Daisuke Niwa [Wed, 5 Nov 2014 11:35:09 +0000 (20:35 +0900)]
P2P: Allow a specific channel to be specified in P2P_FIND
The optional freq=<MHz> can now be used with the P2P_FIND command to
specify a single channel to scan during the first round of P2P search.
For example, this can be used to replace the full initial scan with a
single channel scan of a known operation channel.
hostapd: Disable VHT caps for STAs when no valid VHT MCS found
Disable VHT caps for STAs for which there is not even a single
allowed MCS in any supported number of streams. i.e STA is
advertising 3 (not supported) as VHT MCS rates for all supported
streams.
Jouni Malinen [Sat, 28 Feb 2015 18:52:08 +0000 (20:52 +0200)]
RADIUS client: Fix previous failover change
Commit 347c55e216f22002246e378097a16ecb24b7c106 ('RADIUS client: Re-try
connection if socket is closed on retransmit') added a possibility of
executing RADIUS server failover change within
radius_client_retransmit() without taking into account that this
operation may end up freeing the pending message that is being
processed. This could result in use of freed memory. Avoid this by
checking whether any pending messages have been removed and if so, do
not try to retransmit the potentially freed message.
Jouni Malinen [Sat, 28 Feb 2015 14:57:03 +0000 (16:57 +0200)]
tests: Make grpform_no_wsc_done more robust
It was possible for this test case to start a new group formation on
dev[1] while the first round was still going through the process of
processing group termination indication. That could result in the second
round failing unexpectedly.
Jouni Malinen [Sat, 28 Feb 2015 14:35:07 +0000 (16:35 +0200)]
Fix minor issue in HT40 max rate determination
Commit a1b790eb9d7514d1a6e0582a07f695a1564caa59 ('Select AP based on
estimated maximum throughput') had a copy-paste bug than ended up
leaving one of the max_ht40_rate() cases unreachable. (CID 106087)
Jouni Malinen [Sat, 28 Feb 2015 13:43:26 +0000 (15:43 +0200)]
RADIUS client: Re-try connection if socket is closed on retransmit
Previously, send() was called with invalid fd = -1 in some error cases
for retransmission and this could even result in a loop of multiple such
attempts. This is obviously not going to work, so drop such attempts and
instead, try to reconnect a socket to the server if the current socket
is not valid.
In addition, initiate server failover immediately if the current socket
is not valid instead of waiting for a timeout.
Jouni Malinen [Sat, 28 Feb 2015 11:57:57 +0000 (13:57 +0200)]
RADIUS client: Fix server connection recovery after initial failure
If the initial attempt at opening the socket connection to the RADIUS
server failed due to missing IP connectivity during startup, e.g., with
"connect[radius]: Network is unreachable", hostapd did not try to
reconnect when RADIUS messages were sent. Instead, it only reported "No
authentication server configured" even if the configuration did have a
server entry.
This was broken by commit 9ed40766735a9628cc6c936076b175e6f66534bb
('RADIUS client: Do not try to send message without socket') for the
initial case and the more recent fixes in RADIUS server failover cases
did not cover the initial failure case.
Jouni Malinen [Sat, 28 Feb 2015 11:55:12 +0000 (13:55 +0200)]
Allow RADIUS server address to be replaced
The new hostapd parameters auth_server_addr_replace and
acct_server_addr_replace can now be used to replace the configured IP
address instead of adding a new RADIUS server. This is mainly useful for
testing purposes where the address can be changed over control interface
during AP operation.
Jouni Malinen [Wed, 25 Feb 2015 17:02:43 +0000 (19:02 +0200)]
tests: Increase default VM memory from 128M to 192M
It looks like the 128M default memory size for the hwsim test setup was
not large enough to cover all the needs anymore. Some of the test cases
using tshark could hit OOM with that size. Increase the default
allocation to 192M to avoid this type of issues.
Jouni Malinen [Sun, 22 Feb 2015 16:03:42 +0000 (18:03 +0200)]
nl80211: Resubscribe to nl80211 events on global nl_event socket
This allows wpa_supplicant to recover from some of the cases where
cfg80211 is unloaded and reloaded without restarting wpa_supplicant. The
netlink socket used for nl80211 events (global->nl_event) seemed to end
up in otherwise functionality state, but with all the event memberships
lost when cfg80211 gets reloaded.
There does not seem to be any clear way of determining when this has
happened, so it looks simplest to just try to re-subscribe to all the
events whenever an interface is re-enabled or added.
Jouni Malinen [Sun, 22 Feb 2015 14:06:23 +0000 (16:06 +0200)]
tests: Linux packet socket workaround and EAPOL RX in operational state
This verifies that the packet socket workaround does not get disabled if
EAPOL frames are processed during operation state (i.e., when processing
reauthentication/rekeying on a functional association).
Jouni Malinen [Sun, 22 Feb 2015 14:00:34 +0000 (16:00 +0200)]
Fix Linux packet socket workaround to not close the socket too easily
Commit e6dd8196e5daf39e4204ef8ecd26dd50fdca6040 ('Work around Linux
packet socket regression') closed the workaround socket on the first
received EAPOL frame from the main packet socket. This can result in
closing the socket in cases where the kernel does not really work in the
expected way during the following initial association since
reauthentication/rekeying using EAPOL frames happens while operstate is
not dormant and as such, the frames can get delivered through the main
packet socket.
Fix this by closing the workaround socket only in case the first EAPOL
frame is received through the main packet socket. This case happens
while the interface is in dormant state and as such, is more likely to
show the more restricted case of kernel functionality.
In order to avoid processing the received EAPOL frames twice, verify a
checksum of the frame contents when receiving frames alternatively from
the main packet socket and the workaround socket.
Jouni Malinen [Sun, 22 Feb 2015 09:28:27 +0000 (11:28 +0200)]
Use estimated throughput to improve roaming selection
Previously, within-ESS roaming was skipped if the selected BSS did not
have a higher signal strength than the current BSS regardless of AP
capabilities. This could result in not moving to a BSS that would
provide higher throughput, e.g., due to larger channel bandwidth or
higher rates (HT/VHT MCS).
Use estimated throughput information from scan result processing to
allow within-ESS roaming if the selected BSS is likely to provide better
throughput even if the current BSS has larger RSSI.
Jouni Malinen [Sun, 22 Feb 2015 08:50:55 +0000 (10:50 +0200)]
Add snr and est_throughput to the BSS entries
These values were previously used only for sorting the scan results, but
it may be useful to provide access to the used values through the BSS
entries.
Jouni Malinen [Sat, 21 Feb 2015 20:53:42 +0000 (22:53 +0200)]
Select AP based on estimated maximum throughput
This modifies the BSS selection routines to calculate SNR and estimated
throughput for each scan result and then use the estimated throughput as
a criteria for sorting the results. This extends the earlier design by
taking into account higher throughput rates if both the AP and local
device supports HT20, HT40, or VHT80. In addition, the maximum rate is
restricted based on SNR.
In practice, this gives significantly higher probability of selecting
HT/VHT APs when there are multiple BSSes in the same ESS and SNR is not
low enough to prevent higher MCS use.
Jouni Malinen [Sat, 21 Feb 2015 15:39:08 +0000 (17:39 +0200)]
Add wpa_supplicant Makefile target libwpa_ctrl.a
"make -C wpa_supplicant libwpa_ctrl.a" can now be used to build a static
library that can be linked with external programs using wpa_ctrl.h. This
makes it easier to create a separate library package that does not
depend in any other hostap.git file other than src/common/wpa_ctrl.h and
the libwpa_ctrl.a built with this new make target.
Jouni Malinen [Sat, 21 Feb 2015 15:32:47 +0000 (17:32 +0200)]
trace: Initialize alloc_list even without os_program_init() call
This makes it somewhat easier to use CONFIG_WPA_TRACE=y build with
external programs that might not be aware of the initialization
requirement, e.g., when linking wpa_ctrl.c with a program that does not
use the os_*() wrappers.
Stefan Tomanek [Mon, 19 Jan 2015 22:57:41 +0000 (23:57 +0100)]
Add helper function to clear and free wpa_psk list
This change adds the function hostapd_config_clear_wpa_psk() that
deletes an entire wpa_psk structure, making sure to follow the linked
list and to free the allocated memory of each PSK node. This helps to
prevent memory leaks when using PSKs from multiple sources and
reconfiguring the AP during runtime.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
Matthieu Mauger [Wed, 18 Feb 2015 02:35:15 +0000 (21:35 -0500)]
Update current BSS level when signal change event occurs
When an EVENT_SIGNAL_CHANGE occurs the bgscan is informed about this
change but the new RSSI value is not stored. In consequence, when
roaming candidates are evaluated, the RSSI value of the current BSS used
to compare is an old one obtained during the last scan rather than the
new one given by the signal change event. This leads sometimes to bad
decision when selecting a new BSS for roaming.
This patch solves the issue by updating the current BSS level when
receiving a signal change event in order to have a very up-to-date
current signal value when choosing an new BSS.
Ilan Peer [Wed, 18 Feb 2015 02:35:14 +0000 (21:35 -0500)]
wpa_supplicant: Cancel sched_scan when stopping countermeasures
When stopping the TKIP countermeasures, it would be preferable to
connect immediately. However if scheduled scan is in progress,
a connection attempt will be done only when scan results are received,
so cancel the scheduled scan to allow immediate scan and connection
attempt.
Arik Nemtsov [Wed, 18 Feb 2015 02:35:11 +0000 (21:35 -0500)]
TDLS: Ignore extra padding in all packets
Some APs (e.g., Cisco 1260) sometimes add padding to the end of short
TDLS management packets and that can look like invalid IEs. This was
allowed on M3 and discovery packets, but not in others. Allow it for the
other packets as well, since required IEs are verified in the code
anyway.
Janusz Dziedzic [Thu, 19 Feb 2015 06:15:45 +0000 (07:15 +0100)]
IBSS: Add fixed_freq network parameter
Add fixed_freq=<0/1> network block parameter and pass it to the driver
when starting or joining an IBSS. If this flag is set, IBSS should not
try to look for other IBSS networks to merge with on different channels.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Johannes Berg [Fri, 9 Jan 2015 18:55:45 +0000 (19:55 +0100)]
tests: Add test to check disconnect in powersave
The kernel had two bugs (one in hwsim and one more important one in
mac80211) in this area, add a test to make sure we can disconnect
without any kernel issues while in powersave.
Also make sure that the TIM bit gets set and cleared again (by checking
with tshark.)
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Romain Naour [Mon, 29 Dec 2014 20:54:02 +0000 (21:54 +0100)]
Allow libnl-3.0 include path be specified
The '/usr/include/libnl3' header path is unsafe for cross-compilation.
Use pkg-config to find libnl-3.0 headers by default and alternatively,
allow LIBNL_INC=<path> to be used in .config to override.
Jouni Malinen [Thu, 19 Feb 2015 14:35:39 +0000 (16:35 +0200)]
Add optional reassoc-to-same-BSS optimization
The new reassoc_same_bss_optim=1 configuration parameter can now be used
to request wpa_supplicant to bypass the unnecessary Authentication frame
exchange when reassociating back to the same BSS with which the device
is already associated. This functionality is disabled by default since
it may cause undesired interoperability issues with some APs.
Jouni Malinen [Thu, 19 Feb 2015 14:22:47 +0000 (16:22 +0200)]
Fix passive_scan config parameter writing
Commit c35e35ed8133bb6d7b96765c5f0b1d41efe09fc5 ('Add passive_scan
configuration parameter') used incorrect parameter name when writing the
passive_scan parameter into a configuration file.
Jouni Malinen [Thu, 19 Feb 2015 11:33:33 +0000 (13:33 +0200)]
Fix OCSP debug messages
These were not supposed to include a newline at the end of the message
text since such formatting gets handled by tls_show_errors(). In
addition, change the message about the issuer's issuer to be more
accurate.
Jouni Malinen [Thu, 19 Feb 2015 11:32:05 +0000 (13:32 +0200)]
OpenSSL: Fix OCSP error path
If addition of a peer issuer certificate fails, the certs pointer would
be NULL when being passed to sk_X509_push() for peer issuer's issuer.
Fix this by skipping addition of issuer's issue if issuer addition
fails.
Subhani Shaik [Tue, 17 Feb 2015 19:29:06 +0000 (11:29 -0800)]
HTTP: Fix OCSP error path
If addition of a peer issuer certificate fails, the certs pointer would
be NULL when being passed to sk_X509_push() for peer issuer's issuer.
Fix this by skipping addition of issuer's issue if issuer addition
fails.
Jouni Malinen [Thu, 19 Feb 2015 10:55:19 +0000 (12:55 +0200)]
Android: Remove commented out non-Android build parameters
These hs20-osu-client parameters were never applicable for Android
builds and were just copied from the non-Android Makefile as a reminder,
but not removed once rest of the Android build was fixed.
Jouni Malinen [Thu, 19 Feb 2015 10:53:03 +0000 (12:53 +0200)]
Android: Remove libxml2 config defines
These need to be done in the libxml2 build, not in hs20-osu-client. This
workaround was previously used to allow parts of the build to go
through, but that was not a complete fix and resulted in warnings now
that external/libxml2 in Android 5.0 is defining the same parameters.
Remove these from hs20-osu-client Android.mk to avoid that warning.
Jouni Malinen [Thu, 19 Feb 2015 10:48:51 +0000 (12:48 +0200)]
Android: Silence unused function parameter warnings
Numbers of hs20-osu-client functions do not use all of the parameters
currently. This makes the compiler output difficult to read due to
undesired warning messages. Get rid of those specific warnings for now.
Jouni Malinen [Thu, 19 Feb 2015 10:48:00 +0000 (12:48 +0200)]
Android: Fix hs20-osu-client build on Android 5.0
The LOCAL_EXPORT_C_INCLUDE_DIRS from ICU did not seem to fully resolve
the build (e.g., "mm -B" failed to build, but following that with "mm"
allowed the build to complete). For now, add the include directory
manually here for Android 5.0.
Neelansh Mittal [Mon, 16 Feb 2015 14:29:46 +0000 (19:59 +0530)]
HS 2.0R2: Fix permissions for SP/<fqdn> directory on Android
As part of OSU, the AAA TrustRoot cert is downloaded into SP/<fqdn>
directory. On Android, wpa_supplicant runs with Wifi uid privileges, and
hence might not have read access to the AAA TrustRoot present SP/<fqdn>
directory. Hence, make AID_WIFI as the group owner of SP/<fqdn>
directory and allow the members of AID_WIFI group to read files present
in this directory.
Jouni Malinen [Thu, 12 Feb 2015 13:50:52 +0000 (15:50 +0200)]
tests: Make wpas_mesh_password_mismatch more robust
It seems to be possible for dev2 (the one with incorrect password) to
stop retries before either dev0 or dev1 reports the authentication
failure event. For now, allow the test case pass if either dev0 or dev1
reports the event rather than requiring both to report this. The
expected behavior can be fine-tuned in the future if the reporting
behavior is modified to be more consistent.
Ahmad Kholaif [Wed, 11 Feb 2015 02:48:39 +0000 (18:48 -0800)]
nl80211: Allocate QCA vendor subcmds for DFS radar detected and CAC events
When DFS offloading capability is supported by the driver, the driver
should use these events to indicate when a radar pattern has been
detected, channel availability check (CAC) has been completed, aborted
or finished after the non-occupancy period is over on a DFS channel.
Also, add a new driver.h event to be used by NL80211 to indicate CAC
Started event on a DFS channel.
Due to a copy-paste error, these test cases left 4addr mode enabled on
wlan5. This resulted in number of connect_cmd_* test cases failing if
executed after the wpas_in_bridge tests.
Jouni Malinen [Wed, 11 Feb 2015 12:57:30 +0000 (14:57 +0200)]
tests: Remove temporary config file in wpas_config_file
The new wpa_supplicant configuration file writing style leaves behind
the temporary file (<filename>.tmp) if renaming fails. Clean that up in
the test case execution.
Jouni Malinen [Wed, 11 Feb 2015 08:26:26 +0000 (10:26 +0200)]
nl80211: Indicate interface-down event only for the main netdev
RTM_NEWLINK event without IFF_UP were processed for all related
interfaces (including VLANs and bridge). While these events may need to
be processed for other purposes, they should not end up claiming that
the main interface has been disabled, so indicate
EVENT_INTERFACE_DISABLED only if the ifname matches the first BSS ifname
for the interface. In addition, fix some of the ifup/down checks from
if_indextoname() cases to actually use the resolved ifname (namebuf)
rather than hardcoding the first configured ifname to be used.
Peter Oh [Mon, 9 Feb 2015 21:23:53 +0000 (13:23 -0800)]
hostapd: Avoid sending client probe on removed client
Sending client probe on already removed client from kernel driver does
not have any benefit and may lead unintended behavior among variable
drivers (mac80211 has a WARN_ON() that could have been triggered after
ifconfig down+up earlier when hostapd did not re-enable beaconing on
ifup). Skip this step in discussion when the kernel driver reports that
client entry is removed.
Jouni Malinen [Tue, 10 Feb 2015 16:13:04 +0000 (18:13 +0200)]
Re-enable beaconing on interface disable+enable
This is a step towards enabling hostapd to restart AP mode functionality
if the interface is disabled and re-enabled, e.g., with ifconfig down
and up. This commit takes care of beaconining only which may be
sufficient for open mode connection, but not for WPA2 cases.
Jouni Malinen [Tue, 10 Feb 2015 10:09:07 +0000 (12:09 +0200)]
tests: Make autogo_join_auto_go_neg more robust
This test cases used to fail if dev1 had seen dev0 as a GO in an earlier
test case, e.g., when running it after autogo_fail. Fix this by clearing
scan results on dev1 at the beginning of the test case.
Jouni Malinen [Mon, 9 Feb 2015 22:41:27 +0000 (00:41 +0200)]
P2P: Fix send_action_in_progress clearing in corner cases
It is possible for an Action frame TX operation to be stopped in a way
that results in the TX status callback function not being called. This
could happen, e.g., when P2P_STOP_FIND was issued while waiting for PD
Response TX status. This specific case ended in leaving
p2p->send_action_in_progress set to 1 and that ending up stopping a
future TX operation when p2p_send_action_cb() gets called with
p2p->pending_action_state == P2P_NO_PENDING_ACTION.
This could result in reception of a fragmented service discovery
response failing due to the GAS sequence getting stopped when receiving
TX callback for the first GAS comeback request. That sequence could be
hit in mac80211_hwsim tests when p2p_listen_and_offchannel_tx was
followed by p2p_service_discovery_fragmentation (even after a long time
since this was on dev1 and there could be even 10 minutes between these
test cases).
Fix this issue by clearing send_action_in_progress whenever stopping
pending P2P operation with p2p_stop_find (or P2P_FLUSH for that matter).
Jouni Malinen [Mon, 9 Feb 2015 17:56:32 +0000 (19:56 +0200)]
Add hostapd UPDATE_BEACON ctrl_iface command
This can be used to ask Beacon frames to be updated explicitly, e.g.,
after a dynamic configuration parameter change. This can also be used to
start beaconing on an interface that was started with start_disabled=1.
Ahmad Kholaif [Thu, 5 Feb 2015 21:13:48 +0000 (13:13 -0800)]
nl80211: Allocate QCA vendor subcmd for DFS CAC Start event
When DFS offloading capability is supported by the driver, the driver
should use this event to indicate when channel availability check (CAC)
is started on a DFS channel.
Jouni Malinen [Mon, 9 Feb 2015 15:26:54 +0000 (17:26 +0200)]
nl80211: Test vendor command and event
This adds testing code (for CONFIG_TESTING_OPTIONS=y builds only) to
send an nl80211 vendor command and report a test vendor event in case
the driver supports this.
Jouni Malinen [Sun, 8 Feb 2015 14:56:04 +0000 (16:56 +0200)]
Add INTERWORKING_ADD_NETWORK command
This can be used to provide more control to upper layers on network
blocks generated as part of Interworking network selection.
INTERWORKING_ADD_NETWORK behaves otherwise identically to
INTERWORKING_CONNECT, but it does not request a new connection after
having added the network block and it returns the network id of the
added network.
INTERWORKING_ADD_NETWORK followed by REASSOCIATE would behave more or
less identically to INTERWORKING_CONNECT, but this allows the created
network profile to be modified, if desired, and/or stored externally.
SELECT_NETWORK can also be used with the network id returned from
INTERWORKING_ADD_NETWORK to enforce that specific network profile to be
used for the next connection (though, it should be noted that this
behavior may not meet all Hotspot 2.0 requirements if there were other
enabled networks that could have higher priority).
Ilan Peer [Fri, 6 Feb 2015 01:37:04 +0000 (20:37 -0500)]
AP: Do not reply to Probe Request frames with DS Params mismatch
Do not reply to a Probe Request frame with a DSSS Parameter Set element
in which the channel is different than the operating channel of the AP,
as the sending station is not found on the AP's operating channel.
IEEE Std 802.11-2012 describes this as a requirement for an AP with
dot11RadioMeasurementActivated set to true, but strictly speaking does
not allow such ignoring of Probe Request frames if
dot11RadioMeasurementActivated is false. Anyway, this can help reduce
number of unnecessary Probe Response frames for cases where the STA is
less likely to see them (Probe Request frame sent on a neighboring, but
partially overlapping, channel).
Jouni Malinen [Sun, 8 Feb 2015 10:24:37 +0000 (12:24 +0200)]
P2P: Document P2P_CONNECT-auto
Commit b31be3a0fd58b38e669d804aa082b1039408566f ('P2P: Add automatic GO
Negotiation vs. join-a-group selection') added this P2P_CONNECT 'auto'
parameter, but did not update any documentation on it.
Jouni Malinen [Sun, 8 Feb 2015 10:18:03 +0000 (12:18 +0200)]
tests: P2P_CONNECT-auto not finding GO
This is a regression test for an earlier bug that resulted in using
freed memory after a P2P group interface was removed as part of
fallback-to-GO-Negotiation in P2P_CONNECT-auto.
Jouni Malinen [Sun, 8 Feb 2015 09:38:56 +0000 (11:38 +0200)]
P2P: Fix P2P_CONNECT-auto fallback to GO Neg with group interface
If a separate P2P group interface was used, P2P_CONNECT-auto fallback to
GO Negotiation could result in use of freed memory and segmentation
fault. This happened in cases where the peer GO was found in some old
scans, but not in the first scan triggered by the P2P_CONNECT-auto
command ("P2P: Peer was found running GO in older scan -> try to join
the group" shows up in the debug log). In addition, the GO would still
need to reply to PD Request to allow this code path to be triggered.
When five scans for the GO were completed in this sequence, the P2P
group interface was removed as part of falling back to GO Negotiation.
However, that ended up dereferencing the freed wpa_s instance at the end
of scan event processing. Fix this by reordering code a bit and breaking
out from EVENT_SCAN_RESULTS processing if the interface could have been
removed.
Jouni Malinen [Sat, 7 Feb 2015 20:38:21 +0000 (22:38 +0200)]
tests: Make wpas_ctrl_many_networks more robust under valgrind
It is possible for a low powered CPU to take excessively long time to
delete 1000 network blocks when running under valgrind. This would have
resulted in the test case failing and the following reset operation
timing out which would then stop the test sequence completely.
Masashi Honma [Thu, 5 Feb 2015 14:00:01 +0000 (23:00 +0900)]
mesh: Fix remaining BLOCKED state after SAE auth failure
When SAE authentication fails, wpa_supplicant retries four times. If all
the retries result in failure, SAE state machine enters BLOCKED state.
Once it enters this state, wpa_supplicant doesn't retry connection. This
commit allow connection retries even if the state machine entered
BLOCKED state.
There could be an opinion "Is this patch needed? User could know the SAE
state machine is in the BLOCKED mode by MESH-SAE-AUTH-BLOCKED event.
Then user can retry connection. By user action, SAE state machine can
change the state from BLOCKED to another.". Yes, this is a true at the
joining mesh STA. However, a STA that is already a member of existing
mesh BSS should not retry connection because if the joining mesh STA
used wrong password, all the existing STA should do something from UI to
retry connection.
Masashi Honma [Thu, 5 Feb 2015 14:00:00 +0000 (23:00 +0900)]
mesh: Add a monitor event on SAE authentication getting blocked
Send MESH-SAE-AUTH-BLOCKED event if SAE authentication is blocked. The
BLOCK state will finish when a new peer notification event is sent for
the same MAC address.
Masashi Honma [Thu, 5 Feb 2015 13:59:59 +0000 (22:59 +0900)]
mesh: Add a monitor event for SAE authentication failure
SAE authentication fails likely with wrong password. This commit adds a
notification of the failure to the upper application (UI) so that the
application can notify suspection of a wrong password to the user. The
control interface monitor even for this is "MESH-SAE-AUTH-FAILURE
addr=<peer>".
Masashi Honma [Wed, 4 Feb 2015 02:26:51 +0000 (11:26 +0900)]
mesh: Fix inactivity timer for 32 bit system
Commit 5a2a6de6a5fec58dcfdb4320e4ec2b69d183a4c1 ('mesh: Make inactivity
timer configurable') has a problem on 32 bit systems. Setting
NL80211_MESHCONF_PLINK_TIMEOUT to 0xffffffff causes expiration of STA in
a minute by NL80211_CMD_DEL_STATION event. this is the kernel rule for
STA expiration:
On a 32 bit system, the right side could overflow and be unexpected
small value if NL80211_MESHCONF_PLINK_TIMEOUT is sufficiently large. STA
expiration occurs by this reason.
This patch solves the problem by disabling the STA expiration
functionality in mac80211. However, old kernel does not support
disabling it. If so, this patch sets mac80211 inactivity timer 60
seconds into future from the wpa_supplicant inactivity timer.
And I mis-understood that mesh_max_inactivity=0 disables inactivity
timer in wpa_supplicant. This commit fixes it also.
Jouni Malinen [Sat, 7 Feb 2015 14:19:53 +0000 (16:19 +0200)]
mesh: Remove duplicated no_auto_peer update
Commit 07cb45ccb2baa6e9627e3d21a285b95d744a6c77 ('mesh: Add no_auto_peer
config option') added a new struct wpa_ssid argument and added an
unnecessary parsing and setting of the value in
wpa_supplicant_ctrl_iface_update_network(). This is not needed since
wpa_config_set() takes care of parsing the parameters.
Jouni Malinen [Sat, 7 Feb 2015 14:17:11 +0000 (16:17 +0200)]
D-Bus: Fix network block type change
It is possible for a network profile to change its type from P2P
persistent group to a normal network and back. The D-Bus interface uses
different types of objects for those, so the object needs to
re-registered in case of type change. This fixes issues in leaving
behind an incorrect type of object and leaking memory when freeing such
a network block that has had its disabled parameter changed.
Jouni Malinen [Sat, 7 Feb 2015 11:02:19 +0000 (13:02 +0200)]
Fix HT40 co-ex scanning issue on hostapd error path
If HT40 co-ex scan fails due to the driver rejecting scan triggers
multiple times, it was possible for the ap_ht40_scan_retry() timeout
being left behind and it getting run after hapd->drv_priv has been
cleared. This would result in NULL pointer dereference in
driver_nl80211_scan.c. Fix this by canceling the timeout when disabling
the interface.
Jouni Malinen [Fri, 6 Feb 2015 23:13:34 +0000 (01:13 +0200)]
Fix Linux packat socket regression work around
Commit e6dd8196e5daf39e4204ef8ecd26dd50fdca6040 ('Work around Linux
packet socket regression') added a mechanism to close the workaround
bridge socket in l2_packet_receive(). However, it did not take into
account the possibility of the l2->rx_callback() closing the l2_packet
socket altogether. This could result in use of freed memory when usin
RSN pre-authentication. Fix this by reordering the calls to clear the
workaround socket before calling the rx_callback.
projects / thirdparty / hostap.git / log
