Dedy Lansky [Mon, 26 Dec 2016 19:00:51 +0000 (21:00 +0200)]
AP: Skip authentication/deauthentication phase for DMG/IEEE 802.11ad
Authentication and Deauthentication frames are not used in DMG/IEEE
802.11ad networks. For DMG/IEEE 802.11ad the following was implemented:
Upon receiving association request, allocate the sta object and
initialize it as if authentication took place. Upon receiving
disassociation, deallocate the sta object.
ap_sta_disassociate/ap_sta_deauthenticate/ap_sta_disconnect all use
disassociation instead of deauthentication. In driver_nl80211,
i802_sta_deauth() is routed to i802_sta_disassoc().
Dedy Lansky [Tue, 20 Dec 2016 15:04:43 +0000 (17:04 +0200)]
AP: Do not look for supported rates in DMG/IEEE 802.11ad
Supported Rates element is not present in DMG/IEEE 802.11ad frames. Make
copy_supp_rates() immediately return with success if hardware mode is
IEEE 802.11ad.
nl80211: Zero num_modes if nl80211_get_hw_feature_data() fails
It was possible that nl80211_get_hw_feature_data() function would return
NULL when num_modes is not set to zero. This might result in a later crash
when accessing hw.modes. This may be reproduced with hwsim oom tests, for
example, dbus_connect_oom.
Fix that by zeroing num_modes if NULL is returned.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Avraham Stern [Thu, 29 Dec 2016 09:37:58 +0000 (11:37 +0200)]
tests: Use group control interface for GO commands in autogo_chan_switch
The channel switch command is intended for the GO interface, but
it was not sent on the group control interface. For configurations
that use a separate interface for P2P groups, this will fail the test.
Fix this by sending the channel switch command on the group control
interface and waiting for the channel switch event on the group
control interface.
eap_proxy: On SIM error flush PMKSAs only for SIM/AKA/AKA' networks
Previously, SIM state change with SIM_STATE_ERROR cleared all PMKSA
entries (including non-SIM networks). Limit this to networks which use
SIM-based authentication methods to avoid unnecessarily removal of PMKSA
entries.
Jouni Malinen [Tue, 3 Jan 2017 15:31:32 +0000 (17:31 +0200)]
Fix OOM handling in neighbor report response handling
The pending neighbor report state needs to be cleared on error path here
to avoid getting stuck with being unable to perform any additional
neighbor reports during the association.
Jouni Malinen [Mon, 2 Jan 2017 21:04:02 +0000 (23:04 +0200)]
RRM: Enable beacon report with active/passive scan for all drivers
The requested behavior can be approximated for most use cases even if
the driver does not support reporting exact TSF values for frames.
Enable this capability for all drivers to make beacon report processing
more useful for a common use case.
Jouni Malinen [Sun, 1 Jan 2017 23:08:01 +0000 (01:08 +0200)]
Report received beacon report with BEACON-RESP-RX event
The new hostapd control interface event "BEACON-RESP-RX <STA address>
<dialog token> <report mode> <beacon report>" is now used to report
received beacon reports as a reponse to the REQ_BEACON operation.
Jouni Malinen [Sun, 1 Jan 2017 22:54:44 +0000 (00:54 +0200)]
Report beacon request TX status as control interface event
The new BEACON-REQ-TX-STATUS control interface event is now used to
report whether a beacon request (from REQ_BEACON command) was delivered
successfully. This event has the following parameters: <STA address>
<dialog token> <ack=0/1>.
Jouni Malinen [Sun, 1 Jan 2017 22:31:11 +0000 (00:31 +0200)]
Beacon request through hostapd control interface
The new control interface command "REQ_BEACON <STA addr>
[req_mode=<mode>] <beacon request>" can now be used to request hostapd
to transmit a measurement request to request a beacon report from an
associated STA. This command returns the assigned dialog token (1-255)
or FAIL on failure.
rrm_beacon_report=1 can now be used to make hostapd advertise capability
for beacon reports (passive, active, table). Actual mechanism for
sending out beacon requests will be added in separate commits.
Jouni Malinen [Sun, 1 Jan 2017 22:27:58 +0000 (00:27 +0200)]
Enable Beacon Report using beacon table for all drivers
The special parameters for beacon report scan are not needed for the
beacon report when using the beacon table measurement mode. Advertise
support for this case regardless of whether the driver supports the scan
parameters.
Jouni Malinen [Mon, 2 Jan 2017 22:15:59 +0000 (00:15 +0200)]
FILS: Fix FILS Realm Information ANQP-element construction
The loop to add hash values was supposed to be limited to at most 10000
values, but the count variable was not being decremented in the loop.
Fix this by decrementing counting for each iteration. This fixes
ANQP-element format in the unlikely case of there being more than 10000
configuration realms.
Avraham Stern [Wed, 28 Dec 2016 13:06:47 +0000 (15:06 +0200)]
wpa_supplicant: Add support for Beacon Report Radio Measurement
Beacon Report Radio Measurement is defined in IEEE Std 802.11-2016,
11.11.9.1. Beacon Report is implemented by triggering a scan on the
requested channels with the requested parameters.
Avraham Stern [Wed, 28 Dec 2016 13:06:44 +0000 (15:06 +0200)]
wpa_supplicant: Extend verify_channel() and make it global
Extend verify_channel() to return whether IR is allowed on the channel
or not, and make it a global function so it can be used in other files,
too. This makes this function useful for checking not only if a channel
is supported but also if it is allowed for active and passive scan.
Avraham Stern [Wed, 28 Dec 2016 13:06:41 +0000 (15:06 +0200)]
nl80211: Add support for additional scan parameters for beacon report
Add support for:
1. Setting scan dwell time
2. Parsing scan start TSF and beacon received TSF reported
by the driver
3. Setting driver capabilities for the above
These capabilities are needed for Beacon Report radio measurement.
Avraham Stern [Wed, 28 Dec 2016 13:06:40 +0000 (15:06 +0200)]
driver: Add scan support to beacon report
Add the following parameters to scan request:
1. Dwell time on each channel.
2. Whether the specified dwell time is mandatory.
In addition, add to scan results info the time that the scan actually
started, and to each scan result the time the beacon/probe was received,
both in terms of TSF of the BSS that the interface that requested the
scan is connected to (if available).
Add flags to indicate whether the driver supports dwell time
configuration and scan information reporting.
This scan configuration and information is required to support beacon
report radio measurement.
1. Change the return type to reflect whether building the report
succeeded or failed.
2. Change argument type to rrm_measurement_request_element instead
of raw packet data to ease processing the request.
3. Use already existing function to create the measurement report
and add it to the report buffer.
Avraham Stern [Wed, 28 Dec 2016 13:06:37 +0000 (15:06 +0200)]
wpa_supplicant: Limit RRM response size to MMPDU size
The length of a Measurement Report frame should be limited by the
maximum allowed MMPDU size (IEEE Std 802.11-2016, 9.6.2.3). Enforce this
size limit, and in case the report elements are longer than the allowed
size, split them between several MPDUs.
Avraham Stern [Wed, 28 Dec 2016 13:06:36 +0000 (15:06 +0200)]
wpa_supplicant: Refactor Radio Measurement Request handling
Extract the code dealing with processing the measurement request
elements to a separate function. This will be needed for beacon report
requests processing.
Avraham Stern [Wed, 28 Dec 2016 13:06:35 +0000 (15:06 +0200)]
wpa_supplicant: Validate RRM request frame format
RRM request frame should contain only information elements of type Radio
Measurement Request. Go through all the frame and validate that only
elements of this type are included.
In addition, if a truncated element is encountered, or the element
length field indicates that the element length is more than the
entire frame, abort the request.
Jouni Malinen [Tue, 3 Jan 2017 13:12:34 +0000 (15:12 +0200)]
Fix LCI request subelement processing
Commit 4a742011abca8a9c185cc40d17783cfa4c9af757 ('wpa_supplicant: Handle
LCI request') introduced LCI request parsing in a manner that
incremented the request pointer by four within
wpas_rrm_build_lci_report() without decrementing len correspondingly.
This could potentially result in get_ie() reading four octets beyond the
buffer if a corrupted request is received. This would be applicable only
if the LCI reporting was enabled explicitly ("SET LCI ..." control
interface command).
Fix this by updating the len variable to match the request pointer
changes.
The actual BSS configuration parameter can be updated with the SET
control interface command, so there is no need to maintain a separate
per-BSS parameter and a separate control interface handling for this.
Jouni Malinen [Wed, 28 Dec 2016 23:13:59 +0000 (01:13 +0200)]
FT: Drop FT Action frames if ft_over_ds=0
Previously, the hostapd ft_over_ds parameter was used to only advertise
whether FT-over-DS is enabled in MDE and leave it to the stations to
follow that advertisement. This commit extends this to explicitly reject
(silently drop) FT Action frames if a station does not follow the
advertised capabilities.
projects / thirdparty / hostap.git / log
