3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
14 #ifdef CONFIG_MATCH_IFACE
17 #endif /* CONFIG_MATCH_IFACE */
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_common.h"
40 #include "common/ieee802_11_defs.h"
41 #include "common/hw_features_common.h"
42 #include "common/gas_server.h"
43 #include "common/dpp.h"
46 #include "blacklist.h"
47 #include "wpas_glue.h"
48 #include "wps_supplicant.h"
51 #include "gas_query.h"
53 #include "p2p_supplicant.h"
54 #include "wifi_display.h"
60 #include "offchannel.h"
61 #include "hs20_supplicant.h"
65 #include "dpp_supplicant.h"
67 #include "ap/ap_config.h"
68 #include "ap/hostapd.h"
69 #endif /* CONFIG_MESH */
71 const char *const wpa_supplicant_version
=
72 "wpa_supplicant v" VERSION_STR
"\n"
73 "Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
75 const char *const wpa_supplicant_license
=
76 "This software may be distributed under the terms of the BSD license.\n"
77 "See README for more details.\n"
78 #ifdef EAP_TLS_OPENSSL
79 "\nThis product includes software developed by the OpenSSL Project\n"
80 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
81 #endif /* EAP_TLS_OPENSSL */
84 #ifndef CONFIG_NO_STDOUT_DEBUG
85 /* Long text divided into parts in order to fit in C89 strings size limits. */
86 const char *const wpa_supplicant_full_license1
=
88 const char *const wpa_supplicant_full_license2
=
89 "This software may be distributed under the terms of the BSD license.\n"
91 "Redistribution and use in source and binary forms, with or without\n"
92 "modification, are permitted provided that the following conditions are\n"
95 const char *const wpa_supplicant_full_license3
=
96 "1. Redistributions of source code must retain the above copyright\n"
97 " notice, this list of conditions and the following disclaimer.\n"
99 "2. Redistributions in binary form must reproduce the above copyright\n"
100 " notice, this list of conditions and the following disclaimer in the\n"
101 " documentation and/or other materials provided with the distribution.\n"
103 const char *const wpa_supplicant_full_license4
=
104 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
105 " names of its contributors may be used to endorse or promote products\n"
106 " derived from this software without specific prior written permission.\n"
108 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
109 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
110 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
111 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
112 const char *const wpa_supplicant_full_license5
=
113 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
114 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
115 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
116 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
117 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
118 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
119 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
121 #endif /* CONFIG_NO_STDOUT_DEBUG */
124 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx
, void *timeout_ctx
);
125 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
126 static void wpas_update_fils_connect_params(struct wpa_supplicant
*wpa_s
);
127 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
129 static void wpas_update_owe_connect_params(struct wpa_supplicant
*wpa_s
);
130 #endif /* CONFIG_OWE */
133 /* Configure default/group WEP keys for static WEP */
134 int wpa_set_wep_keys(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
138 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
139 if (ssid
->wep_key_len
[i
] == 0)
143 wpa_drv_set_key(wpa_s
, WPA_ALG_WEP
, NULL
,
144 i
, i
== ssid
->wep_tx_keyidx
, NULL
, 0,
145 ssid
->wep_key
[i
], ssid
->wep_key_len
[i
],
146 i
== ssid
->wep_tx_keyidx
?
147 KEY_FLAG_GROUP_RX_TX_DEFAULT
:
148 KEY_FLAG_GROUP_RX_TX
);
155 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant
*wpa_s
,
156 struct wpa_ssid
*ssid
)
164 /* IBSS/WPA-None uses only one key (Group) for both receiving and
165 * sending unicast and multicast packets. */
167 if (ssid
->mode
!= WPAS_MODE_IBSS
) {
168 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Invalid mode %d (not "
169 "IBSS/ad-hoc) for WPA-None", ssid
->mode
);
173 if (!ssid
->psk_set
) {
174 wpa_msg(wpa_s
, MSG_INFO
, "WPA: No PSK configured for "
179 switch (wpa_s
->group_cipher
) {
180 case WPA_CIPHER_CCMP
:
181 os_memcpy(key
, ssid
->psk
, 16);
185 case WPA_CIPHER_GCMP
:
186 os_memcpy(key
, ssid
->psk
, 16);
190 case WPA_CIPHER_TKIP
:
191 /* WPA-None uses the same Michael MIC key for both TX and RX */
192 os_memcpy(key
, ssid
->psk
, 16 + 8);
193 os_memcpy(key
+ 16 + 8, ssid
->psk
+ 16, 8);
198 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Invalid group cipher %d for "
199 "WPA-None", wpa_s
->group_cipher
);
203 /* TODO: should actually remember the previously used seq#, both for TX
204 * and RX from each STA.. */
206 ret
= wpa_drv_set_key(wpa_s
, alg
, NULL
, 0, 1, seq
, 6, key
, keylen
,
207 KEY_FLAG_GROUP_RX_TX_DEFAULT
);
208 os_memset(key
, 0, sizeof(key
));
213 static void wpa_supplicant_timeout(void *eloop_ctx
, void *timeout_ctx
)
215 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
216 const u8
*bssid
= wpa_s
->bssid
;
217 if (!is_zero_ether_addr(wpa_s
->pending_bssid
) &&
218 (wpa_s
->wpa_state
== WPA_AUTHENTICATING
||
219 wpa_s
->wpa_state
== WPA_ASSOCIATING
))
220 bssid
= wpa_s
->pending_bssid
;
221 wpa_msg(wpa_s
, MSG_INFO
, "Authentication with " MACSTR
" timed out.",
223 wpa_blacklist_add(wpa_s
, bssid
);
224 wpa_sm_notify_disassoc(wpa_s
->wpa
);
225 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
226 wpa_s
->reassociate
= 1;
229 * If we timed out, the AP or the local radio may be busy.
230 * So, wait a second until scanning again.
232 wpa_supplicant_req_scan(wpa_s
, 1, 0);
237 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
238 * @wpa_s: Pointer to wpa_supplicant data
239 * @sec: Number of seconds after which to time out authentication
240 * @usec: Number of microseconds after which to time out authentication
242 * This function is used to schedule a timeout for the current authentication
245 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant
*wpa_s
,
248 if (wpa_s
->conf
->ap_scan
== 0 &&
249 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
))
252 wpa_dbg(wpa_s
, MSG_DEBUG
, "Setting authentication timeout: %d sec "
253 "%d usec", sec
, usec
);
254 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
255 wpa_s
->last_auth_timeout_sec
= sec
;
256 eloop_register_timeout(sec
, usec
, wpa_supplicant_timeout
, wpa_s
, NULL
);
261 * wpas_auth_timeout_restart - Restart and change timeout for authentication
262 * @wpa_s: Pointer to wpa_supplicant data
263 * @sec_diff: difference in seconds applied to original timeout value
265 void wpas_auth_timeout_restart(struct wpa_supplicant
*wpa_s
, int sec_diff
)
267 int new_sec
= wpa_s
->last_auth_timeout_sec
+ sec_diff
;
269 if (eloop_is_timeout_registered(wpa_supplicant_timeout
, wpa_s
, NULL
)) {
270 wpa_dbg(wpa_s
, MSG_DEBUG
,
271 "Authentication timeout restart: %d sec", new_sec
);
272 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
273 eloop_register_timeout(new_sec
, 0, wpa_supplicant_timeout
,
280 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
281 * @wpa_s: Pointer to wpa_supplicant data
283 * This function is used to cancel authentication timeout scheduled with
284 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
287 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant
*wpa_s
)
289 wpa_dbg(wpa_s
, MSG_DEBUG
, "Cancelling authentication timeout");
290 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
291 wpa_blacklist_del(wpa_s
, wpa_s
->bssid
);
292 os_free(wpa_s
->last_con_fail_realm
);
293 wpa_s
->last_con_fail_realm
= NULL
;
294 wpa_s
->last_con_fail_realm_len
= 0;
299 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
300 * @wpa_s: Pointer to wpa_supplicant data
302 * This function is used to configure EAPOL state machine based on the selected
303 * authentication mode.
305 void wpa_supplicant_initiate_eapol(struct wpa_supplicant
*wpa_s
)
307 #ifdef IEEE8021X_EAPOL
308 struct eapol_config eapol_conf
;
309 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
311 #ifdef CONFIG_IBSS_RSN
312 if (ssid
->mode
== WPAS_MODE_IBSS
&&
313 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_NONE
&&
314 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPA_NONE
) {
316 * RSN IBSS authentication is per-STA and we can disable the
317 * per-BSSID EAPOL authentication.
319 eapol_sm_notify_portControl(wpa_s
->eapol
, ForceAuthorized
);
320 eapol_sm_notify_eap_success(wpa_s
->eapol
, TRUE
);
321 eapol_sm_notify_eap_fail(wpa_s
->eapol
, FALSE
);
324 #endif /* CONFIG_IBSS_RSN */
326 eapol_sm_notify_eap_success(wpa_s
->eapol
, FALSE
);
327 eapol_sm_notify_eap_fail(wpa_s
->eapol
, FALSE
);
329 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
||
330 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
)
331 eapol_sm_notify_portControl(wpa_s
->eapol
, ForceAuthorized
);
333 eapol_sm_notify_portControl(wpa_s
->eapol
, Auto
);
335 os_memset(&eapol_conf
, 0, sizeof(eapol_conf
));
336 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
337 eapol_conf
.accept_802_1x_keys
= 1;
338 eapol_conf
.required_keys
= 0;
339 if (ssid
->eapol_flags
& EAPOL_FLAG_REQUIRE_KEY_UNICAST
) {
340 eapol_conf
.required_keys
|= EAPOL_REQUIRE_KEY_UNICAST
;
342 if (ssid
->eapol_flags
& EAPOL_FLAG_REQUIRE_KEY_BROADCAST
) {
343 eapol_conf
.required_keys
|=
344 EAPOL_REQUIRE_KEY_BROADCAST
;
347 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
)
348 eapol_conf
.required_keys
= 0;
350 eapol_conf
.fast_reauth
= wpa_s
->conf
->fast_reauth
;
351 eapol_conf
.workaround
= ssid
->eap_workaround
;
352 eapol_conf
.eap_disabled
=
353 !wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) &&
354 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X_NO_WPA
&&
355 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPS
;
356 eapol_conf
.external_sim
= wpa_s
->conf
->external_sim
;
359 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
360 eapol_conf
.wps
|= EAPOL_LOCAL_WPS_IN_USE
;
361 if (wpa_s
->current_bss
) {
363 ie
= wpa_bss_get_vendor_ie_multi(wpa_s
->current_bss
,
368 EAPOL_PEER_IS_WPS20_AP
;
373 #endif /* CONFIG_WPS */
375 eapol_sm_notify_config(wpa_s
->eapol
, &ssid
->eap
, &eapol_conf
);
378 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
&& ssid
->mka_psk_set
)
379 ieee802_1x_create_preshared_mka(wpa_s
, ssid
);
381 ieee802_1x_alloc_kay_sm(wpa_s
, ssid
);
382 #endif /* CONFIG_MACSEC */
383 #endif /* IEEE8021X_EAPOL */
388 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
389 * @wpa_s: Pointer to wpa_supplicant data
390 * @ssid: Configuration data for the network
392 * This function is used to configure WPA state machine and related parameters
393 * to a mode where WPA is not enabled. This is called as part of the
394 * authentication configuration when the selected network does not use WPA.
396 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant
*wpa_s
,
397 struct wpa_ssid
*ssid
)
401 if (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
)
402 wpa_s
->key_mgmt
= WPA_KEY_MGMT_WPS
;
403 else if (ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
)
404 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_NO_WPA
;
406 wpa_s
->key_mgmt
= WPA_KEY_MGMT_NONE
;
407 wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, NULL
, 0);
408 wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, NULL
, 0);
409 wpa_sm_set_ap_rsnxe(wpa_s
->wpa
, NULL
, 0);
410 wpa_sm_set_assoc_wpa_ie(wpa_s
->wpa
, NULL
, 0);
411 wpa_sm_set_assoc_rsnxe(wpa_s
->wpa
, NULL
, 0);
412 wpa_s
->rsnxe_len
= 0;
413 wpa_s
->pairwise_cipher
= WPA_CIPHER_NONE
;
414 wpa_s
->group_cipher
= WPA_CIPHER_NONE
;
415 wpa_s
->mgmt_group_cipher
= 0;
417 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
418 if (ssid
->wep_key_len
[i
] > 5) {
419 wpa_s
->pairwise_cipher
= WPA_CIPHER_WEP104
;
420 wpa_s
->group_cipher
= WPA_CIPHER_WEP104
;
422 } else if (ssid
->wep_key_len
[i
] > 0) {
423 wpa_s
->pairwise_cipher
= WPA_CIPHER_WEP40
;
424 wpa_s
->group_cipher
= WPA_CIPHER_WEP40
;
429 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_RSN_ENABLED
, 0);
430 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_KEY_MGMT
, wpa_s
->key_mgmt
);
431 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PAIRWISE
,
432 wpa_s
->pairwise_cipher
);
433 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_GROUP
, wpa_s
->group_cipher
);
434 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MGMT_GROUP
,
435 wpa_s
->mgmt_group_cipher
);
437 pmksa_cache_clear_current(wpa_s
->wpa
);
441 void free_hw_features(struct wpa_supplicant
*wpa_s
)
444 if (wpa_s
->hw
.modes
== NULL
)
447 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
448 os_free(wpa_s
->hw
.modes
[i
].channels
);
449 os_free(wpa_s
->hw
.modes
[i
].rates
);
452 os_free(wpa_s
->hw
.modes
);
453 wpa_s
->hw
.modes
= NULL
;
457 void free_bss_tmp_disallowed(struct wpa_supplicant
*wpa_s
)
459 struct wpa_bss_tmp_disallowed
*bss
, *prev
;
461 dl_list_for_each_safe(bss
, prev
, &wpa_s
->bss_tmp_disallowed
,
462 struct wpa_bss_tmp_disallowed
, list
) {
463 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout
, wpa_s
, bss
);
464 dl_list_del(&bss
->list
);
470 void wpas_flush_fils_hlp_req(struct wpa_supplicant
*wpa_s
)
472 struct fils_hlp_req
*req
;
474 while ((req
= dl_list_first(&wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
476 dl_list_del(&req
->list
);
477 wpabuf_free(req
->pkt
);
483 void wpas_clear_disabled_interface(void *eloop_ctx
, void *timeout_ctx
)
485 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
487 if (wpa_s
->wpa_state
!= WPA_INTERFACE_DISABLED
)
489 wpa_dbg(wpa_s
, MSG_DEBUG
, "Clear cached state on disabled interface");
490 wpa_bss_flush(wpa_s
);
494 #ifdef CONFIG_TESTING_OPTIONS
495 void wpas_clear_driver_signal_override(struct wpa_supplicant
*wpa_s
)
497 struct driver_signal_override
*dso
;
499 while ((dso
= dl_list_first(&wpa_s
->drv_signal_override
,
500 struct driver_signal_override
, list
))) {
501 dl_list_del(&dso
->list
);
505 #endif /* CONFIG_TESTING_OPTIONS */
508 static void wpa_supplicant_cleanup(struct wpa_supplicant
*wpa_s
)
512 bgscan_deinit(wpa_s
);
513 autoscan_deinit(wpa_s
);
514 scard_deinit(wpa_s
->scard
);
516 wpa_sm_set_scard_ctx(wpa_s
->wpa
, NULL
);
517 eapol_sm_register_scard_ctx(wpa_s
->eapol
, NULL
);
518 l2_packet_deinit(wpa_s
->l2
);
521 l2_packet_deinit(wpa_s
->l2_br
);
524 #ifdef CONFIG_TESTING_OPTIONS
525 l2_packet_deinit(wpa_s
->l2_test
);
526 wpa_s
->l2_test
= NULL
;
527 os_free(wpa_s
->get_pref_freq_list_override
);
528 wpa_s
->get_pref_freq_list_override
= NULL
;
529 wpabuf_free(wpa_s
->last_assoc_req_wpa_ie
);
530 wpa_s
->last_assoc_req_wpa_ie
= NULL
;
531 os_free(wpa_s
->extra_sae_rejected_groups
);
532 wpa_s
->extra_sae_rejected_groups
= NULL
;
533 wpabuf_free(wpa_s
->rsnxe_override_assoc
);
534 wpa_s
->rsnxe_override_assoc
= NULL
;
535 wpabuf_free(wpa_s
->rsnxe_override_eapol
);
536 wpa_s
->rsnxe_override_eapol
= NULL
;
537 wpas_clear_driver_signal_override(wpa_s
);
538 #endif /* CONFIG_TESTING_OPTIONS */
540 if (wpa_s
->conf
!= NULL
) {
541 struct wpa_ssid
*ssid
;
542 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
543 wpas_notify_network_removed(wpa_s
, ssid
);
546 os_free(wpa_s
->confname
);
547 wpa_s
->confname
= NULL
;
549 os_free(wpa_s
->confanother
);
550 wpa_s
->confanother
= NULL
;
552 os_free(wpa_s
->last_con_fail_realm
);
553 wpa_s
->last_con_fail_realm
= NULL
;
554 wpa_s
->last_con_fail_realm_len
= 0;
556 wpa_sm_set_eapol(wpa_s
->wpa
, NULL
);
557 eapol_sm_deinit(wpa_s
->eapol
);
560 rsn_preauth_deinit(wpa_s
->wpa
);
563 wpa_tdls_deinit(wpa_s
->wpa
);
564 #endif /* CONFIG_TDLS */
566 wmm_ac_clear_saved_tspecs(wpa_s
);
567 pmksa_candidate_free(wpa_s
->wpa
);
568 wpa_sm_deinit(wpa_s
->wpa
);
570 wpa_blacklist_clear(wpa_s
);
572 wpa_bss_deinit(wpa_s
);
574 wpa_supplicant_cancel_delayed_sched_scan(wpa_s
);
575 wpa_supplicant_cancel_scan(wpa_s
);
576 wpa_supplicant_cancel_auth_timeout(wpa_s
);
577 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures
, wpa_s
, NULL
);
578 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
579 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report
,
581 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
583 eloop_cancel_timeout(wpas_network_reenabled
, wpa_s
, NULL
);
584 eloop_cancel_timeout(wpas_clear_disabled_interface
, wpa_s
, NULL
);
586 wpas_wps_deinit(wpa_s
);
588 wpabuf_free(wpa_s
->pending_eapol_rx
);
589 wpa_s
->pending_eapol_rx
= NULL
;
591 #ifdef CONFIG_IBSS_RSN
592 ibss_rsn_deinit(wpa_s
->ibss_rsn
);
593 wpa_s
->ibss_rsn
= NULL
;
594 #endif /* CONFIG_IBSS_RSN */
599 wpa_supplicant_ap_deinit(wpa_s
);
600 #endif /* CONFIG_AP */
602 wpas_p2p_deinit(wpa_s
);
604 #ifdef CONFIG_OFFCHANNEL
605 offchannel_deinit(wpa_s
);
606 #endif /* CONFIG_OFFCHANNEL */
608 wpa_supplicant_cancel_sched_scan(wpa_s
);
610 os_free(wpa_s
->next_scan_freqs
);
611 wpa_s
->next_scan_freqs
= NULL
;
613 os_free(wpa_s
->manual_scan_freqs
);
614 wpa_s
->manual_scan_freqs
= NULL
;
615 os_free(wpa_s
->select_network_scan_freqs
);
616 wpa_s
->select_network_scan_freqs
= NULL
;
618 os_free(wpa_s
->manual_sched_scan_freqs
);
619 wpa_s
->manual_sched_scan_freqs
= NULL
;
621 wpas_mac_addr_rand_scan_clear(wpa_s
, MAC_ADDR_RAND_ALL
);
624 * Need to remove any pending gas-query radio work before the
625 * gas_query_deinit() call because gas_query::work has not yet been set
626 * for works that have not been started. gas_query_free() will be unable
627 * to cancel such pending radio works and once the pending gas-query
628 * radio work eventually gets removed, the deinit notification call to
629 * gas_query_start_cb() would result in dereferencing freed memory.
632 radio_remove_works(wpa_s
, "gas-query", 0);
633 gas_query_deinit(wpa_s
->gas
);
635 gas_server_deinit(wpa_s
->gas_server
);
636 wpa_s
->gas_server
= NULL
;
638 free_hw_features(wpa_s
);
640 ieee802_1x_dealloc_kay_sm(wpa_s
);
642 os_free(wpa_s
->bssid_filter
);
643 wpa_s
->bssid_filter
= NULL
;
645 os_free(wpa_s
->disallow_aps_bssid
);
646 wpa_s
->disallow_aps_bssid
= NULL
;
647 os_free(wpa_s
->disallow_aps_ssid
);
648 wpa_s
->disallow_aps_ssid
= NULL
;
650 wnm_bss_keep_alive_deinit(wpa_s
);
652 wnm_deallocate_memory(wpa_s
);
653 #endif /* CONFIG_WNM */
655 ext_password_deinit(wpa_s
->ext_pw
);
656 wpa_s
->ext_pw
= NULL
;
658 wpabuf_free(wpa_s
->last_gas_resp
);
659 wpa_s
->last_gas_resp
= NULL
;
660 wpabuf_free(wpa_s
->prev_gas_resp
);
661 wpa_s
->prev_gas_resp
= NULL
;
663 os_free(wpa_s
->last_scan_res
);
664 wpa_s
->last_scan_res
= NULL
;
668 wpa_drv_configure_frame_filters(wpa_s
, 0);
670 #endif /* CONFIG_HS20 */
672 for (i
= 0; i
< NUM_VENDOR_ELEM_FRAMES
; i
++) {
673 wpabuf_free(wpa_s
->vendor_elem
[i
]);
674 wpa_s
->vendor_elem
[i
] = NULL
;
677 wmm_ac_notify_disassoc(wpa_s
);
679 wpa_s
->sched_scan_plans_num
= 0;
680 os_free(wpa_s
->sched_scan_plans
);
681 wpa_s
->sched_scan_plans
= NULL
;
684 wpa_s
->non_pref_chan_num
= 0;
685 os_free(wpa_s
->non_pref_chan
);
686 wpa_s
->non_pref_chan
= NULL
;
687 #endif /* CONFIG_MBO */
689 free_bss_tmp_disallowed(wpa_s
);
691 wpabuf_free(wpa_s
->lci
);
693 wpas_clear_beacon_rep_data(wpa_s
);
695 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
698 struct external_pmksa_cache
*entry
;
700 while ((entry
= dl_list_last(&wpa_s
->mesh_external_pmksa_cache
,
701 struct external_pmksa_cache
,
703 dl_list_del(&entry
->list
);
704 os_free(entry
->pmksa_cache
);
708 #endif /* CONFIG_MESH */
709 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
711 wpas_flush_fils_hlp_req(wpa_s
);
713 wpabuf_free(wpa_s
->ric_ies
);
714 wpa_s
->ric_ies
= NULL
;
717 wpas_dpp_deinit(wpa_s
);
718 dpp_global_deinit(wpa_s
->dpp
);
720 #endif /* CONFIG_DPP */
725 * wpa_clear_keys - Clear keys configured for the driver
726 * @wpa_s: Pointer to wpa_supplicant data
727 * @addr: Previously used BSSID or %NULL if not available
729 * This function clears the encryption keys that has been previously configured
732 void wpa_clear_keys(struct wpa_supplicant
*wpa_s
, const u8
*addr
)
736 /* MLME-DELETEKEYS.request */
737 for (i
= 0; i
< max
; i
++) {
738 if (wpa_s
->keys_cleared
& BIT(i
))
740 wpa_drv_set_key(wpa_s
, WPA_ALG_NONE
, NULL
, i
, 0, NULL
, 0,
741 NULL
, 0, KEY_FLAG_GROUP
);
743 if (!(wpa_s
->keys_cleared
& BIT(0)) && addr
&&
744 !is_zero_ether_addr(addr
)) {
745 wpa_drv_set_key(wpa_s
, WPA_ALG_NONE
, addr
, 0, 0, NULL
, 0, NULL
,
746 0, KEY_FLAG_PAIRWISE
);
747 /* MLME-SETPROTECTION.request(None) */
748 wpa_drv_mlme_setprotection(
750 MLME_SETPROTECTION_PROTECT_TYPE_NONE
,
751 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE
);
753 wpa_s
->keys_cleared
= (u32
) -1;
758 * wpa_supplicant_state_txt - Get the connection state name as a text string
759 * @state: State (wpa_state; WPA_*)
760 * Returns: The state name as a printable text string
762 const char * wpa_supplicant_state_txt(enum wpa_states state
)
765 case WPA_DISCONNECTED
:
766 return "DISCONNECTED";
769 case WPA_INTERFACE_DISABLED
:
770 return "INTERFACE_DISABLED";
773 case WPA_AUTHENTICATING
:
774 return "AUTHENTICATING";
775 case WPA_ASSOCIATING
:
776 return "ASSOCIATING";
779 case WPA_4WAY_HANDSHAKE
:
780 return "4WAY_HANDSHAKE";
781 case WPA_GROUP_HANDSHAKE
:
782 return "GROUP_HANDSHAKE";
793 static void wpa_supplicant_start_bgscan(struct wpa_supplicant
*wpa_s
)
797 if (wpa_s
->current_ssid
&& wpa_s
->current_ssid
->bgscan
)
798 name
= wpa_s
->current_ssid
->bgscan
;
800 name
= wpa_s
->conf
->bgscan
;
801 if (name
== NULL
|| name
[0] == '\0')
803 if (wpas_driver_bss_selection(wpa_s
))
805 if (wpa_s
->current_ssid
== wpa_s
->bgscan_ssid
)
808 if (wpa_s
->p2p_group_interface
!= NOT_P2P_GROUP_INTERFACE
)
810 #endif /* CONFIG_P2P */
812 bgscan_deinit(wpa_s
);
813 if (wpa_s
->current_ssid
) {
814 if (bgscan_init(wpa_s
, wpa_s
->current_ssid
, name
)) {
815 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize "
818 * Live without bgscan; it is only used as a roaming
819 * optimization, so the initial connection is not
823 struct wpa_scan_results
*scan_res
;
824 wpa_s
->bgscan_ssid
= wpa_s
->current_ssid
;
825 scan_res
= wpa_supplicant_get_scan_results(wpa_s
, NULL
,
828 bgscan_notify_scan(wpa_s
, scan_res
);
829 wpa_scan_results_free(scan_res
);
833 wpa_s
->bgscan_ssid
= NULL
;
837 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant
*wpa_s
)
839 if (wpa_s
->bgscan_ssid
!= NULL
) {
840 bgscan_deinit(wpa_s
);
841 wpa_s
->bgscan_ssid
= NULL
;
845 #endif /* CONFIG_BGSCAN */
848 static void wpa_supplicant_start_autoscan(struct wpa_supplicant
*wpa_s
)
850 if (autoscan_init(wpa_s
, 0))
851 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize autoscan");
855 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant
*wpa_s
)
857 autoscan_deinit(wpa_s
);
861 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant
*wpa_s
)
863 if (wpa_s
->wpa_state
== WPA_DISCONNECTED
||
864 wpa_s
->wpa_state
== WPA_SCANNING
) {
865 autoscan_deinit(wpa_s
);
866 wpa_supplicant_start_autoscan(wpa_s
);
872 * wpa_supplicant_set_state - Set current connection state
873 * @wpa_s: Pointer to wpa_supplicant data
874 * @state: The new connection state
876 * This function is called whenever the connection state changes, e.g.,
877 * association is completed for WPA/WPA2 4-Way Handshake is started.
879 void wpa_supplicant_set_state(struct wpa_supplicant
*wpa_s
,
880 enum wpa_states state
)
882 enum wpa_states old_state
= wpa_s
->wpa_state
;
883 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
884 Boolean update_fils_connect_params
= FALSE
;
885 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
887 wpa_dbg(wpa_s
, MSG_DEBUG
, "State: %s -> %s",
888 wpa_supplicant_state_txt(wpa_s
->wpa_state
),
889 wpa_supplicant_state_txt(state
));
891 if (state
== WPA_COMPLETED
&&
892 os_reltime_initialized(&wpa_s
->roam_start
)) {
893 os_reltime_age(&wpa_s
->roam_start
, &wpa_s
->roam_time
);
894 wpa_s
->roam_start
.sec
= 0;
895 wpa_s
->roam_start
.usec
= 0;
896 wpas_notify_auth_changed(wpa_s
);
897 wpas_notify_roam_time(wpa_s
);
898 wpas_notify_roam_complete(wpa_s
);
899 } else if (state
== WPA_DISCONNECTED
&&
900 os_reltime_initialized(&wpa_s
->roam_start
)) {
901 wpa_s
->roam_start
.sec
= 0;
902 wpa_s
->roam_start
.usec
= 0;
903 wpa_s
->roam_time
.sec
= 0;
904 wpa_s
->roam_time
.usec
= 0;
905 wpas_notify_roam_complete(wpa_s
);
908 if (state
== WPA_INTERFACE_DISABLED
) {
909 /* Assure normal scan when interface is restored */
910 wpa_s
->normal_scans
= 0;
913 if (state
== WPA_COMPLETED
) {
914 wpas_connect_work_done(wpa_s
);
915 /* Reinitialize normal_scan counter */
916 wpa_s
->normal_scans
= 0;
921 * P2PS client has to reply to Probe Request frames received on the
922 * group operating channel. Enable Probe Request frame reporting for
923 * P2P connected client in case p2p_cli_probe configuration property is
926 if (wpa_s
->conf
->p2p_cli_probe
&& wpa_s
->current_ssid
&&
927 wpa_s
->current_ssid
->mode
== WPAS_MODE_INFRA
&&
928 wpa_s
->current_ssid
->p2p_group
) {
929 if (state
== WPA_COMPLETED
&& !wpa_s
->p2p_cli_probe
) {
930 wpa_dbg(wpa_s
, MSG_DEBUG
,
931 "P2P: Enable CLI Probe Request RX reporting");
932 wpa_s
->p2p_cli_probe
=
933 wpa_drv_probe_req_report(wpa_s
, 1) >= 0;
934 } else if (state
!= WPA_COMPLETED
&& wpa_s
->p2p_cli_probe
) {
935 wpa_dbg(wpa_s
, MSG_DEBUG
,
936 "P2P: Disable CLI Probe Request RX reporting");
937 wpa_s
->p2p_cli_probe
= 0;
938 wpa_drv_probe_req_report(wpa_s
, 0);
941 #endif /* CONFIG_P2P */
943 if (state
!= WPA_SCANNING
)
944 wpa_supplicant_notify_scanning(wpa_s
, 0);
946 if (state
== WPA_COMPLETED
&& wpa_s
->new_connection
) {
947 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
948 int fils_hlp_sent
= 0;
951 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
952 wpa_auth_alg_fils(wpa_s
->sme
.auth_alg
))
954 #endif /* CONFIG_SME */
955 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
956 wpa_auth_alg_fils(wpa_s
->auth_alg
))
959 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
960 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_CONNECTED
"- Connection to "
961 MACSTR
" completed [id=%d id_str=%s%s]",
962 MAC2STR(wpa_s
->bssid
),
963 ssid
? ssid
->id
: -1,
964 ssid
&& ssid
->id_str
? ssid
->id_str
: "",
965 fils_hlp_sent
? " FILS_HLP_SENT" : "");
966 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
967 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
968 wpa_blacklist_clear(wpa_s
);
969 wpa_s
->extra_blacklist_count
= 0;
970 wpa_s
->new_connection
= 0;
971 wpa_drv_set_operstate(wpa_s
, 1);
972 #ifndef IEEE8021X_EAPOL
973 wpa_drv_set_supp_port(wpa_s
, 1);
974 #endif /* IEEE8021X_EAPOL */
975 wpa_s
->after_wps
= 0;
976 wpa_s
->known_wps_freq
= 0;
977 wpas_p2p_completed(wpa_s
);
979 sme_sched_obss_scan(wpa_s
, 1);
981 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
982 if (!fils_hlp_sent
&& ssid
&& ssid
->eap
.erp
)
983 update_fils_connect_params
= TRUE
;
984 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
986 if (ssid
&& (ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
))
987 wpas_update_owe_connect_params(wpa_s
);
988 #endif /* CONFIG_OWE */
989 } else if (state
== WPA_DISCONNECTED
|| state
== WPA_ASSOCIATING
||
990 state
== WPA_ASSOCIATED
) {
991 wpa_s
->new_connection
= 1;
992 wpa_drv_set_operstate(wpa_s
, 0);
993 #ifndef IEEE8021X_EAPOL
994 wpa_drv_set_supp_port(wpa_s
, 0);
995 #endif /* IEEE8021X_EAPOL */
996 sme_sched_obss_scan(wpa_s
, 0);
998 wpa_s
->wpa_state
= state
;
1000 #ifdef CONFIG_BGSCAN
1001 if (state
== WPA_COMPLETED
)
1002 wpa_supplicant_start_bgscan(wpa_s
);
1003 else if (state
< WPA_ASSOCIATED
)
1004 wpa_supplicant_stop_bgscan(wpa_s
);
1005 #endif /* CONFIG_BGSCAN */
1007 if (state
> WPA_SCANNING
)
1008 wpa_supplicant_stop_autoscan(wpa_s
);
1010 if (state
== WPA_DISCONNECTED
|| state
== WPA_INACTIVE
)
1011 wpa_supplicant_start_autoscan(wpa_s
);
1013 if (old_state
>= WPA_ASSOCIATED
&& wpa_s
->wpa_state
< WPA_ASSOCIATED
)
1014 wmm_ac_notify_disassoc(wpa_s
);
1016 if (wpa_s
->wpa_state
!= old_state
) {
1017 wpas_notify_state_changed(wpa_s
, wpa_s
->wpa_state
, old_state
);
1020 * Notify the P2P Device interface about a state change in one
1021 * of the interfaces.
1023 wpas_p2p_indicate_state_change(wpa_s
);
1025 if (wpa_s
->wpa_state
== WPA_COMPLETED
||
1026 old_state
== WPA_COMPLETED
)
1027 wpas_notify_auth_changed(wpa_s
);
1029 if (wpa_s
->wpa_state
== WPA_COMPLETED
)
1030 wpas_dpp_connected(wpa_s
);
1031 #endif /* CONFIG_DPP2 */
1033 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
1034 if (update_fils_connect_params
)
1035 wpas_update_fils_connect_params(wpa_s
);
1036 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
1040 void wpa_supplicant_terminate_proc(struct wpa_global
*global
)
1044 struct wpa_supplicant
*wpa_s
= global
->ifaces
;
1046 struct wpa_supplicant
*next
= wpa_s
->next
;
1047 if (wpas_wps_terminate_pending(wpa_s
) == 1)
1050 if (wpa_s
->p2p_group_interface
!= NOT_P2P_GROUP_INTERFACE
||
1051 (wpa_s
->current_ssid
&& wpa_s
->current_ssid
->p2p_group
))
1052 wpas_p2p_disconnect(wpa_s
);
1053 #endif /* CONFIG_P2P */
1056 #endif /* CONFIG_WPS */
1063 static void wpa_supplicant_terminate(int sig
, void *signal_ctx
)
1065 struct wpa_global
*global
= signal_ctx
;
1066 wpa_supplicant_terminate_proc(global
);
1070 void wpa_supplicant_clear_status(struct wpa_supplicant
*wpa_s
)
1072 enum wpa_states old_state
= wpa_s
->wpa_state
;
1074 wpa_s
->pairwise_cipher
= 0;
1075 wpa_s
->group_cipher
= 0;
1076 wpa_s
->mgmt_group_cipher
= 0;
1077 wpa_s
->key_mgmt
= 0;
1078 if (wpa_s
->wpa_state
!= WPA_INTERFACE_DISABLED
)
1079 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
1081 if (wpa_s
->wpa_state
!= old_state
)
1082 wpas_notify_state_changed(wpa_s
, wpa_s
->wpa_state
, old_state
);
1087 * wpa_supplicant_reload_configuration - Reload configuration data
1088 * @wpa_s: Pointer to wpa_supplicant data
1089 * Returns: 0 on success or -1 if configuration parsing failed
1091 * This function can be used to request that the configuration data is reloaded
1092 * (e.g., after configuration file change). This function is reloading
1093 * configuration only for one interface, so this may need to be called multiple
1094 * times if %wpa_supplicant is controlling multiple interfaces and all
1095 * interfaces need reconfiguration.
1097 int wpa_supplicant_reload_configuration(struct wpa_supplicant
*wpa_s
)
1099 struct wpa_config
*conf
;
1103 if (wpa_s
->confname
== NULL
)
1105 conf
= wpa_config_read(wpa_s
->confname
, NULL
);
1107 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to parse the configuration "
1108 "file '%s' - exiting", wpa_s
->confname
);
1111 if (wpa_s
->confanother
&&
1112 !wpa_config_read(wpa_s
->confanother
, conf
)) {
1113 wpa_msg(wpa_s
, MSG_ERROR
,
1114 "Failed to parse the configuration file '%s' - exiting",
1115 wpa_s
->confanother
);
1119 conf
->changed_parameters
= (unsigned int) -1;
1121 reconf_ctrl
= !!conf
->ctrl_interface
!= !!wpa_s
->conf
->ctrl_interface
1122 || (conf
->ctrl_interface
&& wpa_s
->conf
->ctrl_interface
&&
1123 os_strcmp(conf
->ctrl_interface
,
1124 wpa_s
->conf
->ctrl_interface
) != 0);
1126 if (reconf_ctrl
&& wpa_s
->ctrl_iface
) {
1127 wpa_supplicant_ctrl_iface_deinit(wpa_s
->ctrl_iface
);
1128 wpa_s
->ctrl_iface
= NULL
;
1131 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
1132 if (wpa_s
->current_ssid
) {
1133 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
1134 wpa_s
->own_disconnect_req
= 1;
1135 wpa_supplicant_deauthenticate(wpa_s
,
1136 WLAN_REASON_DEAUTH_LEAVING
);
1140 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1141 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1143 if (wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
1144 wpa_s
->key_mgmt
== WPA_KEY_MGMT_OWE
||
1145 wpa_s
->key_mgmt
== WPA_KEY_MGMT_DPP
) {
1147 * Clear forced success to clear EAP state for next
1150 eapol_sm_notify_eap_success(wpa_s
->eapol
, FALSE
);
1152 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
1153 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
1154 wpa_sm_pmksa_cache_flush(wpa_s
->wpa
, NULL
);
1155 wpa_sm_set_fast_reauth(wpa_s
->wpa
, wpa_s
->conf
->fast_reauth
);
1156 rsn_preauth_deinit(wpa_s
->wpa
);
1158 old_ap_scan
= wpa_s
->conf
->ap_scan
;
1159 wpa_config_free(wpa_s
->conf
);
1161 if (old_ap_scan
!= wpa_s
->conf
->ap_scan
)
1162 wpas_notify_ap_scan_changed(wpa_s
);
1165 wpa_s
->ctrl_iface
= wpa_supplicant_ctrl_iface_init(wpa_s
);
1167 wpa_supplicant_update_config(wpa_s
);
1169 wpa_supplicant_clear_status(wpa_s
);
1170 if (wpa_supplicant_enabled_networks(wpa_s
)) {
1171 wpa_s
->reassociate
= 1;
1172 wpa_supplicant_req_scan(wpa_s
, 0, 0);
1174 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reconfiguration completed");
1179 static void wpa_supplicant_reconfig(int sig
, void *signal_ctx
)
1181 struct wpa_global
*global
= signal_ctx
;
1182 struct wpa_supplicant
*wpa_s
;
1183 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
1184 wpa_dbg(wpa_s
, MSG_DEBUG
, "Signal %d received - reconfiguring",
1186 if (wpa_supplicant_reload_configuration(wpa_s
) < 0) {
1187 wpa_supplicant_terminate_proc(global
);
1191 if (wpa_debug_reopen_file() < 0) {
1192 /* Ignore errors since we cannot really do much to fix this */
1193 wpa_printf(MSG_DEBUG
, "Could not reopen debug log file");
1198 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant
*wpa_s
,
1199 struct wpa_ssid
*ssid
,
1200 struct wpa_ie_data
*ie
)
1202 int ret
= wpa_sm_parse_own_wpa_ie(wpa_s
->wpa
, ie
);
1205 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Failed to parse WPA IE "
1206 "from association info");
1211 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Using WPA IE from AssocReq to set "
1213 if (!(ie
->group_cipher
& ssid
->group_cipher
)) {
1214 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled group "
1215 "cipher 0x%x (mask 0x%x) - reject",
1216 ie
->group_cipher
, ssid
->group_cipher
);
1219 if (!(ie
->pairwise_cipher
& ssid
->pairwise_cipher
)) {
1220 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled pairwise "
1221 "cipher 0x%x (mask 0x%x) - reject",
1222 ie
->pairwise_cipher
, ssid
->pairwise_cipher
);
1225 if (!(ie
->key_mgmt
& ssid
->key_mgmt
)) {
1226 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled key "
1227 "management 0x%x (mask 0x%x) - reject",
1228 ie
->key_mgmt
, ssid
->key_mgmt
);
1232 if (!(ie
->capabilities
& WPA_CAPABILITY_MFPC
) &&
1233 wpas_get_ssid_pmf(wpa_s
, ssid
) == MGMT_FRAME_PROTECTION_REQUIRED
) {
1234 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver associated with an AP "
1235 "that does not support management frame protection - "
1244 static int matching_ciphers(struct wpa_ssid
*ssid
, struct wpa_ie_data
*ie
,
1248 ie
->group_cipher
= wpa_default_rsn_cipher(freq
);
1249 if (!ie
->has_pairwise
)
1250 ie
->pairwise_cipher
= wpa_default_rsn_cipher(freq
);
1251 return (ie
->group_cipher
& ssid
->group_cipher
) &&
1252 (ie
->pairwise_cipher
& ssid
->pairwise_cipher
);
1257 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1258 * @wpa_s: Pointer to wpa_supplicant data
1259 * @bss: Scan results for the selected BSS, or %NULL if not available
1260 * @ssid: Configuration data for the selected network
1261 * @wpa_ie: Buffer for the WPA/RSN IE
1262 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1263 * used buffer length in case the functions returns success.
1264 * Returns: 0 on success or -1 on failure
1266 * This function is used to configure authentication and encryption parameters
1267 * based on the network configuration and scan result for the selected BSS (if
1270 int wpa_supplicant_set_suites(struct wpa_supplicant
*wpa_s
,
1271 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
,
1272 u8
*wpa_ie
, size_t *wpa_ie_len
)
1274 struct wpa_ie_data ie
;
1276 const u8
*bss_wpa
, *bss_rsn
, *bss_rsnx
, *bss_osen
;
1279 bss_wpa
= wpa_bss_get_vendor_ie(bss
, WPA_IE_VENDOR_TYPE
);
1280 bss_rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
1281 bss_rsnx
= wpa_bss_get_ie(bss
, WLAN_EID_RSNX
);
1282 bss_osen
= wpa_bss_get_vendor_ie(bss
, OSEN_IE_VENDOR_TYPE
);
1284 bss_wpa
= bss_rsn
= bss_rsnx
= bss_osen
= NULL
;
1287 if (bss_rsn
&& (ssid
->proto
& WPA_PROTO_RSN
) &&
1288 wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
) == 0 &&
1289 matching_ciphers(ssid
, &ie
, bss
->freq
) &&
1290 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1291 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using IEEE 802.11i/D9.0");
1292 proto
= WPA_PROTO_RSN
;
1293 } else if (bss_wpa
&& (ssid
->proto
& WPA_PROTO_WPA
) &&
1294 wpa_parse_wpa_ie(bss_wpa
, 2 + bss_wpa
[1], &ie
) == 0 &&
1295 (ie
.group_cipher
& ssid
->group_cipher
) &&
1296 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1297 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1298 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using IEEE 802.11i/D3.0");
1299 proto
= WPA_PROTO_WPA
;
1301 } else if (bss_osen
&& (ssid
->proto
& WPA_PROTO_OSEN
) &&
1302 wpa_parse_wpa_ie(bss_osen
, 2 + bss_osen
[1], &ie
) == 0 &&
1303 (ie
.group_cipher
& ssid
->group_cipher
) &&
1304 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1305 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1306 wpa_dbg(wpa_s
, MSG_DEBUG
, "HS 2.0: using OSEN");
1307 proto
= WPA_PROTO_OSEN
;
1308 } else if (bss_rsn
&& (ssid
->proto
& WPA_PROTO_OSEN
) &&
1309 wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
) == 0 &&
1310 (ie
.group_cipher
& ssid
->group_cipher
) &&
1311 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1312 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1313 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using OSEN (within RSN)");
1314 proto
= WPA_PROTO_RSN
;
1315 #endif /* CONFIG_HS20 */
1317 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select WPA/RSN");
1318 wpa_dbg(wpa_s
, MSG_DEBUG
,
1319 "WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1320 ssid
->proto
, ssid
->pairwise_cipher
, ssid
->group_cipher
,
1322 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: BSS " MACSTR
" ssid='%s'%s%s%s",
1323 MAC2STR(bss
->bssid
),
1324 wpa_ssid_txt(bss
->ssid
, bss
->ssid_len
),
1325 bss_wpa
? " WPA" : "",
1326 bss_rsn
? " RSN" : "",
1327 bss_osen
? " OSEN" : "");
1329 wpa_hexdump(MSG_DEBUG
, "RSN", bss_rsn
, 2 + bss_rsn
[1]);
1330 if (wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
)) {
1331 wpa_dbg(wpa_s
, MSG_DEBUG
,
1332 "Could not parse RSN element");
1334 wpa_dbg(wpa_s
, MSG_DEBUG
,
1335 "RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1336 ie
.pairwise_cipher
, ie
.group_cipher
,
1341 wpa_hexdump(MSG_DEBUG
, "WPA", bss_wpa
, 2 + bss_wpa
[1]);
1342 if (wpa_parse_wpa_ie(bss_wpa
, 2 + bss_wpa
[1], &ie
)) {
1343 wpa_dbg(wpa_s
, MSG_DEBUG
,
1344 "Could not parse WPA element");
1346 wpa_dbg(wpa_s
, MSG_DEBUG
,
1347 "WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1348 ie
.pairwise_cipher
, ie
.group_cipher
,
1354 if (ssid
->proto
& WPA_PROTO_OSEN
)
1355 proto
= WPA_PROTO_OSEN
;
1356 else if (ssid
->proto
& WPA_PROTO_RSN
)
1357 proto
= WPA_PROTO_RSN
;
1359 proto
= WPA_PROTO_WPA
;
1360 if (wpa_supplicant_suites_from_ai(wpa_s
, ssid
, &ie
) < 0) {
1361 os_memset(&ie
, 0, sizeof(ie
));
1362 ie
.group_cipher
= ssid
->group_cipher
;
1363 ie
.pairwise_cipher
= ssid
->pairwise_cipher
;
1364 ie
.key_mgmt
= ssid
->key_mgmt
;
1365 ie
.mgmt_group_cipher
= 0;
1366 if (ssid
->ieee80211w
!= NO_MGMT_FRAME_PROTECTION
) {
1367 if (ssid
->group_mgmt_cipher
&
1368 WPA_CIPHER_BIP_GMAC_256
)
1369 ie
.mgmt_group_cipher
=
1370 WPA_CIPHER_BIP_GMAC_256
;
1371 else if (ssid
->group_mgmt_cipher
&
1372 WPA_CIPHER_BIP_CMAC_256
)
1373 ie
.mgmt_group_cipher
=
1374 WPA_CIPHER_BIP_CMAC_256
;
1375 else if (ssid
->group_mgmt_cipher
&
1376 WPA_CIPHER_BIP_GMAC_128
)
1377 ie
.mgmt_group_cipher
=
1378 WPA_CIPHER_BIP_GMAC_128
;
1380 ie
.mgmt_group_cipher
=
1381 WPA_CIPHER_AES_128_CMAC
;
1384 if ((ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
) &&
1386 !bss_wpa
&& !bss_rsn
&& !bss_osen
) {
1387 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
1388 wpa_s
->wpa_proto
= 0;
1392 #endif /* CONFIG_OWE */
1393 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Set cipher suites "
1394 "based on configuration");
1399 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected cipher suites: group %d "
1400 "pairwise %d key_mgmt %d proto %d",
1401 ie
.group_cipher
, ie
.pairwise_cipher
, ie
.key_mgmt
, proto
);
1402 if (ssid
->ieee80211w
) {
1403 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected mgmt group cipher %d",
1404 ie
.mgmt_group_cipher
);
1407 wpa_s
->wpa_proto
= proto
;
1408 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PROTO
, proto
);
1409 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_RSN_ENABLED
,
1410 !!(ssid
->proto
& (WPA_PROTO_RSN
| WPA_PROTO_OSEN
)));
1412 if (bss
|| !wpa_s
->ap_ies_from_associnfo
) {
1413 if (wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, bss_wpa
,
1414 bss_wpa
? 2 + bss_wpa
[1] : 0) ||
1415 wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, bss_rsn
,
1416 bss_rsn
? 2 + bss_rsn
[1] : 0) ||
1417 wpa_sm_set_ap_rsnxe(wpa_s
->wpa
, bss_rsnx
,
1418 bss_rsnx
? 2 + bss_rsnx
[1] : 0))
1422 #ifdef CONFIG_NO_WPA
1423 wpa_s
->group_cipher
= WPA_CIPHER_NONE
;
1424 wpa_s
->pairwise_cipher
= WPA_CIPHER_NONE
;
1425 #else /* CONFIG_NO_WPA */
1426 sel
= ie
.group_cipher
& ssid
->group_cipher
;
1427 wpa_dbg(wpa_s
, MSG_DEBUG
,
1428 "WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
1429 ie
.group_cipher
, ssid
->group_cipher
, sel
);
1430 wpa_s
->group_cipher
= wpa_pick_group_cipher(sel
);
1431 if (wpa_s
->group_cipher
< 0) {
1432 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select group "
1436 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using GTK %s",
1437 wpa_cipher_txt(wpa_s
->group_cipher
));
1439 sel
= ie
.pairwise_cipher
& ssid
->pairwise_cipher
;
1440 wpa_dbg(wpa_s
, MSG_DEBUG
,
1441 "WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
1442 ie
.pairwise_cipher
, ssid
->pairwise_cipher
, sel
);
1443 wpa_s
->pairwise_cipher
= wpa_pick_pairwise_cipher(sel
, 1);
1444 if (wpa_s
->pairwise_cipher
< 0) {
1445 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select pairwise "
1449 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using PTK %s",
1450 wpa_cipher_txt(wpa_s
->pairwise_cipher
));
1451 #endif /* CONFIG_NO_WPA */
1453 sel
= ie
.key_mgmt
& ssid
->key_mgmt
;
1454 wpa_dbg(wpa_s
, MSG_DEBUG
,
1455 "WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
1456 ie
.key_mgmt
, ssid
->key_mgmt
, sel
);
1458 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SAE
))
1459 sel
&= ~(WPA_KEY_MGMT_SAE
| WPA_KEY_MGMT_FT_SAE
);
1460 #endif /* CONFIG_SAE */
1462 #ifdef CONFIG_IEEE80211R
1463 #ifdef CONFIG_SHA384
1464 } else if ((sel
& WPA_KEY_MGMT_FT_IEEE8021X_SHA384
) &&
1465 os_strcmp(wpa_supplicant_get_eap_mode(wpa_s
), "LEAP") != 0) {
1466 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_IEEE8021X_SHA384
;
1467 wpa_dbg(wpa_s
, MSG_DEBUG
,
1468 "WPA: using KEY_MGMT FT/802.1X-SHA384");
1469 if (!ssid
->ft_eap_pmksa_caching
&&
1470 pmksa_cache_get_current(wpa_s
->wpa
)) {
1471 /* PMKSA caching with FT may have interoperability
1472 * issues, so disable that case by default for now. */
1473 wpa_dbg(wpa_s
, MSG_DEBUG
,
1474 "WPA: Disable PMKSA caching for FT/802.1X connection");
1475 pmksa_cache_clear_current(wpa_s
->wpa
);
1477 #endif /* CONFIG_SHA384 */
1478 #endif /* CONFIG_IEEE80211R */
1479 #ifdef CONFIG_SUITEB192
1480 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
) {
1481 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
;
1482 wpa_dbg(wpa_s
, MSG_DEBUG
,
1483 "WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1484 #endif /* CONFIG_SUITEB192 */
1485 #ifdef CONFIG_SUITEB
1486 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SUITE_B
) {
1487 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SUITE_B
;
1488 wpa_dbg(wpa_s
, MSG_DEBUG
,
1489 "WPA: using KEY_MGMT 802.1X with Suite B");
1490 #endif /* CONFIG_SUITEB */
1492 #ifdef CONFIG_IEEE80211R
1493 } else if (sel
& WPA_KEY_MGMT_FT_FILS_SHA384
) {
1494 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_FILS_SHA384
;
1495 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT-FILS-SHA384");
1496 } else if (sel
& WPA_KEY_MGMT_FT_FILS_SHA256
) {
1497 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_FILS_SHA256
;
1498 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT-FILS-SHA256");
1499 #endif /* CONFIG_IEEE80211R */
1500 } else if (sel
& WPA_KEY_MGMT_FILS_SHA384
) {
1501 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FILS_SHA384
;
1502 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FILS-SHA384");
1503 } else if (sel
& WPA_KEY_MGMT_FILS_SHA256
) {
1504 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FILS_SHA256
;
1505 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FILS-SHA256");
1506 #endif /* CONFIG_FILS */
1507 #ifdef CONFIG_IEEE80211R
1508 } else if ((sel
& WPA_KEY_MGMT_FT_IEEE8021X
) &&
1509 os_strcmp(wpa_supplicant_get_eap_mode(wpa_s
), "LEAP") != 0) {
1510 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_IEEE8021X
;
1511 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT/802.1X");
1512 if (!ssid
->ft_eap_pmksa_caching
&&
1513 pmksa_cache_get_current(wpa_s
->wpa
)) {
1514 /* PMKSA caching with FT may have interoperability
1515 * issues, so disable that case by default for now. */
1516 wpa_dbg(wpa_s
, MSG_DEBUG
,
1517 "WPA: Disable PMKSA caching for FT/802.1X connection");
1518 pmksa_cache_clear_current(wpa_s
->wpa
);
1520 #endif /* CONFIG_IEEE80211R */
1522 } else if (sel
& WPA_KEY_MGMT_DPP
) {
1523 wpa_s
->key_mgmt
= WPA_KEY_MGMT_DPP
;
1524 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT DPP");
1525 #endif /* CONFIG_DPP */
1527 } else if (sel
& WPA_KEY_MGMT_FT_SAE
) {
1528 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_SAE
;
1529 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT FT/SAE");
1530 } else if (sel
& WPA_KEY_MGMT_SAE
) {
1531 wpa_s
->key_mgmt
= WPA_KEY_MGMT_SAE
;
1532 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT SAE");
1533 #endif /* CONFIG_SAE */
1534 #ifdef CONFIG_IEEE80211R
1535 } else if (sel
& WPA_KEY_MGMT_FT_PSK
) {
1536 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_PSK
;
1537 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT/PSK");
1538 #endif /* CONFIG_IEEE80211R */
1539 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SHA256
) {
1540 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SHA256
;
1541 wpa_dbg(wpa_s
, MSG_DEBUG
,
1542 "WPA: using KEY_MGMT 802.1X with SHA256");
1543 } else if (sel
& WPA_KEY_MGMT_PSK_SHA256
) {
1544 wpa_s
->key_mgmt
= WPA_KEY_MGMT_PSK_SHA256
;
1545 wpa_dbg(wpa_s
, MSG_DEBUG
,
1546 "WPA: using KEY_MGMT PSK with SHA256");
1547 } else if (sel
& WPA_KEY_MGMT_IEEE8021X
) {
1548 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X
;
1549 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT 802.1X");
1550 } else if (sel
& WPA_KEY_MGMT_PSK
) {
1551 wpa_s
->key_mgmt
= WPA_KEY_MGMT_PSK
;
1552 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT WPA-PSK");
1553 } else if (sel
& WPA_KEY_MGMT_WPA_NONE
) {
1554 wpa_s
->key_mgmt
= WPA_KEY_MGMT_WPA_NONE
;
1555 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT WPA-NONE");
1557 } else if (sel
& WPA_KEY_MGMT_OSEN
) {
1558 wpa_s
->key_mgmt
= WPA_KEY_MGMT_OSEN
;
1559 wpa_dbg(wpa_s
, MSG_DEBUG
, "HS 2.0: using KEY_MGMT OSEN");
1560 #endif /* CONFIG_HS20 */
1562 } else if (sel
& WPA_KEY_MGMT_OWE
) {
1563 wpa_s
->key_mgmt
= WPA_KEY_MGMT_OWE
;
1564 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT OWE");
1565 #endif /* CONFIG_OWE */
1567 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select "
1568 "authenticated key management type");
1572 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_KEY_MGMT
, wpa_s
->key_mgmt
);
1573 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PAIRWISE
,
1574 wpa_s
->pairwise_cipher
);
1575 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_GROUP
, wpa_s
->group_cipher
);
1577 if (!(ie
.capabilities
& WPA_CAPABILITY_MFPC
) &&
1578 wpas_get_ssid_pmf(wpa_s
, ssid
) == MGMT_FRAME_PROTECTION_REQUIRED
) {
1579 wpa_msg(wpa_s
, MSG_INFO
,
1580 "RSN: Management frame protection required but the selected AP does not enable it");
1584 sel
= ie
.mgmt_group_cipher
;
1585 if (ssid
->group_mgmt_cipher
)
1586 sel
&= ssid
->group_mgmt_cipher
;
1587 if (wpas_get_ssid_pmf(wpa_s
, ssid
) == NO_MGMT_FRAME_PROTECTION
||
1588 !(ie
.capabilities
& WPA_CAPABILITY_MFPC
))
1590 wpa_dbg(wpa_s
, MSG_DEBUG
,
1591 "WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
1592 ie
.mgmt_group_cipher
, ssid
->group_mgmt_cipher
, sel
);
1593 if (sel
& WPA_CIPHER_AES_128_CMAC
) {
1594 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_AES_128_CMAC
;
1595 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1597 } else if (sel
& WPA_CIPHER_BIP_GMAC_128
) {
1598 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_GMAC_128
;
1599 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1601 } else if (sel
& WPA_CIPHER_BIP_GMAC_256
) {
1602 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_GMAC_256
;
1603 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1605 } else if (sel
& WPA_CIPHER_BIP_CMAC_256
) {
1606 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_CMAC_256
;
1607 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1610 wpa_s
->mgmt_group_cipher
= 0;
1611 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: not using MGMT group cipher");
1613 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MGMT_GROUP
,
1614 wpa_s
->mgmt_group_cipher
);
1615 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MFP
,
1616 wpas_get_ssid_pmf(wpa_s
, ssid
));
1618 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_OCV
, ssid
->ocv
);
1619 #endif /* CONFIG_OCV */
1620 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_SAE_PWE
, wpa_s
->conf
->sae_pwe
);
1622 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s
->wpa
, wpa_ie
, wpa_ie_len
)) {
1623 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to generate WPA IE");
1627 wpa_s
->rsnxe_len
= sizeof(wpa_s
->rsnxe
);
1628 if (wpa_sm_set_assoc_rsnxe_default(wpa_s
->wpa
, wpa_s
->rsnxe
,
1629 &wpa_s
->rsnxe_len
)) {
1630 wpa_msg(wpa_s
, MSG_WARNING
, "RSN: Failed to generate RSNXE");
1636 } else if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_DPP
) {
1637 /* Use PMK from DPP network introduction (PMKSA entry) */
1638 wpa_sm_set_pmk_from_pmksa(wpa_s
->wpa
);
1639 #endif /* CONFIG_DPP */
1640 } else if (wpa_key_mgmt_wpa_psk(ssid
->key_mgmt
)) {
1644 sae_only
= (ssid
->key_mgmt
& (WPA_KEY_MGMT_PSK
|
1645 WPA_KEY_MGMT_FT_PSK
|
1646 WPA_KEY_MGMT_PSK_SHA256
)) == 0;
1648 if (ssid
->psk_set
&& !sae_only
) {
1649 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (set in config)",
1650 ssid
->psk
, PMK_LEN
);
1651 wpa_sm_set_pmk(wpa_s
->wpa
, ssid
->psk
, PMK_LEN
, NULL
,
1656 if (wpa_key_mgmt_sae(ssid
->key_mgmt
) &&
1657 (ssid
->sae_password
|| ssid
->passphrase
))
1660 #ifndef CONFIG_NO_PBKDF2
1661 if (bss
&& ssid
->bssid_set
&& ssid
->ssid_len
== 0 &&
1662 ssid
->passphrase
&& !sae_only
) {
1664 pbkdf2_sha1(ssid
->passphrase
, bss
->ssid
, bss
->ssid_len
,
1665 4096, psk
, PMK_LEN
);
1666 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (from passphrase)",
1668 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
, NULL
);
1670 os_memset(psk
, 0, sizeof(psk
));
1672 #endif /* CONFIG_NO_PBKDF2 */
1673 #ifdef CONFIG_EXT_PASSWORD
1674 if (ssid
->ext_psk
&& !sae_only
) {
1675 struct wpabuf
*pw
= ext_password_get(wpa_s
->ext_pw
,
1677 char pw_str
[64 + 1];
1681 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: No PSK "
1682 "found from external storage");
1686 if (wpabuf_len(pw
) < 8 || wpabuf_len(pw
) > 64) {
1687 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: Unexpected "
1688 "PSK length %d in external storage",
1689 (int) wpabuf_len(pw
));
1690 ext_password_free(pw
);
1694 os_memcpy(pw_str
, wpabuf_head(pw
), wpabuf_len(pw
));
1695 pw_str
[wpabuf_len(pw
)] = '\0';
1697 #ifndef CONFIG_NO_PBKDF2
1698 if (wpabuf_len(pw
) >= 8 && wpabuf_len(pw
) < 64 && bss
)
1700 pbkdf2_sha1(pw_str
, bss
->ssid
, bss
->ssid_len
,
1701 4096, psk
, PMK_LEN
);
1702 os_memset(pw_str
, 0, sizeof(pw_str
));
1703 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (from "
1704 "external passphrase)",
1706 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
,
1709 os_memset(psk
, 0, sizeof(psk
));
1711 #endif /* CONFIG_NO_PBKDF2 */
1712 if (wpabuf_len(pw
) == 2 * PMK_LEN
) {
1713 if (hexstr2bin(pw_str
, psk
, PMK_LEN
) < 0) {
1714 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: "
1715 "Invalid PSK hex string");
1716 os_memset(pw_str
, 0, sizeof(pw_str
));
1717 ext_password_free(pw
);
1720 wpa_hexdump_key(MSG_MSGDUMP
,
1721 "PSK (from external PSK)",
1723 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
,
1726 os_memset(psk
, 0, sizeof(psk
));
1728 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: No suitable "
1730 os_memset(pw_str
, 0, sizeof(pw_str
));
1731 ext_password_free(pw
);
1735 os_memset(pw_str
, 0, sizeof(pw_str
));
1736 ext_password_free(pw
);
1738 #endif /* CONFIG_EXT_PASSWORD */
1741 wpa_msg(wpa_s
, MSG_INFO
,
1742 "No PSK available for association");
1743 wpas_auth_failed(wpa_s
, "NO_PSK_AVAILABLE");
1747 } else if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_OWE
) {
1748 /* OWE Diffie-Hellman exchange in (Re)Association
1749 * Request/Response frames set the PMK, so do not override it
1751 #endif /* CONFIG_OWE */
1753 wpa_sm_set_pmk_from_pmksa(wpa_s
->wpa
);
1759 static void wpas_ext_capab_byte(struct wpa_supplicant
*wpa_s
, u8
*pos
, int idx
)
1764 case 0: /* Bits 0-7 */
1766 case 1: /* Bits 8-15 */
1767 if (wpa_s
->conf
->coloc_intf_reporting
) {
1768 /* Bit 13 - Collocated Interference Reporting */
1772 case 2: /* Bits 16-23 */
1774 *pos
|= 0x02; /* Bit 17 - WNM-Sleep Mode */
1775 if (!wpa_s
->disable_mbo_oce
&& !wpa_s
->conf
->disable_btm
)
1776 *pos
|= 0x08; /* Bit 19 - BSS Transition */
1777 #endif /* CONFIG_WNM */
1779 case 3: /* Bits 24-31 */
1781 *pos
|= 0x02; /* Bit 25 - SSID List */
1782 #endif /* CONFIG_WNM */
1783 #ifdef CONFIG_INTERWORKING
1784 if (wpa_s
->conf
->interworking
)
1785 *pos
|= 0x80; /* Bit 31 - Interworking */
1786 #endif /* CONFIG_INTERWORKING */
1788 case 4: /* Bits 32-39 */
1789 #ifdef CONFIG_INTERWORKING
1790 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_QOS_MAPPING
)
1791 *pos
|= 0x01; /* Bit 32 - QoS Map */
1792 #endif /* CONFIG_INTERWORKING */
1794 case 5: /* Bits 40-47 */
1796 if (wpa_s
->conf
->hs20
)
1797 *pos
|= 0x40; /* Bit 46 - WNM-Notification */
1798 #endif /* CONFIG_HS20 */
1800 *pos
|= 0x40; /* Bit 46 - WNM-Notification */
1801 #endif /* CONFIG_MBO */
1803 case 6: /* Bits 48-55 */
1805 case 7: /* Bits 56-63 */
1807 case 8: /* Bits 64-71 */
1808 if (wpa_s
->conf
->ftm_responder
)
1809 *pos
|= 0x40; /* Bit 70 - FTM responder */
1810 if (wpa_s
->conf
->ftm_initiator
)
1811 *pos
|= 0x80; /* Bit 71 - FTM initiator */
1813 case 9: /* Bits 72-79 */
1815 if (!wpa_s
->disable_fils
)
1817 #endif /* CONFIG_FILS */
1823 int wpas_build_ext_capab(struct wpa_supplicant
*wpa_s
, u8
*buf
, size_t buflen
)
1828 if (len
< wpa_s
->extended_capa_len
)
1829 len
= wpa_s
->extended_capa_len
;
1830 if (buflen
< (size_t) len
+ 2) {
1831 wpa_printf(MSG_INFO
,
1832 "Not enough room for building extended capabilities element");
1836 *pos
++ = WLAN_EID_EXT_CAPAB
;
1838 for (i
= 0; i
< len
; i
++, pos
++) {
1839 wpas_ext_capab_byte(wpa_s
, pos
, i
);
1841 if (i
< wpa_s
->extended_capa_len
) {
1842 *pos
&= ~wpa_s
->extended_capa_mask
[i
];
1843 *pos
|= wpa_s
->extended_capa
[i
];
1847 while (len
> 0 && buf
[1 + len
] == 0) {
1858 static int wpas_valid_bss(struct wpa_supplicant
*wpa_s
,
1859 struct wpa_bss
*test_bss
)
1861 struct wpa_bss
*bss
;
1863 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
1864 if (bss
== test_bss
)
1872 static int wpas_valid_ssid(struct wpa_supplicant
*wpa_s
,
1873 struct wpa_ssid
*test_ssid
)
1875 struct wpa_ssid
*ssid
;
1877 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
) {
1878 if (ssid
== test_ssid
)
1886 int wpas_valid_bss_ssid(struct wpa_supplicant
*wpa_s
, struct wpa_bss
*test_bss
,
1887 struct wpa_ssid
*test_ssid
)
1889 if (test_bss
&& !wpas_valid_bss(wpa_s
, test_bss
))
1892 return test_ssid
== NULL
|| wpas_valid_ssid(wpa_s
, test_ssid
);
1896 void wpas_connect_work_free(struct wpa_connect_work
*cwork
)
1904 void wpas_connect_work_done(struct wpa_supplicant
*wpa_s
)
1906 struct wpa_connect_work
*cwork
;
1907 struct wpa_radio_work
*work
= wpa_s
->connect_work
;
1912 wpa_s
->connect_work
= NULL
;
1915 wpas_connect_work_free(cwork
);
1916 radio_work_done(work
);
1920 int wpas_update_random_addr(struct wpa_supplicant
*wpa_s
, int style
)
1922 struct os_reltime now
;
1925 os_get_reltime(&now
);
1926 if (wpa_s
->last_mac_addr_style
== style
&&
1927 wpa_s
->last_mac_addr_change
.sec
!= 0 &&
1928 !os_reltime_expired(&now
, &wpa_s
->last_mac_addr_change
,
1929 wpa_s
->conf
->rand_addr_lifetime
)) {
1930 wpa_msg(wpa_s
, MSG_DEBUG
,
1931 "Previously selected random MAC address has not yet expired");
1937 if (random_mac_addr(addr
) < 0)
1941 os_memcpy(addr
, wpa_s
->perm_addr
, ETH_ALEN
);
1942 if (random_mac_addr_keep_oui(addr
) < 0)
1949 if (wpa_drv_set_mac_addr(wpa_s
, addr
) < 0) {
1950 wpa_msg(wpa_s
, MSG_INFO
,
1951 "Failed to set random MAC address");
1955 os_get_reltime(&wpa_s
->last_mac_addr_change
);
1956 wpa_s
->mac_addr_changed
= 1;
1957 wpa_s
->last_mac_addr_style
= style
;
1959 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0) {
1960 wpa_msg(wpa_s
, MSG_INFO
,
1961 "Could not update MAC address information");
1965 wpa_msg(wpa_s
, MSG_DEBUG
, "Using random MAC address " MACSTR
,
1972 int wpas_update_random_addr_disassoc(struct wpa_supplicant
*wpa_s
)
1974 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
||
1975 !wpa_s
->conf
->preassoc_mac_addr
)
1978 return wpas_update_random_addr(wpa_s
, wpa_s
->conf
->preassoc_mac_addr
);
1982 static void wpa_s_setup_sae_pt(struct wpa_config
*conf
, struct wpa_ssid
*ssid
)
1985 int *groups
= conf
->sae_groups
;
1986 int default_groups
[] = { 19, 20, 21, 0 };
1987 const char *password
;
1989 if (!groups
|| groups
[0] <= 0)
1990 groups
= default_groups
;
1992 password
= ssid
->sae_password
;
1994 password
= ssid
->passphrase
;
1996 if (conf
->sae_pwe
== 0 || !password
) {
1997 /* PT derivation not needed */
1998 sae_deinit_pt(ssid
->pt
);
2004 return; /* PT already derived */
2005 ssid
->pt
= sae_derive_pt(groups
, ssid
->ssid
, ssid
->ssid_len
,
2006 (const u8
*) password
, os_strlen(password
),
2007 ssid
->sae_password_id
);
2008 #endif /* CONFIG_SAE */
2012 static void wpa_s_clear_sae_rejected(struct wpa_supplicant
*wpa_s
)
2014 #if defined(CONFIG_SAE) && defined(CONFIG_SME)
2015 os_free(wpa_s
->sme
.sae_rejected_groups
);
2016 wpa_s
->sme
.sae_rejected_groups
= NULL
;
2017 #ifdef CONFIG_TESTING_OPTIONS
2018 if (wpa_s
->extra_sae_rejected_groups
) {
2019 int i
, *groups
= wpa_s
->extra_sae_rejected_groups
;
2021 for (i
= 0; groups
[i
]; i
++) {
2022 wpa_printf(MSG_DEBUG
,
2023 "TESTING: Indicate rejection of an extra SAE group %d",
2025 int_array_add_unique(&wpa_s
->sme
.sae_rejected_groups
,
2029 #endif /* CONFIG_TESTING_OPTIONS */
2030 #endif /* CONFIG_SAE && CONFIG_SME */
2034 static void wpas_start_assoc_cb(struct wpa_radio_work
*work
, int deinit
);
2037 * wpa_supplicant_associate - Request association
2038 * @wpa_s: Pointer to wpa_supplicant data
2039 * @bss: Scan results for the selected BSS, or %NULL if not available
2040 * @ssid: Configuration data for the selected network
2042 * This function is used to request %wpa_supplicant to associate with a BSS.
2044 void wpa_supplicant_associate(struct wpa_supplicant
*wpa_s
,
2045 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
)
2047 struct wpa_connect_work
*cwork
;
2050 wpa_s
->own_disconnect_req
= 0;
2053 * If we are starting a new connection, any previously pending EAPOL
2054 * RX cannot be valid anymore.
2056 wpabuf_free(wpa_s
->pending_eapol_rx
);
2057 wpa_s
->pending_eapol_rx
= NULL
;
2059 if (ssid
->mac_addr
== -1)
2060 rand_style
= wpa_s
->conf
->mac_addr
;
2062 rand_style
= ssid
->mac_addr
;
2064 wmm_ac_clear_saved_tspecs(wpa_s
);
2065 wpa_s
->reassoc_same_bss
= 0;
2066 wpa_s
->reassoc_same_ess
= 0;
2067 #ifdef CONFIG_TESTING_OPTIONS
2068 wpa_s
->testing_resend_assoc
= 0;
2069 #endif /* CONFIG_TESTING_OPTIONS */
2071 if (wpa_s
->last_ssid
== ssid
) {
2072 wpa_dbg(wpa_s
, MSG_DEBUG
, "Re-association to the same ESS");
2073 wpa_s
->reassoc_same_ess
= 1;
2074 if (wpa_s
->current_bss
&& wpa_s
->current_bss
== bss
) {
2075 wmm_ac_save_tspecs(wpa_s
);
2076 wpa_s
->reassoc_same_bss
= 1;
2077 } else if (wpa_s
->current_bss
&& wpa_s
->current_bss
!= bss
) {
2078 os_get_reltime(&wpa_s
->roam_start
);
2082 wpa_s_clear_sae_rejected(wpa_s
);
2083 wpa_s_setup_sae_pt(wpa_s
->conf
, ssid
);
2084 #endif /* CONFIG_SAE */
2087 if (rand_style
> 0 && !wpa_s
->reassoc_same_ess
) {
2088 if (wpas_update_random_addr(wpa_s
, rand_style
) < 0)
2090 wpa_sm_pmksa_cache_flush(wpa_s
->wpa
, ssid
);
2091 } else if (rand_style
== 0 && wpa_s
->mac_addr_changed
) {
2092 if (wpa_drv_set_mac_addr(wpa_s
, NULL
) < 0) {
2093 wpa_msg(wpa_s
, MSG_INFO
,
2094 "Could not restore permanent MAC address");
2097 wpa_s
->mac_addr_changed
= 0;
2098 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0) {
2099 wpa_msg(wpa_s
, MSG_INFO
,
2100 "Could not update MAC address information");
2103 wpa_msg(wpa_s
, MSG_DEBUG
, "Using permanent MAC address");
2105 wpa_s
->last_ssid
= ssid
;
2107 #ifdef CONFIG_IBSS_RSN
2108 ibss_rsn_deinit(wpa_s
->ibss_rsn
);
2109 wpa_s
->ibss_rsn
= NULL
;
2110 #else /* CONFIG_IBSS_RSN */
2111 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2112 !(ssid
->key_mgmt
& (WPA_KEY_MGMT_NONE
| WPA_KEY_MGMT_WPA_NONE
))) {
2113 wpa_msg(wpa_s
, MSG_INFO
,
2114 "IBSS RSN not supported in the build");
2117 #endif /* CONFIG_IBSS_RSN */
2119 if (ssid
->mode
== WPAS_MODE_AP
|| ssid
->mode
== WPAS_MODE_P2P_GO
||
2120 ssid
->mode
== WPAS_MODE_P2P_GROUP_FORMATION
) {
2122 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_AP
)) {
2123 wpa_msg(wpa_s
, MSG_INFO
, "Driver does not support AP "
2127 if (wpa_supplicant_create_ap(wpa_s
, ssid
) < 0) {
2128 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
2129 if (ssid
->mode
== WPAS_MODE_P2P_GROUP_FORMATION
)
2130 wpas_p2p_ap_setup_failed(wpa_s
);
2133 wpa_s
->current_bss
= bss
;
2134 #else /* CONFIG_AP */
2135 wpa_msg(wpa_s
, MSG_ERROR
, "AP mode support not included in "
2137 #endif /* CONFIG_AP */
2141 if (ssid
->mode
== WPAS_MODE_MESH
) {
2143 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_MESH
)) {
2144 wpa_msg(wpa_s
, MSG_INFO
,
2145 "Driver does not support mesh mode");
2149 ssid
->frequency
= bss
->freq
;
2150 if (wpa_supplicant_join_mesh(wpa_s
, ssid
) < 0) {
2151 wpa_msg(wpa_s
, MSG_ERROR
, "Could not join mesh");
2154 wpa_s
->current_bss
= bss
;
2155 wpa_msg(wpa_s
, MSG_INFO
, MESH_GROUP_STARTED
"ssid=\"%s\" id=%d",
2156 wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
),
2158 wpas_notify_mesh_group_started(wpa_s
, ssid
);
2159 #else /* CONFIG_MESH */
2160 wpa_msg(wpa_s
, MSG_ERROR
,
2161 "mesh mode support not included in the build");
2162 #endif /* CONFIG_MESH */
2167 * Set WPA state machine configuration to match the selected network now
2168 * so that the information is available before wpas_start_assoc_cb()
2169 * gets called. This is needed at least for RSN pre-authentication where
2170 * candidate APs are added to a list based on scan result processing
2171 * before completion of the first association.
2173 wpa_supplicant_rsn_supp_set_config(wpa_s
, ssid
);
2176 if (wpas_dpp_check_connect(wpa_s
, ssid
, bss
) != 0)
2178 #endif /* CONFIG_DPP */
2182 wpa_tdls_ap_ies(wpa_s
->wpa
, (const u8
*) (bss
+ 1),
2184 #endif /* CONFIG_TDLS */
2187 wpas_mbo_check_pmf(wpa_s
, bss
, ssid
);
2188 #endif /* CONFIG_MBO */
2190 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2191 ssid
->mode
== WPAS_MODE_INFRA
) {
2192 sme_authenticate(wpa_s
, bss
, ssid
);
2196 if (wpa_s
->connect_work
) {
2197 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reject wpa_supplicant_associate() call since connect_work exist");
2201 if (radio_work_pending(wpa_s
, "connect")) {
2202 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reject wpa_supplicant_associate() call since pending work exist");
2207 if (ssid
->mode
== WPAS_MODE_IBSS
|| ssid
->mode
== WPAS_MODE_MESH
) {
2208 /* Clear possibly set auth_alg, if any, from last attempt. */
2209 wpa_s
->sme
.auth_alg
= WPA_AUTH_ALG_OPEN
;
2211 #endif /* CONFIG_SME */
2213 wpas_abort_ongoing_scan(wpa_s
);
2215 cwork
= os_zalloc(sizeof(*cwork
));
2222 if (radio_add_work(wpa_s
, bss
? bss
->freq
: 0, "connect", 1,
2223 wpas_start_assoc_cb
, cwork
) < 0) {
2229 static int bss_is_ibss(struct wpa_bss
*bss
)
2231 return (bss
->caps
& (IEEE80211_CAP_ESS
| IEEE80211_CAP_IBSS
)) ==
2236 static int drv_supports_vht(struct wpa_supplicant
*wpa_s
,
2237 const struct wpa_ssid
*ssid
)
2239 enum hostapd_hw_mode hw_mode
;
2240 struct hostapd_hw_modes
*mode
= NULL
;
2244 hw_mode
= ieee80211_freq_to_chan(ssid
->frequency
, &channel
);
2245 if (hw_mode
== NUM_HOSTAPD_MODES
)
2247 for (i
= 0; wpa_s
->hw
.modes
&& i
< wpa_s
->hw
.num_modes
; i
++) {
2248 if (wpa_s
->hw
.modes
[i
].mode
== hw_mode
) {
2249 mode
= &wpa_s
->hw
.modes
[i
];
2257 return mode
->vht_capab
!= 0;
2261 void ibss_mesh_setup_freq(struct wpa_supplicant
*wpa_s
,
2262 const struct wpa_ssid
*ssid
,
2263 struct hostapd_freq_params
*freq
)
2265 int ieee80211_mode
= wpas_mode_to_ieee80211_mode(ssid
->mode
);
2266 enum hostapd_hw_mode hw_mode
;
2267 struct hostapd_hw_modes
*mode
= NULL
;
2268 int ht40plus
[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2270 int vht80
[] = { 36, 52, 100, 116, 132, 149 };
2271 struct hostapd_channel_data
*pri_chan
= NULL
, *sec_chan
= NULL
;
2273 int i
, chan_idx
, ht40
= -1, res
, obss_scan
= 1;
2275 struct hostapd_freq_params vht_freq
;
2276 int chwidth
, seg0
, seg1
;
2280 freq
->freq
= ssid
->frequency
;
2282 for (j
= 0; j
< wpa_s
->last_scan_res_used
; j
++) {
2283 struct wpa_bss
*bss
= wpa_s
->last_scan_res
[j
];
2285 if (ssid
->mode
!= WPAS_MODE_IBSS
)
2288 /* Don't adjust control freq in case of fixed_freq */
2289 if (ssid
->fixed_freq
)
2292 if (!bss_is_ibss(bss
))
2295 if (ssid
->ssid_len
== bss
->ssid_len
&&
2296 os_memcmp(ssid
->ssid
, bss
->ssid
, bss
->ssid_len
) == 0) {
2297 wpa_printf(MSG_DEBUG
,
2298 "IBSS already found in scan results, adjust control freq: %d",
2300 freq
->freq
= bss
->freq
;
2306 /* For IBSS check HT_IBSS flag */
2307 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2308 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_HT_IBSS
))
2311 if (wpa_s
->group_cipher
== WPA_CIPHER_WEP40
||
2312 wpa_s
->group_cipher
== WPA_CIPHER_WEP104
||
2313 wpa_s
->pairwise_cipher
== WPA_CIPHER_TKIP
) {
2314 wpa_printf(MSG_DEBUG
,
2315 "IBSS: WEP/TKIP detected, do not try to enable HT");
2319 hw_mode
= ieee80211_freq_to_chan(freq
->freq
, &channel
);
2320 for (i
= 0; wpa_s
->hw
.modes
&& i
< wpa_s
->hw
.num_modes
; i
++) {
2321 if (wpa_s
->hw
.modes
[i
].mode
== hw_mode
) {
2322 mode
= &wpa_s
->hw
.modes
[i
];
2330 is_24ghz
= hw_mode
== HOSTAPD_MODE_IEEE80211G
||
2331 hw_mode
== HOSTAPD_MODE_IEEE80211B
;
2333 #ifdef CONFIG_HT_OVERRIDES
2334 if (ssid
->disable_ht
) {
2335 freq
->ht_enabled
= 0;
2338 #endif /* CONFIG_HT_OVERRIDES */
2340 freq
->ht_enabled
= ht_supported(mode
);
2341 if (!freq
->ht_enabled
)
2344 /* Allow HE on 2.4 GHz without VHT: see nl80211_put_freq_params() */
2346 freq
->he_enabled
= mode
->he_capab
[ieee80211_mode
].he_supported
;
2348 /* Setup higher BW only for 5 GHz */
2349 if (mode
->mode
!= HOSTAPD_MODE_IEEE80211A
)
2352 for (chan_idx
= 0; chan_idx
< mode
->num_channels
; chan_idx
++) {
2353 pri_chan
= &mode
->channels
[chan_idx
];
2354 if (pri_chan
->chan
== channel
)
2361 /* Check primary channel flags */
2362 if (pri_chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2365 freq
->channel
= pri_chan
->chan
;
2367 #ifdef CONFIG_HT_OVERRIDES
2368 if (ssid
->disable_ht40
) {
2369 if (ssid
->disable_vht
)
2373 #endif /* CONFIG_HT_OVERRIDES */
2375 /* Check/setup HT40+/HT40- */
2376 for (j
= 0; j
< ARRAY_SIZE(ht40plus
); j
++) {
2377 if (ht40plus
[j
] == channel
) {
2383 /* Find secondary channel */
2384 for (i
= 0; i
< mode
->num_channels
; i
++) {
2385 sec_chan
= &mode
->channels
[i
];
2386 if (sec_chan
->chan
== channel
+ ht40
* 4)
2393 /* Check secondary channel flags */
2394 if (sec_chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2398 if (!(pri_chan
->flag
& HOSTAPD_CHAN_HT40MINUS
))
2401 if (!(pri_chan
->flag
& HOSTAPD_CHAN_HT40PLUS
))
2404 freq
->sec_channel_offset
= ht40
;
2407 struct wpa_scan_results
*scan_res
;
2409 scan_res
= wpa_supplicant_get_scan_results(wpa_s
, NULL
, 0);
2410 if (scan_res
== NULL
) {
2412 freq
->sec_channel_offset
= 0;
2416 res
= check_40mhz_5g(scan_res
, pri_chan
, sec_chan
);
2420 freq
->sec_channel_offset
= 0;
2423 /* Configuration allowed */
2426 /* Switch pri/sec channels */
2427 freq
->freq
= hw_get_freq(mode
, sec_chan
->chan
);
2428 freq
->sec_channel_offset
= -freq
->sec_channel_offset
;
2429 freq
->channel
= sec_chan
->chan
;
2432 freq
->sec_channel_offset
= 0;
2436 wpa_scan_results_free(scan_res
);
2439 #ifdef CONFIG_HT_OVERRIDES
2441 #endif /* CONFIG_HT_OVERRIDES */
2442 wpa_printf(MSG_DEBUG
,
2443 "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2444 freq
->channel
, freq
->sec_channel_offset
);
2446 if (!drv_supports_vht(wpa_s
, ssid
))
2449 /* For IBSS check VHT_IBSS flag */
2450 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2451 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_VHT_IBSS
))
2456 #ifdef CONFIG_VHT_OVERRIDES
2457 if (ssid
->disable_vht
) {
2458 freq
->vht_enabled
= 0;
2461 #endif /* CONFIG_VHT_OVERRIDES */
2463 vht_freq
.vht_enabled
= vht_supported(mode
);
2464 if (!vht_freq
.vht_enabled
)
2467 /* Enable HE for VHT */
2468 vht_freq
.he_enabled
= mode
->he_capab
[ieee80211_mode
].he_supported
;
2470 /* setup center_freq1, bandwidth */
2471 for (j
= 0; j
< ARRAY_SIZE(vht80
); j
++) {
2472 if (freq
->channel
>= vht80
[j
] &&
2473 freq
->channel
< vht80
[j
] + 16)
2477 if (j
== ARRAY_SIZE(vht80
))
2480 for (i
= vht80
[j
]; i
< vht80
[j
] + 16; i
+= 4) {
2481 struct hostapd_channel_data
*chan
;
2483 chan
= hw_get_channel_chan(mode
, i
, NULL
);
2487 /* Back to HT configuration if channel not usable */
2488 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2492 chwidth
= CHANWIDTH_80MHZ
;
2493 seg0
= vht80
[j
] + 6;
2496 if (ssid
->max_oper_chwidth
== CHANWIDTH_80P80MHZ
) {
2497 /* setup center_freq2, bandwidth */
2498 for (k
= 0; k
< ARRAY_SIZE(vht80
); k
++) {
2499 /* Only accept 80 MHz segments separated by a gap */
2500 if (j
== k
|| abs(vht80
[j
] - vht80
[k
]) == 16)
2502 for (i
= vht80
[k
]; i
< vht80
[k
] + 16; i
+= 4) {
2503 struct hostapd_channel_data
*chan
;
2505 chan
= hw_get_channel_chan(mode
, i
, NULL
);
2509 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
|
2510 HOSTAPD_CHAN_NO_IR
|
2511 HOSTAPD_CHAN_RADAR
))
2514 /* Found a suitable second segment for 80+80 */
2515 chwidth
= CHANWIDTH_80P80MHZ
;
2517 VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ
;
2518 seg1
= vht80
[k
] + 6;
2521 if (chwidth
== CHANWIDTH_80P80MHZ
)
2524 } else if (ssid
->max_oper_chwidth
== CHANWIDTH_160MHZ
) {
2525 if (freq
->freq
== 5180) {
2526 chwidth
= CHANWIDTH_160MHZ
;
2527 vht_caps
|= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
2529 } else if (freq
->freq
== 5520) {
2530 chwidth
= CHANWIDTH_160MHZ
;
2531 vht_caps
|= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
2534 } else if (ssid
->max_oper_chwidth
== CHANWIDTH_USE_HT
) {
2535 chwidth
= CHANWIDTH_USE_HT
;
2536 seg0
= vht80
[j
] + 2;
2537 #ifdef CONFIG_HT_OVERRIDES
2538 if (ssid
->disable_ht40
)
2540 #endif /* CONFIG_HT_OVERRIDES */
2543 if (hostapd_set_freq_params(&vht_freq
, mode
->mode
, freq
->freq
,
2544 freq
->channel
, ssid
->enable_edmg
,
2545 ssid
->edmg_channel
, freq
->ht_enabled
,
2546 vht_freq
.vht_enabled
, freq
->he_enabled
,
2547 freq
->sec_channel_offset
,
2548 chwidth
, seg0
, seg1
, vht_caps
,
2549 &mode
->he_capab
[ieee80211_mode
]) != 0)
2554 wpa_printf(MSG_DEBUG
, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2555 freq
->center_freq1
, freq
->center_freq2
, freq
->bandwidth
);
2560 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant
*wpa_s
, u8
*ie_buf
,
2563 struct fils_hlp_req
*req
;
2564 size_t rem_len
, hdr_len
, hlp_len
, len
, ie_len
= 0;
2568 dl_list_for_each(req
, &wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
2570 rem_len
= ie_buf_len
- ie_len
;
2571 pos
= wpabuf_head(req
->pkt
);
2572 hdr_len
= 1 + 2 * ETH_ALEN
+ 6;
2573 hlp_len
= wpabuf_len(req
->pkt
);
2575 if (rem_len
< 2 + hdr_len
+ hlp_len
) {
2576 wpa_printf(MSG_ERROR
,
2577 "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2578 (unsigned long) rem_len
,
2579 (unsigned long) (2 + hdr_len
+ hlp_len
));
2583 len
= (hdr_len
+ hlp_len
) > 255 ? 255 : hdr_len
+ hlp_len
;
2585 *buf
++ = WLAN_EID_EXTENSION
;
2588 /* Element ID Extension */
2589 *buf
++ = WLAN_EID_EXT_FILS_HLP_CONTAINER
;
2590 /* Destination MAC address */
2591 os_memcpy(buf
, req
->dst
, ETH_ALEN
);
2593 /* Source MAC address */
2594 os_memcpy(buf
, wpa_s
->own_addr
, ETH_ALEN
);
2596 /* LLC/SNAP Header */
2597 os_memcpy(buf
, "\xaa\xaa\x03\x00\x00\x00", 6);
2600 os_memcpy(buf
, pos
, len
- hdr_len
);
2601 buf
+= len
- hdr_len
;
2602 pos
+= len
- hdr_len
;
2604 hlp_len
-= len
- hdr_len
;
2609 len
= (hlp_len
> 255) ? 255 : hlp_len
;
2610 if (rem_len
< 2 + len
)
2612 *buf
++ = WLAN_EID_FRAGMENT
;
2614 os_memcpy(buf
, pos
, len
);
2628 int wpa_is_fils_supported(struct wpa_supplicant
*wpa_s
)
2630 return (((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2631 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SUPPORT_FILS
)) ||
2632 (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2633 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD
)));
2637 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant
*wpa_s
)
2639 #ifdef CONFIG_FILS_SK_PFS
2640 return (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2641 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SUPPORT_FILS
);
2642 #else /* CONFIG_FILS_SK_PFS */
2644 #endif /* CONFIG_FILS_SK_PFS */
2647 #endif /* CONFIG_FILS */
2650 static u8
* wpas_populate_assoc_ies(
2651 struct wpa_supplicant
*wpa_s
,
2652 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
,
2653 struct wpa_driver_associate_params
*params
,
2654 enum wpa_drv_update_connect_params_mask
*mask
)
2657 size_t max_wpa_ie_len
= 500;
2659 int algs
= WPA_AUTH_ALG_OPEN
;
2664 int sae_pmksa_cached
= 0;
2665 #endif /* CONFIG_SAE */
2667 const u8
*realm
, *username
, *rrk
;
2668 size_t realm_len
, username_len
, rrk_len
;
2670 struct fils_hlp_req
*req
;
2672 dl_list_for_each(req
, &wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
2674 max_wpa_ie_len
+= 3 + 2 * ETH_ALEN
+ 6 + wpabuf_len(req
->pkt
) +
2675 2 + 2 * wpabuf_len(req
->pkt
) / 255;
2677 #endif /* CONFIG_FILS */
2679 wpa_ie
= os_malloc(max_wpa_ie_len
);
2681 wpa_printf(MSG_ERROR
,
2682 "Failed to allocate connect IE buffer for %lu bytes",
2683 (unsigned long) max_wpa_ie_len
);
2687 if (bss
&& (wpa_bss_get_vendor_ie(bss
, WPA_IE_VENDOR_TYPE
) ||
2688 wpa_bss_get_ie(bss
, WLAN_EID_RSN
)) &&
2689 wpa_key_mgmt_wpa(ssid
->key_mgmt
)) {
2690 int try_opportunistic
;
2691 const u8
*cache_id
= NULL
;
2693 try_opportunistic
= (ssid
->proactive_key_caching
< 0 ?
2695 ssid
->proactive_key_caching
) &&
2696 (ssid
->proto
& WPA_PROTO_RSN
);
2698 if (wpa_key_mgmt_fils(ssid
->key_mgmt
))
2699 cache_id
= wpa_bss_get_fils_cache_id(bss
);
2700 #endif /* CONFIG_FILS */
2701 if (pmksa_cache_set_current(wpa_s
->wpa
, NULL
, bss
->bssid
,
2702 ssid
, try_opportunistic
,
2703 cache_id
, 0) == 0) {
2704 eapol_sm_notify_pmkid_attempt(wpa_s
->eapol
);
2706 sae_pmksa_cached
= 1;
2707 #endif /* CONFIG_SAE */
2709 wpa_ie_len
= max_wpa_ie_len
;
2710 if (wpa_supplicant_set_suites(wpa_s
, bss
, ssid
,
2711 wpa_ie
, &wpa_ie_len
)) {
2712 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2713 "key management and encryption suites");
2718 } else if (bss
&& wpa_bss_get_vendor_ie(bss
, OSEN_IE_VENDOR_TYPE
) &&
2719 (ssid
->key_mgmt
& WPA_KEY_MGMT_OSEN
)) {
2720 /* No PMKSA caching, but otherwise similar to RSN/WPA */
2721 wpa_ie_len
= max_wpa_ie_len
;
2722 if (wpa_supplicant_set_suites(wpa_s
, bss
, ssid
,
2723 wpa_ie
, &wpa_ie_len
)) {
2724 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2725 "key management and encryption suites");
2729 #endif /* CONFIG_HS20 */
2730 } else if ((ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
) && bss
&&
2731 wpa_key_mgmt_wpa_ieee8021x(ssid
->key_mgmt
)) {
2733 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2734 * use non-WPA since the scan results did not indicate that the
2735 * AP is using WPA or WPA2.
2737 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2739 wpa_s
->wpa_proto
= 0;
2740 } else if (wpa_key_mgmt_wpa_any(ssid
->key_mgmt
)) {
2741 wpa_ie_len
= max_wpa_ie_len
;
2742 if (wpa_supplicant_set_suites(wpa_s
, NULL
, ssid
,
2743 wpa_ie
, &wpa_ie_len
)) {
2744 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2745 "key management and encryption suites (no "
2751 } else if (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
) {
2752 struct wpabuf
*wps_ie
;
2753 wps_ie
= wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid
));
2754 if (wps_ie
&& wpabuf_len(wps_ie
) <= max_wpa_ie_len
) {
2755 wpa_ie_len
= wpabuf_len(wps_ie
);
2756 os_memcpy(wpa_ie
, wpabuf_head(wps_ie
), wpa_ie_len
);
2759 wpabuf_free(wps_ie
);
2760 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2761 if (!bss
|| (bss
->caps
& IEEE80211_CAP_PRIVACY
))
2762 params
->wps
= WPS_MODE_PRIVACY
;
2764 params
->wps
= WPS_MODE_OPEN
;
2765 wpa_s
->wpa_proto
= 0;
2766 #endif /* CONFIG_WPS */
2768 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2770 wpa_s
->wpa_proto
= 0;
2773 #ifdef IEEE8021X_EAPOL
2774 if (ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
2776 if (ssid
->non_leap
== 0)
2777 algs
= WPA_AUTH_ALG_LEAP
;
2779 algs
|= WPA_AUTH_ALG_LEAP
;
2784 /* Clear FILS association */
2785 wpa_sm_set_reset_fils_completed(wpa_s
->wpa
, 0);
2787 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD
) &&
2788 ssid
->eap
.erp
&& wpa_key_mgmt_fils(wpa_s
->key_mgmt
) &&
2789 eapol_sm_get_erp_info(wpa_s
->eapol
, &ssid
->eap
, &username
,
2790 &username_len
, &realm
, &realm_len
,
2791 &next_seq_num
, &rrk
, &rrk_len
) == 0 &&
2792 (!wpa_s
->last_con_fail_realm
||
2793 wpa_s
->last_con_fail_realm_len
!= realm_len
||
2794 os_memcmp(wpa_s
->last_con_fail_realm
, realm
, realm_len
) != 0)) {
2795 algs
= WPA_AUTH_ALG_FILS
;
2796 params
->fils_erp_username
= username
;
2797 params
->fils_erp_username_len
= username_len
;
2798 params
->fils_erp_realm
= realm
;
2799 params
->fils_erp_realm_len
= realm_len
;
2800 params
->fils_erp_next_seq_num
= next_seq_num
;
2801 params
->fils_erp_rrk
= rrk
;
2802 params
->fils_erp_rrk_len
= rrk_len
;
2805 *mask
|= WPA_DRV_UPDATE_FILS_ERP_INFO
;
2807 #endif /* CONFIG_FILS */
2808 #endif /* IEEE8021X_EAPOL */
2810 if (wpa_s
->key_mgmt
& (WPA_KEY_MGMT_SAE
| WPA_KEY_MGMT_FT_SAE
))
2811 algs
= WPA_AUTH_ALG_SAE
;
2812 #endif /* CONFIG_SAE */
2814 wpa_dbg(wpa_s
, MSG_DEBUG
, "Automatic auth_alg selection: 0x%x", algs
);
2815 if (ssid
->auth_alg
) {
2816 algs
= ssid
->auth_alg
;
2817 wpa_dbg(wpa_s
, MSG_DEBUG
,
2818 "Overriding auth_alg selection: 0x%x", algs
);
2822 if (sae_pmksa_cached
&& algs
== WPA_AUTH_ALG_SAE
) {
2823 wpa_dbg(wpa_s
, MSG_DEBUG
,
2824 "SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
2825 algs
= WPA_AUTH_ALG_OPEN
;
2827 #endif /* CONFIG_SAE */
2830 if (wpa_s
->global
->p2p
) {
2834 pos
= wpa_ie
+ wpa_ie_len
;
2835 len
= max_wpa_ie_len
- wpa_ie_len
;
2836 res
= wpas_p2p_assoc_req_ie(wpa_s
, bss
, pos
, len
,
2842 wpa_s
->cross_connect_disallowed
= 0;
2845 p2p
= wpa_bss_get_vendor_ie_multi(bss
, P2P_IE_VENDOR_TYPE
);
2847 wpa_s
->cross_connect_disallowed
=
2848 p2p_get_cross_connect_disallowed(p2p
);
2850 wpa_dbg(wpa_s
, MSG_DEBUG
, "P2P: WLAN AP %s cross "
2852 wpa_s
->cross_connect_disallowed
?
2853 "disallows" : "allows");
2857 os_memset(wpa_s
->p2p_ip_addr_info
, 0, sizeof(wpa_s
->p2p_ip_addr_info
));
2858 #endif /* CONFIG_P2P */
2861 wpa_ie_len
+= wpas_supp_op_class_ie(wpa_s
, ssid
, bss
->freq
,
2862 wpa_ie
+ wpa_ie_len
,
2868 * Workaround: Add Extended Capabilities element only if the AP
2869 * included this element in Beacon/Probe Response frames. Some older
2870 * APs seem to have interoperability issues if this element is
2871 * included, so while the standard may require us to include the
2872 * element in all cases, it is justifiable to skip it to avoid
2873 * interoperability issues.
2875 if (ssid
->p2p_group
)
2876 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_P2P_CLIENT
);
2878 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_STATION
);
2880 if (!bss
|| wpa_bss_get_ie(bss
, WLAN_EID_EXT_CAPAB
)) {
2883 ext_capab_len
= wpas_build_ext_capab(wpa_s
, ext_capab
,
2885 if (ext_capab_len
> 0 &&
2886 wpa_ie_len
+ ext_capab_len
<= max_wpa_ie_len
) {
2888 if (wpa_ie_len
> 0 && pos
[0] == WLAN_EID_RSN
)
2890 os_memmove(pos
+ ext_capab_len
, pos
,
2891 wpa_ie_len
- (pos
- wpa_ie
));
2892 wpa_ie_len
+= ext_capab_len
;
2893 os_memcpy(pos
, ext_capab
, ext_capab_len
);
2898 if (is_hs20_network(wpa_s
, ssid
, bss
)) {
2899 struct wpabuf
*hs20
;
2901 hs20
= wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN
);
2903 int pps_mo_id
= hs20_get_pps_mo_id(wpa_s
, ssid
);
2906 wpas_hs20_add_indication(hs20
, pps_mo_id
,
2907 get_hs20_version(bss
));
2908 wpas_hs20_add_roam_cons_sel(hs20
, ssid
);
2909 len
= max_wpa_ie_len
- wpa_ie_len
;
2910 if (wpabuf_len(hs20
) <= len
) {
2911 os_memcpy(wpa_ie
+ wpa_ie_len
,
2912 wpabuf_head(hs20
), wpabuf_len(hs20
));
2913 wpa_ie_len
+= wpabuf_len(hs20
);
2917 hs20_configure_frame_filters(wpa_s
);
2920 #endif /* CONFIG_HS20 */
2922 if (wpa_s
->vendor_elem
[VENDOR_ELEM_ASSOC_REQ
]) {
2923 struct wpabuf
*buf
= wpa_s
->vendor_elem
[VENDOR_ELEM_ASSOC_REQ
];
2926 len
= max_wpa_ie_len
- wpa_ie_len
;
2927 if (wpabuf_len(buf
) <= len
) {
2928 os_memcpy(wpa_ie
+ wpa_ie_len
,
2929 wpabuf_head(buf
), wpabuf_len(buf
));
2930 wpa_ie_len
+= wpabuf_len(buf
);
2935 if (wpa_s
->fst_ies
) {
2936 int fst_ies_len
= wpabuf_len(wpa_s
->fst_ies
);
2938 if (wpa_ie_len
+ fst_ies_len
<= max_wpa_ie_len
) {
2939 os_memcpy(wpa_ie
+ wpa_ie_len
,
2940 wpabuf_head(wpa_s
->fst_ies
), fst_ies_len
);
2941 wpa_ie_len
+= fst_ies_len
;
2944 #endif /* CONFIG_FST */
2947 mbo_ie
= bss
? wpa_bss_get_vendor_ie(bss
, MBO_IE_VENDOR_TYPE
) : NULL
;
2948 if (!wpa_s
->disable_mbo_oce
&& mbo_ie
) {
2951 len
= wpas_mbo_ie(wpa_s
, wpa_ie
+ wpa_ie_len
,
2952 max_wpa_ie_len
- wpa_ie_len
,
2953 !!mbo_attr_from_mbo_ie(mbo_ie
,
2954 OCE_ATTR_ID_CAPA_IND
));
2958 #endif /* CONFIG_MBO */
2961 if (algs
== WPA_AUTH_ALG_FILS
) {
2964 len
= wpas_add_fils_hlp_req(wpa_s
, wpa_ie
+ wpa_ie_len
,
2965 max_wpa_ie_len
- wpa_ie_len
);
2968 #endif /* CONFIG_FILS */
2971 #ifdef CONFIG_TESTING_OPTIONS
2972 if (get_ie_ext(wpa_ie
, wpa_ie_len
, WLAN_EID_EXT_OWE_DH_PARAM
)) {
2973 wpa_printf(MSG_INFO
, "TESTING: Override OWE DH element");
2975 #endif /* CONFIG_TESTING_OPTIONS */
2976 if (algs
== WPA_AUTH_ALG_OPEN
&&
2977 ssid
->key_mgmt
== WPA_KEY_MGMT_OWE
) {
2978 struct wpabuf
*owe_ie
;
2981 if (ssid
->owe_group
) {
2982 group
= ssid
->owe_group
;
2983 } else if (wpa_s
->assoc_status_code
==
2984 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED
) {
2985 if (wpa_s
->last_owe_group
== 19)
2987 else if (wpa_s
->last_owe_group
== 20)
2990 group
= OWE_DH_GROUP
;
2992 group
= OWE_DH_GROUP
;
2995 wpa_s
->last_owe_group
= group
;
2996 wpa_printf(MSG_DEBUG
, "OWE: Try to use group %u", group
);
2997 owe_ie
= owe_build_assoc_req(wpa_s
->wpa
, group
);
2999 wpabuf_len(owe_ie
) <= max_wpa_ie_len
- wpa_ie_len
) {
3000 os_memcpy(wpa_ie
+ wpa_ie_len
,
3001 wpabuf_head(owe_ie
), wpabuf_len(owe_ie
));
3002 wpa_ie_len
+= wpabuf_len(owe_ie
);
3004 wpabuf_free(owe_ie
);
3006 #endif /* CONFIG_OWE */
3009 if (wpa_sm_get_key_mgmt(wpa_s
->wpa
) == WPA_KEY_MGMT_DPP
&&
3010 ssid
->dpp_netaccesskey
) {
3011 dpp_pfs_free(wpa_s
->dpp_pfs
);
3012 wpa_s
->dpp_pfs
= dpp_pfs_init(ssid
->dpp_netaccesskey
,
3013 ssid
->dpp_netaccesskey_len
);
3014 if (!wpa_s
->dpp_pfs
) {
3015 wpa_printf(MSG_DEBUG
, "DPP: Could not initialize PFS");
3016 /* Try to continue without PFS */
3019 if (wpabuf_len(wpa_s
->dpp_pfs
->ie
) <=
3020 max_wpa_ie_len
- wpa_ie_len
) {
3021 os_memcpy(wpa_ie
+ wpa_ie_len
,
3022 wpabuf_head(wpa_s
->dpp_pfs
->ie
),
3023 wpabuf_len(wpa_s
->dpp_pfs
->ie
));
3024 wpa_ie_len
+= wpabuf_len(wpa_s
->dpp_pfs
->ie
);
3028 #endif /* CONFIG_DPP2 */
3030 #ifdef CONFIG_IEEE80211R
3032 * Add MDIE under these conditions: the network profile allows FT,
3033 * the AP supports FT, and the mobility domain ID matches.
3035 if (bss
&& wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s
->wpa
))) {
3036 const u8
*mdie
= wpa_bss_get_ie(bss
, WLAN_EID_MOBILITY_DOMAIN
);
3038 if (mdie
&& mdie
[1] >= MOBILITY_DOMAIN_ID_LEN
) {
3040 const u8
*md
= mdie
+ 2;
3041 const u8
*wpa_md
= wpa_sm_get_ft_md(wpa_s
->wpa
);
3043 if (os_memcmp(md
, wpa_md
,
3044 MOBILITY_DOMAIN_ID_LEN
) == 0) {
3045 /* Add mobility domain IE */
3046 len
= wpa_ft_add_mdie(
3047 wpa_s
->wpa
, wpa_ie
+ wpa_ie_len
,
3048 max_wpa_ie_len
- wpa_ie_len
, mdie
);
3052 if (len
> 0 && wpa_s
->sme
.ft_used
&&
3053 wpa_sm_has_ptk(wpa_s
->wpa
)) {
3054 wpa_dbg(wpa_s
, MSG_DEBUG
,
3055 "SME: Trying to use FT over-the-air");
3056 algs
|= WPA_AUTH_ALG_FT
;
3058 #endif /* CONFIG_SME */
3061 #endif /* CONFIG_IEEE80211R */
3063 #ifdef CONFIG_TESTING_OPTIONS
3064 if (wpa_s
->rsnxe_override_assoc
&&
3065 wpabuf_len(wpa_s
->rsnxe_override_assoc
) <=
3066 max_wpa_ie_len
- wpa_ie_len
) {
3067 wpa_printf(MSG_DEBUG
, "TESTING: RSNXE AssocReq override");
3068 os_memcpy(wpa_ie
+ wpa_ie_len
,
3069 wpabuf_head(wpa_s
->rsnxe_override_assoc
),
3070 wpabuf_len(wpa_s
->rsnxe_override_assoc
));
3071 wpa_ie_len
+= wpabuf_len(wpa_s
->rsnxe_override_assoc
);
3073 #endif /* CONFIG_TESTING_OPTIONS */
3074 if (wpa_s
->rsnxe_len
> 0 &&
3075 wpa_s
->rsnxe_len
<= max_wpa_ie_len
- wpa_ie_len
) {
3076 os_memcpy(wpa_ie
+ wpa_ie_len
, wpa_s
->rsnxe
, wpa_s
->rsnxe_len
);
3077 wpa_ie_len
+= wpa_s
->rsnxe_len
;
3080 if (ssid
->multi_ap_backhaul_sta
) {
3081 size_t multi_ap_ie_len
;
3083 multi_ap_ie_len
= add_multi_ap_ie(wpa_ie
+ wpa_ie_len
,
3084 max_wpa_ie_len
- wpa_ie_len
,
3085 MULTI_AP_BACKHAUL_STA
);
3086 if (multi_ap_ie_len
== 0) {
3087 wpa_printf(MSG_ERROR
,
3088 "Multi-AP: Failed to build Multi-AP IE");
3092 wpa_ie_len
+= multi_ap_ie_len
;
3095 params
->wpa_ie
= wpa_ie
;
3096 params
->wpa_ie_len
= wpa_ie_len
;
3097 params
->auth_alg
= algs
;
3099 *mask
|= WPA_DRV_UPDATE_ASSOC_IES
| WPA_DRV_UPDATE_AUTH_TYPE
;
3106 static void wpas_update_owe_connect_params(struct wpa_supplicant
*wpa_s
)
3108 struct wpa_driver_associate_params params
;
3111 os_memset(¶ms
, 0, sizeof(params
));
3112 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
3113 wpa_s
->current_ssid
, ¶ms
, NULL
);
3117 wpa_drv_update_connect_params(wpa_s
, ¶ms
, WPA_DRV_UPDATE_ASSOC_IES
);
3120 #endif /* CONFIG_OWE */
3123 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
3124 static void wpas_update_fils_connect_params(struct wpa_supplicant
*wpa_s
)
3126 struct wpa_driver_associate_params params
;
3127 enum wpa_drv_update_connect_params_mask mask
= 0;
3130 if (wpa_s
->auth_alg
!= WPA_AUTH_ALG_OPEN
)
3131 return; /* nothing to do */
3133 os_memset(¶ms
, 0, sizeof(params
));
3134 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
3135 wpa_s
->current_ssid
, ¶ms
, &mask
);
3139 if (params
.auth_alg
!= WPA_AUTH_ALG_FILS
) {
3144 wpa_s
->auth_alg
= params
.auth_alg
;
3145 wpa_drv_update_connect_params(wpa_s
, ¶ms
, mask
);
3148 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
3151 static u8
wpa_ie_get_edmg_oper_chans(const u8
*edmg_ie
)
3153 if (!edmg_ie
|| edmg_ie
[1] < 6)
3155 return edmg_ie
[EDMG_BSS_OPERATING_CHANNELS_OFFSET
];
3159 static u8
wpa_ie_get_edmg_oper_chan_width(const u8
*edmg_ie
)
3161 if (!edmg_ie
|| edmg_ie
[1] < 6)
3163 return edmg_ie
[EDMG_OPERATING_CHANNEL_WIDTH_OFFSET
];
3167 /* Returns the intersection of two EDMG configurations.
3168 * Note: The current implementation is limited to CB2 only (CB1 included),
3169 * i.e., the implementation supports up to 2 contiguous channels.
3170 * For supporting non-contiguous (aggregated) channels and for supporting
3171 * CB3 and above, this function will need to be extended.
3173 static struct ieee80211_edmg_config
3174 get_edmg_intersection(struct ieee80211_edmg_config a
,
3175 struct ieee80211_edmg_config b
,
3178 struct ieee80211_edmg_config result
;
3179 int i
, contiguous
= 0;
3180 int max_contiguous
= 0;
3182 result
.channels
= b
.channels
& a
.channels
;
3183 if (!result
.channels
) {
3184 wpa_printf(MSG_DEBUG
,
3185 "EDMG not possible: cannot intersect channels 0x%x and 0x%x",
3186 a
.channels
, b
.channels
);
3190 if (!(result
.channels
& BIT(primary_channel
- 1))) {
3191 wpa_printf(MSG_DEBUG
,
3192 "EDMG not possible: the primary channel %d is not one of the intersected channels 0x%x",
3193 primary_channel
, result
.channels
);
3197 /* Find max contiguous channels */
3198 for (i
= 0; i
< 6; i
++) {
3199 if (result
.channels
& BIT(i
))
3204 if (contiguous
> max_contiguous
)
3205 max_contiguous
= contiguous
;
3208 /* Assuming AP and STA supports ONLY contiguous channels,
3209 * bw configuration can have value between 4-7.
3211 if ((b
.bw_config
< a
.bw_config
))
3212 result
.bw_config
= b
.bw_config
;
3214 result
.bw_config
= a
.bw_config
;
3216 if ((max_contiguous
>= 2 && result
.bw_config
< EDMG_BW_CONFIG_5
) ||
3217 (max_contiguous
>= 1 && result
.bw_config
< EDMG_BW_CONFIG_4
)) {
3218 wpa_printf(MSG_DEBUG
,
3219 "EDMG not possible: not enough contiguous channels %d for supporting CB1 or CB2",
3227 result
.channels
= 0;
3228 result
.bw_config
= 0;
3233 static struct ieee80211_edmg_config
3234 get_supported_edmg(struct wpa_supplicant
*wpa_s
,
3235 struct hostapd_freq_params
*freq
,
3236 struct ieee80211_edmg_config request_edmg
)
3238 enum hostapd_hw_mode hw_mode
;
3239 struct hostapd_hw_modes
*mode
= NULL
;
3242 if (!wpa_s
->hw
.modes
)
3245 hw_mode
= ieee80211_freq_to_chan(freq
->freq
, &primary_channel
);
3246 if (hw_mode
== NUM_HOSTAPD_MODES
)
3249 mode
= get_mode(wpa_s
->hw
.modes
, wpa_s
->hw
.num_modes
, hw_mode
);
3253 return get_edmg_intersection(mode
->edmg
, request_edmg
, primary_channel
);
3256 request_edmg
.channels
= 0;
3257 request_edmg
.bw_config
= 0;
3258 return request_edmg
;
3263 void wpas_update_mbo_connect_params(struct wpa_supplicant
*wpa_s
)
3265 struct wpa_driver_associate_params params
;
3269 * Update MBO connect params only in case of change of MBO attributes
3270 * when connected, if the AP support MBO.
3273 if (wpa_s
->wpa_state
!= WPA_COMPLETED
|| !wpa_s
->current_ssid
||
3274 !wpa_s
->current_bss
||
3275 !wpa_bss_get_vendor_ie(wpa_s
->current_bss
, MBO_IE_VENDOR_TYPE
))
3278 os_memset(¶ms
, 0, sizeof(params
));
3279 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
3280 wpa_s
->current_ssid
, ¶ms
, NULL
);
3284 wpa_drv_update_connect_params(wpa_s
, ¶ms
, WPA_DRV_UPDATE_ASSOC_IES
);
3287 #endif /* CONFIG_MBO */
3290 static void wpas_start_assoc_cb(struct wpa_radio_work
*work
, int deinit
)
3292 struct wpa_connect_work
*cwork
= work
->ctx
;
3293 struct wpa_bss
*bss
= cwork
->bss
;
3294 struct wpa_ssid
*ssid
= cwork
->ssid
;
3295 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
3297 const u8
*edmg_ie_oper
;
3298 int use_crypt
, ret
, i
, bssid_changed
;
3299 unsigned int cipher_pairwise
, cipher_group
, cipher_group_mgmt
;
3300 struct wpa_driver_associate_params params
;
3301 int wep_keys_set
= 0;
3302 int assoc_failed
= 0;
3303 struct wpa_ssid
*old_ssid
;
3304 u8 prev_bssid
[ETH_ALEN
];
3305 #ifdef CONFIG_HT_OVERRIDES
3306 struct ieee80211_ht_capabilities htcaps
;
3307 struct ieee80211_ht_capabilities htcaps_mask
;
3308 #endif /* CONFIG_HT_OVERRIDES */
3309 #ifdef CONFIG_VHT_OVERRIDES
3310 struct ieee80211_vht_capabilities vhtcaps
;
3311 struct ieee80211_vht_capabilities vhtcaps_mask
;
3312 #endif /* CONFIG_VHT_OVERRIDES */
3315 if (work
->started
) {
3316 wpa_s
->connect_work
= NULL
;
3318 /* cancel possible auth. timeout */
3319 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
,
3322 wpas_connect_work_free(cwork
);
3326 wpa_s
->connect_work
= work
;
3328 if (cwork
->bss_removed
|| !wpas_valid_bss_ssid(wpa_s
, bss
, ssid
) ||
3329 wpas_network_disabled(wpa_s
, ssid
)) {
3330 wpa_dbg(wpa_s
, MSG_DEBUG
, "BSS/SSID entry for association not valid anymore - drop connection attempt");
3331 wpas_connect_work_done(wpa_s
);
3335 os_memcpy(prev_bssid
, wpa_s
->bssid
, ETH_ALEN
);
3336 os_memset(¶ms
, 0, sizeof(params
));
3337 wpa_s
->reassociate
= 0;
3338 wpa_s
->eap_expected_failure
= 0;
3340 (!wpas_driver_bss_selection(wpa_s
) || wpas_wps_searching(wpa_s
))) {
3341 #ifdef CONFIG_IEEE80211R
3342 const u8
*ie
, *md
= NULL
;
3343 #endif /* CONFIG_IEEE80211R */
3344 wpa_msg(wpa_s
, MSG_INFO
, "Trying to associate with " MACSTR
3345 " (SSID='%s' freq=%d MHz)", MAC2STR(bss
->bssid
),
3346 wpa_ssid_txt(bss
->ssid
, bss
->ssid_len
), bss
->freq
);
3347 bssid_changed
= !is_zero_ether_addr(wpa_s
->bssid
);
3348 os_memset(wpa_s
->bssid
, 0, ETH_ALEN
);
3349 os_memcpy(wpa_s
->pending_bssid
, bss
->bssid
, ETH_ALEN
);
3351 wpas_notify_bssid_changed(wpa_s
);
3352 #ifdef CONFIG_IEEE80211R
3353 ie
= wpa_bss_get_ie(bss
, WLAN_EID_MOBILITY_DOMAIN
);
3354 if (ie
&& ie
[1] >= MOBILITY_DOMAIN_ID_LEN
)
3356 wpa_sm_set_ft_params(wpa_s
->wpa
, ie
, ie
? 2 + ie
[1] : 0);
3358 /* Prepare for the next transition */
3359 wpa_ft_prepare_auth_request(wpa_s
->wpa
, ie
);
3361 #endif /* CONFIG_IEEE80211R */
3363 } else if ((ssid
->ssid
== NULL
|| ssid
->ssid_len
== 0) &&
3364 wpa_s
->conf
->ap_scan
== 2 &&
3365 (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
)) {
3366 /* Use ap_scan==1 style network selection to find the network
3368 wpas_connect_work_done(wpa_s
);
3369 wpa_s
->scan_req
= MANUAL_SCAN_REQ
;
3370 wpa_s
->reassociate
= 1;
3371 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3373 #endif /* CONFIG_WPS */
3375 wpa_msg(wpa_s
, MSG_INFO
, "Trying to associate with SSID '%s'",
3376 wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
));
3378 os_memcpy(wpa_s
->pending_bssid
, bss
->bssid
, ETH_ALEN
);
3380 os_memset(wpa_s
->pending_bssid
, 0, ETH_ALEN
);
3383 wpa_supplicant_cancel_sched_scan(wpa_s
);
3385 wpa_supplicant_cancel_scan(wpa_s
);
3387 /* Starting new association, so clear the possibly used WPA IE from the
3388 * previous association. */
3389 wpa_sm_set_assoc_wpa_ie(wpa_s
->wpa
, NULL
, 0);
3390 wpa_sm_set_assoc_rsnxe(wpa_s
->wpa
, NULL
, 0);
3391 wpa_s
->rsnxe_len
= 0;
3393 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, bss
, ssid
, ¶ms
, NULL
);
3395 wpas_connect_work_done(wpa_s
);
3399 wpa_clear_keys(wpa_s
, bss
? bss
->bssid
: NULL
);
3401 cipher_pairwise
= wpa_s
->pairwise_cipher
;
3402 cipher_group
= wpa_s
->group_cipher
;
3403 cipher_group_mgmt
= wpa_s
->mgmt_group_cipher
;
3404 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
||
3405 wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
3406 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
)
3408 if (wpa_set_wep_keys(wpa_s
, ssid
)) {
3413 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
)
3416 #ifdef IEEE8021X_EAPOL
3417 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
3418 if ((ssid
->eapol_flags
&
3419 (EAPOL_FLAG_REQUIRE_KEY_UNICAST
|
3420 EAPOL_FLAG_REQUIRE_KEY_BROADCAST
)) == 0 &&
3424 /* Assume that dynamic WEP-104 keys will be used and
3425 * set cipher suites in order for drivers to expect
3427 cipher_pairwise
= cipher_group
= WPA_CIPHER_WEP104
;
3430 #endif /* IEEE8021X_EAPOL */
3432 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
) {
3433 /* Set the key before (and later after) association */
3434 wpa_supplicant_set_wpa_none_key(wpa_s
, ssid
);
3437 wpa_supplicant_set_state(wpa_s
, WPA_ASSOCIATING
);
3439 params
.ssid
= bss
->ssid
;
3440 params
.ssid_len
= bss
->ssid_len
;
3441 if (!wpas_driver_bss_selection(wpa_s
) || ssid
->bssid_set
||
3442 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
3443 wpa_printf(MSG_DEBUG
, "Limit connection to BSSID "
3444 MACSTR
" freq=%u MHz based on scan results "
3445 "(bssid_set=%d wps=%d)",
3446 MAC2STR(bss
->bssid
), bss
->freq
,
3448 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
);
3449 params
.bssid
= bss
->bssid
;
3450 params
.freq
.freq
= bss
->freq
;
3452 params
.bssid_hint
= bss
->bssid
;
3453 params
.freq_hint
= bss
->freq
;
3454 params
.pbss
= bss_is_pbss(bss
);
3456 if (ssid
->bssid_hint_set
)
3457 params
.bssid_hint
= ssid
->bssid_hint
;
3459 params
.ssid
= ssid
->ssid
;
3460 params
.ssid_len
= ssid
->ssid_len
;
3461 params
.pbss
= (ssid
->pbss
!= 2) ? ssid
->pbss
: 0;
3464 if (ssid
->mode
== WPAS_MODE_IBSS
&& ssid
->bssid_set
&&
3465 wpa_s
->conf
->ap_scan
== 2) {
3466 params
.bssid
= ssid
->bssid
;
3467 params
.fixed_bssid
= 1;
3470 /* Initial frequency for IBSS/mesh */
3471 if ((ssid
->mode
== WPAS_MODE_IBSS
|| ssid
->mode
== WPAS_MODE_MESH
) &&
3472 ssid
->frequency
> 0 && params
.freq
.freq
== 0)
3473 ibss_mesh_setup_freq(wpa_s
, ssid
, ¶ms
.freq
);
3475 if (ssid
->mode
== WPAS_MODE_IBSS
) {
3476 params
.fixed_freq
= ssid
->fixed_freq
;
3477 if (ssid
->beacon_int
)
3478 params
.beacon_int
= ssid
->beacon_int
;
3480 params
.beacon_int
= wpa_s
->conf
->beacon_int
;
3483 if (bss
&& ssid
->enable_edmg
)
3484 edmg_ie_oper
= get_ie_ext((const u8
*) (bss
+ 1), bss
->ie_len
,
3485 WLAN_EID_EXT_EDMG_OPERATION
);
3487 edmg_ie_oper
= NULL
;
3490 params
.freq
.edmg
.channels
=
3491 wpa_ie_get_edmg_oper_chans(edmg_ie_oper
);
3492 params
.freq
.edmg
.bw_config
=
3493 wpa_ie_get_edmg_oper_chan_width(edmg_ie_oper
);
3494 wpa_printf(MSG_DEBUG
,
3495 "AP supports EDMG channels 0x%x, bw_config %d",
3496 params
.freq
.edmg
.channels
,
3497 params
.freq
.edmg
.bw_config
);
3499 /* User may ask for specific EDMG channel for EDMG connection
3500 * (must be supported by AP)
3502 if (ssid
->edmg_channel
) {
3503 struct ieee80211_edmg_config configured_edmg
;
3504 enum hostapd_hw_mode hw_mode
;
3507 hw_mode
= ieee80211_freq_to_chan(bss
->freq
,
3509 if (hw_mode
== NUM_HOSTAPD_MODES
)
3512 hostapd_encode_edmg_chan(ssid
->enable_edmg
,
3517 if (ieee802_edmg_is_allowed(params
.freq
.edmg
,
3519 params
.freq
.edmg
= configured_edmg
;
3520 wpa_printf(MSG_DEBUG
,
3521 "Use EDMG channel %d for connection",
3522 ssid
->edmg_channel
);
3525 params
.freq
.edmg
.channels
= 0;
3526 params
.freq
.edmg
.bw_config
= 0;
3527 wpa_printf(MSG_WARNING
,
3528 "EDMG channel %d not supported by AP, fallback to DMG",
3529 ssid
->edmg_channel
);
3533 if (params
.freq
.edmg
.channels
) {
3534 wpa_printf(MSG_DEBUG
,
3535 "EDMG before: channels 0x%x, bw_config %d",
3536 params
.freq
.edmg
.channels
,
3537 params
.freq
.edmg
.bw_config
);
3538 params
.freq
.edmg
= get_supported_edmg(wpa_s
,
3541 wpa_printf(MSG_DEBUG
,
3542 "EDMG after: channels 0x%x, bw_config %d",
3543 params
.freq
.edmg
.channels
,
3544 params
.freq
.edmg
.bw_config
);
3548 params
.pairwise_suite
= cipher_pairwise
;
3549 params
.group_suite
= cipher_group
;
3550 params
.mgmt_group_suite
= cipher_group_mgmt
;
3551 params
.key_mgmt_suite
= wpa_s
->key_mgmt
;
3552 params
.wpa_proto
= wpa_s
->wpa_proto
;
3553 wpa_s
->auth_alg
= params
.auth_alg
;
3554 params
.mode
= ssid
->mode
;
3555 params
.bg_scan_period
= ssid
->bg_scan_period
;
3556 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
3557 if (ssid
->wep_key_len
[i
])
3558 params
.wep_key
[i
] = ssid
->wep_key
[i
];
3559 params
.wep_key_len
[i
] = ssid
->wep_key_len
[i
];
3561 params
.wep_tx_keyidx
= ssid
->wep_tx_keyidx
;
3563 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
) &&
3564 (params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK
||
3565 params
.key_mgmt_suite
== WPA_KEY_MGMT_FT_PSK
)) {
3566 params
.passphrase
= ssid
->passphrase
;
3568 params
.psk
= ssid
->psk
;
3571 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X
) &&
3572 (params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X
||
3573 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SHA256
||
3574 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B
||
3575 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
))
3576 params
.req_handshake_offload
= 1;
3578 if (wpa_s
->conf
->key_mgmt_offload
) {
3579 if (params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X
||
3580 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SHA256
||
3581 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B
||
3582 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
)
3583 params
.req_key_mgmt_offload
=
3584 ssid
->proactive_key_caching
< 0 ?
3585 wpa_s
->conf
->okc
: ssid
->proactive_key_caching
;
3587 params
.req_key_mgmt_offload
= 1;
3589 if ((params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK
||
3590 params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK_SHA256
||
3591 params
.key_mgmt_suite
== WPA_KEY_MGMT_FT_PSK
) &&
3593 params
.psk
= ssid
->psk
;
3596 params
.drop_unencrypted
= use_crypt
;
3598 params
.mgmt_frame_protection
= wpas_get_ssid_pmf(wpa_s
, ssid
);
3599 if (params
.mgmt_frame_protection
!= NO_MGMT_FRAME_PROTECTION
&& bss
) {
3600 const u8
*rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
3601 struct wpa_ie_data ie
;
3602 if (rsn
&& wpa_parse_wpa_ie(rsn
, 2 + rsn
[1], &ie
) == 0 &&
3604 (WPA_CAPABILITY_MFPC
| WPA_CAPABILITY_MFPR
)) {
3605 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected AP supports "
3606 "MFP: require MFP");
3607 params
.mgmt_frame_protection
=
3608 MGMT_FRAME_PROTECTION_REQUIRED
;
3610 } else if (!rsn
&& (ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
) &&
3612 params
.mgmt_frame_protection
= NO_MGMT_FRAME_PROTECTION
;
3613 #endif /* CONFIG_OWE */
3617 params
.p2p
= ssid
->p2p_group
;
3619 if (wpa_s
->p2pdev
->set_sta_uapsd
)
3620 params
.uapsd
= wpa_s
->p2pdev
->sta_uapsd
;
3624 #ifdef CONFIG_HT_OVERRIDES
3625 os_memset(&htcaps
, 0, sizeof(htcaps
));
3626 os_memset(&htcaps_mask
, 0, sizeof(htcaps_mask
));
3627 params
.htcaps
= (u8
*) &htcaps
;
3628 params
.htcaps_mask
= (u8
*) &htcaps_mask
;
3629 wpa_supplicant_apply_ht_overrides(wpa_s
, ssid
, ¶ms
);
3630 #endif /* CONFIG_HT_OVERRIDES */
3631 #ifdef CONFIG_VHT_OVERRIDES
3632 os_memset(&vhtcaps
, 0, sizeof(vhtcaps
));
3633 os_memset(&vhtcaps_mask
, 0, sizeof(vhtcaps_mask
));
3634 params
.vhtcaps
= &vhtcaps
;
3635 params
.vhtcaps_mask
= &vhtcaps_mask
;
3636 wpa_supplicant_apply_vht_overrides(wpa_s
, ssid
, ¶ms
);
3637 #endif /* CONFIG_VHT_OVERRIDES */
3641 * If multi-channel concurrency is not supported, check for any
3642 * frequency conflict. In case of any frequency conflict, remove the
3643 * least prioritized connection.
3645 if (wpa_s
->num_multichan_concurrent
< 2) {
3647 num
= get_shared_radio_freqs(wpa_s
, &freq
, 1);
3648 if (num
> 0 && freq
> 0 && freq
!= params
.freq
.freq
) {
3649 wpa_printf(MSG_DEBUG
,
3650 "Assoc conflicting freq found (%d != %d)",
3651 freq
, params
.freq
.freq
);
3652 if (wpas_p2p_handle_frequency_conflicts(
3653 wpa_s
, params
.freq
.freq
, ssid
) < 0) {
3654 wpas_connect_work_done(wpa_s
);
3660 #endif /* CONFIG_P2P */
3662 if (wpa_s
->reassoc_same_ess
&& !is_zero_ether_addr(prev_bssid
) &&
3663 wpa_s
->current_ssid
)
3664 params
.prev_bssid
= prev_bssid
;
3666 ret
= wpa_drv_associate(wpa_s
, ¶ms
);
3669 wpa_msg(wpa_s
, MSG_INFO
, "Association request to the driver "
3671 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SANE_ERROR_CODES
) {
3673 * The driver is known to mean what is saying, so we
3674 * can stop right here; the association will not
3677 wpas_connection_failed(wpa_s
, wpa_s
->pending_bssid
);
3678 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
3679 os_memset(wpa_s
->pending_bssid
, 0, ETH_ALEN
);
3682 /* try to continue anyway; new association will be tried again
3687 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
) {
3688 /* Set the key after the association just in case association
3689 * cleared the previously configured key. */
3690 wpa_supplicant_set_wpa_none_key(wpa_s
, ssid
);
3691 /* No need to timeout authentication since there is no key
3693 wpa_supplicant_cancel_auth_timeout(wpa_s
);
3694 wpa_supplicant_set_state(wpa_s
, WPA_COMPLETED
);
3695 #ifdef CONFIG_IBSS_RSN
3696 } else if (ssid
->mode
== WPAS_MODE_IBSS
&&
3697 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_NONE
&&
3698 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPA_NONE
) {
3700 * RSN IBSS authentication is per-STA and we can disable the
3701 * per-BSSID authentication.
3703 wpa_supplicant_cancel_auth_timeout(wpa_s
);
3704 #endif /* CONFIG_IBSS_RSN */
3706 /* Timeout for IEEE 802.11 authentication and association */
3710 /* give IBSS a bit more time */
3711 timeout
= ssid
->mode
== WPAS_MODE_IBSS
? 10 : 5;
3712 } else if (wpa_s
->conf
->ap_scan
== 1) {
3713 /* give IBSS a bit more time */
3714 timeout
= ssid
->mode
== WPAS_MODE_IBSS
? 20 : 10;
3716 wpa_supplicant_req_auth_timeout(wpa_s
, timeout
, 0);
3720 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC
)) {
3721 /* Set static WEP keys again */
3722 wpa_set_wep_keys(wpa_s
, ssid
);
3725 if (wpa_s
->current_ssid
&& wpa_s
->current_ssid
!= ssid
) {
3727 * Do not allow EAP session resumption between different
3728 * network configurations.
3730 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
3732 old_ssid
= wpa_s
->current_ssid
;
3733 wpa_s
->current_ssid
= ssid
;
3735 if (!wpas_driver_bss_selection(wpa_s
) || ssid
->bssid_set
) {
3736 wpa_s
->current_bss
= bss
;
3738 hs20_configure_frame_filters(wpa_s
);
3739 #endif /* CONFIG_HS20 */
3742 wpa_supplicant_rsn_supp_set_config(wpa_s
, wpa_s
->current_ssid
);
3743 wpa_supplicant_initiate_eapol(wpa_s
);
3744 if (old_ssid
!= wpa_s
->current_ssid
)
3745 wpas_notify_network_changed(wpa_s
);
3749 static void wpa_supplicant_clear_connection(struct wpa_supplicant
*wpa_s
,
3752 struct wpa_ssid
*old_ssid
;
3754 wpas_connect_work_done(wpa_s
);
3755 wpa_clear_keys(wpa_s
, addr
);
3756 old_ssid
= wpa_s
->current_ssid
;
3757 wpa_supplicant_mark_disassoc(wpa_s
);
3758 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
3759 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3760 if (old_ssid
!= wpa_s
->current_ssid
)
3761 wpas_notify_network_changed(wpa_s
);
3762 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
3767 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3768 * @wpa_s: Pointer to wpa_supplicant data
3769 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3771 * This function is used to request %wpa_supplicant to deauthenticate from the
3774 void wpa_supplicant_deauthenticate(struct wpa_supplicant
*wpa_s
,
3778 union wpa_event_data event
;
3781 wpa_dbg(wpa_s
, MSG_DEBUG
, "Request to deauthenticate - bssid=" MACSTR
3782 " pending_bssid=" MACSTR
" reason=%d (%s) state=%s",
3783 MAC2STR(wpa_s
->bssid
), MAC2STR(wpa_s
->pending_bssid
),
3784 reason_code
, reason2str(reason_code
),
3785 wpa_supplicant_state_txt(wpa_s
->wpa_state
));
3787 if (!is_zero_ether_addr(wpa_s
->pending_bssid
) &&
3788 (wpa_s
->wpa_state
== WPA_AUTHENTICATING
||
3789 wpa_s
->wpa_state
== WPA_ASSOCIATING
))
3790 addr
= wpa_s
->pending_bssid
;
3791 else if (!is_zero_ether_addr(wpa_s
->bssid
))
3792 addr
= wpa_s
->bssid
;
3793 else if (wpa_s
->wpa_state
== WPA_ASSOCIATING
) {
3795 * When using driver-based BSS selection, we may not know the
3796 * BSSID with which we are currently trying to associate. We
3797 * need to notify the driver of this disconnection even in such
3798 * a case, so use the all zeros address here.
3800 addr
= wpa_s
->bssid
;
3804 if (wpa_s
->enabled_4addr_mode
&& wpa_drv_set_4addr_mode(wpa_s
, 0) == 0)
3805 wpa_s
->enabled_4addr_mode
= 0;
3808 wpa_tdls_teardown_peers(wpa_s
->wpa
);
3809 #endif /* CONFIG_TDLS */
3813 struct mesh_conf
*mconf
;
3815 mconf
= wpa_s
->ifmsh
->mconf
;
3816 wpa_msg(wpa_s
, MSG_INFO
, MESH_GROUP_REMOVED
"%s",
3818 wpas_notify_mesh_group_removed(wpa_s
, mconf
->meshid
,
3819 mconf
->meshid_len
, reason_code
);
3820 wpa_supplicant_leave_mesh(wpa_s
);
3822 #endif /* CONFIG_MESH */
3825 wpa_drv_deauthenticate(wpa_s
, addr
, reason_code
);
3826 os_memset(&event
, 0, sizeof(event
));
3827 event
.deauth_info
.reason_code
= reason_code
;
3828 event
.deauth_info
.locally_generated
= 1;
3829 wpa_supplicant_event(wpa_s
, EVENT_DEAUTH
, &event
);
3834 wpa_supplicant_clear_connection(wpa_s
, addr
);
3837 static void wpa_supplicant_enable_one_network(struct wpa_supplicant
*wpa_s
,
3838 struct wpa_ssid
*ssid
)
3840 if (!ssid
|| !ssid
->disabled
|| ssid
->disabled
== 2)
3844 ssid
->owe_transition_bss_select_count
= 0;
3845 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
3846 wpas_notify_network_enabled_changed(wpa_s
, ssid
);
3849 * Try to reassociate since there is no current configuration and a new
3850 * network was made available.
3852 if (!wpa_s
->current_ssid
&& !wpa_s
->disconnected
)
3853 wpa_s
->reassociate
= 1;
3858 * wpa_supplicant_add_network - Add a new network
3859 * @wpa_s: wpa_supplicant structure for a network interface
3860 * Returns: The new network configuration or %NULL if operation failed
3862 * This function performs the following operations:
3863 * 1. Adds a new network.
3864 * 2. Send network addition notification.
3865 * 3. Marks the network disabled.
3866 * 4. Set network default parameters.
3868 struct wpa_ssid
* wpa_supplicant_add_network(struct wpa_supplicant
*wpa_s
)
3870 struct wpa_ssid
*ssid
;
3872 ssid
= wpa_config_add_network(wpa_s
->conf
);
3875 wpas_notify_network_added(wpa_s
, ssid
);
3877 wpa_config_set_network_defaults(ssid
);
3884 * wpa_supplicant_remove_network - Remove a configured network based on id
3885 * @wpa_s: wpa_supplicant structure for a network interface
3886 * @id: Unique network id to search for
3887 * Returns: 0 on success, or -1 if the network was not found, -2 if the network
3888 * could not be removed
3890 * This function performs the following operations:
3891 * 1. Removes the network.
3892 * 2. Send network removal notification.
3893 * 3. Update internal state machines.
3894 * 4. Stop any running sched scans.
3896 int wpa_supplicant_remove_network(struct wpa_supplicant
*wpa_s
, int id
)
3898 struct wpa_ssid
*ssid
;
3901 ssid
= wpa_config_get_network(wpa_s
->conf
, id
);
3904 wpas_notify_network_removed(wpa_s
, ssid
);
3906 if (wpa_s
->last_ssid
== ssid
)
3907 wpa_s
->last_ssid
= NULL
;
3909 if (ssid
== wpa_s
->current_ssid
|| !wpa_s
->current_ssid
) {
3911 wpa_s
->sme
.prev_bssid_set
= 0;
3912 #endif /* CONFIG_SME */
3914 * Invalidate the EAP session cache if the current or
3915 * previously used network is removed.
3917 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
3920 if (ssid
== wpa_s
->current_ssid
) {
3921 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
3922 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3924 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
3925 wpa_s
->own_disconnect_req
= 1;
3926 wpa_supplicant_deauthenticate(wpa_s
,
3927 WLAN_REASON_DEAUTH_LEAVING
);
3930 was_disabled
= ssid
->disabled
;
3932 if (wpa_config_remove_network(wpa_s
->conf
, id
) < 0)
3935 if (!was_disabled
&& wpa_s
->sched_scanning
) {
3936 wpa_printf(MSG_DEBUG
,
3937 "Stop ongoing sched_scan to remove network from filters");
3938 wpa_supplicant_cancel_sched_scan(wpa_s
);
3939 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3947 * wpa_supplicant_enable_network - Mark a configured network as enabled
3948 * @wpa_s: wpa_supplicant structure for a network interface
3949 * @ssid: wpa_ssid structure for a configured network or %NULL
3951 * Enables the specified network or all networks if no network specified.
3953 void wpa_supplicant_enable_network(struct wpa_supplicant
*wpa_s
,
3954 struct wpa_ssid
*ssid
)
3957 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
3958 wpa_supplicant_enable_one_network(wpa_s
, ssid
);
3960 wpa_supplicant_enable_one_network(wpa_s
, ssid
);
3962 if (wpa_s
->reassociate
&& !wpa_s
->disconnected
&&
3963 (!wpa_s
->current_ssid
||
3964 wpa_s
->wpa_state
== WPA_DISCONNECTED
||
3965 wpa_s
->wpa_state
== WPA_SCANNING
)) {
3966 if (wpa_s
->sched_scanning
) {
3967 wpa_printf(MSG_DEBUG
, "Stop ongoing sched_scan to add "
3968 "new network to scan filters");
3969 wpa_supplicant_cancel_sched_scan(wpa_s
);
3972 if (wpa_supplicant_fast_associate(wpa_s
) != 1) {
3973 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
3974 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3981 * wpa_supplicant_disable_network - Mark a configured network as disabled
3982 * @wpa_s: wpa_supplicant structure for a network interface
3983 * @ssid: wpa_ssid structure for a configured network or %NULL
3985 * Disables the specified network or all networks if no network specified.
3987 void wpa_supplicant_disable_network(struct wpa_supplicant
*wpa_s
,
3988 struct wpa_ssid
*ssid
)
3990 struct wpa_ssid
*other_ssid
;
3994 if (wpa_s
->sched_scanning
)
3995 wpa_supplicant_cancel_sched_scan(wpa_s
);
3997 for (other_ssid
= wpa_s
->conf
->ssid
; other_ssid
;
3998 other_ssid
= other_ssid
->next
) {
3999 was_disabled
= other_ssid
->disabled
;
4000 if (was_disabled
== 2)
4001 continue; /* do not change persistent P2P group
4004 other_ssid
->disabled
= 1;
4006 if (was_disabled
!= other_ssid
->disabled
)
4007 wpas_notify_network_enabled_changed(
4010 if (wpa_s
->current_ssid
) {
4011 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
4012 wpa_s
->own_disconnect_req
= 1;
4013 wpa_supplicant_deauthenticate(
4014 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
4016 } else if (ssid
->disabled
!= 2) {
4017 if (ssid
== wpa_s
->current_ssid
) {
4018 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
4019 wpa_s
->own_disconnect_req
= 1;
4020 wpa_supplicant_deauthenticate(
4021 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
4024 was_disabled
= ssid
->disabled
;
4028 if (was_disabled
!= ssid
->disabled
) {
4029 wpas_notify_network_enabled_changed(wpa_s
, ssid
);
4030 if (wpa_s
->sched_scanning
) {
4031 wpa_printf(MSG_DEBUG
, "Stop ongoing sched_scan "
4032 "to remove network from filters");
4033 wpa_supplicant_cancel_sched_scan(wpa_s
);
4034 wpa_supplicant_req_scan(wpa_s
, 0, 0);
4042 * wpa_supplicant_select_network - Attempt association with a network
4043 * @wpa_s: wpa_supplicant structure for a network interface
4044 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
4046 void wpa_supplicant_select_network(struct wpa_supplicant
*wpa_s
,
4047 struct wpa_ssid
*ssid
)
4050 struct wpa_ssid
*other_ssid
;
4051 int disconnected
= 0;
4053 if (ssid
&& ssid
!= wpa_s
->current_ssid
&& wpa_s
->current_ssid
) {
4054 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
4055 wpa_s
->own_disconnect_req
= 1;
4056 wpa_supplicant_deauthenticate(
4057 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
4062 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
4065 * Mark all other networks disabled or mark all networks enabled if no
4066 * network specified.
4068 for (other_ssid
= wpa_s
->conf
->ssid
; other_ssid
;
4069 other_ssid
= other_ssid
->next
) {
4070 int was_disabled
= other_ssid
->disabled
;
4071 if (was_disabled
== 2)
4072 continue; /* do not change persistent P2P group data */
4074 other_ssid
->disabled
= ssid
? (ssid
->id
!= other_ssid
->id
) : 0;
4075 if (was_disabled
&& !other_ssid
->disabled
)
4076 wpas_clear_temp_disabled(wpa_s
, other_ssid
, 0);
4078 if (was_disabled
!= other_ssid
->disabled
)
4079 wpas_notify_network_enabled_changed(wpa_s
, other_ssid
);
4082 if (ssid
&& ssid
== wpa_s
->current_ssid
&& wpa_s
->current_ssid
&&
4083 wpa_s
->wpa_state
>= WPA_AUTHENTICATING
) {
4084 /* We are already associated with the selected network */
4085 wpa_printf(MSG_DEBUG
, "Already associated with the "
4086 "selected network - do nothing");
4091 wpa_s
->current_ssid
= ssid
;
4092 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
4093 wpa_s
->connect_without_scan
=
4094 (ssid
->mode
== WPAS_MODE_MESH
) ? ssid
: NULL
;
4097 * Don't optimize next scan freqs since a new ESS has been
4100 os_free(wpa_s
->next_scan_freqs
);
4101 wpa_s
->next_scan_freqs
= NULL
;
4103 wpa_s
->connect_without_scan
= NULL
;
4106 wpa_s
->disconnected
= 0;
4107 wpa_s
->reassociate
= 1;
4108 wpa_s_clear_sae_rejected(wpa_s
);
4109 wpa_s
->last_owe_group
= 0;
4111 ssid
->owe_transition_bss_select_count
= 0;
4112 wpa_s_setup_sae_pt(wpa_s
->conf
, ssid
);
4115 if (wpa_s
->connect_without_scan
||
4116 wpa_supplicant_fast_associate(wpa_s
) != 1) {
4117 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
4118 wpas_scan_reset_sched_scan(wpa_s
);
4119 wpa_supplicant_req_scan(wpa_s
, 0, disconnected
? 100000 : 0);
4123 wpas_notify_network_selected(wpa_s
, ssid
);
4128 * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
4129 * @wpa_s: wpa_supplicant structure for a network interface
4130 * @pkcs11_engine_path: PKCS #11 engine path or NULL
4131 * @pkcs11_module_path: PKCS #11 module path or NULL
4132 * Returns: 0 on success; -1 on failure
4134 * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
4135 * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
4136 * module path fails the paths will be reset to the default value (NULL).
4138 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant
*wpa_s
,
4139 const char *pkcs11_engine_path
,
4140 const char *pkcs11_module_path
)
4142 char *pkcs11_engine_path_copy
= NULL
;
4143 char *pkcs11_module_path_copy
= NULL
;
4145 if (pkcs11_engine_path
!= NULL
) {
4146 pkcs11_engine_path_copy
= os_strdup(pkcs11_engine_path
);
4147 if (pkcs11_engine_path_copy
== NULL
)
4150 if (pkcs11_module_path
!= NULL
) {
4151 pkcs11_module_path_copy
= os_strdup(pkcs11_module_path
);
4152 if (pkcs11_module_path_copy
== NULL
) {
4153 os_free(pkcs11_engine_path_copy
);
4158 os_free(wpa_s
->conf
->pkcs11_engine_path
);
4159 os_free(wpa_s
->conf
->pkcs11_module_path
);
4160 wpa_s
->conf
->pkcs11_engine_path
= pkcs11_engine_path_copy
;
4161 wpa_s
->conf
->pkcs11_module_path
= pkcs11_module_path_copy
;
4163 wpa_sm_set_eapol(wpa_s
->wpa
, NULL
);
4164 eapol_sm_deinit(wpa_s
->eapol
);
4165 wpa_s
->eapol
= NULL
;
4166 if (wpa_supplicant_init_eapol(wpa_s
)) {
4167 /* Error -> Reset paths to the default value (NULL) once. */
4168 if (pkcs11_engine_path
!= NULL
&& pkcs11_module_path
!= NULL
)
4169 wpas_set_pkcs11_engine_and_module_path(wpa_s
, NULL
,
4174 wpa_sm_set_eapol(wpa_s
->wpa
, wpa_s
->eapol
);
4181 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
4182 * @wpa_s: wpa_supplicant structure for a network interface
4183 * @ap_scan: AP scan mode
4184 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
4187 int wpa_supplicant_set_ap_scan(struct wpa_supplicant
*wpa_s
, int ap_scan
)
4192 if (ap_scan
< 0 || ap_scan
> 2)
4195 if (ap_scan
== 2 && os_strcmp(wpa_s
->driver
->name
, "nl80211") == 0) {
4196 wpa_printf(MSG_INFO
,
4197 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4201 if (ap_scan
== 2 && ap_scan
!= wpa_s
->conf
->ap_scan
&&
4202 wpa_s
->wpa_state
>= WPA_ASSOCIATING
&&
4203 wpa_s
->wpa_state
< WPA_COMPLETED
) {
4204 wpa_printf(MSG_ERROR
, "ap_scan = %d (%d) rejected while "
4205 "associating", wpa_s
->conf
->ap_scan
, ap_scan
);
4208 #endif /* ANDROID */
4210 old_ap_scan
= wpa_s
->conf
->ap_scan
;
4211 wpa_s
->conf
->ap_scan
= ap_scan
;
4213 if (old_ap_scan
!= wpa_s
->conf
->ap_scan
)
4214 wpas_notify_ap_scan_changed(wpa_s
);
4221 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
4222 * @wpa_s: wpa_supplicant structure for a network interface
4223 * @expire_age: Expiration age in seconds
4224 * Returns: 0 if succeed or -1 if expire_age has an invalid value
4227 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant
*wpa_s
,
4228 unsigned int bss_expire_age
)
4230 if (bss_expire_age
< 10) {
4231 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid bss expiration age %u",
4235 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting bss expiration age: %d sec",
4237 wpa_s
->conf
->bss_expiration_age
= bss_expire_age
;
4244 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
4245 * @wpa_s: wpa_supplicant structure for a network interface
4246 * @expire_count: number of scans after which an unseen BSS is reclaimed
4247 * Returns: 0 if succeed or -1 if expire_count has an invalid value
4250 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant
*wpa_s
,
4251 unsigned int bss_expire_count
)
4253 if (bss_expire_count
< 1) {
4254 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid bss expiration count %u",
4258 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting bss expiration scan count: %u",
4260 wpa_s
->conf
->bss_expiration_scan_count
= bss_expire_count
;
4267 * wpa_supplicant_set_scan_interval - Set scan interval
4268 * @wpa_s: wpa_supplicant structure for a network interface
4269 * @scan_interval: scan interval in seconds
4270 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
4273 int wpa_supplicant_set_scan_interval(struct wpa_supplicant
*wpa_s
,
4276 if (scan_interval
< 0) {
4277 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid scan interval %d",
4281 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting scan interval: %d sec",
4283 wpa_supplicant_update_scan_int(wpa_s
, scan_interval
);
4290 * wpa_supplicant_set_debug_params - Set global debug params
4291 * @global: wpa_global structure
4292 * @debug_level: debug level
4293 * @debug_timestamp: determines if show timestamp in debug data
4294 * @debug_show_keys: determines if show keys in debug data
4295 * Returns: 0 if succeed or -1 if debug_level has wrong value
4297 int wpa_supplicant_set_debug_params(struct wpa_global
*global
, int debug_level
,
4298 int debug_timestamp
, int debug_show_keys
)
4301 int old_level
, old_timestamp
, old_show_keys
;
4303 /* check for allowed debuglevels */
4304 if (debug_level
!= MSG_EXCESSIVE
&&
4305 debug_level
!= MSG_MSGDUMP
&&
4306 debug_level
!= MSG_DEBUG
&&
4307 debug_level
!= MSG_INFO
&&
4308 debug_level
!= MSG_WARNING
&&
4309 debug_level
!= MSG_ERROR
)
4312 old_level
= wpa_debug_level
;
4313 old_timestamp
= wpa_debug_timestamp
;
4314 old_show_keys
= wpa_debug_show_keys
;
4316 wpa_debug_level
= debug_level
;
4317 wpa_debug_timestamp
= debug_timestamp
? 1 : 0;
4318 wpa_debug_show_keys
= debug_show_keys
? 1 : 0;
4320 if (wpa_debug_level
!= old_level
)
4321 wpas_notify_debug_level_changed(global
);
4322 if (wpa_debug_timestamp
!= old_timestamp
)
4323 wpas_notify_debug_timestamp_changed(global
);
4324 if (wpa_debug_show_keys
!= old_show_keys
)
4325 wpas_notify_debug_show_keys_changed(global
);
4332 static int owe_trans_ssid_match(struct wpa_supplicant
*wpa_s
, const u8
*bssid
,
4333 const u8
*entry_ssid
, size_t entry_ssid_len
)
4335 const u8
*owe
, *pos
, *end
;
4337 struct wpa_bss
*bss
;
4339 /* Check network profile SSID aganst the SSID in the
4340 * OWE Transition Mode element. */
4342 bss
= wpa_bss_get_bssid_latest(wpa_s
, bssid
);
4346 owe
= wpa_bss_get_vendor_ie(bss
, OWE_IE_VENDOR_TYPE
);
4351 end
= owe
+ 2 + owe
[1];
4353 if (end
- pos
< ETH_ALEN
+ 1)
4357 if (end
- pos
< ssid_len
|| ssid_len
> SSID_MAX_LEN
)
4360 return entry_ssid_len
== ssid_len
&&
4361 os_memcmp(pos
, entry_ssid
, ssid_len
) == 0;
4363 #endif /* CONFIG_OWE */
4367 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
4368 * @wpa_s: Pointer to wpa_supplicant data
4369 * Returns: A pointer to the current network structure or %NULL on failure
4371 struct wpa_ssid
* wpa_supplicant_get_ssid(struct wpa_supplicant
*wpa_s
)
4373 struct wpa_ssid
*entry
;
4374 u8 ssid
[SSID_MAX_LEN
];
4380 res
= wpa_drv_get_ssid(wpa_s
, ssid
);
4382 wpa_msg(wpa_s
, MSG_WARNING
, "Could not read SSID from "
4388 if (wpa_drv_get_bssid(wpa_s
, bssid
) < 0) {
4389 wpa_msg(wpa_s
, MSG_WARNING
, "Could not read BSSID from "
4394 wired
= wpa_s
->conf
->ap_scan
== 0 &&
4395 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
);
4397 entry
= wpa_s
->conf
->ssid
;
4399 if (!wpas_network_disabled(wpa_s
, entry
) &&
4400 ((ssid_len
== entry
->ssid_len
&&
4402 os_memcmp(ssid
, entry
->ssid
, ssid_len
) == 0)) ||
4404 (!entry
->bssid_set
||
4405 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4408 if (!wpas_network_disabled(wpa_s
, entry
) &&
4409 (entry
->key_mgmt
& WPA_KEY_MGMT_WPS
) &&
4410 (entry
->ssid
== NULL
|| entry
->ssid_len
== 0) &&
4411 (!entry
->bssid_set
||
4412 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4414 #endif /* CONFIG_WPS */
4417 if (!wpas_network_disabled(wpa_s
, entry
) &&
4418 owe_trans_ssid_match(wpa_s
, bssid
, entry
->ssid
,
4420 (!entry
->bssid_set
||
4421 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4423 #endif /* CONFIG_OWE */
4425 if (!wpas_network_disabled(wpa_s
, entry
) && entry
->bssid_set
&&
4426 entry
->ssid_len
== 0 &&
4427 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0)
4430 entry
= entry
->next
;
4437 static int select_driver(struct wpa_supplicant
*wpa_s
, int i
)
4439 struct wpa_global
*global
= wpa_s
->global
;
4441 if (wpa_drivers
[i
]->global_init
&& global
->drv_priv
[i
] == NULL
) {
4442 global
->drv_priv
[i
] = wpa_drivers
[i
]->global_init(global
);
4443 if (global
->drv_priv
[i
] == NULL
) {
4444 wpa_printf(MSG_ERROR
, "Failed to initialize driver "
4445 "'%s'", wpa_drivers
[i
]->name
);
4450 wpa_s
->driver
= wpa_drivers
[i
];
4451 wpa_s
->global_drv_priv
= global
->drv_priv
[i
];
4457 static int wpa_supplicant_set_driver(struct wpa_supplicant
*wpa_s
,
4462 const char *pos
, *driver
= name
;
4467 if (wpa_drivers
[0] == NULL
) {
4468 wpa_msg(wpa_s
, MSG_ERROR
, "No driver interfaces build into "
4474 /* default to first driver in the list */
4475 return select_driver(wpa_s
, 0);
4479 pos
= os_strchr(driver
, ',');
4483 len
= os_strlen(driver
);
4485 for (i
= 0; wpa_drivers
[i
]; i
++) {
4486 if (os_strlen(wpa_drivers
[i
]->name
) == len
&&
4487 os_strncmp(driver
, wpa_drivers
[i
]->name
, len
) ==
4489 /* First driver that succeeds wins */
4490 if (select_driver(wpa_s
, i
) == 0)
4498 wpa_msg(wpa_s
, MSG_ERROR
, "Unsupported driver '%s'", name
);
4504 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
4505 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
4506 * with struct wpa_driver_ops::init()
4507 * @src_addr: Source address of the EAPOL frame
4508 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
4509 * @len: Length of the EAPOL data
4511 * This function is called for each received EAPOL frame. Most driver
4512 * interfaces rely on more generic OS mechanism for receiving frames through
4513 * l2_packet, but if such a mechanism is not available, the driver wrapper may
4514 * take care of received EAPOL frames and deliver them to the core supplicant
4515 * code by calling this function.
4517 void wpa_supplicant_rx_eapol(void *ctx
, const u8
*src_addr
,
4518 const u8
*buf
, size_t len
)
4520 struct wpa_supplicant
*wpa_s
= ctx
;
4522 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
, MAC2STR(src_addr
));
4523 wpa_hexdump(MSG_MSGDUMP
, "RX EAPOL", buf
, len
);
4525 #ifdef CONFIG_TESTING_OPTIONS
4526 if (wpa_s
->ignore_auth_resp
) {
4527 wpa_printf(MSG_INFO
, "RX EAPOL - ignore_auth_resp active!");
4530 #endif /* CONFIG_TESTING_OPTIONS */
4532 if (wpa_s
->wpa_state
< WPA_ASSOCIATED
||
4533 (wpa_s
->last_eapol_matches_bssid
&&
4536 #endif /* CONFIG_AP */
4537 os_memcmp(src_addr
, wpa_s
->bssid
, ETH_ALEN
) != 0)) {
4539 * There is possible race condition between receiving the
4540 * association event and the EAPOL frame since they are coming
4541 * through different paths from the driver. In order to avoid
4542 * issues in trying to process the EAPOL frame before receiving
4543 * association information, lets queue it for processing until
4544 * the association event is received. This may also be needed in
4545 * driver-based roaming case, so also use src_addr != BSSID as a
4546 * trigger if we have previously confirmed that the
4547 * Authenticator uses BSSID as the src_addr (which is not the
4548 * case with wired IEEE 802.1X).
4550 wpa_dbg(wpa_s
, MSG_DEBUG
, "Not associated - Delay processing "
4551 "of received EAPOL frame (state=%s bssid=" MACSTR
")",
4552 wpa_supplicant_state_txt(wpa_s
->wpa_state
),
4553 MAC2STR(wpa_s
->bssid
));
4554 wpabuf_free(wpa_s
->pending_eapol_rx
);
4555 wpa_s
->pending_eapol_rx
= wpabuf_alloc_copy(buf
, len
);
4556 if (wpa_s
->pending_eapol_rx
) {
4557 os_get_reltime(&wpa_s
->pending_eapol_rx_time
);
4558 os_memcpy(wpa_s
->pending_eapol_rx_src
, src_addr
,
4564 wpa_s
->last_eapol_matches_bssid
=
4565 os_memcmp(src_addr
, wpa_s
->bssid
, ETH_ALEN
) == 0;
4568 if (wpa_s
->ap_iface
) {
4569 wpa_supplicant_ap_rx_eapol(wpa_s
, src_addr
, buf
, len
);
4572 #endif /* CONFIG_AP */
4574 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
) {
4575 wpa_dbg(wpa_s
, MSG_DEBUG
, "Ignored received EAPOL frame since "
4576 "no key management is configured");
4580 if (wpa_s
->eapol_received
== 0 &&
4581 (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
) ||
4582 !wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
4583 wpa_s
->wpa_state
!= WPA_COMPLETED
) &&
4584 (wpa_s
->current_ssid
== NULL
||
4585 wpa_s
->current_ssid
->mode
!= WPAS_MODE_IBSS
)) {
4586 /* Timeout for completing IEEE 802.1X and WPA authentication */
4589 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) ||
4590 wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
||
4591 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
4592 /* Use longer timeout for IEEE 802.1X/EAP */
4597 if (wpa_s
->current_ssid
&& wpa_s
->current_bss
&&
4598 (wpa_s
->current_ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
) &&
4599 eap_is_wps_pin_enrollee(&wpa_s
->current_ssid
->eap
)) {
4601 * Use shorter timeout if going through WPS AP iteration
4602 * for PIN config method with an AP that does not
4603 * advertise Selected Registrar.
4605 struct wpabuf
*wps_ie
;
4607 wps_ie
= wpa_bss_get_vendor_ie_multi(
4608 wpa_s
->current_bss
, WPS_IE_VENDOR_TYPE
);
4610 !wps_is_addr_authorized(wps_ie
, wpa_s
->own_addr
, 1))
4612 wpabuf_free(wps_ie
);
4614 #endif /* CONFIG_WPS */
4616 wpa_supplicant_req_auth_timeout(wpa_s
, timeout
, 0);
4618 wpa_s
->eapol_received
++;
4620 if (wpa_s
->countermeasures
) {
4621 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Countermeasures - dropped "
4626 #ifdef CONFIG_IBSS_RSN
4627 if (wpa_s
->current_ssid
&&
4628 wpa_s
->current_ssid
->mode
== WPAS_MODE_IBSS
) {
4629 ibss_rsn_rx_eapol(wpa_s
->ibss_rsn
, src_addr
, buf
, len
);
4632 #endif /* CONFIG_IBSS_RSN */
4634 /* Source address of the incoming EAPOL frame could be compared to the
4635 * current BSSID. However, it is possible that a centralized
4636 * Authenticator could be using another MAC address than the BSSID of
4637 * an AP, so just allow any address to be used for now. The replies are
4638 * still sent to the current BSSID (if available), though. */
4640 os_memcpy(wpa_s
->last_eapol_src
, src_addr
, ETH_ALEN
);
4641 if (!wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) &&
4642 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_OWE
&&
4643 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_DPP
&&
4644 eapol_sm_rx_eapol(wpa_s
->eapol
, src_addr
, buf
, len
) > 0)
4646 wpa_drv_poll(wpa_s
);
4647 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
))
4648 wpa_sm_rx_eapol(wpa_s
->wpa
, src_addr
, buf
, len
);
4649 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
)) {
4651 * Set portValid = TRUE here since we are going to skip 4-way
4652 * handshake processing which would normally set portValid. We
4653 * need this to allow the EAPOL state machines to be completed
4654 * without going through EAPOL-Key handshake.
4656 eapol_sm_notify_portValid(wpa_s
->eapol
, TRUE
);
4661 int wpa_supplicant_update_mac_addr(struct wpa_supplicant
*wpa_s
)
4663 if ((!wpa_s
->p2p_mgmt
||
4664 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
)) &&
4665 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE
)) {
4666 l2_packet_deinit(wpa_s
->l2
);
4667 wpa_s
->l2
= l2_packet_init(wpa_s
->ifname
,
4668 wpa_drv_get_mac_addr(wpa_s
),
4670 wpa_supplicant_rx_eapol
, wpa_s
, 0);
4671 if (wpa_s
->l2
== NULL
)
4674 if (l2_packet_set_packet_filter(wpa_s
->l2
,
4675 L2_PACKET_FILTER_PKTTYPE
))
4676 wpa_dbg(wpa_s
, MSG_DEBUG
,
4677 "Failed to attach pkt_type filter");
4679 const u8
*addr
= wpa_drv_get_mac_addr(wpa_s
);
4681 os_memcpy(wpa_s
->own_addr
, addr
, ETH_ALEN
);
4684 if (wpa_s
->l2
&& l2_packet_get_own_addr(wpa_s
->l2
, wpa_s
->own_addr
)) {
4685 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to get own L2 address");
4689 wpa_sm_set_own_addr(wpa_s
->wpa
, wpa_s
->own_addr
);
4690 wpas_wps_update_mac_addr(wpa_s
);
4694 fst_update_mac_addr(wpa_s
->fst
, wpa_s
->own_addr
);
4695 #endif /* CONFIG_FST */
4701 static void wpa_supplicant_rx_eapol_bridge(void *ctx
, const u8
*src_addr
,
4702 const u8
*buf
, size_t len
)
4704 struct wpa_supplicant
*wpa_s
= ctx
;
4705 const struct l2_ethhdr
*eth
;
4707 if (len
< sizeof(*eth
))
4709 eth
= (const struct l2_ethhdr
*) buf
;
4711 if (os_memcmp(eth
->h_dest
, wpa_s
->own_addr
, ETH_ALEN
) != 0 &&
4712 !(eth
->h_dest
[0] & 0x01)) {
4713 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
" to " MACSTR
4714 " (bridge - not for this interface - ignore)",
4715 MAC2STR(src_addr
), MAC2STR(eth
->h_dest
));
4719 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
" to " MACSTR
4720 " (bridge)", MAC2STR(src_addr
), MAC2STR(eth
->h_dest
));
4721 wpa_supplicant_rx_eapol(wpa_s
, src_addr
, buf
+ sizeof(*eth
),
4722 len
- sizeof(*eth
));
4727 * wpa_supplicant_driver_init - Initialize driver interface parameters
4728 * @wpa_s: Pointer to wpa_supplicant data
4729 * Returns: 0 on success, -1 on failure
4731 * This function is called to initialize driver interface parameters.
4732 * wpa_drv_init() must have been called before this function to initialize the
4735 int wpa_supplicant_driver_init(struct wpa_supplicant
*wpa_s
)
4737 static int interface_count
= 0;
4739 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0)
4742 wpa_dbg(wpa_s
, MSG_DEBUG
, "Own MAC address: " MACSTR
,
4743 MAC2STR(wpa_s
->own_addr
));
4744 os_memcpy(wpa_s
->perm_addr
, wpa_s
->own_addr
, ETH_ALEN
);
4745 wpa_sm_set_own_addr(wpa_s
->wpa
, wpa_s
->own_addr
);
4747 if (wpa_s
->bridge_ifname
[0]) {
4748 wpa_dbg(wpa_s
, MSG_DEBUG
, "Receiving packets from bridge "
4749 "interface '%s'", wpa_s
->bridge_ifname
);
4750 wpa_s
->l2_br
= l2_packet_init_bridge(
4751 wpa_s
->bridge_ifname
, wpa_s
->ifname
, wpa_s
->own_addr
,
4752 ETH_P_EAPOL
, wpa_supplicant_rx_eapol_bridge
, wpa_s
, 1);
4753 if (wpa_s
->l2_br
== NULL
) {
4754 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to open l2_packet "
4755 "connection for the bridge interface '%s'",
4756 wpa_s
->bridge_ifname
);
4761 if (wpa_s
->conf
->ap_scan
== 2 &&
4762 os_strcmp(wpa_s
->driver
->name
, "nl80211") == 0) {
4763 wpa_printf(MSG_INFO
,
4764 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4767 wpa_clear_keys(wpa_s
, NULL
);
4769 /* Make sure that TKIP countermeasures are not left enabled (could
4770 * happen if wpa_supplicant is killed during countermeasures. */
4771 wpa_drv_set_countermeasures(wpa_s
, 0);
4773 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: flushing PMKID list in the driver");
4774 wpa_drv_flush_pmkid(wpa_s
);
4776 wpa_s
->prev_scan_ssid
= WILDCARD_SSID_SCAN
;
4777 wpa_s
->prev_scan_wildcard
= 0;
4779 if (wpa_supplicant_enabled_networks(wpa_s
)) {
4780 if (wpa_s
->wpa_state
== WPA_INTERFACE_DISABLED
) {
4781 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
4782 interface_count
= 0;
4785 if (!wpa_s
->p2p_mgmt
&&
4786 wpa_supplicant_delayed_sched_scan(wpa_s
,
4787 interface_count
% 3,
4789 wpa_supplicant_req_scan(wpa_s
, interface_count
% 3,
4791 #endif /* ANDROID */
4794 wpa_supplicant_set_state(wpa_s
, WPA_INACTIVE
);
4800 static int wpa_supplicant_daemon(const char *pid_file
)
4802 wpa_printf(MSG_DEBUG
, "Daemonize..");
4803 return os_daemonize(pid_file
);
4807 static struct wpa_supplicant
*
4808 wpa_supplicant_alloc(struct wpa_supplicant
*parent
)
4810 struct wpa_supplicant
*wpa_s
;
4812 wpa_s
= os_zalloc(sizeof(*wpa_s
));
4815 wpa_s
->scan_req
= INITIAL_SCAN_REQ
;
4816 wpa_s
->scan_interval
= 5;
4817 wpa_s
->new_connection
= 1;
4818 wpa_s
->parent
= parent
? parent
: wpa_s
;
4819 wpa_s
->p2pdev
= wpa_s
->parent
;
4820 wpa_s
->sched_scanning
= 0;
4822 dl_list_init(&wpa_s
->bss_tmp_disallowed
);
4823 dl_list_init(&wpa_s
->fils_hlp_req
);
4824 #ifdef CONFIG_TESTING_OPTIONS
4825 dl_list_init(&wpa_s
->drv_signal_override
);
4826 #endif /* CONFIG_TESTING_OPTIONS */
4832 #ifdef CONFIG_HT_OVERRIDES
4834 static int wpa_set_htcap_mcs(struct wpa_supplicant
*wpa_s
,
4835 struct ieee80211_ht_capabilities
*htcaps
,
4836 struct ieee80211_ht_capabilities
*htcaps_mask
,
4839 /* parse ht_mcs into hex array */
4841 const char *tmp
= ht_mcs
;
4844 /* If ht_mcs is null, do not set anything */
4848 /* This is what we are setting in the kernel */
4849 os_memset(&htcaps
->supported_mcs_set
, 0, IEEE80211_HT_MCS_MASK_LEN
);
4851 wpa_msg(wpa_s
, MSG_DEBUG
, "set_htcap, ht_mcs -:%s:-", ht_mcs
);
4853 for (i
= 0; i
< IEEE80211_HT_MCS_MASK_LEN
; i
++) {
4857 v
= strtol(tmp
, &end
, 16);
4860 wpa_msg(wpa_s
, MSG_DEBUG
,
4861 "htcap value[%i]: %ld end: %p tmp: %p",
4866 htcaps
->supported_mcs_set
[i
] = v
;
4869 wpa_msg(wpa_s
, MSG_ERROR
,
4870 "Failed to parse ht-mcs: %s, error: %s\n",
4871 ht_mcs
, strerror(errno
));
4877 * If we were able to parse any values, then set mask for the MCS set.
4880 os_memset(&htcaps_mask
->supported_mcs_set
, 0xff,
4881 IEEE80211_HT_MCS_MASK_LEN
- 1);
4882 /* skip the 3 reserved bits */
4883 htcaps_mask
->supported_mcs_set
[IEEE80211_HT_MCS_MASK_LEN
- 1] =
4891 static int wpa_disable_max_amsdu(struct wpa_supplicant
*wpa_s
,
4892 struct ieee80211_ht_capabilities
*htcaps
,
4893 struct ieee80211_ht_capabilities
*htcaps_mask
,
4901 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_max_amsdu: %d", disabled
);
4903 msk
= host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE
);
4904 htcaps_mask
->ht_capabilities_info
|= msk
;
4906 htcaps
->ht_capabilities_info
&= msk
;
4908 htcaps
->ht_capabilities_info
|= msk
;
4914 static int wpa_set_ampdu_factor(struct wpa_supplicant
*wpa_s
,
4915 struct ieee80211_ht_capabilities
*htcaps
,
4916 struct ieee80211_ht_capabilities
*htcaps_mask
,
4922 wpa_msg(wpa_s
, MSG_DEBUG
, "set_ampdu_factor: %d", factor
);
4924 if (factor
< 0 || factor
> 3) {
4925 wpa_msg(wpa_s
, MSG_ERROR
, "ampdu_factor: %d out of range. "
4926 "Must be 0-3 or -1", factor
);
4930 htcaps_mask
->a_mpdu_params
|= 0x3; /* 2 bits for factor */
4931 htcaps
->a_mpdu_params
&= ~0x3;
4932 htcaps
->a_mpdu_params
|= factor
& 0x3;
4938 static int wpa_set_ampdu_density(struct wpa_supplicant
*wpa_s
,
4939 struct ieee80211_ht_capabilities
*htcaps
,
4940 struct ieee80211_ht_capabilities
*htcaps_mask
,
4946 wpa_msg(wpa_s
, MSG_DEBUG
, "set_ampdu_density: %d", density
);
4948 if (density
< 0 || density
> 7) {
4949 wpa_msg(wpa_s
, MSG_ERROR
,
4950 "ampdu_density: %d out of range. Must be 0-7 or -1.",
4955 htcaps_mask
->a_mpdu_params
|= 0x1C;
4956 htcaps
->a_mpdu_params
&= ~(0x1C);
4957 htcaps
->a_mpdu_params
|= (density
<< 2) & 0x1C;
4963 static int wpa_set_disable_ht40(struct wpa_supplicant
*wpa_s
,
4964 struct ieee80211_ht_capabilities
*htcaps
,
4965 struct ieee80211_ht_capabilities
*htcaps_mask
,
4969 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_ht40: %d", disabled
);
4971 set_disable_ht40(htcaps
, disabled
);
4972 set_disable_ht40(htcaps_mask
, 0);
4978 static int wpa_set_disable_sgi(struct wpa_supplicant
*wpa_s
,
4979 struct ieee80211_ht_capabilities
*htcaps
,
4980 struct ieee80211_ht_capabilities
*htcaps_mask
,
4983 /* Masking these out disables SGI */
4984 le16 msk
= host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ
|
4985 HT_CAP_INFO_SHORT_GI40MHZ
);
4988 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_sgi: %d", disabled
);
4991 htcaps
->ht_capabilities_info
&= ~msk
;
4993 htcaps
->ht_capabilities_info
|= msk
;
4995 htcaps_mask
->ht_capabilities_info
|= msk
;
5001 static int wpa_set_disable_ldpc(struct wpa_supplicant
*wpa_s
,
5002 struct ieee80211_ht_capabilities
*htcaps
,
5003 struct ieee80211_ht_capabilities
*htcaps_mask
,
5006 /* Masking these out disables LDPC */
5007 le16 msk
= host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP
);
5010 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_ldpc: %d", disabled
);
5013 htcaps
->ht_capabilities_info
&= ~msk
;
5015 htcaps
->ht_capabilities_info
|= msk
;
5017 htcaps_mask
->ht_capabilities_info
|= msk
;
5023 static int wpa_set_tx_stbc(struct wpa_supplicant
*wpa_s
,
5024 struct ieee80211_ht_capabilities
*htcaps
,
5025 struct ieee80211_ht_capabilities
*htcaps_mask
,
5028 le16 msk
= host_to_le16(HT_CAP_INFO_TX_STBC
);
5033 wpa_msg(wpa_s
, MSG_DEBUG
, "set_tx_stbc: %d", tx_stbc
);
5035 if (tx_stbc
< 0 || tx_stbc
> 1) {
5036 wpa_msg(wpa_s
, MSG_ERROR
,
5037 "tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc
);
5041 htcaps_mask
->ht_capabilities_info
|= msk
;
5042 htcaps
->ht_capabilities_info
&= ~msk
;
5043 htcaps
->ht_capabilities_info
|= (tx_stbc
<< 7) & msk
;
5049 static int wpa_set_rx_stbc(struct wpa_supplicant
*wpa_s
,
5050 struct ieee80211_ht_capabilities
*htcaps
,
5051 struct ieee80211_ht_capabilities
*htcaps_mask
,
5054 le16 msk
= host_to_le16(HT_CAP_INFO_RX_STBC_MASK
);
5059 wpa_msg(wpa_s
, MSG_DEBUG
, "set_rx_stbc: %d", rx_stbc
);
5061 if (rx_stbc
< 0 || rx_stbc
> 3) {
5062 wpa_msg(wpa_s
, MSG_ERROR
,
5063 "rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc
);
5067 htcaps_mask
->ht_capabilities_info
|= msk
;
5068 htcaps
->ht_capabilities_info
&= ~msk
;
5069 htcaps
->ht_capabilities_info
|= (rx_stbc
<< 8) & msk
;
5075 void wpa_supplicant_apply_ht_overrides(
5076 struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
5077 struct wpa_driver_associate_params
*params
)
5079 struct ieee80211_ht_capabilities
*htcaps
;
5080 struct ieee80211_ht_capabilities
*htcaps_mask
;
5085 params
->disable_ht
= ssid
->disable_ht
;
5086 if (!params
->htcaps
|| !params
->htcaps_mask
)
5089 htcaps
= (struct ieee80211_ht_capabilities
*) params
->htcaps
;
5090 htcaps_mask
= (struct ieee80211_ht_capabilities
*) params
->htcaps_mask
;
5091 wpa_set_htcap_mcs(wpa_s
, htcaps
, htcaps_mask
, ssid
->ht_mcs
);
5092 wpa_disable_max_amsdu(wpa_s
, htcaps
, htcaps_mask
,
5093 ssid
->disable_max_amsdu
);
5094 wpa_set_ampdu_factor(wpa_s
, htcaps
, htcaps_mask
, ssid
->ampdu_factor
);
5095 wpa_set_ampdu_density(wpa_s
, htcaps
, htcaps_mask
, ssid
->ampdu_density
);
5096 wpa_set_disable_ht40(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_ht40
);
5097 wpa_set_disable_sgi(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_sgi
);
5098 wpa_set_disable_ldpc(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_ldpc
);
5099 wpa_set_rx_stbc(wpa_s
, htcaps
, htcaps_mask
, ssid
->rx_stbc
);
5100 wpa_set_tx_stbc(wpa_s
, htcaps
, htcaps_mask
, ssid
->tx_stbc
);
5102 if (ssid
->ht40_intolerant
) {
5103 le16 bit
= host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT
);
5104 htcaps
->ht_capabilities_info
|= bit
;
5105 htcaps_mask
->ht_capabilities_info
|= bit
;
5109 #endif /* CONFIG_HT_OVERRIDES */
5112 #ifdef CONFIG_VHT_OVERRIDES
5113 void wpa_supplicant_apply_vht_overrides(
5114 struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
5115 struct wpa_driver_associate_params
*params
)
5117 struct ieee80211_vht_capabilities
*vhtcaps
;
5118 struct ieee80211_vht_capabilities
*vhtcaps_mask
;
5123 params
->disable_vht
= ssid
->disable_vht
;
5125 vhtcaps
= (void *) params
->vhtcaps
;
5126 vhtcaps_mask
= (void *) params
->vhtcaps_mask
;
5128 if (!vhtcaps
|| !vhtcaps_mask
)
5131 vhtcaps
->vht_capabilities_info
= host_to_le32(ssid
->vht_capa
);
5132 vhtcaps_mask
->vht_capabilities_info
= host_to_le32(ssid
->vht_capa_mask
);
5134 #ifdef CONFIG_HT_OVERRIDES
5135 if (ssid
->disable_sgi
) {
5136 vhtcaps_mask
->vht_capabilities_info
|= (VHT_CAP_SHORT_GI_80
|
5137 VHT_CAP_SHORT_GI_160
);
5138 vhtcaps
->vht_capabilities_info
&= ~(VHT_CAP_SHORT_GI_80
|
5139 VHT_CAP_SHORT_GI_160
);
5140 wpa_msg(wpa_s
, MSG_DEBUG
,
5141 "disable-sgi override specified, vht-caps: 0x%x",
5142 vhtcaps
->vht_capabilities_info
);
5145 /* if max ampdu is <= 3, we have to make the HT cap the same */
5146 if (ssid
->vht_capa_mask
& VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
) {
5149 max_ampdu
= (ssid
->vht_capa
&
5150 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
) >>
5151 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT
;
5153 max_ampdu
= max_ampdu
< 3 ? max_ampdu
: 3;
5154 wpa_set_ampdu_factor(wpa_s
,
5155 (void *) params
->htcaps
,
5156 (void *) params
->htcaps_mask
,
5159 #endif /* CONFIG_HT_OVERRIDES */
5161 #define OVERRIDE_MCS(i) \
5162 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
5163 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
5164 host_to_le16(3 << 2 * (i - 1)); \
5165 vhtcaps->vht_supported_mcs_set.tx_map |= \
5166 host_to_le16(ssid->vht_tx_mcs_nss_ ##i << \
5169 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
5170 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
5171 host_to_le16(3 << 2 * (i - 1)); \
5172 vhtcaps->vht_supported_mcs_set.rx_map |= \
5173 host_to_le16(ssid->vht_rx_mcs_nss_ ##i << \
5186 #endif /* CONFIG_VHT_OVERRIDES */
5189 static int pcsc_reader_init(struct wpa_supplicant
*wpa_s
)
5194 if (!wpa_s
->conf
->pcsc_reader
)
5197 wpa_s
->scard
= scard_init(wpa_s
->conf
->pcsc_reader
);
5201 if (wpa_s
->conf
->pcsc_pin
&&
5202 scard_set_pin(wpa_s
->scard
, wpa_s
->conf
->pcsc_pin
) < 0) {
5203 scard_deinit(wpa_s
->scard
);
5204 wpa_s
->scard
= NULL
;
5205 wpa_msg(wpa_s
, MSG_ERROR
, "PC/SC PIN validation failed");
5209 len
= sizeof(wpa_s
->imsi
) - 1;
5210 if (scard_get_imsi(wpa_s
->scard
, wpa_s
->imsi
, &len
)) {
5211 scard_deinit(wpa_s
->scard
);
5212 wpa_s
->scard
= NULL
;
5213 wpa_msg(wpa_s
, MSG_ERROR
, "Could not read IMSI");
5216 wpa_s
->imsi
[len
] = '\0';
5218 wpa_s
->mnc_len
= scard_get_mnc_len(wpa_s
->scard
);
5220 wpa_printf(MSG_DEBUG
, "SCARD: IMSI %s (MNC length %d)",
5221 wpa_s
->imsi
, wpa_s
->mnc_len
);
5223 wpa_sm_set_scard_ctx(wpa_s
->wpa
, wpa_s
->scard
);
5224 eapol_sm_register_scard_ctx(wpa_s
->eapol
, wpa_s
->scard
);
5225 #endif /* PCSC_FUNCS */
5231 int wpas_init_ext_pw(struct wpa_supplicant
*wpa_s
)
5235 ext_password_deinit(wpa_s
->ext_pw
);
5236 wpa_s
->ext_pw
= NULL
;
5237 eapol_sm_set_ext_pw_ctx(wpa_s
->eapol
, NULL
);
5239 if (!wpa_s
->conf
->ext_password_backend
)
5242 val
= os_strdup(wpa_s
->conf
->ext_password_backend
);
5245 pos
= os_strchr(val
, ':');
5249 wpa_printf(MSG_DEBUG
, "EXT PW: Initialize backend '%s'", val
);
5251 wpa_s
->ext_pw
= ext_password_init(val
, pos
);
5253 if (wpa_s
->ext_pw
== NULL
) {
5254 wpa_printf(MSG_DEBUG
, "EXT PW: Failed to initialize backend");
5257 eapol_sm_set_ext_pw_ctx(wpa_s
->eapol
, wpa_s
->ext_pw
);
5265 static const u8
* wpas_fst_get_bssid_cb(void *ctx
)
5267 struct wpa_supplicant
*wpa_s
= ctx
;
5269 return (is_zero_ether_addr(wpa_s
->bssid
) ||
5270 wpa_s
->wpa_state
!= WPA_COMPLETED
) ? NULL
: wpa_s
->bssid
;
5274 static void wpas_fst_get_channel_info_cb(void *ctx
,
5275 enum hostapd_hw_mode
*hw_mode
,
5278 struct wpa_supplicant
*wpa_s
= ctx
;
5280 if (wpa_s
->current_bss
) {
5281 *hw_mode
= ieee80211_freq_to_chan(wpa_s
->current_bss
->freq
,
5283 } else if (wpa_s
->hw
.num_modes
) {
5284 *hw_mode
= wpa_s
->hw
.modes
[0].mode
;
5292 static int wpas_fst_get_hw_modes(void *ctx
, struct hostapd_hw_modes
**modes
)
5294 struct wpa_supplicant
*wpa_s
= ctx
;
5296 *modes
= wpa_s
->hw
.modes
;
5297 return wpa_s
->hw
.num_modes
;
5301 static void wpas_fst_set_ies_cb(void *ctx
, const struct wpabuf
*fst_ies
)
5303 struct wpa_supplicant
*wpa_s
= ctx
;
5305 wpa_hexdump_buf(MSG_DEBUG
, "FST: Set IEs", fst_ies
);
5306 wpa_s
->fst_ies
= fst_ies
;
5310 static int wpas_fst_send_action_cb(void *ctx
, const u8
*da
, struct wpabuf
*data
)
5312 struct wpa_supplicant
*wpa_s
= ctx
;
5314 if (os_memcmp(wpa_s
->bssid
, da
, ETH_ALEN
) != 0) {
5315 wpa_printf(MSG_INFO
, "FST:%s:bssid=" MACSTR
" != da=" MACSTR
,
5316 __func__
, MAC2STR(wpa_s
->bssid
), MAC2STR(da
));
5319 return wpa_drv_send_action(wpa_s
, wpa_s
->assoc_freq
, 0, wpa_s
->bssid
,
5320 wpa_s
->own_addr
, wpa_s
->bssid
,
5321 wpabuf_head(data
), wpabuf_len(data
),
5326 static const struct wpabuf
* wpas_fst_get_mb_ie_cb(void *ctx
, const u8
*addr
)
5328 struct wpa_supplicant
*wpa_s
= ctx
;
5330 WPA_ASSERT(os_memcmp(wpa_s
->bssid
, addr
, ETH_ALEN
) == 0);
5331 return wpa_s
->received_mb_ies
;
5335 static void wpas_fst_update_mb_ie_cb(void *ctx
, const u8
*addr
,
5336 const u8
*buf
, size_t size
)
5338 struct wpa_supplicant
*wpa_s
= ctx
;
5339 struct mb_ies_info info
;
5341 WPA_ASSERT(os_memcmp(wpa_s
->bssid
, addr
, ETH_ALEN
) == 0);
5343 if (!mb_ies_info_by_ies(&info
, buf
, size
)) {
5344 wpabuf_free(wpa_s
->received_mb_ies
);
5345 wpa_s
->received_mb_ies
= mb_ies_by_info(&info
);
5350 static const u8
* wpas_fst_get_peer_first(void *ctx
,
5351 struct fst_get_peer_ctx
**get_ctx
,
5354 struct wpa_supplicant
*wpa_s
= ctx
;
5357 if (!is_zero_ether_addr(wpa_s
->bssid
))
5358 return (wpa_s
->received_mb_ies
|| !mb_only
) ?
5359 wpa_s
->bssid
: NULL
;
5364 static const u8
* wpas_fst_get_peer_next(void *ctx
,
5365 struct fst_get_peer_ctx
**get_ctx
,
5371 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant
*wpa_s
,
5372 struct fst_wpa_obj
*iface_obj
)
5374 iface_obj
->ctx
= wpa_s
;
5375 iface_obj
->get_bssid
= wpas_fst_get_bssid_cb
;
5376 iface_obj
->get_channel_info
= wpas_fst_get_channel_info_cb
;
5377 iface_obj
->get_hw_modes
= wpas_fst_get_hw_modes
;
5378 iface_obj
->set_ies
= wpas_fst_set_ies_cb
;
5379 iface_obj
->send_action
= wpas_fst_send_action_cb
;
5380 iface_obj
->get_mb_ie
= wpas_fst_get_mb_ie_cb
;
5381 iface_obj
->update_mb_ie
= wpas_fst_update_mb_ie_cb
;
5382 iface_obj
->get_peer_first
= wpas_fst_get_peer_first
;
5383 iface_obj
->get_peer_next
= wpas_fst_get_peer_next
;
5385 #endif /* CONFIG_FST */
5387 static int wpas_set_wowlan_triggers(struct wpa_supplicant
*wpa_s
,
5388 const struct wpa_driver_capa
*capa
)
5390 struct wowlan_triggers
*triggers
;
5393 if (!wpa_s
->conf
->wowlan_triggers
)
5396 triggers
= wpa_get_wowlan_triggers(wpa_s
->conf
->wowlan_triggers
, capa
);
5398 ret
= wpa_drv_wowlan(wpa_s
, triggers
);
5405 enum wpa_radio_work_band
wpas_freq_to_band(int freq
)
5408 return BAND_2_4_GHZ
;
5415 unsigned int wpas_get_bands(struct wpa_supplicant
*wpa_s
, const int *freqs
)
5418 unsigned int band
= 0;
5421 /* freqs are specified for the radio work */
5422 for (i
= 0; freqs
[i
]; i
++)
5423 band
|= wpas_freq_to_band(freqs
[i
]);
5426 * freqs are not specified, implies all
5427 * the supported freqs by HW
5429 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
5430 if (wpa_s
->hw
.modes
[i
].num_channels
!= 0) {
5431 if (wpa_s
->hw
.modes
[i
].mode
==
5432 HOSTAPD_MODE_IEEE80211B
||
5433 wpa_s
->hw
.modes
[i
].mode
==
5434 HOSTAPD_MODE_IEEE80211G
)
5435 band
|= BAND_2_4_GHZ
;
5436 else if (wpa_s
->hw
.modes
[i
].mode
==
5437 HOSTAPD_MODE_IEEE80211A
)
5439 else if (wpa_s
->hw
.modes
[i
].mode
==
5440 HOSTAPD_MODE_IEEE80211AD
)
5441 band
|= BAND_60_GHZ
;
5442 else if (wpa_s
->hw
.modes
[i
].mode
==
5443 HOSTAPD_MODE_IEEE80211ANY
)
5444 band
= BAND_2_4_GHZ
| BAND_5_GHZ
|
5454 static struct wpa_radio
* radio_add_interface(struct wpa_supplicant
*wpa_s
,
5457 struct wpa_supplicant
*iface
= wpa_s
->global
->ifaces
;
5458 struct wpa_radio
*radio
;
5460 while (rn
&& iface
) {
5461 radio
= iface
->radio
;
5462 if (radio
&& os_strcmp(rn
, radio
->name
) == 0) {
5463 wpa_printf(MSG_DEBUG
, "Add interface %s to existing radio %s",
5465 dl_list_add(&radio
->ifaces
, &wpa_s
->radio_list
);
5469 iface
= iface
->next
;
5472 wpa_printf(MSG_DEBUG
, "Add interface %s to a new radio %s",
5473 wpa_s
->ifname
, rn
? rn
: "N/A");
5474 radio
= os_zalloc(sizeof(*radio
));
5479 os_strlcpy(radio
->name
, rn
, sizeof(radio
->name
));
5480 dl_list_init(&radio
->ifaces
);
5481 dl_list_init(&radio
->work
);
5482 dl_list_add(&radio
->ifaces
, &wpa_s
->radio_list
);
5488 static void radio_work_free(struct wpa_radio_work
*work
)
5490 if (work
->wpa_s
->scan_work
== work
) {
5491 /* This should not really happen. */
5492 wpa_dbg(work
->wpa_s
, MSG_INFO
, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
5493 work
->type
, work
, work
->started
);
5494 work
->wpa_s
->scan_work
= NULL
;
5498 if (work
->wpa_s
->p2p_scan_work
== work
) {
5499 /* This should not really happen. */
5500 wpa_dbg(work
->wpa_s
, MSG_INFO
, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
5501 work
->type
, work
, work
->started
);
5502 work
->wpa_s
->p2p_scan_work
= NULL
;
5504 #endif /* CONFIG_P2P */
5506 if (work
->started
) {
5507 work
->wpa_s
->radio
->num_active_works
--;
5508 wpa_dbg(work
->wpa_s
, MSG_DEBUG
,
5509 "radio_work_free('%s'@%p): num_active_works --> %u",
5511 work
->wpa_s
->radio
->num_active_works
);
5514 dl_list_del(&work
->list
);
5519 static int radio_work_is_connect(struct wpa_radio_work
*work
)
5521 return os_strcmp(work
->type
, "sme-connect") == 0 ||
5522 os_strcmp(work
->type
, "connect") == 0;
5526 static int radio_work_is_scan(struct wpa_radio_work
*work
)
5528 return os_strcmp(work
->type
, "scan") == 0 ||
5529 os_strcmp(work
->type
, "p2p-scan") == 0;
5533 static struct wpa_radio_work
* radio_work_get_next_work(struct wpa_radio
*radio
)
5535 struct wpa_radio_work
*active_work
= NULL
;
5536 struct wpa_radio_work
*tmp
;
5538 /* Get the active work to know the type and band. */
5539 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
, list
) {
5547 /* No active work, start one */
5548 radio
->num_active_works
= 0;
5549 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
,
5551 if (os_strcmp(tmp
->type
, "scan") == 0 &&
5552 radio
->external_scan_running
&&
5553 (((struct wpa_driver_scan_params
*)
5554 tmp
->ctx
)->only_new_results
||
5555 tmp
->wpa_s
->clear_driver_scan_cache
))
5562 if (radio_work_is_connect(active_work
)) {
5564 * If the active work is either connect or sme-connect,
5565 * do not parallelize them with other radio works.
5567 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5568 "Do not parallelize radio work with %s",
5573 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
, list
) {
5578 * If connect or sme-connect are enqueued, parallelize only
5579 * those operations ahead of them in the queue.
5581 if (radio_work_is_connect(tmp
))
5584 /* Serialize parallel scan and p2p_scan operations on the same
5585 * interface since the driver_nl80211 mechanism for tracking
5586 * scan cookies does not yet have support for this. */
5587 if (active_work
->wpa_s
== tmp
->wpa_s
&&
5588 radio_work_is_scan(active_work
) &&
5589 radio_work_is_scan(tmp
)) {
5590 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5591 "Do not start work '%s' when another work '%s' is already scheduled",
5592 tmp
->type
, active_work
->type
);
5596 * Check that the radio works are distinct and
5597 * on different bands.
5599 if (os_strcmp(active_work
->type
, tmp
->type
) != 0 &&
5600 (active_work
->bands
!= tmp
->bands
)) {
5602 * If a scan has to be scheduled through nl80211 scan
5603 * interface and if an external scan is already running,
5604 * do not schedule the scan since it is likely to get
5605 * rejected by kernel.
5607 if (os_strcmp(tmp
->type
, "scan") == 0 &&
5608 radio
->external_scan_running
&&
5609 (((struct wpa_driver_scan_params
*)
5610 tmp
->ctx
)->only_new_results
||
5611 tmp
->wpa_s
->clear_driver_scan_cache
))
5614 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5615 "active_work:%s new_work:%s",
5616 active_work
->type
, tmp
->type
);
5621 /* Did not find a radio work to schedule in parallel. */
5626 static void radio_start_next_work(void *eloop_ctx
, void *timeout_ctx
)
5628 struct wpa_radio
*radio
= eloop_ctx
;
5629 struct wpa_radio_work
*work
;
5630 struct os_reltime now
, diff
;
5631 struct wpa_supplicant
*wpa_s
;
5633 work
= dl_list_first(&radio
->work
, struct wpa_radio_work
, list
);
5635 radio
->num_active_works
= 0;
5639 wpa_s
= dl_list_first(&radio
->ifaces
, struct wpa_supplicant
,
5643 wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
)) {
5645 return; /* already started and still in progress */
5647 if (wpa_s
&& wpa_s
->radio
->external_scan_running
) {
5648 wpa_printf(MSG_DEBUG
, "Delay radio work start until externally triggered scan completes");
5653 if (radio
->num_active_works
< MAX_ACTIVE_WORKS
) {
5654 /* get the work to schedule next */
5655 work
= radio_work_get_next_work(radio
);
5661 wpa_s
= work
->wpa_s
;
5662 os_get_reltime(&now
);
5663 os_reltime_sub(&now
, &work
->time
, &diff
);
5664 wpa_dbg(wpa_s
, MSG_DEBUG
,
5665 "Starting radio work '%s'@%p after %ld.%06ld second wait",
5666 work
->type
, work
, diff
.sec
, diff
.usec
);
5669 radio
->num_active_works
++;
5673 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
) &&
5674 radio
->num_active_works
< MAX_ACTIVE_WORKS
)
5675 radio_work_check_next(wpa_s
);
5680 * This function removes both started and pending radio works running on
5681 * the provided interface's radio.
5682 * Prior to the removal of the radio work, its callback (cb) is called with
5683 * deinit set to be 1. Each work's callback is responsible for clearing its
5684 * internal data and restoring to a correct state.
5685 * @wpa_s: wpa_supplicant data
5686 * @type: type of works to be removed
5687 * @remove_all: 1 to remove all the works on this radio, 0 to remove only
5688 * this interface's works.
5690 void radio_remove_works(struct wpa_supplicant
*wpa_s
,
5691 const char *type
, int remove_all
)
5693 struct wpa_radio_work
*work
, *tmp
;
5694 struct wpa_radio
*radio
= wpa_s
->radio
;
5696 dl_list_for_each_safe(work
, tmp
, &radio
->work
, struct wpa_radio_work
,
5698 if (type
&& os_strcmp(type
, work
->type
) != 0)
5701 /* skip other ifaces' works */
5702 if (!remove_all
&& work
->wpa_s
!= wpa_s
)
5705 wpa_dbg(wpa_s
, MSG_DEBUG
, "Remove radio work '%s'@%p%s",
5706 work
->type
, work
, work
->started
? " (started)" : "");
5708 radio_work_free(work
);
5711 /* in case we removed the started work */
5712 radio_work_check_next(wpa_s
);
5716 void radio_remove_pending_work(struct wpa_supplicant
*wpa_s
, void *ctx
)
5718 struct wpa_radio_work
*work
;
5719 struct wpa_radio
*radio
= wpa_s
->radio
;
5721 dl_list_for_each(work
, &radio
->work
, struct wpa_radio_work
, list
) {
5722 if (work
->ctx
!= ctx
)
5724 wpa_dbg(wpa_s
, MSG_DEBUG
, "Free pending radio work '%s'@%p%s",
5725 work
->type
, work
, work
->started
? " (started)" : "");
5726 radio_work_free(work
);
5732 static void radio_remove_interface(struct wpa_supplicant
*wpa_s
)
5734 struct wpa_radio
*radio
= wpa_s
->radio
;
5739 wpa_printf(MSG_DEBUG
, "Remove interface %s from radio %s",
5740 wpa_s
->ifname
, radio
->name
);
5741 dl_list_del(&wpa_s
->radio_list
);
5742 radio_remove_works(wpa_s
, NULL
, 0);
5743 wpa_s
->radio
= NULL
;
5744 if (!dl_list_empty(&radio
->ifaces
))
5745 return; /* Interfaces remain for this radio */
5747 wpa_printf(MSG_DEBUG
, "Remove radio %s", radio
->name
);
5748 eloop_cancel_timeout(radio_start_next_work
, radio
, NULL
);
5753 void radio_work_check_next(struct wpa_supplicant
*wpa_s
)
5755 struct wpa_radio
*radio
= wpa_s
->radio
;
5757 if (dl_list_empty(&radio
->work
))
5759 if (wpa_s
->ext_work_in_progress
) {
5760 wpa_printf(MSG_DEBUG
,
5761 "External radio work in progress - delay start of pending item");
5764 eloop_cancel_timeout(radio_start_next_work
, radio
, NULL
);
5765 eloop_register_timeout(0, 0, radio_start_next_work
, radio
, NULL
);
5770 * radio_add_work - Add a radio work item
5771 * @wpa_s: Pointer to wpa_supplicant data
5772 * @freq: Frequency of the offchannel operation in MHz or 0
5773 * @type: Unique identifier for each type of work
5774 * @next: Force as the next work to be executed
5775 * @cb: Callback function for indicating when radio is available
5776 * @ctx: Context pointer for the work (work->ctx in cb())
5777 * Returns: 0 on success, -1 on failure
5779 * This function is used to request time for an operation that requires
5780 * exclusive radio control. Once the radio is available, the registered callback
5781 * function will be called. radio_work_done() must be called once the exclusive
5782 * radio operation has been completed, so that the radio is freed for other
5783 * operations. The special case of deinit=1 is used to free the context data
5784 * during interface removal. That does not allow the callback function to start
5785 * the radio operation, i.e., it must free any resources allocated for the radio
5788 * The @freq parameter can be used to indicate a single channel on which the
5789 * offchannel operation will occur. This may allow multiple radio work
5790 * operations to be performed in parallel if they apply for the same channel.
5791 * Setting this to 0 indicates that the work item may use multiple channels or
5792 * requires exclusive control of the radio.
5794 int radio_add_work(struct wpa_supplicant
*wpa_s
, unsigned int freq
,
5795 const char *type
, int next
,
5796 void (*cb
)(struct wpa_radio_work
*work
, int deinit
),
5799 struct wpa_radio
*radio
= wpa_s
->radio
;
5800 struct wpa_radio_work
*work
;
5803 work
= os_zalloc(sizeof(*work
));
5806 wpa_dbg(wpa_s
, MSG_DEBUG
, "Add radio work '%s'@%p", type
, work
);
5807 os_get_reltime(&work
->time
);
5810 work
->wpa_s
= wpa_s
;
5815 work
->bands
= wpas_freq_to_band(freq
);
5816 else if (os_strcmp(type
, "scan") == 0 ||
5817 os_strcmp(type
, "p2p-scan") == 0)
5818 work
->bands
= wpas_get_bands(wpa_s
,
5819 ((struct wpa_driver_scan_params
*)
5822 work
->bands
= wpas_get_bands(wpa_s
, NULL
);
5824 was_empty
= dl_list_empty(&wpa_s
->radio
->work
);
5826 dl_list_add(&wpa_s
->radio
->work
, &work
->list
);
5828 dl_list_add_tail(&wpa_s
->radio
->work
, &work
->list
);
5830 wpa_dbg(wpa_s
, MSG_DEBUG
, "First radio work item in the queue - schedule start immediately");
5831 radio_work_check_next(wpa_s
);
5832 } else if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
)
5833 && radio
->num_active_works
< MAX_ACTIVE_WORKS
) {
5834 wpa_dbg(wpa_s
, MSG_DEBUG
,
5835 "Try to schedule a radio work (num_active_works=%u)",
5836 radio
->num_active_works
);
5837 radio_work_check_next(wpa_s
);
5845 * radio_work_done - Indicate that a radio work item has been completed
5846 * @work: Completed work
5848 * This function is called once the callback function registered with
5849 * radio_add_work() has completed its work.
5851 void radio_work_done(struct wpa_radio_work
*work
)
5853 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
5854 struct os_reltime now
, diff
;
5855 unsigned int started
= work
->started
;
5857 os_get_reltime(&now
);
5858 os_reltime_sub(&now
, &work
->time
, &diff
);
5859 wpa_dbg(wpa_s
, MSG_DEBUG
, "Radio work '%s'@%p %s in %ld.%06ld seconds",
5860 work
->type
, work
, started
? "done" : "canceled",
5861 diff
.sec
, diff
.usec
);
5862 radio_work_free(work
);
5864 radio_work_check_next(wpa_s
);
5868 struct wpa_radio_work
*
5869 radio_work_pending(struct wpa_supplicant
*wpa_s
, const char *type
)
5871 struct wpa_radio_work
*work
;
5872 struct wpa_radio
*radio
= wpa_s
->radio
;
5874 dl_list_for_each(work
, &radio
->work
, struct wpa_radio_work
, list
) {
5875 if (work
->wpa_s
== wpa_s
&& os_strcmp(work
->type
, type
) == 0)
5883 static int wpas_init_driver(struct wpa_supplicant
*wpa_s
,
5884 const struct wpa_interface
*iface
)
5886 const char *ifname
, *driver
, *rn
;
5888 driver
= iface
->driver
;
5890 if (wpa_supplicant_set_driver(wpa_s
, driver
) < 0)
5893 wpa_s
->drv_priv
= wpa_drv_init(wpa_s
, wpa_s
->ifname
);
5894 if (wpa_s
->drv_priv
== NULL
) {
5896 pos
= driver
? os_strchr(driver
, ',') : NULL
;
5898 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize "
5899 "driver interface - try next driver wrapper");
5903 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to initialize driver "
5907 if (wpa_drv_set_param(wpa_s
, wpa_s
->conf
->driver_param
) < 0) {
5908 wpa_msg(wpa_s
, MSG_ERROR
, "Driver interface rejected "
5909 "driver_param '%s'", wpa_s
->conf
->driver_param
);
5913 ifname
= wpa_drv_get_ifname(wpa_s
);
5914 if (ifname
&& os_strcmp(ifname
, wpa_s
->ifname
) != 0) {
5915 wpa_dbg(wpa_s
, MSG_DEBUG
, "Driver interface replaced "
5916 "interface name with '%s'", ifname
);
5917 os_strlcpy(wpa_s
->ifname
, ifname
, sizeof(wpa_s
->ifname
));
5920 rn
= wpa_driver_get_radio_name(wpa_s
);
5921 if (rn
&& rn
[0] == '\0')
5924 wpa_s
->radio
= radio_add_interface(wpa_s
, rn
);
5925 if (wpa_s
->radio
== NULL
)
5932 #ifdef CONFIG_GAS_SERVER
5934 static void wpas_gas_server_tx_status(struct wpa_supplicant
*wpa_s
,
5935 unsigned int freq
, const u8
*dst
,
5936 const u8
*src
, const u8
*bssid
,
5937 const u8
*data
, size_t data_len
,
5938 enum offchannel_send_action_result result
)
5940 wpa_printf(MSG_DEBUG
, "GAS: TX status: freq=%u dst=" MACSTR
5943 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
? "SUCCESS" :
5944 (result
== OFFCHANNEL_SEND_ACTION_NO_ACK
? "no-ACK" :
5946 gas_server_tx_status(wpa_s
->gas_server
, dst
, data
, data_len
,
5947 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
);
5951 static void wpas_gas_server_tx(void *ctx
, int freq
, const u8
*da
,
5952 struct wpabuf
*buf
, unsigned int wait_time
)
5954 struct wpa_supplicant
*wpa_s
= ctx
;
5955 const u8 broadcast
[ETH_ALEN
] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
5957 if (wait_time
> wpa_s
->max_remain_on_chan
)
5958 wait_time
= wpa_s
->max_remain_on_chan
;
5960 offchannel_send_action(wpa_s
, freq
, da
, wpa_s
->own_addr
, broadcast
,
5961 wpabuf_head(buf
), wpabuf_len(buf
),
5962 wait_time
, wpas_gas_server_tx_status
, 0);
5965 #endif /* CONFIG_GAS_SERVER */
5967 static int wpa_supplicant_init_iface(struct wpa_supplicant
*wpa_s
,
5968 const struct wpa_interface
*iface
)
5970 struct wpa_driver_capa capa
;
5974 wpa_printf(MSG_DEBUG
, "Initializing interface '%s' conf '%s' driver "
5975 "'%s' ctrl_interface '%s' bridge '%s'", iface
->ifname
,
5976 iface
->confname
? iface
->confname
: "N/A",
5977 iface
->driver
? iface
->driver
: "default",
5978 iface
->ctrl_interface
? iface
->ctrl_interface
: "N/A",
5979 iface
->bridge_ifname
? iface
->bridge_ifname
: "N/A");
5981 if (iface
->confname
) {
5982 #ifdef CONFIG_BACKEND_FILE
5983 wpa_s
->confname
= os_rel2abs_path(iface
->confname
);
5984 if (wpa_s
->confname
== NULL
) {
5985 wpa_printf(MSG_ERROR
, "Failed to get absolute path "
5986 "for configuration file '%s'.",
5990 wpa_printf(MSG_DEBUG
, "Configuration file '%s' -> '%s'",
5991 iface
->confname
, wpa_s
->confname
);
5992 #else /* CONFIG_BACKEND_FILE */
5993 wpa_s
->confname
= os_strdup(iface
->confname
);
5994 #endif /* CONFIG_BACKEND_FILE */
5995 wpa_s
->conf
= wpa_config_read(wpa_s
->confname
, NULL
);
5996 if (wpa_s
->conf
== NULL
) {
5997 wpa_printf(MSG_ERROR
, "Failed to read or parse "
5998 "configuration '%s'.", wpa_s
->confname
);
6001 wpa_s
->confanother
= os_rel2abs_path(iface
->confanother
);
6002 if (wpa_s
->confanother
&&
6003 !wpa_config_read(wpa_s
->confanother
, wpa_s
->conf
)) {
6004 wpa_printf(MSG_ERROR
,
6005 "Failed to read or parse configuration '%s'.",
6006 wpa_s
->confanother
);
6011 * Override ctrl_interface and driver_param if set on command
6014 if (iface
->ctrl_interface
) {
6015 os_free(wpa_s
->conf
->ctrl_interface
);
6016 wpa_s
->conf
->ctrl_interface
=
6017 os_strdup(iface
->ctrl_interface
);
6020 if (iface
->driver_param
) {
6021 os_free(wpa_s
->conf
->driver_param
);
6022 wpa_s
->conf
->driver_param
=
6023 os_strdup(iface
->driver_param
);
6026 if (iface
->p2p_mgmt
&& !iface
->ctrl_interface
) {
6027 os_free(wpa_s
->conf
->ctrl_interface
);
6028 wpa_s
->conf
->ctrl_interface
= NULL
;
6031 wpa_s
->conf
= wpa_config_alloc_empty(iface
->ctrl_interface
,
6032 iface
->driver_param
);
6034 if (wpa_s
->conf
== NULL
) {
6035 wpa_printf(MSG_ERROR
, "\nNo configuration found.");
6039 if (iface
->ifname
== NULL
) {
6040 wpa_printf(MSG_ERROR
, "\nInterface name is required.");
6043 if (os_strlen(iface
->ifname
) >= sizeof(wpa_s
->ifname
)) {
6044 wpa_printf(MSG_ERROR
, "\nToo long interface name '%s'.",
6048 os_strlcpy(wpa_s
->ifname
, iface
->ifname
, sizeof(wpa_s
->ifname
));
6050 if (iface
->bridge_ifname
) {
6051 if (os_strlen(iface
->bridge_ifname
) >=
6052 sizeof(wpa_s
->bridge_ifname
)) {
6053 wpa_printf(MSG_ERROR
, "\nToo long bridge interface "
6054 "name '%s'.", iface
->bridge_ifname
);
6057 os_strlcpy(wpa_s
->bridge_ifname
, iface
->bridge_ifname
,
6058 sizeof(wpa_s
->bridge_ifname
));
6061 /* RSNA Supplicant Key Management - INITIALIZE */
6062 eapol_sm_notify_portEnabled(wpa_s
->eapol
, FALSE
);
6063 eapol_sm_notify_portValid(wpa_s
->eapol
, FALSE
);
6065 /* Initialize driver interface and register driver event handler before
6066 * L2 receive handler so that association events are processed before
6067 * EAPOL-Key packets if both become available for the same select()
6069 if (wpas_init_driver(wpa_s
, iface
) < 0)
6072 if (wpa_supplicant_init_wpa(wpa_s
) < 0)
6075 wpa_sm_set_ifname(wpa_s
->wpa
, wpa_s
->ifname
,
6076 wpa_s
->bridge_ifname
[0] ? wpa_s
->bridge_ifname
:
6078 wpa_sm_set_fast_reauth(wpa_s
->wpa
, wpa_s
->conf
->fast_reauth
);
6080 if (wpa_s
->conf
->dot11RSNAConfigPMKLifetime
&&
6081 wpa_sm_set_param(wpa_s
->wpa
, RSNA_PMK_LIFETIME
,
6082 wpa_s
->conf
->dot11RSNAConfigPMKLifetime
)) {
6083 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
6084 "dot11RSNAConfigPMKLifetime");
6088 if (wpa_s
->conf
->dot11RSNAConfigPMKReauthThreshold
&&
6089 wpa_sm_set_param(wpa_s
->wpa
, RSNA_PMK_REAUTH_THRESHOLD
,
6090 wpa_s
->conf
->dot11RSNAConfigPMKReauthThreshold
)) {
6091 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
6092 "dot11RSNAConfigPMKReauthThreshold");
6096 if (wpa_s
->conf
->dot11RSNAConfigSATimeout
&&
6097 wpa_sm_set_param(wpa_s
->wpa
, RSNA_SA_TIMEOUT
,
6098 wpa_s
->conf
->dot11RSNAConfigSATimeout
)) {
6099 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
6100 "dot11RSNAConfigSATimeout");
6104 wpa_s
->hw
.modes
= wpa_drv_get_hw_feature_data(wpa_s
,
6105 &wpa_s
->hw
.num_modes
,
6108 if (wpa_s
->hw
.modes
) {
6111 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
6112 if (wpa_s
->hw
.modes
[i
].vht_capab
) {
6113 wpa_s
->hw_capab
= CAPAB_VHT
;
6117 if (wpa_s
->hw
.modes
[i
].ht_capab
&
6118 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET
)
6119 wpa_s
->hw_capab
= CAPAB_HT40
;
6120 else if (wpa_s
->hw
.modes
[i
].ht_capab
&&
6121 wpa_s
->hw_capab
== CAPAB_NO_HT_VHT
)
6122 wpa_s
->hw_capab
= CAPAB_HT
;
6126 capa_res
= wpa_drv_get_capa(wpa_s
, &capa
);
6127 if (capa_res
== 0) {
6128 wpa_s
->drv_capa_known
= 1;
6129 wpa_s
->drv_flags
= capa
.flags
;
6130 wpa_s
->drv_enc
= capa
.enc
;
6131 wpa_s
->drv_smps_modes
= capa
.smps_modes
;
6132 wpa_s
->drv_rrm_flags
= capa
.rrm_flags
;
6133 wpa_s
->probe_resp_offloads
= capa
.probe_resp_offloads
;
6134 wpa_s
->max_scan_ssids
= capa
.max_scan_ssids
;
6135 wpa_s
->max_sched_scan_ssids
= capa
.max_sched_scan_ssids
;
6136 wpa_s
->max_sched_scan_plans
= capa
.max_sched_scan_plans
;
6137 wpa_s
->max_sched_scan_plan_interval
=
6138 capa
.max_sched_scan_plan_interval
;
6139 wpa_s
->max_sched_scan_plan_iterations
=
6140 capa
.max_sched_scan_plan_iterations
;
6141 wpa_s
->sched_scan_supported
= capa
.sched_scan_supported
;
6142 wpa_s
->max_match_sets
= capa
.max_match_sets
;
6143 wpa_s
->max_remain_on_chan
= capa
.max_remain_on_chan
;
6144 wpa_s
->max_stations
= capa
.max_stations
;
6145 wpa_s
->extended_capa
= capa
.extended_capa
;
6146 wpa_s
->extended_capa_mask
= capa
.extended_capa_mask
;
6147 wpa_s
->extended_capa_len
= capa
.extended_capa_len
;
6148 wpa_s
->num_multichan_concurrent
=
6149 capa
.num_multichan_concurrent
;
6150 wpa_s
->wmm_ac_supported
= capa
.wmm_ac_supported
;
6152 if (capa
.mac_addr_rand_scan_supported
)
6153 wpa_s
->mac_addr_rand_supported
|= MAC_ADDR_RAND_SCAN
;
6154 if (wpa_s
->sched_scan_supported
&&
6155 capa
.mac_addr_rand_sched_scan_supported
)
6156 wpa_s
->mac_addr_rand_supported
|=
6157 (MAC_ADDR_RAND_SCHED_SCAN
| MAC_ADDR_RAND_PNO
);
6159 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_STATION
);
6160 if (wpa_s
->extended_capa
&&
6161 wpa_s
->extended_capa_len
>= 3 &&
6162 wpa_s
->extended_capa
[2] & 0x40)
6163 wpa_s
->multi_bss_support
= 1;
6165 if (wpa_s
->max_remain_on_chan
== 0)
6166 wpa_s
->max_remain_on_chan
= 1000;
6169 * Only take p2p_mgmt parameters when P2P Device is supported.
6170 * Doing it here as it determines whether l2_packet_init() will be done
6171 * during wpa_supplicant_driver_init().
6173 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
)
6174 wpa_s
->p2p_mgmt
= iface
->p2p_mgmt
;
6176 if (wpa_s
->num_multichan_concurrent
== 0)
6177 wpa_s
->num_multichan_concurrent
= 1;
6179 if (wpa_supplicant_driver_init(wpa_s
) < 0)
6183 if (!iface
->p2p_mgmt
&& wpa_tdls_init(wpa_s
->wpa
))
6185 #endif /* CONFIG_TDLS */
6187 if (wpa_s
->conf
->country
[0] && wpa_s
->conf
->country
[1] &&
6188 wpa_drv_set_country(wpa_s
, wpa_s
->conf
->country
)) {
6189 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to set country");
6194 if (wpa_s
->conf
->fst_group_id
) {
6195 struct fst_iface_cfg cfg
;
6196 struct fst_wpa_obj iface_obj
;
6198 fst_wpa_supplicant_fill_iface_obj(wpa_s
, &iface_obj
);
6199 os_strlcpy(cfg
.group_id
, wpa_s
->conf
->fst_group_id
,
6200 sizeof(cfg
.group_id
));
6201 cfg
.priority
= wpa_s
->conf
->fst_priority
;
6202 cfg
.llt
= wpa_s
->conf
->fst_llt
;
6204 wpa_s
->fst
= fst_attach(wpa_s
->ifname
, wpa_s
->own_addr
,
6207 wpa_msg(wpa_s
, MSG_ERROR
,
6208 "FST: Cannot attach iface %s to group %s",
6209 wpa_s
->ifname
, cfg
.group_id
);
6213 #endif /* CONFIG_FST */
6215 if (wpas_wps_init(wpa_s
))
6218 #ifdef CONFIG_GAS_SERVER
6219 wpa_s
->gas_server
= gas_server_init(wpa_s
, wpas_gas_server_tx
);
6220 if (!wpa_s
->gas_server
) {
6221 wpa_printf(MSG_ERROR
, "Failed to initialize GAS server");
6224 #endif /* CONFIG_GAS_SERVER */
6227 if (wpas_dpp_init(wpa_s
) < 0)
6229 #endif /* CONFIG_DPP */
6231 if (wpa_supplicant_init_eapol(wpa_s
) < 0)
6233 wpa_sm_set_eapol(wpa_s
->wpa
, wpa_s
->eapol
);
6235 wpa_s
->ctrl_iface
= wpa_supplicant_ctrl_iface_init(wpa_s
);
6236 if (wpa_s
->ctrl_iface
== NULL
) {
6237 wpa_printf(MSG_ERROR
,
6238 "Failed to initialize control interface '%s'.\n"
6239 "You may have another wpa_supplicant process "
6240 "already running or the file was\n"
6241 "left by an unclean termination of wpa_supplicant "
6242 "in which case you will need\n"
6243 "to manually remove this file before starting "
6244 "wpa_supplicant again.\n",
6245 wpa_s
->conf
->ctrl_interface
);
6249 wpa_s
->gas
= gas_query_init(wpa_s
);
6250 if (wpa_s
->gas
== NULL
) {
6251 wpa_printf(MSG_ERROR
, "Failed to initialize GAS query");
6255 if ((!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
) ||
6257 wpas_p2p_init(wpa_s
->global
, wpa_s
) < 0) {
6258 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to init P2P");
6262 if (wpa_bss_init(wpa_s
) < 0)
6265 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
6267 dl_list_init(&wpa_s
->mesh_external_pmksa_cache
);
6268 #endif /* CONFIG_MESH */
6269 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
6272 * Set Wake-on-WLAN triggers, if configured.
6273 * Note: We don't restore/remove the triggers on shutdown (it doesn't
6274 * have effect anyway when the interface is down).
6276 if (capa_res
== 0 && wpas_set_wowlan_triggers(wpa_s
, &capa
) < 0)
6279 #ifdef CONFIG_EAP_PROXY
6282 wpa_s
->mnc_len
= eapol_sm_get_eap_proxy_imsi(wpa_s
->eapol
, -1,
6284 if (wpa_s
->mnc_len
> 0) {
6285 wpa_s
->imsi
[len
] = '\0';
6286 wpa_printf(MSG_DEBUG
, "eap_proxy: IMSI %s (MNC length %d)",
6287 wpa_s
->imsi
, wpa_s
->mnc_len
);
6289 wpa_printf(MSG_DEBUG
, "eap_proxy: IMSI not available");
6292 #endif /* CONFIG_EAP_PROXY */
6294 if (pcsc_reader_init(wpa_s
) < 0)
6297 if (wpas_init_ext_pw(wpa_s
) < 0)
6300 wpas_rrm_reset(wpa_s
);
6302 wpas_sched_scan_plans_set(wpa_s
, wpa_s
->conf
->sched_scan_plans
);
6306 #endif /* CONFIG_HS20 */
6308 if (!wpa_s
->disable_mbo_oce
&& wpa_s
->conf
->oce
) {
6309 if ((wpa_s
->conf
->oce
& OCE_STA
) &&
6310 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OCE_STA
))
6311 wpa_s
->enable_oce
= OCE_STA
;
6312 if ((wpa_s
->conf
->oce
& OCE_STA_CFON
) &&
6313 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OCE_STA_CFON
)) {
6314 /* TODO: Need to add STA-CFON support */
6315 wpa_printf(MSG_ERROR
,
6316 "OCE STA-CFON feature is not yet supported");
6319 wpas_mbo_update_non_pref_chan(wpa_s
, wpa_s
->conf
->non_pref_chan
);
6320 #endif /* CONFIG_MBO */
6322 wpa_supplicant_set_default_scan_ies(wpa_s
);
6328 static void wpa_supplicant_deinit_iface(struct wpa_supplicant
*wpa_s
,
6329 int notify
, int terminate
)
6331 struct wpa_global
*global
= wpa_s
->global
;
6332 struct wpa_supplicant
*iface
, *prev
;
6334 if (wpa_s
== wpa_s
->parent
)
6335 wpas_p2p_group_remove(wpa_s
, "*");
6337 iface
= global
->ifaces
;
6339 if (iface
->p2pdev
== wpa_s
)
6340 iface
->p2pdev
= iface
->parent
;
6341 if (iface
== wpa_s
|| iface
->parent
!= wpa_s
) {
6342 iface
= iface
->next
;
6345 wpa_printf(MSG_DEBUG
,
6346 "Remove remaining child interface %s from parent %s",
6347 iface
->ifname
, wpa_s
->ifname
);
6349 iface
= iface
->next
;
6350 wpa_supplicant_remove_iface(global
, prev
, terminate
);
6353 wpa_s
->disconnected
= 1;
6354 if (wpa_s
->drv_priv
) {
6355 /* Don't deauthenticate if WoWLAN is enabled */
6356 if (!wpa_drv_get_wowlan(wpa_s
)) {
6357 wpa_supplicant_deauthenticate(
6358 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
6360 wpa_drv_set_countermeasures(wpa_s
, 0);
6361 wpa_clear_keys(wpa_s
, NULL
);
6363 wpa_msg(wpa_s
, MSG_INFO
,
6364 "Do not deauthenticate as part of interface deinit since WoWLAN is enabled");
6368 wpa_supplicant_cleanup(wpa_s
);
6369 wpas_p2p_deinit_iface(wpa_s
);
6371 wpas_ctrl_radio_work_flush(wpa_s
);
6372 radio_remove_interface(wpa_s
);
6376 fst_detach(wpa_s
->fst
);
6379 if (wpa_s
->received_mb_ies
) {
6380 wpabuf_free(wpa_s
->received_mb_ies
);
6381 wpa_s
->received_mb_ies
= NULL
;
6383 #endif /* CONFIG_FST */
6385 if (wpa_s
->drv_priv
)
6386 wpa_drv_deinit(wpa_s
);
6389 wpas_notify_iface_removed(wpa_s
);
6392 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_TERMINATING
);
6394 if (wpa_s
->ctrl_iface
) {
6395 wpa_supplicant_ctrl_iface_deinit(wpa_s
->ctrl_iface
);
6396 wpa_s
->ctrl_iface
= NULL
;
6401 wpa_supplicant_mesh_iface_deinit(wpa_s
, wpa_s
->ifmsh
);
6402 wpa_s
->ifmsh
= NULL
;
6404 #endif /* CONFIG_MESH */
6406 if (wpa_s
->conf
!= NULL
) {
6407 wpa_config_free(wpa_s
->conf
);
6411 os_free(wpa_s
->ssids_from_scan_req
);
6412 os_free(wpa_s
->last_scan_freqs
);
6418 #ifdef CONFIG_MATCH_IFACE
6421 * wpa_supplicant_match_iface - Match an interface description to a name
6422 * @global: Pointer to global data from wpa_supplicant_init()
6423 * @ifname: Name of the interface to match
6424 * Returns: Pointer to the created interface description or %NULL on failure
6426 struct wpa_interface
* wpa_supplicant_match_iface(struct wpa_global
*global
,
6430 struct wpa_interface
*iface
, *miface
;
6432 for (i
= 0; i
< global
->params
.match_iface_count
; i
++) {
6433 miface
= &global
->params
.match_ifaces
[i
];
6434 if (!miface
->ifname
||
6435 fnmatch(miface
->ifname
, ifname
, 0) == 0) {
6436 iface
= os_zalloc(sizeof(*iface
));
6440 iface
->ifname
= ifname
;
6450 * wpa_supplicant_match_existing - Match existing interfaces
6451 * @global: Pointer to global data from wpa_supplicant_init()
6452 * Returns: 0 on success, -1 on failure
6454 static int wpa_supplicant_match_existing(struct wpa_global
*global
)
6456 struct if_nameindex
*ifi
, *ifp
;
6457 struct wpa_supplicant
*wpa_s
;
6458 struct wpa_interface
*iface
;
6460 ifp
= if_nameindex();
6462 wpa_printf(MSG_ERROR
, "if_nameindex: %s", strerror(errno
));
6466 for (ifi
= ifp
; ifi
->if_name
; ifi
++) {
6467 wpa_s
= wpa_supplicant_get_iface(global
, ifi
->if_name
);
6470 iface
= wpa_supplicant_match_iface(global
, ifi
->if_name
);
6472 wpa_s
= wpa_supplicant_add_iface(global
, iface
, NULL
);
6479 if_freenameindex(ifp
);
6483 #endif /* CONFIG_MATCH_IFACE */
6487 * wpa_supplicant_add_iface - Add a new network interface
6488 * @global: Pointer to global data from wpa_supplicant_init()
6489 * @iface: Interface configuration options
6490 * @parent: Parent interface or %NULL to assign new interface as parent
6491 * Returns: Pointer to the created interface or %NULL on failure
6493 * This function is used to add new network interfaces for %wpa_supplicant.
6494 * This can be called before wpa_supplicant_run() to add interfaces before the
6495 * main event loop has been started. In addition, new interfaces can be added
6496 * dynamically while %wpa_supplicant is already running. This could happen,
6497 * e.g., when a hotplug network adapter is inserted.
6499 struct wpa_supplicant
* wpa_supplicant_add_iface(struct wpa_global
*global
,
6500 struct wpa_interface
*iface
,
6501 struct wpa_supplicant
*parent
)
6503 struct wpa_supplicant
*wpa_s
;
6504 struct wpa_interface t_iface
;
6505 struct wpa_ssid
*ssid
;
6507 if (global
== NULL
|| iface
== NULL
)
6510 wpa_s
= wpa_supplicant_alloc(parent
);
6514 wpa_s
->global
= global
;
6517 if (global
->params
.override_driver
) {
6518 wpa_printf(MSG_DEBUG
, "Override interface parameter: driver "
6520 iface
->driver
, global
->params
.override_driver
);
6521 t_iface
.driver
= global
->params
.override_driver
;
6523 if (global
->params
.override_ctrl_interface
) {
6524 wpa_printf(MSG_DEBUG
, "Override interface parameter: "
6525 "ctrl_interface ('%s' -> '%s')",
6526 iface
->ctrl_interface
,
6527 global
->params
.override_ctrl_interface
);
6528 t_iface
.ctrl_interface
=
6529 global
->params
.override_ctrl_interface
;
6531 if (wpa_supplicant_init_iface(wpa_s
, &t_iface
)) {
6532 wpa_printf(MSG_DEBUG
, "Failed to add interface %s",
6534 wpa_supplicant_deinit_iface(wpa_s
, 0, 0);
6538 if (iface
->p2p_mgmt
== 0) {
6539 /* Notify the control interfaces about new iface */
6540 if (wpas_notify_iface_added(wpa_s
)) {
6541 wpa_supplicant_deinit_iface(wpa_s
, 1, 0);
6545 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
6546 wpas_notify_network_added(wpa_s
, ssid
);
6549 wpa_s
->next
= global
->ifaces
;
6550 global
->ifaces
= wpa_s
;
6552 wpa_dbg(wpa_s
, MSG_DEBUG
, "Added interface %s", wpa_s
->ifname
);
6553 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
6556 if (wpa_s
->global
->p2p
== NULL
&&
6557 !wpa_s
->global
->p2p_disabled
&& !wpa_s
->conf
->p2p_disabled
&&
6558 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
) &&
6559 wpas_p2p_add_p2pdev_interface(
6560 wpa_s
, wpa_s
->global
->params
.conf_p2p_dev
) < 0) {
6561 wpa_printf(MSG_INFO
,
6562 "P2P: Failed to enable P2P Device interface");
6563 /* Try to continue without. P2P will be disabled. */
6565 #endif /* CONFIG_P2P */
6572 * wpa_supplicant_remove_iface - Remove a network interface
6573 * @global: Pointer to global data from wpa_supplicant_init()
6574 * @wpa_s: Pointer to the network interface to be removed
6575 * Returns: 0 if interface was removed, -1 if interface was not found
6577 * This function can be used to dynamically remove network interfaces from
6578 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
6579 * addition, this function is used to remove all remaining interfaces when
6580 * %wpa_supplicant is terminated.
6582 int wpa_supplicant_remove_iface(struct wpa_global
*global
,
6583 struct wpa_supplicant
*wpa_s
,
6586 struct wpa_supplicant
*prev
;
6588 unsigned int mesh_if_created
= wpa_s
->mesh_if_created
;
6589 char *ifname
= NULL
;
6590 struct wpa_supplicant
*parent
= wpa_s
->parent
;
6591 #endif /* CONFIG_MESH */
6593 /* Remove interface from the global list of interfaces */
6594 prev
= global
->ifaces
;
6595 if (prev
== wpa_s
) {
6596 global
->ifaces
= wpa_s
->next
;
6598 while (prev
&& prev
->next
!= wpa_s
)
6602 prev
->next
= wpa_s
->next
;
6605 wpa_dbg(wpa_s
, MSG_DEBUG
, "Removing interface %s", wpa_s
->ifname
);
6608 if (mesh_if_created
) {
6609 ifname
= os_strdup(wpa_s
->ifname
);
6610 if (ifname
== NULL
) {
6611 wpa_dbg(wpa_s
, MSG_ERROR
,
6612 "mesh: Failed to malloc ifname");
6616 #endif /* CONFIG_MESH */
6618 if (global
->p2p_group_formation
== wpa_s
)
6619 global
->p2p_group_formation
= NULL
;
6620 if (global
->p2p_invite_group
== wpa_s
)
6621 global
->p2p_invite_group
= NULL
;
6622 wpa_supplicant_deinit_iface(wpa_s
, 1, terminate
);
6625 if (mesh_if_created
) {
6626 wpa_drv_if_remove(parent
, WPA_IF_MESH
, ifname
);
6629 #endif /* CONFIG_MESH */
6636 * wpa_supplicant_get_eap_mode - Get the current EAP mode
6637 * @wpa_s: Pointer to the network interface
6638 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
6640 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant
*wpa_s
)
6642 const char *eapol_method
;
6644 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) == 0 &&
6645 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
6649 eapol_method
= eapol_sm_get_method_name(wpa_s
->eapol
);
6650 if (eapol_method
== NULL
)
6651 return "UNKNOWN-EAP";
6653 return eapol_method
;
6658 * wpa_supplicant_get_iface - Get a new network interface
6659 * @global: Pointer to global data from wpa_supplicant_init()
6660 * @ifname: Interface name
6661 * Returns: Pointer to the interface or %NULL if not found
6663 struct wpa_supplicant
* wpa_supplicant_get_iface(struct wpa_global
*global
,
6666 struct wpa_supplicant
*wpa_s
;
6668 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
6669 if (os_strcmp(wpa_s
->ifname
, ifname
) == 0)
6676 #ifndef CONFIG_NO_WPA_MSG
6677 static const char * wpa_supplicant_msg_ifname_cb(void *ctx
)
6679 struct wpa_supplicant
*wpa_s
= ctx
;
6682 return wpa_s
->ifname
;
6684 #endif /* CONFIG_NO_WPA_MSG */
6687 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
6688 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
6689 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
6691 /* Periodic cleanup tasks */
6692 static void wpas_periodic(void *eloop_ctx
, void *timeout_ctx
)
6694 struct wpa_global
*global
= eloop_ctx
;
6695 struct wpa_supplicant
*wpa_s
;
6697 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL
, 0,
6698 wpas_periodic
, global
, NULL
);
6702 p2p_expire_peers(global
->p2p
);
6703 #endif /* CONFIG_P2P */
6705 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
6706 wpa_bss_flush_by_age(wpa_s
, wpa_s
->conf
->bss_expiration_age
);
6709 #endif /* CONFIG_AP */
6715 * wpa_supplicant_init - Initialize %wpa_supplicant
6716 * @params: Parameters for %wpa_supplicant
6717 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
6719 * This function is used to initialize %wpa_supplicant. After successful
6720 * initialization, the returned data pointer can be used to add and remove
6721 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
6723 struct wpa_global
* wpa_supplicant_init(struct wpa_params
*params
)
6725 struct wpa_global
*global
;
6731 #ifdef CONFIG_DRIVER_NDIS
6733 void driver_ndis_init_ops(void);
6734 driver_ndis_init_ops();
6736 #endif /* CONFIG_DRIVER_NDIS */
6738 #ifndef CONFIG_NO_WPA_MSG
6739 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb
);
6740 #endif /* CONFIG_NO_WPA_MSG */
6742 if (params
->wpa_debug_file_path
)
6743 wpa_debug_open_file(params
->wpa_debug_file_path
);
6744 if (!params
->wpa_debug_file_path
&& !params
->wpa_debug_syslog
)
6745 wpa_debug_setup_stdout();
6746 if (params
->wpa_debug_syslog
)
6747 wpa_debug_open_syslog();
6748 if (params
->wpa_debug_tracing
) {
6749 ret
= wpa_debug_open_linux_tracing();
6751 wpa_printf(MSG_ERROR
,
6752 "Failed to enable trace logging");
6757 ret
= eap_register_methods();
6759 wpa_printf(MSG_ERROR
, "Failed to register EAP methods");
6761 wpa_printf(MSG_ERROR
, "Two or more EAP methods used "
6762 "the same EAP type.");
6766 global
= os_zalloc(sizeof(*global
));
6769 dl_list_init(&global
->p2p_srv_bonjour
);
6770 dl_list_init(&global
->p2p_srv_upnp
);
6771 global
->params
.daemonize
= params
->daemonize
;
6772 global
->params
.wait_for_monitor
= params
->wait_for_monitor
;
6773 global
->params
.dbus_ctrl_interface
= params
->dbus_ctrl_interface
;
6774 if (params
->pid_file
)
6775 global
->params
.pid_file
= os_strdup(params
->pid_file
);
6776 if (params
->ctrl_interface
)
6777 global
->params
.ctrl_interface
=
6778 os_strdup(params
->ctrl_interface
);
6779 if (params
->ctrl_interface_group
)
6780 global
->params
.ctrl_interface_group
=
6781 os_strdup(params
->ctrl_interface_group
);
6782 if (params
->override_driver
)
6783 global
->params
.override_driver
=
6784 os_strdup(params
->override_driver
);
6785 if (params
->override_ctrl_interface
)
6786 global
->params
.override_ctrl_interface
=
6787 os_strdup(params
->override_ctrl_interface
);
6788 #ifdef CONFIG_MATCH_IFACE
6789 global
->params
.match_iface_count
= params
->match_iface_count
;
6790 if (params
->match_iface_count
) {
6791 global
->params
.match_ifaces
=
6792 os_calloc(params
->match_iface_count
,
6793 sizeof(struct wpa_interface
));
6794 os_memcpy(global
->params
.match_ifaces
,
6795 params
->match_ifaces
,
6796 params
->match_iface_count
*
6797 sizeof(struct wpa_interface
));
6799 #endif /* CONFIG_MATCH_IFACE */
6801 if (params
->conf_p2p_dev
)
6802 global
->params
.conf_p2p_dev
=
6803 os_strdup(params
->conf_p2p_dev
);
6804 #endif /* CONFIG_P2P */
6805 wpa_debug_level
= global
->params
.wpa_debug_level
=
6806 params
->wpa_debug_level
;
6807 wpa_debug_show_keys
= global
->params
.wpa_debug_show_keys
=
6808 params
->wpa_debug_show_keys
;
6809 wpa_debug_timestamp
= global
->params
.wpa_debug_timestamp
=
6810 params
->wpa_debug_timestamp
;
6812 wpa_printf(MSG_DEBUG
, "wpa_supplicant v" VERSION_STR
);
6815 wpa_printf(MSG_ERROR
, "Failed to initialize event loop");
6816 wpa_supplicant_deinit(global
);
6820 random_init(params
->entropy_file
);
6822 global
->ctrl_iface
= wpa_supplicant_global_ctrl_iface_init(global
);
6823 if (global
->ctrl_iface
== NULL
) {
6824 wpa_supplicant_deinit(global
);
6828 if (wpas_notify_supplicant_initialized(global
)) {
6829 wpa_supplicant_deinit(global
);
6833 for (i
= 0; wpa_drivers
[i
]; i
++)
6834 global
->drv_count
++;
6835 if (global
->drv_count
== 0) {
6836 wpa_printf(MSG_ERROR
, "No drivers enabled");
6837 wpa_supplicant_deinit(global
);
6840 global
->drv_priv
= os_calloc(global
->drv_count
, sizeof(void *));
6841 if (global
->drv_priv
== NULL
) {
6842 wpa_supplicant_deinit(global
);
6846 #ifdef CONFIG_WIFI_DISPLAY
6847 if (wifi_display_init(global
) < 0) {
6848 wpa_printf(MSG_ERROR
, "Failed to initialize Wi-Fi Display");
6849 wpa_supplicant_deinit(global
);
6852 #endif /* CONFIG_WIFI_DISPLAY */
6854 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL
, 0,
6855 wpas_periodic
, global
, NULL
);
6862 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
6863 * @global: Pointer to global data from wpa_supplicant_init()
6864 * Returns: 0 after successful event loop run, -1 on failure
6866 * This function starts the main event loop and continues running as long as
6867 * there are any remaining events. In most cases, this function is running as
6868 * long as the %wpa_supplicant process in still in use.
6870 int wpa_supplicant_run(struct wpa_global
*global
)
6872 struct wpa_supplicant
*wpa_s
;
6874 if (global
->params
.daemonize
&&
6875 (wpa_supplicant_daemon(global
->params
.pid_file
) ||
6876 eloop_sock_requeue()))
6879 #ifdef CONFIG_MATCH_IFACE
6880 if (wpa_supplicant_match_existing(global
))
6884 if (global
->params
.wait_for_monitor
) {
6885 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
)
6886 if (wpa_s
->ctrl_iface
&& !wpa_s
->p2p_mgmt
)
6887 wpa_supplicant_ctrl_iface_wait(
6891 eloop_register_signal_terminate(wpa_supplicant_terminate
, global
);
6892 eloop_register_signal_reconfig(wpa_supplicant_reconfig
, global
);
6901 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
6902 * @global: Pointer to global data from wpa_supplicant_init()
6904 * This function is called to deinitialize %wpa_supplicant and to free all
6905 * allocated resources. Remaining network interfaces will also be removed.
6907 void wpa_supplicant_deinit(struct wpa_global
*global
)
6914 eloop_cancel_timeout(wpas_periodic
, global
, NULL
);
6916 #ifdef CONFIG_WIFI_DISPLAY
6917 wifi_display_deinit(global
);
6918 #endif /* CONFIG_WIFI_DISPLAY */
6920 while (global
->ifaces
)
6921 wpa_supplicant_remove_iface(global
, global
->ifaces
, 1);
6923 if (global
->ctrl_iface
)
6924 wpa_supplicant_global_ctrl_iface_deinit(global
->ctrl_iface
);
6926 wpas_notify_supplicant_deinitialized(global
);
6928 eap_peer_unregister_methods();
6930 eap_server_unregister_methods();
6931 #endif /* CONFIG_AP */
6933 for (i
= 0; wpa_drivers
[i
] && global
->drv_priv
; i
++) {
6934 if (!global
->drv_priv
[i
])
6936 wpa_drivers
[i
]->global_deinit(global
->drv_priv
[i
]);
6938 os_free(global
->drv_priv
);
6944 if (global
->params
.pid_file
) {
6945 os_daemonize_terminate(global
->params
.pid_file
);
6946 os_free(global
->params
.pid_file
);
6948 os_free(global
->params
.ctrl_interface
);
6949 os_free(global
->params
.ctrl_interface_group
);
6950 os_free(global
->params
.override_driver
);
6951 os_free(global
->params
.override_ctrl_interface
);
6952 #ifdef CONFIG_MATCH_IFACE
6953 os_free(global
->params
.match_ifaces
);
6954 #endif /* CONFIG_MATCH_IFACE */
6956 os_free(global
->params
.conf_p2p_dev
);
6957 #endif /* CONFIG_P2P */
6959 os_free(global
->p2p_disallow_freq
.range
);
6960 os_free(global
->p2p_go_avoid_freq
.range
);
6961 os_free(global
->add_psk
);
6964 wpa_debug_close_syslog();
6965 wpa_debug_close_file();
6966 wpa_debug_close_linux_tracing();
6970 void wpa_supplicant_update_config(struct wpa_supplicant
*wpa_s
)
6972 if ((wpa_s
->conf
->changed_parameters
& CFG_CHANGED_COUNTRY
) &&
6973 wpa_s
->conf
->country
[0] && wpa_s
->conf
->country
[1]) {
6975 country
[0] = wpa_s
->conf
->country
[0];
6976 country
[1] = wpa_s
->conf
->country
[1];
6978 if (wpa_drv_set_country(wpa_s
, country
) < 0) {
6979 wpa_printf(MSG_ERROR
, "Failed to set country code "
6984 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_EXT_PW_BACKEND
)
6985 wpas_init_ext_pw(wpa_s
);
6987 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_SCHED_SCAN_PLANS
)
6988 wpas_sched_scan_plans_set(wpa_s
, wpa_s
->conf
->sched_scan_plans
);
6990 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_WOWLAN_TRIGGERS
) {
6991 struct wpa_driver_capa capa
;
6992 int res
= wpa_drv_get_capa(wpa_s
, &capa
);
6994 if (res
== 0 && wpas_set_wowlan_triggers(wpa_s
, &capa
) < 0)
6995 wpa_printf(MSG_ERROR
,
6996 "Failed to update wowlan_triggers to '%s'",
6997 wpa_s
->conf
->wowlan_triggers
);
7000 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_DISABLE_BTM
)
7001 wpa_supplicant_set_default_scan_ies(wpa_s
);
7004 wpas_wps_update_config(wpa_s
);
7005 #endif /* CONFIG_WPS */
7006 wpas_p2p_update_config(wpa_s
);
7007 wpa_s
->conf
->changed_parameters
= 0;
7011 void add_freq(int *freqs
, int *num_freqs
, int freq
)
7015 for (i
= 0; i
< *num_freqs
; i
++) {
7016 if (freqs
[i
] == freq
)
7020 freqs
[*num_freqs
] = freq
;
7025 static int * get_bss_freqs_in_ess(struct wpa_supplicant
*wpa_s
)
7027 struct wpa_bss
*bss
, *cbss
;
7028 const int max_freqs
= 10;
7032 freqs
= os_calloc(max_freqs
+ 1, sizeof(int));
7036 cbss
= wpa_s
->current_bss
;
7038 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
7041 if (bss
->ssid_len
== cbss
->ssid_len
&&
7042 os_memcmp(bss
->ssid
, cbss
->ssid
, bss
->ssid_len
) == 0 &&
7043 wpa_blacklist_get(wpa_s
, bss
->bssid
) == NULL
) {
7044 add_freq(freqs
, &num_freqs
, bss
->freq
);
7045 if (num_freqs
== max_freqs
)
7050 if (num_freqs
== 0) {
7059 void wpas_connection_failed(struct wpa_supplicant
*wpa_s
, const u8
*bssid
)
7065 wpas_connect_work_done(wpa_s
);
7068 * Remove possible authentication timeout since the connection failed.
7070 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
7073 * There is no point in blacklisting the AP if this event is
7074 * generated based on local request to disconnect.
7076 if (wpa_s
->own_disconnect_req
) {
7077 wpa_s
->own_disconnect_req
= 0;
7078 wpa_dbg(wpa_s
, MSG_DEBUG
,
7079 "Ignore connection failure due to local request to disconnect");
7082 if (wpa_s
->disconnected
) {
7083 wpa_dbg(wpa_s
, MSG_DEBUG
, "Ignore connection failure "
7084 "indication since interface has been put into "
7085 "disconnected state");
7090 * Add the failed BSSID into the blacklist and speed up next scan
7091 * attempt if there could be other APs that could accept association.
7092 * The current blacklist count indicates how many times we have tried
7093 * connecting to this AP and multiple attempts mean that other APs are
7094 * either not available or has already been tried, so that we can start
7095 * increasing the delay here to avoid constant scanning.
7097 count
= wpa_blacklist_add(wpa_s
, bssid
);
7098 if (count
== 1 && wpa_s
->current_bss
) {
7100 * This BSS was not in the blacklist before. If there is
7101 * another BSS available for the same ESS, we should try that
7102 * next. Otherwise, we may as well try this one once more
7103 * before allowing other, likely worse, ESSes to be considered.
7105 freqs
= get_bss_freqs_in_ess(wpa_s
);
7107 wpa_dbg(wpa_s
, MSG_DEBUG
, "Another BSS in this ESS "
7108 "has been seen; try it next");
7109 wpa_blacklist_add(wpa_s
, bssid
);
7111 * On the next scan, go through only the known channels
7112 * used in this ESS based on previous scans to speed up
7113 * common load balancing use case.
7115 os_free(wpa_s
->next_scan_freqs
);
7116 wpa_s
->next_scan_freqs
= freqs
;
7121 * Add previous failure count in case the temporary blacklist was
7122 * cleared due to no other BSSes being available.
7124 count
+= wpa_s
->extra_blacklist_count
;
7126 if (count
> 3 && wpa_s
->current_ssid
) {
7127 wpa_printf(MSG_DEBUG
, "Continuous association failures - "
7128 "consider temporary network disabling");
7129 wpas_auth_failed(wpa_s
, "CONN_FAILED");
7150 wpa_dbg(wpa_s
, MSG_DEBUG
, "Blacklist count %d --> request scan in %d "
7151 "ms", count
, timeout
);
7154 * TODO: if more than one possible AP is available in scan results,
7155 * could try the other ones before requesting a new scan.
7158 /* speed up the connection attempt with normal scan */
7159 wpa_s
->normal_scans
= 0;
7160 wpa_supplicant_req_scan(wpa_s
, timeout
/ 1000,
7161 1000 * (timeout
% 1000));
7166 void fils_connection_failure(struct wpa_supplicant
*wpa_s
)
7168 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
7169 const u8
*realm
, *username
, *rrk
;
7170 size_t realm_len
, username_len
, rrk_len
;
7173 if (!ssid
|| !ssid
->eap
.erp
|| !wpa_key_mgmt_fils(ssid
->key_mgmt
) ||
7174 eapol_sm_get_erp_info(wpa_s
->eapol
, &ssid
->eap
,
7175 &username
, &username_len
,
7176 &realm
, &realm_len
, &next_seq_num
,
7177 &rrk
, &rrk_len
) != 0 ||
7181 wpa_hexdump_ascii(MSG_DEBUG
,
7182 "FILS: Store last connection failure realm",
7184 os_free(wpa_s
->last_con_fail_realm
);
7185 wpa_s
->last_con_fail_realm
= os_malloc(realm_len
);
7186 if (wpa_s
->last_con_fail_realm
) {
7187 wpa_s
->last_con_fail_realm_len
= realm_len
;
7188 os_memcpy(wpa_s
->last_con_fail_realm
, realm
, realm_len
);
7191 #endif /* CONFIG_FILS */
7194 int wpas_driver_bss_selection(struct wpa_supplicant
*wpa_s
)
7196 return wpa_s
->conf
->ap_scan
== 2 ||
7197 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_BSS_SELECTION
);
7201 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
7202 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant
*wpa_s
,
7203 struct wpa_ssid
*ssid
,
7207 #ifdef IEEE8021X_EAPOL
7208 struct eap_peer_config
*eap
= &ssid
->eap
;
7210 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: response handle field=%s", field
);
7211 wpa_hexdump_ascii_key(MSG_DEBUG
, "CTRL_IFACE: response value",
7212 (const u8
*) value
, os_strlen(value
));
7214 switch (wpa_supplicant_ctrl_req_from_string(field
)) {
7215 case WPA_CTRL_REQ_EAP_IDENTITY
:
7216 os_free(eap
->identity
);
7217 eap
->identity
= (u8
*) os_strdup(value
);
7218 eap
->identity_len
= os_strlen(value
);
7219 eap
->pending_req_identity
= 0;
7220 if (ssid
== wpa_s
->current_ssid
)
7221 wpa_s
->reassociate
= 1;
7223 case WPA_CTRL_REQ_EAP_PASSWORD
:
7224 bin_clear_free(eap
->password
, eap
->password_len
);
7225 eap
->password
= (u8
*) os_strdup(value
);
7226 eap
->password_len
= os_strlen(value
);
7227 eap
->pending_req_password
= 0;
7228 if (ssid
== wpa_s
->current_ssid
)
7229 wpa_s
->reassociate
= 1;
7231 case WPA_CTRL_REQ_EAP_NEW_PASSWORD
:
7232 bin_clear_free(eap
->new_password
, eap
->new_password_len
);
7233 eap
->new_password
= (u8
*) os_strdup(value
);
7234 eap
->new_password_len
= os_strlen(value
);
7235 eap
->pending_req_new_password
= 0;
7236 if (ssid
== wpa_s
->current_ssid
)
7237 wpa_s
->reassociate
= 1;
7239 case WPA_CTRL_REQ_EAP_PIN
:
7240 str_clear_free(eap
->cert
.pin
);
7241 eap
->cert
.pin
= os_strdup(value
);
7242 eap
->pending_req_pin
= 0;
7243 if (ssid
== wpa_s
->current_ssid
)
7244 wpa_s
->reassociate
= 1;
7246 case WPA_CTRL_REQ_EAP_OTP
:
7247 bin_clear_free(eap
->otp
, eap
->otp_len
);
7248 eap
->otp
= (u8
*) os_strdup(value
);
7249 eap
->otp_len
= os_strlen(value
);
7250 os_free(eap
->pending_req_otp
);
7251 eap
->pending_req_otp
= NULL
;
7252 eap
->pending_req_otp_len
= 0;
7254 case WPA_CTRL_REQ_EAP_PASSPHRASE
:
7255 str_clear_free(eap
->cert
.private_key_passwd
);
7256 eap
->cert
.private_key_passwd
= os_strdup(value
);
7257 eap
->pending_req_passphrase
= 0;
7258 if (ssid
== wpa_s
->current_ssid
)
7259 wpa_s
->reassociate
= 1;
7261 case WPA_CTRL_REQ_SIM
:
7262 str_clear_free(eap
->external_sim_resp
);
7263 eap
->external_sim_resp
= os_strdup(value
);
7264 eap
->pending_req_sim
= 0;
7266 case WPA_CTRL_REQ_PSK_PASSPHRASE
:
7267 if (wpa_config_set(ssid
, "psk", value
, 0) < 0)
7269 ssid
->mem_only_psk
= 1;
7270 if (ssid
->passphrase
)
7271 wpa_config_update_psk(ssid
);
7272 if (wpa_s
->wpa_state
== WPA_SCANNING
&& !wpa_s
->scanning
)
7273 wpa_supplicant_req_scan(wpa_s
, 0, 0);
7275 case WPA_CTRL_REQ_EXT_CERT_CHECK
:
7276 if (eap
->pending_ext_cert_check
!= PENDING_CHECK
)
7278 if (os_strcmp(value
, "good") == 0)
7279 eap
->pending_ext_cert_check
= EXT_CERT_CHECK_GOOD
;
7280 else if (os_strcmp(value
, "bad") == 0)
7281 eap
->pending_ext_cert_check
= EXT_CERT_CHECK_BAD
;
7286 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: Unknown field '%s'", field
);
7291 #else /* IEEE8021X_EAPOL */
7292 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: IEEE 802.1X not included");
7294 #endif /* IEEE8021X_EAPOL */
7296 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
7299 int wpas_network_disabled(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
7302 unsigned int drv_enc
;
7304 if (wpa_s
->p2p_mgmt
)
7305 return 1; /* no normal network profiles on p2p_mgmt interface */
7313 if (wpa_s
->drv_capa_known
)
7314 drv_enc
= wpa_s
->drv_enc
;
7316 drv_enc
= (unsigned int) -1;
7318 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
7319 size_t len
= ssid
->wep_key_len
[i
];
7322 if (len
== 5 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP40
))
7324 if (len
== 13 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP104
))
7326 if (len
== 16 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP128
))
7328 return 1; /* invalid WEP key */
7331 if (wpa_key_mgmt_wpa_psk(ssid
->key_mgmt
) && !ssid
->psk_set
&&
7332 (!ssid
->passphrase
|| ssid
->ssid_len
!= 0) && !ssid
->ext_psk
&&
7333 !(wpa_key_mgmt_sae(ssid
->key_mgmt
) && ssid
->sae_password
) &&
7334 !ssid
->mem_only_psk
)
7341 int wpas_get_ssid_pmf(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
7343 if (ssid
== NULL
|| ssid
->ieee80211w
== MGMT_FRAME_PROTECTION_DEFAULT
) {
7344 if (wpa_s
->conf
->pmf
== MGMT_FRAME_PROTECTION_OPTIONAL
&&
7345 !(wpa_s
->drv_enc
& WPA_DRIVER_CAPA_ENC_BIP
)) {
7347 * Driver does not support BIP -- ignore pmf=1 default
7348 * since the connection with PMF would fail and the
7349 * configuration does not require PMF to be enabled.
7351 return NO_MGMT_FRAME_PROTECTION
;
7356 ~(WPA_KEY_MGMT_NONE
| WPA_KEY_MGMT_WPS
|
7357 WPA_KEY_MGMT_IEEE8021X_NO_WPA
)) == 0) {
7359 * Do not use the default PMF value for non-RSN networks
7360 * since PMF is available only with RSN and pmf=2
7361 * configuration would otherwise prevent connections to
7362 * all open networks.
7364 return NO_MGMT_FRAME_PROTECTION
;
7367 return wpa_s
->conf
->pmf
;
7370 return ssid
->ieee80211w
;
7374 int wpas_is_p2p_prioritized(struct wpa_supplicant
*wpa_s
)
7376 if (wpa_s
->global
->conc_pref
== WPA_CONC_PREF_P2P
)
7378 if (wpa_s
->global
->conc_pref
== WPA_CONC_PREF_STA
)
7384 void wpas_auth_failed(struct wpa_supplicant
*wpa_s
, char *reason
)
7386 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
7388 struct os_reltime now
;
7391 wpa_printf(MSG_DEBUG
, "Authentication failure but no known "
7396 if (ssid
->key_mgmt
== WPA_KEY_MGMT_WPS
)
7399 ssid
->auth_failures
++;
7402 if (ssid
->p2p_group
&&
7403 (wpa_s
->p2p_in_provisioning
|| wpa_s
->show_group_started
)) {
7405 * Skip the wait time since there is a short timeout on the
7406 * connection to a P2P group.
7410 #endif /* CONFIG_P2P */
7412 if (ssid
->auth_failures
> 50)
7414 else if (ssid
->auth_failures
> 10)
7416 else if (ssid
->auth_failures
> 5)
7418 else if (ssid
->auth_failures
> 3)
7420 else if (ssid
->auth_failures
> 2)
7422 else if (ssid
->auth_failures
> 1)
7427 if (ssid
->auth_failures
> 1 &&
7428 wpa_key_mgmt_wpa_ieee8021x(ssid
->key_mgmt
))
7429 dur
+= os_random() % (ssid
->auth_failures
* 10);
7431 os_get_reltime(&now
);
7432 if (now
.sec
+ dur
<= ssid
->disabled_until
.sec
)
7435 ssid
->disabled_until
.sec
= now
.sec
+ dur
;
7437 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_TEMP_DISABLED
7438 "id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
7439 ssid
->id
, wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
),
7440 ssid
->auth_failures
, dur
, reason
);
7444 void wpas_clear_temp_disabled(struct wpa_supplicant
*wpa_s
,
7445 struct wpa_ssid
*ssid
, int clear_failures
)
7450 if (ssid
->disabled_until
.sec
) {
7451 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_REENABLED
7452 "id=%d ssid=\"%s\"",
7453 ssid
->id
, wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
));
7455 ssid
->disabled_until
.sec
= 0;
7456 ssid
->disabled_until
.usec
= 0;
7458 ssid
->auth_failures
= 0;
7462 int disallowed_bssid(struct wpa_supplicant
*wpa_s
, const u8
*bssid
)
7466 if (wpa_s
->disallow_aps_bssid
== NULL
)
7469 for (i
= 0; i
< wpa_s
->disallow_aps_bssid_count
; i
++) {
7470 if (os_memcmp(wpa_s
->disallow_aps_bssid
+ i
* ETH_ALEN
,
7471 bssid
, ETH_ALEN
) == 0)
7479 int disallowed_ssid(struct wpa_supplicant
*wpa_s
, const u8
*ssid
,
7484 if (wpa_s
->disallow_aps_ssid
== NULL
|| ssid
== NULL
)
7487 for (i
= 0; i
< wpa_s
->disallow_aps_ssid_count
; i
++) {
7488 struct wpa_ssid_value
*s
= &wpa_s
->disallow_aps_ssid
[i
];
7489 if (ssid_len
== s
->ssid_len
&&
7490 os_memcmp(ssid
, s
->ssid
, ssid_len
) == 0)
7499 * wpas_request_connection - Request a new connection
7500 * @wpa_s: Pointer to the network interface
7502 * This function is used to request a new connection to be found. It will mark
7503 * the interface to allow reassociation and request a new scan to find a
7504 * suitable network to connect to.
7506 void wpas_request_connection(struct wpa_supplicant
*wpa_s
)
7508 wpa_s
->normal_scans
= 0;
7509 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
7510 wpa_supplicant_reinit_autoscan(wpa_s
);
7511 wpa_s
->extra_blacklist_count
= 0;
7512 wpa_s
->disconnected
= 0;
7513 wpa_s
->reassociate
= 1;
7514 wpa_s
->last_owe_group
= 0;
7516 if (wpa_supplicant_fast_associate(wpa_s
) != 1)
7517 wpa_supplicant_req_scan(wpa_s
, 0, 0);
7519 wpa_s
->reattach
= 0;
7524 * wpas_request_disconnection - Request disconnection
7525 * @wpa_s: Pointer to the network interface
7527 * This function is used to request disconnection from the currently connected
7528 * network. This will stop any ongoing scans and initiate deauthentication.
7530 void wpas_request_disconnection(struct wpa_supplicant
*wpa_s
)
7533 wpa_s
->sme
.prev_bssid_set
= 0;
7534 #endif /* CONFIG_SME */
7535 wpa_s
->reassociate
= 0;
7536 wpa_s
->disconnected
= 1;
7537 wpa_supplicant_cancel_sched_scan(wpa_s
);
7538 wpa_supplicant_cancel_scan(wpa_s
);
7539 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
7540 eloop_cancel_timeout(wpas_network_reenabled
, wpa_s
, NULL
);
7541 radio_remove_works(wpa_s
, "connect", 0);
7542 radio_remove_works(wpa_s
, "sme-connect", 0);
7546 void dump_freq_data(struct wpa_supplicant
*wpa_s
, const char *title
,
7547 struct wpa_used_freq_data
*freqs_data
,
7552 wpa_dbg(wpa_s
, MSG_DEBUG
, "Shared frequencies (len=%u): %s",
7554 for (i
= 0; i
< len
; i
++) {
7555 struct wpa_used_freq_data
*cur
= &freqs_data
[i
];
7556 wpa_dbg(wpa_s
, MSG_DEBUG
, "freq[%u]: %d, flags=0x%X",
7557 i
, cur
->freq
, cur
->flags
);
7563 * Find the operating frequencies of any of the virtual interfaces that
7564 * are using the same radio as the current interface, and in addition, get
7565 * information about the interface types that are using the frequency.
7567 int get_shared_radio_freqs_data(struct wpa_supplicant
*wpa_s
,
7568 struct wpa_used_freq_data
*freqs_data
,
7571 struct wpa_supplicant
*ifs
;
7574 unsigned int idx
= 0, i
;
7576 wpa_dbg(wpa_s
, MSG_DEBUG
,
7577 "Determining shared radio frequencies (max len %u)", len
);
7578 os_memset(freqs_data
, 0, sizeof(struct wpa_used_freq_data
) * len
);
7580 dl_list_for_each(ifs
, &wpa_s
->radio
->ifaces
, struct wpa_supplicant
,
7585 if (ifs
->current_ssid
== NULL
|| ifs
->assoc_freq
== 0)
7588 if (ifs
->current_ssid
->mode
== WPAS_MODE_AP
||
7589 ifs
->current_ssid
->mode
== WPAS_MODE_P2P_GO
||
7590 ifs
->current_ssid
->mode
== WPAS_MODE_MESH
)
7591 freq
= ifs
->current_ssid
->frequency
;
7592 else if (wpa_drv_get_bssid(ifs
, bssid
) == 0)
7593 freq
= ifs
->assoc_freq
;
7597 /* Hold only distinct freqs */
7598 for (i
= 0; i
< idx
; i
++)
7599 if (freqs_data
[i
].freq
== freq
)
7603 freqs_data
[idx
++].freq
= freq
;
7605 if (ifs
->current_ssid
->mode
== WPAS_MODE_INFRA
) {
7606 freqs_data
[i
].flags
|= ifs
->current_ssid
->p2p_group
?
7607 WPA_FREQ_USED_BY_P2P_CLIENT
:
7608 WPA_FREQ_USED_BY_INFRA_STATION
;
7612 dump_freq_data(wpa_s
, "completed iteration", freqs_data
, idx
);
7618 * Find the operating frequencies of any of the virtual interfaces that
7619 * are using the same radio as the current interface.
7621 int get_shared_radio_freqs(struct wpa_supplicant
*wpa_s
,
7622 int *freq_array
, unsigned int len
)
7624 struct wpa_used_freq_data
*freqs_data
;
7627 os_memset(freq_array
, 0, sizeof(int) * len
);
7629 freqs_data
= os_calloc(len
, sizeof(struct wpa_used_freq_data
));
7633 num
= get_shared_radio_freqs_data(wpa_s
, freqs_data
, len
);
7634 for (i
= 0; i
< num
; i
++)
7635 freq_array
[i
] = freqs_data
[i
].freq
;
7637 os_free(freqs_data
);
7643 struct wpa_supplicant
*
7644 wpas_vendor_elem(struct wpa_supplicant
*wpa_s
, enum wpa_vendor_elem_frame frame
)
7648 case VENDOR_ELEM_PROBE_REQ_P2P
:
7649 case VENDOR_ELEM_PROBE_RESP_P2P
:
7650 case VENDOR_ELEM_PROBE_RESP_P2P_GO
:
7651 case VENDOR_ELEM_BEACON_P2P_GO
:
7652 case VENDOR_ELEM_P2P_PD_REQ
:
7653 case VENDOR_ELEM_P2P_PD_RESP
:
7654 case VENDOR_ELEM_P2P_GO_NEG_REQ
:
7655 case VENDOR_ELEM_P2P_GO_NEG_RESP
:
7656 case VENDOR_ELEM_P2P_GO_NEG_CONF
:
7657 case VENDOR_ELEM_P2P_INV_REQ
:
7658 case VENDOR_ELEM_P2P_INV_RESP
:
7659 case VENDOR_ELEM_P2P_ASSOC_REQ
:
7660 case VENDOR_ELEM_P2P_ASSOC_RESP
:
7661 return wpa_s
->p2pdev
;
7662 #endif /* CONFIG_P2P */
7669 void wpas_vendor_elem_update(struct wpa_supplicant
*wpa_s
)
7674 wpa_printf(MSG_DEBUG
, "Update vendor elements");
7676 for (i
= 0; i
< NUM_VENDOR_ELEM_FRAMES
; i
++) {
7677 if (wpa_s
->vendor_elem
[i
]) {
7680 res
= os_snprintf(buf
, sizeof(buf
), "frame[%u]", i
);
7681 if (!os_snprintf_error(sizeof(buf
), res
)) {
7682 wpa_hexdump_buf(MSG_DEBUG
, buf
,
7683 wpa_s
->vendor_elem
[i
]);
7689 if (wpa_s
->parent
== wpa_s
&&
7690 wpa_s
->global
->p2p
&&
7691 !wpa_s
->global
->p2p_disabled
)
7692 p2p_set_vendor_elems(wpa_s
->global
->p2p
, wpa_s
->vendor_elem
);
7693 #endif /* CONFIG_P2P */
7697 int wpas_vendor_elem_remove(struct wpa_supplicant
*wpa_s
, int frame
,
7698 const u8
*elem
, size_t len
)
7702 ie
= wpabuf_mhead_u8(wpa_s
->vendor_elem
[frame
]);
7703 end
= ie
+ wpabuf_len(wpa_s
->vendor_elem
[frame
]);
7705 for (; ie
+ 1 < end
; ie
+= 2 + ie
[1]) {
7708 if (os_memcmp(ie
, elem
, len
) != 0)
7711 if (wpabuf_len(wpa_s
->vendor_elem
[frame
]) == len
) {
7712 wpabuf_free(wpa_s
->vendor_elem
[frame
]);
7713 wpa_s
->vendor_elem
[frame
] = NULL
;
7715 os_memmove(ie
, ie
+ len
, end
- (ie
+ len
));
7716 wpa_s
->vendor_elem
[frame
]->used
-= len
;
7718 wpas_vendor_elem_update(wpa_s
);
7726 struct hostapd_hw_modes
* get_mode(struct hostapd_hw_modes
*modes
,
7727 u16 num_modes
, enum hostapd_hw_mode mode
)
7731 for (i
= 0; i
< num_modes
; i
++) {
7732 if (modes
[i
].mode
== mode
)
7741 wpa_bss_tmp_disallowed
* wpas_get_disallowed_bss(struct wpa_supplicant
*wpa_s
,
7744 struct wpa_bss_tmp_disallowed
*bss
;
7746 dl_list_for_each(bss
, &wpa_s
->bss_tmp_disallowed
,
7747 struct wpa_bss_tmp_disallowed
, list
) {
7748 if (os_memcmp(bssid
, bss
->bssid
, ETH_ALEN
) == 0)
7756 static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant
*wpa_s
)
7758 struct wpa_bss_tmp_disallowed
*tmp
;
7759 unsigned int num_bssid
= 0;
7763 bssids
= os_malloc(dl_list_len(&wpa_s
->bss_tmp_disallowed
) * ETH_ALEN
);
7766 dl_list_for_each(tmp
, &wpa_s
->bss_tmp_disallowed
,
7767 struct wpa_bss_tmp_disallowed
, list
) {
7768 os_memcpy(&bssids
[num_bssid
* ETH_ALEN
], tmp
->bssid
,
7772 ret
= wpa_drv_set_bssid_blacklist(wpa_s
, num_bssid
, bssids
);
7778 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx
, void *timeout_ctx
)
7780 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
7781 struct wpa_bss_tmp_disallowed
*tmp
, *bss
= timeout_ctx
;
7783 /* Make sure the bss is not already freed */
7784 dl_list_for_each(tmp
, &wpa_s
->bss_tmp_disallowed
,
7785 struct wpa_bss_tmp_disallowed
, list
) {
7787 dl_list_del(&tmp
->list
);
7789 wpa_set_driver_tmp_disallow_list(wpa_s
);
7796 void wpa_bss_tmp_disallow(struct wpa_supplicant
*wpa_s
, const u8
*bssid
,
7797 unsigned int sec
, int rssi_threshold
)
7799 struct wpa_bss_tmp_disallowed
*bss
;
7801 bss
= wpas_get_disallowed_bss(wpa_s
, bssid
);
7803 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout
, wpa_s
, bss
);
7807 bss
= os_malloc(sizeof(*bss
));
7809 wpa_printf(MSG_DEBUG
,
7810 "Failed to allocate memory for temp disallow BSS");
7814 os_memcpy(bss
->bssid
, bssid
, ETH_ALEN
);
7815 dl_list_add(&wpa_s
->bss_tmp_disallowed
, &bss
->list
);
7816 wpa_set_driver_tmp_disallow_list(wpa_s
);
7819 bss
->rssi_threshold
= rssi_threshold
;
7820 eloop_register_timeout(sec
, 0, wpa_bss_tmp_disallow_timeout
,
7825 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant
*wpa_s
,
7826 struct wpa_bss
*bss
)
7828 struct wpa_bss_tmp_disallowed
*disallowed
= NULL
, *tmp
, *prev
;
7830 dl_list_for_each_safe(tmp
, prev
, &wpa_s
->bss_tmp_disallowed
,
7831 struct wpa_bss_tmp_disallowed
, list
) {
7832 if (os_memcmp(bss
->bssid
, tmp
->bssid
, ETH_ALEN
) == 0) {
7840 if (disallowed
->rssi_threshold
!= 0 &&
7841 bss
->level
> disallowed
->rssi_threshold
)
7848 int wpas_enable_mac_addr_randomization(struct wpa_supplicant
*wpa_s
,
7849 unsigned int type
, const u8
*addr
,
7852 if ((addr
&& !mask
) || (!addr
&& mask
)) {
7853 wpa_printf(MSG_INFO
,
7854 "MAC_ADDR_RAND_SCAN invalid addr/mask combination");
7858 if (addr
&& mask
&& (!(mask
[0] & 0x01) || (addr
[0] & 0x01))) {
7859 wpa_printf(MSG_INFO
,
7860 "MAC_ADDR_RAND_SCAN cannot allow multicast address");
7864 if (type
& MAC_ADDR_RAND_SCAN
) {
7865 if (wpas_mac_addr_rand_scan_set(wpa_s
, MAC_ADDR_RAND_SCAN
,
7870 if (type
& MAC_ADDR_RAND_SCHED_SCAN
) {
7871 if (wpas_mac_addr_rand_scan_set(wpa_s
, MAC_ADDR_RAND_SCHED_SCAN
,
7875 if (wpa_s
->sched_scanning
&& !wpa_s
->pno
)
7876 wpas_scan_restart_sched_scan(wpa_s
);
7879 if (type
& MAC_ADDR_RAND_PNO
) {
7880 if (wpas_mac_addr_rand_scan_set(wpa_s
, MAC_ADDR_RAND_PNO
,
7885 wpas_stop_pno(wpa_s
);
7886 wpas_start_pno(wpa_s
);
7894 int wpas_disable_mac_addr_randomization(struct wpa_supplicant
*wpa_s
,
7897 wpas_mac_addr_rand_scan_clear(wpa_s
, type
);
7899 if (type
& MAC_ADDR_RAND_PNO
) {
7900 wpas_stop_pno(wpa_s
);
7901 wpas_start_pno(wpa_s
);
7903 } else if (wpa_s
->sched_scanning
&& (type
& MAC_ADDR_RAND_SCHED_SCAN
)) {
7904 wpas_scan_restart_sched_scan(wpa_s
);
7911 int wpa_drv_signal_poll(struct wpa_supplicant
*wpa_s
,
7912 struct wpa_signal_info
*si
)
7916 if (!wpa_s
->driver
->signal_poll
)
7919 res
= wpa_s
->driver
->signal_poll(wpa_s
->drv_priv
, si
);
7921 #ifdef CONFIG_TESTING_OPTIONS
7923 struct driver_signal_override
*dso
;
7925 dl_list_for_each(dso
, &wpa_s
->drv_signal_override
,
7926 struct driver_signal_override
, list
) {
7927 if (os_memcmp(wpa_s
->bssid
, dso
->bssid
,
7930 wpa_printf(MSG_DEBUG
,
7931 "Override driver signal_poll information: current_signal: %d->%d avg_signal: %d->%d avg_beacon_signal: %d->%d current_noise: %d->%d",
7933 dso
->si_current_signal
,
7936 si
->avg_beacon_signal
,
7937 dso
->si_avg_beacon_signal
,
7939 dso
->si_current_noise
);
7940 si
->current_signal
= dso
->si_current_signal
;
7941 si
->avg_signal
= dso
->si_avg_signal
;
7942 si
->avg_beacon_signal
= dso
->si_avg_beacon_signal
;
7943 si
->current_noise
= dso
->si_current_noise
;
7947 #endif /* CONFIG_TESTING_OPTIONS */
7953 struct wpa_scan_results
*
7954 wpa_drv_get_scan_results2(struct wpa_supplicant
*wpa_s
)
7956 struct wpa_scan_results
*scan_res
;
7957 #ifdef CONFIG_TESTING_OPTIONS
7959 #endif /* CONFIG_TESTING_OPTIONS */
7961 if (!wpa_s
->driver
->get_scan_results2
)
7964 scan_res
= wpa_s
->driver
->get_scan_results2(wpa_s
->drv_priv
);
7966 #ifdef CONFIG_TESTING_OPTIONS
7967 for (idx
= 0; scan_res
&& idx
< scan_res
->num
; idx
++) {
7968 struct driver_signal_override
*dso
;
7969 struct wpa_scan_res
*res
= scan_res
->res
[idx
];
7971 dl_list_for_each(dso
, &wpa_s
->drv_signal_override
,
7972 struct driver_signal_override
, list
) {
7973 if (os_memcmp(res
->bssid
, dso
->bssid
, ETH_ALEN
) != 0)
7975 wpa_printf(MSG_DEBUG
,
7976 "Override driver scan signal level %d->%d for "
7978 res
->level
, dso
->scan_level
,
7979 MAC2STR(res
->bssid
));
7980 res
->flags
|= WPA_SCAN_QUAL_INVALID
;
7981 if (dso
->scan_level
< 0)
7982 res
->flags
|= WPA_SCAN_LEVEL_DBM
;
7984 res
->flags
&= ~WPA_SCAN_LEVEL_DBM
;
7985 res
->level
= dso
->scan_level
;
7989 #endif /* CONFIG_TESTING_OPTIONS */