
.auth_alg
= WPA_AUTH_ALG_OPEN
;
2215 #endif /* CONFIG_SME */
2217 wpas_abort_ongoing_scan(wpa_s
);
2219 cwork
= os_zalloc(sizeof(*cwork
));
2226 if (radio_add_work(wpa_s
, bss
? bss
->freq
: 0, "connect", 1,
2227 wpas_start_assoc_cb
, cwork
) < 0) {
2233 static int bss_is_ibss(struct wpa_bss
*bss
)
2235 return (bss
->caps
& (IEEE80211_CAP_ESS
| IEEE80211_CAP_IBSS
)) ==
2240 static int drv_supports_vht(struct wpa_supplicant
*wpa_s
,
2241 const struct wpa_ssid
*ssid
)
2243 enum hostapd_hw_mode hw_mode
;
2244 struct hostapd_hw_modes
*mode
= NULL
;
2248 hw_mode
= ieee80211_freq_to_chan(ssid
->frequency
, &channel
);
2249 if (hw_mode
== NUM_HOSTAPD_MODES
)
2251 for (i
= 0; wpa_s
->hw
.modes
&& i
< wpa_s
->hw
.num_modes
; i
++) {
2252 if (wpa_s
->hw
.modes
[i
].mode
== hw_mode
) {
2253 mode
= &wpa_s
->hw
.modes
[i
];
2261 return mode
->vht_capab
!= 0;
2265 void ibss_mesh_setup_freq(struct wpa_supplicant
*wpa_s
,
2266 const struct wpa_ssid
*ssid
,
2267 struct hostapd_freq_params
*freq
)
2269 int ieee80211_mode
= wpas_mode_to_ieee80211_mode(ssid
->mode
);
2270 enum hostapd_hw_mode hw_mode
;
2271 struct hostapd_hw_modes
*mode
= NULL
;
2272 int ht40plus
[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2274 int vht80
[] = { 36, 52, 100, 116, 132, 149 };
2275 struct hostapd_channel_data
*pri_chan
= NULL
, *sec_chan
= NULL
;
2277 int i
, chan_idx
, ht40
= -1, res
, obss_scan
= 1;
2279 struct hostapd_freq_params vht_freq
;
2280 int chwidth
, seg0
, seg1
;
2284 freq
->freq
= ssid
->frequency
;
2286 for (j
= 0; j
< wpa_s
->last_scan_res_used
; j
++) {
2287 struct wpa_bss
*bss
= wpa_s
->last_scan_res
[j
];
2289 if (ssid
->mode
!= WPAS_MODE_IBSS
)
2292 /* Don't adjust control freq in case of fixed_freq */
2293 if (ssid
->fixed_freq
)
2296 if (!bss_is_ibss(bss
))
2299 if (ssid
->ssid_len
== bss
->ssid_len
&&
2300 os_memcmp(ssid
->ssid
, bss
->ssid
, bss
->ssid_len
) == 0) {
2301 wpa_printf(MSG_DEBUG
,
2302 "IBSS already found in scan results, adjust control freq: %d",
2304 freq
->freq
= bss
->freq
;
2310 /* For IBSS check HT_IBSS flag */
2311 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2312 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_HT_IBSS
))
2315 if (wpa_s
->group_cipher
== WPA_CIPHER_WEP40
||
2316 wpa_s
->group_cipher
== WPA_CIPHER_WEP104
||
2317 wpa_s
->pairwise_cipher
== WPA_CIPHER_TKIP
) {
2318 wpa_printf(MSG_DEBUG
,
2319 "IBSS: WEP/TKIP detected, do not try to enable HT");
2323 hw_mode
= ieee80211_freq_to_chan(freq
->freq
, &channel
);
2324 for (i
= 0; wpa_s
->hw
.modes
&& i
< wpa_s
->hw
.num_modes
; i
++) {
2325 if (wpa_s
->hw
.modes
[i
].mode
== hw_mode
) {
2326 mode
= &wpa_s
->hw
.modes
[i
];
2334 is_24ghz
= hw_mode
== HOSTAPD_MODE_IEEE80211G
||
2335 hw_mode
== HOSTAPD_MODE_IEEE80211B
;
2337 #ifdef CONFIG_HT_OVERRIDES
2338 if (ssid
->disable_ht
) {
2339 freq
->ht_enabled
= 0;
2342 #endif /* CONFIG_HT_OVERRIDES */
2344 freq
->ht_enabled
= ht_supported(mode
);
2345 if (!freq
->ht_enabled
)
2348 /* Allow HE on 2.4 GHz without VHT: see nl80211_put_freq_params() */
2350 freq
->he_enabled
= mode
->he_capab
[ieee80211_mode
].he_supported
;
2352 /* Setup higher BW only for 5 GHz */
2353 if (mode
->mode
!= HOSTAPD_MODE_IEEE80211A
)
2356 for (chan_idx
= 0; chan_idx
< mode
->num_channels
; chan_idx
++) {
2357 pri_chan
= &mode
->channels
[chan_idx
];
2358 if (pri_chan
->chan
== channel
)
2365 /* Check primary channel flags */
2366 if (pri_chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2369 freq
->channel
= pri_chan
->chan
;
2371 #ifdef CONFIG_HT_OVERRIDES
2372 if (ssid
->disable_ht40
) {
2373 if (ssid
->disable_vht
)
2377 #endif /* CONFIG_HT_OVERRIDES */
2379 /* Check/setup HT40+/HT40- */
2380 for (j
= 0; j
< ARRAY_SIZE(ht40plus
); j
++) {
2381 if (ht40plus
[j
] == channel
) {
2387 /* Find secondary channel */
2388 for (i
= 0; i
< mode
->num_channels
; i
++) {
2389 sec_chan
= &mode
->channels
[i
];
2390 if (sec_chan
->chan
== channel
+ ht40
* 4)
2397 /* Check secondary channel flags */
2398 if (sec_chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2402 if (!(pri_chan
->flag
& HOSTAPD_CHAN_HT40MINUS
))
2405 if (!(pri_chan
->flag
& HOSTAPD_CHAN_HT40PLUS
))
2408 freq
->sec_channel_offset
= ht40
;
2411 struct wpa_scan_results
*scan_res
;
2413 scan_res
= wpa_supplicant_get_scan_results(wpa_s
, NULL
, 0);
2414 if (scan_res
== NULL
) {
2416 freq
->sec_channel_offset
= 0;
2420 res
= check_40mhz_5g(scan_res
, pri_chan
, sec_chan
);
2424 freq
->sec_channel_offset
= 0;
2427 /* Configuration allowed */
2430 /* Switch pri/sec channels */
2431 freq
->freq
= hw_get_freq(mode
, sec_chan
->chan
);
2432 freq
->sec_channel_offset
= -freq
->sec_channel_offset
;
2433 freq
->channel
= sec_chan
->chan
;
2436 freq
->sec_channel_offset
= 0;
2440 wpa_scan_results_free(scan_res
);
2443 #ifdef CONFIG_HT_OVERRIDES
2445 #endif /* CONFIG_HT_OVERRIDES */
2446 wpa_printf(MSG_DEBUG
,
2447 "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2448 freq
->channel
, freq
->sec_channel_offset
);
2450 if (!drv_supports_vht(wpa_s
, ssid
))
2453 /* For IBSS check VHT_IBSS flag */
2454 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2455 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_VHT_IBSS
))
2460 #ifdef CONFIG_VHT_OVERRIDES
2461 if (ssid
->disable_vht
) {
2462 freq
->vht_enabled
= 0;
2465 #endif /* CONFIG_VHT_OVERRIDES */
2467 vht_freq
.vht_enabled
= vht_supported(mode
);
2468 if (!vht_freq
.vht_enabled
)
2471 /* Enable HE for VHT */
2472 vht_freq
.he_enabled
= mode
->he_capab
[ieee80211_mode
].he_supported
;
2474 /* setup center_freq1, bandwidth */
2475 for (j
= 0; j
< ARRAY_SIZE(vht80
); j
++) {
2476 if (freq
->channel
>= vht80
[j
] &&
2477 freq
->channel
< vht80
[j
] + 16)
2481 if (j
== ARRAY_SIZE(vht80
))
2484 for (i
= vht80
[j
]; i
< vht80
[j
] + 16; i
+= 4) {
2485 struct hostapd_channel_data
*chan
;
2487 chan
= hw_get_channel_chan(mode
, i
, NULL
);
2491 /* Back to HT configuration if channel not usable */
2492 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2496 chwidth
= CHANWIDTH_80MHZ
;
2497 seg0
= vht80
[j
] + 6;
2500 if (ssid
->max_oper_chwidth
== CHANWIDTH_80P80MHZ
) {
2501 /* setup center_freq2, bandwidth */
2502 for (k
= 0; k
< ARRAY_SIZE(vht80
); k
++) {
2503 /* Only accept 80 MHz segments separated by a gap */
2504 if (j
== k
|| abs(vht80
[j
] - vht80
[k
]) == 16)
2506 for (i
= vht80
[k
]; i
< vht80
[k
] + 16; i
+= 4) {
2507 struct hostapd_channel_data
*chan
;
2509 chan
= hw_get_channel_chan(mode
, i
, NULL
);
2513 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
|
2514 HOSTAPD_CHAN_NO_IR
|
2515 HOSTAPD_CHAN_RADAR
))
2518 /* Found a suitable second segment for 80+80 */
2519 chwidth
= CHANWIDTH_80P80MHZ
;
2521 VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ
;
2522 seg1
= vht80
[k
] + 6;
2525 if (chwidth
== CHANWIDTH_80P80MHZ
)
2528 } else if (ssid
->max_oper_chwidth
== CHANWIDTH_160MHZ
) {
2529 if (freq
->freq
== 5180) {
2530 chwidth
= CHANWIDTH_160MHZ
;
2531 vht_caps
|= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
2533 } else if (freq
->freq
== 5520) {
2534 chwidth
= CHANWIDTH_160MHZ
;
2535 vht_caps
|= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
2538 } else if (ssid
->max_oper_chwidth
== CHANWIDTH_USE_HT
) {
2539 chwidth
= CHANWIDTH_USE_HT
;
2540 seg0
= vht80
[j
] + 2;
2541 #ifdef CONFIG_HT_OVERRIDES
2542 if (ssid
->disable_ht40
)
2544 #endif /* CONFIG_HT_OVERRIDES */
2547 if (hostapd_set_freq_params(&vht_freq
, mode
->mode
, freq
->freq
,
2548 freq
->channel
, ssid
->enable_edmg
,
2549 ssid
->edmg_channel
, freq
->ht_enabled
,
2550 vht_freq
.vht_enabled
, freq
->he_enabled
,
2551 freq
->sec_channel_offset
,
2552 chwidth
, seg0
, seg1
, vht_caps
,
2553 &mode
->he_capab
[ieee80211_mode
]) != 0)
2558 wpa_printf(MSG_DEBUG
, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2559 freq
->center_freq1
, freq
->center_freq2
, freq
->bandwidth
);
2564 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant
*wpa_s
, u8
*ie_buf
,
2567 struct fils_hlp_req
*req
;
2568 size_t rem_len
, hdr_len
, hlp_len
, len
, ie_len
= 0;
2572 dl_list_for_each(req
, &wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
2574 rem_len
= ie_buf_len
- ie_len
;
2575 pos
= wpabuf_head(req
->pkt
);
2576 hdr_len
= 1 + 2 * ETH_ALEN
+ 6;
2577 hlp_len
= wpabuf_len(req
->pkt
);
2579 if (rem_len
< 2 + hdr_len
+ hlp_len
) {
2580 wpa_printf(MSG_ERROR
,
2581 "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2582 (unsigned long) rem_len
,
2583 (unsigned long) (2 + hdr_len
+ hlp_len
));
2587 len
= (hdr_len
+ hlp_len
) > 255 ? 255 : hdr_len
+ hlp_len
;
2589 *buf
++ = WLAN_EID_EXTENSION
;
2592 /* Element ID Extension */
2593 *buf
++ = WLAN_EID_EXT_FILS_HLP_CONTAINER
;
2594 /* Destination MAC address */
2595 os_memcpy(buf
, req
->dst
, ETH_ALEN
);
2597 /* Source MAC address */
2598 os_memcpy(buf
, wpa_s
->own_addr
, ETH_ALEN
);
2600 /* LLC/SNAP Header */
2601 os_memcpy(buf
, "\xaa\xaa\x03\x00\x00\x00", 6);
2604 os_memcpy(buf
, pos
, len
- hdr_len
);
2605 buf
+= len
- hdr_len
;
2606 pos
+= len
- hdr_len
;
2608 hlp_len
-= len
- hdr_len
;
2613 len
= (hlp_len
> 255) ? 255 : hlp_len
;
2614 if (rem_len
< 2 + len
)
2616 *buf
++ = WLAN_EID_FRAGMENT
;
2618 os_memcpy(buf
, pos
, len
);
2632 int wpa_is_fils_supported(struct wpa_supplicant
*wpa_s
)
2634 return (((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2635 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SUPPORT_FILS
)) ||
2636 (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2637 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD
)));
2641 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant
*wpa_s
)
2643 #ifdef CONFIG_FILS_SK_PFS
2644 return (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2645 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SUPPORT_FILS
);
2646 #else /* CONFIG_FILS_SK_PFS */
2648 #endif /* CONFIG_FILS_SK_PFS */
2651 #endif /* CONFIG_FILS */
2654 static u8
* wpas_populate_assoc_ies(
2655 struct wpa_supplicant
*wpa_s
,
2656 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
,
2657 struct wpa_driver_associate_params
*params
,
2658 enum wpa_drv_update_connect_params_mask
*mask
)
2661 size_t max_wpa_ie_len
= 500;
2663 int algs
= WPA_AUTH_ALG_OPEN
;
2668 int sae_pmksa_cached
= 0;
2669 #endif /* CONFIG_SAE */
2671 const u8
*realm
, *username
, *rrk
;
2672 size_t realm_len
, username_len
, rrk_len
;
2674 struct fils_hlp_req
*req
;
2676 dl_list_for_each(req
, &wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
2678 max_wpa_ie_len
+= 3 + 2 * ETH_ALEN
+ 6 + wpabuf_len(req
->pkt
) +
2679 2 + 2 * wpabuf_len(req
->pkt
) / 255;
2681 #endif /* CONFIG_FILS */
2683 wpa_ie
= os_malloc(max_wpa_ie_len
);
2685 wpa_printf(MSG_ERROR
,
2686 "Failed to allocate connect IE buffer for %lu bytes",
2687 (unsigned long) max_wpa_ie_len
);
2691 if (bss
&& (wpa_bss_get_vendor_ie(bss
, WPA_IE_VENDOR_TYPE
) ||
2692 wpa_bss_get_ie(bss
, WLAN_EID_RSN
)) &&
2693 wpa_key_mgmt_wpa(ssid
->key_mgmt
)) {
2694 int try_opportunistic
;
2695 const u8
*cache_id
= NULL
;
2697 try_opportunistic
= (ssid
->proactive_key_caching
< 0 ?
2699 ssid
->proactive_key_caching
) &&
2700 (ssid
->proto
& WPA_PROTO_RSN
);
2702 if (wpa_key_mgmt_fils(ssid
->key_mgmt
))
2703 cache_id
= wpa_bss_get_fils_cache_id(bss
);
2704 #endif /* CONFIG_FILS */
2705 if (pmksa_cache_set_current(wpa_s
->wpa
, NULL
, bss
->bssid
,
2706 ssid
, try_opportunistic
,
2707 cache_id
, 0) == 0) {
2708 eapol_sm_notify_pmkid_attempt(wpa_s
->eapol
);
2710 sae_pmksa_cached
= 1;
2711 #endif /* CONFIG_SAE */
2713 wpa_ie_len
= max_wpa_ie_len
;
2714 if (wpa_supplicant_set_suites(wpa_s
, bss
, ssid
,
2715 wpa_ie
, &wpa_ie_len
)) {
2716 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2717 "key management and encryption suites");
2722 } else if (bss
&& wpa_bss_get_vendor_ie(bss
, OSEN_IE_VENDOR_TYPE
) &&
2723 (ssid
->key_mgmt
& WPA_KEY_MGMT_OSEN
)) {
2724 /* No PMKSA caching, but otherwise similar to RSN/WPA */
2725 wpa_ie_len
= max_wpa_ie_len
;
2726 if (wpa_supplicant_set_suites(wpa_s
, bss
, ssid
,
2727 wpa_ie
, &wpa_ie_len
)) {
2728 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2729 "key management and encryption suites");
2733 #endif /* CONFIG_HS20 */
2734 } else if ((ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
) && bss
&&
2735 wpa_key_mgmt_wpa_ieee8021x(ssid
->key_mgmt
)) {
2737 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2738 * use non-WPA since the scan results did not indicate that the
2739 * AP is using WPA or WPA2.
2741 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2743 wpa_s
->wpa_proto
= 0;
2744 } else if (wpa_key_mgmt_wpa_any(ssid
->key_mgmt
)) {
2745 wpa_ie_len
= max_wpa_ie_len
;
2746 if (wpa_supplicant_set_suites(wpa_s
, NULL
, ssid
,
2747 wpa_ie
, &wpa_ie_len
)) {
2748 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2749 "key management and encryption suites (no "
2755 } else if (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
) {
2756 struct wpabuf
*wps_ie
;
2757 wps_ie
= wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid
));
2758 if (wps_ie
&& wpabuf_len(wps_ie
) <= max_wpa_ie_len
) {
2759 wpa_ie_len
= wpabuf_len(wps_ie
);
2760 os_memcpy(wpa_ie
, wpabuf_head(wps_ie
), wpa_ie_len
);
2763 wpabuf_free(wps_ie
);
2764 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2765 if (!bss
|| (bss
->caps
& IEEE80211_CAP_PRIVACY
))
2766 params
->wps
= WPS_MODE_PRIVACY
;
2768 params
->wps
= WPS_MODE_OPEN
;
2769 wpa_s
->wpa_proto
= 0;
2770 #endif /* CONFIG_WPS */
2772 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2774 wpa_s
->wpa_proto
= 0;
2777 #ifdef IEEE8021X_EAPOL
2778 if (ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
2780 if (ssid
->non_leap
== 0)
2781 algs
= WPA_AUTH_ALG_LEAP
;
2783 algs
|= WPA_AUTH_ALG_LEAP
;
2788 /* Clear FILS association */
2789 wpa_sm_set_reset_fils_completed(wpa_s
->wpa
, 0);
2791 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD
) &&
2792 ssid
->eap
.erp
&& wpa_key_mgmt_fils(wpa_s
->key_mgmt
) &&
2793 eapol_sm_get_erp_info(wpa_s
->eapol
, &ssid
->eap
, &username
,
2794 &username_len
, &realm
, &realm_len
,
2795 &next_seq_num
, &rrk
, &rrk_len
) == 0 &&
2796 (!wpa_s
->last_con_fail_realm
||
2797 wpa_s
->last_con_fail_realm_len
!= realm_len
||
2798 os_memcmp(wpa_s
->last_con_fail_realm
, realm
, realm_len
) != 0)) {
2799 algs
= WPA_AUTH_ALG_FILS
;
2800 params
->fils_erp_username
= username
;
2801 params
->fils_erp_username_len
= username_len
;
2802 params
->fils_erp_realm
= realm
;
2803 params
->fils_erp_realm_len
= realm_len
;
2804 params
->fils_erp_next_seq_num
= next_seq_num
;
2805 params
->fils_erp_rrk
= rrk
;
2806 params
->fils_erp_rrk_len
= rrk_len
;
2809 *mask
|= WPA_DRV_UPDATE_FILS_ERP_INFO
;
2811 #endif /* CONFIG_FILS */
2812 #endif /* IEEE8021X_EAPOL */
2814 if (wpa_s
->key_mgmt
& (WPA_KEY_MGMT_SAE
| WPA_KEY_MGMT_FT_SAE
))
2815 algs
= WPA_AUTH_ALG_SAE
;
2816 #endif /* CONFIG_SAE */
2818 wpa_dbg(wpa_s
, MSG_DEBUG
, "Automatic auth_alg selection: 0x%x", algs
);
2819 if (ssid
->auth_alg
) {
2820 algs
= ssid
->auth_alg
;
2821 wpa_dbg(wpa_s
, MSG_DEBUG
,
2822 "Overriding auth_alg selection: 0x%x", algs
);
2826 if (sae_pmksa_cached
&& algs
== WPA_AUTH_ALG_SAE
) {
2827 wpa_dbg(wpa_s
, MSG_DEBUG
,
2828 "SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
2829 algs
= WPA_AUTH_ALG_OPEN
;
2831 #endif /* CONFIG_SAE */
2834 if (wpa_s
->global
->p2p
) {
2838 pos
= wpa_ie
+ wpa_ie_len
;
2839 len
= max_wpa_ie_len
- wpa_ie_len
;
2840 res
= wpas_p2p_assoc_req_ie(wpa_s
, bss
, pos
, len
,
2846 wpa_s
->cross_connect_disallowed
= 0;
2849 p2p
= wpa_bss_get_vendor_ie_multi(bss
, P2P_IE_VENDOR_TYPE
);
2851 wpa_s
->cross_connect_disallowed
=
2852 p2p_get_cross_connect_disallowed(p2p
);
2854 wpa_dbg(wpa_s
, MSG_DEBUG
, "P2P: WLAN AP %s cross "
2856 wpa_s
->cross_connect_disallowed
?
2857 "disallows" : "allows");
2861 os_memset(wpa_s
->p2p_ip_addr_info
, 0, sizeof(wpa_s
->p2p_ip_addr_info
));
2862 #endif /* CONFIG_P2P */
2865 wpa_ie_len
+= wpas_supp_op_class_ie(wpa_s
, ssid
, bss
->freq
,
2866 wpa_ie
+ wpa_ie_len
,
2872 * Workaround: Add Extended Capabilities element only if the AP
2873 * included this element in Beacon/Probe Response frames. Some older
2874 * APs seem to have interoperability issues if this element is
2875 * included, so while the standard may require us to include the
2876 * element in all cases, it is justifiable to skip it to avoid
2877 * interoperability issues.
2879 if (ssid
->p2p_group
)
2880 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_P2P_CLIENT
);
2882 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_STATION
);
2884 if (!bss
|| wpa_bss_get_ie(bss
, WLAN_EID_EXT_CAPAB
)) {
2887 ext_capab_len
= wpas_build_ext_capab(wpa_s
, ext_capab
,
2889 if (ext_capab_len
> 0 &&
2890 wpa_ie_len
+ ext_capab_len
<= max_wpa_ie_len
) {
2892 if (wpa_ie_len
> 0 && pos
[0] == WLAN_EID_RSN
)
2894 os_memmove(pos
+ ext_capab_len
, pos
,
2895 wpa_ie_len
- (pos
- wpa_ie
));
2896 wpa_ie_len
+= ext_capab_len
;
2897 os_memcpy(pos
, ext_capab
, ext_capab_len
);
2902 if (is_hs20_network(wpa_s
, ssid
, bss
)) {
2903 struct wpabuf
*hs20
;
2905 hs20
= wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN
);
2907 int pps_mo_id
= hs20_get_pps_mo_id(wpa_s
, ssid
);
2910 wpas_hs20_add_indication(hs20
, pps_mo_id
,
2911 get_hs20_version(bss
));
2912 wpas_hs20_add_roam_cons_sel(hs20
, ssid
);
2913 len
= max_wpa_ie_len
- wpa_ie_len
;
2914 if (wpabuf_len(hs20
) <= len
) {
2915 os_memcpy(wpa_ie
+ wpa_ie_len
,
2916 wpabuf_head(hs20
), wpabuf_len(hs20
));
2917 wpa_ie_len
+= wpabuf_len(hs20
);
2921 hs20_configure_frame_filters(wpa_s
);
2924 #endif /* CONFIG_HS20 */
2926 if (wpa_s
->vendor_elem
[VENDOR_ELEM_ASSOC_REQ
]) {
2927 struct wpabuf
*buf
= wpa_s
->vendor_elem
[VENDOR_ELEM_ASSOC_REQ
];
2930 len
= max_wpa_ie_len
- wpa_ie_len
;
2931 if (wpabuf_len(buf
) <= len
) {
2932 os_memcpy(wpa_ie
+ wpa_ie_len
,
2933 wpabuf_head(buf
), wpabuf_len(buf
));
2934 wpa_ie_len
+= wpabuf_len(buf
);
2939 if (wpa_s
->fst_ies
) {
2940 int fst_ies_len
= wpabuf_len(wpa_s
->fst_ies
);
2942 if (wpa_ie_len
+ fst_ies_len
<= max_wpa_ie_len
) {
2943 os_memcpy(wpa_ie
+ wpa_ie_len
,
2944 wpabuf_head(wpa_s
->fst_ies
), fst_ies_len
);
2945 wpa_ie_len
+= fst_ies_len
;
2948 #endif /* CONFIG_FST */
2951 mbo_ie
= bss
? wpa_bss_get_vendor_ie(bss
, MBO_IE_VENDOR_TYPE
) : NULL
;
2952 if (!wpa_s
->disable_mbo_oce
&& mbo_ie
) {
2955 len
= wpas_mbo_ie(wpa_s
, wpa_ie
+ wpa_ie_len
,
2956 max_wpa_ie_len
- wpa_ie_len
,
2957 !!mbo_attr_from_mbo_ie(mbo_ie
,
2958 OCE_ATTR_ID_CAPA_IND
));
2962 #endif /* CONFIG_MBO */
2965 if (algs
== WPA_AUTH_ALG_FILS
) {
2968 len
= wpas_add_fils_hlp_req(wpa_s
, wpa_ie
+ wpa_ie_len
,
2969 max_wpa_ie_len
- wpa_ie_len
);
2972 #endif /* CONFIG_FILS */
2975 #ifdef CONFIG_TESTING_OPTIONS
2976 if (get_ie_ext(wpa_ie
, wpa_ie_len
, WLAN_EID_EXT_OWE_DH_PARAM
)) {
2977 wpa_printf(MSG_INFO
, "TESTING: Override OWE DH element");
2979 #endif /* CONFIG_TESTING_OPTIONS */
2980 if (algs
== WPA_AUTH_ALG_OPEN
&&
2981 ssid
->key_mgmt
== WPA_KEY_MGMT_OWE
) {
2982 struct wpabuf
*owe_ie
;
2985 if (ssid
->owe_group
) {
2986 group
= ssid
->owe_group
;
2987 } else if (wpa_s
->assoc_status_code
==
2988 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED
) {
2989 if (wpa_s
->last_owe_group
== 19)
2991 else if (wpa_s
->last_owe_group
== 20)
2994 group
= OWE_DH_GROUP
;
2996 group
= OWE_DH_GROUP
;
2999 wpa_s
->last_owe_group
= group
;
3000 wpa_printf(MSG_DEBUG
, "OWE: Try to use group %u", group
);
3001 owe_ie
= owe_build_assoc_req(wpa_s
->wpa
, group
);
3003 wpabuf_len(owe_ie
) <= max_wpa_ie_len
- wpa_ie_len
) {
3004 os_memcpy(wpa_ie
+ wpa_ie_len
,
3005 wpabuf_head(owe_ie
), wpabuf_len(owe_ie
));
3006 wpa_ie_len
+= wpabuf_len(owe_ie
);
3008 wpabuf_free(owe_ie
);
3010 #endif /* CONFIG_OWE */
3013 if (wpa_sm_get_key_mgmt(wpa_s
->wpa
) == WPA_KEY_MGMT_DPP
&&
3014 ssid
->dpp_netaccesskey
) {
3015 dpp_pfs_free(wpa_s
->dpp_pfs
);
3016 wpa_s
->dpp_pfs
= dpp_pfs_init(ssid
->dpp_netaccesskey
,
3017 ssid
->dpp_netaccesskey_len
);
3018 if (!wpa_s
->dpp_pfs
) {
3019 wpa_printf(MSG_DEBUG
, "DPP: Could not initialize PFS");
3020 /* Try to continue without PFS */
3023 if (wpabuf_len(wpa_s
->dpp_pfs
->ie
) <=
3024 max_wpa_ie_len
- wpa_ie_len
) {
3025 os_memcpy(wpa_ie
+ wpa_ie_len
,
3026 wpabuf_head(wpa_s
->dpp_pfs
->ie
),
3027 wpabuf_len(wpa_s
->dpp_pfs
->ie
));
3028 wpa_ie_len
+= wpabuf_len(wpa_s
->dpp_pfs
->ie
);
3032 #endif /* CONFIG_DPP2 */
3034 #ifdef CONFIG_IEEE80211R
3036 * Add MDIE under these conditions: the network profile allows FT,
3037 * the AP supports FT, and the mobility domain ID matches.
3039 if (bss
&& wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s
->wpa
))) {
3040 const u8
*mdie
= wpa_bss_get_ie(bss
, WLAN_EID_MOBILITY_DOMAIN
);
3042 if (mdie
&& mdie
[1] >= MOBILITY_DOMAIN_ID_LEN
) {
3044 const u8
*md
= mdie
+ 2;
3045 const u8
*wpa_md
= wpa_sm_get_ft_md(wpa_s
->wpa
);
3047 if (os_memcmp(md
, wpa_md
,
3048 MOBILITY_DOMAIN_ID_LEN
) == 0) {
3049 /* Add mobility domain IE */
3050 len
= wpa_ft_add_mdie(
3051 wpa_s
->wpa
, wpa_ie
+ wpa_ie_len
,
3052 max_wpa_ie_len
- wpa_ie_len
, mdie
);
3056 if (len
> 0 && wpa_s
->sme
.ft_used
&&
3057 wpa_sm_has_ptk(wpa_s
->wpa
)) {
3058 wpa_dbg(wpa_s
, MSG_DEBUG
,
3059 "SME: Trying to use FT over-the-air");
3060 algs
|= WPA_AUTH_ALG_FT
;
3062 #endif /* CONFIG_SME */
3065 #endif /* CONFIG_IEEE80211R */
3067 #ifdef CONFIG_TESTING_OPTIONS
3068 if (wpa_s
->rsnxe_override_assoc
&&
3069 wpabuf_len(wpa_s
->rsnxe_override_assoc
) <=
3070 max_wpa_ie_len
- wpa_ie_len
) {
3071 wpa_printf(MSG_DEBUG
, "TESTING: RSNXE AssocReq override");
3072 os_memcpy(wpa_ie
+ wpa_ie_len
,
3073 wpabuf_head(wpa_s
->rsnxe_override_assoc
),
3074 wpabuf_len(wpa_s
->rsnxe_override_assoc
));
3075 wpa_ie_len
+= wpabuf_len(wpa_s
->rsnxe_override_assoc
);
3077 #endif /* CONFIG_TESTING_OPTIONS */
3078 if (wpa_s
->rsnxe_len
> 0 &&
3079 wpa_s
->rsnxe_len
<= max_wpa_ie_len
- wpa_ie_len
) {
3080 os_memcpy(wpa_ie
+ wpa_ie_len
, wpa_s
->rsnxe
, wpa_s
->rsnxe_len
);
3081 wpa_ie_len
+= wpa_s
->rsnxe_len
;
3084 if (ssid
->multi_ap_backhaul_sta
) {
3085 size_t multi_ap_ie_len
;
3087 multi_ap_ie_len
= add_multi_ap_ie(wpa_ie
+ wpa_ie_len
,
3088 max_wpa_ie_len
- wpa_ie_len
,
3089 MULTI_AP_BACKHAUL_STA
);
3090 if (multi_ap_ie_len
== 0) {
3091 wpa_printf(MSG_ERROR
,
3092 "Multi-AP: Failed to build Multi-AP IE");
3096 wpa_ie_len
+= multi_ap_ie_len
;
3099 params
->wpa_ie
= wpa_ie
;
3100 params
->wpa_ie_len
= wpa_ie_len
;
3101 params
->auth_alg
= algs
;
3103 *mask
|= WPA_DRV_UPDATE_ASSOC_IES
| WPA_DRV_UPDATE_AUTH_TYPE
;
3110 static void wpas_update_owe_connect_params(struct wpa_supplicant
*wpa_s
)
3112 struct wpa_driver_associate_params params
;
3115 os_memset(¶ms
, 0, sizeof(params
));
3116 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
3117 wpa_s
->current_ssid
, ¶ms
, NULL
);
3121 wpa_drv_update_connect_params(wpa_s
, ¶ms
, WPA_DRV_UPDATE_ASSOC_IES
);
3124 #endif /* CONFIG_OWE */
3127 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
3128 static void wpas_update_fils_connect_params(struct wpa_supplicant
*wpa_s
)
3130 struct wpa_driver_associate_params params
;
3131 enum wpa_drv_update_connect_params_mask mask
= 0;
3134 if (wpa_s
->auth_alg
!= WPA_AUTH_ALG_OPEN
)
3135 return; /* nothing to do */
3137 os_memset(¶ms
, 0, sizeof(params
));
3138 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
3139 wpa_s
->current_ssid
, ¶ms
, &mask
);
3143 if (params
.auth_alg
!= WPA_AUTH_ALG_FILS
) {
3148 wpa_s
->auth_alg
= params
.auth_alg
;
3149 wpa_drv_update_connect_params(wpa_s
, ¶ms
, mask
);
3152 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
3155 static u8
wpa_ie_get_edmg_oper_chans(const u8
*edmg_ie
)
3157 if (!edmg_ie
|| edmg_ie
[1] < 6)
3159 return edmg_ie
[EDMG_BSS_OPERATING_CHANNELS_OFFSET
];
3163 static u8
wpa_ie_get_edmg_oper_chan_width(const u8
*edmg_ie
)
3165 if (!edmg_ie
|| edmg_ie
[1] < 6)
3167 return edmg_ie
[EDMG_OPERATING_CHANNEL_WIDTH_OFFSET
];
3171 /* Returns the intersection of two EDMG configurations.
3172 * Note: The current implementation is limited to CB2 only (CB1 included),
3173 * i.e., the implementation supports up to 2 contiguous channels.
3174 * For supporting non-contiguous (aggregated) channels and for supporting
3175 * CB3 and above, this function will need to be extended.
3177 static struct ieee80211_edmg_config
3178 get_edmg_intersection(struct ieee80211_edmg_config a
,
3179 struct ieee80211_edmg_config b
,
3182 struct ieee80211_edmg_config result
;
3183 int i
, contiguous
= 0;
3184 int max_contiguous
= 0;
3186 result
.channels
= b
.channels
& a
.channels
;
3187 if (!result
.channels
) {
3188 wpa_printf(MSG_DEBUG
,
3189 "EDMG not possible: cannot intersect channels 0x%x and 0x%x",
3190 a
.channels
, b
.channels
);
3194 if (!(result
.channels
& BIT(primary_channel
- 1))) {
3195 wpa_printf(MSG_DEBUG
,
3196 "EDMG not possible: the primary channel %d is not one of the intersected channels 0x%x",
3197 primary_channel
, result
.channels
);
3201 /* Find max contiguous channels */
3202 for (i
= 0; i
< 6; i
++) {
3203 if (result
.channels
& BIT(i
))
3208 if (contiguous
> max_contiguous
)
3209 max_contiguous
= contiguous
;
3212 /* Assuming AP and STA supports ONLY contiguous channels,
3213 * bw configuration can have value between 4-7.
3215 if ((b
.bw_config
< a
.bw_config
))
3216 result
.bw_config
= b
.bw_config
;
3218 result
.bw_config
= a
.bw_config
;
3220 if ((max_contiguous
>= 2 && result
.bw_config
< EDMG_BW_CONFIG_5
) ||
3221 (max_contiguous
>= 1 && result
.bw_config
< EDMG_BW_CONFIG_4
)) {
3222 wpa_printf(MSG_DEBUG
,
3223 "EDMG not possible: not enough contiguous channels %d for supporting CB1 or CB2",
3231 result
.channels
= 0;
3232 result
.bw_config
= 0;
3237 static struct ieee80211_edmg_config
3238 get_supported_edmg(struct wpa_supplicant
*wpa_s
,
3239 struct hostapd_freq_params
*freq
,
3240 struct ieee80211_edmg_config request_edmg
)
3242 enum hostapd_hw_mode hw_mode
;
3243 struct hostapd_hw_modes
*mode
= NULL
;
3246 if (!wpa_s
->hw
.modes
)
3249 hw_mode
= ieee80211_freq_to_chan(freq
->freq
, &primary_channel
);
3250 if (hw_mode
== NUM_HOSTAPD_MODES
)
3253 mode
= get_mode(wpa_s
->hw
.modes
, wpa_s
->hw
.num_modes
, hw_mode
, 0);
3257 return get_edmg_intersection(mode
->edmg
, request_edmg
, primary_channel
);
3260 request_edmg
.channels
= 0;
3261 request_edmg
.bw_config
= 0;
3262 return request_edmg
;
3267 void wpas_update_mbo_connect_params(struct wpa_supplicant
*wpa_s
)
3269 struct wpa_driver_associate_params params
;
3273 * Update MBO connect params only in case of change of MBO attributes
3274 * when connected, if the AP support MBO.
3277 if (wpa_s
->wpa_state
!= WPA_COMPLETED
|| !wpa_s
->current_ssid
||
3278 !wpa_s
->current_bss
||
3279 !wpa_bss_get_vendor_ie(wpa_s
->current_bss
, MBO_IE_VENDOR_TYPE
))
3282 os_memset(¶ms
, 0, sizeof(params
));
3283 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
3284 wpa_s
->current_ssid
, ¶ms
, NULL
);
3288 wpa_drv_update_connect_params(wpa_s
, ¶ms
, WPA_DRV_UPDATE_ASSOC_IES
);
3291 #endif /* CONFIG_MBO */
3294 static void wpas_start_assoc_cb(struct wpa_radio_work
*work
, int deinit
)
3296 struct wpa_connect_work
*cwork
= work
->ctx
;
3297 struct wpa_bss
*bss
= cwork
->bss
;
3298 struct wpa_ssid
*ssid
= cwork
->ssid
;
3299 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
3301 const u8
*edmg_ie_oper
;
3302 int use_crypt
, ret
, i
, bssid_changed
;
3303 unsigned int cipher_pairwise
, cipher_group
, cipher_group_mgmt
;
3304 struct wpa_driver_associate_params params
;
3305 int wep_keys_set
= 0;
3306 int assoc_failed
= 0;
3307 struct wpa_ssid
*old_ssid
;
3308 u8 prev_bssid
[ETH_ALEN
];
3309 #ifdef CONFIG_HT_OVERRIDES
3310 struct ieee80211_ht_capabilities htcaps
;
3311 struct ieee80211_ht_capabilities htcaps_mask
;
3312 #endif /* CONFIG_HT_OVERRIDES */
3313 #ifdef CONFIG_VHT_OVERRIDES
3314 struct ieee80211_vht_capabilities vhtcaps
;
3315 struct ieee80211_vht_capabilities vhtcaps_mask
;
3316 #endif /* CONFIG_VHT_OVERRIDES */
3319 if (work
->started
) {
3320 wpa_s
->connect_work
= NULL
;
3322 /* cancel possible auth. timeout */
3323 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
,
3326 wpas_connect_work_free(cwork
);
3330 wpa_s
->connect_work
= work
;
3332 if (cwork
->bss_removed
|| !wpas_valid_bss_ssid(wpa_s
, bss
, ssid
) ||
3333 wpas_network_disabled(wpa_s
, ssid
)) {
3334 wpa_dbg(wpa_s
, MSG_DEBUG
, "BSS/SSID entry for association not valid anymore - drop connection attempt");
3335 wpas_connect_work_done(wpa_s
);
3339 os_memcpy(prev_bssid
, wpa_s
->bssid
, ETH_ALEN
);
3340 os_memset(¶ms
, 0, sizeof(params
));
3341 wpa_s
->reassociate
= 0;
3342 wpa_s
->eap_expected_failure
= 0;
3344 (!wpas_driver_bss_selection(wpa_s
) || wpas_wps_searching(wpa_s
))) {
3345 #ifdef CONFIG_IEEE80211R
3346 const u8
*ie
, *md
= NULL
;
3347 #endif /* CONFIG_IEEE80211R */
3348 wpa_msg(wpa_s
, MSG_INFO
, "Trying to associate with " MACSTR
3349 " (SSID='%s' freq=%d MHz)", MAC2STR(bss
->bssid
),
3350 wpa_ssid_txt(bss
->ssid
, bss
->ssid_len
), bss
->freq
);
3351 bssid_changed
= !is_zero_ether_addr(wpa_s
->bssid
);
3352 os_memset(wpa_s
->bssid
, 0, ETH_ALEN
);
3353 os_memcpy(wpa_s
->pending_bssid
, bss
->bssid
, ETH_ALEN
);
3355 wpas_notify_bssid_changed(wpa_s
);
3356 #ifdef CONFIG_IEEE80211R
3357 ie
= wpa_bss_get_ie(bss
, WLAN_EID_MOBILITY_DOMAIN
);
3358 if (ie
&& ie
[1] >= MOBILITY_DOMAIN_ID_LEN
)
3360 wpa_sm_set_ft_params(wpa_s
->wpa
, ie
, ie
? 2 + ie
[1] : 0);
3362 /* Prepare for the next transition */
3363 wpa_ft_prepare_auth_request(wpa_s
->wpa
, ie
);
3365 #endif /* CONFIG_IEEE80211R */
3367 } else if ((ssid
->ssid
== NULL
|| ssid
->ssid_len
== 0) &&
3368 wpa_s
->conf
->ap_scan
== 2 &&
3369 (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
)) {
3370 /* Use ap_scan==1 style network selection to find the network
3372 wpas_connect_work_done(wpa_s
);
3373 wpa_s
->scan_req
= MANUAL_SCAN_REQ
;
3374 wpa_s
->reassociate
= 1;
3375 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3377 #endif /* CONFIG_WPS */
3379 wpa_msg(wpa_s
, MSG_INFO
, "Trying to associate with SSID '%s'",
3380 wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
));
3382 os_memcpy(wpa_s
->pending_bssid
, bss
->bssid
, ETH_ALEN
);
3384 os_memset(wpa_s
->pending_bssid
, 0, ETH_ALEN
);
3387 wpa_supplicant_cancel_sched_scan(wpa_s
);
3389 wpa_supplicant_cancel_scan(wpa_s
);
3391 /* Starting new association, so clear the possibly used WPA IE from the
3392 * previous association. */
3393 wpa_sm_set_assoc_wpa_ie(wpa_s
->wpa
, NULL
, 0);
3394 wpa_sm_set_assoc_rsnxe(wpa_s
->wpa
, NULL
, 0);
3395 wpa_s
->rsnxe_len
= 0;
3397 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, bss
, ssid
, ¶ms
, NULL
);
3399 wpas_connect_work_done(wpa_s
);
3403 wpa_clear_keys(wpa_s
, bss
? bss
->bssid
: NULL
);
3405 cipher_pairwise
= wpa_s
->pairwise_cipher
;
3406 cipher_group
= wpa_s
->group_cipher
;
3407 cipher_group_mgmt
= wpa_s
->mgmt_group_cipher
;
3408 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
||
3409 wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
3410 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
)
3412 if (wpa_set_wep_keys(wpa_s
, ssid
)) {
3417 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
)
3420 #ifdef IEEE8021X_EAPOL
3421 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
3422 if ((ssid
->eapol_flags
&
3423 (EAPOL_FLAG_REQUIRE_KEY_UNICAST
|
3424 EAPOL_FLAG_REQUIRE_KEY_BROADCAST
)) == 0 &&
3428 /* Assume that dynamic WEP-104 keys will be used and
3429 * set cipher suites in order for drivers to expect
3431 cipher_pairwise
= cipher_group
= WPA_CIPHER_WEP104
;
3434 #endif /* IEEE8021X_EAPOL */
3436 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
) {
3437 /* Set the key before (and later after) association */
3438 wpa_supplicant_set_wpa_none_key(wpa_s
, ssid
);
3441 wpa_supplicant_set_state(wpa_s
, WPA_ASSOCIATING
);
3443 params
.ssid
= bss
->ssid
;
3444 params
.ssid_len
= bss
->ssid_len
;
3445 if (!wpas_driver_bss_selection(wpa_s
) || ssid
->bssid_set
||
3446 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
3447 wpa_printf(MSG_DEBUG
, "Limit connection to BSSID "
3448 MACSTR
" freq=%u MHz based on scan results "
3449 "(bssid_set=%d wps=%d)",
3450 MAC2STR(bss
->bssid
), bss
->freq
,
3452 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
);
3453 params
.bssid
= bss
->bssid
;
3454 params
.freq
.freq
= bss
->freq
;
3456 params
.bssid_hint
= bss
->bssid
;
3457 params
.freq_hint
= bss
->freq
;
3458 params
.pbss
= bss_is_pbss(bss
);
3460 if (ssid
->bssid_hint_set
)
3461 params
.bssid_hint
= ssid
->bssid_hint
;
3463 params
.ssid
= ssid
->ssid
;
3464 params
.ssid_len
= ssid
->ssid_len
;
3465 params
.pbss
= (ssid
->pbss
!= 2) ? ssid
->pbss
: 0;
3468 if (ssid
->mode
== WPAS_MODE_IBSS
&& ssid
->bssid_set
&&
3469 wpa_s
->conf
->ap_scan
== 2) {
3470 params
.bssid
= ssid
->bssid
;
3471 params
.fixed_bssid
= 1;
3474 /* Initial frequency for IBSS/mesh */
3475 if ((ssid
->mode
== WPAS_MODE_IBSS
|| ssid
->mode
== WPAS_MODE_MESH
) &&
3476 ssid
->frequency
> 0 && params
.freq
.freq
== 0)
3477 ibss_mesh_setup_freq(wpa_s
, ssid
, ¶ms
.freq
);
3479 if (ssid
->mode
== WPAS_MODE_IBSS
) {
3480 params
.fixed_freq
= ssid
->fixed_freq
;
3481 if (ssid
->beacon_int
)
3482 params
.beacon_int
= ssid
->beacon_int
;
3484 params
.beacon_int
= wpa_s
->conf
->beacon_int
;
3487 if (bss
&& ssid
->enable_edmg
)
3488 edmg_ie_oper
= get_ie_ext((const u8
*) (bss
+ 1), bss
->ie_len
,
3489 WLAN_EID_EXT_EDMG_OPERATION
);
3491 edmg_ie_oper
= NULL
;
3494 params
.freq
.edmg
.channels
=
3495 wpa_ie_get_edmg_oper_chans(edmg_ie_oper
);
3496 params
.freq
.edmg
.bw_config
=
3497 wpa_ie_get_edmg_oper_chan_width(edmg_ie_oper
);
3498 wpa_printf(MSG_DEBUG
,
3499 "AP supports EDMG channels 0x%x, bw_config %d",
3500 params
.freq
.edmg
.channels
,
3501 params
.freq
.edmg
.bw_config
);
3503 /* User may ask for specific EDMG channel for EDMG connection
3504 * (must be supported by AP)
3506 if (ssid
->edmg_channel
) {
3507 struct ieee80211_edmg_config configured_edmg
;
3508 enum hostapd_hw_mode hw_mode
;
3511 hw_mode
= ieee80211_freq_to_chan(bss
->freq
,
3513 if (hw_mode
== NUM_HOSTAPD_MODES
)
3516 hostapd_encode_edmg_chan(ssid
->enable_edmg
,
3521 if (ieee802_edmg_is_allowed(params
.freq
.edmg
,
3523 params
.freq
.edmg
= configured_edmg
;
3524 wpa_printf(MSG_DEBUG
,
3525 "Use EDMG channel %d for connection",
3526 ssid
->edmg_channel
);
3529 params
.freq
.edmg
.channels
= 0;
3530 params
.freq
.edmg
.bw_config
= 0;
3531 wpa_printf(MSG_WARNING
,
3532 "EDMG channel %d not supported by AP, fallback to DMG",
3533 ssid
->edmg_channel
);
3537 if (params
.freq
.edmg
.channels
) {
3538 wpa_printf(MSG_DEBUG
,
3539 "EDMG before: channels 0x%x, bw_config %d",
3540 params
.freq
.edmg
.channels
,
3541 params
.freq
.edmg
.bw_config
);
3542 params
.freq
.edmg
= get_supported_edmg(wpa_s
,
3545 wpa_printf(MSG_DEBUG
,
3546 "EDMG after: channels 0x%x, bw_config %d",
3547 params
.freq
.edmg
.channels
,
3548 params
.freq
.edmg
.bw_config
);
3552 params
.pairwise_suite
= cipher_pairwise
;
3553 params
.group_suite
= cipher_group
;
3554 params
.mgmt_group_suite
= cipher_group_mgmt
;
3555 params
.key_mgmt_suite
= wpa_s
->key_mgmt
;
3556 params
.wpa_proto
= wpa_s
->wpa_proto
;
3557 wpa_s
->auth_alg
= params
.auth_alg
;
3558 params
.mode
= ssid
->mode
;
3559 params
.bg_scan_period
= ssid
->bg_scan_period
;
3560 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
3561 if (ssid
->wep_key_len
[i
])
3562 params
.wep_key
[i
] = ssid
->wep_key
[i
];
3563 params
.wep_key_len
[i
] = ssid
->wep_key_len
[i
];
3565 params
.wep_tx_keyidx
= ssid
->wep_tx_keyidx
;
3567 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
) &&
3568 (params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK
||
3569 params
.key_mgmt_suite
== WPA_KEY_MGMT_FT_PSK
)) {
3570 params
.passphrase
= ssid
->passphrase
;
3572 params
.psk
= ssid
->psk
;
3575 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X
) &&
3576 (params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X
||
3577 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SHA256
||
3578 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B
||
3579 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
))
3580 params
.req_handshake_offload
= 1;
3582 if (wpa_s
->conf
->key_mgmt_offload
) {
3583 if (params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X
||
3584 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SHA256
||
3585 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B
||
3586 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
)
3587 params
.req_key_mgmt_offload
=
3588 ssid
->proactive_key_caching
< 0 ?
3589 wpa_s
->conf
->okc
: ssid
->proactive_key_caching
;
3591 params
.req_key_mgmt_offload
= 1;
3593 if ((params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK
||
3594 params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK_SHA256
||
3595 params
.key_mgmt_suite
== WPA_KEY_MGMT_FT_PSK
) &&
3597 params
.psk
= ssid
->psk
;
3600 params
.drop_unencrypted
= use_crypt
;
3602 params
.mgmt_frame_protection
= wpas_get_ssid_pmf(wpa_s
, ssid
);
3603 if (params
.mgmt_frame_protection
!= NO_MGMT_FRAME_PROTECTION
&& bss
) {
3604 const u8
*rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
3605 struct wpa_ie_data ie
;
3606 if (rsn
&& wpa_parse_wpa_ie(rsn
, 2 + rsn
[1], &ie
) == 0 &&
3608 (WPA_CAPABILITY_MFPC
| WPA_CAPABILITY_MFPR
)) {
3609 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected AP supports "
3610 "MFP: require MFP");
3611 params
.mgmt_frame_protection
=
3612 MGMT_FRAME_PROTECTION_REQUIRED
;
3614 } else if (!rsn
&& (ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
) &&
3616 params
.mgmt_frame_protection
= NO_MGMT_FRAME_PROTECTION
;
3617 #endif /* CONFIG_OWE */
3621 params
.p2p
= ssid
->p2p_group
;
3623 if (wpa_s
->p2pdev
->set_sta_uapsd
)
3624 params
.uapsd
= wpa_s
->p2pdev
->sta_uapsd
;
3628 #ifdef CONFIG_HT_OVERRIDES
3629 os_memset(&htcaps
, 0, sizeof(htcaps
));
3630 os_memset(&htcaps_mask
, 0, sizeof(htcaps_mask
));
3631 params
.htcaps
= (u8
*) &htcaps
;
3632 params
.htcaps_mask
= (u8
*) &htcaps_mask
;
3633 wpa_supplicant_apply_ht_overrides(wpa_s
, ssid
, ¶ms
);
3634 #endif /* CONFIG_HT_OVERRIDES */
3635 #ifdef CONFIG_VHT_OVERRIDES
3636 os_memset(&vhtcaps
, 0, sizeof(vhtcaps
));
3637 os_memset(&vhtcaps_mask
, 0, sizeof(vhtcaps_mask
));
3638 params
.vhtcaps
= &vhtcaps
;
3639 params
.vhtcaps_mask
= &vhtcaps_mask
;
3640 wpa_supplicant_apply_vht_overrides(wpa_s
, ssid
, ¶ms
);
3641 #endif /* CONFIG_VHT_OVERRIDES */
3645 * If multi-channel concurrency is not supported, check for any
3646 * frequency conflict. In case of any frequency conflict, remove the
3647 * least prioritized connection.
3649 if (wpa_s
->num_multichan_concurrent
< 2) {
3651 num
= get_shared_radio_freqs(wpa_s
, &freq
, 1);
3652 if (num
> 0 && freq
> 0 && freq
!= params
.freq
.freq
) {
3653 wpa_printf(MSG_DEBUG
,
3654 "Assoc conflicting freq found (%d != %d)",
3655 freq
, params
.freq
.freq
);
3656 if (wpas_p2p_handle_frequency_conflicts(
3657 wpa_s
, params
.freq
.freq
, ssid
) < 0) {
3658 wpas_connect_work_done(wpa_s
);
3664 #endif /* CONFIG_P2P */
3666 if (wpa_s
->reassoc_same_ess
&& !is_zero_ether_addr(prev_bssid
) &&
3667 wpa_s
->current_ssid
)
3668 params
.prev_bssid
= prev_bssid
;
3670 ret
= wpa_drv_associate(wpa_s
, ¶ms
);
3673 wpa_msg(wpa_s
, MSG_INFO
, "Association request to the driver "
3675 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SANE_ERROR_CODES
) {
3677 * The driver is known to mean what is saying, so we
3678 * can stop right here; the association will not
3681 wpas_connection_failed(wpa_s
, wpa_s
->pending_bssid
);
3682 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
3683 os_memset(wpa_s
->pending_bssid
, 0, ETH_ALEN
);
3686 /* try to continue anyway; new association will be tried again
3691 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
) {
3692 /* Set the key after the association just in case association
3693 * cleared the previously configured key. */
3694 wpa_supplicant_set_wpa_none_key(wpa_s
, ssid
);
3695 /* No need to timeout authentication since there is no key
3697 wpa_supplicant_cancel_auth_timeout(wpa_s
);
3698 wpa_supplicant_set_state(wpa_s
, WPA_COMPLETED
);
3699 #ifdef CONFIG_IBSS_RSN
3700 } else if (ssid
->mode
== WPAS_MODE_IBSS
&&
3701 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_NONE
&&
3702 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPA_NONE
) {
3704 * RSN IBSS authentication is per-STA and we can disable the
3705 * per-BSSID authentication.
3707 wpa_supplicant_cancel_auth_timeout(wpa_s
);
3708 #endif /* CONFIG_IBSS_RSN */
3710 /* Timeout for IEEE 802.11 authentication and association */
3714 /* give IBSS a bit more time */
3715 timeout
= ssid
->mode
== WPAS_MODE_IBSS
? 10 : 5;
3716 } else if (wpa_s
->conf
->ap_scan
== 1) {
3717 /* give IBSS a bit more time */
3718 timeout
= ssid
->mode
== WPAS_MODE_IBSS
? 20 : 10;
3720 wpa_supplicant_req_auth_timeout(wpa_s
, timeout
, 0);
3724 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC
)) {
3725 /* Set static WEP keys again */
3726 wpa_set_wep_keys(wpa_s
, ssid
);
3729 if (wpa_s
->current_ssid
&& wpa_s
->current_ssid
!= ssid
) {
3731 * Do not allow EAP session resumption between different
3732 * network configurations.
3734 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
3736 old_ssid
= wpa_s
->current_ssid
;
3737 wpa_s
->current_ssid
= ssid
;
3739 if (!wpas_driver_bss_selection(wpa_s
) || ssid
->bssid_set
) {
3740 wpa_s
->current_bss
= bss
;
3742 hs20_configure_frame_filters(wpa_s
);
3743 #endif /* CONFIG_HS20 */
3746 wpa_supplicant_rsn_supp_set_config(wpa_s
, wpa_s
->current_ssid
);
3747 wpa_supplicant_initiate_eapol(wpa_s
);
3748 if (old_ssid
!= wpa_s
->current_ssid
)
3749 wpas_notify_network_changed(wpa_s
);
3753 static void wpa_supplicant_clear_connection(struct wpa_supplicant
*wpa_s
,
3756 struct wpa_ssid
*old_ssid
;
3758 wpas_connect_work_done(wpa_s
);
3759 wpa_clear_keys(wpa_s
, addr
);
3760 old_ssid
= wpa_s
->current_ssid
;
3761 wpa_supplicant_mark_disassoc(wpa_s
);
3762 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
3763 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3764 if (old_ssid
!= wpa_s
->current_ssid
)
3765 wpas_notify_network_changed(wpa_s
);
3766 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
3771 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3772 * @wpa_s: Pointer to wpa_supplicant data
3773 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3775 * This function is used to request %wpa_supplicant to deauthenticate from the
3778 void wpa_supplicant_deauthenticate(struct wpa_supplicant
*wpa_s
,
3782 union wpa_event_data event
;
3785 wpa_dbg(wpa_s
, MSG_DEBUG
, "Request to deauthenticate - bssid=" MACSTR
3786 " pending_bssid=" MACSTR
" reason=%d (%s) state=%s",
3787 MAC2STR(wpa_s
->bssid
), MAC2STR(wpa_s
->pending_bssid
),
3788 reason_code
, reason2str(reason_code
),
3789 wpa_supplicant_state_txt(wpa_s
->wpa_state
));
3791 if (!is_zero_ether_addr(wpa_s
->pending_bssid
) &&
3792 (wpa_s
->wpa_state
== WPA_AUTHENTICATING
||
3793 wpa_s
->wpa_state
== WPA_ASSOCIATING
))
3794 addr
= wpa_s
->pending_bssid
;
3795 else if (!is_zero_ether_addr(wpa_s
->bssid
))
3796 addr
= wpa_s
->bssid
;
3797 else if (wpa_s
->wpa_state
== WPA_ASSOCIATING
) {
3799 * When using driver-based BSS selection, we may not know the
3800 * BSSID with which we are currently trying to associate. We
3801 * need to notify the driver of this disconnection even in such
3802 * a case, so use the all zeros address here.
3804 addr
= wpa_s
->bssid
;
3808 if (wpa_s
->enabled_4addr_mode
&& wpa_drv_set_4addr_mode(wpa_s
, 0) == 0)
3809 wpa_s
->enabled_4addr_mode
= 0;
3812 wpa_tdls_teardown_peers(wpa_s
->wpa
);
3813 #endif /* CONFIG_TDLS */
3817 struct mesh_conf
*mconf
;
3819 mconf
= wpa_s
->ifmsh
->mconf
;
3820 wpa_msg(wpa_s
, MSG_INFO
, MESH_GROUP_REMOVED
"%s",
3822 wpas_notify_mesh_group_removed(wpa_s
, mconf
->meshid
,
3823 mconf
->meshid_len
, reason_code
);
3824 wpa_supplicant_leave_mesh(wpa_s
);
3826 #endif /* CONFIG_MESH */
3829 wpa_drv_deauthenticate(wpa_s
, addr
, reason_code
);
3830 os_memset(&event
, 0, sizeof(event
));
3831 event
.deauth_info
.reason_code
= reason_code
;
3832 event
.deauth_info
.locally_generated
= 1;
3833 wpa_supplicant_event(wpa_s
, EVENT_DEAUTH
, &event
);
3838 wpa_supplicant_clear_connection(wpa_s
, addr
);
3841 static void wpa_supplicant_enable_one_network(struct wpa_supplicant
*wpa_s
,
3842 struct wpa_ssid
*ssid
)
3844 if (!ssid
|| !ssid
->disabled
|| ssid
->disabled
== 2)
3848 ssid
->owe_transition_bss_select_count
= 0;
3849 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
3850 wpas_notify_network_enabled_changed(wpa_s
, ssid
);
3853 * Try to reassociate since there is no current configuration and a new
3854 * network was made available.
3856 if (!wpa_s
->current_ssid
&& !wpa_s
->disconnected
)
3857 wpa_s
->reassociate
= 1;
3862 * wpa_supplicant_add_network - Add a new network
3863 * @wpa_s: wpa_supplicant structure for a network interface
3864 * Returns: The new network configuration or %NULL if operation failed
3866 * This function performs the following operations:
3867 * 1. Adds a new network.
3868 * 2. Send network addition notification.
3869 * 3. Marks the network disabled.
3870 * 4. Set network default parameters.
3872 struct wpa_ssid
* wpa_supplicant_add_network(struct wpa_supplicant
*wpa_s
)
3874 struct wpa_ssid
*ssid
;
3876 ssid
= wpa_config_add_network(wpa_s
->conf
);
3879 wpas_notify_network_added(wpa_s
, ssid
);
3881 wpa_config_set_network_defaults(ssid
);
3888 * wpa_supplicant_remove_network - Remove a configured network based on id
3889 * @wpa_s: wpa_supplicant structure for a network interface
3890 * @id: Unique network id to search for
3891 * Returns: 0 on success, or -1 if the network was not found, -2 if the network
3892 * could not be removed
3894 * This function performs the following operations:
3895 * 1. Removes the network.
3896 * 2. Send network removal notification.
3897 * 3. Update internal state machines.
3898 * 4. Stop any running sched scans.
3900 int wpa_supplicant_remove_network(struct wpa_supplicant
*wpa_s
, int id
)
3902 struct wpa_ssid
*ssid
;
3905 ssid
= wpa_config_get_network(wpa_s
->conf
, id
);
3908 wpas_notify_network_removed(wpa_s
, ssid
);
3910 if (wpa_s
->last_ssid
== ssid
)
3911 wpa_s
->last_ssid
= NULL
;
3913 if (ssid
== wpa_s
->current_ssid
|| !wpa_s
->current_ssid
) {
3915 wpa_s
->sme
.prev_bssid_set
= 0;
3916 #endif /* CONFIG_SME */
3918 * Invalidate the EAP session cache if the current or
3919 * previously used network is removed.
3921 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
3924 if (ssid
== wpa_s
->current_ssid
) {
3925 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
3926 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3928 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
3929 wpa_s
->own_disconnect_req
= 1;
3930 wpa_supplicant_deauthenticate(wpa_s
,
3931 WLAN_REASON_DEAUTH_LEAVING
);
3934 was_disabled
= ssid
->disabled
;
3936 if (wpa_config_remove_network(wpa_s
->conf
, id
) < 0)
3939 if (!was_disabled
&& wpa_s
->sched_scanning
) {
3940 wpa_printf(MSG_DEBUG
,
3941 "Stop ongoing sched_scan to remove network from filters");
3942 wpa_supplicant_cancel_sched_scan(wpa_s
);
3943 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3951 * wpa_supplicant_enable_network - Mark a configured network as enabled
3952 * @wpa_s: wpa_supplicant structure for a network interface
3953 * @ssid: wpa_ssid structure for a configured network or %NULL
3955 * Enables the specified network or all networks if no network specified.
3957 void wpa_supplicant_enable_network(struct wpa_supplicant
*wpa_s
,
3958 struct wpa_ssid
*ssid
)
3961 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
3962 wpa_supplicant_enable_one_network(wpa_s
, ssid
);
3964 wpa_supplicant_enable_one_network(wpa_s
, ssid
);
3966 if (wpa_s
->reassociate
&& !wpa_s
->disconnected
&&
3967 (!wpa_s
->current_ssid
||
3968 wpa_s
->wpa_state
== WPA_DISCONNECTED
||
3969 wpa_s
->wpa_state
== WPA_SCANNING
)) {
3970 if (wpa_s
->sched_scanning
) {
3971 wpa_printf(MSG_DEBUG
, "Stop ongoing sched_scan to add "
3972 "new network to scan filters");
3973 wpa_supplicant_cancel_sched_scan(wpa_s
);
3976 if (wpa_supplicant_fast_associate(wpa_s
) != 1) {
3977 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
3978 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3985 * wpa_supplicant_disable_network - Mark a configured network as disabled
3986 * @wpa_s: wpa_supplicant structure for a network interface
3987 * @ssid: wpa_ssid structure for a configured network or %NULL
3989 * Disables the specified network or all networks if no network specified.
3991 void wpa_supplicant_disable_network(struct wpa_supplicant
*wpa_s
,
3992 struct wpa_ssid
*ssid
)
3994 struct wpa_ssid
*other_ssid
;
3998 if (wpa_s
->sched_scanning
)
3999 wpa_supplicant_cancel_sched_scan(wpa_s
);
4001 for (other_ssid
= wpa_s
->conf
->ssid
; other_ssid
;
4002 other_ssid
= other_ssid
->next
) {
4003 was_disabled
= other_ssid
->disabled
;
4004 if (was_disabled
== 2)
4005 continue; /* do not change persistent P2P group
4008 other_ssid
->disabled
= 1;
4010 if (was_disabled
!= other_ssid
->disabled
)
4011 wpas_notify_network_enabled_changed(
4014 if (wpa_s
->current_ssid
) {
4015 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
4016 wpa_s
->own_disconnect_req
= 1;
4017 wpa_supplicant_deauthenticate(
4018 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
4020 } else if (ssid
->disabled
!= 2) {
4021 if (ssid
== wpa_s
->current_ssid
) {
4022 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
4023 wpa_s
->own_disconnect_req
= 1;
4024 wpa_supplicant_deauthenticate(
4025 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
4028 was_disabled
= ssid
->disabled
;
4032 if (was_disabled
!= ssid
->disabled
) {
4033 wpas_notify_network_enabled_changed(wpa_s
, ssid
);
4034 if (wpa_s
->sched_scanning
) {
4035 wpa_printf(MSG_DEBUG
, "Stop ongoing sched_scan "
4036 "to remove network from filters");
4037 wpa_supplicant_cancel_sched_scan(wpa_s
);
4038 wpa_supplicant_req_scan(wpa_s
, 0, 0);
4046 * wpa_supplicant_select_network - Attempt association with a network
4047 * @wpa_s: wpa_supplicant structure for a network interface
4048 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
4050 void wpa_supplicant_select_network(struct wpa_supplicant
*wpa_s
,
4051 struct wpa_ssid
*ssid
)
4054 struct wpa_ssid
*other_ssid
;
4055 int disconnected
= 0;
4057 if (ssid
&& ssid
!= wpa_s
->current_ssid
&& wpa_s
->current_ssid
) {
4058 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
4059 wpa_s
->own_disconnect_req
= 1;
4060 wpa_supplicant_deauthenticate(
4061 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
4066 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
4069 * Mark all other networks disabled or mark all networks enabled if no
4070 * network specified.
4072 for (other_ssid
= wpa_s
->conf
->ssid
; other_ssid
;
4073 other_ssid
= other_ssid
->next
) {
4074 int was_disabled
= other_ssid
->disabled
;
4075 if (was_disabled
== 2)
4076 continue; /* do not change persistent P2P group data */
4078 other_ssid
->disabled
= ssid
? (ssid
->id
!= other_ssid
->id
) : 0;
4079 if (was_disabled
&& !other_ssid
->disabled
)
4080 wpas_clear_temp_disabled(wpa_s
, other_ssid
, 0);
4082 if (was_disabled
!= other_ssid
->disabled
)
4083 wpas_notify_network_enabled_changed(wpa_s
, other_ssid
);
4086 if (ssid
&& ssid
== wpa_s
->current_ssid
&& wpa_s
->current_ssid
&&
4087 wpa_s
->wpa_state
>= WPA_AUTHENTICATING
) {
4088 /* We are already associated with the selected network */
4089 wpa_printf(MSG_DEBUG
, "Already associated with the "
4090 "selected network - do nothing");
4095 wpa_s
->current_ssid
= ssid
;
4096 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
4097 wpa_s
->connect_without_scan
=
4098 (ssid
->mode
== WPAS_MODE_MESH
) ? ssid
: NULL
;
4101 * Don't optimize next scan freqs since a new ESS has been
4104 os_free(wpa_s
->next_scan_freqs
);
4105 wpa_s
->next_scan_freqs
= NULL
;
4107 wpa_s
->connect_without_scan
= NULL
;
4110 wpa_s
->disconnected
= 0;
4111 wpa_s
->reassociate
= 1;
4112 wpa_s_clear_sae_rejected(wpa_s
);
4113 wpa_s
->last_owe_group
= 0;
4115 ssid
->owe_transition_bss_select_count
= 0;
4116 wpa_s_setup_sae_pt(wpa_s
->conf
, ssid
);
4119 if (wpa_s
->connect_without_scan
||
4120 wpa_supplicant_fast_associate(wpa_s
) != 1) {
4121 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
4122 wpas_scan_reset_sched_scan(wpa_s
);
4123 wpa_supplicant_req_scan(wpa_s
, 0, disconnected
? 100000 : 0);
4127 wpas_notify_network_selected(wpa_s
, ssid
);
4132 * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
4133 * @wpa_s: wpa_supplicant structure for a network interface
4134 * @pkcs11_engine_path: PKCS #11 engine path or NULL
4135 * @pkcs11_module_path: PKCS #11 module path or NULL
4136 * Returns: 0 on success; -1 on failure
4138 * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
4139 * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
4140 * module path fails the paths will be reset to the default value (NULL).
4142 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant
*wpa_s
,
4143 const char *pkcs11_engine_path
,
4144 const char *pkcs11_module_path
)
4146 char *pkcs11_engine_path_copy
= NULL
;
4147 char *pkcs11_module_path_copy
= NULL
;
4149 if (pkcs11_engine_path
!= NULL
) {
4150 pkcs11_engine_path_copy
= os_strdup(pkcs11_engine_path
);
4151 if (pkcs11_engine_path_copy
== NULL
)
4154 if (pkcs11_module_path
!= NULL
) {
4155 pkcs11_module_path_copy
= os_strdup(pkcs11_module_path
);
4156 if (pkcs11_module_path_copy
== NULL
) {
4157 os_free(pkcs11_engine_path_copy
);
4162 os_free(wpa_s
->conf
->pkcs11_engine_path
);
4163 os_free(wpa_s
->conf
->pkcs11_module_path
);
4164 wpa_s
->conf
->pkcs11_engine_path
= pkcs11_engine_path_copy
;
4165 wpa_s
->conf
->pkcs11_module_path
= pkcs11_module_path_copy
;
4167 wpa_sm_set_eapol(wpa_s
->wpa
, NULL
);
4168 eapol_sm_deinit(wpa_s
->eapol
);
4169 wpa_s
->eapol
= NULL
;
4170 if (wpa_supplicant_init_eapol(wpa_s
)) {
4171 /* Error -> Reset paths to the default value (NULL) once. */
4172 if (pkcs11_engine_path
!= NULL
&& pkcs11_module_path
!= NULL
)
4173 wpas_set_pkcs11_engine_and_module_path(wpa_s
, NULL
,
4178 wpa_sm_set_eapol(wpa_s
->wpa
, wpa_s
->eapol
);
4185 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
4186 * @wpa_s: wpa_supplicant structure for a network interface
4187 * @ap_scan: AP scan mode
4188 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
4191 int wpa_supplicant_set_ap_scan(struct wpa_supplicant
*wpa_s
, int ap_scan
)
4196 if (ap_scan
< 0 || ap_scan
> 2)
4199 if (ap_scan
== 2 && os_strcmp(wpa_s
->driver
->name
, "nl80211") == 0) {
4200 wpa_printf(MSG_INFO
,
4201 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4205 if (ap_scan
== 2 && ap_scan
!= wpa_s
->conf
->ap_scan
&&
4206 wpa_s
->wpa_state
>= WPA_ASSOCIATING
&&
4207 wpa_s
->wpa_state
< WPA_COMPLETED
) {
4208 wpa_printf(MSG_ERROR
, "ap_scan = %d (%d) rejected while "
4209 "associating", wpa_s
->conf
->ap_scan
, ap_scan
);
4212 #endif /* ANDROID */
4214 old_ap_scan
= wpa_s
->conf
->ap_scan
;
4215 wpa_s
->conf
->ap_scan
= ap_scan
;
4217 if (old_ap_scan
!= wpa_s
->conf
->ap_scan
)
4218 wpas_notify_ap_scan_changed(wpa_s
);
4225 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
4226 * @wpa_s: wpa_supplicant structure for a network interface
4227 * @expire_age: Expiration age in seconds
4228 * Returns: 0 if succeed or -1 if expire_age has an invalid value
4231 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant
*wpa_s
,
4232 unsigned int bss_expire_age
)
4234 if (bss_expire_age
< 10) {
4235 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid bss expiration age %u",
4239 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting bss expiration age: %d sec",
4241 wpa_s
->conf
->bss_expiration_age
= bss_expire_age
;
4248 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
4249 * @wpa_s: wpa_supplicant structure for a network interface
4250 * @expire_count: number of scans after which an unseen BSS is reclaimed
4251 * Returns: 0 if succeed or -1 if expire_count has an invalid value
4254 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant
*wpa_s
,
4255 unsigned int bss_expire_count
)
4257 if (bss_expire_count
< 1) {
4258 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid bss expiration count %u",
4262 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting bss expiration scan count: %u",
4264 wpa_s
->conf
->bss_expiration_scan_count
= bss_expire_count
;
4271 * wpa_supplicant_set_scan_interval - Set scan interval
4272 * @wpa_s: wpa_supplicant structure for a network interface
4273 * @scan_interval: scan interval in seconds
4274 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
4277 int wpa_supplicant_set_scan_interval(struct wpa_supplicant
*wpa_s
,
4280 if (scan_interval
< 0) {
4281 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid scan interval %d",
4285 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting scan interval: %d sec",
4287 wpa_supplicant_update_scan_int(wpa_s
, scan_interval
);
4294 * wpa_supplicant_set_debug_params - Set global debug params
4295 * @global: wpa_global structure
4296 * @debug_level: debug level
4297 * @debug_timestamp: determines if show timestamp in debug data
4298 * @debug_show_keys: determines if show keys in debug data
4299 * Returns: 0 if succeed or -1 if debug_level has wrong value
4301 int wpa_supplicant_set_debug_params(struct wpa_global
*global
, int debug_level
,
4302 int debug_timestamp
, int debug_show_keys
)
4305 int old_level
, old_timestamp
, old_show_keys
;
4307 /* check for allowed debuglevels */
4308 if (debug_level
!= MSG_EXCESSIVE
&&
4309 debug_level
!= MSG_MSGDUMP
&&
4310 debug_level
!= MSG_DEBUG
&&
4311 debug_level
!= MSG_INFO
&&
4312 debug_level
!= MSG_WARNING
&&
4313 debug_level
!= MSG_ERROR
)
4316 old_level
= wpa_debug_level
;
4317 old_timestamp
= wpa_debug_timestamp
;
4318 old_show_keys
= wpa_debug_show_keys
;
4320 wpa_debug_level
= debug_level
;
4321 wpa_debug_timestamp
= debug_timestamp
? 1 : 0;
4322 wpa_debug_show_keys
= debug_show_keys
? 1 : 0;
4324 if (wpa_debug_level
!= old_level
)
4325 wpas_notify_debug_level_changed(global
);
4326 if (wpa_debug_timestamp
!= old_timestamp
)
4327 wpas_notify_debug_timestamp_changed(global
);
4328 if (wpa_debug_show_keys
!= old_show_keys
)
4329 wpas_notify_debug_show_keys_changed(global
);
4336 static int owe_trans_ssid_match(struct wpa_supplicant
*wpa_s
, const u8
*bssid
,
4337 const u8
*entry_ssid
, size_t entry_ssid_len
)
4339 const u8
*owe
, *pos
, *end
;
4341 struct wpa_bss
*bss
;
4343 /* Check network profile SSID aganst the SSID in the
4344 * OWE Transition Mode element. */
4346 bss
= wpa_bss_get_bssid_latest(wpa_s
, bssid
);
4350 owe
= wpa_bss_get_vendor_ie(bss
, OWE_IE_VENDOR_TYPE
);
4355 end
= owe
+ 2 + owe
[1];
4357 if (end
- pos
< ETH_ALEN
+ 1)
4361 if (end
- pos
< ssid_len
|| ssid_len
> SSID_MAX_LEN
)
4364 return entry_ssid_len
== ssid_len
&&
4365 os_memcmp(pos
, entry_ssid
, ssid_len
) == 0;
4367 #endif /* CONFIG_OWE */
4371 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
4372 * @wpa_s: Pointer to wpa_supplicant data
4373 * Returns: A pointer to the current network structure or %NULL on failure
4375 struct wpa_ssid
* wpa_supplicant_get_ssid(struct wpa_supplicant
*wpa_s
)
4377 struct wpa_ssid
*entry
;
4378 u8 ssid
[SSID_MAX_LEN
];
4384 res
= wpa_drv_get_ssid(wpa_s
, ssid
);
4386 wpa_msg(wpa_s
, MSG_WARNING
, "Could not read SSID from "
4392 if (wpa_drv_get_bssid(wpa_s
, bssid
) < 0) {
4393 wpa_msg(wpa_s
, MSG_WARNING
, "Could not read BSSID from "
4398 wired
= wpa_s
->conf
->ap_scan
== 0 &&
4399 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
);
4401 entry
= wpa_s
->conf
->ssid
;
4403 if (!wpas_network_disabled(wpa_s
, entry
) &&
4404 ((ssid_len
== entry
->ssid_len
&&
4406 os_memcmp(ssid
, entry
->ssid
, ssid_len
) == 0)) ||
4408 (!entry
->bssid_set
||
4409 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4412 if (!wpas_network_disabled(wpa_s
, entry
) &&
4413 (entry
->key_mgmt
& WPA_KEY_MGMT_WPS
) &&
4414 (entry
->ssid
== NULL
|| entry
->ssid_len
== 0) &&
4415 (!entry
->bssid_set
||
4416 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4418 #endif /* CONFIG_WPS */
4421 if (!wpas_network_disabled(wpa_s
, entry
) &&
4422 owe_trans_ssid_match(wpa_s
, bssid
, entry
->ssid
,
4424 (!entry
->bssid_set
||
4425 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4427 #endif /* CONFIG_OWE */
4429 if (!wpas_network_disabled(wpa_s
, entry
) && entry
->bssid_set
&&
4430 entry
->ssid_len
== 0 &&
4431 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0)
4434 entry
= entry
->next
;
4441 static int select_driver(struct wpa_supplicant
*wpa_s
, int i
)
4443 struct wpa_global
*global
= wpa_s
->global
;
4445 if (wpa_drivers
[i
]->global_init
&& global
->drv_priv
[i
] == NULL
) {
4446 global
->drv_priv
[i
] = wpa_drivers
[i
]->global_init(global
);
4447 if (global
->drv_priv
[i
] == NULL
) {
4448 wpa_printf(MSG_ERROR
, "Failed to initialize driver "
4449 "'%s'", wpa_drivers
[i
]->name
);
4454 wpa_s
->driver
= wpa_drivers
[i
];
4455 wpa_s
->global_drv_priv
= global
->drv_priv
[i
];
4461 static int wpa_supplicant_set_driver(struct wpa_supplicant
*wpa_s
,
4466 const char *pos
, *driver
= name
;
4471 if (wpa_drivers
[0] == NULL
) {
4472 wpa_msg(wpa_s
, MSG_ERROR
, "No driver interfaces build into "
4478 /* default to first driver in the list */
4479 return select_driver(wpa_s
, 0);
4483 pos
= os_strchr(driver
, ',');
4487 len
= os_strlen(driver
);
4489 for (i
= 0; wpa_drivers
[i
]; i
++) {
4490 if (os_strlen(wpa_drivers
[i
]->name
) == len
&&
4491 os_strncmp(driver
, wpa_drivers
[i
]->name
, len
) ==
4493 /* First driver that succeeds wins */
4494 if (select_driver(wpa_s
, i
) == 0)
4502 wpa_msg(wpa_s
, MSG_ERROR
, "Unsupported driver '%s'", name
);
4508 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
4509 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
4510 * with struct wpa_driver_ops::init()
4511 * @src_addr: Source address of the EAPOL frame
4512 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
4513 * @len: Length of the EAPOL data
4515 * This function is called for each received EAPOL frame. Most driver
4516 * interfaces rely on more generic OS mechanism for receiving frames through
4517 * l2_packet, but if such a mechanism is not available, the driver wrapper may
4518 * take care of received EAPOL frames and deliver them to the core supplicant
4519 * code by calling this function.
4521 void wpa_supplicant_rx_eapol(void *ctx
, const u8
*src_addr
,
4522 const u8
*buf
, size_t len
)
4524 struct wpa_supplicant
*wpa_s
= ctx
;
4526 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
, MAC2STR(src_addr
));
4527 wpa_hexdump(MSG_MSGDUMP
, "RX EAPOL", buf
, len
);
4529 #ifdef CONFIG_TESTING_OPTIONS
4530 if (wpa_s
->ignore_auth_resp
) {
4531 wpa_printf(MSG_INFO
, "RX EAPOL - ignore_auth_resp active!");
4534 #endif /* CONFIG_TESTING_OPTIONS */
4536 if (wpa_s
->wpa_state
< WPA_ASSOCIATED
||
4537 (wpa_s
->last_eapol_matches_bssid
&&
4540 #endif /* CONFIG_AP */
4541 os_memcmp(src_addr
, wpa_s
->bssid
, ETH_ALEN
) != 0)) {
4543 * There is possible race condition between receiving the
4544 * association event and the EAPOL frame since they are coming
4545 * through different paths from the driver. In order to avoid
4546 * issues in trying to process the EAPOL frame before receiving
4547 * association information, lets queue it for processing until
4548 * the association event is received. This may also be needed in
4549 * driver-based roaming case, so also use src_addr != BSSID as a
4550 * trigger if we have previously confirmed that the
4551 * Authenticator uses BSSID as the src_addr (which is not the
4552 * case with wired IEEE 802.1X).
4554 wpa_dbg(wpa_s
, MSG_DEBUG
, "Not associated - Delay processing "
4555 "of received EAPOL frame (state=%s bssid=" MACSTR
")",
4556 wpa_supplicant_state_txt(wpa_s
->wpa_state
),
4557 MAC2STR(wpa_s
->bssid
));
4558 wpabuf_free(wpa_s
->pending_eapol_rx
);
4559 wpa_s
->pending_eapol_rx
= wpabuf_alloc_copy(buf
, len
);
4560 if (wpa_s
->pending_eapol_rx
) {
4561 os_get_reltime(&wpa_s
->pending_eapol_rx_time
);
4562 os_memcpy(wpa_s
->pending_eapol_rx_src
, src_addr
,
4568 wpa_s
->last_eapol_matches_bssid
=
4569 os_memcmp(src_addr
, wpa_s
->bssid
, ETH_ALEN
) == 0;
4572 if (wpa_s
->ap_iface
) {
4573 wpa_supplicant_ap_rx_eapol(wpa_s
, src_addr
, buf
, len
);
4576 #endif /* CONFIG_AP */
4578 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
) {
4579 wpa_dbg(wpa_s
, MSG_DEBUG
, "Ignored received EAPOL frame since "
4580 "no key management is configured");
4584 if (wpa_s
->eapol_received
== 0 &&
4585 (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
) ||
4586 !wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
4587 wpa_s
->wpa_state
!= WPA_COMPLETED
) &&
4588 (wpa_s
->current_ssid
== NULL
||
4589 wpa_s
->current_ssid
->mode
!= WPAS_MODE_IBSS
)) {
4590 /* Timeout for completing IEEE 802.1X and WPA authentication */
4593 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) ||
4594 wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
||
4595 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
4596 /* Use longer timeout for IEEE 802.1X/EAP */
4601 if (wpa_s
->current_ssid
&& wpa_s
->current_bss
&&
4602 (wpa_s
->current_ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
) &&
4603 eap_is_wps_pin_enrollee(&wpa_s
->current_ssid
->eap
)) {
4605 * Use shorter timeout if going through WPS AP iteration
4606 * for PIN config method with an AP that does not
4607 * advertise Selected Registrar.
4609 struct wpabuf
*wps_ie
;
4611 wps_ie
= wpa_bss_get_vendor_ie_multi(
4612 wpa_s
->current_bss
, WPS_IE_VENDOR_TYPE
);
4614 !wps_is_addr_authorized(wps_ie
, wpa_s
->own_addr
, 1))
4616 wpabuf_free(wps_ie
);
4618 #endif /* CONFIG_WPS */
4620 wpa_supplicant_req_auth_timeout(wpa_s
, timeout
, 0);
4622 wpa_s
->eapol_received
++;
4624 if (wpa_s
->countermeasures
) {
4625 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Countermeasures - dropped "
4630 #ifdef CONFIG_IBSS_RSN
4631 if (wpa_s
->current_ssid
&&
4632 wpa_s
->current_ssid
->mode
== WPAS_MODE_IBSS
) {
4633 ibss_rsn_rx_eapol(wpa_s
->ibss_rsn
, src_addr
, buf
, len
);
4636 #endif /* CONFIG_IBSS_RSN */
4638 /* Source address of the incoming EAPOL frame could be compared to the
4639 * current BSSID. However, it is possible that a centralized
4640 * Authenticator could be using another MAC address than the BSSID of
4641 * an AP, so just allow any address to be used for now. The replies are
4642 * still sent to the current BSSID (if available), though. */
4644 os_memcpy(wpa_s
->last_eapol_src
, src_addr
, ETH_ALEN
);
4645 if (!wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) &&
4646 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_OWE
&&
4647 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_DPP
&&
4648 eapol_sm_rx_eapol(wpa_s
->eapol
, src_addr
, buf
, len
) > 0)
4650 wpa_drv_poll(wpa_s
);
4651 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
))
4652 wpa_sm_rx_eapol(wpa_s
->wpa
, src_addr
, buf
, len
);
4653 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
)) {
4655 * Set portValid = TRUE here since we are going to skip 4-way
4656 * handshake processing which would normally set portValid. We
4657 * need this to allow the EAPOL state machines to be completed
4658 * without going through EAPOL-Key handshake.
4660 eapol_sm_notify_portValid(wpa_s
->eapol
, TRUE
);
4665 int wpa_supplicant_update_mac_addr(struct wpa_supplicant
*wpa_s
)
4667 if ((!wpa_s
->p2p_mgmt
||
4668 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
)) &&
4669 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE
)) {
4670 l2_packet_deinit(wpa_s
->l2
);
4671 wpa_s
->l2
= l2_packet_init(wpa_s
->ifname
,
4672 wpa_drv_get_mac_addr(wpa_s
),
4674 wpa_supplicant_rx_eapol
, wpa_s
, 0);
4675 if (wpa_s
->l2
== NULL
)
4678 if (l2_packet_set_packet_filter(wpa_s
->l2
,
4679 L2_PACKET_FILTER_PKTTYPE
))
4680 wpa_dbg(wpa_s
, MSG_DEBUG
,
4681 "Failed to attach pkt_type filter");
4683 const u8
*addr
= wpa_drv_get_mac_addr(wpa_s
);
4685 os_memcpy(wpa_s
->own_addr
, addr
, ETH_ALEN
);
4688 if (wpa_s
->l2
&& l2_packet_get_own_addr(wpa_s
->l2
, wpa_s
->own_addr
)) {
4689 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to get own L2 address");
4693 wpa_sm_set_own_addr(wpa_s
->wpa
, wpa_s
->own_addr
);
4694 wpas_wps_update_mac_addr(wpa_s
);
4698 fst_update_mac_addr(wpa_s
->fst
, wpa_s
->own_addr
);
4699 #endif /* CONFIG_FST */
4705 static void wpa_supplicant_rx_eapol_bridge(void *ctx
, const u8
*src_addr
,
4706 const u8
*buf
, size_t len
)
4708 struct wpa_supplicant
*wpa_s
= ctx
;
4709 const struct l2_ethhdr
*eth
;
4711 if (len
< sizeof(*eth
))
4713 eth
= (const struct l2_ethhdr
*) buf
;
4715 if (os_memcmp(eth
->h_dest
, wpa_s
->own_addr
, ETH_ALEN
) != 0 &&
4716 !(eth
->h_dest
[0] & 0x01)) {
4717 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
" to " MACSTR
4718 " (bridge - not for this interface - ignore)",
4719 MAC2STR(src_addr
), MAC2STR(eth
->h_dest
));
4723 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
" to " MACSTR
4724 " (bridge)", MAC2STR(src_addr
), MAC2STR(eth
->h_dest
));
4725 wpa_supplicant_rx_eapol(wpa_s
, src_addr
, buf
+ sizeof(*eth
),
4726 len
- sizeof(*eth
));
4731 * wpa_supplicant_driver_init - Initialize driver interface parameters
4732 * @wpa_s: Pointer to wpa_supplicant data
4733 * Returns: 0 on success, -1 on failure
4735 * This function is called to initialize driver interface parameters.
4736 * wpa_drv_init() must have been called before this function to initialize the
4739 int wpa_supplicant_driver_init(struct wpa_supplicant
*wpa_s
)
4741 static int interface_count
= 0;
4743 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0)
4746 wpa_dbg(wpa_s
, MSG_DEBUG
, "Own MAC address: " MACSTR
,
4747 MAC2STR(wpa_s
->own_addr
));
4748 os_memcpy(wpa_s
->perm_addr
, wpa_s
->own_addr
, ETH_ALEN
);
4749 wpa_sm_set_own_addr(wpa_s
->wpa
, wpa_s
->own_addr
);
4751 if (wpa_s
->bridge_ifname
[0]) {
4752 wpa_dbg(wpa_s
, MSG_DEBUG
, "Receiving packets from bridge "
4753 "interface '%s'", wpa_s
->bridge_ifname
);
4754 wpa_s
->l2_br
= l2_packet_init_bridge(
4755 wpa_s
->bridge_ifname
, wpa_s
->ifname
, wpa_s
->own_addr
,
4756 ETH_P_EAPOL
, wpa_supplicant_rx_eapol_bridge
, wpa_s
, 1);
4757 if (wpa_s
->l2_br
== NULL
) {
4758 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to open l2_packet "
4759 "connection for the bridge interface '%s'",
4760 wpa_s
->bridge_ifname
);
4765 if (wpa_s
->conf
->ap_scan
== 2 &&
4766 os_strcmp(wpa_s
->driver
->name
, "nl80211") == 0) {
4767 wpa_printf(MSG_INFO
,
4768 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4771 wpa_clear_keys(wpa_s
, NULL
);
4773 /* Make sure that TKIP countermeasures are not left enabled (could
4774 * happen if wpa_supplicant is killed during countermeasures. */
4775 wpa_drv_set_countermeasures(wpa_s
, 0);
4777 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: flushing PMKID list in the driver");
4778 wpa_drv_flush_pmkid(wpa_s
);
4780 wpa_s
->prev_scan_ssid
= WILDCARD_SSID_SCAN
;
4781 wpa_s
->prev_scan_wildcard
= 0;
4783 if (wpa_supplicant_enabled_networks(wpa_s
)) {
4784 if (wpa_s
->wpa_state
== WPA_INTERFACE_DISABLED
) {
4785 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
4786 interface_count
= 0;
4789 if (!wpa_s
->p2p_mgmt
&&
4790 wpa_supplicant_delayed_sched_scan(wpa_s
,
4791 interface_count
% 3,
4793 wpa_supplicant_req_scan(wpa_s
, interface_count
% 3,
4795 #endif /* ANDROID */
4798 wpa_supplicant_set_state(wpa_s
, WPA_INACTIVE
);
4804 static int wpa_supplicant_daemon(const char *pid_file
)
4806 wpa_printf(MSG_DEBUG
, "Daemonize..");
4807 return os_daemonize(pid_file
);
4811 static struct wpa_supplicant
*
4812 wpa_supplicant_alloc(struct wpa_supplicant
*parent
)
4814 struct wpa_supplicant
*wpa_s
;
4816 wpa_s
= os_zalloc(sizeof(*wpa_s
));
4819 wpa_s
->scan_req
= INITIAL_SCAN_REQ
;
4820 wpa_s
->scan_interval
= 5;
4821 wpa_s
->new_connection
= 1;
4822 wpa_s
->parent
= parent
? parent
: wpa_s
;
4823 wpa_s
->p2pdev
= wpa_s
->parent
;
4824 wpa_s
->sched_scanning
= 0;
4826 dl_list_init(&wpa_s
->bss_tmp_disallowed
);
4827 dl_list_init(&wpa_s
->fils_hlp_req
);
4828 #ifdef CONFIG_TESTING_OPTIONS
4829 dl_list_init(&wpa_s
->drv_signal_override
);
4830 #endif /* CONFIG_TESTING_OPTIONS */
4836 #ifdef CONFIG_HT_OVERRIDES
4838 static int wpa_set_htcap_mcs(struct wpa_supplicant
*wpa_s
,
4839 struct ieee80211_ht_capabilities
*htcaps
,
4840 struct ieee80211_ht_capabilities
*htcaps_mask
,
4843 /* parse ht_mcs into hex array */
4845 const char *tmp
= ht_mcs
;
4848 /* If ht_mcs is null, do not set anything */
4852 /* This is what we are setting in the kernel */
4853 os_memset(&htcaps
->supported_mcs_set
, 0, IEEE80211_HT_MCS_MASK_LEN
);
4855 wpa_msg(wpa_s
, MSG_DEBUG
, "set_htcap, ht_mcs -:%s:-", ht_mcs
);
4857 for (i
= 0; i
< IEEE80211_HT_MCS_MASK_LEN
; i
++) {
4861 v
= strtol(tmp
, &end
, 16);
4864 wpa_msg(wpa_s
, MSG_DEBUG
,
4865 "htcap value[%i]: %ld end: %p tmp: %p",
4870 htcaps
->supported_mcs_set
[i
] = v
;
4873 wpa_msg(wpa_s
, MSG_ERROR
,
4874 "Failed to parse ht-mcs: %s, error: %s\n",
4875 ht_mcs
, strerror(errno
));
4881 * If we were able to parse any values, then set mask for the MCS set.
4884 os_memset(&htcaps_mask
->supported_mcs_set
, 0xff,
4885 IEEE80211_HT_MCS_MASK_LEN
- 1);
4886 /* skip the 3 reserved bits */
4887 htcaps_mask
->supported_mcs_set
[IEEE80211_HT_MCS_MASK_LEN
- 1] =
4895 static int wpa_disable_max_amsdu(struct wpa_supplicant
*wpa_s
,
4896 struct ieee80211_ht_capabilities
*htcaps
,
4897 struct ieee80211_ht_capabilities
*htcaps_mask
,
4905 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_max_amsdu: %d", disabled
);
4907 msk
= host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE
);
4908 htcaps_mask
->ht_capabilities_info
|= msk
;
4910 htcaps
->ht_capabilities_info
&= msk
;
4912 htcaps
->ht_capabilities_info
|= msk
;
4918 static int wpa_set_ampdu_factor(struct wpa_supplicant
*wpa_s
,
4919 struct ieee80211_ht_capabilities
*htcaps
,
4920 struct ieee80211_ht_capabilities
*htcaps_mask
,
4926 wpa_msg(wpa_s
, MSG_DEBUG
, "set_ampdu_factor: %d", factor
);
4928 if (factor
< 0 || factor
> 3) {
4929 wpa_msg(wpa_s
, MSG_ERROR
, "ampdu_factor: %d out of range. "
4930 "Must be 0-3 or -1", factor
);
4934 htcaps_mask
->a_mpdu_params
|= 0x3; /* 2 bits for factor */
4935 htcaps
->a_mpdu_params
&= ~0x3;
4936 htcaps
->a_mpdu_params
|= factor
& 0x3;
4942 static int wpa_set_ampdu_density(struct wpa_supplicant
*wpa_s
,
4943 struct ieee80211_ht_capabilities
*htcaps
,
4944 struct ieee80211_ht_capabilities
*htcaps_mask
,
4950 wpa_msg(wpa_s
, MSG_DEBUG
, "set_ampdu_density: %d", density
);
4952 if (density
< 0 || density
> 7) {
4953 wpa_msg(wpa_s
, MSG_ERROR
,
4954 "ampdu_density: %d out of range. Must be 0-7 or -1.",
4959 htcaps_mask
->a_mpdu_params
|= 0x1C;
4960 htcaps
->a_mpdu_params
&= ~(0x1C);
4961 htcaps
->a_mpdu_params
|= (density
<< 2) & 0x1C;
4967 static int wpa_set_disable_ht40(struct wpa_supplicant
*wpa_s
,
4968 struct ieee80211_ht_capabilities
*htcaps
,
4969 struct ieee80211_ht_capabilities
*htcaps_mask
,
4973 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_ht40: %d", disabled
);
4975 set_disable_ht40(htcaps
, disabled
);
4976 set_disable_ht40(htcaps_mask
, 0);
4982 static int wpa_set_disable_sgi(struct wpa_supplicant
*wpa_s
,
4983 struct ieee80211_ht_capabilities
*htcaps
,
4984 struct ieee80211_ht_capabilities
*htcaps_mask
,
4987 /* Masking these out disables SGI */
4988 le16 msk
= host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ
|
4989 HT_CAP_INFO_SHORT_GI40MHZ
);
4992 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_sgi: %d", disabled
);
4995 htcaps
->ht_capabilities_info
&= ~msk
;
4997 htcaps
->ht_capabilities_info
|= msk
;
4999 htcaps_mask
->ht_capabilities_info
|= msk
;
5005 static int wpa_set_disable_ldpc(struct wpa_supplicant
*wpa_s
,
5006 struct ieee80211_ht_capabilities
*htcaps
,
5007 struct ieee80211_ht_capabilities
*htcaps_mask
,
5010 /* Masking these out disables LDPC */
5011 le16 msk
= host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP
);
5014 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_ldpc: %d", disabled
);
5017 htcaps
->ht_capabilities_info
&= ~msk
;
5019 htcaps
->ht_capabilities_info
|= msk
;
5021 htcaps_mask
->ht_capabilities_info
|= msk
;
5027 static int wpa_set_tx_stbc(struct wpa_supplicant
*wpa_s
,
5028 struct ieee80211_ht_capabilities
*htcaps
,
5029 struct ieee80211_ht_capabilities
*htcaps_mask
,
5032 le16 msk
= host_to_le16(HT_CAP_INFO_TX_STBC
);
5037 wpa_msg(wpa_s
, MSG_DEBUG
, "set_tx_stbc: %d", tx_stbc
);
5039 if (tx_stbc
< 0 || tx_stbc
> 1) {
5040 wpa_msg(wpa_s
, MSG_ERROR
,
5041 "tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc
);
5045 htcaps_mask
->ht_capabilities_info
|= msk
;
5046 htcaps
->ht_capabilities_info
&= ~msk
;
5047 htcaps
->ht_capabilities_info
|= (tx_stbc
<< 7) & msk
;
5053 static int wpa_set_rx_stbc(struct wpa_supplicant
*wpa_s
,
5054 struct ieee80211_ht_capabilities
*htcaps
,
5055 struct ieee80211_ht_capabilities
*htcaps_mask
,
5058 le16 msk
= host_to_le16(HT_CAP_INFO_RX_STBC_MASK
);
5063 wpa_msg(wpa_s
, MSG_DEBUG
, "set_rx_stbc: %d", rx_stbc
);
5065 if (rx_stbc
< 0 || rx_stbc
> 3) {
5066 wpa_msg(wpa_s
, MSG_ERROR
,
5067 "rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc
);
5071 htcaps_mask
->ht_capabilities_info
|= msk
;
5072 htcaps
->ht_capabilities_info
&= ~msk
;
5073 htcaps
->ht_capabilities_info
|= (rx_stbc
<< 8) & msk
;
5079 void wpa_supplicant_apply_ht_overrides(
5080 struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
5081 struct wpa_driver_associate_params
*params
)
5083 struct ieee80211_ht_capabilities
*htcaps
;
5084 struct ieee80211_ht_capabilities
*htcaps_mask
;
5089 params
->disable_ht
= ssid
->disable_ht
;
5090 if (!params
->htcaps
|| !params
->htcaps_mask
)
5093 htcaps
= (struct ieee80211_ht_capabilities
*) params
->htcaps
;
5094 htcaps_mask
= (struct ieee80211_ht_capabilities
*) params
->htcaps_mask
;
5095 wpa_set_htcap_mcs(wpa_s
, htcaps
, htcaps_mask
, ssid
->ht_mcs
);
5096 wpa_disable_max_amsdu(wpa_s
, htcaps
, htcaps_mask
,
5097 ssid
->disable_max_amsdu
);
5098 wpa_set_ampdu_factor(wpa_s
, htcaps
, htcaps_mask
, ssid
->ampdu_factor
);
5099 wpa_set_ampdu_density(wpa_s
, htcaps
, htcaps_mask
, ssid
->ampdu_density
);
5100 wpa_set_disable_ht40(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_ht40
);
5101 wpa_set_disable_sgi(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_sgi
);
5102 wpa_set_disable_ldpc(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_ldpc
);
5103 wpa_set_rx_stbc(wpa_s
, htcaps
, htcaps_mask
, ssid
->rx_stbc
);
5104 wpa_set_tx_stbc(wpa_s
, htcaps
, htcaps_mask
, ssid
->tx_stbc
);
5106 if (ssid
->ht40_intolerant
) {
5107 le16 bit
= host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT
);
5108 htcaps
->ht_capabilities_info
|= bit
;
5109 htcaps_mask
->ht_capabilities_info
|= bit
;
5113 #endif /* CONFIG_HT_OVERRIDES */
5116 #ifdef CONFIG_VHT_OVERRIDES
5117 void wpa_supplicant_apply_vht_overrides(
5118 struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
5119 struct wpa_driver_associate_params
*params
)
5121 struct ieee80211_vht_capabilities
*vhtcaps
;
5122 struct ieee80211_vht_capabilities
*vhtcaps_mask
;
5127 params
->disable_vht
= ssid
->disable_vht
;
5129 vhtcaps
= (void *) params
->vhtcaps
;
5130 vhtcaps_mask
= (void *) params
->vhtcaps_mask
;
5132 if (!vhtcaps
|| !vhtcaps_mask
)
5135 vhtcaps
->vht_capabilities_info
= host_to_le32(ssid
->vht_capa
);
5136 vhtcaps_mask
->vht_capabilities_info
= host_to_le32(ssid
->vht_capa_mask
);
5138 #ifdef CONFIG_HT_OVERRIDES
5139 if (ssid
->disable_sgi
) {
5140 vhtcaps_mask
->vht_capabilities_info
|= (VHT_CAP_SHORT_GI_80
|
5141 VHT_CAP_SHORT_GI_160
);
5142 vhtcaps
->vht_capabilities_info
&= ~(VHT_CAP_SHORT_GI_80
|
5143 VHT_CAP_SHORT_GI_160
);
5144 wpa_msg(wpa_s
, MSG_DEBUG
,
5145 "disable-sgi override specified, vht-caps: 0x%x",
5146 vhtcaps
->vht_capabilities_info
);
5149 /* if max ampdu is <= 3, we have to make the HT cap the same */
5150 if (ssid
->vht_capa_mask
& VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
) {
5153 max_ampdu
= (ssid
->vht_capa
&
5154 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
) >>
5155 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT
;
5157 max_ampdu
= max_ampdu
< 3 ? max_ampdu
: 3;
5158 wpa_set_ampdu_factor(wpa_s
,
5159 (void *) params
->htcaps
,
5160 (void *) params
->htcaps_mask
,
5163 #endif /* CONFIG_HT_OVERRIDES */
5165 #define OVERRIDE_MCS(i) \
5166 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
5167 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
5168 host_to_le16(3 << 2 * (i - 1)); \
5169 vhtcaps->vht_supported_mcs_set.tx_map |= \
5170 host_to_le16(ssid->vht_tx_mcs_nss_ ##i << \
5173 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
5174 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
5175 host_to_le16(3 << 2 * (i - 1)); \
5176 vhtcaps->vht_supported_mcs_set.rx_map |= \
5177 host_to_le16(ssid->vht_rx_mcs_nss_ ##i << \
5190 #endif /* CONFIG_VHT_OVERRIDES */
5193 static int pcsc_reader_init(struct wpa_supplicant
*wpa_s
)
5198 if (!wpa_s
->conf
->pcsc_reader
)
5201 wpa_s
->scard
= scard_init(wpa_s
->conf
->pcsc_reader
);
5205 if (wpa_s
->conf
->pcsc_pin
&&
5206 scard_set_pin(wpa_s
->scard
, wpa_s
->conf
->pcsc_pin
) < 0) {
5207 scard_deinit(wpa_s
->scard
);
5208 wpa_s
->scard
= NULL
;
5209 wpa_msg(wpa_s
, MSG_ERROR
, "PC/SC PIN validation failed");
5213 len
= sizeof(wpa_s
->imsi
) - 1;
5214 if (scard_get_imsi(wpa_s
->scard
, wpa_s
->imsi
, &len
)) {
5215 scard_deinit(wpa_s
->scard
);
5216 wpa_s
->scard
= NULL
;
5217 wpa_msg(wpa_s
, MSG_ERROR
, "Could not read IMSI");
5220 wpa_s
->imsi
[len
] = '\0';
5222 wpa_s
->mnc_len
= scard_get_mnc_len(wpa_s
->scard
);
5224 wpa_printf(MSG_DEBUG
, "SCARD: IMSI %s (MNC length %d)",
5225 wpa_s
->imsi
, wpa_s
->mnc_len
);
5227 wpa_sm_set_scard_ctx(wpa_s
->wpa
, wpa_s
->scard
);
5228 eapol_sm_register_scard_ctx(wpa_s
->eapol
, wpa_s
->scard
);
5229 #endif /* PCSC_FUNCS */
5235 int wpas_init_ext_pw(struct wpa_supplicant
*wpa_s
)
5239 ext_password_deinit(wpa_s
->ext_pw
);
5240 wpa_s
->ext_pw
= NULL
;
5241 eapol_sm_set_ext_pw_ctx(wpa_s
->eapol
, NULL
);
5243 if (!wpa_s
->conf
->ext_password_backend
)
5246 val
= os_strdup(wpa_s
->conf
->ext_password_backend
);
5249 pos
= os_strchr(val
, ':');
5253 wpa_printf(MSG_DEBUG
, "EXT PW: Initialize backend '%s'", val
);
5255 wpa_s
->ext_pw
= ext_password_init(val
, pos
);
5257 if (wpa_s
->ext_pw
== NULL
) {
5258 wpa_printf(MSG_DEBUG
, "EXT PW: Failed to initialize backend");
5261 eapol_sm_set_ext_pw_ctx(wpa_s
->eapol
, wpa_s
->ext_pw
);
5269 static const u8
* wpas_fst_get_bssid_cb(void *ctx
)
5271 struct wpa_supplicant
*wpa_s
= ctx
;
5273 return (is_zero_ether_addr(wpa_s
->bssid
) ||
5274 wpa_s
->wpa_state
!= WPA_COMPLETED
) ? NULL
: wpa_s
->bssid
;
5278 static void wpas_fst_get_channel_info_cb(void *ctx
,
5279 enum hostapd_hw_mode
*hw_mode
,
5282 struct wpa_supplicant
*wpa_s
= ctx
;
5284 if (wpa_s
->current_bss
) {
5285 *hw_mode
= ieee80211_freq_to_chan(wpa_s
->current_bss
->freq
,
5287 } else if (wpa_s
->hw
.num_modes
) {
5288 *hw_mode
= wpa_s
->hw
.modes
[0].mode
;
5296 static int wpas_fst_get_hw_modes(void *ctx
, struct hostapd_hw_modes
**modes
)
5298 struct wpa_supplicant
*wpa_s
= ctx
;
5300 *modes
= wpa_s
->hw
.modes
;
5301 return wpa_s
->hw
.num_modes
;
5305 static void wpas_fst_set_ies_cb(void *ctx
, const struct wpabuf
*fst_ies
)
5307 struct wpa_supplicant
*wpa_s
= ctx
;
5309 wpa_hexdump_buf(MSG_DEBUG
, "FST: Set IEs", fst_ies
);
5310 wpa_s
->fst_ies
= fst_ies
;
5314 static int wpas_fst_send_action_cb(void *ctx
, const u8
*da
, struct wpabuf
*data
)
5316 struct wpa_supplicant
*wpa_s
= ctx
;
5318 if (os_memcmp(wpa_s
->bssid
, da
, ETH_ALEN
) != 0) {
5319 wpa_printf(MSG_INFO
, "FST:%s:bssid=" MACSTR
" != da=" MACSTR
,
5320 __func__
, MAC2STR(wpa_s
->bssid
), MAC2STR(da
));
5323 return wpa_drv_send_action(wpa_s
, wpa_s
->assoc_freq
, 0, wpa_s
->bssid
,
5324 wpa_s
->own_addr
, wpa_s
->bssid
,
5325 wpabuf_head(data
), wpabuf_len(data
),
5330 static const struct wpabuf
* wpas_fst_get_mb_ie_cb(void *ctx
, const u8
*addr
)
5332 struct wpa_supplicant
*wpa_s
= ctx
;
5334 WPA_ASSERT(os_memcmp(wpa_s
->bssid
, addr
, ETH_ALEN
) == 0);
5335 return wpa_s
->received_mb_ies
;
5339 static void wpas_fst_update_mb_ie_cb(void *ctx
, const u8
*addr
,
5340 const u8
*buf
, size_t size
)
5342 struct wpa_supplicant
*wpa_s
= ctx
;
5343 struct mb_ies_info info
;
5345 WPA_ASSERT(os_memcmp(wpa_s
->bssid
, addr
, ETH_ALEN
) == 0);
5347 if (!mb_ies_info_by_ies(&info
, buf
, size
)) {
5348 wpabuf_free(wpa_s
->received_mb_ies
);
5349 wpa_s
->received_mb_ies
= mb_ies_by_info(&info
);
5354 static const u8
* wpas_fst_get_peer_first(void *ctx
,
5355 struct fst_get_peer_ctx
**get_ctx
,
5358 struct wpa_supplicant
*wpa_s
= ctx
;
5361 if (!is_zero_ether_addr(wpa_s
->bssid
))
5362 return (wpa_s
->received_mb_ies
|| !mb_only
) ?
5363 wpa_s
->bssid
: NULL
;
5368 static const u8
* wpas_fst_get_peer_next(void *ctx
,
5369 struct fst_get_peer_ctx
**get_ctx
,
5375 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant
*wpa_s
,
5376 struct fst_wpa_obj
*iface_obj
)
5378 iface_obj
->ctx
= wpa_s
;
5379 iface_obj
->get_bssid
= wpas_fst_get_bssid_cb
;
5380 iface_obj
->get_channel_info
= wpas_fst_get_channel_info_cb
;
5381 iface_obj
->get_hw_modes
= wpas_fst_get_hw_modes
;
5382 iface_obj
->set_ies
= wpas_fst_set_ies_cb
;
5383 iface_obj
->send_action
= wpas_fst_send_action_cb
;
5384 iface_obj
->get_mb_ie
= wpas_fst_get_mb_ie_cb
;
5385 iface_obj
->update_mb_ie
= wpas_fst_update_mb_ie_cb
;
5386 iface_obj
->get_peer_first
= wpas_fst_get_peer_first
;
5387 iface_obj
->get_peer_next
= wpas_fst_get_peer_next
;
5389 #endif /* CONFIG_FST */
5391 static int wpas_set_wowlan_triggers(struct wpa_supplicant
*wpa_s
,
5392 const struct wpa_driver_capa
*capa
)
5394 struct wowlan_triggers
*triggers
;
5397 if (!wpa_s
->conf
->wowlan_triggers
)
5400 triggers
= wpa_get_wowlan_triggers(wpa_s
->conf
->wowlan_triggers
, capa
);
5402 ret
= wpa_drv_wowlan(wpa_s
, triggers
);
5409 enum wpa_radio_work_band
wpas_freq_to_band(int freq
)
5412 return BAND_2_4_GHZ
;
5419 unsigned int wpas_get_bands(struct wpa_supplicant
*wpa_s
, const int *freqs
)
5422 unsigned int band
= 0;
5425 /* freqs are specified for the radio work */
5426 for (i
= 0; freqs
[i
]; i
++)
5427 band
|= wpas_freq_to_band(freqs
[i
]);
5430 * freqs are not specified, implies all
5431 * the supported freqs by HW
5433 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
5434 if (wpa_s
->hw
.modes
[i
].num_channels
!= 0) {
5435 if (wpa_s
->hw
.modes
[i
].mode
==
5436 HOSTAPD_MODE_IEEE80211B
||
5437 wpa_s
->hw
.modes
[i
].mode
==
5438 HOSTAPD_MODE_IEEE80211G
)
5439 band
|= BAND_2_4_GHZ
;
5440 else if (wpa_s
->hw
.modes
[i
].mode
==
5441 HOSTAPD_MODE_IEEE80211A
)
5443 else if (wpa_s
->hw
.modes
[i
].mode
==
5444 HOSTAPD_MODE_IEEE80211AD
)
5445 band
|= BAND_60_GHZ
;
5446 else if (wpa_s
->hw
.modes
[i
].mode
==
5447 HOSTAPD_MODE_IEEE80211ANY
)
5448 band
= BAND_2_4_GHZ
| BAND_5_GHZ
|
5458 static struct wpa_radio
* radio_add_interface(struct wpa_supplicant
*wpa_s
,
5461 struct wpa_supplicant
*iface
= wpa_s
->global
->ifaces
;
5462 struct wpa_radio
*radio
;
5464 while (rn
&& iface
) {
5465 radio
= iface
->radio
;
5466 if (radio
&& os_strcmp(rn
, radio
->name
) == 0) {
5467 wpa_printf(MSG_DEBUG
, "Add interface %s to existing radio %s",
5469 dl_list_add(&radio
->ifaces
, &wpa_s
->radio_list
);
5473 iface
= iface
->next
;
5476 wpa_printf(MSG_DEBUG
, "Add interface %s to a new radio %s",
5477 wpa_s
->ifname
, rn
? rn
: "N/A");
5478 radio
= os_zalloc(sizeof(*radio
));
5483 os_strlcpy(radio
->name
, rn
, sizeof(radio
->name
));
5484 dl_list_init(&radio
->ifaces
);
5485 dl_list_init(&radio
->work
);
5486 dl_list_add(&radio
->ifaces
, &wpa_s
->radio_list
);
5492 static void radio_work_free(struct wpa_radio_work
*work
)
5494 if (work
->wpa_s
->scan_work
== work
) {
5495 /* This should not really happen. */
5496 wpa_dbg(work
->wpa_s
, MSG_INFO
, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
5497 work
->type
, work
, work
->started
);
5498 work
->wpa_s
->scan_work
= NULL
;
5502 if (work
->wpa_s
->p2p_scan_work
== work
) {
5503 /* This should not really happen. */
5504 wpa_dbg(work
->wpa_s
, MSG_INFO
, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
5505 work
->type
, work
, work
->started
);
5506 work
->wpa_s
->p2p_scan_work
= NULL
;
5508 #endif /* CONFIG_P2P */
5510 if (work
->started
) {
5511 work
->wpa_s
->radio
->num_active_works
--;
5512 wpa_dbg(work
->wpa_s
, MSG_DEBUG
,
5513 "radio_work_free('%s'@%p): num_active_works --> %u",
5515 work
->wpa_s
->radio
->num_active_works
);
5518 dl_list_del(&work
->list
);
5523 static int radio_work_is_connect(struct wpa_radio_work
*work
)
5525 return os_strcmp(work
->type
, "sme-connect") == 0 ||
5526 os_strcmp(work
->type
, "connect") == 0;
5530 static int radio_work_is_scan(struct wpa_radio_work
*work
)
5532 return os_strcmp(work
->type
, "scan") == 0 ||
5533 os_strcmp(work
->type
, "p2p-scan") == 0;
5537 static struct wpa_radio_work
* radio_work_get_next_work(struct wpa_radio
*radio
)
5539 struct wpa_radio_work
*active_work
= NULL
;
5540 struct wpa_radio_work
*tmp
;
5542 /* Get the active work to know the type and band. */
5543 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
, list
) {
5551 /* No active work, start one */
5552 radio
->num_active_works
= 0;
5553 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
,
5555 if (os_strcmp(tmp
->type
, "scan") == 0 &&
5556 radio
->external_scan_running
&&
5557 (((struct wpa_driver_scan_params
*)
5558 tmp
->ctx
)->only_new_results
||
5559 tmp
->wpa_s
->clear_driver_scan_cache
))
5566 if (radio_work_is_connect(active_work
)) {
5568 * If the active work is either connect or sme-connect,
5569 * do not parallelize them with other radio works.
5571 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5572 "Do not parallelize radio work with %s",
5577 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
, list
) {
5582 * If connect or sme-connect are enqueued, parallelize only
5583 * those operations ahead of them in the queue.
5585 if (radio_work_is_connect(tmp
))
5588 /* Serialize parallel scan and p2p_scan operations on the same
5589 * interface since the driver_nl80211 mechanism for tracking
5590 * scan cookies does not yet have support for this. */
5591 if (active_work
->wpa_s
== tmp
->wpa_s
&&
5592 radio_work_is_scan(active_work
) &&
5593 radio_work_is_scan(tmp
)) {
5594 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5595 "Do not start work '%s' when another work '%s' is already scheduled",
5596 tmp
->type
, active_work
->type
);
5600 * Check that the radio works are distinct and
5601 * on different bands.
5603 if (os_strcmp(active_work
->type
, tmp
->type
) != 0 &&
5604 (active_work
->bands
!= tmp
->bands
)) {
5606 * If a scan has to be scheduled through nl80211 scan
5607 * interface and if an external scan is already running,
5608 * do not schedule the scan since it is likely to get
5609 * rejected by kernel.
5611 if (os_strcmp(tmp
->type
, "scan") == 0 &&
5612 radio
->external_scan_running
&&
5613 (((struct wpa_driver_scan_params
*)
5614 tmp
->ctx
)->only_new_results
||
5615 tmp
->wpa_s
->clear_driver_scan_cache
))
5618 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5619 "active_work:%s new_work:%s",
5620 active_work
->type
, tmp
->type
);
5625 /* Did not find a radio work to schedule in parallel. */
5630 static void radio_start_next_work(void *eloop_ctx
, void *timeout_ctx
)
5632 struct wpa_radio
*radio
= eloop_ctx
;
5633 struct wpa_radio_work
*work
;
5634 struct os_reltime now
, diff
;
5635 struct wpa_supplicant
*wpa_s
;
5637 work
= dl_list_first(&radio
->work
, struct wpa_radio_work
, list
);
5639 radio
->num_active_works
= 0;
5643 wpa_s
= dl_list_first(&radio
->ifaces
, struct wpa_supplicant
,
5647 wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
)) {
5649 return; /* already started and still in progress */
5651 if (wpa_s
&& wpa_s
->radio
->external_scan_running
) {
5652 wpa_printf(MSG_DEBUG
, "Delay radio work start until externally triggered scan completes");
5657 if (radio
->num_active_works
< MAX_ACTIVE_WORKS
) {
5658 /* get the work to schedule next */
5659 work
= radio_work_get_next_work(radio
);
5665 wpa_s
= work
->wpa_s
;
5666 os_get_reltime(&now
);
5667 os_reltime_sub(&now
, &work
->time
, &diff
);
5668 wpa_dbg(wpa_s
, MSG_DEBUG
,
5669 "Starting radio work '%s'@%p after %ld.%06ld second wait",
5670 work
->type
, work
, diff
.sec
, diff
.usec
);
5673 radio
->num_active_works
++;
5677 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
) &&
5678 radio
->num_active_works
< MAX_ACTIVE_WORKS
)
5679 radio_work_check_next(wpa_s
);
5684 * This function removes both started and pending radio works running on
5685 * the provided interface's radio.
5686 * Prior to the removal of the radio work, its callback (cb) is called with
5687 * deinit set to be 1. Each work's callback is responsible for clearing its
5688 * internal data and restoring to a correct state.
5689 * @wpa_s: wpa_supplicant data
5690 * @type: type of works to be removed
5691 * @remove_all: 1 to remove all the works on this radio, 0 to remove only
5692 * this interface's works.
5694 void radio_remove_works(struct wpa_supplicant
*wpa_s
,
5695 const char *type
, int remove_all
)
5697 struct wpa_radio_work
*work
, *tmp
;
5698 struct wpa_radio
*radio
= wpa_s
->radio
;
5700 dl_list_for_each_safe(work
, tmp
, &radio
->work
, struct wpa_radio_work
,
5702 if (type
&& os_strcmp(type
, work
->type
) != 0)
5705 /* skip other ifaces' works */
5706 if (!remove_all
&& work
->wpa_s
!= wpa_s
)
5709 wpa_dbg(wpa_s
, MSG_DEBUG
, "Remove radio work '%s'@%p%s",
5710 work
->type
, work
, work
->started
? " (started)" : "");
5712 radio_work_free(work
);
5715 /* in case we removed the started work */
5716 radio_work_check_next(wpa_s
);
5720 void radio_remove_pending_work(struct wpa_supplicant
*wpa_s
, void *ctx
)
5722 struct wpa_radio_work
*work
;
5723 struct wpa_radio
*radio
= wpa_s
->radio
;
5725 dl_list_for_each(work
, &radio
->work
, struct wpa_radio_work
, list
) {
5726 if (work
->ctx
!= ctx
)
5728 wpa_dbg(wpa_s
, MSG_DEBUG
, "Free pending radio work '%s'@%p%s",
5729 work
->type
, work
, work
->started
? " (started)" : "");
5730 radio_work_free(work
);
5736 static void radio_remove_interface(struct wpa_supplicant
*wpa_s
)
5738 struct wpa_radio
*radio
= wpa_s
->radio
;
5743 wpa_printf(MSG_DEBUG
, "Remove interface %s from radio %s",
5744 wpa_s
->ifname
, radio
->name
);
5745 dl_list_del(&wpa_s
->radio_list
);
5746 radio_remove_works(wpa_s
, NULL
, 0);
5747 wpa_s
->radio
= NULL
;
5748 if (!dl_list_empty(&radio
->ifaces
))
5749 return; /* Interfaces remain for this radio */
5751 wpa_printf(MSG_DEBUG
, "Remove radio %s", radio
->name
);
5752 eloop_cancel_timeout(radio_start_next_work
, radio
, NULL
);
5757 void radio_work_check_next(struct wpa_supplicant
*wpa_s
)
5759 struct wpa_radio
*radio
= wpa_s
->radio
;
5761 if (dl_list_empty(&radio
->work
))
5763 if (wpa_s
->ext_work_in_progress
) {
5764 wpa_printf(MSG_DEBUG
,
5765 "External radio work in progress - delay start of pending item");
5768 eloop_cancel_timeout(radio_start_next_work
, radio
, NULL
);
5769 eloop_register_timeout(0, 0, radio_start_next_work
, radio
, NULL
);
5774 * radio_add_work - Add a radio work item
5775 * @wpa_s: Pointer to wpa_supplicant data
5776 * @freq: Frequency of the offchannel operation in MHz or 0
5777 * @type: Unique identifier for each type of work
5778 * @next: Force as the next work to be executed
5779 * @cb: Callback function for indicating when radio is available
5780 * @ctx: Context pointer for the work (work->ctx in cb())
5781 * Returns: 0 on success, -1 on failure
5783 * This function is used to request time for an operation that requires
5784 * exclusive radio control. Once the radio is available, the registered callback
5785 * function will be called. radio_work_done() must be called once the exclusive
5786 * radio operation has been completed, so that the radio is freed for other
5787 * operations. The special case of deinit=1 is used to free the context data
5788 * during interface removal. That does not allow the callback function to start
5789 * the radio operation, i.e., it must free any resources allocated for the radio
5792 * The @freq parameter can be used to indicate a single channel on which the
5793 * offchannel operation will occur. This may allow multiple radio work
5794 * operations to be performed in parallel if they apply for the same channel.
5795 * Setting this to 0 indicates that the work item may use multiple channels or
5796 * requires exclusive control of the radio.
5798 int radio_add_work(struct wpa_supplicant
*wpa_s
, unsigned int freq
,
5799 const char *type
, int next
,
5800 void (*cb
)(struct wpa_radio_work
*work
, int deinit
),
5803 struct wpa_radio
*radio
= wpa_s
->radio
;
5804 struct wpa_radio_work
*work
;
5807 work
= os_zalloc(sizeof(*work
));
5810 wpa_dbg(wpa_s
, MSG_DEBUG
, "Add radio work '%s'@%p", type
, work
);
5811 os_get_reltime(&work
->time
);
5814 work
->wpa_s
= wpa_s
;
5819 work
->bands
= wpas_freq_to_band(freq
);
5820 else if (os_strcmp(type
, "scan") == 0 ||
5821 os_strcmp(type
, "p2p-scan") == 0)
5822 work
->bands
= wpas_get_bands(wpa_s
,
5823 ((struct wpa_driver_scan_params
*)
5826 work
->bands
= wpas_get_bands(wpa_s
, NULL
);
5828 was_empty
= dl_list_empty(&wpa_s
->radio
->work
);
5830 dl_list_add(&wpa_s
->radio
->work
, &work
->list
);
5832 dl_list_add_tail(&wpa_s
->radio
->work
, &work
->list
);
5834 wpa_dbg(wpa_s
, MSG_DEBUG
, "First radio work item in the queue - schedule start immediately");
5835 radio_work_check_next(wpa_s
);
5836 } else if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
)
5837 && radio
->num_active_works
< MAX_ACTIVE_WORKS
) {
5838 wpa_dbg(wpa_s
, MSG_DEBUG
,
5839 "Try to schedule a radio work (num_active_works=%u)",
5840 radio
->num_active_works
);
5841 radio_work_check_next(wpa_s
);
5849 * radio_work_done - Indicate that a radio work item has been completed
5850 * @work: Completed work
5852 * This function is called once the callback function registered with
5853 * radio_add_work() has completed its work.
5855 void radio_work_done(struct wpa_radio_work
*work
)
5857 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
5858 struct os_reltime now
, diff
;
5859 unsigned int started
= work
->started
;
5861 os_get_reltime(&now
);
5862 os_reltime_sub(&now
, &work
->time
, &diff
);
5863 wpa_dbg(wpa_s
, MSG_DEBUG
, "Radio work '%s'@%p %s in %ld.%06ld seconds",
5864 work
->type
, work
, started
? "done" : "canceled",
5865 diff
.sec
, diff
.usec
);
5866 radio_work_free(work
);
5868 radio_work_check_next(wpa_s
);
5872 struct wpa_radio_work
*
5873 radio_work_pending(struct wpa_supplicant
*wpa_s
, const char *type
)
5875 struct wpa_radio_work
*work
;
5876 struct wpa_radio
*radio
= wpa_s
->radio
;
5878 dl_list_for_each(work
, &radio
->work
, struct wpa_radio_work
, list
) {
5879 if (work
->wpa_s
== wpa_s
&& os_strcmp(work
->type
, type
) == 0)
5887 static int wpas_init_driver(struct wpa_supplicant
*wpa_s
,
5888 const struct wpa_interface
*iface
)
5890 const char *ifname
, *driver
, *rn
;
5892 driver
= iface
->driver
;
5894 if (wpa_supplicant_set_driver(wpa_s
, driver
) < 0)
5897 wpa_s
->drv_priv
= wpa_drv_init(wpa_s
, wpa_s
->ifname
);
5898 if (wpa_s
->drv_priv
== NULL
) {
5900 pos
= driver
? os_strchr(driver
, ',') : NULL
;
5902 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize "
5903 "driver interface - try next driver wrapper");
5907 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to initialize driver "
5911 if (wpa_drv_set_param(wpa_s
, wpa_s
->conf
->driver_param
) < 0) {
5912 wpa_msg(wpa_s
, MSG_ERROR
, "Driver interface rejected "
5913 "driver_param '%s'", wpa_s
->conf
->driver_param
);
5917 ifname
= wpa_drv_get_ifname(wpa_s
);
5918 if (ifname
&& os_strcmp(ifname
, wpa_s
->ifname
) != 0) {
5919 wpa_dbg(wpa_s
, MSG_DEBUG
, "Driver interface replaced "
5920 "interface name with '%s'", ifname
);
5921 os_strlcpy(wpa_s
->ifname
, ifname
, sizeof(wpa_s
->ifname
));
5924 rn
= wpa_driver_get_radio_name(wpa_s
);
5925 if (rn
&& rn
[0] == '\0')
5928 wpa_s
->radio
= radio_add_interface(wpa_s
, rn
);
5929 if (wpa_s
->radio
== NULL
)
5936 #ifdef CONFIG_GAS_SERVER
5938 static void wpas_gas_server_tx_status(struct wpa_supplicant
*wpa_s
,
5939 unsigned int freq
, const u8
*dst
,
5940 const u8
*src
, const u8
*bssid
,
5941 const u8
*data
, size_t data_len
,
5942 enum offchannel_send_action_result result
)
5944 wpa_printf(MSG_DEBUG
, "GAS: TX status: freq=%u dst=" MACSTR
5947 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
? "SUCCESS" :
5948 (result
== OFFCHANNEL_SEND_ACTION_NO_ACK
? "no-ACK" :
5950 gas_server_tx_status(wpa_s
->gas_server
, dst
, data
, data_len
,
5951 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
);
5955 static void wpas_gas_server_tx(void *ctx
, int freq
, const u8
*da
,
5956 struct wpabuf
*buf
, unsigned int wait_time
)
5958 struct wpa_supplicant
*wpa_s
= ctx
;
5959 const u8 broadcast
[ETH_ALEN
] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
5961 if (wait_time
> wpa_s
->max_remain_on_chan
)
5962 wait_time
= wpa_s
->max_remain_on_chan
;
5964 offchannel_send_action(wpa_s
, freq
, da
, wpa_s
->own_addr
, broadcast
,
5965 wpabuf_head(buf
), wpabuf_len(buf
),
5966 wait_time
, wpas_gas_server_tx_status
, 0);
5969 #endif /* CONFIG_GAS_SERVER */
5971 static int wpa_supplicant_init_iface(struct wpa_supplicant
*wpa_s
,
5972 const struct wpa_interface
*iface
)
5974 struct wpa_driver_capa capa
;
5978 wpa_printf(MSG_DEBUG
, "Initializing interface '%s' conf '%s' driver "
5979 "'%s' ctrl_interface '%s' bridge '%s'", iface
->ifname
,
5980 iface
->confname
? iface
->confname
: "N/A",
5981 iface
->driver
? iface
->driver
: "default",
5982 iface
->ctrl_interface
? iface
->ctrl_interface
: "N/A",
5983 iface
->bridge_ifname
? iface
->bridge_ifname
: "N/A");
5985 if (iface
->confname
) {
5986 #ifdef CONFIG_BACKEND_FILE
5987 wpa_s
->confname
= os_rel2abs_path(iface
->confname
);
5988 if (wpa_s
->confname
== NULL
) {
5989 wpa_printf(MSG_ERROR
, "Failed to get absolute path "
5990 "for configuration file '%s'.",
5994 wpa_printf(MSG_DEBUG
, "Configuration file '%s' -> '%s'",
5995 iface
->confname
, wpa_s
->confname
);
5996 #else /* CONFIG_BACKEND_FILE */
5997 wpa_s
->confname
= os_strdup(iface
->confname
);
5998 #endif /* CONFIG_BACKEND_FILE */
5999 wpa_s
->conf
= wpa_config_read(wpa_s
->confname
, NULL
);
6000 if (wpa_s
->conf
== NULL
) {
6001 wpa_printf(MSG_ERROR
, "Failed to read or parse "
6002 "configuration '%s'.", wpa_s
->confname
);
6005 wpa_s
->confanother
= os_rel2abs_path(iface
->confanother
);
6006 if (wpa_s
->confanother
&&
6007 !wpa_config_read(wpa_s
->confanother
, wpa_s
->conf
)) {
6008 wpa_printf(MSG_ERROR
,
6009 "Failed to read or parse configuration '%s'.",
6010 wpa_s
->confanother
);
6015 * Override ctrl_interface and driver_param if set on command
6018 if (iface
->ctrl_interface
) {
6019 os_free(wpa_s
->conf
->ctrl_interface
);
6020 wpa_s
->conf
->ctrl_interface
=
6021 os_strdup(iface
->ctrl_interface
);
6024 if (iface
->driver_param
) {
6025 os_free(wpa_s
->conf
->driver_param
);
6026 wpa_s
->conf
->driver_param
=
6027 os_strdup(iface
->driver_param
);
6030 if (iface
->p2p_mgmt
&& !iface
->ctrl_interface
) {
6031 os_free(wpa_s
->conf
->ctrl_interface
);
6032 wpa_s
->conf
->ctrl_interface
= NULL
;
6035 wpa_s
->conf
= wpa_config_alloc_empty(iface
->ctrl_interface
,
6036 iface
->driver_param
);
6038 if (wpa_s
->conf
== NULL
) {
6039 wpa_printf(MSG_ERROR
, "\nNo configuration found.");
6043 if (iface
->ifname
== NULL
) {
6044 wpa_printf(MSG_ERROR
, "\nInterface name is required.");
6047 if (os_strlen(iface
->ifname
) >= sizeof(wpa_s
->ifname
)) {
6048 wpa_printf(MSG_ERROR
, "\nToo long interface name '%s'.",
6052 os_strlcpy(wpa_s
->ifname
, iface
->ifname
, sizeof(wpa_s
->ifname
));
6054 if (iface
->bridge_ifname
) {
6055 if (os_strlen(iface
->bridge_ifname
) >=
6056 sizeof(wpa_s
->bridge_ifname
)) {
6057 wpa_printf(MSG_ERROR
, "\nToo long bridge interface "
6058 "name '%s'.", iface
->bridge_ifname
);
6061 os_strlcpy(wpa_s
->bridge_ifname
, iface
->bridge_ifname
,
6062 sizeof(wpa_s
->bridge_ifname
));
6065 /* RSNA Supplicant Key Management - INITIALIZE */
6066 eapol_sm_notify_portEnabled(wpa_s
->eapol
, FALSE
);
6067 eapol_sm_notify_portValid(wpa_s
->eapol
, FALSE
);
6069 /* Initialize driver interface and register driver event handler before
6070 * L2 receive handler so that association events are processed before
6071 * EAPOL-Key packets if both become available for the same select()
6073 if (wpas_init_driver(wpa_s
, iface
) < 0)
6076 if (wpa_supplicant_init_wpa(wpa_s
) < 0)
6079 wpa_sm_set_ifname(wpa_s
->wpa
, wpa_s
->ifname
,
6080 wpa_s
->bridge_ifname
[0] ? wpa_s
->bridge_ifname
:
6082 wpa_sm_set_fast_reauth(wpa_s
->wpa
, wpa_s
->conf
->fast_reauth
);
6084 if (wpa_s
->conf
->dot11RSNAConfigPMKLifetime
&&
6085 wpa_sm_set_param(wpa_s
->wpa
, RSNA_PMK_LIFETIME
,
6086 wpa_s
->conf
->dot11RSNAConfigPMKLifetime
)) {
6087 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
6088 "dot11RSNAConfigPMKLifetime");
6092 if (wpa_s
->conf
->dot11RSNAConfigPMKReauthThreshold
&&
6093 wpa_sm_set_param(wpa_s
->wpa
, RSNA_PMK_REAUTH_THRESHOLD
,
6094 wpa_s
->conf
->dot11RSNAConfigPMKReauthThreshold
)) {
6095 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
6096 "dot11RSNAConfigPMKReauthThreshold");
6100 if (wpa_s
->conf
->dot11RSNAConfigSATimeout
&&
6101 wpa_sm_set_param(wpa_s
->wpa
, RSNA_SA_TIMEOUT
,
6102 wpa_s
->conf
->dot11RSNAConfigSATimeout
)) {
6103 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
6104 "dot11RSNAConfigSATimeout");
6108 wpa_s
->hw
.modes
= wpa_drv_get_hw_feature_data(wpa_s
,
6109 &wpa_s
->hw
.num_modes
,
6112 if (wpa_s
->hw
.modes
) {
6115 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
6116 if (wpa_s
->hw
.modes
[i
].vht_capab
) {
6117 wpa_s
->hw_capab
= CAPAB_VHT
;
6121 if (wpa_s
->hw
.modes
[i
].ht_capab
&
6122 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET
)
6123 wpa_s
->hw_capab
= CAPAB_HT40
;
6124 else if (wpa_s
->hw
.modes
[i
].ht_capab
&&
6125 wpa_s
->hw_capab
== CAPAB_NO_HT_VHT
)
6126 wpa_s
->hw_capab
= CAPAB_HT
;
6130 capa_res
= wpa_drv_get_capa(wpa_s
, &capa
);
6131 if (capa_res
== 0) {
6132 wpa_s
->drv_capa_known
= 1;
6133 wpa_s
->drv_flags
= capa
.flags
;
6134 wpa_s
->drv_enc
= capa
.enc
;
6135 wpa_s
->drv_smps_modes
= capa
.smps_modes
;
6136 wpa_s
->drv_rrm_flags
= capa
.rrm_flags
;
6137 wpa_s
->probe_resp_offloads
= capa
.probe_resp_offloads
;
6138 wpa_s
->max_scan_ssids
= capa
.max_scan_ssids
;
6139 wpa_s
->max_sched_scan_ssids
= capa
.max_sched_scan_ssids
;
6140 wpa_s
->max_sched_scan_plans
= capa
.max_sched_scan_plans
;
6141 wpa_s
->max_sched_scan_plan_interval
=
6142 capa
.max_sched_scan_plan_interval
;
6143 wpa_s
->max_sched_scan_plan_iterations
=
6144 capa
.max_sched_scan_plan_iterations
;
6145 wpa_s
->sched_scan_supported
= capa
.sched_scan_supported
;
6146 wpa_s
->max_match_sets
= capa
.max_match_sets
;
6147 wpa_s
->max_remain_on_chan
= capa
.max_remain_on_chan
;
6148 wpa_s
->max_stations
= capa
.max_stations
;
6149 wpa_s
->extended_capa
= capa
.extended_capa
;
6150 wpa_s
->extended_capa_mask
= capa
.extended_capa_mask
;
6151 wpa_s
->extended_capa_len
= capa
.extended_capa_len
;
6152 wpa_s
->num_multichan_concurrent
=
6153 capa
.num_multichan_concurrent
;
6154 wpa_s
->wmm_ac_supported
= capa
.wmm_ac_supported
;
6156 if (capa
.mac_addr_rand_scan_supported
)
6157 wpa_s
->mac_addr_rand_supported
|= MAC_ADDR_RAND_SCAN
;
6158 if (wpa_s
->sched_scan_supported
&&
6159 capa
.mac_addr_rand_sched_scan_supported
)
6160 wpa_s
->mac_addr_rand_supported
|=
6161 (MAC_ADDR_RAND_SCHED_SCAN
| MAC_ADDR_RAND_PNO
);
6163 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_STATION
);
6164 if (wpa_s
->extended_capa
&&
6165 wpa_s
->extended_capa_len
>= 3 &&
6166 wpa_s
->extended_capa
[2] & 0x40)
6167 wpa_s
->multi_bss_support
= 1;
6169 if (wpa_s
->max_remain_on_chan
== 0)
6170 wpa_s
->max_remain_on_chan
= 1000;
6173 * Only take p2p_mgmt parameters when P2P Device is supported.
6174 * Doing it here as it determines whether l2_packet_init() will be done
6175 * during wpa_supplicant_driver_init().
6177 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
)
6178 wpa_s
->p2p_mgmt
= iface
->p2p_mgmt
;
6180 if (wpa_s
->num_multichan_concurrent
== 0)
6181 wpa_s
->num_multichan_concurrent
= 1;
6183 if (wpa_supplicant_driver_init(wpa_s
) < 0)
6187 if (!iface
->p2p_mgmt
&& wpa_tdls_init(wpa_s
->wpa
))
6189 #endif /* CONFIG_TDLS */
6191 if (wpa_s
->conf
->country
[0] && wpa_s
->conf
->country
[1] &&
6192 wpa_drv_set_country(wpa_s
, wpa_s
->conf
->country
)) {
6193 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to set country");
6198 if (wpa_s
->conf
->fst_group_id
) {
6199 struct fst_iface_cfg cfg
;
6200 struct fst_wpa_obj iface_obj
;
6202 fst_wpa_supplicant_fill_iface_obj(wpa_s
, &iface_obj
);
6203 os_strlcpy(cfg
.group_id
, wpa_s
->conf
->fst_group_id
,
6204 sizeof(cfg
.group_id
));
6205 cfg
.priority
= wpa_s
->conf
->fst_priority
;
6206 cfg
.llt
= wpa_s
->conf
->fst_llt
;
6208 wpa_s
->fst
= fst_attach(wpa_s
->ifname
, wpa_s
->own_addr
,
6211 wpa_msg(wpa_s
, MSG_ERROR
,
6212 "FST: Cannot attach iface %s to group %s",
6213 wpa_s
->ifname
, cfg
.group_id
);
6217 #endif /* CONFIG_FST */
6219 if (wpas_wps_init(wpa_s
))
6222 #ifdef CONFIG_GAS_SERVER
6223 wpa_s
->gas_server
= gas_server_init(wpa_s
, wpas_gas_server_tx
);
6224 if (!wpa_s
->gas_server
) {
6225 wpa_printf(MSG_ERROR
, "Failed to initialize GAS server");
6228 #endif /* CONFIG_GAS_SERVER */
6231 if (wpas_dpp_init(wpa_s
) < 0)
6233 #endif /* CONFIG_DPP */
6235 if (wpa_supplicant_init_eapol(wpa_s
) < 0)
6237 wpa_sm_set_eapol(wpa_s
->wpa
, wpa_s
->eapol
);
6239 wpa_s
->ctrl_iface
= wpa_supplicant_ctrl_iface_init(wpa_s
);
6240 if (wpa_s
->ctrl_iface
== NULL
) {
6241 wpa_printf(MSG_ERROR
,
6242 "Failed to initialize control interface '%s'.\n"
6243 "You may have another wpa_supplicant process "
6244 "already running or the file was\n"
6245 "left by an unclean termination of wpa_supplicant "
6246 "in which case you will need\n"
6247 "to manually remove this file before starting "
6248 "wpa_supplicant again.\n",
6249 wpa_s
->conf
->ctrl_interface
);
6253 wpa_s
->gas
= gas_query_init(wpa_s
);
6254 if (wpa_s
->gas
== NULL
) {
6255 wpa_printf(MSG_ERROR
, "Failed to initialize GAS query");
6259 if ((!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
) ||
6261 wpas_p2p_init(wpa_s
->global
, wpa_s
) < 0) {
6262 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to init P2P");
6266 if (wpa_bss_init(wpa_s
) < 0)
6269 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
6271 dl_list_init(&wpa_s
->mesh_external_pmksa_cache
);
6272 #endif /* CONFIG_MESH */
6273 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
6276 * Set Wake-on-WLAN triggers, if configured.
6277 * Note: We don't restore/remove the triggers on shutdown (it doesn't
6278 * have effect anyway when the interface is down).
6280 if (capa_res
== 0 && wpas_set_wowlan_triggers(wpa_s
, &capa
) < 0)
6283 #ifdef CONFIG_EAP_PROXY
6286 wpa_s
->mnc_len
= eapol_sm_get_eap_proxy_imsi(wpa_s
->eapol
, -1,
6288 if (wpa_s
->mnc_len
> 0) {
6289 wpa_s
->imsi
[len
] = '\0';
6290 wpa_printf(MSG_DEBUG
, "eap_proxy: IMSI %s (MNC length %d)",
6291 wpa_s
->imsi
, wpa_s
->mnc_len
);
6293 wpa_printf(MSG_DEBUG
, "eap_proxy: IMSI not available");
6296 #endif /* CONFIG_EAP_PROXY */
6298 if (pcsc_reader_init(wpa_s
) < 0)
6301 if (wpas_init_ext_pw(wpa_s
) < 0)
6304 wpas_rrm_reset(wpa_s
);
6306 wpas_sched_scan_plans_set(wpa_s
, wpa_s
->conf
->sched_scan_plans
);
6310 #endif /* CONFIG_HS20 */
6312 if (!wpa_s
->disable_mbo_oce
&& wpa_s
->conf
->oce
) {
6313 if ((wpa_s
->conf
->oce
& OCE_STA
) &&
6314 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OCE_STA
))
6315 wpa_s
->enable_oce
= OCE_STA
;
6316 if ((wpa_s
->conf
->oce
& OCE_STA_CFON
) &&
6317 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OCE_STA_CFON
)) {
6318 /* TODO: Need to add STA-CFON support */
6319 wpa_printf(MSG_ERROR
,
6320 "OCE STA-CFON feature is not yet supported");
6323 wpas_mbo_update_non_pref_chan(wpa_s
, wpa_s
->conf
->non_pref_chan
);
6324 #endif /* CONFIG_MBO */
6326 wpa_supplicant_set_default_scan_ies(wpa_s
);
6332 static void wpa_supplicant_deinit_iface(struct wpa_supplicant
*wpa_s
,
6333 int notify
, int terminate
)
6335 struct wpa_global
*global
= wpa_s
->global
;
6336 struct wpa_supplicant
*iface
, *prev
;
6338 if (wpa_s
== wpa_s
->parent
)
6339 wpas_p2p_group_remove(wpa_s
, "*");
6341 iface
= global
->ifaces
;
6343 if (iface
->p2pdev
== wpa_s
)
6344 iface
->p2pdev
= iface
->parent
;
6345 if (iface
== wpa_s
|| iface
->parent
!= wpa_s
) {
6346 iface
= iface
->next
;
6349 wpa_printf(MSG_DEBUG
,
6350 "Remove remaining child interface %s from parent %s",
6351 iface
->ifname
, wpa_s
->ifname
);
6353 iface
= iface
->next
;
6354 wpa_supplicant_remove_iface(global
, prev
, terminate
);
6357 wpa_s
->disconnected
= 1;
6358 if (wpa_s
->drv_priv
) {
6359 /* Don't deauthenticate if WoWLAN is enabled */
6360 if (!wpa_drv_get_wowlan(wpa_s
)) {
6361 wpa_supplicant_deauthenticate(
6362 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
6364 wpa_drv_set_countermeasures(wpa_s
, 0);
6365 wpa_clear_keys(wpa_s
, NULL
);
6367 wpa_msg(wpa_s
, MSG_INFO
,
6368 "Do not deauthenticate as part of interface deinit since WoWLAN is enabled");
6372 wpa_supplicant_cleanup(wpa_s
);
6373 wpas_p2p_deinit_iface(wpa_s
);
6375 wpas_ctrl_radio_work_flush(wpa_s
);
6376 radio_remove_interface(wpa_s
);
6380 fst_detach(wpa_s
->fst
);
6383 if (wpa_s
->received_mb_ies
) {
6384 wpabuf_free(wpa_s
->received_mb_ies
);
6385 wpa_s
->received_mb_ies
= NULL
;
6387 #endif /* CONFIG_FST */
6389 if (wpa_s
->drv_priv
)
6390 wpa_drv_deinit(wpa_s
);
6393 wpas_notify_iface_removed(wpa_s
);
6396 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_TERMINATING
);
6398 if (wpa_s
->ctrl_iface
) {
6399 wpa_supplicant_ctrl_iface_deinit(wpa_s
->ctrl_iface
);
6400 wpa_s
->ctrl_iface
= NULL
;
6405 wpa_supplicant_mesh_iface_deinit(wpa_s
, wpa_s
->ifmsh
);
6406 wpa_s
->ifmsh
= NULL
;
6408 #endif /* CONFIG_MESH */
6410 if (wpa_s
->conf
!= NULL
) {
6411 wpa_config_free(wpa_s
->conf
);
6415 os_free(wpa_s
->ssids_from_scan_req
);
6416 os_free(wpa_s
->last_scan_freqs
);
6422 #ifdef CONFIG_MATCH_IFACE
6425 * wpa_supplicant_match_iface - Match an interface description to a name
6426 * @global: Pointer to global data from wpa_supplicant_init()
6427 * @ifname: Name of the interface to match
6428 * Returns: Pointer to the created interface description or %NULL on failure
6430 struct wpa_interface
* wpa_supplicant_match_iface(struct wpa_global
*global
,
6434 struct wpa_interface
*iface
, *miface
;
6436 for (i
= 0; i
< global
->params
.match_iface_count
; i
++) {
6437 miface
= &global
->params
.match_ifaces
[i
];
6438 if (!miface
->ifname
||
6439 fnmatch(miface
->ifname
, ifname
, 0) == 0) {
6440 iface
= os_zalloc(sizeof(*iface
));
6444 iface
->ifname
= ifname
;
6454 * wpa_supplicant_match_existing - Match existing interfaces
6455 * @global: Pointer to global data from wpa_supplicant_init()
6456 * Returns: 0 on success, -1 on failure
6458 static int wpa_supplicant_match_existing(struct wpa_global
*global
)
6460 struct if_nameindex
*ifi
, *ifp
;
6461 struct wpa_supplicant
*wpa_s
;
6462 struct wpa_interface
*iface
;
6464 ifp
= if_nameindex();
6466 wpa_printf(MSG_ERROR
, "if_nameindex: %s", strerror(errno
));
6470 for (ifi
= ifp
; ifi
->if_name
; ifi
++) {
6471 wpa_s
= wpa_supplicant_get_iface(global
, ifi
->if_name
);
6474 iface
= wpa_supplicant_match_iface(global
, ifi
->if_name
);
6476 wpa_s
= wpa_supplicant_add_iface(global
, iface
, NULL
);
6483 if_freenameindex(ifp
);
6487 #endif /* CONFIG_MATCH_IFACE */
6491 * wpa_supplicant_add_iface - Add a new network interface
6492 * @global: Pointer to global data from wpa_supplicant_init()
6493 * @iface: Interface configuration options
6494 * @parent: Parent interface or %NULL to assign new interface as parent
6495 * Returns: Pointer to the created interface or %NULL on failure
6497 * This function is used to add new network interfaces for %wpa_supplicant.
6498 * This can be called before wpa_supplicant_run() to add interfaces before the
6499 * main event loop has been started. In addition, new interfaces can be added
6500 * dynamically while %wpa_supplicant is already running. This could happen,
6501 * e.g., when a hotplug network adapter is inserted.
6503 struct wpa_supplicant
* wpa_supplicant_add_iface(struct wpa_global
*global
,
6504 struct wpa_interface
*iface
,
6505 struct wpa_supplicant
*parent
)
6507 struct wpa_supplicant
*wpa_s
;
6508 struct wpa_interface t_iface
;
6509 struct wpa_ssid
*ssid
;
6511 if (global
== NULL
|| iface
== NULL
)
6514 wpa_s
= wpa_supplicant_alloc(parent
);
6518 wpa_s
->global
= global
;
6521 if (global
->params
.override_driver
) {
6522 wpa_printf(MSG_DEBUG
, "Override interface parameter: driver "
6524 iface
->driver
, global
->params
.override_driver
);
6525 t_iface
.driver
= global
->params
.override_driver
;
6527 if (global
->params
.override_ctrl_interface
) {
6528 wpa_printf(MSG_DEBUG
, "Override interface parameter: "
6529 "ctrl_interface ('%s' -> '%s')",
6530 iface
->ctrl_interface
,
6531 global
->params
.override_ctrl_interface
);
6532 t_iface
.ctrl_interface
=
6533 global
->params
.override_ctrl_interface
;
6535 if (wpa_supplicant_init_iface(wpa_s
, &t_iface
)) {
6536 wpa_printf(MSG_DEBUG
, "Failed to add interface %s",
6538 wpa_supplicant_deinit_iface(wpa_s
, 0, 0);
6542 if (iface
->p2p_mgmt
== 0) {
6543 /* Notify the control interfaces about new iface */
6544 if (wpas_notify_iface_added(wpa_s
)) {
6545 wpa_supplicant_deinit_iface(wpa_s
, 1, 0);
6549 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
6550 wpas_notify_network_added(wpa_s
, ssid
);
6553 wpa_s
->next
= global
->ifaces
;
6554 global
->ifaces
= wpa_s
;
6556 wpa_dbg(wpa_s
, MSG_DEBUG
, "Added interface %s", wpa_s
->ifname
);
6557 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
6560 if (wpa_s
->global
->p2p
== NULL
&&
6561 !wpa_s
->global
->p2p_disabled
&& !wpa_s
->conf
->p2p_disabled
&&
6562 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
) &&
6563 wpas_p2p_add_p2pdev_interface(
6564 wpa_s
, wpa_s
->global
->params
.conf_p2p_dev
) < 0) {
6565 wpa_printf(MSG_INFO
,
6566 "P2P: Failed to enable P2P Device interface");
6567 /* Try to continue without. P2P will be disabled. */
6569 #endif /* CONFIG_P2P */
6576 * wpa_supplicant_remove_iface - Remove a network interface
6577 * @global: Pointer to global data from wpa_supplicant_init()
6578 * @wpa_s: Pointer to the network interface to be removed
6579 * Returns: 0 if interface was removed, -1 if interface was not found
6581 * This function can be used to dynamically remove network interfaces from
6582 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
6583 * addition, this function is used to remove all remaining interfaces when
6584 * %wpa_supplicant is terminated.
6586 int wpa_supplicant_remove_iface(struct wpa_global
*global
,
6587 struct wpa_supplicant
*wpa_s
,
6590 struct wpa_supplicant
*prev
;
6592 unsigned int mesh_if_created
= wpa_s
->mesh_if_created
;
6593 char *ifname
= NULL
;
6594 struct wpa_supplicant
*parent
= wpa_s
->parent
;
6595 #endif /* CONFIG_MESH */
6597 /* Remove interface from the global list of interfaces */
6598 prev
= global
->ifaces
;
6599 if (prev
== wpa_s
) {
6600 global
->ifaces
= wpa_s
->next
;
6602 while (prev
&& prev
->next
!= wpa_s
)
6606 prev
->next
= wpa_s
->next
;
6609 wpa_dbg(wpa_s
, MSG_DEBUG
, "Removing interface %s", wpa_s
->ifname
);
6612 if (mesh_if_created
) {
6613 ifname
= os_strdup(wpa_s
->ifname
);
6614 if (ifname
== NULL
) {
6615 wpa_dbg(wpa_s
, MSG_ERROR
,
6616 "mesh: Failed to malloc ifname");
6620 #endif /* CONFIG_MESH */
6622 if (global
->p2p_group_formation
== wpa_s
)
6623 global
->p2p_group_formation
= NULL
;
6624 if (global
->p2p_invite_group
== wpa_s
)
6625 global
->p2p_invite_group
= NULL
;
6626 wpa_supplicant_deinit_iface(wpa_s
, 1, terminate
);
6629 if (mesh_if_created
) {
6630 wpa_drv_if_remove(parent
, WPA_IF_MESH
, ifname
);
6633 #endif /* CONFIG_MESH */
6640 * wpa_supplicant_get_eap_mode - Get the current EAP mode
6641 * @wpa_s: Pointer to the network interface
6642 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
6644 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant
*wpa_s
)
6646 const char *eapol_method
;
6648 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) == 0 &&
6649 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
6653 eapol_method
= eapol_sm_get_method_name(wpa_s
->eapol
);
6654 if (eapol_method
== NULL
)
6655 return "UNKNOWN-EAP";
6657 return eapol_method
;
6662 * wpa_supplicant_get_iface - Get a new network interface
6663 * @global: Pointer to global data from wpa_supplicant_init()
6664 * @ifname: Interface name
6665 * Returns: Pointer to the interface or %NULL if not found
6667 struct wpa_supplicant
* wpa_supplicant_get_iface(struct wpa_global
*global
,
6670 struct wpa_supplicant
*wpa_s
;
6672 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
6673 if (os_strcmp(wpa_s
->ifname
, ifname
) == 0)
6680 #ifndef CONFIG_NO_WPA_MSG
6681 static const char * wpa_supplicant_msg_ifname_cb(void *ctx
)
6683 struct wpa_supplicant
*wpa_s
= ctx
;
6686 return wpa_s
->ifname
;
6688 #endif /* CONFIG_NO_WPA_MSG */
6691 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
6692 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
6693 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
6695 /* Periodic cleanup tasks */
6696 static void wpas_periodic(void *eloop_ctx
, void *timeout_ctx
)
6698 struct wpa_global
*global
= eloop_ctx
;
6699 struct wpa_supplicant
*wpa_s
;
6701 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL
, 0,
6702 wpas_periodic
, global
, NULL
);
6706 p2p_expire_peers(global
->p2p
);
6707 #endif /* CONFIG_P2P */
6709 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
6710 wpa_bss_flush_by_age(wpa_s
, wpa_s
->conf
->bss_expiration_age
);
6713 #endif /* CONFIG_AP */
6719 * wpa_supplicant_init - Initialize %wpa_supplicant
6720 * @params: Parameters for %wpa_supplicant
6721 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
6723 * This function is used to initialize %wpa_supplicant. After successful
6724 * initialization, the returned data pointer can be used to add and remove
6725 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
6727 struct wpa_global
* wpa_supplicant_init(struct wpa_params
*params
)
6729 struct wpa_global
*global
;
6735 #ifdef CONFIG_DRIVER_NDIS
6737 void driver_ndis_init_ops(void);
6738 driver_ndis_init_ops();
6740 #endif /* CONFIG_DRIVER_NDIS */
6742 #ifndef CONFIG_NO_WPA_MSG
6743 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb
);
6744 #endif /* CONFIG_NO_WPA_MSG */
6746 if (params
->wpa_debug_file_path
)
6747 wpa_debug_open_file(params
->wpa_debug_file_path
);
6748 if (!params
->wpa_debug_file_path
&& !params
->wpa_debug_syslog
)
6749 wpa_debug_setup_stdout();
6750 if (params
->wpa_debug_syslog
)
6751 wpa_debug_open_syslog();
6752 if (params
->wpa_debug_tracing
) {
6753 ret
= wpa_debug_open_linux_tracing();
6755 wpa_printf(MSG_ERROR
,
6756 "Failed to enable trace logging");
6761 ret
= eap_register_methods();
6763 wpa_printf(MSG_ERROR
, "Failed to register EAP methods");
6765 wpa_printf(MSG_ERROR
, "Two or more EAP methods used "
6766 "the same EAP type.");
6770 global
= os_zalloc(sizeof(*global
));
6773 dl_list_init(&global
->p2p_srv_bonjour
);
6774 dl_list_init(&global
->p2p_srv_upnp
);
6775 global
->params
.daemonize
= params
->daemonize
;
6776 global
->params
.wait_for_monitor
= params
->wait_for_monitor
;
6777 global
->params
.dbus_ctrl_interface
= params
->dbus_ctrl_interface
;
6778 if (params
->pid_file
)
6779 global
->params
.pid_file
= os_strdup(params
->pid_file
);
6780 if (params
->ctrl_interface
)
6781 global
->params
.ctrl_interface
=
6782 os_strdup(params
->ctrl_interface
);
6783 if (params
->ctrl_interface_group
)
6784 global
->params
.ctrl_interface_group
=
6785 os_strdup(params
->ctrl_interface_group
);
6786 if (params
->override_driver
)
6787 global
->params
.override_driver
=
6788 os_strdup(params
->override_driver
);
6789 if (params
->override_ctrl_interface
)
6790 global
->params
.override_ctrl_interface
=
6791 os_strdup(params
->override_ctrl_interface
);
6792 #ifdef CONFIG_MATCH_IFACE
6793 global
->params
.match_iface_count
= params
->match_iface_count
;
6794 if (params
->match_iface_count
) {
6795 global
->params
.match_ifaces
=
6796 os_calloc(params
->match_iface_count
,
6797 sizeof(struct wpa_interface
));
6798 os_memcpy(global
->params
.match_ifaces
,
6799 params
->match_ifaces
,
6800 params
->match_iface_count
*
6801 sizeof(struct wpa_interface
));
6803 #endif /* CONFIG_MATCH_IFACE */
6805 if (params
->conf_p2p_dev
)
6806 global
->params
.conf_p2p_dev
=
6807 os_strdup(params
->conf_p2p_dev
);
6808 #endif /* CONFIG_P2P */
6809 wpa_debug_level
= global
->params
.wpa_debug_level
=
6810 params
->wpa_debug_level
;
6811 wpa_debug_show_keys
= global
->params
.wpa_debug_show_keys
=
6812 params
->wpa_debug_show_keys
;
6813 wpa_debug_timestamp
= global
->params
.wpa_debug_timestamp
=
6814 params
->wpa_debug_timestamp
;
6816 wpa_printf(MSG_DEBUG
, "wpa_supplicant v" VERSION_STR
);
6819 wpa_printf(MSG_ERROR
, "Failed to initialize event loop");
6820 wpa_supplicant_deinit(global
);
6824 random_init(params
->entropy_file
);
6826 global
->ctrl_iface
= wpa_supplicant_global_ctrl_iface_init(global
);
6827 if (global
->ctrl_iface
== NULL
) {
6828 wpa_supplicant_deinit(global
);
6832 if (wpas_notify_supplicant_initialized(global
)) {
6833 wpa_supplicant_deinit(global
);
6837 for (i
= 0; wpa_drivers
[i
]; i
++)
6838 global
->drv_count
++;
6839 if (global
->drv_count
== 0) {
6840 wpa_printf(MSG_ERROR
, "No drivers enabled");
6841 wpa_supplicant_deinit(global
);
6844 global
->drv_priv
= os_calloc(global
->drv_count
, sizeof(void *));
6845 if (global
->drv_priv
== NULL
) {
6846 wpa_supplicant_deinit(global
);
6850 #ifdef CONFIG_WIFI_DISPLAY
6851 if (wifi_display_init(global
) < 0) {
6852 wpa_printf(MSG_ERROR
, "Failed to initialize Wi-Fi Display");
6853 wpa_supplicant_deinit(global
);
6856 #endif /* CONFIG_WIFI_DISPLAY */
6858 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL
, 0,
6859 wpas_periodic
, global
, NULL
);
6866 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
6867 * @global: Pointer to global data from wpa_supplicant_init()
6868 * Returns: 0 after successful event loop run, -1 on failure
6870 * This function starts the main event loop and continues running as long as
6871 * there are any remaining events. In most cases, this function is running as
6872 * long as the %wpa_supplicant process in still in use.
6874 int wpa_supplicant_run(struct wpa_global
*global
)
6876 struct wpa_supplicant
*wpa_s
;
6878 if (global
->params
.daemonize
&&
6879 (wpa_supplicant_daemon(global
->params
.pid_file
) ||
6880 eloop_sock_requeue()))
6883 #ifdef CONFIG_MATCH_IFACE
6884 if (wpa_supplicant_match_existing(global
))
6888 if (global
->params
.wait_for_monitor
) {
6889 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
)
6890 if (wpa_s
->ctrl_iface
&& !wpa_s
->p2p_mgmt
)
6891 wpa_supplicant_ctrl_iface_wait(
6895 eloop_register_signal_terminate(wpa_supplicant_terminate
, global
);
6896 eloop_register_signal_reconfig(wpa_supplicant_reconfig
, global
);
6905 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
6906 * @global: Pointer to global data from wpa_supplicant_init()
6908 * This function is called to deinitialize %wpa_supplicant and to free all
6909 * allocated resources. Remaining network interfaces will also be removed.
6911 void wpa_supplicant_deinit(struct wpa_global
*global
)
6918 eloop_cancel_timeout(wpas_periodic
, global
, NULL
);
6920 #ifdef CONFIG_WIFI_DISPLAY
6921 wifi_display_deinit(global
);
6922 #endif /* CONFIG_WIFI_DISPLAY */
6924 while (global
->ifaces
)
6925 wpa_supplicant_remove_iface(global
, global
->ifaces
, 1);
6927 if (global
->ctrl_iface
)
6928 wpa_supplicant_global_ctrl_iface_deinit(global
->ctrl_iface
);
6930 wpas_notify_supplicant_deinitialized(global
);
6932 eap_peer_unregister_methods();
6934 eap_server_unregister_methods();
6935 #endif /* CONFIG_AP */
6937 for (i
= 0; wpa_drivers
[i
] && global
->drv_priv
; i
++) {
6938 if (!global
->drv_priv
[i
])
6940 wpa_drivers
[i
]->global_deinit(global
->drv_priv
[i
]);
6942 os_free(global
->drv_priv
);
6948 if (global
->params
.pid_file
) {
6949 os_daemonize_terminate(global
->params
.pid_file
);
6950 os_free(global
->params
.pid_file
);
6952 os_free(global
->params
.ctrl_interface
);
6953 os_free(global
->params
.ctrl_interface_group
);
6954 os_free(global
->params
.override_driver
);
6955 os_free(global
->params
.override_ctrl_interface
);
6956 #ifdef CONFIG_MATCH_IFACE
6957 os_free(global
->params
.match_ifaces
);
6958 #endif /* CONFIG_MATCH_IFACE */
6960 os_free(global
->params
.conf_p2p_dev
);
6961 #endif /* CONFIG_P2P */
6963 os_free(global
->p2p_disallow_freq
.range
);
6964 os_free(global
->p2p_go_avoid_freq
.range
);
6965 os_free(global
->add_psk
);
6968 wpa_debug_close_syslog();
6969 wpa_debug_close_file();
6970 wpa_debug_close_linux_tracing();
6974 void wpa_supplicant_update_config(struct wpa_supplicant
*wpa_s
)
6976 if ((wpa_s
->conf
->changed_parameters
& CFG_CHANGED_COUNTRY
) &&
6977 wpa_s
->conf
->country
[0] && wpa_s
->conf
->country
[1]) {
6979 country
[0] = wpa_s
->conf
->country
[0];
6980 country
[1] = wpa_s
->conf
->country
[1];
6982 if (wpa_drv_set_country(wpa_s
, country
) < 0) {
6983 wpa_printf(MSG_ERROR
, "Failed to set country code "
6988 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_EXT_PW_BACKEND
)
6989 wpas_init_ext_pw(wpa_s
);
6991 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_SCHED_SCAN_PLANS
)
6992 wpas_sched_scan_plans_set(wpa_s
, wpa_s
->conf
->sched_scan_plans
);
6994 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_WOWLAN_TRIGGERS
) {
6995 struct wpa_driver_capa capa
;
6996 int res
= wpa_drv_get_capa(wpa_s
, &capa
);
6998 if (res
== 0 && wpas_set_wowlan_triggers(wpa_s
, &capa
) < 0)
6999 wpa_printf(MSG_ERROR
,
7000 "Failed to update wowlan_triggers to '%s'",
7001 wpa_s
->conf
->wowlan_triggers
);
7004 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_DISABLE_BTM
)
7005 wpa_supplicant_set_default_scan_ies(wpa_s
);
7008 wpas_wps_update_config(wpa_s
);
7009 #endif /* CONFIG_WPS */
7010 wpas_p2p_update_config(wpa_s
);
7011 wpa_s
->conf
->changed_parameters
= 0;
7015 void add_freq(int *freqs
, int *num_freqs
, int freq
)
7019 for (i
= 0; i
< *num_freqs
; i
++) {
7020 if (freqs
[i
] == freq
)
7024 freqs
[*num_freqs
] = freq
;
7029 static int * get_bss_freqs_in_ess(struct wpa_supplicant
*wpa_s
)
7031 struct wpa_bss
*bss
, *cbss
;
7032 const int max_freqs
= 10;
7036 freqs
= os_calloc(max_freqs
+ 1, sizeof(int));
7040 cbss
= wpa_s
->current_bss
;
7042 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
7045 if (bss
->ssid_len
== cbss
->ssid_len
&&
7046 os_memcmp(bss
->ssid
, cbss
->ssid
, bss
->ssid_len
) == 0 &&
7047 wpa_blacklist_get(wpa_s
, bss
->bssid
) == NULL
) {
7048 add_freq(freqs
, &num_freqs
, bss
->freq
);
7049 if (num_freqs
== max_freqs
)
7054 if (num_freqs
== 0) {
7063 void wpas_connection_failed(struct wpa_supplicant
*wpa_s
, const u8
*bssid
)
7069 wpas_connect_work_done(wpa_s
);
7072 * Remove possible authentication timeout since the connection failed.
7074 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
7077 * There is no point in blacklisting the AP if this event is
7078 * generated based on local request to disconnect.
7080 if (wpa_s
->own_disconnect_req
) {
7081 wpa_s
->own_disconnect_req
= 0;
7082 wpa_dbg(wpa_s
, MSG_DEBUG
,
7083 "Ignore connection failure due to local request to disconnect");
7086 if (wpa_s
->disconnected
) {
7087 wpa_dbg(wpa_s
, MSG_DEBUG
, "Ignore connection failure "
7088 "indication since interface has been put into "
7089 "disconnected state");
7094 * Add the failed BSSID into the blacklist and speed up next scan
7095 * attempt if there could be other APs that could accept association.
7096 * The current blacklist count indicates how many times we have tried
7097 * connecting to this AP and multiple attempts mean that other APs are
7098 * either not available or has already been tried, so that we can start
7099 * increasing the delay here to avoid constant scanning.
7101 count
= wpa_blacklist_add(wpa_s
, bssid
);
7102 if (count
== 1 && wpa_s
->current_bss
) {
7104 * This BSS was not in the blacklist before. If there is
7105 * another BSS available for the same ESS, we should try that
7106 * next. Otherwise, we may as well try this one once more
7107 * before allowing other, likely worse, ESSes to be considered.
7109 freqs
= get_bss_freqs_in_ess(wpa_s
);
7111 wpa_dbg(wpa_s
, MSG_DEBUG
, "Another BSS in this ESS "
7112 "has been seen; try it next");
7113 wpa_blacklist_add(wpa_s
, bssid
);
7115 * On the next scan, go through only the known channels
7116 * used in this ESS based on previous scans to speed up
7117 * common load balancing use case.
7119 os_free(wpa_s
->next_scan_freqs
);
7120 wpa_s
->next_scan_freqs
= freqs
;
7125 * Add previous failure count in case the temporary blacklist was
7126 * cleared due to no other BSSes being available.
7128 count
+= wpa_s
->extra_blacklist_count
;
7130 if (count
> 3 && wpa_s
->current_ssid
) {
7131 wpa_printf(MSG_DEBUG
, "Continuous association failures - "
7132 "consider temporary network disabling");
7133 wpas_auth_failed(wpa_s
, "CONN_FAILED");
7154 wpa_dbg(wpa_s
, MSG_DEBUG
, "Blacklist count %d --> request scan in %d "
7155 "ms", count
, timeout
);
7158 * TODO: if more than one possible AP is available in scan results,
7159 * could try the other ones before requesting a new scan.
7162 /* speed up the connection attempt with normal scan */
7163 wpa_s
->normal_scans
= 0;
7164 wpa_supplicant_req_scan(wpa_s
, timeout
/ 1000,
7165 1000 * (timeout
% 1000));
7170 void fils_connection_failure(struct wpa_supplicant
*wpa_s
)
7172 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
7173 const u8
*realm
, *username
, *rrk
;
7174 size_t realm_len
, username_len
, rrk_len
;
7177 if (!ssid
|| !ssid
->eap
.erp
|| !wpa_key_mgmt_fils(ssid
->key_mgmt
) ||
7178 eapol_sm_get_erp_info(wpa_s
->eapol
, &ssid
->eap
,
7179 &username
, &username_len
,
7180 &realm
, &realm_len
, &next_seq_num
,
7181 &rrk
, &rrk_len
) != 0 ||
7185 wpa_hexdump_ascii(MSG_DEBUG
,
7186 "FILS: Store last connection failure realm",
7188 os_free(wpa_s
->last_con_fail_realm
);
7189 wpa_s
->last_con_fail_realm
= os_malloc(realm_len
);
7190 if (wpa_s
->last_con_fail_realm
) {
7191 wpa_s
->last_con_fail_realm_len
= realm_len
;
7192 os_memcpy(wpa_s
->last_con_fail_realm
, realm
, realm_len
);
7195 #endif /* CONFIG_FILS */
7198 int wpas_driver_bss_selection(struct wpa_supplicant
*wpa_s
)
7200 return wpa_s
->conf
->ap_scan
== 2 ||
7201 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_BSS_SELECTION
);
7205 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
7206 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant
*wpa_s
,
7207 struct wpa_ssid
*ssid
,
7211 #ifdef IEEE8021X_EAPOL
7212 struct eap_peer_config
*eap
= &ssid
->eap
;
7214 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: response handle field=%s", field
);
7215 wpa_hexdump_ascii_key(MSG_DEBUG
, "CTRL_IFACE: response value",
7216 (const u8
*) value
, os_strlen(value
));
7218 switch (wpa_supplicant_ctrl_req_from_string(field
)) {
7219 case WPA_CTRL_REQ_EAP_IDENTITY
:
7220 os_free(eap
->identity
);
7221 eap
->identity
= (u8
*) os_strdup(value
);
7222 eap
->identity_len
= os_strlen(value
);
7223 eap
->pending_req_identity
= 0;
7224 if (ssid
== wpa_s
->current_ssid
)
7225 wpa_s
->reassociate
= 1;
7227 case WPA_CTRL_REQ_EAP_PASSWORD
:
7228 bin_clear_free(eap
->password
, eap
->password_len
);
7229 eap
->password
= (u8
*) os_strdup(value
);
7230 eap
->password_len
= os_strlen(value
);
7231 eap
->pending_req_password
= 0;
7232 if (ssid
== wpa_s
->current_ssid
)
7233 wpa_s
->reassociate
= 1;
7235 case WPA_CTRL_REQ_EAP_NEW_PASSWORD
:
7236 bin_clear_free(eap
->new_password
, eap
->new_password_len
);
7237 eap
->new_password
= (u8
*) os_strdup(value
);
7238 eap
->new_password_len
= os_strlen(value
);
7239 eap
->pending_req_new_password
= 0;
7240 if (ssid
== wpa_s
->current_ssid
)
7241 wpa_s
->reassociate
= 1;
7243 case WPA_CTRL_REQ_EAP_PIN
:
7244 str_clear_free(eap
->cert
.pin
);
7245 eap
->cert
.pin
= os_strdup(value
);
7246 eap
->pending_req_pin
= 0;
7247 if (ssid
== wpa_s
->current_ssid
)
7248 wpa_s
->reassociate
= 1;
7250 case WPA_CTRL_REQ_EAP_OTP
:
7251 bin_clear_free(eap
->otp
, eap
->otp_len
);
7252 eap
->otp
= (u8
*) os_strdup(value
);
7253 eap
->otp_len
= os_strlen(value
);
7254 os_free(eap
->pending_req_otp
);
7255 eap
->pending_req_otp
= NULL
;
7256 eap
->pending_req_otp_len
= 0;
7258 case WPA_CTRL_REQ_EAP_PASSPHRASE
:
7259 str_clear_free(eap
->cert
.private_key_passwd
);
7260 eap
->cert
.private_key_passwd
= os_strdup(value
);
7261 eap
->pending_req_passphrase
= 0;
7262 if (ssid
== wpa_s
->current_ssid
)
7263 wpa_s
->reassociate
= 1;
7265 case WPA_CTRL_REQ_SIM
:
7266 str_clear_free(eap
->external_sim_resp
);
7267 eap
->external_sim_resp
= os_strdup(value
);
7268 eap
->pending_req_sim
= 0;
7270 case WPA_CTRL_REQ_PSK_PASSPHRASE
:
7271 if (wpa_config_set(ssid
, "psk", value
, 0) < 0)
7273 ssid
->mem_only_psk
= 1;
7274 if (ssid
->passphrase
)
7275 wpa_config_update_psk(ssid
);
7276 if (wpa_s
->wpa_state
== WPA_SCANNING
&& !wpa_s
->scanning
)
7277 wpa_supplicant_req_scan(wpa_s
, 0, 0);
7279 case WPA_CTRL_REQ_EXT_CERT_CHECK
:
7280 if (eap
->pending_ext_cert_check
!= PENDING_CHECK
)
7282 if (os_strcmp(value
, "good") == 0)
7283 eap
->pending_ext_cert_check
= EXT_CERT_CHECK_GOOD
;
7284 else if (os_strcmp(value
, "bad") == 0)
7285 eap
->pending_ext_cert_check
= EXT_CERT_CHECK_BAD
;
7290 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: Unknown field '%s'", field
);
7295 #else /* IEEE8021X_EAPOL */
7296 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: IEEE 802.1X not included");
7298 #endif /* IEEE8021X_EAPOL */
7300 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
7303 int wpas_network_disabled(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
7306 unsigned int drv_enc
;
7308 if (wpa_s
->p2p_mgmt
)
7309 return 1; /* no normal network profiles on p2p_mgmt interface */
7317 if (wpa_s
->drv_capa_known
)
7318 drv_enc
= wpa_s
->drv_enc
;
7320 drv_enc
= (unsigned int) -1;
7322 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
7323 size_t len
= ssid
->wep_key_len
[i
];
7326 if (len
== 5 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP40
))
7328 if (len
== 13 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP104
))
7330 if (len
== 16 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP128
))
7332 return 1; /* invalid WEP key */
7335 if (wpa_key_mgmt_wpa_psk(ssid
->key_mgmt
) && !ssid
->psk_set
&&
7336 (!ssid
->passphrase
|| ssid
->ssid_len
!= 0) && !ssid
->ext_psk
&&
7337 !(wpa_key_mgmt_sae(ssid
->key_mgmt
) && ssid
->sae_password
) &&
7338 !ssid
->mem_only_psk
)
7345 int wpas_get_ssid_pmf(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
7347 if (ssid
== NULL
|| ssid
->ieee80211w
== MGMT_FRAME_PROTECTION_DEFAULT
) {
7348 if (wpa_s
->conf
->pmf
== MGMT_FRAME_PROTECTION_OPTIONAL
&&
7349 !(wpa_s
->drv_enc
& WPA_DRIVER_CAPA_ENC_BIP
)) {
7351 * Driver does not support BIP -- ignore pmf=1 default
7352 * since the connection with PMF would fail and the
7353 * configuration does not require PMF to be enabled.
7355 return NO_MGMT_FRAME_PROTECTION
;
7360 ~(WPA_KEY_MGMT_NONE
| WPA_KEY_MGMT_WPS
|
7361 WPA_KEY_MGMT_IEEE8021X_NO_WPA
)) == 0) {
7363 * Do not use the default PMF value for non-RSN networks
7364 * since PMF is available only with RSN and pmf=2
7365 * configuration would otherwise prevent connections to
7366 * all open networks.
7368 return NO_MGMT_FRAME_PROTECTION
;
7371 return wpa_s
->conf
->pmf
;
7374 return ssid
->ieee80211w
;
7378 int wpas_is_p2p_prioritized(struct wpa_supplicant
*wpa_s
)
7380 if (wpa_s
->global
->conc_pref
== WPA_CONC_PREF_P2P
)
7382 if (wpa_s
->global
->conc_pref
== WPA_CONC_PREF_STA
)
7388 void wpas_auth_failed(struct wpa_supplicant
*wpa_s
, char *reason
)
7390 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
7392 struct os_reltime now
;
7395 wpa_printf(MSG_DEBUG
, "Authentication failure but no known "
7400 if (ssid
->key_mgmt
== WPA_KEY_MGMT_WPS
)
7403 ssid
->auth_failures
++;
7406 if (ssid
->p2p_group
&&
7407 (wpa_s
->p2p_in_provisioning
|| wpa_s
->show_group_started
)) {
7409 * Skip the wait time since there is a short timeout on the
7410 * connection to a P2P group.
7414 #endif /* CONFIG_P2P */
7416 if (ssid
->auth_failures
> 50)
7418 else if (ssid
->auth_failures
> 10)
7420 else if (ssid
->auth_failures
> 5)
7422 else if (ssid
->auth_failures
> 3)
7424 else if (ssid
->auth_failures
> 2)
7426 else if (ssid
->auth_failures
> 1)
7431 if (ssid
->auth_failures
> 1 &&
7432 wpa_key_mgmt_wpa_ieee8021x(ssid
->key_mgmt
))
7433 dur
+= os_random() % (ssid
->auth_failures
* 10);
7435 os_get_reltime(&now
);
7436 if (now
.sec
+ dur
<= ssid
->disabled_until
.sec
)
7439 ssid
->disabled_until
.sec
= now
.sec
+ dur
;
7441 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_TEMP_DISABLED
7442 "id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
7443 ssid
->id
, wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
),
7444 ssid
->auth_failures
, dur
, reason
);
7448 void wpas_clear_temp_disabled(struct wpa_supplicant
*wpa_s
,
7449 struct wpa_ssid
*ssid
, int clear_failures
)
7454 if (ssid
->disabled_until
.sec
) {
7455 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_REENABLED
7456 "id=%d ssid=\"%s\"",
7457 ssid
->id
, wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
));
7459 ssid
->disabled_until
.sec
= 0;
7460 ssid
->disabled_until
.usec
= 0;
7462 ssid
->auth_failures
= 0;
7466 int disallowed_bssid(struct wpa_supplicant
*wpa_s
, const u8
*bssid
)
7470 if (wpa_s
->disallow_aps_bssid
== NULL
)
7473 for (i
= 0; i
< wpa_s
->disallow_aps_bssid_count
; i
++) {
7474 if (os_memcmp(wpa_s
->disallow_aps_bssid
+ i
* ETH_ALEN
,
7475 bssid
, ETH_ALEN
) == 0)
7483 int disallowed_ssid(struct wpa_supplicant
*wpa_s
, const u8
*ssid
,
7488 if (wpa_s
->disallow_aps_ssid
== NULL
|| ssid
== NULL
)
7491 for (i
= 0; i
< wpa_s
->disallow_aps_ssid_count
; i
++) {
7492 struct wpa_ssid_value
*s
= &wpa_s
->disallow_aps_ssid
[i
];
7493 if (ssid_len
== s
->ssid_len
&&
7494 os_memcmp(ssid
, s
->ssid
, ssid_len
) == 0)
7503 * wpas_request_connection - Request a new connection
7504 * @wpa_s: Pointer to the network interface
7506 * This function is used to request a new connection to be found. It will mark
7507 * the interface to allow reassociation and request a new scan to find a
7508 * suitable network to connect to.
7510 void wpas_request_connection(struct wpa_supplicant
*wpa_s
)
7512 wpa_s
->normal_scans
= 0;
7513 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
7514 wpa_supplicant_reinit_autoscan(wpa_s
);
7515 wpa_s
->extra_blacklist_count
= 0;
7516 wpa_s
->disconnected
= 0;
7517 wpa_s
->reassociate
= 1;
7518 wpa_s
->last_owe_group
= 0;
7520 if (wpa_supplicant_fast_associate(wpa_s
) != 1)
7521 wpa_supplicant_req_scan(wpa_s
, 0, 0);
7523 wpa_s
->reattach
= 0;
7528 * wpas_request_disconnection - Request disconnection
7529 * @wpa_s: Pointer to the network interface
7531 * This function is used to request disconnection from the currently connected
7532 * network. This will stop any ongoing scans and initiate deauthentication.
7534 void wpas_request_disconnection(struct wpa_supplicant
*wpa_s
)
7537 wpa_s
->sme
.prev_bssid_set
= 0;
7538 #endif /* CONFIG_SME */
7539 wpa_s
->reassociate
= 0;
7540 wpa_s
->disconnected
= 1;
7541 wpa_supplicant_cancel_sched_scan(wpa_s
);
7542 wpa_supplicant_cancel_scan(wpa_s
);
7543 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
7544 eloop_cancel_timeout(wpas_network_reenabled
, wpa_s
, NULL
);
7545 radio_remove_works(wpa_s
, "connect", 0);
7546 radio_remove_works(wpa_s
, "sme-connect", 0);
7550 void dump_freq_data(struct wpa_supplicant
*wpa_s
, const char *title
,
7551 struct wpa_used_freq_data
*freqs_data
,
7556 wpa_dbg(wpa_s
, MSG_DEBUG
, "Shared frequencies (len=%u): %s",
7558 for (i
= 0; i
< len
; i
++) {
7559 struct wpa_used_freq_data
*cur
= &freqs_data
[i
];
7560 wpa_dbg(wpa_s
, MSG_DEBUG
, "freq[%u]: %d, flags=0x%X",
7561 i
, cur
->freq
, cur
->flags
);
7567 * Find the operating frequencies of any of the virtual interfaces that
7568 * are using the same radio as the current interface, and in addition, get
7569 * information about the interface types that are using the frequency.
7571 int get_shared_radio_freqs_data(struct wpa_supplicant
*wpa_s
,
7572 struct wpa_used_freq_data
*freqs_data
,
7575 struct wpa_supplicant
*ifs
;
7578 unsigned int idx
= 0, i
;
7580 wpa_dbg(wpa_s
, MSG_DEBUG
,
7581 "Determining shared radio frequencies (max len %u)", len
);
7582 os_memset(freqs_data
, 0, sizeof(struct wpa_used_freq_data
) * len
);
7584 dl_list_for_each(ifs
, &wpa_s
->radio
->ifaces
, struct wpa_supplicant
,
7589 if (ifs
->current_ssid
== NULL
|| ifs
->assoc_freq
== 0)
7592 if (ifs
->current_ssid
->mode
== WPAS_MODE_AP
||
7593 ifs
->current_ssid
->mode
== WPAS_MODE_P2P_GO
||
7594 ifs
->current_ssid
->mode
== WPAS_MODE_MESH
)
7595 freq
= ifs
->current_ssid
->frequency
;
7596 else if (wpa_drv_get_bssid(ifs
, bssid
) == 0)
7597 freq
= ifs
->assoc_freq
;
7601 /* Hold only distinct freqs */
7602 for (i
= 0; i
< idx
; i
++)
7603 if (freqs_data
[i
].freq
== freq
)
7607 freqs_data
[idx
++].freq
= freq
;
7609 if (ifs
->current_ssid
->mode
== WPAS_MODE_INFRA
) {
7610 freqs_data
[i
].flags
|= ifs
->current_ssid
->p2p_group
?
7611 WPA_FREQ_USED_BY_P2P_CLIENT
:
7612 WPA_FREQ_USED_BY_INFRA_STATION
;
7616 dump_freq_data(wpa_s
, "completed iteration", freqs_data
, idx
);
7622 * Find the operating frequencies of any of the virtual interfaces that
7623 * are using the same radio as the current interface.
7625 int get_shared_radio_freqs(struct wpa_supplicant
*wpa_s
,
7626 int *freq_array
, unsigned int len
)
7628 struct wpa_used_freq_data
*freqs_data
;
7631 os_memset(freq_array
, 0, sizeof(int) * len
);
7633 freqs_data
= os_calloc(len
, sizeof(struct wpa_used_freq_data
));
7637 num
= get_shared_radio_freqs_data(wpa_s
, freqs_data
, len
);
7638 for (i
= 0; i
< num
; i
++)
7639 freq_array
[i
] = freqs_data
[i
].freq
;
7641 os_free(freqs_data
);
7647 struct wpa_supplicant
*
7648 wpas_vendor_elem(struct wpa_supplicant
*wpa_s
, enum wpa_vendor_elem_frame frame
)
7652 case VENDOR_ELEM_PROBE_REQ_P2P
:
7653 case VENDOR_ELEM_PROBE_RESP_P2P
:
7654 case VENDOR_ELEM_PROBE_RESP_P2P_GO
:
7655 case VENDOR_ELEM_BEACON_P2P_GO
:
7656 case VENDOR_ELEM_P2P_PD_REQ
:
7657 case VENDOR_ELEM_P2P_PD_RESP
:
7658 case VENDOR_ELEM_P2P_GO_NEG_REQ
:
7659 case VENDOR_ELEM_P2P_GO_NEG_RESP
:
7660 case VENDOR_ELEM_P2P_GO_NEG_CONF
:
7661 case VENDOR_ELEM_P2P_INV_REQ
:
7662 case VENDOR_ELEM_P2P_INV_RESP
:
7663 case VENDOR_ELEM_P2P_ASSOC_REQ
:
7664 case VENDOR_ELEM_P2P_ASSOC_RESP
:
7665 return wpa_s
->p2pdev
;
7666 #endif /* CONFIG_P2P */
7673 void wpas_vendor_elem_update(struct wpa_supplicant
*wpa_s
)
7678 wpa_printf(MSG_DEBUG
, "Update vendor elements");
7680 for (i
= 0; i
< NUM_VENDOR_ELEM_FRAMES
; i
++) {
7681 if (wpa_s
->vendor_elem
[i
]) {
7684 res
= os_snprintf(buf
, sizeof(buf
), "frame[%u]", i
);
7685 if (!os_snprintf_error(sizeof(buf
), res
)) {
7686 wpa_hexdump_buf(MSG_DEBUG
, buf
,
7687 wpa_s
->vendor_elem
[i
]);
7693 if (wpa_s
->parent
== wpa_s
&&
7694 wpa_s
->global
->p2p
&&
7695 !wpa_s
->global
->p2p_disabled
)
7696 p2p_set_vendor_elems(wpa_s
->global
->p2p
, wpa_s
->vendor_elem
);
7697 #endif /* CONFIG_P2P */
7701 int wpas_vendor_elem_remove(struct wpa_supplicant
*wpa_s
, int frame
,
7702 const u8
*elem
, size_t len
)
7706 ie
= wpabuf_mhead_u8(wpa_s
->vendor_elem
[frame
]);
7707 end
= ie
+ wpabuf_len(wpa_s
->vendor_elem
[frame
]);
7709 for (; ie
+ 1 < end
; ie
+= 2 + ie
[1]) {
7712 if (os_memcmp(ie
, elem
, len
) != 0)
7715 if (wpabuf_len(wpa_s
->vendor_elem
[frame
]) == len
) {
7716 wpabuf_free(wpa_s
->vendor_elem
[frame
]);
7717 wpa_s
->vendor_elem
[frame
] = NULL
;
7719 os_memmove(ie
, ie
+ len
, end
- (ie
+ len
));
7720 wpa_s
->vendor_elem
[frame
]->used
-= len
;
7722 wpas_vendor_elem_update(wpa_s
);
7730 struct hostapd_hw_modes
* get_mode(struct hostapd_hw_modes
*modes
,
7731 u16 num_modes
, enum hostapd_hw_mode mode
,
7736 for (i
= 0; i
< num_modes
; i
++) {
7737 if (modes
[i
].mode
!= mode
||
7738 !modes
[i
].num_channels
|| !modes
[i
].channels
)
7740 if ((!is_6ghz
&& !is_6ghz_freq(modes
[i
].channels
[0].freq
)) ||
7741 (is_6ghz
&& is_6ghz_freq(modes
[i
].channels
[0].freq
)))
7750 wpa_bss_tmp_disallowed
* wpas_get_disallowed_bss(struct wpa_supplicant
*wpa_s
,
7753 struct wpa_bss_tmp_disallowed
*bss
;
7755 dl_list_for_each(bss
, &wpa_s
->bss_tmp_disallowed
,
7756 struct wpa_bss_tmp_disallowed
, list
) {
7757 if (os_memcmp(bssid
, bss
->bssid
, ETH_ALEN
) == 0)
7765 static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant
*wpa_s
)
7767 struct wpa_bss_tmp_disallowed
*tmp
;
7768 unsigned int num_bssid
= 0;
7772 bssids
= os_malloc(dl_list_len(&wpa_s
->bss_tmp_disallowed
) * ETH_ALEN
);
7775 dl_list_for_each(tmp
, &wpa_s
->bss_tmp_disallowed
,
7776 struct wpa_bss_tmp_disallowed
, list
) {
7777 os_memcpy(&bssids
[num_bssid
* ETH_ALEN
], tmp
->bssid
,
7781 ret
= wpa_drv_set_bssid_blacklist(wpa_s
, num_bssid
, bssids
);
7787 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx
, void *timeout_ctx
)
7789 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
7790 struct wpa_bss_tmp_disallowed
*tmp
, *bss
= timeout_ctx
;
7792 /* Make sure the bss is not already freed */
7793 dl_list_for_each(tmp
, &wpa_s
->bss_tmp_disallowed
,
7794 struct wpa_bss_tmp_disallowed
, list
) {
7796 dl_list_del(&tmp
->list
);
7798 wpa_set_driver_tmp_disallow_list(wpa_s
);
7805 void wpa_bss_tmp_disallow(struct wpa_supplicant
*wpa_s
, const u8
*bssid
,
7806 unsigned int sec
, int rssi_threshold
)
7808 struct wpa_bss_tmp_disallowed
*bss
;
7810 bss
= wpas_get_disallowed_bss(wpa_s
, bssid
);
7812 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout
, wpa_s
, bss
);
7816 bss
= os_malloc(sizeof(*bss
));
7818 wpa_printf(MSG_DEBUG
,
7819 "Failed to allocate memory for temp disallow BSS");
7823 os_memcpy(bss
->bssid
, bssid
, ETH_ALEN
);
7824 dl_list_add(&wpa_s
->bss_tmp_disallowed
, &bss
->list
);
7825 wpa_set_driver_tmp_disallow_list(wpa_s
);
7828 bss
->rssi_threshold
= rssi_threshold
;
7829 eloop_register_timeout(sec
, 0, wpa_bss_tmp_disallow_timeout
,
7834 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant
*wpa_s
,
7835 struct wpa_bss
*bss
)
7837 struct wpa_bss_tmp_disallowed
*disallowed
= NULL
, *tmp
, *prev
;
7839 dl_list_for_each_safe(tmp
, prev
, &wpa_s
->bss_tmp_disallowed
,
7840 struct wpa_bss_tmp_disallowed
, list
) {
7841 if (os_memcmp(bss
->bssid
, tmp
->bssid
, ETH_ALEN
) == 0) {
7849 if (disallowed
->rssi_threshold
!= 0 &&
7850 bss
->level
> disallowed
->rssi_threshold
)
7857 int wpas_enable_mac_addr_randomization(struct wpa_supplicant
*wpa_s
,
7858 unsigned int type
, const u8
*addr
,
7861 if ((addr
&& !mask
) || (!addr
&& mask
)) {
7862 wpa_printf(MSG_INFO
,
7863 "MAC_ADDR_RAND_SCAN invalid addr/mask combination");
7867 if (addr
&& mask
&& (!(mask
[0] & 0x01) || (addr
[0] & 0x01))) {
7868 wpa_printf(MSG_INFO
,
7869 "MAC_ADDR_RAND_SCAN cannot allow multicast address");
7873 if (type
& MAC_ADDR_RAND_SCAN
) {
7874 if (wpas_mac_addr_rand_scan_set(wpa_s
, MAC_ADDR_RAND_SCAN
,
7879 if (type
& MAC_ADDR_RAND_SCHED_SCAN
) {
7880 if (wpas_mac_addr_rand_scan_set(wpa_s
, MAC_ADDR_RAND_SCHED_SCAN
,
7884 if (wpa_s
->sched_scanning
&& !wpa_s
->pno
)
7885 wpas_scan_restart_sched_scan(wpa_s
);
7888 if (type
& MAC_ADDR_RAND_PNO
) {
7889 if (wpas_mac_addr_rand_scan_set(wpa_s
, MAC_ADDR_RAND_PNO
,
7894 wpas_stop_pno(wpa_s
);
7895 wpas_start_pno(wpa_s
);
7903 int wpas_disable_mac_addr_randomization(struct wpa_supplicant
*wpa_s
,
7906 wpas_mac_addr_rand_scan_clear(wpa_s
, type
);
7908 if (type
& MAC_ADDR_RAND_PNO
) {
7909 wpas_stop_pno(wpa_s
);
7910 wpas_start_pno(wpa_s
);
7912 } else if (wpa_s
->sched_scanning
&& (type
& MAC_ADDR_RAND_SCHED_SCAN
)) {
7913 wpas_scan_restart_sched_scan(wpa_s
);
7920 int wpa_drv_signal_poll(struct wpa_supplicant
*wpa_s
,
7921 struct wpa_signal_info
*si
)
7925 if (!wpa_s
->driver
->signal_poll
)
7928 res
= wpa_s
->driver
->signal_poll(wpa_s
->drv_priv
, si
);
7930 #ifdef CONFIG_TESTING_OPTIONS
7932 struct driver_signal_override
*dso
;
7934 dl_list_for_each(dso
, &wpa_s
->drv_signal_override
,
7935 struct driver_signal_override
, list
) {
7936 if (os_memcmp(wpa_s
->bssid
, dso
->bssid
,
7939 wpa_printf(MSG_DEBUG
,
7940 "Override driver signal_poll information: current_signal: %d->%d avg_signal: %d->%d avg_beacon_signal: %d->%d current_noise: %d->%d",
7942 dso
->si_current_signal
,
7945 si
->avg_beacon_signal
,
7946 dso
->si_avg_beacon_signal
,
7948 dso
->si_current_noise
);
7949 si
->current_signal
= dso
->si_current_signal
;
7950 si
->avg_signal
= dso
->si_avg_signal
;
7951 si
->avg_beacon_signal
= dso
->si_avg_beacon_signal
;
7952 si
->current_noise
= dso
->si_current_noise
;
7956 #endif /* CONFIG_TESTING_OPTIONS */
7962 struct wpa_scan_results
*
7963 wpa_drv_get_scan_results2(struct wpa_supplicant
*wpa_s
)
7965 struct wpa_scan_results
*scan_res
;
7966 #ifdef CONFIG_TESTING_OPTIONS
7968 #endif /* CONFIG_TESTING_OPTIONS */
7970 if (!wpa_s
->driver
->get_scan_results2
)
7973 scan_res
= wpa_s
->driver
->get_scan_results2(wpa_s
->drv_priv
);
7975 #ifdef CONFIG_TESTING_OPTIONS
7976 for (idx
= 0; scan_res
&& idx
< scan_res
->num
; idx
++) {
7977 struct driver_signal_override
*dso
;
7978 struct wpa_scan_res
*res
= scan_res
->res
[idx
];
7980 dl_list_for_each(dso
, &wpa_s
->drv_signal_override
,
7981 struct driver_signal_override
, list
) {
7982 if (os_memcmp(res
->bssid
, dso
->bssid
, ETH_ALEN
) != 0)
7984 wpa_printf(MSG_DEBUG
,
7985 "Override driver scan signal level %d->%d for "
7987 res
->level
, dso
->scan_level
,
7988 MAC2STR(res
->bssid
));
7989 res
->flags
|= WPA_SCAN_QUAL_INVALID
;
7990 if (dso
->scan_level
< 0)
7991 res
->flags
|= WPA_SCAN_LEVEL_DBM
;
7993 res
->flags
&= ~WPA_SCAN_LEVEL_DBM
;
7994 res
->level
= dso
->scan_level
;
7998 #endif /* CONFIG_TESTING_OPTIONS */