nl80211: Move CS supported flag to wpa_driver_capa
Replace channel_switch_supported flag of the
wpa_driver_nl80211_data by WPA_DRIVER_FLAGS_AP_CSA inside
wpa_driver_capa.flags. It makes more sense and also can
be accessed by wpa_supplicant.
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Jouni Malinen [Sun, 5 Jan 2014 19:50:34 +0000 (21:50 +0200)]
Add DRIVER-STATUS command for hostapd
This is just like the same command in wpa_supplicant, i.e., "hostapd_cli
status driver" can be used to fetch information about the driver status
and capabilities.
Jouni Malinen [Sun, 5 Jan 2014 16:32:24 +0000 (18:32 +0200)]
Remove PEAPv2 support
PEAPv2 implementation was not fully completed and there does not seem to
be any deployments of PEAPv2 nor any clear sign of such showing up in
the future either. As such, there is not much point in maintaining this
implementation in hostapd/wpa_supplicant.
Jouni Malinen [Sun, 5 Jan 2014 17:08:51 +0000 (19:08 +0200)]
EAP-pwd peer: Allow fragmentation limit to be configured
The standard fragment_size network parameter can now be used to
configure EAP-pwd fragmentation limit instead of always using the
hardcoded value of 1020.
Jouni Malinen [Sun, 5 Jan 2014 15:55:29 +0000 (17:55 +0200)]
EAP-IKEv2 peer: Allow fragmentation limit to be configured
The standard fragment_size network parameter can now be used to
configure EAP-IKEv2 fragmentation limit instead of always using the
hardcoded value of 1400.
Jouni Malinen [Sun, 5 Jan 2014 14:49:31 +0000 (16:49 +0200)]
tests: Allow multiple Enrollee events in ap_wps_er_add_enrollee_pbc
It was possible for the AP to report two enrollees in this test case
(i.e., both the expected wlan1 device and also the ER device on wlan0).
The previous test script would fail if the wlan0 device is reported
first. Fix this by allowed the expected target to be found in either the
first or the second WPS-ER-ENROLLEE-ADD event.
Jouni Malinen [Sun, 5 Jan 2014 14:42:48 +0000 (16:42 +0200)]
tests: Force p2p_find in p2p_service_discovery_fragmentation
It was possible for this test case to fail if P2P_FLUSH was issued
during a search scan and that scan adding back the peer. Avoid this by
forcing p2p_find to be started regardless of the current P2P peer table
contents for each round of service discovery.
Jouni Malinen [Sun, 5 Jan 2014 14:35:05 +0000 (16:35 +0200)]
tests: Make WPA2-Enterprise reauth test cases more robust
With the extra latencies removed from run-tests.py operations, it was
possible to hit race conditions in pairwise cipher configuration at the
end of the 4-way handshake. In some cases, the EAPOL-Start frame from
the station was not received by the AP and that could result in these
test cases failing. Since there are not really trying to test the race
condition, wait for the AP side to complete key configuration prior to
initiating the reauthentication sequence.
Jouni Malinen [Sun, 5 Jan 2014 14:09:43 +0000 (16:09 +0200)]
tests: Cleaner error processing for threads
When a thread is used to follow P2P group formation progress, it is
better to return a clear failure indication from the thread instead of
allowing an exception to be thrown from the thread.
Setting methodState = DONE for the case where GPSK-1 is found to be
invalid or incompatible allows EAP state machine to proceed to FAILURE
state instead of remaining stuck until AP times out the connection.
Jouni Malinen [Sun, 5 Jan 2014 12:17:08 +0000 (14:17 +0200)]
EAP-GPSK: Allow forced algorithm selection to be configured
phase1 parameter 'cipher' can now be used to specify which algorithm
proposal is selected, e.g., with phase1="cipher=1" selecting AES-based
design and cipher=2 SHA256-based. This is mainly for testing purposes,
but can also be used to enforce stronger algorithms to be used.
Jouni Malinen [Sun, 5 Jan 2014 12:13:50 +0000 (14:13 +0200)]
EAP peer: Improve failure reporting from METHOD with no eapRespData
One of the RFC 4137 state transitions (METHOD -> FAILURE) had been
forgotten and this could result in EAP peer method processing not
reporting failure immediately and instead, remain stuck waiting for the
connection to time out. Fix this by adding the methodState == DONE &&
decision == FAIL case to allow immediate reporting of failures.
The condition from RFC 4137 as-is would cause problems for number of the
existing EAP method implementations since they use that in places where
the final message before EAP-Failure should really be sent to the EAP
server (e.g., WSC_Done in EAP-WSC). Address this by includng eapRespData
== NULL as an additional constraint for entering FAILURE state directly
from METHOD.
Jouni Malinen [Sun, 5 Jan 2014 10:26:20 +0000 (12:26 +0200)]
tests: Optimize Interworking test cases with single-channel scans
Leave couple of cases to use full scan for better test coverage, but
change all other places to use a single channel scan with
INTERWORKING_SELECT to reduce the time it takes to execute the tests.
Jouni Malinen [Sun, 5 Jan 2014 10:35:13 +0000 (12:35 +0200)]
tests: Avoid unnecessary wlantest failures
It is possible that wlantest has not yet created the BSS entry in all
cases, so interpret failures (no BSS entry being the most likely cause)
as zero counters. Similarly, ignore clear_bss_counters errors since they
are most likely reporting that the BSS was not found and as such, there
was no need to clear the counters anyway.
Jouni Malinen [Sun, 5 Jan 2014 07:59:38 +0000 (09:59 +0200)]
Fix req_scan-deplete-timeout and update eloop API for this
Commit e2f5a9889a3a2bb8f1eed0cf274c7fbbabe3e9de was supposed to prevent
new scan request from pushing out the old one. However, it did not
really do that since eloop_deplete_timeout() returned 0 both for the
case where the old timeout existed (and was sooner) and if the old
timeout did not exist. It returned 1 only for the case where an old
timeout did exist and was larger than the new requested value. That case
used to result in wpa_supplicant_req_scan() rescheduling the timeout,
but hew code in eloop_deplete_timeout() did the exact same thing and as
such, did not really change anything apart from the debug log message.
Extend the eloop_deplete_timeout() (and eloop_replenish_timeout() for
that matter since it is very similar) to return three different values
based on whether the timeout existed or not and if yes, whether it was
modified. This allows wpa_supplicant_req_scan() to schedule a new
timeout only in the case there was no old timeout.
Jouni Malinen [Sat, 4 Jan 2014 11:10:41 +0000 (13:10 +0200)]
Allow external programs to request wpa_radio work items
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.
Jouni Malinen [Sat, 4 Jan 2014 08:33:14 +0000 (10:33 +0200)]
Do not start wpa_radio work during externally triggered scan
If an external program triggers a scan, wpa_supplicant does not have a
wpa_radio work item for this operation to protect against other
offchannel operations. This can result in operations failing, so try to
avoid damage by not starting any new wpa_radio work items during a scan
that was started by another process.
Jouni Malinen [Fri, 3 Jan 2014 14:57:01 +0000 (16:57 +0200)]
Remove unneeded scan delay on connection-in-progress
This type of protection against concurrent connection and scan
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.
Jouni Malinen [Fri, 3 Jan 2014 14:54:10 +0000 (16:54 +0200)]
Remove unneeded GAS query delay on connection-in-progress
This type of protection against concurrent connection and offchannel GAS
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.
Jouni Malinen [Fri, 3 Jan 2014 13:09:50 +0000 (15:09 +0200)]
Use radio work for GAS requests
Avoid concurrent GAS operations with any other exclusive use of the
radio by using the radio work queuing mechanism. This replaces some of
the earlier constraints on concurrent operations with the more generic
wpa_radio work concept.
Jouni Malinen [Sat, 4 Jan 2014 07:36:13 +0000 (09:36 +0200)]
Use radio work for P2P Listen requests
Avoid concurrent P2P Listen operations with any other exclusive use of
the radio by using the radio work queuing mechanism. This removes some
of the earlier workarounds that postponed scans depending on other
operations.
Jouni Malinen [Fri, 3 Jan 2014 09:57:57 +0000 (11:57 +0200)]
Use radio work for P2P scan requests
Avoid concurrent P2P scan requests with any other exclusive use of the
radio by using the radio work queuing mechanism. This removes some of
the earlier workarounds that postponed scans depending on other
operations.
Jouni Malinen [Sun, 24 Nov 2013 19:42:17 +0000 (21:42 +0200)]
Add framework for exclusive radio operations
The new radio work item concept can be used to request time for an
operation that requires exclusive radio control, e.g., a scan. Once the
radio is available, the registered callback function will be called.
radio_work_done() must be called once the exclusive radio operation has
been completed, so that the radio is freed for other operations. The
special case of deinit=1 is used to free the context data during
interface removal. That does not allow the callback function to start
the radio operation, i.e., it needs to free the allocated resources
and return.
Jouni Malinen [Fri, 3 Jan 2014 10:00:13 +0000 (12:00 +0200)]
Ignore externally triggered scan results with scan_res_handler
wpa_s->scan_res_handler is set only for cases where a scan operation is
requested for a specific purpose. As such, this callback should only be
called when a scan result from a scan that was triggered by
wpa_supplicant is processed.
Jouni Malinen [Sat, 4 Jan 2014 05:16:32 +0000 (07:16 +0200)]
Remove duplicated RX ctrl_iface hexdump
The newer wpa_dbg() print includes the same information in a more
convenient form, so remove the duplicate RX ctrl_iface hexdump in the
cases where there is no key material in the control interface commands
(the possible-key-material case is still using wpa_hexdump_ascii_key).
Jouni Malinen [Fri, 3 Jan 2014 06:59:59 +0000 (08:59 +0200)]
tests: Remove ignore_old_scan_res workaround
Now that wpa_supplicant requests the driver (cfg80211) to clear its scan
cache automatically after each BSS_FLUSH/FLUSH command, the previously
used ignore_old_scan_res workaround should not be needed for the hwsim
test cases anymore.
Jouni Malinen [Thu, 2 Jan 2014 21:46:21 +0000 (23:46 +0200)]
Avoid unnecessary key clearing operations
Track set_key operations per-key index and clear keys on disconnection
only if the key was set (or may have been set which is the case for the
first operation after wpa_supplicant start).
Jouni Malinen [Thu, 2 Jan 2014 21:28:28 +0000 (23:28 +0200)]
Remove some unnecessary EAPOL port (un)authorized callbacks
If the port status did not change or would not need to get an update
after portEnabled changes, there is no need to try to set the driver to
use the same value it is already using based on the previous state.
Remove such calls to reduce number of operations during reassociation.
In addition, this cleans up the debug log by removing unnecessary
duplicated entries.
Jouni Malinen [Thu, 2 Jan 2014 21:03:31 +0000 (23:03 +0200)]
Ask driver to report only new scan results if requested
If the BSS table within wpa_supplicant is flushed, request the driver to
flush its own scan result table during the next scan. This can avoid
unexpected old BSS entries showing up after BSS_FLUSH or FLUSH command
in cases where the driver may maintain its internal cache of scan
results (e.g., cfg80211 BSS table persists at least for 15 seconds).
In addition to doing this automatically on BSS_FLUSH/FLUSH, a new SCAN
command argument, only_new=1, can be used to request a manual scan
request to do same. Though, it should be noted that this maintains the
BSS table within wpa_supplicant. BSS_FLUSH followed by SCAN command can
be used to clear all BSS entries from both the driver and
wpa_supplicant.
Jouni Malinen [Thu, 2 Jan 2014 16:15:07 +0000 (18:15 +0200)]
Remove hostapd dump_file functionality
This debugging mechanism has now been deprecated by the control
interface commands that can be used to fetch same internal information
from hostapd in a more convenient way. Leave the empty USR1 signal
handler and configuration file parameter for backwards compatibility.
They can be removed in future versions of hostapd.
Jouni Malinen [Thu, 2 Jan 2014 15:20:51 +0000 (17:20 +0200)]
Remove hostapd dump_file data that is available through ctrl_iface
There is no need to maintain two interfaces for fetching debug
information about hostapd state. The control interface is more
convenient for number of use cases, so prefer that over the dump_file
mechanism.
Jouni Malinen [Thu, 2 Jan 2014 14:31:46 +0000 (16:31 +0200)]
Add more STA information into the ctrl_iface STA command
This adds TX/RX statistics and information about association into the
per-STA data that is available through the hostapd control interface. In
addition, information about the EAP method is now included with the IEEE
802.1X data.
Jouni Malinen [Thu, 2 Jan 2014 08:23:30 +0000 (10:23 +0200)]
Remove forgotten notes about already removed driver wrappers
These old driver wrappers have been removed quite some time ago, but
some of the build configuration notes were still describing how they
are configured.
Jouni Malinen [Wed, 1 Jan 2014 21:30:23 +0000 (23:30 +0200)]
nl80211: Initial support for vendor commands and events
Print into the debug log the list of vendor commands and events that the
driver supports. In addition, add a generic handler for vendor events.
This can be extended for each vendor/subcmd.
Jouni Malinen [Wed, 1 Jan 2014 20:00:09 +0000 (22:00 +0200)]
WPS: Fix clear-from-timeout handling to avoid race condition
The 100 ms timeout to clear WPS state after EAP-Failure has been
received worked otherwise fine, but it opened a race condition on
another WPS operation starting within that wait. If that happens, the
timeout will cancel that new operation unexpectedly. Fix this by
cancelling the timeout from wpas_clear_wps().
Jouni Malinen [Wed, 1 Jan 2014 16:44:44 +0000 (18:44 +0200)]
P2P: Send received Presence Response information to ctrl_iface monitors
The P2P_PRESENCE_REQ command did not give any easily available
indication of the response received from the GO. Make this more useful
by providing such response (if received) as a ctrl_iface monitor event
(P2P-PRESENCE-RESPONSE).
Jouni Malinen [Wed, 1 Jan 2014 15:37:08 +0000 (17:37 +0200)]
tests: Add some coverage for Device Discoverability exchange
This is not really perfect, but something to get a bit more testing
coverage.. For proper discoverability mechanism validation, the P2P
client would need to go to sleep to avoid acknowledging the GO
Negotiation Request frame. Offchannel Listen mode operation on the P2P
Client with mac80211_hwsim is apparently not enough to avoid the
acknowledgement on the operating channel, so need to disconnect from the
group which removes the GO-to-P2P Client part of the discoverability
exchange in practice.
Jouni Malinen [Tue, 31 Dec 2013 17:41:47 +0000 (19:41 +0200)]
WNM: Clean up le16 variable use to avoid sparse warnings
intval is marked le16 and should be used through proper byte order
conversion functions even if it ended up getting set correctly due to
the two operations cancelling each other.
Jouni Malinen [Tue, 31 Dec 2013 17:29:52 +0000 (19:29 +0200)]
Declare wpa_debug_* variables in src/utils/wpa_debug.h
These were somewhat more hidden to avoid direct use, but there are now
numerous places where these are needed and more justification to make
the extern int declarations available from wpa_debug.h. In addition,
this avoids some warnings from sparse.
Jouni Malinen [Tue, 31 Dec 2013 08:49:26 +0000 (10:49 +0200)]
tests: WEXT functionality
It did not look like open mode association completed with WEXT.. I'm
commenting that test case out for now since WPA2-PSK worked. If you care
about WEXT, feel free to fix it and submit a patch to remove the
"REMOVED_" prefix here..