3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
14 #ifdef CONFIG_MATCH_IFACE
17 #endif /* CONFIG_MATCH_IFACE */
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_defs.h"
40 #include "common/hw_features_common.h"
41 #include "common/gas_server.h"
42 #include "common/dpp.h"
45 #include "blacklist.h"
46 #include "wpas_glue.h"
47 #include "wps_supplicant.h"
50 #include "gas_query.h"
52 #include "p2p_supplicant.h"
53 #include "wifi_display.h"
59 #include "offchannel.h"
60 #include "hs20_supplicant.h"
64 #include "dpp_supplicant.h"
66 #include "ap/ap_config.h"
67 #include "ap/hostapd.h"
68 #endif /* CONFIG_MESH */
70 const char *const wpa_supplicant_version
=
71 "wpa_supplicant v" VERSION_STR
"\n"
72 "Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
74 const char *const wpa_supplicant_license
=
75 "This software may be distributed under the terms of the BSD license.\n"
76 "See README for more details.\n"
77 #ifdef EAP_TLS_OPENSSL
78 "\nThis product includes software developed by the OpenSSL Project\n"
79 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
80 #endif /* EAP_TLS_OPENSSL */
83 #ifndef CONFIG_NO_STDOUT_DEBUG
84 /* Long text divided into parts in order to fit in C89 strings size limits. */
85 const char *const wpa_supplicant_full_license1
=
87 const char *const wpa_supplicant_full_license2
=
88 "This software may be distributed under the terms of the BSD license.\n"
90 "Redistribution and use in source and binary forms, with or without\n"
91 "modification, are permitted provided that the following conditions are\n"
94 const char *const wpa_supplicant_full_license3
=
95 "1. Redistributions of source code must retain the above copyright\n"
96 " notice, this list of conditions and the following disclaimer.\n"
98 "2. Redistributions in binary form must reproduce the above copyright\n"
99 " notice, this list of conditions and the following disclaimer in the\n"
100 " documentation and/or other materials provided with the distribution.\n"
102 const char *const wpa_supplicant_full_license4
=
103 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
104 " names of its contributors may be used to endorse or promote products\n"
105 " derived from this software without specific prior written permission.\n"
107 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
108 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
109 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
110 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
111 const char *const wpa_supplicant_full_license5
=
112 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
113 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
114 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
115 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
116 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
117 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
118 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
120 #endif /* CONFIG_NO_STDOUT_DEBUG */
123 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx
, void *timeout_ctx
);
124 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
125 static void wpas_update_fils_connect_params(struct wpa_supplicant
*wpa_s
);
126 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
129 /* Configure default/group WEP keys for static WEP */
130 int wpa_set_wep_keys(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
134 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
135 if (ssid
->wep_key_len
[i
] == 0)
139 wpa_drv_set_key(wpa_s
, WPA_ALG_WEP
, NULL
,
140 i
, i
== ssid
->wep_tx_keyidx
, NULL
, 0,
141 ssid
->wep_key
[i
], ssid
->wep_key_len
[i
]);
148 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant
*wpa_s
,
149 struct wpa_ssid
*ssid
)
157 /* IBSS/WPA-None uses only one key (Group) for both receiving and
158 * sending unicast and multicast packets. */
160 if (ssid
->mode
!= WPAS_MODE_IBSS
) {
161 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Invalid mode %d (not "
162 "IBSS/ad-hoc) for WPA-None", ssid
->mode
);
166 if (!ssid
->psk_set
) {
167 wpa_msg(wpa_s
, MSG_INFO
, "WPA: No PSK configured for "
172 switch (wpa_s
->group_cipher
) {
173 case WPA_CIPHER_CCMP
:
174 os_memcpy(key
, ssid
->psk
, 16);
178 case WPA_CIPHER_GCMP
:
179 os_memcpy(key
, ssid
->psk
, 16);
183 case WPA_CIPHER_TKIP
:
184 /* WPA-None uses the same Michael MIC key for both TX and RX */
185 os_memcpy(key
, ssid
->psk
, 16 + 8);
186 os_memcpy(key
+ 16 + 8, ssid
->psk
+ 16, 8);
191 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Invalid group cipher %d for "
192 "WPA-None", wpa_s
->group_cipher
);
196 /* TODO: should actually remember the previously used seq#, both for TX
197 * and RX from each STA.. */
199 ret
= wpa_drv_set_key(wpa_s
, alg
, NULL
, 0, 1, seq
, 6, key
, keylen
);
200 os_memset(key
, 0, sizeof(key
));
205 static void wpa_supplicant_timeout(void *eloop_ctx
, void *timeout_ctx
)
207 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
208 const u8
*bssid
= wpa_s
->bssid
;
209 if (!is_zero_ether_addr(wpa_s
->pending_bssid
) &&
210 (wpa_s
->wpa_state
== WPA_AUTHENTICATING
||
211 wpa_s
->wpa_state
== WPA_ASSOCIATING
))
212 bssid
= wpa_s
->pending_bssid
;
213 wpa_msg(wpa_s
, MSG_INFO
, "Authentication with " MACSTR
" timed out.",
215 wpa_blacklist_add(wpa_s
, bssid
);
216 wpa_sm_notify_disassoc(wpa_s
->wpa
);
217 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
218 wpa_s
->reassociate
= 1;
221 * If we timed out, the AP or the local radio may be busy.
222 * So, wait a second until scanning again.
224 wpa_supplicant_req_scan(wpa_s
, 1, 0);
229 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
230 * @wpa_s: Pointer to wpa_supplicant data
231 * @sec: Number of seconds after which to time out authentication
232 * @usec: Number of microseconds after which to time out authentication
234 * This function is used to schedule a timeout for the current authentication
237 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant
*wpa_s
,
240 if (wpa_s
->conf
->ap_scan
== 0 &&
241 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
))
244 wpa_dbg(wpa_s
, MSG_DEBUG
, "Setting authentication timeout: %d sec "
245 "%d usec", sec
, usec
);
246 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
247 wpa_s
->last_auth_timeout_sec
= sec
;
248 eloop_register_timeout(sec
, usec
, wpa_supplicant_timeout
, wpa_s
, NULL
);
253 * wpas_auth_timeout_restart - Restart and change timeout for authentication
254 * @wpa_s: Pointer to wpa_supplicant data
255 * @sec_diff: difference in seconds applied to original timeout value
257 void wpas_auth_timeout_restart(struct wpa_supplicant
*wpa_s
, int sec_diff
)
259 int new_sec
= wpa_s
->last_auth_timeout_sec
+ sec_diff
;
261 if (eloop_is_timeout_registered(wpa_supplicant_timeout
, wpa_s
, NULL
)) {
262 wpa_dbg(wpa_s
, MSG_DEBUG
,
263 "Authentication timeout restart: %d sec", new_sec
);
264 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
265 eloop_register_timeout(new_sec
, 0, wpa_supplicant_timeout
,
272 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
273 * @wpa_s: Pointer to wpa_supplicant data
275 * This function is used to cancel authentication timeout scheduled with
276 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
279 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant
*wpa_s
)
281 wpa_dbg(wpa_s
, MSG_DEBUG
, "Cancelling authentication timeout");
282 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
283 wpa_blacklist_del(wpa_s
, wpa_s
->bssid
);
284 os_free(wpa_s
->last_con_fail_realm
);
285 wpa_s
->last_con_fail_realm
= NULL
;
286 wpa_s
->last_con_fail_realm_len
= 0;
291 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
292 * @wpa_s: Pointer to wpa_supplicant data
294 * This function is used to configure EAPOL state machine based on the selected
295 * authentication mode.
297 void wpa_supplicant_initiate_eapol(struct wpa_supplicant
*wpa_s
)
299 #ifdef IEEE8021X_EAPOL
300 struct eapol_config eapol_conf
;
301 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
303 #ifdef CONFIG_IBSS_RSN
304 if (ssid
->mode
== WPAS_MODE_IBSS
&&
305 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_NONE
&&
306 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPA_NONE
) {
308 * RSN IBSS authentication is per-STA and we can disable the
309 * per-BSSID EAPOL authentication.
311 eapol_sm_notify_portControl(wpa_s
->eapol
, ForceAuthorized
);
312 eapol_sm_notify_eap_success(wpa_s
->eapol
, TRUE
);
313 eapol_sm_notify_eap_fail(wpa_s
->eapol
, FALSE
);
316 #endif /* CONFIG_IBSS_RSN */
318 eapol_sm_notify_eap_success(wpa_s
->eapol
, FALSE
);
319 eapol_sm_notify_eap_fail(wpa_s
->eapol
, FALSE
);
321 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
||
322 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
)
323 eapol_sm_notify_portControl(wpa_s
->eapol
, ForceAuthorized
);
325 eapol_sm_notify_portControl(wpa_s
->eapol
, Auto
);
327 os_memset(&eapol_conf
, 0, sizeof(eapol_conf
));
328 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
329 eapol_conf
.accept_802_1x_keys
= 1;
330 eapol_conf
.required_keys
= 0;
331 if (ssid
->eapol_flags
& EAPOL_FLAG_REQUIRE_KEY_UNICAST
) {
332 eapol_conf
.required_keys
|= EAPOL_REQUIRE_KEY_UNICAST
;
334 if (ssid
->eapol_flags
& EAPOL_FLAG_REQUIRE_KEY_BROADCAST
) {
335 eapol_conf
.required_keys
|=
336 EAPOL_REQUIRE_KEY_BROADCAST
;
339 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
)
340 eapol_conf
.required_keys
= 0;
342 eapol_conf
.fast_reauth
= wpa_s
->conf
->fast_reauth
;
343 eapol_conf
.workaround
= ssid
->eap_workaround
;
344 eapol_conf
.eap_disabled
=
345 !wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) &&
346 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X_NO_WPA
&&
347 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPS
;
348 eapol_conf
.external_sim
= wpa_s
->conf
->external_sim
;
351 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
352 eapol_conf
.wps
|= EAPOL_LOCAL_WPS_IN_USE
;
353 if (wpa_s
->current_bss
) {
355 ie
= wpa_bss_get_vendor_ie_multi(wpa_s
->current_bss
,
360 EAPOL_PEER_IS_WPS20_AP
;
365 #endif /* CONFIG_WPS */
367 eapol_sm_notify_config(wpa_s
->eapol
, &ssid
->eap
, &eapol_conf
);
370 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
&& ssid
->mka_psk_set
)
371 ieee802_1x_create_preshared_mka(wpa_s
, ssid
);
373 ieee802_1x_alloc_kay_sm(wpa_s
, ssid
);
374 #endif /* CONFIG_MACSEC */
375 #endif /* IEEE8021X_EAPOL */
380 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
381 * @wpa_s: Pointer to wpa_supplicant data
382 * @ssid: Configuration data for the network
384 * This function is used to configure WPA state machine and related parameters
385 * to a mode where WPA is not enabled. This is called as part of the
386 * authentication configuration when the selected network does not use WPA.
388 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant
*wpa_s
,
389 struct wpa_ssid
*ssid
)
393 if (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
)
394 wpa_s
->key_mgmt
= WPA_KEY_MGMT_WPS
;
395 else if (ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
)
396 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_NO_WPA
;
398 wpa_s
->key_mgmt
= WPA_KEY_MGMT_NONE
;
399 wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, NULL
, 0);
400 wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, NULL
, 0);
401 wpa_sm_set_assoc_wpa_ie(wpa_s
->wpa
, NULL
, 0);
402 wpa_s
->pairwise_cipher
= WPA_CIPHER_NONE
;
403 wpa_s
->group_cipher
= WPA_CIPHER_NONE
;
404 wpa_s
->mgmt_group_cipher
= 0;
406 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
407 if (ssid
->wep_key_len
[i
] > 5) {
408 wpa_s
->pairwise_cipher
= WPA_CIPHER_WEP104
;
409 wpa_s
->group_cipher
= WPA_CIPHER_WEP104
;
411 } else if (ssid
->wep_key_len
[i
] > 0) {
412 wpa_s
->pairwise_cipher
= WPA_CIPHER_WEP40
;
413 wpa_s
->group_cipher
= WPA_CIPHER_WEP40
;
418 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_RSN_ENABLED
, 0);
419 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_KEY_MGMT
, wpa_s
->key_mgmt
);
420 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PAIRWISE
,
421 wpa_s
->pairwise_cipher
);
422 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_GROUP
, wpa_s
->group_cipher
);
423 #ifdef CONFIG_IEEE80211W
424 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MGMT_GROUP
,
425 wpa_s
->mgmt_group_cipher
);
426 #endif /* CONFIG_IEEE80211W */
428 pmksa_cache_clear_current(wpa_s
->wpa
);
432 void free_hw_features(struct wpa_supplicant
*wpa_s
)
435 if (wpa_s
->hw
.modes
== NULL
)
438 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
439 os_free(wpa_s
->hw
.modes
[i
].channels
);
440 os_free(wpa_s
->hw
.modes
[i
].rates
);
443 os_free(wpa_s
->hw
.modes
);
444 wpa_s
->hw
.modes
= NULL
;
448 void free_bss_tmp_disallowed(struct wpa_supplicant
*wpa_s
)
450 struct wpa_bss_tmp_disallowed
*bss
, *prev
;
452 dl_list_for_each_safe(bss
, prev
, &wpa_s
->bss_tmp_disallowed
,
453 struct wpa_bss_tmp_disallowed
, list
) {
454 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout
, wpa_s
, bss
);
455 dl_list_del(&bss
->list
);
461 void wpas_flush_fils_hlp_req(struct wpa_supplicant
*wpa_s
)
463 struct fils_hlp_req
*req
;
465 while ((req
= dl_list_first(&wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
467 dl_list_del(&req
->list
);
468 wpabuf_free(req
->pkt
);
474 static void wpa_supplicant_cleanup(struct wpa_supplicant
*wpa_s
)
478 bgscan_deinit(wpa_s
);
479 autoscan_deinit(wpa_s
);
480 scard_deinit(wpa_s
->scard
);
482 wpa_sm_set_scard_ctx(wpa_s
->wpa
, NULL
);
483 eapol_sm_register_scard_ctx(wpa_s
->eapol
, NULL
);
484 l2_packet_deinit(wpa_s
->l2
);
487 l2_packet_deinit(wpa_s
->l2_br
);
490 #ifdef CONFIG_TESTING_OPTIONS
491 l2_packet_deinit(wpa_s
->l2_test
);
492 wpa_s
->l2_test
= NULL
;
493 os_free(wpa_s
->get_pref_freq_list_override
);
494 wpa_s
->get_pref_freq_list_override
= NULL
;
495 wpabuf_free(wpa_s
->last_assoc_req_wpa_ie
);
496 wpa_s
->last_assoc_req_wpa_ie
= NULL
;
497 #endif /* CONFIG_TESTING_OPTIONS */
499 if (wpa_s
->conf
!= NULL
) {
500 struct wpa_ssid
*ssid
;
501 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
502 wpas_notify_network_removed(wpa_s
, ssid
);
505 os_free(wpa_s
->confname
);
506 wpa_s
->confname
= NULL
;
508 os_free(wpa_s
->confanother
);
509 wpa_s
->confanother
= NULL
;
511 os_free(wpa_s
->last_con_fail_realm
);
512 wpa_s
->last_con_fail_realm
= NULL
;
513 wpa_s
->last_con_fail_realm_len
= 0;
515 wpa_sm_set_eapol(wpa_s
->wpa
, NULL
);
516 eapol_sm_deinit(wpa_s
->eapol
);
519 rsn_preauth_deinit(wpa_s
->wpa
);
522 wpa_tdls_deinit(wpa_s
->wpa
);
523 #endif /* CONFIG_TDLS */
525 wmm_ac_clear_saved_tspecs(wpa_s
);
526 pmksa_candidate_free(wpa_s
->wpa
);
527 wpa_sm_deinit(wpa_s
->wpa
);
529 wpa_blacklist_clear(wpa_s
);
531 wpa_bss_deinit(wpa_s
);
533 wpa_supplicant_cancel_delayed_sched_scan(wpa_s
);
534 wpa_supplicant_cancel_scan(wpa_s
);
535 wpa_supplicant_cancel_auth_timeout(wpa_s
);
536 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures
, wpa_s
, NULL
);
537 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
538 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report
,
540 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
542 eloop_cancel_timeout(wpas_network_reenabled
, wpa_s
, NULL
);
544 wpas_wps_deinit(wpa_s
);
546 wpabuf_free(wpa_s
->pending_eapol_rx
);
547 wpa_s
->pending_eapol_rx
= NULL
;
549 #ifdef CONFIG_IBSS_RSN
550 ibss_rsn_deinit(wpa_s
->ibss_rsn
);
551 wpa_s
->ibss_rsn
= NULL
;
552 #endif /* CONFIG_IBSS_RSN */
557 wpa_supplicant_ap_deinit(wpa_s
);
558 #endif /* CONFIG_AP */
560 wpas_p2p_deinit(wpa_s
);
562 #ifdef CONFIG_OFFCHANNEL
563 offchannel_deinit(wpa_s
);
564 #endif /* CONFIG_OFFCHANNEL */
566 wpa_supplicant_cancel_sched_scan(wpa_s
);
568 os_free(wpa_s
->next_scan_freqs
);
569 wpa_s
->next_scan_freqs
= NULL
;
571 os_free(wpa_s
->manual_scan_freqs
);
572 wpa_s
->manual_scan_freqs
= NULL
;
573 os_free(wpa_s
->select_network_scan_freqs
);
574 wpa_s
->select_network_scan_freqs
= NULL
;
576 os_free(wpa_s
->manual_sched_scan_freqs
);
577 wpa_s
->manual_sched_scan_freqs
= NULL
;
579 wpas_mac_addr_rand_scan_clear(wpa_s
, MAC_ADDR_RAND_ALL
);
582 * Need to remove any pending gas-query radio work before the
583 * gas_query_deinit() call because gas_query::work has not yet been set
584 * for works that have not been started. gas_query_free() will be unable
585 * to cancel such pending radio works and once the pending gas-query
586 * radio work eventually gets removed, the deinit notification call to
587 * gas_query_start_cb() would result in dereferencing freed memory.
590 radio_remove_works(wpa_s
, "gas-query", 0);
591 gas_query_deinit(wpa_s
->gas
);
593 gas_server_deinit(wpa_s
->gas_server
);
594 wpa_s
->gas_server
= NULL
;
596 free_hw_features(wpa_s
);
598 ieee802_1x_dealloc_kay_sm(wpa_s
);
600 os_free(wpa_s
->bssid_filter
);
601 wpa_s
->bssid_filter
= NULL
;
603 os_free(wpa_s
->disallow_aps_bssid
);
604 wpa_s
->disallow_aps_bssid
= NULL
;
605 os_free(wpa_s
->disallow_aps_ssid
);
606 wpa_s
->disallow_aps_ssid
= NULL
;
608 wnm_bss_keep_alive_deinit(wpa_s
);
610 wnm_deallocate_memory(wpa_s
);
611 #endif /* CONFIG_WNM */
613 ext_password_deinit(wpa_s
->ext_pw
);
614 wpa_s
->ext_pw
= NULL
;
616 wpabuf_free(wpa_s
->last_gas_resp
);
617 wpa_s
->last_gas_resp
= NULL
;
618 wpabuf_free(wpa_s
->prev_gas_resp
);
619 wpa_s
->prev_gas_resp
= NULL
;
621 os_free(wpa_s
->last_scan_res
);
622 wpa_s
->last_scan_res
= NULL
;
626 wpa_drv_configure_frame_filters(wpa_s
, 0);
628 #endif /* CONFIG_HS20 */
630 for (i
= 0; i
< NUM_VENDOR_ELEM_FRAMES
; i
++) {
631 wpabuf_free(wpa_s
->vendor_elem
[i
]);
632 wpa_s
->vendor_elem
[i
] = NULL
;
635 wmm_ac_notify_disassoc(wpa_s
);
637 wpa_s
->sched_scan_plans_num
= 0;
638 os_free(wpa_s
->sched_scan_plans
);
639 wpa_s
->sched_scan_plans
= NULL
;
642 wpa_s
->non_pref_chan_num
= 0;
643 os_free(wpa_s
->non_pref_chan
);
644 wpa_s
->non_pref_chan
= NULL
;
645 #endif /* CONFIG_MBO */
647 free_bss_tmp_disallowed(wpa_s
);
649 wpabuf_free(wpa_s
->lci
);
651 wpas_clear_beacon_rep_data(wpa_s
);
653 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
656 struct external_pmksa_cache
*entry
;
658 while ((entry
= dl_list_last(&wpa_s
->mesh_external_pmksa_cache
,
659 struct external_pmksa_cache
,
661 dl_list_del(&entry
->list
);
662 os_free(entry
->pmksa_cache
);
666 #endif /* CONFIG_MESH */
667 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
669 wpas_flush_fils_hlp_req(wpa_s
);
671 wpabuf_free(wpa_s
->ric_ies
);
672 wpa_s
->ric_ies
= NULL
;
675 wpas_dpp_deinit(wpa_s
);
676 dpp_global_deinit(wpa_s
->dpp
);
678 #endif /* CONFIG_DPP */
683 * wpa_clear_keys - Clear keys configured for the driver
684 * @wpa_s: Pointer to wpa_supplicant data
685 * @addr: Previously used BSSID or %NULL if not available
687 * This function clears the encryption keys that has been previously configured
690 void wpa_clear_keys(struct wpa_supplicant
*wpa_s
, const u8
*addr
)
694 #ifdef CONFIG_IEEE80211W
696 #else /* CONFIG_IEEE80211W */
698 #endif /* CONFIG_IEEE80211W */
700 /* MLME-DELETEKEYS.request */
701 for (i
= 0; i
< max
; i
++) {
702 if (wpa_s
->keys_cleared
& BIT(i
))
704 wpa_drv_set_key(wpa_s
, WPA_ALG_NONE
, NULL
, i
, 0, NULL
, 0,
707 if (!(wpa_s
->keys_cleared
& BIT(0)) && addr
&&
708 !is_zero_ether_addr(addr
)) {
709 wpa_drv_set_key(wpa_s
, WPA_ALG_NONE
, addr
, 0, 0, NULL
, 0, NULL
,
711 /* MLME-SETPROTECTION.request(None) */
712 wpa_drv_mlme_setprotection(
714 MLME_SETPROTECTION_PROTECT_TYPE_NONE
,
715 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE
);
717 wpa_s
->keys_cleared
= (u32
) -1;
722 * wpa_supplicant_state_txt - Get the connection state name as a text string
723 * @state: State (wpa_state; WPA_*)
724 * Returns: The state name as a printable text string
726 const char * wpa_supplicant_state_txt(enum wpa_states state
)
729 case WPA_DISCONNECTED
:
730 return "DISCONNECTED";
733 case WPA_INTERFACE_DISABLED
:
734 return "INTERFACE_DISABLED";
737 case WPA_AUTHENTICATING
:
738 return "AUTHENTICATING";
739 case WPA_ASSOCIATING
:
740 return "ASSOCIATING";
743 case WPA_4WAY_HANDSHAKE
:
744 return "4WAY_HANDSHAKE";
745 case WPA_GROUP_HANDSHAKE
:
746 return "GROUP_HANDSHAKE";
757 static void wpa_supplicant_start_bgscan(struct wpa_supplicant
*wpa_s
)
761 if (wpa_s
->current_ssid
&& wpa_s
->current_ssid
->bgscan
)
762 name
= wpa_s
->current_ssid
->bgscan
;
764 name
= wpa_s
->conf
->bgscan
;
765 if (name
== NULL
|| name
[0] == '\0')
767 if (wpas_driver_bss_selection(wpa_s
))
769 if (wpa_s
->current_ssid
== wpa_s
->bgscan_ssid
)
772 if (wpa_s
->p2p_group_interface
!= NOT_P2P_GROUP_INTERFACE
)
774 #endif /* CONFIG_P2P */
776 bgscan_deinit(wpa_s
);
777 if (wpa_s
->current_ssid
) {
778 if (bgscan_init(wpa_s
, wpa_s
->current_ssid
, name
)) {
779 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize "
782 * Live without bgscan; it is only used as a roaming
783 * optimization, so the initial connection is not
787 struct wpa_scan_results
*scan_res
;
788 wpa_s
->bgscan_ssid
= wpa_s
->current_ssid
;
789 scan_res
= wpa_supplicant_get_scan_results(wpa_s
, NULL
,
792 bgscan_notify_scan(wpa_s
, scan_res
);
793 wpa_scan_results_free(scan_res
);
797 wpa_s
->bgscan_ssid
= NULL
;
801 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant
*wpa_s
)
803 if (wpa_s
->bgscan_ssid
!= NULL
) {
804 bgscan_deinit(wpa_s
);
805 wpa_s
->bgscan_ssid
= NULL
;
809 #endif /* CONFIG_BGSCAN */
812 static void wpa_supplicant_start_autoscan(struct wpa_supplicant
*wpa_s
)
814 if (autoscan_init(wpa_s
, 0))
815 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize autoscan");
819 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant
*wpa_s
)
821 autoscan_deinit(wpa_s
);
825 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant
*wpa_s
)
827 if (wpa_s
->wpa_state
== WPA_DISCONNECTED
||
828 wpa_s
->wpa_state
== WPA_SCANNING
) {
829 autoscan_deinit(wpa_s
);
830 wpa_supplicant_start_autoscan(wpa_s
);
836 * wpa_supplicant_set_state - Set current connection state
837 * @wpa_s: Pointer to wpa_supplicant data
838 * @state: The new connection state
840 * This function is called whenever the connection state changes, e.g.,
841 * association is completed for WPA/WPA2 4-Way Handshake is started.
843 void wpa_supplicant_set_state(struct wpa_supplicant
*wpa_s
,
844 enum wpa_states state
)
846 enum wpa_states old_state
= wpa_s
->wpa_state
;
848 wpa_dbg(wpa_s
, MSG_DEBUG
, "State: %s -> %s",
849 wpa_supplicant_state_txt(wpa_s
->wpa_state
),
850 wpa_supplicant_state_txt(state
));
852 if (state
== WPA_COMPLETED
&&
853 os_reltime_initialized(&wpa_s
->roam_start
)) {
854 os_reltime_age(&wpa_s
->roam_start
, &wpa_s
->roam_time
);
855 wpa_s
->roam_start
.sec
= 0;
856 wpa_s
->roam_start
.usec
= 0;
857 wpas_notify_auth_changed(wpa_s
);
858 wpas_notify_roam_time(wpa_s
);
859 wpas_notify_roam_complete(wpa_s
);
860 } else if (state
== WPA_DISCONNECTED
&&
861 os_reltime_initialized(&wpa_s
->roam_start
)) {
862 wpa_s
->roam_start
.sec
= 0;
863 wpa_s
->roam_start
.usec
= 0;
864 wpa_s
->roam_time
.sec
= 0;
865 wpa_s
->roam_time
.usec
= 0;
866 wpas_notify_roam_complete(wpa_s
);
869 if (state
== WPA_INTERFACE_DISABLED
) {
870 /* Assure normal scan when interface is restored */
871 wpa_s
->normal_scans
= 0;
874 if (state
== WPA_COMPLETED
) {
875 wpas_connect_work_done(wpa_s
);
876 /* Reinitialize normal_scan counter */
877 wpa_s
->normal_scans
= 0;
882 * P2PS client has to reply to Probe Request frames received on the
883 * group operating channel. Enable Probe Request frame reporting for
884 * P2P connected client in case p2p_cli_probe configuration property is
887 if (wpa_s
->conf
->p2p_cli_probe
&& wpa_s
->current_ssid
&&
888 wpa_s
->current_ssid
->mode
== WPAS_MODE_INFRA
&&
889 wpa_s
->current_ssid
->p2p_group
) {
890 if (state
== WPA_COMPLETED
&& !wpa_s
->p2p_cli_probe
) {
891 wpa_dbg(wpa_s
, MSG_DEBUG
,
892 "P2P: Enable CLI Probe Request RX reporting");
893 wpa_s
->p2p_cli_probe
=
894 wpa_drv_probe_req_report(wpa_s
, 1) >= 0;
895 } else if (state
!= WPA_COMPLETED
&& wpa_s
->p2p_cli_probe
) {
896 wpa_dbg(wpa_s
, MSG_DEBUG
,
897 "P2P: Disable CLI Probe Request RX reporting");
898 wpa_s
->p2p_cli_probe
= 0;
899 wpa_drv_probe_req_report(wpa_s
, 0);
902 #endif /* CONFIG_P2P */
904 if (state
!= WPA_SCANNING
)
905 wpa_supplicant_notify_scanning(wpa_s
, 0);
907 if (state
== WPA_COMPLETED
&& wpa_s
->new_connection
) {
908 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
909 int fils_hlp_sent
= 0;
912 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
913 wpa_auth_alg_fils(wpa_s
->sme
.auth_alg
))
915 #endif /* CONFIG_SME */
916 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
917 wpa_auth_alg_fils(wpa_s
->auth_alg
))
920 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
921 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_CONNECTED
"- Connection to "
922 MACSTR
" completed [id=%d id_str=%s%s]",
923 MAC2STR(wpa_s
->bssid
),
924 ssid
? ssid
->id
: -1,
925 ssid
&& ssid
->id_str
? ssid
->id_str
: "",
926 fils_hlp_sent
? " FILS_HLP_SENT" : "");
927 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
928 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
929 wpa_blacklist_clear(wpa_s
);
930 wpa_s
->extra_blacklist_count
= 0;
931 wpa_s
->new_connection
= 0;
932 wpa_drv_set_operstate(wpa_s
, 1);
933 #ifndef IEEE8021X_EAPOL
934 wpa_drv_set_supp_port(wpa_s
, 1);
935 #endif /* IEEE8021X_EAPOL */
936 wpa_s
->after_wps
= 0;
937 wpa_s
->known_wps_freq
= 0;
938 wpas_p2p_completed(wpa_s
);
940 sme_sched_obss_scan(wpa_s
, 1);
942 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
943 if (!fils_hlp_sent
&& ssid
&& ssid
->eap
.erp
)
944 wpas_update_fils_connect_params(wpa_s
);
945 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
946 } else if (state
== WPA_DISCONNECTED
|| state
== WPA_ASSOCIATING
||
947 state
== WPA_ASSOCIATED
) {
948 wpa_s
->new_connection
= 1;
949 wpa_drv_set_operstate(wpa_s
, 0);
950 #ifndef IEEE8021X_EAPOL
951 wpa_drv_set_supp_port(wpa_s
, 0);
952 #endif /* IEEE8021X_EAPOL */
953 sme_sched_obss_scan(wpa_s
, 0);
955 wpa_s
->wpa_state
= state
;
958 if (state
== WPA_COMPLETED
)
959 wpa_supplicant_start_bgscan(wpa_s
);
960 else if (state
< WPA_ASSOCIATED
)
961 wpa_supplicant_stop_bgscan(wpa_s
);
962 #endif /* CONFIG_BGSCAN */
964 if (state
== WPA_AUTHENTICATING
)
965 wpa_supplicant_stop_autoscan(wpa_s
);
967 if (state
== WPA_DISCONNECTED
|| state
== WPA_INACTIVE
)
968 wpa_supplicant_start_autoscan(wpa_s
);
970 if (old_state
>= WPA_ASSOCIATED
&& wpa_s
->wpa_state
< WPA_ASSOCIATED
)
971 wmm_ac_notify_disassoc(wpa_s
);
973 if (wpa_s
->wpa_state
!= old_state
) {
974 wpas_notify_state_changed(wpa_s
, wpa_s
->wpa_state
, old_state
);
977 * Notify the P2P Device interface about a state change in one
980 wpas_p2p_indicate_state_change(wpa_s
);
982 if (wpa_s
->wpa_state
== WPA_COMPLETED
||
983 old_state
== WPA_COMPLETED
)
984 wpas_notify_auth_changed(wpa_s
);
989 void wpa_supplicant_terminate_proc(struct wpa_global
*global
)
993 struct wpa_supplicant
*wpa_s
= global
->ifaces
;
995 struct wpa_supplicant
*next
= wpa_s
->next
;
996 if (wpas_wps_terminate_pending(wpa_s
) == 1)
999 if (wpa_s
->p2p_group_interface
!= NOT_P2P_GROUP_INTERFACE
||
1000 (wpa_s
->current_ssid
&& wpa_s
->current_ssid
->p2p_group
))
1001 wpas_p2p_disconnect(wpa_s
);
1002 #endif /* CONFIG_P2P */
1005 #endif /* CONFIG_WPS */
1012 static void wpa_supplicant_terminate(int sig
, void *signal_ctx
)
1014 struct wpa_global
*global
= signal_ctx
;
1015 wpa_supplicant_terminate_proc(global
);
1019 void wpa_supplicant_clear_status(struct wpa_supplicant
*wpa_s
)
1021 enum wpa_states old_state
= wpa_s
->wpa_state
;
1023 wpa_s
->pairwise_cipher
= 0;
1024 wpa_s
->group_cipher
= 0;
1025 wpa_s
->mgmt_group_cipher
= 0;
1026 wpa_s
->key_mgmt
= 0;
1027 if (wpa_s
->wpa_state
!= WPA_INTERFACE_DISABLED
)
1028 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
1030 if (wpa_s
->wpa_state
!= old_state
)
1031 wpas_notify_state_changed(wpa_s
, wpa_s
->wpa_state
, old_state
);
1036 * wpa_supplicant_reload_configuration - Reload configuration data
1037 * @wpa_s: Pointer to wpa_supplicant data
1038 * Returns: 0 on success or -1 if configuration parsing failed
1040 * This function can be used to request that the configuration data is reloaded
1041 * (e.g., after configuration file change). This function is reloading
1042 * configuration only for one interface, so this may need to be called multiple
1043 * times if %wpa_supplicant is controlling multiple interfaces and all
1044 * interfaces need reconfiguration.
1046 int wpa_supplicant_reload_configuration(struct wpa_supplicant
*wpa_s
)
1048 struct wpa_config
*conf
;
1052 if (wpa_s
->confname
== NULL
)
1054 conf
= wpa_config_read(wpa_s
->confname
, NULL
);
1056 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to parse the configuration "
1057 "file '%s' - exiting", wpa_s
->confname
);
1060 if (wpa_s
->confanother
&&
1061 !wpa_config_read(wpa_s
->confanother
, conf
)) {
1062 wpa_msg(wpa_s
, MSG_ERROR
,
1063 "Failed to parse the configuration file '%s' - exiting",
1064 wpa_s
->confanother
);
1068 conf
->changed_parameters
= (unsigned int) -1;
1070 reconf_ctrl
= !!conf
->ctrl_interface
!= !!wpa_s
->conf
->ctrl_interface
1071 || (conf
->ctrl_interface
&& wpa_s
->conf
->ctrl_interface
&&
1072 os_strcmp(conf
->ctrl_interface
,
1073 wpa_s
->conf
->ctrl_interface
) != 0);
1075 if (reconf_ctrl
&& wpa_s
->ctrl_iface
) {
1076 wpa_supplicant_ctrl_iface_deinit(wpa_s
->ctrl_iface
);
1077 wpa_s
->ctrl_iface
= NULL
;
1080 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
1081 if (wpa_s
->current_ssid
) {
1082 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
1083 wpa_s
->own_disconnect_req
= 1;
1084 wpa_supplicant_deauthenticate(wpa_s
,
1085 WLAN_REASON_DEAUTH_LEAVING
);
1089 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1090 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1092 if (wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
1093 wpa_s
->key_mgmt
== WPA_KEY_MGMT_OWE
||
1094 wpa_s
->key_mgmt
== WPA_KEY_MGMT_DPP
) {
1096 * Clear forced success to clear EAP state for next
1099 eapol_sm_notify_eap_success(wpa_s
->eapol
, FALSE
);
1101 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
1102 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
1103 wpa_sm_pmksa_cache_flush(wpa_s
->wpa
, NULL
);
1104 wpa_sm_set_fast_reauth(wpa_s
->wpa
, wpa_s
->conf
->fast_reauth
);
1105 rsn_preauth_deinit(wpa_s
->wpa
);
1107 old_ap_scan
= wpa_s
->conf
->ap_scan
;
1108 wpa_config_free(wpa_s
->conf
);
1110 if (old_ap_scan
!= wpa_s
->conf
->ap_scan
)
1111 wpas_notify_ap_scan_changed(wpa_s
);
1114 wpa_s
->ctrl_iface
= wpa_supplicant_ctrl_iface_init(wpa_s
);
1116 wpa_supplicant_update_config(wpa_s
);
1118 wpa_supplicant_clear_status(wpa_s
);
1119 if (wpa_supplicant_enabled_networks(wpa_s
)) {
1120 wpa_s
->reassociate
= 1;
1121 wpa_supplicant_req_scan(wpa_s
, 0, 0);
1123 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reconfiguration completed");
1128 static void wpa_supplicant_reconfig(int sig
, void *signal_ctx
)
1130 struct wpa_global
*global
= signal_ctx
;
1131 struct wpa_supplicant
*wpa_s
;
1132 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
1133 wpa_dbg(wpa_s
, MSG_DEBUG
, "Signal %d received - reconfiguring",
1135 if (wpa_supplicant_reload_configuration(wpa_s
) < 0) {
1136 wpa_supplicant_terminate_proc(global
);
1140 if (wpa_debug_reopen_file() < 0) {
1141 /* Ignore errors since we cannot really do much to fix this */
1142 wpa_printf(MSG_DEBUG
, "Could not reopen debug log file");
1147 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant
*wpa_s
,
1148 struct wpa_ssid
*ssid
,
1149 struct wpa_ie_data
*ie
)
1151 int ret
= wpa_sm_parse_own_wpa_ie(wpa_s
->wpa
, ie
);
1154 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Failed to parse WPA IE "
1155 "from association info");
1160 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Using WPA IE from AssocReq to set "
1162 if (!(ie
->group_cipher
& ssid
->group_cipher
)) {
1163 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled group "
1164 "cipher 0x%x (mask 0x%x) - reject",
1165 ie
->group_cipher
, ssid
->group_cipher
);
1168 if (!(ie
->pairwise_cipher
& ssid
->pairwise_cipher
)) {
1169 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled pairwise "
1170 "cipher 0x%x (mask 0x%x) - reject",
1171 ie
->pairwise_cipher
, ssid
->pairwise_cipher
);
1174 if (!(ie
->key_mgmt
& ssid
->key_mgmt
)) {
1175 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled key "
1176 "management 0x%x (mask 0x%x) - reject",
1177 ie
->key_mgmt
, ssid
->key_mgmt
);
1181 #ifdef CONFIG_IEEE80211W
1182 if (!(ie
->capabilities
& WPA_CAPABILITY_MFPC
) &&
1183 wpas_get_ssid_pmf(wpa_s
, ssid
) == MGMT_FRAME_PROTECTION_REQUIRED
) {
1184 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver associated with an AP "
1185 "that does not support management frame protection - "
1189 #endif /* CONFIG_IEEE80211W */
1195 static int matching_ciphers(struct wpa_ssid
*ssid
, struct wpa_ie_data
*ie
,
1199 ie
->group_cipher
= wpa_default_rsn_cipher(freq
);
1200 if (!ie
->has_pairwise
)
1201 ie
->pairwise_cipher
= wpa_default_rsn_cipher(freq
);
1202 return (ie
->group_cipher
& ssid
->group_cipher
) &&
1203 (ie
->pairwise_cipher
& ssid
->pairwise_cipher
);
1208 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1209 * @wpa_s: Pointer to wpa_supplicant data
1210 * @bss: Scan results for the selected BSS, or %NULL if not available
1211 * @ssid: Configuration data for the selected network
1212 * @wpa_ie: Buffer for the WPA/RSN IE
1213 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1214 * used buffer length in case the functions returns success.
1215 * Returns: 0 on success or -1 on failure
1217 * This function is used to configure authentication and encryption parameters
1218 * based on the network configuration and scan result for the selected BSS (if
1221 int wpa_supplicant_set_suites(struct wpa_supplicant
*wpa_s
,
1222 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
,
1223 u8
*wpa_ie
, size_t *wpa_ie_len
)
1225 struct wpa_ie_data ie
;
1227 const u8
*bss_wpa
, *bss_rsn
, *bss_osen
;
1230 bss_wpa
= wpa_bss_get_vendor_ie(bss
, WPA_IE_VENDOR_TYPE
);
1231 bss_rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
1232 bss_osen
= wpa_bss_get_vendor_ie(bss
, OSEN_IE_VENDOR_TYPE
);
1234 bss_wpa
= bss_rsn
= bss_osen
= NULL
;
1236 if (bss_rsn
&& (ssid
->proto
& WPA_PROTO_RSN
) &&
1237 wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
) == 0 &&
1238 matching_ciphers(ssid
, &ie
, bss
->freq
) &&
1239 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1240 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using IEEE 802.11i/D9.0");
1241 proto
= WPA_PROTO_RSN
;
1242 } else if (bss_wpa
&& (ssid
->proto
& WPA_PROTO_WPA
) &&
1243 wpa_parse_wpa_ie(bss_wpa
, 2 + bss_wpa
[1], &ie
) == 0 &&
1244 (ie
.group_cipher
& ssid
->group_cipher
) &&
1245 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1246 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1247 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using IEEE 802.11i/D3.0");
1248 proto
= WPA_PROTO_WPA
;
1250 } else if (bss_osen
&& (ssid
->proto
& WPA_PROTO_OSEN
) &&
1251 wpa_parse_wpa_ie(bss_osen
, 2 + bss_osen
[1], &ie
) == 0 &&
1252 (ie
.group_cipher
& ssid
->group_cipher
) &&
1253 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1254 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1255 wpa_dbg(wpa_s
, MSG_DEBUG
, "HS 2.0: using OSEN");
1256 proto
= WPA_PROTO_OSEN
;
1257 } else if (bss_rsn
&& (ssid
->proto
& WPA_PROTO_OSEN
) &&
1258 wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
) == 0 &&
1259 (ie
.group_cipher
& ssid
->group_cipher
) &&
1260 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1261 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1262 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using OSEN (within RSN)");
1263 proto
= WPA_PROTO_RSN
;
1264 #endif /* CONFIG_HS20 */
1266 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select WPA/RSN");
1267 wpa_dbg(wpa_s
, MSG_DEBUG
,
1268 "WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1269 ssid
->proto
, ssid
->pairwise_cipher
, ssid
->group_cipher
,
1271 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: BSS " MACSTR
" ssid='%s'%s%s%s",
1272 MAC2STR(bss
->bssid
),
1273 wpa_ssid_txt(bss
->ssid
, bss
->ssid_len
),
1274 bss_wpa
? " WPA" : "",
1275 bss_rsn
? " RSN" : "",
1276 bss_osen
? " OSEN" : "");
1278 wpa_hexdump(MSG_DEBUG
, "RSN", bss_rsn
, 2 + bss_rsn
[1]);
1279 if (wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
)) {
1280 wpa_dbg(wpa_s
, MSG_DEBUG
,
1281 "Could not parse RSN element");
1283 wpa_dbg(wpa_s
, MSG_DEBUG
,
1284 "RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1285 ie
.pairwise_cipher
, ie
.group_cipher
,
1290 wpa_hexdump(MSG_DEBUG
, "WPA", bss_wpa
, 2 + bss_wpa
[1]);
1291 if (wpa_parse_wpa_ie(bss_wpa
, 2 + bss_wpa
[1], &ie
)) {
1292 wpa_dbg(wpa_s
, MSG_DEBUG
,
1293 "Could not parse WPA element");
1295 wpa_dbg(wpa_s
, MSG_DEBUG
,
1296 "WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1297 ie
.pairwise_cipher
, ie
.group_cipher
,
1303 if (ssid
->proto
& WPA_PROTO_OSEN
)
1304 proto
= WPA_PROTO_OSEN
;
1305 else if (ssid
->proto
& WPA_PROTO_RSN
)
1306 proto
= WPA_PROTO_RSN
;
1308 proto
= WPA_PROTO_WPA
;
1309 if (wpa_supplicant_suites_from_ai(wpa_s
, ssid
, &ie
) < 0) {
1310 os_memset(&ie
, 0, sizeof(ie
));
1311 ie
.group_cipher
= ssid
->group_cipher
;
1312 ie
.pairwise_cipher
= ssid
->pairwise_cipher
;
1313 ie
.key_mgmt
= ssid
->key_mgmt
;
1314 #ifdef CONFIG_IEEE80211W
1315 ie
.mgmt_group_cipher
= 0;
1316 if (ssid
->ieee80211w
!= NO_MGMT_FRAME_PROTECTION
) {
1317 if (ssid
->group_mgmt_cipher
&
1318 WPA_CIPHER_BIP_GMAC_256
)
1319 ie
.mgmt_group_cipher
=
1320 WPA_CIPHER_BIP_GMAC_256
;
1321 else if (ssid
->group_mgmt_cipher
&
1322 WPA_CIPHER_BIP_CMAC_256
)
1323 ie
.mgmt_group_cipher
=
1324 WPA_CIPHER_BIP_CMAC_256
;
1325 else if (ssid
->group_mgmt_cipher
&
1326 WPA_CIPHER_BIP_GMAC_128
)
1327 ie
.mgmt_group_cipher
=
1328 WPA_CIPHER_BIP_GMAC_128
;
1330 ie
.mgmt_group_cipher
=
1331 WPA_CIPHER_AES_128_CMAC
;
1333 #endif /* CONFIG_IEEE80211W */
1335 if ((ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
) &&
1337 !bss_wpa
&& !bss_rsn
&& !bss_osen
) {
1338 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
1339 wpa_s
->wpa_proto
= 0;
1343 #endif /* CONFIG_OWE */
1344 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Set cipher suites "
1345 "based on configuration");
1350 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected cipher suites: group %d "
1351 "pairwise %d key_mgmt %d proto %d",
1352 ie
.group_cipher
, ie
.pairwise_cipher
, ie
.key_mgmt
, proto
);
1353 #ifdef CONFIG_IEEE80211W
1354 if (ssid
->ieee80211w
) {
1355 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected mgmt group cipher %d",
1356 ie
.mgmt_group_cipher
);
1358 #endif /* CONFIG_IEEE80211W */
1360 wpa_s
->wpa_proto
= proto
;
1361 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PROTO
, proto
);
1362 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_RSN_ENABLED
,
1363 !!(ssid
->proto
& (WPA_PROTO_RSN
| WPA_PROTO_OSEN
)));
1365 if (bss
|| !wpa_s
->ap_ies_from_associnfo
) {
1366 if (wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, bss_wpa
,
1367 bss_wpa
? 2 + bss_wpa
[1] : 0) ||
1368 wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, bss_rsn
,
1369 bss_rsn
? 2 + bss_rsn
[1] : 0))
1373 #ifdef CONFIG_NO_WPA
1374 wpa_s
->group_cipher
= WPA_CIPHER_NONE
;
1375 wpa_s
->pairwise_cipher
= WPA_CIPHER_NONE
;
1376 #else /* CONFIG_NO_WPA */
1377 sel
= ie
.group_cipher
& ssid
->group_cipher
;
1378 wpa_dbg(wpa_s
, MSG_DEBUG
,
1379 "WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
1380 ie
.group_cipher
, ssid
->group_cipher
, sel
);
1381 wpa_s
->group_cipher
= wpa_pick_group_cipher(sel
);
1382 if (wpa_s
->group_cipher
< 0) {
1383 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select group "
1387 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using GTK %s",
1388 wpa_cipher_txt(wpa_s
->group_cipher
));
1390 sel
= ie
.pairwise_cipher
& ssid
->pairwise_cipher
;
1391 wpa_dbg(wpa_s
, MSG_DEBUG
,
1392 "WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
1393 ie
.pairwise_cipher
, ssid
->pairwise_cipher
, sel
);
1394 wpa_s
->pairwise_cipher
= wpa_pick_pairwise_cipher(sel
, 1);
1395 if (wpa_s
->pairwise_cipher
< 0) {
1396 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select pairwise "
1400 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using PTK %s",
1401 wpa_cipher_txt(wpa_s
->pairwise_cipher
));
1402 #endif /* CONFIG_NO_WPA */
1404 sel
= ie
.key_mgmt
& ssid
->key_mgmt
;
1405 wpa_dbg(wpa_s
, MSG_DEBUG
,
1406 "WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
1407 ie
.key_mgmt
, ssid
->key_mgmt
, sel
);
1409 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SAE
))
1410 sel
&= ~(WPA_KEY_MGMT_SAE
| WPA_KEY_MGMT_FT_SAE
);
1411 #endif /* CONFIG_SAE */
1413 #ifdef CONFIG_IEEE80211R
1414 #ifdef CONFIG_SHA384
1415 } else if (sel
& WPA_KEY_MGMT_FT_IEEE8021X_SHA384
) {
1416 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_IEEE8021X_SHA384
;
1417 wpa_dbg(wpa_s
, MSG_DEBUG
,
1418 "WPA: using KEY_MGMT FT/802.1X-SHA384");
1419 if (pmksa_cache_get_current(wpa_s
->wpa
)) {
1420 /* PMKSA caching with FT is not fully functional, so
1421 * disable the case for now. */
1422 wpa_dbg(wpa_s
, MSG_DEBUG
,
1423 "WPA: Disable PMKSA caching for FT/802.1X connection");
1424 pmksa_cache_clear_current(wpa_s
->wpa
);
1426 #endif /* CONFIG_SHA384 */
1427 #endif /* CONFIG_IEEE80211R */
1428 #ifdef CONFIG_SUITEB192
1429 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
) {
1430 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
;
1431 wpa_dbg(wpa_s
, MSG_DEBUG
,
1432 "WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1433 #endif /* CONFIG_SUITEB192 */
1434 #ifdef CONFIG_SUITEB
1435 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SUITE_B
) {
1436 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SUITE_B
;
1437 wpa_dbg(wpa_s
, MSG_DEBUG
,
1438 "WPA: using KEY_MGMT 802.1X with Suite B");
1439 #endif /* CONFIG_SUITEB */
1441 #ifdef CONFIG_IEEE80211R
1442 } else if (sel
& WPA_KEY_MGMT_FT_FILS_SHA384
) {
1443 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_FILS_SHA384
;
1444 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT-FILS-SHA384");
1445 } else if (sel
& WPA_KEY_MGMT_FT_FILS_SHA256
) {
1446 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_FILS_SHA256
;
1447 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT-FILS-SHA256");
1448 #endif /* CONFIG_IEEE80211R */
1449 } else if (sel
& WPA_KEY_MGMT_FILS_SHA384
) {
1450 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FILS_SHA384
;
1451 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FILS-SHA384");
1452 } else if (sel
& WPA_KEY_MGMT_FILS_SHA256
) {
1453 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FILS_SHA256
;
1454 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FILS-SHA256");
1455 #endif /* CONFIG_FILS */
1456 #ifdef CONFIG_IEEE80211R
1457 } else if (sel
& WPA_KEY_MGMT_FT_IEEE8021X
) {
1458 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_IEEE8021X
;
1459 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT/802.1X");
1460 if (pmksa_cache_get_current(wpa_s
->wpa
)) {
1461 /* PMKSA caching with FT is not fully functional, so
1462 * disable the case for now. */
1463 wpa_dbg(wpa_s
, MSG_DEBUG
,
1464 "WPA: Disable PMKSA caching for FT/802.1X connection");
1465 pmksa_cache_clear_current(wpa_s
->wpa
);
1467 #endif /* CONFIG_IEEE80211R */
1469 } else if (sel
& WPA_KEY_MGMT_DPP
) {
1470 wpa_s
->key_mgmt
= WPA_KEY_MGMT_DPP
;
1471 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT DPP");
1472 #endif /* CONFIG_DPP */
1474 } else if (sel
& WPA_KEY_MGMT_FT_SAE
) {
1475 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_SAE
;
1476 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT FT/SAE");
1477 } else if (sel
& WPA_KEY_MGMT_SAE
) {
1478 wpa_s
->key_mgmt
= WPA_KEY_MGMT_SAE
;
1479 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT SAE");
1480 #endif /* CONFIG_SAE */
1481 #ifdef CONFIG_IEEE80211R
1482 } else if (sel
& WPA_KEY_MGMT_FT_PSK
) {
1483 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_PSK
;
1484 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT/PSK");
1485 #endif /* CONFIG_IEEE80211R */
1486 #ifdef CONFIG_IEEE80211W
1487 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SHA256
) {
1488 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SHA256
;
1489 wpa_dbg(wpa_s
, MSG_DEBUG
,
1490 "WPA: using KEY_MGMT 802.1X with SHA256");
1491 } else if (sel
& WPA_KEY_MGMT_PSK_SHA256
) {
1492 wpa_s
->key_mgmt
= WPA_KEY_MGMT_PSK_SHA256
;
1493 wpa_dbg(wpa_s
, MSG_DEBUG
,
1494 "WPA: using KEY_MGMT PSK with SHA256");
1495 #endif /* CONFIG_IEEE80211W */
1496 } else if (sel
& WPA_KEY_MGMT_IEEE8021X
) {
1497 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X
;
1498 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT 802.1X");
1499 } else if (sel
& WPA_KEY_MGMT_PSK
) {
1500 wpa_s
->key_mgmt
= WPA_KEY_MGMT_PSK
;
1501 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT WPA-PSK");
1502 } else if (sel
& WPA_KEY_MGMT_WPA_NONE
) {
1503 wpa_s
->key_mgmt
= WPA_KEY_MGMT_WPA_NONE
;
1504 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT WPA-NONE");
1506 } else if (sel
& WPA_KEY_MGMT_OSEN
) {
1507 wpa_s
->key_mgmt
= WPA_KEY_MGMT_OSEN
;
1508 wpa_dbg(wpa_s
, MSG_DEBUG
, "HS 2.0: using KEY_MGMT OSEN");
1509 #endif /* CONFIG_HS20 */
1511 } else if (sel
& WPA_KEY_MGMT_OWE
) {
1512 wpa_s
->key_mgmt
= WPA_KEY_MGMT_OWE
;
1513 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT OWE");
1514 #endif /* CONFIG_OWE */
1516 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select "
1517 "authenticated key management type");
1521 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_KEY_MGMT
, wpa_s
->key_mgmt
);
1522 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PAIRWISE
,
1523 wpa_s
->pairwise_cipher
);
1524 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_GROUP
, wpa_s
->group_cipher
);
1526 #ifdef CONFIG_IEEE80211W
1527 sel
= ie
.mgmt_group_cipher
;
1528 if (ssid
->group_mgmt_cipher
)
1529 sel
&= ssid
->group_mgmt_cipher
;
1530 if (wpas_get_ssid_pmf(wpa_s
, ssid
) == NO_MGMT_FRAME_PROTECTION
||
1531 !(ie
.capabilities
& WPA_CAPABILITY_MFPC
))
1533 wpa_dbg(wpa_s
, MSG_DEBUG
,
1534 "WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
1535 ie
.mgmt_group_cipher
, ssid
->group_mgmt_cipher
, sel
);
1536 if (sel
& WPA_CIPHER_AES_128_CMAC
) {
1537 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_AES_128_CMAC
;
1538 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1540 } else if (sel
& WPA_CIPHER_BIP_GMAC_128
) {
1541 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_GMAC_128
;
1542 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1544 } else if (sel
& WPA_CIPHER_BIP_GMAC_256
) {
1545 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_GMAC_256
;
1546 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1548 } else if (sel
& WPA_CIPHER_BIP_CMAC_256
) {
1549 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_CMAC_256
;
1550 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1553 wpa_s
->mgmt_group_cipher
= 0;
1554 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: not using MGMT group cipher");
1556 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MGMT_GROUP
,
1557 wpa_s
->mgmt_group_cipher
);
1558 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MFP
,
1559 wpas_get_ssid_pmf(wpa_s
, ssid
));
1560 #endif /* CONFIG_IEEE80211W */
1562 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_OCV
, ssid
->ocv
);
1563 #endif /* CONFIG_OCV */
1565 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s
->wpa
, wpa_ie
, wpa_ie_len
)) {
1566 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to generate WPA IE");
1572 } else if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_DPP
) {
1573 /* Use PMK from DPP network introduction (PMKSA entry) */
1574 wpa_sm_set_pmk_from_pmksa(wpa_s
->wpa
);
1575 #endif /* CONFIG_DPP */
1576 } else if (wpa_key_mgmt_wpa_psk(ssid
->key_mgmt
)) {
1580 sae_only
= (ssid
->key_mgmt
& (WPA_KEY_MGMT_PSK
|
1581 WPA_KEY_MGMT_FT_PSK
|
1582 WPA_KEY_MGMT_PSK_SHA256
)) == 0;
1584 if (ssid
->psk_set
&& !sae_only
) {
1585 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (set in config)",
1586 ssid
->psk
, PMK_LEN
);
1587 wpa_sm_set_pmk(wpa_s
->wpa
, ssid
->psk
, PMK_LEN
, NULL
,
1592 if (wpa_key_mgmt_sae(ssid
->key_mgmt
) &&
1593 (ssid
->sae_password
|| ssid
->passphrase
))
1596 #ifndef CONFIG_NO_PBKDF2
1597 if (bss
&& ssid
->bssid_set
&& ssid
->ssid_len
== 0 &&
1598 ssid
->passphrase
&& !sae_only
) {
1600 pbkdf2_sha1(ssid
->passphrase
, bss
->ssid
, bss
->ssid_len
,
1601 4096, psk
, PMK_LEN
);
1602 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (from passphrase)",
1604 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
, NULL
);
1606 os_memset(psk
, 0, sizeof(psk
));
1608 #endif /* CONFIG_NO_PBKDF2 */
1609 #ifdef CONFIG_EXT_PASSWORD
1610 if (ssid
->ext_psk
&& !sae_only
) {
1611 struct wpabuf
*pw
= ext_password_get(wpa_s
->ext_pw
,
1613 char pw_str
[64 + 1];
1617 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: No PSK "
1618 "found from external storage");
1622 if (wpabuf_len(pw
) < 8 || wpabuf_len(pw
) > 64) {
1623 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: Unexpected "
1624 "PSK length %d in external storage",
1625 (int) wpabuf_len(pw
));
1626 ext_password_free(pw
);
1630 os_memcpy(pw_str
, wpabuf_head(pw
), wpabuf_len(pw
));
1631 pw_str
[wpabuf_len(pw
)] = '\0';
1633 #ifndef CONFIG_NO_PBKDF2
1634 if (wpabuf_len(pw
) >= 8 && wpabuf_len(pw
) < 64 && bss
)
1636 pbkdf2_sha1(pw_str
, bss
->ssid
, bss
->ssid_len
,
1637 4096, psk
, PMK_LEN
);
1638 os_memset(pw_str
, 0, sizeof(pw_str
));
1639 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (from "
1640 "external passphrase)",
1642 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
,
1645 os_memset(psk
, 0, sizeof(psk
));
1647 #endif /* CONFIG_NO_PBKDF2 */
1648 if (wpabuf_len(pw
) == 2 * PMK_LEN
) {
1649 if (hexstr2bin(pw_str
, psk
, PMK_LEN
) < 0) {
1650 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: "
1651 "Invalid PSK hex string");
1652 os_memset(pw_str
, 0, sizeof(pw_str
));
1653 ext_password_free(pw
);
1656 wpa_hexdump_key(MSG_MSGDUMP
,
1657 "PSK (from external PSK)",
1659 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
,
1662 os_memset(psk
, 0, sizeof(psk
));
1664 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: No suitable "
1666 os_memset(pw_str
, 0, sizeof(pw_str
));
1667 ext_password_free(pw
);
1671 os_memset(pw_str
, 0, sizeof(pw_str
));
1672 ext_password_free(pw
);
1674 #endif /* CONFIG_EXT_PASSWORD */
1677 wpa_msg(wpa_s
, MSG_INFO
,
1678 "No PSK available for association");
1679 wpas_auth_failed(wpa_s
, "NO_PSK_AVAILABLE");
1683 } else if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_OWE
) {
1684 /* OWE Diffie-Hellman exchange in (Re)Association
1685 * Request/Response frames set the PMK, so do not override it
1687 #endif /* CONFIG_OWE */
1689 wpa_sm_set_pmk_from_pmksa(wpa_s
->wpa
);
1695 static void wpas_ext_capab_byte(struct wpa_supplicant
*wpa_s
, u8
*pos
, int idx
)
1700 case 0: /* Bits 0-7 */
1702 case 1: /* Bits 8-15 */
1703 if (wpa_s
->conf
->coloc_intf_reporting
) {
1704 /* Bit 13 - Collocated Interference Reporting */
1708 case 2: /* Bits 16-23 */
1710 *pos
|= 0x02; /* Bit 17 - WNM-Sleep Mode */
1711 *pos
|= 0x08; /* Bit 19 - BSS Transition */
1712 #endif /* CONFIG_WNM */
1714 case 3: /* Bits 24-31 */
1716 *pos
|= 0x02; /* Bit 25 - SSID List */
1717 #endif /* CONFIG_WNM */
1718 #ifdef CONFIG_INTERWORKING
1719 if (wpa_s
->conf
->interworking
)
1720 *pos
|= 0x80; /* Bit 31 - Interworking */
1721 #endif /* CONFIG_INTERWORKING */
1723 case 4: /* Bits 32-39 */
1724 #ifdef CONFIG_INTERWORKING
1725 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_QOS_MAPPING
)
1726 *pos
|= 0x01; /* Bit 32 - QoS Map */
1727 #endif /* CONFIG_INTERWORKING */
1729 case 5: /* Bits 40-47 */
1731 if (wpa_s
->conf
->hs20
)
1732 *pos
|= 0x40; /* Bit 46 - WNM-Notification */
1733 #endif /* CONFIG_HS20 */
1735 *pos
|= 0x40; /* Bit 46 - WNM-Notification */
1736 #endif /* CONFIG_MBO */
1738 case 6: /* Bits 48-55 */
1740 case 7: /* Bits 56-63 */
1742 case 8: /* Bits 64-71 */
1743 if (wpa_s
->conf
->ftm_responder
)
1744 *pos
|= 0x40; /* Bit 70 - FTM responder */
1745 if (wpa_s
->conf
->ftm_initiator
)
1746 *pos
|= 0x80; /* Bit 71 - FTM initiator */
1748 case 9: /* Bits 72-79 */
1750 if (!wpa_s
->disable_fils
)
1752 #endif /* CONFIG_FILS */
1758 int wpas_build_ext_capab(struct wpa_supplicant
*wpa_s
, u8
*buf
, size_t buflen
)
1763 if (len
< wpa_s
->extended_capa_len
)
1764 len
= wpa_s
->extended_capa_len
;
1765 if (buflen
< (size_t) len
+ 2) {
1766 wpa_printf(MSG_INFO
,
1767 "Not enough room for building extended capabilities element");
1771 *pos
++ = WLAN_EID_EXT_CAPAB
;
1773 for (i
= 0; i
< len
; i
++, pos
++) {
1774 wpas_ext_capab_byte(wpa_s
, pos
, i
);
1776 if (i
< wpa_s
->extended_capa_len
) {
1777 *pos
&= ~wpa_s
->extended_capa_mask
[i
];
1778 *pos
|= wpa_s
->extended_capa
[i
];
1782 while (len
> 0 && buf
[1 + len
] == 0) {
1793 static int wpas_valid_bss(struct wpa_supplicant
*wpa_s
,
1794 struct wpa_bss
*test_bss
)
1796 struct wpa_bss
*bss
;
1798 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
1799 if (bss
== test_bss
)
1807 static int wpas_valid_ssid(struct wpa_supplicant
*wpa_s
,
1808 struct wpa_ssid
*test_ssid
)
1810 struct wpa_ssid
*ssid
;
1812 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
) {
1813 if (ssid
== test_ssid
)
1821 int wpas_valid_bss_ssid(struct wpa_supplicant
*wpa_s
, struct wpa_bss
*test_bss
,
1822 struct wpa_ssid
*test_ssid
)
1824 if (test_bss
&& !wpas_valid_bss(wpa_s
, test_bss
))
1827 return test_ssid
== NULL
|| wpas_valid_ssid(wpa_s
, test_ssid
);
1831 void wpas_connect_work_free(struct wpa_connect_work
*cwork
)
1839 void wpas_connect_work_done(struct wpa_supplicant
*wpa_s
)
1841 struct wpa_connect_work
*cwork
;
1842 struct wpa_radio_work
*work
= wpa_s
->connect_work
;
1847 wpa_s
->connect_work
= NULL
;
1850 wpas_connect_work_free(cwork
);
1851 radio_work_done(work
);
1855 int wpas_update_random_addr(struct wpa_supplicant
*wpa_s
, int style
)
1857 struct os_reltime now
;
1860 os_get_reltime(&now
);
1861 if (wpa_s
->last_mac_addr_style
== style
&&
1862 wpa_s
->last_mac_addr_change
.sec
!= 0 &&
1863 !os_reltime_expired(&now
, &wpa_s
->last_mac_addr_change
,
1864 wpa_s
->conf
->rand_addr_lifetime
)) {
1865 wpa_msg(wpa_s
, MSG_DEBUG
,
1866 "Previously selected random MAC address has not yet expired");
1872 if (random_mac_addr(addr
) < 0)
1876 os_memcpy(addr
, wpa_s
->perm_addr
, ETH_ALEN
);
1877 if (random_mac_addr_keep_oui(addr
) < 0)
1884 if (wpa_drv_set_mac_addr(wpa_s
, addr
) < 0) {
1885 wpa_msg(wpa_s
, MSG_INFO
,
1886 "Failed to set random MAC address");
1890 os_get_reltime(&wpa_s
->last_mac_addr_change
);
1891 wpa_s
->mac_addr_changed
= 1;
1892 wpa_s
->last_mac_addr_style
= style
;
1894 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0) {
1895 wpa_msg(wpa_s
, MSG_INFO
,
1896 "Could not update MAC address information");
1900 wpa_msg(wpa_s
, MSG_DEBUG
, "Using random MAC address " MACSTR
,
1907 int wpas_update_random_addr_disassoc(struct wpa_supplicant
*wpa_s
)
1909 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
||
1910 !wpa_s
->conf
->preassoc_mac_addr
)
1913 return wpas_update_random_addr(wpa_s
, wpa_s
->conf
->preassoc_mac_addr
);
1917 static void wpas_start_assoc_cb(struct wpa_radio_work
*work
, int deinit
);
1920 * wpa_supplicant_associate - Request association
1921 * @wpa_s: Pointer to wpa_supplicant data
1922 * @bss: Scan results for the selected BSS, or %NULL if not available
1923 * @ssid: Configuration data for the selected network
1925 * This function is used to request %wpa_supplicant to associate with a BSS.
1927 void wpa_supplicant_associate(struct wpa_supplicant
*wpa_s
,
1928 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
)
1930 struct wpa_connect_work
*cwork
;
1933 wpa_s
->own_disconnect_req
= 0;
1936 * If we are starting a new connection, any previously pending EAPOL
1937 * RX cannot be valid anymore.
1939 wpabuf_free(wpa_s
->pending_eapol_rx
);
1940 wpa_s
->pending_eapol_rx
= NULL
;
1942 if (ssid
->mac_addr
== -1)
1943 rand_style
= wpa_s
->conf
->mac_addr
;
1945 rand_style
= ssid
->mac_addr
;
1947 wmm_ac_clear_saved_tspecs(wpa_s
);
1948 wpa_s
->reassoc_same_bss
= 0;
1949 wpa_s
->reassoc_same_ess
= 0;
1950 #ifdef CONFIG_TESTING_OPTIONS
1951 wpa_s
->testing_resend_assoc
= 0;
1952 #endif /* CONFIG_TESTING_OPTIONS */
1954 if (wpa_s
->last_ssid
== ssid
) {
1955 wpa_dbg(wpa_s
, MSG_DEBUG
, "Re-association to the same ESS");
1956 wpa_s
->reassoc_same_ess
= 1;
1957 if (wpa_s
->current_bss
&& wpa_s
->current_bss
== bss
) {
1958 wmm_ac_save_tspecs(wpa_s
);
1959 wpa_s
->reassoc_same_bss
= 1;
1960 } else if (wpa_s
->current_bss
&& wpa_s
->current_bss
!= bss
) {
1961 os_get_reltime(&wpa_s
->roam_start
);
1965 if (rand_style
> 0 && !wpa_s
->reassoc_same_ess
) {
1966 if (wpas_update_random_addr(wpa_s
, rand_style
) < 0)
1968 wpa_sm_pmksa_cache_flush(wpa_s
->wpa
, ssid
);
1969 } else if (rand_style
== 0 && wpa_s
->mac_addr_changed
) {
1970 if (wpa_drv_set_mac_addr(wpa_s
, NULL
) < 0) {
1971 wpa_msg(wpa_s
, MSG_INFO
,
1972 "Could not restore permanent MAC address");
1975 wpa_s
->mac_addr_changed
= 0;
1976 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0) {
1977 wpa_msg(wpa_s
, MSG_INFO
,
1978 "Could not update MAC address information");
1981 wpa_msg(wpa_s
, MSG_DEBUG
, "Using permanent MAC address");
1983 wpa_s
->last_ssid
= ssid
;
1985 #ifdef CONFIG_IBSS_RSN
1986 ibss_rsn_deinit(wpa_s
->ibss_rsn
);
1987 wpa_s
->ibss_rsn
= NULL
;
1988 #else /* CONFIG_IBSS_RSN */
1989 if (ssid
->mode
== WPAS_MODE_IBSS
&&
1990 !(ssid
->key_mgmt
& (WPA_KEY_MGMT_NONE
| WPA_KEY_MGMT_WPA_NONE
))) {
1991 wpa_msg(wpa_s
, MSG_INFO
,
1992 "IBSS RSN not supported in the build");
1995 #endif /* CONFIG_IBSS_RSN */
1997 if (ssid
->mode
== WPAS_MODE_AP
|| ssid
->mode
== WPAS_MODE_P2P_GO
||
1998 ssid
->mode
== WPAS_MODE_P2P_GROUP_FORMATION
) {
2000 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_AP
)) {
2001 wpa_msg(wpa_s
, MSG_INFO
, "Driver does not support AP "
2005 if (wpa_supplicant_create_ap(wpa_s
, ssid
) < 0) {
2006 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
2007 if (ssid
->mode
== WPAS_MODE_P2P_GROUP_FORMATION
)
2008 wpas_p2p_ap_setup_failed(wpa_s
);
2011 wpa_s
->current_bss
= bss
;
2012 #else /* CONFIG_AP */
2013 wpa_msg(wpa_s
, MSG_ERROR
, "AP mode support not included in "
2015 #endif /* CONFIG_AP */
2019 if (ssid
->mode
== WPAS_MODE_MESH
) {
2021 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_MESH
)) {
2022 wpa_msg(wpa_s
, MSG_INFO
,
2023 "Driver does not support mesh mode");
2027 ssid
->frequency
= bss
->freq
;
2028 if (wpa_supplicant_join_mesh(wpa_s
, ssid
) < 0) {
2029 wpa_msg(wpa_s
, MSG_ERROR
, "Could not join mesh");
2032 wpa_s
->current_bss
= bss
;
2033 wpa_msg(wpa_s
, MSG_INFO
, MESH_GROUP_STARTED
"ssid=\"%s\" id=%d",
2034 wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
),
2036 wpas_notify_mesh_group_started(wpa_s
, ssid
);
2037 #else /* CONFIG_MESH */
2038 wpa_msg(wpa_s
, MSG_ERROR
,
2039 "mesh mode support not included in the build");
2040 #endif /* CONFIG_MESH */
2045 * Set WPA state machine configuration to match the selected network now
2046 * so that the information is available before wpas_start_assoc_cb()
2047 * gets called. This is needed at least for RSN pre-authentication where
2048 * candidate APs are added to a list based on scan result processing
2049 * before completion of the first association.
2051 wpa_supplicant_rsn_supp_set_config(wpa_s
, ssid
);
2054 if (wpas_dpp_check_connect(wpa_s
, ssid
, bss
) != 0)
2056 #endif /* CONFIG_DPP */
2060 wpa_tdls_ap_ies(wpa_s
->wpa
, (const u8
*) (bss
+ 1),
2062 #endif /* CONFIG_TDLS */
2064 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2065 ssid
->mode
== IEEE80211_MODE_INFRA
) {
2066 sme_authenticate(wpa_s
, bss
, ssid
);
2070 if (wpa_s
->connect_work
) {
2071 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reject wpa_supplicant_associate() call since connect_work exist");
2075 if (radio_work_pending(wpa_s
, "connect")) {
2076 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reject wpa_supplicant_associate() call since pending work exist");
2081 if (ssid
->mode
== WPAS_MODE_IBSS
|| ssid
->mode
== WPAS_MODE_MESH
) {
2082 /* Clear possibly set auth_alg, if any, from last attempt. */
2083 wpa_s
->sme
.auth_alg
= WPA_AUTH_ALG_OPEN
;
2085 #endif /* CONFIG_SME */
2087 wpas_abort_ongoing_scan(wpa_s
);
2089 cwork
= os_zalloc(sizeof(*cwork
));
2096 if (radio_add_work(wpa_s
, bss
? bss
->freq
: 0, "connect", 1,
2097 wpas_start_assoc_cb
, cwork
) < 0) {
2103 static int bss_is_ibss(struct wpa_bss
*bss
)
2105 return (bss
->caps
& (IEEE80211_CAP_ESS
| IEEE80211_CAP_IBSS
)) ==
2110 static int drv_supports_vht(struct wpa_supplicant
*wpa_s
,
2111 const struct wpa_ssid
*ssid
)
2113 enum hostapd_hw_mode hw_mode
;
2114 struct hostapd_hw_modes
*mode
= NULL
;
2118 hw_mode
= ieee80211_freq_to_chan(ssid
->frequency
, &channel
);
2119 if (hw_mode
== NUM_HOSTAPD_MODES
)
2121 for (i
= 0; wpa_s
->hw
.modes
&& i
< wpa_s
->hw
.num_modes
; i
++) {
2122 if (wpa_s
->hw
.modes
[i
].mode
== hw_mode
) {
2123 mode
= &wpa_s
->hw
.modes
[i
];
2131 return mode
->vht_capab
!= 0;
2135 void ibss_mesh_setup_freq(struct wpa_supplicant
*wpa_s
,
2136 const struct wpa_ssid
*ssid
,
2137 struct hostapd_freq_params
*freq
)
2139 enum hostapd_hw_mode hw_mode
;
2140 struct hostapd_hw_modes
*mode
= NULL
;
2141 int ht40plus
[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2143 int vht80
[] = { 36, 52, 100, 116, 132, 149 };
2144 struct hostapd_channel_data
*pri_chan
= NULL
, *sec_chan
= NULL
;
2146 int i
, chan_idx
, ht40
= -1, res
, obss_scan
= 1;
2148 struct hostapd_freq_params vht_freq
;
2149 int chwidth
, seg0
, seg1
;
2152 freq
->freq
= ssid
->frequency
;
2154 for (j
= 0; j
< wpa_s
->last_scan_res_used
; j
++) {
2155 struct wpa_bss
*bss
= wpa_s
->last_scan_res
[j
];
2157 if (ssid
->mode
!= WPAS_MODE_IBSS
)
2160 /* Don't adjust control freq in case of fixed_freq */
2161 if (ssid
->fixed_freq
)
2164 if (!bss_is_ibss(bss
))
2167 if (ssid
->ssid_len
== bss
->ssid_len
&&
2168 os_memcmp(ssid
->ssid
, bss
->ssid
, bss
->ssid_len
) == 0) {
2169 wpa_printf(MSG_DEBUG
,
2170 "IBSS already found in scan results, adjust control freq: %d",
2172 freq
->freq
= bss
->freq
;
2178 /* For IBSS check HT_IBSS flag */
2179 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2180 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_HT_IBSS
))
2183 if (wpa_s
->group_cipher
== WPA_CIPHER_WEP40
||
2184 wpa_s
->group_cipher
== WPA_CIPHER_WEP104
||
2185 wpa_s
->pairwise_cipher
== WPA_CIPHER_TKIP
) {
2186 wpa_printf(MSG_DEBUG
,
2187 "IBSS: WEP/TKIP detected, do not try to enable HT");
2191 hw_mode
= ieee80211_freq_to_chan(freq
->freq
, &channel
);
2192 for (i
= 0; wpa_s
->hw
.modes
&& i
< wpa_s
->hw
.num_modes
; i
++) {
2193 if (wpa_s
->hw
.modes
[i
].mode
== hw_mode
) {
2194 mode
= &wpa_s
->hw
.modes
[i
];
2202 #ifdef CONFIG_HT_OVERRIDES
2203 if (ssid
->disable_ht
) {
2204 freq
->ht_enabled
= 0;
2207 #endif /* CONFIG_HT_OVERRIDES */
2209 freq
->ht_enabled
= ht_supported(mode
);
2210 if (!freq
->ht_enabled
)
2213 /* Setup higher BW only for 5 GHz */
2214 if (mode
->mode
!= HOSTAPD_MODE_IEEE80211A
)
2217 for (chan_idx
= 0; chan_idx
< mode
->num_channels
; chan_idx
++) {
2218 pri_chan
= &mode
->channels
[chan_idx
];
2219 if (pri_chan
->chan
== channel
)
2226 /* Check primary channel flags */
2227 if (pri_chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2230 freq
->channel
= pri_chan
->chan
;
2232 #ifdef CONFIG_HT_OVERRIDES
2233 if (ssid
->disable_ht40
) {
2234 if (ssid
->disable_vht
)
2238 #endif /* CONFIG_HT_OVERRIDES */
2240 /* Check/setup HT40+/HT40- */
2241 for (j
= 0; j
< ARRAY_SIZE(ht40plus
); j
++) {
2242 if (ht40plus
[j
] == channel
) {
2248 /* Find secondary channel */
2249 for (i
= 0; i
< mode
->num_channels
; i
++) {
2250 sec_chan
= &mode
->channels
[i
];
2251 if (sec_chan
->chan
== channel
+ ht40
* 4)
2258 /* Check secondary channel flags */
2259 if (sec_chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2263 if (!(pri_chan
->flag
& HOSTAPD_CHAN_HT40MINUS
))
2266 if (!(pri_chan
->flag
& HOSTAPD_CHAN_HT40PLUS
))
2269 freq
->sec_channel_offset
= ht40
;
2272 struct wpa_scan_results
*scan_res
;
2274 scan_res
= wpa_supplicant_get_scan_results(wpa_s
, NULL
, 0);
2275 if (scan_res
== NULL
) {
2277 freq
->sec_channel_offset
= 0;
2281 res
= check_40mhz_5g(mode
, scan_res
, pri_chan
->chan
,
2286 freq
->sec_channel_offset
= 0;
2289 /* Configuration allowed */
2292 /* Switch pri/sec channels */
2293 freq
->freq
= hw_get_freq(mode
, sec_chan
->chan
);
2294 freq
->sec_channel_offset
= -freq
->sec_channel_offset
;
2295 freq
->channel
= sec_chan
->chan
;
2298 freq
->sec_channel_offset
= 0;
2302 wpa_scan_results_free(scan_res
);
2305 #ifdef CONFIG_HT_OVERRIDES
2307 #endif /* CONFIG_HT_OVERRIDES */
2308 wpa_printf(MSG_DEBUG
,
2309 "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2310 freq
->channel
, freq
->sec_channel_offset
);
2312 if (!drv_supports_vht(wpa_s
, ssid
))
2315 /* For IBSS check VHT_IBSS flag */
2316 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2317 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_VHT_IBSS
))
2322 #ifdef CONFIG_VHT_OVERRIDES
2323 if (ssid
->disable_vht
) {
2324 freq
->vht_enabled
= 0;
2327 #endif /* CONFIG_VHT_OVERRIDES */
2329 vht_freq
.vht_enabled
= vht_supported(mode
);
2330 if (!vht_freq
.vht_enabled
)
2333 /* setup center_freq1, bandwidth */
2334 for (j
= 0; j
< ARRAY_SIZE(vht80
); j
++) {
2335 if (freq
->channel
>= vht80
[j
] &&
2336 freq
->channel
< vht80
[j
] + 16)
2340 if (j
== ARRAY_SIZE(vht80
))
2343 for (i
= vht80
[j
]; i
< vht80
[j
] + 16; i
+= 4) {
2344 struct hostapd_channel_data
*chan
;
2346 chan
= hw_get_channel_chan(mode
, i
, NULL
);
2350 /* Back to HT configuration if channel not usable */
2351 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2355 chwidth
= VHT_CHANWIDTH_80MHZ
;
2356 seg0
= vht80
[j
] + 6;
2359 if (ssid
->max_oper_chwidth
== VHT_CHANWIDTH_80P80MHZ
) {
2360 /* setup center_freq2, bandwidth */
2361 for (k
= 0; k
< ARRAY_SIZE(vht80
); k
++) {
2362 /* Only accept 80 MHz segments separated by a gap */
2363 if (j
== k
|| abs(vht80
[j
] - vht80
[k
]) == 16)
2365 for (i
= vht80
[k
]; i
< vht80
[k
] + 16; i
+= 4) {
2366 struct hostapd_channel_data
*chan
;
2368 chan
= hw_get_channel_chan(mode
, i
, NULL
);
2372 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
|
2373 HOSTAPD_CHAN_NO_IR
|
2374 HOSTAPD_CHAN_RADAR
))
2377 /* Found a suitable second segment for 80+80 */
2378 chwidth
= VHT_CHANWIDTH_80P80MHZ
;
2380 VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ
;
2381 seg1
= vht80
[k
] + 6;
2384 if (chwidth
== VHT_CHANWIDTH_80P80MHZ
)
2387 } else if (ssid
->max_oper_chwidth
== VHT_CHANWIDTH_160MHZ
) {
2388 if (freq
->freq
== 5180) {
2389 chwidth
= VHT_CHANWIDTH_160MHZ
;
2390 vht_caps
|= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
2392 } else if (freq
->freq
== 5520) {
2393 chwidth
= VHT_CHANWIDTH_160MHZ
;
2394 vht_caps
|= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
2397 } else if (ssid
->max_oper_chwidth
== VHT_CHANWIDTH_USE_HT
) {
2398 chwidth
= VHT_CHANWIDTH_USE_HT
;
2399 seg0
= vht80
[j
] + 2;
2400 #ifdef CONFIG_HT_OVERRIDES
2401 if (ssid
->disable_ht40
)
2403 #endif /* CONFIG_HT_OVERRIDES */
2406 if (hostapd_set_freq_params(&vht_freq
, mode
->mode
, freq
->freq
,
2407 freq
->channel
, freq
->ht_enabled
,
2408 vht_freq
.vht_enabled
,
2409 freq
->sec_channel_offset
,
2410 chwidth
, seg0
, seg1
, vht_caps
) != 0)
2415 wpa_printf(MSG_DEBUG
, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2416 freq
->center_freq1
, freq
->center_freq2
, freq
->bandwidth
);
2421 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant
*wpa_s
, u8
*ie_buf
,
2424 struct fils_hlp_req
*req
;
2425 size_t rem_len
, hdr_len
, hlp_len
, len
, ie_len
= 0;
2429 dl_list_for_each(req
, &wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
2431 rem_len
= ie_buf_len
- ie_len
;
2432 pos
= wpabuf_head(req
->pkt
);
2433 hdr_len
= 1 + 2 * ETH_ALEN
+ 6;
2434 hlp_len
= wpabuf_len(req
->pkt
);
2436 if (rem_len
< 2 + hdr_len
+ hlp_len
) {
2437 wpa_printf(MSG_ERROR
,
2438 "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2439 (unsigned long) rem_len
,
2440 (unsigned long) (2 + hdr_len
+ hlp_len
));
2444 len
= (hdr_len
+ hlp_len
) > 255 ? 255 : hdr_len
+ hlp_len
;
2446 *buf
++ = WLAN_EID_EXTENSION
;
2449 /* Element ID Extension */
2450 *buf
++ = WLAN_EID_EXT_FILS_HLP_CONTAINER
;
2451 /* Destination MAC address */
2452 os_memcpy(buf
, req
->dst
, ETH_ALEN
);
2454 /* Source MAC address */
2455 os_memcpy(buf
, wpa_s
->own_addr
, ETH_ALEN
);
2457 /* LLC/SNAP Header */
2458 os_memcpy(buf
, "\xaa\xaa\x03\x00\x00\x00", 6);
2461 os_memcpy(buf
, pos
, len
- hdr_len
);
2462 buf
+= len
- hdr_len
;
2463 pos
+= len
- hdr_len
;
2465 hlp_len
-= len
- hdr_len
;
2470 len
= (hlp_len
> 255) ? 255 : hlp_len
;
2471 if (rem_len
< 2 + len
)
2473 *buf
++ = WLAN_EID_FRAGMENT
;
2475 os_memcpy(buf
, pos
, len
);
2489 int wpa_is_fils_supported(struct wpa_supplicant
*wpa_s
)
2491 return (((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2492 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SUPPORT_FILS
)) ||
2493 (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2494 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD
)));
2498 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant
*wpa_s
)
2500 #ifdef CONFIG_FILS_SK_PFS
2501 return (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2502 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SUPPORT_FILS
);
2503 #else /* CONFIG_FILS_SK_PFS */
2505 #endif /* CONFIG_FILS_SK_PFS */
2508 #endif /* CONFIG_FILS */
2511 static u8
* wpas_populate_assoc_ies(
2512 struct wpa_supplicant
*wpa_s
,
2513 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
,
2514 struct wpa_driver_associate_params
*params
,
2515 enum wpa_drv_update_connect_params_mask
*mask
)
2518 size_t max_wpa_ie_len
= 500;
2520 int algs
= WPA_AUTH_ALG_OPEN
;
2525 int sae_pmksa_cached
= 0;
2526 #endif /* CONFIG_SAE */
2528 const u8
*realm
, *username
, *rrk
;
2529 size_t realm_len
, username_len
, rrk_len
;
2531 struct fils_hlp_req
*req
;
2533 dl_list_for_each(req
, &wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
2535 max_wpa_ie_len
+= 3 + 2 * ETH_ALEN
+ 6 + wpabuf_len(req
->pkt
) +
2536 2 + 2 * wpabuf_len(req
->pkt
) / 255;
2538 #endif /* CONFIG_FILS */
2540 wpa_ie
= os_malloc(max_wpa_ie_len
);
2542 wpa_printf(MSG_ERROR
,
2543 "Failed to allocate connect IE buffer for %lu bytes",
2544 (unsigned long) max_wpa_ie_len
);
2548 if (bss
&& (wpa_bss_get_vendor_ie(bss
, WPA_IE_VENDOR_TYPE
) ||
2549 wpa_bss_get_ie(bss
, WLAN_EID_RSN
)) &&
2550 wpa_key_mgmt_wpa(ssid
->key_mgmt
)) {
2551 int try_opportunistic
;
2552 const u8
*cache_id
= NULL
;
2554 try_opportunistic
= (ssid
->proactive_key_caching
< 0 ?
2556 ssid
->proactive_key_caching
) &&
2557 (ssid
->proto
& WPA_PROTO_RSN
);
2559 if (wpa_key_mgmt_fils(ssid
->key_mgmt
))
2560 cache_id
= wpa_bss_get_fils_cache_id(bss
);
2561 #endif /* CONFIG_FILS */
2562 if (pmksa_cache_set_current(wpa_s
->wpa
, NULL
, bss
->bssid
,
2563 ssid
, try_opportunistic
,
2564 cache_id
, 0) == 0) {
2565 eapol_sm_notify_pmkid_attempt(wpa_s
->eapol
);
2567 sae_pmksa_cached
= 1;
2568 #endif /* CONFIG_SAE */
2570 wpa_ie_len
= max_wpa_ie_len
;
2571 if (wpa_supplicant_set_suites(wpa_s
, bss
, ssid
,
2572 wpa_ie
, &wpa_ie_len
)) {
2573 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2574 "key management and encryption suites");
2579 } else if (bss
&& wpa_bss_get_vendor_ie(bss
, OSEN_IE_VENDOR_TYPE
) &&
2580 (ssid
->key_mgmt
& WPA_KEY_MGMT_OSEN
)) {
2581 /* No PMKSA caching, but otherwise similar to RSN/WPA */
2582 wpa_ie_len
= max_wpa_ie_len
;
2583 if (wpa_supplicant_set_suites(wpa_s
, bss
, ssid
,
2584 wpa_ie
, &wpa_ie_len
)) {
2585 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2586 "key management and encryption suites");
2590 #endif /* CONFIG_HS20 */
2591 } else if ((ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
) && bss
&&
2592 wpa_key_mgmt_wpa_ieee8021x(ssid
->key_mgmt
)) {
2594 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2595 * use non-WPA since the scan results did not indicate that the
2596 * AP is using WPA or WPA2.
2598 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2600 wpa_s
->wpa_proto
= 0;
2601 } else if (wpa_key_mgmt_wpa_any(ssid
->key_mgmt
)) {
2602 wpa_ie_len
= max_wpa_ie_len
;
2603 if (wpa_supplicant_set_suites(wpa_s
, NULL
, ssid
,
2604 wpa_ie
, &wpa_ie_len
)) {
2605 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2606 "key management and encryption suites (no "
2612 } else if (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
) {
2613 struct wpabuf
*wps_ie
;
2614 wps_ie
= wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid
));
2615 if (wps_ie
&& wpabuf_len(wps_ie
) <= max_wpa_ie_len
) {
2616 wpa_ie_len
= wpabuf_len(wps_ie
);
2617 os_memcpy(wpa_ie
, wpabuf_head(wps_ie
), wpa_ie_len
);
2620 wpabuf_free(wps_ie
);
2621 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2622 if (!bss
|| (bss
->caps
& IEEE80211_CAP_PRIVACY
))
2623 params
->wps
= WPS_MODE_PRIVACY
;
2625 params
->wps
= WPS_MODE_OPEN
;
2626 wpa_s
->wpa_proto
= 0;
2627 #endif /* CONFIG_WPS */
2629 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2631 wpa_s
->wpa_proto
= 0;
2634 #ifdef IEEE8021X_EAPOL
2635 if (ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
2637 if (ssid
->non_leap
== 0)
2638 algs
= WPA_AUTH_ALG_LEAP
;
2640 algs
|= WPA_AUTH_ALG_LEAP
;
2645 /* Clear FILS association */
2646 wpa_sm_set_reset_fils_completed(wpa_s
->wpa
, 0);
2648 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD
) &&
2649 ssid
->eap
.erp
&& wpa_key_mgmt_fils(wpa_s
->key_mgmt
) &&
2650 eapol_sm_get_erp_info(wpa_s
->eapol
, &ssid
->eap
, &username
,
2651 &username_len
, &realm
, &realm_len
,
2652 &next_seq_num
, &rrk
, &rrk_len
) == 0 &&
2653 (!wpa_s
->last_con_fail_realm
||
2654 wpa_s
->last_con_fail_realm_len
!= realm_len
||
2655 os_memcmp(wpa_s
->last_con_fail_realm
, realm
, realm_len
) != 0)) {
2656 algs
= WPA_AUTH_ALG_FILS
;
2657 params
->fils_erp_username
= username
;
2658 params
->fils_erp_username_len
= username_len
;
2659 params
->fils_erp_realm
= realm
;
2660 params
->fils_erp_realm_len
= realm_len
;
2661 params
->fils_erp_next_seq_num
= next_seq_num
;
2662 params
->fils_erp_rrk
= rrk
;
2663 params
->fils_erp_rrk_len
= rrk_len
;
2666 *mask
|= WPA_DRV_UPDATE_FILS_ERP_INFO
;
2668 #endif /* CONFIG_FILS */
2669 #endif /* IEEE8021X_EAPOL */
2671 if (wpa_s
->key_mgmt
& (WPA_KEY_MGMT_SAE
| WPA_KEY_MGMT_FT_SAE
))
2672 algs
= WPA_AUTH_ALG_SAE
;
2673 #endif /* CONFIG_SAE */
2675 wpa_dbg(wpa_s
, MSG_DEBUG
, "Automatic auth_alg selection: 0x%x", algs
);
2676 if (ssid
->auth_alg
) {
2677 algs
= ssid
->auth_alg
;
2678 wpa_dbg(wpa_s
, MSG_DEBUG
,
2679 "Overriding auth_alg selection: 0x%x", algs
);
2683 if (sae_pmksa_cached
&& algs
== WPA_AUTH_ALG_SAE
) {
2684 wpa_dbg(wpa_s
, MSG_DEBUG
,
2685 "SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
2686 algs
= WPA_AUTH_ALG_OPEN
;
2688 #endif /* CONFIG_SAE */
2691 if (wpa_s
->global
->p2p
) {
2695 pos
= wpa_ie
+ wpa_ie_len
;
2696 len
= max_wpa_ie_len
- wpa_ie_len
;
2697 res
= wpas_p2p_assoc_req_ie(wpa_s
, bss
, pos
, len
,
2703 wpa_s
->cross_connect_disallowed
= 0;
2706 p2p
= wpa_bss_get_vendor_ie_multi(bss
, P2P_IE_VENDOR_TYPE
);
2708 wpa_s
->cross_connect_disallowed
=
2709 p2p_get_cross_connect_disallowed(p2p
);
2711 wpa_dbg(wpa_s
, MSG_DEBUG
, "P2P: WLAN AP %s cross "
2713 wpa_s
->cross_connect_disallowed
?
2714 "disallows" : "allows");
2718 os_memset(wpa_s
->p2p_ip_addr_info
, 0, sizeof(wpa_s
->p2p_ip_addr_info
));
2719 #endif /* CONFIG_P2P */
2722 wpa_ie_len
+= wpas_supp_op_class_ie(wpa_s
, ssid
, bss
->freq
,
2723 wpa_ie
+ wpa_ie_len
,
2729 * Workaround: Add Extended Capabilities element only if the AP
2730 * included this element in Beacon/Probe Response frames. Some older
2731 * APs seem to have interoperability issues if this element is
2732 * included, so while the standard may require us to include the
2733 * element in all cases, it is justifiable to skip it to avoid
2734 * interoperability issues.
2736 if (ssid
->p2p_group
)
2737 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_P2P_CLIENT
);
2739 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_STATION
);
2741 if (!bss
|| wpa_bss_get_ie(bss
, WLAN_EID_EXT_CAPAB
)) {
2744 ext_capab_len
= wpas_build_ext_capab(wpa_s
, ext_capab
,
2746 if (ext_capab_len
> 0 &&
2747 wpa_ie_len
+ ext_capab_len
<= max_wpa_ie_len
) {
2749 if (wpa_ie_len
> 0 && pos
[0] == WLAN_EID_RSN
)
2751 os_memmove(pos
+ ext_capab_len
, pos
,
2752 wpa_ie_len
- (pos
- wpa_ie
));
2753 wpa_ie_len
+= ext_capab_len
;
2754 os_memcpy(pos
, ext_capab
, ext_capab_len
);
2759 if (is_hs20_network(wpa_s
, ssid
, bss
)) {
2760 struct wpabuf
*hs20
;
2762 hs20
= wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN
);
2764 int pps_mo_id
= hs20_get_pps_mo_id(wpa_s
, ssid
);
2767 wpas_hs20_add_indication(hs20
, pps_mo_id
,
2768 get_hs20_version(bss
));
2769 wpas_hs20_add_roam_cons_sel(hs20
, ssid
);
2770 len
= max_wpa_ie_len
- wpa_ie_len
;
2771 if (wpabuf_len(hs20
) <= len
) {
2772 os_memcpy(wpa_ie
+ wpa_ie_len
,
2773 wpabuf_head(hs20
), wpabuf_len(hs20
));
2774 wpa_ie_len
+= wpabuf_len(hs20
);
2778 hs20_configure_frame_filters(wpa_s
);
2781 #endif /* CONFIG_HS20 */
2783 if (wpa_s
->vendor_elem
[VENDOR_ELEM_ASSOC_REQ
]) {
2784 struct wpabuf
*buf
= wpa_s
->vendor_elem
[VENDOR_ELEM_ASSOC_REQ
];
2787 len
= max_wpa_ie_len
- wpa_ie_len
;
2788 if (wpabuf_len(buf
) <= len
) {
2789 os_memcpy(wpa_ie
+ wpa_ie_len
,
2790 wpabuf_head(buf
), wpabuf_len(buf
));
2791 wpa_ie_len
+= wpabuf_len(buf
);
2796 if (wpa_s
->fst_ies
) {
2797 int fst_ies_len
= wpabuf_len(wpa_s
->fst_ies
);
2799 if (wpa_ie_len
+ fst_ies_len
<= max_wpa_ie_len
) {
2800 os_memcpy(wpa_ie
+ wpa_ie_len
,
2801 wpabuf_head(wpa_s
->fst_ies
), fst_ies_len
);
2802 wpa_ie_len
+= fst_ies_len
;
2805 #endif /* CONFIG_FST */
2808 mbo_ie
= bss
? wpa_bss_get_vendor_ie(bss
, MBO_IE_VENDOR_TYPE
) : NULL
;
2812 len
= wpas_mbo_ie(wpa_s
, wpa_ie
+ wpa_ie_len
,
2813 max_wpa_ie_len
- wpa_ie_len
,
2814 !!mbo_attr_from_mbo_ie(mbo_ie
,
2815 OCE_ATTR_ID_CAPA_IND
));
2819 #endif /* CONFIG_MBO */
2822 if (algs
== WPA_AUTH_ALG_FILS
) {
2825 len
= wpas_add_fils_hlp_req(wpa_s
, wpa_ie
+ wpa_ie_len
,
2826 max_wpa_ie_len
- wpa_ie_len
);
2829 #endif /* CONFIG_FILS */
2832 #ifdef CONFIG_TESTING_OPTIONS
2833 if (get_ie_ext(wpa_ie
, wpa_ie_len
, WLAN_EID_EXT_OWE_DH_PARAM
)) {
2834 wpa_printf(MSG_INFO
, "TESTING: Override OWE DH element");
2836 #endif /* CONFIG_TESTING_OPTIONS */
2837 if (algs
== WPA_AUTH_ALG_OPEN
&&
2838 ssid
->key_mgmt
== WPA_KEY_MGMT_OWE
) {
2839 struct wpabuf
*owe_ie
;
2842 if (ssid
->owe_group
) {
2843 group
= ssid
->owe_group
;
2844 } else if (wpa_s
->assoc_status_code
==
2845 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED
) {
2846 if (wpa_s
->last_owe_group
== 19)
2848 else if (wpa_s
->last_owe_group
== 20)
2851 group
= OWE_DH_GROUP
;
2853 group
= OWE_DH_GROUP
;
2856 wpa_s
->last_owe_group
= group
;
2857 wpa_printf(MSG_DEBUG
, "OWE: Try to use group %u", group
);
2858 owe_ie
= owe_build_assoc_req(wpa_s
->wpa
, group
);
2860 wpabuf_len(owe_ie
) <= max_wpa_ie_len
- wpa_ie_len
) {
2861 os_memcpy(wpa_ie
+ wpa_ie_len
,
2862 wpabuf_head(owe_ie
), wpabuf_len(owe_ie
));
2863 wpa_ie_len
+= wpabuf_len(owe_ie
);
2865 wpabuf_free(owe_ie
);
2867 #endif /* CONFIG_OWE */
2870 if (wpa_sm_get_key_mgmt(wpa_s
->wpa
) == WPA_KEY_MGMT_DPP
&&
2871 ssid
->dpp_netaccesskey
) {
2872 dpp_pfs_free(wpa_s
->dpp_pfs
);
2873 wpa_s
->dpp_pfs
= dpp_pfs_init(ssid
->dpp_netaccesskey
,
2874 ssid
->dpp_netaccesskey_len
);
2875 if (!wpa_s
->dpp_pfs
) {
2876 wpa_printf(MSG_DEBUG
, "DPP: Could not initialize PFS");
2877 /* Try to continue without PFS */
2880 if (wpabuf_len(wpa_s
->dpp_pfs
->ie
) <=
2881 max_wpa_ie_len
- wpa_ie_len
) {
2882 os_memcpy(wpa_ie
+ wpa_ie_len
,
2883 wpabuf_head(wpa_s
->dpp_pfs
->ie
),
2884 wpabuf_len(wpa_s
->dpp_pfs
->ie
));
2885 wpa_ie_len
+= wpabuf_len(wpa_s
->dpp_pfs
->ie
);
2889 #endif /* CONFIG_DPP2 */
2891 #ifdef CONFIG_IEEE80211R
2893 * Add MDIE under these conditions: the network profile allows FT,
2894 * the AP supports FT, and the mobility domain ID matches.
2896 if (bss
&& wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s
->wpa
))) {
2897 const u8
*mdie
= wpa_bss_get_ie(bss
, WLAN_EID_MOBILITY_DOMAIN
);
2899 if (mdie
&& mdie
[1] >= MOBILITY_DOMAIN_ID_LEN
) {
2901 const u8
*md
= mdie
+ 2;
2902 const u8
*wpa_md
= wpa_sm_get_ft_md(wpa_s
->wpa
);
2904 if (os_memcmp(md
, wpa_md
,
2905 MOBILITY_DOMAIN_ID_LEN
) == 0) {
2906 /* Add mobility domain IE */
2907 len
= wpa_ft_add_mdie(
2908 wpa_s
->wpa
, wpa_ie
+ wpa_ie_len
,
2909 max_wpa_ie_len
- wpa_ie_len
, mdie
);
2913 if (len
> 0 && wpa_s
->sme
.ft_used
&&
2914 wpa_sm_has_ptk(wpa_s
->wpa
)) {
2915 wpa_dbg(wpa_s
, MSG_DEBUG
,
2916 "SME: Trying to use FT over-the-air");
2917 algs
|= WPA_AUTH_ALG_FT
;
2919 #endif /* CONFIG_SME */
2922 #endif /* CONFIG_IEEE80211R */
2924 if (ssid
->multi_ap_backhaul_sta
) {
2925 size_t multi_ap_ie_len
;
2927 multi_ap_ie_len
= add_multi_ap_ie(wpa_ie
+ wpa_ie_len
,
2928 max_wpa_ie_len
- wpa_ie_len
,
2929 MULTI_AP_BACKHAUL_STA
);
2930 if (multi_ap_ie_len
== 0) {
2931 wpa_printf(MSG_ERROR
,
2932 "Multi-AP: Failed to build Multi-AP IE");
2936 wpa_ie_len
+= multi_ap_ie_len
;
2939 params
->wpa_ie
= wpa_ie
;
2940 params
->wpa_ie_len
= wpa_ie_len
;
2941 params
->auth_alg
= algs
;
2943 *mask
|= WPA_DRV_UPDATE_ASSOC_IES
| WPA_DRV_UPDATE_AUTH_TYPE
;
2949 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
2950 static void wpas_update_fils_connect_params(struct wpa_supplicant
*wpa_s
)
2952 struct wpa_driver_associate_params params
;
2953 enum wpa_drv_update_connect_params_mask mask
= 0;
2956 if (wpa_s
->auth_alg
!= WPA_AUTH_ALG_OPEN
)
2957 return; /* nothing to do */
2959 os_memset(¶ms
, 0, sizeof(params
));
2960 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
2961 wpa_s
->current_ssid
, ¶ms
, &mask
);
2965 if (params
.auth_alg
!= WPA_AUTH_ALG_FILS
) {
2970 wpa_s
->auth_alg
= params
.auth_alg
;
2971 wpa_drv_update_connect_params(wpa_s
, ¶ms
, mask
);
2974 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
2978 void wpas_update_mbo_connect_params(struct wpa_supplicant
*wpa_s
)
2980 struct wpa_driver_associate_params params
;
2984 * Update MBO connect params only in case of change of MBO attributes
2985 * when connected, if the AP support MBO.
2988 if (wpa_s
->wpa_state
!= WPA_COMPLETED
|| !wpa_s
->current_ssid
||
2989 !wpa_s
->current_bss
||
2990 !wpa_bss_get_vendor_ie(wpa_s
->current_bss
, MBO_IE_VENDOR_TYPE
))
2993 os_memset(¶ms
, 0, sizeof(params
));
2994 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
2995 wpa_s
->current_ssid
, ¶ms
, NULL
);
2999 wpa_drv_update_connect_params(wpa_s
, ¶ms
, WPA_DRV_UPDATE_ASSOC_IES
);
3002 #endif /* CONFIG_MBO */
3005 static void wpas_start_assoc_cb(struct wpa_radio_work
*work
, int deinit
)
3007 struct wpa_connect_work
*cwork
= work
->ctx
;
3008 struct wpa_bss
*bss
= cwork
->bss
;
3009 struct wpa_ssid
*ssid
= cwork
->ssid
;
3010 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
3012 int use_crypt
, ret
, i
, bssid_changed
;
3013 unsigned int cipher_pairwise
, cipher_group
, cipher_group_mgmt
;
3014 struct wpa_driver_associate_params params
;
3015 int wep_keys_set
= 0;
3016 int assoc_failed
= 0;
3017 struct wpa_ssid
*old_ssid
;
3018 u8 prev_bssid
[ETH_ALEN
];
3019 #ifdef CONFIG_HT_OVERRIDES
3020 struct ieee80211_ht_capabilities htcaps
;
3021 struct ieee80211_ht_capabilities htcaps_mask
;
3022 #endif /* CONFIG_HT_OVERRIDES */
3023 #ifdef CONFIG_VHT_OVERRIDES
3024 struct ieee80211_vht_capabilities vhtcaps
;
3025 struct ieee80211_vht_capabilities vhtcaps_mask
;
3026 #endif /* CONFIG_VHT_OVERRIDES */
3029 if (work
->started
) {
3030 wpa_s
->connect_work
= NULL
;
3032 /* cancel possible auth. timeout */
3033 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
,
3036 wpas_connect_work_free(cwork
);
3040 wpa_s
->connect_work
= work
;
3042 if (cwork
->bss_removed
|| !wpas_valid_bss_ssid(wpa_s
, bss
, ssid
) ||
3043 wpas_network_disabled(wpa_s
, ssid
)) {
3044 wpa_dbg(wpa_s
, MSG_DEBUG
, "BSS/SSID entry for association not valid anymore - drop connection attempt");
3045 wpas_connect_work_done(wpa_s
);
3049 os_memcpy(prev_bssid
, wpa_s
->bssid
, ETH_ALEN
);
3050 os_memset(¶ms
, 0, sizeof(params
));
3051 wpa_s
->reassociate
= 0;
3052 wpa_s
->eap_expected_failure
= 0;
3054 (!wpas_driver_bss_selection(wpa_s
) || wpas_wps_searching(wpa_s
))) {
3055 #ifdef CONFIG_IEEE80211R
3056 const u8
*ie
, *md
= NULL
;
3057 #endif /* CONFIG_IEEE80211R */
3058 wpa_msg(wpa_s
, MSG_INFO
, "Trying to associate with " MACSTR
3059 " (SSID='%s' freq=%d MHz)", MAC2STR(bss
->bssid
),
3060 wpa_ssid_txt(bss
->ssid
, bss
->ssid_len
), bss
->freq
);
3061 bssid_changed
= !is_zero_ether_addr(wpa_s
->bssid
);
3062 os_memset(wpa_s
->bssid
, 0, ETH_ALEN
);
3063 os_memcpy(wpa_s
->pending_bssid
, bss
->bssid
, ETH_ALEN
);
3065 wpas_notify_bssid_changed(wpa_s
);
3066 #ifdef CONFIG_IEEE80211R
3067 ie
= wpa_bss_get_ie(bss
, WLAN_EID_MOBILITY_DOMAIN
);
3068 if (ie
&& ie
[1] >= MOBILITY_DOMAIN_ID_LEN
)
3070 wpa_sm_set_ft_params(wpa_s
->wpa
, ie
, ie
? 2 + ie
[1] : 0);
3072 /* Prepare for the next transition */
3073 wpa_ft_prepare_auth_request(wpa_s
->wpa
, ie
);
3075 #endif /* CONFIG_IEEE80211R */
3077 } else if ((ssid
->ssid
== NULL
|| ssid
->ssid_len
== 0) &&
3078 wpa_s
->conf
->ap_scan
== 2 &&
3079 (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
)) {
3080 /* Use ap_scan==1 style network selection to find the network
3082 wpas_connect_work_done(wpa_s
);
3083 wpa_s
->scan_req
= MANUAL_SCAN_REQ
;
3084 wpa_s
->reassociate
= 1;
3085 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3087 #endif /* CONFIG_WPS */
3089 wpa_msg(wpa_s
, MSG_INFO
, "Trying to associate with SSID '%s'",
3090 wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
));
3092 os_memcpy(wpa_s
->pending_bssid
, bss
->bssid
, ETH_ALEN
);
3094 os_memset(wpa_s
->pending_bssid
, 0, ETH_ALEN
);
3097 wpa_supplicant_cancel_sched_scan(wpa_s
);
3099 wpa_supplicant_cancel_scan(wpa_s
);
3101 /* Starting new association, so clear the possibly used WPA IE from the
3102 * previous association. */
3103 wpa_sm_set_assoc_wpa_ie(wpa_s
->wpa
, NULL
, 0);
3105 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, bss
, ssid
, ¶ms
, NULL
);
3107 wpas_connect_work_done(wpa_s
);
3111 wpa_clear_keys(wpa_s
, bss
? bss
->bssid
: NULL
);
3113 cipher_pairwise
= wpa_s
->pairwise_cipher
;
3114 cipher_group
= wpa_s
->group_cipher
;
3115 cipher_group_mgmt
= wpa_s
->mgmt_group_cipher
;
3116 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
||
3117 wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
3118 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
)
3120 if (wpa_set_wep_keys(wpa_s
, ssid
)) {
3125 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
)
3128 #ifdef IEEE8021X_EAPOL
3129 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
3130 if ((ssid
->eapol_flags
&
3131 (EAPOL_FLAG_REQUIRE_KEY_UNICAST
|
3132 EAPOL_FLAG_REQUIRE_KEY_BROADCAST
)) == 0 &&
3136 /* Assume that dynamic WEP-104 keys will be used and
3137 * set cipher suites in order for drivers to expect
3139 cipher_pairwise
= cipher_group
= WPA_CIPHER_WEP104
;
3142 #endif /* IEEE8021X_EAPOL */
3144 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
) {
3145 /* Set the key before (and later after) association */
3146 wpa_supplicant_set_wpa_none_key(wpa_s
, ssid
);
3149 wpa_supplicant_set_state(wpa_s
, WPA_ASSOCIATING
);
3151 params
.ssid
= bss
->ssid
;
3152 params
.ssid_len
= bss
->ssid_len
;
3153 if (!wpas_driver_bss_selection(wpa_s
) || ssid
->bssid_set
||
3154 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
3155 wpa_printf(MSG_DEBUG
, "Limit connection to BSSID "
3156 MACSTR
" freq=%u MHz based on scan results "
3157 "(bssid_set=%d wps=%d)",
3158 MAC2STR(bss
->bssid
), bss
->freq
,
3160 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
);
3161 params
.bssid
= bss
->bssid
;
3162 params
.freq
.freq
= bss
->freq
;
3164 params
.bssid_hint
= bss
->bssid
;
3165 params
.freq_hint
= bss
->freq
;
3166 params
.pbss
= bss_is_pbss(bss
);
3168 if (ssid
->bssid_hint_set
)
3169 params
.bssid_hint
= ssid
->bssid_hint
;
3171 params
.ssid
= ssid
->ssid
;
3172 params
.ssid_len
= ssid
->ssid_len
;
3173 params
.pbss
= (ssid
->pbss
!= 2) ? ssid
->pbss
: 0;
3176 if (ssid
->mode
== WPAS_MODE_IBSS
&& ssid
->bssid_set
&&
3177 wpa_s
->conf
->ap_scan
== 2) {
3178 params
.bssid
= ssid
->bssid
;
3179 params
.fixed_bssid
= 1;
3182 /* Initial frequency for IBSS/mesh */
3183 if ((ssid
->mode
== WPAS_MODE_IBSS
|| ssid
->mode
== WPAS_MODE_MESH
) &&
3184 ssid
->frequency
> 0 && params
.freq
.freq
== 0)
3185 ibss_mesh_setup_freq(wpa_s
, ssid
, ¶ms
.freq
);
3187 if (ssid
->mode
== WPAS_MODE_IBSS
) {
3188 params
.fixed_freq
= ssid
->fixed_freq
;
3189 if (ssid
->beacon_int
)
3190 params
.beacon_int
= ssid
->beacon_int
;
3192 params
.beacon_int
= wpa_s
->conf
->beacon_int
;
3195 params
.pairwise_suite
= cipher_pairwise
;
3196 params
.group_suite
= cipher_group
;
3197 params
.mgmt_group_suite
= cipher_group_mgmt
;
3198 params
.key_mgmt_suite
= wpa_s
->key_mgmt
;
3199 params
.wpa_proto
= wpa_s
->wpa_proto
;
3200 wpa_s
->auth_alg
= params
.auth_alg
;
3201 params
.mode
= ssid
->mode
;
3202 params
.bg_scan_period
= ssid
->bg_scan_period
;
3203 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
3204 if (ssid
->wep_key_len
[i
])
3205 params
.wep_key
[i
] = ssid
->wep_key
[i
];
3206 params
.wep_key_len
[i
] = ssid
->wep_key_len
[i
];
3208 params
.wep_tx_keyidx
= ssid
->wep_tx_keyidx
;
3210 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
) &&
3211 (params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK
||
3212 params
.key_mgmt_suite
== WPA_KEY_MGMT_FT_PSK
)) {
3213 params
.passphrase
= ssid
->passphrase
;
3215 params
.psk
= ssid
->psk
;
3218 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X
) &&
3219 (params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X
||
3220 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SHA256
||
3221 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B
||
3222 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
))
3223 params
.req_key_mgmt_offload
= 1;
3225 if (wpa_s
->conf
->key_mgmt_offload
) {
3226 if (params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X
||
3227 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SHA256
||
3228 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B
||
3229 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
)
3230 params
.req_key_mgmt_offload
=
3231 ssid
->proactive_key_caching
< 0 ?
3232 wpa_s
->conf
->okc
: ssid
->proactive_key_caching
;
3234 params
.req_key_mgmt_offload
= 1;
3236 if ((params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK
||
3237 params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK_SHA256
||
3238 params
.key_mgmt_suite
== WPA_KEY_MGMT_FT_PSK
) &&
3240 params
.psk
= ssid
->psk
;
3243 params
.drop_unencrypted
= use_crypt
;
3245 #ifdef CONFIG_IEEE80211W
3246 params
.mgmt_frame_protection
= wpas_get_ssid_pmf(wpa_s
, ssid
);
3247 if (params
.mgmt_frame_protection
!= NO_MGMT_FRAME_PROTECTION
&& bss
) {
3248 const u8
*rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
3249 struct wpa_ie_data ie
;
3250 if (rsn
&& wpa_parse_wpa_ie(rsn
, 2 + rsn
[1], &ie
) == 0 &&
3252 (WPA_CAPABILITY_MFPC
| WPA_CAPABILITY_MFPR
)) {
3253 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected AP supports "
3254 "MFP: require MFP");
3255 params
.mgmt_frame_protection
=
3256 MGMT_FRAME_PROTECTION_REQUIRED
;
3258 } else if (!rsn
&& (ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
) &&
3260 params
.mgmt_frame_protection
= NO_MGMT_FRAME_PROTECTION
;
3261 #endif /* CONFIG_OWE */
3264 #endif /* CONFIG_IEEE80211W */
3266 params
.p2p
= ssid
->p2p_group
;
3268 if (wpa_s
->p2pdev
->set_sta_uapsd
)
3269 params
.uapsd
= wpa_s
->p2pdev
->sta_uapsd
;
3273 #ifdef CONFIG_HT_OVERRIDES
3274 os_memset(&htcaps
, 0, sizeof(htcaps
));
3275 os_memset(&htcaps_mask
, 0, sizeof(htcaps_mask
));
3276 params
.htcaps
= (u8
*) &htcaps
;
3277 params
.htcaps_mask
= (u8
*) &htcaps_mask
;
3278 wpa_supplicant_apply_ht_overrides(wpa_s
, ssid
, ¶ms
);
3279 #endif /* CONFIG_HT_OVERRIDES */
3280 #ifdef CONFIG_VHT_OVERRIDES
3281 os_memset(&vhtcaps
, 0, sizeof(vhtcaps
));
3282 os_memset(&vhtcaps_mask
, 0, sizeof(vhtcaps_mask
));
3283 params
.vhtcaps
= &vhtcaps
;
3284 params
.vhtcaps_mask
= &vhtcaps_mask
;
3285 wpa_supplicant_apply_vht_overrides(wpa_s
, ssid
, ¶ms
);
3286 #endif /* CONFIG_VHT_OVERRIDES */
3290 * If multi-channel concurrency is not supported, check for any
3291 * frequency conflict. In case of any frequency conflict, remove the
3292 * least prioritized connection.
3294 if (wpa_s
->num_multichan_concurrent
< 2) {
3296 num
= get_shared_radio_freqs(wpa_s
, &freq
, 1);
3297 if (num
> 0 && freq
> 0 && freq
!= params
.freq
.freq
) {
3298 wpa_printf(MSG_DEBUG
,
3299 "Assoc conflicting freq found (%d != %d)",
3300 freq
, params
.freq
.freq
);
3301 if (wpas_p2p_handle_frequency_conflicts(
3302 wpa_s
, params
.freq
.freq
, ssid
) < 0) {
3303 wpas_connect_work_done(wpa_s
);
3309 #endif /* CONFIG_P2P */
3311 if (wpa_s
->reassoc_same_ess
&& !is_zero_ether_addr(prev_bssid
) &&
3312 wpa_s
->current_ssid
)
3313 params
.prev_bssid
= prev_bssid
;
3315 ret
= wpa_drv_associate(wpa_s
, ¶ms
);
3318 wpa_msg(wpa_s
, MSG_INFO
, "Association request to the driver "
3320 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SANE_ERROR_CODES
) {
3322 * The driver is known to mean what is saying, so we
3323 * can stop right here; the association will not
3326 wpas_connection_failed(wpa_s
, wpa_s
->pending_bssid
);
3327 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
3328 os_memset(wpa_s
->pending_bssid
, 0, ETH_ALEN
);
3331 /* try to continue anyway; new association will be tried again
3336 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
) {
3337 /* Set the key after the association just in case association
3338 * cleared the previously configured key. */
3339 wpa_supplicant_set_wpa_none_key(wpa_s
, ssid
);
3340 /* No need to timeout authentication since there is no key
3342 wpa_supplicant_cancel_auth_timeout(wpa_s
);
3343 wpa_supplicant_set_state(wpa_s
, WPA_COMPLETED
);
3344 #ifdef CONFIG_IBSS_RSN
3345 } else if (ssid
->mode
== WPAS_MODE_IBSS
&&
3346 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_NONE
&&
3347 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPA_NONE
) {
3349 * RSN IBSS authentication is per-STA and we can disable the
3350 * per-BSSID authentication.
3352 wpa_supplicant_cancel_auth_timeout(wpa_s
);
3353 #endif /* CONFIG_IBSS_RSN */
3355 /* Timeout for IEEE 802.11 authentication and association */
3359 /* give IBSS a bit more time */
3360 timeout
= ssid
->mode
== WPAS_MODE_IBSS
? 10 : 5;
3361 } else if (wpa_s
->conf
->ap_scan
== 1) {
3362 /* give IBSS a bit more time */
3363 timeout
= ssid
->mode
== WPAS_MODE_IBSS
? 20 : 10;
3365 wpa_supplicant_req_auth_timeout(wpa_s
, timeout
, 0);
3369 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC
)) {
3370 /* Set static WEP keys again */
3371 wpa_set_wep_keys(wpa_s
, ssid
);
3374 if (wpa_s
->current_ssid
&& wpa_s
->current_ssid
!= ssid
) {
3376 * Do not allow EAP session resumption between different
3377 * network configurations.
3379 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
3381 old_ssid
= wpa_s
->current_ssid
;
3382 wpa_s
->current_ssid
= ssid
;
3384 if (!wpas_driver_bss_selection(wpa_s
) || ssid
->bssid_set
) {
3385 wpa_s
->current_bss
= bss
;
3387 hs20_configure_frame_filters(wpa_s
);
3388 #endif /* CONFIG_HS20 */
3391 wpa_supplicant_rsn_supp_set_config(wpa_s
, wpa_s
->current_ssid
);
3392 wpa_supplicant_initiate_eapol(wpa_s
);
3393 if (old_ssid
!= wpa_s
->current_ssid
)
3394 wpas_notify_network_changed(wpa_s
);
3398 static void wpa_supplicant_clear_connection(struct wpa_supplicant
*wpa_s
,
3401 struct wpa_ssid
*old_ssid
;
3403 wpas_connect_work_done(wpa_s
);
3404 wpa_clear_keys(wpa_s
, addr
);
3405 old_ssid
= wpa_s
->current_ssid
;
3406 wpa_supplicant_mark_disassoc(wpa_s
);
3407 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
3408 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3409 if (old_ssid
!= wpa_s
->current_ssid
)
3410 wpas_notify_network_changed(wpa_s
);
3411 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
3416 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3417 * @wpa_s: Pointer to wpa_supplicant data
3418 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3420 * This function is used to request %wpa_supplicant to deauthenticate from the
3423 void wpa_supplicant_deauthenticate(struct wpa_supplicant
*wpa_s
,
3427 union wpa_event_data event
;
3430 wpa_dbg(wpa_s
, MSG_DEBUG
, "Request to deauthenticate - bssid=" MACSTR
3431 " pending_bssid=" MACSTR
" reason=%d state=%s",
3432 MAC2STR(wpa_s
->bssid
), MAC2STR(wpa_s
->pending_bssid
),
3433 reason_code
, wpa_supplicant_state_txt(wpa_s
->wpa_state
));
3435 if (!is_zero_ether_addr(wpa_s
->pending_bssid
) &&
3436 (wpa_s
->wpa_state
== WPA_AUTHENTICATING
||
3437 wpa_s
->wpa_state
== WPA_ASSOCIATING
))
3438 addr
= wpa_s
->pending_bssid
;
3439 else if (!is_zero_ether_addr(wpa_s
->bssid
))
3440 addr
= wpa_s
->bssid
;
3441 else if (wpa_s
->wpa_state
== WPA_ASSOCIATING
) {
3443 * When using driver-based BSS selection, we may not know the
3444 * BSSID with which we are currently trying to associate. We
3445 * need to notify the driver of this disconnection even in such
3446 * a case, so use the all zeros address here.
3448 addr
= wpa_s
->bssid
;
3452 if (wpa_s
->enabled_4addr_mode
&& wpa_drv_set_4addr_mode(wpa_s
, 0) == 0)
3453 wpa_s
->enabled_4addr_mode
= 0;
3456 wpa_tdls_teardown_peers(wpa_s
->wpa
);
3457 #endif /* CONFIG_TDLS */
3461 struct mesh_conf
*mconf
;
3463 mconf
= wpa_s
->ifmsh
->mconf
;
3464 wpa_msg(wpa_s
, MSG_INFO
, MESH_GROUP_REMOVED
"%s",
3466 wpas_notify_mesh_group_removed(wpa_s
, mconf
->meshid
,
3467 mconf
->meshid_len
, reason_code
);
3468 wpa_supplicant_leave_mesh(wpa_s
);
3470 #endif /* CONFIG_MESH */
3473 wpa_drv_deauthenticate(wpa_s
, addr
, reason_code
);
3474 os_memset(&event
, 0, sizeof(event
));
3475 event
.deauth_info
.reason_code
= (u16
) reason_code
;
3476 event
.deauth_info
.locally_generated
= 1;
3477 wpa_supplicant_event(wpa_s
, EVENT_DEAUTH
, &event
);
3482 wpa_supplicant_clear_connection(wpa_s
, addr
);
3485 static void wpa_supplicant_enable_one_network(struct wpa_supplicant
*wpa_s
,
3486 struct wpa_ssid
*ssid
)
3488 if (!ssid
|| !ssid
->disabled
|| ssid
->disabled
== 2)
3492 ssid
->owe_transition_bss_select_count
= 0;
3493 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
3494 wpas_notify_network_enabled_changed(wpa_s
, ssid
);
3497 * Try to reassociate since there is no current configuration and a new
3498 * network was made available.
3500 if (!wpa_s
->current_ssid
&& !wpa_s
->disconnected
)
3501 wpa_s
->reassociate
= 1;
3506 * wpa_supplicant_add_network - Add a new network
3507 * @wpa_s: wpa_supplicant structure for a network interface
3508 * Returns: The new network configuration or %NULL if operation failed
3510 * This function performs the following operations:
3511 * 1. Adds a new network.
3512 * 2. Send network addition notification.
3513 * 3. Marks the network disabled.
3514 * 4. Set network default parameters.
3516 struct wpa_ssid
* wpa_supplicant_add_network(struct wpa_supplicant
*wpa_s
)
3518 struct wpa_ssid
*ssid
;
3520 ssid
= wpa_config_add_network(wpa_s
->conf
);
3523 wpas_notify_network_added(wpa_s
, ssid
);
3525 wpa_config_set_network_defaults(ssid
);
3532 * wpa_supplicant_remove_network - Remove a configured network based on id
3533 * @wpa_s: wpa_supplicant structure for a network interface
3534 * @id: Unique network id to search for
3535 * Returns: 0 on success, or -1 if the network was not found, -2 if the network
3536 * could not be removed
3538 * This function performs the following operations:
3539 * 1. Removes the network.
3540 * 2. Send network removal notification.
3541 * 3. Update internal state machines.
3542 * 4. Stop any running sched scans.
3544 int wpa_supplicant_remove_network(struct wpa_supplicant
*wpa_s
, int id
)
3546 struct wpa_ssid
*ssid
;
3549 ssid
= wpa_config_get_network(wpa_s
->conf
, id
);
3552 wpas_notify_network_removed(wpa_s
, ssid
);
3554 if (wpa_s
->last_ssid
== ssid
)
3555 wpa_s
->last_ssid
= NULL
;
3557 if (ssid
== wpa_s
->current_ssid
|| !wpa_s
->current_ssid
) {
3559 wpa_s
->sme
.prev_bssid_set
= 0;
3560 #endif /* CONFIG_SME */
3562 * Invalidate the EAP session cache if the current or
3563 * previously used network is removed.
3565 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
3568 if (ssid
== wpa_s
->current_ssid
) {
3569 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
3570 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3572 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
3573 wpa_s
->own_disconnect_req
= 1;
3574 wpa_supplicant_deauthenticate(wpa_s
,
3575 WLAN_REASON_DEAUTH_LEAVING
);
3578 was_disabled
= ssid
->disabled
;
3580 if (wpa_config_remove_network(wpa_s
->conf
, id
) < 0)
3583 if (!was_disabled
&& wpa_s
->sched_scanning
) {
3584 wpa_printf(MSG_DEBUG
,
3585 "Stop ongoing sched_scan to remove network from filters");
3586 wpa_supplicant_cancel_sched_scan(wpa_s
);
3587 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3595 * wpa_supplicant_enable_network - Mark a configured network as enabled
3596 * @wpa_s: wpa_supplicant structure for a network interface
3597 * @ssid: wpa_ssid structure for a configured network or %NULL
3599 * Enables the specified network or all networks if no network specified.
3601 void wpa_supplicant_enable_network(struct wpa_supplicant
*wpa_s
,
3602 struct wpa_ssid
*ssid
)
3605 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
3606 wpa_supplicant_enable_one_network(wpa_s
, ssid
);
3608 wpa_supplicant_enable_one_network(wpa_s
, ssid
);
3610 if (wpa_s
->reassociate
&& !wpa_s
->disconnected
&&
3611 (!wpa_s
->current_ssid
||
3612 wpa_s
->wpa_state
== WPA_DISCONNECTED
||
3613 wpa_s
->wpa_state
== WPA_SCANNING
)) {
3614 if (wpa_s
->sched_scanning
) {
3615 wpa_printf(MSG_DEBUG
, "Stop ongoing sched_scan to add "
3616 "new network to scan filters");
3617 wpa_supplicant_cancel_sched_scan(wpa_s
);
3620 if (wpa_supplicant_fast_associate(wpa_s
) != 1) {
3621 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
3622 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3629 * wpa_supplicant_disable_network - Mark a configured network as disabled
3630 * @wpa_s: wpa_supplicant structure for a network interface
3631 * @ssid: wpa_ssid structure for a configured network or %NULL
3633 * Disables the specified network or all networks if no network specified.
3635 void wpa_supplicant_disable_network(struct wpa_supplicant
*wpa_s
,
3636 struct wpa_ssid
*ssid
)
3638 struct wpa_ssid
*other_ssid
;
3642 if (wpa_s
->sched_scanning
)
3643 wpa_supplicant_cancel_sched_scan(wpa_s
);
3645 for (other_ssid
= wpa_s
->conf
->ssid
; other_ssid
;
3646 other_ssid
= other_ssid
->next
) {
3647 was_disabled
= other_ssid
->disabled
;
3648 if (was_disabled
== 2)
3649 continue; /* do not change persistent P2P group
3652 other_ssid
->disabled
= 1;
3654 if (was_disabled
!= other_ssid
->disabled
)
3655 wpas_notify_network_enabled_changed(
3658 if (wpa_s
->current_ssid
) {
3659 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
3660 wpa_s
->own_disconnect_req
= 1;
3661 wpa_supplicant_deauthenticate(
3662 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
3664 } else if (ssid
->disabled
!= 2) {
3665 if (ssid
== wpa_s
->current_ssid
) {
3666 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
3667 wpa_s
->own_disconnect_req
= 1;
3668 wpa_supplicant_deauthenticate(
3669 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
3672 was_disabled
= ssid
->disabled
;
3676 if (was_disabled
!= ssid
->disabled
) {
3677 wpas_notify_network_enabled_changed(wpa_s
, ssid
);
3678 if (wpa_s
->sched_scanning
) {
3679 wpa_printf(MSG_DEBUG
, "Stop ongoing sched_scan "
3680 "to remove network from filters");
3681 wpa_supplicant_cancel_sched_scan(wpa_s
);
3682 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3690 * wpa_supplicant_select_network - Attempt association with a network
3691 * @wpa_s: wpa_supplicant structure for a network interface
3692 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
3694 void wpa_supplicant_select_network(struct wpa_supplicant
*wpa_s
,
3695 struct wpa_ssid
*ssid
)
3698 struct wpa_ssid
*other_ssid
;
3699 int disconnected
= 0;
3701 if (ssid
&& ssid
!= wpa_s
->current_ssid
&& wpa_s
->current_ssid
) {
3702 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
3703 wpa_s
->own_disconnect_req
= 1;
3704 wpa_supplicant_deauthenticate(
3705 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
3710 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
3713 * Mark all other networks disabled or mark all networks enabled if no
3714 * network specified.
3716 for (other_ssid
= wpa_s
->conf
->ssid
; other_ssid
;
3717 other_ssid
= other_ssid
->next
) {
3718 int was_disabled
= other_ssid
->disabled
;
3719 if (was_disabled
== 2)
3720 continue; /* do not change persistent P2P group data */
3722 other_ssid
->disabled
= ssid
? (ssid
->id
!= other_ssid
->id
) : 0;
3723 if (was_disabled
&& !other_ssid
->disabled
)
3724 wpas_clear_temp_disabled(wpa_s
, other_ssid
, 0);
3726 if (was_disabled
!= other_ssid
->disabled
)
3727 wpas_notify_network_enabled_changed(wpa_s
, other_ssid
);
3730 if (ssid
&& ssid
== wpa_s
->current_ssid
&& wpa_s
->current_ssid
&&
3731 wpa_s
->wpa_state
>= WPA_AUTHENTICATING
) {
3732 /* We are already associated with the selected network */
3733 wpa_printf(MSG_DEBUG
, "Already associated with the "
3734 "selected network - do nothing");
3739 wpa_s
->current_ssid
= ssid
;
3740 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3741 wpa_s
->connect_without_scan
=
3742 (ssid
->mode
== WPAS_MODE_MESH
) ? ssid
: NULL
;
3745 * Don't optimize next scan freqs since a new ESS has been
3748 os_free(wpa_s
->next_scan_freqs
);
3749 wpa_s
->next_scan_freqs
= NULL
;
3751 wpa_s
->connect_without_scan
= NULL
;
3754 wpa_s
->disconnected
= 0;
3755 wpa_s
->reassociate
= 1;
3756 wpa_s
->last_owe_group
= 0;
3758 ssid
->owe_transition_bss_select_count
= 0;
3760 if (wpa_s
->connect_without_scan
||
3761 wpa_supplicant_fast_associate(wpa_s
) != 1) {
3762 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
3763 wpas_scan_reset_sched_scan(wpa_s
);
3764 wpa_supplicant_req_scan(wpa_s
, 0, disconnected
? 100000 : 0);
3768 wpas_notify_network_selected(wpa_s
, ssid
);
3773 * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
3774 * @wpa_s: wpa_supplicant structure for a network interface
3775 * @pkcs11_engine_path: PKCS #11 engine path or NULL
3776 * @pkcs11_module_path: PKCS #11 module path or NULL
3777 * Returns: 0 on success; -1 on failure
3779 * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
3780 * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
3781 * module path fails the paths will be reset to the default value (NULL).
3783 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant
*wpa_s
,
3784 const char *pkcs11_engine_path
,
3785 const char *pkcs11_module_path
)
3787 char *pkcs11_engine_path_copy
= NULL
;
3788 char *pkcs11_module_path_copy
= NULL
;
3790 if (pkcs11_engine_path
!= NULL
) {
3791 pkcs11_engine_path_copy
= os_strdup(pkcs11_engine_path
);
3792 if (pkcs11_engine_path_copy
== NULL
)
3795 if (pkcs11_module_path
!= NULL
) {
3796 pkcs11_module_path_copy
= os_strdup(pkcs11_module_path
);
3797 if (pkcs11_module_path_copy
== NULL
) {
3798 os_free(pkcs11_engine_path_copy
);
3803 os_free(wpa_s
->conf
->pkcs11_engine_path
);
3804 os_free(wpa_s
->conf
->pkcs11_module_path
);
3805 wpa_s
->conf
->pkcs11_engine_path
= pkcs11_engine_path_copy
;
3806 wpa_s
->conf
->pkcs11_module_path
= pkcs11_module_path_copy
;
3808 wpa_sm_set_eapol(wpa_s
->wpa
, NULL
);
3809 eapol_sm_deinit(wpa_s
->eapol
);
3810 wpa_s
->eapol
= NULL
;
3811 if (wpa_supplicant_init_eapol(wpa_s
)) {
3812 /* Error -> Reset paths to the default value (NULL) once. */
3813 if (pkcs11_engine_path
!= NULL
&& pkcs11_module_path
!= NULL
)
3814 wpas_set_pkcs11_engine_and_module_path(wpa_s
, NULL
,
3819 wpa_sm_set_eapol(wpa_s
->wpa
, wpa_s
->eapol
);
3826 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
3827 * @wpa_s: wpa_supplicant structure for a network interface
3828 * @ap_scan: AP scan mode
3829 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
3832 int wpa_supplicant_set_ap_scan(struct wpa_supplicant
*wpa_s
, int ap_scan
)
3837 if (ap_scan
< 0 || ap_scan
> 2)
3840 if (ap_scan
== 2 && os_strcmp(wpa_s
->driver
->name
, "nl80211") == 0) {
3841 wpa_printf(MSG_INFO
,
3842 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
3846 if (ap_scan
== 2 && ap_scan
!= wpa_s
->conf
->ap_scan
&&
3847 wpa_s
->wpa_state
>= WPA_ASSOCIATING
&&
3848 wpa_s
->wpa_state
< WPA_COMPLETED
) {
3849 wpa_printf(MSG_ERROR
, "ap_scan = %d (%d) rejected while "
3850 "associating", wpa_s
->conf
->ap_scan
, ap_scan
);
3853 #endif /* ANDROID */
3855 old_ap_scan
= wpa_s
->conf
->ap_scan
;
3856 wpa_s
->conf
->ap_scan
= ap_scan
;
3858 if (old_ap_scan
!= wpa_s
->conf
->ap_scan
)
3859 wpas_notify_ap_scan_changed(wpa_s
);
3866 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
3867 * @wpa_s: wpa_supplicant structure for a network interface
3868 * @expire_age: Expiration age in seconds
3869 * Returns: 0 if succeed or -1 if expire_age has an invalid value
3872 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant
*wpa_s
,
3873 unsigned int bss_expire_age
)
3875 if (bss_expire_age
< 10) {
3876 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid bss expiration age %u",
3880 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting bss expiration age: %d sec",
3882 wpa_s
->conf
->bss_expiration_age
= bss_expire_age
;
3889 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
3890 * @wpa_s: wpa_supplicant structure for a network interface
3891 * @expire_count: number of scans after which an unseen BSS is reclaimed
3892 * Returns: 0 if succeed or -1 if expire_count has an invalid value
3895 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant
*wpa_s
,
3896 unsigned int bss_expire_count
)
3898 if (bss_expire_count
< 1) {
3899 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid bss expiration count %u",
3903 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting bss expiration scan count: %u",
3905 wpa_s
->conf
->bss_expiration_scan_count
= bss_expire_count
;
3912 * wpa_supplicant_set_scan_interval - Set scan interval
3913 * @wpa_s: wpa_supplicant structure for a network interface
3914 * @scan_interval: scan interval in seconds
3915 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
3918 int wpa_supplicant_set_scan_interval(struct wpa_supplicant
*wpa_s
,
3921 if (scan_interval
< 0) {
3922 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid scan interval %d",
3926 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting scan interval: %d sec",
3928 wpa_supplicant_update_scan_int(wpa_s
, scan_interval
);
3935 * wpa_supplicant_set_debug_params - Set global debug params
3936 * @global: wpa_global structure
3937 * @debug_level: debug level
3938 * @debug_timestamp: determines if show timestamp in debug data
3939 * @debug_show_keys: determines if show keys in debug data
3940 * Returns: 0 if succeed or -1 if debug_level has wrong value
3942 int wpa_supplicant_set_debug_params(struct wpa_global
*global
, int debug_level
,
3943 int debug_timestamp
, int debug_show_keys
)
3946 int old_level
, old_timestamp
, old_show_keys
;
3948 /* check for allowed debuglevels */
3949 if (debug_level
!= MSG_EXCESSIVE
&&
3950 debug_level
!= MSG_MSGDUMP
&&
3951 debug_level
!= MSG_DEBUG
&&
3952 debug_level
!= MSG_INFO
&&
3953 debug_level
!= MSG_WARNING
&&
3954 debug_level
!= MSG_ERROR
)
3957 old_level
= wpa_debug_level
;
3958 old_timestamp
= wpa_debug_timestamp
;
3959 old_show_keys
= wpa_debug_show_keys
;
3961 wpa_debug_level
= debug_level
;
3962 wpa_debug_timestamp
= debug_timestamp
? 1 : 0;
3963 wpa_debug_show_keys
= debug_show_keys
? 1 : 0;
3965 if (wpa_debug_level
!= old_level
)
3966 wpas_notify_debug_level_changed(global
);
3967 if (wpa_debug_timestamp
!= old_timestamp
)
3968 wpas_notify_debug_timestamp_changed(global
);
3969 if (wpa_debug_show_keys
!= old_show_keys
)
3970 wpas_notify_debug_show_keys_changed(global
);
3977 static int owe_trans_ssid_match(struct wpa_supplicant
*wpa_s
, const u8
*bssid
,
3978 const u8
*entry_ssid
, size_t entry_ssid_len
)
3980 const u8
*owe
, *pos
, *end
;
3982 struct wpa_bss
*bss
;
3984 /* Check network profile SSID aganst the SSID in the
3985 * OWE Transition Mode element. */
3987 bss
= wpa_bss_get_bssid_latest(wpa_s
, bssid
);
3991 owe
= wpa_bss_get_vendor_ie(bss
, OWE_IE_VENDOR_TYPE
);
3996 end
= owe
+ 2 + owe
[1];
3998 if (end
- pos
< ETH_ALEN
+ 1)
4002 if (end
- pos
< ssid_len
|| ssid_len
> SSID_MAX_LEN
)
4005 return entry_ssid_len
== ssid_len
&&
4006 os_memcmp(pos
, entry_ssid
, ssid_len
) == 0;
4008 #endif /* CONFIG_OWE */
4012 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
4013 * @wpa_s: Pointer to wpa_supplicant data
4014 * Returns: A pointer to the current network structure or %NULL on failure
4016 struct wpa_ssid
* wpa_supplicant_get_ssid(struct wpa_supplicant
*wpa_s
)
4018 struct wpa_ssid
*entry
;
4019 u8 ssid
[SSID_MAX_LEN
];
4025 res
= wpa_drv_get_ssid(wpa_s
, ssid
);
4027 wpa_msg(wpa_s
, MSG_WARNING
, "Could not read SSID from "
4033 if (wpa_drv_get_bssid(wpa_s
, bssid
) < 0) {
4034 wpa_msg(wpa_s
, MSG_WARNING
, "Could not read BSSID from "
4039 wired
= wpa_s
->conf
->ap_scan
== 0 &&
4040 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
);
4042 entry
= wpa_s
->conf
->ssid
;
4044 if (!wpas_network_disabled(wpa_s
, entry
) &&
4045 ((ssid_len
== entry
->ssid_len
&&
4047 os_memcmp(ssid
, entry
->ssid
, ssid_len
) == 0)) ||
4049 (!entry
->bssid_set
||
4050 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4053 if (!wpas_network_disabled(wpa_s
, entry
) &&
4054 (entry
->key_mgmt
& WPA_KEY_MGMT_WPS
) &&
4055 (entry
->ssid
== NULL
|| entry
->ssid_len
== 0) &&
4056 (!entry
->bssid_set
||
4057 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4059 #endif /* CONFIG_WPS */
4062 if (!wpas_network_disabled(wpa_s
, entry
) &&
4063 owe_trans_ssid_match(wpa_s
, bssid
, entry
->ssid
,
4065 (!entry
->bssid_set
||
4066 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4068 #endif /* CONFIG_OWE */
4070 if (!wpas_network_disabled(wpa_s
, entry
) && entry
->bssid_set
&&
4071 entry
->ssid_len
== 0 &&
4072 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0)
4075 entry
= entry
->next
;
4082 static int select_driver(struct wpa_supplicant
*wpa_s
, int i
)
4084 struct wpa_global
*global
= wpa_s
->global
;
4086 if (wpa_drivers
[i
]->global_init
&& global
->drv_priv
[i
] == NULL
) {
4087 global
->drv_priv
[i
] = wpa_drivers
[i
]->global_init(global
);
4088 if (global
->drv_priv
[i
] == NULL
) {
4089 wpa_printf(MSG_ERROR
, "Failed to initialize driver "
4090 "'%s'", wpa_drivers
[i
]->name
);
4095 wpa_s
->driver
= wpa_drivers
[i
];
4096 wpa_s
->global_drv_priv
= global
->drv_priv
[i
];
4102 static int wpa_supplicant_set_driver(struct wpa_supplicant
*wpa_s
,
4107 const char *pos
, *driver
= name
;
4112 if (wpa_drivers
[0] == NULL
) {
4113 wpa_msg(wpa_s
, MSG_ERROR
, "No driver interfaces build into "
4119 /* default to first driver in the list */
4120 return select_driver(wpa_s
, 0);
4124 pos
= os_strchr(driver
, ',');
4128 len
= os_strlen(driver
);
4130 for (i
= 0; wpa_drivers
[i
]; i
++) {
4131 if (os_strlen(wpa_drivers
[i
]->name
) == len
&&
4132 os_strncmp(driver
, wpa_drivers
[i
]->name
, len
) ==
4134 /* First driver that succeeds wins */
4135 if (select_driver(wpa_s
, i
) == 0)
4143 wpa_msg(wpa_s
, MSG_ERROR
, "Unsupported driver '%s'", name
);
4149 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
4150 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
4151 * with struct wpa_driver_ops::init()
4152 * @src_addr: Source address of the EAPOL frame
4153 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
4154 * @len: Length of the EAPOL data
4156 * This function is called for each received EAPOL frame. Most driver
4157 * interfaces rely on more generic OS mechanism for receiving frames through
4158 * l2_packet, but if such a mechanism is not available, the driver wrapper may
4159 * take care of received EAPOL frames and deliver them to the core supplicant
4160 * code by calling this function.
4162 void wpa_supplicant_rx_eapol(void *ctx
, const u8
*src_addr
,
4163 const u8
*buf
, size_t len
)
4165 struct wpa_supplicant
*wpa_s
= ctx
;
4167 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
, MAC2STR(src_addr
));
4168 wpa_hexdump(MSG_MSGDUMP
, "RX EAPOL", buf
, len
);
4170 #ifdef CONFIG_TESTING_OPTIONS
4171 if (wpa_s
->ignore_auth_resp
) {
4172 wpa_printf(MSG_INFO
, "RX EAPOL - ignore_auth_resp active!");
4175 #endif /* CONFIG_TESTING_OPTIONS */
4177 if (wpa_s
->wpa_state
< WPA_ASSOCIATED
||
4178 (wpa_s
->last_eapol_matches_bssid
&&
4181 #endif /* CONFIG_AP */
4182 os_memcmp(src_addr
, wpa_s
->bssid
, ETH_ALEN
) != 0)) {
4184 * There is possible race condition between receiving the
4185 * association event and the EAPOL frame since they are coming
4186 * through different paths from the driver. In order to avoid
4187 * issues in trying to process the EAPOL frame before receiving
4188 * association information, lets queue it for processing until
4189 * the association event is received. This may also be needed in
4190 * driver-based roaming case, so also use src_addr != BSSID as a
4191 * trigger if we have previously confirmed that the
4192 * Authenticator uses BSSID as the src_addr (which is not the
4193 * case with wired IEEE 802.1X).
4195 wpa_dbg(wpa_s
, MSG_DEBUG
, "Not associated - Delay processing "
4196 "of received EAPOL frame (state=%s bssid=" MACSTR
")",
4197 wpa_supplicant_state_txt(wpa_s
->wpa_state
),
4198 MAC2STR(wpa_s
->bssid
));
4199 wpabuf_free(wpa_s
->pending_eapol_rx
);
4200 wpa_s
->pending_eapol_rx
= wpabuf_alloc_copy(buf
, len
);
4201 if (wpa_s
->pending_eapol_rx
) {
4202 os_get_reltime(&wpa_s
->pending_eapol_rx_time
);
4203 os_memcpy(wpa_s
->pending_eapol_rx_src
, src_addr
,
4209 wpa_s
->last_eapol_matches_bssid
=
4210 os_memcmp(src_addr
, wpa_s
->bssid
, ETH_ALEN
) == 0;
4213 if (wpa_s
->ap_iface
) {
4214 wpa_supplicant_ap_rx_eapol(wpa_s
, src_addr
, buf
, len
);
4217 #endif /* CONFIG_AP */
4219 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
) {
4220 wpa_dbg(wpa_s
, MSG_DEBUG
, "Ignored received EAPOL frame since "
4221 "no key management is configured");
4225 if (wpa_s
->eapol_received
== 0 &&
4226 (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
) ||
4227 !wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
4228 wpa_s
->wpa_state
!= WPA_COMPLETED
) &&
4229 (wpa_s
->current_ssid
== NULL
||
4230 wpa_s
->current_ssid
->mode
!= IEEE80211_MODE_IBSS
)) {
4231 /* Timeout for completing IEEE 802.1X and WPA authentication */
4234 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) ||
4235 wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
||
4236 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
4237 /* Use longer timeout for IEEE 802.1X/EAP */
4242 if (wpa_s
->current_ssid
&& wpa_s
->current_bss
&&
4243 (wpa_s
->current_ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
) &&
4244 eap_is_wps_pin_enrollee(&wpa_s
->current_ssid
->eap
)) {
4246 * Use shorter timeout if going through WPS AP iteration
4247 * for PIN config method with an AP that does not
4248 * advertise Selected Registrar.
4250 struct wpabuf
*wps_ie
;
4252 wps_ie
= wpa_bss_get_vendor_ie_multi(
4253 wpa_s
->current_bss
, WPS_IE_VENDOR_TYPE
);
4255 !wps_is_addr_authorized(wps_ie
, wpa_s
->own_addr
, 1))
4257 wpabuf_free(wps_ie
);
4259 #endif /* CONFIG_WPS */
4261 wpa_supplicant_req_auth_timeout(wpa_s
, timeout
, 0);
4263 wpa_s
->eapol_received
++;
4265 if (wpa_s
->countermeasures
) {
4266 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Countermeasures - dropped "
4271 #ifdef CONFIG_IBSS_RSN
4272 if (wpa_s
->current_ssid
&&
4273 wpa_s
->current_ssid
->mode
== WPAS_MODE_IBSS
) {
4274 ibss_rsn_rx_eapol(wpa_s
->ibss_rsn
, src_addr
, buf
, len
);
4277 #endif /* CONFIG_IBSS_RSN */
4279 /* Source address of the incoming EAPOL frame could be compared to the
4280 * current BSSID. However, it is possible that a centralized
4281 * Authenticator could be using another MAC address than the BSSID of
4282 * an AP, so just allow any address to be used for now. The replies are
4283 * still sent to the current BSSID (if available), though. */
4285 os_memcpy(wpa_s
->last_eapol_src
, src_addr
, ETH_ALEN
);
4286 if (!wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) &&
4287 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_OWE
&&
4288 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_DPP
&&
4289 eapol_sm_rx_eapol(wpa_s
->eapol
, src_addr
, buf
, len
) > 0)
4291 wpa_drv_poll(wpa_s
);
4292 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
))
4293 wpa_sm_rx_eapol(wpa_s
->wpa
, src_addr
, buf
, len
);
4294 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
)) {
4296 * Set portValid = TRUE here since we are going to skip 4-way
4297 * handshake processing which would normally set portValid. We
4298 * need this to allow the EAPOL state machines to be completed
4299 * without going through EAPOL-Key handshake.
4301 eapol_sm_notify_portValid(wpa_s
->eapol
, TRUE
);
4306 int wpa_supplicant_update_mac_addr(struct wpa_supplicant
*wpa_s
)
4308 if ((!wpa_s
->p2p_mgmt
||
4309 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
)) &&
4310 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE
)) {
4311 l2_packet_deinit(wpa_s
->l2
);
4312 wpa_s
->l2
= l2_packet_init(wpa_s
->ifname
,
4313 wpa_drv_get_mac_addr(wpa_s
),
4315 wpa_supplicant_rx_eapol
, wpa_s
, 0);
4316 if (wpa_s
->l2
== NULL
)
4319 if (l2_packet_set_packet_filter(wpa_s
->l2
,
4320 L2_PACKET_FILTER_PKTTYPE
))
4321 wpa_dbg(wpa_s
, MSG_DEBUG
,
4322 "Failed to attach pkt_type filter");
4324 const u8
*addr
= wpa_drv_get_mac_addr(wpa_s
);
4326 os_memcpy(wpa_s
->own_addr
, addr
, ETH_ALEN
);
4329 if (wpa_s
->l2
&& l2_packet_get_own_addr(wpa_s
->l2
, wpa_s
->own_addr
)) {
4330 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to get own L2 address");
4334 wpa_sm_set_own_addr(wpa_s
->wpa
, wpa_s
->own_addr
);
4340 static void wpa_supplicant_rx_eapol_bridge(void *ctx
, const u8
*src_addr
,
4341 const u8
*buf
, size_t len
)
4343 struct wpa_supplicant
*wpa_s
= ctx
;
4344 const struct l2_ethhdr
*eth
;
4346 if (len
< sizeof(*eth
))
4348 eth
= (const struct l2_ethhdr
*) buf
;
4350 if (os_memcmp(eth
->h_dest
, wpa_s
->own_addr
, ETH_ALEN
) != 0 &&
4351 !(eth
->h_dest
[0] & 0x01)) {
4352 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
" to " MACSTR
4353 " (bridge - not for this interface - ignore)",
4354 MAC2STR(src_addr
), MAC2STR(eth
->h_dest
));
4358 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
" to " MACSTR
4359 " (bridge)", MAC2STR(src_addr
), MAC2STR(eth
->h_dest
));
4360 wpa_supplicant_rx_eapol(wpa_s
, src_addr
, buf
+ sizeof(*eth
),
4361 len
- sizeof(*eth
));
4366 * wpa_supplicant_driver_init - Initialize driver interface parameters
4367 * @wpa_s: Pointer to wpa_supplicant data
4368 * Returns: 0 on success, -1 on failure
4370 * This function is called to initialize driver interface parameters.
4371 * wpa_drv_init() must have been called before this function to initialize the
4374 int wpa_supplicant_driver_init(struct wpa_supplicant
*wpa_s
)
4376 static int interface_count
= 0;
4378 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0)
4381 wpa_dbg(wpa_s
, MSG_DEBUG
, "Own MAC address: " MACSTR
,
4382 MAC2STR(wpa_s
->own_addr
));
4383 os_memcpy(wpa_s
->perm_addr
, wpa_s
->own_addr
, ETH_ALEN
);
4384 wpa_sm_set_own_addr(wpa_s
->wpa
, wpa_s
->own_addr
);
4386 if (wpa_s
->bridge_ifname
[0]) {
4387 wpa_dbg(wpa_s
, MSG_DEBUG
, "Receiving packets from bridge "
4388 "interface '%s'", wpa_s
->bridge_ifname
);
4389 wpa_s
->l2_br
= l2_packet_init_bridge(
4390 wpa_s
->bridge_ifname
, wpa_s
->ifname
, wpa_s
->own_addr
,
4391 ETH_P_EAPOL
, wpa_supplicant_rx_eapol_bridge
, wpa_s
, 1);
4392 if (wpa_s
->l2_br
== NULL
) {
4393 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to open l2_packet "
4394 "connection for the bridge interface '%s'",
4395 wpa_s
->bridge_ifname
);
4400 if (wpa_s
->conf
->ap_scan
== 2 &&
4401 os_strcmp(wpa_s
->driver
->name
, "nl80211") == 0) {
4402 wpa_printf(MSG_INFO
,
4403 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4406 wpa_clear_keys(wpa_s
, NULL
);
4408 /* Make sure that TKIP countermeasures are not left enabled (could
4409 * happen if wpa_supplicant is killed during countermeasures. */
4410 wpa_drv_set_countermeasures(wpa_s
, 0);
4412 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: flushing PMKID list in the driver");
4413 wpa_drv_flush_pmkid(wpa_s
);
4415 wpa_s
->prev_scan_ssid
= WILDCARD_SSID_SCAN
;
4416 wpa_s
->prev_scan_wildcard
= 0;
4418 if (wpa_supplicant_enabled_networks(wpa_s
)) {
4419 if (wpa_s
->wpa_state
== WPA_INTERFACE_DISABLED
) {
4420 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
4421 interface_count
= 0;
4424 if (!wpa_s
->p2p_mgmt
&&
4425 wpa_supplicant_delayed_sched_scan(wpa_s
,
4426 interface_count
% 3,
4428 wpa_supplicant_req_scan(wpa_s
, interface_count
% 3,
4430 #endif /* ANDROID */
4433 wpa_supplicant_set_state(wpa_s
, WPA_INACTIVE
);
4439 static int wpa_supplicant_daemon(const char *pid_file
)
4441 wpa_printf(MSG_DEBUG
, "Daemonize..");
4442 return os_daemonize(pid_file
);
4446 static struct wpa_supplicant
*
4447 wpa_supplicant_alloc(struct wpa_supplicant
*parent
)
4449 struct wpa_supplicant
*wpa_s
;
4451 wpa_s
= os_zalloc(sizeof(*wpa_s
));
4454 wpa_s
->scan_req
= INITIAL_SCAN_REQ
;
4455 wpa_s
->scan_interval
= 5;
4456 wpa_s
->new_connection
= 1;
4457 wpa_s
->parent
= parent
? parent
: wpa_s
;
4458 wpa_s
->p2pdev
= wpa_s
->parent
;
4459 wpa_s
->sched_scanning
= 0;
4461 dl_list_init(&wpa_s
->bss_tmp_disallowed
);
4462 dl_list_init(&wpa_s
->fils_hlp_req
);
4468 #ifdef CONFIG_HT_OVERRIDES
4470 static int wpa_set_htcap_mcs(struct wpa_supplicant
*wpa_s
,
4471 struct ieee80211_ht_capabilities
*htcaps
,
4472 struct ieee80211_ht_capabilities
*htcaps_mask
,
4475 /* parse ht_mcs into hex array */
4477 const char *tmp
= ht_mcs
;
4480 /* If ht_mcs is null, do not set anything */
4484 /* This is what we are setting in the kernel */
4485 os_memset(&htcaps
->supported_mcs_set
, 0, IEEE80211_HT_MCS_MASK_LEN
);
4487 wpa_msg(wpa_s
, MSG_DEBUG
, "set_htcap, ht_mcs -:%s:-", ht_mcs
);
4489 for (i
= 0; i
< IEEE80211_HT_MCS_MASK_LEN
; i
++) {
4493 v
= strtol(tmp
, &end
, 16);
4496 wpa_msg(wpa_s
, MSG_DEBUG
,
4497 "htcap value[%i]: %ld end: %p tmp: %p",
4502 htcaps
->supported_mcs_set
[i
] = v
;
4505 wpa_msg(wpa_s
, MSG_ERROR
,
4506 "Failed to parse ht-mcs: %s, error: %s\n",
4507 ht_mcs
, strerror(errno
));
4513 * If we were able to parse any values, then set mask for the MCS set.
4516 os_memset(&htcaps_mask
->supported_mcs_set
, 0xff,
4517 IEEE80211_HT_MCS_MASK_LEN
- 1);
4518 /* skip the 3 reserved bits */
4519 htcaps_mask
->supported_mcs_set
[IEEE80211_HT_MCS_MASK_LEN
- 1] =
4527 static int wpa_disable_max_amsdu(struct wpa_supplicant
*wpa_s
,
4528 struct ieee80211_ht_capabilities
*htcaps
,
4529 struct ieee80211_ht_capabilities
*htcaps_mask
,
4537 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_max_amsdu: %d", disabled
);
4539 msk
= host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE
);
4540 htcaps_mask
->ht_capabilities_info
|= msk
;
4542 htcaps
->ht_capabilities_info
&= msk
;
4544 htcaps
->ht_capabilities_info
|= msk
;
4550 static int wpa_set_ampdu_factor(struct wpa_supplicant
*wpa_s
,
4551 struct ieee80211_ht_capabilities
*htcaps
,
4552 struct ieee80211_ht_capabilities
*htcaps_mask
,
4558 wpa_msg(wpa_s
, MSG_DEBUG
, "set_ampdu_factor: %d", factor
);
4560 if (factor
< 0 || factor
> 3) {
4561 wpa_msg(wpa_s
, MSG_ERROR
, "ampdu_factor: %d out of range. "
4562 "Must be 0-3 or -1", factor
);
4566 htcaps_mask
->a_mpdu_params
|= 0x3; /* 2 bits for factor */
4567 htcaps
->a_mpdu_params
&= ~0x3;
4568 htcaps
->a_mpdu_params
|= factor
& 0x3;
4574 static int wpa_set_ampdu_density(struct wpa_supplicant
*wpa_s
,
4575 struct ieee80211_ht_capabilities
*htcaps
,
4576 struct ieee80211_ht_capabilities
*htcaps_mask
,
4582 wpa_msg(wpa_s
, MSG_DEBUG
, "set_ampdu_density: %d", density
);
4584 if (density
< 0 || density
> 7) {
4585 wpa_msg(wpa_s
, MSG_ERROR
,
4586 "ampdu_density: %d out of range. Must be 0-7 or -1.",
4591 htcaps_mask
->a_mpdu_params
|= 0x1C;
4592 htcaps
->a_mpdu_params
&= ~(0x1C);
4593 htcaps
->a_mpdu_params
|= (density
<< 2) & 0x1C;
4599 static int wpa_set_disable_ht40(struct wpa_supplicant
*wpa_s
,
4600 struct ieee80211_ht_capabilities
*htcaps
,
4601 struct ieee80211_ht_capabilities
*htcaps_mask
,
4605 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_ht40: %d", disabled
);
4607 set_disable_ht40(htcaps
, disabled
);
4608 set_disable_ht40(htcaps_mask
, 0);
4614 static int wpa_set_disable_sgi(struct wpa_supplicant
*wpa_s
,
4615 struct ieee80211_ht_capabilities
*htcaps
,
4616 struct ieee80211_ht_capabilities
*htcaps_mask
,
4619 /* Masking these out disables SGI */
4620 le16 msk
= host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ
|
4621 HT_CAP_INFO_SHORT_GI40MHZ
);
4624 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_sgi: %d", disabled
);
4627 htcaps
->ht_capabilities_info
&= ~msk
;
4629 htcaps
->ht_capabilities_info
|= msk
;
4631 htcaps_mask
->ht_capabilities_info
|= msk
;
4637 static int wpa_set_disable_ldpc(struct wpa_supplicant
*wpa_s
,
4638 struct ieee80211_ht_capabilities
*htcaps
,
4639 struct ieee80211_ht_capabilities
*htcaps_mask
,
4642 /* Masking these out disables LDPC */
4643 le16 msk
= host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP
);
4646 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_ldpc: %d", disabled
);
4649 htcaps
->ht_capabilities_info
&= ~msk
;
4651 htcaps
->ht_capabilities_info
|= msk
;
4653 htcaps_mask
->ht_capabilities_info
|= msk
;
4659 static int wpa_set_tx_stbc(struct wpa_supplicant
*wpa_s
,
4660 struct ieee80211_ht_capabilities
*htcaps
,
4661 struct ieee80211_ht_capabilities
*htcaps_mask
,
4664 le16 msk
= host_to_le16(HT_CAP_INFO_TX_STBC
);
4669 wpa_msg(wpa_s
, MSG_DEBUG
, "set_tx_stbc: %d", tx_stbc
);
4671 if (tx_stbc
< 0 || tx_stbc
> 1) {
4672 wpa_msg(wpa_s
, MSG_ERROR
,
4673 "tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc
);
4677 htcaps_mask
->ht_capabilities_info
|= msk
;
4678 htcaps
->ht_capabilities_info
&= ~msk
;
4679 htcaps
->ht_capabilities_info
|= (tx_stbc
<< 7) & msk
;
4685 static int wpa_set_rx_stbc(struct wpa_supplicant
*wpa_s
,
4686 struct ieee80211_ht_capabilities
*htcaps
,
4687 struct ieee80211_ht_capabilities
*htcaps_mask
,
4690 le16 msk
= host_to_le16(HT_CAP_INFO_RX_STBC_MASK
);
4695 wpa_msg(wpa_s
, MSG_DEBUG
, "set_rx_stbc: %d", rx_stbc
);
4697 if (rx_stbc
< 0 || rx_stbc
> 3) {
4698 wpa_msg(wpa_s
, MSG_ERROR
,
4699 "rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc
);
4703 htcaps_mask
->ht_capabilities_info
|= msk
;
4704 htcaps
->ht_capabilities_info
&= ~msk
;
4705 htcaps
->ht_capabilities_info
|= (rx_stbc
<< 8) & msk
;
4711 void wpa_supplicant_apply_ht_overrides(
4712 struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
4713 struct wpa_driver_associate_params
*params
)
4715 struct ieee80211_ht_capabilities
*htcaps
;
4716 struct ieee80211_ht_capabilities
*htcaps_mask
;
4721 params
->disable_ht
= ssid
->disable_ht
;
4722 if (!params
->htcaps
|| !params
->htcaps_mask
)
4725 htcaps
= (struct ieee80211_ht_capabilities
*) params
->htcaps
;
4726 htcaps_mask
= (struct ieee80211_ht_capabilities
*) params
->htcaps_mask
;
4727 wpa_set_htcap_mcs(wpa_s
, htcaps
, htcaps_mask
, ssid
->ht_mcs
);
4728 wpa_disable_max_amsdu(wpa_s
, htcaps
, htcaps_mask
,
4729 ssid
->disable_max_amsdu
);
4730 wpa_set_ampdu_factor(wpa_s
, htcaps
, htcaps_mask
, ssid
->ampdu_factor
);
4731 wpa_set_ampdu_density(wpa_s
, htcaps
, htcaps_mask
, ssid
->ampdu_density
);
4732 wpa_set_disable_ht40(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_ht40
);
4733 wpa_set_disable_sgi(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_sgi
);
4734 wpa_set_disable_ldpc(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_ldpc
);
4735 wpa_set_rx_stbc(wpa_s
, htcaps
, htcaps_mask
, ssid
->rx_stbc
);
4736 wpa_set_tx_stbc(wpa_s
, htcaps
, htcaps_mask
, ssid
->tx_stbc
);
4738 if (ssid
->ht40_intolerant
) {
4739 le16 bit
= host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT
);
4740 htcaps
->ht_capabilities_info
|= bit
;
4741 htcaps_mask
->ht_capabilities_info
|= bit
;
4745 #endif /* CONFIG_HT_OVERRIDES */
4748 #ifdef CONFIG_VHT_OVERRIDES
4749 void wpa_supplicant_apply_vht_overrides(
4750 struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
4751 struct wpa_driver_associate_params
*params
)
4753 struct ieee80211_vht_capabilities
*vhtcaps
;
4754 struct ieee80211_vht_capabilities
*vhtcaps_mask
;
4759 params
->disable_vht
= ssid
->disable_vht
;
4761 vhtcaps
= (void *) params
->vhtcaps
;
4762 vhtcaps_mask
= (void *) params
->vhtcaps_mask
;
4764 if (!vhtcaps
|| !vhtcaps_mask
)
4767 vhtcaps
->vht_capabilities_info
= host_to_le32(ssid
->vht_capa
);
4768 vhtcaps_mask
->vht_capabilities_info
= host_to_le32(ssid
->vht_capa_mask
);
4770 #ifdef CONFIG_HT_OVERRIDES
4771 if (ssid
->disable_sgi
) {
4772 vhtcaps_mask
->vht_capabilities_info
|= (VHT_CAP_SHORT_GI_80
|
4773 VHT_CAP_SHORT_GI_160
);
4774 vhtcaps
->vht_capabilities_info
&= ~(VHT_CAP_SHORT_GI_80
|
4775 VHT_CAP_SHORT_GI_160
);
4776 wpa_msg(wpa_s
, MSG_DEBUG
,
4777 "disable-sgi override specified, vht-caps: 0x%x",
4778 vhtcaps
->vht_capabilities_info
);
4781 /* if max ampdu is <= 3, we have to make the HT cap the same */
4782 if (ssid
->vht_capa_mask
& VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
) {
4785 max_ampdu
= (ssid
->vht_capa
&
4786 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
) >>
4787 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT
;
4789 max_ampdu
= max_ampdu
< 3 ? max_ampdu
: 3;
4790 wpa_set_ampdu_factor(wpa_s
,
4791 (void *) params
->htcaps
,
4792 (void *) params
->htcaps_mask
,
4795 #endif /* CONFIG_HT_OVERRIDES */
4797 #define OVERRIDE_MCS(i) \
4798 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
4799 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
4800 host_to_le16(3 << 2 * (i - 1)); \
4801 vhtcaps->vht_supported_mcs_set.tx_map |= \
4802 host_to_le16(ssid->vht_tx_mcs_nss_ ##i << \
4805 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
4806 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
4807 host_to_le16(3 << 2 * (i - 1)); \
4808 vhtcaps->vht_supported_mcs_set.rx_map |= \
4809 host_to_le16(ssid->vht_rx_mcs_nss_ ##i << \
4822 #endif /* CONFIG_VHT_OVERRIDES */
4825 static int pcsc_reader_init(struct wpa_supplicant
*wpa_s
)
4830 if (!wpa_s
->conf
->pcsc_reader
)
4833 wpa_s
->scard
= scard_init(wpa_s
->conf
->pcsc_reader
);
4837 if (wpa_s
->conf
->pcsc_pin
&&
4838 scard_set_pin(wpa_s
->scard
, wpa_s
->conf
->pcsc_pin
) < 0) {
4839 scard_deinit(wpa_s
->scard
);
4840 wpa_s
->scard
= NULL
;
4841 wpa_msg(wpa_s
, MSG_ERROR
, "PC/SC PIN validation failed");
4845 len
= sizeof(wpa_s
->imsi
) - 1;
4846 if (scard_get_imsi(wpa_s
->scard
, wpa_s
->imsi
, &len
)) {
4847 scard_deinit(wpa_s
->scard
);
4848 wpa_s
->scard
= NULL
;
4849 wpa_msg(wpa_s
, MSG_ERROR
, "Could not read IMSI");
4852 wpa_s
->imsi
[len
] = '\0';
4854 wpa_s
->mnc_len
= scard_get_mnc_len(wpa_s
->scard
);
4856 wpa_printf(MSG_DEBUG
, "SCARD: IMSI %s (MNC length %d)",
4857 wpa_s
->imsi
, wpa_s
->mnc_len
);
4859 wpa_sm_set_scard_ctx(wpa_s
->wpa
, wpa_s
->scard
);
4860 eapol_sm_register_scard_ctx(wpa_s
->eapol
, wpa_s
->scard
);
4861 #endif /* PCSC_FUNCS */
4867 int wpas_init_ext_pw(struct wpa_supplicant
*wpa_s
)
4871 ext_password_deinit(wpa_s
->ext_pw
);
4872 wpa_s
->ext_pw
= NULL
;
4873 eapol_sm_set_ext_pw_ctx(wpa_s
->eapol
, NULL
);
4875 if (!wpa_s
->conf
->ext_password_backend
)
4878 val
= os_strdup(wpa_s
->conf
->ext_password_backend
);
4881 pos
= os_strchr(val
, ':');
4885 wpa_printf(MSG_DEBUG
, "EXT PW: Initialize backend '%s'", val
);
4887 wpa_s
->ext_pw
= ext_password_init(val
, pos
);
4889 if (wpa_s
->ext_pw
== NULL
) {
4890 wpa_printf(MSG_DEBUG
, "EXT PW: Failed to initialize backend");
4893 eapol_sm_set_ext_pw_ctx(wpa_s
->eapol
, wpa_s
->ext_pw
);
4901 static const u8
* wpas_fst_get_bssid_cb(void *ctx
)
4903 struct wpa_supplicant
*wpa_s
= ctx
;
4905 return (is_zero_ether_addr(wpa_s
->bssid
) ||
4906 wpa_s
->wpa_state
!= WPA_COMPLETED
) ? NULL
: wpa_s
->bssid
;
4910 static void wpas_fst_get_channel_info_cb(void *ctx
,
4911 enum hostapd_hw_mode
*hw_mode
,
4914 struct wpa_supplicant
*wpa_s
= ctx
;
4916 if (wpa_s
->current_bss
) {
4917 *hw_mode
= ieee80211_freq_to_chan(wpa_s
->current_bss
->freq
,
4919 } else if (wpa_s
->hw
.num_modes
) {
4920 *hw_mode
= wpa_s
->hw
.modes
[0].mode
;
4928 static int wpas_fst_get_hw_modes(void *ctx
, struct hostapd_hw_modes
**modes
)
4930 struct wpa_supplicant
*wpa_s
= ctx
;
4932 *modes
= wpa_s
->hw
.modes
;
4933 return wpa_s
->hw
.num_modes
;
4937 static void wpas_fst_set_ies_cb(void *ctx
, const struct wpabuf
*fst_ies
)
4939 struct wpa_supplicant
*wpa_s
= ctx
;
4941 wpa_hexdump_buf(MSG_DEBUG
, "FST: Set IEs", fst_ies
);
4942 wpa_s
->fst_ies
= fst_ies
;
4946 static int wpas_fst_send_action_cb(void *ctx
, const u8
*da
, struct wpabuf
*data
)
4948 struct wpa_supplicant
*wpa_s
= ctx
;
4950 if (os_memcmp(wpa_s
->bssid
, da
, ETH_ALEN
) != 0) {
4951 wpa_printf(MSG_INFO
, "FST:%s:bssid=" MACSTR
" != da=" MACSTR
,
4952 __func__
, MAC2STR(wpa_s
->bssid
), MAC2STR(da
));
4955 return wpa_drv_send_action(wpa_s
, wpa_s
->assoc_freq
, 0, wpa_s
->bssid
,
4956 wpa_s
->own_addr
, wpa_s
->bssid
,
4957 wpabuf_head(data
), wpabuf_len(data
),
4962 static const struct wpabuf
* wpas_fst_get_mb_ie_cb(void *ctx
, const u8
*addr
)
4964 struct wpa_supplicant
*wpa_s
= ctx
;
4966 WPA_ASSERT(os_memcmp(wpa_s
->bssid
, addr
, ETH_ALEN
) == 0);
4967 return wpa_s
->received_mb_ies
;
4971 static void wpas_fst_update_mb_ie_cb(void *ctx
, const u8
*addr
,
4972 const u8
*buf
, size_t size
)
4974 struct wpa_supplicant
*wpa_s
= ctx
;
4975 struct mb_ies_info info
;
4977 WPA_ASSERT(os_memcmp(wpa_s
->bssid
, addr
, ETH_ALEN
) == 0);
4979 if (!mb_ies_info_by_ies(&info
, buf
, size
)) {
4980 wpabuf_free(wpa_s
->received_mb_ies
);
4981 wpa_s
->received_mb_ies
= mb_ies_by_info(&info
);
4986 static const u8
* wpas_fst_get_peer_first(void *ctx
,
4987 struct fst_get_peer_ctx
**get_ctx
,
4990 struct wpa_supplicant
*wpa_s
= ctx
;
4993 if (!is_zero_ether_addr(wpa_s
->bssid
))
4994 return (wpa_s
->received_mb_ies
|| !mb_only
) ?
4995 wpa_s
->bssid
: NULL
;
5000 static const u8
* wpas_fst_get_peer_next(void *ctx
,
5001 struct fst_get_peer_ctx
**get_ctx
,
5007 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant
*wpa_s
,
5008 struct fst_wpa_obj
*iface_obj
)
5010 iface_obj
->ctx
= wpa_s
;
5011 iface_obj
->get_bssid
= wpas_fst_get_bssid_cb
;
5012 iface_obj
->get_channel_info
= wpas_fst_get_channel_info_cb
;
5013 iface_obj
->get_hw_modes
= wpas_fst_get_hw_modes
;
5014 iface_obj
->set_ies
= wpas_fst_set_ies_cb
;
5015 iface_obj
->send_action
= wpas_fst_send_action_cb
;
5016 iface_obj
->get_mb_ie
= wpas_fst_get_mb_ie_cb
;
5017 iface_obj
->update_mb_ie
= wpas_fst_update_mb_ie_cb
;
5018 iface_obj
->get_peer_first
= wpas_fst_get_peer_first
;
5019 iface_obj
->get_peer_next
= wpas_fst_get_peer_next
;
5021 #endif /* CONFIG_FST */
5023 static int wpas_set_wowlan_triggers(struct wpa_supplicant
*wpa_s
,
5024 const struct wpa_driver_capa
*capa
)
5026 struct wowlan_triggers
*triggers
;
5029 if (!wpa_s
->conf
->wowlan_triggers
)
5032 triggers
= wpa_get_wowlan_triggers(wpa_s
->conf
->wowlan_triggers
, capa
);
5034 ret
= wpa_drv_wowlan(wpa_s
, triggers
);
5041 enum wpa_radio_work_band
wpas_freq_to_band(int freq
)
5044 return BAND_2_4_GHZ
;
5051 unsigned int wpas_get_bands(struct wpa_supplicant
*wpa_s
, const int *freqs
)
5054 unsigned int band
= 0;
5057 /* freqs are specified for the radio work */
5058 for (i
= 0; freqs
[i
]; i
++)
5059 band
|= wpas_freq_to_band(freqs
[i
]);
5062 * freqs are not specified, implies all
5063 * the supported freqs by HW
5065 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
5066 if (wpa_s
->hw
.modes
[i
].num_channels
!= 0) {
5067 if (wpa_s
->hw
.modes
[i
].mode
==
5068 HOSTAPD_MODE_IEEE80211B
||
5069 wpa_s
->hw
.modes
[i
].mode
==
5070 HOSTAPD_MODE_IEEE80211G
)
5071 band
|= BAND_2_4_GHZ
;
5072 else if (wpa_s
->hw
.modes
[i
].mode
==
5073 HOSTAPD_MODE_IEEE80211A
)
5075 else if (wpa_s
->hw
.modes
[i
].mode
==
5076 HOSTAPD_MODE_IEEE80211AD
)
5077 band
|= BAND_60_GHZ
;
5078 else if (wpa_s
->hw
.modes
[i
].mode
==
5079 HOSTAPD_MODE_IEEE80211ANY
)
5080 band
= BAND_2_4_GHZ
| BAND_5_GHZ
|
5090 static struct wpa_radio
* radio_add_interface(struct wpa_supplicant
*wpa_s
,
5093 struct wpa_supplicant
*iface
= wpa_s
->global
->ifaces
;
5094 struct wpa_radio
*radio
;
5096 while (rn
&& iface
) {
5097 radio
= iface
->radio
;
5098 if (radio
&& os_strcmp(rn
, radio
->name
) == 0) {
5099 wpa_printf(MSG_DEBUG
, "Add interface %s to existing radio %s",
5101 dl_list_add(&radio
->ifaces
, &wpa_s
->radio_list
);
5105 iface
= iface
->next
;
5108 wpa_printf(MSG_DEBUG
, "Add interface %s to a new radio %s",
5109 wpa_s
->ifname
, rn
? rn
: "N/A");
5110 radio
= os_zalloc(sizeof(*radio
));
5115 os_strlcpy(radio
->name
, rn
, sizeof(radio
->name
));
5116 dl_list_init(&radio
->ifaces
);
5117 dl_list_init(&radio
->work
);
5118 dl_list_add(&radio
->ifaces
, &wpa_s
->radio_list
);
5124 static void radio_work_free(struct wpa_radio_work
*work
)
5126 if (work
->wpa_s
->scan_work
== work
) {
5127 /* This should not really happen. */
5128 wpa_dbg(work
->wpa_s
, MSG_INFO
, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
5129 work
->type
, work
, work
->started
);
5130 work
->wpa_s
->scan_work
= NULL
;
5134 if (work
->wpa_s
->p2p_scan_work
== work
) {
5135 /* This should not really happen. */
5136 wpa_dbg(work
->wpa_s
, MSG_INFO
, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
5137 work
->type
, work
, work
->started
);
5138 work
->wpa_s
->p2p_scan_work
= NULL
;
5140 #endif /* CONFIG_P2P */
5142 if (work
->started
) {
5143 work
->wpa_s
->radio
->num_active_works
--;
5144 wpa_dbg(work
->wpa_s
, MSG_DEBUG
,
5145 "radio_work_free('%s'@%p): num_active_works --> %u",
5147 work
->wpa_s
->radio
->num_active_works
);
5150 dl_list_del(&work
->list
);
5155 static int radio_work_is_connect(struct wpa_radio_work
*work
)
5157 return os_strcmp(work
->type
, "sme-connect") == 0 ||
5158 os_strcmp(work
->type
, "connect") == 0;
5162 static int radio_work_is_scan(struct wpa_radio_work
*work
)
5164 return os_strcmp(work
->type
, "scan") == 0 ||
5165 os_strcmp(work
->type
, "p2p-scan") == 0;
5169 static struct wpa_radio_work
* radio_work_get_next_work(struct wpa_radio
*radio
)
5171 struct wpa_radio_work
*active_work
= NULL
;
5172 struct wpa_radio_work
*tmp
;
5174 /* Get the active work to know the type and band. */
5175 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
, list
) {
5183 /* No active work, start one */
5184 radio
->num_active_works
= 0;
5185 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
,
5187 if (os_strcmp(tmp
->type
, "scan") == 0 &&
5188 radio
->external_scan_running
&&
5189 (((struct wpa_driver_scan_params
*)
5190 tmp
->ctx
)->only_new_results
||
5191 tmp
->wpa_s
->clear_driver_scan_cache
))
5198 if (radio_work_is_connect(active_work
)) {
5200 * If the active work is either connect or sme-connect,
5201 * do not parallelize them with other radio works.
5203 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5204 "Do not parallelize radio work with %s",
5209 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
, list
) {
5214 * If connect or sme-connect are enqueued, parallelize only
5215 * those operations ahead of them in the queue.
5217 if (radio_work_is_connect(tmp
))
5220 /* Serialize parallel scan and p2p_scan operations on the same
5221 * interface since the driver_nl80211 mechanism for tracking
5222 * scan cookies does not yet have support for this. */
5223 if (active_work
->wpa_s
== tmp
->wpa_s
&&
5224 radio_work_is_scan(active_work
) &&
5225 radio_work_is_scan(tmp
)) {
5226 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5227 "Do not start work '%s' when another work '%s' is already scheduled",
5228 tmp
->type
, active_work
->type
);
5232 * Check that the radio works are distinct and
5233 * on different bands.
5235 if (os_strcmp(active_work
->type
, tmp
->type
) != 0 &&
5236 (active_work
->bands
!= tmp
->bands
)) {
5238 * If a scan has to be scheduled through nl80211 scan
5239 * interface and if an external scan is already running,
5240 * do not schedule the scan since it is likely to get
5241 * rejected by kernel.
5243 if (os_strcmp(tmp
->type
, "scan") == 0 &&
5244 radio
->external_scan_running
&&
5245 (((struct wpa_driver_scan_params
*)
5246 tmp
->ctx
)->only_new_results
||
5247 tmp
->wpa_s
->clear_driver_scan_cache
))
5250 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5251 "active_work:%s new_work:%s",
5252 active_work
->type
, tmp
->type
);
5257 /* Did not find a radio work to schedule in parallel. */
5262 static void radio_start_next_work(void *eloop_ctx
, void *timeout_ctx
)
5264 struct wpa_radio
*radio
= eloop_ctx
;
5265 struct wpa_radio_work
*work
;
5266 struct os_reltime now
, diff
;
5267 struct wpa_supplicant
*wpa_s
;
5269 work
= dl_list_first(&radio
->work
, struct wpa_radio_work
, list
);
5271 radio
->num_active_works
= 0;
5275 wpa_s
= dl_list_first(&radio
->ifaces
, struct wpa_supplicant
,
5279 wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
)) {
5281 return; /* already started and still in progress */
5283 if (wpa_s
&& wpa_s
->radio
->external_scan_running
) {
5284 wpa_printf(MSG_DEBUG
, "Delay radio work start until externally triggered scan completes");
5289 if (radio
->num_active_works
< MAX_ACTIVE_WORKS
) {
5290 /* get the work to schedule next */
5291 work
= radio_work_get_next_work(radio
);
5297 wpa_s
= work
->wpa_s
;
5298 os_get_reltime(&now
);
5299 os_reltime_sub(&now
, &work
->time
, &diff
);
5300 wpa_dbg(wpa_s
, MSG_DEBUG
,
5301 "Starting radio work '%s'@%p after %ld.%06ld second wait",
5302 work
->type
, work
, diff
.sec
, diff
.usec
);
5305 radio
->num_active_works
++;
5309 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
) &&
5310 radio
->num_active_works
< MAX_ACTIVE_WORKS
)
5311 radio_work_check_next(wpa_s
);
5316 * This function removes both started and pending radio works running on
5317 * the provided interface's radio.
5318 * Prior to the removal of the radio work, its callback (cb) is called with
5319 * deinit set to be 1. Each work's callback is responsible for clearing its
5320 * internal data and restoring to a correct state.
5321 * @wpa_s: wpa_supplicant data
5322 * @type: type of works to be removed
5323 * @remove_all: 1 to remove all the works on this radio, 0 to remove only
5324 * this interface's works.
5326 void radio_remove_works(struct wpa_supplicant
*wpa_s
,
5327 const char *type
, int remove_all
)
5329 struct wpa_radio_work
*work
, *tmp
;
5330 struct wpa_radio
*radio
= wpa_s
->radio
;
5332 dl_list_for_each_safe(work
, tmp
, &radio
->work
, struct wpa_radio_work
,
5334 if (type
&& os_strcmp(type
, work
->type
) != 0)
5337 /* skip other ifaces' works */
5338 if (!remove_all
&& work
->wpa_s
!= wpa_s
)
5341 wpa_dbg(wpa_s
, MSG_DEBUG
, "Remove radio work '%s'@%p%s",
5342 work
->type
, work
, work
->started
? " (started)" : "");
5344 radio_work_free(work
);
5347 /* in case we removed the started work */
5348 radio_work_check_next(wpa_s
);
5352 void radio_remove_pending_work(struct wpa_supplicant
*wpa_s
, void *ctx
)
5354 struct wpa_radio_work
*work
;
5355 struct wpa_radio
*radio
= wpa_s
->radio
;
5357 dl_list_for_each(work
, &radio
->work
, struct wpa_radio_work
, list
) {
5358 if (work
->ctx
!= ctx
)
5360 wpa_dbg(wpa_s
, MSG_DEBUG
, "Free pending radio work '%s'@%p%s",
5361 work
->type
, work
, work
->started
? " (started)" : "");
5362 radio_work_free(work
);
5368 static void radio_remove_interface(struct wpa_supplicant
*wpa_s
)
5370 struct wpa_radio
*radio
= wpa_s
->radio
;
5375 wpa_printf(MSG_DEBUG
, "Remove interface %s from radio %s",
5376 wpa_s
->ifname
, radio
->name
);
5377 dl_list_del(&wpa_s
->radio_list
);
5378 radio_remove_works(wpa_s
, NULL
, 0);
5379 wpa_s
->radio
= NULL
;
5380 if (!dl_list_empty(&radio
->ifaces
))
5381 return; /* Interfaces remain for this radio */
5383 wpa_printf(MSG_DEBUG
, "Remove radio %s", radio
->name
);
5384 eloop_cancel_timeout(radio_start_next_work
, radio
, NULL
);
5389 void radio_work_check_next(struct wpa_supplicant
*wpa_s
)
5391 struct wpa_radio
*radio
= wpa_s
->radio
;
5393 if (dl_list_empty(&radio
->work
))
5395 if (wpa_s
->ext_work_in_progress
) {
5396 wpa_printf(MSG_DEBUG
,
5397 "External radio work in progress - delay start of pending item");
5400 eloop_cancel_timeout(radio_start_next_work
, radio
, NULL
);
5401 eloop_register_timeout(0, 0, radio_start_next_work
, radio
, NULL
);
5406 * radio_add_work - Add a radio work item
5407 * @wpa_s: Pointer to wpa_supplicant data
5408 * @freq: Frequency of the offchannel operation in MHz or 0
5409 * @type: Unique identifier for each type of work
5410 * @next: Force as the next work to be executed
5411 * @cb: Callback function for indicating when radio is available
5412 * @ctx: Context pointer for the work (work->ctx in cb())
5413 * Returns: 0 on success, -1 on failure
5415 * This function is used to request time for an operation that requires
5416 * exclusive radio control. Once the radio is available, the registered callback
5417 * function will be called. radio_work_done() must be called once the exclusive
5418 * radio operation has been completed, so that the radio is freed for other
5419 * operations. The special case of deinit=1 is used to free the context data
5420 * during interface removal. That does not allow the callback function to start
5421 * the radio operation, i.e., it must free any resources allocated for the radio
5424 * The @freq parameter can be used to indicate a single channel on which the
5425 * offchannel operation will occur. This may allow multiple radio work
5426 * operations to be performed in parallel if they apply for the same channel.
5427 * Setting this to 0 indicates that the work item may use multiple channels or
5428 * requires exclusive control of the radio.
5430 int radio_add_work(struct wpa_supplicant
*wpa_s
, unsigned int freq
,
5431 const char *type
, int next
,
5432 void (*cb
)(struct wpa_radio_work
*work
, int deinit
),
5435 struct wpa_radio
*radio
= wpa_s
->radio
;
5436 struct wpa_radio_work
*work
;
5439 work
= os_zalloc(sizeof(*work
));
5442 wpa_dbg(wpa_s
, MSG_DEBUG
, "Add radio work '%s'@%p", type
, work
);
5443 os_get_reltime(&work
->time
);
5446 work
->wpa_s
= wpa_s
;
5451 work
->bands
= wpas_freq_to_band(freq
);
5452 else if (os_strcmp(type
, "scan") == 0 ||
5453 os_strcmp(type
, "p2p-scan") == 0)
5454 work
->bands
= wpas_get_bands(wpa_s
,
5455 ((struct wpa_driver_scan_params
*)
5458 work
->bands
= wpas_get_bands(wpa_s
, NULL
);
5460 was_empty
= dl_list_empty(&wpa_s
->radio
->work
);
5462 dl_list_add(&wpa_s
->radio
->work
, &work
->list
);
5464 dl_list_add_tail(&wpa_s
->radio
->work
, &work
->list
);
5466 wpa_dbg(wpa_s
, MSG_DEBUG
, "First radio work item in the queue - schedule start immediately");
5467 radio_work_check_next(wpa_s
);
5468 } else if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
)
5469 && radio
->num_active_works
< MAX_ACTIVE_WORKS
) {
5470 wpa_dbg(wpa_s
, MSG_DEBUG
,
5471 "Try to schedule a radio work (num_active_works=%u)",
5472 radio
->num_active_works
);
5473 radio_work_check_next(wpa_s
);
5481 * radio_work_done - Indicate that a radio work item has been completed
5482 * @work: Completed work
5484 * This function is called once the callback function registered with
5485 * radio_add_work() has completed its work.
5487 void radio_work_done(struct wpa_radio_work
*work
)
5489 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
5490 struct os_reltime now
, diff
;
5491 unsigned int started
= work
->started
;
5493 os_get_reltime(&now
);
5494 os_reltime_sub(&now
, &work
->time
, &diff
);
5495 wpa_dbg(wpa_s
, MSG_DEBUG
, "Radio work '%s'@%p %s in %ld.%06ld seconds",
5496 work
->type
, work
, started
? "done" : "canceled",
5497 diff
.sec
, diff
.usec
);
5498 radio_work_free(work
);
5500 radio_work_check_next(wpa_s
);
5504 struct wpa_radio_work
*
5505 radio_work_pending(struct wpa_supplicant
*wpa_s
, const char *type
)
5507 struct wpa_radio_work
*work
;
5508 struct wpa_radio
*radio
= wpa_s
->radio
;
5510 dl_list_for_each(work
, &radio
->work
, struct wpa_radio_work
, list
) {
5511 if (work
->wpa_s
== wpa_s
&& os_strcmp(work
->type
, type
) == 0)
5519 static int wpas_init_driver(struct wpa_supplicant
*wpa_s
,
5520 const struct wpa_interface
*iface
)
5522 const char *ifname
, *driver
, *rn
;
5524 driver
= iface
->driver
;
5526 if (wpa_supplicant_set_driver(wpa_s
, driver
) < 0)
5529 wpa_s
->drv_priv
= wpa_drv_init(wpa_s
, wpa_s
->ifname
);
5530 if (wpa_s
->drv_priv
== NULL
) {
5532 pos
= driver
? os_strchr(driver
, ',') : NULL
;
5534 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize "
5535 "driver interface - try next driver wrapper");
5539 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to initialize driver "
5543 if (wpa_drv_set_param(wpa_s
, wpa_s
->conf
->driver_param
) < 0) {
5544 wpa_msg(wpa_s
, MSG_ERROR
, "Driver interface rejected "
5545 "driver_param '%s'", wpa_s
->conf
->driver_param
);
5549 ifname
= wpa_drv_get_ifname(wpa_s
);
5550 if (ifname
&& os_strcmp(ifname
, wpa_s
->ifname
) != 0) {
5551 wpa_dbg(wpa_s
, MSG_DEBUG
, "Driver interface replaced "
5552 "interface name with '%s'", ifname
);
5553 os_strlcpy(wpa_s
->ifname
, ifname
, sizeof(wpa_s
->ifname
));
5556 rn
= wpa_driver_get_radio_name(wpa_s
);
5557 if (rn
&& rn
[0] == '\0')
5560 wpa_s
->radio
= radio_add_interface(wpa_s
, rn
);
5561 if (wpa_s
->radio
== NULL
)
5568 #ifdef CONFIG_GAS_SERVER
5570 static void wpas_gas_server_tx_status(struct wpa_supplicant
*wpa_s
,
5571 unsigned int freq
, const u8
*dst
,
5572 const u8
*src
, const u8
*bssid
,
5573 const u8
*data
, size_t data_len
,
5574 enum offchannel_send_action_result result
)
5576 wpa_printf(MSG_DEBUG
, "GAS: TX status: freq=%u dst=" MACSTR
5579 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
? "SUCCESS" :
5580 (result
== OFFCHANNEL_SEND_ACTION_NO_ACK
? "no-ACK" :
5582 gas_server_tx_status(wpa_s
->gas_server
, dst
, data
, data_len
,
5583 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
);
5587 static void wpas_gas_server_tx(void *ctx
, int freq
, const u8
*da
,
5588 struct wpabuf
*buf
, unsigned int wait_time
)
5590 struct wpa_supplicant
*wpa_s
= ctx
;
5591 const u8 broadcast
[ETH_ALEN
] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
5593 if (wait_time
> wpa_s
->max_remain_on_chan
)
5594 wait_time
= wpa_s
->max_remain_on_chan
;
5596 offchannel_send_action(wpa_s
, freq
, da
, wpa_s
->own_addr
, broadcast
,
5597 wpabuf_head(buf
), wpabuf_len(buf
),
5598 wait_time
, wpas_gas_server_tx_status
, 0);
5601 #endif /* CONFIG_GAS_SERVER */
5603 static int wpa_supplicant_init_iface(struct wpa_supplicant
*wpa_s
,
5604 const struct wpa_interface
*iface
)
5606 struct wpa_driver_capa capa
;
5610 wpa_printf(MSG_DEBUG
, "Initializing interface '%s' conf '%s' driver "
5611 "'%s' ctrl_interface '%s' bridge '%s'", iface
->ifname
,
5612 iface
->confname
? iface
->confname
: "N/A",
5613 iface
->driver
? iface
->driver
: "default",
5614 iface
->ctrl_interface
? iface
->ctrl_interface
: "N/A",
5615 iface
->bridge_ifname
? iface
->bridge_ifname
: "N/A");
5617 if (iface
->confname
) {
5618 #ifdef CONFIG_BACKEND_FILE
5619 wpa_s
->confname
= os_rel2abs_path(iface
->confname
);
5620 if (wpa_s
->confname
== NULL
) {
5621 wpa_printf(MSG_ERROR
, "Failed to get absolute path "
5622 "for configuration file '%s'.",
5626 wpa_printf(MSG_DEBUG
, "Configuration file '%s' -> '%s'",
5627 iface
->confname
, wpa_s
->confname
);
5628 #else /* CONFIG_BACKEND_FILE */
5629 wpa_s
->confname
= os_strdup(iface
->confname
);
5630 #endif /* CONFIG_BACKEND_FILE */
5631 wpa_s
->conf
= wpa_config_read(wpa_s
->confname
, NULL
);
5632 if (wpa_s
->conf
== NULL
) {
5633 wpa_printf(MSG_ERROR
, "Failed to read or parse "
5634 "configuration '%s'.", wpa_s
->confname
);
5637 wpa_s
->confanother
= os_rel2abs_path(iface
->confanother
);
5638 if (wpa_s
->confanother
&&
5639 !wpa_config_read(wpa_s
->confanother
, wpa_s
->conf
)) {
5640 wpa_printf(MSG_ERROR
,
5641 "Failed to read or parse configuration '%s'.",
5642 wpa_s
->confanother
);
5647 * Override ctrl_interface and driver_param if set on command
5650 if (iface
->ctrl_interface
) {
5651 os_free(wpa_s
->conf
->ctrl_interface
);
5652 wpa_s
->conf
->ctrl_interface
=
5653 os_strdup(iface
->ctrl_interface
);
5656 if (iface
->driver_param
) {
5657 os_free(wpa_s
->conf
->driver_param
);
5658 wpa_s
->conf
->driver_param
=
5659 os_strdup(iface
->driver_param
);
5662 if (iface
->p2p_mgmt
&& !iface
->ctrl_interface
) {
5663 os_free(wpa_s
->conf
->ctrl_interface
);
5664 wpa_s
->conf
->ctrl_interface
= NULL
;
5667 wpa_s
->conf
= wpa_config_alloc_empty(iface
->ctrl_interface
,
5668 iface
->driver_param
);
5670 if (wpa_s
->conf
== NULL
) {
5671 wpa_printf(MSG_ERROR
, "\nNo configuration found.");
5675 if (iface
->ifname
== NULL
) {
5676 wpa_printf(MSG_ERROR
, "\nInterface name is required.");
5679 if (os_strlen(iface
->ifname
) >= sizeof(wpa_s
->ifname
)) {
5680 wpa_printf(MSG_ERROR
, "\nToo long interface name '%s'.",
5684 os_strlcpy(wpa_s
->ifname
, iface
->ifname
, sizeof(wpa_s
->ifname
));
5686 if (iface
->bridge_ifname
) {
5687 if (os_strlen(iface
->bridge_ifname
) >=
5688 sizeof(wpa_s
->bridge_ifname
)) {
5689 wpa_printf(MSG_ERROR
, "\nToo long bridge interface "
5690 "name '%s'.", iface
->bridge_ifname
);
5693 os_strlcpy(wpa_s
->bridge_ifname
, iface
->bridge_ifname
,
5694 sizeof(wpa_s
->bridge_ifname
));
5697 /* RSNA Supplicant Key Management - INITIALIZE */
5698 eapol_sm_notify_portEnabled(wpa_s
->eapol
, FALSE
);
5699 eapol_sm_notify_portValid(wpa_s
->eapol
, FALSE
);
5701 /* Initialize driver interface and register driver event handler before
5702 * L2 receive handler so that association events are processed before
5703 * EAPOL-Key packets if both become available for the same select()
5705 if (wpas_init_driver(wpa_s
, iface
) < 0)
5708 if (wpa_supplicant_init_wpa(wpa_s
) < 0)
5711 wpa_sm_set_ifname(wpa_s
->wpa
, wpa_s
->ifname
,
5712 wpa_s
->bridge_ifname
[0] ? wpa_s
->bridge_ifname
:
5714 wpa_sm_set_fast_reauth(wpa_s
->wpa
, wpa_s
->conf
->fast_reauth
);
5716 if (wpa_s
->conf
->dot11RSNAConfigPMKLifetime
&&
5717 wpa_sm_set_param(wpa_s
->wpa
, RSNA_PMK_LIFETIME
,
5718 wpa_s
->conf
->dot11RSNAConfigPMKLifetime
)) {
5719 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
5720 "dot11RSNAConfigPMKLifetime");
5724 if (wpa_s
->conf
->dot11RSNAConfigPMKReauthThreshold
&&
5725 wpa_sm_set_param(wpa_s
->wpa
, RSNA_PMK_REAUTH_THRESHOLD
,
5726 wpa_s
->conf
->dot11RSNAConfigPMKReauthThreshold
)) {
5727 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
5728 "dot11RSNAConfigPMKReauthThreshold");
5732 if (wpa_s
->conf
->dot11RSNAConfigSATimeout
&&
5733 wpa_sm_set_param(wpa_s
->wpa
, RSNA_SA_TIMEOUT
,
5734 wpa_s
->conf
->dot11RSNAConfigSATimeout
)) {
5735 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
5736 "dot11RSNAConfigSATimeout");
5740 wpa_s
->hw
.modes
= wpa_drv_get_hw_feature_data(wpa_s
,
5741 &wpa_s
->hw
.num_modes
,
5744 if (wpa_s
->hw
.modes
) {
5747 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
5748 if (wpa_s
->hw
.modes
[i
].vht_capab
) {
5749 wpa_s
->hw_capab
= CAPAB_VHT
;
5753 if (wpa_s
->hw
.modes
[i
].ht_capab
&
5754 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET
)
5755 wpa_s
->hw_capab
= CAPAB_HT40
;
5756 else if (wpa_s
->hw
.modes
[i
].ht_capab
&&
5757 wpa_s
->hw_capab
== CAPAB_NO_HT_VHT
)
5758 wpa_s
->hw_capab
= CAPAB_HT
;
5762 capa_res
= wpa_drv_get_capa(wpa_s
, &capa
);
5763 if (capa_res
== 0) {
5764 wpa_s
->drv_capa_known
= 1;
5765 wpa_s
->drv_flags
= capa
.flags
;
5766 wpa_s
->drv_enc
= capa
.enc
;
5767 wpa_s
->drv_smps_modes
= capa
.smps_modes
;
5768 wpa_s
->drv_rrm_flags
= capa
.rrm_flags
;
5769 wpa_s
->probe_resp_offloads
= capa
.probe_resp_offloads
;
5770 wpa_s
->max_scan_ssids
= capa
.max_scan_ssids
;
5771 wpa_s
->max_sched_scan_ssids
= capa
.max_sched_scan_ssids
;
5772 wpa_s
->max_sched_scan_plans
= capa
.max_sched_scan_plans
;
5773 wpa_s
->max_sched_scan_plan_interval
=
5774 capa
.max_sched_scan_plan_interval
;
5775 wpa_s
->max_sched_scan_plan_iterations
=
5776 capa
.max_sched_scan_plan_iterations
;
5777 wpa_s
->sched_scan_supported
= capa
.sched_scan_supported
;
5778 wpa_s
->max_match_sets
= capa
.max_match_sets
;
5779 wpa_s
->max_remain_on_chan
= capa
.max_remain_on_chan
;
5780 wpa_s
->max_stations
= capa
.max_stations
;
5781 wpa_s
->extended_capa
= capa
.extended_capa
;
5782 wpa_s
->extended_capa_mask
= capa
.extended_capa_mask
;
5783 wpa_s
->extended_capa_len
= capa
.extended_capa_len
;
5784 wpa_s
->num_multichan_concurrent
=
5785 capa
.num_multichan_concurrent
;
5786 wpa_s
->wmm_ac_supported
= capa
.wmm_ac_supported
;
5788 if (capa
.mac_addr_rand_scan_supported
)
5789 wpa_s
->mac_addr_rand_supported
|= MAC_ADDR_RAND_SCAN
;
5790 if (wpa_s
->sched_scan_supported
&&
5791 capa
.mac_addr_rand_sched_scan_supported
)
5792 wpa_s
->mac_addr_rand_supported
|=
5793 (MAC_ADDR_RAND_SCHED_SCAN
| MAC_ADDR_RAND_PNO
);
5795 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_STATION
);
5796 if (wpa_s
->extended_capa
&&
5797 wpa_s
->extended_capa_len
>= 3 &&
5798 wpa_s
->extended_capa
[2] & 0x40)
5799 wpa_s
->multi_bss_support
= 1;
5801 if (wpa_s
->max_remain_on_chan
== 0)
5802 wpa_s
->max_remain_on_chan
= 1000;
5805 * Only take p2p_mgmt parameters when P2P Device is supported.
5806 * Doing it here as it determines whether l2_packet_init() will be done
5807 * during wpa_supplicant_driver_init().
5809 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
)
5810 wpa_s
->p2p_mgmt
= iface
->p2p_mgmt
;
5812 if (wpa_s
->num_multichan_concurrent
== 0)
5813 wpa_s
->num_multichan_concurrent
= 1;
5815 if (wpa_supplicant_driver_init(wpa_s
) < 0)
5819 if (!iface
->p2p_mgmt
&& wpa_tdls_init(wpa_s
->wpa
))
5821 #endif /* CONFIG_TDLS */
5823 if (wpa_s
->conf
->country
[0] && wpa_s
->conf
->country
[1] &&
5824 wpa_drv_set_country(wpa_s
, wpa_s
->conf
->country
)) {
5825 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to set country");
5830 if (wpa_s
->conf
->fst_group_id
) {
5831 struct fst_iface_cfg cfg
;
5832 struct fst_wpa_obj iface_obj
;
5834 fst_wpa_supplicant_fill_iface_obj(wpa_s
, &iface_obj
);
5835 os_strlcpy(cfg
.group_id
, wpa_s
->conf
->fst_group_id
,
5836 sizeof(cfg
.group_id
));
5837 cfg
.priority
= wpa_s
->conf
->fst_priority
;
5838 cfg
.llt
= wpa_s
->conf
->fst_llt
;
5840 wpa_s
->fst
= fst_attach(wpa_s
->ifname
, wpa_s
->own_addr
,
5843 wpa_msg(wpa_s
, MSG_ERROR
,
5844 "FST: Cannot attach iface %s to group %s",
5845 wpa_s
->ifname
, cfg
.group_id
);
5849 #endif /* CONFIG_FST */
5851 if (wpas_wps_init(wpa_s
))
5854 #ifdef CONFIG_GAS_SERVER
5855 wpa_s
->gas_server
= gas_server_init(wpa_s
, wpas_gas_server_tx
);
5856 if (!wpa_s
->gas_server
) {
5857 wpa_printf(MSG_ERROR
, "Failed to initialize GAS server");
5860 #endif /* CONFIG_GAS_SERVER */
5863 if (wpas_dpp_init(wpa_s
) < 0)
5865 #endif /* CONFIG_DPP */
5867 if (wpa_supplicant_init_eapol(wpa_s
) < 0)
5869 wpa_sm_set_eapol(wpa_s
->wpa
, wpa_s
->eapol
);
5871 wpa_s
->ctrl_iface
= wpa_supplicant_ctrl_iface_init(wpa_s
);
5872 if (wpa_s
->ctrl_iface
== NULL
) {
5873 wpa_printf(MSG_ERROR
,
5874 "Failed to initialize control interface '%s'.\n"
5875 "You may have another wpa_supplicant process "
5876 "already running or the file was\n"
5877 "left by an unclean termination of wpa_supplicant "
5878 "in which case you will need\n"
5879 "to manually remove this file before starting "
5880 "wpa_supplicant again.\n",
5881 wpa_s
->conf
->ctrl_interface
);
5885 wpa_s
->gas
= gas_query_init(wpa_s
);
5886 if (wpa_s
->gas
== NULL
) {
5887 wpa_printf(MSG_ERROR
, "Failed to initialize GAS query");
5891 if ((!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
) ||
5893 wpas_p2p_init(wpa_s
->global
, wpa_s
) < 0) {
5894 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to init P2P");
5898 if (wpa_bss_init(wpa_s
) < 0)
5901 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
5903 dl_list_init(&wpa_s
->mesh_external_pmksa_cache
);
5904 #endif /* CONFIG_MESH */
5905 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
5908 * Set Wake-on-WLAN triggers, if configured.
5909 * Note: We don't restore/remove the triggers on shutdown (it doesn't
5910 * have effect anyway when the interface is down).
5912 if (capa_res
== 0 && wpas_set_wowlan_triggers(wpa_s
, &capa
) < 0)
5915 #ifdef CONFIG_EAP_PROXY
5918 wpa_s
->mnc_len
= eapol_sm_get_eap_proxy_imsi(wpa_s
->eapol
, -1,
5920 if (wpa_s
->mnc_len
> 0) {
5921 wpa_s
->imsi
[len
] = '\0';
5922 wpa_printf(MSG_DEBUG
, "eap_proxy: IMSI %s (MNC length %d)",
5923 wpa_s
->imsi
, wpa_s
->mnc_len
);
5925 wpa_printf(MSG_DEBUG
, "eap_proxy: IMSI not available");
5928 #endif /* CONFIG_EAP_PROXY */
5930 if (pcsc_reader_init(wpa_s
) < 0)
5933 if (wpas_init_ext_pw(wpa_s
) < 0)
5936 wpas_rrm_reset(wpa_s
);
5938 wpas_sched_scan_plans_set(wpa_s
, wpa_s
->conf
->sched_scan_plans
);
5942 #endif /* CONFIG_HS20 */
5944 if (wpa_s
->conf
->oce
) {
5945 if ((wpa_s
->conf
->oce
& OCE_STA
) &&
5946 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OCE_STA
))
5947 wpa_s
->enable_oce
= OCE_STA
;
5948 if ((wpa_s
->conf
->oce
& OCE_STA_CFON
) &&
5949 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OCE_STA_CFON
)) {
5950 /* TODO: Need to add STA-CFON support */
5951 wpa_printf(MSG_ERROR
,
5952 "OCE STA-CFON feature is not yet supported");
5955 wpas_mbo_update_non_pref_chan(wpa_s
, wpa_s
->conf
->non_pref_chan
);
5956 #endif /* CONFIG_MBO */
5958 wpa_supplicant_set_default_scan_ies(wpa_s
);
5964 static void wpa_supplicant_deinit_iface(struct wpa_supplicant
*wpa_s
,
5965 int notify
, int terminate
)
5967 struct wpa_global
*global
= wpa_s
->global
;
5968 struct wpa_supplicant
*iface
, *prev
;
5970 if (wpa_s
== wpa_s
->parent
)
5971 wpas_p2p_group_remove(wpa_s
, "*");
5973 iface
= global
->ifaces
;
5975 if (iface
->p2pdev
== wpa_s
)
5976 iface
->p2pdev
= iface
->parent
;
5977 if (iface
== wpa_s
|| iface
->parent
!= wpa_s
) {
5978 iface
= iface
->next
;
5981 wpa_printf(MSG_DEBUG
,
5982 "Remove remaining child interface %s from parent %s",
5983 iface
->ifname
, wpa_s
->ifname
);
5985 iface
= iface
->next
;
5986 wpa_supplicant_remove_iface(global
, prev
, terminate
);
5989 wpa_s
->disconnected
= 1;
5990 if (wpa_s
->drv_priv
) {
5991 wpa_supplicant_deauthenticate(wpa_s
,
5992 WLAN_REASON_DEAUTH_LEAVING
);
5994 wpa_drv_set_countermeasures(wpa_s
, 0);
5995 wpa_clear_keys(wpa_s
, NULL
);
5998 wpa_supplicant_cleanup(wpa_s
);
5999 wpas_p2p_deinit_iface(wpa_s
);
6001 wpas_ctrl_radio_work_flush(wpa_s
);
6002 radio_remove_interface(wpa_s
);
6006 fst_detach(wpa_s
->fst
);
6009 if (wpa_s
->received_mb_ies
) {
6010 wpabuf_free(wpa_s
->received_mb_ies
);
6011 wpa_s
->received_mb_ies
= NULL
;
6013 #endif /* CONFIG_FST */
6015 if (wpa_s
->drv_priv
)
6016 wpa_drv_deinit(wpa_s
);
6019 wpas_notify_iface_removed(wpa_s
);
6022 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_TERMINATING
);
6024 if (wpa_s
->ctrl_iface
) {
6025 wpa_supplicant_ctrl_iface_deinit(wpa_s
->ctrl_iface
);
6026 wpa_s
->ctrl_iface
= NULL
;
6031 wpa_supplicant_mesh_iface_deinit(wpa_s
, wpa_s
->ifmsh
);
6032 wpa_s
->ifmsh
= NULL
;
6034 #endif /* CONFIG_MESH */
6036 if (wpa_s
->conf
!= NULL
) {
6037 wpa_config_free(wpa_s
->conf
);
6041 os_free(wpa_s
->ssids_from_scan_req
);
6047 #ifdef CONFIG_MATCH_IFACE
6050 * wpa_supplicant_match_iface - Match an interface description to a name
6051 * @global: Pointer to global data from wpa_supplicant_init()
6052 * @ifname: Name of the interface to match
6053 * Returns: Pointer to the created interface description or %NULL on failure
6055 struct wpa_interface
* wpa_supplicant_match_iface(struct wpa_global
*global
,
6059 struct wpa_interface
*iface
, *miface
;
6061 for (i
= 0; i
< global
->params
.match_iface_count
; i
++) {
6062 miface
= &global
->params
.match_ifaces
[i
];
6063 if (!miface
->ifname
||
6064 fnmatch(miface
->ifname
, ifname
, 0) == 0) {
6065 iface
= os_zalloc(sizeof(*iface
));
6069 iface
->ifname
= ifname
;
6079 * wpa_supplicant_match_existing - Match existing interfaces
6080 * @global: Pointer to global data from wpa_supplicant_init()
6081 * Returns: 0 on success, -1 on failure
6083 static int wpa_supplicant_match_existing(struct wpa_global
*global
)
6085 struct if_nameindex
*ifi
, *ifp
;
6086 struct wpa_supplicant
*wpa_s
;
6087 struct wpa_interface
*iface
;
6089 ifp
= if_nameindex();
6091 wpa_printf(MSG_ERROR
, "if_nameindex: %s", strerror(errno
));
6095 for (ifi
= ifp
; ifi
->if_name
; ifi
++) {
6096 wpa_s
= wpa_supplicant_get_iface(global
, ifi
->if_name
);
6099 iface
= wpa_supplicant_match_iface(global
, ifi
->if_name
);
6101 wpa_s
= wpa_supplicant_add_iface(global
, iface
, NULL
);
6108 if_freenameindex(ifp
);
6112 #endif /* CONFIG_MATCH_IFACE */
6116 * wpa_supplicant_add_iface - Add a new network interface
6117 * @global: Pointer to global data from wpa_supplicant_init()
6118 * @iface: Interface configuration options
6119 * @parent: Parent interface or %NULL to assign new interface as parent
6120 * Returns: Pointer to the created interface or %NULL on failure
6122 * This function is used to add new network interfaces for %wpa_supplicant.
6123 * This can be called before wpa_supplicant_run() to add interfaces before the
6124 * main event loop has been started. In addition, new interfaces can be added
6125 * dynamically while %wpa_supplicant is already running. This could happen,
6126 * e.g., when a hotplug network adapter is inserted.
6128 struct wpa_supplicant
* wpa_supplicant_add_iface(struct wpa_global
*global
,
6129 struct wpa_interface
*iface
,
6130 struct wpa_supplicant
*parent
)
6132 struct wpa_supplicant
*wpa_s
;
6133 struct wpa_interface t_iface
;
6134 struct wpa_ssid
*ssid
;
6136 if (global
== NULL
|| iface
== NULL
)
6139 wpa_s
= wpa_supplicant_alloc(parent
);
6143 wpa_s
->global
= global
;
6146 if (global
->params
.override_driver
) {
6147 wpa_printf(MSG_DEBUG
, "Override interface parameter: driver "
6149 iface
->driver
, global
->params
.override_driver
);
6150 t_iface
.driver
= global
->params
.override_driver
;
6152 if (global
->params
.override_ctrl_interface
) {
6153 wpa_printf(MSG_DEBUG
, "Override interface parameter: "
6154 "ctrl_interface ('%s' -> '%s')",
6155 iface
->ctrl_interface
,
6156 global
->params
.override_ctrl_interface
);
6157 t_iface
.ctrl_interface
=
6158 global
->params
.override_ctrl_interface
;
6160 if (wpa_supplicant_init_iface(wpa_s
, &t_iface
)) {
6161 wpa_printf(MSG_DEBUG
, "Failed to add interface %s",
6163 wpa_supplicant_deinit_iface(wpa_s
, 0, 0);
6167 if (iface
->p2p_mgmt
== 0) {
6168 /* Notify the control interfaces about new iface */
6169 if (wpas_notify_iface_added(wpa_s
)) {
6170 wpa_supplicant_deinit_iface(wpa_s
, 1, 0);
6174 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
6175 wpas_notify_network_added(wpa_s
, ssid
);
6178 wpa_s
->next
= global
->ifaces
;
6179 global
->ifaces
= wpa_s
;
6181 wpa_dbg(wpa_s
, MSG_DEBUG
, "Added interface %s", wpa_s
->ifname
);
6182 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
6185 if (wpa_s
->global
->p2p
== NULL
&&
6186 !wpa_s
->global
->p2p_disabled
&& !wpa_s
->conf
->p2p_disabled
&&
6187 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
) &&
6188 wpas_p2p_add_p2pdev_interface(
6189 wpa_s
, wpa_s
->global
->params
.conf_p2p_dev
) < 0) {
6190 wpa_printf(MSG_INFO
,
6191 "P2P: Failed to enable P2P Device interface");
6192 /* Try to continue without. P2P will be disabled. */
6194 #endif /* CONFIG_P2P */
6201 * wpa_supplicant_remove_iface - Remove a network interface
6202 * @global: Pointer to global data from wpa_supplicant_init()
6203 * @wpa_s: Pointer to the network interface to be removed
6204 * Returns: 0 if interface was removed, -1 if interface was not found
6206 * This function can be used to dynamically remove network interfaces from
6207 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
6208 * addition, this function is used to remove all remaining interfaces when
6209 * %wpa_supplicant is terminated.
6211 int wpa_supplicant_remove_iface(struct wpa_global
*global
,
6212 struct wpa_supplicant
*wpa_s
,
6215 struct wpa_supplicant
*prev
;
6217 unsigned int mesh_if_created
= wpa_s
->mesh_if_created
;
6218 char *ifname
= NULL
;
6219 struct wpa_supplicant
*parent
= wpa_s
->parent
;
6220 #endif /* CONFIG_MESH */
6222 /* Remove interface from the global list of interfaces */
6223 prev
= global
->ifaces
;
6224 if (prev
== wpa_s
) {
6225 global
->ifaces
= wpa_s
->next
;
6227 while (prev
&& prev
->next
!= wpa_s
)
6231 prev
->next
= wpa_s
->next
;
6234 wpa_dbg(wpa_s
, MSG_DEBUG
, "Removing interface %s", wpa_s
->ifname
);
6237 if (mesh_if_created
) {
6238 ifname
= os_strdup(wpa_s
->ifname
);
6239 if (ifname
== NULL
) {
6240 wpa_dbg(wpa_s
, MSG_ERROR
,
6241 "mesh: Failed to malloc ifname");
6245 #endif /* CONFIG_MESH */
6247 if (global
->p2p_group_formation
== wpa_s
)
6248 global
->p2p_group_formation
= NULL
;
6249 if (global
->p2p_invite_group
== wpa_s
)
6250 global
->p2p_invite_group
= NULL
;
6251 wpa_supplicant_deinit_iface(wpa_s
, 1, terminate
);
6254 if (mesh_if_created
) {
6255 wpa_drv_if_remove(parent
, WPA_IF_MESH
, ifname
);
6258 #endif /* CONFIG_MESH */
6265 * wpa_supplicant_get_eap_mode - Get the current EAP mode
6266 * @wpa_s: Pointer to the network interface
6267 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
6269 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant
*wpa_s
)
6271 const char *eapol_method
;
6273 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) == 0 &&
6274 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
6278 eapol_method
= eapol_sm_get_method_name(wpa_s
->eapol
);
6279 if (eapol_method
== NULL
)
6280 return "UNKNOWN-EAP";
6282 return eapol_method
;
6287 * wpa_supplicant_get_iface - Get a new network interface
6288 * @global: Pointer to global data from wpa_supplicant_init()
6289 * @ifname: Interface name
6290 * Returns: Pointer to the interface or %NULL if not found
6292 struct wpa_supplicant
* wpa_supplicant_get_iface(struct wpa_global
*global
,
6295 struct wpa_supplicant
*wpa_s
;
6297 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
6298 if (os_strcmp(wpa_s
->ifname
, ifname
) == 0)
6305 #ifndef CONFIG_NO_WPA_MSG
6306 static const char * wpa_supplicant_msg_ifname_cb(void *ctx
)
6308 struct wpa_supplicant
*wpa_s
= ctx
;
6311 return wpa_s
->ifname
;
6313 #endif /* CONFIG_NO_WPA_MSG */
6316 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
6317 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
6318 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
6320 /* Periodic cleanup tasks */
6321 static void wpas_periodic(void *eloop_ctx
, void *timeout_ctx
)
6323 struct wpa_global
*global
= eloop_ctx
;
6324 struct wpa_supplicant
*wpa_s
;
6326 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL
, 0,
6327 wpas_periodic
, global
, NULL
);
6331 p2p_expire_peers(global
->p2p
);
6332 #endif /* CONFIG_P2P */
6334 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
6335 wpa_bss_flush_by_age(wpa_s
, wpa_s
->conf
->bss_expiration_age
);
6338 #endif /* CONFIG_AP */
6344 * wpa_supplicant_init - Initialize %wpa_supplicant
6345 * @params: Parameters for %wpa_supplicant
6346 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
6348 * This function is used to initialize %wpa_supplicant. After successful
6349 * initialization, the returned data pointer can be used to add and remove
6350 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
6352 struct wpa_global
* wpa_supplicant_init(struct wpa_params
*params
)
6354 struct wpa_global
*global
;
6360 #ifdef CONFIG_DRIVER_NDIS
6362 void driver_ndis_init_ops(void);
6363 driver_ndis_init_ops();
6365 #endif /* CONFIG_DRIVER_NDIS */
6367 #ifndef CONFIG_NO_WPA_MSG
6368 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb
);
6369 #endif /* CONFIG_NO_WPA_MSG */
6371 if (params
->wpa_debug_file_path
)
6372 wpa_debug_open_file(params
->wpa_debug_file_path
);
6374 wpa_debug_setup_stdout();
6375 if (params
->wpa_debug_syslog
)
6376 wpa_debug_open_syslog();
6377 if (params
->wpa_debug_tracing
) {
6378 ret
= wpa_debug_open_linux_tracing();
6380 wpa_printf(MSG_ERROR
,
6381 "Failed to enable trace logging");
6386 ret
= eap_register_methods();
6388 wpa_printf(MSG_ERROR
, "Failed to register EAP methods");
6390 wpa_printf(MSG_ERROR
, "Two or more EAP methods used "
6391 "the same EAP type.");
6395 global
= os_zalloc(sizeof(*global
));
6398 dl_list_init(&global
->p2p_srv_bonjour
);
6399 dl_list_init(&global
->p2p_srv_upnp
);
6400 global
->params
.daemonize
= params
->daemonize
;
6401 global
->params
.wait_for_monitor
= params
->wait_for_monitor
;
6402 global
->params
.dbus_ctrl_interface
= params
->dbus_ctrl_interface
;
6403 if (params
->pid_file
)
6404 global
->params
.pid_file
= os_strdup(params
->pid_file
);
6405 if (params
->ctrl_interface
)
6406 global
->params
.ctrl_interface
=
6407 os_strdup(params
->ctrl_interface
);
6408 if (params
->ctrl_interface_group
)
6409 global
->params
.ctrl_interface_group
=
6410 os_strdup(params
->ctrl_interface_group
);
6411 if (params
->override_driver
)
6412 global
->params
.override_driver
=
6413 os_strdup(params
->override_driver
);
6414 if (params
->override_ctrl_interface
)
6415 global
->params
.override_ctrl_interface
=
6416 os_strdup(params
->override_ctrl_interface
);
6417 #ifdef CONFIG_MATCH_IFACE
6418 global
->params
.match_iface_count
= params
->match_iface_count
;
6419 if (params
->match_iface_count
) {
6420 global
->params
.match_ifaces
=
6421 os_calloc(params
->match_iface_count
,
6422 sizeof(struct wpa_interface
));
6423 os_memcpy(global
->params
.match_ifaces
,
6424 params
->match_ifaces
,
6425 params
->match_iface_count
*
6426 sizeof(struct wpa_interface
));
6428 #endif /* CONFIG_MATCH_IFACE */
6430 if (params
->conf_p2p_dev
)
6431 global
->params
.conf_p2p_dev
=
6432 os_strdup(params
->conf_p2p_dev
);
6433 #endif /* CONFIG_P2P */
6434 wpa_debug_level
= global
->params
.wpa_debug_level
=
6435 params
->wpa_debug_level
;
6436 wpa_debug_show_keys
= global
->params
.wpa_debug_show_keys
=
6437 params
->wpa_debug_show_keys
;
6438 wpa_debug_timestamp
= global
->params
.wpa_debug_timestamp
=
6439 params
->wpa_debug_timestamp
;
6441 wpa_printf(MSG_DEBUG
, "wpa_supplicant v" VERSION_STR
);
6444 wpa_printf(MSG_ERROR
, "Failed to initialize event loop");
6445 wpa_supplicant_deinit(global
);
6449 random_init(params
->entropy_file
);
6451 global
->ctrl_iface
= wpa_supplicant_global_ctrl_iface_init(global
);
6452 if (global
->ctrl_iface
== NULL
) {
6453 wpa_supplicant_deinit(global
);
6457 if (wpas_notify_supplicant_initialized(global
)) {
6458 wpa_supplicant_deinit(global
);
6462 for (i
= 0; wpa_drivers
[i
]; i
++)
6463 global
->drv_count
++;
6464 if (global
->drv_count
== 0) {
6465 wpa_printf(MSG_ERROR
, "No drivers enabled");
6466 wpa_supplicant_deinit(global
);
6469 global
->drv_priv
= os_calloc(global
->drv_count
, sizeof(void *));
6470 if (global
->drv_priv
== NULL
) {
6471 wpa_supplicant_deinit(global
);
6475 #ifdef CONFIG_WIFI_DISPLAY
6476 if (wifi_display_init(global
) < 0) {
6477 wpa_printf(MSG_ERROR
, "Failed to initialize Wi-Fi Display");
6478 wpa_supplicant_deinit(global
);
6481 #endif /* CONFIG_WIFI_DISPLAY */
6483 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL
, 0,
6484 wpas_periodic
, global
, NULL
);
6491 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
6492 * @global: Pointer to global data from wpa_supplicant_init()
6493 * Returns: 0 after successful event loop run, -1 on failure
6495 * This function starts the main event loop and continues running as long as
6496 * there are any remaining events. In most cases, this function is running as
6497 * long as the %wpa_supplicant process in still in use.
6499 int wpa_supplicant_run(struct wpa_global
*global
)
6501 struct wpa_supplicant
*wpa_s
;
6503 if (global
->params
.daemonize
&&
6504 (wpa_supplicant_daemon(global
->params
.pid_file
) ||
6505 eloop_sock_requeue()))
6508 #ifdef CONFIG_MATCH_IFACE
6509 if (wpa_supplicant_match_existing(global
))
6513 if (global
->params
.wait_for_monitor
) {
6514 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
)
6515 if (wpa_s
->ctrl_iface
&& !wpa_s
->p2p_mgmt
)
6516 wpa_supplicant_ctrl_iface_wait(
6520 eloop_register_signal_terminate(wpa_supplicant_terminate
, global
);
6521 eloop_register_signal_reconfig(wpa_supplicant_reconfig
, global
);
6530 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
6531 * @global: Pointer to global data from wpa_supplicant_init()
6533 * This function is called to deinitialize %wpa_supplicant and to free all
6534 * allocated resources. Remaining network interfaces will also be removed.
6536 void wpa_supplicant_deinit(struct wpa_global
*global
)
6543 eloop_cancel_timeout(wpas_periodic
, global
, NULL
);
6545 #ifdef CONFIG_WIFI_DISPLAY
6546 wifi_display_deinit(global
);
6547 #endif /* CONFIG_WIFI_DISPLAY */
6549 while (global
->ifaces
)
6550 wpa_supplicant_remove_iface(global
, global
->ifaces
, 1);
6552 if (global
->ctrl_iface
)
6553 wpa_supplicant_global_ctrl_iface_deinit(global
->ctrl_iface
);
6555 wpas_notify_supplicant_deinitialized(global
);
6557 eap_peer_unregister_methods();
6559 eap_server_unregister_methods();
6560 #endif /* CONFIG_AP */
6562 for (i
= 0; wpa_drivers
[i
] && global
->drv_priv
; i
++) {
6563 if (!global
->drv_priv
[i
])
6565 wpa_drivers
[i
]->global_deinit(global
->drv_priv
[i
]);
6567 os_free(global
->drv_priv
);
6573 if (global
->params
.pid_file
) {
6574 os_daemonize_terminate(global
->params
.pid_file
);
6575 os_free(global
->params
.pid_file
);
6577 os_free(global
->params
.ctrl_interface
);
6578 os_free(global
->params
.ctrl_interface_group
);
6579 os_free(global
->params
.override_driver
);
6580 os_free(global
->params
.override_ctrl_interface
);
6581 #ifdef CONFIG_MATCH_IFACE
6582 os_free(global
->params
.match_ifaces
);
6583 #endif /* CONFIG_MATCH_IFACE */
6585 os_free(global
->params
.conf_p2p_dev
);
6586 #endif /* CONFIG_P2P */
6588 os_free(global
->p2p_disallow_freq
.range
);
6589 os_free(global
->p2p_go_avoid_freq
.range
);
6590 os_free(global
->add_psk
);
6593 wpa_debug_close_syslog();
6594 wpa_debug_close_file();
6595 wpa_debug_close_linux_tracing();
6599 void wpa_supplicant_update_config(struct wpa_supplicant
*wpa_s
)
6601 if ((wpa_s
->conf
->changed_parameters
& CFG_CHANGED_COUNTRY
) &&
6602 wpa_s
->conf
->country
[0] && wpa_s
->conf
->country
[1]) {
6604 country
[0] = wpa_s
->conf
->country
[0];
6605 country
[1] = wpa_s
->conf
->country
[1];
6607 if (wpa_drv_set_country(wpa_s
, country
) < 0) {
6608 wpa_printf(MSG_ERROR
, "Failed to set country code "
6613 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_EXT_PW_BACKEND
)
6614 wpas_init_ext_pw(wpa_s
);
6616 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_SCHED_SCAN_PLANS
)
6617 wpas_sched_scan_plans_set(wpa_s
, wpa_s
->conf
->sched_scan_plans
);
6619 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_WOWLAN_TRIGGERS
) {
6620 struct wpa_driver_capa capa
;
6621 int res
= wpa_drv_get_capa(wpa_s
, &capa
);
6623 if (res
== 0 && wpas_set_wowlan_triggers(wpa_s
, &capa
) < 0)
6624 wpa_printf(MSG_ERROR
,
6625 "Failed to update wowlan_triggers to '%s'",
6626 wpa_s
->conf
->wowlan_triggers
);
6630 wpas_wps_update_config(wpa_s
);
6631 #endif /* CONFIG_WPS */
6632 wpas_p2p_update_config(wpa_s
);
6633 wpa_s
->conf
->changed_parameters
= 0;
6637 void add_freq(int *freqs
, int *num_freqs
, int freq
)
6641 for (i
= 0; i
< *num_freqs
; i
++) {
6642 if (freqs
[i
] == freq
)
6646 freqs
[*num_freqs
] = freq
;
6651 static int * get_bss_freqs_in_ess(struct wpa_supplicant
*wpa_s
)
6653 struct wpa_bss
*bss
, *cbss
;
6654 const int max_freqs
= 10;
6658 freqs
= os_calloc(max_freqs
+ 1, sizeof(int));
6662 cbss
= wpa_s
->current_bss
;
6664 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
6667 if (bss
->ssid_len
== cbss
->ssid_len
&&
6668 os_memcmp(bss
->ssid
, cbss
->ssid
, bss
->ssid_len
) == 0 &&
6669 wpa_blacklist_get(wpa_s
, bss
->bssid
) == NULL
) {
6670 add_freq(freqs
, &num_freqs
, bss
->freq
);
6671 if (num_freqs
== max_freqs
)
6676 if (num_freqs
== 0) {
6685 void wpas_connection_failed(struct wpa_supplicant
*wpa_s
, const u8
*bssid
)
6691 wpas_connect_work_done(wpa_s
);
6694 * Remove possible authentication timeout since the connection failed.
6696 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
6699 * There is no point in blacklisting the AP if this event is
6700 * generated based on local request to disconnect.
6702 if (wpa_s
->own_disconnect_req
) {
6703 wpa_s
->own_disconnect_req
= 0;
6704 wpa_dbg(wpa_s
, MSG_DEBUG
,
6705 "Ignore connection failure due to local request to disconnect");
6708 if (wpa_s
->disconnected
) {
6709 wpa_dbg(wpa_s
, MSG_DEBUG
, "Ignore connection failure "
6710 "indication since interface has been put into "
6711 "disconnected state");
6716 * Add the failed BSSID into the blacklist and speed up next scan
6717 * attempt if there could be other APs that could accept association.
6718 * The current blacklist count indicates how many times we have tried
6719 * connecting to this AP and multiple attempts mean that other APs are
6720 * either not available or has already been tried, so that we can start
6721 * increasing the delay here to avoid constant scanning.
6723 count
= wpa_blacklist_add(wpa_s
, bssid
);
6724 if (count
== 1 && wpa_s
->current_bss
) {
6726 * This BSS was not in the blacklist before. If there is
6727 * another BSS available for the same ESS, we should try that
6728 * next. Otherwise, we may as well try this one once more
6729 * before allowing other, likely worse, ESSes to be considered.
6731 freqs
= get_bss_freqs_in_ess(wpa_s
);
6733 wpa_dbg(wpa_s
, MSG_DEBUG
, "Another BSS in this ESS "
6734 "has been seen; try it next");
6735 wpa_blacklist_add(wpa_s
, bssid
);
6737 * On the next scan, go through only the known channels
6738 * used in this ESS based on previous scans to speed up
6739 * common load balancing use case.
6741 os_free(wpa_s
->next_scan_freqs
);
6742 wpa_s
->next_scan_freqs
= freqs
;
6747 * Add previous failure count in case the temporary blacklist was
6748 * cleared due to no other BSSes being available.
6750 count
+= wpa_s
->extra_blacklist_count
;
6752 if (count
> 3 && wpa_s
->current_ssid
) {
6753 wpa_printf(MSG_DEBUG
, "Continuous association failures - "
6754 "consider temporary network disabling");
6755 wpas_auth_failed(wpa_s
, "CONN_FAILED");
6776 wpa_dbg(wpa_s
, MSG_DEBUG
, "Blacklist count %d --> request scan in %d "
6777 "ms", count
, timeout
);
6780 * TODO: if more than one possible AP is available in scan results,
6781 * could try the other ones before requesting a new scan.
6784 /* speed up the connection attempt with normal scan */
6785 wpa_s
->normal_scans
= 0;
6786 wpa_supplicant_req_scan(wpa_s
, timeout
/ 1000,
6787 1000 * (timeout
% 1000));
6792 void fils_connection_failure(struct wpa_supplicant
*wpa_s
)
6794 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
6795 const u8
*realm
, *username
, *rrk
;
6796 size_t realm_len
, username_len
, rrk_len
;
6799 if (!ssid
|| !ssid
->eap
.erp
|| !wpa_key_mgmt_fils(ssid
->key_mgmt
) ||
6800 eapol_sm_get_erp_info(wpa_s
->eapol
, &ssid
->eap
,
6801 &username
, &username_len
,
6802 &realm
, &realm_len
, &next_seq_num
,
6803 &rrk
, &rrk_len
) != 0 ||
6807 wpa_hexdump_ascii(MSG_DEBUG
,
6808 "FILS: Store last connection failure realm",
6810 os_free(wpa_s
->last_con_fail_realm
);
6811 wpa_s
->last_con_fail_realm
= os_malloc(realm_len
);
6812 if (wpa_s
->last_con_fail_realm
) {
6813 wpa_s
->last_con_fail_realm_len
= realm_len
;
6814 os_memcpy(wpa_s
->last_con_fail_realm
, realm
, realm_len
);
6817 #endif /* CONFIG_FILS */
6820 int wpas_driver_bss_selection(struct wpa_supplicant
*wpa_s
)
6822 return wpa_s
->conf
->ap_scan
== 2 ||
6823 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_BSS_SELECTION
);
6827 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
6828 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant
*wpa_s
,
6829 struct wpa_ssid
*ssid
,
6833 #ifdef IEEE8021X_EAPOL
6834 struct eap_peer_config
*eap
= &ssid
->eap
;
6836 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: response handle field=%s", field
);
6837 wpa_hexdump_ascii_key(MSG_DEBUG
, "CTRL_IFACE: response value",
6838 (const u8
*) value
, os_strlen(value
));
6840 switch (wpa_supplicant_ctrl_req_from_string(field
)) {
6841 case WPA_CTRL_REQ_EAP_IDENTITY
:
6842 os_free(eap
->identity
);
6843 eap
->identity
= (u8
*) os_strdup(value
);
6844 eap
->identity_len
= os_strlen(value
);
6845 eap
->pending_req_identity
= 0;
6846 if (ssid
== wpa_s
->current_ssid
)
6847 wpa_s
->reassociate
= 1;
6849 case WPA_CTRL_REQ_EAP_PASSWORD
:
6850 bin_clear_free(eap
->password
, eap
->password_len
);
6851 eap
->password
= (u8
*) os_strdup(value
);
6852 eap
->password_len
= os_strlen(value
);
6853 eap
->pending_req_password
= 0;
6854 if (ssid
== wpa_s
->current_ssid
)
6855 wpa_s
->reassociate
= 1;
6857 case WPA_CTRL_REQ_EAP_NEW_PASSWORD
:
6858 bin_clear_free(eap
->new_password
, eap
->new_password_len
);
6859 eap
->new_password
= (u8
*) os_strdup(value
);
6860 eap
->new_password_len
= os_strlen(value
);
6861 eap
->pending_req_new_password
= 0;
6862 if (ssid
== wpa_s
->current_ssid
)
6863 wpa_s
->reassociate
= 1;
6865 case WPA_CTRL_REQ_EAP_PIN
:
6866 str_clear_free(eap
->pin
);
6867 eap
->pin
= os_strdup(value
);
6868 eap
->pending_req_pin
= 0;
6869 if (ssid
== wpa_s
->current_ssid
)
6870 wpa_s
->reassociate
= 1;
6872 case WPA_CTRL_REQ_EAP_OTP
:
6873 bin_clear_free(eap
->otp
, eap
->otp_len
);
6874 eap
->otp
= (u8
*) os_strdup(value
);
6875 eap
->otp_len
= os_strlen(value
);
6876 os_free(eap
->pending_req_otp
);
6877 eap
->pending_req_otp
= NULL
;
6878 eap
->pending_req_otp_len
= 0;
6880 case WPA_CTRL_REQ_EAP_PASSPHRASE
:
6881 str_clear_free(eap
->private_key_passwd
);
6882 eap
->private_key_passwd
= os_strdup(value
);
6883 eap
->pending_req_passphrase
= 0;
6884 if (ssid
== wpa_s
->current_ssid
)
6885 wpa_s
->reassociate
= 1;
6887 case WPA_CTRL_REQ_SIM
:
6888 str_clear_free(eap
->external_sim_resp
);
6889 eap
->external_sim_resp
= os_strdup(value
);
6890 eap
->pending_req_sim
= 0;
6892 case WPA_CTRL_REQ_PSK_PASSPHRASE
:
6893 if (wpa_config_set(ssid
, "psk", value
, 0) < 0)
6895 ssid
->mem_only_psk
= 1;
6896 if (ssid
->passphrase
)
6897 wpa_config_update_psk(ssid
);
6898 if (wpa_s
->wpa_state
== WPA_SCANNING
&& !wpa_s
->scanning
)
6899 wpa_supplicant_req_scan(wpa_s
, 0, 0);
6901 case WPA_CTRL_REQ_EXT_CERT_CHECK
:
6902 if (eap
->pending_ext_cert_check
!= PENDING_CHECK
)
6904 if (os_strcmp(value
, "good") == 0)
6905 eap
->pending_ext_cert_check
= EXT_CERT_CHECK_GOOD
;
6906 else if (os_strcmp(value
, "bad") == 0)
6907 eap
->pending_ext_cert_check
= EXT_CERT_CHECK_BAD
;
6912 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: Unknown field '%s'", field
);
6917 #else /* IEEE8021X_EAPOL */
6918 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: IEEE 802.1X not included");
6920 #endif /* IEEE8021X_EAPOL */
6922 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
6925 int wpas_network_disabled(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
6928 unsigned int drv_enc
;
6930 if (wpa_s
->p2p_mgmt
)
6931 return 1; /* no normal network profiles on p2p_mgmt interface */
6939 if (wpa_s
->drv_capa_known
)
6940 drv_enc
= wpa_s
->drv_enc
;
6942 drv_enc
= (unsigned int) -1;
6944 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
6945 size_t len
= ssid
->wep_key_len
[i
];
6948 if (len
== 5 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP40
))
6950 if (len
== 13 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP104
))
6952 if (len
== 16 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP128
))
6954 return 1; /* invalid WEP key */
6957 if (wpa_key_mgmt_wpa_psk(ssid
->key_mgmt
) && !ssid
->psk_set
&&
6958 (!ssid
->passphrase
|| ssid
->ssid_len
!= 0) && !ssid
->ext_psk
&&
6959 !(wpa_key_mgmt_sae(ssid
->key_mgmt
) && ssid
->sae_password
) &&
6960 !ssid
->mem_only_psk
)
6967 int wpas_get_ssid_pmf(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
6969 #ifdef CONFIG_IEEE80211W
6970 if (ssid
== NULL
|| ssid
->ieee80211w
== MGMT_FRAME_PROTECTION_DEFAULT
) {
6971 if (wpa_s
->conf
->pmf
== MGMT_FRAME_PROTECTION_OPTIONAL
&&
6972 !(wpa_s
->drv_enc
& WPA_DRIVER_CAPA_ENC_BIP
)) {
6974 * Driver does not support BIP -- ignore pmf=1 default
6975 * since the connection with PMF would fail and the
6976 * configuration does not require PMF to be enabled.
6978 return NO_MGMT_FRAME_PROTECTION
;
6983 ~(WPA_KEY_MGMT_NONE
| WPA_KEY_MGMT_WPS
|
6984 WPA_KEY_MGMT_IEEE8021X_NO_WPA
)) == 0) {
6986 * Do not use the default PMF value for non-RSN networks
6987 * since PMF is available only with RSN and pmf=2
6988 * configuration would otherwise prevent connections to
6989 * all open networks.
6991 return NO_MGMT_FRAME_PROTECTION
;
6994 return wpa_s
->conf
->pmf
;
6997 return ssid
->ieee80211w
;
6998 #else /* CONFIG_IEEE80211W */
6999 return NO_MGMT_FRAME_PROTECTION
;
7000 #endif /* CONFIG_IEEE80211W */
7004 int wpas_is_p2p_prioritized(struct wpa_supplicant
*wpa_s
)
7006 if (wpa_s
->global
->conc_pref
== WPA_CONC_PREF_P2P
)
7008 if (wpa_s
->global
->conc_pref
== WPA_CONC_PREF_STA
)
7014 void wpas_auth_failed(struct wpa_supplicant
*wpa_s
, char *reason
)
7016 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
7018 struct os_reltime now
;
7021 wpa_printf(MSG_DEBUG
, "Authentication failure but no known "
7026 if (ssid
->key_mgmt
== WPA_KEY_MGMT_WPS
)
7029 ssid
->auth_failures
++;
7032 if (ssid
->p2p_group
&&
7033 (wpa_s
->p2p_in_provisioning
|| wpa_s
->show_group_started
)) {
7035 * Skip the wait time since there is a short timeout on the
7036 * connection to a P2P group.
7040 #endif /* CONFIG_P2P */
7042 if (ssid
->auth_failures
> 50)
7044 else if (ssid
->auth_failures
> 10)
7046 else if (ssid
->auth_failures
> 5)
7048 else if (ssid
->auth_failures
> 3)
7050 else if (ssid
->auth_failures
> 2)
7052 else if (ssid
->auth_failures
> 1)
7057 if (ssid
->auth_failures
> 1 &&
7058 wpa_key_mgmt_wpa_ieee8021x(ssid
->key_mgmt
))
7059 dur
+= os_random() % (ssid
->auth_failures
* 10);
7061 os_get_reltime(&now
);
7062 if (now
.sec
+ dur
<= ssid
->disabled_until
.sec
)
7065 ssid
->disabled_until
.sec
= now
.sec
+ dur
;
7067 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_TEMP_DISABLED
7068 "id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
7069 ssid
->id
, wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
),
7070 ssid
->auth_failures
, dur
, reason
);
7074 void wpas_clear_temp_disabled(struct wpa_supplicant
*wpa_s
,
7075 struct wpa_ssid
*ssid
, int clear_failures
)
7080 if (ssid
->disabled_until
.sec
) {
7081 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_REENABLED
7082 "id=%d ssid=\"%s\"",
7083 ssid
->id
, wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
));
7085 ssid
->disabled_until
.sec
= 0;
7086 ssid
->disabled_until
.usec
= 0;
7088 ssid
->auth_failures
= 0;
7092 int disallowed_bssid(struct wpa_supplicant
*wpa_s
, const u8
*bssid
)
7096 if (wpa_s
->disallow_aps_bssid
== NULL
)
7099 for (i
= 0; i
< wpa_s
->disallow_aps_bssid_count
; i
++) {
7100 if (os_memcmp(wpa_s
->disallow_aps_bssid
+ i
* ETH_ALEN
,
7101 bssid
, ETH_ALEN
) == 0)
7109 int disallowed_ssid(struct wpa_supplicant
*wpa_s
, const u8
*ssid
,
7114 if (wpa_s
->disallow_aps_ssid
== NULL
|| ssid
== NULL
)
7117 for (i
= 0; i
< wpa_s
->disallow_aps_ssid_count
; i
++) {
7118 struct wpa_ssid_value
*s
= &wpa_s
->disallow_aps_ssid
[i
];
7119 if (ssid_len
== s
->ssid_len
&&
7120 os_memcmp(ssid
, s
->ssid
, ssid_len
) == 0)
7129 * wpas_request_connection - Request a new connection
7130 * @wpa_s: Pointer to the network interface
7132 * This function is used to request a new connection to be found. It will mark
7133 * the interface to allow reassociation and request a new scan to find a
7134 * suitable network to connect to.
7136 void wpas_request_connection(struct wpa_supplicant
*wpa_s
)
7138 wpa_s
->normal_scans
= 0;
7139 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
7140 wpa_supplicant_reinit_autoscan(wpa_s
);
7141 wpa_s
->extra_blacklist_count
= 0;
7142 wpa_s
->disconnected
= 0;
7143 wpa_s
->reassociate
= 1;
7144 wpa_s
->last_owe_group
= 0;
7146 if (wpa_supplicant_fast_associate(wpa_s
) != 1)
7147 wpa_supplicant_req_scan(wpa_s
, 0, 0);
7149 wpa_s
->reattach
= 0;
7154 * wpas_request_disconnection - Request disconnection
7155 * @wpa_s: Pointer to the network interface
7157 * This function is used to request disconnection from the currently connected
7158 * network. This will stop any ongoing scans and initiate deauthentication.
7160 void wpas_request_disconnection(struct wpa_supplicant
*wpa_s
)
7163 wpa_s
->sme
.prev_bssid_set
= 0;
7164 #endif /* CONFIG_SME */
7165 wpa_s
->reassociate
= 0;
7166 wpa_s
->disconnected
= 1;
7167 wpa_supplicant_cancel_sched_scan(wpa_s
);
7168 wpa_supplicant_cancel_scan(wpa_s
);
7169 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
7170 eloop_cancel_timeout(wpas_network_reenabled
, wpa_s
, NULL
);
7171 radio_remove_works(wpa_s
, "connect", 0);
7172 radio_remove_works(wpa_s
, "sme-connect", 0);
7176 void dump_freq_data(struct wpa_supplicant
*wpa_s
, const char *title
,
7177 struct wpa_used_freq_data
*freqs_data
,
7182 wpa_dbg(wpa_s
, MSG_DEBUG
, "Shared frequencies (len=%u): %s",
7184 for (i
= 0; i
< len
; i
++) {
7185 struct wpa_used_freq_data
*cur
= &freqs_data
[i
];
7186 wpa_dbg(wpa_s
, MSG_DEBUG
, "freq[%u]: %d, flags=0x%X",
7187 i
, cur
->freq
, cur
->flags
);
7193 * Find the operating frequencies of any of the virtual interfaces that
7194 * are using the same radio as the current interface, and in addition, get
7195 * information about the interface types that are using the frequency.
7197 int get_shared_radio_freqs_data(struct wpa_supplicant
*wpa_s
,
7198 struct wpa_used_freq_data
*freqs_data
,
7201 struct wpa_supplicant
*ifs
;
7204 unsigned int idx
= 0, i
;
7206 wpa_dbg(wpa_s
, MSG_DEBUG
,
7207 "Determining shared radio frequencies (max len %u)", len
);
7208 os_memset(freqs_data
, 0, sizeof(struct wpa_used_freq_data
) * len
);
7210 dl_list_for_each(ifs
, &wpa_s
->radio
->ifaces
, struct wpa_supplicant
,
7215 if (ifs
->current_ssid
== NULL
|| ifs
->assoc_freq
== 0)
7218 if (ifs
->current_ssid
->mode
== WPAS_MODE_AP
||
7219 ifs
->current_ssid
->mode
== WPAS_MODE_P2P_GO
||
7220 ifs
->current_ssid
->mode
== WPAS_MODE_MESH
)
7221 freq
= ifs
->current_ssid
->frequency
;
7222 else if (wpa_drv_get_bssid(ifs
, bssid
) == 0)
7223 freq
= ifs
->assoc_freq
;
7227 /* Hold only distinct freqs */
7228 for (i
= 0; i
< idx
; i
++)
7229 if (freqs_data
[i
].freq
== freq
)
7233 freqs_data
[idx
++].freq
= freq
;
7235 if (ifs
->current_ssid
->mode
== WPAS_MODE_INFRA
) {
7236 freqs_data
[i
].flags
|= ifs
->current_ssid
->p2p_group
?
7237 WPA_FREQ_USED_BY_P2P_CLIENT
:
7238 WPA_FREQ_USED_BY_INFRA_STATION
;
7242 dump_freq_data(wpa_s
, "completed iteration", freqs_data
, idx
);
7248 * Find the operating frequencies of any of the virtual interfaces that
7249 * are using the same radio as the current interface.
7251 int get_shared_radio_freqs(struct wpa_supplicant
*wpa_s
,
7252 int *freq_array
, unsigned int len
)
7254 struct wpa_used_freq_data
*freqs_data
;
7257 os_memset(freq_array
, 0, sizeof(int) * len
);
7259 freqs_data
= os_calloc(len
, sizeof(struct wpa_used_freq_data
));
7263 num
= get_shared_radio_freqs_data(wpa_s
, freqs_data
, len
);
7264 for (i
= 0; i
< num
; i
++)
7265 freq_array
[i
] = freqs_data
[i
].freq
;
7267 os_free(freqs_data
);
7273 struct wpa_supplicant
*
7274 wpas_vendor_elem(struct wpa_supplicant
*wpa_s
, enum wpa_vendor_elem_frame frame
)
7278 case VENDOR_ELEM_PROBE_REQ_P2P
:
7279 case VENDOR_ELEM_PROBE_RESP_P2P
:
7280 case VENDOR_ELEM_PROBE_RESP_P2P_GO
:
7281 case VENDOR_ELEM_BEACON_P2P_GO
:
7282 case VENDOR_ELEM_P2P_PD_REQ
:
7283 case VENDOR_ELEM_P2P_PD_RESP
:
7284 case VENDOR_ELEM_P2P_GO_NEG_REQ
:
7285 case VENDOR_ELEM_P2P_GO_NEG_RESP
:
7286 case VENDOR_ELEM_P2P_GO_NEG_CONF
:
7287 case VENDOR_ELEM_P2P_INV_REQ
:
7288 case VENDOR_ELEM_P2P_INV_RESP
:
7289 case VENDOR_ELEM_P2P_ASSOC_REQ
:
7290 case VENDOR_ELEM_P2P_ASSOC_RESP
:
7291 return wpa_s
->p2pdev
;
7292 #endif /* CONFIG_P2P */
7299 void wpas_vendor_elem_update(struct wpa_supplicant
*wpa_s
)
7304 wpa_printf(MSG_DEBUG
, "Update vendor elements");
7306 for (i
= 0; i
< NUM_VENDOR_ELEM_FRAMES
; i
++) {
7307 if (wpa_s
->vendor_elem
[i
]) {
7310 res
= os_snprintf(buf
, sizeof(buf
), "frame[%u]", i
);
7311 if (!os_snprintf_error(sizeof(buf
), res
)) {
7312 wpa_hexdump_buf(MSG_DEBUG
, buf
,
7313 wpa_s
->vendor_elem
[i
]);
7319 if (wpa_s
->parent
== wpa_s
&&
7320 wpa_s
->global
->p2p
&&
7321 !wpa_s
->global
->p2p_disabled
)
7322 p2p_set_vendor_elems(wpa_s
->global
->p2p
, wpa_s
->vendor_elem
);
7323 #endif /* CONFIG_P2P */
7327 int wpas_vendor_elem_remove(struct wpa_supplicant
*wpa_s
, int frame
,
7328 const u8
*elem
, size_t len
)
7332 ie
= wpabuf_mhead_u8(wpa_s
->vendor_elem
[frame
]);
7333 end
= ie
+ wpabuf_len(wpa_s
->vendor_elem
[frame
]);
7335 for (; ie
+ 1 < end
; ie
+= 2 + ie
[1]) {
7338 if (os_memcmp(ie
, elem
, len
) != 0)
7341 if (wpabuf_len(wpa_s
->vendor_elem
[frame
]) == len
) {
7342 wpabuf_free(wpa_s
->vendor_elem
[frame
]);
7343 wpa_s
->vendor_elem
[frame
] = NULL
;
7345 os_memmove(ie
, ie
+ len
, end
- (ie
+ len
));
7346 wpa_s
->vendor_elem
[frame
]->used
-= len
;
7348 wpas_vendor_elem_update(wpa_s
);
7356 struct hostapd_hw_modes
* get_mode(struct hostapd_hw_modes
*modes
,
7357 u16 num_modes
, enum hostapd_hw_mode mode
)
7361 for (i
= 0; i
< num_modes
; i
++) {
7362 if (modes
[i
].mode
== mode
)
7371 wpa_bss_tmp_disallowed
* wpas_get_disallowed_bss(struct wpa_supplicant
*wpa_s
,
7374 struct wpa_bss_tmp_disallowed
*bss
;
7376 dl_list_for_each(bss
, &wpa_s
->bss_tmp_disallowed
,
7377 struct wpa_bss_tmp_disallowed
, list
) {
7378 if (os_memcmp(bssid
, bss
->bssid
, ETH_ALEN
) == 0)
7386 static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant
*wpa_s
)
7388 struct wpa_bss_tmp_disallowed
*tmp
;
7389 unsigned int num_bssid
= 0;
7393 bssids
= os_malloc(dl_list_len(&wpa_s
->bss_tmp_disallowed
) * ETH_ALEN
);
7396 dl_list_for_each(tmp
, &wpa_s
->bss_tmp_disallowed
,
7397 struct wpa_bss_tmp_disallowed
, list
) {
7398 os_memcpy(&bssids
[num_bssid
* ETH_ALEN
], tmp
->bssid
,
7402 ret
= wpa_drv_set_bssid_blacklist(wpa_s
, num_bssid
, bssids
);
7408 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx
, void *timeout_ctx
)
7410 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
7411 struct wpa_bss_tmp_disallowed
*tmp
, *bss
= timeout_ctx
;
7413 /* Make sure the bss is not already freed */
7414 dl_list_for_each(tmp
, &wpa_s
->bss_tmp_disallowed
,
7415 struct wpa_bss_tmp_disallowed
, list
) {
7417 dl_list_del(&tmp
->list
);
7419 wpa_set_driver_tmp_disallow_list(wpa_s
);
7426 void wpa_bss_tmp_disallow(struct wpa_supplicant
*wpa_s
, const u8
*bssid
,
7427 unsigned int sec
, int rssi_threshold
)
7429 struct wpa_bss_tmp_disallowed
*bss
;
7431 bss
= wpas_get_disallowed_bss(wpa_s
, bssid
);
7433 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout
, wpa_s
, bss
);
7437 bss
= os_malloc(sizeof(*bss
));
7439 wpa_printf(MSG_DEBUG
,
7440 "Failed to allocate memory for temp disallow BSS");
7444 os_memcpy(bss
->bssid
, bssid
, ETH_ALEN
);
7445 dl_list_add(&wpa_s
->bss_tmp_disallowed
, &bss
->list
);
7446 wpa_set_driver_tmp_disallow_list(wpa_s
);
7449 bss
->rssi_threshold
= rssi_threshold
;
7450 eloop_register_timeout(sec
, 0, wpa_bss_tmp_disallow_timeout
,
7455 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant
*wpa_s
,
7456 struct wpa_bss
*bss
)
7458 struct wpa_bss_tmp_disallowed
*disallowed
= NULL
, *tmp
, *prev
;
7460 dl_list_for_each_safe(tmp
, prev
, &wpa_s
->bss_tmp_disallowed
,
7461 struct wpa_bss_tmp_disallowed
, list
) {
7462 if (os_memcmp(bss
->bssid
, tmp
->bssid
, ETH_ALEN
) == 0) {
7470 if (disallowed
->rssi_threshold
!= 0 &&
7471 bss
->level
> disallowed
->rssi_threshold
)