3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
14 #ifdef CONFIG_MATCH_IFACE
17 #endif /* CONFIG_MATCH_IFACE */
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_common.h"
40 #include "common/ieee802_11_defs.h"
41 #include "common/hw_features_common.h"
42 #include "common/gas_server.h"
43 #include "common/dpp.h"
46 #include "blacklist.h"
47 #include "wpas_glue.h"
48 #include "wps_supplicant.h"
51 #include "gas_query.h"
53 #include "p2p_supplicant.h"
54 #include "wifi_display.h"
60 #include "offchannel.h"
61 #include "hs20_supplicant.h"
65 #include "dpp_supplicant.h"
67 #include "ap/ap_config.h"
68 #include "ap/hostapd.h"
69 #endif /* CONFIG_MESH */
71 const char *const wpa_supplicant_version
=
72 "wpa_supplicant v" VERSION_STR
"\n"
73 "Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
75 const char *const wpa_supplicant_license
=
76 "This software may be distributed under the terms of the BSD license.\n"
77 "See README for more details.\n"
78 #ifdef EAP_TLS_OPENSSL
79 "\nThis product includes software developed by the OpenSSL Project\n"
80 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
81 #endif /* EAP_TLS_OPENSSL */
84 #ifndef CONFIG_NO_STDOUT_DEBUG
85 /* Long text divided into parts in order to fit in C89 strings size limits. */
86 const char *const wpa_supplicant_full_license1
=
88 const char *const wpa_supplicant_full_license2
=
89 "This software may be distributed under the terms of the BSD license.\n"
91 "Redistribution and use in source and binary forms, with or without\n"
92 "modification, are permitted provided that the following conditions are\n"
95 const char *const wpa_supplicant_full_license3
=
96 "1. Redistributions of source code must retain the above copyright\n"
97 " notice, this list of conditions and the following disclaimer.\n"
99 "2. Redistributions in binary form must reproduce the above copyright\n"
100 " notice, this list of conditions and the following disclaimer in the\n"
101 " documentation and/or other materials provided with the distribution.\n"
103 const char *const wpa_supplicant_full_license4
=
104 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
105 " names of its contributors may be used to endorse or promote products\n"
106 " derived from this software without specific prior written permission.\n"
108 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
109 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
110 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
111 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
112 const char *const wpa_supplicant_full_license5
=
113 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
114 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
115 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
116 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
117 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
118 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
119 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
121 #endif /* CONFIG_NO_STDOUT_DEBUG */
124 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx
, void *timeout_ctx
);
125 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
126 static void wpas_update_fils_connect_params(struct wpa_supplicant
*wpa_s
);
127 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
129 static void wpas_update_owe_connect_params(struct wpa_supplicant
*wpa_s
);
130 #endif /* CONFIG_OWE */
134 /* Configure default/group WEP keys for static WEP */
135 int wpa_set_wep_keys(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
139 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
140 if (ssid
->wep_key_len
[i
] == 0)
144 wpa_drv_set_key(wpa_s
, WPA_ALG_WEP
, NULL
,
145 i
, i
== ssid
->wep_tx_keyidx
, NULL
, 0,
146 ssid
->wep_key
[i
], ssid
->wep_key_len
[i
],
147 i
== ssid
->wep_tx_keyidx
?
148 KEY_FLAG_GROUP_RX_TX_DEFAULT
:
149 KEY_FLAG_GROUP_RX_TX
);
154 #endif /* CONFIG_WEP */
157 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant
*wpa_s
,
158 struct wpa_ssid
*ssid
)
166 /* IBSS/WPA-None uses only one key (Group) for both receiving and
167 * sending unicast and multicast packets. */
169 if (ssid
->mode
!= WPAS_MODE_IBSS
) {
170 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Invalid mode %d (not "
171 "IBSS/ad-hoc) for WPA-None", ssid
->mode
);
175 if (!ssid
->psk_set
) {
176 wpa_msg(wpa_s
, MSG_INFO
, "WPA: No PSK configured for "
181 switch (wpa_s
->group_cipher
) {
182 case WPA_CIPHER_CCMP
:
183 os_memcpy(key
, ssid
->psk
, 16);
187 case WPA_CIPHER_GCMP
:
188 os_memcpy(key
, ssid
->psk
, 16);
192 case WPA_CIPHER_TKIP
:
193 /* WPA-None uses the same Michael MIC key for both TX and RX */
194 os_memcpy(key
, ssid
->psk
, 16 + 8);
195 os_memcpy(key
+ 16 + 8, ssid
->psk
+ 16, 8);
200 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Invalid group cipher %d for "
201 "WPA-None", wpa_s
->group_cipher
);
205 /* TODO: should actually remember the previously used seq#, both for TX
206 * and RX from each STA.. */
208 ret
= wpa_drv_set_key(wpa_s
, alg
, NULL
, 0, 1, seq
, 6, key
, keylen
,
209 KEY_FLAG_GROUP_RX_TX_DEFAULT
);
210 os_memset(key
, 0, sizeof(key
));
215 static void wpa_supplicant_timeout(void *eloop_ctx
, void *timeout_ctx
)
217 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
218 const u8
*bssid
= wpa_s
->bssid
;
219 if (!is_zero_ether_addr(wpa_s
->pending_bssid
) &&
220 (wpa_s
->wpa_state
== WPA_AUTHENTICATING
||
221 wpa_s
->wpa_state
== WPA_ASSOCIATING
))
222 bssid
= wpa_s
->pending_bssid
;
223 wpa_msg(wpa_s
, MSG_INFO
, "Authentication with " MACSTR
" timed out.",
225 wpa_blacklist_add(wpa_s
, bssid
);
226 wpa_sm_notify_disassoc(wpa_s
->wpa
);
227 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
228 wpa_s
->reassociate
= 1;
231 * If we timed out, the AP or the local radio may be busy.
232 * So, wait a second until scanning again.
234 wpa_supplicant_req_scan(wpa_s
, 1, 0);
239 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
240 * @wpa_s: Pointer to wpa_supplicant data
241 * @sec: Number of seconds after which to time out authentication
242 * @usec: Number of microseconds after which to time out authentication
244 * This function is used to schedule a timeout for the current authentication
247 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant
*wpa_s
,
250 if (wpa_s
->conf
->ap_scan
== 0 &&
251 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
))
254 wpa_dbg(wpa_s
, MSG_DEBUG
, "Setting authentication timeout: %d sec "
255 "%d usec", sec
, usec
);
256 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
257 wpa_s
->last_auth_timeout_sec
= sec
;
258 eloop_register_timeout(sec
, usec
, wpa_supplicant_timeout
, wpa_s
, NULL
);
263 * wpas_auth_timeout_restart - Restart and change timeout for authentication
264 * @wpa_s: Pointer to wpa_supplicant data
265 * @sec_diff: difference in seconds applied to original timeout value
267 void wpas_auth_timeout_restart(struct wpa_supplicant
*wpa_s
, int sec_diff
)
269 int new_sec
= wpa_s
->last_auth_timeout_sec
+ sec_diff
;
271 if (eloop_is_timeout_registered(wpa_supplicant_timeout
, wpa_s
, NULL
)) {
272 wpa_dbg(wpa_s
, MSG_DEBUG
,
273 "Authentication timeout restart: %d sec", new_sec
);
274 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
275 eloop_register_timeout(new_sec
, 0, wpa_supplicant_timeout
,
282 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
283 * @wpa_s: Pointer to wpa_supplicant data
285 * This function is used to cancel authentication timeout scheduled with
286 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
289 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant
*wpa_s
)
291 wpa_dbg(wpa_s
, MSG_DEBUG
, "Cancelling authentication timeout");
292 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
293 wpa_blacklist_del(wpa_s
, wpa_s
->bssid
);
294 os_free(wpa_s
->last_con_fail_realm
);
295 wpa_s
->last_con_fail_realm
= NULL
;
296 wpa_s
->last_con_fail_realm_len
= 0;
301 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
302 * @wpa_s: Pointer to wpa_supplicant data
304 * This function is used to configure EAPOL state machine based on the selected
305 * authentication mode.
307 void wpa_supplicant_initiate_eapol(struct wpa_supplicant
*wpa_s
)
309 #ifdef IEEE8021X_EAPOL
310 struct eapol_config eapol_conf
;
311 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
313 #ifdef CONFIG_IBSS_RSN
314 if (ssid
->mode
== WPAS_MODE_IBSS
&&
315 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_NONE
&&
316 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPA_NONE
) {
318 * RSN IBSS authentication is per-STA and we can disable the
319 * per-BSSID EAPOL authentication.
321 eapol_sm_notify_portControl(wpa_s
->eapol
, ForceAuthorized
);
322 eapol_sm_notify_eap_success(wpa_s
->eapol
, TRUE
);
323 eapol_sm_notify_eap_fail(wpa_s
->eapol
, FALSE
);
326 #endif /* CONFIG_IBSS_RSN */
328 eapol_sm_notify_eap_success(wpa_s
->eapol
, FALSE
);
329 eapol_sm_notify_eap_fail(wpa_s
->eapol
, FALSE
);
331 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
||
332 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
)
333 eapol_sm_notify_portControl(wpa_s
->eapol
, ForceAuthorized
);
335 eapol_sm_notify_portControl(wpa_s
->eapol
, Auto
);
337 os_memset(&eapol_conf
, 0, sizeof(eapol_conf
));
338 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
339 eapol_conf
.accept_802_1x_keys
= 1;
340 eapol_conf
.required_keys
= 0;
341 if (ssid
->eapol_flags
& EAPOL_FLAG_REQUIRE_KEY_UNICAST
) {
342 eapol_conf
.required_keys
|= EAPOL_REQUIRE_KEY_UNICAST
;
344 if (ssid
->eapol_flags
& EAPOL_FLAG_REQUIRE_KEY_BROADCAST
) {
345 eapol_conf
.required_keys
|=
346 EAPOL_REQUIRE_KEY_BROADCAST
;
349 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
)
350 eapol_conf
.required_keys
= 0;
352 eapol_conf
.fast_reauth
= wpa_s
->conf
->fast_reauth
;
353 eapol_conf
.workaround
= ssid
->eap_workaround
;
354 eapol_conf
.eap_disabled
=
355 !wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) &&
356 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X_NO_WPA
&&
357 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPS
;
358 eapol_conf
.external_sim
= wpa_s
->conf
->external_sim
;
361 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
362 eapol_conf
.wps
|= EAPOL_LOCAL_WPS_IN_USE
;
363 if (wpa_s
->current_bss
) {
365 ie
= wpa_bss_get_vendor_ie_multi(wpa_s
->current_bss
,
370 EAPOL_PEER_IS_WPS20_AP
;
375 #endif /* CONFIG_WPS */
377 eapol_sm_notify_config(wpa_s
->eapol
, &ssid
->eap
, &eapol_conf
);
380 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
&& ssid
->mka_psk_set
)
381 ieee802_1x_create_preshared_mka(wpa_s
, ssid
);
383 ieee802_1x_alloc_kay_sm(wpa_s
, ssid
);
384 #endif /* CONFIG_MACSEC */
385 #endif /* IEEE8021X_EAPOL */
390 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
391 * @wpa_s: Pointer to wpa_supplicant data
392 * @ssid: Configuration data for the network
394 * This function is used to configure WPA state machine and related parameters
395 * to a mode where WPA is not enabled. This is called as part of the
396 * authentication configuration when the selected network does not use WPA.
398 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant
*wpa_s
,
399 struct wpa_ssid
*ssid
)
403 #endif /* CONFIG_WEP */
405 if (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
)
406 wpa_s
->key_mgmt
= WPA_KEY_MGMT_WPS
;
407 else if (ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
)
408 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_NO_WPA
;
410 wpa_s
->key_mgmt
= WPA_KEY_MGMT_NONE
;
411 wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, NULL
, 0);
412 wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, NULL
, 0);
413 wpa_sm_set_ap_rsnxe(wpa_s
->wpa
, NULL
, 0);
414 wpa_sm_set_assoc_wpa_ie(wpa_s
->wpa
, NULL
, 0);
415 wpa_sm_set_assoc_rsnxe(wpa_s
->wpa
, NULL
, 0);
416 wpa_s
->rsnxe_len
= 0;
417 wpa_s
->pairwise_cipher
= WPA_CIPHER_NONE
;
418 wpa_s
->group_cipher
= WPA_CIPHER_NONE
;
419 wpa_s
->mgmt_group_cipher
= 0;
422 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
423 if (ssid
->wep_key_len
[i
] > 5) {
424 wpa_s
->pairwise_cipher
= WPA_CIPHER_WEP104
;
425 wpa_s
->group_cipher
= WPA_CIPHER_WEP104
;
427 } else if (ssid
->wep_key_len
[i
] > 0) {
428 wpa_s
->pairwise_cipher
= WPA_CIPHER_WEP40
;
429 wpa_s
->group_cipher
= WPA_CIPHER_WEP40
;
433 #endif /* CONFIG_WEP */
435 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_RSN_ENABLED
, 0);
436 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_KEY_MGMT
, wpa_s
->key_mgmt
);
437 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PAIRWISE
,
438 wpa_s
->pairwise_cipher
);
439 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_GROUP
, wpa_s
->group_cipher
);
440 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MGMT_GROUP
,
441 wpa_s
->mgmt_group_cipher
);
443 pmksa_cache_clear_current(wpa_s
->wpa
);
447 void free_hw_features(struct wpa_supplicant
*wpa_s
)
450 if (wpa_s
->hw
.modes
== NULL
)
453 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
454 os_free(wpa_s
->hw
.modes
[i
].channels
);
455 os_free(wpa_s
->hw
.modes
[i
].rates
);
458 os_free(wpa_s
->hw
.modes
);
459 wpa_s
->hw
.modes
= NULL
;
463 void free_bss_tmp_disallowed(struct wpa_supplicant
*wpa_s
)
465 struct wpa_bss_tmp_disallowed
*bss
, *prev
;
467 dl_list_for_each_safe(bss
, prev
, &wpa_s
->bss_tmp_disallowed
,
468 struct wpa_bss_tmp_disallowed
, list
) {
469 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout
, wpa_s
, bss
);
470 dl_list_del(&bss
->list
);
476 void wpas_flush_fils_hlp_req(struct wpa_supplicant
*wpa_s
)
478 struct fils_hlp_req
*req
;
480 while ((req
= dl_list_first(&wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
482 dl_list_del(&req
->list
);
483 wpabuf_free(req
->pkt
);
489 void wpas_clear_disabled_interface(void *eloop_ctx
, void *timeout_ctx
)
491 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
493 if (wpa_s
->wpa_state
!= WPA_INTERFACE_DISABLED
)
495 wpa_dbg(wpa_s
, MSG_DEBUG
, "Clear cached state on disabled interface");
496 wpa_bss_flush(wpa_s
);
500 #ifdef CONFIG_TESTING_OPTIONS
501 void wpas_clear_driver_signal_override(struct wpa_supplicant
*wpa_s
)
503 struct driver_signal_override
*dso
;
505 while ((dso
= dl_list_first(&wpa_s
->drv_signal_override
,
506 struct driver_signal_override
, list
))) {
507 dl_list_del(&dso
->list
);
511 #endif /* CONFIG_TESTING_OPTIONS */
514 static void wpa_supplicant_cleanup(struct wpa_supplicant
*wpa_s
)
518 bgscan_deinit(wpa_s
);
519 autoscan_deinit(wpa_s
);
520 scard_deinit(wpa_s
->scard
);
522 wpa_sm_set_scard_ctx(wpa_s
->wpa
, NULL
);
523 eapol_sm_register_scard_ctx(wpa_s
->eapol
, NULL
);
524 l2_packet_deinit(wpa_s
->l2
);
527 l2_packet_deinit(wpa_s
->l2_br
);
530 #ifdef CONFIG_TESTING_OPTIONS
531 l2_packet_deinit(wpa_s
->l2_test
);
532 wpa_s
->l2_test
= NULL
;
533 os_free(wpa_s
->get_pref_freq_list_override
);
534 wpa_s
->get_pref_freq_list_override
= NULL
;
535 wpabuf_free(wpa_s
->last_assoc_req_wpa_ie
);
536 wpa_s
->last_assoc_req_wpa_ie
= NULL
;
537 os_free(wpa_s
->extra_sae_rejected_groups
);
538 wpa_s
->extra_sae_rejected_groups
= NULL
;
539 wpabuf_free(wpa_s
->rsne_override_eapol
);
540 wpa_s
->rsne_override_eapol
= NULL
;
541 wpabuf_free(wpa_s
->rsnxe_override_assoc
);
542 wpa_s
->rsnxe_override_assoc
= NULL
;
543 wpabuf_free(wpa_s
->rsnxe_override_eapol
);
544 wpa_s
->rsnxe_override_eapol
= NULL
;
545 wpas_clear_driver_signal_override(wpa_s
);
546 #endif /* CONFIG_TESTING_OPTIONS */
548 if (wpa_s
->conf
!= NULL
) {
549 struct wpa_ssid
*ssid
;
550 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
551 wpas_notify_network_removed(wpa_s
, ssid
);
554 os_free(wpa_s
->confname
);
555 wpa_s
->confname
= NULL
;
557 os_free(wpa_s
->confanother
);
558 wpa_s
->confanother
= NULL
;
560 os_free(wpa_s
->last_con_fail_realm
);
561 wpa_s
->last_con_fail_realm
= NULL
;
562 wpa_s
->last_con_fail_realm_len
= 0;
564 wpa_sm_set_eapol(wpa_s
->wpa
, NULL
);
565 eapol_sm_deinit(wpa_s
->eapol
);
568 rsn_preauth_deinit(wpa_s
->wpa
);
571 wpa_tdls_deinit(wpa_s
->wpa
);
572 #endif /* CONFIG_TDLS */
574 wmm_ac_clear_saved_tspecs(wpa_s
);
575 pmksa_candidate_free(wpa_s
->wpa
);
576 wpa_sm_deinit(wpa_s
->wpa
);
578 wpa_blacklist_clear(wpa_s
);
580 wpa_bss_deinit(wpa_s
);
582 wpa_supplicant_cancel_delayed_sched_scan(wpa_s
);
583 wpa_supplicant_cancel_scan(wpa_s
);
584 wpa_supplicant_cancel_auth_timeout(wpa_s
);
585 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures
, wpa_s
, NULL
);
586 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
587 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report
,
589 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
591 eloop_cancel_timeout(wpas_network_reenabled
, wpa_s
, NULL
);
592 eloop_cancel_timeout(wpas_clear_disabled_interface
, wpa_s
, NULL
);
594 wpas_wps_deinit(wpa_s
);
596 wpabuf_free(wpa_s
->pending_eapol_rx
);
597 wpa_s
->pending_eapol_rx
= NULL
;
599 #ifdef CONFIG_IBSS_RSN
600 ibss_rsn_deinit(wpa_s
->ibss_rsn
);
601 wpa_s
->ibss_rsn
= NULL
;
602 #endif /* CONFIG_IBSS_RSN */
607 wpa_supplicant_ap_deinit(wpa_s
);
608 #endif /* CONFIG_AP */
610 wpas_p2p_deinit(wpa_s
);
612 #ifdef CONFIG_OFFCHANNEL
613 offchannel_deinit(wpa_s
);
614 #endif /* CONFIG_OFFCHANNEL */
616 wpa_supplicant_cancel_sched_scan(wpa_s
);
618 os_free(wpa_s
->next_scan_freqs
);
619 wpa_s
->next_scan_freqs
= NULL
;
621 os_free(wpa_s
->manual_scan_freqs
);
622 wpa_s
->manual_scan_freqs
= NULL
;
623 os_free(wpa_s
->select_network_scan_freqs
);
624 wpa_s
->select_network_scan_freqs
= NULL
;
626 os_free(wpa_s
->manual_sched_scan_freqs
);
627 wpa_s
->manual_sched_scan_freqs
= NULL
;
629 wpas_mac_addr_rand_scan_clear(wpa_s
, MAC_ADDR_RAND_ALL
);
632 * Need to remove any pending gas-query radio work before the
633 * gas_query_deinit() call because gas_query::work has not yet been set
634 * for works that have not been started. gas_query_free() will be unable
635 * to cancel such pending radio works and once the pending gas-query
636 * radio work eventually gets removed, the deinit notification call to
637 * gas_query_start_cb() would result in dereferencing freed memory.
640 radio_remove_works(wpa_s
, "gas-query", 0);
641 gas_query_deinit(wpa_s
->gas
);
643 gas_server_deinit(wpa_s
->gas_server
);
644 wpa_s
->gas_server
= NULL
;
646 free_hw_features(wpa_s
);
648 ieee802_1x_dealloc_kay_sm(wpa_s
);
650 os_free(wpa_s
->bssid_filter
);
651 wpa_s
->bssid_filter
= NULL
;
653 os_free(wpa_s
->disallow_aps_bssid
);
654 wpa_s
->disallow_aps_bssid
= NULL
;
655 os_free(wpa_s
->disallow_aps_ssid
);
656 wpa_s
->disallow_aps_ssid
= NULL
;
658 wnm_bss_keep_alive_deinit(wpa_s
);
660 wnm_deallocate_memory(wpa_s
);
661 #endif /* CONFIG_WNM */
663 ext_password_deinit(wpa_s
->ext_pw
);
664 wpa_s
->ext_pw
= NULL
;
666 wpabuf_free(wpa_s
->last_gas_resp
);
667 wpa_s
->last_gas_resp
= NULL
;
668 wpabuf_free(wpa_s
->prev_gas_resp
);
669 wpa_s
->prev_gas_resp
= NULL
;
671 os_free(wpa_s
->last_scan_res
);
672 wpa_s
->last_scan_res
= NULL
;
676 wpa_drv_configure_frame_filters(wpa_s
, 0);
678 #endif /* CONFIG_HS20 */
680 for (i
= 0; i
< NUM_VENDOR_ELEM_FRAMES
; i
++) {
681 wpabuf_free(wpa_s
->vendor_elem
[i
]);
682 wpa_s
->vendor_elem
[i
] = NULL
;
685 wmm_ac_notify_disassoc(wpa_s
);
687 wpa_s
->sched_scan_plans_num
= 0;
688 os_free(wpa_s
->sched_scan_plans
);
689 wpa_s
->sched_scan_plans
= NULL
;
692 wpa_s
->non_pref_chan_num
= 0;
693 os_free(wpa_s
->non_pref_chan
);
694 wpa_s
->non_pref_chan
= NULL
;
695 #endif /* CONFIG_MBO */
697 free_bss_tmp_disallowed(wpa_s
);
699 wpabuf_free(wpa_s
->lci
);
701 wpas_clear_beacon_rep_data(wpa_s
);
703 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
706 struct external_pmksa_cache
*entry
;
708 while ((entry
= dl_list_last(&wpa_s
->mesh_external_pmksa_cache
,
709 struct external_pmksa_cache
,
711 dl_list_del(&entry
->list
);
712 os_free(entry
->pmksa_cache
);
716 #endif /* CONFIG_MESH */
717 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
719 wpas_flush_fils_hlp_req(wpa_s
);
721 wpabuf_free(wpa_s
->ric_ies
);
722 wpa_s
->ric_ies
= NULL
;
725 wpas_dpp_deinit(wpa_s
);
726 dpp_global_deinit(wpa_s
->dpp
);
728 #endif /* CONFIG_DPP */
733 * wpa_clear_keys - Clear keys configured for the driver
734 * @wpa_s: Pointer to wpa_supplicant data
735 * @addr: Previously used BSSID or %NULL if not available
737 * This function clears the encryption keys that has been previously configured
740 void wpa_clear_keys(struct wpa_supplicant
*wpa_s
, const u8
*addr
)
744 /* MLME-DELETEKEYS.request */
745 for (i
= 0; i
< max
; i
++) {
746 if (wpa_s
->keys_cleared
& BIT(i
))
748 wpa_drv_set_key(wpa_s
, WPA_ALG_NONE
, NULL
, i
, 0, NULL
, 0,
749 NULL
, 0, KEY_FLAG_GROUP
);
751 /* Pairwise Key ID 1 for Extended Key ID is tracked in bit 15 */
752 if (~wpa_s
->keys_cleared
& (BIT(0) | BIT(15)) && addr
&&
753 !is_zero_ether_addr(addr
)) {
754 if (!(wpa_s
->keys_cleared
& BIT(0)))
755 wpa_drv_set_key(wpa_s
, WPA_ALG_NONE
, addr
, 0, 0, NULL
,
756 0, NULL
, 0, KEY_FLAG_PAIRWISE
);
757 if (!(wpa_s
->keys_cleared
& BIT(15)))
758 wpa_drv_set_key(wpa_s
, WPA_ALG_NONE
, addr
, 1, 0, NULL
,
759 0, NULL
, 0, KEY_FLAG_PAIRWISE
);
760 /* MLME-SETPROTECTION.request(None) */
761 wpa_drv_mlme_setprotection(
763 MLME_SETPROTECTION_PROTECT_TYPE_NONE
,
764 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE
);
766 wpa_s
->keys_cleared
= (u32
) -1;
771 * wpa_supplicant_state_txt - Get the connection state name as a text string
772 * @state: State (wpa_state; WPA_*)
773 * Returns: The state name as a printable text string
775 const char * wpa_supplicant_state_txt(enum wpa_states state
)
778 case WPA_DISCONNECTED
:
779 return "DISCONNECTED";
782 case WPA_INTERFACE_DISABLED
:
783 return "INTERFACE_DISABLED";
786 case WPA_AUTHENTICATING
:
787 return "AUTHENTICATING";
788 case WPA_ASSOCIATING
:
789 return "ASSOCIATING";
792 case WPA_4WAY_HANDSHAKE
:
793 return "4WAY_HANDSHAKE";
794 case WPA_GROUP_HANDSHAKE
:
795 return "GROUP_HANDSHAKE";
806 static void wpa_supplicant_start_bgscan(struct wpa_supplicant
*wpa_s
)
810 if (wpa_s
->current_ssid
&& wpa_s
->current_ssid
->bgscan
)
811 name
= wpa_s
->current_ssid
->bgscan
;
813 name
= wpa_s
->conf
->bgscan
;
814 if (name
== NULL
|| name
[0] == '\0')
816 if (wpas_driver_bss_selection(wpa_s
))
818 if (wpa_s
->current_ssid
== wpa_s
->bgscan_ssid
)
821 if (wpa_s
->p2p_group_interface
!= NOT_P2P_GROUP_INTERFACE
)
823 #endif /* CONFIG_P2P */
825 bgscan_deinit(wpa_s
);
826 if (wpa_s
->current_ssid
) {
827 if (bgscan_init(wpa_s
, wpa_s
->current_ssid
, name
)) {
828 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize "
831 * Live without bgscan; it is only used as a roaming
832 * optimization, so the initial connection is not
836 struct wpa_scan_results
*scan_res
;
837 wpa_s
->bgscan_ssid
= wpa_s
->current_ssid
;
838 scan_res
= wpa_supplicant_get_scan_results(wpa_s
, NULL
,
841 bgscan_notify_scan(wpa_s
, scan_res
);
842 wpa_scan_results_free(scan_res
);
846 wpa_s
->bgscan_ssid
= NULL
;
850 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant
*wpa_s
)
852 if (wpa_s
->bgscan_ssid
!= NULL
) {
853 bgscan_deinit(wpa_s
);
854 wpa_s
->bgscan_ssid
= NULL
;
858 #endif /* CONFIG_BGSCAN */
861 static void wpa_supplicant_start_autoscan(struct wpa_supplicant
*wpa_s
)
863 if (autoscan_init(wpa_s
, 0))
864 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize autoscan");
868 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant
*wpa_s
)
870 autoscan_deinit(wpa_s
);
874 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant
*wpa_s
)
876 if (wpa_s
->wpa_state
== WPA_DISCONNECTED
||
877 wpa_s
->wpa_state
== WPA_SCANNING
) {
878 autoscan_deinit(wpa_s
);
879 wpa_supplicant_start_autoscan(wpa_s
);
885 * wpa_supplicant_set_state - Set current connection state
886 * @wpa_s: Pointer to wpa_supplicant data
887 * @state: The new connection state
889 * This function is called whenever the connection state changes, e.g.,
890 * association is completed for WPA/WPA2 4-Way Handshake is started.
892 void wpa_supplicant_set_state(struct wpa_supplicant
*wpa_s
,
893 enum wpa_states state
)
895 enum wpa_states old_state
= wpa_s
->wpa_state
;
896 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
897 Boolean update_fils_connect_params
= FALSE
;
898 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
900 wpa_dbg(wpa_s
, MSG_DEBUG
, "State: %s -> %s",
901 wpa_supplicant_state_txt(wpa_s
->wpa_state
),
902 wpa_supplicant_state_txt(state
));
904 if (state
== WPA_COMPLETED
&&
905 os_reltime_initialized(&wpa_s
->roam_start
)) {
906 os_reltime_age(&wpa_s
->roam_start
, &wpa_s
->roam_time
);
907 wpa_s
->roam_start
.sec
= 0;
908 wpa_s
->roam_start
.usec
= 0;
909 wpas_notify_auth_changed(wpa_s
);
910 wpas_notify_roam_time(wpa_s
);
911 wpas_notify_roam_complete(wpa_s
);
912 } else if (state
== WPA_DISCONNECTED
&&
913 os_reltime_initialized(&wpa_s
->roam_start
)) {
914 wpa_s
->roam_start
.sec
= 0;
915 wpa_s
->roam_start
.usec
= 0;
916 wpa_s
->roam_time
.sec
= 0;
917 wpa_s
->roam_time
.usec
= 0;
918 wpas_notify_roam_complete(wpa_s
);
921 if (state
== WPA_INTERFACE_DISABLED
) {
922 /* Assure normal scan when interface is restored */
923 wpa_s
->normal_scans
= 0;
926 if (state
== WPA_COMPLETED
) {
927 wpas_connect_work_done(wpa_s
);
928 /* Reinitialize normal_scan counter */
929 wpa_s
->normal_scans
= 0;
934 * P2PS client has to reply to Probe Request frames received on the
935 * group operating channel. Enable Probe Request frame reporting for
936 * P2P connected client in case p2p_cli_probe configuration property is
939 if (wpa_s
->conf
->p2p_cli_probe
&& wpa_s
->current_ssid
&&
940 wpa_s
->current_ssid
->mode
== WPAS_MODE_INFRA
&&
941 wpa_s
->current_ssid
->p2p_group
) {
942 if (state
== WPA_COMPLETED
&& !wpa_s
->p2p_cli_probe
) {
943 wpa_dbg(wpa_s
, MSG_DEBUG
,
944 "P2P: Enable CLI Probe Request RX reporting");
945 wpa_s
->p2p_cli_probe
=
946 wpa_drv_probe_req_report(wpa_s
, 1) >= 0;
947 } else if (state
!= WPA_COMPLETED
&& wpa_s
->p2p_cli_probe
) {
948 wpa_dbg(wpa_s
, MSG_DEBUG
,
949 "P2P: Disable CLI Probe Request RX reporting");
950 wpa_s
->p2p_cli_probe
= 0;
951 wpa_drv_probe_req_report(wpa_s
, 0);
954 #endif /* CONFIG_P2P */
956 if (state
!= WPA_SCANNING
)
957 wpa_supplicant_notify_scanning(wpa_s
, 0);
959 if (state
== WPA_COMPLETED
&& wpa_s
->new_connection
) {
960 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
961 int fils_hlp_sent
= 0;
964 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
965 wpa_auth_alg_fils(wpa_s
->sme
.auth_alg
))
967 #endif /* CONFIG_SME */
968 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
969 wpa_auth_alg_fils(wpa_s
->auth_alg
))
972 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
973 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_CONNECTED
"- Connection to "
974 MACSTR
" completed [id=%d id_str=%s%s]",
975 MAC2STR(wpa_s
->bssid
),
976 ssid
? ssid
->id
: -1,
977 ssid
&& ssid
->id_str
? ssid
->id_str
: "",
978 fils_hlp_sent
? " FILS_HLP_SENT" : "");
979 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
980 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
981 wpa_blacklist_clear(wpa_s
);
982 wpa_s
->extra_blacklist_count
= 0;
983 wpa_s
->new_connection
= 0;
984 wpa_drv_set_operstate(wpa_s
, 1);
985 #ifndef IEEE8021X_EAPOL
986 wpa_drv_set_supp_port(wpa_s
, 1);
987 #endif /* IEEE8021X_EAPOL */
988 wpa_s
->after_wps
= 0;
989 wpa_s
->known_wps_freq
= 0;
990 wpas_p2p_completed(wpa_s
);
992 sme_sched_obss_scan(wpa_s
, 1);
994 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
995 if (!fils_hlp_sent
&& ssid
&& ssid
->eap
.erp
)
996 update_fils_connect_params
= TRUE
;
997 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
999 if (ssid
&& (ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
))
1000 wpas_update_owe_connect_params(wpa_s
);
1001 #endif /* CONFIG_OWE */
1002 } else if (state
== WPA_DISCONNECTED
|| state
== WPA_ASSOCIATING
||
1003 state
== WPA_ASSOCIATED
) {
1004 wpa_s
->new_connection
= 1;
1005 wpa_drv_set_operstate(wpa_s
, 0);
1006 #ifndef IEEE8021X_EAPOL
1007 wpa_drv_set_supp_port(wpa_s
, 0);
1008 #endif /* IEEE8021X_EAPOL */
1009 sme_sched_obss_scan(wpa_s
, 0);
1011 wpa_s
->wpa_state
= state
;
1013 #ifdef CONFIG_BGSCAN
1014 if (state
== WPA_COMPLETED
)
1015 wpa_supplicant_start_bgscan(wpa_s
);
1016 else if (state
< WPA_ASSOCIATED
)
1017 wpa_supplicant_stop_bgscan(wpa_s
);
1018 #endif /* CONFIG_BGSCAN */
1020 if (state
> WPA_SCANNING
)
1021 wpa_supplicant_stop_autoscan(wpa_s
);
1023 if (state
== WPA_DISCONNECTED
|| state
== WPA_INACTIVE
)
1024 wpa_supplicant_start_autoscan(wpa_s
);
1026 if (old_state
>= WPA_ASSOCIATED
&& wpa_s
->wpa_state
< WPA_ASSOCIATED
)
1027 wmm_ac_notify_disassoc(wpa_s
);
1029 if (wpa_s
->wpa_state
!= old_state
) {
1030 wpas_notify_state_changed(wpa_s
, wpa_s
->wpa_state
, old_state
);
1033 * Notify the P2P Device interface about a state change in one
1034 * of the interfaces.
1036 wpas_p2p_indicate_state_change(wpa_s
);
1038 if (wpa_s
->wpa_state
== WPA_COMPLETED
||
1039 old_state
== WPA_COMPLETED
)
1040 wpas_notify_auth_changed(wpa_s
);
1042 if (wpa_s
->wpa_state
== WPA_COMPLETED
)
1043 wpas_dpp_connected(wpa_s
);
1044 #endif /* CONFIG_DPP2 */
1046 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
1047 if (update_fils_connect_params
)
1048 wpas_update_fils_connect_params(wpa_s
);
1049 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
1053 void wpa_supplicant_terminate_proc(struct wpa_global
*global
)
1057 struct wpa_supplicant
*wpa_s
= global
->ifaces
;
1059 struct wpa_supplicant
*next
= wpa_s
->next
;
1060 if (wpas_wps_terminate_pending(wpa_s
) == 1)
1063 if (wpa_s
->p2p_group_interface
!= NOT_P2P_GROUP_INTERFACE
||
1064 (wpa_s
->current_ssid
&& wpa_s
->current_ssid
->p2p_group
))
1065 wpas_p2p_disconnect(wpa_s
);
1066 #endif /* CONFIG_P2P */
1069 #endif /* CONFIG_WPS */
1076 static void wpa_supplicant_terminate(int sig
, void *signal_ctx
)
1078 struct wpa_global
*global
= signal_ctx
;
1079 wpa_supplicant_terminate_proc(global
);
1083 void wpa_supplicant_clear_status(struct wpa_supplicant
*wpa_s
)
1085 enum wpa_states old_state
= wpa_s
->wpa_state
;
1087 wpa_s
->pairwise_cipher
= 0;
1088 wpa_s
->group_cipher
= 0;
1089 wpa_s
->mgmt_group_cipher
= 0;
1090 wpa_s
->key_mgmt
= 0;
1091 if (wpa_s
->wpa_state
!= WPA_INTERFACE_DISABLED
)
1092 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
1094 if (wpa_s
->wpa_state
!= old_state
)
1095 wpas_notify_state_changed(wpa_s
, wpa_s
->wpa_state
, old_state
);
1100 * wpa_supplicant_reload_configuration - Reload configuration data
1101 * @wpa_s: Pointer to wpa_supplicant data
1102 * Returns: 0 on success or -1 if configuration parsing failed
1104 * This function can be used to request that the configuration data is reloaded
1105 * (e.g., after configuration file change). This function is reloading
1106 * configuration only for one interface, so this may need to be called multiple
1107 * times if %wpa_supplicant is controlling multiple interfaces and all
1108 * interfaces need reconfiguration.
1110 int wpa_supplicant_reload_configuration(struct wpa_supplicant
*wpa_s
)
1112 struct wpa_config
*conf
;
1116 if (wpa_s
->confname
== NULL
)
1118 conf
= wpa_config_read(wpa_s
->confname
, NULL
);
1120 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to parse the configuration "
1121 "file '%s' - exiting", wpa_s
->confname
);
1124 if (wpa_s
->confanother
&&
1125 !wpa_config_read(wpa_s
->confanother
, conf
)) {
1126 wpa_msg(wpa_s
, MSG_ERROR
,
1127 "Failed to parse the configuration file '%s' - exiting",
1128 wpa_s
->confanother
);
1132 conf
->changed_parameters
= (unsigned int) -1;
1134 reconf_ctrl
= !!conf
->ctrl_interface
!= !!wpa_s
->conf
->ctrl_interface
1135 || (conf
->ctrl_interface
&& wpa_s
->conf
->ctrl_interface
&&
1136 os_strcmp(conf
->ctrl_interface
,
1137 wpa_s
->conf
->ctrl_interface
) != 0);
1139 if (reconf_ctrl
&& wpa_s
->ctrl_iface
) {
1140 wpa_supplicant_ctrl_iface_deinit(wpa_s
->ctrl_iface
);
1141 wpa_s
->ctrl_iface
= NULL
;
1144 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
1145 if (wpa_s
->current_ssid
) {
1146 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
1147 wpa_s
->own_disconnect_req
= 1;
1148 wpa_supplicant_deauthenticate(wpa_s
,
1149 WLAN_REASON_DEAUTH_LEAVING
);
1153 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1154 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1156 if (wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
1157 wpa_s
->key_mgmt
== WPA_KEY_MGMT_OWE
||
1158 wpa_s
->key_mgmt
== WPA_KEY_MGMT_DPP
) {
1160 * Clear forced success to clear EAP state for next
1163 eapol_sm_notify_eap_success(wpa_s
->eapol
, FALSE
);
1165 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
1166 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
1167 wpa_sm_pmksa_cache_flush(wpa_s
->wpa
, NULL
);
1168 wpa_sm_set_fast_reauth(wpa_s
->wpa
, wpa_s
->conf
->fast_reauth
);
1169 rsn_preauth_deinit(wpa_s
->wpa
);
1171 old_ap_scan
= wpa_s
->conf
->ap_scan
;
1172 wpa_config_free(wpa_s
->conf
);
1174 if (old_ap_scan
!= wpa_s
->conf
->ap_scan
)
1175 wpas_notify_ap_scan_changed(wpa_s
);
1178 wpa_s
->ctrl_iface
= wpa_supplicant_ctrl_iface_init(wpa_s
);
1180 wpa_supplicant_update_config(wpa_s
);
1182 wpa_supplicant_clear_status(wpa_s
);
1183 if (wpa_supplicant_enabled_networks(wpa_s
)) {
1184 wpa_s
->reassociate
= 1;
1185 wpa_supplicant_req_scan(wpa_s
, 0, 0);
1187 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reconfiguration completed");
1192 static void wpa_supplicant_reconfig(int sig
, void *signal_ctx
)
1194 struct wpa_global
*global
= signal_ctx
;
1195 struct wpa_supplicant
*wpa_s
;
1196 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
1197 wpa_dbg(wpa_s
, MSG_DEBUG
, "Signal %d received - reconfiguring",
1199 if (wpa_supplicant_reload_configuration(wpa_s
) < 0) {
1200 wpa_supplicant_terminate_proc(global
);
1204 if (wpa_debug_reopen_file() < 0) {
1205 /* Ignore errors since we cannot really do much to fix this */
1206 wpa_printf(MSG_DEBUG
, "Could not reopen debug log file");
1211 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant
*wpa_s
,
1212 struct wpa_ssid
*ssid
,
1213 struct wpa_ie_data
*ie
)
1215 int ret
= wpa_sm_parse_own_wpa_ie(wpa_s
->wpa
, ie
);
1218 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Failed to parse WPA IE "
1219 "from association info");
1224 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Using WPA IE from AssocReq to set "
1226 if (!(ie
->group_cipher
& ssid
->group_cipher
)) {
1227 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled group "
1228 "cipher 0x%x (mask 0x%x) - reject",
1229 ie
->group_cipher
, ssid
->group_cipher
);
1232 if (!(ie
->pairwise_cipher
& ssid
->pairwise_cipher
)) {
1233 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled pairwise "
1234 "cipher 0x%x (mask 0x%x) - reject",
1235 ie
->pairwise_cipher
, ssid
->pairwise_cipher
);
1238 if (!(ie
->key_mgmt
& ssid
->key_mgmt
)) {
1239 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver used disabled key "
1240 "management 0x%x (mask 0x%x) - reject",
1241 ie
->key_mgmt
, ssid
->key_mgmt
);
1245 if (!(ie
->capabilities
& WPA_CAPABILITY_MFPC
) &&
1246 wpas_get_ssid_pmf(wpa_s
, ssid
) == MGMT_FRAME_PROTECTION_REQUIRED
) {
1247 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Driver associated with an AP "
1248 "that does not support management frame protection - "
1257 static int matching_ciphers(struct wpa_ssid
*ssid
, struct wpa_ie_data
*ie
,
1261 ie
->group_cipher
= wpa_default_rsn_cipher(freq
);
1262 if (!ie
->has_pairwise
)
1263 ie
->pairwise_cipher
= wpa_default_rsn_cipher(freq
);
1264 return (ie
->group_cipher
& ssid
->group_cipher
) &&
1265 (ie
->pairwise_cipher
& ssid
->pairwise_cipher
);
1270 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1271 * @wpa_s: Pointer to wpa_supplicant data
1272 * @bss: Scan results for the selected BSS, or %NULL if not available
1273 * @ssid: Configuration data for the selected network
1274 * @wpa_ie: Buffer for the WPA/RSN IE
1275 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1276 * used buffer length in case the functions returns success.
1277 * Returns: 0 on success or -1 on failure
1279 * This function is used to configure authentication and encryption parameters
1280 * based on the network configuration and scan result for the selected BSS (if
1283 int wpa_supplicant_set_suites(struct wpa_supplicant
*wpa_s
,
1284 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
,
1285 u8
*wpa_ie
, size_t *wpa_ie_len
)
1287 struct wpa_ie_data ie
;
1288 int sel
, proto
, sae_pwe
;
1289 const u8
*bss_wpa
, *bss_rsn
, *bss_rsnx
, *bss_osen
;
1292 bss_wpa
= wpa_bss_get_vendor_ie(bss
, WPA_IE_VENDOR_TYPE
);
1293 bss_rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
1294 bss_rsnx
= wpa_bss_get_ie(bss
, WLAN_EID_RSNX
);
1295 bss_osen
= wpa_bss_get_vendor_ie(bss
, OSEN_IE_VENDOR_TYPE
);
1297 bss_wpa
= bss_rsn
= bss_rsnx
= bss_osen
= NULL
;
1300 if (bss_rsn
&& (ssid
->proto
& WPA_PROTO_RSN
) &&
1301 wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
) == 0 &&
1302 matching_ciphers(ssid
, &ie
, bss
->freq
) &&
1303 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1304 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using IEEE 802.11i/D9.0");
1305 proto
= WPA_PROTO_RSN
;
1306 } else if (bss_wpa
&& (ssid
->proto
& WPA_PROTO_WPA
) &&
1307 wpa_parse_wpa_ie(bss_wpa
, 2 + bss_wpa
[1], &ie
) == 0 &&
1308 (ie
.group_cipher
& ssid
->group_cipher
) &&
1309 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1310 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1311 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using IEEE 802.11i/D3.0");
1312 proto
= WPA_PROTO_WPA
;
1314 } else if (bss_osen
&& (ssid
->proto
& WPA_PROTO_OSEN
) &&
1315 wpa_parse_wpa_ie(bss_osen
, 2 + bss_osen
[1], &ie
) == 0 &&
1316 (ie
.group_cipher
& ssid
->group_cipher
) &&
1317 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1318 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1319 wpa_dbg(wpa_s
, MSG_DEBUG
, "HS 2.0: using OSEN");
1320 proto
= WPA_PROTO_OSEN
;
1321 } else if (bss_rsn
&& (ssid
->proto
& WPA_PROTO_OSEN
) &&
1322 wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
) == 0 &&
1323 (ie
.group_cipher
& ssid
->group_cipher
) &&
1324 (ie
.pairwise_cipher
& ssid
->pairwise_cipher
) &&
1325 (ie
.key_mgmt
& ssid
->key_mgmt
)) {
1326 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using OSEN (within RSN)");
1327 proto
= WPA_PROTO_RSN
;
1328 #endif /* CONFIG_HS20 */
1330 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select WPA/RSN");
1331 wpa_dbg(wpa_s
, MSG_DEBUG
,
1332 "WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1333 ssid
->proto
, ssid
->pairwise_cipher
, ssid
->group_cipher
,
1335 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: BSS " MACSTR
" ssid='%s'%s%s%s",
1336 MAC2STR(bss
->bssid
),
1337 wpa_ssid_txt(bss
->ssid
, bss
->ssid_len
),
1338 bss_wpa
? " WPA" : "",
1339 bss_rsn
? " RSN" : "",
1340 bss_osen
? " OSEN" : "");
1342 wpa_hexdump(MSG_DEBUG
, "RSN", bss_rsn
, 2 + bss_rsn
[1]);
1343 if (wpa_parse_wpa_ie(bss_rsn
, 2 + bss_rsn
[1], &ie
)) {
1344 wpa_dbg(wpa_s
, MSG_DEBUG
,
1345 "Could not parse RSN element");
1347 wpa_dbg(wpa_s
, MSG_DEBUG
,
1348 "RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1349 ie
.pairwise_cipher
, ie
.group_cipher
,
1354 wpa_hexdump(MSG_DEBUG
, "WPA", bss_wpa
, 2 + bss_wpa
[1]);
1355 if (wpa_parse_wpa_ie(bss_wpa
, 2 + bss_wpa
[1], &ie
)) {
1356 wpa_dbg(wpa_s
, MSG_DEBUG
,
1357 "Could not parse WPA element");
1359 wpa_dbg(wpa_s
, MSG_DEBUG
,
1360 "WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1361 ie
.pairwise_cipher
, ie
.group_cipher
,
1367 if (ssid
->proto
& WPA_PROTO_OSEN
)
1368 proto
= WPA_PROTO_OSEN
;
1369 else if (ssid
->proto
& WPA_PROTO_RSN
)
1370 proto
= WPA_PROTO_RSN
;
1372 proto
= WPA_PROTO_WPA
;
1373 if (wpa_supplicant_suites_from_ai(wpa_s
, ssid
, &ie
) < 0) {
1374 os_memset(&ie
, 0, sizeof(ie
));
1375 ie
.group_cipher
= ssid
->group_cipher
;
1376 ie
.pairwise_cipher
= ssid
->pairwise_cipher
;
1377 ie
.key_mgmt
= ssid
->key_mgmt
;
1378 ie
.mgmt_group_cipher
= 0;
1379 if (ssid
->ieee80211w
!= NO_MGMT_FRAME_PROTECTION
) {
1380 if (ssid
->group_mgmt_cipher
&
1381 WPA_CIPHER_BIP_GMAC_256
)
1382 ie
.mgmt_group_cipher
=
1383 WPA_CIPHER_BIP_GMAC_256
;
1384 else if (ssid
->group_mgmt_cipher
&
1385 WPA_CIPHER_BIP_CMAC_256
)
1386 ie
.mgmt_group_cipher
=
1387 WPA_CIPHER_BIP_CMAC_256
;
1388 else if (ssid
->group_mgmt_cipher
&
1389 WPA_CIPHER_BIP_GMAC_128
)
1390 ie
.mgmt_group_cipher
=
1391 WPA_CIPHER_BIP_GMAC_128
;
1393 ie
.mgmt_group_cipher
=
1394 WPA_CIPHER_AES_128_CMAC
;
1397 if ((ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
) &&
1399 !bss_wpa
&& !bss_rsn
&& !bss_osen
) {
1400 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
1401 wpa_s
->wpa_proto
= 0;
1405 #endif /* CONFIG_OWE */
1406 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Set cipher suites "
1407 "based on configuration");
1412 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected cipher suites: group %d "
1413 "pairwise %d key_mgmt %d proto %d",
1414 ie
.group_cipher
, ie
.pairwise_cipher
, ie
.key_mgmt
, proto
);
1415 if (ssid
->ieee80211w
) {
1416 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected mgmt group cipher %d",
1417 ie
.mgmt_group_cipher
);
1420 wpa_s
->wpa_proto
= proto
;
1421 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PROTO
, proto
);
1422 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_RSN_ENABLED
,
1423 !!(ssid
->proto
& (WPA_PROTO_RSN
| WPA_PROTO_OSEN
)));
1425 if (bss
|| !wpa_s
->ap_ies_from_associnfo
) {
1426 if (wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, bss_wpa
,
1427 bss_wpa
? 2 + bss_wpa
[1] : 0) ||
1428 wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, bss_rsn
,
1429 bss_rsn
? 2 + bss_rsn
[1] : 0) ||
1430 wpa_sm_set_ap_rsnxe(wpa_s
->wpa
, bss_rsnx
,
1431 bss_rsnx
? 2 + bss_rsnx
[1] : 0))
1435 #ifdef CONFIG_NO_WPA
1436 wpa_s
->group_cipher
= WPA_CIPHER_NONE
;
1437 wpa_s
->pairwise_cipher
= WPA_CIPHER_NONE
;
1438 #else /* CONFIG_NO_WPA */
1439 sel
= ie
.group_cipher
& ssid
->group_cipher
;
1440 wpa_dbg(wpa_s
, MSG_DEBUG
,
1441 "WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
1442 ie
.group_cipher
, ssid
->group_cipher
, sel
);
1443 wpa_s
->group_cipher
= wpa_pick_group_cipher(sel
);
1444 if (wpa_s
->group_cipher
< 0) {
1445 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select group "
1449 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using GTK %s",
1450 wpa_cipher_txt(wpa_s
->group_cipher
));
1452 sel
= ie
.pairwise_cipher
& ssid
->pairwise_cipher
;
1453 wpa_dbg(wpa_s
, MSG_DEBUG
,
1454 "WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
1455 ie
.pairwise_cipher
, ssid
->pairwise_cipher
, sel
);
1456 wpa_s
->pairwise_cipher
= wpa_pick_pairwise_cipher(sel
, 1);
1457 if (wpa_s
->pairwise_cipher
< 0) {
1458 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select pairwise "
1462 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using PTK %s",
1463 wpa_cipher_txt(wpa_s
->pairwise_cipher
));
1464 #endif /* CONFIG_NO_WPA */
1466 sel
= ie
.key_mgmt
& ssid
->key_mgmt
;
1468 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SAE
))
1469 sel
&= ~(WPA_KEY_MGMT_SAE
| WPA_KEY_MGMT_FT_SAE
);
1470 #endif /* CONFIG_SAE */
1471 #ifdef CONFIG_IEEE80211R
1472 if (!(wpa_s
->drv_flags
& (WPA_DRIVER_FLAGS_SME
|
1473 WPA_DRIVER_FLAGS_UPDATE_FT_IES
)))
1474 sel
&= ~WPA_KEY_MGMT_FT
;
1475 #endif /* CONFIG_IEEE80211R */
1476 wpa_dbg(wpa_s
, MSG_DEBUG
,
1477 "WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
1478 ie
.key_mgmt
, ssid
->key_mgmt
, sel
);
1480 #ifdef CONFIG_IEEE80211R
1481 #ifdef CONFIG_SHA384
1482 } else if ((sel
& WPA_KEY_MGMT_FT_IEEE8021X_SHA384
) &&
1483 os_strcmp(wpa_supplicant_get_eap_mode(wpa_s
), "LEAP") != 0) {
1484 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_IEEE8021X_SHA384
;
1485 wpa_dbg(wpa_s
, MSG_DEBUG
,
1486 "WPA: using KEY_MGMT FT/802.1X-SHA384");
1487 if (!ssid
->ft_eap_pmksa_caching
&&
1488 pmksa_cache_get_current(wpa_s
->wpa
)) {
1489 /* PMKSA caching with FT may have interoperability
1490 * issues, so disable that case by default for now. */
1491 wpa_dbg(wpa_s
, MSG_DEBUG
,
1492 "WPA: Disable PMKSA caching for FT/802.1X connection");
1493 pmksa_cache_clear_current(wpa_s
->wpa
);
1495 #endif /* CONFIG_SHA384 */
1496 #endif /* CONFIG_IEEE80211R */
1497 #ifdef CONFIG_SUITEB192
1498 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
) {
1499 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
;
1500 wpa_dbg(wpa_s
, MSG_DEBUG
,
1501 "WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1502 #endif /* CONFIG_SUITEB192 */
1503 #ifdef CONFIG_SUITEB
1504 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SUITE_B
) {
1505 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SUITE_B
;
1506 wpa_dbg(wpa_s
, MSG_DEBUG
,
1507 "WPA: using KEY_MGMT 802.1X with Suite B");
1508 #endif /* CONFIG_SUITEB */
1510 #ifdef CONFIG_IEEE80211R
1511 } else if (sel
& WPA_KEY_MGMT_FT_FILS_SHA384
) {
1512 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_FILS_SHA384
;
1513 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT-FILS-SHA384");
1514 } else if (sel
& WPA_KEY_MGMT_FT_FILS_SHA256
) {
1515 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_FILS_SHA256
;
1516 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT-FILS-SHA256");
1517 #endif /* CONFIG_IEEE80211R */
1518 } else if (sel
& WPA_KEY_MGMT_FILS_SHA384
) {
1519 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FILS_SHA384
;
1520 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FILS-SHA384");
1521 } else if (sel
& WPA_KEY_MGMT_FILS_SHA256
) {
1522 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FILS_SHA256
;
1523 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FILS-SHA256");
1524 #endif /* CONFIG_FILS */
1525 #ifdef CONFIG_IEEE80211R
1526 } else if ((sel
& WPA_KEY_MGMT_FT_IEEE8021X
) &&
1527 os_strcmp(wpa_supplicant_get_eap_mode(wpa_s
), "LEAP") != 0) {
1528 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_IEEE8021X
;
1529 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT/802.1X");
1530 if (!ssid
->ft_eap_pmksa_caching
&&
1531 pmksa_cache_get_current(wpa_s
->wpa
)) {
1532 /* PMKSA caching with FT may have interoperability
1533 * issues, so disable that case by default for now. */
1534 wpa_dbg(wpa_s
, MSG_DEBUG
,
1535 "WPA: Disable PMKSA caching for FT/802.1X connection");
1536 pmksa_cache_clear_current(wpa_s
->wpa
);
1538 #endif /* CONFIG_IEEE80211R */
1540 } else if (sel
& WPA_KEY_MGMT_DPP
) {
1541 wpa_s
->key_mgmt
= WPA_KEY_MGMT_DPP
;
1542 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT DPP");
1543 #endif /* CONFIG_DPP */
1545 } else if (sel
& WPA_KEY_MGMT_FT_SAE
) {
1546 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_SAE
;
1547 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT FT/SAE");
1548 } else if (sel
& WPA_KEY_MGMT_SAE
) {
1549 wpa_s
->key_mgmt
= WPA_KEY_MGMT_SAE
;
1550 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT SAE");
1551 #endif /* CONFIG_SAE */
1552 #ifdef CONFIG_IEEE80211R
1553 } else if (sel
& WPA_KEY_MGMT_FT_PSK
) {
1554 wpa_s
->key_mgmt
= WPA_KEY_MGMT_FT_PSK
;
1555 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT FT/PSK");
1556 #endif /* CONFIG_IEEE80211R */
1557 } else if (sel
& WPA_KEY_MGMT_IEEE8021X_SHA256
) {
1558 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X_SHA256
;
1559 wpa_dbg(wpa_s
, MSG_DEBUG
,
1560 "WPA: using KEY_MGMT 802.1X with SHA256");
1561 } else if (sel
& WPA_KEY_MGMT_PSK_SHA256
) {
1562 wpa_s
->key_mgmt
= WPA_KEY_MGMT_PSK_SHA256
;
1563 wpa_dbg(wpa_s
, MSG_DEBUG
,
1564 "WPA: using KEY_MGMT PSK with SHA256");
1565 } else if (sel
& WPA_KEY_MGMT_IEEE8021X
) {
1566 wpa_s
->key_mgmt
= WPA_KEY_MGMT_IEEE8021X
;
1567 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT 802.1X");
1568 } else if (sel
& WPA_KEY_MGMT_PSK
) {
1569 wpa_s
->key_mgmt
= WPA_KEY_MGMT_PSK
;
1570 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT WPA-PSK");
1571 } else if (sel
& WPA_KEY_MGMT_WPA_NONE
) {
1572 wpa_s
->key_mgmt
= WPA_KEY_MGMT_WPA_NONE
;
1573 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using KEY_MGMT WPA-NONE");
1575 } else if (sel
& WPA_KEY_MGMT_OSEN
) {
1576 wpa_s
->key_mgmt
= WPA_KEY_MGMT_OSEN
;
1577 wpa_dbg(wpa_s
, MSG_DEBUG
, "HS 2.0: using KEY_MGMT OSEN");
1578 #endif /* CONFIG_HS20 */
1580 } else if (sel
& WPA_KEY_MGMT_OWE
) {
1581 wpa_s
->key_mgmt
= WPA_KEY_MGMT_OWE
;
1582 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: using KEY_MGMT OWE");
1583 #endif /* CONFIG_OWE */
1585 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to select "
1586 "authenticated key management type");
1590 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_KEY_MGMT
, wpa_s
->key_mgmt
);
1591 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_PAIRWISE
,
1592 wpa_s
->pairwise_cipher
);
1593 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_GROUP
, wpa_s
->group_cipher
);
1595 if (!(ie
.capabilities
& WPA_CAPABILITY_MFPC
) &&
1596 wpas_get_ssid_pmf(wpa_s
, ssid
) == MGMT_FRAME_PROTECTION_REQUIRED
) {
1597 wpa_msg(wpa_s
, MSG_INFO
,
1598 "RSN: Management frame protection required but the selected AP does not enable it");
1602 sel
= ie
.mgmt_group_cipher
;
1603 if (ssid
->group_mgmt_cipher
)
1604 sel
&= ssid
->group_mgmt_cipher
;
1605 if (wpas_get_ssid_pmf(wpa_s
, ssid
) == NO_MGMT_FRAME_PROTECTION
||
1606 !(ie
.capabilities
& WPA_CAPABILITY_MFPC
))
1608 wpa_dbg(wpa_s
, MSG_DEBUG
,
1609 "WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
1610 ie
.mgmt_group_cipher
, ssid
->group_mgmt_cipher
, sel
);
1611 if (sel
& WPA_CIPHER_AES_128_CMAC
) {
1612 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_AES_128_CMAC
;
1613 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1615 } else if (sel
& WPA_CIPHER_BIP_GMAC_128
) {
1616 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_GMAC_128
;
1617 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1619 } else if (sel
& WPA_CIPHER_BIP_GMAC_256
) {
1620 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_GMAC_256
;
1621 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1623 } else if (sel
& WPA_CIPHER_BIP_CMAC_256
) {
1624 wpa_s
->mgmt_group_cipher
= WPA_CIPHER_BIP_CMAC_256
;
1625 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: using MGMT group cipher "
1628 wpa_s
->mgmt_group_cipher
= 0;
1629 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: not using MGMT group cipher");
1631 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MGMT_GROUP
,
1632 wpa_s
->mgmt_group_cipher
);
1633 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_MFP
,
1634 wpas_get_ssid_pmf(wpa_s
, ssid
));
1636 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_OCV
, ssid
->ocv
);
1637 #endif /* CONFIG_OCV */
1638 sae_pwe
= wpa_s
->conf
->sae_pwe
;
1639 if (ssid
->sae_password_id
&& sae_pwe
!= 3)
1641 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_SAE_PWE
, sae_pwe
);
1643 /* Extended Key ID is only supported in infrastructure BSS so far */
1644 if (ssid
->mode
== WPAS_MODE_INFRA
&& wpa_s
->conf
->extended_key_id
&&
1645 (ssid
->proto
& WPA_PROTO_RSN
) &&
1646 ssid
->pairwise_cipher
& (WPA_CIPHER_CCMP
| WPA_CIPHER_CCMP_256
|
1647 WPA_CIPHER_GCMP
| WPA_CIPHER_GCMP_256
) &&
1648 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_EXTENDED_KEY_ID
)) {
1649 int use_ext_key_id
= 0;
1651 wpa_msg(wpa_s
, MSG_DEBUG
,
1652 "WPA: Enable Extended Key ID support");
1653 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_EXT_KEY_ID
,
1654 wpa_s
->conf
->extended_key_id
);
1656 wpa_s
->conf
->extended_key_id
&&
1657 wpa_s
->pairwise_cipher
!= WPA_CIPHER_TKIP
&&
1658 (ie
.capabilities
& WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST
))
1660 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_USE_EXT_KEY_ID
,
1663 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_EXT_KEY_ID
, 0);
1664 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_USE_EXT_KEY_ID
, 0);
1667 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s
->wpa
, wpa_ie
, wpa_ie_len
)) {
1668 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to generate WPA IE");
1672 wpa_s
->rsnxe_len
= sizeof(wpa_s
->rsnxe
);
1673 if (wpa_sm_set_assoc_rsnxe_default(wpa_s
->wpa
, wpa_s
->rsnxe
,
1674 &wpa_s
->rsnxe_len
)) {
1675 wpa_msg(wpa_s
, MSG_WARNING
, "RSN: Failed to generate RSNXE");
1681 } else if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_DPP
) {
1682 /* Use PMK from DPP network introduction (PMKSA entry) */
1683 wpa_sm_set_pmk_from_pmksa(wpa_s
->wpa
);
1684 #endif /* CONFIG_DPP */
1685 } else if (wpa_key_mgmt_wpa_psk(ssid
->key_mgmt
)) {
1689 sae_only
= (ssid
->key_mgmt
& (WPA_KEY_MGMT_PSK
|
1690 WPA_KEY_MGMT_FT_PSK
|
1691 WPA_KEY_MGMT_PSK_SHA256
)) == 0;
1693 if (ssid
->psk_set
&& !sae_only
) {
1694 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (set in config)",
1695 ssid
->psk
, PMK_LEN
);
1696 wpa_sm_set_pmk(wpa_s
->wpa
, ssid
->psk
, PMK_LEN
, NULL
,
1701 if (wpa_key_mgmt_sae(ssid
->key_mgmt
) &&
1702 (ssid
->sae_password
|| ssid
->passphrase
))
1705 #ifndef CONFIG_NO_PBKDF2
1706 if (bss
&& ssid
->bssid_set
&& ssid
->ssid_len
== 0 &&
1707 ssid
->passphrase
&& !sae_only
) {
1709 pbkdf2_sha1(ssid
->passphrase
, bss
->ssid
, bss
->ssid_len
,
1710 4096, psk
, PMK_LEN
);
1711 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (from passphrase)",
1713 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
, NULL
);
1715 os_memset(psk
, 0, sizeof(psk
));
1717 #endif /* CONFIG_NO_PBKDF2 */
1718 #ifdef CONFIG_EXT_PASSWORD
1719 if (ssid
->ext_psk
&& !sae_only
) {
1720 struct wpabuf
*pw
= ext_password_get(wpa_s
->ext_pw
,
1722 char pw_str
[64 + 1];
1726 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: No PSK "
1727 "found from external storage");
1731 if (wpabuf_len(pw
) < 8 || wpabuf_len(pw
) > 64) {
1732 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: Unexpected "
1733 "PSK length %d in external storage",
1734 (int) wpabuf_len(pw
));
1735 ext_password_free(pw
);
1739 os_memcpy(pw_str
, wpabuf_head(pw
), wpabuf_len(pw
));
1740 pw_str
[wpabuf_len(pw
)] = '\0';
1742 #ifndef CONFIG_NO_PBKDF2
1743 if (wpabuf_len(pw
) >= 8 && wpabuf_len(pw
) < 64 && bss
)
1745 pbkdf2_sha1(pw_str
, bss
->ssid
, bss
->ssid_len
,
1746 4096, psk
, PMK_LEN
);
1747 os_memset(pw_str
, 0, sizeof(pw_str
));
1748 wpa_hexdump_key(MSG_MSGDUMP
, "PSK (from "
1749 "external passphrase)",
1751 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
,
1754 os_memset(psk
, 0, sizeof(psk
));
1756 #endif /* CONFIG_NO_PBKDF2 */
1757 if (wpabuf_len(pw
) == 2 * PMK_LEN
) {
1758 if (hexstr2bin(pw_str
, psk
, PMK_LEN
) < 0) {
1759 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: "
1760 "Invalid PSK hex string");
1761 os_memset(pw_str
, 0, sizeof(pw_str
));
1762 ext_password_free(pw
);
1765 wpa_hexdump_key(MSG_MSGDUMP
,
1766 "PSK (from external PSK)",
1768 wpa_sm_set_pmk(wpa_s
->wpa
, psk
, PMK_LEN
, NULL
,
1771 os_memset(psk
, 0, sizeof(psk
));
1773 wpa_msg(wpa_s
, MSG_INFO
, "EXT PW: No suitable "
1775 os_memset(pw_str
, 0, sizeof(pw_str
));
1776 ext_password_free(pw
);
1780 os_memset(pw_str
, 0, sizeof(pw_str
));
1781 ext_password_free(pw
);
1783 #endif /* CONFIG_EXT_PASSWORD */
1786 wpa_msg(wpa_s
, MSG_INFO
,
1787 "No PSK available for association");
1788 wpas_auth_failed(wpa_s
, "NO_PSK_AVAILABLE");
1792 } else if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_OWE
) {
1793 /* OWE Diffie-Hellman exchange in (Re)Association
1794 * Request/Response frames set the PMK, so do not override it
1796 #endif /* CONFIG_OWE */
1798 wpa_sm_set_pmk_from_pmksa(wpa_s
->wpa
);
1800 if (ssid
->mode
!= WPAS_MODE_IBSS
&&
1801 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
) &&
1802 (ssid
->wpa_deny_ptk0_rekey
== PTK0_REKEY_ALLOW_NEVER
||
1803 (ssid
->wpa_deny_ptk0_rekey
== PTK0_REKEY_ALLOW_LOCAL_OK
&&
1804 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SAFE_PTK0_REKEYS
)))) {
1805 wpa_msg(wpa_s
, MSG_INFO
,
1806 "Disable PTK0 rekey support - replaced with reconnect");
1807 wpa_s
->deny_ptk0_rekey
= 1;
1808 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_DENY_PTK0_REKEY
, 1);
1810 wpa_s
->deny_ptk0_rekey
= 0;
1811 wpa_sm_set_param(wpa_s
->wpa
, WPA_PARAM_DENY_PTK0_REKEY
, 0);
1818 static void wpas_ext_capab_byte(struct wpa_supplicant
*wpa_s
, u8
*pos
, int idx
)
1823 case 0: /* Bits 0-7 */
1825 case 1: /* Bits 8-15 */
1826 if (wpa_s
->conf
->coloc_intf_reporting
) {
1827 /* Bit 13 - Collocated Interference Reporting */
1831 case 2: /* Bits 16-23 */
1833 *pos
|= 0x02; /* Bit 17 - WNM-Sleep Mode */
1834 if (!wpa_s
->disable_mbo_oce
&& !wpa_s
->conf
->disable_btm
)
1835 *pos
|= 0x08; /* Bit 19 - BSS Transition */
1836 #endif /* CONFIG_WNM */
1838 case 3: /* Bits 24-31 */
1840 *pos
|= 0x02; /* Bit 25 - SSID List */
1841 #endif /* CONFIG_WNM */
1842 #ifdef CONFIG_INTERWORKING
1843 if (wpa_s
->conf
->interworking
)
1844 *pos
|= 0x80; /* Bit 31 - Interworking */
1845 #endif /* CONFIG_INTERWORKING */
1847 case 4: /* Bits 32-39 */
1848 #ifdef CONFIG_INTERWORKING
1849 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_QOS_MAPPING
)
1850 *pos
|= 0x01; /* Bit 32 - QoS Map */
1851 #endif /* CONFIG_INTERWORKING */
1853 case 5: /* Bits 40-47 */
1855 if (wpa_s
->conf
->hs20
)
1856 *pos
|= 0x40; /* Bit 46 - WNM-Notification */
1857 #endif /* CONFIG_HS20 */
1859 *pos
|= 0x40; /* Bit 46 - WNM-Notification */
1860 #endif /* CONFIG_MBO */
1862 case 6: /* Bits 48-55 */
1864 case 7: /* Bits 56-63 */
1866 case 8: /* Bits 64-71 */
1867 if (wpa_s
->conf
->ftm_responder
)
1868 *pos
|= 0x40; /* Bit 70 - FTM responder */
1869 if (wpa_s
->conf
->ftm_initiator
)
1870 *pos
|= 0x80; /* Bit 71 - FTM initiator */
1872 case 9: /* Bits 72-79 */
1874 if (!wpa_s
->disable_fils
)
1876 #endif /* CONFIG_FILS */
1882 int wpas_build_ext_capab(struct wpa_supplicant
*wpa_s
, u8
*buf
, size_t buflen
)
1887 if (len
< wpa_s
->extended_capa_len
)
1888 len
= wpa_s
->extended_capa_len
;
1889 if (buflen
< (size_t) len
+ 2) {
1890 wpa_printf(MSG_INFO
,
1891 "Not enough room for building extended capabilities element");
1895 *pos
++ = WLAN_EID_EXT_CAPAB
;
1897 for (i
= 0; i
< len
; i
++, pos
++) {
1898 wpas_ext_capab_byte(wpa_s
, pos
, i
);
1900 if (i
< wpa_s
->extended_capa_len
) {
1901 *pos
&= ~wpa_s
->extended_capa_mask
[i
];
1902 *pos
|= wpa_s
->extended_capa
[i
];
1906 while (len
> 0 && buf
[1 + len
] == 0) {
1917 static int wpas_valid_bss(struct wpa_supplicant
*wpa_s
,
1918 struct wpa_bss
*test_bss
)
1920 struct wpa_bss
*bss
;
1922 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
1923 if (bss
== test_bss
)
1931 static int wpas_valid_ssid(struct wpa_supplicant
*wpa_s
,
1932 struct wpa_ssid
*test_ssid
)
1934 struct wpa_ssid
*ssid
;
1936 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
) {
1937 if (ssid
== test_ssid
)
1945 int wpas_valid_bss_ssid(struct wpa_supplicant
*wpa_s
, struct wpa_bss
*test_bss
,
1946 struct wpa_ssid
*test_ssid
)
1948 if (test_bss
&& !wpas_valid_bss(wpa_s
, test_bss
))
1951 return test_ssid
== NULL
|| wpas_valid_ssid(wpa_s
, test_ssid
);
1955 void wpas_connect_work_free(struct wpa_connect_work
*cwork
)
1963 void wpas_connect_work_done(struct wpa_supplicant
*wpa_s
)
1965 struct wpa_connect_work
*cwork
;
1966 struct wpa_radio_work
*work
= wpa_s
->connect_work
;
1971 wpa_s
->connect_work
= NULL
;
1974 wpas_connect_work_free(cwork
);
1975 radio_work_done(work
);
1979 int wpas_update_random_addr(struct wpa_supplicant
*wpa_s
, int style
)
1981 struct os_reltime now
;
1984 os_get_reltime(&now
);
1985 if (wpa_s
->last_mac_addr_style
== style
&&
1986 wpa_s
->last_mac_addr_change
.sec
!= 0 &&
1987 !os_reltime_expired(&now
, &wpa_s
->last_mac_addr_change
,
1988 wpa_s
->conf
->rand_addr_lifetime
)) {
1989 wpa_msg(wpa_s
, MSG_DEBUG
,
1990 "Previously selected random MAC address has not yet expired");
1996 if (random_mac_addr(addr
) < 0)
2000 os_memcpy(addr
, wpa_s
->perm_addr
, ETH_ALEN
);
2001 if (random_mac_addr_keep_oui(addr
) < 0)
2008 if (wpa_drv_set_mac_addr(wpa_s
, addr
) < 0) {
2009 wpa_msg(wpa_s
, MSG_INFO
,
2010 "Failed to set random MAC address");
2014 os_get_reltime(&wpa_s
->last_mac_addr_change
);
2015 wpa_s
->mac_addr_changed
= 1;
2016 wpa_s
->last_mac_addr_style
= style
;
2018 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0) {
2019 wpa_msg(wpa_s
, MSG_INFO
,
2020 "Could not update MAC address information");
2024 wpa_msg(wpa_s
, MSG_DEBUG
, "Using random MAC address " MACSTR
,
2031 int wpas_update_random_addr_disassoc(struct wpa_supplicant
*wpa_s
)
2033 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
||
2034 !wpa_s
->conf
->preassoc_mac_addr
)
2037 return wpas_update_random_addr(wpa_s
, wpa_s
->conf
->preassoc_mac_addr
);
2041 static void wpa_s_setup_sae_pt(struct wpa_config
*conf
, struct wpa_ssid
*ssid
)
2044 int *groups
= conf
->sae_groups
;
2045 int default_groups
[] = { 19, 20, 21, 0 };
2046 const char *password
;
2048 if (!groups
|| groups
[0] <= 0)
2049 groups
= default_groups
;
2051 password
= ssid
->sae_password
;
2053 password
= ssid
->passphrase
;
2055 if ((conf
->sae_pwe
== 0 && !ssid
->sae_password_id
) || !password
||
2056 conf
->sae_pwe
== 3) {
2057 /* PT derivation not needed */
2058 sae_deinit_pt(ssid
->pt
);
2064 return; /* PT already derived */
2065 ssid
->pt
= sae_derive_pt(groups
, ssid
->ssid
, ssid
->ssid_len
,
2066 (const u8
*) password
, os_strlen(password
),
2067 ssid
->sae_password_id
);
2068 #endif /* CONFIG_SAE */
2072 static void wpa_s_clear_sae_rejected(struct wpa_supplicant
*wpa_s
)
2074 #if defined(CONFIG_SAE) && defined(CONFIG_SME)
2075 os_free(wpa_s
->sme
.sae_rejected_groups
);
2076 wpa_s
->sme
.sae_rejected_groups
= NULL
;
2077 #ifdef CONFIG_TESTING_OPTIONS
2078 if (wpa_s
->extra_sae_rejected_groups
) {
2079 int i
, *groups
= wpa_s
->extra_sae_rejected_groups
;
2081 for (i
= 0; groups
[i
]; i
++) {
2082 wpa_printf(MSG_DEBUG
,
2083 "TESTING: Indicate rejection of an extra SAE group %d",
2085 int_array_add_unique(&wpa_s
->sme
.sae_rejected_groups
,
2089 #endif /* CONFIG_TESTING_OPTIONS */
2090 #endif /* CONFIG_SAE && CONFIG_SME */
2094 static void wpas_start_assoc_cb(struct wpa_radio_work
*work
, int deinit
);
2097 * wpa_supplicant_associate - Request association
2098 * @wpa_s: Pointer to wpa_supplicant data
2099 * @bss: Scan results for the selected BSS, or %NULL if not available
2100 * @ssid: Configuration data for the selected network
2102 * This function is used to request %wpa_supplicant to associate with a BSS.
2104 void wpa_supplicant_associate(struct wpa_supplicant
*wpa_s
,
2105 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
)
2107 struct wpa_connect_work
*cwork
;
2110 wpa_s
->own_disconnect_req
= 0;
2111 wpa_s
->own_reconnect_req
= 0;
2114 * If we are starting a new connection, any previously pending EAPOL
2115 * RX cannot be valid anymore.
2117 wpabuf_free(wpa_s
->pending_eapol_rx
);
2118 wpa_s
->pending_eapol_rx
= NULL
;
2120 if (ssid
->mac_addr
== -1)
2121 rand_style
= wpa_s
->conf
->mac_addr
;
2123 rand_style
= ssid
->mac_addr
;
2125 wpa_s
->multi_ap_ie
= 0;
2126 wmm_ac_clear_saved_tspecs(wpa_s
);
2127 wpa_s
->reassoc_same_bss
= 0;
2128 wpa_s
->reassoc_same_ess
= 0;
2129 #ifdef CONFIG_TESTING_OPTIONS
2130 wpa_s
->testing_resend_assoc
= 0;
2131 #endif /* CONFIG_TESTING_OPTIONS */
2133 if (wpa_s
->last_ssid
== ssid
) {
2134 wpa_dbg(wpa_s
, MSG_DEBUG
, "Re-association to the same ESS");
2135 wpa_s
->reassoc_same_ess
= 1;
2136 if (wpa_s
->current_bss
&& wpa_s
->current_bss
== bss
) {
2137 wmm_ac_save_tspecs(wpa_s
);
2138 wpa_s
->reassoc_same_bss
= 1;
2139 } else if (wpa_s
->current_bss
&& wpa_s
->current_bss
!= bss
) {
2140 os_get_reltime(&wpa_s
->roam_start
);
2144 wpa_s_clear_sae_rejected(wpa_s
);
2145 wpa_s_setup_sae_pt(wpa_s
->conf
, ssid
);
2146 #endif /* CONFIG_SAE */
2149 if (rand_style
> 0 && !wpa_s
->reassoc_same_ess
) {
2150 if (wpas_update_random_addr(wpa_s
, rand_style
) < 0)
2152 wpa_sm_pmksa_cache_flush(wpa_s
->wpa
, ssid
);
2153 } else if (rand_style
== 0 && wpa_s
->mac_addr_changed
) {
2154 if (wpa_drv_set_mac_addr(wpa_s
, NULL
) < 0) {
2155 wpa_msg(wpa_s
, MSG_INFO
,
2156 "Could not restore permanent MAC address");
2159 wpa_s
->mac_addr_changed
= 0;
2160 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0) {
2161 wpa_msg(wpa_s
, MSG_INFO
,
2162 "Could not update MAC address information");
2165 wpa_msg(wpa_s
, MSG_DEBUG
, "Using permanent MAC address");
2167 wpa_s
->last_ssid
= ssid
;
2169 #ifdef CONFIG_IBSS_RSN
2170 ibss_rsn_deinit(wpa_s
->ibss_rsn
);
2171 wpa_s
->ibss_rsn
= NULL
;
2172 #else /* CONFIG_IBSS_RSN */
2173 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2174 !(ssid
->key_mgmt
& (WPA_KEY_MGMT_NONE
| WPA_KEY_MGMT_WPA_NONE
))) {
2175 wpa_msg(wpa_s
, MSG_INFO
,
2176 "IBSS RSN not supported in the build");
2179 #endif /* CONFIG_IBSS_RSN */
2181 if (ssid
->mode
== WPAS_MODE_AP
|| ssid
->mode
== WPAS_MODE_P2P_GO
||
2182 ssid
->mode
== WPAS_MODE_P2P_GROUP_FORMATION
) {
2184 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_AP
)) {
2185 wpa_msg(wpa_s
, MSG_INFO
, "Driver does not support AP "
2189 if (wpa_supplicant_create_ap(wpa_s
, ssid
) < 0) {
2190 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
2191 if (ssid
->mode
== WPAS_MODE_P2P_GROUP_FORMATION
)
2192 wpas_p2p_ap_setup_failed(wpa_s
);
2195 wpa_s
->current_bss
= bss
;
2196 #else /* CONFIG_AP */
2197 wpa_msg(wpa_s
, MSG_ERROR
, "AP mode support not included in "
2199 #endif /* CONFIG_AP */
2203 if (ssid
->mode
== WPAS_MODE_MESH
) {
2205 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_MESH
)) {
2206 wpa_msg(wpa_s
, MSG_INFO
,
2207 "Driver does not support mesh mode");
2211 ssid
->frequency
= bss
->freq
;
2212 if (wpa_supplicant_join_mesh(wpa_s
, ssid
) < 0) {
2213 wpa_msg(wpa_s
, MSG_ERROR
, "Could not join mesh");
2216 wpa_s
->current_bss
= bss
;
2217 wpa_msg(wpa_s
, MSG_INFO
, MESH_GROUP_STARTED
"ssid=\"%s\" id=%d",
2218 wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
),
2220 wpas_notify_mesh_group_started(wpa_s
, ssid
);
2221 #else /* CONFIG_MESH */
2222 wpa_msg(wpa_s
, MSG_ERROR
,
2223 "mesh mode support not included in the build");
2224 #endif /* CONFIG_MESH */
2229 * Set WPA state machine configuration to match the selected network now
2230 * so that the information is available before wpas_start_assoc_cb()
2231 * gets called. This is needed at least for RSN pre-authentication where
2232 * candidate APs are added to a list based on scan result processing
2233 * before completion of the first association.
2235 wpa_supplicant_rsn_supp_set_config(wpa_s
, ssid
);
2238 if (wpas_dpp_check_connect(wpa_s
, ssid
, bss
) != 0)
2240 #endif /* CONFIG_DPP */
2244 wpa_tdls_ap_ies(wpa_s
->wpa
, (const u8
*) (bss
+ 1),
2246 #endif /* CONFIG_TDLS */
2249 wpas_mbo_check_pmf(wpa_s
, bss
, ssid
);
2250 #endif /* CONFIG_MBO */
2252 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2253 ssid
->mode
== WPAS_MODE_INFRA
) {
2254 sme_authenticate(wpa_s
, bss
, ssid
);
2258 if (wpa_s
->connect_work
) {
2259 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reject wpa_supplicant_associate() call since connect_work exist");
2263 if (radio_work_pending(wpa_s
, "connect")) {
2264 wpa_dbg(wpa_s
, MSG_DEBUG
, "Reject wpa_supplicant_associate() call since pending work exist");
2269 if (ssid
->mode
== WPAS_MODE_IBSS
|| ssid
->mode
== WPAS_MODE_MESH
) {
2270 /* Clear possibly set auth_alg, if any, from last attempt. */
2271 wpa_s
->sme
.auth_alg
= WPA_AUTH_ALG_OPEN
;
2273 #endif /* CONFIG_SME */
2275 wpas_abort_ongoing_scan(wpa_s
);
2277 cwork
= os_zalloc(sizeof(*cwork
));
2284 if (radio_add_work(wpa_s
, bss
? bss
->freq
: 0, "connect", 1,
2285 wpas_start_assoc_cb
, cwork
) < 0) {
2291 static int bss_is_ibss(struct wpa_bss
*bss
)
2293 return (bss
->caps
& (IEEE80211_CAP_ESS
| IEEE80211_CAP_IBSS
)) ==
2298 static int drv_supports_vht(struct wpa_supplicant
*wpa_s
,
2299 const struct wpa_ssid
*ssid
)
2301 enum hostapd_hw_mode hw_mode
;
2302 struct hostapd_hw_modes
*mode
= NULL
;
2306 hw_mode
= ieee80211_freq_to_chan(ssid
->frequency
, &channel
);
2307 if (hw_mode
== NUM_HOSTAPD_MODES
)
2309 for (i
= 0; wpa_s
->hw
.modes
&& i
< wpa_s
->hw
.num_modes
; i
++) {
2310 if (wpa_s
->hw
.modes
[i
].mode
== hw_mode
) {
2311 mode
= &wpa_s
->hw
.modes
[i
];
2319 return mode
->vht_capab
!= 0;
2323 void ibss_mesh_setup_freq(struct wpa_supplicant
*wpa_s
,
2324 const struct wpa_ssid
*ssid
,
2325 struct hostapd_freq_params
*freq
)
2327 int ieee80211_mode
= wpas_mode_to_ieee80211_mode(ssid
->mode
);
2328 enum hostapd_hw_mode hw_mode
;
2329 struct hostapd_hw_modes
*mode
= NULL
;
2330 int ht40plus
[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2332 int vht80
[] = { 36, 52, 100, 116, 132, 149 };
2333 struct hostapd_channel_data
*pri_chan
= NULL
, *sec_chan
= NULL
;
2335 int i
, chan_idx
, ht40
= -1, res
, obss_scan
= 1;
2337 struct hostapd_freq_params vht_freq
;
2338 int chwidth
, seg0
, seg1
;
2342 freq
->freq
= ssid
->frequency
;
2344 for (j
= 0; j
< wpa_s
->last_scan_res_used
; j
++) {
2345 struct wpa_bss
*bss
= wpa_s
->last_scan_res
[j
];
2347 if (ssid
->mode
!= WPAS_MODE_IBSS
)
2350 /* Don't adjust control freq in case of fixed_freq */
2351 if (ssid
->fixed_freq
)
2354 if (!bss_is_ibss(bss
))
2357 if (ssid
->ssid_len
== bss
->ssid_len
&&
2358 os_memcmp(ssid
->ssid
, bss
->ssid
, bss
->ssid_len
) == 0) {
2359 wpa_printf(MSG_DEBUG
,
2360 "IBSS already found in scan results, adjust control freq: %d",
2362 freq
->freq
= bss
->freq
;
2368 /* For IBSS check HT_IBSS flag */
2369 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2370 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_HT_IBSS
))
2373 if (wpa_s
->group_cipher
== WPA_CIPHER_WEP40
||
2374 wpa_s
->group_cipher
== WPA_CIPHER_WEP104
||
2375 wpa_s
->pairwise_cipher
== WPA_CIPHER_TKIP
) {
2376 wpa_printf(MSG_DEBUG
,
2377 "IBSS: WEP/TKIP detected, do not try to enable HT");
2381 hw_mode
= ieee80211_freq_to_chan(freq
->freq
, &channel
);
2382 for (i
= 0; wpa_s
->hw
.modes
&& i
< wpa_s
->hw
.num_modes
; i
++) {
2383 if (wpa_s
->hw
.modes
[i
].mode
== hw_mode
) {
2384 mode
= &wpa_s
->hw
.modes
[i
];
2392 is_24ghz
= hw_mode
== HOSTAPD_MODE_IEEE80211G
||
2393 hw_mode
== HOSTAPD_MODE_IEEE80211B
;
2395 #ifdef CONFIG_HT_OVERRIDES
2396 if (ssid
->disable_ht
) {
2397 freq
->ht_enabled
= 0;
2400 #endif /* CONFIG_HT_OVERRIDES */
2402 freq
->ht_enabled
= ht_supported(mode
);
2403 if (!freq
->ht_enabled
)
2406 /* Allow HE on 2.4 GHz without VHT: see nl80211_put_freq_params() */
2408 freq
->he_enabled
= mode
->he_capab
[ieee80211_mode
].he_supported
;
2410 /* Setup higher BW only for 5 GHz */
2411 if (mode
->mode
!= HOSTAPD_MODE_IEEE80211A
)
2414 for (chan_idx
= 0; chan_idx
< mode
->num_channels
; chan_idx
++) {
2415 pri_chan
= &mode
->channels
[chan_idx
];
2416 if (pri_chan
->chan
== channel
)
2423 /* Check primary channel flags */
2424 if (pri_chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2427 freq
->channel
= pri_chan
->chan
;
2429 #ifdef CONFIG_HT_OVERRIDES
2430 if (ssid
->disable_ht40
) {
2431 #ifdef CONFIG_VHT_OVERRIDES
2432 if (ssid
->disable_vht
)
2434 #endif /* CONFIG_VHT_OVERRIDES */
2437 #endif /* CONFIG_HT_OVERRIDES */
2439 /* Check/setup HT40+/HT40- */
2440 for (j
= 0; j
< ARRAY_SIZE(ht40plus
); j
++) {
2441 if (ht40plus
[j
] == channel
) {
2447 /* Find secondary channel */
2448 for (i
= 0; i
< mode
->num_channels
; i
++) {
2449 sec_chan
= &mode
->channels
[i
];
2450 if (sec_chan
->chan
== channel
+ ht40
* 4)
2457 /* Check secondary channel flags */
2458 if (sec_chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2462 if (!(pri_chan
->flag
& HOSTAPD_CHAN_HT40MINUS
))
2465 if (!(pri_chan
->flag
& HOSTAPD_CHAN_HT40PLUS
))
2468 freq
->sec_channel_offset
= ht40
;
2471 struct wpa_scan_results
*scan_res
;
2473 scan_res
= wpa_supplicant_get_scan_results(wpa_s
, NULL
, 0);
2474 if (scan_res
== NULL
) {
2476 freq
->sec_channel_offset
= 0;
2480 res
= check_40mhz_5g(scan_res
, pri_chan
, sec_chan
);
2484 freq
->sec_channel_offset
= 0;
2487 /* Configuration allowed */
2490 /* Switch pri/sec channels */
2491 freq
->freq
= hw_get_freq(mode
, sec_chan
->chan
);
2492 freq
->sec_channel_offset
= -freq
->sec_channel_offset
;
2493 freq
->channel
= sec_chan
->chan
;
2496 freq
->sec_channel_offset
= 0;
2500 wpa_scan_results_free(scan_res
);
2503 #ifdef CONFIG_HT_OVERRIDES
2505 #endif /* CONFIG_HT_OVERRIDES */
2506 wpa_printf(MSG_DEBUG
,
2507 "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2508 freq
->channel
, freq
->sec_channel_offset
);
2510 if (!drv_supports_vht(wpa_s
, ssid
))
2513 /* For IBSS check VHT_IBSS flag */
2514 if (ssid
->mode
== WPAS_MODE_IBSS
&&
2515 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_VHT_IBSS
))
2520 #ifdef CONFIG_VHT_OVERRIDES
2521 if (ssid
->disable_vht
) {
2522 freq
->vht_enabled
= 0;
2525 #endif /* CONFIG_VHT_OVERRIDES */
2527 vht_freq
.vht_enabled
= vht_supported(mode
);
2528 if (!vht_freq
.vht_enabled
)
2531 /* Enable HE with VHT for 5 GHz */
2532 freq
->he_enabled
= mode
->he_capab
[ieee80211_mode
].he_supported
;
2534 /* setup center_freq1, bandwidth */
2535 for (j
= 0; j
< ARRAY_SIZE(vht80
); j
++) {
2536 if (freq
->channel
>= vht80
[j
] &&
2537 freq
->channel
< vht80
[j
] + 16)
2541 if (j
== ARRAY_SIZE(vht80
))
2544 for (i
= vht80
[j
]; i
< vht80
[j
] + 16; i
+= 4) {
2545 struct hostapd_channel_data
*chan
;
2547 chan
= hw_get_channel_chan(mode
, i
, NULL
);
2551 /* Back to HT configuration if channel not usable */
2552 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
| HOSTAPD_CHAN_NO_IR
))
2556 chwidth
= CHANWIDTH_80MHZ
;
2557 seg0
= vht80
[j
] + 6;
2560 if (ssid
->max_oper_chwidth
== CHANWIDTH_80P80MHZ
) {
2561 /* setup center_freq2, bandwidth */
2562 for (k
= 0; k
< ARRAY_SIZE(vht80
); k
++) {
2563 /* Only accept 80 MHz segments separated by a gap */
2564 if (j
== k
|| abs(vht80
[j
] - vht80
[k
]) == 16)
2566 for (i
= vht80
[k
]; i
< vht80
[k
] + 16; i
+= 4) {
2567 struct hostapd_channel_data
*chan
;
2569 chan
= hw_get_channel_chan(mode
, i
, NULL
);
2573 if (chan
->flag
& (HOSTAPD_CHAN_DISABLED
|
2574 HOSTAPD_CHAN_NO_IR
|
2575 HOSTAPD_CHAN_RADAR
))
2578 /* Found a suitable second segment for 80+80 */
2579 chwidth
= CHANWIDTH_80P80MHZ
;
2581 VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ
;
2582 seg1
= vht80
[k
] + 6;
2585 if (chwidth
== CHANWIDTH_80P80MHZ
)
2588 } else if (ssid
->max_oper_chwidth
== CHANWIDTH_160MHZ
) {
2589 if (freq
->freq
== 5180) {
2590 chwidth
= CHANWIDTH_160MHZ
;
2591 vht_caps
|= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
2593 } else if (freq
->freq
== 5520) {
2594 chwidth
= CHANWIDTH_160MHZ
;
2595 vht_caps
|= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ
;
2598 } else if (ssid
->max_oper_chwidth
== CHANWIDTH_USE_HT
) {
2599 chwidth
= CHANWIDTH_USE_HT
;
2600 seg0
= vht80
[j
] + 2;
2601 #ifdef CONFIG_HT_OVERRIDES
2602 if (ssid
->disable_ht40
)
2604 #endif /* CONFIG_HT_OVERRIDES */
2607 if (hostapd_set_freq_params(&vht_freq
, mode
->mode
, freq
->freq
,
2608 freq
->channel
, ssid
->enable_edmg
,
2609 ssid
->edmg_channel
, freq
->ht_enabled
,
2610 vht_freq
.vht_enabled
, freq
->he_enabled
,
2611 freq
->sec_channel_offset
,
2612 chwidth
, seg0
, seg1
, vht_caps
,
2613 &mode
->he_capab
[ieee80211_mode
]) != 0)
2618 wpa_printf(MSG_DEBUG
, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2619 freq
->center_freq1
, freq
->center_freq2
, freq
->bandwidth
);
2624 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant
*wpa_s
, u8
*ie_buf
,
2627 struct fils_hlp_req
*req
;
2628 size_t rem_len
, hdr_len
, hlp_len
, len
, ie_len
= 0;
2632 dl_list_for_each(req
, &wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
2634 rem_len
= ie_buf_len
- ie_len
;
2635 pos
= wpabuf_head(req
->pkt
);
2636 hdr_len
= 1 + 2 * ETH_ALEN
+ 6;
2637 hlp_len
= wpabuf_len(req
->pkt
);
2639 if (rem_len
< 2 + hdr_len
+ hlp_len
) {
2640 wpa_printf(MSG_ERROR
,
2641 "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2642 (unsigned long) rem_len
,
2643 (unsigned long) (2 + hdr_len
+ hlp_len
));
2647 len
= (hdr_len
+ hlp_len
) > 255 ? 255 : hdr_len
+ hlp_len
;
2649 *buf
++ = WLAN_EID_EXTENSION
;
2652 /* Element ID Extension */
2653 *buf
++ = WLAN_EID_EXT_FILS_HLP_CONTAINER
;
2654 /* Destination MAC address */
2655 os_memcpy(buf
, req
->dst
, ETH_ALEN
);
2657 /* Source MAC address */
2658 os_memcpy(buf
, wpa_s
->own_addr
, ETH_ALEN
);
2660 /* LLC/SNAP Header */
2661 os_memcpy(buf
, "\xaa\xaa\x03\x00\x00\x00", 6);
2664 os_memcpy(buf
, pos
, len
- hdr_len
);
2665 buf
+= len
- hdr_len
;
2666 pos
+= len
- hdr_len
;
2668 hlp_len
-= len
- hdr_len
;
2673 len
= (hlp_len
> 255) ? 255 : hlp_len
;
2674 if (rem_len
< 2 + len
)
2676 *buf
++ = WLAN_EID_FRAGMENT
;
2678 os_memcpy(buf
, pos
, len
);
2692 int wpa_is_fils_supported(struct wpa_supplicant
*wpa_s
)
2694 return (((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2695 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SUPPORT_FILS
)) ||
2696 (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2697 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD
)));
2701 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant
*wpa_s
)
2703 #ifdef CONFIG_FILS_SK_PFS
2704 return (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
) &&
2705 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SUPPORT_FILS
);
2706 #else /* CONFIG_FILS_SK_PFS */
2708 #endif /* CONFIG_FILS_SK_PFS */
2711 #endif /* CONFIG_FILS */
2714 static u8
* wpas_populate_assoc_ies(
2715 struct wpa_supplicant
*wpa_s
,
2716 struct wpa_bss
*bss
, struct wpa_ssid
*ssid
,
2717 struct wpa_driver_associate_params
*params
,
2718 enum wpa_drv_update_connect_params_mask
*mask
)
2721 size_t max_wpa_ie_len
= 500;
2723 int algs
= WPA_AUTH_ALG_OPEN
;
2728 int sae_pmksa_cached
= 0;
2729 #endif /* CONFIG_SAE */
2731 const u8
*realm
, *username
, *rrk
;
2732 size_t realm_len
, username_len
, rrk_len
;
2734 struct fils_hlp_req
*req
;
2736 dl_list_for_each(req
, &wpa_s
->fils_hlp_req
, struct fils_hlp_req
,
2738 max_wpa_ie_len
+= 3 + 2 * ETH_ALEN
+ 6 + wpabuf_len(req
->pkt
) +
2739 2 + 2 * wpabuf_len(req
->pkt
) / 255;
2741 #endif /* CONFIG_FILS */
2743 wpa_ie
= os_malloc(max_wpa_ie_len
);
2745 wpa_printf(MSG_ERROR
,
2746 "Failed to allocate connect IE buffer for %lu bytes",
2747 (unsigned long) max_wpa_ie_len
);
2751 if (bss
&& (wpa_bss_get_vendor_ie(bss
, WPA_IE_VENDOR_TYPE
) ||
2752 wpa_bss_get_ie(bss
, WLAN_EID_RSN
)) &&
2753 wpa_key_mgmt_wpa(ssid
->key_mgmt
)) {
2754 int try_opportunistic
;
2755 const u8
*cache_id
= NULL
;
2757 try_opportunistic
= (ssid
->proactive_key_caching
< 0 ?
2759 ssid
->proactive_key_caching
) &&
2760 (ssid
->proto
& WPA_PROTO_RSN
);
2762 if (wpa_key_mgmt_fils(ssid
->key_mgmt
))
2763 cache_id
= wpa_bss_get_fils_cache_id(bss
);
2764 #endif /* CONFIG_FILS */
2765 if (pmksa_cache_set_current(wpa_s
->wpa
, NULL
, bss
->bssid
,
2766 ssid
, try_opportunistic
,
2767 cache_id
, 0) == 0) {
2768 eapol_sm_notify_pmkid_attempt(wpa_s
->eapol
);
2770 sae_pmksa_cached
= 1;
2771 #endif /* CONFIG_SAE */
2773 wpa_ie_len
= max_wpa_ie_len
;
2774 if (wpa_supplicant_set_suites(wpa_s
, bss
, ssid
,
2775 wpa_ie
, &wpa_ie_len
)) {
2776 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2777 "key management and encryption suites");
2782 } else if (bss
&& wpa_bss_get_vendor_ie(bss
, OSEN_IE_VENDOR_TYPE
) &&
2783 (ssid
->key_mgmt
& WPA_KEY_MGMT_OSEN
)) {
2784 /* No PMKSA caching, but otherwise similar to RSN/WPA */
2785 wpa_ie_len
= max_wpa_ie_len
;
2786 if (wpa_supplicant_set_suites(wpa_s
, bss
, ssid
,
2787 wpa_ie
, &wpa_ie_len
)) {
2788 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2789 "key management and encryption suites");
2793 #endif /* CONFIG_HS20 */
2794 } else if ((ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
) && bss
&&
2795 wpa_key_mgmt_wpa_ieee8021x(ssid
->key_mgmt
)) {
2797 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2798 * use non-WPA since the scan results did not indicate that the
2799 * AP is using WPA or WPA2.
2801 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2803 wpa_s
->wpa_proto
= 0;
2804 } else if (wpa_key_mgmt_wpa_any(ssid
->key_mgmt
)) {
2805 wpa_ie_len
= max_wpa_ie_len
;
2806 if (wpa_supplicant_set_suites(wpa_s
, NULL
, ssid
,
2807 wpa_ie
, &wpa_ie_len
)) {
2808 wpa_msg(wpa_s
, MSG_WARNING
, "WPA: Failed to set WPA "
2809 "key management and encryption suites (no "
2815 } else if (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
) {
2816 struct wpabuf
*wps_ie
;
2817 wps_ie
= wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid
));
2818 if (wps_ie
&& wpabuf_len(wps_ie
) <= max_wpa_ie_len
) {
2819 wpa_ie_len
= wpabuf_len(wps_ie
);
2820 os_memcpy(wpa_ie
, wpabuf_head(wps_ie
), wpa_ie_len
);
2823 wpabuf_free(wps_ie
);
2824 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2825 if (!bss
|| (bss
->caps
& IEEE80211_CAP_PRIVACY
))
2826 params
->wps
= WPS_MODE_PRIVACY
;
2828 params
->wps
= WPS_MODE_OPEN
;
2829 wpa_s
->wpa_proto
= 0;
2830 #endif /* CONFIG_WPS */
2832 wpa_supplicant_set_non_wpa_policy(wpa_s
, ssid
);
2834 wpa_s
->wpa_proto
= 0;
2837 #ifdef IEEE8021X_EAPOL
2838 if (ssid
->key_mgmt
& WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
2840 if (ssid
->non_leap
== 0)
2841 algs
= WPA_AUTH_ALG_LEAP
;
2843 algs
|= WPA_AUTH_ALG_LEAP
;
2848 /* Clear FILS association */
2849 wpa_sm_set_reset_fils_completed(wpa_s
->wpa
, 0);
2851 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD
) &&
2852 ssid
->eap
.erp
&& wpa_key_mgmt_fils(wpa_s
->key_mgmt
) &&
2853 eapol_sm_get_erp_info(wpa_s
->eapol
, &ssid
->eap
, &username
,
2854 &username_len
, &realm
, &realm_len
,
2855 &next_seq_num
, &rrk
, &rrk_len
) == 0 &&
2856 (!wpa_s
->last_con_fail_realm
||
2857 wpa_s
->last_con_fail_realm_len
!= realm_len
||
2858 os_memcmp(wpa_s
->last_con_fail_realm
, realm
, realm_len
) != 0)) {
2859 algs
= WPA_AUTH_ALG_FILS
;
2860 params
->fils_erp_username
= username
;
2861 params
->fils_erp_username_len
= username_len
;
2862 params
->fils_erp_realm
= realm
;
2863 params
->fils_erp_realm_len
= realm_len
;
2864 params
->fils_erp_next_seq_num
= next_seq_num
;
2865 params
->fils_erp_rrk
= rrk
;
2866 params
->fils_erp_rrk_len
= rrk_len
;
2869 *mask
|= WPA_DRV_UPDATE_FILS_ERP_INFO
;
2871 #endif /* CONFIG_FILS */
2872 #endif /* IEEE8021X_EAPOL */
2874 if (wpa_s
->key_mgmt
& (WPA_KEY_MGMT_SAE
| WPA_KEY_MGMT_FT_SAE
))
2875 algs
= WPA_AUTH_ALG_SAE
;
2876 #endif /* CONFIG_SAE */
2878 wpa_dbg(wpa_s
, MSG_DEBUG
, "Automatic auth_alg selection: 0x%x", algs
);
2879 if (ssid
->auth_alg
) {
2880 algs
= ssid
->auth_alg
;
2881 wpa_dbg(wpa_s
, MSG_DEBUG
,
2882 "Overriding auth_alg selection: 0x%x", algs
);
2886 if (sae_pmksa_cached
&& algs
== WPA_AUTH_ALG_SAE
) {
2887 wpa_dbg(wpa_s
, MSG_DEBUG
,
2888 "SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
2889 algs
= WPA_AUTH_ALG_OPEN
;
2891 #endif /* CONFIG_SAE */
2894 if (wpa_s
->global
->p2p
) {
2898 pos
= wpa_ie
+ wpa_ie_len
;
2899 len
= max_wpa_ie_len
- wpa_ie_len
;
2900 res
= wpas_p2p_assoc_req_ie(wpa_s
, bss
, pos
, len
,
2906 wpa_s
->cross_connect_disallowed
= 0;
2909 p2p
= wpa_bss_get_vendor_ie_multi(bss
, P2P_IE_VENDOR_TYPE
);
2911 wpa_s
->cross_connect_disallowed
=
2912 p2p_get_cross_connect_disallowed(p2p
);
2914 wpa_dbg(wpa_s
, MSG_DEBUG
, "P2P: WLAN AP %s cross "
2916 wpa_s
->cross_connect_disallowed
?
2917 "disallows" : "allows");
2921 os_memset(wpa_s
->p2p_ip_addr_info
, 0, sizeof(wpa_s
->p2p_ip_addr_info
));
2922 #endif /* CONFIG_P2P */
2925 wpa_ie_len
+= wpas_supp_op_class_ie(wpa_s
, ssid
, bss
,
2926 wpa_ie
+ wpa_ie_len
,
2932 * Workaround: Add Extended Capabilities element only if the AP
2933 * included this element in Beacon/Probe Response frames. Some older
2934 * APs seem to have interoperability issues if this element is
2935 * included, so while the standard may require us to include the
2936 * element in all cases, it is justifiable to skip it to avoid
2937 * interoperability issues.
2939 if (ssid
->p2p_group
)
2940 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_P2P_CLIENT
);
2942 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_STATION
);
2944 if (!bss
|| wpa_bss_get_ie(bss
, WLAN_EID_EXT_CAPAB
)) {
2947 ext_capab_len
= wpas_build_ext_capab(wpa_s
, ext_capab
,
2949 if (ext_capab_len
> 0 &&
2950 wpa_ie_len
+ ext_capab_len
<= max_wpa_ie_len
) {
2952 if (wpa_ie_len
> 0 && pos
[0] == WLAN_EID_RSN
)
2954 os_memmove(pos
+ ext_capab_len
, pos
,
2955 wpa_ie_len
- (pos
- wpa_ie
));
2956 wpa_ie_len
+= ext_capab_len
;
2957 os_memcpy(pos
, ext_capab
, ext_capab_len
);
2962 if (is_hs20_network(wpa_s
, ssid
, bss
)) {
2963 struct wpabuf
*hs20
;
2965 hs20
= wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN
);
2967 int pps_mo_id
= hs20_get_pps_mo_id(wpa_s
, ssid
);
2970 wpas_hs20_add_indication(hs20
, pps_mo_id
,
2971 get_hs20_version(bss
));
2972 wpas_hs20_add_roam_cons_sel(hs20
, ssid
);
2973 len
= max_wpa_ie_len
- wpa_ie_len
;
2974 if (wpabuf_len(hs20
) <= len
) {
2975 os_memcpy(wpa_ie
+ wpa_ie_len
,
2976 wpabuf_head(hs20
), wpabuf_len(hs20
));
2977 wpa_ie_len
+= wpabuf_len(hs20
);
2981 hs20_configure_frame_filters(wpa_s
);
2984 #endif /* CONFIG_HS20 */
2986 if (wpa_s
->vendor_elem
[VENDOR_ELEM_ASSOC_REQ
]) {
2987 struct wpabuf
*buf
= wpa_s
->vendor_elem
[VENDOR_ELEM_ASSOC_REQ
];
2990 len
= max_wpa_ie_len
- wpa_ie_len
;
2991 if (wpabuf_len(buf
) <= len
) {
2992 os_memcpy(wpa_ie
+ wpa_ie_len
,
2993 wpabuf_head(buf
), wpabuf_len(buf
));
2994 wpa_ie_len
+= wpabuf_len(buf
);
2999 if (wpa_s
->fst_ies
) {
3000 int fst_ies_len
= wpabuf_len(wpa_s
->fst_ies
);
3002 if (wpa_ie_len
+ fst_ies_len
<= max_wpa_ie_len
) {
3003 os_memcpy(wpa_ie
+ wpa_ie_len
,
3004 wpabuf_head(wpa_s
->fst_ies
), fst_ies_len
);
3005 wpa_ie_len
+= fst_ies_len
;
3008 #endif /* CONFIG_FST */
3011 mbo_ie
= bss
? wpa_bss_get_vendor_ie(bss
, MBO_IE_VENDOR_TYPE
) : NULL
;
3012 if (!wpa_s
->disable_mbo_oce
&& mbo_ie
) {
3015 len
= wpas_mbo_ie(wpa_s
, wpa_ie
+ wpa_ie_len
,
3016 max_wpa_ie_len
- wpa_ie_len
,
3017 !!mbo_attr_from_mbo_ie(mbo_ie
,
3018 OCE_ATTR_ID_CAPA_IND
));
3022 #endif /* CONFIG_MBO */
3025 if (algs
== WPA_AUTH_ALG_FILS
) {
3028 len
= wpas_add_fils_hlp_req(wpa_s
, wpa_ie
+ wpa_ie_len
,
3029 max_wpa_ie_len
- wpa_ie_len
);
3032 #endif /* CONFIG_FILS */
3035 #ifdef CONFIG_TESTING_OPTIONS
3036 if (get_ie_ext(wpa_ie
, wpa_ie_len
, WLAN_EID_EXT_OWE_DH_PARAM
)) {
3037 wpa_printf(MSG_INFO
, "TESTING: Override OWE DH element");
3039 #endif /* CONFIG_TESTING_OPTIONS */
3040 if (algs
== WPA_AUTH_ALG_OPEN
&&
3041 ssid
->key_mgmt
== WPA_KEY_MGMT_OWE
) {
3042 struct wpabuf
*owe_ie
;
3045 if (ssid
->owe_group
) {
3046 group
= ssid
->owe_group
;
3047 } else if (wpa_s
->assoc_status_code
==
3048 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED
) {
3049 if (wpa_s
->last_owe_group
== 19)
3051 else if (wpa_s
->last_owe_group
== 20)
3054 group
= OWE_DH_GROUP
;
3056 group
= OWE_DH_GROUP
;
3059 wpa_s
->last_owe_group
= group
;
3060 wpa_printf(MSG_DEBUG
, "OWE: Try to use group %u", group
);
3061 owe_ie
= owe_build_assoc_req(wpa_s
->wpa
, group
);
3063 wpabuf_len(owe_ie
) <= max_wpa_ie_len
- wpa_ie_len
) {
3064 os_memcpy(wpa_ie
+ wpa_ie_len
,
3065 wpabuf_head(owe_ie
), wpabuf_len(owe_ie
));
3066 wpa_ie_len
+= wpabuf_len(owe_ie
);
3068 wpabuf_free(owe_ie
);
3070 #endif /* CONFIG_OWE */
3073 if (wpa_sm_get_key_mgmt(wpa_s
->wpa
) == WPA_KEY_MGMT_DPP
&&
3074 ssid
->dpp_netaccesskey
) {
3075 dpp_pfs_free(wpa_s
->dpp_pfs
);
3076 wpa_s
->dpp_pfs
= dpp_pfs_init(ssid
->dpp_netaccesskey
,
3077 ssid
->dpp_netaccesskey_len
);
3078 if (!wpa_s
->dpp_pfs
) {
3079 wpa_printf(MSG_DEBUG
, "DPP: Could not initialize PFS");
3080 /* Try to continue without PFS */
3083 if (wpabuf_len(wpa_s
->dpp_pfs
->ie
) <=
3084 max_wpa_ie_len
- wpa_ie_len
) {
3085 os_memcpy(wpa_ie
+ wpa_ie_len
,
3086 wpabuf_head(wpa_s
->dpp_pfs
->ie
),
3087 wpabuf_len(wpa_s
->dpp_pfs
->ie
));
3088 wpa_ie_len
+= wpabuf_len(wpa_s
->dpp_pfs
->ie
);
3092 #endif /* CONFIG_DPP2 */
3094 #ifdef CONFIG_IEEE80211R
3096 * Add MDIE under these conditions: the network profile allows FT,
3097 * the AP supports FT, and the mobility domain ID matches.
3099 if (bss
&& wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s
->wpa
))) {
3100 const u8
*mdie
= wpa_bss_get_ie(bss
, WLAN_EID_MOBILITY_DOMAIN
);
3102 if (mdie
&& mdie
[1] >= MOBILITY_DOMAIN_ID_LEN
) {
3104 const u8
*md
= mdie
+ 2;
3105 const u8
*wpa_md
= wpa_sm_get_ft_md(wpa_s
->wpa
);
3107 if (os_memcmp(md
, wpa_md
,
3108 MOBILITY_DOMAIN_ID_LEN
) == 0) {
3109 /* Add mobility domain IE */
3110 len
= wpa_ft_add_mdie(
3111 wpa_s
->wpa
, wpa_ie
+ wpa_ie_len
,
3112 max_wpa_ie_len
- wpa_ie_len
, mdie
);
3116 if (len
> 0 && wpa_s
->sme
.ft_used
&&
3117 wpa_sm_has_ptk(wpa_s
->wpa
)) {
3118 wpa_dbg(wpa_s
, MSG_DEBUG
,
3119 "SME: Trying to use FT over-the-air");
3120 algs
|= WPA_AUTH_ALG_FT
;
3122 #endif /* CONFIG_SME */
3125 #endif /* CONFIG_IEEE80211R */
3127 #ifdef CONFIG_TESTING_OPTIONS
3128 if (wpa_s
->rsnxe_override_assoc
&&
3129 wpabuf_len(wpa_s
->rsnxe_override_assoc
) <=
3130 max_wpa_ie_len
- wpa_ie_len
) {
3131 wpa_printf(MSG_DEBUG
, "TESTING: RSNXE AssocReq override");
3132 os_memcpy(wpa_ie
+ wpa_ie_len
,
3133 wpabuf_head(wpa_s
->rsnxe_override_assoc
),
3134 wpabuf_len(wpa_s
->rsnxe_override_assoc
));
3135 wpa_ie_len
+= wpabuf_len(wpa_s
->rsnxe_override_assoc
);
3137 #endif /* CONFIG_TESTING_OPTIONS */
3138 if (wpa_s
->rsnxe_len
> 0 &&
3139 wpa_s
->rsnxe_len
<= max_wpa_ie_len
- wpa_ie_len
) {
3140 os_memcpy(wpa_ie
+ wpa_ie_len
, wpa_s
->rsnxe
, wpa_s
->rsnxe_len
);
3141 wpa_ie_len
+= wpa_s
->rsnxe_len
;
3144 if (ssid
->multi_ap_backhaul_sta
) {
3145 size_t multi_ap_ie_len
;
3147 multi_ap_ie_len
= add_multi_ap_ie(wpa_ie
+ wpa_ie_len
,
3148 max_wpa_ie_len
- wpa_ie_len
,
3149 MULTI_AP_BACKHAUL_STA
);
3150 if (multi_ap_ie_len
== 0) {
3151 wpa_printf(MSG_ERROR
,
3152 "Multi-AP: Failed to build Multi-AP IE");
3156 wpa_ie_len
+= multi_ap_ie_len
;
3159 params
->wpa_ie
= wpa_ie
;
3160 params
->wpa_ie_len
= wpa_ie_len
;
3161 params
->auth_alg
= algs
;
3163 *mask
|= WPA_DRV_UPDATE_ASSOC_IES
| WPA_DRV_UPDATE_AUTH_TYPE
;
3170 static void wpas_update_owe_connect_params(struct wpa_supplicant
*wpa_s
)
3172 struct wpa_driver_associate_params params
;
3175 os_memset(¶ms
, 0, sizeof(params
));
3176 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
3177 wpa_s
->current_ssid
, ¶ms
, NULL
);
3181 wpa_drv_update_connect_params(wpa_s
, ¶ms
, WPA_DRV_UPDATE_ASSOC_IES
);
3184 #endif /* CONFIG_OWE */
3187 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
3188 static void wpas_update_fils_connect_params(struct wpa_supplicant
*wpa_s
)
3190 struct wpa_driver_associate_params params
;
3191 enum wpa_drv_update_connect_params_mask mask
= 0;
3194 if (wpa_s
->auth_alg
!= WPA_AUTH_ALG_OPEN
)
3195 return; /* nothing to do */
3197 os_memset(¶ms
, 0, sizeof(params
));
3198 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
3199 wpa_s
->current_ssid
, ¶ms
, &mask
);
3203 if (params
.auth_alg
!= WPA_AUTH_ALG_FILS
) {
3208 wpa_s
->auth_alg
= params
.auth_alg
;
3209 wpa_drv_update_connect_params(wpa_s
, ¶ms
, mask
);
3212 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
3215 static u8
wpa_ie_get_edmg_oper_chans(const u8
*edmg_ie
)
3217 if (!edmg_ie
|| edmg_ie
[1] < 6)
3219 return edmg_ie
[EDMG_BSS_OPERATING_CHANNELS_OFFSET
];
3223 static u8
wpa_ie_get_edmg_oper_chan_width(const u8
*edmg_ie
)
3225 if (!edmg_ie
|| edmg_ie
[1] < 6)
3227 return edmg_ie
[EDMG_OPERATING_CHANNEL_WIDTH_OFFSET
];
3231 /* Returns the intersection of two EDMG configurations.
3232 * Note: The current implementation is limited to CB2 only (CB1 included),
3233 * i.e., the implementation supports up to 2 contiguous channels.
3234 * For supporting non-contiguous (aggregated) channels and for supporting
3235 * CB3 and above, this function will need to be extended.
3237 static struct ieee80211_edmg_config
3238 get_edmg_intersection(struct ieee80211_edmg_config a
,
3239 struct ieee80211_edmg_config b
,
3242 struct ieee80211_edmg_config result
;
3243 int i
, contiguous
= 0;
3244 int max_contiguous
= 0;
3246 result
.channels
= b
.channels
& a
.channels
;
3247 if (!result
.channels
) {
3248 wpa_printf(MSG_DEBUG
,
3249 "EDMG not possible: cannot intersect channels 0x%x and 0x%x",
3250 a
.channels
, b
.channels
);
3254 if (!(result
.channels
& BIT(primary_channel
- 1))) {
3255 wpa_printf(MSG_DEBUG
,
3256 "EDMG not possible: the primary channel %d is not one of the intersected channels 0x%x",
3257 primary_channel
, result
.channels
);
3261 /* Find max contiguous channels */
3262 for (i
= 0; i
< 6; i
++) {
3263 if (result
.channels
& BIT(i
))
3268 if (contiguous
> max_contiguous
)
3269 max_contiguous
= contiguous
;
3272 /* Assuming AP and STA supports ONLY contiguous channels,
3273 * bw configuration can have value between 4-7.
3275 if ((b
.bw_config
< a
.bw_config
))
3276 result
.bw_config
= b
.bw_config
;
3278 result
.bw_config
= a
.bw_config
;
3280 if ((max_contiguous
>= 2 && result
.bw_config
< EDMG_BW_CONFIG_5
) ||
3281 (max_contiguous
>= 1 && result
.bw_config
< EDMG_BW_CONFIG_4
)) {
3282 wpa_printf(MSG_DEBUG
,
3283 "EDMG not possible: not enough contiguous channels %d for supporting CB1 or CB2",
3291 result
.channels
= 0;
3292 result
.bw_config
= 0;
3297 static struct ieee80211_edmg_config
3298 get_supported_edmg(struct wpa_supplicant
*wpa_s
,
3299 struct hostapd_freq_params
*freq
,
3300 struct ieee80211_edmg_config request_edmg
)
3302 enum hostapd_hw_mode hw_mode
;
3303 struct hostapd_hw_modes
*mode
= NULL
;
3306 if (!wpa_s
->hw
.modes
)
3309 hw_mode
= ieee80211_freq_to_chan(freq
->freq
, &primary_channel
);
3310 if (hw_mode
== NUM_HOSTAPD_MODES
)
3313 mode
= get_mode(wpa_s
->hw
.modes
, wpa_s
->hw
.num_modes
, hw_mode
, 0);
3317 return get_edmg_intersection(mode
->edmg
, request_edmg
, primary_channel
);
3320 request_edmg
.channels
= 0;
3321 request_edmg
.bw_config
= 0;
3322 return request_edmg
;
3327 void wpas_update_mbo_connect_params(struct wpa_supplicant
*wpa_s
)
3329 struct wpa_driver_associate_params params
;
3333 * Update MBO connect params only in case of change of MBO attributes
3334 * when connected, if the AP support MBO.
3337 if (wpa_s
->wpa_state
!= WPA_COMPLETED
|| !wpa_s
->current_ssid
||
3338 !wpa_s
->current_bss
||
3339 !wpa_bss_get_vendor_ie(wpa_s
->current_bss
, MBO_IE_VENDOR_TYPE
))
3342 os_memset(¶ms
, 0, sizeof(params
));
3343 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, wpa_s
->current_bss
,
3344 wpa_s
->current_ssid
, ¶ms
, NULL
);
3348 wpa_drv_update_connect_params(wpa_s
, ¶ms
, WPA_DRV_UPDATE_ASSOC_IES
);
3351 #endif /* CONFIG_MBO */
3354 static void wpas_start_assoc_cb(struct wpa_radio_work
*work
, int deinit
)
3356 struct wpa_connect_work
*cwork
= work
->ctx
;
3357 struct wpa_bss
*bss
= cwork
->bss
;
3358 struct wpa_ssid
*ssid
= cwork
->ssid
;
3359 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
3361 const u8
*edmg_ie_oper
;
3362 int use_crypt
, ret
, bssid_changed
;
3363 unsigned int cipher_pairwise
, cipher_group
, cipher_group_mgmt
;
3364 struct wpa_driver_associate_params params
;
3365 #if defined(CONFIG_WEP) || defined(IEEE8021X_EAPOL)
3366 int wep_keys_set
= 0;
3367 #endif /* CONFIG_WEP || IEEE8021X_EAPOL */
3368 int assoc_failed
= 0;
3369 struct wpa_ssid
*old_ssid
;
3370 u8 prev_bssid
[ETH_ALEN
];
3371 #ifdef CONFIG_HT_OVERRIDES
3372 struct ieee80211_ht_capabilities htcaps
;
3373 struct ieee80211_ht_capabilities htcaps_mask
;
3374 #endif /* CONFIG_HT_OVERRIDES */
3375 #ifdef CONFIG_VHT_OVERRIDES
3376 struct ieee80211_vht_capabilities vhtcaps
;
3377 struct ieee80211_vht_capabilities vhtcaps_mask
;
3378 #endif /* CONFIG_VHT_OVERRIDES */
3381 if (work
->started
) {
3382 wpa_s
->connect_work
= NULL
;
3384 /* cancel possible auth. timeout */
3385 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
,
3388 wpas_connect_work_free(cwork
);
3392 wpa_s
->connect_work
= work
;
3394 if (cwork
->bss_removed
|| !wpas_valid_bss_ssid(wpa_s
, bss
, ssid
) ||
3395 wpas_network_disabled(wpa_s
, ssid
)) {
3396 wpa_dbg(wpa_s
, MSG_DEBUG
, "BSS/SSID entry for association not valid anymore - drop connection attempt");
3397 wpas_connect_work_done(wpa_s
);
3401 os_memcpy(prev_bssid
, wpa_s
->bssid
, ETH_ALEN
);
3402 os_memset(¶ms
, 0, sizeof(params
));
3403 wpa_s
->reassociate
= 0;
3404 wpa_s
->eap_expected_failure
= 0;
3406 (!wpas_driver_bss_selection(wpa_s
) || wpas_wps_searching(wpa_s
))) {
3407 #ifdef CONFIG_IEEE80211R
3408 const u8
*ie
, *md
= NULL
;
3409 #endif /* CONFIG_IEEE80211R */
3410 wpa_msg(wpa_s
, MSG_INFO
, "Trying to associate with " MACSTR
3411 " (SSID='%s' freq=%d MHz)", MAC2STR(bss
->bssid
),
3412 wpa_ssid_txt(bss
->ssid
, bss
->ssid_len
), bss
->freq
);
3413 bssid_changed
= !is_zero_ether_addr(wpa_s
->bssid
);
3414 os_memset(wpa_s
->bssid
, 0, ETH_ALEN
);
3415 os_memcpy(wpa_s
->pending_bssid
, bss
->bssid
, ETH_ALEN
);
3417 wpas_notify_bssid_changed(wpa_s
);
3418 #ifdef CONFIG_IEEE80211R
3419 ie
= wpa_bss_get_ie(bss
, WLAN_EID_MOBILITY_DOMAIN
);
3420 if (ie
&& ie
[1] >= MOBILITY_DOMAIN_ID_LEN
)
3422 wpa_sm_set_ft_params(wpa_s
->wpa
, ie
, ie
? 2 + ie
[1] : 0);
3424 /* Prepare for the next transition */
3425 wpa_ft_prepare_auth_request(wpa_s
->wpa
, ie
);
3427 #endif /* CONFIG_IEEE80211R */
3429 } else if ((ssid
->ssid
== NULL
|| ssid
->ssid_len
== 0) &&
3430 wpa_s
->conf
->ap_scan
== 2 &&
3431 (ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
)) {
3432 /* Use ap_scan==1 style network selection to find the network
3434 wpas_connect_work_done(wpa_s
);
3435 wpa_s
->scan_req
= MANUAL_SCAN_REQ
;
3436 wpa_s
->reassociate
= 1;
3437 wpa_supplicant_req_scan(wpa_s
, 0, 0);
3439 #endif /* CONFIG_WPS */
3441 wpa_msg(wpa_s
, MSG_INFO
, "Trying to associate with SSID '%s'",
3442 wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
));
3444 os_memcpy(wpa_s
->pending_bssid
, bss
->bssid
, ETH_ALEN
);
3446 os_memset(wpa_s
->pending_bssid
, 0, ETH_ALEN
);
3449 wpa_supplicant_cancel_sched_scan(wpa_s
);
3451 wpa_supplicant_cancel_scan(wpa_s
);
3453 /* Starting new association, so clear the possibly used WPA IE from the
3454 * previous association. */
3455 wpa_sm_set_assoc_wpa_ie(wpa_s
->wpa
, NULL
, 0);
3456 wpa_sm_set_assoc_rsnxe(wpa_s
->wpa
, NULL
, 0);
3457 wpa_s
->rsnxe_len
= 0;
3459 wpa_ie
= wpas_populate_assoc_ies(wpa_s
, bss
, ssid
, ¶ms
, NULL
);
3461 wpas_connect_work_done(wpa_s
);
3465 wpa_clear_keys(wpa_s
, bss
? bss
->bssid
: NULL
);
3467 cipher_pairwise
= wpa_s
->pairwise_cipher
;
3468 cipher_group
= wpa_s
->group_cipher
;
3469 cipher_group_mgmt
= wpa_s
->mgmt_group_cipher
;
3470 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
||
3471 wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
3472 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
)
3475 if (wpa_set_wep_keys(wpa_s
, ssid
)) {
3479 #endif /* CONFIG_WEP */
3481 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
)
3484 #ifdef IEEE8021X_EAPOL
3485 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
3486 if ((ssid
->eapol_flags
&
3487 (EAPOL_FLAG_REQUIRE_KEY_UNICAST
|
3488 EAPOL_FLAG_REQUIRE_KEY_BROADCAST
)) == 0 &&
3492 /* Assume that dynamic WEP-104 keys will be used and
3493 * set cipher suites in order for drivers to expect
3495 cipher_pairwise
= cipher_group
= WPA_CIPHER_WEP104
;
3498 #endif /* IEEE8021X_EAPOL */
3500 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
) {
3501 /* Set the key before (and later after) association */
3502 wpa_supplicant_set_wpa_none_key(wpa_s
, ssid
);
3505 wpa_supplicant_set_state(wpa_s
, WPA_ASSOCIATING
);
3507 params
.ssid
= bss
->ssid
;
3508 params
.ssid_len
= bss
->ssid_len
;
3509 if (!wpas_driver_bss_selection(wpa_s
) || ssid
->bssid_set
||
3510 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
3511 wpa_printf(MSG_DEBUG
, "Limit connection to BSSID "
3512 MACSTR
" freq=%u MHz based on scan results "
3513 "(bssid_set=%d wps=%d)",
3514 MAC2STR(bss
->bssid
), bss
->freq
,
3516 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
);
3517 params
.bssid
= bss
->bssid
;
3518 params
.freq
.freq
= bss
->freq
;
3520 params
.bssid_hint
= bss
->bssid
;
3521 params
.freq_hint
= bss
->freq
;
3522 params
.pbss
= bss_is_pbss(bss
);
3524 if (ssid
->bssid_hint_set
)
3525 params
.bssid_hint
= ssid
->bssid_hint
;
3527 params
.ssid
= ssid
->ssid
;
3528 params
.ssid_len
= ssid
->ssid_len
;
3529 params
.pbss
= (ssid
->pbss
!= 2) ? ssid
->pbss
: 0;
3532 if (ssid
->mode
== WPAS_MODE_IBSS
&& ssid
->bssid_set
&&
3533 wpa_s
->conf
->ap_scan
== 2) {
3534 params
.bssid
= ssid
->bssid
;
3535 params
.fixed_bssid
= 1;
3538 /* Initial frequency for IBSS/mesh */
3539 if ((ssid
->mode
== WPAS_MODE_IBSS
|| ssid
->mode
== WPAS_MODE_MESH
) &&
3540 ssid
->frequency
> 0 && params
.freq
.freq
== 0)
3541 ibss_mesh_setup_freq(wpa_s
, ssid
, ¶ms
.freq
);
3543 if (ssid
->mode
== WPAS_MODE_IBSS
) {
3544 params
.fixed_freq
= ssid
->fixed_freq
;
3545 if (ssid
->beacon_int
)
3546 params
.beacon_int
= ssid
->beacon_int
;
3548 params
.beacon_int
= wpa_s
->conf
->beacon_int
;
3551 if (bss
&& ssid
->enable_edmg
)
3552 edmg_ie_oper
= get_ie_ext((const u8
*) (bss
+ 1), bss
->ie_len
,
3553 WLAN_EID_EXT_EDMG_OPERATION
);
3555 edmg_ie_oper
= NULL
;
3558 params
.freq
.edmg
.channels
=
3559 wpa_ie_get_edmg_oper_chans(edmg_ie_oper
);
3560 params
.freq
.edmg
.bw_config
=
3561 wpa_ie_get_edmg_oper_chan_width(edmg_ie_oper
);
3562 wpa_printf(MSG_DEBUG
,
3563 "AP supports EDMG channels 0x%x, bw_config %d",
3564 params
.freq
.edmg
.channels
,
3565 params
.freq
.edmg
.bw_config
);
3567 /* User may ask for specific EDMG channel for EDMG connection
3568 * (must be supported by AP)
3570 if (ssid
->edmg_channel
) {
3571 struct ieee80211_edmg_config configured_edmg
;
3572 enum hostapd_hw_mode hw_mode
;
3575 hw_mode
= ieee80211_freq_to_chan(bss
->freq
,
3577 if (hw_mode
== NUM_HOSTAPD_MODES
)
3580 hostapd_encode_edmg_chan(ssid
->enable_edmg
,
3585 if (ieee802_edmg_is_allowed(params
.freq
.edmg
,
3587 params
.freq
.edmg
= configured_edmg
;
3588 wpa_printf(MSG_DEBUG
,
3589 "Use EDMG channel %d for connection",
3590 ssid
->edmg_channel
);
3593 params
.freq
.edmg
.channels
= 0;
3594 params
.freq
.edmg
.bw_config
= 0;
3595 wpa_printf(MSG_WARNING
,
3596 "EDMG channel %d not supported by AP, fallback to DMG",
3597 ssid
->edmg_channel
);
3601 if (params
.freq
.edmg
.channels
) {
3602 wpa_printf(MSG_DEBUG
,
3603 "EDMG before: channels 0x%x, bw_config %d",
3604 params
.freq
.edmg
.channels
,
3605 params
.freq
.edmg
.bw_config
);
3606 params
.freq
.edmg
= get_supported_edmg(wpa_s
,
3609 wpa_printf(MSG_DEBUG
,
3610 "EDMG after: channels 0x%x, bw_config %d",
3611 params
.freq
.edmg
.channels
,
3612 params
.freq
.edmg
.bw_config
);
3616 params
.pairwise_suite
= cipher_pairwise
;
3617 params
.group_suite
= cipher_group
;
3618 params
.mgmt_group_suite
= cipher_group_mgmt
;
3619 params
.key_mgmt_suite
= wpa_s
->key_mgmt
;
3620 params
.wpa_proto
= wpa_s
->wpa_proto
;
3621 wpa_s
->auth_alg
= params
.auth_alg
;
3622 params
.mode
= ssid
->mode
;
3623 params
.bg_scan_period
= ssid
->bg_scan_period
;
3628 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
3629 if (ssid
->wep_key_len
[i
])
3630 params
.wep_key
[i
] = ssid
->wep_key
[i
];
3631 params
.wep_key_len
[i
] = ssid
->wep_key_len
[i
];
3633 params
.wep_tx_keyidx
= ssid
->wep_tx_keyidx
;
3635 #endif /* CONFIG_WEP */
3637 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
) &&
3638 (params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK
||
3639 params
.key_mgmt_suite
== WPA_KEY_MGMT_FT_PSK
)) {
3640 params
.passphrase
= ssid
->passphrase
;
3642 params
.psk
= ssid
->psk
;
3645 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X
) &&
3646 (params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X
||
3647 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SHA256
||
3648 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B
||
3649 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
))
3650 params
.req_handshake_offload
= 1;
3652 if (wpa_s
->conf
->key_mgmt_offload
) {
3653 if (params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X
||
3654 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SHA256
||
3655 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B
||
3656 params
.key_mgmt_suite
== WPA_KEY_MGMT_IEEE8021X_SUITE_B_192
)
3657 params
.req_key_mgmt_offload
=
3658 ssid
->proactive_key_caching
< 0 ?
3659 wpa_s
->conf
->okc
: ssid
->proactive_key_caching
;
3661 params
.req_key_mgmt_offload
= 1;
3663 if ((params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK
||
3664 params
.key_mgmt_suite
== WPA_KEY_MGMT_PSK_SHA256
||
3665 params
.key_mgmt_suite
== WPA_KEY_MGMT_FT_PSK
) &&
3667 params
.psk
= ssid
->psk
;
3670 params
.drop_unencrypted
= use_crypt
;
3672 params
.mgmt_frame_protection
= wpas_get_ssid_pmf(wpa_s
, ssid
);
3673 if (params
.mgmt_frame_protection
!= NO_MGMT_FRAME_PROTECTION
&& bss
) {
3674 const u8
*rsn
= wpa_bss_get_ie(bss
, WLAN_EID_RSN
);
3675 struct wpa_ie_data ie
;
3676 if (rsn
&& wpa_parse_wpa_ie(rsn
, 2 + rsn
[1], &ie
) == 0 &&
3678 (WPA_CAPABILITY_MFPC
| WPA_CAPABILITY_MFPR
)) {
3679 wpa_dbg(wpa_s
, MSG_DEBUG
, "WPA: Selected AP supports "
3680 "MFP: require MFP");
3681 params
.mgmt_frame_protection
=
3682 MGMT_FRAME_PROTECTION_REQUIRED
;
3684 } else if (!rsn
&& (ssid
->key_mgmt
& WPA_KEY_MGMT_OWE
) &&
3686 params
.mgmt_frame_protection
= NO_MGMT_FRAME_PROTECTION
;
3687 #endif /* CONFIG_OWE */
3691 params
.p2p
= ssid
->p2p_group
;
3693 if (wpa_s
->p2pdev
->set_sta_uapsd
)
3694 params
.uapsd
= wpa_s
->p2pdev
->sta_uapsd
;
3698 #ifdef CONFIG_HT_OVERRIDES
3699 os_memset(&htcaps
, 0, sizeof(htcaps
));
3700 os_memset(&htcaps_mask
, 0, sizeof(htcaps_mask
));
3701 params
.htcaps
= (u8
*) &htcaps
;
3702 params
.htcaps_mask
= (u8
*) &htcaps_mask
;
3703 wpa_supplicant_apply_ht_overrides(wpa_s
, ssid
, ¶ms
);
3704 #endif /* CONFIG_HT_OVERRIDES */
3705 #ifdef CONFIG_VHT_OVERRIDES
3706 os_memset(&vhtcaps
, 0, sizeof(vhtcaps
));
3707 os_memset(&vhtcaps_mask
, 0, sizeof(vhtcaps_mask
));
3708 params
.vhtcaps
= &vhtcaps
;
3709 params
.vhtcaps_mask
= &vhtcaps_mask
;
3710 wpa_supplicant_apply_vht_overrides(wpa_s
, ssid
, ¶ms
);
3711 #endif /* CONFIG_VHT_OVERRIDES */
3715 * If multi-channel concurrency is not supported, check for any
3716 * frequency conflict. In case of any frequency conflict, remove the
3717 * least prioritized connection.
3719 if (wpa_s
->num_multichan_concurrent
< 2) {
3721 num
= get_shared_radio_freqs(wpa_s
, &freq
, 1);
3722 if (num
> 0 && freq
> 0 && freq
!= params
.freq
.freq
) {
3723 wpa_printf(MSG_DEBUG
,
3724 "Assoc conflicting freq found (%d != %d)",
3725 freq
, params
.freq
.freq
);
3726 if (wpas_p2p_handle_frequency_conflicts(
3727 wpa_s
, params
.freq
.freq
, ssid
) < 0) {
3728 wpas_connect_work_done(wpa_s
);
3734 #endif /* CONFIG_P2P */
3736 if (wpa_s
->reassoc_same_ess
&& !is_zero_ether_addr(prev_bssid
) &&
3737 wpa_s
->current_ssid
)
3738 params
.prev_bssid
= prev_bssid
;
3740 ret
= wpa_drv_associate(wpa_s
, ¶ms
);
3743 wpa_msg(wpa_s
, MSG_INFO
, "Association request to the driver "
3745 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SANE_ERROR_CODES
) {
3747 * The driver is known to mean what is saying, so we
3748 * can stop right here; the association will not
3751 wpas_connection_failed(wpa_s
, wpa_s
->pending_bssid
);
3752 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
3753 os_memset(wpa_s
->pending_bssid
, 0, ETH_ALEN
);
3756 /* try to continue anyway; new association will be tried again
3761 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPA_NONE
) {
3762 /* Set the key after the association just in case association
3763 * cleared the previously configured key. */
3764 wpa_supplicant_set_wpa_none_key(wpa_s
, ssid
);
3765 /* No need to timeout authentication since there is no key
3767 wpa_supplicant_cancel_auth_timeout(wpa_s
);
3768 wpa_supplicant_set_state(wpa_s
, WPA_COMPLETED
);
3769 #ifdef CONFIG_IBSS_RSN
3770 } else if (ssid
->mode
== WPAS_MODE_IBSS
&&
3771 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_NONE
&&
3772 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_WPA_NONE
) {
3774 * RSN IBSS authentication is per-STA and we can disable the
3775 * per-BSSID authentication.
3777 wpa_supplicant_cancel_auth_timeout(wpa_s
);
3778 #endif /* CONFIG_IBSS_RSN */
3780 /* Timeout for IEEE 802.11 authentication and association */
3784 /* give IBSS a bit more time */
3785 timeout
= ssid
->mode
== WPAS_MODE_IBSS
? 10 : 5;
3786 } else if (wpa_s
->conf
->ap_scan
== 1) {
3787 /* give IBSS a bit more time */
3788 timeout
= ssid
->mode
== WPAS_MODE_IBSS
? 20 : 10;
3790 wpa_supplicant_req_auth_timeout(wpa_s
, timeout
, 0);
3795 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC
)) {
3796 /* Set static WEP keys again */
3797 wpa_set_wep_keys(wpa_s
, ssid
);
3799 #endif /* CONFIG_WEP */
3801 if (wpa_s
->current_ssid
&& wpa_s
->current_ssid
!= ssid
) {
3803 * Do not allow EAP session resumption between different
3804 * network configurations.
3806 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
3808 old_ssid
= wpa_s
->current_ssid
;
3809 wpa_s
->current_ssid
= ssid
;
3811 if (!wpas_driver_bss_selection(wpa_s
) || ssid
->bssid_set
) {
3812 wpa_s
->current_bss
= bss
;
3814 hs20_configure_frame_filters(wpa_s
);
3815 #endif /* CONFIG_HS20 */
3818 wpa_supplicant_rsn_supp_set_config(wpa_s
, wpa_s
->current_ssid
);
3819 wpa_supplicant_initiate_eapol(wpa_s
);
3820 if (old_ssid
!= wpa_s
->current_ssid
)
3821 wpas_notify_network_changed(wpa_s
);
3825 static void wpa_supplicant_clear_connection(struct wpa_supplicant
*wpa_s
,
3828 struct wpa_ssid
*old_ssid
;
3830 wpas_connect_work_done(wpa_s
);
3831 wpa_clear_keys(wpa_s
, addr
);
3832 old_ssid
= wpa_s
->current_ssid
;
3833 wpa_supplicant_mark_disassoc(wpa_s
);
3834 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
3835 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
3836 if (old_ssid
!= wpa_s
->current_ssid
)
3837 wpas_notify_network_changed(wpa_s
);
3838 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
3843 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3844 * @wpa_s: Pointer to wpa_supplicant data
3845 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3847 * This function is used to request %wpa_supplicant to deauthenticate from the
3850 void wpa_supplicant_deauthenticate(struct wpa_supplicant
*wpa_s
,
3854 union wpa_event_data event
;
3857 wpa_dbg(wpa_s
, MSG_DEBUG
, "Request to deauthenticate - bssid=" MACSTR
3858 " pending_bssid=" MACSTR
" reason=%d (%s) state=%s",
3859 MAC2STR(wpa_s
->bssid
), MAC2STR(wpa_s
->pending_bssid
),
3860 reason_code
, reason2str(reason_code
),
3861 wpa_supplicant_state_txt(wpa_s
->wpa_state
));
3863 if (!is_zero_ether_addr(wpa_s
->pending_bssid
) &&
3864 (wpa_s
->wpa_state
== WPA_AUTHENTICATING
||
3865 wpa_s
->wpa_state
== WPA_ASSOCIATING
))
3866 addr
= wpa_s
->pending_bssid
;
3867 else if (!is_zero_ether_addr(wpa_s
->bssid
))
3868 addr
= wpa_s
->bssid
;
3869 else if (wpa_s
->wpa_state
== WPA_ASSOCIATING
) {
3871 * When using driver-based BSS selection, we may not know the
3872 * BSSID with which we are currently trying to associate. We
3873 * need to notify the driver of this disconnection even in such
3874 * a case, so use the all zeros address here.
3876 addr
= wpa_s
->bssid
;
3880 if (wpa_s
->enabled_4addr_mode
&& wpa_drv_set_4addr_mode(wpa_s
, 0) == 0)
3881 wpa_s
->enabled_4addr_mode
= 0;
3884 wpa_tdls_teardown_peers(wpa_s
->wpa
);
3885 #endif /* CONFIG_TDLS */
3889 struct mesh_conf
*mconf
;
3891 mconf
= wpa_s
->ifmsh
->mconf
;
3892 wpa_msg(wpa_s
, MSG_INFO
, MESH_GROUP_REMOVED
"%s",
3894 wpas_notify_mesh_group_removed(wpa_s
, mconf
->meshid
,
3895 mconf
->meshid_len
, reason_code
);
3896 wpa_supplicant_leave_mesh(wpa_s
);
3898 #endif /* CONFIG_MESH */
3901 wpa_drv_deauthenticate(wpa_s
, addr
, reason_code
);
3902 os_memset(&event
, 0, sizeof(event
));
3903 event
.deauth_info
.reason_code
= reason_code
;
3904 event
.deauth_info
.locally_generated
= 1;
3905 wpa_supplicant_event(wpa_s
, EVENT_DEAUTH
, &event
);
3910 wpa_supplicant_clear_connection(wpa_s
, addr
);
3914 void wpa_supplicant_reconnect(struct wpa_supplicant
*wpa_s
)
3916 wpa_s
->own_reconnect_req
= 1;
3917 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_UNSPECIFIED
);
3922 static void wpa_supplicant_enable_one_network(struct wpa_supplicant
*wpa_s
,
3923 struct wpa_ssid
*ssid
)
3925 if (!ssid
|| !ssid
->disabled
|| ssid
->disabled
== 2)
3929 ssid
->owe_transition_bss_select_count
= 0;
3930 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
3931 wpas_notify_network_enabled_changed(wpa_s
, ssid
);
3934 * Try to reassociate since there is no current configuration and a new
3935 * network was made available.
3937 if (!wpa_s
->current_ssid
&& !wpa_s
->disconnected
)
3938 wpa_s
->reassociate
= 1;
3943 * wpa_supplicant_add_network - Add a new network
3944 * @wpa_s: wpa_supplicant structure for a network interface
3945 * Returns: The new network configuration or %NULL if operation failed
3947 * This function performs the following operations:
3948 * 1. Adds a new network.
3949 * 2. Send network addition notification.
3950 * 3. Marks the network disabled.
3951 * 4. Set network default parameters.
3953 struct wpa_ssid
* wpa_supplicant_add_network(struct wpa_supplicant
*wpa_s
)
3955 struct wpa_ssid
*ssid
;
3957 ssid
= wpa_config_add_network(wpa_s
->conf
);
3960 wpas_notify_network_added(wpa_s
, ssid
);
3962 wpa_config_set_network_defaults(ssid
);
3969 * wpa_supplicant_remove_network - Remove a configured network based on id
3970 * @wpa_s: wpa_supplicant structure for a network interface
3971 * @id: Unique network id to search for
3972 * Returns: 0 on success, or -1 if the network was not found, -2 if the network
3973 * could not be removed
3975 * This function performs the following operations:
3976 * 1. Removes the network.
3977 * 2. Send network removal notification.
3978 * 3. Update internal state machines.
3979 * 4. Stop any running sched scans.
3981 int wpa_supplicant_remove_network(struct wpa_supplicant
*wpa_s
, int id
)
3983 struct wpa_ssid
*ssid
;
3986 ssid
= wpa_config_get_network(wpa_s
->conf
, id
);
3989 wpas_notify_network_removed(wpa_s
, ssid
);
3991 if (wpa_s
->last_ssid
== ssid
)
3992 wpa_s
->last_ssid
= NULL
;
3994 if (ssid
== wpa_s
->current_ssid
|| !wpa_s
->current_ssid
) {
3996 wpa_s
->sme
.prev_bssid_set
= 0;
3997 #endif /* CONFIG_SME */
3999 * Invalidate the EAP session cache if the current or
4000 * previously used network is removed.
4002 eapol_sm_invalidate_cached_session(wpa_s
->eapol
);
4005 if (ssid
== wpa_s
->current_ssid
) {
4006 wpa_sm_set_config(wpa_s
->wpa
, NULL
);
4007 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
4009 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
4010 wpa_s
->own_disconnect_req
= 1;
4011 wpa_supplicant_deauthenticate(wpa_s
,
4012 WLAN_REASON_DEAUTH_LEAVING
);
4015 was_disabled
= ssid
->disabled
;
4017 if (wpa_config_remove_network(wpa_s
->conf
, id
) < 0)
4020 if (!was_disabled
&& wpa_s
->sched_scanning
) {
4021 wpa_printf(MSG_DEBUG
,
4022 "Stop ongoing sched_scan to remove network from filters");
4023 wpa_supplicant_cancel_sched_scan(wpa_s
);
4024 wpa_supplicant_req_scan(wpa_s
, 0, 0);
4032 * wpa_supplicant_enable_network - Mark a configured network as enabled
4033 * @wpa_s: wpa_supplicant structure for a network interface
4034 * @ssid: wpa_ssid structure for a configured network or %NULL
4036 * Enables the specified network or all networks if no network specified.
4038 void wpa_supplicant_enable_network(struct wpa_supplicant
*wpa_s
,
4039 struct wpa_ssid
*ssid
)
4042 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
4043 wpa_supplicant_enable_one_network(wpa_s
, ssid
);
4045 wpa_supplicant_enable_one_network(wpa_s
, ssid
);
4047 if (wpa_s
->reassociate
&& !wpa_s
->disconnected
&&
4048 (!wpa_s
->current_ssid
||
4049 wpa_s
->wpa_state
== WPA_DISCONNECTED
||
4050 wpa_s
->wpa_state
== WPA_SCANNING
)) {
4051 if (wpa_s
->sched_scanning
) {
4052 wpa_printf(MSG_DEBUG
, "Stop ongoing sched_scan to add "
4053 "new network to scan filters");
4054 wpa_supplicant_cancel_sched_scan(wpa_s
);
4057 if (wpa_supplicant_fast_associate(wpa_s
) != 1) {
4058 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
4059 wpa_supplicant_req_scan(wpa_s
, 0, 0);
4066 * wpa_supplicant_disable_network - Mark a configured network as disabled
4067 * @wpa_s: wpa_supplicant structure for a network interface
4068 * @ssid: wpa_ssid structure for a configured network or %NULL
4070 * Disables the specified network or all networks if no network specified.
4072 void wpa_supplicant_disable_network(struct wpa_supplicant
*wpa_s
,
4073 struct wpa_ssid
*ssid
)
4075 struct wpa_ssid
*other_ssid
;
4079 if (wpa_s
->sched_scanning
)
4080 wpa_supplicant_cancel_sched_scan(wpa_s
);
4082 for (other_ssid
= wpa_s
->conf
->ssid
; other_ssid
;
4083 other_ssid
= other_ssid
->next
) {
4084 was_disabled
= other_ssid
->disabled
;
4085 if (was_disabled
== 2)
4086 continue; /* do not change persistent P2P group
4089 other_ssid
->disabled
= 1;
4091 if (was_disabled
!= other_ssid
->disabled
)
4092 wpas_notify_network_enabled_changed(
4095 if (wpa_s
->current_ssid
) {
4096 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
4097 wpa_s
->own_disconnect_req
= 1;
4098 wpa_supplicant_deauthenticate(
4099 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
4101 } else if (ssid
->disabled
!= 2) {
4102 if (ssid
== wpa_s
->current_ssid
) {
4103 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
4104 wpa_s
->own_disconnect_req
= 1;
4105 wpa_supplicant_deauthenticate(
4106 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
4109 was_disabled
= ssid
->disabled
;
4113 if (was_disabled
!= ssid
->disabled
) {
4114 wpas_notify_network_enabled_changed(wpa_s
, ssid
);
4115 if (wpa_s
->sched_scanning
) {
4116 wpa_printf(MSG_DEBUG
, "Stop ongoing sched_scan "
4117 "to remove network from filters");
4118 wpa_supplicant_cancel_sched_scan(wpa_s
);
4119 wpa_supplicant_req_scan(wpa_s
, 0, 0);
4127 * wpa_supplicant_select_network - Attempt association with a network
4128 * @wpa_s: wpa_supplicant structure for a network interface
4129 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
4131 void wpa_supplicant_select_network(struct wpa_supplicant
*wpa_s
,
4132 struct wpa_ssid
*ssid
)
4135 struct wpa_ssid
*other_ssid
;
4136 int disconnected
= 0;
4138 if (ssid
&& ssid
!= wpa_s
->current_ssid
&& wpa_s
->current_ssid
) {
4139 if (wpa_s
->wpa_state
>= WPA_AUTHENTICATING
)
4140 wpa_s
->own_disconnect_req
= 1;
4141 wpa_supplicant_deauthenticate(
4142 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
4147 wpas_clear_temp_disabled(wpa_s
, ssid
, 1);
4150 * Mark all other networks disabled or mark all networks enabled if no
4151 * network specified.
4153 for (other_ssid
= wpa_s
->conf
->ssid
; other_ssid
;
4154 other_ssid
= other_ssid
->next
) {
4155 int was_disabled
= other_ssid
->disabled
;
4156 if (was_disabled
== 2)
4157 continue; /* do not change persistent P2P group data */
4159 other_ssid
->disabled
= ssid
? (ssid
->id
!= other_ssid
->id
) : 0;
4160 if (was_disabled
&& !other_ssid
->disabled
)
4161 wpas_clear_temp_disabled(wpa_s
, other_ssid
, 0);
4163 if (was_disabled
!= other_ssid
->disabled
)
4164 wpas_notify_network_enabled_changed(wpa_s
, other_ssid
);
4167 if (ssid
&& ssid
== wpa_s
->current_ssid
&& wpa_s
->current_ssid
&&
4168 wpa_s
->wpa_state
>= WPA_AUTHENTICATING
) {
4169 /* We are already associated with the selected network */
4170 wpa_printf(MSG_DEBUG
, "Already associated with the "
4171 "selected network - do nothing");
4176 wpa_s
->current_ssid
= ssid
;
4177 eapol_sm_notify_config(wpa_s
->eapol
, NULL
, NULL
);
4178 wpa_s
->connect_without_scan
=
4179 (ssid
->mode
== WPAS_MODE_MESH
) ? ssid
: NULL
;
4182 * Don't optimize next scan freqs since a new ESS has been
4185 os_free(wpa_s
->next_scan_freqs
);
4186 wpa_s
->next_scan_freqs
= NULL
;
4188 wpa_s
->connect_without_scan
= NULL
;
4191 wpa_s
->disconnected
= 0;
4192 wpa_s
->reassociate
= 1;
4193 wpa_s_clear_sae_rejected(wpa_s
);
4194 wpa_s
->last_owe_group
= 0;
4196 ssid
->owe_transition_bss_select_count
= 0;
4197 wpa_s_setup_sae_pt(wpa_s
->conf
, ssid
);
4200 if (wpa_s
->connect_without_scan
||
4201 wpa_supplicant_fast_associate(wpa_s
) != 1) {
4202 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
4203 wpas_scan_reset_sched_scan(wpa_s
);
4204 wpa_supplicant_req_scan(wpa_s
, 0, disconnected
? 100000 : 0);
4208 wpas_notify_network_selected(wpa_s
, ssid
);
4213 * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
4214 * @wpa_s: wpa_supplicant structure for a network interface
4215 * @pkcs11_engine_path: PKCS #11 engine path or NULL
4216 * @pkcs11_module_path: PKCS #11 module path or NULL
4217 * Returns: 0 on success; -1 on failure
4219 * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
4220 * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
4221 * module path fails the paths will be reset to the default value (NULL).
4223 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant
*wpa_s
,
4224 const char *pkcs11_engine_path
,
4225 const char *pkcs11_module_path
)
4227 char *pkcs11_engine_path_copy
= NULL
;
4228 char *pkcs11_module_path_copy
= NULL
;
4230 if (pkcs11_engine_path
!= NULL
) {
4231 pkcs11_engine_path_copy
= os_strdup(pkcs11_engine_path
);
4232 if (pkcs11_engine_path_copy
== NULL
)
4235 if (pkcs11_module_path
!= NULL
) {
4236 pkcs11_module_path_copy
= os_strdup(pkcs11_module_path
);
4237 if (pkcs11_module_path_copy
== NULL
) {
4238 os_free(pkcs11_engine_path_copy
);
4243 os_free(wpa_s
->conf
->pkcs11_engine_path
);
4244 os_free(wpa_s
->conf
->pkcs11_module_path
);
4245 wpa_s
->conf
->pkcs11_engine_path
= pkcs11_engine_path_copy
;
4246 wpa_s
->conf
->pkcs11_module_path
= pkcs11_module_path_copy
;
4248 wpa_sm_set_eapol(wpa_s
->wpa
, NULL
);
4249 eapol_sm_deinit(wpa_s
->eapol
);
4250 wpa_s
->eapol
= NULL
;
4251 if (wpa_supplicant_init_eapol(wpa_s
)) {
4252 /* Error -> Reset paths to the default value (NULL) once. */
4253 if (pkcs11_engine_path
!= NULL
&& pkcs11_module_path
!= NULL
)
4254 wpas_set_pkcs11_engine_and_module_path(wpa_s
, NULL
,
4259 wpa_sm_set_eapol(wpa_s
->wpa
, wpa_s
->eapol
);
4266 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
4267 * @wpa_s: wpa_supplicant structure for a network interface
4268 * @ap_scan: AP scan mode
4269 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
4272 int wpa_supplicant_set_ap_scan(struct wpa_supplicant
*wpa_s
, int ap_scan
)
4277 if (ap_scan
< 0 || ap_scan
> 2)
4280 if (ap_scan
== 2 && os_strcmp(wpa_s
->driver
->name
, "nl80211") == 0) {
4281 wpa_printf(MSG_INFO
,
4282 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4286 if (ap_scan
== 2 && ap_scan
!= wpa_s
->conf
->ap_scan
&&
4287 wpa_s
->wpa_state
>= WPA_ASSOCIATING
&&
4288 wpa_s
->wpa_state
< WPA_COMPLETED
) {
4289 wpa_printf(MSG_ERROR
, "ap_scan = %d (%d) rejected while "
4290 "associating", wpa_s
->conf
->ap_scan
, ap_scan
);
4293 #endif /* ANDROID */
4295 old_ap_scan
= wpa_s
->conf
->ap_scan
;
4296 wpa_s
->conf
->ap_scan
= ap_scan
;
4298 if (old_ap_scan
!= wpa_s
->conf
->ap_scan
)
4299 wpas_notify_ap_scan_changed(wpa_s
);
4306 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
4307 * @wpa_s: wpa_supplicant structure for a network interface
4308 * @expire_age: Expiration age in seconds
4309 * Returns: 0 if succeed or -1 if expire_age has an invalid value
4312 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant
*wpa_s
,
4313 unsigned int bss_expire_age
)
4315 if (bss_expire_age
< 10) {
4316 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid bss expiration age %u",
4320 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting bss expiration age: %d sec",
4322 wpa_s
->conf
->bss_expiration_age
= bss_expire_age
;
4329 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
4330 * @wpa_s: wpa_supplicant structure for a network interface
4331 * @expire_count: number of scans after which an unseen BSS is reclaimed
4332 * Returns: 0 if succeed or -1 if expire_count has an invalid value
4335 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant
*wpa_s
,
4336 unsigned int bss_expire_count
)
4338 if (bss_expire_count
< 1) {
4339 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid bss expiration count %u",
4343 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting bss expiration scan count: %u",
4345 wpa_s
->conf
->bss_expiration_scan_count
= bss_expire_count
;
4352 * wpa_supplicant_set_scan_interval - Set scan interval
4353 * @wpa_s: wpa_supplicant structure for a network interface
4354 * @scan_interval: scan interval in seconds
4355 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
4358 int wpa_supplicant_set_scan_interval(struct wpa_supplicant
*wpa_s
,
4361 if (scan_interval
< 0) {
4362 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid scan interval %d",
4366 wpa_msg(wpa_s
, MSG_DEBUG
, "Setting scan interval: %d sec",
4368 wpa_supplicant_update_scan_int(wpa_s
, scan_interval
);
4375 * wpa_supplicant_set_debug_params - Set global debug params
4376 * @global: wpa_global structure
4377 * @debug_level: debug level
4378 * @debug_timestamp: determines if show timestamp in debug data
4379 * @debug_show_keys: determines if show keys in debug data
4380 * Returns: 0 if succeed or -1 if debug_level has wrong value
4382 int wpa_supplicant_set_debug_params(struct wpa_global
*global
, int debug_level
,
4383 int debug_timestamp
, int debug_show_keys
)
4386 int old_level
, old_timestamp
, old_show_keys
;
4388 /* check for allowed debuglevels */
4389 if (debug_level
!= MSG_EXCESSIVE
&&
4390 debug_level
!= MSG_MSGDUMP
&&
4391 debug_level
!= MSG_DEBUG
&&
4392 debug_level
!= MSG_INFO
&&
4393 debug_level
!= MSG_WARNING
&&
4394 debug_level
!= MSG_ERROR
)
4397 old_level
= wpa_debug_level
;
4398 old_timestamp
= wpa_debug_timestamp
;
4399 old_show_keys
= wpa_debug_show_keys
;
4401 wpa_debug_level
= debug_level
;
4402 wpa_debug_timestamp
= debug_timestamp
? 1 : 0;
4403 wpa_debug_show_keys
= debug_show_keys
? 1 : 0;
4405 if (wpa_debug_level
!= old_level
)
4406 wpas_notify_debug_level_changed(global
);
4407 if (wpa_debug_timestamp
!= old_timestamp
)
4408 wpas_notify_debug_timestamp_changed(global
);
4409 if (wpa_debug_show_keys
!= old_show_keys
)
4410 wpas_notify_debug_show_keys_changed(global
);
4417 static int owe_trans_ssid_match(struct wpa_supplicant
*wpa_s
, const u8
*bssid
,
4418 const u8
*entry_ssid
, size_t entry_ssid_len
)
4420 const u8
*owe
, *pos
, *end
;
4422 struct wpa_bss
*bss
;
4424 /* Check network profile SSID aganst the SSID in the
4425 * OWE Transition Mode element. */
4427 bss
= wpa_bss_get_bssid_latest(wpa_s
, bssid
);
4431 owe
= wpa_bss_get_vendor_ie(bss
, OWE_IE_VENDOR_TYPE
);
4436 end
= owe
+ 2 + owe
[1];
4438 if (end
- pos
< ETH_ALEN
+ 1)
4442 if (end
- pos
< ssid_len
|| ssid_len
> SSID_MAX_LEN
)
4445 return entry_ssid_len
== ssid_len
&&
4446 os_memcmp(pos
, entry_ssid
, ssid_len
) == 0;
4448 #endif /* CONFIG_OWE */
4452 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
4453 * @wpa_s: Pointer to wpa_supplicant data
4454 * Returns: A pointer to the current network structure or %NULL on failure
4456 struct wpa_ssid
* wpa_supplicant_get_ssid(struct wpa_supplicant
*wpa_s
)
4458 struct wpa_ssid
*entry
;
4459 u8 ssid
[SSID_MAX_LEN
];
4465 res
= wpa_drv_get_ssid(wpa_s
, ssid
);
4467 wpa_msg(wpa_s
, MSG_WARNING
, "Could not read SSID from "
4473 if (wpa_drv_get_bssid(wpa_s
, bssid
) < 0) {
4474 wpa_msg(wpa_s
, MSG_WARNING
, "Could not read BSSID from "
4479 wired
= wpa_s
->conf
->ap_scan
== 0 &&
4480 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_WIRED
);
4482 entry
= wpa_s
->conf
->ssid
;
4484 if (!wpas_network_disabled(wpa_s
, entry
) &&
4485 ((ssid_len
== entry
->ssid_len
&&
4487 os_memcmp(ssid
, entry
->ssid
, ssid_len
) == 0)) ||
4489 (!entry
->bssid_set
||
4490 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4493 if (!wpas_network_disabled(wpa_s
, entry
) &&
4494 (entry
->key_mgmt
& WPA_KEY_MGMT_WPS
) &&
4495 (entry
->ssid
== NULL
|| entry
->ssid_len
== 0) &&
4496 (!entry
->bssid_set
||
4497 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4499 #endif /* CONFIG_WPS */
4502 if (!wpas_network_disabled(wpa_s
, entry
) &&
4503 owe_trans_ssid_match(wpa_s
, bssid
, entry
->ssid
,
4505 (!entry
->bssid_set
||
4506 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0))
4508 #endif /* CONFIG_OWE */
4510 if (!wpas_network_disabled(wpa_s
, entry
) && entry
->bssid_set
&&
4511 entry
->ssid_len
== 0 &&
4512 os_memcmp(bssid
, entry
->bssid
, ETH_ALEN
) == 0)
4515 entry
= entry
->next
;
4522 static int select_driver(struct wpa_supplicant
*wpa_s
, int i
)
4524 struct wpa_global
*global
= wpa_s
->global
;
4526 if (wpa_drivers
[i
]->global_init
&& global
->drv_priv
[i
] == NULL
) {
4527 global
->drv_priv
[i
] = wpa_drivers
[i
]->global_init(global
);
4528 if (global
->drv_priv
[i
] == NULL
) {
4529 wpa_printf(MSG_ERROR
, "Failed to initialize driver "
4530 "'%s'", wpa_drivers
[i
]->name
);
4535 wpa_s
->driver
= wpa_drivers
[i
];
4536 wpa_s
->global_drv_priv
= global
->drv_priv
[i
];
4542 static int wpa_supplicant_set_driver(struct wpa_supplicant
*wpa_s
,
4547 const char *pos
, *driver
= name
;
4552 if (wpa_drivers
[0] == NULL
) {
4553 wpa_msg(wpa_s
, MSG_ERROR
, "No driver interfaces build into "
4559 /* default to first driver in the list */
4560 return select_driver(wpa_s
, 0);
4564 pos
= os_strchr(driver
, ',');
4568 len
= os_strlen(driver
);
4570 for (i
= 0; wpa_drivers
[i
]; i
++) {
4571 if (os_strlen(wpa_drivers
[i
]->name
) == len
&&
4572 os_strncmp(driver
, wpa_drivers
[i
]->name
, len
) ==
4574 /* First driver that succeeds wins */
4575 if (select_driver(wpa_s
, i
) == 0)
4583 wpa_msg(wpa_s
, MSG_ERROR
, "Unsupported driver '%s'", name
);
4589 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
4590 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
4591 * with struct wpa_driver_ops::init()
4592 * @src_addr: Source address of the EAPOL frame
4593 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
4594 * @len: Length of the EAPOL data
4596 * This function is called for each received EAPOL frame. Most driver
4597 * interfaces rely on more generic OS mechanism for receiving frames through
4598 * l2_packet, but if such a mechanism is not available, the driver wrapper may
4599 * take care of received EAPOL frames and deliver them to the core supplicant
4600 * code by calling this function.
4602 void wpa_supplicant_rx_eapol(void *ctx
, const u8
*src_addr
,
4603 const u8
*buf
, size_t len
)
4605 struct wpa_supplicant
*wpa_s
= ctx
;
4607 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
, MAC2STR(src_addr
));
4608 wpa_hexdump(MSG_MSGDUMP
, "RX EAPOL", buf
, len
);
4610 #ifdef CONFIG_TESTING_OPTIONS
4611 if (wpa_s
->ignore_auth_resp
) {
4612 wpa_printf(MSG_INFO
, "RX EAPOL - ignore_auth_resp active!");
4615 #endif /* CONFIG_TESTING_OPTIONS */
4617 if (wpa_s
->wpa_state
< WPA_ASSOCIATED
||
4618 (wpa_s
->last_eapol_matches_bssid
&&
4621 #endif /* CONFIG_AP */
4622 os_memcmp(src_addr
, wpa_s
->bssid
, ETH_ALEN
) != 0)) {
4624 * There is possible race condition between receiving the
4625 * association event and the EAPOL frame since they are coming
4626 * through different paths from the driver. In order to avoid
4627 * issues in trying to process the EAPOL frame before receiving
4628 * association information, lets queue it for processing until
4629 * the association event is received. This may also be needed in
4630 * driver-based roaming case, so also use src_addr != BSSID as a
4631 * trigger if we have previously confirmed that the
4632 * Authenticator uses BSSID as the src_addr (which is not the
4633 * case with wired IEEE 802.1X).
4635 wpa_dbg(wpa_s
, MSG_DEBUG
, "Not associated - Delay processing "
4636 "of received EAPOL frame (state=%s bssid=" MACSTR
")",
4637 wpa_supplicant_state_txt(wpa_s
->wpa_state
),
4638 MAC2STR(wpa_s
->bssid
));
4639 wpabuf_free(wpa_s
->pending_eapol_rx
);
4640 wpa_s
->pending_eapol_rx
= wpabuf_alloc_copy(buf
, len
);
4641 if (wpa_s
->pending_eapol_rx
) {
4642 os_get_reltime(&wpa_s
->pending_eapol_rx_time
);
4643 os_memcpy(wpa_s
->pending_eapol_rx_src
, src_addr
,
4649 wpa_s
->last_eapol_matches_bssid
=
4650 os_memcmp(src_addr
, wpa_s
->bssid
, ETH_ALEN
) == 0;
4653 if (wpa_s
->ap_iface
) {
4654 wpa_supplicant_ap_rx_eapol(wpa_s
, src_addr
, buf
, len
);
4657 #endif /* CONFIG_AP */
4659 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
) {
4660 wpa_dbg(wpa_s
, MSG_DEBUG
, "Ignored received EAPOL frame since "
4661 "no key management is configured");
4665 if (wpa_s
->eapol_received
== 0 &&
4666 (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
) ||
4667 !wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
4668 wpa_s
->wpa_state
!= WPA_COMPLETED
) &&
4669 (wpa_s
->current_ssid
== NULL
||
4670 wpa_s
->current_ssid
->mode
!= WPAS_MODE_IBSS
)) {
4671 /* Timeout for completing IEEE 802.1X and WPA authentication */
4674 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) ||
4675 wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
||
4676 wpa_s
->key_mgmt
== WPA_KEY_MGMT_WPS
) {
4677 /* Use longer timeout for IEEE 802.1X/EAP */
4682 if (wpa_s
->current_ssid
&& wpa_s
->current_bss
&&
4683 (wpa_s
->current_ssid
->key_mgmt
& WPA_KEY_MGMT_WPS
) &&
4684 eap_is_wps_pin_enrollee(&wpa_s
->current_ssid
->eap
)) {
4686 * Use shorter timeout if going through WPS AP iteration
4687 * for PIN config method with an AP that does not
4688 * advertise Selected Registrar.
4690 struct wpabuf
*wps_ie
;
4692 wps_ie
= wpa_bss_get_vendor_ie_multi(
4693 wpa_s
->current_bss
, WPS_IE_VENDOR_TYPE
);
4695 !wps_is_addr_authorized(wps_ie
, wpa_s
->own_addr
, 1))
4697 wpabuf_free(wps_ie
);
4699 #endif /* CONFIG_WPS */
4701 wpa_supplicant_req_auth_timeout(wpa_s
, timeout
, 0);
4703 wpa_s
->eapol_received
++;
4705 if (wpa_s
->countermeasures
) {
4706 wpa_msg(wpa_s
, MSG_INFO
, "WPA: Countermeasures - dropped "
4711 #ifdef CONFIG_IBSS_RSN
4712 if (wpa_s
->current_ssid
&&
4713 wpa_s
->current_ssid
->mode
== WPAS_MODE_IBSS
) {
4714 ibss_rsn_rx_eapol(wpa_s
->ibss_rsn
, src_addr
, buf
, len
);
4717 #endif /* CONFIG_IBSS_RSN */
4719 /* Source address of the incoming EAPOL frame could be compared to the
4720 * current BSSID. However, it is possible that a centralized
4721 * Authenticator could be using another MAC address than the BSSID of
4722 * an AP, so just allow any address to be used for now. The replies are
4723 * still sent to the current BSSID (if available), though. */
4725 os_memcpy(wpa_s
->last_eapol_src
, src_addr
, ETH_ALEN
);
4726 if (!wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) &&
4727 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_OWE
&&
4728 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_DPP
&&
4729 eapol_sm_rx_eapol(wpa_s
->eapol
, src_addr
, buf
, len
) > 0)
4731 wpa_drv_poll(wpa_s
);
4732 if (!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK
))
4733 wpa_sm_rx_eapol(wpa_s
->wpa
, src_addr
, buf
, len
);
4734 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
)) {
4736 * Set portValid = TRUE here since we are going to skip 4-way
4737 * handshake processing which would normally set portValid. We
4738 * need this to allow the EAPOL state machines to be completed
4739 * without going through EAPOL-Key handshake.
4741 eapol_sm_notify_portValid(wpa_s
->eapol
, TRUE
);
4746 int wpa_supplicant_update_mac_addr(struct wpa_supplicant
*wpa_s
)
4748 if ((!wpa_s
->p2p_mgmt
||
4749 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
)) &&
4750 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE
)) {
4751 l2_packet_deinit(wpa_s
->l2
);
4752 wpa_s
->l2
= l2_packet_init(wpa_s
->ifname
,
4753 wpa_drv_get_mac_addr(wpa_s
),
4755 wpa_supplicant_rx_eapol
, wpa_s
, 0);
4756 if (wpa_s
->l2
== NULL
)
4759 if (l2_packet_set_packet_filter(wpa_s
->l2
,
4760 L2_PACKET_FILTER_PKTTYPE
))
4761 wpa_dbg(wpa_s
, MSG_DEBUG
,
4762 "Failed to attach pkt_type filter");
4764 const u8
*addr
= wpa_drv_get_mac_addr(wpa_s
);
4766 os_memcpy(wpa_s
->own_addr
, addr
, ETH_ALEN
);
4769 if (wpa_s
->l2
&& l2_packet_get_own_addr(wpa_s
->l2
, wpa_s
->own_addr
)) {
4770 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to get own L2 address");
4774 wpa_sm_set_own_addr(wpa_s
->wpa
, wpa_s
->own_addr
);
4775 wpas_wps_update_mac_addr(wpa_s
);
4779 fst_update_mac_addr(wpa_s
->fst
, wpa_s
->own_addr
);
4780 #endif /* CONFIG_FST */
4786 static void wpa_supplicant_rx_eapol_bridge(void *ctx
, const u8
*src_addr
,
4787 const u8
*buf
, size_t len
)
4789 struct wpa_supplicant
*wpa_s
= ctx
;
4790 const struct l2_ethhdr
*eth
;
4792 if (len
< sizeof(*eth
))
4794 eth
= (const struct l2_ethhdr
*) buf
;
4796 if (os_memcmp(eth
->h_dest
, wpa_s
->own_addr
, ETH_ALEN
) != 0 &&
4797 !(eth
->h_dest
[0] & 0x01)) {
4798 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
" to " MACSTR
4799 " (bridge - not for this interface - ignore)",
4800 MAC2STR(src_addr
), MAC2STR(eth
->h_dest
));
4804 wpa_dbg(wpa_s
, MSG_DEBUG
, "RX EAPOL from " MACSTR
" to " MACSTR
4805 " (bridge)", MAC2STR(src_addr
), MAC2STR(eth
->h_dest
));
4806 wpa_supplicant_rx_eapol(wpa_s
, src_addr
, buf
+ sizeof(*eth
),
4807 len
- sizeof(*eth
));
4812 * wpa_supplicant_driver_init - Initialize driver interface parameters
4813 * @wpa_s: Pointer to wpa_supplicant data
4814 * Returns: 0 on success, -1 on failure
4816 * This function is called to initialize driver interface parameters.
4817 * wpa_drv_init() must have been called before this function to initialize the
4820 int wpa_supplicant_driver_init(struct wpa_supplicant
*wpa_s
)
4822 static int interface_count
= 0;
4824 if (wpa_supplicant_update_mac_addr(wpa_s
) < 0)
4827 wpa_dbg(wpa_s
, MSG_DEBUG
, "Own MAC address: " MACSTR
,
4828 MAC2STR(wpa_s
->own_addr
));
4829 os_memcpy(wpa_s
->perm_addr
, wpa_s
->own_addr
, ETH_ALEN
);
4830 wpa_sm_set_own_addr(wpa_s
->wpa
, wpa_s
->own_addr
);
4832 if (wpa_s
->bridge_ifname
[0]) {
4833 wpa_dbg(wpa_s
, MSG_DEBUG
, "Receiving packets from bridge "
4834 "interface '%s'", wpa_s
->bridge_ifname
);
4835 wpa_s
->l2_br
= l2_packet_init_bridge(
4836 wpa_s
->bridge_ifname
, wpa_s
->ifname
, wpa_s
->own_addr
,
4837 ETH_P_EAPOL
, wpa_supplicant_rx_eapol_bridge
, wpa_s
, 1);
4838 if (wpa_s
->l2_br
== NULL
) {
4839 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to open l2_packet "
4840 "connection for the bridge interface '%s'",
4841 wpa_s
->bridge_ifname
);
4846 if (wpa_s
->conf
->ap_scan
== 2 &&
4847 os_strcmp(wpa_s
->driver
->name
, "nl80211") == 0) {
4848 wpa_printf(MSG_INFO
,
4849 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4852 wpa_clear_keys(wpa_s
, NULL
);
4854 /* Make sure that TKIP countermeasures are not left enabled (could
4855 * happen if wpa_supplicant is killed during countermeasures. */
4856 wpa_drv_set_countermeasures(wpa_s
, 0);
4858 wpa_dbg(wpa_s
, MSG_DEBUG
, "RSN: flushing PMKID list in the driver");
4859 wpa_drv_flush_pmkid(wpa_s
);
4861 wpa_s
->prev_scan_ssid
= WILDCARD_SSID_SCAN
;
4862 wpa_s
->prev_scan_wildcard
= 0;
4864 if (wpa_supplicant_enabled_networks(wpa_s
)) {
4865 if (wpa_s
->wpa_state
== WPA_INTERFACE_DISABLED
) {
4866 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
4867 interface_count
= 0;
4870 if (!wpa_s
->p2p_mgmt
&&
4871 wpa_supplicant_delayed_sched_scan(wpa_s
,
4872 interface_count
% 3,
4874 wpa_supplicant_req_scan(wpa_s
, interface_count
% 3,
4876 #endif /* ANDROID */
4879 wpa_supplicant_set_state(wpa_s
, WPA_INACTIVE
);
4885 static int wpa_supplicant_daemon(const char *pid_file
)
4887 wpa_printf(MSG_DEBUG
, "Daemonize..");
4888 return os_daemonize(pid_file
);
4892 static struct wpa_supplicant
*
4893 wpa_supplicant_alloc(struct wpa_supplicant
*parent
)
4895 struct wpa_supplicant
*wpa_s
;
4897 wpa_s
= os_zalloc(sizeof(*wpa_s
));
4900 wpa_s
->scan_req
= INITIAL_SCAN_REQ
;
4901 wpa_s
->scan_interval
= 5;
4902 wpa_s
->new_connection
= 1;
4903 wpa_s
->parent
= parent
? parent
: wpa_s
;
4904 wpa_s
->p2pdev
= wpa_s
->parent
;
4905 wpa_s
->sched_scanning
= 0;
4907 dl_list_init(&wpa_s
->bss_tmp_disallowed
);
4908 dl_list_init(&wpa_s
->fils_hlp_req
);
4909 #ifdef CONFIG_TESTING_OPTIONS
4910 dl_list_init(&wpa_s
->drv_signal_override
);
4911 #endif /* CONFIG_TESTING_OPTIONS */
4917 #ifdef CONFIG_HT_OVERRIDES
4919 static int wpa_set_htcap_mcs(struct wpa_supplicant
*wpa_s
,
4920 struct ieee80211_ht_capabilities
*htcaps
,
4921 struct ieee80211_ht_capabilities
*htcaps_mask
,
4924 /* parse ht_mcs into hex array */
4926 const char *tmp
= ht_mcs
;
4929 /* If ht_mcs is null, do not set anything */
4933 /* This is what we are setting in the kernel */
4934 os_memset(&htcaps
->supported_mcs_set
, 0, IEEE80211_HT_MCS_MASK_LEN
);
4936 wpa_msg(wpa_s
, MSG_DEBUG
, "set_htcap, ht_mcs -:%s:-", ht_mcs
);
4938 for (i
= 0; i
< IEEE80211_HT_MCS_MASK_LEN
; i
++) {
4942 v
= strtol(tmp
, &end
, 16);
4945 wpa_msg(wpa_s
, MSG_DEBUG
,
4946 "htcap value[%i]: %ld end: %p tmp: %p",
4951 htcaps
->supported_mcs_set
[i
] = v
;
4954 wpa_msg(wpa_s
, MSG_ERROR
,
4955 "Failed to parse ht-mcs: %s, error: %s\n",
4956 ht_mcs
, strerror(errno
));
4962 * If we were able to parse any values, then set mask for the MCS set.
4965 os_memset(&htcaps_mask
->supported_mcs_set
, 0xff,
4966 IEEE80211_HT_MCS_MASK_LEN
- 1);
4967 /* skip the 3 reserved bits */
4968 htcaps_mask
->supported_mcs_set
[IEEE80211_HT_MCS_MASK_LEN
- 1] =
4976 static int wpa_disable_max_amsdu(struct wpa_supplicant
*wpa_s
,
4977 struct ieee80211_ht_capabilities
*htcaps
,
4978 struct ieee80211_ht_capabilities
*htcaps_mask
,
4986 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_max_amsdu: %d", disabled
);
4988 msk
= host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE
);
4989 htcaps_mask
->ht_capabilities_info
|= msk
;
4991 htcaps
->ht_capabilities_info
&= msk
;
4993 htcaps
->ht_capabilities_info
|= msk
;
4999 static int wpa_set_ampdu_factor(struct wpa_supplicant
*wpa_s
,
5000 struct ieee80211_ht_capabilities
*htcaps
,
5001 struct ieee80211_ht_capabilities
*htcaps_mask
,
5007 wpa_msg(wpa_s
, MSG_DEBUG
, "set_ampdu_factor: %d", factor
);
5009 if (factor
< 0 || factor
> 3) {
5010 wpa_msg(wpa_s
, MSG_ERROR
, "ampdu_factor: %d out of range. "
5011 "Must be 0-3 or -1", factor
);
5015 htcaps_mask
->a_mpdu_params
|= 0x3; /* 2 bits for factor */
5016 htcaps
->a_mpdu_params
&= ~0x3;
5017 htcaps
->a_mpdu_params
|= factor
& 0x3;
5023 static int wpa_set_ampdu_density(struct wpa_supplicant
*wpa_s
,
5024 struct ieee80211_ht_capabilities
*htcaps
,
5025 struct ieee80211_ht_capabilities
*htcaps_mask
,
5031 wpa_msg(wpa_s
, MSG_DEBUG
, "set_ampdu_density: %d", density
);
5033 if (density
< 0 || density
> 7) {
5034 wpa_msg(wpa_s
, MSG_ERROR
,
5035 "ampdu_density: %d out of range. Must be 0-7 or -1.",
5040 htcaps_mask
->a_mpdu_params
|= 0x1C;
5041 htcaps
->a_mpdu_params
&= ~(0x1C);
5042 htcaps
->a_mpdu_params
|= (density
<< 2) & 0x1C;
5048 static int wpa_set_disable_ht40(struct wpa_supplicant
*wpa_s
,
5049 struct ieee80211_ht_capabilities
*htcaps
,
5050 struct ieee80211_ht_capabilities
*htcaps_mask
,
5054 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_ht40: %d", disabled
);
5056 set_disable_ht40(htcaps
, disabled
);
5057 set_disable_ht40(htcaps_mask
, 0);
5063 static int wpa_set_disable_sgi(struct wpa_supplicant
*wpa_s
,
5064 struct ieee80211_ht_capabilities
*htcaps
,
5065 struct ieee80211_ht_capabilities
*htcaps_mask
,
5068 /* Masking these out disables SGI */
5069 le16 msk
= host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ
|
5070 HT_CAP_INFO_SHORT_GI40MHZ
);
5073 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_sgi: %d", disabled
);
5076 htcaps
->ht_capabilities_info
&= ~msk
;
5078 htcaps
->ht_capabilities_info
|= msk
;
5080 htcaps_mask
->ht_capabilities_info
|= msk
;
5086 static int wpa_set_disable_ldpc(struct wpa_supplicant
*wpa_s
,
5087 struct ieee80211_ht_capabilities
*htcaps
,
5088 struct ieee80211_ht_capabilities
*htcaps_mask
,
5091 /* Masking these out disables LDPC */
5092 le16 msk
= host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP
);
5095 wpa_msg(wpa_s
, MSG_DEBUG
, "set_disable_ldpc: %d", disabled
);
5098 htcaps
->ht_capabilities_info
&= ~msk
;
5100 htcaps
->ht_capabilities_info
|= msk
;
5102 htcaps_mask
->ht_capabilities_info
|= msk
;
5108 static int wpa_set_tx_stbc(struct wpa_supplicant
*wpa_s
,
5109 struct ieee80211_ht_capabilities
*htcaps
,
5110 struct ieee80211_ht_capabilities
*htcaps_mask
,
5113 le16 msk
= host_to_le16(HT_CAP_INFO_TX_STBC
);
5118 wpa_msg(wpa_s
, MSG_DEBUG
, "set_tx_stbc: %d", tx_stbc
);
5120 if (tx_stbc
< 0 || tx_stbc
> 1) {
5121 wpa_msg(wpa_s
, MSG_ERROR
,
5122 "tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc
);
5126 htcaps_mask
->ht_capabilities_info
|= msk
;
5127 htcaps
->ht_capabilities_info
&= ~msk
;
5128 htcaps
->ht_capabilities_info
|= (tx_stbc
<< 7) & msk
;
5134 static int wpa_set_rx_stbc(struct wpa_supplicant
*wpa_s
,
5135 struct ieee80211_ht_capabilities
*htcaps
,
5136 struct ieee80211_ht_capabilities
*htcaps_mask
,
5139 le16 msk
= host_to_le16(HT_CAP_INFO_RX_STBC_MASK
);
5144 wpa_msg(wpa_s
, MSG_DEBUG
, "set_rx_stbc: %d", rx_stbc
);
5146 if (rx_stbc
< 0 || rx_stbc
> 3) {
5147 wpa_msg(wpa_s
, MSG_ERROR
,
5148 "rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc
);
5152 htcaps_mask
->ht_capabilities_info
|= msk
;
5153 htcaps
->ht_capabilities_info
&= ~msk
;
5154 htcaps
->ht_capabilities_info
|= (rx_stbc
<< 8) & msk
;
5160 void wpa_supplicant_apply_ht_overrides(
5161 struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
5162 struct wpa_driver_associate_params
*params
)
5164 struct ieee80211_ht_capabilities
*htcaps
;
5165 struct ieee80211_ht_capabilities
*htcaps_mask
;
5170 params
->disable_ht
= ssid
->disable_ht
;
5171 if (!params
->htcaps
|| !params
->htcaps_mask
)
5174 htcaps
= (struct ieee80211_ht_capabilities
*) params
->htcaps
;
5175 htcaps_mask
= (struct ieee80211_ht_capabilities
*) params
->htcaps_mask
;
5176 wpa_set_htcap_mcs(wpa_s
, htcaps
, htcaps_mask
, ssid
->ht_mcs
);
5177 wpa_disable_max_amsdu(wpa_s
, htcaps
, htcaps_mask
,
5178 ssid
->disable_max_amsdu
);
5179 wpa_set_ampdu_factor(wpa_s
, htcaps
, htcaps_mask
, ssid
->ampdu_factor
);
5180 wpa_set_ampdu_density(wpa_s
, htcaps
, htcaps_mask
, ssid
->ampdu_density
);
5181 wpa_set_disable_ht40(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_ht40
);
5182 wpa_set_disable_sgi(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_sgi
);
5183 wpa_set_disable_ldpc(wpa_s
, htcaps
, htcaps_mask
, ssid
->disable_ldpc
);
5184 wpa_set_rx_stbc(wpa_s
, htcaps
, htcaps_mask
, ssid
->rx_stbc
);
5185 wpa_set_tx_stbc(wpa_s
, htcaps
, htcaps_mask
, ssid
->tx_stbc
);
5187 if (ssid
->ht40_intolerant
) {
5188 le16 bit
= host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT
);
5189 htcaps
->ht_capabilities_info
|= bit
;
5190 htcaps_mask
->ht_capabilities_info
|= bit
;
5194 #endif /* CONFIG_HT_OVERRIDES */
5197 #ifdef CONFIG_VHT_OVERRIDES
5198 void wpa_supplicant_apply_vht_overrides(
5199 struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
,
5200 struct wpa_driver_associate_params
*params
)
5202 struct ieee80211_vht_capabilities
*vhtcaps
;
5203 struct ieee80211_vht_capabilities
*vhtcaps_mask
;
5208 params
->disable_vht
= ssid
->disable_vht
;
5210 vhtcaps
= (void *) params
->vhtcaps
;
5211 vhtcaps_mask
= (void *) params
->vhtcaps_mask
;
5213 if (!vhtcaps
|| !vhtcaps_mask
)
5216 vhtcaps
->vht_capabilities_info
= host_to_le32(ssid
->vht_capa
);
5217 vhtcaps_mask
->vht_capabilities_info
= host_to_le32(ssid
->vht_capa_mask
);
5219 #ifdef CONFIG_HT_OVERRIDES
5220 if (ssid
->disable_sgi
) {
5221 vhtcaps_mask
->vht_capabilities_info
|= (VHT_CAP_SHORT_GI_80
|
5222 VHT_CAP_SHORT_GI_160
);
5223 vhtcaps
->vht_capabilities_info
&= ~(VHT_CAP_SHORT_GI_80
|
5224 VHT_CAP_SHORT_GI_160
);
5225 wpa_msg(wpa_s
, MSG_DEBUG
,
5226 "disable-sgi override specified, vht-caps: 0x%x",
5227 vhtcaps
->vht_capabilities_info
);
5230 /* if max ampdu is <= 3, we have to make the HT cap the same */
5231 if (ssid
->vht_capa_mask
& VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
) {
5234 max_ampdu
= (ssid
->vht_capa
&
5235 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
) >>
5236 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT
;
5238 max_ampdu
= max_ampdu
< 3 ? max_ampdu
: 3;
5239 wpa_set_ampdu_factor(wpa_s
,
5240 (void *) params
->htcaps
,
5241 (void *) params
->htcaps_mask
,
5244 #endif /* CONFIG_HT_OVERRIDES */
5246 #define OVERRIDE_MCS(i) \
5247 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
5248 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
5249 host_to_le16(3 << 2 * (i - 1)); \
5250 vhtcaps->vht_supported_mcs_set.tx_map |= \
5251 host_to_le16(ssid->vht_tx_mcs_nss_ ##i << \
5254 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
5255 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
5256 host_to_le16(3 << 2 * (i - 1)); \
5257 vhtcaps->vht_supported_mcs_set.rx_map |= \
5258 host_to_le16(ssid->vht_rx_mcs_nss_ ##i << \
5271 #endif /* CONFIG_VHT_OVERRIDES */
5274 static int pcsc_reader_init(struct wpa_supplicant
*wpa_s
)
5279 if (!wpa_s
->conf
->pcsc_reader
)
5282 wpa_s
->scard
= scard_init(wpa_s
->conf
->pcsc_reader
);
5286 if (wpa_s
->conf
->pcsc_pin
&&
5287 scard_set_pin(wpa_s
->scard
, wpa_s
->conf
->pcsc_pin
) < 0) {
5288 scard_deinit(wpa_s
->scard
);
5289 wpa_s
->scard
= NULL
;
5290 wpa_msg(wpa_s
, MSG_ERROR
, "PC/SC PIN validation failed");
5294 len
= sizeof(wpa_s
->imsi
) - 1;
5295 if (scard_get_imsi(wpa_s
->scard
, wpa_s
->imsi
, &len
)) {
5296 scard_deinit(wpa_s
->scard
);
5297 wpa_s
->scard
= NULL
;
5298 wpa_msg(wpa_s
, MSG_ERROR
, "Could not read IMSI");
5301 wpa_s
->imsi
[len
] = '\0';
5303 wpa_s
->mnc_len
= scard_get_mnc_len(wpa_s
->scard
);
5305 wpa_printf(MSG_DEBUG
, "SCARD: IMSI %s (MNC length %d)",
5306 wpa_s
->imsi
, wpa_s
->mnc_len
);
5308 wpa_sm_set_scard_ctx(wpa_s
->wpa
, wpa_s
->scard
);
5309 eapol_sm_register_scard_ctx(wpa_s
->eapol
, wpa_s
->scard
);
5310 #endif /* PCSC_FUNCS */
5316 int wpas_init_ext_pw(struct wpa_supplicant
*wpa_s
)
5320 ext_password_deinit(wpa_s
->ext_pw
);
5321 wpa_s
->ext_pw
= NULL
;
5322 eapol_sm_set_ext_pw_ctx(wpa_s
->eapol
, NULL
);
5324 if (!wpa_s
->conf
->ext_password_backend
)
5327 val
= os_strdup(wpa_s
->conf
->ext_password_backend
);
5330 pos
= os_strchr(val
, ':');
5334 wpa_printf(MSG_DEBUG
, "EXT PW: Initialize backend '%s'", val
);
5336 wpa_s
->ext_pw
= ext_password_init(val
, pos
);
5338 if (wpa_s
->ext_pw
== NULL
) {
5339 wpa_printf(MSG_DEBUG
, "EXT PW: Failed to initialize backend");
5342 eapol_sm_set_ext_pw_ctx(wpa_s
->eapol
, wpa_s
->ext_pw
);
5350 static const u8
* wpas_fst_get_bssid_cb(void *ctx
)
5352 struct wpa_supplicant
*wpa_s
= ctx
;
5354 return (is_zero_ether_addr(wpa_s
->bssid
) ||
5355 wpa_s
->wpa_state
!= WPA_COMPLETED
) ? NULL
: wpa_s
->bssid
;
5359 static void wpas_fst_get_channel_info_cb(void *ctx
,
5360 enum hostapd_hw_mode
*hw_mode
,
5363 struct wpa_supplicant
*wpa_s
= ctx
;
5365 if (wpa_s
->current_bss
) {
5366 *hw_mode
= ieee80211_freq_to_chan(wpa_s
->current_bss
->freq
,
5368 } else if (wpa_s
->hw
.num_modes
) {
5369 *hw_mode
= wpa_s
->hw
.modes
[0].mode
;
5377 static int wpas_fst_get_hw_modes(void *ctx
, struct hostapd_hw_modes
**modes
)
5379 struct wpa_supplicant
*wpa_s
= ctx
;
5381 *modes
= wpa_s
->hw
.modes
;
5382 return wpa_s
->hw
.num_modes
;
5386 static void wpas_fst_set_ies_cb(void *ctx
, const struct wpabuf
*fst_ies
)
5388 struct wpa_supplicant
*wpa_s
= ctx
;
5390 wpa_hexdump_buf(MSG_DEBUG
, "FST: Set IEs", fst_ies
);
5391 wpa_s
->fst_ies
= fst_ies
;
5395 static int wpas_fst_send_action_cb(void *ctx
, const u8
*da
, struct wpabuf
*data
)
5397 struct wpa_supplicant
*wpa_s
= ctx
;
5399 if (os_memcmp(wpa_s
->bssid
, da
, ETH_ALEN
) != 0) {
5400 wpa_printf(MSG_INFO
, "FST:%s:bssid=" MACSTR
" != da=" MACSTR
,
5401 __func__
, MAC2STR(wpa_s
->bssid
), MAC2STR(da
));
5404 return wpa_drv_send_action(wpa_s
, wpa_s
->assoc_freq
, 0, wpa_s
->bssid
,
5405 wpa_s
->own_addr
, wpa_s
->bssid
,
5406 wpabuf_head(data
), wpabuf_len(data
),
5411 static const struct wpabuf
* wpas_fst_get_mb_ie_cb(void *ctx
, const u8
*addr
)
5413 struct wpa_supplicant
*wpa_s
= ctx
;
5415 WPA_ASSERT(os_memcmp(wpa_s
->bssid
, addr
, ETH_ALEN
) == 0);
5416 return wpa_s
->received_mb_ies
;
5420 static void wpas_fst_update_mb_ie_cb(void *ctx
, const u8
*addr
,
5421 const u8
*buf
, size_t size
)
5423 struct wpa_supplicant
*wpa_s
= ctx
;
5424 struct mb_ies_info info
;
5426 WPA_ASSERT(os_memcmp(wpa_s
->bssid
, addr
, ETH_ALEN
) == 0);
5428 if (!mb_ies_info_by_ies(&info
, buf
, size
)) {
5429 wpabuf_free(wpa_s
->received_mb_ies
);
5430 wpa_s
->received_mb_ies
= mb_ies_by_info(&info
);
5435 static const u8
* wpas_fst_get_peer_first(void *ctx
,
5436 struct fst_get_peer_ctx
**get_ctx
,
5439 struct wpa_supplicant
*wpa_s
= ctx
;
5442 if (!is_zero_ether_addr(wpa_s
->bssid
))
5443 return (wpa_s
->received_mb_ies
|| !mb_only
) ?
5444 wpa_s
->bssid
: NULL
;
5449 static const u8
* wpas_fst_get_peer_next(void *ctx
,
5450 struct fst_get_peer_ctx
**get_ctx
,
5456 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant
*wpa_s
,
5457 struct fst_wpa_obj
*iface_obj
)
5459 iface_obj
->ctx
= wpa_s
;
5460 iface_obj
->get_bssid
= wpas_fst_get_bssid_cb
;
5461 iface_obj
->get_channel_info
= wpas_fst_get_channel_info_cb
;
5462 iface_obj
->get_hw_modes
= wpas_fst_get_hw_modes
;
5463 iface_obj
->set_ies
= wpas_fst_set_ies_cb
;
5464 iface_obj
->send_action
= wpas_fst_send_action_cb
;
5465 iface_obj
->get_mb_ie
= wpas_fst_get_mb_ie_cb
;
5466 iface_obj
->update_mb_ie
= wpas_fst_update_mb_ie_cb
;
5467 iface_obj
->get_peer_first
= wpas_fst_get_peer_first
;
5468 iface_obj
->get_peer_next
= wpas_fst_get_peer_next
;
5470 #endif /* CONFIG_FST */
5472 static int wpas_set_wowlan_triggers(struct wpa_supplicant
*wpa_s
,
5473 const struct wpa_driver_capa
*capa
)
5475 struct wowlan_triggers
*triggers
;
5478 if (!wpa_s
->conf
->wowlan_triggers
)
5481 triggers
= wpa_get_wowlan_triggers(wpa_s
->conf
->wowlan_triggers
, capa
);
5483 ret
= wpa_drv_wowlan(wpa_s
, triggers
);
5490 enum wpa_radio_work_band
wpas_freq_to_band(int freq
)
5493 return BAND_2_4_GHZ
;
5500 unsigned int wpas_get_bands(struct wpa_supplicant
*wpa_s
, const int *freqs
)
5503 unsigned int band
= 0;
5506 /* freqs are specified for the radio work */
5507 for (i
= 0; freqs
[i
]; i
++)
5508 band
|= wpas_freq_to_band(freqs
[i
]);
5511 * freqs are not specified, implies all
5512 * the supported freqs by HW
5514 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
5515 if (wpa_s
->hw
.modes
[i
].num_channels
!= 0) {
5516 if (wpa_s
->hw
.modes
[i
].mode
==
5517 HOSTAPD_MODE_IEEE80211B
||
5518 wpa_s
->hw
.modes
[i
].mode
==
5519 HOSTAPD_MODE_IEEE80211G
)
5520 band
|= BAND_2_4_GHZ
;
5521 else if (wpa_s
->hw
.modes
[i
].mode
==
5522 HOSTAPD_MODE_IEEE80211A
)
5524 else if (wpa_s
->hw
.modes
[i
].mode
==
5525 HOSTAPD_MODE_IEEE80211AD
)
5526 band
|= BAND_60_GHZ
;
5527 else if (wpa_s
->hw
.modes
[i
].mode
==
5528 HOSTAPD_MODE_IEEE80211ANY
)
5529 band
= BAND_2_4_GHZ
| BAND_5_GHZ
|
5539 static struct wpa_radio
* radio_add_interface(struct wpa_supplicant
*wpa_s
,
5542 struct wpa_supplicant
*iface
= wpa_s
->global
->ifaces
;
5543 struct wpa_radio
*radio
;
5545 while (rn
&& iface
) {
5546 radio
= iface
->radio
;
5547 if (radio
&& os_strcmp(rn
, radio
->name
) == 0) {
5548 wpa_printf(MSG_DEBUG
, "Add interface %s to existing radio %s",
5550 dl_list_add(&radio
->ifaces
, &wpa_s
->radio_list
);
5554 iface
= iface
->next
;
5557 wpa_printf(MSG_DEBUG
, "Add interface %s to a new radio %s",
5558 wpa_s
->ifname
, rn
? rn
: "N/A");
5559 radio
= os_zalloc(sizeof(*radio
));
5564 os_strlcpy(radio
->name
, rn
, sizeof(radio
->name
));
5565 dl_list_init(&radio
->ifaces
);
5566 dl_list_init(&radio
->work
);
5567 dl_list_add(&radio
->ifaces
, &wpa_s
->radio_list
);
5573 static void radio_work_free(struct wpa_radio_work
*work
)
5575 if (work
->wpa_s
->scan_work
== work
) {
5576 /* This should not really happen. */
5577 wpa_dbg(work
->wpa_s
, MSG_INFO
, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
5578 work
->type
, work
, work
->started
);
5579 work
->wpa_s
->scan_work
= NULL
;
5583 if (work
->wpa_s
->p2p_scan_work
== work
) {
5584 /* This should not really happen. */
5585 wpa_dbg(work
->wpa_s
, MSG_INFO
, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
5586 work
->type
, work
, work
->started
);
5587 work
->wpa_s
->p2p_scan_work
= NULL
;
5589 #endif /* CONFIG_P2P */
5591 if (work
->started
) {
5592 work
->wpa_s
->radio
->num_active_works
--;
5593 wpa_dbg(work
->wpa_s
, MSG_DEBUG
,
5594 "radio_work_free('%s'@%p): num_active_works --> %u",
5596 work
->wpa_s
->radio
->num_active_works
);
5599 dl_list_del(&work
->list
);
5604 static int radio_work_is_connect(struct wpa_radio_work
*work
)
5606 return os_strcmp(work
->type
, "sme-connect") == 0 ||
5607 os_strcmp(work
->type
, "connect") == 0;
5611 static int radio_work_is_scan(struct wpa_radio_work
*work
)
5613 return os_strcmp(work
->type
, "scan") == 0 ||
5614 os_strcmp(work
->type
, "p2p-scan") == 0;
5618 static struct wpa_radio_work
* radio_work_get_next_work(struct wpa_radio
*radio
)
5620 struct wpa_radio_work
*active_work
= NULL
;
5621 struct wpa_radio_work
*tmp
;
5623 /* Get the active work to know the type and band. */
5624 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
, list
) {
5632 /* No active work, start one */
5633 radio
->num_active_works
= 0;
5634 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
,
5636 if (os_strcmp(tmp
->type
, "scan") == 0 &&
5637 radio
->external_scan_running
&&
5638 (((struct wpa_driver_scan_params
*)
5639 tmp
->ctx
)->only_new_results
||
5640 tmp
->wpa_s
->clear_driver_scan_cache
))
5647 if (radio_work_is_connect(active_work
)) {
5649 * If the active work is either connect or sme-connect,
5650 * do not parallelize them with other radio works.
5652 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5653 "Do not parallelize radio work with %s",
5658 dl_list_for_each(tmp
, &radio
->work
, struct wpa_radio_work
, list
) {
5663 * If connect or sme-connect are enqueued, parallelize only
5664 * those operations ahead of them in the queue.
5666 if (radio_work_is_connect(tmp
))
5669 /* Serialize parallel scan and p2p_scan operations on the same
5670 * interface since the driver_nl80211 mechanism for tracking
5671 * scan cookies does not yet have support for this. */
5672 if (active_work
->wpa_s
== tmp
->wpa_s
&&
5673 radio_work_is_scan(active_work
) &&
5674 radio_work_is_scan(tmp
)) {
5675 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5676 "Do not start work '%s' when another work '%s' is already scheduled",
5677 tmp
->type
, active_work
->type
);
5681 * Check that the radio works are distinct and
5682 * on different bands.
5684 if (os_strcmp(active_work
->type
, tmp
->type
) != 0 &&
5685 (active_work
->bands
!= tmp
->bands
)) {
5687 * If a scan has to be scheduled through nl80211 scan
5688 * interface and if an external scan is already running,
5689 * do not schedule the scan since it is likely to get
5690 * rejected by kernel.
5692 if (os_strcmp(tmp
->type
, "scan") == 0 &&
5693 radio
->external_scan_running
&&
5694 (((struct wpa_driver_scan_params
*)
5695 tmp
->ctx
)->only_new_results
||
5696 tmp
->wpa_s
->clear_driver_scan_cache
))
5699 wpa_dbg(active_work
->wpa_s
, MSG_DEBUG
,
5700 "active_work:%s new_work:%s",
5701 active_work
->type
, tmp
->type
);
5706 /* Did not find a radio work to schedule in parallel. */
5711 static void radio_start_next_work(void *eloop_ctx
, void *timeout_ctx
)
5713 struct wpa_radio
*radio
= eloop_ctx
;
5714 struct wpa_radio_work
*work
;
5715 struct os_reltime now
, diff
;
5716 struct wpa_supplicant
*wpa_s
;
5718 work
= dl_list_first(&radio
->work
, struct wpa_radio_work
, list
);
5720 radio
->num_active_works
= 0;
5724 wpa_s
= dl_list_first(&radio
->ifaces
, struct wpa_supplicant
,
5728 wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
)) {
5730 return; /* already started and still in progress */
5732 if (wpa_s
&& wpa_s
->radio
->external_scan_running
) {
5733 wpa_printf(MSG_DEBUG
, "Delay radio work start until externally triggered scan completes");
5738 if (radio
->num_active_works
< MAX_ACTIVE_WORKS
) {
5739 /* get the work to schedule next */
5740 work
= radio_work_get_next_work(radio
);
5746 wpa_s
= work
->wpa_s
;
5747 os_get_reltime(&now
);
5748 os_reltime_sub(&now
, &work
->time
, &diff
);
5749 wpa_dbg(wpa_s
, MSG_DEBUG
,
5750 "Starting radio work '%s'@%p after %ld.%06ld second wait",
5751 work
->type
, work
, diff
.sec
, diff
.usec
);
5754 radio
->num_active_works
++;
5758 if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
) &&
5759 radio
->num_active_works
< MAX_ACTIVE_WORKS
)
5760 radio_work_check_next(wpa_s
);
5765 * This function removes both started and pending radio works running on
5766 * the provided interface's radio.
5767 * Prior to the removal of the radio work, its callback (cb) is called with
5768 * deinit set to be 1. Each work's callback is responsible for clearing its
5769 * internal data and restoring to a correct state.
5770 * @wpa_s: wpa_supplicant data
5771 * @type: type of works to be removed
5772 * @remove_all: 1 to remove all the works on this radio, 0 to remove only
5773 * this interface's works.
5775 void radio_remove_works(struct wpa_supplicant
*wpa_s
,
5776 const char *type
, int remove_all
)
5778 struct wpa_radio_work
*work
, *tmp
;
5779 struct wpa_radio
*radio
= wpa_s
->radio
;
5781 dl_list_for_each_safe(work
, tmp
, &radio
->work
, struct wpa_radio_work
,
5783 if (type
&& os_strcmp(type
, work
->type
) != 0)
5786 /* skip other ifaces' works */
5787 if (!remove_all
&& work
->wpa_s
!= wpa_s
)
5790 wpa_dbg(wpa_s
, MSG_DEBUG
, "Remove radio work '%s'@%p%s",
5791 work
->type
, work
, work
->started
? " (started)" : "");
5793 radio_work_free(work
);
5796 /* in case we removed the started work */
5797 radio_work_check_next(wpa_s
);
5801 void radio_remove_pending_work(struct wpa_supplicant
*wpa_s
, void *ctx
)
5803 struct wpa_radio_work
*work
;
5804 struct wpa_radio
*radio
= wpa_s
->radio
;
5806 dl_list_for_each(work
, &radio
->work
, struct wpa_radio_work
, list
) {
5807 if (work
->ctx
!= ctx
)
5809 wpa_dbg(wpa_s
, MSG_DEBUG
, "Free pending radio work '%s'@%p%s",
5810 work
->type
, work
, work
->started
? " (started)" : "");
5811 radio_work_free(work
);
5817 static void radio_remove_interface(struct wpa_supplicant
*wpa_s
)
5819 struct wpa_radio
*radio
= wpa_s
->radio
;
5824 wpa_printf(MSG_DEBUG
, "Remove interface %s from radio %s",
5825 wpa_s
->ifname
, radio
->name
);
5826 dl_list_del(&wpa_s
->radio_list
);
5827 radio_remove_works(wpa_s
, NULL
, 0);
5828 wpa_s
->radio
= NULL
;
5829 if (!dl_list_empty(&radio
->ifaces
))
5830 return; /* Interfaces remain for this radio */
5832 wpa_printf(MSG_DEBUG
, "Remove radio %s", radio
->name
);
5833 eloop_cancel_timeout(radio_start_next_work
, radio
, NULL
);
5838 void radio_work_check_next(struct wpa_supplicant
*wpa_s
)
5840 struct wpa_radio
*radio
= wpa_s
->radio
;
5842 if (dl_list_empty(&radio
->work
))
5844 if (wpa_s
->ext_work_in_progress
) {
5845 wpa_printf(MSG_DEBUG
,
5846 "External radio work in progress - delay start of pending item");
5849 eloop_cancel_timeout(radio_start_next_work
, radio
, NULL
);
5850 eloop_register_timeout(0, 0, radio_start_next_work
, radio
, NULL
);
5855 * radio_add_work - Add a radio work item
5856 * @wpa_s: Pointer to wpa_supplicant data
5857 * @freq: Frequency of the offchannel operation in MHz or 0
5858 * @type: Unique identifier for each type of work
5859 * @next: Force as the next work to be executed
5860 * @cb: Callback function for indicating when radio is available
5861 * @ctx: Context pointer for the work (work->ctx in cb())
5862 * Returns: 0 on success, -1 on failure
5864 * This function is used to request time for an operation that requires
5865 * exclusive radio control. Once the radio is available, the registered callback
5866 * function will be called. radio_work_done() must be called once the exclusive
5867 * radio operation has been completed, so that the radio is freed for other
5868 * operations. The special case of deinit=1 is used to free the context data
5869 * during interface removal. That does not allow the callback function to start
5870 * the radio operation, i.e., it must free any resources allocated for the radio
5873 * The @freq parameter can be used to indicate a single channel on which the
5874 * offchannel operation will occur. This may allow multiple radio work
5875 * operations to be performed in parallel if they apply for the same channel.
5876 * Setting this to 0 indicates that the work item may use multiple channels or
5877 * requires exclusive control of the radio.
5879 int radio_add_work(struct wpa_supplicant
*wpa_s
, unsigned int freq
,
5880 const char *type
, int next
,
5881 void (*cb
)(struct wpa_radio_work
*work
, int deinit
),
5884 struct wpa_radio
*radio
= wpa_s
->radio
;
5885 struct wpa_radio_work
*work
;
5888 work
= os_zalloc(sizeof(*work
));
5891 wpa_dbg(wpa_s
, MSG_DEBUG
, "Add radio work '%s'@%p", type
, work
);
5892 os_get_reltime(&work
->time
);
5895 work
->wpa_s
= wpa_s
;
5900 work
->bands
= wpas_freq_to_band(freq
);
5901 else if (os_strcmp(type
, "scan") == 0 ||
5902 os_strcmp(type
, "p2p-scan") == 0)
5903 work
->bands
= wpas_get_bands(wpa_s
,
5904 ((struct wpa_driver_scan_params
*)
5907 work
->bands
= wpas_get_bands(wpa_s
, NULL
);
5909 was_empty
= dl_list_empty(&wpa_s
->radio
->work
);
5911 dl_list_add(&wpa_s
->radio
->work
, &work
->list
);
5913 dl_list_add_tail(&wpa_s
->radio
->work
, &work
->list
);
5915 wpa_dbg(wpa_s
, MSG_DEBUG
, "First radio work item in the queue - schedule start immediately");
5916 radio_work_check_next(wpa_s
);
5917 } else if ((wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS
)
5918 && radio
->num_active_works
< MAX_ACTIVE_WORKS
) {
5919 wpa_dbg(wpa_s
, MSG_DEBUG
,
5920 "Try to schedule a radio work (num_active_works=%u)",
5921 radio
->num_active_works
);
5922 radio_work_check_next(wpa_s
);
5930 * radio_work_done - Indicate that a radio work item has been completed
5931 * @work: Completed work
5933 * This function is called once the callback function registered with
5934 * radio_add_work() has completed its work.
5936 void radio_work_done(struct wpa_radio_work
*work
)
5938 struct wpa_supplicant
*wpa_s
= work
->wpa_s
;
5939 struct os_reltime now
, diff
;
5940 unsigned int started
= work
->started
;
5942 os_get_reltime(&now
);
5943 os_reltime_sub(&now
, &work
->time
, &diff
);
5944 wpa_dbg(wpa_s
, MSG_DEBUG
, "Radio work '%s'@%p %s in %ld.%06ld seconds",
5945 work
->type
, work
, started
? "done" : "canceled",
5946 diff
.sec
, diff
.usec
);
5947 radio_work_free(work
);
5949 radio_work_check_next(wpa_s
);
5953 struct wpa_radio_work
*
5954 radio_work_pending(struct wpa_supplicant
*wpa_s
, const char *type
)
5956 struct wpa_radio_work
*work
;
5957 struct wpa_radio
*radio
= wpa_s
->radio
;
5959 dl_list_for_each(work
, &radio
->work
, struct wpa_radio_work
, list
) {
5960 if (work
->wpa_s
== wpa_s
&& os_strcmp(work
->type
, type
) == 0)
5968 static int wpas_init_driver(struct wpa_supplicant
*wpa_s
,
5969 const struct wpa_interface
*iface
)
5971 const char *ifname
, *driver
, *rn
;
5973 driver
= iface
->driver
;
5975 if (wpa_supplicant_set_driver(wpa_s
, driver
) < 0)
5978 wpa_s
->drv_priv
= wpa_drv_init(wpa_s
, wpa_s
->ifname
);
5979 if (wpa_s
->drv_priv
== NULL
) {
5981 pos
= driver
? os_strchr(driver
, ',') : NULL
;
5983 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to initialize "
5984 "driver interface - try next driver wrapper");
5988 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to initialize driver "
5992 if (wpa_drv_set_param(wpa_s
, wpa_s
->conf
->driver_param
) < 0) {
5993 wpa_msg(wpa_s
, MSG_ERROR
, "Driver interface rejected "
5994 "driver_param '%s'", wpa_s
->conf
->driver_param
);
5998 ifname
= wpa_drv_get_ifname(wpa_s
);
5999 if (ifname
&& os_strcmp(ifname
, wpa_s
->ifname
) != 0) {
6000 wpa_dbg(wpa_s
, MSG_DEBUG
, "Driver interface replaced "
6001 "interface name with '%s'", ifname
);
6002 os_strlcpy(wpa_s
->ifname
, ifname
, sizeof(wpa_s
->ifname
));
6005 rn
= wpa_driver_get_radio_name(wpa_s
);
6006 if (rn
&& rn
[0] == '\0')
6009 wpa_s
->radio
= radio_add_interface(wpa_s
, rn
);
6010 if (wpa_s
->radio
== NULL
)
6017 #ifdef CONFIG_GAS_SERVER
6019 static void wpas_gas_server_tx_status(struct wpa_supplicant
*wpa_s
,
6020 unsigned int freq
, const u8
*dst
,
6021 const u8
*src
, const u8
*bssid
,
6022 const u8
*data
, size_t data_len
,
6023 enum offchannel_send_action_result result
)
6025 wpa_printf(MSG_DEBUG
, "GAS: TX status: freq=%u dst=" MACSTR
6028 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
? "SUCCESS" :
6029 (result
== OFFCHANNEL_SEND_ACTION_NO_ACK
? "no-ACK" :
6031 gas_server_tx_status(wpa_s
->gas_server
, dst
, data
, data_len
,
6032 result
== OFFCHANNEL_SEND_ACTION_SUCCESS
);
6036 static void wpas_gas_server_tx(void *ctx
, int freq
, const u8
*da
,
6037 struct wpabuf
*buf
, unsigned int wait_time
)
6039 struct wpa_supplicant
*wpa_s
= ctx
;
6040 const u8 broadcast
[ETH_ALEN
] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
6042 if (wait_time
> wpa_s
->max_remain_on_chan
)
6043 wait_time
= wpa_s
->max_remain_on_chan
;
6045 offchannel_send_action(wpa_s
, freq
, da
, wpa_s
->own_addr
, broadcast
,
6046 wpabuf_head(buf
), wpabuf_len(buf
),
6047 wait_time
, wpas_gas_server_tx_status
, 0);
6050 #endif /* CONFIG_GAS_SERVER */
6052 static int wpa_supplicant_init_iface(struct wpa_supplicant
*wpa_s
,
6053 const struct wpa_interface
*iface
)
6055 struct wpa_driver_capa capa
;
6059 wpa_printf(MSG_DEBUG
, "Initializing interface '%s' conf '%s' driver "
6060 "'%s' ctrl_interface '%s' bridge '%s'", iface
->ifname
,
6061 iface
->confname
? iface
->confname
: "N/A",
6062 iface
->driver
? iface
->driver
: "default",
6063 iface
->ctrl_interface
? iface
->ctrl_interface
: "N/A",
6064 iface
->bridge_ifname
? iface
->bridge_ifname
: "N/A");
6066 if (iface
->confname
) {
6067 #ifdef CONFIG_BACKEND_FILE
6068 wpa_s
->confname
= os_rel2abs_path(iface
->confname
);
6069 if (wpa_s
->confname
== NULL
) {
6070 wpa_printf(MSG_ERROR
, "Failed to get absolute path "
6071 "for configuration file '%s'.",
6075 wpa_printf(MSG_DEBUG
, "Configuration file '%s' -> '%s'",
6076 iface
->confname
, wpa_s
->confname
);
6077 #else /* CONFIG_BACKEND_FILE */
6078 wpa_s
->confname
= os_strdup(iface
->confname
);
6079 #endif /* CONFIG_BACKEND_FILE */
6080 wpa_s
->conf
= wpa_config_read(wpa_s
->confname
, NULL
);
6081 if (wpa_s
->conf
== NULL
) {
6082 wpa_printf(MSG_ERROR
, "Failed to read or parse "
6083 "configuration '%s'.", wpa_s
->confname
);
6086 wpa_s
->confanother
= os_rel2abs_path(iface
->confanother
);
6087 if (wpa_s
->confanother
&&
6088 !wpa_config_read(wpa_s
->confanother
, wpa_s
->conf
)) {
6089 wpa_printf(MSG_ERROR
,
6090 "Failed to read or parse configuration '%s'.",
6091 wpa_s
->confanother
);
6096 * Override ctrl_interface and driver_param if set on command
6099 if (iface
->ctrl_interface
) {
6100 os_free(wpa_s
->conf
->ctrl_interface
);
6101 wpa_s
->conf
->ctrl_interface
=
6102 os_strdup(iface
->ctrl_interface
);
6105 if (iface
->driver_param
) {
6106 os_free(wpa_s
->conf
->driver_param
);
6107 wpa_s
->conf
->driver_param
=
6108 os_strdup(iface
->driver_param
);
6111 if (iface
->p2p_mgmt
&& !iface
->ctrl_interface
) {
6112 os_free(wpa_s
->conf
->ctrl_interface
);
6113 wpa_s
->conf
->ctrl_interface
= NULL
;
6116 wpa_s
->conf
= wpa_config_alloc_empty(iface
->ctrl_interface
,
6117 iface
->driver_param
);
6119 if (wpa_s
->conf
== NULL
) {
6120 wpa_printf(MSG_ERROR
, "\nNo configuration found.");
6124 if (iface
->ifname
== NULL
) {
6125 wpa_printf(MSG_ERROR
, "\nInterface name is required.");
6128 if (os_strlen(iface
->ifname
) >= sizeof(wpa_s
->ifname
)) {
6129 wpa_printf(MSG_ERROR
, "\nToo long interface name '%s'.",
6133 os_strlcpy(wpa_s
->ifname
, iface
->ifname
, sizeof(wpa_s
->ifname
));
6135 if (iface
->bridge_ifname
) {
6136 if (os_strlen(iface
->bridge_ifname
) >=
6137 sizeof(wpa_s
->bridge_ifname
)) {
6138 wpa_printf(MSG_ERROR
, "\nToo long bridge interface "
6139 "name '%s'.", iface
->bridge_ifname
);
6142 os_strlcpy(wpa_s
->bridge_ifname
, iface
->bridge_ifname
,
6143 sizeof(wpa_s
->bridge_ifname
));
6146 /* RSNA Supplicant Key Management - INITIALIZE */
6147 eapol_sm_notify_portEnabled(wpa_s
->eapol
, FALSE
);
6148 eapol_sm_notify_portValid(wpa_s
->eapol
, FALSE
);
6150 /* Initialize driver interface and register driver event handler before
6151 * L2 receive handler so that association events are processed before
6152 * EAPOL-Key packets if both become available for the same select()
6154 if (wpas_init_driver(wpa_s
, iface
) < 0)
6157 if (wpa_supplicant_init_wpa(wpa_s
) < 0)
6160 wpa_sm_set_ifname(wpa_s
->wpa
, wpa_s
->ifname
,
6161 wpa_s
->bridge_ifname
[0] ? wpa_s
->bridge_ifname
:
6163 wpa_sm_set_fast_reauth(wpa_s
->wpa
, wpa_s
->conf
->fast_reauth
);
6165 if (wpa_s
->conf
->dot11RSNAConfigPMKLifetime
&&
6166 wpa_sm_set_param(wpa_s
->wpa
, RSNA_PMK_LIFETIME
,
6167 wpa_s
->conf
->dot11RSNAConfigPMKLifetime
)) {
6168 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
6169 "dot11RSNAConfigPMKLifetime");
6173 if (wpa_s
->conf
->dot11RSNAConfigPMKReauthThreshold
&&
6174 wpa_sm_set_param(wpa_s
->wpa
, RSNA_PMK_REAUTH_THRESHOLD
,
6175 wpa_s
->conf
->dot11RSNAConfigPMKReauthThreshold
)) {
6176 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
6177 "dot11RSNAConfigPMKReauthThreshold");
6181 if (wpa_s
->conf
->dot11RSNAConfigSATimeout
&&
6182 wpa_sm_set_param(wpa_s
->wpa
, RSNA_SA_TIMEOUT
,
6183 wpa_s
->conf
->dot11RSNAConfigSATimeout
)) {
6184 wpa_msg(wpa_s
, MSG_ERROR
, "Invalid WPA parameter value for "
6185 "dot11RSNAConfigSATimeout");
6189 wpa_s
->hw
.modes
= wpa_drv_get_hw_feature_data(wpa_s
,
6190 &wpa_s
->hw
.num_modes
,
6193 if (wpa_s
->hw
.modes
) {
6196 for (i
= 0; i
< wpa_s
->hw
.num_modes
; i
++) {
6197 if (wpa_s
->hw
.modes
[i
].vht_capab
) {
6198 wpa_s
->hw_capab
= CAPAB_VHT
;
6202 if (wpa_s
->hw
.modes
[i
].ht_capab
&
6203 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET
)
6204 wpa_s
->hw_capab
= CAPAB_HT40
;
6205 else if (wpa_s
->hw
.modes
[i
].ht_capab
&&
6206 wpa_s
->hw_capab
== CAPAB_NO_HT_VHT
)
6207 wpa_s
->hw_capab
= CAPAB_HT
;
6211 capa_res
= wpa_drv_get_capa(wpa_s
, &capa
);
6212 if (capa_res
== 0) {
6213 wpa_s
->drv_capa_known
= 1;
6214 wpa_s
->drv_flags
= capa
.flags
;
6215 wpa_s
->drv_enc
= capa
.enc
;
6216 wpa_s
->drv_rrm_flags
= capa
.rrm_flags
;
6217 wpa_s
->probe_resp_offloads
= capa
.probe_resp_offloads
;
6218 wpa_s
->max_scan_ssids
= capa
.max_scan_ssids
;
6219 wpa_s
->max_sched_scan_ssids
= capa
.max_sched_scan_ssids
;
6220 wpa_s
->max_sched_scan_plans
= capa
.max_sched_scan_plans
;
6221 wpa_s
->max_sched_scan_plan_interval
=
6222 capa
.max_sched_scan_plan_interval
;
6223 wpa_s
->max_sched_scan_plan_iterations
=
6224 capa
.max_sched_scan_plan_iterations
;
6225 wpa_s
->sched_scan_supported
= capa
.sched_scan_supported
;
6226 wpa_s
->max_match_sets
= capa
.max_match_sets
;
6227 wpa_s
->max_remain_on_chan
= capa
.max_remain_on_chan
;
6228 wpa_s
->max_stations
= capa
.max_stations
;
6229 wpa_s
->extended_capa
= capa
.extended_capa
;
6230 wpa_s
->extended_capa_mask
= capa
.extended_capa_mask
;
6231 wpa_s
->extended_capa_len
= capa
.extended_capa_len
;
6232 wpa_s
->num_multichan_concurrent
=
6233 capa
.num_multichan_concurrent
;
6234 wpa_s
->wmm_ac_supported
= capa
.wmm_ac_supported
;
6236 if (capa
.mac_addr_rand_scan_supported
)
6237 wpa_s
->mac_addr_rand_supported
|= MAC_ADDR_RAND_SCAN
;
6238 if (wpa_s
->sched_scan_supported
&&
6239 capa
.mac_addr_rand_sched_scan_supported
)
6240 wpa_s
->mac_addr_rand_supported
|=
6241 (MAC_ADDR_RAND_SCHED_SCAN
| MAC_ADDR_RAND_PNO
);
6243 wpa_drv_get_ext_capa(wpa_s
, WPA_IF_STATION
);
6244 if (wpa_s
->extended_capa
&&
6245 wpa_s
->extended_capa_len
>= 3 &&
6246 wpa_s
->extended_capa
[2] & 0x40)
6247 wpa_s
->multi_bss_support
= 1;
6249 if (wpa_s
->max_remain_on_chan
== 0)
6250 wpa_s
->max_remain_on_chan
= 1000;
6253 * Only take p2p_mgmt parameters when P2P Device is supported.
6254 * Doing it here as it determines whether l2_packet_init() will be done
6255 * during wpa_supplicant_driver_init().
6257 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
)
6258 wpa_s
->p2p_mgmt
= iface
->p2p_mgmt
;
6260 if (wpa_s
->num_multichan_concurrent
== 0)
6261 wpa_s
->num_multichan_concurrent
= 1;
6263 if (wpa_supplicant_driver_init(wpa_s
) < 0)
6267 if (!iface
->p2p_mgmt
&& wpa_tdls_init(wpa_s
->wpa
))
6269 #endif /* CONFIG_TDLS */
6271 if (wpa_s
->conf
->country
[0] && wpa_s
->conf
->country
[1] &&
6272 wpa_drv_set_country(wpa_s
, wpa_s
->conf
->country
)) {
6273 wpa_dbg(wpa_s
, MSG_DEBUG
, "Failed to set country");
6278 if (wpa_s
->conf
->fst_group_id
) {
6279 struct fst_iface_cfg cfg
;
6280 struct fst_wpa_obj iface_obj
;
6282 fst_wpa_supplicant_fill_iface_obj(wpa_s
, &iface_obj
);
6283 os_strlcpy(cfg
.group_id
, wpa_s
->conf
->fst_group_id
,
6284 sizeof(cfg
.group_id
));
6285 cfg
.priority
= wpa_s
->conf
->fst_priority
;
6286 cfg
.llt
= wpa_s
->conf
->fst_llt
;
6288 wpa_s
->fst
= fst_attach(wpa_s
->ifname
, wpa_s
->own_addr
,
6291 wpa_msg(wpa_s
, MSG_ERROR
,
6292 "FST: Cannot attach iface %s to group %s",
6293 wpa_s
->ifname
, cfg
.group_id
);
6297 #endif /* CONFIG_FST */
6299 if (wpas_wps_init(wpa_s
))
6302 #ifdef CONFIG_GAS_SERVER
6303 wpa_s
->gas_server
= gas_server_init(wpa_s
, wpas_gas_server_tx
);
6304 if (!wpa_s
->gas_server
) {
6305 wpa_printf(MSG_ERROR
, "Failed to initialize GAS server");
6308 #endif /* CONFIG_GAS_SERVER */
6311 if (wpas_dpp_init(wpa_s
) < 0)
6313 #endif /* CONFIG_DPP */
6315 if (wpa_supplicant_init_eapol(wpa_s
) < 0)
6317 wpa_sm_set_eapol(wpa_s
->wpa
, wpa_s
->eapol
);
6319 wpa_s
->ctrl_iface
= wpa_supplicant_ctrl_iface_init(wpa_s
);
6320 if (wpa_s
->ctrl_iface
== NULL
) {
6321 wpa_printf(MSG_ERROR
,
6322 "Failed to initialize control interface '%s'.\n"
6323 "You may have another wpa_supplicant process "
6324 "already running or the file was\n"
6325 "left by an unclean termination of wpa_supplicant "
6326 "in which case you will need\n"
6327 "to manually remove this file before starting "
6328 "wpa_supplicant again.\n",
6329 wpa_s
->conf
->ctrl_interface
);
6333 wpa_s
->gas
= gas_query_init(wpa_s
);
6334 if (wpa_s
->gas
== NULL
) {
6335 wpa_printf(MSG_ERROR
, "Failed to initialize GAS query");
6339 if ((!(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
) ||
6341 wpas_p2p_init(wpa_s
->global
, wpa_s
) < 0) {
6342 wpa_msg(wpa_s
, MSG_ERROR
, "Failed to init P2P");
6346 if (wpa_bss_init(wpa_s
) < 0)
6349 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
6351 dl_list_init(&wpa_s
->mesh_external_pmksa_cache
);
6352 #endif /* CONFIG_MESH */
6353 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
6356 * Set Wake-on-WLAN triggers, if configured.
6357 * Note: We don't restore/remove the triggers on shutdown (it doesn't
6358 * have effect anyway when the interface is down).
6360 if (capa_res
== 0 && wpas_set_wowlan_triggers(wpa_s
, &capa
) < 0)
6363 #ifdef CONFIG_EAP_PROXY
6366 wpa_s
->mnc_len
= eapol_sm_get_eap_proxy_imsi(wpa_s
->eapol
, -1,
6368 if (wpa_s
->mnc_len
> 0) {
6369 wpa_s
->imsi
[len
] = '\0';
6370 wpa_printf(MSG_DEBUG
, "eap_proxy: IMSI %s (MNC length %d)",
6371 wpa_s
->imsi
, wpa_s
->mnc_len
);
6373 wpa_printf(MSG_DEBUG
, "eap_proxy: IMSI not available");
6376 #endif /* CONFIG_EAP_PROXY */
6378 if (pcsc_reader_init(wpa_s
) < 0)
6381 if (wpas_init_ext_pw(wpa_s
) < 0)
6384 wpas_rrm_reset(wpa_s
);
6386 wpas_sched_scan_plans_set(wpa_s
, wpa_s
->conf
->sched_scan_plans
);
6390 #endif /* CONFIG_HS20 */
6392 if (!wpa_s
->disable_mbo_oce
&& wpa_s
->conf
->oce
) {
6393 if ((wpa_s
->conf
->oce
& OCE_STA
) &&
6394 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OCE_STA
))
6395 wpa_s
->enable_oce
= OCE_STA
;
6396 if ((wpa_s
->conf
->oce
& OCE_STA_CFON
) &&
6397 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_OCE_STA_CFON
)) {
6398 /* TODO: Need to add STA-CFON support */
6399 wpa_printf(MSG_ERROR
,
6400 "OCE STA-CFON feature is not yet supported");
6403 wpas_mbo_update_non_pref_chan(wpa_s
, wpa_s
->conf
->non_pref_chan
);
6404 #endif /* CONFIG_MBO */
6406 wpa_supplicant_set_default_scan_ies(wpa_s
);
6412 static void wpa_supplicant_deinit_iface(struct wpa_supplicant
*wpa_s
,
6413 int notify
, int terminate
)
6415 struct wpa_global
*global
= wpa_s
->global
;
6416 struct wpa_supplicant
*iface
, *prev
;
6418 if (wpa_s
== wpa_s
->parent
)
6419 wpas_p2p_group_remove(wpa_s
, "*");
6421 iface
= global
->ifaces
;
6423 if (iface
->p2pdev
== wpa_s
)
6424 iface
->p2pdev
= iface
->parent
;
6425 if (iface
== wpa_s
|| iface
->parent
!= wpa_s
) {
6426 iface
= iface
->next
;
6429 wpa_printf(MSG_DEBUG
,
6430 "Remove remaining child interface %s from parent %s",
6431 iface
->ifname
, wpa_s
->ifname
);
6433 iface
= iface
->next
;
6434 wpa_supplicant_remove_iface(global
, prev
, terminate
);
6437 wpa_s
->disconnected
= 1;
6438 if (wpa_s
->drv_priv
) {
6439 /* Don't deauthenticate if WoWLAN is enabled */
6440 if (!wpa_drv_get_wowlan(wpa_s
)) {
6441 wpa_supplicant_deauthenticate(
6442 wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
6444 wpa_drv_set_countermeasures(wpa_s
, 0);
6445 wpa_clear_keys(wpa_s
, NULL
);
6447 wpa_msg(wpa_s
, MSG_INFO
,
6448 "Do not deauthenticate as part of interface deinit since WoWLAN is enabled");
6452 wpa_supplicant_cleanup(wpa_s
);
6453 wpas_p2p_deinit_iface(wpa_s
);
6455 wpas_ctrl_radio_work_flush(wpa_s
);
6456 radio_remove_interface(wpa_s
);
6460 fst_detach(wpa_s
->fst
);
6463 if (wpa_s
->received_mb_ies
) {
6464 wpabuf_free(wpa_s
->received_mb_ies
);
6465 wpa_s
->received_mb_ies
= NULL
;
6467 #endif /* CONFIG_FST */
6469 if (wpa_s
->drv_priv
)
6470 wpa_drv_deinit(wpa_s
);
6473 wpas_notify_iface_removed(wpa_s
);
6476 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_TERMINATING
);
6478 if (wpa_s
->ctrl_iface
) {
6479 wpa_supplicant_ctrl_iface_deinit(wpa_s
->ctrl_iface
);
6480 wpa_s
->ctrl_iface
= NULL
;
6485 wpa_supplicant_mesh_iface_deinit(wpa_s
, wpa_s
->ifmsh
);
6486 wpa_s
->ifmsh
= NULL
;
6488 #endif /* CONFIG_MESH */
6490 if (wpa_s
->conf
!= NULL
) {
6491 wpa_config_free(wpa_s
->conf
);
6495 os_free(wpa_s
->ssids_from_scan_req
);
6496 os_free(wpa_s
->last_scan_freqs
);
6502 #ifdef CONFIG_MATCH_IFACE
6505 * wpa_supplicant_match_iface - Match an interface description to a name
6506 * @global: Pointer to global data from wpa_supplicant_init()
6507 * @ifname: Name of the interface to match
6508 * Returns: Pointer to the created interface description or %NULL on failure
6510 struct wpa_interface
* wpa_supplicant_match_iface(struct wpa_global
*global
,
6514 struct wpa_interface
*iface
, *miface
;
6516 for (i
= 0; i
< global
->params
.match_iface_count
; i
++) {
6517 miface
= &global
->params
.match_ifaces
[i
];
6518 if (!miface
->ifname
||
6519 fnmatch(miface
->ifname
, ifname
, 0) == 0) {
6520 iface
= os_zalloc(sizeof(*iface
));
6524 iface
->ifname
= ifname
;
6534 * wpa_supplicant_match_existing - Match existing interfaces
6535 * @global: Pointer to global data from wpa_supplicant_init()
6536 * Returns: 0 on success, -1 on failure
6538 static int wpa_supplicant_match_existing(struct wpa_global
*global
)
6540 struct if_nameindex
*ifi
, *ifp
;
6541 struct wpa_supplicant
*wpa_s
;
6542 struct wpa_interface
*iface
;
6544 ifp
= if_nameindex();
6546 wpa_printf(MSG_ERROR
, "if_nameindex: %s", strerror(errno
));
6550 for (ifi
= ifp
; ifi
->if_name
; ifi
++) {
6551 wpa_s
= wpa_supplicant_get_iface(global
, ifi
->if_name
);
6554 iface
= wpa_supplicant_match_iface(global
, ifi
->if_name
);
6556 wpa_s
= wpa_supplicant_add_iface(global
, iface
, NULL
);
6563 if_freenameindex(ifp
);
6567 #endif /* CONFIG_MATCH_IFACE */
6571 * wpa_supplicant_add_iface - Add a new network interface
6572 * @global: Pointer to global data from wpa_supplicant_init()
6573 * @iface: Interface configuration options
6574 * @parent: Parent interface or %NULL to assign new interface as parent
6575 * Returns: Pointer to the created interface or %NULL on failure
6577 * This function is used to add new network interfaces for %wpa_supplicant.
6578 * This can be called before wpa_supplicant_run() to add interfaces before the
6579 * main event loop has been started. In addition, new interfaces can be added
6580 * dynamically while %wpa_supplicant is already running. This could happen,
6581 * e.g., when a hotplug network adapter is inserted.
6583 struct wpa_supplicant
* wpa_supplicant_add_iface(struct wpa_global
*global
,
6584 struct wpa_interface
*iface
,
6585 struct wpa_supplicant
*parent
)
6587 struct wpa_supplicant
*wpa_s
;
6588 struct wpa_interface t_iface
;
6589 struct wpa_ssid
*ssid
;
6591 if (global
== NULL
|| iface
== NULL
)
6594 wpa_s
= wpa_supplicant_alloc(parent
);
6598 wpa_s
->global
= global
;
6601 if (global
->params
.override_driver
) {
6602 wpa_printf(MSG_DEBUG
, "Override interface parameter: driver "
6604 iface
->driver
, global
->params
.override_driver
);
6605 t_iface
.driver
= global
->params
.override_driver
;
6607 if (global
->params
.override_ctrl_interface
) {
6608 wpa_printf(MSG_DEBUG
, "Override interface parameter: "
6609 "ctrl_interface ('%s' -> '%s')",
6610 iface
->ctrl_interface
,
6611 global
->params
.override_ctrl_interface
);
6612 t_iface
.ctrl_interface
=
6613 global
->params
.override_ctrl_interface
;
6615 if (wpa_supplicant_init_iface(wpa_s
, &t_iface
)) {
6616 wpa_printf(MSG_DEBUG
, "Failed to add interface %s",
6618 wpa_supplicant_deinit_iface(wpa_s
, 0, 0);
6622 if (iface
->p2p_mgmt
== 0) {
6623 /* Notify the control interfaces about new iface */
6624 if (wpas_notify_iface_added(wpa_s
)) {
6625 wpa_supplicant_deinit_iface(wpa_s
, 1, 0);
6629 for (ssid
= wpa_s
->conf
->ssid
; ssid
; ssid
= ssid
->next
)
6630 wpas_notify_network_added(wpa_s
, ssid
);
6633 wpa_s
->next
= global
->ifaces
;
6634 global
->ifaces
= wpa_s
;
6636 wpa_dbg(wpa_s
, MSG_DEBUG
, "Added interface %s", wpa_s
->ifname
);
6637 wpa_supplicant_set_state(wpa_s
, WPA_DISCONNECTED
);
6640 if (wpa_s
->global
->p2p
== NULL
&&
6641 !wpa_s
->global
->p2p_disabled
&& !wpa_s
->conf
->p2p_disabled
&&
6642 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE
) &&
6643 wpas_p2p_add_p2pdev_interface(
6644 wpa_s
, wpa_s
->global
->params
.conf_p2p_dev
) < 0) {
6645 wpa_printf(MSG_INFO
,
6646 "P2P: Failed to enable P2P Device interface");
6647 /* Try to continue without. P2P will be disabled. */
6649 #endif /* CONFIG_P2P */
6656 * wpa_supplicant_remove_iface - Remove a network interface
6657 * @global: Pointer to global data from wpa_supplicant_init()
6658 * @wpa_s: Pointer to the network interface to be removed
6659 * Returns: 0 if interface was removed, -1 if interface was not found
6661 * This function can be used to dynamically remove network interfaces from
6662 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
6663 * addition, this function is used to remove all remaining interfaces when
6664 * %wpa_supplicant is terminated.
6666 int wpa_supplicant_remove_iface(struct wpa_global
*global
,
6667 struct wpa_supplicant
*wpa_s
,
6670 struct wpa_supplicant
*prev
;
6672 unsigned int mesh_if_created
= wpa_s
->mesh_if_created
;
6673 char *ifname
= NULL
;
6674 struct wpa_supplicant
*parent
= wpa_s
->parent
;
6675 #endif /* CONFIG_MESH */
6677 /* Remove interface from the global list of interfaces */
6678 prev
= global
->ifaces
;
6679 if (prev
== wpa_s
) {
6680 global
->ifaces
= wpa_s
->next
;
6682 while (prev
&& prev
->next
!= wpa_s
)
6686 prev
->next
= wpa_s
->next
;
6689 wpa_dbg(wpa_s
, MSG_DEBUG
, "Removing interface %s", wpa_s
->ifname
);
6692 if (mesh_if_created
) {
6693 ifname
= os_strdup(wpa_s
->ifname
);
6694 if (ifname
== NULL
) {
6695 wpa_dbg(wpa_s
, MSG_ERROR
,
6696 "mesh: Failed to malloc ifname");
6700 #endif /* CONFIG_MESH */
6702 if (global
->p2p_group_formation
== wpa_s
)
6703 global
->p2p_group_formation
= NULL
;
6704 if (global
->p2p_invite_group
== wpa_s
)
6705 global
->p2p_invite_group
= NULL
;
6706 wpa_supplicant_deinit_iface(wpa_s
, 1, terminate
);
6709 if (mesh_if_created
) {
6710 wpa_drv_if_remove(parent
, WPA_IF_MESH
, ifname
);
6713 #endif /* CONFIG_MESH */
6720 * wpa_supplicant_get_eap_mode - Get the current EAP mode
6721 * @wpa_s: Pointer to the network interface
6722 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
6724 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant
*wpa_s
)
6726 const char *eapol_method
;
6728 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
) == 0 &&
6729 wpa_s
->key_mgmt
!= WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
6733 eapol_method
= eapol_sm_get_method_name(wpa_s
->eapol
);
6734 if (eapol_method
== NULL
)
6735 return "UNKNOWN-EAP";
6737 return eapol_method
;
6742 * wpa_supplicant_get_iface - Get a new network interface
6743 * @global: Pointer to global data from wpa_supplicant_init()
6744 * @ifname: Interface name
6745 * Returns: Pointer to the interface or %NULL if not found
6747 struct wpa_supplicant
* wpa_supplicant_get_iface(struct wpa_global
*global
,
6750 struct wpa_supplicant
*wpa_s
;
6752 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
6753 if (os_strcmp(wpa_s
->ifname
, ifname
) == 0)
6760 #ifndef CONFIG_NO_WPA_MSG
6761 static const char * wpa_supplicant_msg_ifname_cb(void *ctx
)
6763 struct wpa_supplicant
*wpa_s
= ctx
;
6766 return wpa_s
->ifname
;
6768 #endif /* CONFIG_NO_WPA_MSG */
6771 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
6772 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
6773 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
6775 /* Periodic cleanup tasks */
6776 static void wpas_periodic(void *eloop_ctx
, void *timeout_ctx
)
6778 struct wpa_global
*global
= eloop_ctx
;
6779 struct wpa_supplicant
*wpa_s
;
6781 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL
, 0,
6782 wpas_periodic
, global
, NULL
);
6786 p2p_expire_peers(global
->p2p
);
6787 #endif /* CONFIG_P2P */
6789 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
) {
6790 wpa_bss_flush_by_age(wpa_s
, wpa_s
->conf
->bss_expiration_age
);
6793 #endif /* CONFIG_AP */
6799 * wpa_supplicant_init - Initialize %wpa_supplicant
6800 * @params: Parameters for %wpa_supplicant
6801 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
6803 * This function is used to initialize %wpa_supplicant. After successful
6804 * initialization, the returned data pointer can be used to add and remove
6805 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
6807 struct wpa_global
* wpa_supplicant_init(struct wpa_params
*params
)
6809 struct wpa_global
*global
;
6815 #ifdef CONFIG_DRIVER_NDIS
6817 void driver_ndis_init_ops(void);
6818 driver_ndis_init_ops();
6820 #endif /* CONFIG_DRIVER_NDIS */
6822 #ifndef CONFIG_NO_WPA_MSG
6823 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb
);
6824 #endif /* CONFIG_NO_WPA_MSG */
6826 if (params
->wpa_debug_file_path
)
6827 wpa_debug_open_file(params
->wpa_debug_file_path
);
6828 if (!params
->wpa_debug_file_path
&& !params
->wpa_debug_syslog
)
6829 wpa_debug_setup_stdout();
6830 if (params
->wpa_debug_syslog
)
6831 wpa_debug_open_syslog();
6832 if (params
->wpa_debug_tracing
) {
6833 ret
= wpa_debug_open_linux_tracing();
6835 wpa_printf(MSG_ERROR
,
6836 "Failed to enable trace logging");
6841 ret
= eap_register_methods();
6843 wpa_printf(MSG_ERROR
, "Failed to register EAP methods");
6845 wpa_printf(MSG_ERROR
, "Two or more EAP methods used "
6846 "the same EAP type.");
6850 global
= os_zalloc(sizeof(*global
));
6853 dl_list_init(&global
->p2p_srv_bonjour
);
6854 dl_list_init(&global
->p2p_srv_upnp
);
6855 global
->params
.daemonize
= params
->daemonize
;
6856 global
->params
.wait_for_monitor
= params
->wait_for_monitor
;
6857 global
->params
.dbus_ctrl_interface
= params
->dbus_ctrl_interface
;
6858 if (params
->pid_file
)
6859 global
->params
.pid_file
= os_strdup(params
->pid_file
);
6860 if (params
->ctrl_interface
)
6861 global
->params
.ctrl_interface
=
6862 os_strdup(params
->ctrl_interface
);
6863 if (params
->ctrl_interface_group
)
6864 global
->params
.ctrl_interface_group
=
6865 os_strdup(params
->ctrl_interface_group
);
6866 if (params
->override_driver
)
6867 global
->params
.override_driver
=
6868 os_strdup(params
->override_driver
);
6869 if (params
->override_ctrl_interface
)
6870 global
->params
.override_ctrl_interface
=
6871 os_strdup(params
->override_ctrl_interface
);
6872 #ifdef CONFIG_MATCH_IFACE
6873 global
->params
.match_iface_count
= params
->match_iface_count
;
6874 if (params
->match_iface_count
) {
6875 global
->params
.match_ifaces
=
6876 os_calloc(params
->match_iface_count
,
6877 sizeof(struct wpa_interface
));
6878 os_memcpy(global
->params
.match_ifaces
,
6879 params
->match_ifaces
,
6880 params
->match_iface_count
*
6881 sizeof(struct wpa_interface
));
6883 #endif /* CONFIG_MATCH_IFACE */
6885 if (params
->conf_p2p_dev
)
6886 global
->params
.conf_p2p_dev
=
6887 os_strdup(params
->conf_p2p_dev
);
6888 #endif /* CONFIG_P2P */
6889 wpa_debug_level
= global
->params
.wpa_debug_level
=
6890 params
->wpa_debug_level
;
6891 wpa_debug_show_keys
= global
->params
.wpa_debug_show_keys
=
6892 params
->wpa_debug_show_keys
;
6893 wpa_debug_timestamp
= global
->params
.wpa_debug_timestamp
=
6894 params
->wpa_debug_timestamp
;
6896 wpa_printf(MSG_DEBUG
, "wpa_supplicant v%s", VERSION_STR
);
6899 wpa_printf(MSG_ERROR
, "Failed to initialize event loop");
6900 wpa_supplicant_deinit(global
);
6904 random_init(params
->entropy_file
);
6906 global
->ctrl_iface
= wpa_supplicant_global_ctrl_iface_init(global
);
6907 if (global
->ctrl_iface
== NULL
) {
6908 wpa_supplicant_deinit(global
);
6912 if (wpas_notify_supplicant_initialized(global
)) {
6913 wpa_supplicant_deinit(global
);
6917 for (i
= 0; wpa_drivers
[i
]; i
++)
6918 global
->drv_count
++;
6919 if (global
->drv_count
== 0) {
6920 wpa_printf(MSG_ERROR
, "No drivers enabled");
6921 wpa_supplicant_deinit(global
);
6924 global
->drv_priv
= os_calloc(global
->drv_count
, sizeof(void *));
6925 if (global
->drv_priv
== NULL
) {
6926 wpa_supplicant_deinit(global
);
6930 #ifdef CONFIG_WIFI_DISPLAY
6931 if (wifi_display_init(global
) < 0) {
6932 wpa_printf(MSG_ERROR
, "Failed to initialize Wi-Fi Display");
6933 wpa_supplicant_deinit(global
);
6936 #endif /* CONFIG_WIFI_DISPLAY */
6938 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL
, 0,
6939 wpas_periodic
, global
, NULL
);
6946 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
6947 * @global: Pointer to global data from wpa_supplicant_init()
6948 * Returns: 0 after successful event loop run, -1 on failure
6950 * This function starts the main event loop and continues running as long as
6951 * there are any remaining events. In most cases, this function is running as
6952 * long as the %wpa_supplicant process in still in use.
6954 int wpa_supplicant_run(struct wpa_global
*global
)
6956 struct wpa_supplicant
*wpa_s
;
6958 if (global
->params
.daemonize
&&
6959 (wpa_supplicant_daemon(global
->params
.pid_file
) ||
6960 eloop_sock_requeue()))
6963 #ifdef CONFIG_MATCH_IFACE
6964 if (wpa_supplicant_match_existing(global
))
6968 if (global
->params
.wait_for_monitor
) {
6969 for (wpa_s
= global
->ifaces
; wpa_s
; wpa_s
= wpa_s
->next
)
6970 if (wpa_s
->ctrl_iface
&& !wpa_s
->p2p_mgmt
)
6971 wpa_supplicant_ctrl_iface_wait(
6975 eloop_register_signal_terminate(wpa_supplicant_terminate
, global
);
6976 eloop_register_signal_reconfig(wpa_supplicant_reconfig
, global
);
6985 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
6986 * @global: Pointer to global data from wpa_supplicant_init()
6988 * This function is called to deinitialize %wpa_supplicant and to free all
6989 * allocated resources. Remaining network interfaces will also be removed.
6991 void wpa_supplicant_deinit(struct wpa_global
*global
)
6998 eloop_cancel_timeout(wpas_periodic
, global
, NULL
);
7000 #ifdef CONFIG_WIFI_DISPLAY
7001 wifi_display_deinit(global
);
7002 #endif /* CONFIG_WIFI_DISPLAY */
7004 while (global
->ifaces
)
7005 wpa_supplicant_remove_iface(global
, global
->ifaces
, 1);
7007 if (global
->ctrl_iface
)
7008 wpa_supplicant_global_ctrl_iface_deinit(global
->ctrl_iface
);
7010 wpas_notify_supplicant_deinitialized(global
);
7012 eap_peer_unregister_methods();
7014 eap_server_unregister_methods();
7015 #endif /* CONFIG_AP */
7017 for (i
= 0; wpa_drivers
[i
] && global
->drv_priv
; i
++) {
7018 if (!global
->drv_priv
[i
])
7020 wpa_drivers
[i
]->global_deinit(global
->drv_priv
[i
]);
7022 os_free(global
->drv_priv
);
7028 if (global
->params
.pid_file
) {
7029 os_daemonize_terminate(global
->params
.pid_file
);
7030 os_free(global
->params
.pid_file
);
7032 os_free(global
->params
.ctrl_interface
);
7033 os_free(global
->params
.ctrl_interface_group
);
7034 os_free(global
->params
.override_driver
);
7035 os_free(global
->params
.override_ctrl_interface
);
7036 #ifdef CONFIG_MATCH_IFACE
7037 os_free(global
->params
.match_ifaces
);
7038 #endif /* CONFIG_MATCH_IFACE */
7040 os_free(global
->params
.conf_p2p_dev
);
7041 #endif /* CONFIG_P2P */
7043 os_free(global
->p2p_disallow_freq
.range
);
7044 os_free(global
->p2p_go_avoid_freq
.range
);
7045 os_free(global
->add_psk
);
7048 wpa_debug_close_syslog();
7049 wpa_debug_close_file();
7050 wpa_debug_close_linux_tracing();
7054 void wpa_supplicant_update_config(struct wpa_supplicant
*wpa_s
)
7056 if ((wpa_s
->conf
->changed_parameters
& CFG_CHANGED_COUNTRY
) &&
7057 wpa_s
->conf
->country
[0] && wpa_s
->conf
->country
[1]) {
7059 country
[0] = wpa_s
->conf
->country
[0];
7060 country
[1] = wpa_s
->conf
->country
[1];
7062 if (wpa_drv_set_country(wpa_s
, country
) < 0) {
7063 wpa_printf(MSG_ERROR
, "Failed to set country code "
7068 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_EXT_PW_BACKEND
)
7069 wpas_init_ext_pw(wpa_s
);
7071 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_SCHED_SCAN_PLANS
)
7072 wpas_sched_scan_plans_set(wpa_s
, wpa_s
->conf
->sched_scan_plans
);
7074 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_WOWLAN_TRIGGERS
) {
7075 struct wpa_driver_capa capa
;
7076 int res
= wpa_drv_get_capa(wpa_s
, &capa
);
7078 if (res
== 0 && wpas_set_wowlan_triggers(wpa_s
, &capa
) < 0)
7079 wpa_printf(MSG_ERROR
,
7080 "Failed to update wowlan_triggers to '%s'",
7081 wpa_s
->conf
->wowlan_triggers
);
7084 if (wpa_s
->conf
->changed_parameters
& CFG_CHANGED_DISABLE_BTM
)
7085 wpa_supplicant_set_default_scan_ies(wpa_s
);
7088 wpas_wps_update_config(wpa_s
);
7089 #endif /* CONFIG_WPS */
7090 wpas_p2p_update_config(wpa_s
);
7091 wpa_s
->conf
->changed_parameters
= 0;
7095 void add_freq(int *freqs
, int *num_freqs
, int freq
)
7099 for (i
= 0; i
< *num_freqs
; i
++) {
7100 if (freqs
[i
] == freq
)
7104 freqs
[*num_freqs
] = freq
;
7109 static int * get_bss_freqs_in_ess(struct wpa_supplicant
*wpa_s
)
7111 struct wpa_bss
*bss
, *cbss
;
7112 const int max_freqs
= 10;
7116 freqs
= os_calloc(max_freqs
+ 1, sizeof(int));
7120 cbss
= wpa_s
->current_bss
;
7122 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
7125 if (bss
->ssid_len
== cbss
->ssid_len
&&
7126 os_memcmp(bss
->ssid
, cbss
->ssid
, bss
->ssid_len
) == 0 &&
7127 wpa_blacklist_get(wpa_s
, bss
->bssid
) == NULL
) {
7128 add_freq(freqs
, &num_freqs
, bss
->freq
);
7129 if (num_freqs
== max_freqs
)
7134 if (num_freqs
== 0) {
7143 void wpas_connection_failed(struct wpa_supplicant
*wpa_s
, const u8
*bssid
)
7149 wpas_connect_work_done(wpa_s
);
7152 * Remove possible authentication timeout since the connection failed.
7154 eloop_cancel_timeout(wpa_supplicant_timeout
, wpa_s
, NULL
);
7157 * There is no point in blacklisting the AP if this event is
7158 * generated based on local request to disconnect.
7160 if (wpa_s
->own_disconnect_req
|| wpa_s
->own_reconnect_req
) {
7161 wpa_s
->own_disconnect_req
= 0;
7162 wpa_dbg(wpa_s
, MSG_DEBUG
,
7163 "Ignore connection failure due to local request to disconnect");
7166 if (wpa_s
->disconnected
) {
7167 wpa_dbg(wpa_s
, MSG_DEBUG
, "Ignore connection failure "
7168 "indication since interface has been put into "
7169 "disconnected state");
7174 * Add the failed BSSID into the blacklist and speed up next scan
7175 * attempt if there could be other APs that could accept association.
7176 * The current blacklist count indicates how many times we have tried
7177 * connecting to this AP and multiple attempts mean that other APs are
7178 * either not available or has already been tried, so that we can start
7179 * increasing the delay here to avoid constant scanning.
7181 count
= wpa_blacklist_add(wpa_s
, bssid
);
7182 if (count
== 1 && wpa_s
->current_bss
) {
7184 * This BSS was not in the blacklist before. If there is
7185 * another BSS available for the same ESS, we should try that
7186 * next. Otherwise, we may as well try this one once more
7187 * before allowing other, likely worse, ESSes to be considered.
7189 freqs
= get_bss_freqs_in_ess(wpa_s
);
7191 wpa_dbg(wpa_s
, MSG_DEBUG
, "Another BSS in this ESS "
7192 "has been seen; try it next");
7193 wpa_blacklist_add(wpa_s
, bssid
);
7195 * On the next scan, go through only the known channels
7196 * used in this ESS based on previous scans to speed up
7197 * common load balancing use case.
7199 os_free(wpa_s
->next_scan_freqs
);
7200 wpa_s
->next_scan_freqs
= freqs
;
7205 * Add previous failure count in case the temporary blacklist was
7206 * cleared due to no other BSSes being available.
7208 count
+= wpa_s
->extra_blacklist_count
;
7210 if (count
> 3 && wpa_s
->current_ssid
) {
7211 wpa_printf(MSG_DEBUG
, "Continuous association failures - "
7212 "consider temporary network disabling");
7213 wpas_auth_failed(wpa_s
, "CONN_FAILED");
7234 wpa_dbg(wpa_s
, MSG_DEBUG
, "Blacklist count %d --> request scan in %d "
7235 "ms", count
, timeout
);
7238 * TODO: if more than one possible AP is available in scan results,
7239 * could try the other ones before requesting a new scan.
7242 /* speed up the connection attempt with normal scan */
7243 wpa_s
->normal_scans
= 0;
7244 wpa_supplicant_req_scan(wpa_s
, timeout
/ 1000,
7245 1000 * (timeout
% 1000));
7250 void fils_connection_failure(struct wpa_supplicant
*wpa_s
)
7252 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
7253 const u8
*realm
, *username
, *rrk
;
7254 size_t realm_len
, username_len
, rrk_len
;
7257 if (!ssid
|| !ssid
->eap
.erp
|| !wpa_key_mgmt_fils(ssid
->key_mgmt
) ||
7258 eapol_sm_get_erp_info(wpa_s
->eapol
, &ssid
->eap
,
7259 &username
, &username_len
,
7260 &realm
, &realm_len
, &next_seq_num
,
7261 &rrk
, &rrk_len
) != 0 ||
7265 wpa_hexdump_ascii(MSG_DEBUG
,
7266 "FILS: Store last connection failure realm",
7268 os_free(wpa_s
->last_con_fail_realm
);
7269 wpa_s
->last_con_fail_realm
= os_malloc(realm_len
);
7270 if (wpa_s
->last_con_fail_realm
) {
7271 wpa_s
->last_con_fail_realm_len
= realm_len
;
7272 os_memcpy(wpa_s
->last_con_fail_realm
, realm
, realm_len
);
7275 #endif /* CONFIG_FILS */
7278 int wpas_driver_bss_selection(struct wpa_supplicant
*wpa_s
)
7280 return wpa_s
->conf
->ap_scan
== 2 ||
7281 (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_BSS_SELECTION
);
7285 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
7286 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant
*wpa_s
,
7287 struct wpa_ssid
*ssid
,
7291 #ifdef IEEE8021X_EAPOL
7292 struct eap_peer_config
*eap
= &ssid
->eap
;
7294 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: response handle field=%s", field
);
7295 wpa_hexdump_ascii_key(MSG_DEBUG
, "CTRL_IFACE: response value",
7296 (const u8
*) value
, os_strlen(value
));
7298 switch (wpa_supplicant_ctrl_req_from_string(field
)) {
7299 case WPA_CTRL_REQ_EAP_IDENTITY
:
7300 os_free(eap
->identity
);
7301 eap
->identity
= (u8
*) os_strdup(value
);
7302 eap
->identity_len
= os_strlen(value
);
7303 eap
->pending_req_identity
= 0;
7304 if (ssid
== wpa_s
->current_ssid
)
7305 wpa_s
->reassociate
= 1;
7307 case WPA_CTRL_REQ_EAP_PASSWORD
:
7308 bin_clear_free(eap
->password
, eap
->password_len
);
7309 eap
->password
= (u8
*) os_strdup(value
);
7310 eap
->password_len
= os_strlen(value
);
7311 eap
->pending_req_password
= 0;
7312 if (ssid
== wpa_s
->current_ssid
)
7313 wpa_s
->reassociate
= 1;
7315 case WPA_CTRL_REQ_EAP_NEW_PASSWORD
:
7316 bin_clear_free(eap
->new_password
, eap
->new_password_len
);
7317 eap
->new_password
= (u8
*) os_strdup(value
);
7318 eap
->new_password_len
= os_strlen(value
);
7319 eap
->pending_req_new_password
= 0;
7320 if (ssid
== wpa_s
->current_ssid
)
7321 wpa_s
->reassociate
= 1;
7323 case WPA_CTRL_REQ_EAP_PIN
:
7324 str_clear_free(eap
->cert
.pin
);
7325 eap
->cert
.pin
= os_strdup(value
);
7326 eap
->pending_req_pin
= 0;
7327 if (ssid
== wpa_s
->current_ssid
)
7328 wpa_s
->reassociate
= 1;
7330 case WPA_CTRL_REQ_EAP_OTP
:
7331 bin_clear_free(eap
->otp
, eap
->otp_len
);
7332 eap
->otp
= (u8
*) os_strdup(value
);
7333 eap
->otp_len
= os_strlen(value
);
7334 os_free(eap
->pending_req_otp
);
7335 eap
->pending_req_otp
= NULL
;
7336 eap
->pending_req_otp_len
= 0;
7338 case WPA_CTRL_REQ_EAP_PASSPHRASE
:
7339 str_clear_free(eap
->cert
.private_key_passwd
);
7340 eap
->cert
.private_key_passwd
= os_strdup(value
);
7341 eap
->pending_req_passphrase
= 0;
7342 if (ssid
== wpa_s
->current_ssid
)
7343 wpa_s
->reassociate
= 1;
7345 case WPA_CTRL_REQ_SIM
:
7346 str_clear_free(eap
->external_sim_resp
);
7347 eap
->external_sim_resp
= os_strdup(value
);
7348 eap
->pending_req_sim
= 0;
7350 case WPA_CTRL_REQ_PSK_PASSPHRASE
:
7351 if (wpa_config_set(ssid
, "psk", value
, 0) < 0)
7353 ssid
->mem_only_psk
= 1;
7354 if (ssid
->passphrase
)
7355 wpa_config_update_psk(ssid
);
7356 if (wpa_s
->wpa_state
== WPA_SCANNING
&& !wpa_s
->scanning
)
7357 wpa_supplicant_req_scan(wpa_s
, 0, 0);
7359 case WPA_CTRL_REQ_EXT_CERT_CHECK
:
7360 if (eap
->pending_ext_cert_check
!= PENDING_CHECK
)
7362 if (os_strcmp(value
, "good") == 0)
7363 eap
->pending_ext_cert_check
= EXT_CERT_CHECK_GOOD
;
7364 else if (os_strcmp(value
, "bad") == 0)
7365 eap
->pending_ext_cert_check
= EXT_CERT_CHECK_BAD
;
7370 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: Unknown field '%s'", field
);
7375 #else /* IEEE8021X_EAPOL */
7376 wpa_printf(MSG_DEBUG
, "CTRL_IFACE: IEEE 802.1X not included");
7378 #endif /* IEEE8021X_EAPOL */
7380 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
7383 int wpas_network_disabled(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
7387 unsigned int drv_enc
;
7388 #endif /* CONFIG_WEP */
7390 if (wpa_s
->p2p_mgmt
)
7391 return 1; /* no normal network profiles on p2p_mgmt interface */
7400 if (wpa_s
->drv_capa_known
)
7401 drv_enc
= wpa_s
->drv_enc
;
7403 drv_enc
= (unsigned int) -1;
7405 for (i
= 0; i
< NUM_WEP_KEYS
; i
++) {
7406 size_t len
= ssid
->wep_key_len
[i
];
7409 if (len
== 5 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP40
))
7411 if (len
== 13 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP104
))
7413 if (len
== 16 && (drv_enc
& WPA_DRIVER_CAPA_ENC_WEP128
))
7415 return 1; /* invalid WEP key */
7417 #endif /* CONFIG_WEP */
7419 if (wpa_key_mgmt_wpa_psk(ssid
->key_mgmt
) && !ssid
->psk_set
&&
7420 (!ssid
->passphrase
|| ssid
->ssid_len
!= 0) && !ssid
->ext_psk
&&
7421 !(wpa_key_mgmt_sae(ssid
->key_mgmt
) && ssid
->sae_password
) &&
7422 !ssid
->mem_only_psk
)
7429 int wpas_get_ssid_pmf(struct wpa_supplicant
*wpa_s
, struct wpa_ssid
*ssid
)
7431 if (ssid
== NULL
|| ssid
->ieee80211w
== MGMT_FRAME_PROTECTION_DEFAULT
) {
7432 if (wpa_s
->conf
->pmf
== MGMT_FRAME_PROTECTION_OPTIONAL
&&
7433 !(wpa_s
->drv_enc
& WPA_DRIVER_CAPA_ENC_BIP
)) {
7435 * Driver does not support BIP -- ignore pmf=1 default
7436 * since the connection with PMF would fail and the
7437 * configuration does not require PMF to be enabled.
7439 return NO_MGMT_FRAME_PROTECTION
;
7444 ~(WPA_KEY_MGMT_NONE
| WPA_KEY_MGMT_WPS
|
7445 WPA_KEY_MGMT_IEEE8021X_NO_WPA
)) == 0) {
7447 * Do not use the default PMF value for non-RSN networks
7448 * since PMF is available only with RSN and pmf=2
7449 * configuration would otherwise prevent connections to
7450 * all open networks.
7452 return NO_MGMT_FRAME_PROTECTION
;
7455 return wpa_s
->conf
->pmf
;
7458 return ssid
->ieee80211w
;
7462 int wpas_is_p2p_prioritized(struct wpa_supplicant
*wpa_s
)
7464 if (wpa_s
->global
->conc_pref
== WPA_CONC_PREF_P2P
)
7466 if (wpa_s
->global
->conc_pref
== WPA_CONC_PREF_STA
)
7472 void wpas_auth_failed(struct wpa_supplicant
*wpa_s
, char *reason
)
7474 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
7476 struct os_reltime now
;
7479 wpa_printf(MSG_DEBUG
, "Authentication failure but no known "
7484 if (ssid
->key_mgmt
== WPA_KEY_MGMT_WPS
)
7487 ssid
->auth_failures
++;
7490 if (ssid
->p2p_group
&&
7491 (wpa_s
->p2p_in_provisioning
|| wpa_s
->show_group_started
)) {
7493 * Skip the wait time since there is a short timeout on the
7494 * connection to a P2P group.
7498 #endif /* CONFIG_P2P */
7500 if (ssid
->auth_failures
> 50)
7502 else if (ssid
->auth_failures
> 10)
7504 else if (ssid
->auth_failures
> 5)
7506 else if (ssid
->auth_failures
> 3)
7508 else if (ssid
->auth_failures
> 2)
7510 else if (ssid
->auth_failures
> 1)
7515 if (ssid
->auth_failures
> 1 &&
7516 wpa_key_mgmt_wpa_ieee8021x(ssid
->key_mgmt
))
7517 dur
+= os_random() % (ssid
->auth_failures
* 10);
7519 os_get_reltime(&now
);
7520 if (now
.sec
+ dur
<= ssid
->disabled_until
.sec
)
7523 ssid
->disabled_until
.sec
= now
.sec
+ dur
;
7525 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_TEMP_DISABLED
7526 "id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
7527 ssid
->id
, wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
),
7528 ssid
->auth_failures
, dur
, reason
);
7532 void wpas_clear_temp_disabled(struct wpa_supplicant
*wpa_s
,
7533 struct wpa_ssid
*ssid
, int clear_failures
)
7538 if (ssid
->disabled_until
.sec
) {
7539 wpa_msg(wpa_s
, MSG_INFO
, WPA_EVENT_REENABLED
7540 "id=%d ssid=\"%s\"",
7541 ssid
->id
, wpa_ssid_txt(ssid
->ssid
, ssid
->ssid_len
));
7543 ssid
->disabled_until
.sec
= 0;
7544 ssid
->disabled_until
.usec
= 0;
7546 ssid
->auth_failures
= 0;
7550 int disallowed_bssid(struct wpa_supplicant
*wpa_s
, const u8
*bssid
)
7554 if (wpa_s
->disallow_aps_bssid
== NULL
)
7557 for (i
= 0; i
< wpa_s
->disallow_aps_bssid_count
; i
++) {
7558 if (os_memcmp(wpa_s
->disallow_aps_bssid
+ i
* ETH_ALEN
,
7559 bssid
, ETH_ALEN
) == 0)
7567 int disallowed_ssid(struct wpa_supplicant
*wpa_s
, const u8
*ssid
,
7572 if (wpa_s
->disallow_aps_ssid
== NULL
|| ssid
== NULL
)
7575 for (i
= 0; i
< wpa_s
->disallow_aps_ssid_count
; i
++) {
7576 struct wpa_ssid_value
*s
= &wpa_s
->disallow_aps_ssid
[i
];
7577 if (ssid_len
== s
->ssid_len
&&
7578 os_memcmp(ssid
, s
->ssid
, ssid_len
) == 0)
7587 * wpas_request_connection - Request a new connection
7588 * @wpa_s: Pointer to the network interface
7590 * This function is used to request a new connection to be found. It will mark
7591 * the interface to allow reassociation and request a new scan to find a
7592 * suitable network to connect to.
7594 void wpas_request_connection(struct wpa_supplicant
*wpa_s
)
7596 wpa_s
->normal_scans
= 0;
7597 wpa_s
->scan_req
= NORMAL_SCAN_REQ
;
7598 wpa_supplicant_reinit_autoscan(wpa_s
);
7599 wpa_s
->extra_blacklist_count
= 0;
7600 wpa_s
->disconnected
= 0;
7601 wpa_s
->reassociate
= 1;
7602 wpa_s
->last_owe_group
= 0;
7604 if (wpa_supplicant_fast_associate(wpa_s
) != 1)
7605 wpa_supplicant_req_scan(wpa_s
, 0, 0);
7607 wpa_s
->reattach
= 0;
7612 * wpas_request_disconnection - Request disconnection
7613 * @wpa_s: Pointer to the network interface
7615 * This function is used to request disconnection from the currently connected
7616 * network. This will stop any ongoing scans and initiate deauthentication.
7618 void wpas_request_disconnection(struct wpa_supplicant
*wpa_s
)
7621 wpa_s
->sme
.prev_bssid_set
= 0;
7622 #endif /* CONFIG_SME */
7623 wpa_s
->reassociate
= 0;
7624 wpa_s
->disconnected
= 1;
7625 wpa_supplicant_cancel_sched_scan(wpa_s
);
7626 wpa_supplicant_cancel_scan(wpa_s
);
7627 wpa_supplicant_deauthenticate(wpa_s
, WLAN_REASON_DEAUTH_LEAVING
);
7628 eloop_cancel_timeout(wpas_network_reenabled
, wpa_s
, NULL
);
7629 radio_remove_works(wpa_s
, "connect", 0);
7630 radio_remove_works(wpa_s
, "sme-connect", 0);
7634 void dump_freq_data(struct wpa_supplicant
*wpa_s
, const char *title
,
7635 struct wpa_used_freq_data
*freqs_data
,
7640 wpa_dbg(wpa_s
, MSG_DEBUG
, "Shared frequencies (len=%u): %s",
7642 for (i
= 0; i
< len
; i
++) {
7643 struct wpa_used_freq_data
*cur
= &freqs_data
[i
];
7644 wpa_dbg(wpa_s
, MSG_DEBUG
, "freq[%u]: %d, flags=0x%X",
7645 i
, cur
->freq
, cur
->flags
);
7651 * Find the operating frequencies of any of the virtual interfaces that
7652 * are using the same radio as the current interface, and in addition, get
7653 * information about the interface types that are using the frequency.
7655 int get_shared_radio_freqs_data(struct wpa_supplicant
*wpa_s
,
7656 struct wpa_used_freq_data
*freqs_data
,
7659 struct wpa_supplicant
*ifs
;
7662 unsigned int idx
= 0, i
;
7664 wpa_dbg(wpa_s
, MSG_DEBUG
,
7665 "Determining shared radio frequencies (max len %u)", len
);
7666 os_memset(freqs_data
, 0, sizeof(struct wpa_used_freq_data
) * len
);
7668 dl_list_for_each(ifs
, &wpa_s
->radio
->ifaces
, struct wpa_supplicant
,
7673 if (ifs
->current_ssid
== NULL
|| ifs
->assoc_freq
== 0)
7676 if (ifs
->current_ssid
->mode
== WPAS_MODE_AP
||
7677 ifs
->current_ssid
->mode
== WPAS_MODE_P2P_GO
||
7678 ifs
->current_ssid
->mode
== WPAS_MODE_MESH
)
7679 freq
= ifs
->current_ssid
->frequency
;
7680 else if (wpa_drv_get_bssid(ifs
, bssid
) == 0)
7681 freq
= ifs
->assoc_freq
;
7685 /* Hold only distinct freqs */
7686 for (i
= 0; i
< idx
; i
++)
7687 if (freqs_data
[i
].freq
== freq
)
7691 freqs_data
[idx
++].freq
= freq
;
7693 if (ifs
->current_ssid
->mode
== WPAS_MODE_INFRA
) {
7694 freqs_data
[i
].flags
|= ifs
->current_ssid
->p2p_group
?
7695 WPA_FREQ_USED_BY_P2P_CLIENT
:
7696 WPA_FREQ_USED_BY_INFRA_STATION
;
7700 dump_freq_data(wpa_s
, "completed iteration", freqs_data
, idx
);
7706 * Find the operating frequencies of any of the virtual interfaces that
7707 * are using the same radio as the current interface.
7709 int get_shared_radio_freqs(struct wpa_supplicant
*wpa_s
,
7710 int *freq_array
, unsigned int len
)
7712 struct wpa_used_freq_data
*freqs_data
;
7715 os_memset(freq_array
, 0, sizeof(int) * len
);
7717 freqs_data
= os_calloc(len
, sizeof(struct wpa_used_freq_data
));
7721 num
= get_shared_radio_freqs_data(wpa_s
, freqs_data
, len
);
7722 for (i
= 0; i
< num
; i
++)
7723 freq_array
[i
] = freqs_data
[i
].freq
;
7725 os_free(freqs_data
);
7731 struct wpa_supplicant
*
7732 wpas_vendor_elem(struct wpa_supplicant
*wpa_s
, enum wpa_vendor_elem_frame frame
)
7736 case VENDOR_ELEM_PROBE_REQ_P2P
:
7737 case VENDOR_ELEM_PROBE_RESP_P2P
:
7738 case VENDOR_ELEM_PROBE_RESP_P2P_GO
:
7739 case VENDOR_ELEM_BEACON_P2P_GO
:
7740 case VENDOR_ELEM_P2P_PD_REQ
:
7741 case VENDOR_ELEM_P2P_PD_RESP
:
7742 case VENDOR_ELEM_P2P_GO_NEG_REQ
:
7743 case VENDOR_ELEM_P2P_GO_NEG_RESP
:
7744 case VENDOR_ELEM_P2P_GO_NEG_CONF
:
7745 case VENDOR_ELEM_P2P_INV_REQ
:
7746 case VENDOR_ELEM_P2P_INV_RESP
:
7747 case VENDOR_ELEM_P2P_ASSOC_REQ
:
7748 case VENDOR_ELEM_P2P_ASSOC_RESP
:
7749 return wpa_s
->p2pdev
;
7750 #endif /* CONFIG_P2P */
7757 void wpas_vendor_elem_update(struct wpa_supplicant
*wpa_s
)
7762 wpa_printf(MSG_DEBUG
, "Update vendor elements");
7764 for (i
= 0; i
< NUM_VENDOR_ELEM_FRAMES
; i
++) {
7765 if (wpa_s
->vendor_elem
[i
]) {
7768 res
= os_snprintf(buf
, sizeof(buf
), "frame[%u]", i
);
7769 if (!os_snprintf_error(sizeof(buf
), res
)) {
7770 wpa_hexdump_buf(MSG_DEBUG
, buf
,
7771 wpa_s
->vendor_elem
[i
]);
7777 if (wpa_s
->parent
== wpa_s
&&
7778 wpa_s
->global
->p2p
&&
7779 !wpa_s
->global
->p2p_disabled
)
7780 p2p_set_vendor_elems(wpa_s
->global
->p2p
, wpa_s
->vendor_elem
);
7781 #endif /* CONFIG_P2P */
7785 int wpas_vendor_elem_remove(struct wpa_supplicant
*wpa_s
, int frame
,
7786 const u8
*elem
, size_t len
)
7790 ie
= wpabuf_mhead_u8(wpa_s
->vendor_elem
[frame
]);
7791 end
= ie
+ wpabuf_len(wpa_s
->vendor_elem
[frame
]);
7793 for (; ie
+ 1 < end
; ie
+= 2 + ie
[1]) {
7796 if (os_memcmp(ie
, elem
, len
) != 0)
7799 if (wpabuf_len(wpa_s
->vendor_elem
[frame
]) == len
) {
7800 wpabuf_free(wpa_s
->vendor_elem
[frame
]);
7801 wpa_s
->vendor_elem
[frame
] = NULL
;
7803 os_memmove(ie
, ie
+ len
, end
- (ie
+ len
));
7804 wpa_s
->vendor_elem
[frame
]->used
-= len
;
7806 wpas_vendor_elem_update(wpa_s
);
7814 struct hostapd_hw_modes
* get_mode(struct hostapd_hw_modes
*modes
,
7815 u16 num_modes
, enum hostapd_hw_mode mode
,
7820 for (i
= 0; i
< num_modes
; i
++) {
7821 if (modes
[i
].mode
!= mode
||
7822 !modes
[i
].num_channels
|| !modes
[i
].channels
)
7824 if ((!is_6ghz
&& !is_6ghz_freq(modes
[i
].channels
[0].freq
)) ||
7825 (is_6ghz
&& is_6ghz_freq(modes
[i
].channels
[0].freq
)))
7834 wpa_bss_tmp_disallowed
* wpas_get_disallowed_bss(struct wpa_supplicant
*wpa_s
,
7837 struct wpa_bss_tmp_disallowed
*bss
;
7839 dl_list_for_each(bss
, &wpa_s
->bss_tmp_disallowed
,
7840 struct wpa_bss_tmp_disallowed
, list
) {
7841 if (os_memcmp(bssid
, bss
->bssid
, ETH_ALEN
) == 0)
7849 static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant
*wpa_s
)
7851 struct wpa_bss_tmp_disallowed
*tmp
;
7852 unsigned int num_bssid
= 0;
7856 bssids
= os_malloc(dl_list_len(&wpa_s
->bss_tmp_disallowed
) * ETH_ALEN
);
7859 dl_list_for_each(tmp
, &wpa_s
->bss_tmp_disallowed
,
7860 struct wpa_bss_tmp_disallowed
, list
) {
7861 os_memcpy(&bssids
[num_bssid
* ETH_ALEN
], tmp
->bssid
,
7865 ret
= wpa_drv_set_bssid_blacklist(wpa_s
, num_bssid
, bssids
);
7871 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx
, void *timeout_ctx
)
7873 struct wpa_supplicant
*wpa_s
= eloop_ctx
;
7874 struct wpa_bss_tmp_disallowed
*tmp
, *bss
= timeout_ctx
;
7876 /* Make sure the bss is not already freed */
7877 dl_list_for_each(tmp
, &wpa_s
->bss_tmp_disallowed
,
7878 struct wpa_bss_tmp_disallowed
, list
) {
7880 dl_list_del(&tmp
->list
);
7882 wpa_set_driver_tmp_disallow_list(wpa_s
);
7889 void wpa_bss_tmp_disallow(struct wpa_supplicant
*wpa_s
, const u8
*bssid
,
7890 unsigned int sec
, int rssi_threshold
)
7892 struct wpa_bss_tmp_disallowed
*bss
;
7894 bss
= wpas_get_disallowed_bss(wpa_s
, bssid
);
7896 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout
, wpa_s
, bss
);
7900 bss
= os_malloc(sizeof(*bss
));
7902 wpa_printf(MSG_DEBUG
,
7903 "Failed to allocate memory for temp disallow BSS");
7907 os_memcpy(bss
->bssid
, bssid
, ETH_ALEN
);
7908 dl_list_add(&wpa_s
->bss_tmp_disallowed
, &bss
->list
);
7909 wpa_set_driver_tmp_disallow_list(wpa_s
);
7912 bss
->rssi_threshold
= rssi_threshold
;
7913 eloop_register_timeout(sec
, 0, wpa_bss_tmp_disallow_timeout
,
7918 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant
*wpa_s
,
7919 struct wpa_bss
*bss
)
7921 struct wpa_bss_tmp_disallowed
*disallowed
= NULL
, *tmp
, *prev
;
7923 dl_list_for_each_safe(tmp
, prev
, &wpa_s
->bss_tmp_disallowed
,
7924 struct wpa_bss_tmp_disallowed
, list
) {
7925 if (os_memcmp(bss
->bssid
, tmp
->bssid
, ETH_ALEN
) == 0) {
7933 if (disallowed
->rssi_threshold
!= 0 &&
7934 bss
->level
> disallowed
->rssi_threshold
)
7941 int wpas_enable_mac_addr_randomization(struct wpa_supplicant
*wpa_s
,
7942 unsigned int type
, const u8
*addr
,
7945 if ((addr
&& !mask
) || (!addr
&& mask
)) {
7946 wpa_printf(MSG_INFO
,
7947 "MAC_ADDR_RAND_SCAN invalid addr/mask combination");
7951 if (addr
&& mask
&& (!(mask
[0] & 0x01) || (addr
[0] & 0x01))) {
7952 wpa_printf(MSG_INFO
,
7953 "MAC_ADDR_RAND_SCAN cannot allow multicast address");
7957 if (type
& MAC_ADDR_RAND_SCAN
) {
7958 if (wpas_mac_addr_rand_scan_set(wpa_s
, MAC_ADDR_RAND_SCAN
,
7963 if (type
& MAC_ADDR_RAND_SCHED_SCAN
) {
7964 if (wpas_mac_addr_rand_scan_set(wpa_s
, MAC_ADDR_RAND_SCHED_SCAN
,
7968 if (wpa_s
->sched_scanning
&& !wpa_s
->pno
)
7969 wpas_scan_restart_sched_scan(wpa_s
);
7972 if (type
& MAC_ADDR_RAND_PNO
) {
7973 if (wpas_mac_addr_rand_scan_set(wpa_s
, MAC_ADDR_RAND_PNO
,
7978 wpas_stop_pno(wpa_s
);
7979 wpas_start_pno(wpa_s
);
7987 int wpas_disable_mac_addr_randomization(struct wpa_supplicant
*wpa_s
,
7990 wpas_mac_addr_rand_scan_clear(wpa_s
, type
);
7992 if (type
& MAC_ADDR_RAND_PNO
) {
7993 wpas_stop_pno(wpa_s
);
7994 wpas_start_pno(wpa_s
);
7996 } else if (wpa_s
->sched_scanning
&& (type
& MAC_ADDR_RAND_SCHED_SCAN
)) {
7997 wpas_scan_restart_sched_scan(wpa_s
);
8004 int wpa_drv_signal_poll(struct wpa_supplicant
*wpa_s
,
8005 struct wpa_signal_info
*si
)
8009 if (!wpa_s
->driver
->signal_poll
)
8012 res
= wpa_s
->driver
->signal_poll(wpa_s
->drv_priv
, si
);
8014 #ifdef CONFIG_TESTING_OPTIONS
8016 struct driver_signal_override
*dso
;
8018 dl_list_for_each(dso
, &wpa_s
->drv_signal_override
,
8019 struct driver_signal_override
, list
) {
8020 if (os_memcmp(wpa_s
->bssid
, dso
->bssid
,
8023 wpa_printf(MSG_DEBUG
,
8024 "Override driver signal_poll information: current_signal: %d->%d avg_signal: %d->%d avg_beacon_signal: %d->%d current_noise: %d->%d",
8026 dso
->si_current_signal
,
8029 si
->avg_beacon_signal
,
8030 dso
->si_avg_beacon_signal
,
8032 dso
->si_current_noise
);
8033 si
->current_signal
= dso
->si_current_signal
;
8034 si
->avg_signal
= dso
->si_avg_signal
;
8035 si
->avg_beacon_signal
= dso
->si_avg_beacon_signal
;
8036 si
->current_noise
= dso
->si_current_noise
;
8040 #endif /* CONFIG_TESTING_OPTIONS */
8046 struct wpa_scan_results
*
8047 wpa_drv_get_scan_results2(struct wpa_supplicant
*wpa_s
)
8049 struct wpa_scan_results
*scan_res
;
8050 #ifdef CONFIG_TESTING_OPTIONS
8052 #endif /* CONFIG_TESTING_OPTIONS */
8054 if (!wpa_s
->driver
->get_scan_results2
)
8057 scan_res
= wpa_s
->driver
->get_scan_results2(wpa_s
->drv_priv
);
8059 #ifdef CONFIG_TESTING_OPTIONS
8060 for (idx
= 0; scan_res
&& idx
< scan_res
->num
; idx
++) {
8061 struct driver_signal_override
*dso
;
8062 struct wpa_scan_res
*res
= scan_res
->res
[idx
];
8064 dl_list_for_each(dso
, &wpa_s
->drv_signal_override
,
8065 struct driver_signal_override
, list
) {
8066 if (os_memcmp(res
->bssid
, dso
->bssid
, ETH_ALEN
) != 0)
8068 wpa_printf(MSG_DEBUG
,
8069 "Override driver scan signal level %d->%d for "
8071 res
->level
, dso
->scan_level
,
8072 MAC2STR(res
->bssid
));
8073 res
->flags
|= WPA_SCAN_QUAL_INVALID
;
8074 if (dso
->scan_level
< 0)
8075 res
->flags
|= WPA_SCAN_LEVEL_DBM
;
8077 res
->flags
&= ~WPA_SCAN_LEVEL_DBM
;
8078 res
->level
= dso
->scan_level
;
8082 #endif /* CONFIG_TESTING_OPTIONS */