Arik Nemtsov [Thu, 27 Dec 2012 06:16:42 +0000 (08:16 +0200)]
P2P: Always re-select operating channel if not hard coded
Since the operating channel is randomly set to 1/6/11 on init, which is
commonly included in the channel intersection, we were effectively
ignoring the set of P2P preferred channels when trying to improve
channel selection after having received peer information. Fix this by
trying to get the best channel we can, unless the user hard coded the
operating channel in the configuration file or p2p_connect command. Fall
back to the initial randomly selected channel if a better one cannot be
chosen.
Jouni Malinen [Thu, 27 Dec 2012 06:06:55 +0000 (08:06 +0200)]
P2P: Do not allow re-selection of GO channel if forced_freq in use
Even if the peer does not accept the forced channel, we should not allow
the forced_freq parameter to be be overridden, i.e., such a case needs
to result in GO Negotiation failure.
Jouni Malinen [Thu, 27 Dec 2012 05:58:04 +0000 (07:58 +0200)]
P2P: Set FORCE_FREQ flag as part of p2p_prepare_channel()
Both p2p_connect and p2p_authorize use the same functionality to select
the channel preferences for GO Negotiation. The part of setting this
device flag was copied to each function, but it can also be handled by
the shared function after some reordering of code.
Jouni Malinen [Thu, 27 Dec 2012 05:39:57 +0000 (07:39 +0200)]
P2P: Share a single function for GO channel selection
The exact same mechanism was used for determining the operating channel
at the device that becomes the GO regardless of whether this was
triggered by reception of GO Negotiation Request of Response frame. Use
a shared function to avoid duplicated implementation and potential
differences in the future.
Arik Nemtsov [Tue, 25 Dec 2012 17:59:04 +0000 (19:59 +0200)]
P2P: Prefer operating channels where HT40 is possible
When no other user preference is specified, opt to use an operating
channel that allows HT40 operation. This way, if driver capabilities
and regulatory constraints allow, we might enjoy increased bandwidth.
Jouni Malinen [Tue, 25 Dec 2012 17:51:04 +0000 (19:51 +0200)]
Remove reassociated_connection variable
This was used to select between "(auth)" and "(reauth)" in
CTRL-EVENT-CONNECTED events. However, the variable was not cleared
anywhere else apart from the AP deinit case. As such, it did not really
provide correct information and is not really of much use even with
proper clearing added. As such, it is cleaner to just get rid of this
altogether.
Jouni Malinen [Tue, 25 Dec 2012 17:35:15 +0000 (19:35 +0200)]
P2P: Be more careful with wpa_config_update_psk() call
Commit bb4d4deb4bbb7b094faa16fa41f1f49b062cbf22 introduced a code path
that could potentially end up calling wpa_config_update_psk() with NULL
passphrase. While that may not happen in practice, it is better to make
sure it doesn't happen since that function will dereference the
passphrase pointer unconditionally.
Masashi Honma [Tue, 25 Dec 2012 12:15:07 +0000 (14:15 +0200)]
P2P: Allow PSK to be used instead of passphrase for persistent GO
This continues optimizations for use of CPU heavy pbkdf2_sha1() in GO
setup after the earlier commit 30c371e8a54c3b1bece6366ff0666da15d63e45e
by allowing PSK to be used instead of passphrase when creating
persistent group information manually for the GO.
It should be noted that this would not meet the requirements in the P2P
specification (GO shall maintain the passphrase), so this should be used
only when there is no need to allow manual configuration of legacy STAs
using the passphrase.
Android: Stop/restart supplicant scan on PNO start/stop
Cancel the existing supplicant scan and start a new supplicant
scan on PNO start and stop respectively. This makes sure that
supplicant scan is in progress when the device resumes.
Yoni Divinsky [Tue, 25 Dec 2012 09:22:42 +0000 (11:22 +0200)]
P2P: Consider age for the P2P scan results
cfg80211 caches the scan results according the channel number. Due to
the 15 sec aging this might cause the user mode to see more than one
scan result with the same BSSID, e.g. - one scan result for the
P2P Device and one for the P2P GO (once it's enabled).
Fix this by updating the device entry only if the new peer entry is
newer than the one previously stored.
Signed-off-by: Yoni Divinsky <yoni.divinsky@ti.com> Signed-off-by: Victor Goldenshtein <victorg@ti.com> Signed-off-by: Igal Chernobelsky <igalc@ti.com>
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Eliad Peller [Sun, 23 Dec 2012 10:52:40 +0000 (12:52 +0200)]
ctrl_iface: Check for ongoing sched_scan on SCAN command
The first "if" in the SCAN command handling didn't check properly for
sched_scan, causing the sched_scan and scan to run concurrently, instead
of cancelling the ongoing sched scan (which is handled by the "else if"
later).
Add some more functionality for BSS Transition Management:
- advertise support for BSS Transition Management in extended
capabilities element
- add hostapd.conf parameter bss_transition=1 for enabling support
for BSS Transition Management
- add "hostapd_cli disassoc_imminent <STA> <num TBTTs>" for sending
disassociation imminent notifications for testing purposes
- wpa_supplicant: trigger a new scan to find another BSS if the
current AP indicates disassociation imminent (TODO: the old AP needs
to be marked to use lower priority to avoid re-selecting it)
Sven Eckelmann [Sat, 22 Dec 2012 14:19:52 +0000 (16:19 +0200)]
nl80211: Run TKIP countermeasures in correct hostapd_data context
hostapd can run with different VIF when using nl80211. Events about MIC
failures have to be processed in context of the VIF which received it
and not in context of the primary VIF. Otherwise the station belonging
to this VIF may not be found in the primary VIF station hash and
therefore no countermeasures are started or the countermeasures are
started for the wrong VIF.
Signed-hostap: Sven Eckelmann <sven@open-mesh.com>
Signed-hostap: Simon Wunderlich <simon@open-mesh.com>
The WNM-Sleep Mode handler took over WNM Action frame processing without
addressing the previously implemented WNM handler. Fix this by moving
the BSs Transition Management processing into wnm_sta.c to share a
single handler function for WNM Action frames.
Jouni Malinen [Sat, 22 Dec 2012 09:22:12 +0000 (11:22 +0200)]
Move some P2P offchannel operations to offchannel.c
There is no need for p2p_supplicant.c to access wpa_s->pending_action_tx
so move these references to offchannel.c to get a bit cleaner interface
between the components.
Jouni Malinen [Fri, 21 Dec 2012 19:35:35 +0000 (21:35 +0200)]
Extend EAPOL frames processing workaround for roaming cases
Commit 1ff733383f3d5c73233ef452a738765667021609 added a mechanism to
work around issues due to association events and EAPOL RX events being
getting reordered. However, this applied only for the case where
wpa_supplicant is not in associated state. The same issue can happen in
roaming case with drivers that perform BSS selection internally (or in
firmware). Handle that case similarly by delaying received EAPOL frame
processing if the source address of the EAPOL frame does not match the
current BSSID.
Since wired IEEE 802.1X do not have BSSID, make this additional
workaround conditional on BSSID match having been observed during the
previous association.
This fixes issues where the initial EAPOL frame after reassociation was
either dropped (e.g., due to replay counter not increasing) or replied
to with incorrect destination address (the BSSID of the old AP). This
can result in significantly more robust roaming behavior with drivers
that do not use wpa_supplicant for BSS selection.
Jouni Malinen [Fri, 21 Dec 2012 18:11:26 +0000 (20:11 +0200)]
WPS: Update configuration file after re-enabling networks
Network blocks are disabled during a WPS provisioning step and 10
seconds after this to allow the newly provisioned network to be
selected. The disabled=1 flag gets written to the configuration file
when the credential is added since it happens during this process.
Update the file again after the networks have been re-enabled to avoid
leaving the configuration file into state that is not consistent with
the running configuration.
Sunil Dutt [Fri, 21 Dec 2012 13:30:39 +0000 (15:30 +0200)]
WPS: Optimize post-WPS scan even if EAP-Failure is not received
Commit 17a4734dc4d28ef070dfa227b422ed84794f48c5 shall optimize the
post-WPS scan based on the channel used during the provisioning only
when the EAP-Failure frame is received. In cases where the EAP-Failure
frame is missed, this optimization shall not happen resulting in the
scan in all the channels thus consuming more time for the connection.
This commit enhances this by storing the requisite information after
the M8 frame is received.
Jouni Malinen [Tue, 18 Dec 2012 16:13:31 +0000 (18:13 +0200)]
Add Acct-Session-Id into Access-Request messages
This optional attribute may make it easier to bind together the
Access-Request and Accounting-Request messages. The accounting session
identifier is now generated when the STA associates instead of waiting
for the actual session to start after successfull authentication.
Jouni Malinen [Tue, 18 Dec 2012 08:39:34 +0000 (10:39 +0200)]
P2P: Allow p2p_cancel to be used to stop p2p_connect-join operation
p2p_cancel did not properly cancel a pending p2p_connect-join operation.
Address the different steps in that process: initial scan, Provision
Discovery exchange before connection, and WPS provisioning step
(including the scans before WPS).
Jouni Malinen [Mon, 17 Dec 2012 21:27:15 +0000 (23:27 +0200)]
Interworking: Default to EAP-MSCHAPv2 with EAP-PEAP
If the NAI Realm list indicates that EAP-PEAP is used, use EAP-MSCHAPv2
as the Phase 2 method by default if the NAI Realm list does not specify
the tunneled method.
Sven Eckelmann [Mon, 17 Dec 2012 15:45:26 +0000 (17:45 +0200)]
Fix initialization of ap_table_{max_size,expiration_time}
The config says that the default for ap_table_max_size is 255 and the
default for ap_table_expiration_time is 60. But the code doesn't reflect
the default values mentioned in the sample config file.
These variables completely disable the code for Overlapping Legacy BSS
Condition by default when they are not correctly initialized. WFA
certification requires this feature and therefore an AP would have
failed the certification process unless they were initialized manually
using the configuration file.
Signed-hostap: Sven Eckelmann <sven@open-mesh.com>
Signed-hostap: Simon Wunderlich <simon@open-mesh.com>
wpa_supplicant is started from /init.*.rc on Android and that seems
to be using umask 0077 which would leave the control interface
directory without group access. This breaks things since Wi-Fi
framework assumes that this directory can be accessed by other
applications in the wifi group. Fix this by adding group access even
if umask value would prevent this.
Pontus Fuchs [Mon, 17 Dec 2012 14:27:04 +0000 (16:27 +0200)]
hostapd: Don't chown control interface to root
If ctrl_interface_group in the config file is set hostapd tries to
chown the dir and socket to uid 0. This causes the chown to fail
if hostapd is run as non-root.
Jouni Malinen [Mon, 17 Dec 2012 14:08:23 +0000 (16:08 +0200)]
WPS: Add RF bands attribute conditionally to Probe Response frame
WSC IE in Beacon and Probe Response frames should behave consistently
as far as the RF Bands attribute is concerned. Use the same dualband
condition for adding this into Probe Response frames since the value
is not really needed if the AP is not a dualband AP.
Jouni Malinen [Mon, 17 Dec 2012 14:06:10 +0000 (16:06 +0200)]
WPS: Use wps_rf_bands parameter to determine dualband functionality
If separate hostapd processes are used for different RF bands, the
dualband parameter for WPS was not set correctly. Allow dualband
indication (mainly, addition of RF bands attribute for PBC session
overlap detection) also based on wps_rf_bands value (if set to "ag").
Jouni Malinen [Mon, 17 Dec 2012 10:12:13 +0000 (12:12 +0200)]
HS 2.0: Fix sp_type check in ctrl_iface status command
Commit e99b4f3a14755473d6d0e2413de6d82e785a6a30 added functionality to
check whether the current association is with the home SP. This commit
did not take into account that the domain name ANQP information could be
NULL and that could result to a NULL pointer dereference. Fix that by
validation that domain_names != NULL before calling
domain_name_list_contains().
Jouni Malinen [Sun, 16 Dec 2012 16:22:54 +0000 (18:22 +0200)]
WNM: Use CONFIG_WNM more consistently
Replace CONFIG_IEEE80211V with CONFIG_WNM to get more consistent build
options for WNM-Sleep Mode operations. Previously it was possible to
define CONFIG_IEEE80211V without CONFIG_WNM which would break the build.
In addition, IEEE 802.11v has been merged into IEEE Std 802.11-2012 and
WNM is a better term to use for this new functionality anyway.
Jouni Malinen [Sun, 16 Dec 2012 10:35:07 +0000 (12:35 +0200)]
wlantest: Process TX status frames as RX frames too
This is needed to allow capture files from the mac80211 cooked monitor
mode interface to be processed properly. Without this, the locally
generated frames may not get processed.
Jouni Malinen [Sun, 16 Dec 2012 10:31:16 +0000 (12:31 +0200)]
WNM: Add option for passing TFS request from external programs
The optional tfs_req=<hex dump> parameter can be added for the wnm_sleep
command to specify the TFS request element to use in the WNM-Sleep Mode
Request frame.
Dan Williams [Sun, 25 Nov 2012 19:27:18 +0000 (21:27 +0200)]
PMKSA: Make deauthentication due to cache entry removal more granular
Expiry can always trigger a deauthentication, but otherwise,
deauthentication should only happen when the *current* cache entry is
removed and not being replaced. It should not happen when the current
PMK just happens to match the PMK of the entry being removed, since
multiple entries can have the same PMK when OKC is used and these
entries are often removed at different times.
This fixes an issue where eviction of the oldest inactive entry due to
adding a newer entry to a full cache caused a deauthentication when the
entry being removed had the same PMK as the current entry.
Michael Braun [Sun, 25 Nov 2012 15:49:25 +0000 (17:49 +0200)]
Keep and use list of PSKs per station for RADIUS-based PSK
This adds support for multiple PSKs per station when using a RADIUS
authentication server to fetch the PSKs during MAC address
authentication step. This can be useful if multiple users share a
device but each user has his or her own private passphrase.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
Jouni Malinen [Sun, 25 Nov 2012 14:30:30 +0000 (16:30 +0200)]
Use a shared function for requesting a new connection
Both the ctrl_iface and D-Bus interface use similar functionality to
request a new connection. Combine these to a single function to avoid
need to maintain duplicated implementation.
Jouni Malinen [Sun, 25 Nov 2012 14:20:44 +0000 (16:20 +0200)]
Maintain maximum blacklist count over list clear operations
wpas_connection_failed() uses the blacklist count to figure out a
suitable time to wait for the next scan. This mechanism did not work
properly in cases where the temporary blacklist gets cleared due to no
other BSSes being available. Address this by maintaining an additional
count of blacklisting values over wpa_blacklist_clear() calls. In
addition, add one more step in the count to timeout mapping to go to 10
second interval if more than four failures are seen.
Jouni Malinen [Sun, 25 Nov 2012 10:47:43 +0000 (12:47 +0200)]
P2P: Avoid multi-channel scans when they are not needed
If the driver does not support multi-channel concurrency and a virtual
interface that shares the same radio with the current interface is
operating there may not be need to scan other channels apart from the
current operating channel on the other virtual interface. Filter out
other channels in case we are trying to find a connection for a station
interface when we are not configured to prefer station connection and a
concurrent operation is already in process.
Jouni Malinen [Sat, 24 Nov 2012 20:45:17 +0000 (22:45 +0200)]
Indicate if PMF was negotiated for the connection
Add pmf=1/2 to wpa_supplicant STATUS command output to indicate that PMF
was negotiated for the connect (1 = optional in this BSS, 2 = required
in this BSS).
Jouni Malinen [Sat, 24 Nov 2012 20:31:17 +0000 (22:31 +0200)]
Interworking: Enable key_mgmt WPA-EAP-SHA256 if PMF is enabled
If the global pmf=1/2 parameter is used to enable PMF for Interworking
networks, add WPA-EAP-SHA256 to the temporary network block to allow
connection to PMF required APs.
Jouni Malinen [Sat, 24 Nov 2012 20:21:29 +0000 (22:21 +0200)]
Allow PMF to be enabled by default
Previously, PMF (protected management frames, IEEE 802.11w) could be
enabled only with a per-network parameter (ieee80211w). The new global
parameter (pmf) can now be used to change the default behavior to be PMF
enabled (pmf=1) or required (pmf=2) for network blocks that do not
override this with the ieee80211w parameter.
Johannes Berg [Sat, 24 Nov 2012 16:02:29 +0000 (18:02 +0200)]
hostapd: Add second VHT frequency segment config
Add the configuration option vht_oper_centr_freq_seg1_idx
for the second segment of an 80+80 MHz channel and use it
when building the VHT operation IE.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Pontus Fuchs [Sat, 24 Nov 2012 14:47:20 +0000 (16:47 +0200)]
Do not double free cfg struct if netlink_init() fails
If netlink_init() fails on socket create or bind the cfg struct
provided as parameter is freed by netlink_init(). Callers of
netlink_init() also free this struct on their error paths leading
to double free.
Jouni Malinen [Thu, 22 Nov 2012 18:51:49 +0000 (20:51 +0200)]
HS 2.0: Add Home SP FQDN and roaming/home to status command
This allows the ctrl_iface STATUS information to be used to determine
which Home SP credential (domain in the cred block) was used and whether
the network is operated by the home SP.
Jouni Malinen [Thu, 22 Nov 2012 16:04:57 +0000 (18:04 +0200)]
HS 2.0: Add REMOVE_CRED sp_fqdn=<FQDN> command
This allows credential entries to be removed based on SP FQDN without
having to iterate through the configured entries from an external
program to figure out which credentials should be removed for a specific
SP.
projects / thirdparty / hostap.git / log
