Jouni Malinen [Sat, 1 Mar 2014 20:24:55 +0000 (22:24 +0200)]
nl80211: Allow old r-o-c offchannel TX to be tested
no_offchannel_tx=1 driver parameter can now be used to force the older
remain-on-channel -based offchannel TX design to be used with
mac80211_hwsim. This can be used to increase test coverage with the
hwsim test cases.
Jouni Malinen [Sun, 2 Mar 2014 00:06:06 +0000 (02:06 +0200)]
P2P: Fix validation on Invitation Request error path
It was possible for the error path to try to use P2P Group ID attribute
even if one was not included in the message. This could result in
dereferencing a NULL pointer, so re-check the pointer before copying the
data.
Jouni Malinen [Sat, 1 Mar 2014 14:51:46 +0000 (16:51 +0200)]
GAS: Fix additional comeback delay with status code 95
The special case of non-zero status code used in a GAS Comeback Response
frame to indicate that additional delay is needed before the response is
available was not working properly. This case needs to allow the status
code check to be bypassed for the comeback case prior to having received
any response data.
Jouni Malinen [Thu, 27 Feb 2014 22:29:34 +0000 (00:29 +0200)]
HS 2.0R2: Fix temporary network disabling in Deauth Req case
Commits 7ef6947993d4b09dea6797b96f34dbcfed57d90e and 533536d82ac63512c31ff0bae403d437392d34e0 added this temporarily
disabling case, but those commits were merged in without having been
converted to the new os_reltime design used for ssid->disabled_until.
Consequently, they ended up disabling the network for 44 years or so too
long time (depending on what values the relative timestamp had
accummulated so far). Fix this by using relative timestamps
consistently.
Jouni Malinen [Thu, 27 Feb 2014 16:01:32 +0000 (18:01 +0200)]
tests: Optimize ap_wps_init_through_wps_config
Wait a bit between WPS_CONFIG command and the first scan. This can avoid
an extra five second wait due to having to scan again if the initial
scan operations happens to be quick enough to happen before the AP has
updated its configuration.
Jouni Malinen [Thu, 27 Feb 2014 14:36:03 +0000 (16:36 +0200)]
P2P: Cancel offchannel TX wait on PD Response TX status
PD Response is sent out using a 200 ms offchannel wait, but that wait
was not cancelled on TX status report. This could result in offchannel
operation being left waiting unnecessarily long. Fix this by making the
P2P_NO_PENDING_ACTION case in Action TX callback cancel the wait if a
pending wait is marked (and mark this for PD Response).
TDLS: Work around interop issues with supported operating class
It looks like some deployed devices may send an invalid supported
operating class element (length = 0) in TDLS Setup messages. With
cfg80211, this results in the NL80211_CMD_SET_STATION command failing
due to an invalid argument (cfg80211 mandates supported operating
classes information to have a length of 2..253 octets).
Work around this interop issue by ignoring the Supported Operating Class
element if it has invalid length.
Jouni Malinen [Thu, 27 Feb 2014 12:17:31 +0000 (14:17 +0200)]
tests: Verify cred vs. network block priority selection
This verifies that 'INTERWORKING_SELECT auto' is able to pick the
correct network based on priority configuration when connected to a
lower priority network.
Jouni Malinen [Thu, 27 Feb 2014 12:06:23 +0000 (14:06 +0200)]
Interworking: Fix already-connected check to verify network priority
Commit d28f4e44f10a8549d969e5434f7d4d16f462dfcc optimized Interworking
network selection in a case where the operation is run while already
connected to the selected network by skipping the reconnection. However,
this did not take into account that a higher priority network may have
shown up in the new scan results.
Fix this by checking whether network selection based on the latest scan
results (the ones from the interworking_select operation) would result
in a network with higher priority being selected. If so, skip the
optimization and force normal network connection (which will select this
newly found higher priority network). This fixes cases where a
non-Hotspot 2.0 network with higher priority (e.g., home network) shows
up while connected to a Hotspot 2.0 network with lower priority.
Jouni Malinen [Thu, 27 Feb 2014 11:47:23 +0000 (13:47 +0200)]
Interworking: Fix last-network preference to not override priority
Commit 3d910ef497b11e149cf41e772670f7a7fe3a1e19 tried to make
last-network selection behave more consistently with Interworking
network selection preferences. However, it did not take into account
that other network block may have higher priority. In such cases, the
last added network from Interworking network selection should actually
not be selected for the next connection. Fix this by limiting the
last-network preference to work only within a priority class.
Jouni Malinen [Tue, 29 Oct 2013 17:46:38 +0000 (19:46 +0200)]
tests: Verify multi-cred sp_priority use
test_ap_hs20_multi_cred_sp_prio verifies that two credentials
provisioned by a single SP are selected properly based on sp_priority
when a single BSS matches both credentials.
test_ap_hs20_multi_cred_sp_prio2 does the same when there a separate BSS
for each credential.
Jouni Malinen [Wed, 21 Nov 2012 15:04:21 +0000 (17:04 +0200)]
HS 2.0R2: RADIUS server support to request Subscr Remediation
The new hostapd.conf parameter subscr_remediation_url can be used to
define the URL of the Subscription Remediation Server that will be added
in a WFA VSA to Access-Accept message if the SQLite user database
indicates that the user need subscription remediation.
Jouni Malinen [Sun, 17 Mar 2013 14:28:59 +0000 (16:28 +0200)]
HS 2.0R2 AP: Add Icon Request and Icon binary File ANQP elements
hostapd can now be configured to provide access for icon files
(hs20_icon config file parameter) for OSU. The hs20_icon data contains
additional meta data about the icon that is not yet used, but it will be
needed for the OSU Providers list ANQP element.
Jouni Malinen [Thu, 1 Aug 2013 21:39:30 +0000 (00:39 +0300)]
HS 2.0R2 AP: Add support for Session Info URL RADIUS AVP
If the authentication server includes the WFA HS 2.0 Session Info URL
AVP in Access-Accept, schedule ESS Disassociation Imminent frame to be
transmitted specified warning time prior to session timeout.
HS 2.0R2 AP: Add support for deauthentication request
If the RADIUS server includes deauthentication request in Access-Accept,
send a WNM-Notification frame to the station after 4-way handshake and
disconnect the station after configurable timeout.
A new control interface command, WNM_DEAUTH_REQ, is added for testing
purposes to allow the notification frame to sent based on local request.
This case does not disconnect the station automatically, i.e., a
separate control interface command would be needed for that.
Jouni Malinen [Wed, 21 Nov 2012 22:48:48 +0000 (00:48 +0200)]
HS 2.0R2 AP: Use Subscr Remediation request from RADIUS server
If the RADIUS server includes the WFA RADIUS VSA in Access-Accept to
indicate need for subscription remediation, copy the server URL from
the message and send it to the station after successfully completed
4-way handshake (i.e., after PTK is set to allow PMF to work) in a
WNM-Notification.
AP must not allow PMKSA caching to be used after subscription
remediation association, so do not add the PMKSA cache entry whenever
the authentication server is indicating need for subscription
remediation. This allows station reassociation to use EAP authentication
to move to non-remediation connection.
Jouni Malinen [Sun, 17 Mar 2013 13:59:36 +0000 (15:59 +0200)]
HS 2.0R2 AP: Update HS 2.0 Indication element to Release 2
The HS 2.0 Indication element from hostapd now includes the release
number field and the new ANQP Domain ID field. This ID can be configured
with anqp_domain_id parameter in hostapd.conf.
Jouni Malinen [Tue, 29 Oct 2013 17:14:40 +0000 (19:14 +0200)]
Interworking: Add sp_priority cred parameter
This new priority parameter can be used to specify priorities between
credentials provisioned by the same SP. cred->priority is checked first
and if it is same and the provisioning_sp parameter matches, the new
sp_priority is used to order the credentials. It should be noted that
the order of priorities is different (higher 'priority' value indicates
higher priority of the credential, while higher 'sp_priority' indicates
lower priority of the credential).
Jouni Malinen [Tue, 29 Oct 2013 16:57:18 +0000 (18:57 +0200)]
Interworking: Remove separate credential priority tracking
There is no need to keep the separate local variable for tracking the
highest selected priority since we track a pointer to the selected
credential with that information.
Jouni Malinen [Fri, 9 Aug 2013 20:41:29 +0000 (23:41 +0300)]
HS 2.0R2: Slow down connection attempts on EAP failures
This is needed to limit the number of consecutive authentication
attempts to no more than 10 within a 10-minute interval to avoid
unnecessary load on the authentication server. In addition, use a random
component in the delay to avoid multiple stations hitting the same
timing in case of simultaneous disconnection from the network.
Jouni Malinen [Fri, 9 Aug 2013 17:37:28 +0000 (20:37 +0300)]
HS 2.0R2: Allow excluded network to be selected based on user override
Move excluded SSID filtering step to the end of credential validation
process and return list of BSSes that would otherwise have matching
credentials, but have an excluded SSID. Automatic network selection will
not select such a network, but interworking_connect command can be used
to pick excluded networks.
Jouni Malinen [Thu, 8 Aug 2013 17:31:41 +0000 (20:31 +0300)]
HS 2.0R2: Add support for Policy/RequiredProtoPortTuple
The new credential parameter req_conn_capab can be used to specify
restrictions on roaming networks providing connectivity for a set of
protocols/ports.
Jouni Malinen [Fri, 2 Aug 2013 16:09:11 +0000 (19:09 +0300)]
HS 2.0R2: Add tracking of provisioning SP
The new provisioning_sp cred field can now be used to track which SP
provisioned the credential. This makes it easier to find the matching
PPS MO from the management tree (./Wi-Fi/<provisioning_sp>).
Jouni Malinen [Fri, 25 Jan 2013 22:10:41 +0000 (00:10 +0200)]
HS 2.0R2: Add routine for fetching OSU provider information
The new wpa_cli fetch_osu command can be used to fetch information about
all OSU providers and write that to a text file with the icons in
separate files. cancel_osu_fetch command can be used to stop ongoing OSU
provider list fetch.
Jouni Malinen [Thu, 20 Dec 2012 19:15:05 +0000 (21:15 +0200)]
HS 2.0R2: Add Icon Request and Icon binary File ANQP elements
wpa_supplicant can request OSU icon data with "hs20_icon_request <BSSID>
<icon filename>". This transmits an Icon Request ANQP element and
processes the response in Icon Binary File ANQP elements.
Jouni Malinen [Fri, 2 Nov 2012 11:05:57 +0000 (13:05 +0200)]
HS 2.0R2: Add WNM-Notification Request for Subscription Remediation
Subscription remediation notification WNM-Notification Request is now
shown in the following way in wpa_supplicant control interface:
<3>HS20-SUBSCRIPTION-REMEDIATION http://example.com/foo/
Jouni Malinen [Fri, 2 Nov 2012 10:08:11 +0000 (12:08 +0200)]
HS 2.0R2: Update Indication element to Release 2
The HS 2.0 Indication element from wpa_supplicant now includes the
release number field and wpa_supplicant shows the release number of the
AP in STATUS command (hs20=1 replaced with hs20=<release>).
The new update_identifier field in the cred block can now be used to
configure the PPS MO ID so that wpa_supplicant adds it to the Indication
element in Association Request frames.
Jouni Malinen [Mon, 27 Jan 2014 17:11:15 +0000 (19:11 +0200)]
nl80211: Add driver capability for GTK_NOT_USED
Many drivers support operation without GTK configured, but most (if any)
today do not advertise this. Handle this by skipping GTK cipher suite
configuration if the driver did not advertise support in order to work
around cfg80211 validation steps.
Jouni Malinen [Tue, 18 Feb 2014 10:07:06 +0000 (12:07 +0200)]
Only try fast reconnect if network is not disabled
Previously, it would have been possible for the network to be marked
disabled and that marking to be ignored if a recoverable disconnection
reason event were processed. Avoid this by verifying network status
before trying to reconenct back to the same BSS.
Jouni Malinen [Tue, 25 Feb 2014 20:37:57 +0000 (22:37 +0200)]
Interworking: Prefer last added network during network selection
Previously, any network block could be used to select the BSS to connect
to when processing scan results after Interworking network selection.
This can result in somewhat unexpected network selection in cases where
credential preferences indicated that a specific network was selected,
but another network ended up getting used for the connection. While the
older networks continue to be valid, add special processing for this
initial post-interworking-connect case to get more consistent network
selection to match with the Interworking network selection result.
wpa_config_write() is defined as a dummy function even if actual
operation to write the configuration file are commented out from the
build. This cleans up the code a bit and removed a compiler warning on
set-only variable.
projects / thirdparty / hostap.git / log
